《计算平台部署与测试（双语）》课件-项目五：车载系统安全验证与自动化测试

FunctionalSafetyASILLevelEvaluationElements功能安全ASIL等级评估要素思考一下Takeamomenttothink你正开着一辆具备自动紧急刹车功能的车在高速上飞驰。如果这个系统在需要刹车时失效了，后果会怎样？Imagineyou'redrivingacarequippedwithanautomaticemergencybraking(AEB)systemonthehighway,andthesystemfailswhenit'sneededtobrake.Whatwouldtheconsequencesbe?ASIL，全称是“汽车安全完整性等级”。ASIL不是一个单一的要求，它是一套完整的等级体系，从低到高依次为：QM,ASILA,ASILB,ASILC,ASILDASIL,whichstandsforAutomotiveSafetyIntegrityLevel,isnotasinglerequirementbutacomprehensivelevelsystem.Thelevelsrangefromlowtohighasfollows:QM,ASILA,ASILB,ASILC,andASILD.ASILASIL暴露度（E）Exposure(E)暴露度（E）Exposure(E)暴露度是衡量人类及自然系统接触外部环境因素的量化指标，在环境健康与气候灾害研究中具有核心地位。Exposureisaquantitativemeasureofhowhumansandnaturalsystemsareexposedtoexternalenvironmentalfactors.Itplaysacentralroleinenvironmentalhealthandclimatedisasterresearch.暴露度（E）Exposure(E)等级Level定义（场景发生频率）Definition(FrequencyofOccurrence)示例ExampleE0几乎不可能

Almostimpossible车辆落水后自动驾驶启动AutonomousdrivingactivationafterthevehiclefallsintowaterE1可能性非常低

Verylowprobability雪地极端天气自动驾驶AutonomousdrivinginextremesnowyweatherE2可能性低Lowprobability郊区道路自动驾驶AutonomousdrivingonsuburbanroadsE3中等可能Moderateprobability城市快速路自动驾驶AutonomousdrivingonurbanexpresswaysE4可能性高Highprobability市区拥堵路段自动驾驶Autonomousdrivingincongestedcitystreets严重度（S）Severity(S)严重度（S）Severity(S)严重度是指失效模式对产品功能、安全性或法规符合性的影响程度Severityreferstothedegreeofimpactthatafailuremodehasontheproduct'sfunctionality,safety,orregulatorycompliance.严重度（S）Severity(S)等级Level定义（伤害程度）Definition(DegreeofInjury)示例ExampleS0无伤害

