SlideShare a Scribd company logo

S_22.ppt verification and validation in software testing

Download as PPT, PDF
N
namrataparopate

The document outlines the processes of verification and validation (V&V) in software engineering, emphasizing the importance of ensuring that software meets both its specifications and client needs. It distinguishes between static techniques like software inspections and automated static analysis, and dynamic techniques such as software testing, while also discussing their complementary roles. V&V should be planned early in development, taking into account varying levels of confidence needed based on the softwareโ€™s purpose and user expectations.

Internet
Related topics:
Insights on Software Development โ€ข Software Testing Insights โ€ข Verification and Validation โ€ข Software Architecture โ€ข Automated Testing Tools
1 of 28
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
1 / 28 CS 425/625 Software Engineering Verification and Validation Based on Chapter 19 of the textbook [SE-6] Ian Sommerville, Software Engineering, 6th Ed., Addison-Wesley, 2000 and on the Ch19 PowerPoint presentation available at the bookโ€™s web-site: www.comp.lancs.ac.uk/computing/resources/IanS/SE6/Slides/index.html November 10, 2003
2 / 28 Outline ๏ฎ Introduction ๏ฎ Testing and Debugging ๏ฎ Verification and Validation Planning ๏ฎ Software Inspections ๏ฎ Program Inspections (forms of Software Inspections) ๏ฎ Automatic Static Analysis
3 / 28 Introductionโ€ฆ.. ๏ฎ Verification and validation (V&V): the checking and analysis processes that ensure the software satisfies its specification and meets the needs of the clients who are paying for it ๏ฎ Validation: โ€œAre we building the right product?โ€ ๏ฎ Verification: โ€œAre we building the product right?โ€ ๏ฎ Verification involves checking the software conforms with its specification while the more general process of validation ensures the software meets the needs of the clients ๏ฎ V&V is a whole life-cycle process, encompassing requirements reviews, design reviews, code inspections, and program testing
4 / 28 .Introduction.โ€ฆ ๏ฎ V & V techniques: V & V techniques: ๏ต Software inspections Software inspections ๏ต Software testing Software testing ๏ฎ Software inspections ๏ต Are static V&V techniques as they do not require the Are static V&V techniques as they do not require the software to be executed software to be executed ๏ต Consist of inspections, automated static analyses, and formal Consist of inspections, automated static analyses, and formal verifications of source code or system models verifications of source code or system models ๏ต Can only check the correspondence between the software and its specification ๏ต Cannot demonstrate the system is operationally useful ๏ต Cannot check non-functional requirements of the software
5 / 28 ..Introduction... ๏ฎ Software testing ๏ต It is a dynamic V&V technique as it needs an executable version of the software system ๏ต The system is executed with test data and its operational behaviour is assessed ๏ต Can reveal the presence of errors, not their absence ๏ต A successful test is a test which discovers one or more errors ๏ต The V&V technique for checking non-functional requirements and for verifying system integration ๏ต Should be used in conjunction with static techniques to provide full V&V coverage
6 / 28 โ€ฆIntroduction.. ๏ฎ Types of software testing ๏ต Defect testing ๏ƒ˜ Intended to find inconsistencies between a program and its specification ๏ƒ˜ Tests designed to discover program faults and defects ๏ƒ˜ A successful defect test is one which reveals the presence of defects in a system ๏ต Statistical testing ๏ƒ˜ Designed for softwareโ€™s performance and reliability estimation ๏ƒ˜ By running tests that reflect actual user inputs and their frequency, an estimate of operational reliability can be made
7 / 28 โ€ฆ.Introduction. ๏ฎ Static and dynamic V&V [Fig 19.1, Somm00] Formal specification High-level design Requirements specification Detailed design Program Prototype Dynamic validation Static verification
8 / 28 โ€ฆ..Introduction ๏ฎ Verification and validation should establish confidence that the software is fit for purpose ๏ฎ This does not mean the software is completely free of defects; rather, it must be good enough for its intended use ๏ฎ The required level of confidence depends on: ๏ต Softwareโ€™s purpose: the level of confidence depends on how critical the software is to an organisation ๏ต User expectations: users may have lower expectations of certain types of software ๏ต Marketing environment: getting a product to market early may have higher priority than finding its defects
9 / 28 Testing and debugging. ๏ฎ Defect testing and debugging are distinct processes ๏ฎ V&V is concerned with establishing the existence of defects in a program ๏ฎ Debugging is concerned with locating and repairing these errors ๏ฎ Debugging involves formulating hypotheses about program behaviour then testing these hypotheses to find the errors
10 / 28 .Testing and debugging The debugging process [Fig. 19.2, Somm00] Locate error Design error repair Repair error Re-test program Test results Specification Test cases
11 / 28 ๏ฎ The planning of V&V should start early in the development process ๏ฎ The plan should balance static verification and testing, specify testing standards and procedures, establish checklists for inspections, and define the software test plan ๏ฎ Test planning breaks down V&V into a number of stages, often organized according to the V-model (shown on next page) ๏ฎ The focus is on setting standards and procedures for inspections and testing, not on describing product tests V & V Planning..
