2.4: SWE.4 Software Unit Verification
Process Definition
Purpose
SWE.4 Purpose: To verify the software units.
Outcomes
| Outcome | Description |
|---|---|
| O1 | Verification measures for software unit verification are specified |
| O2 | Software unit verification measures are selected according to the release scope |
| O3 | Software units are verified using the selected verification measures, and results are recorded |
| O4 | Consistency and bidirectional traceability are established between verification measures and software units |
| O5 | Results of the software unit verification are summarized and communicated to all affected parties |
Base Practices with AI Integration
| BP | Base Practice | AI Level | AI Application |
|---|---|---|---|
| BP1 | Specify software unit verification measures | L2 | Test case generation from design |
| BP2 | Select software unit verification measures | L1 | Measure selection, regression criteria |
| BP3 | Verify software units | L2-L3 | Automated test execution, static analysis |
| BP4 | Ensure consistency and establish bidirectional traceability | L2 | Trace generation, consistency checking |
| BP5 | Summarize and communicate results | L2 | Test report generation |
Unit Verification Framework
Verification Strategy
The following diagram categorizes the unit verification methods -- static analysis, dynamic testing, and formal review -- showing how each contributes to defect detection at the unit level.
AI-Assisted Test Generation
Test Generation Pipeline
The diagram below illustrates the AI-powered test generation pipeline, showing how source code and requirements feed into test case generation, followed by execution and coverage measurement.
Unit Test Specification
Test Case Template
---
ID: SWE-UT-103-001
Title: DoorLockControl_SetAllDoors Normal Lock
Type: Dynamic Test
Priority: Critical
Module: DoorLockControl
Function: DoorLockControl_SetAllDoors
Requirement: SWE-BCM-103
---
## Objective
Verify that DoorLockControl_SetAllDoors correctly commands all four
doors to lock state when given LOCK_CMD_LOCK command.
## Preconditions
- DoorLockControl_Init() called successfully
- All actuators available (mock returns E_OK)
- Timer service available
## Test Steps
| Step | Action | Expected Result |
|------|--------|-----------------|
| 1 | Call DoorLockControl_Init() | Returns E_OK |
| 2 | Call DoorLockControl_SetAllDoors(LOCK_CMD_LOCK) | Returns E_OK |
| 3 | Verify ActuatorService_SetOutput called 4 times | Called with FL, FR, RL, RR in sequence |
| 4 | Verify timing | Total execution < 10ms |
## Expected Results
- Function returns E_OK
- All four actuators commanded to ACTIVE state
- Sequence: DOOR_FL → DOOR_FR → DOOR_RL → DOOR_RR
## Coverage Contribution
- Statement coverage: Lines 72-98
- Branch coverage: Loop iteration branch
## Traceability
- Verifies: SWE-BCM-103
- Design: SWE-DD-BCM-103 Section 3.2
AI-Generated Unit Tests
Unity Test Framework Example
/**
* @file test_DoorLockControl.c
* @brief Unit tests for DoorLockControl module
* @trace SWE-UT-103-xxx
*
* @note AI-Generated, Human-Reviewed
* @framework Unity Test Framework
*/
#include "unity.h"
#include "DoorLockControl.h"
#include "mock_ActuatorService.h"
#include "mock_Timer.h"
#include "mock_Dem.h"
/*===========================================================================*/
/* TEST FIXTURES */
/*===========================================================================*/
void setUp(void)
{
/* Reset mocks before each test */
mock_ActuatorService_Init();
mock_Timer_Init();
mock_Dem_Init();
/* Default mock behavior: success */
ActuatorService_SetOutput_IgnoreAndReturn(E_OK);
Timer_GetCurrent_us_IgnoreAndReturn(0U);
}
void tearDown(void)
{
mock_ActuatorService_Verify();
mock_Timer_Verify();
mock_Dem_Verify();
}
/*===========================================================================*/
/* NORMAL FLOW TESTS */
/*===========================================================================*/
/**
* @test SWE-UT-103-001
* @brief Verify successful lock all doors operation
* @trace SWE-BCM-103
*/
