Software Verification and Validation (VIMMD052) Introduction. Istvan Majzik Budapest University of Technology and Economics

Similar documents
Verification of the Requirements Specification

Deriving safety requirements according to ISO for complex systems: How to avoid getting lost?

Gradational conception in Cleanroom Software Development

Formal Methods and their role in Software and System Development. Riccardo Sisto, Politecnico di Torino

Functional Safety and Safety Standards: Challenges and Comparison of Solutions AA309

Topic 01. Software Engineering, Web Engineering, agile methodologies.

The requirements engineering process

BCS Level 3 Certificate in Software Development Context and Methodologies Syllabus QAN 603/1191/5

Software Engineering Lifecycles. Controlling Complexity

Certified Software Quality Engineer Preparation On Demand, Web-Based Course Offered by The Westfall Team

Systems Analysis and Design in a Changing World, Fourth Edition

The software lifecycle and its documents

New developments about PL and SIL. Present harmonised versions, background and changes.

Advanced Software Engineering: Software Testing

CSC Advanced Object Oriented Programming, Spring Overview

18-642: Software Development Processes

CMSC 435: Software Engineering Section 0201

Test Architect A Key Role defined by Siemens

Standard Glossary of Terms used in Software Testing. Version 3.2. Foundation Extension - Usability Terms

Activities Common to Software Projects. Software Life Cycle. Activities Common to Software Projects. Activities Common to Software Projects

Qualification Specification for the Knowledge Modules that form part of the BCS Level 3 Software Development Technician Apprenticeship

Software Processes. Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 4 Slide 1

Fault-Injection testing and code coverage measurement using Virtual Prototypes on the context of the ISO standard

Software Development Methodologies

Testing: Test design and testing process

Basic Training in Software Testing (2 Days)

This tutorial also elaborates on other related methodologies like Agile, RAD and Prototyping.

Don t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd

CS SOFTWARE ENGINEERING QUESTION BANK SIXTEEN MARKS

Dilbert Scott Adams. CSc 233 Spring 2012

CS 424 Software Quality Assurance & Testing LECTURE 3 BASIC CONCEPTS OF SOFTWARE TESTING - I

Report. Certificate Z Rev. 00. SIMATIC Safety System

Verification and Validation

Certified Tester Foundation Level(CTFL)

Verification and Validation

Process for the Evaluation and Acceptance of Building Products in the USA

Test and Evaluation of Autonomous Systems in a Model Based Engineering Context

SOFTWARE LIFE-CYCLE PROCESSES From Waterfall to Extreme Programming

Introduction to Software Engineering

Requirements Validation and Negotiation

FUNCTIONAL SAFETY CERTIFICATE

SE420 - Software Quality Assurance

Lecture 7: Software Processes. Refresher: Software Always Evolves

CTAL. ISTQB Advanced Level.

Foundation Fieldbus Safety Instrumented System (FF SIS) FF-SIS Meeting. Hannover. April 21, 2004

SE 2730 Final Review

DRYING CONTROL LOGIC DEVELOPMENT USING MODEL BASED DESIGN

Key Features. Defect Rates. Traditional Unit testing: 25 faults / KLOC System testing: 25 / KLOC Inspections: / KLOC

What functional safety module designers need from IC developers

18-642: Requirements

Objectives. Connecting with Computer Science 2

Software Process. Software Process

RE for Embedded Systems - Part 1

MONIKA HEINER.

Assessment of Safety Functions of Lignite Mining Equipment according to the requirements of Functional Safety.

EXAM PREPARATION GUIDE

ida Certification Services IEC Functional Safety Assessment Project: Masoneilan Smart Valve Interface, SVI II ESD Customer: GE Energy

Hardware Safety Integrity. Hardware Safety Design Life-Cycle

Certified Information Systems Auditor (CISA)

Requirements Validation and Negotiation (cont d)

Certified Automotive Software Tester Sample Exam Paper Syllabus Version 2.0

Requirement Analysis

Topics. Software Process. Agile. Requirements. Basic Design. Modular Design. Design Patterns. Testing. Quality. Refactoring.

