SlideShare una empresa de Scribd logo
1 de 46
Descargar para leer sin conexión
Verification and Validation




©Ian Sommerville 2004   Software Engineering, 7th edition. Chapter 22   Slide 1
Objectives
     ●     To introduce software verification and validation and
           to discuss the distinction between them
     ●     To describe the program inspection process and its
           role in V & V
     ●     To explain static analysis as a verification technique
     ●     To describe the Cleanroom software development
           process




©Ian Sommerville 2004     Software Engineering, 7th edition. Chapter 22   Slide 2
Topics covered
     ●     Verification and validation planning
     ●     Software inspections
     ●     Automated static analysis
     ●     Cleanroom software development




©Ian Sommerville 2004     Software Engineering, 7th edition. Chapter 22   Slide 3
Verification vs validation
     ●     Verification:
              "Are we building the product right”.
     ●     The software should conform to its
           specification.
     ●     Validation:
               "Are we building the right product”.
     ●     The software should do what the user really
           requires.


©Ian Sommerville 2004   Software Engineering, 7th edition. Chapter 22   Slide 4
The V & V process
     ●     Is a whole life-cycle process - V & V must be
           applied at each stage in the software
           process.
     ●     Has two principal objectives
             •     The discovery of defects in a system;
             •     The assessment of whether or not the system is
                   useful and useable in an operational situation.




©Ian Sommerville 2004        Software Engineering, 7th edition. Chapter 22   Slide 5
V& V goals
     ●     Verification and validation should establish
           confidence that the software is fit for
           purpose.
     ●     This does NOT mean completely free of
           defects.
     ●     Rather, it must be good enough for its
           intended use and the type of use will
           determine the degree of confidence that is
           needed.

©Ian Sommerville 2004   Software Engineering, 7th edition. Chapter 22   Slide 6
V & V confidence
     ●     Depends on system’s purpose, user
           expectations and marketing environment
             •     Software function
                        • The level of confidence depends on how critical the
                          software is to an organisation.
             •     User expectations
                        • Users may have low expectations of certain kinds of
                          software.
             •     Marketing environment
                        • Getting a product to market early may be more
                          important than finding defects in the program.



©Ian Sommerville 2004              Software Engineering, 7th edition. Chapter 22   Slide 7
Static and dynamic verification

    ●     Software inspections. Concerned with analysis of
          the static system representation to discover
          problems (static verification)
            •     May be supplement by tool-based document and code
                  analysis
    ●     Software testing. Concerned with exercising and
          observing product behaviour (dynamic verification)
            •     The system is executed with test data and its operational
                  behaviour is observed




©Ian Sommerville 2004          Software Engineering, 7th edition. Chapter 22   Slide 8
Static and dynamic V&V




©Ian Sommerville 2004   Software Engineering, 7th edition. Chapter 22   Slide 9
Program testing
     ●     Can reveal the presence of errors NOT their
           absence.
     ●     The only validation technique for non-
           functional requirements as the software has
           to be executed to see how it behaves.
     ●     Should be used in conjunction with static
           verification to provide full V&V coverage.




©Ian Sommerville 2004      Software Engineering, 7th edition. Chapter 22   Slide 10
Types of testing
     ●     Defect testing
             •     Tests designed to discover system defects.
             •     A successful defect test is one which reveals the
                   presence of defects in a system.
             •     Covered in Chapter 23
     ●     Validation testing
             •     Intended to show that the software meets its
                   requirements.
             •     A successful test is one that shows that a requirements
                   has been properly implemented.




©Ian Sommerville 2004          Software Engineering, 7th edition. Chapter 22   Slide 11
Testing and debugging
     ●     Defect testing and debugging are distinct
           processes.
     ●     Verification and validation is concerned with
           establishing the existence of defects in a program.
     ●     Debugging is concerned with locating and
           repairing these errors.
     ●     Debugging involves formulating a hypothesis
           about program behaviour then testing these
           hypotheses to find the system error.




©Ian Sommerville 2004    Software Engineering, 7th edition. Chapter 22   Slide 12
The debugging process




©Ian Sommerville 2004   Software Engineering, 7th edition. Chapter 22   Slide 13
V & V planning
     ●     Careful planning is required to get the most
           out of testing and inspection processes.
     ●     Planning should start early in the
           development process.
     ●     The plan should identify the balance
           between static verification and testing.
     ●     Test planning is about defining standards for
           the testing process rather than describing
           product tests.


©Ian Sommerville 2004     Software Engineering, 7th edition. Chapter 22   Slide 14
The V-model of development




©Ian Sommerville 2004   Software Engineering, 7th edition. Chapter 22   Slide 15
The structure of a software test plan

     ●     The testing process.
     ●     Requirements traceability.
     ●     Tested items.
     ●     Testing schedule.
     ●     Test recording procedures.
     ●     Hardware and software requirements.
     ●     Constraints.



©Ian Sommerville 2004   Software Engineering, 7th edition. Chapter 22   Slide 16
The software test plan
                        The testing process
                        A description of the major phases of the testing process. These might be
                        as described earlier in this chapter.

                        Requirements traceability
                        Users are most interested in the system meeting its requirements and
                        testing should be planned so that all requirements are individually tested.

                        Tested items
                        The products of the software process that are to be tested should be
                        specified.

