Mutation-Based Test Generation for PLC Embedded Software Using Model Checking

Testing is an important activity in engineering of industrial embedded software. In certain application domains (e.g., railway industry) engineering software is certified according to safety standards that require extensive software testing procedures to

  • PDF / 605,413 Bytes
  • 17 Pages / 439.37 x 666.142 pts Page_size
  • 97 Downloads / 166 Views

DOWNLOAD

REPORT


oftware Testing Laboratory, M¨ alardalen University, V¨ aster˚ as, Sweden [email protected] 2 Blekinge Institute of Technology, Karlskrona, Sweden

Abstract. Testing is an important activity in engineering of industrial embedded software. In certain application domains (e.g., railway industry) engineering software is certified according to safety standards that require extensive software testing procedures to be applied for the development of reliable systems. Mutation analysis is a technique for creating faulty versions of a software for the purpose of examining the fault detection ability of a test suite. Mutation analysis has been used for evaluating existing test suites, but also for generating test suites that detect injected faults (i.e., mutation testing). To support developers in software testing, we propose a technique for producing test cases using an automated test generation approach that operates using mutation testing for software written in IEC 61131-3 language, a programming standard for safety-critical embedded software, commonly used for Programmable Logic Controllers (PLCs). This approach uses the Uppaal model checker and is based on a combined model that contains all the mutants and the original program. We applied this approach in a tool for testing industrial PLC programs and evaluated it in terms of cost and fault detection. For realistic validation we collected industrial experimental evidence on how mutation testing compares with manual testing as well as automated decision-coverage adequate test generation. In the evaluation, we used manually seeded faults provided by four industrial engineers. The results show that even if mutation-based test generation achieves better fault detection than automated decision coverage-based test generation, these mutation-adequate test suites are not better at detecting faults than manual test suites. However, the mutation-based test suites are significantly less costly to create, in terms of testing time, than manually created test suites. Our results suggest that the fault detection scores could be improved by considering some new and improved mutation operators (e.g., Feedback Loop Insertion Operator (FIO)) for PLC programs as well as higher-order mutations.

1

Introduction

Software testing is an important verification and validation activity used to reveal software faults and make sure that actual software behavior matches c IFIP International Federation for Information Processing 2016  Published by Springer International Publishing AG 2016. All Rights Reserved F. Wotawa et al. (Eds.): ICTSS 2016, LNCS 9976, pp. 155–171, 2016. DOI: 10.1007/978-3-319-47443-4 10

156

E.P. Enoiu et al.

its expected behavior [2]. Safety-critical and real-time software systems implemented in Programmable Logic Controllers (PLCs) are used in many real-world industrial application domains. One of the programming languages defined by the International Electrotechnical Commission (IEC) for PLCs is the Function Block Diagram (FBD) language. In testing IEC 61131-3 FBD prog