A Formal Approach to System Integration Testing

System integration testing is the process of testing a system by the stepwise integration of sub-components. Usually these sub-components are already verified to guarantee their correct functional behavior. By integration of these verified subcomponents into the overall system, emergent behavior may occur, i.e. behavior that evolves by the assembling of the subcomponents. For system integration testing, both, the correct functional behavior of the overall system, and, the proper functioning of the sub-components in their system environment, have to be verified. In this work we present the idea of an approach for system integration testing based on formal verification. The system components are modeled in SystemC. In a first step these components are formally verified. Then a model of the overall system is built. In a second step this system model is formally verified. The novelty of this approach is given by two aspects: First, up to now the available verification frameworks for SystemC-models are more a proof of concept than really applicable to real industrial case studies. Secondly, although formal verification techniques are a common technique for the verification of software and hardware, by now they have only marginally considered for system integration testing. I. SYSTEM INTEGRATION TESTING Testing (as part of the verification and validation of a system) is the process of checking whether the system under test behaves as defined by the specification. System integration testing is the process of testing the overall system by integrating sub-components. These sub-components have already been tested and verified before as self-contained systems. By integrating or assembling sub-components the overall system may show emergent behavior that evolves from the combination of the sub-systems. Consider following example: Component A represents a hardware architecture (ECU...electronic control unit) and was sufficiently verified in the hardware testing. The specification for the chip describes its functional behavior and the way how to use this hardware component. Component B is a software component. This component was developed and tested in a hardware-independent environment (e.g. SIL...software in the loop, i.e. running as a simulation on a PC). All the defined requirements of the software are verified. For integration testing the software is executed on the target-hardware architecture. Emergent effects are, for instance, that the proper functioning of the software depends on the memory management of the hardware (the chip). Conflicts in the management of hardware resources (e.g. memory) may cause failures in the software, although the software by itself is correctly implemented. This work has been partially funded by the ARTEMIS Joint Undertaking and the National Funding Agency of Austria for the project VeTeSS under the funding ID ARTEMIS-2011-1-295311. SystemC [1] is a de-facto industry standard for modeling systems at system level, and can be used to model software and hardware aspects in a single language. SystemC is an addon library to C++ and provides constructs similar to Hardware Description Language (HDL) languages and a scheduler. Such models can be compiled to native machine code for most of the existing hardware architectures, thus allowing fast and accurate simulation of the system. Although simulation is a proper method for detecting many bugs in a system, it cannot be used to verify whether a property of a system holds for every possible system state or not. Formal verification techniques can be used to guarantee the validity of a property for all possible system states.