                        Testing schedule
                        An overall testing schedule and resource allocation for this schedule.
                        This, obviously, is linked to the more general project development
                        schedule.

                        Test recording procedures
                        It is not enough simply to run tests. The results of the tests must be
                        systematically recorded. It must be possible to audit the testing process
                        to check that it been carried out correctly.

                        Hardware and software requirements
                        This section should set out software tools required and estimated
                        hardware utilisation.

                        Constraints
                        Constraints affecting the testing process such as staff shortages should
                        be anticipated in this section.




©Ian Sommerville 2004                           Software Engineering, 7th edition. Chapter 22         Slide 17
Software inspections
     ●     These involve people examining the source
           representation with the aim of discovering anomalies
           and defects.
     ●     Inspections not require execution of a system so
           may be used before implementation.
     ●     They may be applied to any representation of the
           system (requirements, design,configuration data,
           test data, etc.).
     ●     They have been shown to be an effective technique
           for discovering program errors.


©Ian Sommerville 2004    Software Engineering, 7th edition. Chapter 22   Slide 18
Inspection success
     ●     Many different defects may be discovered in
           a single inspection. In testing, one defect
           ,may mask another so several executions
           are required.
     ●     The reuse domain and programming
           knowledge so reviewers are likely to have
           seen the types of error that commonly arise.




©Ian Sommerville 2004       Software Engineering, 7th edition. Chapter 22   Slide 19
Inspections and testing
     ●     Inspections and testing are complementary and not
           opposing verification techniques.
     ●     Both should be used during the V & V process.
     ●     Inspections can check conformance with a
           specification but not conformance with the
           customer’s real requirements.
     ●     Inspections cannot check non-functional
           characteristics such as performance, usability, etc.




©Ian Sommerville 2004    Software Engineering, 7th edition. Chapter 22   Slide 20
Program inspections
     ●     Formalised approach to document reviews
     ●     Intended explicitly for defect detection (not
           correction).
     ●     Defects may be logical errors, anomalies in
           the code that might indicate an erroneous
           condition (e.g. an uninitialised variable) or
           non-compliance with standards.




©Ian Sommerville 2004    Software Engineering, 7th edition. Chapter 22   Slide 21
Inspection pre-conditions
     ●     A precise specification must be available.
     ●     Team members must be familiar with the
           organisation standards.
     ●     Syntactically correct code or other system
           representations must be available.
     ●     An error checklist should be prepared.
     ●     Management must accept that inspection will
           increase costs early in the software process.
     ●     Management should not use inspections for staff
           appraisal ie finding out who makes mistakes.


©Ian Sommerville 2004    Software Engineering, 7th edition. Chapter 22   Slide 22
The inspection process




©Ian Sommerville 2004   Software Engineering, 7th edition. Chapter 22   Slide 23
Inspection procedure
     ●     System overview presented to inspection
           team.
     ●     Code and associated documents are
           distributed to inspection team in advance.
     ●     Inspection takes place and discovered errors
           are noted.
     ●     Modifications are made to repair discovered
           errors.
     ●     Re-inspection may or may not be required.


©Ian Sommerville 2004    Software Engineering, 7th edition. Chapter 22   Slide 24
Inspection roles

         Author or owner         The programmer or designer responsible for
                                 producing the program or document. Responsible
                                 for fixing defects discovered during the inspection
                                 process.
         Inspector               Finds errors, omissions and inconsistencies in
                                 programs and documents. May also identify
                                 broader issues that are outside the scope of the
                                 inspection team.
         Reader                  Presents the code or document at an inspection
                                 meeting.
         Scribe                  Records the results of the inspection meeting.
         Chairman or moderator   Manages the process and facilitates the inspection.
                                 Reports process results to the Chief moderator.
         Chief moderator         Responsible for inspection process improvements,
                                 checklist updating, standards development etc.



©Ian Sommerville 2004            Software Engineering, 7th edition. Chapter 22         Slide 25
Inspection checklists
     ●     Checklist of common errors should be used to
           drive the inspection.
     ●     Error checklists are programming language
           dependent and reflect the characteristic errors that
           are likely to arise in the language.
     ●     In general, the 'weaker' the type checking, the larger
           the checklist.
     ●     Examples: Initialisation, Constant naming, loop
           termination, array bounds, etc.




©Ian Sommerville 2004     Software Engineering, 7th edition. Chapter 22   Slide 26
Inspection checks 1

       Data faults           Are all program variables initialised before their values are
                             used?
                             Have all constants been named?
                             Should the upper bound of arrays be equal to the size of the
                             array or Size -1?
                             If character strings are used, is a de limiter explicitly
                             assigned?
                             Is there any possibility of buffer overflow?
       Control faults        For each conditional statement, is the condition correct?
                             Is each loop certain to terminate?
                             Are compound statements correctly bracketed?
                             In case statements, are all possible cases accounted for?
                             If a break is required after each case in case statements, has
                             it been included?
       Input/output faults   Are all input variables used?
                             Are all output variables assigned a value before they are
                             output?
                             Can unexpected inputs cause corruption?



