The model-based implementation is to derive an implementation from a model that has been shown to meet requirements. Even though this approach can be used to guarantee that an implementation satisfies functional requirements that are shown to be correct at the model level, it is still challenging to assure timing requirements at the implementation level. We propose a layered approach in testing timing requirements conformance of implemented systems developed by model-based implementation.
In our approach, the abstraction boundary of the implemented system is formally defined using Parnas’ four-variables model. Then, the proposed approach tests timing aspects of the interaction between the auto-generated code and the target platform dependent code based on the four-variables. This approach aims at not only detecting the timing requirement violation, but also at measuring delay-segments that contribute to the timing deviation of the implemented system w.r.t. the model. We show the case study of testing timing requirements of an infusion pump system to illustrate the applicability of the proposed framework.
TIMING ASSURANCE GAP IN THE MODEL-BASED IMPLEMENTATION
Fig. 1 shows the model-based implementation process that we have used to develop infusion pump software. To illustrate the need for timing requirement validation, consider the following requirement from the GPCA safety requirements that list general requirements for the safe operation of PCA infusion pumps; an explicit timing information is added to the original requirement in order to explain our work.
The modeling and verification phase aims at creating a model (Fig. 1-(1)) that interacts with the environment model. For example, Fig. 2 is a Stateflow model that captures the software behavior of the infusion pump, and the timing requirement of REQ1 can be verified; the details of Fig. 2 are explained later in this paper.
THE LAYERED APPROACH IN TIMING TESTING
Given the timing requirement of REQ1, Fig. 3 illustrates the timing behavior of the model (Fig. 3-(a)), and its implemented system using four-variables (Fig. 3-(b),(c),(d)). In Fig. 3-(a), when i-BolusReq event is provided to the model of Fig. 2, the o-MotorState event is produced within 100 ms.
Fig. 3-(b) shows the timing behavior of the implemented system captured through R-testing. Suppose the R-testing result shows that REQ1 does not conform in the implemented system (i.e., the delay is greater than 100 ms). Fig.3-(c) and (d) illustrate several delay-segments that constitute the requirement violation.
CASE STUDY: TIMING TESTING FOR INFUSION PUMPS
Table I is the experimental results that show the time delays measured while each implemented system processed the bolus processing scenario in REQ1. Ten test samples obtained from each implemented system are shown in the table to explain how our testing framework works. The results of R-testing and M-testing are separately shown for each implemented system.
We propose a timing testing framework for the model-based implementation based on Parnas’ four-variables model. The test framework measures the time delay between the auto generated code and Input/Output devices. The four-variable model is used to partition timing testing into R-resting and Mtesting. R-testing measures the time difference of the input and output events occurring at the boundary of the Input/Output devices and the environment.
R-testing enables the implemented system to check a timing requirement violation. Mtesting measures the delay-segments that constitute the timing deviation of the implemented system w.r.t. the model using the input and output events occurring at the boundary of the auto generated code and Input/Output devices. This testing framework can be used to quantify timing deviation of implemented systems. In future work, we plan to study test coverage and test sufficiency from which test cases can be systematically generated in order to automate the proposed R-M testing.
Source: University of Pennsylvania
Authors: BaekGyu Kim | Hyeon I. Hwang | Taejoon Park | Sang H. Son | Insup Lee