12 / 28 .V&V Planning. .V&V Planning. Requirements specification System specification System design Detailed design Module and unit code and tess Sub-system integration test plan System integration test plan Acceptance test plan Service Acceptance test System integration test Sub-system integration test The V-model of development [Fig. 19.3, Somm00]
13 / 28 ..V&V Planning ..V&V Planning ๏ฎ The structure of a software test plan ๏ต The testing process ๏ต Requirements traceability ๏ต Tested items ๏ต Testing schedule ๏ต Test recording procedures ๏ต Hardware and software requirements ๏ต Constraints
14 / 28 Software Inspections. ๏ฎ Involve people examining software code or models (representations) with the aim of discovering defects ๏ฎ Do not require execution of a system thus can be used throughout the development process ๏ฎ May be applied to any representation of the system: requirements, design, test data, etc. ๏ฎ Very effective technique for discovering errors
15 / 28 .Software Inspections ๏ฎ In software inspections many different defects can be discovered in a single review of the source code or software model ๏ฎ In testing, one defect may mask another hence several executions are required ๏ฎ Software inspections reuse domain and programming knowledge so reviewers are likely to have seen the types of error that commonly occur ๏ฎ Software inspections and software testing are complementary, not competing techniques (see also slides 4 and 5)
16 / 28 Program Inspectionsโ€ฆโ€ฆ. ๏ฎ Program inspections are a type of software inspections ๏ฎ Consist of formal reviews conducted by teams and intended for program defect detection ๏ฎ Defects may be logical errors, anomalies in the code that might indicate an erroneous condition (e.g., an un-initialized variable), or non-compliances with standards
17 / 28 .Program Inspectionsโ€ฆโ€ฆ ๏ฎ Inspection pre-conditions: ๏ต A precise specification must be available ๏ต Team members must be familiar with the organisation standards ๏ต Syntactically correct code must be available ๏ต An error checklist should be prepared ๏ต Management must accept that inspection will increase costs early in the software process ๏ต Management must not use inspections for staff appraisal
18 / 28 Inspection meeting Individual preparation Overview Planning Rework Follow-up ..Program Inspectionsโ€ฆ.. The inspection process [Fig. 19.6, Somm00]
19 / 28 โ€ฆProgram Inspectionsโ€ฆ. ๏ฎ Program inspection procedure: ๏ต The inspection is planned by the moderator (or chairman) ๏ต The system overview is presented to the inspection team by the program author (or owner) ๏ต The code and associated documents are distributed to the inspectors (inspection team) in advance for individual preparation ๏ต The inspection meeting takes place and errors are noted (the inspection also involves a reader and, possibly, a scribe) ๏ต During re-work modifications are made by the author to repair discovered errors ๏ต Re-inspection may or may not be required, based on moderatorโ€™s decision
20 / 28 โ€ฆ.Program Inspectionsโ€ฆ ๏ฎ Inspection teams are Inspection teams are made up of at least 4 members: ๏ต Author of the code being inspected ๏ต Inspector who finds errors, omissions and inconsistencies ๏ต Reader who reads the code to the team ๏ต Moderator who chairs the meeting and notes discovered errors ๏ต Other roles are chief moderator and scribe
21 / 28 โ€ฆ..Program Inspections.. ๏ฎ Inspection checklist ๏ต A checklist of common errors should be used during the inspection ๏ต This error checklist is programming language dependent ๏ต The weaker the type-checking of the language, the larger the checklist ๏ต Examples of possible errors: initialisation, constant naming, loop termination, array bounds, etc.