©Ian Sommerville 2004                   Software Engineering, 7th edition. Chapter 22         Slide 27
Inspection checks 2

      Interface faults     Do all function and method calls have the correct number
                           of parameters?
                           Do formal and actual parameter types match?
                           Are the parameters in the right order?
                           If components access shared memory, do they have the
                           same model of the shared memory structure?
      Storage              If a linked structure is modified, have all links been
      management faults    correctly reassigned?
                           If dynamic storage is used, has space been allocated
                           correctly?
                           Is space explicitly de-allocated after it is no longer
                           required?
      Exception            Have all possible error conditions been taken into account?
      management faults




©Ian Sommerville 2004               Software Engineering, 7th edition. Chapter 22        Slide 28
Inspection rate
     ●     500 statements/hour during overview.
     ●     125 source statement/hour during individual
           preparation.
     ●     90-125 statements/hour can be inspected.
     ●     Inspection is therefore an expensive
           process.
     ●     Inspecting 500 lines costs about 40
           man/hours effort - about £2800 at UK rates.


©Ian Sommerville 2004     Software Engineering, 7th edition. Chapter 22   Slide 29
Automated static analysis
     ●     Static analysers are software tools for source
           text processing.
     ●     They parse the program text and try to
           discover potentially erroneous conditions and
           bring these to the attention of the V & V
           team.
     ●     They are very effective as an aid to
           inspections - they are a supplement to but
           not a replacement for inspections.

©Ian Sommerville 2004   Software Engineering, 7th edition. Chapter 22   Slide 30
Static analysis checks

           Fault class           Static analysis check
           Data faults           Variables used before initialisation
                                 Variables declared but never used
                                 Variables assigned twice but never used between
                                 assignments
                                 Possible array bound violations
                                 Undeclared variables
           Control faults        Unreachable code
                                 Unconditional branches into loops
           Input/output faults   Variables output twice with no intervening
                                 assignment
           Interface faults      Parameter type mismatches
                                 Parameter number mismatches
                                 Non-usage of the results of functions
                                 Uncalled functions and procedures
           Storage management    Unassigned pointers
           faults                Pointer arithmetic


©Ian Sommerville 2004             Software Engineering, 7th edition. Chapter 22    Slide 31
Stages of static analysis
     ●     Control flow analysis. Checks for loops with
           multiple exit or entry points, finds unreachable
           code, etc.
     ●     Data use analysis. Detects uninitialised
           variables, variables written twice without an
           intervening assignment, variables which are
           declared but never used, etc.
     ●     Interface analysis. Checks the consistency of
           routine and procedure declarations and their
           use



©Ian Sommerville 2004     Software Engineering, 7th edition. Chapter 22   Slide 32
Stages of static analysis
     ●     Information flow analysis. Identifies the
           dependencies of output variables. Does not
           detect anomalies itself but highlights
           information for code inspection or review
     ●     Path analysis. Identifies paths through the
           program and sets out the statements
           executed in that path. Again, potentially
           useful in the review process
     ●     Both these stages generate vast amounts of
           information. They must be used with care.
©Ian Sommerville 2004   Software Engineering, 7th edition. Chapter 22   Slide 33
LINT static analysis
             138% more lint_ex.c
             #include <stdio.h>
             printarray (Anarray)
              int Anarray;
             { printf(“%d”,Anarray); }

             main ()
             {
              int Anarray[5]; int i; char c;
              printarray (Anarray, i, c);
              printarray (Anarray) ;
             }

             139% cc lint_ex.c
             140% lint lint_ex.c

             lint_ex.c(10): warning: c may be used before set
             lint_ex.c(10): warning: i may be used before set
             printarray: variable # of args. lint_ex.c(4) :: lint_ex.c(10)
             printarray, arg. 1 used inconsistently lint_ex.c(4) :: lint_ex.c(10)
             printarray, arg. 1 used inconsistently lint_ex.c(4) :: lint_ex.c(11)
             printf returns value which is always ignored


©Ian Sommerville 2004                     Software Engineering, 7th edition. Chapter 22   Slide 34
Use of static analysis
     ●     Particularly valuable when a language such
           as C is used which has weak typing and
           hence many errors are undetected by the
           compiler,
     ●     Less cost-effective for languages like Java
           that have strong type checking and can
           therefore detect many errors during
           compilation.



©Ian Sommerville 2004    Software Engineering, 7th edition. Chapter 22   Slide 35
Verification and formal methods
     ●     Formal methods can be used when a
           mathematical specification of the system is
           produced.
     ●     They are the ultimate static verification
           technique.
     ●     They involve detailed mathematical analysis
           of the specification and may develop formal
           arguments that a program conforms to its
           mathematical specification.

©Ian Sommerville 2004   Software Engineering, 7th edition. Chapter 22   Slide 36
Arguments for formal methods
     ●     Producing a mathematical specification
           requires a detailed analysis of the
           requirements and this is likely to uncover
           errors.
     ●     They can detect implementation errors
           before testing when the program is analysed
           alongside the specification.




©Ian Sommerville 2004   Software Engineering, 7th edition. Chapter 22   Slide 37
Arguments against formal methods

     ●     Require specialised notations that cannot be
           understood by domain experts.
     ●     Very expensive to develop a specification
           and even more expensive to show that a
           program meets that specification.
     ●     It may be possible to reach the same level of
           confidence in a program more cheaply using
           other V & V techniques.



