Your browser does not support JavaScript! Skip to main content
Free 30-day trial Customer portal Careers DO-178C Handbook RapiCoupling Preview DO-178C Multicore Training
Rapita Systems
 

Industry leading verification tools & services

Rapita Verification Suite (RVS)

  RapiTest - Unit/system testing  RapiCover - Structural coverage analysis  RapiTime - Timing analysis (inc. WCET)  RapiTask - Scheduling visualization  RapiCoverZero - Zero footprint coverage analysis  RapiTimeZero - Zero footprint timing analysis  RapiTaskZero - Zero footprint scheduling analysis  RapiCouplingPreview - DCCC analysis

Multicore Verification

  MACH178  MACH178 Foundations  Multicore Timing Solution  RapiDaemons

Engineering Services

  V&V Services  Data Coupling & Control Coupling  Object code verification  Qualification  Training  Consultancy  Tool Integration  Support

Industries

  Civil Aviation (DO-178C)   Automotive (ISO 26262)   Military & Defense   Space

Other

RTBx Mx-Suite Software licensing Product life cycle policy RVS Assurance issue policy RVS development roadmap

Latest from Rapita HQ

Latest news

Magline joins Rapita Trailblazer Partnership Program to support DO-178 Certification
Eve Air Mobility joins Rapita Systems Trailblazer Partnership Program for eVTOL projects
Rapita Systems launches MACH178 Foundations for multicore DO-178C compliance
Collins Aerospace and Rapita present award winning paper at DASC 2024
View News

Latest from the Rapita blog

Data Coupling Basics in DO-178C
Control Coupling Basics in DO-178C
Components in Data Coupling and Control Coupling
The ‘A’ Team comes to the rescue of code coverage analysis
View Blog

Latest discovery pages

control_tower DO-278A Guidance: Introduction to RTCA DO-278 approval
Picture of a car ISO 26262
DCCC Image Data Coupling & Control Coupling
Additional Coe verification thumb Verifying additional code for DO-178C
View Discovery pages

Upcoming events

DO-178C Multicore In-person Training (Fort Worth, TX)
2025-04-15
DO-178C Multicore In-person Training (Toulouse)
2025-11-04
View Events

Technical resources for industry professionals

Latest White papers

Mitigation of interference in multicore processors for A(M)C 20-193
Sysgo WP
Developing DO-178C and ED-12C-certifiable multicore software
DO178C Handbook
Efficient Verification Through the DO-178C Life Cycle
View White papers

Latest Videos

Streamlined AMC 20-193 compliance with MACH178 Foundations
Streamlined software verification with RVS 3.21
Integrating & verifying time-critical applications on multicore platforms - Rapita & Asterios Technologies
A(M)C 20-193 vs AA-22-01 Webinar
View Videos

Latest Case studies

GMV case study front cover
GMV verify ISO26262 automotive software with RVS
Kappa: Verifying Airborne Video Systems for Air-to-Air Refueling using RVS
Supporting DanLaw with unit testing and code coverage analysis for automotive software
View Case studies

Other Downloads

 Webinars

 Brochures

 Product briefs

 Technical notes

 Research projects

Discover Rapita

Who we are

The company menu

  • About us
  • Customers
  • Distributors
  • Locations
  • Partners
  • Research projects
  • Contact us

US office

+1 248-957-9801
info@rapitasystems.com
Rapita Systems, Inc.
41131 Vincenti Ct.
Novi
MI 48375
USA

UK office

+44 (0)1904 413945
info@rapitasystems.com
Rapita Systems Ltd.
Atlas House
Osbaldwick Link Road
York, YO10 3JB
UK

Spain office

+34 93 351 02 05
info@rapitasystems.com
Rapita Systems S.L.
Parc UPC, Edificio K2M
c/ Jordi Girona, 1-3
Barcelona 08034
Spain

Working at Rapita

Careers

Careers menu

  • Current opportunities & application process
  • Working at Rapita
Back to Top Contact Us

Breadcrumb

  1. Home

Discover MC/DC

  • Intro
  • Types of Code Coverage
  • Example
  • MC/DC vs. MCC
  • When & Why
  • Code Coverage Webinar

What is MC/DC?

MC/DC

Modified Condition/Decision Coverage (MC/DC) is a code coverage criterion commonly used in software testing. For example, DO-178C software development guidance in the aerospace industry requires MC/DC for the highest Design Assurance Level (DAL) or Item Development Assurance Level (IDAL).

Code coverage is a way of measuring the effectiveness of your test cases. The higher the percentage of code that has been covered by testing, the less likely it is to contain bugs when compared to code that has a lower coverage score. There are three other types of code coverage that are worth considering in relation to MC/DC: Statement coverage, Decision coverage and Multiple condition coverage.

In addition to the criteria required by statement and decision coverage, MC/DC requires that 'Each condition in a decision has been shown to independently affect that decision's outcome'.

The MC/DC Criterion  
“Each condition in a decision has been shown to independently affect that decision's outcome. A condition is shown to independently affect a decision's outcome by varying just that condition while holding fixed all other possible conditions".

