系统芯片的边界扫描测试与调试方法研究

针对系统芯片的多内核结构违反边界扫描标准而导致不可测试的问题,IEEE 1149.7标准提出了多片上TAPC结构的测试与调试方法;以该标准为依据,利用QuartusⅡ软件设计在测试与调试系统中具有关键作用的边界扫描测试控制器;重点阐明了多内核系统芯片的调试原理与调试流程、控制器的结构与作用等;仿真结果表明控制器能够产生符合标准的调试信号,具有良好的可行性与有效性,对系统的构建具有积极的意义。     

Overview of Debug Standardization Activities

The semiconductor industry is disaggregated, with a complex web of suppliers and consumers. Standards help to facilitate and simplify the debug process. This article provides an overview of current standardization activity. One area in need of such standardization is that of on-chip debug processes and instruments. The debug area particularly exhibits limited commonality between different IP providers in terms of interfaces and methods for complex SoCs. The problem becomes even greater with more SoC integrators using diverse IP from different vendors, requiring an increasing range of debug, analysis, and optimization capabilities. This article describes the goals and ongoing activities of five debug standardization bodies: the Nexus 5001, MIPI (Mobile Industry Processor Interface) Test and Debug, IEEE PI149.7, IEEE P1687, and OCP-IP (Open Core Protocol International Partnership) Debug working groups.     

Mathematical modeling of software reliability testing with imperfect debugging

Software reliability testing is concerned with the quantitative relationship between software testing and software reliability. Our previous work develops a mathematically rigorous modeling framework for software reliability testing. However the modeling framework is confined to the case of perfect debugging, where detected defects are removed without introducing new defects. In this paper the modeling framework is extended to the case of imperfect debugging and two models are proposed. In the first model it is assumed that debugging is imperfect and may make the number of remaining defects reduce by one, remain intact, or increase by one. In the second model it is assumed that when the number of remaining defects reaches the upper bound, the probability that the number of remaining defects is increased by one by debugging is zero. The expected behaviors of the cumulative number of observed failures and the number of remaining defects in the first model show that the software testing process may induce a linear or nonlinear dynamic system, depending on the relationship between the probability of debugging introducing a new defect and that of debugging removing a detected defect. The second-order behaviors of the first model also show that in the case of imperfect debugging, although there may be unbiased estimator for the initial number of defects remaining in the software under test, the cumulative number of observed failures and the current number of remaining defects are not sufficient for precisely estimating the initial number of remaining defects. This is because the variance of the unbiased estimator approaches a non-zero constant as the software testing process proceeds. This may be treated as an intrinsic principle of uncertainty for software testing. The expected behaviors of the cumulative number of observed failures and the number of remaining defects in the second model show that the software testing process may induce a nonlinear dynamic system. However theoretical analysis and simulation results show that, if defects are more often removed from than introduced into the software under test, the expected behaviors of the two models tend to coincide with each other as the upper bound of the number of remaining defects approaches infinity.     

基于VS2008的制动系统试验台调试程序开发

首先介绍了制动系统试验台的硬件设计,在此基础上进行了试验台调试程序的设计,并重点讲述了指示灯界面及与PLC通信的实现。在调试程序完成后,通过串口调试助手验证了调试程序的正确性和可行性。     

Probable correctness theory

A theory of ‘probable correctness’ is proposed to assess the reliability of software through testing. Current research in testing is not adequate for this assessment. Most testing methods are intended for debugging, to find failures and connect them to program faults for repair. When these methods no longer expose errors, no analysis has been done to find the confidence that may be placed in the software. (Preliminary results here are that this confidence should be low.) Other work applies conventional decision theory to inputs as samples of a program's use. The application is suspect because the necessary independence and distribution assumpions may be violated; in any case, the results are intuitively incorrect. The proposed theory relies on a uniform distribution of test samples, but relates these to textually occurring faults. Preliminary results include an analysis of partition testing, and suggestions for textual sampling. It is crucial that any such confidence theory be plausible, so the foundations of program sampling are examined in detail.     

