hazard based selection of test cases
play

Hazard-based Selection of Test Cases Functional Safety of - PowerPoint PPT Presentation

Sep 29, 2023 •976 likes •1.33k views

Hazard-based Selection of Test Cases Functional Safety of Mechatronic Systems Mario Gleirscher Software & Systems Engineering Institut f ur Informatik Technische Universit at M unchen May 24, 2011 Motivation Functional Safety

  1. Hazard-based Selection of Test Cases Functional Safety of Mechatronic Systems Mario Gleirscher Software & Systems Engineering Institut f¨ ur Informatik Technische Universit¨ at M¨ unchen May 24, 2011

  2. Motivation Functional Safety Hazards Conclusion Safety Case 1 : Assurance of an Airbag Control Machine I : An airbag system . . . 1 Cf. Safety case management [Kel98] 2 Cf. [Wik11] 2/20 Hazard-based Selection of Test Cases Mario Gleirscher

  3. Motivation Functional Safety Hazards Conclusion Safety Case 1 : Assurance of an Airbag Control Machine I : An airbag system . . . Safety Case G : Does the airbag release iff it’s intended? 1 Cf. Safety case management [Kel98] 2 Cf. [Wik11] 2/20 Hazard-based Selection of Test Cases Mario Gleirscher

  4. Motivation Functional Safety Hazards Conclusion Safety Case 1 : Assurance of an Airbag Control “. . . functional safety methods have to extend to non-E/E/PS parts of the system . . . ” 2 Machine I : An airbag system . . . “. . . functional safety can[not] Context E : . . . in a car operated be determined without consid- ering the environment . . . ” 2 out in a street by a human driver. 1 Cf. Safety case management [Kel98] 2 Cf. [Wik11] 2/20 Hazard-based Selection of Test Cases Mario Gleirscher

  5. Motivation Functional Safety Hazards Conclusion 1 Functional Safety System Modelling Property Analysis and Specification 2 Hazards Property Analysis and Specification Test Case Selection 3 Conclusion 3/20 Hazard-based Selection of Test Cases Mario Gleirscher

  6. Motivation Functional Safety Hazards Conclusion 1 Functional Safety System Modelling Property Analysis and Specification 2 Hazards Property Analysis and Specification Test Case Selection 3 Conclusion 4/20 Hazard-based Selection of Test Cases Mario Gleirscher

  7. Motivation Functional Safety Hazards Conclusion A System Model M W of the Airbag World W Functional 1 model M W : E I E Safety Analyst M I describing the mechatronic system I and M E describing its operational environment E . 1 Cf. [Bro10]. 5/20 Hazard-based Selection of Test Cases Mario Gleirscher

  8. Motivation Functional Safety Hazards Conclusion A System Model M W of the Airbag World W A system boundary allows interaction across shared phenomena 1 : M E M I M E ◮ M I � repaired(Airbag), refilled(Gas), signal(activate,Airbag), on(crashSensor), . . . M E ◭ M I � released(Airbag), . . . where A ◮ B = ctrV ar ( A ) ∩ monV ar ( B ) . 1 Cf. [Jac01, PM95] 5/20 Hazard-based Selection of Test Cases Mario Gleirscher

  9. Motivation Functional Safety Hazards Conclusion A System Model M W of the Airbag World W Supportive phenomena for safety modelling and measurement: M E M I M E \ M I � crashed(Car), shocked(Car), deformed(Car), pro- tected(Person), driving(Car), irritated(Passenger), . . . M I \ M E � empty(Airbag), . . . 5/20 Hazard-based Selection of Test Cases Mario Gleirscher

  10. Motivation Functional Safety Hazards Conclusion A System Model M W of the Airbag World W Interface behaviour � histories of shared phenomena states: M E M I Intervals . . . n . . . . . . n + j . . . m − → shocked(Car) F T T F F F F . . . deformed(Car) 0 2 10 10 10 10 10 . . . crashed(Car) F F F T T T T . . . signal(crash) F F F T T T T . . . released(Airbag) F F F F T T T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5/20 Hazard-based Selection of Test Cases Mario Gleirscher