22 / 28 Inspection checks (fault classes) [Fig. 19.7, Somm00] Fault class Inspection check Data faults Are all program variables initialised before their values are used? Have all constants been named? Should the lower bound of arraysbe 0, 1, or something else? Should the upper bound of arrays beequal to the size of the array or Size -1? If character strings are used, is a delimiter explicitly assigned? Control faults For each conditional statement, is the condition correct? Is each loop certain to terminate? Are compound statements correctly bracketed? In case statements, are all possible cases accounted for? Input/output faults Are all input variables used? Are all output variables assigned a value before they are output? Interface faults Do all function and procedure calls have the correct number of parameters? Do formal and actual parameter types match? Are the parameters in the right order? If components access shared memory, do they have the same model of the shared memory structure? Storage management faults If a linked structure is modified, have all links been correctly reassigned? If dynamic storage is used, has space been allocated correctly? Is space explicitly de-allocated after it is no longer required? Exception management faults Have all possible error conditions been taken into account?
23 / 28 โ€ฆโ€ฆ โ€ฆโ€ฆ.Program Inspections .Program Inspections ๏ฎ Inspection rates: ๏ต 500 statements/hour during overview ๏ต 125 source statement/hour during individual preparation ๏ต 90-125 statements/hour can be inspected ๏ต Inspection is therefore an expensive process ๏ต Inspecting 500 lines costs about 40 man/hours effort = ยฃ2800
24 / 28 Automated Static Analysisโ€ฆ. ๏ฎ Static analyzers are software tools for source code processing ๏ฎ They parse the program text to discover erroneous conditions ๏ฎ Very effective as an aid to inspections; supplement but cannot replace inspections ๏ฎ Particularly valuable for languages such as C that have weak typing (many errors can remain undetected by the compiler) ๏ฎ Less cost-effective for languages such as Java that have strong type checking (many errors can be detected during compilation)
25 / 28 .Automated Static Analysisโ€ฆ Fault class Static analysis check Data faults Variables used before initialisation Variables declared but never used Variables assigned twice but never used between assignments Possible array bound violations Undeclared variables Control faults Unreachable code Unconditional branches into loops Input/output faults Variables output twice with no intervening assignment Interface faults Parameter type mismatches Parameter number mismatches Non-usage of the results of functions Uncalled functions and procedures Storage management faults Unassigned pointers Pointer arithmetic Automatic static analysis checks [Fig. 19.8, Somm00]
26 / 28 ..Automated Static Analysis.. ๏ฎ Stages of static analysis: ๏ต Control flow analysis. Checks for loops with multiple exit or entry points, finds unreachable code, etc. ๏ต Data use analysis. Detects un-initialised variables, variables written twice without an intervening assignment, variables which are declared but never used, etc. ๏ต Interface analysis. Checks the consistency of routine and procedure declarations and their use
27 / 28 โ€ฆAutomated Static Analysis. ๏ฎ Stages of static analysis [contโ€™d]: ๏ต Information flow analysis. Identifies the dependencies of output variables. Does not detect anomalies itself but highlights information for code review (inspection) ๏ต Path analysis. Identifies paths through the program and sets out the statements executed in that path. Again, potentially useful in the review process
28 / 28 LINT static analysis [Fig 19.9, Somm00] 138% more lint_ex.c #include <stdio.h> printarray (Anarray) int Anarray; { printf(โ€œ%dโ€,Anarray); } main () { int Anarray[5]; int i; char c; printarray (Anarray, i, c); printarray (Anarray) ; } 139% cc lint_ex.c 140% lint lint_ex.c lint_ex.c(10): warning: c may be used before set lint_ex.c(10): warning: i may be used before set printarray: variable # of args. lint_ex.c(4) :: lint_ex.c(10) printarray, arg. 1 used inconsistently lint_ex.c(4) :: lint_ex.c(10) printarray, arg. 1 used inconsistently lint_ex.c(4) :: lint_ex.c(11) printf returns value which is always ignored

More Related Content

PPT
Sech1920 1200112979886874-3
Mateti Anilraja
ย 
PPTX
SOFTWARE TESTING unit 1 types of software testing.pptx
dishamasane
ย 
PPT
Verification and Validation in Software Engineering SE19
koolkampus
ย 
PPT
Sv&amp;V Rim
wachakhan
ย 
PPT
software-testing-strategies888888888.ppt
sameera abu-ghalyoon
ย 
PPT
SECh1920
Joe Christensen
ย 
PPT
Ch22
phanleson
ย 
PPT
9 test_levels-
Saad Hamdan
ย 
Sech1920 1200112979886874-3
Mateti Anilraja
ย 
SOFTWARE TESTING unit 1 types of software testing.pptx
dishamasane
ย 
Verification and Validation in Software Engineering SE19
koolkampus
ย 
Sv&amp;V Rim
wachakhan
ย 
software-testing-strategies888888888.ppt
sameera abu-ghalyoon
ย 
SECh1920
Joe Christensen
ย 
Ch22
phanleson
ย 
9 test_levels-
Saad Hamdan
ย 

Similar to S_22.ppt verification and validation in software testing (20)

DOC
software testing strategies
Hemanth Gajula
ย 
PPT
Ian Sommerville, Software Engineering, 9th EditionCh 8
Mohammed Romi
ย 
PPTX
software testing technique
Rana assad ali
ย 
PDF
Reading Summary - Effective Software Defect Tracking + Pragmatic Unit Testing
Artemisa Yescas Engler
ย 
PPT
Lecture18- Testing Strategy.ppt by aiman
AIMANFATIMA866050
ย 
PPT
Basic Guide to Manual Testing
Hiral Gosani
ย 
PPS
Mca se chapter_07_software_validation
Aman Adhikari
ย 
PPTX
SQAT - Ch.01 - Basics of Software Quality Assurance.pptx
JamesBond379166
ย 
PPT
16103271 software-testing-ppt
atish90
ย 
PPTX
Software testing
Ravi Dasari
ย 
PPT
Chapter 9 Testing Strategies.ppt
VijayaPratapReddyM
ย 
PPTX
Software Testing
Inocentshuja Ahmad
ย 
PDF
Quality Assurance with Manual Testing
Edureka!
ย 
PPT
Software_Verification_and_Validation.ppt
Saba651353
ย 
PDF
Software testing kn husainy
khalid noman husainy
ย 
PDF
Objectorientedtesting 160320132146
vidhyyav
ย 
PPTX
Software testing
Eng Ibrahem
ย 
PPT
SW Testing Fundamentals
Ismail aboulezz
ย 
PPTX
Object oriented testing
Haris Jamil
ย 
PPTX
Sta unit 2(abimanyu)
Abhimanyu Mishra
ย 
software testing strategies
Hemanth Gajula
ย 
Ian Sommerville, Software Engineering, 9th EditionCh 8
Mohammed Romi
ย 
software testing technique
Rana assad ali
ย 
Reading Summary - Effective Software Defect Tracking + Pragmatic Unit Testing
Artemisa Yescas Engler
ย 
Lecture18- Testing Strategy.ppt by aiman
AIMANFATIMA866050
ย 
Basic Guide to Manual Testing
Hiral Gosani
ย 
Mca se chapter_07_software_validation
Aman Adhikari
ย 
SQAT - Ch.01 - Basics of Software Quality Assurance.pptx
JamesBond379166
ย 
16103271 software-testing-ppt
atish90
ย 
Software testing
Ravi Dasari
ย 
Chapter 9 Testing Strategies.ppt
VijayaPratapReddyM
ย 
Software Testing
Inocentshuja Ahmad
ย 
Quality Assurance with Manual Testing
Edureka!
ย 
Software_Verification_and_Validation.ppt
Saba651353
ย 
Software testing kn husainy
khalid noman husainy
ย 
Objectorientedtesting 160320132146
vidhyyav
ย 
Software testing
Eng Ibrahem
ย 
SW Testing Fundamentals
Ismail aboulezz
ย 
Object oriented testing
Haris Jamil
ย 
Sta unit 2(abimanyu)
Abhimanyu Mishra
ย 
Ad

More from namrataparopate (10)

PPT
osi-tcposi-tcposi-tcposi-tcposi-tcposi-tcp.ppt
namrataparopate
ย 
PPT
26 (SMTP and FTP) 76 slides 2.ppt 26 (SMTP and FTP) 76 slides 2.ppt
namrataparopate
ย 
PPT
Chapter_4_InternetSecurity.pptChapter_4_InternetSecurity.pptChapter_4_Interne...