An experimental study of adaptive testing for software reliability assessment

Adaptive testing is a new form of software testing that is based on the feedback and adaptive control principle and can be treated as the software testing counterpart of adaptive control. Our previous work has shown that adaptive testing can be formulated and guided in theory to minimize the variance of an unbiased software reliability estimator and to achieve optimal software reliability assessment. In this paper, we present an experimental study of adaptive testing for software reliability assessment, where the adaptive testing strategy, the random testing strategy and the operational profile based testing strategy were applied to the Space program in four experiments. The experimental results demonstrate that the adaptive testing strategy can really work in practice and may noticeably outperform the other two. Therefore, the adaptive testing strategy can serve as a preferable alternative to the random testing strategy and the operational profile based testing strategy if high confidence in the reliability estimates is required or the real-world operational profile of the software under test cannot be accurately identified.     

可信度理论与测试

软件的可靠性估计、程序结构及测试之间存在着重要的联合,针对一个程序及其输入值有限集,可以由测试来处理所精心定义的程序状态。但是,程序测试的基本理论仍不明了,其部分原因是测试的目标不明确,对测试或者测试方法的评价也没有统一的标准,测试不应该以纠错为最终目标,其最终目标应该是精度量被估测软件的可靠性。其于这个目标,需要提出蝗可信度理论,并以它为基础,明确应该使用什么样的测试方法及测试环境。目前可信度理     

Algebraic specifications and sequencing: A defect detection method

One class of program defects results from illegal sequences of otherwise legal operations in software implementations. Explicit statement of sequencing constraints, however, is not a common activity when specifying software even when using formal specification methods. This paper shows that constraints on program execution sequences can be derived directly from algebraic specifications. Results include heuristic methods for generating sequencing constraints and a generalization of these methods into automatable rules. The heuristics can be integrated into a specification methodology such as Larch. Engineers can use the generated sequencing constraints to detect sequencing defects in software even before dynamic testing begins. The method can be used to increase the reliability of software that is specified using algebraic methods.     

Code-based prioritization: a pre-testing effort to minimize post-release failures

Improving the efficiency of the testing process is a challenging goal. Prior work has shown that often a small number of errors account for the majority of software failures; and often, most errors are found in a small portion of a source code. We argue that prioritizing code elements before conducting testing can help testers focus their testing effort on the parts of the code most likely to expose errors. This can, in turn, promote more efficient testing of software. Keeping this in view, we propose a testing effort prioritization method to guide tester during software development life cycle. Our approach considers five factors of a component such as Influence value, Average execution time, Structural complexity, Severity and Value as inputs and produce the priority value of the component as an output. Once all components of a program have been prioritized, testing effort can be apportioned so that the components causing more frequent and/or more severe failures will be tested more thoroughly. Our proposed approach is effective in guiding testing effort as it is linked to external measure of defect severity and business value, internal measure of frequency and complexity. As a result, the failure rate is decreased and the chance of severe type of failures is also decreased in the operational environment. We have conducted experiments to compare our scheme with a related scheme. The results establish that our proposed approach that prioritizes the testing effort within the source code is able to minimize highly severed types of failures and also number of failures at the post-release time of a software system.     

Relational programs: An architecture for robust real-time safety-critical process-control systems

Software for safety-critical systems, such as avionic, medical, defense, and manufacturing systems, must be highly reliable since failures can have catastrophic consequences. While existing methods, such as formal techniques, testing, and fault-tolerant software, can significantly enhance software reliability, they have some limitations in achieving ultrahigh reliability requirements. Formal methods are not able to cope with specification faults, testing is not able to provide high assurance, and fault-tolerant software based on diverse designs is susceptible to common-mode failures. We present a new approach that starts with a decomposition of the system requirements into a conjunction of subtasks (goals and constraints). The system state space is then projected onto a restricted space that is specialized for a subtask. The control problem corresponding to each subtask is solved and validated in its restricted “view” of the system state space. To allow the programs for the individual subtasks to be easily composed together, the model for each subtask is relational rather than functional, i.e., it represents a set of control trajectories for each input rather than just one trajectory. The overall system is obtained by composing the models for the subtasks using well-defined set intersection and union operations. The relational approach has several significant advantages. With appropriate priority assignments, it provides strong guarantees that the safety-critical components are immune to defects in other components of the system. Also, the system reliability can be rigorously derived from the component reliabilities. This significantly reduces the validation effort since the number of states and transitions in the decomposition is a fraction of those in the overall system. The system can be composed from its components either statically or dynamically; the latter facilitates on-the-fly maintenance as well as incorporation of advanced adaptive and evolving control programs. The paper contains a detailed example to illustrate the relational approach. This revised version was published online in June 2006 with corrections to the Cover Date.     