Noinjury轻微伤害（可快速恢复）Minorinjury(canrecoverquickly)S1轻微伤害Minorinjury车辆轻微剐蹭，人员轻微擦伤Minorvehiclescrape,minorabrasionstoindividualsS2严重或危机生命的伤害（可以幸存）Seriousorlife-threateninginjury(survivable)车辆碰撞，人员骨折Vehiclecollision,resultinginbonefracturestoindividualsS3危机生命的伤害（可能不能幸存）或致命伤害Life-threateninginjury(maynotbesurvivable)orfatalinjury车辆撞击，人员重伤或死亡Vehiclecollision,resultinginseriousinjuryordeathtoindividuals可控性（C）Controllability(C)可控性（C）Controllability(C)对于每一个危害事件，应基于一个确定的理由预估驾驶员或其他潜在处于风险的人员对该危害事件的可控性。Foreachhazardousevent,thecontrollabilityshouldbeestimatedbasedonawell-definedreason,consideringhowthedriverorotherindividualspotentiallyatriskcancontrolorinterveneintheevent.小结Summarize记住这三个要素的量化标准和核心逻辑，就能准确评估ASIL等级，为功能安全设计匹配最适合的防护方案，让每一个安全相关功能都有章可循～Byrememberingthequantitativestandardsandcorelogicofthesethreefactors,youcanaccuratelyassesstheASILlevel,matchthemostsuitableprotectionplanforfunctionalsafetydesign,andensurethateverysafety-relatedfunctionfollowsaclearandstructuredapproach.In-vehiclefilesystemtypes车载文件系统类型当你在车机上播放音乐、导航或升级系统固件时，这些文件是存储在哪里、又是如何被访问的？Whenyouplaymusic,navigate,orupdatesystemfirmwareonyourcar'sinfotainmentsystem,wherearethesefilesstoredandhowaretheyaccessed?车载文件系统并非独立开发的专用系统，而是主要基于成熟的通用文件系统，核心目标是实现车载主机与外部存储设备（如U盘、SD卡）的数据交互，以及管理内部存储的系统文件和多媒体资源。Thevehiclefilesystemisnotaseparatelydevelopeddedicatedsystem,butismainlybasedonamaturegeneral-purposefilesystem.Itscoreobjectiveistoenabledatainteractionbetweenthevehicle'sheadunitandexternalstoragedevices(suchasUSBflashdrivesandSDcards),aswellastomanagesystemfilesandmultimediaresourcesontheinternalstorage.车载文件系统的定义Definitionofvehiclefilesystem主流车载文件系统类型MainstreamvehiclefilesystemtypesFAT32、exFAT、NTFS、EXT系列（EXT4为主）、UBIFSFAT32,exFAT,NTFS,EXTseries(primarilyEXT4),andUBIFSEXT4主要存储EXT4primarystorageEXT4通常位于“块设备（eMMC/UFS）”上，负责整个车机操作系统和应用层数据的持久化。EXT4typicallyresidesonablockdevice(eMMC/UFS)andisresponsibleforthepersistenceofdataacrosstheentirevehicleinfotainmentsystemandapplicationlayers.典型存储内容举例Typicalstoragecontentsinclude车机系统：Linux内核、系统库（libc.so、libstdc++等）Vehicleinfotainmentsystem:Linuxkernel,systemlibraries(libc.so,libstdc++,etc.)驱动模块：摄像头、CAN、以太网驱动Drivermodules:Camera,CAN,Ethernetdrivers应用程序：导航、语音助手、车载应用APKApplications:Navigation,voiceassistant,in-vehicleapplicationAPKs日志与缓存：行车日志、诊断数据、地图缓存Logsandcache:Drivinglogs,diagnosticdata,mapcacheUBIFS主要存储UBIFSisthemainstorageUBIFS通常部署在原始NAND/NORFlash上，常用于实时控制类ECU（如VCU、BCU、ADAS控制器）。UBIFSistypicallydeployedonrawNAND/NORFlashmemoryandiscommonlyusedinreal-timecontrolECUs(suchasVCUs,BCUs,andADAScontrollers).典型存储内容举例TypicalstoragecontentsincludeMCU控制逻辑（RTOS/LinuxEmbedded内核）MCUcontrollogic(RTOS/LinuxEmbeddedkernel)电机/电池控制标定参数（CAN参数、PID参数）Motor/batterycontrolcalibrationparameters(CANparameters,PIDparameters)系统日志（错误码、运行时间、状态快照）Systemlogs(errorcodes,runtime,statussnapshots)网络与总线配置表（CANID映射、信号定义）Networkandbusconfigurationtables(CANIDmapping,signaldefinitions)断电保护数据（最近运行状态、计数器值）Powerfailureprotectiondata(recentoperatingstatus,countervalues)EXT4与UBIFS在车载环境下的稳定性StabilityofEXT4andUBIFSinautomotiveenvironments针对闪存的“原生适配”能力Regardingthe"nativecompatibility"capabilitiesofflashmemoryEXT4：如果直接将EXT4用于无FTL的原始闪存，由于缺乏磨损均衡，会导致部分闪存块被反复写入而快速老化，出现坏块，最终引发文件系统错误或数据丢失。EXT4:IfEXT4isuseddirectlywithrawflashmemorywithoutFTL,thelackofwearlevelingwillcausesomeflashblockstoberepeatedlywrittentoandagerapidly,resultinginbadblocksandultimatelyleadingtofilesystemerrorsordataloss.UBIFS：作为闪存原生文件系统，UBIFS能动态监测闪存块的磨损情况，智能分配写入位置，确保所有块的磨损程度均匀。