November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 1 System Test Planning and the usefulness of a “Safety Checklist” ECEN5033.

Slides:



Advertisements
Similar presentations
Building Bug-Free O-O Software: An Introduction to Design By Contract A presentation about Design By Contract and the Eiffel software development tool.
Advertisements

Use Case & Use Case Diagram
Software Quality Assurance Plan
Lecture # 2 : Process Models
10 Software Engineering Foundations of Computer Science ã Cengage Learning.
SEP1 - 1 Introduction to Software Engineering Processes SWENET SEP1 Module Developed with support from the National Science Foundation.
Introduction to Software Testing Chapter 2.6 Graph Coverage for Use Cases Paul Ammann & Jeff Offutt
Use Case Modeling SJTU. Unified Modeling Language (UML) l Standardized notation for object-oriented development l Needs to be used with an analysis and.
Introduction to Software Testing Chapter 2.6 Graph Coverage for Use Cases Paul Ammann & Jeff Offutt
Interaction Diagrams Activity Diagram State Machine Diagram
1 Solution proposal Exam 19. Mai 2000 No help tools allowed.
Software Testing and Quality Assurance
January 20, 2002ECEN5033 University of Colorado, Testing OO Software Part Two 1 Testing Object-Oriented Software – Testing Models Software Engineering.
Computer Engineering 203 R Smith Requirements Management 6/ Requirements IEEE Standard Glossary A condition or capability needed by a user to solve.
Chapter 6 Prototyping, RAD, and Extreme Programming
Object Oriented Analysis Process
(c) 2007 Mauro Pezzè & Michal Young Ch 24, slide 1 Documenting Analysis and Test.
SE 555 Software Requirements & Specification Requirements Validation.
November 27, 2001Domain Modeling1 Domain Modeling Chapters Use-Case Modeling Chapters 9 and 13 Filling in some gaps about: Levels of abstraction.
1 CMSC 132: Object-Oriented Programming II Nelson Padua-Perez William Pugh Department of Computer Science University of Maryland, College Park.
© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.
September, 2006R. Dameron, University of Colorado, ECEN5033, System Test Planning 1 System Test Planning and the usefulness of a “Safety Checklist” ECEN5543.
The Software Product Life Cycle. Views of the Software Product Life Cycle  Management  Software engineering  Engineering design  Architectural design.
Hazard and Operability Studies - HAZOP ChE 258 Chemical Process Safety University of Missouri - Rolla Fike Corporation.
Software Testing Prasad G.
1 Software Testing Techniques CIS 375 Bruce R. Maxim UM-Dearborn.
Introduction to Computer Technology
HAZOP System Safety: HAZOP and Software HAZOP, by Felix Redmill, Morris Chudleigh, James Catmur, John Wiley & Sons, 1999.
S/W Project Management
Chapter 9 Database Planning, Design, and Administration Sungchul Hong.
Database System Development Lifecycle © Pearson Education Limited 1995, 2005.
CCSB223/SAD/CHAPTER141 Chapter 14 Implementing and Maintaining the System.
Extreme Programming Software Development Written by Sanjay Kumar.
Testing. Definition From the dictionary- the means by which the presence, quality, or genuineness of anything is determined; a means of trial. For software.
Software Testing Lifecycle Practice
ITEC224 Database Programming
Unit 8 Syllabus Quality Management : Quality concepts, Software quality assurance, Software Reviews, Formal technical reviews, Statistical Software quality.
Software Testing Testing principles. Testing Testing involves operation of a system or application under controlled conditions & evaluating the results.
FCS - AAO - DM COMPE/SE/ISE 492 Senior Project 2 System/Software Test Documentation (STD) System/Software Test Documentation (STD)
CEN rd Lecture CEN 4021 Software Engineering II Instructor: Masoud Sadjadi Phases of Software.
Software Project Management Lecture # 10. Outline Quality Management (chapter 26)  What is quality?  Meaning of Quality in Various Context  Some quality.
Software Project Management Lecture # 11. Outline Quality Management (chapter 26 - Pressman)  What is quality?  Meaning of Quality in Various Context.
1 Introduction to Software Engineering Lecture 1.
Requirements as Usecases Capturing the REQUIREMENT ANALYSIS DESIGN IMPLEMENTATION TEST.
CS Data Structures I Chapter 2 Principles of Programming & Software Engineering.
CMSC 345 Fall 2000 Requirements Overview. Work with customers to elicit requirements by asking questions, demonstrating similar systems, developing prototypes,
Systems Development Life Cycle
1 Graph Coverage (6). Reading Assignment P. Ammann and J. Offutt “Introduction to Software Testing” ◦ Section
© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.
Chapter 1: Fundamental of Testing Systems Testing & Evaluation (MNN1063)
© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.
Software Engineering1  Verification: The software should conform to its specification  Validation: The software should do what the user really requires.
Software Quality Assurance SOFTWARE DEFECT. Defect Repair Defect Repair is a process of repairing the defective part or replacing it, as needed. For example,
1 Software Testing Strategies: Approaches, Issues, Testing Tools.
CPSC 871 John D. McGregor Module 6 Session 2 Validation and Verification.
Software Engineering Lecture 8: Quality Assurance.
Software Development Process CS 360 Lecture 3. Software Process The software process is a structured set of activities required to develop a software.
1 CEN 4020 Software Engineering PPT4: Requirement analysis.
CIS-74 Computer Software Quality Assurance
What is a software? Computer Software, or just Software, is the collection of computer programs and related data that provide the instructions telling.
Requirements Document for the Banking System
Testing throughout Lifecycle Ljudmilla Karu. Verification and validation (V&V) Verification is defined as the process of evaluating a system or component.
1 Case Study and Use Cases for Case Study Lecture # 28.
Paul Ammann & Jeff Offutt
Dynamic Modeling of Banking System Case Study - I
Object-Oriented Static Modeling of the Banking System - I
Systems Analysis and Design
Paul Ammann & Jeff Offutt
Fundamental Test Process
Software Testing Lifecycle Practice
Presentation transcript:

