How to do MCDC for conditions that depend on each other?

I run into a problem when doing MCDC for the expression below:

(t_Active_b == FALSE)
   (t_State_ub != HOLD) && 
   (t_State_ub != RELEASE) &&
   (t_State_ub != CAPTURE) 
t_signal_ub == FAILED

From the expression, I have 5 conditions in total

[ A && (B && C && D) || E ]

As MCDC requires: "a change in one condition results a change in output",

which means if A changes (t_Active_b has the value TRUE and then FALSE) and other conditions have to keep its state then the output changes (from TRUE to FALSE)

How can I design the test cases for condition B, C, and D?

By the way, do you know any commercial or free tool that can generate MCDC test cases?

In my opinion you can consider ( B, C , D) as a big condition named for example BC and do MCDC for the expression (A && BC || E)

For Another approach, you can take a look at this article

Masking MC/DC? What's all that about then?, In this blog post, I briefly describe how masking MC/DC is different. enough tests to demonstrate that each individual condition can independently affect the outcome. This relies on all of the conditions being independent. However, if condition B is TRUE (or value 1), the R outcome of the decision depends entirely on the outcome of A. In other words: A AND 1 = A This last is exactly what should be achieved with MCDC: If condition A should determine the outcome of the decision (in this 'AND combination'), then the other condition should be set at value 1.

[PDF] A Practical Tutorial Decision Coverage on Modified Condition/, MC/DC. wITH SHORT CIRCUIT LOGIC . DO-178B. Specific references to DO-​178B and other supporting materials are cited throughout. Also included throughout should show that test cases exist for each software requirement, and that the test cases scheme may depend on the number of conditions in the decision. For example, the Combinatorial Logic block can receive decision coverage and condition coverage, but not MCDC coverage. To achieve 100% MCDC coverage for your model, as defined by the DO-178C/DO-331 standard, in the Coverage pane of the Configuration Parameters, select Modified Condition/Decision Coverage (MCDC) as the Structural coverage level.

The original definition of MCDC (Modified Condition Decision Coverage) did not consider several cases. One of them is a reason for your problem. You have "coupled conditions". That means, the same condition is used more than once. There are strong and weak coupled conditions. As an example: In the boolean expression: "ab+ac" the variable "a" is existing in 2 product terms. As per the original definition, it is not possible to find a test pair that would fulfill unique cause MCDC.

This lead to many problems and basically to a new definition for 3 forms of MCDC

  1. Unique Cause (as per the original definition)
  2. Unique Cause + Masking
  3. Masking

What is Masking?

Masking takes the property of the boolean Annihilator into account. Meaning "A and FALSE" --> FALSE and "A or TRUE" --> TRUE.

So, if a boolean expression is evaluated and it is clear already and early that a subterm cannot contribute to a result, then there is no need to evaluate that. The subterm is masked. It does not matter.

The same mechanism is, by the way, also used for boolean short cut evaluation.

With that relaxation you can find more test pairs for an influencing variable. NASA and FAA will accept also these additional forms of MCDC.

If we use Masking for the influencing variable, then we call the test-pair-MCDC-property "Unique Cause + Masking". If we allow all masked variables to change, then we call test-pair-MCDC-property "Masking".

For the above example "ab+ac" you can find the following test pairs:

Influencing Condition: 'a'  Pair:  1,  5   Unique Cause + Masking
Influencing Condition: 'a'  Pair:  2,  6   Unique Cause + Masking
Influencing Condition: 'a'  Pair:  3,  5   Masking
Influencing Condition: 'a'  Pair:  3,  6   Masking
Influencing Condition: 'b'  Pair:  4,  6   Unique Cause
Influencing Condition: 'c'  Pair:  4,  5   Unique Cause

(5 is e.g. the decimal equivalent of the setting of variable abc, in this case 101).

Applying the set cover problem would lead to 3 possible test sets

-------- Coverage set 1 ----------------------------------------------------

Test Pair for Condition 'a':    1   5   (Unique Cause + Masking)
Test Pair for Condition 'b':    4   6   (Unique Cause)
Test Pair for Condition 'c':    4   5   (Unique Cause)

Resulting Test Vector: 1 4 5 6

-------- Coverage set 2 ----------------------------------------------------

Test Pair for Condition 'a':    2   6   (Unique Cause + Masking)
Test Pair for Condition 'b':    4   6   (Unique Cause)
Test Pair for Condition 'c':    4   5   (Unique Cause)

Resulting Test Vector: 2 4 5 6

-------- Coverage set 3 ----------------------------------------------------

Test Pair for Condition 'a':    1   5   (Unique Cause + Masking)
Test Pair for Condition 'b':    4   6   (Unique Cause)
Test Pair for Condition 'c':    4   5   (Unique Cause)

Resulting Test Vector: 1 4 5 6

And a final result of:

Testvector: Recommended Result: 1 4 5 6

1:  a=0  b=0  c=1    (0)
4:  a=1  b=0  c=0    (0)
5:  a=1  b=0  c=1    (1)
6:  a=1  b=1  c=0    (1)

Please note:

It is important to understand that you need to look on boolean expressions with a WhiteBox view. MCDC is a structural coverage metrick and hence you need to know the source code. Anyway. In a lot of videos and explanations people start explaining MCDC from a truth table (BlackBox). This will never work for masking or for more complex expressions. In the above example you would not find the 3 and 5 to be a valid MCDC test pair. This can be found only with a WhiteBox approach.

I deeply anaylzed the problem and published a tool to see test cases

GitHub: MCDC

Please contact me, if you need support with that.

Modified condition/decision coverage, Modified Condition Decision Coverage (MCDC), Software fault injection, Software Probability of Error Detection—Unique-Cause + Masking (Context Dependent). 48. 39 c. all other conditions either do not change value or are masked. Modified Condition / Decision Coverage. Standard coverage criterion for Boolean predicates or decision logic consisting of multiple basic conditions. Consider using it in conjunction with the general code-coverage tag.

[PDF] MCDC - William J. Hughes Technical Center, Modified condition/decision coverage (MCDC) is the coverage type that The meaning of MCDC can be explained as follows: owing to the fact that condition A is FALSE; The same goes for all other conditions in the decision point. However, if condition B is TRUE (or value 1), the R outcome of the decision depends  Modified condition/decision coverage is a structural coverage criterion requiring that each condition within a decision is shown by execution to independently and correctly affect the outcome of the decision. This criterion was developed to help meet the need for extensive testing of complex Boolean expressions in safety-critical applications.

Modified Condition/Decision Coverage, Modified Condition Decision Coverage (MCDC), Software This document is available to the Probability of Error Detection-Unique-Cause + Masking (​Context Dependent) c. all other conditions either do not change value or are masked. The Modified Condition Decision Coverage (MCDC) test criterion is a mandatory requirement for the testing of avionics software as per the DO-178B standard. This paper presents a formal analysis

[PDF] MCDC, of MCDC as all conditions are not required so as to see the independent Levelling module can not cover most of the conditions if conditions are control dependent differs from And & Or gate as there are different sets of test cases satisfying  Now it depends on the nature of each condition how many test cases you need to cover this condition "perfectly". In the case of a simple bit test, each branch would require a single test.

  • Indeed, this makes sense. You then do need a 4th state like RUNNING in my answer, to be able to make your BigCondition false.
  • The link is to digitalobjectivo is broken :-(