Assuring Standard Conformance of Partial Interfaces
Hardi Hungar
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 1
Tasks for Compatibility Assurance
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 2
Interlocking – Interlocking (SCI-ILS)
Interlocking – Radio Block Center (SCI-RBC)
Interlocking – Level Crossing (SCI-LX)
Field elements (signals, point machines, train detection systems)
Thales SIEMENS
All examples taken
from the SCI-ILS
specification and test
specification
Functional Specification
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 3
• Text-based
• Distributed
• Incomplete
Technical Protocol Specification (Byte-Level)
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 4
Detailed telegram definition
Specification Objects
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 5
RaS
TA
RT
P
RTP: Rail Technics Protocol RaSTA: Rail Safe Transport Application
Target interface
External interfaces
Functional Specification Evolution: Formalisation
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 6
1. Textual functional specification
Formal protocol telegrams
2. Formalized interface specification of main
components
1. Interlocking
2. Radio Block Center
3. Level Crossing
3. …
101. Fully formal (functional) specification
Establishing
formality in a
modular way
Specification Objects
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 7
RaS
TA
RT
P
RTP: Rail Technics Protocol RaSTA: Rail Safe Transport Application
Target interface
External interfaces
Test Object: Interface Specification View
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 8
RaS
TA
RT
P
Interface Specification
Internal Interface (virtual)
Test Object: Testing View
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 9
RaS
TA
RT
P
Accessible Interfaces
Estimated time
of completing
specifications
of external
interfaces
(interlocking):
2015 (optimistic)
2017 (positive)
20nm (realistic)
(n<3)
Estimated time
of completing a
full functional
specification
(interlocking):
20??
Interface Specification - Semantically
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 10
RaSTA
BTP
Target
interface
Internal Interface (virtual)
Specification Abstraction
External interfaces
Approach: Test Architecture
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 11
RaS
TA
BT
P
Test Execution
Kernel
Translator
BTP-
RaSTA
Translator
internal-
external
Test Sequences
Test Report
Test
Cases
Links
Test Rack
Test Environment
manual
Similar to Subset 076
Test Architecture: Responsibilities
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 12
RaS
TA
BT
P
Test Execution
Kernel
Translator
BTP-
RaSTA
Translator
internal-
external
Test Sequences
Test Report
Test
Cases
Links
Test Rack
Test Environment
manual
Test Lab
Manufacturer
Test Architecture: Target Switch
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 13
RaS
TA
BT
P
Test Execution
Kernel
Translator
BTP-
RaSTA
Translator
internal-
external
Test Sequences
Test Report
Test
Cases
Links
Test Rack
Test Environment
manual
Components to
be modified on
target switch
Test Architecture Components (1/6)
Test Execution Kernel
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 14
• Interprets test sequences
• Drives and observes test object
• Generates test report
Test
Execution
Kernel
Test Architecture Components (2/6)
Translator BTP-RaSTA
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 15
• Simple component
• Translates between byte telegrams and physical
communication (ethernet based)
• Might involve timing imprecision
• Level of atomicity
• Message sequence
Translator
BTP-
RaSTA
Test Architecture Components (3/6)
Translator internal-external
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 16
• Translates between the virtual internal interface
and an external view of the system
• Might use test interfaces the manufacturer uses for
development purposes
• Might involve
• Incompleteness (not everything observable)
• Timing imprecision (delays)
• Might weaken test result
Translator
internal-
external
Test Architecture Components (3/6)
Translator internal-external
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 17
Implementation Option
(24/7 test rack might be expensive to build)
Translator
internal-
external
Test Architecture Components (4/6)
Test Report
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 18
• Details and summary of test result Test
Report
passed
passed (tolerable abviation)
? unclear
failed
not executed
Test case/sequence result
Numerical /
timing
In performing test
campaigns you
learn how to
interpret test
results. Only in an
ideal setting, there
is always a
definitive answer.
Test Architecture Components (5+6/6)
Test Cases and Sequences
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 19
• … first some facts on the test object
Test Case
Test
Sequences
Test Case – Sequence Diagram (Informal)
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 20
State Diagram
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 21
„Coloured“ State
„Uncoloured“ State
Transition
Test Object - Semantically
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 22
si {v}i
sk {v}k
sj {v}j
Fnctl
Fnctm Fnctn
si Discrete state (stable, „coloured“)
{v}i Variable valuation
Fnctl Transition sequence (realising a function)
Function :
• Enabled in each start configuration
• Terminates in one of the end configuartions si {v}i sk {v}k
Fnctl
…
S/V/Fnct-Automaton
„Coloured“ State
Transition Sequence
Variable
valuation
Translates to
test case
Genericity
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 23
• One instance of the state machine logic for each connecting track
• ESTW-ZEe: „own“ interlocking
• ESTW-ZEn: neighbouring interlocking
One (of three) main „application variants“:
One track and its different views (properties)
Interlocking may send a train out
on the track (operator indication)
Typical Track Layouts (for Testing)
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 24
Track Elements
Track Elements
Test Architecture Components (5/6)
Test Cases
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 25
Test Case
• Track layout:
• Precondition
• Both interlockings in some specific states
• Transition sequence
• Possibly: exit conditions
• Postcondition
Test Architecture Components (6/6)
Test Sequences
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 26
Test
Sequences
• Sequence of test cases
• Need full interconnection track layout
• Mapping test cases to specific tracks
• „application variant“ to „real track“
• Needs instanitation mechanism
• Currently manual process
• Robust sequence
• Emergency repair sequence when test case
fails
• Do not want to restart system too often
Testcase Formalisation (Excel Syntax)
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 27
• One example of an external representation format
Concept Evaluation
> Conformance of Partial Interfaces > Hardi Hungar > 06 March 2013 DLR.de • Chart 28
1. Observation Gap
1. ?: external ↔ internal
2. !: Manufacturer responsibility
2. Interface Interrelation Gap
1. !?: ∑ interfaces ≠ full system
2. ?: Specification evolution
3. Genericity Coverage
1. ?: Formal mapping tracks to full layouts
2. ?: All cases covered
4. Specification Coverage
1. !?: Currently: Transition coverage (arrows ≈ program branches)
2. ?: Coverage of compound transitions
3. ?: Feature interaction