Requirements and Design Overview

Software architecture in ASPICE and Even-André Karlsson

The Analysis and Proposed Modifications to ISO/IEC Software Engineering Software Quality Requirements and Evaluation Quality Requirements

Component Design. Systems Engineering BSc Course. Budapest University of Technology and Economics Department of Measurement and Information Systems

Towards Open Modular Critical Systems

CertifiedAT - Version: 1. ISTQB Certified Agile Tester Foundation Level Extension

Systems Analysis & Design

EXAM PREPARATION GUIDE

Certification of Model Transformations

Examination Questions Time allowed: 1 hour 15 minutes

Agile Tester Foundation E-learning Course Outline

Incremental development A.Y. 2018/2019

Software Engineering

Reducing the costs of rework. Coping with change. Software prototyping. Ways to Cope with change. Benefits of prototyping

SOFTWARE QUALITY. MADE IN GERMANY.

Verification and Validation of High-Integrity Systems

PROTERRA CERTIFICATION PROTOCOL V2.2

Lecture 8 Requirements Engineering

SE310 Analysis and Design of Software Systems

Chap 2. Introduction to Software Testing

By V-cubed Solutions, Inc. Page1. All rights reserved by V-cubed Solutions, Inc.

Why testing and analysis. Software Testing. A framework for software testing. Outline. Software Qualities. Dependability Properties

ELECTROTECHNIQUE IEC INTERNATIONALE INTERNATIONAL ELECTROTECHNICAL COMMISSION

Testing in the Agile World

Report. Certificate M6A SIMATIC Safety System

The Cleanroom Method

Methodologies of safety-related Software development

IBM Rational Rhapsody

Quote by Bruce Sterling, from: A Software Testing Primer, Nick Jenkins

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

Standard Glossary of Terms used in Software Testing. Version 3.1. Expert Test Manager Terms

From Design to Production

FSO Webnair FSO Safety Functions Module. ABB Group February 11, 2015 Slide 1

The evolution of the cookbook

In this Lecture you will Learn: Testing in Software Development Process. What is Software Testing. Static Testing vs.

IAF Informative Document. Information on the Transition of Management System Accreditation to ISO/IEC :2015 from ISO/IEC 17021:2011

Software Engineering 2 A practical course in software engineering. Ekkart Kindler

Transcription:

Software Verification and Validation (VIMMD052) Introduction Istvan Majzik majzik@mit.bme.hu Budapest University of Technology and Economics Dept. of Measurement and Information s Budapest University of Technology and Economics Department of Measurement and Information s 1

Synopsis Introduction Verification in the requirement phase Architecture verification and evaluation Verification of the detailed o Classic techniques o Formal methods: model checking, equivalence checking o Advanced methods: formal verification of extra-functional properties and timed behavior, handling complex s (large state spaces) Verification of the source code o Code review, abstract interpretation, symbolic execution o Classic techniques of proving program correctness Testing and test case generation o Test at unit level o Integration and system testing o Model based testing and test case generation Validation and assessment V&V in the maintenance phases Integrated approaches 2

Contents of the lecture Motivation o What are the quality needs regarding software and what is offered by the software industry? o What is the role of software verification and validation techniques? Overview of the techniques of software V&V o What are the typical techniques in the development process? Development life cycle models o What is the role of V&V in the different life cycle models? The role of development standards o How systematic V&V is realized?

Motivation What are the quality needs regarding software and what is offered by the software industry? What is the role of software verification and validation techniques? 4

Expectations Service Level Agreements (SLA) o Availability (telco servers): 99,999% (5 min/year outage) Safety critical systems: o Tolerable hazard rate (THR) o Safety integrity levels (SIL) SIL Probability of dangerous failure per hour per safety function 15 years lifetime: 1 failure in case of 750 equipment 1 10-6 PFH < 10-5 2 10-7 PFH < 10-6 3 10-8 PFH < 10-7 4 10-9 PFH < 10-8 Operation without failure for approx. 11.000 years???

