[SystemSafety] MC/DC coverage assumptions

Ian Broster ianb at rapitasystems.com
Wed Feb 28 22:37:37 CET 2018


> Most tools don't consider the branches or conditions in the pre-processor: they only see one variant and instrument it.


Yes, that's correct, because you are only testing coverage for one configuration:  the one that you will eventually deploy.  Further, your example of "#if'ed out" code would not even be considered a statement. For the chosen compiler flags and configuration #defines, this code doesn't exist


However, I do understand that where there is highly configurable source code (such as operating systems) that can create a huge number of possible configurations, this strict concept of coverage for a specific configuration from the DO-178C world doesn't help.


So we have the challenge of how to get useful and meaningful measurements of coverage in a system where you cannot possibly build and test every possible configuration and where the pre-processor is effectively implementing certain low-level requirements. Good question.


Ian


--

Dr Ian Broster
General Manager, Rapita Systems Ltd
Mob: +44 7963 469 090. Skype: ianb1469


________________________________
From: systemsafety <systemsafety-bounces at lists.techfak.uni-bielefeld.de> on behalf of Alexander.Much at elektrobit.com <Alexander.Much at elektrobit.com>
Sent: 28 February 2018 20:05:11
To: derek at knosof.co.uk; systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] MC/DC coverage assumptions

Hi Derek, *,

[...]
> The authors admit that MC/DC coverage cannot be better than statement
> and branch coverage, and admit the current presentation of MC/DC
> coverage in the table could be misleading.  They are going to release a
> version with corrected data.
>

void f (void)
{
#if A || B
   something
#endif

   if (a || b)
   {
     /* something */
   }
}

Most tools don't consider the branches or conditions in the pre-processor: they only see one variant and instrument it.

That's why we include statement coverage instrumentation in our testing *in addition* to tool-based MC/DC.

Just 2c,
Alex

p.s.: I don't really know what MC/DC means if the conditions are subject to change. I haven't seen a tool that is
able to handle this...

if (a
#if FOO
    || b
#endif
   )
   /* something */

--
Alexander Much
Chief Expert - Head of Software Systems Engineering

EB - Driving the Future of Software
P +49 9131 7701 6384
M +49 172 7479804
E alexander.much at elektrobit.com

Elektrobit Automotive GmbH, Am Wolfsmantel 46, 91058 Erlangen, Germany
Managing Directors: Alexander Kocher, Gregor Zink; Register Court Fürth HRB 4886



_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20180228/31987c0a/attachment.html>


More information about the systemsafety mailing list