void test_SetAllDoors_Lock_Success(void)
{
/* Arrange */
Std_ReturnType result;
/* Expect actuator calls in sequence: FL, FR, RL, RR */
ActuatorService_SetOutput_ExpectAndReturn(
ACTUATOR_ID_DOOR_FL, ACTUATOR_STATE_ACTIVE, E_OK);
ActuatorService_SetOutput_ExpectAndReturn(
ACTUATOR_ID_DOOR_FR, ACTUATOR_STATE_ACTIVE, E_OK);
ActuatorService_SetOutput_ExpectAndReturn(
ACTUATOR_ID_DOOR_RL, ACTUATOR_STATE_ACTIVE, E_OK);
ActuatorService_SetOutput_ExpectAndReturn(
ACTUATOR_ID_DOOR_RR, ACTUATOR_STATE_ACTIVE, E_OK);
/* Timer mock for timing check */
Timer_GetCurrent_us_ExpectAndReturn(0U);
Timer_GetCurrent_us_ExpectAndReturn(1000U); /* 1ms elapsed */
Timer_GetCurrent_us_ExpectAndReturn(2000U); /* 2ms elapsed */
Timer_GetCurrent_us_ExpectAndReturn(3000U); /* 3ms elapsed */
Timer_GetCurrent_us_ExpectAndReturn(4000U); /* 4ms elapsed */
/* Initialize module */
result = DoorLockControl_Init();
TEST_ASSERT_EQUAL(E_OK, result);
/* Act */
result = DoorLockControl_SetAllDoors(LOCK_CMD_LOCK);
/* Assert */
TEST_ASSERT_EQUAL(E_OK, result);
}
/**
* @test SWE-UT-103-002
* @brief Verify successful unlock all doors operation
* @trace SWE-BCM-103
*/
void test_SetAllDoors_Unlock_Success(void)
{
/* Arrange */
Std_ReturnType result;
/* Expect actuator calls with INACTIVE state */
ActuatorService_SetOutput_ExpectAndReturn(
ACTUATOR_ID_DOOR_FL, ACTUATOR_STATE_INACTIVE, E_OK);
ActuatorService_SetOutput_ExpectAndReturn(
ACTUATOR_ID_DOOR_FR, ACTUATOR_STATE_INACTIVE, E_OK);
ActuatorService_SetOutput_ExpectAndReturn(
ACTUATOR_ID_DOOR_RL, ACTUATOR_STATE_INACTIVE, E_OK);
ActuatorService_SetOutput_ExpectAndReturn(
ACTUATOR_ID_DOOR_RR, ACTUATOR_STATE_INACTIVE, E_OK);
Timer_GetCurrent_us_IgnoreAndReturn(0U);
result = DoorLockControl_Init();
TEST_ASSERT_EQUAL(E_OK, result);
/* Act */
result = DoorLockControl_SetAllDoors(LOCK_CMD_UNLOCK);
/* Assert */
TEST_ASSERT_EQUAL(E_OK, result);
}
/*===========================================================================*/
/* ERROR PATH TESTS */
/*===========================================================================*/
/**
* @test SWE-UT-103-010
* @brief Verify behavior when not initialized
* @trace SWE-BCM-103
*/
void test_SetAllDoors_NotInitialized_ReturnsError(void)
{
/* Arrange - skip init */
Std_ReturnType result;
/* Act - call without init */
result = DoorLockControl_SetAllDoors(LOCK_CMD_LOCK);
/* Assert */
TEST_ASSERT_EQUAL(E_NOT_OK, result);
}
/**
* @test SWE-UT-103-011
* @brief Verify DTC set on actuator failure
* @trace SWE-BCM-105
*/
void test_SetAllDoors_ActuatorFailure_SetsDTC(void)
{
/* Arrange */
Std_ReturnType result;
/* First actuator fails */
ActuatorService_SetOutput_ExpectAndReturn(
ACTUATOR_ID_DOOR_FL, ACTUATOR_STATE_ACTIVE, E_NOT_OK);
/* Expect DTC */
Dem_SetEventStatus_Expect(DEM_EVENT_DOORLOCK_ACTUATOR, DEM_EVENT_STATUS_FAILED);
Timer_GetCurrent_us_IgnoreAndReturn(0U);
result = DoorLockControl_Init();
TEST_ASSERT_EQUAL(E_OK, result);
/* Act */
result = DoorLockControl_SetAllDoors(LOCK_CMD_LOCK);
/* Assert */
TEST_ASSERT_EQUAL(E_NOT_OK, result);
}
/**
* @test SWE-UT-103-012
* @brief Verify DTC set on timing violation
* @trace SWE-BCM-103, SWE-BCM-105
*/
void test_SetAllDoors_TimingViolation_SetsDTC(void)
{
/* Arrange */
Std_ReturnType result;
ActuatorService_SetOutput_IgnoreAndReturn(E_OK);
/* Simulate timing violation: 15ms elapsed > 10ms limit */
Timer_GetCurrent_us_ExpectAndReturn(0U);
Timer_GetCurrent_us_ExpectAndReturn(15000U); /* 15ms - exceeds limit */
/* Expect timing DTC */
Dem_SetEventStatus_Expect(DEM_EVENT_DOORLOCK_TIMING, DEM_EVENT_STATUS_FAILED);
result = DoorLockControl_Init();
TEST_ASSERT_EQUAL(E_OK, result);
/* Act */
result = DoorLockControl_SetAllDoors(LOCK_CMD_LOCK);
/* Assert */
TEST_ASSERT_EQUAL(E_NOT_OK, result);
}
/*===========================================================================*/
/* BOUNDARY VALUE TESTS */
/*===========================================================================*/
/**
* @test SWE-UT-104-001
* @brief Verify GetState with valid door IDs
* @trace SWE-BCM-104
*/
void test_GetState_ValidDoorId_ReturnsState(void)
{
Std_ReturnType result;