Different kinds of faults Development phase Operational phase Specification faults Design faults Implementation faults V&V during Hardware faults Configuration faults Operator faults Fault tolerance (e.g. redundancy)

Software quality problems Defibtech issues a worldwide recall of two of its defibrillator products due to faulty self-test software that may clear a previously detected low battery condition. (February 2007) Cricket Communications recalls about 285,000 of its cell phones due to a software glitch that causes audio problems when a caller connects to an emergency 911 call. (May 2008) 7

Statistics for software projects Typical size of code o 10 kloc 1000 kloc Development efforts: o Big but average software: 0.1 0.5 person months / kloc o Safety critical software: 5-10 person months / kloc Fault removal (review, testing, corrections): o 45-75% of the whole development efforts Change of fault density o 10-200 faults / kloc occurring during development Verification techniques o 0.1-10 faults / kloc before operation

How many bugs do we have to expect? Source: K-R. Hase: Open Proof in Railway Safety Software, FORMS/FORMAT Conference, December 2-3, 2010, Braunschweig, Germany 9

A study in Hungary Number of faults in 1 kloc (embedded software): o Manual development and testing: ~ 10 faults o Tool-supported automated development: ~ 1-2 faults o Automated development with formal methods: < 1 faults Hibák Number száma of faults (hiba/ezer / kloc kódsor) 15 10 5 0 11 6 2.5 0.25 Traditional UML MDA MDA+formal Implementation Design Requirements Implementation 4,2 2,55 0 0 Design 4,4 2,2 1,6 0,1 Requirements 2,2 1,3 1 0,1

Distribution and cost of bugs Early V&V reduces cost! 11

V&V: Verification and Validation Verification Validation Am I building the system right? Check correctness and consistency of development phases Conformance of s/models and their specification Objective (based on facts); can be automated Fault model: Design and implementation faults Not needed if implementation is automatically generated from specification Am I building the right system? Check the result of the development Conformance of the (finished) system and the user requirements Subjective (influenced by user expectations); checking acceptance Fault model: problems in the requirements are also included Not needed if the specification is correct (very simple) 12

Example: Development of flight control SW

Overview of the techniques of software V&V What are the typical techniques in the development process? 17

Who is concerned by V&V? Engineer Verifying requirement specification Architect, Designer Modeling and verifying s Developer, Coder Verifying source code, unit testing Test Designer Designing test processes and techniques Test Engineer Test automation, integration and system tests Safety Engineer Assessment w.r.t. development standards 18

What are the typical development steps? Requirement analysis specification Architecture implementation Engineer Architect, Designer Developer, Coder Schedule and sequencing depends on the lifecycle model (see later) integration delivery Test Designer, Test Engineer Operation, maintenance 19

Requirement analysis Requirement analysis specification Architecture Task V&V criteria V&V technique Defining functions, actors, use cases - Risks - Criticality - Checklists - Failure mode and effects analysis implementation integration delivery Operation, maintenance 20

specification Requirement analysis specification Architecture Task V&V criteria V&V technique Defining functional and non-functional requirements - Completeness - Consistency - Verifiability - Feasibility - Reviews - Static analysis - Simulation implementation integration delivery Reality Modeling - structuring - abstraction 21 Analysis Design space Designing - decomposition Implementation Implementation space Operation, maintenance

specification Requirement analysis specification Architecture Task V&V criteria V&V technique Defining functional and non-functional requirements - Completeness - Consistency - Verifiability - Feasibility - Reviews - Static analysis - Simulation implementation integration delivery Operation, maintenance Review: 1. Assembling a checklist 2. Presentation by the developer 3. Answering the questions of reviewers 4. Discussion, preparing the review report Types of peer review: Round robin: Different leader for reach module Walkthrough: The developer guides the reviewers Inspection: Based on a (formal) checklist

