On Detecting Double Faults Related to Term and Literal in Boolean Expression Was: Detecting Double Faults Related to Term and Literal

Size: px

Start display at page:

Download "On Detecting Double Faults Related to Term and Literal in Boolean Expression Was: Detecting Double Faults Related to Term and Literal"

Margery Reed
5 years ago
Views:

02 Man Fai Lau and Ying Liu Faculty of Information and Communication Technologies Swinburne University of Technology First

1 Faculty of Information and Communication Technologies On Detecting Double Faults Related to Term and Literal in Boolean Expression Was: Detecting Double Faults Related to Term and Literal Technical Report: SUTICT-TR Man Fai Lau and Ying Liu Faculty of Information and Communication Technologies Swinburne University of Technology First version: 30th Jan 2007 Last revised: 15th October Fixing minor errors, Renumber the expression id and Redo Table 4 for consistency with other reports

2 This page is intentionally left blank.

3 Faculty of Information and Communication Technologies On Detecting Double Faults Related to Term and Literal in Boolean Expression Table of contents 1 Introduction 1 2 Preliminary Notation Fault Types Existing Strategy for Single Fault Detection Double Fault Models 8 4 Detection Conditions of Various Double Fault Classes Detection Conditions of 36 Double-Fault Expressions ENF with other faults TNF with other faults TOF with other faults DORF with other faults CORF with other faults Detection Conditions on 6 Remaining Double-Fault Expressions Fault Detecting Capabilities of Existing Testing Strategies 78 6 Test Case Selection Strategies for Double Fault Detection 96 7 Conclusion 106 Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page i

4 This page is intentionally left blank.

5 1 Introduction One of the many goals of software testing is to verify that the software behaves correctly according to its specifications. Fault-based testing aims at selecting test cases to guarantee the detection of certain hypothesized faults that might occur during program development. Ideally, test cases selected by the fault-based test case selection strategy can guarantee to reveal the corresponding failures of the program under test, if those hypothesized faults indeed appear in the program. There are various methods to model the specifications of software systems using Boolean expressions as part of the formalism in industrial systems including avionics, nuclear power plant control and cruise control [1, 11, 16]. Such formalism can help to automatically generate test cases based on specifications [2, 11, 16]. Furthermore, research has been done on using fault-based techniques to generate test cases based on Boolean expressions [2, 5, 13, 15, 16]. Although previous studies focus mainly on specifications, the results can also be applied to program-based predicate testing which usually involves logic expressions [13]. Recently, the detection conditions of various hypothesized faults have been studied [2, 5, 7, 8, 9, 15]. The detection condition of a particular fault in a program is a condition that makes the actual output of the program different from its expected output. Previous studies on detection conditions are mainly used in three aspects. First, the detection conditions have been used to develop test case selection strategies, such as the BASIC, MAX-A and MAX-B meaningful impact strategies [16] and the MUMCUT strategy [17]. Second, the detection conditions have been used to develop the fault class hierarchy. A fault class hierarchy establishes relationships among different types of faults. Kuhn [5] and Lau and Yu [9] used fault class hierarchies to explain fault-detecting abilites of various test case selection strategies. Third, the detection conditions have been used to investigate fault coupling. Two faults are said to be coupled together when they are combined in such a way that Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 1 of 109

6 they cannot be detected by the test cases which detect them in isolation, Both experimental and theoretical studies on fault coupling investigate the chance of a test set in detecting double faults given that the test set can detect two individual faults in isolation [3, 10]. However, in these studies, the relationships between single and double faults have not been studied and, hence, have not been used for double fault detection. In order to achieve detection of particular double fault classes, we need to study their detection conditions. Furthermore, by analysing detection conditions of double fault classes, we can obtain effective test case generation strategies for single and double fault detection. Since there are altogether 81 different possible ways to form a double fault based on 9 different single fault classes related to terms and literals reported in [9], we apply a divide-and-conquer approach to further classify all double fault classes into following three categories: 1. double faults related to terms only; 2. double faults related to literals only; 3. double faults related to a term and a literal. For the first category, there are altogether 31 different double-fault expressions 1, that is, expressions that contain double faults [7]. We studied their detection conditions and showed that all these faulty expressions can be detected by any test case selection strategy that subsumes the BASIC meaningful impact strategy. A similar study on the second category showed that there are altogether 19 different double-fault expressions, and that existing test case selection strategies are insufficient in detecting these faulty expressions. Hence, new test case selection strategies were developed [8]. In this report, we study the detection conditions of double faults in the third category, so as to find 1 See Section 3 for the definition of a double-fault expression. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 2 of 109

7 suitable test case selection strategies for their detection. The rest of the report is organized as follows. Section 2 introduces the notation and fault classes studied in this report. Section 3 presents double fault classes and their corresponding faulty implementations. Section 4 analyses fault detection conditions of studied double faults classes. Section 5 investigates the existing test case selection strategies in detecting double faults classes related to literals. Section 6 propose a family of test case selection strategies. Section 7 concludes the report. 2 Preliminary 2.1 Notation In this report, we use, + and to represent Boolean operators, AND, OR and NOT, respectively. Usually, is omitted whenever it is clear from the context. We use 1 and 0 to represent the truth values TRUE and FALSE, respectively. The set of all truth values, that is {0,1}, is denoted as B. Let S be a Boolean expression in disjunctive normal form S = p p m where m is the number of terms, p i = x i 1 xi k i is the i-th term of S, x i j is the j-th literal in p i, and k i is the number of literals in p i. A Boolean expression is in irredundant disjunctive normal form if (1 none of its terms can be omitted from the expression; and (2 none of its literals can be omitted from any term in the expression without affecting the function of the expression. Let S be a Boolean expression having n variables, the input domain is the n-dimensional Boolean space B n. True points of S are those points in B n that cause S evaluates to 1. The set of all true Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 3 of 109

8 points of S is denoted by TP(S. A true point of the term p i in S is a point that makes p i evaluates to 1. The set of all true points of p i in S is denoted by TP i (S. Hence, TP(S = S i TP i (S. A unique true point of p i in S is a true point of S that makes (1 p i evaluate to 1; and (2 all other terms evaluate to 0. The set of all unique true points of p i in S is denoted by UTP i (S. The set of all unique true points of S is denoted by UTP(S and UTP(S = S i UTP i (S. False points of S are those points in B n that make S evaluates to 0 and the set of all false points of S is denoted by FP(S. A near false point of the j-th literal x i j of the i-th term p i in S is a false point of S that makes (1 x i j evaluates to 0, and (2 all other literals in p i evaluate to 1. The set of all near false points for the j-th literal x i j of the i-th term p i in S is denoted by NFP i, j(s. The set of all near false points for the i-th term p i in S is denoted by NFP i (S. Therefore, NFP i (S= S j NFP i, j(s. The set of all near false points of S is denoted by NFP(S and NFP(S = S i NFP i (S. Chen and Lau [2] have proved the following lemma which will be used in Sections 5 and 6 to prove important properties related to the fault detecting capabilities of strategies analysed in this report. Lemma 2.1 ([2, Theorem 1] Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Then, 1. UTP i (S /0 for all i = 1,...,m 2. NFP i, j (S /0 for all i = 1,...,m and j = 1,...,k i, where k i is the number of literals in p i. 2.2 Fault Types Let S be a Boolean expression. Suppose that a single fault F changes a subexpression E in S into a subexpression E, the resulting faulty expression (or, implementation is denoted as I F(E E. A faulty implementation is referred to as single-fault expression if it differs from the original expression Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 4 of 109

9 by one syntactic change and is not equivalent to the original expression. Lau and Yu [9] clarified various types of single fault classes that may occur in Boolean expressions and proposed nine types of fault classes. Among these fault classes, five types of faults are related to terms within Boolean expressions while the remaining four types are related to literals. The followings are the nine types fault classes: 1. Expression Negation Fault (ENF: The entire Boolean expression or its sub-expression is implemented as its negation. The faulty implementation is I ENF(S S = S or I ENF(pi + +p h p i + +p h = p p i1 1 + p i + + p h + p h p m where 1 i < h m. For example, the Boolean expression ab + cd + e f may be implemented as ab + cd + e f or ab + cd + e f. 2. Term Negation Fault (TNF: A particular term in the Boolean expression is implemented as its negation. The faulty implementation is I T NF(pi p i = p p i + + p m, where 1 i m and m > 1. For example, the Boolean expression ab + cd + e f may be implemented as ab + cd + e f. As documented in [9], when m = 1, the negation fault is considered as an ENF rather than a TNF. 3. Term Omission Fault (TOF: A particular term in the Boolean expression is omitted in its implementation. The faulty implementation is I TOF(pi = p p i 1 + p i p m, where 1 i m and m > 1. For example, the Boolean expression ab + cd + e f may be implemented as ab + cd. 4. Disjunctive Operator Reference Fault (DORF: A Boolean operator + is implemented as. The faulty implementation is I DORF(pi +p i+1 p i p i+1 = p p i p i p m, where 1 i < m. For example, the Boolean expression ab + cd + e f may be implemented as ab + cde f. 5. Conjunctive Operator Reference Fault (CORF: A Boolean operator is implemented as +. The faulty implementation is I CORF(pi p i,1, j +p i, j+1,ki = p p i 1 + p i,1, j + p i, j+1,ki + Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 5 of 109

10 p i p m, where 1 i m, 1 j < k i, p i,1, j = x i 1 xi j, p i, j+1,k i = x i j+1 xi k i and p i = p i,1, j p i, j+1,ki. For example, the Boolean expression ab+cd +e f may be implemented as ab + c + d + e f. 6. Literal Negation Fault (LNF: A literal in a particular term in the Boolean expression is replaced by its negation. The faulty implementation is I LNF(pi p i, j = p p i 1 + p i, j + p i p m, where 1 i m, 1 j k i. For example, the Boolean expression ab + cd + e f may be implemented as āb + cd + e f. 7. Literal Omission Fault (LOF: A literal in a particular term in the Boolean expression is omitted. The faulty implementation is I LOF(pi p i, ĵ = p p i 1 + p + p i, ĵ i p m, where 1 i m, 1 j k i. For example, the Boolean expression ab+cd +e f may be implemented as ab + cd + e. 8. Literal Insertion Fault (LIF: A literal not appearing in a particular term of a Boolean expression is inserted into that term. The faulty implementation is I LIF(pi p i xl = p p i 1 + p i x l + p i p m. For example, the Boolean expression ab + cd + e f may be implemented as abc + cd + e f. 9. Literal Reference Fault (LRF: A literal in a particular term of a Boolean specification is replaced by another literal not appearing in the term. The faulty implementation is I LRF(pi p xl i, ĵ = p p i 1 + p x i, ĵ l + p i p m. Here, x i j and x l are called replaced literal and referred literal, respectively. For example, the Boolean expression ab + cd + e f may be implemented as ac + cd + e f. The literal b is called replaced literal whereas the literal c (in ac is called referred literal. 2.3 Existing Strategy for Single Fault Detection There are many test case selection strategies for detecting single faults in Boolean expressions including the BOR strategy [14, 12], the BASIC, MAX-A and MAX-B meaningful impact strategies Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 6 of 109

11 (or simply the BASIC, the MAX-A and the MAX-B strategies [16] and the MUMCUT strategy [17]. Since the BOR strategy requires every variable in the expression to occur only once, it is not widely applicable to all Boolean expressions in IDNF. In the following, we review the four strategies studied in this report, namely, the BASIC, MUMCUT, MAX-A and MAX-B strategies. Let S(= p p m be a Boolean expression in IDNF. 1. The BASIC strategy requires to select (1 one point from UTP i (S for every i; and (2 one point from NFP i, j(s for every possible i and j pair. 2. The MUMCUT strategy is a combination of three test case selection strategies which are MUTP, MNFP and CUTPNFP strategies. The three strategies are: (a MUTP strategy requires to select unique true points from UTP i (S such that all possible truth values (that is, 0 and 1 of every literal not occurring in p i are covered, for every i. (b MNFP strategy requires to select near false points from NFP i, j(s such that all possible truth values of every literal not occurring in p i are covered, for every possible i and j pair. (c CUTPNFP strategy requires to select one unique true point from UTP i (S and one near false point from NFP i, j(s such that they only differ at the truth value of j-th literal of p i, for every possible i and j pair. 3. The MAX-A strategy requires to select (1 all points from UTP i (S for every i; and (2 all points from NFP i, j(s for every possible i and j pair. 4. The MAX-B strategy requires to select (1 all points from UTP i (S for every i; (2 all points from NFP i, j(s for every possible i and j pair; (3 log 2 ( OTP(S points from OTP(S where OTP(S denotes the size of OTP(S (one point is selected if OTP(S is a singleton set; and (4 log 2 ( RFP(S points from RFP(S where RFP(S denotes the size of RFP(S (one point is selected if RFP(S is a singleton set. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 7 of 109

12 It should be noted that the MAX-B strategy subsumes the MAX-A strategy which in turn subsumes the MUMCUT strategy; which in turn subsumes the BASIC strategy. A test selection criterion A is said to subsume another test selection criterion B if a test set satisfying A always satisfies B. Although the BASIC strategy cannot guarantee to detect LIF and LRF as shown in [2], we are still interested in its fault detection capability on double faults related to term and literal because it can guarantee to detect all double faults related to terms [7]. As shown in [2, 9], the MUMCUT strategy can be used to detect all single fault classes mentioned previously. As a result, the MAX-A and MAX-B strategies can also detect these single fault classes because they subsume the MUMCUT strategy. Since all these three strategies subsume the BASIC strategy, they can detect all double faults related to terms in Boolean Expression [7]. 3 Double Fault Models Multiple occurrences of any fault class may result in a program which different from the original one by several syntactic changes. The program is believed to contain multiple faults. For example, abc + ade differs from abc + de by two syntactic changes. In this report, we study the detection condition of double fault that may occur a Boolean expression. A double fault is defined as two occurrences of single faults. As mentioned previously, Lau and Yu [9] proposed nine single fault classes that may occur in a Boolean expression. Among those fault classes, five of them are related to terms and the remaining four are related to literals. Double faults related to terms only and literals only have been studied in [7, 8]. In this report, we mainly focus on double fault classes related to term and literal in which one is term fault and the other is literal fault. When two single faults are committed in a program, there are two possible situations. First, the Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 8 of 109

13 order of occurrences of the two faults does not make any difference to the faulty expression. In other words, different ordering will still result in the same faulty expression. Such situation is referred to as double fault without ordering. Second, the ordering of these two faults may make a difference. In other words, different ordering may result in different faulty expressions. This situation is referred to as double fault with ordering. Lau and Liu [6] found that, for double faults related to term and literal, there are 20 types of fault classes of double faults without ordering resulting in 36 different double-fault expressions. On the other hand, there are 40 types of fault classes of double faults with ordering resulting in 78 doublefault expressions. It is found that 72 out of 78 faulty expressions due to double faults with ordering are equivalent to those 36 faulty expressions due to double faults without ordering. Only 6 doublefault expressions due to double fault with ordering do not have their corresponding counterpart in double faults without ordering. Hence, for double fault classes related to term and literal, there are total 42 different double-fault expressions [6]. For any two single fault classes A and B, we use the notation A B to denote the double fault class formed from A and B, that is, the class of faults due to the occurrences of two faults: one fault of class A and another fault of class B. Given a Boolean expression S, suppose two faults A and B are committed on the expression changing E 1 and E 2 in the expression to E 1 and E 2, respectively, the resulting faulty expression (or, implementation is denoted as I F1 (E 1 E 1 F 1(E 2 E 2. Table 1 shows the double fault classes and their corresponding faulty expressions. Consider the second row of Table 1, which is concerned with ENF LOF. Let S be a Boolean expression in IDNF, the subexpression p i1 + + p h1 of S is negated and the literal x i 2 j2 of the i 2 -th term p i2 in S is omitted. There are two subcases depending on whether p i2 is with the subexpression p i1 + + p h1. For the first case where i 1 < h 1 < i 2, the double-fault expression is equivalent to p p i1 + + p h1 + + p i2, ĵ p m. For the second case where i 1 i 2 h 1 and i 1 < h 1, the double-fault expression is equivalent to p p i1 + + p i2, ĵ p h1 + + p m. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 9 of 109

14 Fault Class Table 1: Double fault and double-fault expression (S = p p m (a Double-fault expressions a due to double fault without ordering Double-fault Expression ENF LNF Case 1 (i 1 < h 1 1: p p i1 + + p h1 + + p i2, j p m (1 Case 2 (k i1 > 1: p p i1, j p h1 + + p m (2 ENF LOF Case 1 (i 1 < h 1 1: p p i1 + + p h1 + + p i2, ĵ p m (3 Case 2 (k i1 > 1: p p i1, ĵ p h1 + + p m (4 ENF LIF Case 1 (i 1 < h 1 < i 2 : p p i1 + + p h1 + + p i2 x l2 + + p m (5 Case 2 (i 1 < h 1 : p p i1 x l2 + + p h1 + + p m (6 ENF LRF Case 1 (i 1 < h 1 1: p p i1 + + p i2, j p m (9 Case 2 (k i1 > 1: p p i1, j p m (10 TNF LOF Case 1 (i 1 1: p p i1 + + p i2, ĵ p m (11 Case 2 (k i1 > 1: p p i1, ĵ p m (12 TNF LIF Case 1 (i 1 1: p p i1 1 + p i p i2, j p m (17 TOF LOF (i 1 1: p p i1 1 + p i p i2, ĵ p m (18 TOF LIF (i 1 1: p p i1 p i p i2, j p m (21 Case 2 (i 1 < m, k i1 > 1: p p i1, j 2 p i p m (22 DORF LOF Case 1 (i 1: p p i1 p i p i2, ĵ p m (23 Case 2 (i 1 < m, k i1 > 1: p p i1, ĵ 2 p i p m (24 DORF LIF Case 1 (i < i 2 : p p i1 p i p i2 x l2 + + p m (25 Case 2 (i 1 < m: p p i1 x l2 p i p m (26 DORF LRF Case 1 (i 1: p p i1,1, j p i2, j p m (29 Case 2 (1 < j 1 < k i1 : p p i1,1, j p m (30 CORF LOF Case 1 (i 1 1: p p i1,1, j p i2, ĵ p m (31 Case 2 (1 < j 1 < k i1 : p p i1,1, j p m (32 CORF LIF Case 1 (i 1 < i 2, j 1 < k i1 : p p i1,1, j p i2 x l2 + + p m (33 Case 2 ( j 1 < k i1 : p p i1,1, j 1 x l2 + + p m (34 CORF LRF Case 1 (i 1 < i 2, j 1 < k i1 : p p i1,1, j p i2, ĵ 2 x l2 + + p m (35 Case 2 ( j 1 < k i1 : p p i1,1, j 1 1x l2 + + p m (36 a For ease of cross-reference, the numbering of the faulty expressions follows that of [6]. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 10 of 109

15 Table 1 (cont d: Double fault and double-fault expression (S = p p m (b Six double-fault expressions a (43, 52, 73, 74, 77 and 78 due to double fault with ordering Fault Class Double-fault Expression ENF LIF Case 3 (i 1 < h 1 : p p i1 + + p h1 x l2 + + p m (43 TNF LIF Case 3: p p i1 x l2 + + p m (52 CORF LIF Case 2(b ( j 1 < k i1 : p p i1,1, j p m (73 Case 2(c ( j 1 < k i1 : p p i1,1, j 1 x i 1 j p i 1, j 1 +1,k i1 + + p m (74 CORF LRF Case 2(b ( j 1 < k i1 : p p i1,1, j 1 1x i 1 j p i 1, j 1 +1,k i1 + + p m (77 Case 2(c ( j 1 < k i1 : p p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 + + p m (78 a For ease of cross-reference, the numbering of the faulty expressions follows that of [6]. 4 Detection Conditions of Various Double Fault Classes The detection conditions of hypothesized faults have been studied recently [2, 5, 9, 15]. Let S be a specification and I be the expression which differs from S by several syntactic changes. Whenever S and I evaluate to different values, they can be distinguished from each other. The detection condition of I with respect to S is a condition that makes S and I evaluate to different values. As a result, the Boolean exclusive-or operator XOR, denoted as, can be used to find the detection conditions. In short, the detection condition can be derived from S I. In this section, we prove the detection conditions of all 42 double-fault expressions listed in Table 1. The detection conditions of the 36 faulty expresssions of double fault without ordering are proved in Section 4.1 whereas the detection conditions of the remaining 6 faulty expressions are proved in Section 4.2. Instead of simply presenting the Boolean expression S I as detection conditions, we present them as conditions satisfied by test cases in B n. Since such categorization is based on certain properties of test sets, it helps in developing test case selection strategy to detect the double faults in Table 1. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 11 of 109

16 4.1 Detection Conditions of 36 Double-Fault Expressions ENF with other faults In this section, we study the detection conditions of double faults in which one of the single fault is an ENF. Theorem 4.1 (ENF LNF - Case 1 Let S=p p m be a Boolean specification in irredundant disjunctive normal form (IDNF. Suppose that the subexpression p i1 + + p h1 in S and the j 2 -th literal x i 2 j2 in the i 2 -th term, p i2, in S are negated where 1 i 1 < h 1 1 and k i2 is the number of literals in p i2, the resulting implementation denoted as I ENF(pi1 + +p h1 p i1 + +p h1 LNF(p i2 p i2, j 2 is equivalent to that given by Expression (1 in Table 1. Then, S I ENF(pi1 + +p h1 p i1 + +p h1 LNF(p i2 p i2, j 2 if and only if there is a test case t that satisfies any of the following conditions: 1. t ( [ h 1 2. t FP(S. i=i 1 TP i (S \ ( m[ TP i (S such that pi2, j 2 = 0 on t, or i i 1,...,h 1,i 2 Proof : First, we observe that S I ENF(pi1 + +p h1 p i1 + +p h1 LNF(p i2 p i2, j 2 ( (p i1 + + p h1 + p i2 (p i1 + + p h1 + p i2, j 2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m ( (p i1 + + p h1 + p i2 (p i1 + + p h1 + p i2, j 2 + (p i1 + + p h1 + p i2 (p i1 + + p h1 + p i2, j 2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m ( (p i1 + + p h1 + p i2 (p i1 + + p h1 p i2, j 2 + (p i1 + + p h1 p i2 (p i1 + + p h1 + p i2, j 2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m ( (p i1 + + p h1 p i2, j 2 + (p i1 + + p h1 p i2 p1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m (By making use of (A + BA A and ABC(A + BC ABC Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 12 of 109

17 (p i1 + + p h1 p i2, j 2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m +(p i1 + + p h1 p i2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m (p i1 + + p h1 p i2, j 2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m + S Now, S( t I ENF(pi1 + +p h1 p i1 + +p h1 LNF(p i2 p i2, j 2 ( t S( t I ENF(pi1 + +p h1 p i1 + +p h1 LNF(p i2 p i2, j 2 ( t = 1 (p i1 + + p h1 p i2, j 2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m + S evaluates to 1 on t t satisfies any of the following conditions: 1. t ( [ h 1 2. t FP(S. i=i 1 TP i (S \ ( m[ TP i (S such that pi2, j 2 = 0 on t, or i i 1,...,h 1,i 2 Hence, the result follows. In Theorem 4.1, ENF occurs at the subexpression p i p h1 and LNF occurs at a term outside the subexpression, we can assume without loss of generality that i 1 < h 1. However, in the next theorem, when LNF occurs at a term within the subexpression p i p h1, it is possible that i 1 h 1. In fact, when i 1 = h 1, the expression S contains one and only one term. Otherwise, the negation of p i1 is considered as a TNF in S rather than a ENF. In the rest of this report, we will make similar observations related to a literal fault occurring within a subexpression. Theorem 4.2 (ENF LNF - Case 2 (a Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the subexpression p i1 + + p h1 in S and the j 2 -th literal x i 1 j2 in the i 1 -th term, p i1, in S are negated where 1 i 1 < h 1 m, 1 j 2 k i1 and k i1 (> 1 is the number of literals in p i1, the resulting implementation denoted as I ENF(pi1 + +p h1 p i1 + +p h1 LNF(p i1 p i1, j is equivalent to 2 that given by Expression (2 in Table 1. Then, S I ENF(pi1 + +p h1 p i1 + +p h1 LNF(p i1 p i1, j if 2 and only if there is a test case t that satisfies any of the following conditions: Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 13 of 109