DoorLockControl_State_t state;
result = DoorLockControl_Init();
TEST_ASSERT_EQUAL(E_OK, result);
/* Test all valid door IDs */
result = DoorLockControl_GetState(DOOR_FL, &state);
TEST_ASSERT_EQUAL(E_OK, result);
result = DoorLockControl_GetState(DOOR_FR, &state);
TEST_ASSERT_EQUAL(E_OK, result);
result = DoorLockControl_GetState(DOOR_RL, &state);
TEST_ASSERT_EQUAL(E_OK, result);
result = DoorLockControl_GetState(DOOR_RR, &state);
TEST_ASSERT_EQUAL(E_OK, result);
}
/**
* @test SWE-UT-104-002
* @brief Verify GetState with invalid door ID
* @trace SWE-BCM-104
*/
void test_GetState_InvalidDoorId_ReturnsError(void)
{
Std_ReturnType result;
DoorLockControl_State_t state;
result = DoorLockControl_Init();
TEST_ASSERT_EQUAL(E_OK, result);
/* Test boundary: DOOR_COUNT (first invalid) */
result = DoorLockControl_GetState(DOOR_COUNT, &state);
TEST_ASSERT_EQUAL(E_NOT_OK, result);
/* Test boundary: DOOR_COUNT + 1 */
result = DoorLockControl_GetState((DoorLockControl_DoorId_t)(DOOR_COUNT + 1U), &state);
TEST_ASSERT_EQUAL(E_NOT_OK, result);
}
/**
* @test SWE-UT-104-003
* @brief Verify GetState with NULL pointer
* @trace SWE-BCM-104
*/
void test_GetState_NullPointer_ReturnsError(void)
{
Std_ReturnType result;
result = DoorLockControl_Init();
TEST_ASSERT_EQUAL(E_OK, result);
/* NULL pointer for state */
result = DoorLockControl_GetState(DOOR_FL, NULL_PTR);
TEST_ASSERT_EQUAL(E_NOT_OK, result);
}
/*===========================================================================*/
/* TEST RUNNER */
/*===========================================================================*/
int main(void)
{
UNITY_BEGIN();
/* Normal flow tests */
RUN_TEST(test_SetAllDoors_Lock_Success);
RUN_TEST(test_SetAllDoors_Unlock_Success);
/* Error path tests */
RUN_TEST(test_SetAllDoors_NotInitialized_ReturnsError);
RUN_TEST(test_SetAllDoors_ActuatorFailure_SetsDTC);
RUN_TEST(test_SetAllDoors_TimingViolation_SetsDTC);
/* Boundary value tests */
RUN_TEST(test_GetState_ValidDoorId_ReturnsState);
RUN_TEST(test_GetState_InvalidDoorId_ReturnsError);
RUN_TEST(test_GetState_NullPointer_ReturnsError);
return UNITY_END();
}
Coverage Analysis
Coverage Report Integration
The following diagram presents coverage targets by ASIL level, showing the required statement, branch, and MC/DC coverage thresholds that must be achieved for each safety integrity level.
Static Analysis Integration
MISRA Compliance Report
Note: Justified deviations with approved deviation records are counted as compliant.
| Category | Total | Violations | Compliance |
|---|---|---|---|
| Mandatory | 35 | 0 | 100% |
| Required | 118 | 2 (justified deviations) | 100% (with deviations) |
| Advisory | 48 | 5 | 90% |
Deviation Justification Example
/**
* @deviation MISRA-C:2012 Rule 11.3
* @justification Pointer cast required for hardware register access.
* Register address validated at compile time.
* @approved J.Smith, 2025-01-10
* @trace DR-BCM-001
*/
volatile uint32* const ADC_REG = (volatile uint32*)0x40012000U;
Test Automation Pipeline
CI/CD Integration
# Unit test pipeline configuration
unit_test_job:
stage: verify
script:
# Build tests
- ceedling test:all
# Generate coverage report
- gcovr --xml --output coverage.xml
# Run static analysis
- cppcheck --enable=all --xml 2>cppcheck.xml src/
# MISRA analysis
- polyspace-bug-finder -source src/ -results misra_results/
artifacts:
reports:
junit: build/test_results.xml
coverage: coverage.xml
coverage:
statement: 100%
branch: 100%
mcdc: 100% # For ASIL C/D
Work Products
| WP ID | Work Product | AI Role |
|---|---|---|
| 08-50 | SW unit test specification | Test generation |
| 13-50 | SW unit verification report | Result analysis |
| 13-19 | Coverage report | Coverage analysis |
| 17-11 | Traceability record | Trace verification |
Summary
SWE.4 Software Unit Verification:
- AI Level: L2-L3 (high automation potential)
- Primary AI Value: Test generation, coverage analysis
- Human Essential: Test logic review, coverage approval
- Key Outputs: Test specifications, coverage reports
- Coverage Targets: 100% statement, branch, MC/DC (per ASIL)