specification Requirement analysis specification Architecture implementation integration delivery Operation, maintenance Task V&V criteria V&V technique Defining functional and non-functional requirements - Completeness - Consistency - Verifiability - Feasibility - Reviews - Static analysis - Simulation Example: Specification of an access control system (in Event-B): Persons: prs 0, p prs (set) Buildings: bld 0, b bld (set) Authorization: aut prs bld (binary relation) Situation: sit prs bld (complete function) Invariant: sit aut An event (change of situation): pass = ANY p,b WHERE (p,b) aut sit(p) b THEN sit(p):=b END Automated analysis is possible: Checking invariant for each event

Architecture Requirement analysis specification Architecture Structuring space and mapping Abstraction Design space Implementation space Analysis (structuring the space) Mapping (automated) Formality implementation integration delivery Operation, maintenance - Decomposing modules Task V&V criteria V&V technique - HW-SW co- - Designing communication - Function coverage - Conformance of interfaces - Non-functional properties - Static analysis - Simulation - Performance, dependability, security analysis

(detailed ) Requirement analysis model Rendszer modellje Requirement spec. specification Architecture Formal verification OK y Automated Automatikus model modellellen checking n Counterexample implementation integration delivery Operation, maintenance Task V&V criteria V&V technique - Designing detailed behavior (data structures, algorithms) - Correctness of critical internal algorithms and protocols - Static analysis - Simulation - Formal verification - Rapid prototyping 25

implementation Requirement analysis specification Architecture Task V&V criteria V&V technique - Software implementation Code is - Safe - Verifiable - Maintainable - Checking coding conventions - Code reviews - Static code analysis - Verifying module implementation - Conformance to module s - Unit testing - Regression testing implementation integration delivery 26 Operation, maintenance

integration Requirement analysis specification Architecture Task V&V criteria V&V technique - Integrating modules - Integrating SW with HW - Conformance of integrated behavior - Correct communication - Integration testing (incremental) implementation integration delivery Operation, maintenance 27

delivery and deployment Requirement analysis specification Architecture Task V&V criteria V&V technique implementation - Assembling complete system - Conformance to system specification - testing - Measurements, monitoring integration delivery - Fulfilling user expectations - Conformance to requirements and expectations - Validation testing - Acceptance testing - Alfa/beta testing Operation, maintenance 28

Operation and maintenance Requirement analysis specification Architecture Tasks during operation and maintenance: - Failure logging and analysis (for failure prediction) - V&V of modifications depending on the affected life cycle phases implementation integration delivery Operation, maintenance Mini-lifecycle for each modification 29

Development life cycle models What is the role of V&V in the different life cycle models? 31

Development life cycle models The role of life cycle models o Handling the complexity of development Dividing the development into phases, milestones Basis for distributed / concurrent and then integration o Change management Handling the effects of requirement changes, modification and maintenance Introduction of new methods and tools Generic models of software development: o Sequential development: Waterfall and V-model o Evolutionary development: Rapid application development o Iterative development: Spiral model o Model based (formal) development: 4G model o Iterative-incremental development: Unified Process

1. Waterfall model Requirement analysis specification Architecture Verification: Precondition for proceeding to the next step Validation: Prerequisite for operation phase implementation integration testing Operation, maintenance

1. Waterfall model Requirement analysis specification Architecture Verification: Precondition for proceeding to the next step Validation: Prerequisite for operation implementation integration Modified waterfall model: Checking the effects of changes / corrections (e.g., regression testing) testing Operation, maintenance

2. The V-model Operation, maintenance Requirement analysis val. validation Based on the waterfall model Well-defined V&V for each step Precise of the verification, testing and validation steps specification Architecture test Integration test test implementation integration verification verification 35

Model based : From V to Y model Life cycle Reduction of efforts Manual coding 0% Common automated code generator is used -20% Certified automated code generator is used -50% Design using formal methods and tools -60% estimated 40 50 100% Costs