18 1. t ( [ h 1 i=i 1 +1 TP i (S \ ( [ m TP i (S, or i i 1,...,h 1 2. t FP(S such that p i1, ĵ 2 =0 on t. (b Let S = p i1. 2 Suppose that S and its j 2 -th literal are negated where 1 j 2 k i1, k i1 > 1 and k i1 is the number of literals in p i1, the resulting implementation, denoted as I ENF(S S LNF(pi1 p i1, j, 2 is equivalent to Expression (2 in Table 1 when m = 1. Then, S I ENF(S S LNF(pi1 p i1, j if 2 and only if there is a t FP(S and p i1, ĵ 2 = 0 on t. Proof : (a First, we observe that S I ENF(pi1 + +p h1 p i1 + +p h1 LNF(p i1 p i1, j 2 ( (p i1 + + p h1 (p i1, j p h1 p 1 p i1 1 p h1 +1 p m ( (p i1 + + p h1 (p i1, j p h1 + (p i1 + + p h1 (p i1, j p h1 p 1 p i1 1 p h1 +1 p m ( (p i1 + + p h1 (p i1, j p h1 + (p i1 + + p h1 (p i1, j p h1 p 1 p i1 1 p h1 +1 p m ( (p i p h1 + (p i1 + + p h1 p i1, ĵ 2 p1 p i1 1 p h1 +1 p m (By making use of (AB +C(AB +C C; and rewriting (AB +C(AB +C as (AB +CA because they are equivalent to A C (p i p h1 p 1 p i1 1 p h1 +1 p m + p i1, ĵ 2 p 1 p i1 p h1 p m (p i p h1 p 1 p i1 1 p h1 +1 p m + p i1, ĵ 2 S 2 In this part of the theorem, we keep using notations like p i1 instead of p 1 for consistency with part (a above and ease of comparison between the detection conditions of both parts. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 14 of 109

19 Now, S( t I ENF(pi1 + +p h1 p i1 + +p h1 LNF(p i1 p i1, j 2 ( t S( t I ENF(pi1 + +p h1 p i1 + +p h1 LNF(p i1 p i1, j 2 ( t = 1 (p i p h1 p 1 p i1 1 p h1 +1 p m + p i1, ĵ 2 S evaluates to 1 on t t satisfies any of the following conditions: 1. t ( [ h 1 i=i 1 +1 TP i (S \ ( [ m TP i (S, or i i 1,...,h 1 2. t FP(S such that p i1, ĵ 2 =0 on t. Hence, the result follows. (b First, we observe that S I ENF(S S LNF(pi1 p i1, j 2 p i1 p i1, j 2 p i1 p i1, j 2 + p i1 p i1, j 2 p i1 p i1, j 2 + p i1 p i1, j 2 p i1 p i1, ĵ 2 (By making use of (AB(AB 0; and rewriting (AB(AB as (ABA because they are equivalent to A p i1, ĵ 2 S Now, S( t I ENF(S S LNF(pi1 p i1, j ( t 2 S( t I ENF(S S LNF(pi1 p i1, j 2 ( t = 1 p i1, ĵ 2 S evaluates to 1 on t t satisfies t FP(S and p i1, ĵ 2 = 0 on t. Hence, the result follows. We now compare the detection conditions between Theorem 4.2(a and (b. First, we observe that the detection condition 2 in Theorem 4.2(a and the detection condition in Theorem 4.2(b are the same. Second, if we just look at the syntax of detection condition 1 in Theorem 4.2(a when m = 1, the condition degenerates to t /0 which can never be satisfied. Hence, without loss of generality, we can still use detection conditions 1 and 2 in Theorem 4.2(a to represent the detection conditions Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 15 of 109

20 of Expression (2 in Table 1 for m 1. In the rest of this report, we will make similar observations. Theorem 4.3 (ENF LOF - Case 1 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the subexpression p i1 + + p h1 in S is negated and the j 2 -th literal x i 2 j2 in the i 2 -th term, p i2, in S is omitted where 1 i 1 < h 1 1 and k i2 is the number of literals in p i2, the resulting implementation denoted as I ENF(pi1 + +p h1 p i1 + +p h1 LOF(p i2 p i2, ĵ is equivalent to 2 that given by Expression (3 in Table 1. Then, S I ENF(pi1 + +p h1 p i1 + +p h1 LOF(p i2 p i2, ĵ if and 2 only if there is a test case t that satisfies any of the following conditions: 1. t ( [ h 1 2. t FP(S. i=i 1 TP i (S \ ( m[ TP i (S such that pi2, ĵ 2 = 0 on t, or i i 1,...,h 1 Proof : First, we observe that S I ENF(pi1 + +p h1 p i1 + +p h1 LOF(p i2 p i2, ĵ 2 ( (p i1 + + p h1 + p i2 (p i1 + + p h1 + p i2, ĵ 2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m ( (p i1 + + p h1 + p i2 (p i1 + + p h1 + p i2, ĵ 2 + (p i1 + + p h1 + p i2 (p i1 + + p h1 + p i2, ĵ 2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m ( (p i1 + + p h1 + p i2 (p i1 + + p h1 p i2, ĵ 2 + (p i1 + + p h1 + p i2 (p i1 + + p h1 + p i2, ĵ 2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m ( (p i1 + + p h1 p i2, ĵ 2 + (p i1 + + p h1 + p i2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m (By making use of (A + BA A and (A + BC(A + B A + BC (p i1 + + p h1 p i2, ĵ 2 p i2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m +(p i1 + + p h1 + p i2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m (By rewriting A as (A(AB because they are equivalent (p i1 + + p h1 p i2, ĵ 2 p 1 p i1 1 p h1 +1 p m + S Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 16 of 109

21 Now, S( t I ENF(pi1 + +p h1 p i1 + +p h1 LOF(p i2 p i2, ĵ 2 ( t S( t I ENF(pi1 + +p h1 p i1 + +p h1 LOF(p i2 p i2, ĵ 2 ( t = 1 (p i1 + + p h1 p i2, ĵ 2 p 1 p i1 1 p h1 +1 p m + S evaluates to 1 on t t satisfies any of the following conditions: 1. t ( [ h 1 2. t FP(S. i=i 1 TP i (S \ ( m[ TP i (S such that pi2, ĵ 2 = 0 on t, or i i 1,...,h 1 Hence, the result follows. Similar to the situation of Theorem 4.2, we need to split the discussion of Theorem 4.4 in two cases depending on m > 1 or m = 1. Afterwards, the detection condition of Expression (4 in Table 1 can be summarized as one set of detection conditions. Theorem 4.4 (ENF LOF - Case 2 (a Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the subexpression p i1 + + p h1 is negated and the j 2 -th literal x i 1 j2 in the i 1 -th term, p i1, in S is omitted where 1 i 1 < h 1 m, 1 j 2 k i1 and k i1 (> 1 is the number of literals in p i1, the resulting implementation denoted as I ENF(pi1 + +p h1 p i1 + +p h1 LOF(p i1 p i1, jˆ is equivalent to 2 that given by Expression (4 in Table 1. Then, S I ENF(pi1 + +p h1 p i1 + +p h1 LOF(p i1 p i1, jˆ if 2 and only if there is a test case t that satisfies any of the following conditions: 1. t ( [ h 1 i=i 1 TP i (S \ ( m[ TP i (S, or i i 1,...,h 1 2. t FP(S such that p i1, ĵ 2 = 0 on t. (b Let S = p i1. 3 Suppose that S is negated and its j 2 -th literal is omitted where 1 j 2 k i1, k i1 > 1 3 Similar to Theorem 4.2, we use notations like p i1 instead of p 1 for consistency and ease of comparison. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 17 of 109

22 and k i1 is the number of literals in p i1, the resulting implementation, denoted as I ENF(S S LOF(pi1 p i1, ĵ, is equivalent to that given by Expression (4 in Table 1 when m = 1. 2 Then, S I ENF(S S LOF(pi1 p i1, ĵ 2 there is a test case t that satisfies any of the following conditions: 1. t TP(S, or 2. t FP(S such that p i1, ĵ 2 = 0 on t. Proof : (a First, we observe that S I ENF(pi1 + +p h1 p i1 + +p h1 LOF(p i1 p i1, jˆ 2 ( (p i1 + + p h1 (p i1, ĵ p h1 p 1 p i1 1 p h1 +1 p m ( (p i1 + + p h1 (p i1, ĵ p h1 + (p i1 + + p h1 (p i1, ĵ p h1 p 1 p i1 1 p h1 +1 p m ( (p i1 + + p h1 (p i1, ĵ p h1 + (p i1 + + p h1 (p i1, ĵ p h1 p 1 p i1 1 p h1 +1 p m ( (p i1 + + p h1 + (p i1 + + p h1 p i1, ĵ 2 p1 p i1 1 p h1 +1 p m (By making use of (AB +C(A +C AB +C; and rewriting (AB +C(A +C as (AB +C(A because they are equivalent to A +C (p i1 + + p h1 p 1 p i1 1 p h1 +1 p m + (p i1 + + p h1 p i1, ĵ 2 p 1 p i1 1 p h1 +1 p m (p i1 + + p h1 p 1 p i1 1 p h1 +1 p m + p i1, ĵ 2 S Now, S( t I ENF(pi1 + +p h1 p i1 + +p h1 LOF(p i1 p i1, jˆ 2 ( t S( t I ENF(pi1 + +p h1 p i1 + +p h1 LOF(p i1 p i1, ˆ j 2 ( t = 1 (p i1 + + p h1 p 1 p i1 1 p h1 +1 p m + p i1, ĵ 2 S evaluates to 1 on t t satisfies any of the following conditions: 1. t ( [ h 1 i=i 1 TP i (S \ ( m[ TP i (S, or i i 1,...,h 1 2. t FP(S such that p i1, ĵ 2 = 0 on t. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 18 of 109

23 Hence, the result follows. (b First, we observe that S I ENF(S S LOF(pi1 p i1, ĵ 2 p i1 p i1, ĵ 2 p i1 p i1, ĵ 2 + p i1 p i1, ĵ 2 p i1 p i1, ĵ 2 + p i1 p i1, ĵ 2 p i1 + p i1 p i1, ĵ 2 (By making use of (AB(A A S + p i1, ĵ 2 S Now, S( t I ENF(S S LOF(pi1 p i1, jˆ ( t 2 S( t I ENF(S S LOF(pi1 p i1, ˆ j 2 ( t = 1 S + p i1, ĵ 2 S evaluates to 1 on t t satisfies any of the following conditions: 1. t TP(S, or 2. t FP(S and p i1, ĵ 2 = 0 on t. Hence, the result follows. Similar to Case 2 of ENF LNF, when m = 1, the detection condition 1 of Theorem 4.4(a degenerates to t TP(S which is the detection condition 1 of Theorem 4.4(b. Moreover, the detection condition 2 of both parts in Theorem 4.4 are the same. Hence, without loss of generality, we can still use detection conditions 1 and 2 in Theorem 4.4(a to represent the detection conditions of Expression (4 in Table 1 for m 1. Theorem 4.5 (ENF LIF - Case 1 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the subexpression p i1 + + p h1 in S is negated and the literal x l2 is inserted in i 2 -th term, p i2, in S where 1 i 1 < h 1 < i 2 m and x l2 is a missing literal of p i2, the resulting implementation denoted as I ENF(pi1 + +p h1 p i1 + +p h1 LIF(p i2 p i2 x l2 is equivalent to that given by Expression (5 Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 19 of 109

24 in Table 1. Then, S I ENF(pi1 + +p h1 p i1 + +p h1 LIF(p i2 p i2 x l2 there is a test case t that satisfies any of the following conditions: 1. t ( [ h 1 i=i 1 TP i (S \ ( m[ TP i (S, i i 1,...,h 1 2. t (TP i2 (S ( [ h 1 TP i (S \ ( [ m TP i (S such that xl2 = 0 on t, or i=i 1 i i 1,...,h 1,i 2 3. t FP(S. Proof : First, we observe that S I ENF(pi1 + +p h1 p i1 + +p h1 LIF(p i2 p i2 x l2 ( (p i1 + + p h1 + p i2 (p i1 + + p h1 + p i2 x l2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m ( (p i1 + + p h1 + p i2 (p i1 + + p h1 + p i2 x l2 + (p i1 + + p h1 + p i2 (p i1 + + p h1 + p i2 x l2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m ( (p i1 + + p h1 + p i2 (p i1 + + p h1 p i2 x l2 + (p i1 + + p h1 + p i2 (p i1 + + p h1 + p i2 x l2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m ( (p i1 + + p h1 p i2 x l2 + (p i1 + + p h1 + p i2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m (By making use of (A + BA A and (A + B(A + BC A + B (p i1 + + p h1 p i2 x l2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m +(p i1 + + p h1 + p i2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m (p i1 + + p h1 p i2 x l2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m + S (p i1 + + p h1 ( p i2 + p i2 x l2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m + S (By making use of AB Ā + B Ā + A B (p i1 + + p h1 p i2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m +(p i1 + + p h1 p i2 x l2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m + S (p i1 + + p h1 p 1 p i1 1 p h1 +1 p m +(p i1 + + p h1 p i2 x l2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m + S Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 20 of 109

25 Now, S( t I ENF(pi1 + +p h1 p i1 + +p h1 LIF(p i2 p i2 x l2 ( t S( t I ENF(pi1 + +p h1 p i1 + +p h1 LIF(p i2 p i2 x l2 ( t = 1 (p i1 + + p h1 p 1 p i1 1 p h1 +1 p m +(p i1 + + p h1 p i2 x l2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m + S evaluates to 1 on t t satisfies any of the following conditions: 1. t ( [ h 1 i=i 1 TP i (S \ ( m[ TP i (S, i i 1,...,h 1 2. t (TP i2 (S ( [ h 1 TP i (S \ ( [ m TP i (S such that xl2 = 0 on t, i=i 1 i i 1,...,h 1,i 2 or 3. t FP(S. Hence, the result follows. Theorem 4.6 (ENF LIF - Case 2 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the subexpression p i1 + + p h1 in S is negated and the literal x l2 is inserted in the i 1 -th term, p i1, in S where 1 i 1 < h 1 m and x l2 is a missing literal of p i1, the resulting implementation denoted as I ENF(pi1 + +p h1 p i1 + +p h1 LIF(p i1 p i1 x l2 is equivalent to that given by Expression (4 in Table 1. Then, we have S I ENF(pi1 + +p h1 p i1 + +p h1 LIF(p i1 p i1 x l2 there is a test case t that satisfies any of the following conditions: 1. t UTP i1 (S such that x l2 = 1 on t, 2. t ( [ h 1 i=i 1 +1 TP i (S \ ( [ m TP i (S, or i i 1,...,h 1 Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 21 of 109

26 3. t FP(S. Proof : First, we observe that S I ENF(pi1 + +p h1 p i1 + +p h1 LIF(p i1 p i1 x l2 ( (p i1 + + p h1 (p i1 x l2 + + p h1 p 1 p i1 1 p h1 +1 p m ( (p i1 + + p h1 (p i1 x l2 + + p h1 + (p i1 + + p h1 (p i1 x l2 + + p h1 p 1 p i1 1 p h1 +1 p m ( (p i1 + + p h1 (p i1 x l2 + + p h1 + (p i1 + + p h1 (p i1 x l2 + + p h1 p 1 p i1 1 p h1 +1 p m ( p i1 x l2 (p i p h1 + (p i p h1 + (p i1 + + p h1 p 1 p i1 1 p h1 +1 p m (By rewriting (A + B(AC + B as ACB + B because they are equivalent to AC + B; and making use of (A + B(AC + B (A + B p i1 x l2 (p i p h1 p 1 p i1 1 p h1 +1 p m + (p i p h1 p 1 p i1 1 p h1 +1 p m +(p i1 + + p h1 p 1 p i1 1 p h1 +1 p m p i1 x l2 p 1 p i1 1 p i1 +1 p m + (p i p h1 p 1 p i1 1 p h1 +1 p m + S Now, S( t I ENF(pi1 + +p h1 p i1 + +p h1 LIF(p i1 p i1 x l2 ( t S( t I ENF(pi1 + +p h1 p i1 + +p h1 LIF(p i1 p i1 x l2 ( t = 1 p i1 x l2 p 1 p i1 1 p i1 +1 p m +(p i p h1 p 1 p i1 1 p h1 +1 p m +S evaluates to 1 on t t satisfies any of the following conditions: 1. t (TP i1 (S \ ( [ m TP i (S = UTP i1 (S such that x l2 = 1 on t, i i 1 2. t ( [ h 1 i=i t FP(S. TP i (S \ ( [ m TP i (S, or i i 1,...,h 1 Hence, the result follows. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 22 of 109

27 Unlike Case 2 of ENF LOF, we do not need to consider the situation of m = 1 in Case 2 of ENF LIF. It is because when m = 1, S = p 1 and hence there is no missing literal to be inserted into p 1. Theorem 4.7 (ENF LRF - Case 1 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the subexpression p i1 + + p h1 in S is negated and the j 2 -th literal x i 2 j2 in the i 2 -th term, p i2, in S is replaced by the literal x l2 where 1 i 1 < h 1 < i 2 m, 1 j 2 k i2, k i2 is the number of literals in p i2 and x l2 is a missing literal of p i2, the resulting implementation denoted as I ENF(pi1 + +p h1 p i1 + +p h1 LRF(p i2 p i2, ĵ 2 x l2 is equivalent to that given by Expression (7 in Table 1. Then, we have S I ENF(pi1 + +p h1 p i1 + +p h1 LRF(p i2 p i2, ĵ x 2 l2 there is a test case t that satisfies any of the following conditions: 1. t ( [ h 1 2. t FP(S. i=i 1 TP i (S \ ( m[ TP i (S such that pi2, ĵ 2 x l2 = 0 on t, or i i 1,...,h 1,i 2 Proof : First, we observe that S I ENF(pi1 + +p h1 p i1 + +p h1 LRF(p i2 p i2, ĵ x 2 l2 ( (p i1 + + p h1 + p i2 (p i1 + + p h1 + p i2, ĵ 2 x l2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m ( (p i1 + + p h1 + p i2 (p i1 + + p h1 + p i2, ĵ 2 x l2 + (p i1 + + p h1 + p i2 (p i1 + + p h1 + p i2, ĵ 2 x l2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m ( (p i1 + + p h1 + p i2 (p i1 + + p h1 p i2, ĵ 2 x l2 + (p i1 + + p h1 + p i2 (p i1 + + p h1 + p i2, ĵ 2 x l2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m ( (p i1 + + p h1 p i2, ĵ 2 x l2 + (p i1 + + p h1 + p i2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m (By making use of (A + BA A and (A + BC(A + BD A + BC (p i1 + + p h1 p i2, ĵ 2 x l2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m +(p i1 + + p h1 + p i2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 23 of 109

28 (p i1 + + p h1 p i2, ĵ 2 x l2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m + S Now, S( t I ENF(pi1 + +p h1 p i1 + +p h1 LRF(p i2 p i2, ĵ 2 x l2 ( t S( t I ENF(pi1 + +p h1 p i1 + +p h1 LRF(p i2 p i2, ĵ 2 x l2 ( t = 1 (p i1 + + p h1 p i2, ĵ 2 x l2 p 1 p i1 1 p h1 +1 p i2 1 p i2 +1 p m + S evaluates to 1 on t t satisfies any of the following conditions: 1. t ( [ h 1 2. t FP(S. i=i 1 TP i (S \ ( m[ TP i (S such that pi2, ĵ 2 x l2 = 0 on t, or i i 1,...,h 1,i 2 Hence, the result follows. Similar to Case 2 of ENF LIF, we do not need to consider the situation of m = 1 in Case 2 of ENF LRF because when m = 1, S = p 1 and there is no missing literal to replace any literal in p 1. Theorem 4.8 (ENF LRF - Case 2 Let S = p p m be a Boolean specification in IDNF. Suppose that the subexpression p i1 + + p h1 in S is negated and the literal x i 1 j2 in p i1 of S is replaced by the literal x l2 where 1 i 1 < h 1 m, 1 j 2 k i1, k i1 is the number of literals in p i1 and x l2 is a missing literal of p i1, the resulting implementation denoted as I ENF(pi1 + +p h1 p i1 + +p h1 LRF(p i1 p i1, jˆ x 2 l2 is equivalent to that given by Expression (8 in Table 1. Then, S I ENF(pi1 + +p h1 p i1 + +p h1 LRF(p i1 p i1, jˆ x 2 l2 there is a test case t that satisfies any of the following conditions: 1. t UTP i1 (S such that x l2 = 1 on t, 2. t ( [ h 1 i=i 1 +1 TP i (S \ ( [ m TP i (S, or i i 1,...,h 1 3. t FP(S such that p i1, ĵ 2 x l2 = 0 on t. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 24 of 109

29 Proof : First, we observe that S I ENF(pi1 + +p h1 p i1 + +p h1 LRF(p i1 p i1, ˆ j 2 x l2 ( (p i1 + + p h1 (p i1, ĵ 2 x l2 + + p h1 p 1 p i1 1 p h1 +1 p m ( (p i1 + + p h1 (p i1, ĵ 2 x l2 + + p h1 + (p i1 + + p h1 (p i1, ĵ 2 x l2 + + p h1 p 1 p i1 1 p h1 +1 p m ( (p i1 + + p h1 (p i1, ĵ 2 x l2 + + p h1 + (p i1 + + p h1 (p i1, ĵ 2 x l2 + + p h1 p 1 p i1 1 p h1 +1 p m ( p i1 x l2 (p i p h1 +(p i p h1 +(p i1 + + p h1 p i1, ĵ 2 x l2 p1 p i1 1 p h1 +1 p m (By rewriting (AB +C(AD +C as ABDC +C because they are equivalent to ABD +C; and making use of (AB +C(AD +C (AB +CAD p i1 x l2 (p i p h1 p 1 p i1 1 p h1 +1 p m + (p i p h1 p 1 p i1 1 p h1 +1 p m +(p i1 + + p h1 p i1, ĵ 2 x l2 p 1 p i1 1 p h1 +1 p m p i1 x l2 p 1 p i1 1 p i1 +1 p m + (p i p h1 p 1 p i1 1 p h1 +1 p m + p i1, ĵ 2 x l2 S Now, S( t I ENF(pi1 + +p h1 p i1 + +p h1 LRF(p i1 p i1, ˆ j 2 x l2 ( t S( t I ENF(pi1 + +p h1 p i1 + +p h1 LRF(p i1 p i1, ˆ j 2 x l2 ( t = 1 p i1 x l2 p 1 p i1 1 p i1 +1 p m + (p i p h1 p 1 p i1 1 p h1 +1 p m + p i1, ĵ 2 x l2 S evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S such that x l2 = 1 on t, 2. t ( [ h 1 i=i 1 +1 TP i (S \ ( [ m TP i (S, or i i 1,...,h 1 3. t FP(S such that p i1, ĵ 2 x l2 = 0 on t. Hence, the result follows. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 25 of 109

30 4.1.2 TNF with other faults In this section, we study the detection conditions of double faults in which one of the single fault is a TNF. As a reminder, when a term is negated in a Boolean expression S = p p m in IDNF, we can assume that m > 1. Otherwise, the fault is considered as an ENF. Theorem 4.9 (TNF with LNF - Case 1 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term, p i1, in S and the j 2 -th literal x i 2 j2 in the i 2 -th term, p i2, in S are negated where 1 i 1 1 and k i2 is the number of literals in p i2, the resulting implementation denoted as I TNF(pi1 p i1 LNF(p i2 p i2, j is equivalent to that given by Expression (9 in Table 1. 2 Then, we have S I TNF(pi1 p i1 LNF(p i2 p i2, j there is a test case t that satisfies any 2 of the following conditions: 1. t TP i1 (S \ ( [ m TP i (S such that pi2, j 2 = 0, or i i 1,i 2 2. t FP(S. Proof : First, we observe that S I TNF(pi1 p i1 LNF(p i2 p i2, j 2 ( (p i1 + p i2 ( p i1 + p i2, j 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( (p i1 + p i2 ( p i1 + p i2, j 2 + (p i1 + p i2 ( p i1 + p i2, j 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( (p i1 + p i2 p i1 p i2, j 2 + p i1 p i2 ( p i1 + p i2, j 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( p i1 p i2, j 2 + p i1 p i2 p1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By making use of (A + BA A and A(A + B A p i1 p i2, j 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m + p 1 p i1 1 p i1 p i1 +1 p i2 1 p i2 p i2 +1 p m p i1 p i2, j 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m + S Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 26 of 109

