1 / 71

Verification and Validation

Verification and Validation. Objectives. To introduce software verification and validation and to discuss the distinction between them To describe the program inspection process and its role in V & V To explain static analysis as a verification technique

deiter
Télécharger la présentation

Verification and Validation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Verification and Validation

  2. Objectives • To introduce software verification and validation and to discuss the distinction between them • To describe the program inspection process and its role in V & V • To explain static analysis as a verification technique • To describe the Cleanroom software development process

  3. Topics covered • Introduction to testing • Sources of errors • Why do we need testing ? • Verification and validation planning • Software inspections • Automated static analysis • Cleanroom software development

  4. Nasty question • Suppose you are being asked to lead the team to test the software that controls a new X-ray machine. Would you take that job? • Would you take it if you could name your own price? • What if the contract says you’ll be charged with murder in case a patient dies because of a mal-functioning of the software?

  5. A few spectacular software failures

  6. Failures in Production Software • NASA’s Mars lander, September 1999, crashed due to a units integration fault—over $50 million US ! • Huge losses due to web application failures • Financial services : $6.5 million per hour • Credit card sales applications : $2.4 million per hour • In Dec 2006, amazon.com’s BOGO offer turned into a double discount • 2007 : Symantec says that most security vulnerabilities are due to faulty software • Stronger testing could solve most of these problems World-wide monetary loss due to poor software is staggering Thanks to Dr. Sreedevi Sampath

  7. Bypass Testing Results v — Vasileios Papadimitriou. Masters thesis, Automating Bypass Testing for Web Applications, GMU 2006

  8. Why Does Testing Matter? Ariane 5:exception-handlingbug : forced selfdestruct on maidenflight (64-bit to 16-bitconversion: about370 million $ lost) • NIST report, “The Economic Impacts of Inadequate Infrastructure for Software Testing” (2002) • Inadequate software testing costs the US alone between $22 and $59 billion annually • Better approaches could cut this amount in half • Major failures: Ariane 5 explosion, Mars Polar Lander, Intel’s Pentium FDIV bug • Insufficient testing of safety-critical software can cost lives: • THERAC-25 radiation machine: 3 dead • We want our programs to be reliable • Testing is how, in most cases, we find out if they are Mars PolarLander crashsite? THERAC-25 design

  9. Software is a Skin that Surrounds Our Civilization

  10. Airbus 319 Safety Critical Software Control Loss of autopilot Loss of most flight deck lighting and intercom Loss of both the commander’s and the co‑pilot’s primary flight and navigation displays

  11. Northeast Blackout of 2003 508 generating units and 256 power plants shut down Affected 10 million people in Ontario, Canada Affected 40 million people in 8 US states Financial losses of $6 Billion USD The alarm system in the energy management system failed due to a software error and operators were not informed of the power overload in the system

  12. Software testing is getting more important

  13. Testing in the 21st Century • We are going through a time of change • Software defines behavior • network routers, finance, switching networks, other infrastructure • Today’s software market : • is much bigger • is more competitive • has more users • Agile processes put increased pressure on testers • Embedded Control Applications • airplanes, air traffic control • spaceships • watches • ovens • remote controllers Industry is going through a revolution in what testing means to the success of software products • PDAs • memory seats • DVD players • garage door openers • cell phones

  14. Testing in the 21st Century • More safety critical, real-time software • Enterprise applications means bigger programs, more users • Embedded software is ubiquitous … check your pockets • Paradoxically, free software increases our expectations ! • Security is now all about software faults • Secure software is reliable software • The web offers a new deployment platform • Very competitive and very available to more users • Web apps are distributed • Web apps must be highly reliable Industry desperately needs our inventions !

  15. Mismatch in Needs and Goals • Industry wants testing to be simple and easy • Testers with no background in computing or math • Universities are graduating scientists • Industry needs engineers • Testing needs to be done more rigorously • Agile processes put lots of demands on testing • Programmers must unit test – with no training, education or tools ! • Tests are key components of functional requirements – but who builds those tests ? Bottom line—lots of crappy software

  16. MicroSteff – big software system for the mac Big software program V.1.5.1 Jan/2007 Jan/2007 Verdatim DataLife MF2-HD 1.44 MB Here! Test This! My first “professional” job A stack of computer printouts—and no documentation

  17. Cost of Testing You’re going to spend at least half of your development budget on testing, whether you want to or not • In the real-world, testing is the principle post-design activity • Restricting early testing usually increases cost • Extensive hardware-software integration requires more testing

  18. State-of-the-Art • 30-85 errors are made per 1000 lines of source code • extensively tested software contains 0.5-3 errors per 1000 lines of source code • testing is postponed, as a consequence: the later an error is discovered, the more it costs to fix it. • error distribution: 60% design, 40% implementation. 66% of the design errors are not discovered until the software has become operational.

  19. Relative cost of error correction 100 50 20 10 5 2 1 RE design code test operation

  20. Why Test? If you don’t know why you’re conducting a test, it won’t be very helpful • Written test objectives and requirements are rare • What are your planned coverage levels? • How much testing is enough? • Common objective – spend the budget …

  21. Lessons • Many errors are made in the early phases • These errors are discovered late • Repairing those errors is costly •  It pays off to start testing real early

  22. Why Test? If you don’t start planning for each test when the functional requirements are formed, you’ll never know why you’re conducting the test • 1980: “The software shall be easily maintainable” • Threshold reliability requirements? • What fact is each test trying to verify? • Requirements definition teams should include testers!

