Supporting structure-based test design using model checking

Nuclear domain safety systems are commonly designed using function block diagrams that are automatically translated into software code. These safety systems need to be rigorously verified. One of the verification techniques required by standards and nuclear regulators is structure-based testing. Structure-based testing of automatically generated code is not effective in detecting defects in function block diagrams. Hence, several approaches for structurebased testing on the level of the function block diagrams have recently emerged. We have defined three structure-based test criteria for function block diagrams, and developed an automatic technique for designing test cases according to these criteria that uses model checking to generate the test cases. Unlike other similar test criteria, the developed criteria especially focus on the time-dependent aspects of the test requirements. We have tested our technique on fictitious function block diagrams, and a set of vendor-specific real-world industrial function block diagrams. The fault detection capability of the method is analysed using mutation analysis. The results suggest that the developed technique is scalable to most nuclear domain safety systems. The average fault detection capability of the generated tests ranged from 90 % to 95 % in our experiments.