31 Now, S( t I TNF(pi1 p i1 LNF(p i2 p i2, j 2 ( t S( t I TNF(pi1 p i1 LNF(p i2 p i2, j 2 ( t = 1 p i1 p i2, j 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m + S evaluates to 1 on t t satisfies any of the following conditions: 1. t TP i1 (S \ ( [ m TP i (S such that pi2, j 2 = 0, or i i 1,i 2 2. t FP(S. Hence, the result follows. Theorem 4.10 (TNF LNF - Case 2 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term, p i1, in S and the j 2 -th literal x i 1 j2 in the i 1 -th term, p i1, in S are negated where 1 i 1 m, 1 j 2 k i1, k i1 > 1 and k i1 is the number of literals in p i1, the resulting implementation denoted as I TNF(pi1 p i1 LNF(p i1 p i1, j 2 is equivalent to that given by Expression (10 in Table 1. Then, S I TNF(pi1 p i1 LNF(p i1 p i1, j 2 there is a test case t FP(S such that p i1, ĵ 2 =0 on t. Proof : First, we observe that S I TNF(pi1 p i1 LNF(p i1 p i1, j 2 (p i1 p i1, j 2 p 1 p i1 1 p i1 +1 p m (p i1 p i1, j 2 + p i1 p i1, j 2 p 1 p i1 1 p i1 +1 p m (0 + p i1 p i1, ĵ 2 p 1 p i1 1 p i1 +1 p m p i1, ĵ 2 p 1 p i1 1 p i1 p i1 +1 p m p i1, ĵ 2 S (By making use of AB(AB 0 and (AB(AB (ABA Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 27 of 109

32 Now, S( t I TNF(pi1 p i1 LNF(p i1 p i1, j 2 ( t S( t I TNF(pi1 p i1 LNF(p i1 p i1, j 2 ( t = 1 p i1, ĵ 2 S evaluates to 1 on t t FP(S such that p i1, ĵ 2 =0 on t. Hence, the result follows. Theorem 4.11 (TNF with LOF - Case 1 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term, p i1 is negated and the j 2 -th literal x i 2 j2 in the i 2 -th term, p i2, in S is omitted where 1 i 1 1 and k i2 is the number of literals in p i2, the resulting implementation denoted as I TNF(pi1 p i1 LOF(p i2 p i2, ĵ is equivalent to that given by Expression (11 in Table 1. 2 Then, we have S I TNF(pi1 p i1 LOF(p i2 p i2, ĵ there is a test case t that satisfies any 2 of the following conditions: 1. t UTP i1 (S such that p i2, ĵ 2 =0 on t, or 2. t FP(S. Proof : First, we observe that S I TNF(pi1 p i1 LOF(p i2 p i2, ĵ 2 ( (p i1 + p i2 ( p i1 + p i2, ĵ 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( (p i1 + p i2 ( p i1 + p i2, ĵ 2 + (p i1 + p i2 ( p i1 + p i2, ĵ 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( (p i1 + p i2 p i1 p i2, ĵ 2 + p i1 p i2 ( p i1 + p i2, ĵ 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (p i1 p i2, ĵ 2 + p i1 p i2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By making use of (A + BA A and A(A + B A (p i1 p i2, ĵ 2 p i2 + p i1 p i2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By rewriting A as A(AB because they are equivalent p i1 p i2, ĵ 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 p i2 +1 p m + p 1 p i1 1 p i1 p i1 +1 p i2 1 p i2 p i2 +1 p m Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 28 of 109

33 p i1 p i2, ĵ 2 p 1 p i1 1 p i1 +1 p m + S Now, S( t I TNF(pi1 p i1 LOF(p i2 p i2, ĵ 2 ( t S( t I TNF(pi1 p i1 LOF(p i2 p i2, ĵ 2 ( t = 1 p i1 p i2, ĵ 2 p 1 p i1 1 p i1 +1 p m + S evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S such that p i2, ĵ 2 =0 on t, or 2. t FP(S. Hence, the result follows. Theorem 4.12 (TNF LOF - Case 2 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term, p i1, in S is negated and the j 2 -th literal x i 1 j2 in the i 1 -th term, p i1, in S is omitted where 1 i 1 m, 1 j 2 k i1, k i1 > 1 and k i1 is the number of literals in p i1, the resulting implementation denoted as I TNF(pi1 p i1 LOF(p i1 p i1, ˆ j 2 is equivalent to that given by Expression (12 in Table 1. Then, S I TNF(pi1 p i1 LOF(p i1 p i1, ˆ j 2 there is a test case t that satisfies any of the following conditions: 1. t UTP i1 (S, or 2. t FP(S such that p i1, ĵ 2 = 0 on t. Proof : First, we observe that S I TNF(pi1 p i1 LOF(p i1 p i1, jˆ 2 (p i1 p i1, ĵ 2 p 1 p i1 1 p i1 +1 p m (p i1 p i1, ĵ 2 + p i1 p i1, ĵ 2 p 1 p i1 1 p i1 +1 p m (p i1 + p i1 p i1, ĵ 2 p 1 p i1 1 p i1 +1 p m p i1 p 1 p i1 1 p i1 +1 p m + p i1, ĵ 2 p 1 p i1 p m Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 29 of 109

34 p i1 p 1 p i1 1 p i1 +1 p m + p i1, ĵ 2 S Now, S( t I TNF(pi1 p i1 LOF(p i1 p i1, jˆ 2 ( t S( t I TNF(pi1 p i1 LOF(p i1 p i1, j 2 ( t = 1 p i1 p 1 p i1 1 p i1 +1 p m + p i1, ĵ 2 S evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S, or 2. t FP(S such that p i1, ĵ 2 = 0 on t. Hence, the result follows. Theorem 4.13 (TNF with LIF - Case 1 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term, p i1, in S is negated and the literal x l2 is inserted into the i 2 -th term, p i2, in S where 1 i 1 < i 2 m and x l2 is a missing literal of p i2, the resulting implementation denoted as I TNF(pi1 p i1 LIF(p i2 p i2 x l2 is equivalent to that given by Expression (13 in Table 1. Then, we have S I TNF(pi1 p i1 LIF(p i2 p i2 x l2 there is a test case t that satisfies any of the following conditions: 1. t UTP i1 (S, 2. t (TP i1 (S TP i2 (S \ ( [ m TP i (S such that xl2 = 0 on t, or i i 1,i 2 3. t FP(S. Proof : First, we observe that S I TNF(pi1 p i1 LIF(p i2 p i2 x l2 ( (p i1 + p i2 ( p i1 + p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 30 of 109

35 ( (p i1 + p i2 ( p i1 + p i2 x l2 + (p i1 + p i2 ( p i1 + p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( (p i1 + p i2 p i1 p i2 x l2 + p i1 p i2 ( p i1 + p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (p i1 (p i2 x l2 + p i1 p i2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By making use of (A + BA A and A(A + B A p i1 ( p i2 + p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m + p i1 p i2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By making use of AB Ā + B Ā + A B p i1 p i2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m + p i1 p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m + S p i1 p 1 p i1 1 p i1 +1 p m + p i1 p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m + S Now, S( t I TNF(pi1 p i1 LIF(p i2 p i2 x l2 ( t S( t I TNF(pi1 p i1 LIF(p i2 p i2 x l2 ( t p i1 p 1 p i1 1 p i1 +1 p m + p i1 p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m + S evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S, 2. t (TP i1 (S TP i2 (S \ ( [ m TP i (S such that xl2 = 0 on t, or i i 1,i 2 3. t FP(S. Hence, the result follows. Theorem 4.14 (TNF LIF - Case 2 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term, p i1, in S is negated and the literal x l2 is inserted in p i1 where 1 i 1 m and x l2 is a missing literal of p i1, the resulting implementation denoted as I TNF(pi1 p i1 LIF(p i1 p i1 x l2 is equivalent to that given by Expression (14 in Table 1. Then, S I TNF(pi1 p i1 LIF(p i1 p i1 x l2 if and only if there is a test case t that satisfies any of the following conditions: Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 31 of 109

36 1. t UTP i1 (S such that x l2 = 1 on t, or 2. t FP(S. Proof : First, we observe that S I TNF(pi1 p i1 LIF(p i1 p i1 x l2 (p i1 p i1 x l2 p 1 p i1 1 p i1 +1 p m ( p i1 p i1 x l2 + p i1 ( p i1 + x l2 p 1 p i1 1 p i1 +1 p m (p i1 x l2 + p i1 p 1 p i1 1 p i1 +1 p m (By making use of A(A + B A p i1 x l2 p 1 p i1 1 p i1 +1 p m + p 1 p i1 p m p i1 x l2 p 1 p i1 1 p i1 +1 p m + S Now, S( t I TNF(pi1 p i1 LIF(p i1 p i1 x l2 ( t S( t I TNF(pi1 p i1 LIF(p i1 p i1 x l2 ( t = 1 p i1 x l2 p 1 p i1 1 p i1 +1 p m + S evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S such that x l2 = 1 on t, or 2. t FP(S. Hence, the result follows. Theorem 4.15 (TNF with LRF - Case 1 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term, p i1, in S is negated and the j 2 -th literal x i 2 j2 in the i 2 -th term, p i2, in S is replaced by the literal x l2 where 1 i 1 < i 2 m, 1 j 2 k i2, k i2 is the number of literals in p i2 and x l2 is a missing literal of p i2, the resulting implementation denoted as I TNF(pi1 p i1 LRF(p i2 p i2, ĵ x 2 l2 is equivalent to that given by Expression (15 in Table 1. Then, S I TNF(pi1 p i1 LRF(p i2 p i2, ĵ x 2 l2 if and only if there is a test case t that satisfies any of the following conditions: Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 32 of 109

37 1. t TP i1 (S \ ( [ m TP i (S such that pi2, ĵ 2 x l2 =0 on t, or i i 1,i 2 2. t FP(S. Proof : First, we observe that S I TNF(pi1 p i1 LRF(p i2 p i2, ĵ x 2 l2 ( (p i1 + p i2 ( p i1 + p i2, ĵ 2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( (p i1 + p i2 ( p i1 + p i2, ĵ 2 x l2 + (p i1 + p i2 ( p i1 + p i2, ĵ 2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( (p i1 + p i2 p i1 p i2, ĵ 2 x l2 + p i1 p i2 ( p i1 + p i2, ĵ 2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (p i1 p i2, ĵ 2 x l2 + p i1 p i2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By making use of (A + BA A and A(A + B A p i1 p i2, ĵ 2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m + p i1 p i2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m p i1 p i2, ĵ 2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m + S Now, S( t I TNF(pi1 LRF(p i2 p i2, ĵ 2 x l2 ( t S( t I TNF(pi1 LRF(p i2 p i2, ĵ 2 x l2 ( t = 1 p i1 p i2, ĵ 2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m + S evaluates to 1 on t t satisfies any of the following conditions: 1. t TP i1 (S \ ( [ m TP i (S such that pi2, ĵ 2 x l2 =0 on t, or i i 1,i 2 2. t FP(S. Hence, the result follows. Theorem 4.16 (TNF LRF - Case 2 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term, p i1, in S is negated and the j 2 -th literal x i 1 j2 in the i 1 -th term, p i1, in S is replaced by the literal x l2 where 1 i 1 m, 1 j 2 k i1, k i1 is the number of literals in p i1 and x l2 is a missing literal of p i1. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 33 of 109

38 (a When k i1 > 1, the resulting implementation denoted as I TNF(pi1 p i1 LRF(p i1 p i1, ˆ j 2 x l2 is equivalent to that given by Expression (16 in Table 1. Then, we have S I TNF(pi1 p i1 LRF(p i1 p i1, ˆ j 2 x l2 there is a test case t that satisfies any of the following conditions: 1. t UTP i1 (S such that x l2 = 1 on t, 2. t FP(S such that p i1, ĵ 2 = 0 on t, or 3. t FP(S such that x l2 = 0 on t. (b When k i1 = 1, the resulting implementation denoted as I TNF(pi1 p i1 LRF(p i1 x l2 is equivalent to that given by Expression (16 in Table 1 without p i1, ĵ 2 because p i1 contains only one literal. Then, we have S I TNF(pi1 p i1 LRF(p i1 x l2 there is a test case t that satisfies any of the following conditions: 1. t UTP i1 (S such that x l2 = 1 on t, 2. t FP(S such that x l2 = 0 on t. Proof : (a First, we observe that S I TNF(pi1 p i1 LRF(p i1 p i1, ˆ j 2 x l2 (p i1 p i1, ĵ 2 x l2 p 1 p i1 1 p i1 +1 p m (p i1 p i1, ĵ 2 x l2 + p i1 p i1, ĵ 2 x l2 p 1 p i1 1 p i1 +1 p m (p i1 x l2 + p i1 p i1, ĵ 2 x l2 p 1 p i1 1 p i1 +1 p m p i1 x l2 p 1 p i1 1 p i1 +1 p m + p i1 (p i1, ĵ 2 x l2 p 1 p i1 1 p i1 +1 p m p i1 x l2 p 1 p i1 1 p i1 +1 p m + p i1 p i1, ĵ 2 p 1 p i1 1 p i1 +1 p m + p i1 x l2 p 1 p i1 1 p i1 +1 p m p i1 x l2 p 1 p i1 1 p i1 +1 p m + p i1, ĵ 2 S + x l2 S Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 34 of 109

39 Now, S( t I TNF(pi1 p i1 LRF(p i1 p i1, ˆ j 2 x l2 ( t S( t I TNF(pi1 p i1 LRF(p i1 p i1, ˆ j 2 x l2 ( t = 1 p i1 x l2 p 1 p i1 1 p i1 +1 p m + p i1, ĵ 2 S + x l2 S evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S such that x l2 = 1 on t, 2. t FP(S such that p i1, ĵ 2 = 0 on t, or 3. t FP(S such that x l2 = 0 on t. Hence, the result follows. (b The proof of this part is very similar to (a except that the term p i1, ĵ 2 does not appear in the proof. We proceed the proof as follows. First, we observe that S I TNF(pi1 p i1 LRF(p i1 x l2 (p i1 x l2 p 1 p i1 1 p i1 +1 p m (p i1 x l2 + p i1 x l2 p 1 p i1 1 p i1 +1 p m p i1 x l2 p 1 p i1 1 p i1 +1 p m + x l2 S Now, S( t I TNF(pi1 p i1 LRF(p i1 x l2 ( t S( t I TNF(pi1 p i1 LRF(p i1 x l2 ( t = 1 p i1 x l2 p 1 p i1 1 p i1 +1 p m + x l2 S evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S such that x l2 = 1 on t, 2. t FP(S such that x l2 = 0 on t. Hence, the result follows. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 35 of 109

40 It should be noted that the only difference between the detection conditions of Theorem 4.16(a and (b lies in the detection condition 2 of Theorem 4.16(a. In fact, by just looking at the syntax, when k i1 = 1, p i1, ĵ 2 does not exist. Hence, without loss of generality, we can still use detection conditions 1, 2 and 3 in Theorem 4.16(a to represent the detection conditions of Expression (16 in Table 1 for k i1 1, bearing in mind that the detection condition 2 of Theorem 4.16(a does not exist when k i1 = TOF with other faults In this section, we study the detection conditions of double faults in which one of the single fault is a TOF. Theorem 4.17 (TOF with LNF Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term, p i1, in S is omitted and the j 2 -th literal x i 2 j2 in the i 2 -th term, p i2, in S is negated where 1 i 1 1 and k i2 is the number of literals in p i2, the implementation denoted as I TOF(pi1 LNF(p i2 p i2, j is equivalent to that given by Expression (17 in Table 1. 2 Then, we have S I TOF(pi1 LNF(p i2 p i2, j there is a test case t that satisfies any 2 of the following conditions: 1. t TP i1 (S \ ( [ m TP i (S such that pi2, j 2 =0 on t, i i 1,i 2 2. t TP i2 (S \ ( [ m TP i (S, or i i 1,i 2 3. t NFP i2, j 2 (S. Proof : First, we observe that S I TOF(pi1 LNF(p i2 p i2, j 2 ( (p i1 + p i2 p i2, j 2 p1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 36 of 109

41 ( (p i1 + p i2 p i2, j 2 + (p i1 + p i2 p i2, j p1 2 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( p i1 p i2, j 2 + p i2 + p i1 p i2 p i2, j p1 2 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By making use of (AB(A B (AB p i1 p i2, j 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m + p i2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m + p i1 p i2 p i2, j 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m p i1 p i2, j 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m + p i2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m + p i2, j 2 S Now, S( t I TOF(pi1 LNF(p i2 p i2, j 2 S( t I TOF(pi1 LNF(p i2 p i2, j 2 ( t = 1 p i1 p i2, j 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m +p i2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m + p i2, j 2 S evaluates to 1 on t t satisfies any of the following conditions: 1. t TP i1 (S \ ( [ m TP i (S such that pi2, j 2 =0 on t, i i 1,i 2 2. t TP i2 (S \ ( [ m TP i (S, or i i 1,i 2 3. t NFP i2, j 2 (S. Hence, the result follows. Theorem 4.18 (TOF with LOF Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term, p i1, in S is omitted and the j 2 -th literal x i 2 j2 in the i 2 -th term, p i2, in S is omitted where 1 i 1 1 and k i2 is the number of literals in p i2, the implementation denoted as I TOF(pi1 LOF(p i2 p i2, ĵ is equivalent to that given by Expression (18 in Table 1. 2 Then, S I TOF(pi1 LOF(p i2 p i2, ĵ there is a test case t that satisfies any of the 2 following conditions: 1. t UTP i1 (S such that p i2, ĵ 2 =0 on t, or Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 37 of 109

42 2. t NFP i2, j 2 (S. Proof : First, we observe that S I TOF(pi1 LOF(p i2 p i2, ĵ 2 ( (p i1 + p i2 p i2, ĵ p1 2 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( (p i1 + p i2 p i2, ĵ 2 + (p i1 + p i2 p i2, ĵ p1 2 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( p i1 p i2, ĵ p i1 p i2 p i2, ĵ p1 2 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By making use of AB(A 0 ( p i1 p i2, ĵ 2 p i2 + p i1 p i2 p i2, j p1 2 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By rewriting A as (A(AB because they are equivalent p i1 p i2, ĵ 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 p i2 +1 p m +p i2, ĵ 2 p 1 p i1 1 p i1 p i1 +1 p i2 1 p i2 p i2 +1 p m p i1 p i2, ĵ 2 p 1 p i1 1 p i1 +1 p m + p i2, j 2 S Now, S( t I TOF(pi1 LOF(p i2 p i2, ĵ 2 ( t S( t I TOF(pi1 LOF(p i2 p i2, ĵ 2 ( t = 1 p i1 p i2, ĵ 2 p 1 p i1 1 p i1 +1 p m + p i2, j 2 S evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S such that p i2, ĵ 2 =0 on t, or 2. t NFP i2, j 2 (S. Hence, the result follows. Theorem 4.19 (TOF with LIF Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term, p i1, in S is omitted and the literal x l2 is inserted into the i 2 -th term, p i2, in S where 1 i 1 < i 2 m and x l2 is a missing literal of p i2, the resulting implementation denoted as I TOF(pi1 LIF(p i2 p i2 x l2 is equivalent to that given by Expression (19 in Table 1. Then, S Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 38 of 109

43 I TOF(pi1 LIF(p i2 p i2 x l2 there is a test case t that satisfies any of the following conditions: 1. t UTP i1 (S, 2. t UTP i2 (S such that x l2 =0 on t, or 3. t ( TP i1 (S TP i2 (S \ ( [ m TP i (S such that xl2 =0 on t. i i 1,i 2 Proof : First, we observe that S I TOF(pi1 LIF(p i2 p i2 x l2 ( (p i1 + p i2 p i2 x l2 p1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( (p i1 + p i2 (p i2 x l2 + (p i1 + p i2 p i2 x l2 p1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( p i1 (p i2 x l2 + p i2 x l2 + 0 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By making use of A(AB AB and (A + BA 0 ( p i1 ( p i2 + p i2 x l2 + p i1 p i2 x l2 + p i1 p i2 x l2 p1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By rewriting AB as A + AB because they are equivalent; and B as AB + AB because they are equivalent ( p i1 p i2 + p i1 p i2 x l2 + p i1 p i2 x l2 + p i1 p i2 x l2 p1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m p i1 p i2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m + p i1 p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m +p i1 p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m p i1 p 1 p i1 1 p i1 +1 p m + p i2 x l2 p 1 p i2 1 p i2 +1 p m +p i1 p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 39 of 109

44 Now, S( t I TOF(pi1 LIF(p i2 p i2 x l2 ( t S( t I TOF(pi1 LIF(p i2 p i2 x l2 ( t = 1 p i1 p 1 p i1 1 p i1 +1 p m + p i2 x l2 p 1 p i2 1 p i2 +1 p m +p i1 p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S, 2. t UTP i2 (S such that x l2 =0 on t, or 3. t ( TP i1 (S TP i2 (S \ ( [ m TP i (S such that xl2 =0 on t. i i 1,i 2 Hence, the result follows. Theorem 4.20 (TOF with LRF Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term, p i1, in S is omitted and the j 2 -th literal x i 2 j2 in the i 2 -th term, p i2, in S is replaced by the literal x l2 where 1 i 1 1, the resulting implementation denoted as I TOF(pi1 LRF(p i2 p i2, ĵ 2 x l2 is equivalent to that given by Expression (20 in Table 1. Then, S I TOF(pi1 LRF(p i2 p i2, ĵ 2 x l2 if and only if there is a test case t that satisfies any of the following conditions: 1. t UTP i1 (S such that x l2 =0 on t, 2. t UTP i1 (S such that p i2, ĵ 2 =0 on t, 3. t UTP i2 (S such that x l2 =0 on t, 4. t NFP i2, j 2 (S such that x l2 = 1 on t, or Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 40 of 109

45 5. t ( TP i1 (S TP i2 (S \ ( [ m TP i (S such that xl2 =0 on t. i i 1,i 2 (b When k i2 = 1, the resulting implementation denoted as I TOF(pi1 LRF(p i2 x l2 is equivalent to that given by Expression (20 in Table 1 without p i2, ĵ 2 because p i2 contains just one literal. Then, S I TOF(pi1 LRF(p i2 x l2 there is a test case t that satisfies any of the following conditions: 1. t UTP i1 (S such that x l2 =0 on t, 2. t UTP i2 (S such that x l2 =0 on t, 3. t FP(S such that x l2 = 1 on t, or 4. t ( TP i1 (S TP i2 (S \ ( [ m TP i (S such that xl2 =0 on t. i i 1,i 2 Proof : (a First, we observe that S I TOF(pi1 LRF(p i2 p i2, ĵ 2 x l2 ( (p i1 + p i2 p i2, ĵ 2 x l2 p1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( (p i1 + p i2 (p i2, ĵ 2 x l2 + (p i1 + p i2 p i2, ĵ 2 x l2 p1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( p i1 (p i2, ĵ 2 x l2 + p i2 x l2 + p i1 p i2 p i2, ĵ 2 x l2 p1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By making use of (ABAC (ABC ( p i1 ( p i2, ĵ 2 p i2 + p i2 x l2 + p i2 x l2 + p i1 p i2 x l2 + p i1 p i2 x l2 + p i1 p i2 p i2, ĵ 2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By rewriting AC as A(AB + (ABC + ABC because they are equivalent; and B as AB + AB because they are equivalent ( p i1 p i2, ĵ 2 p i2 + p i1 p i2 x l2 + p i1 p i2 x l2 + p i1 p i2 x l2 + p i1 p i2 x l2 + p i1 p i2 p i2, ĵ 2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( p i1 p i2, ĵ 2 p i2 + p i1 p i2 x l2 + p i1 p i2 x l2 + p i1 p i2 x l2 + p i1 p i2 p i2, ĵ 2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( p i1 p i2, ĵ 2 p i2 + p i1 p i2 x l2 + p i1 p i2 x l2 + p i1 p i2 p i2, ĵ 2 x l2 + p i1 p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 41 of 109

46 ( p i1 p i2, ĵ 2 p i2 + p i1 p i2 x l2 + p i1 p i2 x l2 + p i1 p i2 p i2, j 2 x l2 + p i1 p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By using AB A AB AB A AB (A + B A AB AB ( p i1 p i2 x l2 + p i1 p i2, ĵ 2 p i2 + p i1 p i2 x l2 + p i1 p i2 p i2, j 2 x l2 + p i1 p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m p i1 x l2 p 1 p i1 1 p i1 +1 p m + p i1 p i2, ĵ 2 p 1 p i1 1 p i1 +1 p m +p i2 x l2 p 1 p i2 1 p i2 +1 p m + p i2, j 2 x l2 S + p i1 p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m Now, S( t I TOF(pi1 LRF(p i2 p i2, ĵ 2 x l2 ( t S( t I TOF(pi1 LRF(p i2 p i2, ĵ 2 x l2 ( t = 1 p i1 x l2 p 1 p i1 1 p i1 +1 p m + p i1 p i2, ĵ 2 p 1 p i1 1 p i1 +1 p m +p i2 x l2 p 1 p i2 1 p i2 +1 p m + p i2, j 2 x l2 S +p i1 p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S such that x l2 =0 on t, 2. t UTP i1 (S such that p i2, ĵ 2 =0 on t, 3. t UTP i2 (S such that x l2 =0 on t, Hence, the result follows. 4. t NFP i2. j 2 (S such that x l2 = 1 on t, or 5. t ( TP i1 (S TP i2 (S \ ( [ m TP i (S such that xl2 =0 on t. i i 1,i 2 (b The proof of this part is similar to (a above except that the term p i2, ĵ 2 does not appear in the proof. We proceed the proof as follows. First, we observe that S I TOF(pi1 LRF(p i2 x l2 ( (p i1 + p i2 x l2 p1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 42 of 109

