A Strategy for Automatic Quality Signing and Verification Processes for Hardware and Software Testing

We propose a novel strategy to optimize the test suite required for testing both hardware and software in a production line. Here, the strategy is based on two processes: Quality Signing Process and Quality Verification Process, respectively. Unlike earlier work, the proposed strategy is based on integration of black box and white box techniques in order to derive an optimum test suite during the Quality Signing Process. In this case, the generated optimal test suite significantly improves the Quality Verification Process. Considering both processes, the novelty of the proposed strategy is the fact that the optimization and reduction of test suite is performed by selecting only mutant killing test cases from cumulating t-way test cases. As such, the proposed strategy can potentially enhance the quality of product with minimal cost in terms of overall resource usage and time execution. As a case study, this paper describes the step-by-step application of the strategy for testing a 4-bit Magnitude Comparator Integrated Circuits in a production line. Comparatively, our result demonstrates that the proposed strategy outperforms the traditional block partitioning strategy with the mutant score of 100% to 90%, respectively, with the same number of test cases.


Introduction
In order to ensure acceptable quality and reliability of any embedded engineering products, many inputs parameters as well as software/hardware configurations need to be tested against for conformance.If the input combinations are large, exhaustive testing is next to impossible due to combinatorial explosion problem.
As illustration, consider the following small-scale product, a 4-bit Magnitude Comparator IC.Here, the Magnitude Comparator IC consists of 8 bits for inputs and 3 bits for outputs.It is clear that each IC requires 256 test cases for exhaustive testing.Assuming that each test case takes one second to run and be observed, the testing time for each IC is 256 seconds.If there is a need to test one million chips, the testing process will take more than 8 years using a single line of test.Now, let us assume that we received an order of delivery for one million qualified (i.e., tested) chips within two weeks.As an option, we can do parallel testing.However, parallel testing can be expensive due to the need for 212 testing lines.Now, what if there are simultaneous multiple orders?Here, as the product demand grows in numbers, parallel testing can also become impossible.Systematic random testing could also be another option.In random testing, test cases are chosen randomly from some input distribution (such as a uniform distribution) without exploiting information from the specification or previously chosen test cases.More recent results have favored partition testing over random testing in many practical cases.In all cases, random testing is found to be less effective than the investigated partition testing methods [1].
A systematic solution to this problem is based on Combinatorial Interaction Testing (CIT) strategy.The CIT approach can systematically reduce the number of test cases by selecting a subset from exhaustive testing combination based on the strength of parameter interaction coverage (t) [2].To illustrate the CIT approach, consider the web-based system example (see Table 1) [3].
Considering full strength interaction t = 4 (i.e., interaction of all parameters) for testing yields exhaustive combinations of 3 4 = 81 possibilities.Relaxing the interaction strength to t = 3 yields 27 test cases, a saving of nearly 67 percent.Here, all the 3-way interaction elements are all covered by at least one test.If the interaction is relaxed further to t = 2, then the number of combination possibilities is reduced even further to merely 9 test cases, a saving of over 90 percent.
Being predominantly black box, CIT strategy is often criticized for not being efficiently effective for highly interacting parameter coverage.Here, the selected test cases sometimes give poor coverage due to the wrong selection of parameter strength.In order to address this issue, we propose to integrate the CIT strategy with that of fault injection strategy.With such integration, we hope to effectively measure the effectiveness of the test suite with the selection of any particular parameter strength.Here, the optimal test case can be selected as the candidate of the test suite only if it can help detect the occurrence of the injected fault.In this manner, the desired test suite is the most optimum for evaluating the System Under Test (SUT).
The rest of this paper is organized as follows.Section 2 presents related work on the state of the art of the applications of t-way testing and fault injection tools.Section 3 presents the proposed minimization strategy.Section 4 gives a step-by-step example as prove of concept involving the 4-bit Magnitude Comparator.Section 5 demonstrates the comparison with our proposed strategy and the traditional block partitioning strategy.Finally, Section 6 describes our conclusion and suggestion for future work.