  23. Cost of Not Testing Program Managers often say: “Testing is too expensive.” • Not testing is even more expensive • Planning for testing after development is prohibitively expensive • A test station for circuit boards costs half a million dollars … • Software test tools cost less than $10,000 !!!

  24. How then to proceed? • Exhaustive testing most often is not feasible • Random statistical testing does not work either if you want to find errors • Therefore, we look for systematic ways to proceed during testing

  25. Some preliminary questions • What exactly is an error? • How does the testing process look like? • When is test technique A superior to test technique B? • What do we want to achieve during testing? • When to stop testing?

  26. Error, fault, failure • an error is a human activity resulting in software containing a fault • a fault is the manifestation of an error • a fault may result in a failure

  27. When exactly is a failure a failure? • Failure is a relative notion: e.g. a failure w.r.t. the specification document • Verification: evaluate a product to see whether it satisfies the conditions specified at the start: • Have we built the system right? • Validation: evaluate a product to see whether it does what we think it should do: • Have we built the right system?

  28. What is our goal during testing? • Objective 1: find as many faults as possible • Objective 2: make you feel confident that the software works OK

  29. Verification vs validation • Verification: "Are we building the product right”. • The software should conform to its specification. • Validation: "Are we building the right product”. • The software should do what the user really requires.

  30. The V & V process • Is a whole life-cycle process - V & V must be applied at each stage in the software process. • Has two principal objectives • The discovery of defects in a system; • The assessment of whether or not the system is useful and useable in an operational situation.

  31. V& V goals • Verification and validation should establish confidence that the software is fit for purpose. • This does NOT mean completely free of defects. • Rather, it must be good enough for its intended use and the type of use will determine the degree of confidence that is needed.

  32. V & V confidence • Depends on system’s purpose, user expectations and marketing environment • Software function • The level of confidence depends on how critical the software is to an organisation. • User expectations • Users may have low expectations of certain kinds of software. • Marketing environment • Getting a product to market early may be more important than finding defects in the program.

  33. Static and dynamic verification • Software inspections. Concerned with analysis of the static system representation to discover problems (static verification) • May be supplement by tool-based document and code analysis • Software testing. Concerned with exercising and observing product behaviour (dynamic verification) • The system is executed with test data and its operational behaviour is observed

  34. Static and dynamic V&V

  35. Program testing • Can reveal the presence of errors NOT their absence. • The only validation technique for non-functional requirements as the software has to be executed to see how it behaves. • Should be used in conjunction with static verification to provide full V&V coverage.

  36. Types of testing • Defect testing • Tests designed to discover system defects. • A successful defect test is one which reveals the presence of defects in a system. • Covered in Chapter 23 • Validation testing • Intended to show that the software meets its requirements. • A successful test is one that shows that a requirements has been properly implemented.

  37. Testing and debugging • Defect testing and debugging are distinct processes. • Verification and validation is concerned with establishing the existence of defects in a program. • Debugging is concerned with locating and repairing these errors. • Debugging involves formulating a hypothesis about program behaviour then testing these hypotheses to find the system error.

  38. The debugging process

  39. V & V planning • Careful planning is required to get the most out of testing and inspection processes. • Planning should start early in the development process. • The plan should identify the balance between static verification and testing. • Test planning is about defining standards for the testing process rather than describing product tests.

  40. The V-model of development

  41. The structure of a software test plan • The testing process. • Requirements traceability. • Tested items. • Testing schedule. • Test recording procedures. • Hardware and software requirements. • Constraints.

  42. The software test plan

  43. Software inspections • These involve people examining the source representation with the aim of discovering anomalies and defects. • Inspections not require execution of a system so may be used before implementation. • They may be applied to any representation of the system (requirements, design,configuration data, test data, etc.). • They have been shown to be an effective technique for discovering program errors.

  44. Inspection success • Many different defects may be discovered in a single inspection. In testing, one defect ,may mask another so several executions are required. • The reuse domain and programming knowledge so reviewers are likely to have seen the types of error that commonly arise.

  45. Inspections and testing • Inspections and testing are complementary and not opposing verification techniques. • Both should be used during the V & V process. • Inspections can check conformance with a specification but not conformance with the customer’s real requirements. • Inspections cannot check non-functional characteristics such as performance, usability, etc.

  46. Program inspections • Formalised approach to document reviews • Intended explicitly for defect detection (not correction). • Defects may be logical errors, anomalies in the code that might indicate an erroneous condition (e.g. an uninitialised variable) or non-compliance with standards.

  47. Inspection pre-conditions • A precise specification must be available. • Team members must be familiar with the organisation standards. • Syntactically correct code or other system representations must be available. • An error checklist should be prepared. • Management must accept that inspection will increase costs early in the software process. • Management should not use inspections for staff appraisal ie finding out who makes mistakes.

  48. The inspection process

  49. Inspection procedure • System overview presented to inspection team. • Code and associated documents are distributed to inspection team in advance. • Inspection takes place and discovered errors are noted. • Modifications are made to repair discovered errors. • Re-inspection may or may not be required.

  50. Inspection roles

More Related