UBIFS:Asanativefilesystemforflashmemory,UBIFScandynamicallymonitorthewearofflashblocksandintelligentlyallocatewritelocationstoensurethatthewearofallblocksisuniform.EXT4与UBIFS在车载环境下的稳定性StabilityofEXT4andUBIFSinautomotiveenvironments断电恢复与数据完整性PowerOutageRecoveryandDataIntegrityEXT4：依赖日志功能，断电后需要进行日志回放来恢复数据一致性，这个过程可能耗时较长，且在极端情况下（如日志区本身损坏），仍有小概率出现数据不一致。EXT4:Reliesonlogging.Afterapoweroutage,logreplayisrequiredtorestoredataconsistency.Thisprocesscanbetime-consuming,andinextremecases(suchaswhenthelogareaitselfiscorrupted),thereisstillasmallprobabilityofdatainconsistency.UBIFS：采用“写时复制”（Copy-on-Write）和原子操作，每次写入都是一个完整的事务。断电后，系统重启时无需复杂的日志恢复，能快速定位到最近的一致状态，恢复速度更快。UBISFS:Employs"copy-on-write"andatomicoperations,ensuringthateachwriteisacompletetransaction.Afterapoweroutage,systemrestartswithoutcomplexlogrecovery,quicklylocatingthemostrecentconsistentstateandresultinginfasterrecovery.适用场景建议Suggestedapplicationscenarios优先选择EXT4的情况WhentoprioritizeEXT4存储介质层面：使用eMMC、UFS、SSD等带FTL的块存储设备Storagemedialevel:UsingblockstoragedeviceswithFTLsuchaseMMC,UFS,andSSD系统架构层面：运行Linux或AndroidAutomotive系统；系统具备大容量存储空间Systemarchitecturelevel:RunningLinuxorAndroidAutomotive;thesystemhasalargestoragecapacity.适用场景建议Suggestedapplicationscenarios优先选择UBIFS的情况UBIFSispreferredwhen存储介质层面：使用原始NAND/NORFlash（无FTL）Storagemedialevel:usingrawNAND/NORFlash(withoutFTL)系统架构层面：运行嵌入式Linux或RTOS系统；系统存储空间有限（几十MB~几百MB）Systemarchitecturelevel:runningembeddedLinuxorRTOS;systemstoragespaceislimited(tenstohundredsofMB).小结Summarize车载文件系统是数据管理的基础设施，影响车机系统的性能与稳定性。Thein-vehiclefilesystemistheinfrastructurefordatamanagement,affectingtheperformanceandstabilityofthevehicle'sinfotainmentsystem.EXT4与UBIFS各有侧重EXT4andUBIFSeachhavetheirownstrengths.正确的选型取决于硬件架构Thecorrectchoicedependsonthehardwarearchitecture.DesignPrinciplesofanAPIGatewayAPI网关设计原则网关的定义DefinitionofaGateway网关(Gateway)又称网间连接器、协议转换器，完成不同网络协议转换的设备。主要指传输层以上的协议转换。用于不同网络的互连。既可用于广域网互连，也可用于局域网互连。AGateway,alsoknownasaninter-networkconnectororprotocolconverter,isadevicethatperformsconversionsbetweendifferentnetworkprotocols.Itmainlyreferstoprotocolconversionatorabovethetransportlayerandisusedforinterconnectingdifferentnetworks.Agatewaycanbeappliedtobothwideareanetwork(WAN)interconnectionandlocalareanetwork(LAN)interconnection.网关的定义DefinitionofaGatewayAPI相比传统网关,增加了对api的流量控制与筛选Comparedwithatraditionalgateway,anAPIGatewayintroducesadditionalcapabilitiesforAPItrafficcontrolandfiltering.API网关是应用程序客户端的单一入口点。它位于客户端和应用程序的一系列后端服务之间AnAPIGatewayservesasthesingleentrypointforapplicationclients.Itsitsbetweentheclientsandacollectionofbackendserviceswithintheapplication.api网关的功能FunctionsofanAPIGatewayUbuntu有多个版本，主要可以分为以下几类AnAPIGatewaytypicallyprovidesseveralkeyfunctions,including0103040502身份验证和安全策略执行AuthenticationandSecurityPolicyEnforcement负载均衡LoadBalancing协议转换ProtocolTransformation监控、日志记录、分析Monitoring,Logging,andAnalytics请求路由RequestRouting网关的设计原则DesignPrinciplesofanAPIGateway容错与高可用FaultToleranceandHighAvailabilityThesemechanismsenhancesystemstabilityandpreventservicedowntime.提高稳定性,防止宕机可插拔与可扩展PluggabilityandExtensibilitySupportsaplugin-basedarchitecturethatallowsdifferentfunctionalmodulestobeloadedondemand.支持插件化，按需加载不同功能模块单一职责SingleResponsibilityImplementsonlyasingleresponsibilityanddoesnotdirectlyinteractwithbusinesslogicorapplicationcode.只实现单一职责,不接触业务代码可观测性ObservabilityFacilitatesdebugging,troubleshooting,andtrafficcontrol.便于调试,排查与流量控制网关的请求路由实现ImplementationofRequestRoutinginaGateway请求路由的示意图SchematicDiagramofRequestRouting用户发起请求Theuserinitiatesarequest.