  11. Motivation Functional Safety Hazards Conclusion M W as a Test Model M E M I off off maintain enter leave boot maintain Independent con- trol states, transi- driving activate release activated maintain tions with action preconditions and collide release effects 1 . crashed release released Where to get the information? System use cases → M I , M E Domain and context analysis → M E 1 Details in Golog script, cf. [Rei01]. 6/20 Hazard-based Selection of Test Cases Mario Gleirscher

  12. Motivation Functional Safety Hazards Conclusion M W as a Test Model M E M I off off maintain enter leave boot maintain Independent con- trol states, transi- driving activate release activated maintain tions with action preconditions and collide release effects 1 . crashed release released Problem: Which of M W ’s possible or mutated transitions may obstruct safety in M E ? 1 Details in Golog script, cf. [Rei01]. 6/20 Hazard-based Selection of Test Cases Mario Gleirscher

  13. Motivation Functional Safety Hazards Conclusion Functional Safety in M W M E M I Functional Behavioral property to globally maintain (or avoid) safety goal 3 in E , formally: � φ � protected ( Body ) G � G ′ � � [ crashed ( Car ) → � < 400 ms absorbed ( Body ) ∧ � ¬ crashed ( Car ) → � ¬ released ( Airbag )] 3 Cf. [MP95]. 7/20 Hazard-based Selection of Test Cases Mario Gleirscher

  14. Motivation Functional Safety Hazards Conclusion Functional Safety in M W M E M I A/G safety G split into Assumptions for E and Guarantees for I , formally: � i As i → Gr i | = G specification As 1 � � [ crashed ( Car ) ↔ • signal ( crash )] . . . “reliable crash sensing expected from E ” Gr 1 � � [ signal ( crash ) ↔ � < 200 ms released ( Airbag )] . . . “reliable bag disengaging required from I ” 7/20 Hazard-based Selection of Test Cases Mario Gleirscher

  15. Motivation Functional Safety Hazards Conclusion 1 Functional Safety System Modelling Property Analysis and Specification 2 Hazards Property Analysis and Specification Test Case Selection 3 Conclusion 8/20 Hazard-based Selection of Test Cases Mario Gleirscher

  16. Motivation Functional Safety Hazards Conclusion Obstacles 2 to Functional Safety in M W What obstructs a functional safety goal G in W ? M E M I H Hazard H Risk of human or environmental harm in E H 1 � G ′ � � [ crashed ( Car ) ∧ • harmed ( Person )] � � [ � ¬ crashed ( Car ) ∧ • harmed ( Person )] H 2 � G ′ 2 Automated inference possible, e.g. [Let01]. 9/20 Hazard-based Selection of Test Cases Mario Gleirscher

  17. Motivation Functional Safety Hazards Conclusion Obstacles 2 to Functional Safety in M W How can such obstructions happen in W ? M E M I H Hazardous state σ State of M E (or M E ∩ M I ) leading to H � signal ( crash ) → ¬ released ( Airbag ) σ H 1 G � ¬ signal ( crash ) → released ( Airbag ) σ H 2 G � crashed ( Car ) → ¬ signal ( crash ) σ H 3 A � ¬ crashed ( Car ) → signal ( crash ) σ H 4 A 2 Automated inference possible, e.g. [Let01]. 9/20 Hazard-based Selection of Test Cases Mario Gleirscher

  18. Motivation Functional Safety Hazards Conclusion Obstacles 2 to Functional Safety in M W How can such obstructions be generated from M W ? M E M I H Hazardous state σ State of M E (or M E ∩ M I ) leading to H � signal ( crash ) → ¬ released ( Airbag ) σ H 1 G � ¬ signal ( crash ) → released ( Airbag ) σ H 2 G � crashed ( Car ) → ¬ signal ( crash ) σ H 3 A � ¬ crashed ( Car ) → signal ( crash ) σ H 4 A 2 Automated inference possible, e.g. [Let01]. 9/20 Hazard-based Selection of Test Cases Mario Gleirscher

  19. Motivation Functional Safety Hazards Conclusion Defects concerning Functional Safety Causes of (hazardous) system failures: M W (as specified) M E M I a W (as built & run) b E I a) Potential bug c M W (as intended) or runtime error . Assurance by M E M I system testing too weak and (Im)mature Specs Realization incomplete. 10/20 Hazard-based Selection of Test Cases Mario Gleirscher