基于Windows邮槽机制的程序调试模块

调试是软件实现的一大关键步骤，程序开发环境提供了多种调试工具，其中打印各类数据及状态信息是很重要的工具。本文采用Windows进程间通信的邮槽mailslot来实现状态信息的输出，以此实现的调试模块简单而且功能可扩展。     

Operational profiles in software-reliability engineering

A systematic approach to organizing the process of determining the operational profile for guiding software development is presented. The operational profile is a quantitative characterization of how a system will be used that shows how to increase productivity and reliability and speed development by allocating development resources to function on the basis of use. Using an operational profile to guide testing ensures that if testing is terminated and the software is shipped because of schedule constraints, the most-used operations will have received the most testing and the reliability level will be the maximum that is practically achievable for the given test time. For guiding regression testing, it efficiently allocates test cases in accordance with use, so the faults most likely to be found, of those introduced by changes, are the ones that have the most effect on reliability     

An Empirical Method for Selecting Software Reliability Growth Models

Estimating remaining defects (or failures) in software can help test managers make release decisions during testing. Several methods exist to estimate defect content, among them a variety of software reliability growth models (SRGMs). SRGMs have underlying assumptions that are often violated in practice, but empirical evidence has shown that many are quite robust despite these assumption violations. The problem is that, because of assumption violations, it is often difficult to know which models to apply in practice. We present an empirical method for selecting SRGMs to make release decisions. The method provides guidelines on how to select among the SRGMs to decide on the best model to use as failures are reported during the test phase. The method applies various SRGMs iteratively during system test. They are fitted to weekly cumulative failure data and used to estimate the expected remaining number of failures in software after release. If the SRGMs pass proposed criteria, they may then be used to make release decisions. The method is applied in a case study using defect reports from system testing of three releases of a large medical record system to determine how well it predicts the expected total number of failures.     

A mathematical modeling framework for software reliability testing†

Software reliability testing refers to various software testing activities that are driven to achieve a quantitative reliability goal given a priori or lead to a quantitative reliability assessment for the software under test. In this paper we develop a modeling framework for the software reliability testing process, comprising a simplifying model and a generalized model. In both models the software testing action selection process and the defect removal mechanism are explicitly described. Both the discrete-time domain and the continuous-time domain are involved. The generalized model is more accurate or realistic than the simplifying model since the former avoids the assumption that defects are equally detectable and the assumption that defects are removed upon being detected. However simulation examples show that the simplifying model really captures some of essential features of the software testing process after a short initial testing stage. The modeling framework is practically realistic, mathematically rigorous, and quantitatively precise. It demonstrates that the relationship between software testing and delivered software reliability, which was poor understood, can well be formulated and quantified. Rigorous examinations show that several common assumptions adopted in software reliability modeling, including the independence assumption, the exponentiality assumption, and the NHPP assumption, are theoretically false in general. This paper sets a good starting point to further formalize and quantify the software testing process and its relation to delivered software reliability.     

基于程序不变量计算软件可靠性

现有的计算软件可靠性的方法采用测试的输入/输出结果,但这些数据并不能真实地反映软件内部的真实行为,如测试中会出现假性正确的情况以及测试不能显示一个输入有多个错误的输出情况.试图通过程序不变量来计算软件的可靠性,程序不变量可以描述程序的性质.首先选取测试用例集,动态地获取程序不变量,再从这些不变量中提取失效数据,最后,基于Nelson模型计算软件的可靠性.作为实验,对西门子程序包计算软件的可靠性.采用随机、分支覆盖和分块覆盖这3种不同的测试方法得到程序不变量,据此计算程序的可靠性.为了检查结果的可行性,采用传统方法计算这些软件的可靠性.两种可靠性比较后显示:它们的差别很小,而且不依赖于对测试方法的选择.通过进一步的方差分析得知,用所提出的方法计算的可靠性比用现有的方法计算的可靠性具有更小的波动,即更平稳.因此,前者更接近系统的真实可靠性.结论说明,可用程序不变量来计算软件的可靠性.     