网关接收请求Thegatewayreceivestherequest.网关获取服务注册中心的地址Thegatewayretrievestheserviceaddressesfromtheserviceregistry.网关选择一个实例并转发Thegatewayselectsoneinstanceandforwardstherequest.网关的请求路由实现ImplementationofRequestRoutinginaGateway负载均衡示意图SchematicDiagramofLoadBalancing让请求在不同服务实例之间均匀分布，从而提升系统的性能和可用性Distributesincomingrequestsevenlyamongdifferentserviceinstancestoenhancesystemperformanceandavailability.网关的请求路由实现ImplementationofRequestRoutinginaGateway负载均衡示意图SchematicDiagramofLoadBalancing策略StrategiesRoundRobin(mostcommon)WeightedRoundRobinIPHashRandomDistribution(suitablewhenrequestsareevenlydistributed)轮询(最常见)加权轮询IP哈希随机分配(适用于请求均匀)网关的协议转换ProtocolTransformationinaGateway协议转换接收端示意图SchematicDiagramoftheProtocolConversionReceivingEnd协议转换流程图FlowchartofProtocolConversion小结Summarize网关的定义与特点DefinitionandCharacteristicsofaGatewayapi网关的组成ComponentsofanAPIGateway路由请求的实现ImplementationofRequestRouting负载均衡策略LoadBalancingStrategies网关协议的转换ProtocolTransformationinaGatewayLogLevelClassificationStandard日志等级划分标准01日志的核心价值?CoreValueofLogs?问题排查,系统监控,行为追溯ProblemTroubleshooting,SystemMonitoring,BehaviorTracing02没有日志等级的痛点?PainPointsWithoutLogLevels日志冗余,关键信息淹没,排查效率低LogRedundancy,KeyInformationOverwhelmed,LowTroubleshootingEfficiencyDebug等级Debuglevel实际运行时不输出NotOutputDuringActualOperation任何觉得有利于在调试时更详细的了解系统运行状态的均可输出Anyinformationthathelpstobetterunderstandthesystem’srunningstateduringdebuggingcanbeoutput.info等级infolevel打印程序应该出现的正常状态信息，便于追踪定位PrintNormalStatusInformationoftheProgram.Thisfacilitatestrackingandlocalization.warn等级warnlevelwarn表明系统出现轻微的不合理但不影响运行和使用Warnindicatesthatthesystemhasencounteredaminorirregularity,butitdoesnotaffectoperationorusage.error等级errorlevel出现了系统错误和异常，无法正常完成目标操作Asystemerrororexceptionhasoccurred,makingitimpossibletocompletetheintendedoperationnormally.fatal等级fatallevel极其严重的错误会影响系统的正常运行Anextremelyseriouserrorthataffectsthenormaloperationofthesystem.小结Summarize日志的作用以及分级的意义ThePurposeofLogsandtheSignificanceofLogLevels各个分级对应的级别CorrespondingLevelsofEachLogCategoryDevelopmentofanAutomatedTestingFramework自动化测试框架开发基础知识BasicKnowledge软件测试是指在规定条件下对软件进行操作，以发现错误并评估软件质量的过程。Softwaretestingreferstotheprocessofoperatingsoftwareunderspecifiedconditionstoidentifyerrorsandevaluatethequalityofthesoftware.基础知识BasicKnowledgeAtestcaseisasetoftestinputs,executionconditions,andexpectedresultsdesignedforaspecificpurpose,usedtotestaparticularprogrampathorverifywhetheraspecificrequirementhasbeensatisfied.测试用例是为某个特殊目标而编制的一组测试输入、执行条件以及预期结果，用于测试某个程序路径或核实是否满足某个特定需求。基础知识BasicKnowledgeAutomatedtestingistheprocessoftransformingmanuallydriventestingactivitiesintomachine-executedactions.自动化测试是把以人为驱动的测试行为转化为机器执行的一种过程。测试框架的架构图TestFrameworkArchitectureDiagram框架文件结构FrameworkFileStructureapi_test_project/#项目根目录#Projectrootdirectory├──config/#环境、参数、数据库配置#Configurationforenvironment,parameters,anddatabase├──data/#测试数据、公共常量#Testdataandcommonconstants├──tool/#接口请求、日志、数据库操作、通用工具#APIrequests,logging,databaseoperations,andutilityfunctions├──test/#按业务模块拆分的测试场景#Testscenariosorganizedbybusinessmodules框架文件结构FrameworkFileStructureapi_test_project/#项目根目录#Projectrootdirectory├──config/#环境、参数、数据库配置#Environment,parameter,anddatabaseconfigurations├──data/#测试数据、公共常量#Testdataandsharedconstants├──tool/#接口请求、日志、数据库操作、通用工具#APIrequests,logging,databaseoperations,andcommonutilities├──test/#按业务模块拆分的测试场景#Testscenariosorganizedbybusinessmodules├──test/#按业务模块拆分的测试场景#Testscenarioscategorizedbybusinessmodules│

