Wikipedia

Modified condition/decision coverage

This is an old revision of this page, as edited by Yobot (talk | contribs) at 13:18, 5 May 2014 (Criticism: WP:CHECKWIKI error fixes using AWB (10093)). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The most critical (Level A) software, which is defined as that which could provide (or prevent failure of) continued safe flight and landing of an aircraft, must satisfy a level of coverage called modified condition/decision coverage (MC/DC). It is used in the standard DO-178B to ensure that Level A software is tested adequately.

To satisfy the MC/DC coverage criterion, during testing all of the below must be true at least once:[1]

  • Each decision tries every possible outcome
  • Each condition in a decision takes on every possible outcome
  • Each entry and exit point is invoked
  • Each condition in a decision is shown to independently affect the outcome of the decision.

Independence of a condition is shown by proving that only one condition changes at a time.

Criticism

The MC/DC coverage criterium is highly suspect. Purely syntactic rearrangements of decisions (breaking them into several independently evaluated conditions using temporary variables, the values are which are then used in the decision) which do not change the semantics of a program will dramatically lower the difficulty of obtaining complete MC/DC coverage.[2] This is because MC/DC does not consider the dataflow coming together in a decision but is starts off with the program syntax, it is thus easy to "cheat" either deliberately or involuntarily.

Definitions

Condition
A condition is a leaf-level Boolean expression (it cannot be broken down into a simpler Boolean expression).
Decision
A Boolean expression composed of conditions and zero or more Boolean operators. A decision without a Boolean operator is a condition.
Condition coverage
Every condition in a decision in the program has taken all possible outcomes at least once.
Decision coverage
Every point of entry and exit in the program has been invoked at least once, and every decision in the program has taken all possible outcomes at least once.
Condition/decision coverage
Every point of entry and exit in the program has been invoked at least once, every condition in a decision in the program has taken all possible outcomes at least once, and every decision in the program has taken all possible outcomes at least once.
Modified condition/decision coverage
Every point of entry and exit in the program has been invoked at least once, every condition in a decision in the program has taken on all possible outcomes at least once, and each condition has been shown to affect that decision outcome independently. A condition is shown to affect a decision's outcome independently by varying just that condition while holding fixed all other possible conditions. The condition/decision criterion does not guarantee the coverage of all conditions in the module because in many test cases, some conditions of a decision are masked by the other conditions. Using the modified condition/decision criterion, each condition must be shown to be able to act on the decision outcome by itself, everything else being held fixed. The MC/DC criterion is thus much stronger than the condition/decision coverage.

References

  1. ^ Hayhurst, Kelly; Veerhusen, Dan; Chilenski, John; Rierson, Leanna (May 2001). "A Practical Tutorial on Modified Condition/ Decision Coverage" (PDF). NASA.
  2. ^ Rajan, Ajitha; Heimdahl, Mats; Whalen, Michael (March 2003). "The Effect of Program and Model Structure on MC⁄DC Test Adequacy Coverage" (PDF). {{cite journal}}: Cite journal requires |journal= (help)
Retrieved from "https://en.wikipedia.org/w/index.php?title=Modified_condition/decision_coverage&oldid=607171702"