47 ( (p i1 + p i2 x l2 + (p i1 + p i2 x l2 p1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( (p i1 p i2 + p i1 p i2 + p i1 p i2 x l2 + p i1 p i2 x l2 p1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By rewriting A + B as A B + ĀB + AB because they are equivalent ( p i1 p i2 x l2 + p i1 p i2 x l2 + p i1 p i2 x l2 + p i1 p i2 x l2 p1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( p i1 p i2 x l2 + p i1 p i2 x l2 + p i1 p i2 x l2 + p i1 p i2 x l2 p1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m p i1 x l2 p 1 p i1 1 p i1 +1 p m + p i2 x l2 p 1 p i2 1 p i2 +1 p m + x l2 S +p i1 p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m Now, S( t I TOF(pi1 LRF(p i2 x l2 ( t S( t I TOF(pi1 LRF(p i2 x l2 ( t = 1 p i1 x l2 p 1 p i1 1 p i1 +1 p m + p i2 x l2 p 1 p i2 1 p i2 +1 p m + x l2 S +p i1 p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S such that x l2 = 0 on t, 2. t UTP i2 (S such that x l2 = 0 on t, 3. t FP(S such that x l2 = 1 on t, or Hence, the result follows. 4. t ( TP i1 (S TP i2 (S \ ( [ m TP i (S such that xl2 = 0 on t. i i 1,i 2 It should be noted that there are two differences between the detection conditions of Theorem 4.20(a and (b. First, the detection condition 2 of Theorem 4.20(a is related to the term p i2, ĵ 2 which does not exist when k i2 = 1 in Theorem 4.20(b. Second, the detection condition 4 of Theorem 4.20(a (that is, t NFP i2, j 2 (S such that x l2 = 1 differs from the detection condition 3 of Theorem 4.20(b (that is, t FP(S such that x l2 = 1 syntactically. We say that these two conditions are syntactically different because they are actually equivalent to each other when k i2 = 1 (that is, when p i2 contains just one literal. It is because of the following reasons Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 43 of 109

48 t FP(S such that x l2 = 0 t FP(S such that p i2 = x i 2 1 = 0 and x l2 = 1 t FP(S such that p i2, 1 = xi 2 1 = 1 and x l2 = 1 t NFP i2, 1 (S such that x l 2 = 1 (Please be noted that j 2 = 1 when k i2 = 1. Hence, without loss of generality, we can still use the five detection conditions in Theorem 4.20(a to represent the detection conditions of Expression (20 in Table 1 for k i2 1, bearing in mind the non-existence of the term p i2, ĵ 2 and the equivalence between t FP(S such that x l2 = 1 and t NFP i2, j 2 (S such that x l2 = 1 when k i2 = DORF with other faults In this section, we study the detection conditions of double faults in which one of the single fault is a DORF. Theorem 4.21 (DORF LNF - Case 1 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the subexpression p i1 + p i1 +1 in S is implemented as p i1 p i1 +1 and the j 2 -th literal x i 2 j2 of the i 2 -th term p i2 is negated where 1 1 and k i2 is the number of literals in p i2, the resulting implementation denoted as I DORF(pi1 +p i1 +1 p i1 p i1 +1 LNF(p i2 p i2, j is equivalent 2 to that given by Expression (21 in Table 1. Then, S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LNF(p i2 p i2, j if 2 and only if there is a test case t that satisfies any of the following conditions: 1. t TP i1 (S \ ( [ m TP i (S such that pi2, j 2 =0 on t, i i 1,i 2 2. t TP i1 +1(S \ ( [ m TP i (S such that pi2, j 2 =0 on t, i i 1 +1,i 2 Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 44 of 109

49 3. t TP i2 (S \ ( [ m TP i (S such that pi1 p i1 +1 =0 on t, or i i 1,i 1 +1,i 2 4. t NFP i2, j 2 (S. Proof : First, we observe that S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LNF(p i2 p i2, j 2 ( (p i1 + p i p i2 (p i1 p i p i2, j 2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( (p i1 + p i p i2 (p i1 p i p i2, j 2 + (p i1 + p i p i2 (p i1 p i p i2, j 2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( (p i1 + p i p i2 p i1 p i1 +1 p i2, j 2 + p i1 p i1 +1 p i2 (p i1 p i p i2, j 2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( p i1 p i1 +1 p i2, j 2 + p i1 +1 p i1 p i2, j 2 + p i2 p i1 p i p i1 p i1 +1 p i2 p i2, j 2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m (By making use of A(AB AB, AB(AB AB and (AA 0 p i1 p i1 +1 p i2, j 2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m +p i1 +1 p i1 p i2, j 2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m +p i2 p i1 p i1 +1 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m + p i1 p i1 +1 p i2 p i2, j 2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m p i1 p i2, j 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m +p i1 +1 p i2, j 2 p 1 p i1 p i1 +2 p i2 1 p i2 +1 p m +p i2 (p i1 p i1 +1 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m + p i2, j 2 S Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 45 of 109

50 Now, S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LNF(p i2 p i2, j 2 ( t S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LNF(p i2 p i2, j 2 ( t = 1 p i1 p i2, j 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m +p i1 +1 p i2, j 2 p 1 p i1 p i1 +2 p i2 1 p i2 +1 p m +p i2 (p i1 p i1 +1 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m + p i2, j 2 S evaluates to 1 on t t satisfies any of the following conditions: 1. t TP i1 (S \ ( [ m TP i (S such that pi2, j 2 =0 on t, i i 1,i 2 2. t TP i1 +1(S \ ( [ m TP i (S such that pi2, j 2 =0 on t, i i 1 +1,i 2 3. t TP i2 (S \ ( [ m TP i (S such that pi1 p i1 +1 =0 on t, or i i 1,i 1 +1,i 2 4. t NFP i2, j 2 (S. Hence, the result follows. Theorem 4.22 (DORF with LNF - Case 2 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the subexpression p i1 + p i1 +1 in S is implemented as p i1 p i1 +1 and the j 2 -th literal x i 1 j2 in the i 1 -th term, p i1, in S is negated where 1 i 1 < m, 1 j 2 k i1, k i1 > 1 and k i1 is the number of literals in p i1, the resulting implementation denoted as I DORF(pi1 +p i1 +1 p i1 p i1 +1 LNF(p i1 p i1, j is equivalent 2 to that given by Expression (22 in Table 1. Then, S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LNF(p i1 p i1, j if 2 and only if there is a test case t that satisfies any of the following conditions: 1. t TP i1 (S \ ( m [ i i 1,i 1 +1 TP i (S, or Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 46 of 109

51 2. t TP i1 +1(S \ ( m [ i i 1,i 1 +1 TP i (S such that p i1, j 2 =0 on t. Proof : First, we observe that S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LNF(p i1 p i1, j 2 ( (p i1 + p i1 +1 (p i1, j 2 p i1 +1 p 1 p i1 1 p i1 +2 p m ( (p i1 + p i1 +1(p i1, j 2 p i (p i1 + p i1 +1p i1, j 2 p i1 +1 p1 p i1 1 p i1 +2 p m ( p i1 + p i1 +1 p i1, j 2 + p i1 p i1 +1p i1, j 2 p i p 1 p i1 1 p i1 +2 p m (By making use of AB(ABC AB, A(BCA ABC and (A + BA 0 p i1 p 1 p i1 1 p i1 +2 p m + p i1 +1 p i1, j 2 p 1 p i1 1 p i1 +2 p m Now, S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LNF(p i1 p i1, j 2 ( t S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LNF(p i1 p i1, j 2 ( t = 1 p i1 p 1 p i1 1 p i1 +2 p m + p i1 +1 p i1, j 2 p 1 p i1 1 p i1 +2 p m evaluates to 1 on t t satisfies any of the following conditions: 1. t TP i1 (S \ ( m [ i i 1,i t TP i1 +1(S \ ( m [ i i 1,i 1 +1 TP i (S, or TP i (S such that p i1, j 2 =0 on t. Hence, the result follows. Theorem 4.23 (DORF with LOF - Case 1 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the subexpression p i1 + p i1 +1 is implemented as p i1 p i1 +1 and the j 2 -th literal x i 2 j2 in the i 2 -th term p i2 in S is omitted where 1 1 and k i2 is the number of literals in p i2, the resulting implementation denoted as I DORF(pi1 +p i1 +1 p i1 p i1 +1 LOF(p i2 p i2, ĵ is equivalent 2 to that given by Expression (23 in Table 1. Then, S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LOF(p i2 p i2, ĵ if 2 and only if there is a test case t that satisfies any of the following conditions: Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 47 of 109

52 1. t UTP i1 (S such that p i2, ĵ 2 =0 on t, 2. t UTP i1 +1(S such that p i2, ĵ 2 =0 on t, or 3. t NFP i2, j 2 (S. Proof : First, we observe that S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LOF(p i2 p i2, ĵ 2 ( (p i1 + p i p i2 (p i1 p i p i2, ĵ 2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( (p i1 + p i p i2 (p i1 p i p i2, ĵ 2 + (p i1 + p i p i2 (p i1 p i p i2, ĵ 2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( (p i1 + p i p i2 (p i1 p i1 +1 p i2, ĵ 2 + p i1 p i1 +1 p i2 (p i1 p i p i2, ĵ 2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( p i1 p i1 +1 p i2, ĵ 2 + p i1 +1 p i1 p i2, ĵ p i1 p i1 +1 p i2 p i2, ĵ 2 p1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m (By making use of A(AB AB, AB(A 0 and A(A 0 ( p i1 p i1 +1 p i2, ĵ 2 p i2 + p i1 +1 p i1 p i2, ĵ 2 p i2 + p i1 p i1 +1 p i2 p i2, j 2 p1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m (By rewriting A as (A(AB because they are equivalent; and (ABA as (ABAB because they are equivalent p i1 p i2, ĵ 2 p 1 p i1 1 p i1 +1 p i1 +2 p i2 1 p i2 p i2 +1 p m +p i1 +1 p i2, ĵ 2 p 1 p i1 1 p i1 p i1 +2 p i2 1 p i2 p i2 +1 p m +p i2, j 2 p 1 p i1 1 p i1 p i1 +1 p i1 +2 p i2 1 p i2 p i2 +1 p m p i1 p i2, ĵ 2 p 1 p i1 1 p i1 +1 p m + p i1 +1 p i2, ĵ 2 p 1 p i1 p i1 +2 p m + p i2, j 2 S Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 48 of 109

53 Now, S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LOF(p i2 p i2, ĵ 2 ( t S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LOF(p i2 p i2, ĵ 2 ( t = 1 p i1 p i2, ĵ 2 p 1 p i1 1 p i1 +1 p m + p i1 +1 p i2, ĵ 2 p 1 p i1 p i1 +2 p m + p i2, j 2 S evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S such that p i2, ĵ 2 =0 on t, 2. t UTP i1 +1(S such that p i2, ĵ 2 =0 on t, or 3. t NFP i2, j 2 (S. Hence, the result follows. Theorem 4.24 (DORF with LOF - Case 2 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the subexpression p i1 + p i1 +1 in S is implemented as p i1 p i1 +1 and the j 2 -th literal x i 1 j2 in the i 1 -th term p i1 in S is omitted where 1 i 1 < m, 1 j 2 k i1, k i1 > 1 and k i1 is the number of literals in p i1, the resulting implementation denoted as I DORF(pi1 +p i1 +1 p i1 p i1 +1 LOF(p i1 p i1, ˆ j 2 is equivalent to that given by Expression (24 in Table 1. Then, S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LOF(p i1 p i1, jˆ if 2 and only if there is a test case t that satisfies any of the following conditions: 1. t UTP i1 (S, or 2. t UTP i1 +1(S such that p i1, ĵ 2 = 0 on t. Proof : First, we observe that S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LOF(p i1 p i1, jˆ 2 ( (p i1 + p i1 +1 (p i1, ĵ 2 p i1 +1 p 1 p i1 1 p i1 +2 p m ( (p i1 + p i1 +1(p i1, ĵ 2 p i (p i1 + p i1 +1p i1, ĵ 2 p i1 +1 p1 p i1 1 p i1 +2 p m Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 49 of 109

54 (p i1 p i p i1 +1 p i1, ĵ p 1 p i1 1 p i1 +2 p m (By making use of AB(AC ABC, A(BA AB and (AB +CAC 0 (p i1 p i p i1 +1 p i1, ĵ 2 p i1 p 1 p i1 1 p i1 +2 p m (By rewriting (A as (A(AB because they are equivalent p i1 p 1 p i1 1 p i1 +1 p i1 +2 p m + p i1 +1 p i1, ĵ 2 p 1 p i1 1 p i1 p i1 +2 p m p i1 p 1 p i1 1 p i1 +1 p m + p i1 +1 p i1, ĵ 2 p 1 p i1 p i1 +2 p m Now, S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LOF(p i1 p i1, jˆ 2 ( t S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LOF(p i1 p i1, ˆ j 2 ( t = 1 p i1 p 1 p i1 1 p i1 +1 p m + p i1 +1 p i1, ĵ 2 p 1 p i1 p i1 +2 p m evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S, or 2. t UTP i1 +1(S such that p i1, ĵ 2 = 0 on t. Hence, the result follows. Theorem 4.25 (DORF with LIF - Case 1 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the subexpression p i1 + p i1 +1 in S is implemented as p i1 p i1 +1 and the literal x l2 is inserted into the i 2 -th term, p i2, in S where 1 < i < i 2 m and x l2 is a missing literal of p i2, the resulting implementation denoted as I DORF(pi1 +p i1 +1 p i1 p i1 +1 LIF(p i2 p i2 x l2 is equivalent to that given by Expression (25 in Table 1. Then, we have S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LIF(p i2 p i2 x l2 if and only if there is a test case t that satisfies any of the following conditions: 1. t UTP i1 (S, 2. t UTP i1 +1(S, 3. t UTP i2 (S such that x l2 = 0 on t, Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 50 of 109

55 4. t ( TP i1 (S TP i2 (S \ ( [ m TP i (S such that xl2 = 0 on t, or i i 1,i 2 5. t ( TP i1 +1(S TP i2 (S \ ( [ m TP i (S such that xl2 = 0 on t. i i 1 +1,i 2 Proof : First, we observe that S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LIF(p i2 p i2 x l2 ( (p i1 + p i p i2 (p i1 p i p i2 x l2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( (p i1 + p i p i2 (p i1 p i p i2 x l2 + (p i1 + p i p i2 (p i1 p i p i2 x l2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( (p i1 + p i p i2 (p i1 p i1 +1(p i2 x l2 + p i1 p i1 +1 p i2 (p i1 p i p i2 x l2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( p i1 p i1 +1p i2 x l2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1p i2 x l p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m (By making use of A(AB AB and (AA 0 ( p i1 p i1 +1( p i2 + p i2 x l2 + p i1 p i1 +1( p i2 + p i2 x l2 + ( p i1 p i p i1 p i p i1 p i1 +1p i2 x l2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m (By rewriting AB as A + AB because they are equivalent, and AB as (A(B + AB + AB because they are equivalent ( p i1 p i1 +1 p i2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1 p i2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1p i2 x l2 +p i1 p i1 +1p i2 x l2 + p i1 p i1 +1p i2 x l2 p1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( p i1 p i1 +1 p i2 + p i1 p i1 +1 p i2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1p i2 x l2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m p i1 p 1 p i1 1 p i1 +1 p m + p i1 +1 p 1 p i1 p i1 +2 p m + p i2 x l2 p 1 p i2 1 p i2 +1 p m +p i1 p i2 x l2 p 1 p i1 +1 p i1 +2 p i2 1 p i2 +1 p m + p i1 +1p i2 x l2 p 1 p i1 p i1 +2 p i2 1 p i2 +1 p m Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 51 of 109

56 Now, S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LIF(p i2 p i2 x l2 ( t S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LIF(p i2 p i2 x l2 ( t p i1 p 1 p i1 1 p i1 +1 p m + p i1 +1 p 1 p i1 p i1 +2 p m +p i2 x l2 p 1 p i2 1 p i2 +1 p m + p i1 p i2 x l2 p 1 p i1 +1 p i1 +2 p i2 1 p i2 +1 p m +p i1 +1p i2 x l2 p 1 p i1 p i1 +2 p i2 1 p i2 +1 p m evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S, 2. t UTP i1 +1(S, 3. t UTP i2 (S such that x l2 = 0 on t, 4. t ( TP i1 (S TP i2 (S \ ( [ m TP i (S such that xl2 = 0 on t, or i i 1,i 2 5. t ( TP i1 +1(S TP i2 (S \ ( [ m TP i (S such that xl2 = 0 on t. i i 1 +1,i 2 Hence, the result follows. Theorem 4.26 (DORF with LIF - Case 2 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the subexpression p i1 + p i1 +1 in S is implemented as p i1 p i1 +1 and the literal x l2 is inserted into the i 1 -th term, p i1, in S where 1 i 1 < m and x l2 is a missing literal of p i1, the resulting implementation denoted as I DORF(pi1 +p i1 +1 p i1 p i1 +1 LIF(p i1 p i1 x l2 is equivalent to that given by Expression (26 in Table 1. Then, S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LIF(p i1 p i1 x l2 there is a test case t that satisfies any of the following conditions: 1. t UTP i1 (S, 2. t UTP i1 +1(S, or Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 52 of 109

57 3. t ( TP i1 (S TP i1 +1(S \ ( m [ i i 1,i 1 +1 TP i (S such that x l2 = 0 on t. Proof : First, we observe that S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LIF(p i1 p i1 x l2 ( (p i1 + p i1 +1 (p i1 x l2 p i1 +1 p 1 p i1 1 p i1 +2 p m ( (p i1 + p i1 +1(p i1 x l2 p i (p i1 + p i1 +1(p i1 x l2 p i1 +1 p 1 p i1 1 p i1 +2 p m ( p i1 x l2 p i p i1 +1p i1 x l2 + 0 p 1 p i1 1 p i1 +2 p m (By making use of A(AB AB and (A + BA 0 ( p i1 ( x l2 p i p i p i1 +1( p i1 + x l2 p i1 p 1 p i1 1 p i1 +2 p m ( p i1 p i1 +1 x l2 + p i1 p i p i1 p i p i1 p i1 +1 x l2 p1 p i1 1 p i1 +2 p m ( p i1 p i p i1 p i p i1 p i1 +1 x l2 p1 p i1 1 p i1 +2 p m p i1 p 1 p i1 1 p i1 +1 p m + p i1 +1 p 1 p i1 p i1 +2 p m + p i1 p i1 +1 x l2 p 1 p i1 1 p i1 +2 p m Now, S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LIF(p i1 p i1 x l2 ( t S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LIF(p i1 p i1 x l2 ( t = 1 p i1 p 1 p i1 1 p i1 +1 p m + p i1 +1 p 1 p i1 p i1 +2 p m +p i1 p i1 +1 x l2 p 1 p i1 1 p i1 +2 p m evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S, 2. t UTP i1 +1(S, or 3. t ( TP i1 (S TP i1 +1(S \ ( m [ i i 1,i 1 +1 TP i (S such that x l2 = 0 on t. Hence, the result follows. Theorem 4.27 (DORF with LRF - Case 1 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the subexpression p i1 + p i1 +1 in S is implemented as p i1 p i1 +1 and the j 2 -th literal x i 2 j2 in the Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 53 of 109

58 i 2 -th term, p i2, in S is replaced by the literal x l2 where 1 1, the resulting implementation denoted as I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i2 p i2, ĵ x 2 l2 is equivalent to that given by Expression (27 in Table 1. Then, we have S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i2 p i2, ĵ x 2 l2 there is a test case t that satisfies any of the following conditions: 1. t UTP i1 (S such that x l2 = 0 on t, 2. t UTP i1 (S such that p i2, ĵ 2 = 0 on t, 3. t UTP i1 +1(S such that x l2 = 0 on t, 4. t UTP i1 +1(S such that p i2, ĵ 2 = 0 on t, 5. t UTP i2 (S such that x l2 = 0 on t, 6. t NFP i2, j 2 (S such that x l2 = 1 on t, 7. t ( TP i1 (S TP i2 (S \ ( [ m TP i (S such that xl2 = 0 on t, or, i i 1,i 2 8. t ( TP i1 +1(S TP i2 (S \ ( [ m TP i (S such that xl2 = 0 on t., i i 1 +1,i 2 (b When k i2 = 1, the resulting implementation denoted as I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i2 x l2 is equivalent to that given by Expression (27 in Table 1 without p i2, ĵ 2 because p i2 contains just one literal. Then, S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i2 x l2 there is a test case t that satisfies any of the following conditions: 1. t UTP i1 (S such that x l2 = 0 on t, 2. t UTP i1 +1(S such that x l2 = 0 on t, 3. t UTP i2 (S such that x l2 = 0 on t, 4. t FP(S such that x l2 = 1 on t, Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 54 of 109

59 5. t ( TP i1 (S TP i2 (S \ ( [ m TP i (S such that xl2 = 0 on t, or, i i 1,i 2 6. t ( TP i1 +1(S TP i2 (S \ ( [ m TP i (S such that xl2 = 0 on t., i i 1 +1,i 2 Proof : (a First, we observe that S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i2 p i2, ĵ 2 x l2 ( (p i1 + p i p i2 (p i1 p i p i2, ĵ 2 x l2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( (p i1 + p i p i2 (p i1 p i p i2, ĵ 2 x l2 + (p i1 + p i p i2 (p i1 p i p i2, ĵ 2 x l2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( (p i1 + p i p i2 (p i1 p i1 +1(p i2, ĵ 2 x l2 + p i1 p i1 +1 p i2 (p i1 p i p i2, ĵ 2 x l2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( p i1 p i1 +1(p i2, ĵ 2 x l2 + p i1 p i1 +1(p i2, ĵ 2 x l2 + (p i1 p i1 +1p i2 x l p i1 p i1 +1 p i2 p i2, ĵ 2 x l2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m (By making use of A(AB AB and (AA 0 ( p i1 p i1 +1(p i2, ĵ 2 x l2 + p i1 p i1 +1(p i2, ĵ 2 x l2 + (p i1 p i1 +1p i2 x l2 + p i1 p i1 +1 p i2 p i2, j 2 x l2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m (By rewriting (ABA as (ABAB because they are equivalent ( p i1 p i1 +1( p i2, ĵ 2 p i2 + p i2 x l2 + p i2 x l2 + p i1 p i1 +1( p i2, ĵ 2 p i2 + p i2 x l2 + p i2 x l2 +( p i1 p i p i1 p i p i1 p i1 +1p i2 x l2 + p i1 p i1 +1 p i2 p i2, j 2 x l2 p1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m (By rewriting AC as A(AB + (ABC + ABC because they are equivalent to A +C, and AB as (A(B + AB + AB because they are equivalent ( p i1 p i1 +1 p i2 p i2, ĵ 2 + p i1 p i1 +1 p i2 x l2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1 p i2, ĵ 2 p i2 + p i1 p i1 +1 p i2 x l2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1 p i2 p i2, j 2 x l2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( p i1 p i1 +1 p i2 p i2, ĵ 2 + p i1 p i1 +1 p i2 x l2 + p i1 p i1 +1 p i2, ĵ 2 p i2 + p i1 p i1 +1 p i2 x l2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1 p i2 p i2, j 2 x l2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1p i2 x l2 p1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( p i1 p i1 +1 p i2 x l2 + p i1 p i1 +1 p i2 p i2, ĵ 2 + p i1 p i1 +1 p i2 x l2 + p i1 p i1 +1 p i2, ĵ 2 p i2 + p i1 p i1 +1p i2 x l2 Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 55 of 109