├──mod1/#业务模块1的用例（如登录）#Testcasesforbusinessmodule1(e.g.,login)│

├──mod2/#业务模块2的用例（如订单）#Testcasesforbusinessmodule2(e.g.,order)│

└──base/#前置后置操作、基类#Setup/teardownoperationsandbaseclasses├──report/#测试报告#Testreports├──log/#执行日志#Executionlogs├──entry/#用例运行、报告生成脚本#Scriptsforrunningtestcasesandgeneratingreports└──requirements.txt#第三方库清单#Listofthird-partydependencies测试用例的划分方法MethodsforTestCaseDesign等价类划分Equivalence边界值BoundaryValue测试用例的划分方法MethodsforTestCaseDesign判定表DecisionTable正交法OrthogonalArray测试用例报告TestCaseReport用例编号TestCaseID测试项目TestItem测试标题TestTitle重要级别Priority前置条件Preconditions测试输入TestInput操作步骤TestSteps预期结果ExpectedResultCAR-001-001车载导航功能测试In-VehicleNavigationFunctionTest验证目的地输入后导航路线规划正确Verifythatthenavigationrouteiscorrectlyplannedafterenteringadestination高High车辆已启动，导航系统已加载Thevehicleisstartedandthenavigationsystemisloaded输入目的地“测试中心”

Enterdestination“TestCenter”打开车载导航界面；在搜索框输入“测试

中心”；点击“开始导航”按钮1.Openthein-vehiclenavigationinterface;2.Enter“TestCenter”inthesearchbox;3.Clickthe“StartNavigation”button导航界面显示正确的路线规划，包括距离、预计耗时、途经路段等信息Thenavigationinterfacedisplaysthecorrectrouteplan,includingdistance,estimatedtime,androutesegments小结Summarize自动化测试相关的概念ConceptsRelatedtoAutomatedTesting自动测试框架的架构图ArchitectureofanAutomatedTestingFramework测试用例的划分方法TestCaseDesignTechniquesDevelopmentofaTestingFramework自动化测试用例设计原则基本概念BasicConcepts-用例对框架的影响-TheImpactofTestCasesontheFramework测试用例是自动化测试框架的核心执行依据，为框架提供明确的测试目标、步骤和判定标准，是框架实现自动化执行、结果校验的基础。它决定了框架的测试范围和执行逻辑。Testcasesserveasthecoreexecutionbasisofanautomatedtestingframework.Theyprovidetheframeworkwithcleartestingobjectives,steps,andevaluationcriteria,formingthefoundationforautomatedexecutionandresultverification.Testcasesdeterminethetestingscopeandexecutionlogicoftheframework.基本概念BasicConcepts-失败设计的影响-ImpactofPoorTestCaseDesign设计不当的测试用例会导致框架执行失稳、结果不可靠，既浪费资源又延长测试周期，还大幅增加维护成本。同时让框架难以发挥自动化优势，无法精准排查问题、易漏关键缺陷。Improperlydesignedtestcasescancausethetestingframeworktobecomeunstableandproduceunreliableresults.Thisnotonlywastesresourcesandextendsthetestingcyclebutalsosignificantlyincreasesmaintenancecosts.Furthermore,itpreventstheframeworkfromfullyleveragingtheadvantagesofautomation,makingitdifficulttoaccuratelylocateissuesandpronetomissingcriticaldefects.独立性原则PrincipleofIndependence

