Structural Test Coverage Criteria for Integration Testing of LUSTRE/SCADE Programs

Virginia Papailiopoulou, Ajitha Rajan, Ioannis Parissis

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Lustre is a formal synchronous declarative language widely used for modeling and specifying safety-critical applications in the fields of avionics, transportation, and energy production. In such applications, the testing activity to ensure correctness of the system plays a crucial role in the development process. To enable adequacy measurement of test cases over applications specified in Lustre (or SCADE), a hierarchy of structural coverage criteria for Lustre programs has been recently defined. A drawback with the current definition of the criteria is that they can only be applied for unit testing, i.e., to single modules without calls to other modules. The criteria experiences scalability issues when used over large systems with several modules and calls between modules. We propose an extension to the criteria definition to address this scalability issue. We formally define the extension by introducing an operator to abstract calls to other modules. This extension allows coverage metrics to be applied to industrial-sized software without an exponential blowup in the number of activation conditions. We conduct a preliminary evaluation of the extended criteria using an Alarm Management System.
Original languageEnglish
Title of host publicationFormal Methods for Industrial Critical Systems
EditorsGwen Salaün, Bernhard Schätz
PublisherSpringer-Verlag GmbH
Number of pages17
ISBN (Electronic)978-3-642-24431-5
ISBN (Print)978-3-642-24430-8
Publication statusPublished - 2011

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Berlin / Heidelberg
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Dive into the research topics of 'Structural Test Coverage Criteria for Integration Testing of LUSTRE/SCADE Programs'. Together they form a unique fingerprint.

Cite this