Towards Modified Condition/Decision Coverage of Rust

TL;DR

This paper clarifies how to apply Modified Condition/Decision Coverage (MC/DC) testing to Rust, addressing language-specific features like pattern matching, to support high-assurance safety-critical software development.

Contribution

It provides a detailed analysis and clarification of applying MC/DC to Rust, including language features like pattern matching, facilitating the development of Rust MC/DC testing tools.

Findings

Clarified application of MC/DC to Rust language features

Provided a consistent framework for Rust MC/DC testing

Supported the integration of Rust in safety-critical systems

Abstract

Testing is an essential tool to assure software, especially so in safety-critical applications. To quantify how thoroughly a software item has been tested, a test coverage metric is required. Maybe the strictest such metric known in the safety critical systems is Modified Condition/Decision Coverage (MC/DC), which DO-178C prescribes for the highest software assurance level in aviation. In the past, ambiguities in the interpretation of MC/DC have been resolved already, i. e. in CAST-10. However, some central features of the Rust programming language necessitate further clarification. This work investigates aforementioned features, in particular pattern matching, providing a consistent view on how to apply MC/DC to Rust. Hence, this paper informs the implementation of Rust MC/DC tools, paving the road towards Rust in high-assurance applications.