Software Engineering (for Automation)

Exam of July 7th, 2023

Total available time: 2h

Exercise 1 (6+2 points)

1.
Describe through a UML Class Diagram the elements of a system for the counting of votes in elections.
The system has components, ballot readers, that scan paper ballots (on which users mark their preferences)
and detect the corresponding votes. Each election is made of different races, one for each post (mayor,
senator, etc.). Each race (which is identified by the name of the post) has a set of candidates who run for that
race, where each candidate has a first name, last name, date of birth, and fiscal code which uniquely
identifies the candidate. Also, each candidate is affiliated with a party (the information associated with each
party is not detailed here for simplicity). Each ballot scan produces the preferences of the voter for each post.
Each preference could be blank (i.e., the voter did not vote for anyone), or it could list the IDs of one or more
candidates. Even if the voter voted for one candidate, the preference might be invalid (for example if the
ballot reader was not able to identify the candidate with sufficient confidence, but also for other reasons).
After the ballot reader scans a ballot, it sends the result (i.e., the preferences it detected) to a module that
keeps track of the votes in a precinct (i.e., in a certain geographical area). Each counting module, in turn,
sends the results of the precinct to another counting module, which keeps track of the votes for the whole
region. The system uses the counting modules to provide users with functions that allow them to gather the
results of each race. More precisely, it offers a function to retrieve, given a race, the vote tally for each
candidate, that is, the total number of preferences for each candidate. It also offers a function that returns,
given a race, the winner of that race, and another function that, given a party, returns the list of races won by
that party.
2.
Describe through a UML Sequence Diagram (and complete the Class Diagram if necessary) the interaction
that occurs in the system when a voting official scans a ballot through the ballot reader.

Exercise 2 (9 points)
Define a Timed Petri Net that captures the following behavior of a system.
The system emits sequences of signals that have the following characteristics. Each sequence starts and ends
with a signal b. Between two signals b there is a (non-empty) sequence of signals that starts with a signal s,
followed by a signal e; the sequence “s followed by e” is repeated, until the whole sequence s, e, s, e, … , s, e
(which must end with a signal e) is terminated by a signal b. After a sequence of signals b, s, e, s, e, …, s, e,
b, the system waits for exactly 10 seconds, and then a new sequence b, s, e, …, b is emitted. Between two
signals b there must be at least a signal s, followed by an e.
The following timing constraints must hold:
• Each signal e cannot follow the preceding s by more than 0.1 seconds.
• Every time a signal s is followed by an e, which is then followed by another s, the time distance
between the two s signals must be at least 0.5 seconds, and it cannot be more than 2 seconds.
• The b signals that “bookend” a sequence b, s, e, …, b must be no more than 20 seconds apart. If the
sequence has not yet finished 20 seconds after the starting b, the whole system halts.
Exercise 3 (6+4 points)
a.
Specify the pre- and post-conditions of a program findPairDouble(A) that takes as input an array A of
integer values and returns true if, in the array, there are two elements such that one is the double of the other,
and the one that is the double appears in the array after the other (with possibly other elements in between).
If no two such elements exist, the program returns false. Also, if the array is NIL, or it contains less than 3
elements, the program raises an error.
The input array must not be sorted in ascending order, and it must contain at least one negative element and a
positive one.

b.
Define a black-box test set for the specification of program findPairDouble(A) (indicate, for each test case,
the expected result).

Exercise 4 (5 points)
Consider the following fragment of code:

findPair(A)
1 if A = NIL or A.length ≤ 2
2 error('invalid input')
3 i := 1
4 while i < A.length
5 j := 1
6 while j ≤ A.length
7 if A[j] = 2*A[i]
8 return true
9 j := j +1
10 i := i +1
11 return false

1. Define, if possible, a minimal test set that covers all edges. If it is not possible, explain why.
2. Define a test set that 2-covers all feasible paths. For each test case, indicate the value returned by the
program. Does the program implement the specification of exercise 3? If it does not, explain why.
Solutions

Exercise 1
1.

2.
Exercise 2

0.5,0.5 1.5,1.5

s
b s e s e

0,0.1 0,0.1
Instead of waiting before
having another b, 0,0
the b could occur immediately b b
after the 10 seconds

0,0

10,10 wait
20,20 0,0

0,0

Exercise 3
a.
Pre:
A = NIL ∨ A.length < 3 ∨
( ∃i,j( 1 ≤ i ≤ A.length ∧ 1 ≤ j ≤ A.length ∧ A[i] < 0 ∧ A[j] > 0 )
∧
∃i,j( 1 ≤ i ≤ A.length ∧ 1 ≤ j ≤ A.length ∧ i < j ∧ A[i] > A[j] ) )

Post:
res = true ⇒ A.length > 2 ∧ ∃i,j( 1 ≤ i < j ≤ A.length ∧ A[j] = 2*A[i] )
res = false ⇒ A ≠ NIL ∧ A.length > 2 ∧
¬∃i,j( 1 ≤ i < j ≤ A.length ∧ A[j] = 2*A[i] )
A = NIL ∨ A.length ≤ 2 ⇒ error("invalid input")

b.
Normal behavior:
A = NIL (result: error)
A = [ 8, -7 ] (result: error)
A = [ 7, -3, 10, 6, -6, 5 ] (result: true)
A = [ -9, 8, 2, -4, 16, 9, 2 ] (result: true)
A = [ -5, 15, -3, -2, 42, 27, -3 ] (result: false)
A = [ 13, 16, -2, 8, -2, 10 ] (result: false)
Robustness:
A = [ -3, 4, 8 ]
A = [ -5, -2, -10 ]
Boundary values:
A = [ 9, -10, 18 ] (result: true)
A = [ -7, 16, 6 ] (result: false)
A = [ -8, 6, -4 ] (result: false)

Exercise 4
1.
A minimal test set that covers all edges is { A = NIL, A = [ -7, 4, -4, 8 ], A = [ 13, 4, 12 ] }

2.
A test set that 2-covers all feasible paths is:
{ A = NIL (result: error),
A = [ 0, 3, 18 ](result: true),
A = [ -5, -10, 8 ](result: true), }
It is clear that the code does not implement the specification of exercise 3. Indeed, it does not check that i is
different from j (so it returns true if there is a single 0), and it does not check that the index of the element
that is the double is bigger than the other one.