60 + p i1 p i1 +1 p i2 p i2, j 2 x l2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1p i2 x l2 p1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m p i1 x l2 p 1 p i1 1 p i1 +1 p m + p i1 p i2, ĵ 2 p 1 p i1 1 p i1 +1 p m + p i1 +1 x l2 p 1 p i1 p i1 +2 p m +p i1 +1 p i2, ĵ 2 p 1 p i1 p i1 +2 p m + p i2 x l2 p 1 p i2 1 p i2 +1 p m + p i2, j 2 x l2 S +p i1 p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m + p i1 +1p i2 x l2 p 1 p i1 p i1 +2 p i2 1 p i2 +1 p m Now, S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i2 p i2, ĵ x 2 l2 ( t S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i2 p i2, ĵ x 2 l2 ( t = 1 p i1 x l2 p 1 p i1 1 p i1 +1 p m + p i1 p i2, ĵ 2 p 1 p i1 1 p i1 +1 p m +p i1 +1 x l2 p 1 p i1 p i1 +2 p m + p i1 +1 p i2, ĵ 2 p 1 p i1 p i1 +2 p m +p i2 x l2 p 1 p i2 1 p i2 +1 p m + p i2, j 2 x l2 S +p i1 p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m +p i1 +1p i2 x l2 p 1 p i1 p i1 +2 p i2 1 p i2 +1 p m evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S such that x l2 = 0 on t, 2. t UTP i1 (S such that p i2, ĵ 2 = 0 on t, 3. t UTP i1 +1(S such that x l2 = 0 on t, 4. t UTP i1 +1(S such that p i2, ĵ 2 = 0 on t, 5. t UTP i2 (S such that x l2 = 0 on t, Hence, the result follows. 6. t NFP i2, j 2 (S such that x l2 = 1 on t, ( (TPi1 7. t (S TP i2 (S \ ( [ m TP i (S such that x l2 = 0 on t, or, i i 1,i 2 ( (TPi1 8. t +1(S TP i2 (S \ ( [ m TP i (S such that x l2 = 0 on t., i i 1 +1,i 2 Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 56 of 109

61 (b The proof of this part is similar to (a above except that the term p i2, ĵ 2 does not appear in the proof. We proceed the proof as follows. First, we observe that S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i2 x l2 ( (p i1 + p i p i2 (p i1 p i x l2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( (p i1 + p i p i2 (p i1 p i x l2 + (p i1 + p i p i2 (p i1 p i x l2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( (p i1 + p i p i2 (p i1 p i1 +1 x l2 + p i1 p i1 +1 p i2 (p i1 p i x l2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( p i1 p i1 +1 x l2 + p i1 p i1 +1 x l2 + (p i1 p i1 +1p i2 x l p i1 p i1 +1 p i2 x l2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m (By making use of A(AB AB and (AA 0 ( p i1 p i1 +1 x l2 + p i1 p i1 +1 x l2 + (p i1 p i1 +1p i2 x l2 + p i1 p i1 +1 p i2 x l2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( p i1 p i1 +1( p i2 x l2 + p i2 x l2 + p i1 p i1 +1( p i2 x l2 + p i2 x l2 +( p i1 p i p i1 p i p i1 p i1 +1p i2 x l2 + p i1 p i1 +1 p i2 x l2 p1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m (By using B ĀB + AB and AB A B + AB + AB ( p i1 p i1 +1 p i2 x l2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1 p i2 x l2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1 p i2 x l2 p 1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m ( p i1 p i1 +1 p i2 x l2 + p i1 p i1 +1 p i2 x l2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1 p i2 x l2 + p i1 p i1 +1p i2 x l2 + p i1 p i1 +1p i2 x l2 p1 p i1 1 p i1 +2 p i2 1 p i2 +1 p m p i1 x l2 p 1 p i1 1 p i1 +1 p m + p i1 +1 x l2 p 1 p i1 p i1 +2 p m + p i2 x l2 p 1 p i2 1 p i2 +1 p m + x l2 S +p i1 p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m + p i1 +1p i2 x l2 p 1 p i1 p i1 +2 p i2 1 p i2 +1 p m Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 57 of 109

62 Now, S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i2 x l2 ( t S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i2 x l2 ( t = 1 p i1 x l2 p 1 p i1 1 p i1 +1 p m + p i1 +1 x l2 p 1 p i1 p i1 +2 p m +p i2 x l2 p 1 p i2 1 p i2 +1 p m + x l2 S +p i1 p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m +p i1 +1p i2 x l2 p 1 p i1 p i1 +2 p i2 1 p i2 +1 p m evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S such that x l2 = 0 on t, 2. t UTP i1 +1(S such that x l2 = 0 on t, 3. t UTP i2 (S such that x l2 = 0 on t, 4. t FP(S such that x l2 = 1 on t, ( (TPi1 5. t (S TP i2 (S \ ( [ m TP i (S such that x l2 = 0 on t, or, i i 1,i 2 Hence, the result follows. ( (TPi1 6. t +1(S TP i2 (S \ ( [ m TP i (S such that x l2 = 0 on t., i i 1 +1,i 2 It should be noted that there are two differences between the detection conditions of Theorem 4.27(a and (b. First, the detection conditions 2 and 4 of Theorem 4.27(a are related to the term p i2, ĵ 2 and this term does not exist in Theorem 4.27(b when k i2 = 1. Second, the detection condition 6 of Theorem 4.27(a (that is, t NFP i2, j 2 (S such that x l2 = 1 differs from the detection condition 4 of Theorem 4.27(b (that is, t FP(S such that x l2 = 1 syntactically. We say that these two conditions are syntactically different because they are actually equivalent to each other when k i2 = 1 (that is, when p i2 contains just one literal. The reason is similar to those as explained in the paragraph after Theorem Hence, without loss of generality, we can still use the eight detection conditions Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 58 of 109

63 in Theorem 4.27(a to represent the detection conditions of Expression (27 in Table 1 for k i2 1, bearing in mind the non-existence of the term p i2, ĵ 2 and the equivalence between t FP(S such that x l2 = 1 and t NFP i2, j 2 (S such that x l2 = 1 when k i2 = 1. Theorem 4.28 (DORF with LRF - Case 2 Let S = p p m be a Boolean specification in IDNF. Suppose that the subexpression p i1 + p i1 +1 in S is implemented as p i1 p i1 +1 and the literal x i 1 j2 in the i 1 -th term p i1 in S is replaced by x l2 where 1 i 1 < m, 1 j 2 k i1, k i1 is the number of literals in p i1 and x l2 is a missing literal of p i1. (a When k i1 > 1, the resulting implementation denoted as I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i1 p i1, ˆ j 2 x l2 is equivalent to that given by Expression (28 in Table 1. Then, we have S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i1 p i1, ˆ j 2 x l2 there is a test case t that satisfies any of the following conditions: 1. t UTP i1 (S, 2. t UTP i1 +1(S such that p i1, ĵ 2 =0 on t, 3. t UTP i1 +1(S such that x l2 =0 on t, or 4. t ( TP i1 (S TP i1 +1(S \ ( m [ i i 1,i 1 +1 TP i (S such that x l2 =0 on t. (b When k i1 = 1, the resulting implementation denoted as I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i1 x l2 is equivalent to that given by Expression (28 in Table 1 without p i1, ĵ 2 because p i1 contains just one literal. Then, S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i1 x l2 there is a test case t that satisfies any of the following conditions: 1. t UTP i1 (S, 2. t UTP i1 +1(S such that x l2 =0 on t, or 3. t ( TP i1 (S TP i1 +1(S \ ( m [ i i 1,i 1 +1 TP i (S such that x l2 =0 on t. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 59 of 109

64 Proof : (a First, we observe that S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i1 p i1, ˆ j 2 x l2 ( (p i1 + p i1 +1 (p i1, ĵ 2 x l2 p i1 +1 p 1 p i1 1 p i1 +2 p m ( (p i1 + p i1 +1(p i1, ĵ 2 x l2 p i (p i1 + p i1 +1(p i1, ĵ 2 x l2 p i1 +1 p 1 p i1 1 p i1 +2 p m ( p i1 (x l2 p i p i1 +1(p i1, ĵ 2 x l2 + 0 p 1 p i1 1 p i1 +2 p m (By making use of AB(AC ABC, A(BA AB and (A + BB 0 ( p i1 (p i1 +1 x l2 + p i p i1 +1( p i1, ĵ 2 p i1 + p i1 x l2 + p i1 x l2 p 1 p i1 1 p i1 +2 p m (By rewriting AB as BA + B because they are equivalent; and AC as A(AB + (ABC + ABC because they are equivalent to A +C ( p i1 p i1 +1 x l2 + p i1 p i p i1, ĵ 2 p i1 p i p i1 x l2 p i p i1 x l2 p i1 +1 p1 p i1 1 p i1 +2 p m ( p i1 p i p i1 p i1 +1 p i1, ĵ 2 + p i1 p i1 +1 x l2 + p i1 p i1 +1 x l2 p1 p i1 1 p i1 +2 p m p i1 p 1 p i1 1 p i1 +1 p m + p i1 +1 p i1, ĵ 2 p 1 p i1 p i1 +2 p m +p i1 +1 x l2 p 1 p i1 p i1 +2 p m + p i1 p i1 +1 x l2 p 1 p i1 1 p i1 +2 p m Now, S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i1 p i1, ˆ j 2 x l2 ( t S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i1 p i1, ˆ j 2 x l2 ( t = 1 p i1 p 1 p i1 1 p i1 +1 p m + p i1 +1 p i1, ĵ 2 p 1 p i1 p i1 +2 p m +p i1 +1 x l2 p 1 p i1 p i1 +2 p m + p i1 p i1 +1 x l2 p 1 p i1 1 p i1 +2 p m evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S, 2. t UTP i1 +1(S such that p i1, ĵ 2 =0 on t, Hence, the result follows. 3. t UTP i1 +1(S such that x l2 =0 on t, or 4. t ( TP i1 (S TP i1 +1(S \ ( m [ i i 1,i 1 +1 TP i (S such that x l2 =0 on t. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 60 of 109

65 (b The proof of this part is similar to that in (a above except that the term p i1, ĵ 2 does not appear in the proof. We proceed the proof as follows. First, we observe that S I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i1 x l2 ( (p i1 + p i1 +1 (x l2 p i1 +1 p 1 p i1 1 p i1 +2 p m ( (p i1 + p i1 +1(x l2 p i (p i1 + p i1 +1(x l2 p i1 +1 p 1 p i1 1 p i1 +2 p m ( p i1 (x l2 p i p i1 +1 x l2 + 0 p 1 p i1 1 p i1 +2 p m (By making use of A(BA AB and (A + BB 0 ( p i1 (p i1 +1 x l2 + p i p i1 +1( p i1 x l2 + p i1 x l2 p 1 p i1 1 p i1 +2 p m (By using AB BA + B and B AB + AB ( p i1 p i1 +1 x l2 + p i1 p i p i1 x l2 p i p i1 x l2 p i1 +1 p1 p i1 1 p i1 +2 p m ( p i1 p i p i1 p i1 +1 x l2 + p i1 p i1 +1 x l2 p1 p i1 1 p i1 +2 p m p i1 p 1 p i1 1 p i1 +1 p m + p i1 +1 x l2 p 1 p i1 p i1 +2 p m + p i1 p i1 +1 x l2 p 1 p i1 1 p i1 +2 p m Now, S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i1 x l2 ( t S( t I DORF(pi1 +p i1 +1 p i1 p i1 +1 LRF(p i1 x l2 ( t = 1 p i1 p 1 p i1 1 p i1 +1 p m + p i1 +1 x l2 p 1 p i1 p i1 +2 p m +p i1 p i1 +1 x l2 p 1 p i1 1 p i1 +2 p m evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S, 2. t UTP i1 +1(S such that x l2 =0 on t, or 3. t ( TP i1 (S TP i1 +1(S \ ( m [ i i 1,i 1 +1 TP i (S such that x l2 =0 on t. Hence, the result follows. The only difference between the detection conditions of Theorem 4.28(a and (b is that the detection condition 2 Theorem 4.28(a is related to the term p i1, ĵ 2 which does not exist in Theorem 4.28(b when k i1 = 1. Hence, without loss of generality, we can still use the four detection conditions in The- Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 61 of 109

66 orem 4.28(a to represent the detection conditions of Expression (28 in Table 1 for k i1 1, bearing in mind the non-existence of the term p i1, ĵ 2 when k i1 = CORF with other faults In this section, we study the detection conditions of double faults in which one of the single fault is a CORF. Theorem 4.29 (CORF with LNF - Case 1 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term p i1 in S is implemented as p i1,1, j 1 and the j 2 -th literal x i 2 j2 in the i 2 -th term p i2 in S is negated where p i1 = p i1,1, j 1 p i1, j 1 +1,k i1, 1 i 1 1 are the numbers of literals of p i1 and p i2 respectively, the resulting implementation denoted as I CORF(pi1 p i1,1, j 1 LNF(p i2 p i2, j is equivalent to that given by Expression (29 2 in Table 1. Then, S I CORF(pi1 p i1,1, j 1 LNF(p i2 p i2, j there is a test case t 2 that satisfies any of the following conditions: 1. t UTP i2 (S such that p i1,1, j 1 =0 on t, 2. t NFP i2, j 2 (S, or 3. t FP(S such that p i1,1, j 1 =1 on t. Proof : First, we observe that S I CORF(pi1 p i1,1, j 1 LNF(p i2 p i2, j 2 ( (p i1 + p i2 (p i1,1, j 1 + p i2, j 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( (p i1 + p i2 (p i1,1, j 1 + p i2, j 2 + (p i1 + p i2 (p i1,1, j 1 + p i2, j 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( (p i1 + p i2 (p i1,1, j 1 p i2, j 2 + p i1 p i2 (p i1,1, j 1 + p i2, j 2 Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 62 of 109

67 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( 0 + (p i1,1, j 1 p i2 + p i1 p i2 (p i1,1, j 1 + p i2, j 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By making use of AB(A + B 0 and AB(AB AB ( p i2 (p i1,1, j 1 p i1 + p i1 p i2 (p i1,1, j 1 + p i2, j 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By rewriting (A + B as (A + B(AB because they are equivalent p i2 (p i1,1, j 1 p 1 p i1 1 p i1 p i1 +1 p i2 1 p i2 +1 p m +(p i1,1, j 1 + p i2, j 2 p 1 p i1 1 p i1 p i1 +1 p i2 1 p i2 p i2 +1 p m p i2 (p i1,1, j 1 p 1 p i2 1 p i2 +1 p m + (p i1,1, j 1 + p i2, j 2 S p i2 (p i1,1, j 1 p 1 p i2 1 p i2 +1 p m + p i2, j 2 S + (p i1,1, j 1 S Now, S( t I CORF(pi1 p i1,1, j 1 LNF(p i2 p i2, j 2 ( t S( t I CORF(pi1 p i1,1, j 1 LNF(p i2 p i2, j 2 ( t = 1 p i2 (p i1,1, j 1 p 1 p i2 1 p i2 +1 p m + p i2, j 2 S +(p i1,1, j 1 S evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i2 (S such that p i1,1, j 1 =0 on t, 2. t NFP i2, j 2 (S, or 3. t FP(S such that p i1,1, j 1 =1 on t. Hence, the result follows. Theorem 4.30 (CORF with LNF - Case 2 Let S = p p m be a Boolean specification in IDNF. Suppose that the i 1 -th term p i1 in S is implemented as p i1,1, j 1 and the j 1 -th literal x i 1 j1 in p i1 is negated where p i1 = p i1,1, j 1 p i1, j 1 +1,k i1, 1 i 1 m, 1 < j 1 < k i1 and k i1 is the number of literals of p i1, the resulting Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 63 of 109

68 implementation denoted as I CORF(pi1 p i1,1, j 1 LNF(p i1 p i1, j 1 is equivalent to that given by Expression (30 in Table 1. Then, S I CORF(pi1 p i1,1, j 1 LNF(p i1 p i1, j 1 there is a test case t FP(S such that p i1,1, j 1 = 1 on t. Proof : First, we observe that S I CORF(pi1 p i1,1, j 1 LNF(p i1 p i1, j 1 ( p i1 (p i1,1, j 1 p 1 p i1 1 p i1 +1 p m ( p i1 (p i1,1, j 1 + p i1 (p i1,1, j 1 p 1 p i1 1 p i1 +1 p m ( 0 + p i1 (p i1,1, j 1 p 1 p i1 1 p i1 +1 p m (By making use of ABC(AB +C 0 (p i1,1, j 1 p 1 p i1 1 p i1 p i1 +1 p m (p i1,1, j 1 S Now, S( t I CORF(pi1 p i1,1, j 1 LNF(p i1 p i1, j 1 ( t S( t I CORF(pi1 p i1,1, j 1 LNF(p i1 p i1, j 1 ( t = 1 (p i1,1, j 1 S evaluates to 1 on t t FP(S such that p i1,1, j 1 = 1 on t. Hence, the result follows. Theorem 4.31 (CORF with LOF - Case 1 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term p i1 in S is implemented as p i1,1, j 1 and the j 2 -th literal x i 2 j2 in the i 2 -th term p i2 in S is omitted where p i1 = p i1,1, j 1 p i1, j 1 +1,k i1, 1 i 1 1 are the numbers of literals of p i1 and p i2 respectively, the resulting implementation denoted as I CORF(pi1 p i1,1, j 1 LOF(p i2 p i2, ĵ is equivalent to that given by Expression (31 2 in Table 1. Then, we have S I CORF(pi1 p i1,1, j 1 LOF(p i2 p i2, ĵ there is a 2 test case t that satisfies any of the following conditions: 1. t NFP i2, j 2 (S, or Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 64 of 109

69 2. t FP(S such that p i1,1, j 1 =1 on t. Proof : First, we observe that S I CORF(pi1 p i1,1, j 1 LOF(p i2 p i2, ĵ 2 ( (p i1 + p i2 (p i1,1, j 1 + p i2, ĵ 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( (p i1 + p i2 (p i1,1, j 1 + p i2, ĵ 2 + (p i1 + p i2 (p i1,1, j 1 + p i2, ĵ 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( (p i1 + p i2 (p i1,1, j 1 p i2, ĵ 2 + p i1 p i2 (p i1,1, j 1 + p i2, ĵ 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( p i1 p i2 (p i1,1, j 1 + p i2, ĵ 2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By making use of AB(A + B 0 and AB(A 0 ( p i1 p i2 (p i1,1, j 1 + p i1 p i2 p i2, j 2 p1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By rewriting (AB(A as (AB(AB because they are equivalent (p i1,1, j 1 p 1 p i1 1 p i1 p i1 +1 p i2 1 p i2 p i2 +1 p m +p i2, j 2 p 1 p i1 1 p i1 p i1 +1 p i2 1 p i2 p i2 +1 p m (p i1,1, j 1 S + p i2, j 2 S p i2, j 2 S + (p i1,1, j 1 S Now, S( t I CORF(pi1 p i1,1, j 1 LOF(p i2 p i2, ĵ 2 ( t S( t I CORF(pi1 p i1,1, j 1 LOF(p i2 p i2, ĵ 2 ( t = 1 p i2, j 2 S + (p i1,1, j 1 S evaluates to 1 on t t satisfies any of the following conditions: 1. t NFP i2, j 2 (S, or 2. t FP(S such that p i1,1, j 1 =1 on t. Hence, the result follows. Theorem 4.32 (CORF with LOF - Case 2 Let S=p p m be a Boolean specification in IDNF. Suppose that the i 1 -th term p i1 in S is Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 65 of 109

70 implemented as p i1,1, j 1 and the j 1 -th literal x i 1 j1 in the i 1 -th term p i1 in S is omitted where p i1 = p i1,1, j 1 p i1, j 1 +1,k i1, 1 i 1 m, 1 < j 1 < k i1 and k i1 is the number of literals of p i1, the resulting implementation denoted as I CORF(pi1 p i1,1, j 1 LOF(p i1 p i1, ˆ j 1 is equivalent to that given by Expression (32 in Table 1. Then, S I CORF(pi1 p i1,1, j 1 LOF(p i1 p i1, jˆ if 1 and only if there is a test case t FP(S such that p i1,1, j 1 1 = 1 on t. Proof : First, we observe that S I CORF(pi1 p i1,1, j 1 LOF(p i1 p i1, jˆ 1 ( p i1 (p i1,1, j 1 1 p 1 p i1 1 p i1 +1 p m ( p i1 (p i1,1, j p i1 (p i1,1, j 1 1 p 1 p i1 1 p i1 +1 p m ( 0 + p i1 (p i1,1, j 1 1 p 1 p i1 1 p i1 +1 p m (By making use of ABC(A +C 0 (p i1,1, j 1 1 p 1 p i1 1 p i1 p i1 +1 p m (p i1,1, j 1 1 S Now, S( t I CORF(pi1 p i1,1, j 1 LOF(p i1 p i1, ĵ 2 ( t S( t I CORF(pi1 p i1,1, j 1 LOF(p i1 p i1, ĵ 2 ( t = 1 (p i1,1, j 1 1 S evaluates to 1 on t t FP(S such that p i1,1, j 1 1 = 1 on t. Hence, the result follows. Theorem 4.33 (CORF with LIF - Case 1 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term, p i1, in S is implemented as p i1,1, j 1 and the literal x l2 is inserted into the i 2 -th term, p i2, in S where p i1 = p i1,1, j 1 p i1, j 1 +1,k i1, 1 i 1 < i 2 m, 1 j 1 < k i1, k i1 is the number of literals of p i1 and x l2 is a missing literal of p i2, the resulting implementation denoted as I CORF(pi1 p i1,1, j 1 LIF(p i2 p i2 x l2 is equivalent to that given by Expression (33 in Table 1. Then, S I CORF(pi1 p i1,1, j 1 LIF(p i2 p i2 x l2 there is a test case t that satisfies any of the following conditions: Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 66 of 109

71 1. t UTP i2 (S such that p i1,1, j 1 + x l2 =0 on t, or 2. t FP(S, such that p i1,1, j 1 =1 on t. Proof : First, we observe that S I CORF(pi1 p i1,1, j 1 LIF(p i2 p i2 x l2 ( (p i1 + p i2 (p i1,1, j 1 + p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( (p i1 + p i2 (p i1,1, j 1 + p i2 x l2 + (p i1 + p i2 (p i1,1, j 1 + p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( (p i1 + p i2 (p i1,1, j 1 (p i2 x l2 + p i1 p i2 (p i1,1, j 1 + p i2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( 0 + (p i1,1, j 1 p i2 x l2 + p i1 p i2 (p i1,1, j p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By making use of AB(A + B 0, A(AB AB and (A(AC 0 ( (p i1,1, j 1 p i1 p i2 x l2 + p i1 p i2 (p i1,1, j 1 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By rewriting A + B as (A + B(AB because they are equivalent (p i1,1, j 1 p i2 x l2 p 1 p i1 1 p i1 p i1 +1 p i2 1 p i2 +1 p m +(p i1,1, j 1 p 1 p i1 1 p i1 p i1 +1 p i2 1 p i2 p i2 +1 p m p i2 (p i1,1, j 1 + x l2 p 1 p i2 1 p i2 +1 p m + (p i1,1, j 1 S Now, S( t I CORF(pi1 p i1,1, j 1 LIF(p i2 p i2 x l2 ( t S( t I CORF(pi1 p i1,1, j 1 LIF(p i2 p i2 x l2 ( t p i2 (p i1,1, j 1 + x l2 p 1 p i2 1 p i2 +1 p m +(p i1,1, j 1 S evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i2 (S such that p i1,1, j 1 + x l2 =0 on t, or 2. t FP(S, such that p i1,1, j 1 =1 on t. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 67 of 109

72 Hence, the result follows. Theorem 4.34 (CORF with LIF - Case 2 Let S = p p m be a Boolean specification in IDNF. Suppose that p i1 in S is implemented as p i1,1, j 1 and the literal x l2 is inserted into p i1 where p i1 = p i1,1, j 1 p i1, j 1 +1,k i1, 1 i 1 m, 1 j 1 < k i1, k i1 is the number of literals of p i1 and x l2 is a missing literal of p i1, the resulting implementation denoted as I CORF(pi1 p i1,1, j 1 LIF(p i1 p i1 x l2 is equivalent to that given by Expression (34 in Table 1. Then, S I CORF(pi1 p i1,1, j 1 LIF(p i1 p i1 x l2 there is a test case t that satisfies any of the following conditions: 1. t FP(S such that p i1,1, j 1 x l2 = 1 on t, or 2. t FP(S such that p i1, j 1 +1,k i1 = 1 on t. Proof : First, we observe that S I CORF(pi1 p i1,1, j 1 LIF(p i1 p i1 x l2 ( p i1 (p i1,1, j 1 x l2 p 1 p i1 1 p i1 +1 p m ( p i1 (p i1,1, j 1 x l2 + p i1 (p i1,1, j 1 x l2 p 1 p i1 1 p i1 +1 p m ( 0 + p i1 (p i1,1, j 1 x l2 p 1 p i1 1 p i1 +1 p m (By making use of AB(A +C 0 (p i1,1, j 1 x l2 p 1 p i1 1 p i1 p i1 +1 p m (p i1,1, j 1 x l2 S p i1,1, j 1 x l2 S S Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 68 of 109

