1 Introduction
-
We propose a microservice-based framework that allows for executing test cases at different test levels (SiL, HiL and Operation), and which is integrated with a DevOps ecosystem for CPSs.
-
We instantiate the approach in a real industrial case study encompassing the dispatching algorithm of elevators, provided by Orona, one of the largest elevator companies in Europe.
-
We carry out an evaluation (both qualitative and quantitative) of the adoption of the approach by our industrial partner.
2 Problem analysis
2.1 Problem
2.2 Causes
2.3 Consequences
3 Related work
4 Case study
4.1 The system
4.2 Development and operation methodology
5 Verification and validation test benches for CPS
-
ValidationPlan: The validation is usually the document that contains the planning for the validation system. The main element is ValidationPlan for this reason.
-
ValidationPlan_Id: each ValidationPlan contains a unique identifier.
-
TestCases: The UTP2 document defines a Test Case as a procedure that includes a set of preconditions, inputs and expected results, developed to drive the examination of a test item with respect to some test objectives. In the JSON, each test case contains this information. The validation might contain more than one Test Case.
-
TestCase_Id: a unique identifier identifies every single test case.
-
TestCase_Priority: each test case has a different priority, and this must be included in the JSON.
-
TestCase_TestLevel: there are different levels in each test case (HiL, SiL in our case)
-
SUT: It provides information about the version of the system that is being tested.
-
Version_Id: a unique identifier identifies every single SUT.
-
Configuration_Id: every single SUT contains a document that provides information about the initial configuration.
-
TestArtifacts: is defined as an object produced or modified during the execution of a process. It is composed of different test inputs.
-
TestDesingInput_Id: each Test Input contains a unique identifier that provides information about the name of the document that will be used with the input values.
-
TestDesingInput_Type: each test input file could be in a file with different formats. This value provides information about the format of the document.
-
Oracles: is a mechanism, different from the program itself, that can be used to verify the correct functionality of a system. We may have more than one oracle.
-
Oracle_Id: a unique identifier identifies every single oracle.
-
Oracle_Type: the multi-level testing framework allows for three types of oracles: Assertion, Metamorphic and Machine Learning-based test oracles. However, only Assertion and Machine Learning-based oracles are applicable to run-time.
-
Oracle_Criticity: the aim of this field is to inform the importance of the test failure. If the test is important, the criticity will be high. As a consequence, if one test fails, we will consider that the test has not passed.
-
Oracle_Inputs: it contains the information about the input values needed to execute the oracle.
-
Oracle_Verdict: it informs about the final decision about the test, if it fails or passes.
6 Validation orchestrator
6.1 Architecture
-
Default Aggregation: The default aggregation strategy consists in marking the global verdict as passed when all the aggregated verdicts have passed. Any failed verdict would make the aggregated verdict to fail.
-
Percentage Aggregation: Marks the aggregated verdict as passed if a certain percentage of the aggregated verdicts have passed.
-
Criticity Aggregation: Marks the aggregated verdict as passed if all the critical oracles have passed.
6.2 Deployment
6.3 Test execution workflow
6.3.1 Parsing of the input validation plan
6.3.2 Obtaining additional configuration from external data sources
6.3.3 Agent configuration and plan execution
6.3.4 Verdict arrival, aggregation and publication
7 Validation agent
7.1 Architecture
7.2 Deployment
7.3 Execution flow
7.3.1 Reception of validation plan
7.3.2 Child component configuration
7.3.3 Validation plan execution
7.3.4 Verdict arrivals and aggregation
7.3.5 Submission of verdicts
8 Instantiation of the agile test execution framework on the elevation case study
8.1 Introduction
8.2 Architecture
8.2.1 REST and MQTT API endpoints
8.2.2 Internal architecture
8.3 Execution flow
8.3.1 Subtool execution
8.3.2 Status reporting
8.4 Application to the elevation use-case
8.4.1 Elevate external tool
8.4.2 Execution of the tool in validation example
9 Evaluation
-
RQ1: Has the time needed to execute and evaluate the tests been reduced?
-
RQ2: Has the economic cost needed to execute and evaluate the test been reduced?
Steps | Manual | Validation workflow | Difference |
---|---|---|---|
Step 1 | Manual test configuration and manual input creation | Manual test configuration and manual input creation | There are no differences |
Step 2 | Manual test definition | Automatic test definition | In this step, tests that will be executed are created. In both cases, the configuration of the tests that will be executed and their input values are selected besides, the algorithm that will execute the tests. The difference is that previously this was executed manually and now automatically. Moreover, the automatic test definition includes the oracle configuration and the validation strategy |
Step 3 | Manual Elevate execution | Automatic Elevate execution | The automatic mode executes Elevate automatically instead of manually |
Step 4 | Manual result evaluation | Automatic result evaluation | Previously, all results were analyzed one by one by a person comparing the obtained results with the expected results saved in a table. The automatic process checks these results automatically thanks to oracles |
9.1 Comparison with manual test system generation
9.1.1 Step 1: Test configuration and input creation
9.1.2 Step 2: Test definition
9.1.3 Step 3: Elevate execution
9.1.4 Step 4: Checking multi-level testing results
9.1.5 Overall test system generation time
-
T_MAN: the total time needed in the manual process.
-
T_VF: the total time needed in the automatic process.
-
T_MConf: the manual configuration of all the tests.
-
T_MInp: the manual creation of all the inputs.
-
T_CTest: the configuration of the tests that will be executed.
-
T_ITest: the definition of the inputs for the tests that will be executed.
-
T_SUT: the selection of a file with which the algorithm that Elevate will use to run the tests.
-
T_COra: the configuration of the oracles.
-
T_VStrat: the validation strategy that will be used for the executed tests.
-
T_EleM: the manual execution of Elevate.
-
T_EleA: the automatic execution of Elevate.
-
T_MRes: the check of the evaluation results manually one by one.
-
T_ARes: the check of the evaluation results automatically.
9.2 RQ1: Has the time needed to execute and evaluate the tests been reduced?
9.3 RQ2: Has the economic cost needed to execute and evaluate the test been reduced?
-
r is the number of machines
-
Nred is the number of reduced jobs in the implementation of an industrial machine;
-
Nadd is the number of additional jobs that occur when implementing an industrial machine;
-
Sred is the salary of one reduced person;
-
Tred is taxes on the salary of one reduced person;
-
Sadd is the salary of one additional job created during the implementation of an industrial machine;
-
Tadd is taxes on the salary of one additional job created during the implementation of an industrial machine.