Classic method: Cleanroom Software Engineering Origin: o IBM proposal (1980s) o US military developments (1990s) Goal: o Verification based on formal models o Fault avoidance instead of removal Principles: o Use and verification of formal models o Incremental development with quality control (step-by-step increase of complexity) o Statistical testing based on formal models Selecting the representative trajectories Manual validation of modeling

3. Evolutionary development (RAD) Rapid development of an initial implementation then refinement through several versions, based on user feedback o Explorative development: Discussed with users First version: Based on known requirements o Rapid prototypes for the critical functions Validation using the prototype, re-working the prototype o Can be applied in case of incompletely specified systems V&V characteristics: o Increased role of prototype testing o Increased role of integration testing Adding new functions o Regression testing after modifications Existing functions remain correct

4. Iterative development: Spiral model Goals, alternatives, constraints Risk analysis 4 Analysis of risks and prototype for critical functions Risk analysis 3 Risk analysis 2 Risk analysis 1 Proto - Proto - Proto - Budget 4 Budget 3 Budget 2 Budget Prototype type 2 type 3 type 4 1 1 start Requirements, life-cycle plan Concept of operation Detailed Code Planning the next phase Implementation plan Acceptance test test Unit test Design and verification (cyclic)

Integration: o Well-specified requirements: Traditional development o Incompletely specified requirements: Rapid prototype development o Formally specified requirements: Model based development (with CASE tools), property preserving refinement o Iterative Model based verification 5. The 4G model

6. Unified Process Incremental and iterative o Phases divided into iterations (bound in time) o Each iteration is a complete (mini) development cycle o Different focus of verification in each phase Integration and regression testing is important

7. Agile software development Extreme Programming o o Short iterations, focusing on operational code, regular (daily) integration and status tracking (developers, users) Build frameworks Test first programming concept: Functional tests based on story card Testing after each modification (new function) Test Driven Development o o Incremental, steps for each new function: 1. Writing test for the new function (test will fail) 2. Coding (for successful test) 3. Refactoring of the code with re-testing Uses automated unit testing

The role of development standards How systematic V&V is realized? 44

Use of standards: Safety critical systems Standards for development o IEC 61508: Functional safety in electrical / programmable electronic systems o EN 50128: Railway control software o ISO 26262: Automotive software o DO 178B: Airborne software Specification of safety functions o Functionality: Intended to achieve or maintain a safe state o Safety integrity: Probability of a safety-related system satisfactorily performing the required safety functions (under all stated conditions and within a stated period of time) Safety integrity levels o Safety integrity assignment to functions: Based on risk analysis (of failures) Continuous operation: Tolerable rate of failures On demand operation: Tolerable probability of failure o Tolerable Hazard Rate: Categories based on numerical ranges: SIL 1, 2, 3, 4

Determining SIL Hazard identification and risk analysis -> Target failure measure EUC Frequency of hazardous event Software SIL is at least the same as system SIL (with some exceptions ) safety integrity level Software safety integrity level Risk THR SIL 4 3 4 3 Consequence of hazardous event 2 1 0 2 1 0 Risk analysis -> Function THR -> Function SIL -> (Sub)system SIL SIL Probability of dangerous failure per hour per safety function 1 10-6 PFH < 10-5 2 10-7 PFH < 10-6 3 10-8 PFH < 10-7 4 10-9 PFH < 10-8

Demonstrating SIL requirements Safety case: o Documented demonstration that the product complies with the specified safety requirements (functional + safety integrity) o Evidence is based on verification and validation Random failure integrity (for hardware): o Quantitative approach: Based on statistics, experiments o Computation of system failure rate using component fault rate data from reliability handbooks atic failure integrity (for software): o Quantitative approach is not possible (missing reliability data) o Qualitative approach: Prescribing rigor in the development 1. Well-defined development process (life cycle) 2. Mandatory / recommended techniques and measures 3. Organizational structure: Independence of persons / roles 4. Precise documentation