  20. Motivation Functional Safety Hazards Conclusion Defects concerning Functional Safety Causes of (hazardous) system failures: M W (as specified) M E M I a b) Requirements W (as built & run) error , e.g. wrong b assumption or E I guarantee; wrong, c M W (as intended) incomplete or missing transition. M E M I Assurance by requirements (Im)mature Specs Realization validation. 10/20 Hazard-based Selection of Test Cases Mario Gleirscher

  21. Motivation Functional Safety Hazards Conclusion Defects concerning Functional Safety Causes of (hazardous) system failures: M W (as specified) M E M I a W (as built & run) b c) Bug or E I runtime error . c M W (as intended) Assurance by automated system M E M I testing strengthened by (Im)mature Specs Realization validation. 10/20 Hazard-based Selection of Test Cases Mario Gleirscher

  22. Motivation Functional Safety Hazards Conclusion Assure Functional Safety G of a Machine I in a Context E Constructive Safety Assurance (Requirements Engineer) 1 Safety risks: Does the airbag’s behaviour cause hazards? 2 Hazardous exceptions: Is it completely specified? 3 Automation: How to systematically explore such situations? 4 How can they be avoided or kept at minimum risk? Analytic Safety Assurance (Test Engineer) 1 Selection: How to test beyond the airbag’s specification? 2 Coverage: Have all relevant situations be explored, i.e. does an airbag’s realization exhibit hazardous behaviour? 3 How to mutate M W to get interesting test cases? 4 How to automatically generate and execute them? 11/20 Hazard-based Selection of Test Cases Mario Gleirscher

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

State-Based Testing Part C Test Cases Generating test cases for complex behaviour Reference:

State-Based Testing Part C Test Cases Generating test cases for complex behaviour Reference:

State-Based Testing Part C Test Cases Generating test cases for complex behaviour Reference: Robert V. Binder Testing Object-Oriented Systems: Models, Patterns, and Tools Addison-Wesley, 2000, Chapter 7 Test strategies Exhaustive

687 views • 47 slides
State-Based Testing Part C Test Cases Generating test cases for complex behaviour

State-Based Testing Part C Test Cases Generating test cases for complex behaviour

State-Based Testing Part C Test Cases Generating test cases for complex behaviour Reference: Robert V. Binder Testing Object-Oriented Systems: Models, Patterns, and Tools Addison-Wesley, 2000, Chapter 7

1.09k views • 44 slides
Model-Based Testing: Automated Generation of Test Cases, Test Data, and Test Procedures from

Model-Based Testing: Automated Generation of Test Cases, Test Data, and Test Procedures from

Model-Based Testing: Automated Generation of Test Cases, Test Data, and Test Procedures from SysML Models Jrg Brauer and Jan Peleska Verified Systems International GmbH support@verified.de Space Tech Expo Europe 2015-11-19 Motivation

499 views • 26 slides
Selection and Execution of User Level Test Cases for Energy Cost Evaluation of Smartphones

Selection and Execution of User Level Test Cases for Energy Cost Evaluation of Smartphones

Selection and Execution of User Level Test Cases for Energy Cost Evaluation of Smartphones Rajesh Palit PhD Candidate Co-authors: R Arya, S Naik, A Singh Department of E&amp;CE Tuesday, May 24, 2011 Motivation Rapid development of

443 views • 19 slides
Acceptance Test Optimization Optimization Mohamed Mussa, Ferhat Khendek SAM2014 Outline

Acceptance Test Optimization Optimization Mohamed Mussa, Ferhat Khendek SAM2014 Outline

Acceptance Test Optimization Optimization Mohamed Mussa, Ferhat Khendek SAM2014 Outline Outline Background Problem Statement Overall Approach Integration test cases selection Integration test cases selection

490 views • 21 slides
Big-O-ology Problem You can only run a few test cases. There will be many inputs you wont test

Big-O-ology Problem You can only run a few test cases. There will be many inputs you wont test

How do you tell how fast a program is? Answer? Run some test cases. Big-O-ology Problem You can only run a few test cases. There will be many inputs you wont test ...and BAD things may be happening on that stuff. Jim Royer FIX? Test all