73 Now, S( t I CORF(pi1 p i1,1, j 1 LIF(p i1 p i1 x l2 ( t S( t I CORF(pi1 p i1,1, j 1 LIF(p i1 p i1 x l2 ( t = 1 p i1,1, j 1 x l2 S S evaluates to 1 on t t satisfies any of the following conditions: 1. t FP(S such that p i1,1, j 1 x l2 = 1 on t, or 2. t FP(S such that p i1, j 1 +1,k i1 = 1 on t. Hence, the result follows. Theorem 4.35 (CORF with LRF - Case 1 Let S=p p m be a Boolean specification in IDNF. Suppose that the i 1 -th term p i1 in S is implemented as p i1,1, j 1 and the j 2 -th literal x i 2 j2 in the i 2 -th term p i2 in S is replaced by the literal x l2 where p i1 = p i1,1, j 1 p i1, j 1 +1,k i1, 1 i 1 < i 2 m, 1 j 1 < k i1, 1 j 2 k i2, k i1 and k i2 are the numbers of literals of p i1 and p i2 respectively and x l2 is a missing literal of p i2, the resulting implementation denoted as I CORF(pi1 p i1,1, j 1 LRF(p i2 p i2, ĵ x 2 l2 is equivalent to that given by Expression (35 in Table 1. Then, S I CORF(pi1 p i1,1, j 1 LRF(p i2 p i2, ĵ x 2 l2, if and only if there is a test case t that satisfies any of the following conditions: 1. t UTP i2 (S such that p i1,1, j 1 + x l2 =0 on t, or 2. t NFP i2, j 2 (S such that x l2 =1 on t, or 3. t FP(S such that p i1,1, j 1 = 1 on t. Proof : First, we observe that S I CORF(pi1 p i1,1, j 1 LRF(p i2 p i2, ĵ 2 x l2 ( (p i1 + p i2 (p i1,1, j 1 + p i2, ĵ 2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( (p i1 + p i2 (p i1,1, j 1 + p i2, ĵ 2 x l2 + (p i1 + p i2 (p i1,1, j 1 + p i2, ĵ 2 x l2 Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 69 of 109

74 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( (p i1 + p i2 (p i1,1, j 1 (p i2, ĵ 2 x l2 + p i1 p i2 (p i1,1, j 1 + p i2, ĵ 2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m ( 0 + (p i1,1, j 1 p i2 x l2 + p i1 p i2 (p i1,1, j 1 + p i1 p i2 p i2, ĵ 2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By making use of AB(A + B 0 and AB(AC ABC ( (p i1,1, j 1 p i1 p i2 x l2 + p i1 p i2 (p i1,1, j 1 + p i1 p i2 p i2, j 2 x l2 p 1 p i1 1 p i1 +1 p i2 1 p i2 +1 p m (By rewriting A + B as (A + B(AB because they are equivalent; and (AB(A as (AB(AB because they are equivalent (p i1,1, j 1 p i2 x l2 p 1 p i1 1 p i1 p i1 +1 p i2 1 p i2 +1 p m +(p i1,1, j 1 p 1 p i1 1 p i1 p i1 +1 p i2 1 p i2 p i2 +1 p m +p i2, j 2 x l2 p 1 p i1 1 p i1 p i1 +1 p i2 1 p i2 p i2 +1 p m p i2 (p i1,1, j 1 + x l2 p 1 p i2 1 p i2 +1 p m + (p i1,1, j 1 S + p i2, j 2 x l2 S p i2 (p i1,1, j 1 + x l2 p 1 p i2 1 p i2 +1 p m + p i2, j 2 x l2 S + (p i1,1, j 1 S Now, S( t I CORF(pi1 p i1,1, j 1 LRF(p i2 p i2, ĵ 2 x l2 ( t S( t I CORF(pi1 p i1,1, j 1 LRF(p i2 p i2, ĵ 2 x l2 ( t = 1 p i2 (p i1,1, j 1 + x l2 p 1 p i2 1 p i2 +1 p m + p i2, j 2 x l2 S +(p i1,1, j 1 S evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i2 (S such that p i1,1, j 1 + x l2 = 0 on t, or 2. t NFP i2, j 2 (S such that x l2 = 1 on t, or 3. t FP(S such that p i1,1, j 1 =1 on t. Hence, the result follows. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 70 of 109

75 Theorem 4.36 (CORF with LRF - Case 2 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term p i1 in S is implemented as p i1,1, j 1 and the j 1 -th literal x i 1 j1 in the i 1 -th term p i1 in S is replaced by x l2 where p i1 = p i1,1, j 1 p i1, j 1 +1,k i1, 1 i 1 m, 1 j 1 < k i1, k i1 is the number of literals of p i1 and x l2 is a missing literal of p i1, the resulting implementation denoted as I CORF(pi1 p i1,1, j 1 LRF(p i1 p i1, ĵ x 1 l2 is equivalent to that given by Expression (36 in Table 1. Then, S I CORF(pi1 p i1,1, j 1 LRF(p i1 p i1, ĵ x 1 l2 there is a test case t that satisfies any of the following conditions: 1. t FP(S such that p i1,1, j 1 1x l2 = 1 on t, or 2. t FP(S such that p i1, j 1 +1,k i1 = 1 on t. Proof : First, we observe that S I CORF(pi1 p i1,1, j 1 LRF(p i1 p i1, ĵ x 1 l2 ( p i1 (p i1,1, j 1 1x l2 p 1 p i1 1 p i1 +1 p m ( p i1 (p i1,1, j 1 1x l2 + p i1 (p i1,1, j 1 1x l2 p 1 p i1 1 p i1 +1 p m ( 0 + p i1 (p i1,1, j 1 1x l2 p 1 p i1 1 p i1 +1 p m (By making use of ABC(AD +C 0 (p i1,1, j 1 1x l2 p 1 p i1 1 p i1 p i1 +1 p m (p i1,1, j 1 1x l2 S p i1,1, j 1 1x l2 S S Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 71 of 109

76 Now, S( t I CORF(pi1 p i1,1, j 1 LRF(p i1 p i1, ĵ 1 x l2 ( t S( t I CORF(pi1 p i1,1, j 1 LRF(p i1 p i1, ĵ 1 x l2 ( t = 1 p i1,1, j 1 1x l2 S S evaluates to 1 on t t satisfies any of the following conditions: 1. t FP(S such that p i1,1, j 1 1x l2 = 1 on t, or 2. t FP(S such that p i1, j 1 +1,k i1 = 1 on t. Hence, the result follows. It should be noted that, when j 1 = 1, the term p i1,1, j 1 1x l2 in the first detection condition in Theorem 4.36 degenerates to x l Detection Conditions on 6 Remaining Double-Fault Expressions In this section, we study the detection conditions of 6 double-fault expressions in double faults with ordering which do not have their equivalent counterparts in double faults without ordering. Theorem 4.37 (ENF LIF - Case 3 Let S=p p m be a Boolean specification in IDNF. Suppose that the subexpression p i1 + + p h1 in S is negated and then the literal x l2 is inserted into the newly created term, p i1 + + p h1, where 1 i 1 < h 1 m and x l2 is a literal of S, the resulting implementation denoted as I ENF(pi1 + +p h1 p i1 + +p h1 LIF(p i1 + +p h1 p i1 + +p h1 x l2 is equivalent to that given by Expression (43 in Table 1. Then, S I ENF(pi1 + +p h1 p i1 + +p h1 LIF(p i1 + +p h1 p i1 + +p h1 x l2 there is a test case t that satisfies any of the following conditions: Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 72 of 109

77 1. t ( [ h 1 i=i 1 TP i (S \ ( m[ TP i (S, or i i 1,...,h 1 2. t FP(S such that x l2 =1 on t. Proof : First, we observe that S I ENF(pi1 + +p h1 p i1 + +p h1 LIF(p i1 + +p h1 p i1 + +p h1 x l2 ( (p i1 + + p h1 p i1 + + p h1 x l2 p1 p i1 1 p h1 +1 p m ( (p i1 + + p h1 (p i1 + + p h1 x l2 + (p i1 + + p h1 p i1 + + p h1 x l2 p1 p i1 1 p h1 +1 p m ( (p i1 + + p h1 + p i1 + + p h1 x l2 p1 p i1 1 p h1 +1 p m (By making use of A AB A (p i1 + + p h1 p 1 p i1 1 p h1 +1 p m + x l2 p 1 p i1 p h1 p m (p i1 + + p h1 p 1 p i1 1 p h1 +1 p m + x l2 S Now, S( t I ENF(pi1 + +p h1 p i1 + +p h1 LIF(p i1 + +p h1 p i1 + +p h1 x l2 ( t S( t I ENF(pi1 + +p h1 p i1 + +p h1 LIF(p i1 + +p h1 p i1 + +p h1 x l2 ( t = 1 (p i1 + + p h1 p 1 p i1 1 p h1 +1 p m + x l2 S evaluates to 1 on t t satisfies any of the following conditions: 1. t ( [ h 1 i=i 1 TP i (S \ ( m[ TP i (S, or i i 1,...,h 1 2. t FP(S such that x l2 =1 on t. Hence, the result follows. Theorem 4.38 (TNF LIF - Case 3 Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term p i1 in S is negated and then the literal x l2 is inserted into the newly created term p i1 where 1 i 1 m and x l2 is a literal of S, the resulting implementation denoted as I TNF(pi1 p i1 LIF( p i1 p i1 x l2 is equivalent to that given by Expression (52 in Table 1. Then, we Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 73 of 109

78 have S I TNF(pi1 p i1 LIF( p i1 p i1 x l2 there is a test case t that satisfies any of the following conditions: 1. t UTP i1 (S, or 2. t FP(S such that x l2 = 1 on t. Proof : First, we observe that S I TNF(pi1 p i1 LIF( p i1 p i1 x l2 (p i1 p i1 x l2 p 1 p i1 1 p i1 +1 p m ( p i1 p i1 x l2 + p i1 p i1 x l2 p1 p i1 1 p i1 +1 p m (p i1 + p i1 x l2 p 1 p i1 1 p i1 +1 p m (By making use of A AB A p i1 p 1 p i1 1 p i1 +1 p m + x l2 p 1 p i1 p m p i1 p 1 p i1 1 p i1 +1 p m + x l2 S Now, S( t I TNF(pi1 p i1 LIF( p i1 p i1 x l2 ( t S( t I TNF(pi1 p i1 LIF( p i1 p i1 x l2 ( t = 1 p i1 p 1 p i1 1 p i1 +1 p m + x l2 S evaluates to 1 on t t satisfies any of the following conditions: 1. t UTP i1 (S, or 2. t FP(S such that x l2 = 1 on t. Hence, the result follows. Theorem 4.39 (CORF with LIF - Case 2(b Let S = p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term p i1 in S is implemented as p i1,1, j 1 and then the ( j th literal x i 1 j1 +1 of p i 1 is inserted into the newly created term p i1,1, j 1 where p i1 = p i1,1, j 1 p i1, j 1 +1,k i1, 1 i 1 Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 74 of 109

79 m, 1 j 1 < k i1 and k i1 is the number of literals of p i1, the resulting implementation denoted as I CORF(pi1 p i1,1, j 1 LIF(p i1,1, j 1 p i1,1, j 1 x i 1 is equivalent to that given by Expression (73 in j1 +1 Table 1. Then, S I CORF(pi1 p i1,1, j 1 LIF(p i1,1, j 1 p i1,1, j 1 x i 1 there is a test j1 +1 case t FP(S such that p i1,1, j 1 +1 = 1 on t. Proof : First, we observe that S I CORF(pi1 p i1,1, j 1 LIF(p i1,1, j 1 p i1,1, j 1 x i 1 j1 +1 ( p i1 (p i1,1, j 1 +1 p 1 p i1 1 p i1 +1 p m ( p i1 (p i1,1, j p i1 (p i1,1, j 1 +1 p 1 p i1 1 p i1 +1 p m ( 0 + p i1 (p i1,1, j 1 +1 p 1 p i1 1 p i1 +1 p m (By making use of ABC(AB + BC 0 (p i1,1, j 1 +1 S Now, S( t I CORF(pi1 p i1,1, j 1 LIF(p i1,1, j 1 p i1,1, j 1 x i 1 j1 +1 ( t S( t I CORF(pi1 p i1,1, j 1 LIF(p i1,1, j 1 p i1,1, j 1 x i 1 j1 +1 ( t = 1 (p i1,1, j 1 +1 S evaluates to 1 on t t FP(S such that p i1,1, j 1 +1 = 1 on t. Hence, the result follows. Theorem 4.40 (CORF with LIF - Case 2(c Let S = p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term p i1 in S is implemented as p i1,1, j 1 and then the negation of the ( j th literal x i 1 j1 +1 of p i 1 is inserted into the newly created term p i1,1, j 1 where p i1 = p i1,1, j 1 p i1, j 1 +1,k i1, 1 i 1 m, 1 j 1 < k i1 and k i1 is the number of literals of p i1, the resulting implementation denoted as I CORF(pi1 p i1,1, j 1 LIF(p i1,1, j 1 p i1,1, j 1 x i 1 is equivalent to that j1 +1 given by Expression (74 in Table 1. Then, S I CORF(pi1 p i1,1, j 1 LIF(p i1,1, j 1 p i1,1, j 1 x i 1 j1 +1 there is a test case t FP(S such that p i1,1, j 1 x i 1 j p i 1, j 1 +1,k i1 = 1 on t. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 75 of 109

80 Proof : First, we observe that S I CORF(pi1 p i1,1, j 1 LIF(p i1,1, j 1 p i1,1, j 1 x i 1 j1 +1 ( p i1 (p i1,1, j 1 x i 1 j p i 1, j 1 +1,k i1 p 1 p i1 1 p i1 +1 p m ( p i1 (p i1,1, j 1 x i 1 j p i 1, j 1 +1,k i1 + p i1 (p i1,1, j 1 x i 1 j p i 1, j 1 +1,k i1 p 1 p i1 1 p i1 +1 p m ( 0 + (p i1,1, j 1 x i 1 j p i 1, j 1 +1,k i1 p i1 p1 p i1 1 p i1 +1 p m (By making use of ABC(AB + BC 0 (p i1,1, j 1 x i 1 j p i 1, j 1 +1,k i1 p 1 p i1 1 p i1 p i1 +1 p m (p i1,1, j 1 x i 1 j p i 1, j 1 +1,k i1 S Now, S( t I CORF(pi1 p i1,1, j 1 LIF(p i1,1, j 1 p i1,1, j 1 x i 1 j1 +1 ( t S( t I CORF(pi1 p i1,1, j 1 LIF(p i1,1, j 1 p i1,1, j 1 x i 1 j1 +1 ( t = 1 (p i1,1, j 1 x i 1 j p i 1, j 1 +1,k i1 S evaluates to 1 on t t FP(S such that p i1,1, j 1 x i 1 j p i 1, j 1 +1,k i1 = 1 on t. Hence, the result follows. Theorem 4.41 (CORF with LRF - Case 2(b Let S = p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term, p i1, in S is implemented as p i1,1, j 1 and then the literal x i 1 j1 in the newly created term p i1,1, j 1 is replaced by x i 1 j1 +1 where p i 1 = p i1,1, j 1 p i1, j 1 +1,k i1, 1 i 1 m, 1 j 1 < k i1 and k i1 is the number of literals of p i1, the resulting implementation denoted as I CORF(pi1 p i1,1, j 1 LRF(p i1,1, j 1 p i1,1, j 1 1 x i 1 is equivalent to that given by Expression (77 j1 +1 in Table 1. Then, we have S I CORF(pi1 p i1,1, j 1 LRF(p i1,1, j 1 p i1,1, j 1 1 x i 1 j1 +1 there is a test case t FP(S such that p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 = 1 on t. Proof : First, we observe that S I CORF(pi1 p i1,1, j 1 LRF(p i1,1, j 1 p i1,1, j 1 1 x i 1 j1 +1 ( p i1 (p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 p 1 p i1 1 p i1 +1 p m ( p i1 (p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 + p i1 (p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 p 1 p i1 1 p i1 +1 p m ( 0 + (p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 p i1 p1 p i1 1 p i1 +1 p m (By making use of ABCD(AC +CD 0 Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 76 of 109

81 (p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 p 1 p i1 1 p i1 p i1 +1 p m (p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 S Now, S( t I CORF(pi1 p i1,1, j 1 LRF(p i1,1, j 1 p i1,1, j 1 1 x i 1 j1 +1 S( t I CORF(pi1 p i1,1, j 1 LRF(p i1,1, j 1 p i1,1, j 1 1 x i 1 j1 +1 ( t = 1 (p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 S evaluates to 1 on t t FP(S such that p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 = 1 on t. Hence, the result follows. Theorem 4.42 (CORF with LRF - Case 2(c Let S=p p m be a Boolean specification in irredundant disjunctive normal form. Suppose that the i 1 -th term p i1 in S is implemented as p i1,1, j 1 and then the j 1 -th literal x i 1 j1 in the newly created term p i1,1, j 1 is replaced by x i 1 j1 +1 where p i 1 = p i1,1, j 1 p i1, j 1 +1,k i1, 1 i 1 m, 1 j 1 < k i1 and k i1 is the number of literals of p i1, the resulting implementation denoted as I CORF(pi1 p i1,1, j 1 LRF(p i1,1, j 1 p i1,1, j 1 1 x i 1 is equivalent to that given by Expression (78 j1 +1 in Table 1. Then, we have S I CORF(pi1 p i1,1, j 1 LRF(p i1,1, j 1 p i1,1, j 1 1 x i 1 j1 +1 there is a test case t FP(S such that p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 = 1 on t. Proof : First, we observe that S I CORF(pi1 p i1,1, j 1 LRF(p i1,1, j 1 p i1,1, j 1 1 x i 1 j1 +1 ( p i1 (p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 p 1 p i1 1 p i1 +1 p m ( p i1 (p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 + p i1 (p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 p 1 p i1 1 p i1 +1 p m ( 0 + (p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 p i1 p1 p i1 1 p i1 +1 p m (By making use of ABCD(AC +CD 0 (p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 p 1 p i1 1 p i1 p i1 +1 p m (p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 S Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 77 of 109

82 Now, S( t I CORF(pi1 p i1,1, j 1 LRF(p i1,1, j 1 p i1,1, j 1 1 x i 1 j1 +1 S( t I CORF(pi1 p i1,1, j 1 LRF(p i1,1, j 1 p i1,1, j 1 1 x i 1 j1 +1 ( t = 1 (p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 S evaluates to 1 on t t FP(S such that p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 = 1 on t. Hence, the result follows. In summary, Table 2 shows all double fault classes, their corresponding double-fault expressions and detection conditions. For example, the second row of Table 2 presents the detection conditions of two double-fault expressions of ENF LOF. For double-fault expression (3, 4 the detection condition is any point in TP i (S \ ( m[ ( [ h 1 TP i (S such that pi2, ĵ 2 = 0 or any point in FP(S. i=i 1 i i 1,...,h 1 This means that any test case that satisfies the condition can be used to distinguish S from Expression (3. Similarly, for Expression (4, any true point of S ( [ h 1 in TP i (S \ ( m[ TP i (S or any i=i 1 i i 1,...,h 1 false point of S such that p i1, ĵ 2 = 0 can be used to distinguish S from the expression. 5 Fault Detecting Capabilities of Existing Testing Strategies As mentioned previously, Lau et al. [7] studied double fault related to terms in Boolean expressions. They found that all double faults related to terms can be detected by any strategy which subsumes the BASIC strategy which is originally developed for detecting single fault classes. However, [8] shows that none of the test case selection strategies that aim to detect single faults can guarantee to detect double faults related to literal only. Therefore, six test case selection strategies are proposed by Lau et al. to supplement the MUMCUT strategy in detecting double literal faults [8]. Since double fault classes studied in this report are those involving one term fault and one literal 4 Please refer to Table 1 for the actual double-fault expression. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 78 of 109

83 Table 2: Double fault, double-fault expression and detection condition (S = p p m Fault Class (a Double-fault expressions due to double faults without ordering (Expression No.: Detection Condition ENF ( [ h 1 LNF (1: (C1 any point in (C2 any point in FP(S ( [ h 1 (2: (C1 a any point in i=i 1 TP i (S \ ( m[ i=i 1 +1 TP i (S such that pi2, j 2 = 0, or i i 1,...,h 1,i 2 TP i (S \ ( m [ (C2 any point in FP(S such that p i1, ĵ 2 =0 ENF ( [ h 1 LOF (3: (C1 any point in (C2 any point in FP(S ( [ h 1 (4: (C1 b any point in i=i 1 TP i (S \ ( m[ i=i 1 TP i (S \ ( m[ (C2 any point in FP(S such that p i1, ĵ 2 = 0 ENF ( [ h 1 LIF (5: (C1 any point in i=i 1 TP i (S \ ( m[ (C2 any point in (TP i2 (S ( h 1 (C3 any point in FP(S TP i (S, or i i 1,...,h 1 TP i (S such that pi2, ĵ 2 = 0, or i i 1,...,h 1 TP i (S, or i i 1,...,h 1 TP i (S, i i 1,...,h 1 [ TP i (S i=i 1 (6: (C1 any point in UTP i1 (S such that x l2 = 1, ( [ h 1 (C2 any point in i=i 1 +1 (C3 any point in FP(S ENF ( [ h 1 LRF (7: (C1 any point in (C2 any point in FP(S TP i (S \ ( [ m TP i (S, or i i 1,...,h 1 i=i 1 TP i (S \ ( m[ (8: (C1 any point in UTP i1 (S such that x l2 = 1, ( [ h 1 (C2 any point in i=i 1 +1 TP i (S \ ( m [ (C3 any point in FP(S such that p i1, ĵ 2 x l2 = 0 \ ( [ m TP i (S such that xl2 = 0, or i i 1,...,h 1,i 2 TP i (S such that pi2, ĵ 2 x l2 = 0, or i i 1,...,h 1,i 2 TP i (S, or i i 1,...,h 1 a Please be reminded that when m = 1, this condition degenerates to any point in /0 which can never be satisfied. b Please be reminded that when m = 1, this condition degenerates to any point in TP(S. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 79 of 109

84 Fault Class Table 2 (cont d: Double fault, double-fault expression and detection condition (a (cont d Double-fault expressions due to double faults without ordering (Expression No.: Detection Condition TNF LNF (9: (C1 any point in TP i1 (S \ ( [ m TP i (S such that pi2, j 2 = 0, or i i 1,i 2 TNF LOF TNF LIF (C2 any point in FP(S (10: (C1 any point in FP(S such that p i1, ĵ 2 = 0 (11: (C1 any point in UTP i1 (S such that p i2, ĵ 2 =0, or (C2 any point in FP(S (12: (C1 any point in UTP i1 (S, or (C2 any point in FP(S such that p i1, ĵ 2 = 0 (13: (C1 any point in UTP i1 (S, (C2 any point in (TP i1 (S TP i2 (S \ ( [ m TP i (S such that xl2 = 0, or i i 1,i 2 (C3 any point in FP(S (14: (C1 any point in UTP i1 (S such that x l2 = 1, or (C2 any point in FP(S TNF LRF (15: (C1 any point in TP i1 (S \ ( [ m TP i (S such that pi2, ĵ 2 x l2 = 0, or i i 1,i 2 (C2 any point in FP(S (16: (C1 any point in UTP i1 (S such that x l2 = 1, (C2 any point in FP(S such that p i1, ĵ 2 = 0, or (C3 any point in FP(S such that x l2 = 0 TOF LNF (17: (C1 any point in TP i1 (S \ ( [ m TP i (S such that pi2, j 2 = 0, i i 1,i 2 (C2 any point in TP i2 (S \ ( [ m TP i (S, or i i 1,i 2 TOF LOF TOF LIF (C3 any point in NFP i2, j 2 (S (18: (C1 any point in UTP i1 (S such that p i2, ĵ 2 = 0, or (C2 any point in NFP i2, j 2 (S (19: (C1 any point in UTP i1 (S, (C2 any point in UTP i2 (S such that x l2 =0, or (C3 any point in ( TP i1 (S TP i2 (S \ ( m [ TP i (S i i 1,i 2 such that xl2 =0 Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 80 of 109

