[SystemSafety] MC/DC coverage assumptions
Ian Broster
ianb at rapitasystems.com
Wed Feb 28 16:10:34 CET 2018
> The algorithm they used for MC/DC assumes that a function containing
> a single branch (e.g., an if-statement with no else part) and
> the test involves a single condition (i.e., no AND or OR conditions),
> then 100% MC/DC coverage is assumed, even if 100% branch coverage is
> not obtained.
>
> Somebody please tell me that this is not an assumption made by
> commercial packages when calculating MC/DC coverage.
I can only comment for Rapita's RapiCover tool, but I have come across
various expectations and interpretations that might provide insight into
the issue.
We might interpret a single condition decision "if (a) {}" in two ways:
(a) there are no MC/DC obligations here (because there is one
condition and it's the same as branch coverage)
(b) there is an MC/DC obligation here (because there is a decision)
RapiCover uses option (b) by default, but some customers have expected
(a), perhaps from other tools.
Where option (a) is the expectation, you are arguing that MC/DC doesn't
apply. Therefore it would be wrong to then say that you have achieved
the MC/DC coverage of the decision (because you cannot claim to have
achieved something that doesn't apply). I suspect that this is the cause
of the odd numbers.
Although we believe that option (b) is the right choice, there are some
unexpected consequences. For example, you get an ambiguous situation
with assignments as follows:
if (a && b) {} /* this is MC/DC */
x = a && b; /* this is MC/DC */
if (x) {} /* this is MC/DC */
but:
if (a) {} /* this is MC/DC */
x=a; /* Is this MC/DC? RapiCover default is NOT MC/DC, but customer can
opt to treat as MC/DC */
if (x) {} /* this is MC/DC */
Ian
--
Dr Ian Broster
General Manager, Rapita Systems Ltd
Mob: +44 7963 469 090. Skype: ianb1469
More information about the systemsafety
mailing list