©Ian Sommerville 2004   Software Engineering, 7th edition. Chapter 22   Slide 38
Cleanroom software development
     ●     The name is derived from the 'Cleanroom'
           process in semiconductor fabrication. The
           philosophy is defect avoidance rather than
           defect removal.
     ●     This software development process is based on:
             •     Incremental development;
             •     Formal specification;
             •     Static verification using correctness arguments;
             •     Statistical testing to determine program reliability.




©Ian Sommerville 2004           Software Engineering, 7th edition. Chapter 22   Slide 39
The Cleanroom process




©Ian Sommerville 2004   Software Engineering, 7th edition. Chapter 22   Slide 40
Cleanroom process characteristics

     ●     Formal specification using a state transition
           model.
     ●     Incremental development where the
           customer prioritises increments.
     ●     Structured programming - limited control and
           abstraction constructs are used in the
           program.
     ●     Static verification using rigorous inspections.
     ●     Statistical testing of the system (covered in
           Ch. 24).

©Ian Sommerville 2004   Software Engineering, 7th edition. Chapter 22   Slide 41
Formal specification and inspections

     ●     The state based model is a system
           specification and the inspection process
           checks the program against this mode.l
     ●     The programming approach is defined so
           that the correspondence between the model
           and the system is clear.
     ●     Mathematical arguments (not proofs) are
           used to increase confidence in the inspection
           process.

©Ian Sommerville 2004   Software Engineering, 7th edition. Chapter 22   Slide 42
Cleanroom process teams
     ●     Specification team. Responsible for developing
           and maintaining the system specification.
     ●     Development team. Responsible for
           developing and verifying the software. The
           software is NOT executed or even compiled
           during this process.
     ●     Certification team. Responsible for developing
           a set of statistical tests to exercise the software
           after development. Reliability growth models
           used to determine when reliability is acceptable.



©Ian Sommerville 2004     Software Engineering, 7th edition. Chapter 22   Slide 43
Cleanroom process evaluation
     ●     The results of using the Cleanroom process have
           been very impressive with few discovered faults in
           delivered systems.
     ●     Independent assessment shows that the
           process is no more expensive than other
           approaches.
     ●     There were fewer errors than in a 'traditional'
           development process.
     ●     However, the process is not widely used. It is not
           clear how this approach can be transferred
           to an environment with less skilled or less
           motivated software engineers.

©Ian Sommerville 2004    Software Engineering, 7th edition. Chapter 22   Slide 44
Key points
     ●     Verification and validation are not the same
           thing. Verification shows conformance with
           specification; validation shows that the
           program meets the customer’s needs.
     ●     Test plans should be drawn up to guide the
           testing process.
     ●     Static verification techniques involve
           examination and analysis of the program for
           error detection.

©Ian Sommerville 2004   Software Engineering, 7th edition. Chapter 22   Slide 45
Key points
     ●     Program inspections are very effective in
           discovering errors.
     ●     Program code in inspections is systematically
           checked by a small team to locate software faults.
     ●     Static analysis tools can discover program
           anomalies which may be an indication of faults in the
           code.
     ●     The Cleanroom development process depends on
           incremental development, static verification and
           statistical testing.




©Ian Sommerville 2004    Software Engineering, 7th edition. Chapter 22   Slide 46

Más contenido relacionado

La actualidad más candente

Basic software-testing-concepts
Basic software-testing-conceptsBasic software-testing-concepts
Basic software-testing-conceptsmedsherb
 
Chapter 6 software metrics
Chapter 6 software metricsChapter 6 software metrics
Chapter 6 software metricsdespicable me
 
Unit Testing vs Integration Testing
Unit Testing vs Integration TestingUnit Testing vs Integration Testing
Unit Testing vs Integration TestingRock Interview
 
Verification and Validation in Manual Testing
Verification and Validation in Manual TestingVerification and Validation in Manual Testing
Verification and Validation in Manual TestingBollapalli Vasundhara
 
Acceptance testing
Acceptance testingAcceptance testing
Acceptance testingCOEPD HR
 
Chapter 15 software product metrics
Chapter 15 software product metricsChapter 15 software product metrics
Chapter 15 software product metricsSHREEHARI WADAWADAGI
 
Intro to Manual Testing
Intro to Manual TestingIntro to Manual Testing
Intro to Manual TestingAyah Soufan
 
Software Testing and Quality Assurance unit1
Software Testing and Quality Assurance  unit1Software Testing and Quality Assurance  unit1
Software Testing and Quality Assurance unit1Bhagyashree Dhakulkar
 
Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...
Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...
Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...Ankit Prajapati
 
Software testing ppt
Software testing pptSoftware testing ppt
Software testing pptSavyasachi14
 
verification and validation
verification and validationverification and validation
verification and validationDinesh Pasi
 
Validation testing
Validation testingValidation testing
Validation testingSlideshare
 
Software Testing 101
Software Testing 101Software Testing 101
Software Testing 101QA Hannah
 
Software QA Fundamentals by Prabhath Darshana
Software QA Fundamentals by Prabhath DarshanaSoftware QA Fundamentals by Prabhath Darshana
Software QA Fundamentals by Prabhath DarshanaShamain Peiris
 

La actualidad más candente (20)

Basic software-testing-concepts
Basic software-testing-conceptsBasic software-testing-concepts
Basic software-testing-concepts
 
Chapter 6 software metrics
Chapter 6 software metricsChapter 6 software metrics
Chapter 6 software metrics
 