测试用例独立性是指每个测试用例应能够独立执行，不依赖于其他测试用例的执行结果或状态。一个用例的执行结果不应影响其他用例的执行结果。Theindependenceoftestcasesmeansthateachtestcaseshouldbeabletoexecuteindependently,withoutrelyingontheexecutionresultsorstatesofothertestcases.Theoutcomeofonetestcaseshouldnotaffecttheresultsofanyothertestcases.独立性原则PrincipleofIndependence车载平台测试案例AutomotivePlatformTestCases车载导航系统测试中，路线规划和语音导航功能应设计为独立用例：Inautomotivenavigationsystemtesting,therouteplanningandvoicenavigationfunctionsshouldbedesignedasindependenttestcases:路线规划用例：独立初始化地图数据，不依赖导航状态RoutePlanningTestCase:Independentlyinitializesmapdatawithoutrelyingonthenavigationstatus.语音导航用例：独立设置导航状态，不依赖路线规划结果VoiceNavigationTestCase:Independentlysetsthenavigationstatuswithoutdependingontherouteplanningresults.每个用例执行后恢复初始状态，确保后续用例不受影响Post-ExecutionReset:Eachtestcaseshouldrestorethesystemtoitsinitialstateafterexecutiontoensurethatsubsequenttestcasesarenotaffected.可重复性原则PrincipleofRepeatability

测试用例可重复性是指相同测试用例在相同条件下多次执行，应产生一致的结果。无论执行顺序如何，测试结果都应保持稳定和可预测。Therepeatabilityoftestcasesreferstotheabilityofthesametestcasetoproduceconsistentresultswhenexecutedmultipletimesunderidenticalconditions.Regardlessoftheexecutionorder,thetestoutcomesshouldremainstableandpredictable.车载平台测试案例AutomotivePlatformTestCases车载娱乐系统蓝牙连接测试：BluetoothConnectivityTestingforIn-VehicleInfotainmentSystems使用固定设备ID和连接参数UsefixeddeviceIDsandconnectionparameters.可重复性原则PrincipleofRepeatability每次测试前清除配对记录，恢复初始状态Clearpairingrecordsandrestorethesystemtoitsinitialstatebeforeeachtest.验证连接状态和音频传输功能Verifytheconnectionstatusandaudiotransmissionfunctionality.测试结果应完全一致，不受环境干扰Testresultsshouldbecompletelyconsistentandunaffectedbyenvironmentalinterference.可判定性原则PrincipleofDeterminability

测试用例可判定性是指每个测试用例应有明确的预期结果和清晰的判定标准，使测试执行后能够明确判断测试是否通过，避免模糊或主观的判断。Thedeterminabilityoftestcasesmeansthateachtestcaseshouldhaveaclearlydefinedexpectedresultandexplicitevaluationcriteria,enablingacleardeterminationofwhetherthetesthaspassedorfailedafterexecution.Thishelpsavoidambiguousorsubjectivejudgments.车载平台测试案例AutomotivePlatformTestCases车载导航系统定位精度测试：NavigationAccuracyTestforAutomotiveNavigationSystem预期结果：定位误差≤5米(具体数值)ExpectedResult:Thepositioningerrorshouldbe≤5meters(specificvalue).可判定性原则PrincipleofDeterminability判定标准：连续10次定位均满足误差要求AcceptanceCriteria:Theerrorrequirementmustbemetin10consecutivepositioningtests.验证方法：自动比对GPS坐标与实际位置VerificationMethod:AutomaticallycomparetheGPScoordinateswiththeactuallocation.结果判定：通过/失败，无需人工判断ResultDetermination:Pass/Fail—nomanualjudgmentrequired.覆盖率要求CoverageRequirements测试用例覆盖率是指测试用例对软件功能、代码路径和场景的覆盖程度。高覆盖率能更全面地发现潜在缺陷，提高软件质量，特别是在车载平台这种对安全性和可靠性要求极高的环境中。Testcasecoveragereferstotheextenttowhichtestcasescoverthesoftware’sfunctions,codepaths,andusagescenarios.Highcoverageenablesmorecomprehensivedetectionofpotentialdefectsandimprovesoverallsoftwarequality—particularlyinautomotiveplatforms,wheresafetyandreliabilityrequirementsareextremelyhigh.车载平台测试案例AutomotivePlatformTestCases车载娱乐系统多媒体播放功能测试：MultimediaPlaybackFunctionTestingforIn-VehicleInfotainmentSystem需求覆盖：音频、视频、图片全格式支持RequirementCoverage:Supportforallaudio,video,andimageformats.场景覆盖：正常播放、中断恢复、切换模式ScenarioCoverage:Normalplayback,interruptionrecovery,andmodeswitching.风险覆盖：恶意播放文件RiskCoverage:Handlingofmaliciousmediafiles.代码覆盖：核心解码模块≥95%CodeCoverage:Coredecodingmodules≥95%覆盖率要求CoverageRequirements需求覆盖率RequirementCoverage代码覆盖率CodeCoverage场景覆盖率ScenarioCoverage风险覆盖率RiskCoverage需求功能实现程度RequirementImplementationLevel代码执行路径比例CodeExecutionPathRatio真实使用场景比例Real-WorldScenarioRatio（已识别并纳入测试的风险项数量

÷

系统潜在风险项总数量）×100%RiskCoverage=(TotalNumberofPotentialRiskItemsNumberofIdentifiedandTestedRiskItems​)×100%车载测试用例设计实例DesignExamplesofAutomotiveTestCasesTakingtherouteplanningfunctionofanautomotivenavigationsystemasanexample,thissectiondemonstrateshowtoapplytheprinciplesofindependence,repeatability,determinability,andcoverageintestcasedesign.以车载导航系统路线规划功能为例，展示如何应用独立性、可重复性、可判定性和覆盖率原则设计测试用例。车载测试用例设计实例DesignExamplesofAutomotiveTestCases测试用例设计TestCaseDesign测试场景：用户从当前位置导航到目的地TestScenario:Usernavigatesfromthecurrentlocationtothedestination.前置条件：系统初始化，GPS信号正常Preconditions:Thesystemisinitialized,andtheGPSsignalisnormal.输入数据：固定起点坐标116.404,39.915,终点坐标116.397,39.916InputData:Fixedstartingcoordinates:116.404,39.915，Destinationcoordinates:116.397,39.916汽车GPS子系统通常仅限于测试跑道上的实时天空信号测试场景TestScenario独立性Independence可重复性Repeatability可判定性Determinability覆盖率Coverage车载测试用例设计实例DesignExamplesofAutomotiveTestCases测试用例设计TestCaseDesign执行步骤：启动导航→输入目的地→开始导航→验证路线Startnavigation→Enterdestination→Beginnavigation→Verifygeneratedroutes预期结果：生成3条备选路线，默认选择最短路线ExpectedResults:Threealternativeroutesaregenerated,andthesystemautomaticallyselectstheshortestroutebydefault.汽车GPS子系统通常仅限于测试跑道上的实时天空信号测试场景TestScenario独立性Independence可重复性Repeatability可判定性Determinability覆盖率Coverage后置操作：清除导航状态，恢复初始环境Post-ExecutionActions:Clearnavigationstatusandrestorethesystemtoitsinitialenvironment.车载测试用例设计实例DesignExamplesofAutomotiveTestCases//初始化测试环境functionsetupTestEnvironment

{//清除导航状态navigation.clearState;//设置模拟GPSgps.setMockLocation("116.404,39.915");}//执行测试用例functiontestRoutePlanning

{//输入目的地navigation.setDestination("116.397,39.916");

//开始导航navigation.startNavigation;//验证路线assert(navigation.getRouteCount==3);}测试代码片段TestScenario原则应用PrincipleApplication独立性：每次测试前初始化地图数据，不依赖其他用例状态Independence:Initializemapdatabeforeeachtestexecutiontoensurethatthetestdoesnotdependonthestateofothertestcases.可重复性：使用固定坐标和模拟GPS信号，确保结果一致Repeatability:UsefixedcoordinatesandsimulatedGPSsignalstoensureconsistentandreproducibleresults.车载测试用例设计实例DesignExamplesofAutomotiveTestCases//初始化测试环境functionsetupTestEnvironment

{//清除导航状态navigation.clearState;//设置模拟GPSgps.setMockLocation("116.404,39.915");}//执行测试用例functiontestRoutePlanning

{//输入目的地navigation.setDestination("116.397,39.916");

//开始导航navigation.startNavigation;//验证路线assert(navigation.getRouteCount==3);}测试代码片段TestScenario原则应用PrincipleApplication可判定性：验证路线数量、长度和关键节点，明确通过/失败Determinability:Verifythenumberofroutes,routelength,andkeywaypointstodetermineclearpass/failcriteria.覆盖率：设计正常、异常和风险场景，覆盖核心功能Coverage:Designnormal,abnormal,andriskscenariostoensurecomprehensivecoverageofallcorefunctionalities.小结Summarize自动化测试用例设计原则是车载平台测试的核心基础，通过遵循独立性、可重复性、可判定性和覆盖率要求，能够有效提升测试效率和质量，保障车载系统的可靠性和安全性。Theprinciplesofautomatedtestcasedesignformthefundamentalbasisofautomotiveplatformtesting.Byadheringtotherequirementsofindependence,repeatability,determinability,andcoverage,testingefficiencyandqualitycanbesignificantlyimproved,ensuringthereliabilityandsafetyofautomotivesystems.InformationSecurityAttackSurfaceAnalysis信息安全攻击面分析基本概念BasicConcepts

