[SystemSafety] MC/DC coverage assumptions
Dewi Daniels
dewi.daniels at software-safety.com
Wed Feb 28 16:21:20 CET 2018
Derek,
The definition of Modified Condition/Decision Coverage is:
"Every point of entry and exit in the program has been invoked at least
once, every condition in a decision in the program has taken all possible
outcomes at least once, every decision in the program has taken all
possible outcomes at least once, and each condition in a decision has been
shown to independently affect that decision's outcome. A condition is shown
to independently affect a decision's outcome by: (1) varying just that
condition while holding fixed all other possible conditions, or (2) varying
just that condition while holding fixed all other possible conditions that
could affect the outcome".
In your example, the single condition would have to have been evaluated to
both true and false to achieve MC/DC. This means that at least two test
cases are required to achieve either MC/DC or branch coverage, but one test
case would be sufficient to achieve statement coverage.
I'd be astonished if a tool with the pedigree of LDRA Testbed got this
wrong.
Dewi
Yours,
Dewi Daniels | Director | Software Safety Limited
Telephone +44 7968 837742 | Email d <ddaniels at verocel.com>
ewi.daniels at software-safety.com
Software Safety Limited is a company registered in England and Wales.
Company number: 9390590. Registered office: Fairfield, 30F Bratton Road,
West Ashton, Trowbridge, United Kingdom BA14 6AZ
On 28 February 2018 at 14:35, Derek M Jones <derek at knosof.co.uk> wrote:
> All,
>
> I was recently reading a paper that compared unit testing of
> industrial embedded software with some open source programs.
> The comparison included a table of statement, branch and MC/DC coverage,
> items in the table included: aerospace software, automotive software and
> subway signal software
>
> The MC/DC coverage numbers were a lot better than the statement and
> branch coverage. This is obviously a mistake, at best they can be
> as good as.
>
> I emailed the authors, who have been very prompt replying.
> The latest reply was a bit surprising.
>
> The algorithm they used for MC/DC assumes that a function containing
> a single branch (e.g., an if-statement with no else part) and
> the test involves a single condition (i.e., no AND or OR conditions),
> then 100% MC/DC coverage is assumed, even if 100% branch coverage is
> not obtained.
>
> Sounds like a mistake in their algorithm. However, they claim there is
> some amount of existing practice and even call out Testbed as
> behaving like this (I don't have a copy to check this out).
>
> Somebody please tell me that this is not an assumption made by
> commercial packages when calculating MC/DC coverage.
>
> The authors admit that MC/DC coverage cannot be better than
> statement and branch coverage, and admit the current presentation
> of MC/DC coverage in the table could be misleading. They are going
> to release a version with corrected data.
>
> --
> Derek M. Jones Software analysis
> tel: +44 (0)1252 520667 blog:shape-of-code.coding-guidelines.com
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20180228/79e90ebf/attachment.html>
More information about the systemsafety
mailing list