78 views • 7 slides
Test automation Whenever we alter our code, we should re-test Our collections of test cases

Test automation Whenever we alter our code, we should re-test Our collections of test cases

Test automation Whenever we alter our code, we should re-test Our collections of test cases can be substantial, and each test case can be large: manual testing is slow, error-prone Ideally, we would like a tool or script that lets us

186 views • 7 slides
Automating the Generation of Mutation-based Test Cases Mik ike e Pap apad adakis akis

Automating the Generation of Mutation-based Test Cases Mik ike e Pap apad adakis akis

Automating the Generation of Mutation-based Test Cases Mik ike e Pap apad adakis akis Department of Informatics Athens University of Economics and Business 1 Mutation Testing White-box, fault-based testing technique Considered as

540 views • 22 slides
Model-Based Testing (ISTQB Chapter 4) Arie van Deursen 1 4.1 ISTQB Test Design Test Scripts

Model-Based Testing (ISTQB Chapter 4) Arie van Deursen 1 4.1 ISTQB Test Design Test Scripts

Model-Based Testing (ISTQB Chapter 4) Arie van Deursen 1 4.1 ISTQB Test Design Test Scripts Test Basis 4.1.2: Test Analysis 4.1.4: Test Implementation Test Selected Test Cases Test Conditions Conditions 4.1.3: Test Design 2 Test

1.18k views • 38 slides
STARTS: STARTS: STARTS: STARTS: STAtic STAtic Regression Test Selection Regression Test

STARTS: STARTS: STARTS: STARTS: STAtic STAtic Regression Test Selection Regression Test

STARTS: STARTS: STARTS: STARTS: STAtic STAtic Regression Test Selection Regression Test Selection STAtic STAtic Regression Test Selection Regression Test Selection Owolabi Legunsen , August Shi, Darko Marinov ASE 2017 Urbana-Champaign,

480 views • 11 slides
Learning objectives Understand the rationale for systematic (non- random) selection of test

Learning objectives Understand the rationale for systematic (non- random) selection of test

Learning objectives Understand the rationale for systematic (non- random) selection of test cases Understand the basic concept of partition testing Functional testing and its underlying assumptions Understand why functional test

220 views • 5 slides
TEST AUTOMATION AT BMAR BMAR TEST TEAM Test Automation Planning 1. Selection Of Test

TEST AUTOMATION AT BMAR BMAR TEST TEAM Test Automation Planning 1. Selection Of Test

TEST AUTOMATION AT BMAR BMAR TEST TEAM Test Automation Planning 1. Selection Of Test Automation Tool Telerik Test Studio tool was selected. 2. Automation Projects - Agency Project- Yna - 26 developer, 5 tester, 12 years, 3.568.168 rows

591 views • 22 slides
State-Based Testing Part B Error Identification Generating test cases for complex

State-Based Testing Part B Error Identification Generating test cases for complex

State-Based Testing Part B Error Identification Generating test cases for complex behaviour Reference: Robert V. Binder Testing Object-Oriented Systems: Models, Patterns, and Tools Addison-Wesley, 2000, Chapter

635 views • 61 slides
Chapter 9 Adverse Selection 9.1 Introduction: Production Game VI In moral hazard with

Chapter 9 Adverse Selection 9.1 Introduction: Production Game VI In moral hazard with

Chapter 9 Adverse Selection 9.1 Introduction: Production Game VI In moral hazard with hidden knowledge and adverse selection, the principal tries to sort out agents of different types. In moral hazard with hidden knowledge , the

659 views • 30 slides
1 2 3 4 5 6 Pesticide are also classified based on hazard level. The hazard classification may

1 2 3 4 5 6 Pesticide are also classified based on hazard level. The hazard classification may

1 2 3 4 5 6 Pesticide are also classified based on hazard level. The hazard classification may help in assessing the risk/severity of a poisoning involving pesticides. IN MALAYSIA, label for pesticides are using different colour coding for

1.02k views • 52 slides
From Selection to Repetition Semantics of while loop The if statement and if/else statement

From Selection to Repetition Semantics of while loop The if statement and if/else statement

From Selection to Repetition Semantics of while loop The if statement and if/else statement allow a block of if (test) while (test) { { statements to be executed selectively: based on a guard/test

224 views • 9 slides
BIOE 301 Lecture Five Review of Lecture Four Developing World Cardiovascular diseases, 1.