1. The development process (life cycle) Typically a static development process (e.g., V-model) o Well-defined steps o Requirements and environment known in advance Strict rules for proceeding to the next step: Important to verify the results of development o High costs of late corrections (esp. during operation) o The risk caused by remaining failures may be high Characteristics: o Evidences collected for the safety case o Assessment (independent review) o Certification and supervision by safety authorities, based on the development standard

Typical life-cycle model: V-model Operation, maintenance Requirement analysis val. validation specification test verification Architecture Integration test integration Well-defined relations between and verification steps: Planning of the verification activities test implementation verification

2. Techniques and measures Goal: Preventing the introduction of systematic faults and controlling the residual faults SIL determines the set of techniques to be applied as o M: Mandatory o HR: Highly recommended (rationale behind not using it should be detailed and agreed with the assessor) o R: Recommended o ---: No recommendation for or against being used o NR: Not recommended Combinations of techniques is allowed o E.g., alternative or equivalent techniques are marked Hierarchy of techniques (references to sub-tables)

Example: Testing techniques (EN 50128) Software and implementation: Functional / black box testing (D3):

Example: Testing techniques (EN 50128) Performance testing (D6):

Example: Hierarchy of V&V methods (IEC 61508) We will discuss these techniques during the course

Example: Hierarchy of V&V methods (IEC 61508)

Example: Hierarchy of V&V methods (IEC 61508)

Example: Hierarchy of V&V methods (IEC 61508)

3. Precise documentation Type of documentation o Comprehensive (overall lifecycle) E.g., Software Verification Plan o Specific (for a given lifecycle phase) E.g., Software Source Code Verification Report Document Cross Reference Table o Determines documentation for a lifecycle phase o Determines relations among documents Traceability of documents is required o Relationship between documents is specified ( based on, includes ) o Terminology, references, abbreviations are consistent Merging documents is allowed o If responsible persons (authors) shall not be independent

Example: Document structure (EN50128) Software Planning Phase Software Development Plan Software Quality Assurance Plan Software Configuration Management Plan Software Verification Plan Software Integration Test Plan Software/hardware Integration Test Plan Software Validation Plan Software Maintenance Plan Development Phase Requirements Specification Safety Requirements Specification Architecture Description Safety Plan Software Requirements Spec. Phase Software Requirements Specification Software Requirements Test Specification Software Requirements Verification Report Software Maintenance Phase Software Maintenance Records Software Change Records Software Assessment Phase Software Assessment Report Software Validation Phase Software Validation Report Software/hardware Integration Phase Software/hardware Integration Test Report 30 documents in a systematic structure Specification Design Verification Software Architecture & Design Phase Software Architecture Specification Software Design Specification Software Architecture and Design Verification Report Software Design Phase Software Design Specification Software Test Specification Software Verification Report Software Integration Phase Software Integration Test Report Software Testing Phase Software Test Report Coding Phase Software Source Code & Supporting Documentation Software Source Code Verification Report 58

Example: Document cross reference table (EN50128) Creation of a document Use of a document in a given phase

4. Organization and independence of roles Safety management o Quality assurance o Safety Organization (responsible persons)) Competence shall be demonstrated o Training, experience and qualifications Independence of roles: o DES: Designer (analyst, architect, coder, unit tester) o VER: Verifier o VAL: Validator o ASS: Assessor o MAN: Project manager o QUA: Quality assurance personnel

Example: Responsibilities (EN 50128) SIL 0: Organization Person DES, VER, VAL ASS SIL 1 or 2: DES VER, VAL ASS SIL 3 or 4: MGR ASS DES VER, VAL or: MGR DES VER VAL ASS DES: Designer VER: Verifier VAL: Validator ASS: Assessor MAN: Project manager 61

Summary Motivation o What are the quality needs regarding software and what is offered by the software industry? o What is the role of software verification and validation techniques? Overview of the techniques of software V&V o What are the typical techniques in the development process? Development life cycle models o What is the role of V&V in the different life cycle models? The role of development standards o How systematic V&V is realized?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback