Highest functional safety conditions are taken into account in the avionics domain. Systems have to undergo a costly certification before they are released for operational use. Nevertheless, it cannot be excluded, that also in the operative use, additional observability is requested. The certified program code cannot be changed (e.g., by adding printf() monitor instructions, that help to observe an embedded system) without undergoing a renewed certification process.

With CEDARtools® we offer a unique patented technology to monitor embedded systems non-intrusively over an unlimited time frame. This makes the debugging process easier and more efficient without the need to modify the certified release code.

Structural Tests – Code Coverage

Pure White-box tests don’t guarantee intended system behavior and there is a desire to measure the structural coverage at higher test levels in the V-diagram, as this would allow to create tests based on functional requirements and measure the structural coverage that these tests achieve. This is typically the level at which the hardware and software are tested — the integration test. Only for this test level meaningful functional requirements can be formulated with reasonable effort. However, up to now it was difficult to determine the structural source code coverage with a reasonable effort at higher test levels. Usually, structural tests in the avionics domain are performed by using software instrumentation and were limited to module tests due to the resulting impact on runtime behavior.

With CEDARtools® a new method is available to run these tests (statement coverage, branch coverage, MC/DC) without software instrumentation directly on the release code, and thus also when performing integration tests and system tests.

Data and Control Flow Coupling

“Source Code complies with software architecture.” (DO-178C Table A-5 objective 2)

To ensure that the source code is consistent with the architecture and that the data and control flows in the architecture and code are consistent, it is necessary to analyze the data and control flow coupling.

In addition to the static analysis, the non-intrusive monitoring of the data and control flow coupling helps to prove the completeness of integration and system tests and thus comprehensively convince the reviewer of the quality of the delivered software, thereby supporting the certification process and increasing its efficiency.