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 1 System Test Planning and the usefulness of a “Safety Checklist” ECEN5033

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 2 State Transition Diagram for “split” routine Present State InputActionsOutputsNext State S0S0 DSDS Open F 6 Open F 7 S1S1 S1S1 D 11 Write F 6 D 11 ; F 6 S1S1 D 12 Close F 6 Write F 7 D 12 ; F 7 S2S2 DEDE Close F 6 Close F 7 S0S0 S2S2 D 12 Write F 7 D 12 ; F 7 S2S2 DEDE Close F 7 S0S0

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 3 Present StateInput or EventActionOutputNext State ST1. Idlecard insertedrequest for PINWaiting for PIN ST2. Waiting for PINPIN entereddisplay asterisksValidating PIN ST3. Waiting for PINcanceldisplay msgEjecting ST4. Validating PINindicates “valid”display choicesWaiting for customer transaction choice ST5. Validating PINindicates “stolen”display “stolen” confiscating ST6. Validating PINindicates “invalid”display “invalid” Waiting for PIN ST7. Waiting for customer transaction choice Canceldisplay “cancel” Ejecting ST8. Waiting for customer transaction choice Balance Query selectedProcessing query continued on next slide

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 4 ST9. Waiting for customer transaction choice Withdrawal selectedProcessing w/d ST10. confiscatingCard confiscatedterminating ST11. Processing queryRejected for this userdisplay “rejected” Ejecting ST12. Processing queryQuery OKdisplay printing printing ST13. Processing withdrawal ok amountdisplay ok msgdispensing ST14. Processing withdrawal not ok amountdisplay refusalEjecting ST15. Printingtransaction completeprint receiptejecting ST16. Dispensingsufficient cash in ATMcashprinting ST17. Dispensinginsufficient cash in ATMdisp “insufficient cash” ejecting ST18. Ejectingcard ejection starteddisplay msg to take cardterminating ST19. terminatingcard ejection completedisplay ending msg idle

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 5 State Transition Diagram - incomplete Idle card inserted/ waiting for PIN PIN inserted/ validating PIN ejecting “cancel” “invalid” “stolen” confis- cating “valid” waiting for cust xaction “cancel” terminat- ing card ej complete card confis’d

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 6 2-dimensional event table EVENT ModeE13E37E45… Start- up A16----A14; A32 SteadyXA6, A2--- Shut- down --- Alarm--- Action;action = sequential actions. Action, action = concurrent actions. X = impossible. --- = no action required.

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 7 Checklist regarding Robustness

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 8 Robustness 11. If performance degradation is the chosen response, is the degradation predictable? 12. Are there sufficient delays incorporated into the error-recovery responses, e.g. don’t return to normal state prior to managing the error 13. Are feedback loops specified where appropriate to compare the actual effects of outputs on the system with the predicted effects?

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 9 Robustness, continued 14.Are all modes and modules reachable (used in some path through the code)? Superfluous? Other logic error? 15.If a hazards analysis has been done, does every path from a hazardous state (a failure-mode) lead to a low-risk state? 16.Are the inputs identified which, if not received, can lead to a hazardous state or can prevent recovery (single-point failures)?

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 10 Usefulness? Safety checklist has been demonstrated to “ask the right questions” Not sufficient to preclude introducing errors Necessary although not sufficient

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 11 May I have the envelope, please … Not every hazardous state led to a low-risk state. Error-recovery responses incorporated insufficient delays. Input arrived when it shouldn’t and no response was specified; response defaulted to unintended behavior. Response not specified for out-of-range values that were possible for some inputs #5 Output produced too fast for interfacing module #4#2 #3 #1

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 12 Allows tailoring Focuses on historically troublesome aspects of safety-critical, embedded software Avoids over-specification of well- understood or low-risk requirements Tailor to level of technical or historical risk

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 13 First step toward safety constraints Many items that it identifies are system hazards Can be used to identify safety constraints Not yet ready for formal prediction –How use for informal prediction of error prone factors

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 14 After Requirements Are Improved … How do we ensure that requirements are implemented and maintained? –After code is written (new code or bug fixes); note: difficult to unit test these issues –After new requirements are added –After old requirements are modified Role of reviews Code the invariants where appropriate System tests to test use cases and the safety checklist

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 15 Create a system test plan – IEEE Std Test the Success Scenario and conditions that lead to alternative paths of use cases 2.If possible, test to verify the relevant safety checklist items – “safety” may not be main concern but correct interfaces and robustness are. 3.If any resources are shared among processes, review and test for correctness of mutual exclusion. (SW Eng of Multi-program Sys) 4.If “cooperating processes”, verify suspension happens correctly, a suspended process restored when appropriate, restoration correct.