namrataparopate
ย 
PPTX
file_concept.pptx file presentation directories
namrataparopate
ย 
PPT
osi.ppt SI/MODEL PROTOCOL TCP/IP MODEL OSI/MODEL PROTOCOL TCP/IP MODEL OSI/MO...
namrataparopate
ย 
PPT
tcp-iprefmodel.ppt SI/MODEL PROTOCOL TCP/IP MODEL OSI/MODEL PROTOCOL TCP/IP M...
namrataparopate
ย 
PPT
CHP_1.ppt DATA COMMUNICATION IN COMPUTER NETWORKING
namrataparopate
ย 
PPTX
DNS (1).pptx DOMAIN NAME SPACE PUBLIC NAME
namrataparopate
ย 
PPTX
DNS (1).pptx computer networking access DATA
namrataparopate
ย 
PPT
CHP_1.ppt computer networking concepts DATA
namrataparopate
ย 
osi-tcposi-tcposi-tcposi-tcposi-tcposi-tcp.ppt
namrataparopate
ย 
26 (SMTP and FTP) 76 slides 2.ppt 26 (SMTP and FTP) 76 slides 2.ppt
namrataparopate
ย 
Chapter_4_InternetSecurity.pptChapter_4_InternetSecurity.pptChapter_4_Interne...
namrataparopate
ย 
file_concept.pptx file presentation directories
namrataparopate
ย 
osi.ppt SI/MODEL PROTOCOL TCP/IP MODEL OSI/MODEL PROTOCOL TCP/IP MODEL OSI/MO...
namrataparopate
ย 
tcp-iprefmodel.ppt SI/MODEL PROTOCOL TCP/IP MODEL OSI/MODEL PROTOCOL TCP/IP M...
namrataparopate
ย 
CHP_1.ppt DATA COMMUNICATION IN COMPUTER NETWORKING
namrataparopate
ย 
DNS (1).pptx DOMAIN NAME SPACE PUBLIC NAME
namrataparopate
ย 
DNS (1).pptx computer networking access DATA
namrataparopate
ย 
CHP_1.ppt computer networking concepts DATA
namrataparopate
ย 
Ad

Recently uploaded (20)

PPTX
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
ย 
PPTX
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
ย 
PDF
๐Ÿ’ฐ ๐”๐Š๐“๐ˆ ๐Š๐„๐Œ๐„๐๐€๐๐†๐€๐ ๐Š๐ˆ๐๐„๐‘๐Ÿ’๐ƒ ๐‡๐€๐‘๐ˆ ๐ˆ๐๐ˆ ๐Ÿ๐ŸŽ๐Ÿ๐Ÿ“ ๐Ÿ’ฐ
GRAB
ย 
PPTX
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
ย 
PPTX
PptxGenJS_Demo_Chart_20250317130215833.pptx
itruongva
ย 
PDF
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
ย 
PDF
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
ย 
PDF
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
ย 
PPTX
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
ย 
PDF
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
ย 
PDF
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
ย 
PPTX
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
ย 
PDF
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
ย 
PPTX
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
ย 
PPTX
Digital Literacy And Online Safety on internet
riksa rifqi
ย 
PDF
Testing WebRTC applications at scale.pdf
Giacomo Vacca
ย 
PDF
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
ย 
PPTX
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
ย 
PPTX
Introduction to Information and Communication Technology
AkmadArzieAyao1
ย 
PDF
Triggering QUIC, presented by Geoff Huston at IETF 123
APNIC
ย 
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
ย 
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
ย 
๐Ÿ’ฐ ๐”๐Š๐“๐ˆ ๐Š๐„๐Œ๐„๐๐€๐๐†๐€๐ ๐Š๐ˆ๐๐„๐‘๐Ÿ’๐ƒ ๐‡๐€๐‘๐ˆ ๐ˆ๐๐ˆ ๐Ÿ๐ŸŽ๐Ÿ๐Ÿ“ ๐Ÿ’ฐ
GRAB
ย 
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
ย 
PptxGenJS_Demo_Chart_20250317130215833.pptx
itruongva
ย 
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
ย 
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
ย 
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
ย 
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
ย 
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
ย 
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
ย 
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
ย 
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
ย 
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
ย 
Digital Literacy And Online Safety on internet
riksa rifqi
ย 
Testing WebRTC applications at scale.pdf
Giacomo Vacca
ย 
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
ย 
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
ย 
Introduction to Information and Communication Technology
AkmadArzieAyao1
ย 
Triggering QUIC, presented by Geoff Huston at IETF 123
APNIC
ย 

S_22.ppt verification and validation in software testing

  • 1. 1 / 28 CS 425/625 Software Engineering Verification and Validation Based on Chapter 19 of the textbook [SE-6] Ian Sommerville, Software Engineering, 6th Ed., Addison-Wesley, 2000 and on the Ch19 PowerPoint presentation available at the bookโ€™s web-site: www.comp.lancs.ac.uk/computing/resources/IanS/SE6/Slides/index.html November 10, 2003
  • 2. 2 / 28 Outline ๏ฎ Introduction ๏ฎ Testing and Debugging ๏ฎ Verification and Validation Planning ๏ฎ Software Inspections ๏ฎ Program Inspections (forms of Software Inspections) ๏ฎ Automatic Static Analysis
  • 3. 3 / 28 Introductionโ€ฆ.. ๏ฎ Verification and validation (V&V): the checking and analysis processes that ensure the software satisfies its specification and meets the needs of the clients who are paying for it ๏ฎ Validation: โ€œAre we building the right product?โ€ ๏ฎ Verification: โ€œAre we building the product right?โ€ ๏ฎ Verification involves checking the software conforms with its specification while the more general process of validation ensures the software meets the needs of the clients ๏ฎ V&V is a whole life-cycle process, encompassing requirements reviews, design reviews, code inspections, and program testing
  • 4. 4 / 28 .Introduction.โ€ฆ ๏ฎ V & V techniques: V & V techniques: ๏ต Software inspections Software inspections ๏ต Software testing Software testing ๏ฎ Software inspections ๏ต Are static V&V techniques as they do not require the Are static V&V techniques as they do not require the software to be executed software to be executed ๏ต Consist of inspections, automated static analyses, and formal Consist of inspections, automated static analyses, and formal verifications of source code or system models verifications of source code or system models ๏ต Can only check the correspondence between the software and its specification ๏ต Cannot demonstrate the system is operationally useful ๏ต Cannot check non-functional requirements of the software
  • 5. 5 / 28 ..Introduction... ๏ฎ Software testing ๏ต It is a dynamic V&V technique as it needs an executable version of the software system ๏ต The system is executed with test data and its operational behaviour is assessed ๏ต Can reveal the presence of errors, not their absence ๏ต A successful test is a test which discovers one or more errors ๏ต The V&V technique for checking non-functional requirements and for verifying system integration ๏ต Should be used in conjunction with static techniques to provide full V&V coverage
  • 6. 6 / 28 โ€ฆIntroduction.. ๏ฎ Types of software testing ๏ต Defect testing ๏ƒ˜ Intended to find inconsistencies between a program and its specification ๏ƒ˜ Tests designed to discover program faults and defects ๏ƒ˜ A successful defect test is one which reveals the presence of defects in a system ๏ต Statistical testing ๏ƒ˜ Designed for softwareโ€™s performance and reliability estimation ๏ƒ˜ By running tests that reflect actual user inputs and their frequency, an estimate of operational reliability can be made
  • 7. 7 / 28 โ€ฆ.Introduction. ๏ฎ Static and dynamic V&V [Fig 19.1, Somm00] Formal specification High-level design Requirements specification Detailed design Program Prototype Dynamic validation Static verification
  • 8. 8 / 28 โ€ฆ..Introduction ๏ฎ Verification and validation should establish confidence that the software is fit for purpose ๏ฎ This does not mean the software is completely free of defects; rather, it must be good enough for its intended use ๏ฎ The required level of confidence depends on: ๏ต Softwareโ€™s purpose: the level of confidence depends on how critical the software is to an organisation ๏ต User expectations: users may have lower expectations of certain types of software ๏ต Marketing environment: getting a product to market early may have higher priority than finding its defects
  • 9. 9 / 28 Testing and debugging. ๏ฎ Defect testing and debugging are distinct processes ๏ฎ V&V is concerned with establishing the existence of defects in a program ๏ฎ Debugging is concerned with locating and repairing these errors ๏ฎ Debugging involves formulating hypotheses about program behaviour then testing these hypotheses to find the errors
  • 10. 10 / 28 .Testing and debugging The debugging process [Fig. 19.2, Somm00] Locate error Design error repair Repair error Re-test program Test results Specification Test cases
  • 11. 11 / 28 ๏ฎ The planning of V&V should start early in the development process ๏ฎ The plan should balance static verification and testing, specify testing standards and procedures, establish checklists for inspections, and define the software test plan ๏ฎ Test planning breaks down V&V into a number of stages, often organized according to the V-model (shown on next page) ๏ฎ The focus is on setting standards and procedures for inspections and testing, not on describing product tests V & V Planning..
  • 12. 12 / 28 .V&V Planning. .V&V Planning. Requirements specification System specification System design Detailed design Module and unit code and tess Sub-system integration test plan System integration test plan Acceptance test plan Service Acceptance test System integration test Sub-system integration test The V-model of development [Fig. 19.3, Somm00]
  • 13. 13 / 28 ..V&V Planning ..V&V Planning ๏ฎ The structure of a software test plan ๏ต The testing process ๏ต Requirements traceability ๏ต Tested items ๏ต Testing schedule ๏ต Test recording procedures ๏ต Hardware and software requirements ๏ต Constraints
  • 14. 14 / 28 Software Inspections. ๏ฎ Involve people examining software code or models (representations) with the aim of discovering defects ๏ฎ Do not require execution of a system thus can be used throughout the development process ๏ฎ May be applied to any representation of the system: requirements, design, test data, etc. ๏ฎ Very effective technique for discovering errors
  • 15. 15 / 28 .Software Inspections ๏ฎ In software inspections many different defects can be discovered in a single review of the source code or software model ๏ฎ In testing, one defect may mask another hence several executions are required ๏ฎ Software inspections reuse domain and programming knowledge so reviewers are likely to have seen the types of error that commonly occur ๏ฎ Software inspections and software testing are complementary, not competing techniques (see also slides 4 and 5)
  • 16. 16 / 28 Program Inspectionsโ€ฆโ€ฆ. ๏ฎ Program inspections are a type of software inspections ๏ฎ Consist of formal reviews conducted by teams and intended for program defect detection ๏ฎ Defects may be logical errors, anomalies in the code that might indicate an erroneous condition (e.g., an un-initialized variable), or non-compliances with standards
  • 17. 17 / 28 .Program Inspectionsโ€ฆโ€ฆ ๏ฎ Inspection pre-conditions: ๏ต A precise specification must be available ๏ต Team members must be familiar with the organisation standards ๏ต Syntactically correct code must be available ๏ต An error checklist should be prepared ๏ต Management must accept that inspection will increase costs early in the software process ๏ต Management must not use inspections for staff appraisal
  • 18. 18 / 28 Inspection meeting Individual preparation Overview Planning Rework Follow-up ..Program Inspectionsโ€ฆ.. The inspection process [Fig. 19.6, Somm00]
  • 19. 19 / 28 โ€ฆProgram Inspectionsโ€ฆ. ๏ฎ Program inspection procedure: ๏ต The inspection is planned by the moderator (or chairman) ๏ต The system overview is presented to the inspection team by the program author (or owner) ๏ต The code and associated documents are distributed to the inspectors (inspection team) in advance for individual preparation ๏ต The inspection meeting takes place and errors are noted (the inspection also involves a reader and, possibly, a scribe) ๏ต During re-work modifications are made by the author to repair discovered errors ๏ต Re-inspection may or may not be required, based on moderatorโ€™s decision
  • 20. 20 / 28 โ€ฆ.Program Inspectionsโ€ฆ ๏ฎ Inspection teams are Inspection teams are made up of at least 4 members: ๏ต Author of the code being inspected ๏ต Inspector who finds errors, omissions and inconsistencies ๏ต Reader who reads the code to the team ๏ต Moderator who chairs the meeting and notes discovered errors ๏ต Other roles are chief moderator and scribe
  • 21. 21 / 28 โ€ฆ..Program Inspections.. ๏ฎ Inspection checklist ๏ต A checklist of common errors should be used during the inspection ๏ต This error checklist is programming language dependent ๏ต The weaker the type-checking of the language, the larger the checklist ๏ต Examples of possible errors: initialisation, constant naming, loop termination, array bounds, etc.