Related Work
Mandl was the first researcher who used pairwise coverage in the software industry.In his work, Mandl adopts orthogonal Latin square for testing an Ada compiler [11].Berling and Runeson use interaction testing to identify real and false targets in target identification system [12].Lazic and Velasevic employed interaction testing on modeling and simulation for automated target-tracking radar system [13].White has also applied the technique to test graphical user interfaces (GUIs) [14].Other applications of interaction testing include regression testing through the graphical user interface [15] and fault localization [16,17].While earlier work has indicated that pairwise testing (i.e., based on 2-way interaction of variables) can be effective to detect most faults in a typical software system, a counter argument suggests such conclusion infeasible to generalize to all software system faults.For example, a test set that covers all possible pairs of variable values can typically detect 50% to 75% of the faults in a program [18][19][20].In other works it is found that 100% of faults are detectable by a relatively low degree of interaction, typically 4-way combinations [21][22][23].
More recently, a study by The National Institute of Standards and Technology (NIST) for error-detection rates in four application domains included medical devices, a Web browser, an HTTP server, and a NASA-distributed database reported that 95% of the actual faults on the test software involve 4-way interaction [24,25].In fact, according to the recommendation from NIST, almost all of the faults detected with 6-way interaction.Thus, as this example illustrates, system faults caused by variable interactions may also span more than two parameters, up to 6-way interaction for moderate systems.
All the aforementioned related work in CIT applications highlighted the potential of adopting the CIT strategies for both software/hardware testing.While the CIT strategies can significantly partition the exhaustive test space into manageable manner, additional reduction can still be possible particularly by systematically examining the effectiveness of each test case in the test suite, that is, by exploiting fault injection techniques.
The use of fault injection techniques for software and hardware testing is not new.Tang and Chen [26], Boroday [27], and Chandra et al. [28] study circuit testing in hardware environment, proposing test coverage that includes each 2 t of the input settings for each subset of t inputs.Seroussi and Bshouty [29] give a comprehensive treatment for circuit testing.Dumer [30] examines the related question of isolating memory faults and uses binary covering arrays.Finally, Ghosh and Kelly give a survey to include a number of studies and tools that have been reported in the area of failure mode identification [31].These studies help in the long-term improvement of the software development process as the recurrence of the same failures can be prevented.Failure modes can be specific to a system or be applicable to systems in general.They can be used in testing for fault tolerance, as realistic faults are needed to perform effective fault injection testing.Additionally, Ghosh and Kelly also describe a technique that injects faults in Java software by manipulating the bytecode level for third party software components used by the developers.

Proposed Strategy
The proposed strategy consists for two processes, namely, Test Quality Signing (TQS) process and Test Verification process (TV).Briefly, the TQS process deals with optimizing the selection of test suite for fault injection as well as performs the actual injection whilst the TV process analyzes for conformance (see Figure 1).
As implied earlier, the TQS process aims to derive an effective and optimum test suite and works as follows.
(1) Start with an empty Optimized Test Suite (OTS), and empty Signing Vector (SV).(2) Select the desired software class (for software testing).
Alternatively, build an equivalent software class for the Circuit Under Test (CUT) (for hardware testing).( 3) Store these faults in fault list (FL).(4) Inject the class with all possible faults.
(5) Let N be maximum number of parameters.
(7) Let CIT strategy partition the exhaustive test space.
The portioning involves generating one test case at a time for t coverage.If t coverage criteria are satisfied, then t = t + 1.
(10) If TC detects any fault in FL, remove the detected fault(s) from FL, and add TC and its specification output(s) to OTS and SV, respectively.
(11) If FL is not empty or t <= N, go to 7.
(12) The desired optimized test suite and its corresponding output(s) are stored in OTS and SV, respectively.
The TV process involves the verification of fault free for each unit.TV process for a single unit works as follows.
(1) for i = 1..Size(OTS) each TC in OTS do: (2) Report that the cut has been passing in the test.Go to 4.
(3) Report that the cut has failed the test.
As noted in the second step of the TQS process, the rationale for taking equivalent software class for the CUT is to ensure that the cost and control of the fault injection be more practical and manageable as opposed to performing it directly to a real hardware circuit.Furthermore, the derivation of OTS is faster in software than in hardware.Despite using equivalent class for the CUT, this verification process should work for both software and hardware systems.
In fact, it should be noted that the proposed strategy could also be applicable in the context of N-version programming (e.g., the assessment of student programs for the same assignment) and not just hardware production lines.The concept of N-version programming was introduced by Chen and Avizienis with the central conjecture that the "independence of programming efforts will greatly reduce the probability of identical software faults occurring in two or more versions of the program" [32,33].

Case Study
As proof of concept, we have adopted GMIPOG [10] as our CIT strategy implementation, and MuJava version 3 (described in [34,35]) as our fault injection strategy implementation.
Briefly, GMIPOG is a combinatorial test generator based on specified inputs and parameter interaction.Running on a Grid environment, GMIPOG adopts both the horizontal and vertical extension mechanism (i.e., similar to that of IPOG [6]) in order to derive the required test suite for a given interaction strength.While there are many useful combinatorial test generators in the literature (e.g., Jenny [3], TConfig [4], TVG [5], IPOG [6], IPOD [7], IPOF [8], DDA [9]), the rationale for choosing GMIPOG is the fact that it supports high degree of interaction and can be run in cumulative mode (i.e., support one-test-at-a-time approach with the capability to vary t automatically until the exhaustive testing is reached).
Complementary to GMIPOG, MuJava is a fault injection tool that permits mutated Java code (i.e., based on some defined operators) to be injected into the running Java program.Here, the reason for choosing MuJava stemmed from the fact that it is a public domain Java tool freely accessible for download in the internet [35].
Using both tools (i.e., GMIPOG and MuJava), a case study problem involving a 4-bit Magnitude Comparator IC will be discussed here in order to evaluate the proposed strategy.A 4-bit Magnitude Comparator consists of 8 inputs (two four bits inputs, namely, a0. ..a3, and b0. ..b3.where a0 and b0 are the most significant bits), 4 xnor gates (or equivalent to 4xor with 4 not gates), five not gates, five and gates, three or gates, and three outputs.The actual circuit realization of the Magnitude Comparator is given in Figure 2. Here, it should be noted that this version of the circuit is a variant realization (implementation) of the Magnitude Comparator found in [36].The equivalent class of the Magnitude Comparator is given in Figure 3 (using the Java-programming language).
Here, it is important to ensure that the software implementation obeys the hardware implementation strictly.By doing so, we can undertake the fault injection and produce the OTS in the software domain without affecting the logical of relation and parameter interactions of the hardware implementation.Now, we apply the TQS process; as illustrated in Section 3. Here, there are 80 faults injected in the system.To assist our work, we use GMIPOG [10] to produce the TC in a cumulative mode.Following the steps in TQS process, Table 2 demonstrates the derivation of OTS.Here, it should be noted that the first 36 test cases can remove all the faults.Furthermore, only the first 12 test cases when t = 4 are needed to catch that last two live mutants.The efficiency of integration GMIPOG with MuJava can be observed (by taken only the effective TC) in the last column in Table 2. Table 3 gives the desired OTS and SV, where T and F represent true and false, respectively.In this case, TQS process reduces the test size to nine test cases only, which significantly improves the TV process.
To illustrate how the verification process is done (see Figure 2), assume that the second output (i.e., A = B) is out-of-order (i.e., malfunction).Suppose that A = B output is always on (i.e., short circuit to "VCC").This fault cannot be detected as either TC1 or TC2 (according to Table 2).Nevertheless, when TC3, the output vector ("VV") of faulty IC, is FTT, and the SV is FFT, the TV process can straightforwardly detects that the IC is malfunctioning (i.e., cut fails).
To consider the effectiveness of the proposed strategy in the production line, we return to our illustrative example given in Section 1.Here, the reduction of exhaustive test from 256 test cases to merely nine test cases is significantly important.In this case, the TV process requires only 9 seconds instead of 256 seconds for considering all tests.Now, using one testing line and adopting our strategy for two  weeks can test (14X24X60X60/9 = 134400) chips.Hence, to deliver one millions tested ICs' during these two weeks, our strategy requires eight parallel testing lines instead of 212 testing lines (if the test depends on exhaustive testing strategy).Now, if we consider the saving efforts factor as the size of exhaustive test suite minus optimized test suite to the size of exhaustive test suite, we would obtain the saving efforts factor of 256 − 9/256 = 96.48%.

Comparison
In this section, we demonstrate the possible test reduction using block partitioning approach [1,37] for comparison purposes.Here, the partitions could be two 4-bit numbers, with block values =0, 0 < x < 15, =15 and 9 test cases would give all combination coverage.In this case, we have chosen x = 7 as a representative value.Additionally, we have also run a series of 9 tests where x is chosen at random between 0 and 15.The results of the generated test cases and their corresponding cumulative faults detected are tabulated in Tables 4 and 5, respectively.
Referring to Tables 4 and 5, we observe that block partitioning techniques have achieved the mutant score of 90%.For comparative purposes, it should be noted that our proposed strategy achieved a mutant score of 100% with the same number of test cases.

Conclusion
In this paper, we present a novel strategy for automatic quality signing and verification technique for both hardware and software testing.Our case study in hardware production line demonstrated that the proposed strategy could improve the saving efforts factor significantly.In fact, we also demonstrate that our proposed strategy outperforms the traditional block partitioning strategy in terms of achieving better mutant score with the same number of test cases.As such, we can also potentially predict benefits in terms of the time and cost saving if the strategy is applied as part of software testing endeavor.
Despite giving a good result (i.e., as demonstrated in earlier sections), we foresee a number of difficulties as far as adopting mutation testing is concerned.In general, mutation testing does not scale well.Applying mutation testing in large programs can result in very large numbers of mutations making it difficult to find a good test suite to kill all the mutants.We are addressing this issue as part of our future work by dealing with variable strength interaction testing.
Finally, we also plan to investigate the application of our proposed strategy for computer-aided software application and hardware design tool.

Figure 1 :
Figure 1: The quality signing and verification processes.

( a )
Subject the SUT to TC[i], store the output in Verification Vector VV[i].(b) If VV[i] = SV [i], continue.Else, go to 3.

Figure 3 :
Figure 3: Equivalent class Java program for the 4-bit magnitude comparator.

Table 1 :
Web-based system example.

Table 2 :
Derivation of OTS for the 4-bit Magnitude Comparator.

Table 3 :
OTS and SV for the 4-bit Magnitude Comparator.

Table 5 :
Cumulative faults detected when x is randomly selective.
public class Comparator { //Comparator takes two four bits numbers (A&B), where A = a0a1a2a3 //B=b0b1b2b3.Here, a0 and b0 are the most significant bits.//The function returns an output string that s //g1, g2, and g3 represent the logical outputs of A > B, A = B, and A < B respectively.//the code symbols (!, ∧, |, and &) //represent the logical operator for Not, Xor, Or, and And respectively.