85 Fault Class Table 2 (cont d: Double fault, double-fault expression and detection condition (a (cont d Double-fault expressions due to double faults without ordering (Expression No.: Detection Condition TOF LRF (20: (C1 any point in UTP i1 (S such that x l2 = 0, (C2 any point in UTP i1 (S such that p i2, ĵ 2 = 0, (C3 any point in UTP i2 (S such that x l2 = 0, (C4 any point in NFP i2, j 2 (S such that x l2 = 1, or ( (TPi1 (C5 any point in (S TP i2 (S \ ( [ m TP i (S such that x l2 = 0, i i 1,i 2 DORF LNF (21: (C1 any point in TP i1 (S \ ( [ m TP i (S such that pi2, j 2 =0, i i 1,i 2 (C2 any point in TP i1 +1(S \ ( [ m TP i (S such that pi2, j 2 =0, i i 1 +1,i 2 (C3 any point in TP i2 (S \ ( [ m TP i (S such that pi1 p i1 +1 =0, or i i 1,i 1 +1,i 2 (C4 any point in NFP i2, j 2 (S (22: (C1 any point in TP i1 (S \ ( m [ i i 1,i 1 +1 (C2 any point in TP i1 +1(S \ ( m [ i i 1,i 1 +1 TP i (S, or DORF LOF (23: (C1 any point in UTP i1 (S such that p i2, ĵ 2 =0, (C2 any point in UTP i1 +1(S such that p i2, ĵ 2 =0, or (C3 any point in NFP i2, j 2 (S (24: (C1 any point in UTP i1 (S, or (C2 any point in UTP i1 +1(S such that p i1, ĵ 2 = 0 TP i (S such that p i1, j 2 = 0 Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 81 of 109

86 Fault Class DORF LIF Table 2 (cont d: Double fault, double-fault expression and detection condition (a (cont d Double-fault expressions due to double faults without ordering (Expression No.: Detection Condition (25: (C1 any point in UTP i1 (S, (C2 any point in UTP i1 +1(S, (C3 any point in UTP i2 (S such that x l2 = 0, (C4 any point in ( TP i1 (S TP i2 (S \ ( m [ TP i (S i i 1,i 2 (C5 any point in ( TP i1 +1(S TP i2 (S \ ( m [ (26: (C1 any point in UTP i1 (S, (C2 any point in UTP i1 +1(S, or (C3 any point in (TP i1 (S TP i1 +1(S \ ( m [ DORF LRF (27: (C1 any point in UTP i1 (S such that x l2 = 0, TP i (S i i 1 +1,i 2 i i 1,i 1 +1 (C2 any point in UTP i1 (S such that p i2, ĵ 2 = 0, (C3 any point in UTP i1 +1(S such that x l2 = 0, (C4 any point in UTP i1 +1(S such that p i2, ĵ 2 = 0, (C5 any point in UTP i2 (S such that x l2 = 0, (C6 any point in NFP i2, j 2 (S such that x l2 = 1, (C7 any point in ( TP i1 (S TP i2 (S \ ( m [ TP i (S, i i 1,i 2 (C8 any point in ( TP i1 +1(S TP i2 (S \ ( m [ (28: (C1 any point in UTP i1 (S, (C2 any point in UTP i1 +1(S such that p i1, ĵ 2 = 0, (C3 any point in UTP i1 +1(S such that x l2 = 0, or (C4 any point in ( TP i1 (S TP i1 +1(S \ ( m [ TP i (S, i i 1 +1,i 2 i i 1,i 1 +1 CORF LNF (29: (C1 any point in UTP i2 (S such that p i1,1, j 1 = 0, (C2 any point in NFP i2, j 2 (S, or (C3 any point in FP(S such that p i1,1, j 1 = 1 (30: (C1 any point in FP(S such that p i1,1, j 1 = 1 such that xl2 = 0, or such that xl2 = 0 TP i (S such that x l2 = 0 such that xl2 = 0, or such that xl2 = 0 TP i (S such that x l2 = 0 Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 82 of 109

87 Table 2 (cont d: Double fault, double-fault expression and detection condition (a (cont d Double-fault expressions due to double faults without ordering Fault Class CORF LOF CORF LIF (Expression No.: Detection Condition (31: (C1 any point in NFP i2, j 2 (S, or (C2 any point in FP(S such that p i1,1, j 1 = 1 (32: (C1 any point in FP(S such that p i1,1, j 1 1 = 1 (33: (C1 any point in UTP i2 (S such that p i1,1, j 1 + x l2 = 0, or (C2 any point in FP(S such that p i1,1, j 1 = 1 (34: (C1 any point in FP(S such that p i1,1, j 1 x l2 = 1, or (C2 any point in FP(S such that p i1, j 1 +1,k i1 = 1 CORF LRF (35: (C1 any point in UTP i2 (S such that p i1,1, j 1 + x l2 = 0, (C2 any point in NFP i2, j 2 (S such that x l2 = 1, or (C3 any point in FP(S such that p i1,1, j 1 = 1 (36: (C1 any point in FP(S such that p i1,1, j 1 1x l2 = 1, or (C2 any point in FP(S such that p i1, j 1 +1,k i1 = 1 (b Six remaining double-fault expressions due to double faults with ordering Fault Class (Expression No.: Detection Condition ENF ( [ h 1 LIF (43: (C1 any point in i=i 1 TP i (S \ ( m[ (C2 any point in FP(S such that x l2 = 1 TP i (S, or i i 1,...,h 1 TNF LIF (52: (C1 any point in UTP i1 (S, or (C2 any point in FP(S such that x l2 = 1 CORF LIF (73: (C1 any point in FP(S such that p i1,1, j 1 +1 = 1 (74: (C1 any point in FP(S such that p i1,1, j 1 x i 1 j p i 1, j 1 +1,k i1 = 1 CORF LRF (77: (C1 any point in FP(S such that p i1,1, j 1 1x i 1 j p i 1, j 1 +1,k i1 = 1 (78: (C1 any point in FP(S such that p i1,1, j 1 1 x i 1 j p i 1, j 1 +1,k i1 = 1 Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 83 of 109

88 fault. We would like to consider the following questions: 1. Among those test case selection strategies studied in this report, which one can be used to detect all double fault classes considered in this report? 2. If there is none, what double fault classes can be detected by which strategy and what are those that cannot be detected so that we can then propose new test case selection strategy for their detection? Unfortunately, the answer to the first question is negative. In fact, Examples 5.1 and 5.2 illustrate that the MAX-B strategy cannot be used to detect double-fault expressions of type (20 and (27 in Table 1, respectively. As a result, it cannot be used to detect all double faults on term and literal and, hence, all strategies considered in this report cannot be used guarantee the detection of all double faults related to term and literal because they are subsumed by the MAX-B strategy. Example 5.1 Let S = ab + ac + ad + b dē + c dē + b cdē + b c de. Table 3 lists the sets UTP i (S of all unique true points, the sets NFP i, j(s of all near false points, the set OTP(S of all overlapping true points and the set RFP(S of all remaining false points of S. Suppose the first term ab of S is omitted and the literal d in the third term ad of S is replaced by the literal e. The resulting doublefault expression is equivalent to I = ac+ae+b dē+c dē+ b cdē+ b c de. This is a particular instance of double-fault expression of type (20 in Table 1. Note that, S and I are not equivalent because S and I evaluate to 1 and 0 on 11010, respectively. Now, let T be the set that includes (1 all unique true points in UTP i (S for every i, (2 all near false points in NFP i, j(s for every i and j, and (3 4 overlapping true points, namely, 11100, 11101, 11000, and It should be noted that T satisfies the MAX-B strategy because it contains all unique true points of S, all near false points of S, 4 out of the 12 overlapping true points of S, and 5 The selected overlapping true points are underlined in Table 3 for ease of reference. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 84 of 109

89 Table 3: All test cases of S where S = ab + ac + ad + b dē + c dē + b cdē + b c de (a UTP i (S and NFP i, j(s i UTP i (S , NFP i, 1 (S 01111, 01110, 01101, 01011, 01010, , 01110, 01101, 00111, 00110, , 01110, 01011, 01010, 00111, 00110, , NFP i, 2 (S , NFP i, 3 (S , , , , , NFP i, 4 (S , (b OTP(S and RFP(S OTP(S 11100, 11101, 11000, 11110, 10010, 11010, 10110, 10100, 11011, 10111, 11111, RFP(S Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 85 of 109

90 there are no remaining false points of S. Since S and I agree on all points in T, the MAX-B strategy cannot guarantee to detect I. Example 5.2 Let S = ab+ac+ad +b dē+c dē+ b cdē+ b c de be the same expression as in Example 5.1. Table 3 lists all unique true points, near false points, overlapping true points and remaining false points of S. Suppose the first two terms ab and ac of S are wrongly implemented as ab ac and the literal d in the third term ad of S is replaced by the literal e. The resulting double-fault expression is equivalent to I = abac + ae + b dē + c dē + b cdē + b c de. This is a particular instance of double-fault expression of type (27 in Table 1. Note that, S and I are not equivalent because S and I evaluate to 1 and 0 on 11010, respectively. Please also note that the same set T of test cases as in Example 5.1 satisfies the MAX-B strategy. However, S and I agree on all points in T. Thus, the MAX-B strategy cannot guarantee to distinguish S and I. In the rest of this section, we show that the BASIC strategy can detect all remaining double-fault expressions except faulty expressions of type (20 and (27, The following three theorems show that the test set selected by the BASIC strategy satisfies the detection conditions of 40 out of 42 double-fault expressions considered in this report. Table 4 summarizes these 40 double-fault expressions and their corresponding detection conditions in Table 2 that can be satisfied by the BASIC strategy. As a result, the detection conditions of all such 40 double-fault expressions can be satisfied by any test case selection strategy that subsumes the BASIC strategy. The rest of this section are proofs of theorems related to the fault detecting capability of the BASIC strategy. Theorem 5.1 Let S = p p m be a Boolean expression in irredundant disjunctive normal Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 86 of 109

91 Table 4: Conclusions in Theorems satisfying detection conditions in Table 2 (a Double-fault expresssions based on double faults without ordering Double-fault Detection Conclusion in expression condition Theorem 5.1 Theorem 5.2 Theorem 5.3 (1 (C2 (2 (2 (C1 (5 (C2 (3 (3 (C2 (2 (4 (C1 (6 (C2 (3 (5 (C1 (6 (C3 (2 (6 (C2 (5 (C3 (2 (7 (C2 (2 (8 (C2 (5 (9 (C2 (2 (10 (C1 (3 (11 (C2 (2 (12 (C1 (1 (C2 (3 (13 (C1 (1 (C3 (2 (14 (C2 (2 (15 (C2 (2 (16 (C2 (when k i1 > 1 (3 (C1 or (C3 (when k i1 = 1 conc. in 5.3 (17 (C2 (2 (C3 (1 (18 (C2 (1 (19 (C1 (1 (20 No detection conditions can be satisfied by the theorems Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 87 of 109

92 Table 4 (cont d: Conclusions in Theorems satisfying detection conditions in Table 2 (a (cont d Double-fault expresssions based on double fault without ordering Double-fault Detection Conclusion in expression condition Theorem 5.1 Theorem 5.2 Theorem 5.3 (21 (C3 (4 (C4 (1 (22 (C1 (3 (23 (C3 (1 (24 (C1 (1 (25 (C1 (1 (C2 (1 (26 (C1 (1 (C2 (1 (27 No detection conditions can be satisfied by the theorems (28 (C1 (1 (29 (C2 (1 (C3 (5 (30 (C1 (6 (31 (C1 (1 (C2 (5 (32 (C1 (7 (33 (C2 (5 (34 (C2 (4 (35 (C3 (5 (36 (C2 (4 (b Six remaining double-fault expresssions based on double faults with ordering Double-fault Detection Conclusion in expression condition Theorem 5.1 Theorem 5.2 Theorem 5.3 (43 (C1 (6 (52 (C1 (1 (73 (C1 (8 (74 (C1 (9 (77 (C1 (10 (78 (C1 (11 Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 88 of 109

93 form. Suppose that T is the set of near false points formed by selecting a near false point from every possible NFP i, j(s. Then T satisfies the following conditions 1. For every possible NFP i, j(s, there exists t T such that t NFP i, j(s. 2. There exists t T such that t FP(S. 3. For every possible i and j pair where 1 i m, 1 j k i, k i > 1 and k i is the number of literals of p i, there exists t T such that t FP(S and p i, ĵ = For every possible i and j pair where 1 i m, 1 j < k i and k i is the number of literals of p i, there exists t T such that t FP(S and p i, j+1,ki = 1 where p i = p i,1, j p i, j+1,ki For every possible i and j pair where 1 i m, 1 j < k i and k i is the number of literals of p i, there exists t T such that t FP(S and p i,1, j + p i, j+1,ki = 1 where p i = p i,1, j p i, j+1,ki. 6. For every possible i and j pair where 1 i m, 1 < j < k i and k i is the number of literals of p i, there exists t T such that t FP(S and p i,1, j + p i, j+1,ki = 1 where p i = p i,1, j p i, j+1,ki and p i,1, j is obtained from p i,1, j by negating its literal x i j. 7. For every possible i and j pair where 1 i m, 1 < j < k i and k i is the number of literals of p i, there exists t T such that t FP(S and p i,1, j 1 + p i, j+1,ki = 1 where p i = p i,1, j p i, j+1,ki and p i,1, j 1 is obtained from p i,1, j by omitting its literal x i j. 8. For every possible i and j pair where 1 i m, 1 j < k i and k i is the number of literals of p i, there exists t T such that t FP(S and p i,1, j+1 + p i, j+1,ki = 1 where p i = p i,1, j p i, j+1,ki. 9. For every possible i and j pair where 1 i m, 1 j < k i and k i is the number of literals of p i, there exists t T such that t FP(S and p i,1, j x i j+1 + p i, j+1,k i = 1 where p i = p i,1, j p i, j+1,ki. 6 As a reminder, p i,1, j = x1 i...xi j and p i, j+1,k i = x i j+1...xi k i are the terms obtained from p i by keeping its first j literals and last k i j literals, respectively. Furthermore, both p i,1,0 and p i,ki +1,k i are null terms for notational purposes. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 89 of 109

94 10. For every possible i and j pair where 1 i m, 1 j < k i and k i is the number of literals of p i, there exists t T such that t FP(S and p i,1, j 1 x i j+1 + p i, j+1,k i = 1 where p i = p i,1, j p i, j+1,ki. 11. For every possible i and j pair where 1 i m, 1 j < k i and k i is the number of literals of p i, there exists t T such that t FP(S and p i,1, j 1 x i j+1 + p i, j+1,k i = 1 where p i = p i,1, j p i, j+1,ki. Proof : Since S is in IDNF, NFP i, j(s /0 for every possible i and j pair where 1 i m, 1 j k i and k i is the number of literals of p i by Lemma For any possible NFP i, j(s, there exists t T such that t NFP i, j(s by definition of T. Hence, the result follows. 2. By definition of T, there exists t T such that t NFP 1, 1 (S FP(S. Hence, the result follows. 3. Let i and j be such that 1 i m, 1 j k i, k i > 1 and k i is the number of literals of p i in S. We have the following two cases (a When j > 1. By definition of T, there exists t T such that t NFP i, 1 (S FP(S. Now, x i 1 evaluates to 0 on t. Hence, p i, ĵ = xi 1 xi j 1 xi j+1 xi k i = 0 on t. (b When j = 1. By definition of T, there exists t T such that t NFP i, 2 (S FP(S because k i > 1. Now, x i 2 evaluates to 0 on t. Hence, p i, ĵ = p i,ˆ1 = xi 2 xi k i = 0 on t. Hence, the result follows. 4. Let i and j be such that 1 i m, 1 j < k i and k i is the number of literals of p i in S. By definition of T, there exists t T such that t NFP i, j(s FP(S. Therefore, all literals of p i evaluate to 1 on t except x i j which evaluates to 0. Since j < k i, p i, j+1,ki = x i j+1 xi k i = 1. Hence, the result follows. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 90 of 109

95 5. Let i and j be such that 1 i m, 1 j < k i and k i is the number of literals of p i in S. By (4 above, there exists t T such that t FP(S and p i, j+1,ki = 1 on t. Therefore, p i,1, j + p i, j+1,ki = 1 on t. Hence, the result follows. 6. Let i and j be such that 1 i m, 1 < j < k i and k i is the number of literals of p i in S. By definition of T, there exists t T such that t NFP i, j(s FP(S. Therefore, all literals of p i evaluate to 1 on t except x i j which evaluates to 0. As a result, p i,1, j + p i, j+1,ki = x1 i xi j + xi j+1 xi k i = = 1. Hence, the result follows. 7. Let i and j be such that 1 i m, 1 < j < k i and k i is the number of literals of p i in S. By definition of T, there exists t T such that t NFP i, j(s FP(S. Therefore, all literals of p i evaluate to 1 on t except x i j which evaluates to 0. As a result, p i,1, j p i, j1 +1,k i = x1 i xi j xi j 1 +1 xi k i = = 1. Hence, the result follows. 8. Let i and j be such that 1 i m, 1 j < k i and k i is the number of literals of p i in S. By definition of T, there exists t T such that t NFP i, j(s FP(S. Therefore, all literals of p i evaluate to 1 on t except x i j which evaluates to 0. As a result, p i,1, j+1 + p i, j+1,ki = x1 i xi j xi j+1 + xi j+1 xi k i = = 1. Hence, the result follows. 9. Let i and j be such that 1 i m, 1 j < k i and k i is the number of literals of p i in S. By definition of T, there exists t T such that t NFP i, j(s FP(S. Therefore, all literals of p i evaluate to 1 on t except x i j which evaluates to 0. Therefore, p i,1, j x i j+1 + p i, j+1,k i = x1 i xi j xi j+1 + xi j+1 xi k i = = 1. Hence, the result follows. 10. Let i and j be such that 1 i m, 1 j < k i and k i is the number of literals of p i in S. By definition of T, there exists t T such that t NFP i, j(s FP(S. Therefore, all literals of p i evaluate to 1 on t except x i j which evaluates to 0. Therefore, p i,1, j 1x i j+1 + p i, j+1,k i = x1 i xi j 1 xi j+1 + xi j+1 xi k i = = 1. Hence, the result follows. 11. Let i and j be such that 1 i m, 1 j < k i and k i is the number of literals of p i in S. By definition of T, there exists t T such that t NFP i, j(s FP(S. Therefore, all literals Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 91 of 109

96 of p i evaluate to 1 on t except x i j which evaluates to 0. Therefore, p i,1, j 1 x i j+1 + p i, j+1,k i = x i 1 xi j 1 xi j+1 + xi j+1 xi k i = = 1. Hence, the result follows. Theorem 5.2 Let S = p p m be a Boolean expression in irredundant disjunctive normal form. Suppose that T is the set of unique true points formed by selecting a unique true point from every possible UTP i (S. Then T satisfies the following conditions: 1. For every possible UTP i (S, there exists t T such that t UTP i (S. 2. For every possible i 1 and i 2 pair where 1 i 1 < i 2 m, there exists t T such that t TP i2 (S \ ( [ m TP i (S. i i 1,i 2 3. For every possible i 1 where 1 i 1 < m, there exists t T such that t TP i1 (S\ ( m [ i i 1,i 1 +1 TP i (S. 4. For every possible i 1 and i 2 pair where 1 < i < i 2 m, there exists t T such that t TP i2 (S \ ( [ m TP i (S and pi1 p i1 +1 = 0. i i 1,i 1 +1,i 2 5. For every possible i 1 and h 1 pair where 1 i 1 < h 1 m, there exists t T such that t ( [ h 1 TP i (S \ ( [ m TP i (S. i=i 1 +1 i i 1,...,h 1 6. For every possible i 1 and h 1 pair where 1 i 1 < h 1 m, there exists t T such that t ( [ h 1 TP i (S \ ( m[ TP i (S. i=i 1 i i 1,...,h 1 Proof : Since S is in IDNF, UTP i (S /0 for every i where 1 i m by Lemma For any possible UTP i (S, there exists t T such that t UTP i (S by definition of T. Hence, the result follows. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 92 of 109

97 2. Let i 1 and i 2 be such that 1 i 1 < i 2 m. By definition of T, there exists t T such that t UTP i2 (S = (TP i2 (S \ ( [ m TP i (S (TP i2 (S \ ( [ m TP i (S because (A \ (B i i 2 i i 1,i 2 C (A \ B. Hence, the result follows. 3. Let i 1 be such that 1 i 1 < m. By definition of T, there exists t T such that t UTP i1 (S = (TP i1 (S \ ( [ m TP i (S (TP i1 (S \ ( [ m TP i (S. Hence, the result follows. i i 1 i i 1,i Let i 1 and i 2 be such that 1 i 1 + 1, all terms of S evaluate to 0 on t except p i2 which evaluates to 1. Thus, p i1 p i1 +1 evaluates to 0 on t. Hence, the result follows. 5. Let i 1 and h 1 be such that 1 i 1 < h 1 m. By definition of T, there exists t T such that t UTP i1 +1(S = (TP i1 +1(S \ ( [ m TP i (S (TP i1 +1(S \ ( [ m TP i (S i i 1 +1 i i 1,...,h 1 ( ( [ h 1 i=i 1 +1 TP i (S \ ( [ m TP i (S. Hence, the result follows. i i 1,...,h 1 6. Let i 1 and h 1 be such that 1 i 1 < h 1 m. By definition of T, there exists t T such that t UTP i1 (S = (TP i1 (S\ ( [ m ( ( [ h 1 TP i (S TP i (S \ ( m[ TP i (S by using i=i 1 i i 1 i i 1,...,h 1 similar arguments as in (5 above. Hence, the result follows. Theorem 5.3 Let S = p p m be a Boolean expression in irredundant disjunctive normal form and p i1 contains just 1 literal. Suppose that p i1 is negated and its literal is replaced by a missing literal x l2, the resulting implementation denoted as I TNF(pi1 p i1 LRF(p i1 p i1, ˆ j 2 x l2 is equivalent to that given by Expression (16 in Table 1 when k i1 = 1. Then, the BASIC meaningful impact strategy Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 93 of 109

98 can select a point that satisfies either (C1 or (C3 in Table 2 for Expression (16 provided that S I TNF(pi1 p i1 LRF(p i1 p i1, jˆ x 2 l2. Proof : Please be reminded that (C1 and (C3 in Table 2 for Expression (16 are t UTP i1 (S such that x l2 = 1 and t FP(S such that x l2 = 0, respectively. Note that, S = p p i p m and I TNF(pi1 p i1 LRF(p i1 p i1, ˆ j 2 x l2 = p x l p m. Since x l2 is a missing literal of p i1 in S, there exists a term p i2 in S where i 2 i 1 such that it contains either x l2 or x l2. We then have the following two cases 1. x l2 is in p i2. There exists j 3 such that x l2 is the j 3 -th literal of p i2, that is x i 2 j3 = x l2. Now, for any t NFP i2, j 3 (S, t is a false point of S such that x l2 = x i 2 j3 = 0 because p i2, j 3 evaluates to 1 on t. Hence, the BASIC strategy can select a point from NFP i2, j 3 (S that satisfies (C3. 2. x l2 is in p i2. We have the following two cases (a When p i2 contains more than one literal, that is k i2 > 1. There exists j 4 such that 1 j 4 k i2 and x l2 is not the j 4 -th literal of p i2, that is x i 2 j4 x l2. Now, for any t NFP i2, j 4 (S, t is a false point of S such that x l2 = 1 (or, x l2 = 0 because p i2, j 4 evaluates to 1 on t and x l2 is not the j 4 -th literal. Hence, the BASIC strategy can select a point from NFP i2, j 4 (S that satisfies (C3. (b When p i2 contains just one literal, that is k i2 = 1. As a result, p i2 = x l2 and S = p p i x l p m. Since i 2 i 1, any point in UTP i1 (S will make p i2 = x l2 = 0. As a result, any point in UTP i1 (S will make x l2 = 1. Hence, the BASIC strategy can select a point from UTP i1 (S that satisfies (C1. Hence, the result follows. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 94 of 109