Experience and challenges with UML-driven performance engineering of a Distributed Real-Time System

ContextPerformance-related failures of Distributed and Real-Time Software Systems (DRTS’s) can be very costly, e.g., explosion of a nuclear reactor. We reported in a previous work a stress testing methodology to detect performance-related Real-Time (RT) faults in DRTS’s based on the design UML model of a System Under Test (SUT). The stress methodology aimed at increasing the chances of RT failures (violations in RT constraints).ObjectiveAfter stress testing a SUT and finding RT faults, an important immediate question is how to fix (debug) those RT faults and prevent the same RT violations in the future and after deployment. If appropriate solutions to this challenge cannot be found, stress testing and its findings (detection of RT faults) will be of no or little use to the quality assurance goals of the development team.MethodTo move towards systematically solving performance-related problems causing RT faults, we develop a customized version of the standard Software Performance Engineering process and conduct an experiment on a DRTS. The process is iteratively applied to a SUT, while results from stress testing reveal that there are still scenarios in which RT constraints are violated.ResultsApplication of the performance engineering paradigm in this context on a real DRTS enables systematic analysis of performance-related defects and their fixations.ConclusionThe contributions of this work are an initial approach to software performance engineering based on stress testing, and an analysis, based on experimentation, of the open issues that need to be addressed in order to improve the approach.     

一种嵌入式硬件辅助调试机制研究与实现

某自主指令架构系列芯片（简称为GCXP）主要使用基于扫描链重用的硬件调试机制,与主流商用嵌入式芯片产品相比,该硬件调制机制安全性较低且不具备用户交互、程序下载等功能,同时缺乏嵌入式调试软件生态,不利于嵌入式产品的推广与应用。参考ARM CoreSight、RISCV Debug SPEC及SiFive开源芯片Debug Module的实现细节,结合GCXP特权架构,提出一种软硬件协同的调试中断陷入机制。使用自主特权架构中的特权程序替代部分调试中断硬件逻辑,使得在调试模块设计时无需进行CPU协同修改以及操作系统软件接口和上位机调试软件的二次开发,从而避免CPU硬件逻辑修改后大量的验证工作,同时无缝兼容历史CPU IP。分析结果表明,该中断陷入机制与RISCV Debug SPEC协议能够实现良好的协同,可以与SiFive参考开源调试模块协同工作,支持主流交互式调试软件及硬件工具,且调试模块的代码及功能覆盖率都能达到100%,可以满足流片需求。     

基于多版本较准的软件可靠性评估

软件可靠性模型都要求测试时的操作剖面与实际运行时的操作剖面一致,但这往往很难达到,造成测试完成之后的可靠性预计与发布之后实际运行中达到的可靠性有较大差距.为了提高软件可靠性评估的准确性,提出了剖面差异性的概念,认为同一软件各个版本的测试操作剖面与实际操作剖面之间的差异性是相同的.在此前提下,提出了一个多版本校准方法,利用软件以前版本的剖面差异性来改进软件当前版本的可靠性评估.     

Dynamic Event Generation for Runtime Checking using the JDI

Approaches to runtime checking have to track the execution of a software system and therefore have to deal with generating and processing execution events. Often these techniques are applied at the code level – either by inserting new source code prior to the compilation or by modifying the target code, e.g. Java byte code, before running the program.The jassda [4,3] framework and tool enable runtime checking of Java programs against a CSP-like specification. For generating events it uses the Java Debug Interface (JDI) and thus no modifications to the code are necessary. Another advantage is that events are generated on demand, i.e. dynamically at runtime it is determined which events to generate for the current debug run without modifying the program itself. This paper shows how this event generation is done by the jassda framework.