Verification & Validation
Verification & ValidationVerification & Validation
Verification & Validation
 
Types of testing
Types of testingTypes of testing
Types of testing
 
Unit Testing vs Integration Testing
Unit Testing vs Integration TestingUnit Testing vs Integration Testing
Unit Testing vs Integration Testing
 
Testing methodology
Testing methodologyTesting methodology
Testing methodology
 
Verification and Validation in Manual Testing
Verification and Validation in Manual TestingVerification and Validation in Manual Testing
Verification and Validation in Manual Testing
 
Acceptance testing
Acceptance testingAcceptance testing
Acceptance testing
 
Testing Metrics
Testing MetricsTesting Metrics
Testing Metrics
 
Chapter 15 software product metrics
Chapter 15 software product metricsChapter 15 software product metrics
Chapter 15 software product metrics
 
Intro to Manual Testing
Intro to Manual TestingIntro to Manual Testing
Intro to Manual Testing
 
Software Testing and Quality Assurance unit1
Software Testing and Quality Assurance  unit1Software Testing and Quality Assurance  unit1
Software Testing and Quality Assurance unit1
 
Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...
Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...
Software Testing - Part 1 (Techniques, Types, Levels, Methods, STLC, Bug Life...
 
Software testing ppt
Software testing pptSoftware testing ppt
Software testing ppt
 
verification and validation
verification and validationverification and validation
verification and validation
 
Validation testing
Validation testingValidation testing
Validation testing
 
Software Testing
Software TestingSoftware Testing
Software Testing
 
ISTQB Test Process
ISTQB Test ProcessISTQB Test Process
ISTQB Test Process
 
Software Testing 101
Software Testing 101Software Testing 101
Software Testing 101
 
Software QA Fundamentals by Prabhath Darshana
Software QA Fundamentals by Prabhath DarshanaSoftware QA Fundamentals by Prabhath Darshana
Software QA Fundamentals by Prabhath Darshana
 

Destacado

Validation and Verification
Validation and VerificationValidation and Verification
Validation and Verificationmrmwood
 
Verification and Validation with Innoslate
Verification and Validation with InnoslateVerification and Validation with Innoslate
Verification and Validation with InnoslateElizabeth Steiner
 
Product Quality: Metrics, Verification, Validation, Testing
Product Quality: Metrics, Verification, Validation, TestingProduct Quality: Metrics, Verification, Validation, Testing
Product Quality: Metrics, Verification, Validation, TestingReem Alattas
 
Unit 7 verification &amp; validation
Unit 7 verification &amp; validationUnit 7 verification &amp; validation
Unit 7 verification &amp; validationraksharao
 
Software requirement verification & validation
Software requirement verification & validationSoftware requirement verification & validation
Software requirement verification & validationAbdul Basit
 

Destacado (6)

Validation and Verification
Validation and VerificationValidation and Verification
Validation and Verification
 
Verification and Validation with Innoslate
Verification and Validation with InnoslateVerification and Validation with Innoslate
Verification and Validation with Innoslate
 
Product Quality: Metrics, Verification, Validation, Testing
Product Quality: Metrics, Verification, Validation, TestingProduct Quality: Metrics, Verification, Validation, Testing
Product Quality: Metrics, Verification, Validation, Testing
 
Unit 7 verification &amp; validation
Unit 7 verification &amp; validationUnit 7 verification &amp; validation
Unit 7 verification &amp; validation
 
Software requirement verification & validation
Software requirement verification & validationSoftware requirement verification & validation
Software requirement verification & validation
 
Validation and verification
Validation and verificationValidation and verification
Validation and verification
 

Similar a Verification and validation

Verifcation and Validation
Verifcation and ValidationVerifcation and Validation
Verifcation and ValidationSaggitariusArrow
 
Dr.Jonathan Software verification validation.ppt
Dr.Jonathan Software verification validation.pptDr.Jonathan Software verification validation.ppt
Dr.Jonathan Software verification validation.pptPhial
 
Dr. Jonathan validation verification.ppt
Dr. Jonathan validation verification.pptDr. Jonathan validation verification.ppt
Dr. Jonathan validation verification.pptPhial
 
Quality management 27
Quality management 27Quality management 27
Quality management 27al-wahidi
 
Networkkskskskskhdhdhshshshshhsheusus .ppt
Networkkskskskskhdhdhshshshshhsheusus .pptNetworkkskskskskhdhdhshshshshhsheusus .ppt
Networkkskskskskhdhdhshshshshhsheusus .pptabdulbasetalselwi
 
Software Quality and Testing_Se lect18 btech
Software Quality and Testing_Se lect18 btechSoftware Quality and Testing_Se lect18 btech
Software Quality and Testing_Se lect18 btechIIITA
 
Software engineering testing and types
Software engineering testing and typesSoftware engineering testing and types
Software engineering testing and typesDr. Anthony Vincent. B
 
Sqa unit1
Sqa unit1Sqa unit1
Sqa unit1kannaki
 
Software testing and software development process
Software testing and software development processSoftware testing and software development process
Software testing and software development processGen Aloys Ochola Badde
 
Independent verification & validation presented by Maneat v02
Independent verification & validation presented by Maneat v02Independent verification & validation presented by Maneat v02
Independent verification & validation presented by Maneat v02Dr. Pierpaolo Mangeruga
 