Different types of code coverage

There are many different ways to approach code coverage; the ones we are concerned with are outlined in the table below:

Coverage criteria

Statement coverage

Decision coverage

MC/DC

Multiple condition coverage

Every statement in the program has been invoked at least once

✔

 

 

 

Every point of entry and exit in the program has been invoked at least once

 

✔

✔

✔

Every control statement (i.e., branchpoint) in the program has taken all possible outcomes (i.e., branches) at least once 

 

✔

✔

✔

Every non-constant Boolean expression in the program has evaluated to both a True and False result

 

✔

✔

✔

Every non-constant condition in a Boolean expression in the program has evaluated to both a True and False result

 

 

✔

✔

Every non-constant condition in a Boolean expression in the program has been shown to independently affect that expression’s outcome

 

 

✔

✔

Every combination of condition outcomes within a decision has been invoked at least once

 

 

 

✔

Credit: Nasa - https://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20010057789.pdf

Code-coverage-whitepapers
Choose your free Code Coverage White Paper:
When you contact us, we will process your personal data in accordance with our data protection policy, please see our Customer Privacy Information for more information.

MC/DC in action: The Cup of Coffee Example

Imagine making a cup of coffee. To make a warm and tasty cup of coffee, we'd need ALL of the following: a kettle, a cup and coffee. If any of the components were missing, we wouldn't be able to make our coffee. Or, to express this another way: 

if( kettle && cup && coffee ) {
  return cup_of_coffee;
}
else {
  return none;
}

Or to illustrate it visually:

Tests 4 & 8 demonstrate that ‘kettle’ can independently affect the outcome.
Tests 6 & 8 demonstrate that ‘mug’ can independently affect the outcome.
Tests 7 & 8 demonstrate that ‘coffee’ can independently affect the outcome.

Please note, decision coverage and statement coverage are also covered in the selected tests.

The tests required for MC/DC analysis in this case are tests 4, 6, 7 & 8. Tests 1, 2, 3 and 5 are not required as we can satisfy the MC/DC criterion without them. These redundant tests need not be included in the coverage report.

MC/DC vs. MCC

 

  • Multiple condition coverage (MCC) testing is characterized as number of tests = 2C. In our example we have three conditions (kettle, cup and cofffee) therefore tests = 23 = 8.
  • MC/DC requires significantly fewer tests (C + 1). In our example we have three conditions, therefore 3 + 1 = 4.

 

Naturally, when there are more conditions to test, the amount of testing increases. In the above case, Multiple condition coverage (MCC) analysis would require twice as many tests as MC/DC analysis. In a real-world setting, most aerospace projects would include some decisions with 16 conditions or more.

Let’s look at what would be required to assess coverage for a decision with 16 conditions.

  • Multiple condition coverage (MCC) tests = 216 = 65,536.
  • MC/DC: tests = 16 + 1 = 17.
  • Using MC/DC reduces the number of tests needed by 65,519.

 

As demonstrated above, when more complexity is added to a decision, the number of extra test cases required by MCC grows exponentially. This means that, when using MC/DC, we require a much smaller number of test cases in comparison to multiple condition coverage (MCC), while still maintaining a high error-detection probability.

Most coverage analysis tools support what they deem to be a "reasonable" number of conditions per decision (20 conditions per decision is common). RapiCover, however, is more powerful than most coverage analysis tools and supports up to 1000 conditions per decision.

Why MC/DC?

Aerospace and automotive guidance prioritises safety above all else in the software development lifecycle. With that in mind, truly ‘exhaustive testing’, as encapsulated by MCC, would be the safest and most rigorous approach in a perfect world. MC/DC represents a compromise that finds a balance between rigor and effort; positioning itself in between DC and MCC. MC/DC requires a much smaller number of test cases in comparison to multiple condition coverage (MCC), while retaining a high error-detection probability.

When is MC/DC required?

DAL A aerospace projects

Any software that is critical to provide (or prevent failure of) continued safe flight and landing of an aircraft is defined as being Design Assurance Level A software. Any aerospace software that is being created at this level of assurance must measure and report MC/DC.

ASIL D automotive projects

ISO 26262 prescribes MC/DC for ASIL D (the highest criticality level) software.

View Code coverage webinar

 
  • Solutions
    • Rapita Verification Suite
    • RapiTest
    • RapiCover
    • RapiTime
    • RapiTask
    • MACH178
    • Verification and Validation Services
    • Qualification
    • Training
    • Integration
  • Latest

    • Latest menu

    • News
    • Blog
    • Events
    • Videos
  • Downloads

    • Downloads menu

    • Brochures
    • Webinars
    • White Papers
    • Case Studies
    • Product briefs
    • Technical notes
    • Software licensing
  • Company

    • Company menu

    • About Rapita
    • Careers
    • Customers
    • Distributors
    • Industries
    • Locations
    • Partners
    • Research projects
    • Contact
  • Discover
    • Multicore Timing Analysis
    • Embedded Software Testing Tools
    • Worst Case Execution Time
    • WCET Tools
    • Code coverage for Ada, C & C++
    • MC/DC Coverage
    • Verifying additional code for DO-178C
    • Timing analysis (WCET) & Code coverage for MATLAB® Simulink®
    • Data Coupling & Control Coupling
    • Aerospace Software Testing
    • Automotive Software Testing
    • Certifying eVTOL
    • DO-178C
    • AC 20-193 and AMC 20-193
    • ISO 26262
    • What is CAST-32A?

All materials © Rapita Systems Ltd. 2024 - All rights reserved | Privacy information | Trademark notice Subscribe to our newsletter