  • 22. 22 / 28 Inspection checks (fault classes) [Fig. 19.7, Somm00] Fault class Inspection check Data faults Are all program variables initialised before their values are used? Have all constants been named? Should the lower bound of arraysbe 0, 1, or something else? Should the upper bound of arrays beequal to the size of the array or Size -1? If character strings are used, is a delimiter explicitly assigned? Control faults For each conditional statement, is the condition correct? Is each loop certain to terminate? Are compound statements correctly bracketed? In case statements, are all possible cases accounted for? Input/output faults Are all input variables used? Are all output variables assigned a value before they are output? Interface faults Do all function and procedure calls have the correct number of parameters? Do formal and actual parameter types match? Are the parameters in the right order? If components access shared memory, do they have the same model of the shared memory structure? Storage management faults If a linked structure is modified, have all links been correctly reassigned? If dynamic storage is used, has space been allocated correctly? Is space explicitly de-allocated after it is no longer required? Exception management faults Have all possible error conditions been taken into account?
  • 23. 23 / 28 โ€ฆโ€ฆ โ€ฆโ€ฆ.Program Inspections .Program Inspections ๏ฎ Inspection rates: ๏ต 500 statements/hour during overview ๏ต 125 source statement/hour during individual preparation ๏ต 90-125 statements/hour can be inspected ๏ต Inspection is therefore an expensive process ๏ต Inspecting 500 lines costs about 40 man/hours effort = ยฃ2800
  • 24. 24 / 28 Automated Static Analysisโ€ฆ. ๏ฎ Static analyzers are software tools for source code processing ๏ฎ They parse the program text to discover erroneous conditions ๏ฎ Very effective as an aid to inspections; supplement but cannot replace inspections ๏ฎ Particularly valuable for languages such as C that have weak typing (many errors can remain undetected by the compiler) ๏ฎ Less cost-effective for languages such as Java that have strong type checking (many errors can be detected during compilation)
  • 25. 25 / 28 .Automated Static Analysisโ€ฆ Fault class Static analysis check Data faults Variables used before initialisation Variables declared but never used Variables assigned twice but never used between assignments Possible array bound violations Undeclared variables Control faults Unreachable code Unconditional branches into loops Input/output faults Variables output twice with no intervening assignment Interface faults Parameter type mismatches Parameter number mismatches Non-usage of the results of functions Uncalled functions and procedures Storage management faults Unassigned pointers Pointer arithmetic Automatic static analysis checks [Fig. 19.8, Somm00]
  • 26. 26 / 28 ..Automated Static Analysis.. ๏ฎ Stages of static analysis: ๏ต Control flow analysis. Checks for loops with multiple exit or entry points, finds unreachable code, etc. ๏ต Data use analysis. Detects un-initialised variables, variables written twice without an intervening assignment, variables which are declared but never used, etc. ๏ต Interface analysis. Checks the consistency of routine and procedure declarations and their use
  • 27. 27 / 28 โ€ฆAutomated Static Analysis. ๏ฎ Stages of static analysis [contโ€™d]: ๏ต Information flow analysis. Identifies the dependencies of output variables. Does not detect anomalies itself but highlights information for code review (inspection) ๏ต Path analysis. Identifies paths through the program and sets out the statements executed in that path. Again, potentially useful in the review process
  • 28. 28 / 28 LINT static analysis [Fig 19.9, Somm00] 138% more lint_ex.c #include <stdio.h> printarray (Anarray) int Anarray; { printf(โ€œ%dโ€,Anarray); } main () { int Anarray[5]; int i; char c; printarray (Anarray, i, c); printarray (Anarray) ; } 139% cc lint_ex.c 140% lint lint_ex.c lint_ex.c(10): warning: c may be used before set lint_ex.c(10): warning: i may be used before set printarray: variable # of args. lint_ex.c(4) :: lint_ex.c(10) printarray, arg. 1 used inconsistently lint_ex.c(4) :: lint_ex.c(10) printarray, arg. 1 used inconsistently lint_ex.c(4) :: lint_ex.c(11) printf returns value which is always ignored