The Role of Verification and Validation in System Development Life Cycle
The Role of Verification and Validation in System Development Life CycleThe Role of Verification and Validation in System Development Life Cycle
The Role of Verification and Validation in System Development Life CycleIOSR Journals
 
Quality assuarance bharath anche (1)
Quality assuarance bharath anche (1)Quality assuarance bharath anche (1)
Quality assuarance bharath anche (1)bharathanche
 
Software testing
Software testingSoftware testing
Software testingMahfuz1061
 
Software-Testing.pdf
Software-Testing.pdfSoftware-Testing.pdf
Software-Testing.pdfSalim533277
 

Similar a Verification and validation (20)

Verifcation and Validation
Verifcation and ValidationVerifcation and Validation
Verifcation and Validation
 
Software Verification & Validation
Software Verification & ValidationSoftware Verification & Validation
Software Verification & Validation
 
Dr.Jonathan Software verification validation.ppt
Dr.Jonathan Software verification validation.pptDr.Jonathan Software verification validation.ppt
Dr.Jonathan Software verification validation.ppt
 
Dr. Jonathan validation verification.ppt
Dr. Jonathan validation verification.pptDr. Jonathan validation verification.ppt
Dr. Jonathan validation verification.ppt
 
Quality management 27
Quality management 27Quality management 27
Quality management 27
 
Networkkskskskskhdhdhshshshshhsheusus .ppt
Networkkskskskskhdhdhshshshshhsheusus .pptNetworkkskskskskhdhdhshshshshhsheusus .ppt
Networkkskskskskhdhdhshshshshhsheusus .ppt
 
Software Quality and Testing_Se lect18 btech
Software Quality and Testing_Se lect18 btechSoftware Quality and Testing_Se lect18 btech
Software Quality and Testing_Se lect18 btech
 
Software engineering testing and types
Software engineering testing and typesSoftware engineering testing and types
Software engineering testing and types
 
Sqa unit1
Sqa unit1Sqa unit1
Sqa unit1
 
Ch28
Ch28Ch28
Ch28
 
Software testing and software development process
Software testing and software development processSoftware testing and software development process
Software testing and software development process
 
Independent verification & validation presented by Maneat v02
Independent verification & validation presented by Maneat v02Independent verification & validation presented by Maneat v02
Independent verification & validation presented by Maneat v02
 
The Role of Verification and Validation in System Development Life Cycle
The Role of Verification and Validation in System Development Life CycleThe Role of Verification and Validation in System Development Life Cycle
The Role of Verification and Validation in System Development Life Cycle
 
Quality assuarance bharath anche (1)
Quality assuarance bharath anche (1)Quality assuarance bharath anche (1)
Quality assuarance bharath anche (1)
 
Software testing
Software testingSoftware testing
Software testing
 
SQA_Class
SQA_ClassSQA_Class
SQA_Class
 
Ch27 (1)
Ch27 (1)Ch27 (1)
Ch27 (1)
 
Software-Testing.pdf
Software-Testing.pdfSoftware-Testing.pdf
Software-Testing.pdf
 
Ch1
Ch1Ch1
Ch1
 
Ch26
Ch26Ch26
Ch26
 

Último

Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 

Último (20)

Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 

Verification and validation

  • 1. Verification and Validation ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1
  • 2. Objectives ● To introduce software verification and validation and to discuss the distinction between them ● To describe the program inspection process and its role in V & V ● To explain static analysis as a verification technique ● To describe the Cleanroom software development process ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 2
  • 3. Topics covered ● Verification and validation planning ● Software inspections ● Automated static analysis ● Cleanroom software development ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 3
  • 4. Verification vs validation ● Verification: "Are we building the product right”. ● The software should conform to its specification. ● Validation: "Are we building the right product”. ● The software should do what the user really requires. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 4
  • 5. The V & V process ● Is a whole life-cycle process - V & V must be applied at each stage in the software process. ● Has two principal objectives • The discovery of defects in a system; • The assessment of whether or not the system is useful and useable in an operational situation. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 5
  • 6. V& V goals ● Verification and validation should establish confidence that the software is fit for purpose. ● This does NOT mean completely free of defects. ● Rather, it must be good enough for its intended use and the type of use will determine the degree of confidence that is needed. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 6
  • 7. V & V confidence ● Depends on system’s purpose, user expectations and marketing environment • Software function • The level of confidence depends on how critical the software is to an organisation. • User expectations • Users may have low expectations of certain kinds of software. • Marketing environment • Getting a product to market early may be more important than finding defects in the program. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 7
  • 8. Static and dynamic verification ● Software inspections. Concerned with analysis of the static system representation to discover problems (static verification) • May be supplement by tool-based document and code analysis ● Software testing. Concerned with exercising and observing product behaviour (dynamic verification) • The system is executed with test data and its operational behaviour is observed ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 8
  • 9. Static and dynamic V&V ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 9
  • 10. Program testing ● Can reveal the presence of errors NOT their absence. ● The only validation technique for non- functional requirements as the software has to be executed to see how it behaves. ● Should be used in conjunction with static verification to provide full V&V coverage. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 10
  • 11. Types of testing ● Defect testing • Tests designed to discover system defects. • A successful defect test is one which reveals the presence of defects in a system. • Covered in Chapter 23 ● Validation testing • Intended to show that the software meets its requirements. • A successful test is one that shows that a requirements has been properly implemented. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 11
  • 12. Testing and debugging ● Defect testing and debugging are distinct processes. ● Verification and validation is concerned with establishing the existence of defects in a program. ● Debugging is concerned with locating and repairing these errors. ● Debugging involves formulating a hypothesis about program behaviour then testing these hypotheses to find the system error. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 12
  • 13. The debugging process ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 13
  • 14. V & V planning ● Careful planning is required to get the most out of testing and inspection processes. ● Planning should start early in the development process. ● The plan should identify the balance between static verification and testing. ● Test planning is about defining standards for the testing process rather than describing product tests. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 14
  • 15. The V-model of development ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 15
  • 16. The structure of a software test plan ● The testing process. ● Requirements traceability. ● Tested items. ● Testing schedule. ● Test recording procedures. ● Hardware and software requirements. ● Constraints. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 16
  • 17. The software test plan The testing process A description of the major phases of the testing process. These might be as described earlier in this chapter. Requirements traceability Users are most interested in the system meeting its requirements and testing should be planned so that all requirements are individually tested. Tested items The products of the software process that are to be tested should be specified. Testing schedule An overall testing schedule and resource allocation for this schedule. This, obviously, is linked to the more general project development schedule. Test recording procedures It is not enough simply to run tests. The results of the tests must be systematically recorded. It must be possible to audit the testing process to check that it been carried out correctly. Hardware and software requirements This section should set out software tools required and estimated hardware utilisation. Constraints Constraints affecting the testing process such as staff shortages should be anticipated in this section. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 17
  • 18. Software inspections ● These involve people examining the source representation with the aim of discovering anomalies and defects. ● Inspections not require execution of a system so may be used before implementation. ● They may be applied to any representation of the system (requirements, design,configuration data, test data, etc.). ● They have been shown to be an effective technique for discovering program errors. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 18
  • 19. Inspection success ● Many different defects may be discovered in a single inspection. In testing, one defect ,may mask another so several executions are required. ● The reuse domain and programming knowledge so reviewers are likely to have seen the types of error that commonly arise. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 19
  • 20. Inspections and testing ● Inspections and testing are complementary and not opposing verification techniques. ● Both should be used during the V & V process. ● Inspections can check conformance with a specification but not conformance with the customer’s real requirements. ● Inspections cannot check non-functional characteristics such as performance, usability, etc. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 20
  • 21. Program inspections ● Formalised approach to document reviews ● Intended explicitly for defect detection (not correction). ● Defects may be logical errors, anomalies in the code that might indicate an erroneous condition (e.g. an uninitialised variable) or non-compliance with standards. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 21
  • 22. Inspection pre-conditions ● A precise specification must be available. ● Team members must be familiar with the organisation standards. ● Syntactically correct code or other system representations must be available. ● An error checklist should be prepared. ● Management must accept that inspection will increase costs early in the software process. ● Management should not use inspections for staff appraisal ie finding out who makes mistakes. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 22
  • 23. The inspection process ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 23
  • 24. Inspection procedure ● System overview presented to inspection team. ● Code and associated documents are distributed to inspection team in advance. ● Inspection takes place and discovered errors are noted. ● Modifications are made to repair discovered errors. ● Re-inspection may or may not be required. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 24
  • 25. Inspection roles Author or owner The programmer or designer responsible for producing the program or document. Responsible for fixing defects discovered during the inspection process. Inspector Finds errors, omissions and inconsistencies in programs and documents. May also identify broader issues that are outside the scope of the inspection team. Reader Presents the code or document at an inspection meeting. Scribe Records the results of the inspection meeting. Chairman or moderator Manages the process and facilitates the inspection. Reports process results to the Chief moderator. Chief moderator Responsible for inspection process improvements, checklist updating, standards development etc. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 25
  • 26. Inspection checklists ● Checklist of common errors should be used to drive the inspection. ● Error checklists are programming language dependent and reflect the characteristic errors that are likely to arise in the language. ● In general, the 'weaker' the type checking, the larger the checklist. ● Examples: Initialisation, Constant naming, loop termination, array bounds, etc. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 26
  • 27. Inspection checks 1 Data faults Are all program variables initialised before their values are used? Have all constants been named? Should the upper bound of arrays be equal to the size of the array or Size -1? If character strings are used, is a de limiter explicitly assigned? Is there any possibility of buffer overflow? Control faults For each conditional statement, is the condition correct? Is each loop certain to terminate? Are compound statements correctly bracketed? In case statements, are all possible cases accounted for? If a break is required after each case in case statements, has it been included? Input/output faults Are all input variables used? Are all output variables assigned a value before they are output? Can unexpected inputs cause corruption? ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 27
  • 28. Inspection checks 2 Interface faults Do all function and method calls have the correct number of parameters? Do formal and actual parameter types match? Are the parameters in the right order? If components access shared memory, do they have the same model of the shared memory structure? Storage If a linked structure is modified, have all links been management faults correctly reassigned? If dynamic storage is used, has space been allocated correctly? Is space explicitly de-allocated after it is no longer required? Exception Have all possible error conditions been taken into account? management faults ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 28
  • 29. Inspection rate ● 500 statements/hour during overview. ● 125 source statement/hour during individual preparation. ● 90-125 statements/hour can be inspected. ● Inspection is therefore an expensive process. ● Inspecting 500 lines costs about 40 man/hours effort - about £2800 at UK rates. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 29
  • 30. Automated static analysis ● Static analysers are software tools for source text processing. ● They parse the program text and try to discover potentially erroneous conditions and bring these to the attention of the V & V team. ● They are very effective as an aid to inspections - they are a supplement to but not a replacement for inspections. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 30
  • 31. Static analysis checks Fault class Static analysis check Data faults Variables used before initialisation Variables declared but never used Variables assigned twice but never used between assignments Possible array bound violations Undeclared variables Control faults Unreachable code Unconditional branches into loops Input/output faults Variables output twice with no intervening assignment Interface faults Parameter type mismatches Parameter number mismatches Non-usage of the results of functions Uncalled functions and procedures Storage management Unassigned pointers faults Pointer arithmetic ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 31
  • 32. Stages of static analysis ● Control flow analysis. Checks for loops with multiple exit or entry points, finds unreachable code, etc. ● Data use analysis. Detects uninitialised variables, variables written twice without an intervening assignment, variables which are declared but never used, etc. ● Interface analysis. Checks the consistency of routine and procedure declarations and their use ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 32
  • 33. Stages of static analysis ● Information flow analysis. Identifies the dependencies of output variables. Does not detect anomalies itself but highlights information for code inspection or review ● Path analysis. Identifies paths through the program and sets out the statements executed in that path. Again, potentially useful in the review process ● Both these stages generate vast amounts of information. They must be used with care. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 33
  • 34. LINT static analysis 138% more lint_ex.c #include <stdio.h> printarray (Anarray) int Anarray; { printf(“%d”,Anarray); } main () { int Anarray[5]; int i; char c; printarray (Anarray, i, c); printarray (Anarray) ; } 139% cc lint_ex.c 140% lint lint_ex.c lint_ex.c(10): warning: c may be used before set lint_ex.c(10): warning: i may be used before set printarray: variable # of args. lint_ex.c(4) :: lint_ex.c(10) printarray, arg. 1 used inconsistently lint_ex.c(4) :: lint_ex.c(10) printarray, arg. 1 used inconsistently lint_ex.c(4) :: lint_ex.c(11) printf returns value which is always ignored ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 34
  • 35. Use of static analysis ● Particularly valuable when a language such as C is used which has weak typing and hence many errors are undetected by the compiler, ● Less cost-effective for languages like Java that have strong type checking and can therefore detect many errors during compilation. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 35
  • 36. Verification and formal methods ● Formal methods can be used when a mathematical specification of the system is produced. ● They are the ultimate static verification technique. ● They involve detailed mathematical analysis of the specification and may develop formal arguments that a program conforms to its mathematical specification. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 36
  • 37. Arguments for formal methods ● Producing a mathematical specification requires a detailed analysis of the requirements and this is likely to uncover errors. ● They can detect implementation errors before testing when the program is analysed alongside the specification. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 37
  • 38. Arguments against formal methods ● Require specialised notations that cannot be understood by domain experts. ● Very expensive to develop a specification and even more expensive to show that a program meets that specification. ● It may be possible to reach the same level of confidence in a program more cheaply using other V & V techniques. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 38
  • 39. Cleanroom software development ● The name is derived from the 'Cleanroom' process in semiconductor fabrication. The philosophy is defect avoidance rather than defect removal. ● This software development process is based on: • Incremental development; • Formal specification; • Static verification using correctness arguments; • Statistical testing to determine program reliability. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 39
  • 40. The Cleanroom process ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 40
  • 41. Cleanroom process characteristics ● Formal specification using a state transition model. ● Incremental development where the customer prioritises increments. ● Structured programming - limited control and abstraction constructs are used in the program. ● Static verification using rigorous inspections. ● Statistical testing of the system (covered in Ch. 24). ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 41
  • 42. Formal specification and inspections ● The state based model is a system specification and the inspection process checks the program against this mode.l ● The programming approach is defined so that the correspondence between the model and the system is clear. ● Mathematical arguments (not proofs) are used to increase confidence in the inspection process. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 42
  • 43. Cleanroom process teams ● Specification team. Responsible for developing and maintaining the system specification. ● Development team. Responsible for developing and verifying the software. The software is NOT executed or even compiled during this process. ● Certification team. Responsible for developing a set of statistical tests to exercise the software after development. Reliability growth models used to determine when reliability is acceptable. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 43
  • 44. Cleanroom process evaluation ● The results of using the Cleanroom process have been very impressive with few discovered faults in delivered systems. ● Independent assessment shows that the process is no more expensive than other approaches. ● There were fewer errors than in a 'traditional' development process. ● However, the process is not widely used. It is not clear how this approach can be transferred to an environment with less skilled or less motivated software engineers. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 44
  • 45. Key points ● Verification and validation are not the same thing. Verification shows conformance with specification; validation shows that the program meets the customer’s needs. ● Test plans should be drawn up to guide the testing process. ● Static verification techniques involve examination and analysis of the program for error detection. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 45
  • 46. Key points ● Program inspections are very effective in discovering errors. ● Program code in inspections is systematically checked by a small team to locate software faults. ● Static analysis tools can discover program anomalies which may be an indication of faults in the code. ● The Cleanroom development process depends on incremental development, static verification and statistical testing. ©Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 46