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 16 IEEE 829 Standard Test Plan Outline 1.0Introduction 2.0Test Items 3.0Tested Features 4.0Features Not Tested (per cycle) 5.0Testing Strategy and Approach 5.1Syntax 5.2Description of functionality 5.3Arguments for Tests 5.4Expected Output 5.5Specific Exclusions 5.6Dependencies 5.7Test Case Success/Failure Criteria

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 17 IEEE 829 Standard Test Plan Outline Introduction 2.0Test Items 3.0Tested Features 4.0Features Not Tested (per cycle) [Repeat 5.0 for each system level test.] 5.0 Testing Strategy and Approach 5.1Syntax 5.2Description of functionality 5.3Arguments for Test 5.4Expected Output 5.5Specific Exclusions 5.6Dependencies 5.7Test Case Success/Failure Criteria

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 18 IEEE 829 Standard Test Plan Outline Pass/Fail Criteria for the Complete Test Cycle 7.0Entrance Criteria/Exit Criteria 8.0Test-Suspension Criteria and Resumption Req’s 9.0Test Deliverables/Status Communications Vehicles 10.0Testing Tasks 11.0Hardware and Software Requirements (for testing) 12.0Problem Determination and Correction Responsibilities

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 19 IEEE 829 Standard Test Plan outline Staffing and Training Needs/Assignments 14.0Test Schedules 15.0Risks and Contingencies 16.0Approvals

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 20 Glass-box – briefly (Need implementation details) Test module/process/object-cluster interfaces (process level can be system test) Test object/object-cluster contracts Create test data to force certain code paths Note: if team is doing incremental development, you can begin glass-box testing early

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 21 More to consider If the system is too large to test thoroughly, what tests should you emphasize? Stay tuned …

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 22 HAZOP System Safety: HAZOP and Software HAZOP, by Felix Redmill, Morris Chudleigh, James Catmur, John Wiley & Sons, 1999

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 23 What is HAZOP? Technique for identifying and analyzing the hazards and operational concerns of a system. Central activity – a methodical investigation of a system description (design representation).

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 24 What this presentation does not cover: The book puts a LOT of emphasis on –Selecting the study initiator –Selecting the study leader –Planning the study –Roles during the study –Questions vs. follow-up –Completion criteria (P.S. It also tells how to conduct the study itself :-)

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 25 Reasonable Limits for this class This is a human-intensive activity As such, the details on the previous page are of extreme importance – authors are experienced and therefore recognize this You won’t be able to conduct a HAZOP study on the basis of these slides Goal: Understand what it is – set the bar higher

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 26 Study process itself in a nutshell Introductions Presentation of design notation Examine design methodically one unit at a time Is it possible to deviate from design intent here? Examine both consequences and causes of the possible deviation YES NO Document results Define follow-up work Time up?Agree on documentation Sign off YES NO

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 27 Examine design methodically each unit in turn Suppose the design representation is a collection of state transition tables: Units are states, transitions, event/action pairs For EACH, list the recommended attributes (see table from the Hazop book) For each attribute, use the guide words to trigger the questions about ways to deviate

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 28 The suggested guide words –No: negation of design intention; no part of design intention is achieved but nothing else happens –More: Quantitative increase –Less: Quantitative decrease –As well as: Qualitative increase where all design intention is achieved plus additional activity –Part of: Qualitative decrease where only part of the design intention is achieved –Reverse: logical opposite of the intention –Other than: complete substituion, where no part of the original intention is achieved but something quite different happens

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 29 When timing matters Add the following guide words: –Early: something happens earlier in time than intended –Late: something happens later in time than intended –Before: something happens earlier in a sequence than intended –After: something happens later in a sequence than intended

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 30 Guide words chosen Match the system being examined to appropriate table or modify the closest Match the design representation Note: not all guide words apply to all attributes –For attribute “speed” of an electric motor, omit guide word “as well as” and “part of” –For attribute “data flow” on a dfd, “less” is not used because meaning covered by “part of” Generally, study leader selects from the guide words, provides interpretations based on chosen design representation and context, distributes to team in advance of the study

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 31 Applications Originally developed for chemical plants Book has detailed examples for –Software using data flow diagrams –Software using state transition diagrams Includes timing attributes of response time and repetition time –Software using various OO models –Digital electronics –Communication systems –Electromechanical systems Same guide words, different interpretations

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 32 See book excerpts More detailed outline of the HAZOP process – Figure 9.2 –For all entities For all attributes –For each guide word »Is deviation credible? Example matrices

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 33 Fig 9.2 HAZOP meeting process

November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 34

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.