信息是通过施加于数据上的某些约定而赋予这些数据的特定含义。Informationisthespecificmeaningassignedtodatathroughtheapplicationofcertainconventions.基本概念BasicConcepts而信息安全指的是在信息产生，传输，交换，处理和储存的各个环节中，保证我们信息的机密性、完整性以及可用性不被破坏。Informationsecurityreferstoensuringtheconfidentiality,integrity,andavailabilityofinformationthroughoutitsgeneration,transmission,exchange,processing,andstorage.基本概念BasicConcepts攻击面描述了攻击者可以进入系统以及从中获取数据的所有不同入口点。Theattacksurfacedescribesallthedifferententrypointsthroughwhichanattackercanaccessasystemandextractdatafromit.诊断接口Thediagnosticinterface诊断接口,即OBD接口,常位于方向盘下方,由OBD系统控制。为通用的标准化接口，现在常用的为16针脚的OBD-II接口。Thediagnosticinterface,alsoknownastheOBDinterface,isusuallylocatedbelowthesteeringwheelandiscontrolledbytheOBDsystem.Itisauniversalstandardizedinterface,andthecommonlyusedtypetodayisthe16-pinOBD-IIinterface.诊断接口DiagnosticInterface诊断接口ThediagnosticinterfaceOBD是OnBoardDiagnostics的缩写，通俗讲就是车载自动诊断系统，它的作用就是在汽车运行过程中实时监控发动机和其他工作模块的工作状态，一旦发现异常便会以OBD,shortforOn-BoardDiagnostics,iscommonlyknownasthevehicle’sonboardautomaticdiagnosticsystem.Itsfunctionistocontinuouslymonitortheoperatingstatusoftheengineandothercontrolmoduleswhilethevehicleisrunning.Whenanabnormalityisdetected,itrecordsthefaultintheformofadiagnostictroublecode(DTC)inthememory.故障码的形式记录在存储器当中。诊断接口DiagnosticInterfaceOBD接口攻击面分析OBDInterfaceAttackSurfaceAnalysis物理接入攻击PhysicalAccessAttacks协议滥用攻击ProtocolAbuseAttacksCAN总线CANbus▶can即控制器局域网（ControllerAreaNetwork），是一种异步,半双工,高可靠性,支持多设备的一种车辆嵌入式常用的通信协议CAN,shortforControllerAreaNetwork,isanasynchronous,half-duplex,highlyreliable,andmulti-device-supportedcommunicationprotocolcommonlyusedinvehicleembeddedsystems.CAN总线攻击面分析CANBusAttackSurfaceAnalysis协议攻击ProtocolAttacks物理层攻击Physical-LayerAttacks节点安全ProtocolAttacksOTA升级OTAUpgrade汽车远程升级技术OTA：AutomotiveOver-the-Air(OTA)▶汽车远程升级技术OTA是指通过移动通信网络对汽车的零部件终端上固件、数据及应用进行远程管理的技术。Step-by-StepDebugging:Aftermodifyingyourprogram,testitaftereachchangeandchecktheoutput.Avoidmakingtoomanychangesatonce,asthiscanmakeitdifficulttolocateerrors.OTA升级OTAUpgrade汽车远程升级技术OTA：AutomotiveOver-the-Air(OTA)▶OTA技术实现分三步：首先将更新软件上传到OTA中心，然后OTA中心无线传输更新软件到车辆端，最后车辆端自动更新软件。TheimplementationofOTAtechnologyconsistsofthreesteps:first,theupdatedsoftwareisuploadedtotheOTAcenter;second,theOTAcenterwirelesslytransmitstheupdatepackagetothevehicle;andfinally,thevehicleautomaticallyinstallstheupdatedsoftware.OTA攻击面分析OTAAttackSurfaceAnalysis云端CloudSide通讯链路CommunicationLink车端VehicleSide小结Summarize信息安全攻击面分析的基础概念BasicConceptsofAttackSurfaceAnalysis诊断接口与攻击分析AttackAnalysis(OBD/DiagnosticPort)CAN通信与攻击分析AttackAnalysis(ControllerAreaNetwork)OTA与攻击分析