BIOE 301 Lecture Five Review of Lecture Four Developing World Cardiovascular diseases, 1.

BIOE 301 Lecture Five Review of Lecture Four Developing World Cardiovascular diseases, 1. Cancer (malignant neoplasms), 2. Unintentional injuries, and 3. HIV/AIDS 4. Developed World Cardiovascular diseases, 1. Cancer

713 views • 55 slides
Parallel numerical modelling of gas-dynamic processes in airbag combustion chamber using

Parallel numerical modelling of gas-dynamic processes in airbag combustion chamber using

The 2nd Russian-German Advanced Research Workshop on Computational Science and High Performance Computing Stuttgart, 2005 Parallel numerical modelling of gas-dynamic processes in airbag combustion chamber using different computing platforms

348 views • 17 slides
Impedance, Damper, Radial Modes, Coupled Bunches, Beam- Beam and more A. A. Burov ov

Impedance, Damper, Radial Modes, Coupled Bunches, Beam- Beam and more A. A. Burov ov

Nested Head Tail Vlasov Solver: Impedance, Damper, Radial Modes, Coupled Bunches, Beam- Beam and more A. A. Burov ov Fermilab milab special thanks - to V.Danilov, E.Metral, N.Mounet, S.White, X.Buffat, and T.Pieloni JAI, Oxford, 10/10/13

655 views • 31 slides
over Dynamic Outsourced Databases Yupeng Zhang, Daniel Genkin, Jonathan Katz, Dimitrios

over Dynamic Outsourced Databases Yupeng Zhang, Daniel Genkin, Jonathan Katz, Dimitrios

vSQL: Verifying Arbitrary SQL Queries over Dynamic Outsourced Databases Yupeng Zhang, Daniel Genkin, Jonathan Katz, Dimitrios Papadopoulos and Charalampos Papamanthou Verifiable Databases client server SQL database query result + proof

412 views • 30 slides
Computation Reuse in Analytics Job Service at Microsoft Alekh Jindal, Shi Qiao, Hiren Patel,

Computation Reuse in Analytics Job Service at Microsoft Alekh Jindal, Shi Qiao, Hiren Patel,

Computation Reuse in Analytics Job Service at Microsoft Alekh Jindal, Shi Qiao, Hiren Patel, Zhicheng Yin, Jieming Di, Malay Bag, Marc Friedman, Yifung Lin, Konstantinos Karanasos, Sriram Rao Microsoft Computation Reuse in Analytics ! Job

397 views • 20 slides
An Introduction to Formal Argumentation Martin Caminada University of Luxembourg An Example

An Introduction to Formal Argumentation Martin Caminada University of Luxembourg An Example

An Introduction to Formal Argumentation Martin Caminada University of Luxembourg An Example (1/2) [Prakken] Paul: My car is very safe. Olga: Why? Paul: Since it has an airbag. Olga: It is true that your car has an airbag, but I do not think

1.11k views • 75 slides
A p L B A 1c 1c B C 1c continue as before 0.999999 pay $30 ~ L 0.000001 instant

A p L B A 1c 1c B C 1c continue as before 0.999999 pay $30 ~ L 0.000001 instant

A p L B A 1c 1c B C 1c continue as before 0.999999 pay $30 ~ L 0.000001 instant death +U o o o o o o o o o o o o +$ 800,000 o o o p 1.0 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0.0 $x 0 500 1000 2000 3000

809 views • 22 slides
Systems on Chip and Networks on Chip: Bridging the Gap with QoS Kees Goossens Philips Research

Systems on Chip and Networks on Chip: Bridging the Gap with QoS Kees Goossens Philips Research

Systems on Chip and Networks on Chip: Bridging the Gap with QoS Kees Goossens Philips Research The Netherlands Kees Goossens 09-07-2003 MPSOC 2 sources of unpredictability applications unpredictability architectures physical effects

820 views • 46 slides

More recommend