99 Theorem 5.4 Let S = p p m be a Boolean expression in irredundant disjunctive normal form. The BASIC meaningful impact strategy can detect double-fault expressions (1 (19, (21 (26, (28 (36, (43, (52, (73, (74, (77 and (78 in Table 1. Proof : Given that S is IDNF, the sets UTP i (S for every possible i and NFP i, j(s for every possible i and j pair are non-empty by Lemma 2.1. The BASIC strategy requires to select a unique true point from UTP i (S for every possible i and a near false point from NFP i, j(s for every possible i and j pair. Let T be a test set generated by the BASIC strategy. The set T can be decomposed into two disjoint sets T u and T n where T = T u T n, T u contains only those unique true points from T and T n contains only those near false points from T. Hence, T n and T u satisfy the conclusions in Theorems 5.1 and 5.2, respectively. Moreover, T satisfies the conclusion in Theorem 5.3. Now, Table 4 indicates that the detection conditions of faulty expressions (1 (19, (21 (26, (28 (36, (43, (52, (73, (74, (77 and (78 in Table 2 can be satisfied by the conclusions in Theorems Hence, all faulty expressions mentioned above can be detected by T. Hence, the result follows. Theorem 5.5 Let S = p p m be a Boolean expression in irredundant disjunctive normal form. Any test case selection strategy that subsumes the BASIC meaningful impact strategy can detect double-fault expressions (1 (19, (21 (26, (28 (36, (43, (52, (73, (74, (77 and (78 in Table 1. Proof : By Theorem 5.4 and the definition of subsumption. As a result, the MUMCUT, MAX-A and MAX-B strategies can detect all those double-fault expressions in Theorem 5.5. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 95 of 109

100 6 Test Case Selection Strategies for Double Fault Detection As discussed in Section 5, any test case selection strategy that subsumes the BASIC strategy can detect 40 out of 42 double-fault expressions in Table 1. For the remaining double-fault expressions (20 and (27, none of the test case selection strategies considered in this report can detect them. Hence, new test case selection strategy is required. In a similar study on double literal faults [8], six test case selection strategies have been proposed to supplement the MUMCUT strategy to detect all double literal faults. After a thorough analysis on the detection conditions of double-fault expressions (20 and (27 in Table 2, we find that only one out of the six test case selection strategies is needed to supplement the MUMCUT strategy in detecting these two faulty expressions. This supplementary strategy is the SMOTP strategy which is described below: The SMOTP strategy: Select test cases from (TP i1 (S TP i2 (S\ m[ TP i (S i i 1,i 2 for every two different terms p i1 and p i2 such that, for every missing literal x l1 of p i1 and every missing literal x l2 of p i2, all possible truth value combinations of x l1 and x l2 (that is, 00, 01, 10, and 11 are covered. The SMOTP strategy was originally developed in [8] to supplement the MUMCUT strategy to guarantee the detection of the double literal fault LIF LIF. It aims to select test cases that satisfy the m[ detection condition (TP i1 (S TP i2 (S \ TP i (S such that x l1 + x l2 =0, where x l1 and i i 1,i 2 x l2 are missing literals for terms p i1 and p i2 of S, respectively. In this section, we will show how the SMOTP stratgy can supplement the MUMCUT strategy in detecting double-fault expressions (20 and (27. However, we first need to show that the BASIC strategy together with the SMOTP strategy cannot detect double-fault expression (20. This is Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 96 of 109

101 Table 5: All test cases of S where S = abd + a bc + b d (a UTP i (S and NFP i, j(s i UTP i (S 1111, , 0010, 0000 NFP i, 1 (S 0111, , 1100, 0110, 0100 NFP i, 2 (S , 0011, 0001 NFP i, 3 (S 1110, (b OTP(S and RFP(S OTP(S 1010 RFP(S -- illustrated in Example 6.1. As a result, the MUMCUT and SMOTP strategies are really needed for detecting all double-fault expressions studied in this report. Example 6.1 Let S = abd + a bc + b d. Table 5 lists all test points of S. Suppose the first term abd is omitted and the literal b in the second term a bc is replaced by d. The resulting double-fault expression is equivalent to I = acd + b d. This faulty expression is in the form of Expression (20 in Table 1. Note that, S and I are not equivalent because S and I evaluate to 1 and 0 on 1101, respectively. Let T = {1111, 0101, 1001, 1100, 1011, 0011, 1110, 1000, 0100, 0001, 1010 }. The test cases in T are underlined in Table 5 for ease of reference. They satisfy the BASIC and SMOTP strategies. However, S and I agree on all points in T. Hence, T cannot be used to distinguish I from S. In the rest of this section, we will show that the MUMCUT and SMOTP strategies together guarantees to select test cases that satisfy the detection conditions (C1 (C5 of Expression (20 and (C1 (C8 of Expression (27. Furthermore, since the MUMCUT strategy subsumes the BASIC Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 97 of 109

102 strategy, the MUMCUT and SMOTP strategies together also guarantee to detect all 42 double-fault expressions considered in this report. The main results are documented as Theorems 6.1 and 6.2. However, we need the following 5 lemmas before discussing these two main theorems. Lemma 6.1 Let S = p p m be a Boolean specification in IDNF and p i1 be a minterm of S. Then, for any term p i2 (i 2 = 1,...,m and i 2 i 1, there are at least 2 literals in p i2 whose negations can be found in p i1. Proof : Since S is an IDNF, by Lemma 2.1, UTP i1 (S /0 and NFP i1, j (S /0 for j = 1,...,k i 1 where k i1 denotes the number of literals in p i1. Since p i1 is a minterm, it contains all variables in S. Suppose, on the contrary, that there are at most 1 literal in p i2 whose negation can be found in p i1. We have the following two cases: 1. No literal in p i2 whose negation can be found in p i1. Thus, all literals in p i2 can be found in p i1. Then, for any point t B n such that p i1 ( t=1, p i2 ( t=1. As a result, UTP i1 (S = /0. This contradicts to the assumption that S is IDNF. 2. There is exactly one literal in p i2 whose negation can be found in p i1. Without loss of generality, we may assume that this literal is the negation of the first literal x i 1 1 in the p i1. Otherwise, we can always rearrange the literal so that it can become the first literal of p i1. Since all other literals except x i 1 1 in p i2 can be found in p i1, for any t B n such that p i1,1 ( t = 1, p i2 ( t = 1. As a result, NFP i1,1(s = /0. This contradicts to assumption that S is IDNF. Hence, the result follows. Lemma 6.1 implies that whenever a Boolean expression S is in IDNF and one of its term is a minterm, every remaining term must have at least two literals and their negations can be found in the minterm. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 98 of 109

103 Lemma 6.2 Let S=p p m be a Boolean specification in irredundant disjunctive normal form, p i be a minterm of S and k i is the number of literals in p i. Then, 1. UTP i (S = { u} 2. NFP i,j (S = { n j } for all j = 1,..., k i 3. u and n j only differ on the literal x i j for all j = 1,..., k i Proof : Note that, p i contains all variables in S because it is a minterm. 1. Thus, TP i (S is a singleton. Since S is an IDNF, by Lemma 2.1, UTP i (S /0. Therefore, UTP i (S = TP i (S because UTP i (S TP i (S. 2. For each j = 1,...,k i, let X j = { t B n : p i, j ( t = 1} where p i, j denotes the term obtained by negating the j-th literal of p i. By definition, elements in NFP i,j (S are those in X j such that S evaluates to 0. Hence, NFP i,j (S X j. Since p i contains all variables in S, so does p i, j. Therefore, X j is singleton. Since S is an IDNF, by Lemma 2.1, NFP i,j (S /0. Therefore, NFP i,j (S = X j. 3. By (1 and (2, UTP i (S = { u} and NFP i,j (S = { n j } for all j = 1,...,k i. By definitions of u and n j, p i ( u =1 and p i, j ( n j =1. Therefore, u and n j differ at x i j for all j = 1,...,k i. Hence, the result follows. The implication of Lemma 6.2 is that, if p i is a minterm, for every possible UTP i (S and NFP i, j (S pair, the only point from UTP i (S and the only point from NFP i, j (S differ only at the corresponding truth value of the literal x i j. Hence, the CUTPNFP strategy can always select these points. Lemma 6.3 Let S=p p m be a Boolean specification in IDNF and p i1 be a minterm of S. Then, UTP i1 (S = { u} and p i2, ĵ ( u = 0 for all 1 i 2 i 1 m and for all 1 j k i2 where k i2 is Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 99 of 109

104 the number of literals in p i2 and p i2, ĵ denotes the term obtained from p i 2 by omitting its j-th literal x i 2 j. Proof : Since p i1 is a minterm, by Lemma 6.2, UTP i1 (S = { u}. Let p i2 be any term in S different from p i1 (i 1 i 2. By Lemma 6.1, there are at least two literals in p i2 whose negations can be found in p i1. Without loss of generality, we may assume that these two literals are x i 2 1 and x i 2 2. Otherwise, we can always rearrange the literals so that they become the first two literals of p i2. Note that, both x i 2 1 and x i 2 2 evaluate to 0 on u because their negations are in p i1. Since x i 2 1 or x i 2 2 must exist in every p i2, ĵ, p i 2, ĵ ( u =0 where 1 j k i 2. Hence, the result follows. Lemma 6.4 Let S = p p m be a Boolean expression in IDNF, and x be a literal of S. If the i-th term of S, p i, is not a minterm and there is at least one point in UTP i (S such that x = 0, then the MUTP strategy will select a point from UTP i (S such that x = 0. Proof : Let p i be the i-th term in S. Since S is irredundant, UTP i (S /0 by Lemma 2.1. Since p i is not a minterm, it has at least one missing literal. Therefore, the MUTP strategy can always be applied on p i. Since x is a literal of S, we have three cases: 1. The literal x appears in p i. Then, x = 1 on all points in UTP i (S. This contradicts to the assumption that there is a point in UTP i (S such that x = 0. Hence, it is impossible for x to be a literal in p i. 2. The literal x appears in p i. Then, x = 0 on all points in UTP i (S. Hence, the MUTP strategy can select a point from UTP i (S such that x = Both literals x and x do not appear in p i. Then, x is a missing literal of p i. Based on the given condition, there exist some points in UTP i (S such that x, as a missing literal, evaluates to Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 100 of 109

105 0. Since the MUTP strategy selects points in UTP i (S such that all possible truth values of every missing literal of p i are covered. Hence, it can select at least a point from UTP i (S such that x evaluates to 0. Hence, the result follows. Lemma 6.4 needs some explanation on how to apply it for the detection of Expressions (20 and (27. Let X 1 be the set { t UTP i (S : x evaluates to 0 on t} of all points t in UTP i (S such that the literal x evaluates to 0 on t. Lemma 6.4 shows that if p i is not a minterm and X 1 is nonempty, the MUTP strategy will be able to select a test case from UTP i (S such that it is in X 1. As a result, test cases selected by the MUTP strategy can satisfy both (C1 and (C3 of Expression (20 provided that the corresponding term is not a minterm and there exists some test cases that can satisfy the corresponding condition. Similarly, the MUTP strategy, if applicable, can select test cases that satisfy (C1, (C3 and (C5 of Expression (27. Lemma 6.5 Let S = p p m be a Boolean expression in IDNF, and p i1 and p i2 (i 1 i 2 be two different terms of S. Suppose that p i1 is not a minterm and that there is at least one point from UTP i1 (S such that p i2, ĵ 2 = 0 where p i2, ĵ 2 = x i 2 1 x i 2 j2 1 xi 2 j2 +1 xi 2 ki2 is the term obtained from p i2 by omitting its j 2 -th literal x i 2 j2 and k i2 (> 1 is the number of literals in p i2. Then, the MUTP strategy can select a point from UTP i1 (S such that p i2, ĵ 2 = 0. Proof : Since S is irredundant, UTP i1 (S /0 by Lemma 2.1. Since p i1 is not a minterm, it has at least one missing literal. Therefore, the MUTP strategy can always be applied on p i1. Since p i1 and p i2 are two different terms of S, we have the following two cases: 1. All literals of p i2, ĵ 2 are in p i1. Then, p i2, ĵ 2 = 1 on all points in UTP i1 (S because all literals in p i1 evaluate to 1. This contradicts to the assumption. Hence, such a case is impossible. 2. There exists some literals of p i2, ĵ 2 such that they do not appear in p ii. Two subcases arise among these literals: Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 101 of 109

106 (a Among these literals, there is at least one literal x such that x appears in p i1. Then, x will evaluate to 0 on all points from UTP i1 (S. As a result, p i2, ĵ 2 evaluates to 0 on all points from UTP i1 (S. Hence, the MUTP strategy can always select a point from UTP i1 (S such that p i2, ĵ 2 = 0 (b Among these literals, all their negations do not appear in p i1. Hence, all these literals are missing literals of p i1. Now, literals in p i2, ĵ 2 can be divided into two groups. The first group contains those literals that are in p i1 whereas the second group contains those literals that are not in p i1. Hence, the negations of all literals in the second group are also not in p i1. If all literals in the second group evaluate to 1 on all points of UTP i1 (S, p i2, ĵ 2 evaluates to 1 on all points of UTP i1. This contradicts to the given condition that p i2, ĵ 2 evaluates to 0 on some point of UTP i1. Hence, there is at least one literal y in the second group such that it evaluates to 0 on some points of UTP i1 (S. In summary, we have (1 both y and ȳ do not appear in p i1 ; and (2 there exist some points in UTP i1 (S such that y, as a missing literal, evaluates to 0. Since the MUTP strategy selects points from UTP i (S such that all possible truth values of every missing literal of p i are covered, for every p i of S. Hence, it can select at least a point from UTP i1 (S such that y = 0, and hence, p i2, ĵ 2 = 0. The result follows. Similar to Lemma 6.4, this lemma needs some explanation on its application. Let X 2 be the set { t UTP i1 (S : p i2, ĵ 2 evaluates to 0 on t where i 2 i 1 } of all points t in UTP i1 (S such that p i2, ĵ 2 evaluates to 0 on t. Lemma 6.5 shows that if p i1 is not a minterm and X 2 is non-empty, the MUTP strategy will be able to select a test case from UTP i1 (S such that it is in X 2. Hence, test cases selected by the MUTP strategy can satisfy (C2 of Expression (20 provided that the corresponding term is not a minterm and there are test cases that satisfy the corresponding condition. Similarly, Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 102 of 109

107 the MUTP strategy, if applicable, can select test cases that satisfy (C2 and (C4 of Expression (27. We are now ready to prove our main theorems that the MUMCUT and SMOTP strategies can detect Expressions (20 and (27. Theorem 6.1 Let S = p p m be a Boolean specification in IDNF. Suppose that the i 1 -th term, p i1, in S is omitted and the j 2 -th literal, x i 2 j2, of the i 2 -th term, p i2, in S is replaced by x l2, where 1 i 1 < i 2 m, 1 j 2 k i2, and x l2 is a missing literal of p i2, the resulting implementation denoted by I will be equivalent to that given by Expression (20 in Table 1. Then, the SMOTP strategy can supplement the MUMCUT strategy to guarantee the detection of Expression (20 provided that S I. Proof : We prove that the SMOTP and MUMCUT strategies can select test cases to collectively satisfy detection conditions (C1 (C5 of Expression (20 in Table 2. Since the SMOTP strategy can only be applied when p i1 is not a minterm, we have the following two cases: 1. The term p i1 is a minterm. By Lemma 6.1, p i2 has at least two literals and their negation can be found in p i1. By Lemma 6.2, UTP i1 (S = { u}, NFP i1, j(s = { n j }, and u and n j only differ on the literal x i 1 j for all j = 1,...,k i1 where k i1 is the number of literals in the term p i1. Thus, the CUTPNFP strategy will select all these points. By Lemma 6.3, p i2, ĵ 2 evaluates to 0 on u. Hence, (C2 can always be satisfied. The CUTPNFP strategy guarantees to select the required test cases. 2. The term p i1 is not a minterm. Since S I, there is at least one test case t such that t satisfies any one of (C1 (C5. We have the following three subcases: (a The test case t satisfies any one of the conditions (C1 (C3. We will prove that the MUTP strategy can select points that satisfy conditions (C1 (C3. However, the points actually selected may not be t. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 103 of 109

108 If t satisfies condition (C1, the MUTP strategy can select test cases that satisfy this condition by Lemma 6.4. If t satisfies condition (C2, the MUTP strategy can select test cases that satisfy this condition by Lemma 6.5. If t satisfies condition (C3, t is a test case from UTP i2 (S such that the missing literal x l2 of p i2 evaluates to 0. Since the MUTP strategy requires to select points from UTP i (S for every i such that all possible truth values of every missing literal of p i are covered and x l2 is a missing literal of p i2, it can select test cases that satisfy (C3. (b The test case t satisfies condition (C4. We will prove that the MNFP strategy can select points that satisfy (C4. However, the points actually selected may not be t. Now, t is a test case from NFP i2, j 2 (S such that the missing literal x l2 of p i2 evaluates to 1. Since the MNFP strategy requires to select points from NFP i, j(s such that all possible truth values of every missing literal of p i are covered, it can select test cases that satisfy (C4. (c The test case t satisfies condition (C5. We will prove that the SMOTP strategy can select points that satisfy (C5 although the points actually selected may not be t. m[ Note that, t is a test case from (TP i1 (S TP i2 (S \ TP i (S such that the i i 1,i 2 missing literal x l2 of p i2 evaluates to 0. Now, since p i1 is not a minterm, it has at least one missing literal. Suppose that x l1 is a missing literal of p i1. The SMOTP strategy requires to select test cases that can collectively cover every possible truth value combinations of the missing literals x l1 and x l2 of p i1 and p i2, respectively, from (TP i1 (S TP i2 (S \ TP i (S for every two different terms p i1 and m[ i i 1,i 2 p i2. As a result, it is straightforward to see that the SMOTP strategy can select test cases that satisfy (C5. Hence, the SMOTP, MUTP and MNFP strategies together can always select test cases that Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 104 of 109

109 satisfy (C1 (C5 provided that p i1 is not a minterm. Hence, the result follows. Theorem 6.2 Let S = p p m be a Boolean specification in IDNF. Suppose that two terms p i1 and p i1 +1, in S are implemented as p i1 p i1 +1 and the j 2 -th literal, x i 2 j2, of the i 2 -th term, p i2, in S is replaced by x l2, where 1 < i < i 2 m, 1 j 2 k i2, and x l2 is a missing literal of p i2, the resulting implementation denoted by I will be equivalent to that given by Expression (27 in Table 1. Then, the SMOTP strategy can supplement the MUMCUT strategy to guarantee the detection of Expression (27 provided that S I. Proof : We will prove that the SMOTP and MUMCUT strategies can select test cases to collectively satisfy detection conditions (C1 (C8 of Expression (27 in Table 2. Since the SMOTP strategy can only be applied when p i1 or p i1 +1 is not a minterm, we have following three cases: 1. p i1 is a minterm. The CUTPNFP strategy guarantees to select the required test case that satisfies condition (C2. The proof is similar to that of Case 1 in Theorem p i1 +1 is a minterm. The CUTPNFP strategy guarantees to select the required test case that satisfies condition (C4. The proof is similar to Case 1 above. 3. Both p i1 and p i1 +1 are not minterms. Since S I, there is at least one test case t such that t satisfies any one of (C1 (C8. We have the following three subcases: (a The test case t satisfies any one of (C1 (C5. We need to prove that the MUTP strategy can select points that satisfy (C1 (C5. However, the points selected may not be t. In fact, the proof is similar to that of Case 2(a in Theorem 6.1. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 105 of 109

110 (b The test case t satisfies (C6. We need prove that the MNFP strategy can select points that satisfy (C6. However, the points selected may not be t. In fact, the proof is similar to that of Case 2(b in Theorem 6.1. (c The test case t satisfies any one of (C7 (C8. We need prove that the SMOTP strategy can select points that satisfy any one of (C7 and (C8. However, the points selected may not be t. In fact, the proof is similar to that of Case 2(c in Theorem 6.1. Hence, the SMOTP, MUTP and MNFP strategies together can always select test cases that satisfy (C1 (C8 provided that both p i1 and p i2 are not minterms. The result follows. 7 Conclusion Double fault classes are modelled as the combination of two single fault classes. In previous studies, we have considered double fault classes related to terms only [7] and those related to literals only [8]. In this report, we consider double fault classes involving a term fault and a literal fault. This report supplements our previous studies and completes our series of analysis [6, 7, 8] of the detection condition of all double fault classes in Boolean expressions. As reported in [6], there are 20 classes of double faults without ordering, which result in 36 different double-fault expressions, and 40 classes of double faults with ordering, which result in 78 doublefault expressions. Since 72 out of 78 double-fault expressions are equivalent to the 36 distinct double-fault expressions due to double faults without ordering, and the 6 remaining double-fault expressions do not have their equivalent counterpart in double faults without ordering. Therefore, Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 106 of 109

111 there are altogether 42 different double-fault expressions among all double-fault classes related to term and literal. In this report, we have studied the detection conditions of these 42 double-fault expressions within the context of Boolean expressions in IDNF. We found that the BASIC, MUMCUT, MAX-A and MAX-B strategies in Section 2.3 are insufficient to detect all double faults studied in this report. However, after a thorough analysis, we found that 40 out of 42 double-fault expressions can be detected by any test case selection strategy which subsumes the BASIC strategy. For the remaining 2 faulty expressions, the SMOTP strategy proposed in [8], which aims at detecting double literal fault LIF LIF, can supplement the MUMCUT strategy to guarantee the detection of these expressions. Since the MUMCUT strategy subsumes the BASIC strategy, the MUMCUT strategy together with SMOTP strategy can detect all double faults studied this report. As for further work, empirical studies are currently underway to evaluate the cost-effectiveness of the MUMCUT strategy and the SMOTP strategy for detecting all double faults on term and literal. We shall also investigate the chance of actually requiring the use of the SMOTP strategy to detect these double faults. Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 107 of 109

112 References [1] J. Atlee and J. Gannon. State-based model checking of event-driven system requirements. IEEE Transactions on Software Engineering, 19(1:24 40, January [2] T. Y. Chen and M. F. Lau. Test case selection strategies based on Boolean specifications. Software Testing, Verification and Reliability, 11(3: , [3] K. S. How Tai Wah. A theoretical study of fault coupling. Software Testing, Verification and Reliability, 10(1:3 45, [4] IEEE. Software Engineering Standards. IEEE Computer Society Press, [5] D. R. Kuhn. Fault classes and error detection capability of specification-based testing. ACM Transactions on Software Engineering and Methodology, 8(4: , [6] M. F. Lau and Y. Liu. The investigation of double faults on term and literal. Technical Report SUTICT-TR , Swinburne University of Technology, [7] M. F. Lau, Y. Liu, and Y. T. Yu. On the detection conditions of double faults related to terms in Boolean expressions. In Proceedings of the Thirtieth Annual International Computer Software and Applications Conference, pages , [8] M. F. Lau, Y. Liu, and Y. T. Yu. On the detection conditions of double faults related to literals in Boolean expressions. In Proceedings of 12th International Conference on Reliable Software Technologies Ada-Europe 2007, number 4498 in LNCS, pages Ada-Europe, Springer-verlag, June [9] M. F. Lau and Y. T. Yu. An extended fault class hierarchy for specification-based testing. ACM Transactions on Software Engineering and Methodology, 14(3: , [10] A. J. Offutt. Investigations of the software testing coupling effect. ACM Transactions on Software Engineering and Methodology, 1(1:5 20, Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 108 of 109

[11] A. J. Offutt, S. Liu, A. Abdurazik, and P. Ammann. Generating test data from state-based specifications. Software Testing, Verification and Reliability, 13(1:25 53, 2003. [12] K. C. Tai.

113 [11] A. J. Offutt, S. Liu, A. Abdurazik, and P. Ammann. Generating test data from state-based specifications. Software Testing, Verification and Reliability, 13(1:25 53, [12] K. C. Tai. Condition-based software testing strategies. In Proceedings of COMPSAC 90, pages , [13] K. C. Tai. Theory of fault-based predicate testing for computer programs. IEEE Transactions on Software Engineering, 22(8: , [14] K. C. Tai and H. K. Su. Test generation for Boolean expressions. In Proceedings of COMP- SAC 87, pages , [15] T. Tsuchiya and T. Kikuno. On fault classes and error detection capability of specificationbased testing. ACM Transactions on Software Engineering and Methodology, 11(1:58 62, [16] E. Weyuker, T. Goradia, and A. Singh. Automatically generating test data from a Boolean specification. IEEE Transactions on Software Engineering, 20(5: , [17] Y. T. Yu, M. F. Lau, and T. Y. Chen. Automatic generation of test cases from Boolean specifications using the MUMCUT strategy. Journal of Systems and Software, 79(6: , Report Title : On Detecting Double Faults Related to Term and Literal in Boolean Expression Page 109 of 109

Requirements-based Test Generation for Predicate Testing

Requirements-based Test Generation for Predicate Testing W. Eric Wong Department of Computer Science The University of Texas at Dallas ewong@utdallas.edu http://www.utdallas.edu/~ewong 1 Speaker Biographical