This paper presents a technique for automatically generating test-data to test exceptions. The approach is based on the application of a dynamic global optimization based search for the required test-data. The authors ’ work has focused on test-data generation for safety-critical systems. Such systems must be free from anomalous and uncontrolled behaviour. Typically, it is easier to prove the absence of any exceptions than proving that the exception handling is safe. A process for integrating automated testing with exception freeness proofs is presented as a way forward for tackling the special needs of safety critical systems. The results of a number of simple case-studies are presented and show the technique to be effective. The major result shows the application of the technique to a commercial aircraft engine controller system as part of a proof of exception freeness. This illustrates how automated testing can be effectively integrated into a formal safety-critical process to reduce costs and add value. Copyright © 2000 John Wiley & Sons, Ltd. KEY WORDS: test-data generation; verification; exception conditions

Abstract not found

This paper describes the intermediate results of a project to develop automated, high integrity, software verification and validation techniques for aerospace applications. Automated specification validation and test case generation are made possible by the targeted use of formal methods. Specifically, the restricted domain of use is exploited to reduce the set of mathematical problems to those that can be solved using constraint solvers, model checkers and automated proof tactics. The practicality of the techniques is enhanced by the tight integration of the formal methods to intuitive specification notations, existing specification modelling tools and a traditional software development process. This paper presents evidence to support an emerging appreciation amongst the software engineering community that, for the benefits of formal methods to be widely exploited in industry, an approach must be taken that integrates formal analysis with intuitive engineering notations, traditional ...

Programmable logic devices (PLDs) are increasing in complexity and speed, and are being used as important components in safety-critical systems. Methods for developing high-integrity software for these systems are well-known, but this is not true for programmable logic. We propose a process for developing a system incorporating software and PLDs, suitable for safety critical systems of the highest levels of integrity. This process incorporates the use of Synchronous Receptive Process Theory as a semantic basis for specifying and proving properties of programs executing on PLDs, and extends the use of SPARK Ada from a programming language for safety-critical systems software to cover the interface between software and programmable logic. We have validated this approach through the specification and development of a substantial safety-critical system incorporating both software and programmable logic components, and the development of tools to support this work. This enables us to claim that the methods demonstrated are not only feasible but also scale up to realistic system sizes, allowing development of such safety-critical software-hardware systems to the levels required by current system safety standards. Declaration of originality I declare that no part of this work has previously been submitted to a university or other educational institution for a degree or other qualification. I further declare that this thesis is my original work, except for clearly indicated sections where the appropriate attributions and acknowledgements are given to work by other authors.

This paper presents the results of a three year research program to develop an automated test-data generation framework to support the testing of safety-critical software systems. The generality of the framework comes from the exploitation of domain independent search techniques, allowing new test criteria to be addressed by constructing functions that quantify the suitability of test-data against the test-criteria. The paper presents four applications of the framework — specification falsification testing, structural testing, exception condition testing and worst-case execution time testing. The results of three industrial scale case-studies are also presented to show that the framework offers useful support in the development safety-critical software systems. 1

The exception handling code of a system is in general the least documented, tested and understood part, since exceptions are expected to occur only rarely. This paper presents a technique for automatically generating test-data to test exceptions. The approach is based on the application of a dynamic global optimisation based search for the required test-data. The authors' work has focused on test-data generation for safety-critical systems. Such systems must be free from anomalous and uncontrolled behaviour. Typically, it is easier to prove the absence of any exceptions than it is to prove that the exception handling is safe. A process for integrating automated testing with exception freeness proofs is presented as a way forward for tackling the special needs of safety critical systems. An evaluation shows the application of the technique to a commercial aircraft engine controller system as part of a proof of exception freeness. 1 Introduction A failure occurs when software is preven...

Safety-critical systems are an important subset of high-assurance systems. Higher performance requirements have led to the increased use of combined hardware/software systems therein, with hardware devices taking processing load off software. As might be expected, safety-critical systems have many requirements made of them by established standards. By implication, and now by emerging safety standards, such requirements must be discharged over hardware/software combinations, with important ramifications for best practice. In this paper we discuss the impact that such requirements have on the co-development of hardware/software combinations, and suggest adaptations of existing best practice that could discharge them.