Polimi CS - Notes

7.1 - Verification & Validation

8 min read

  • verification
  • validation
  • quality assurance

Verification and validation (V&V) are critical components of software development, focusing on ensuring that software systems meet both technical specifications and stakeholder expectations. These concepts, while interconnected, have distinct purposes:

Definition

  • Verification refers to internal processes aimed at evaluating whether the software is being developed correctly with respect to its specification. It addresses the question: Are we building the software right? This process often involves activities such as code reviews, unit testing, and static analysis to ensure that the implementation aligns with design documents, coding standards, and functional requirements.

  • Validation, on the other hand, is an external evaluation to determine if the software meets stakeholder needs and fulfills its intended purpose. It poses the question: Are we building the right software? Validation is typically carried out through user acceptance testing, field testing, or simulation, ensuring the software is aligned with the real-world problems it is meant to solve.

Quality Assurance in Software Development

Quality Assurance (QA) is a comprehensive approach aimed at ensuring that the final product is reliable, functional, and meets user expectations. QA involves defining clear policies and processes to maintain high standards during the development lifecycle. It integrates various Verification and Validation techniques to assess quality, uncover defects, and improve software robustness.

Quality in software is a multifaceted concept and can be understood through several lenses:

  1. Absence of defects: This includes identifying and resolving bugs that may lead to incorrect or unintended behavior.
  2. Fulfillment of non-functional requirements: Beyond functional correctness, software must address performance, security, scalability, and other external qualities. These attributes ensure the software operates effectively in production environments.
  3. Internal quality attributes: Characteristics such as maintainability, readability, and modularity are crucial for ensuring long-term viability and ease of enhancements.

QA is not limited to detecting and addressing flaws; it is an iterative process that continuously enhances the software’s ability to meet both explicit and implicit expectations.

Key Terminology in Software Quality

Understanding the terminology used in software quality assurance is essential for diagnosing and resolving issues effectively. Here is an elaboration of terms often encountered in QA, based on the IEEE Computer Society’s classification:

Definition

  1. Failure: A failure is an observable event where the software fails to perform a required function or operates outside predefined limits. For instance, if a banking application incorrectly calculates interest, it represents a failure because the system’s output does not match expected results.
  2. Fault: A fault is a latent defect within the software that, when triggered, leads to a failure. For example, a faulty algorithm designed to handle edge cases in a calculation may result in a failure when those edge cases occur.
  3. Defect: A defect refers to any imperfection in the program. This could involve violations of functional requirements (e.g., returning a negative value when a positive one is expected) or deviations from design standards. Defects can remain dormant until specific conditions activate them.
  4. Error: An error is a human action or mistake during the software development process that introduces defects. For example, a miscalculated formula in the code or misunderstanding of a requirement specification is classified as an error.

These terms are often interconnected and follow a sequence. Errors by developers lead to defects in the code, which manifest as faults under certain conditions and ultimately cause failures when the system cannot perform as required.

graph LR
    fault -- produces --> failure
    fault -- reveals --> defect
    error -- causes --> fault
    error -- introduces --> defect

The relationships among these concepts can be visualized as follows:

  • Errors introduce defects during development.
  • Defects are the root cause of faults in the program.
  • Faults, when activated under specific conditions, lead to failures in the system.

This sequence underscores the importance of early detection and correction through robust quality assurance practices. By catching errors during the coding phase, developers can prevent defects from evolving into costly failures in production environments.

Challenges in Quality Assurance

Achieving zero-defect software is practically unattainable due to the inherent complexity of modern systems. However, this limitation emphasizes the need for diligent and ongoing QA processes. The goal is to minimize defects and ensure the software meets functional and non-functional requirements. Effective QA practices include:

  1. Thorough Verification of Artifacts: Every development artifact, such as specification documents, design models, and test data, should undergo rigorous QA to detect inconsistencies and ambiguities early.
  2. Recursive Verification: Even artifacts created for verification purposes, like test cases and test scripts, must themselves be verified to ensure their accuracy and effectiveness.
  3. Process Integration: QA should span the entire development lifecycle rather than being limited to the final stages. Continuous QA helps in catching defects earlier, reducing the cost and effort required for corrections.

In the context of this course, the emphasis lies on verification rather than validation, focusing on building software that adheres strictly to predefined specifications.

Verification in Engineering Disciplines

Verification plays a vital role across various engineering fields, though the methodologies and challenges vary depending on the discipline:

  1. Structural Engineering (e.g., bridges):

    • Requirements: A structural requirement might dictate that a bridge must support heavy vehicles, such as trucks weighing up to 40 tons.
    • Testing: Verifying this involves loading the bridge with a weight greater than the requirement, such as 50 tons. A single test provides confidence for all weight values within the range because physical structures behave continuously.

  2. Software Engineering (e.g., programs):

    • Non-continuous Behavior: Software differs fundamentally from physical structures because it does not exhibit continuous behavior. Testing a single input value provides no guarantee about the program’s behavior for other inputs.

Example

Consider the following code snippet:

 a = y / (x + 20)

In this case, the program works correctly for all values of x except for x = -20, where a division by zero error occurs. Verifying software requires systematic techniques to account for these discrete edge cases.

Levels of Verification: The V-Model Perspective

Verification in software development can occur at various levels, aligning with the V-Model of development. The V-Model emphasizes a parallel relationship between development stages (e.g., requirements analysis, design) and corresponding verification activities (e.g., system testing, unit testing). This approach ensures that each development phase is systematically verified.

  1. Actual Needs and Constraints: This represents the starting point of the development process, capturing the stakeholders’ requirements, constraints, and expectations. These needs are validated through User Acceptance Testing (UAT), which involves activities like alpha and beta testing to ensure the final product meets the stakeholders’ requirements.
  2. Requirements Analysis and Specification Document (RASD): Captures the functional and non-functional requirements of the system. Undergoes Review to verify the accuracy and completeness of the requirements before proceeding to the next phase.
  3. High-Level Design Document: Defines the architecture of the system, including how different subsystems will interact. Verified through Integration Testing, which ensures that the components and subsystems work together correctly.
  4. Unit/Component Specifications: Details the design and behavior of individual components or units. These are validated and verified through Unit Testing and Analysis, ensuring the correctness of each component in isolation.
  5. Testing Phases:
    • Unit Testing: Verifies the functionality of individual components.
    • Integration Testing: Ensures that subsystems interact correctly and work as intended.
    • System Testing: Conducts end-to-end testing of the integrated system, simulating real-world scenarios to ensure the complete system behaves as expected.
    • User Acceptance Testing: Validates the delivered system with real users to confirm it meets actual needs and constraints.
  6. Verification and Validation:
    • Verification: Represented by horizontal arrows moving up the “V” shape, these activities ensure that each phase’s outputs meet the corresponding specifications. Examples include reviews, analysis, and specific tests at the unit and integration levels.
    • Validation: Shown with arrows pointing toward actual needs and constraints, validation ensures the software satisfies user requirements and business goals.
  7. Delivered Package: Represents the culmination of the V-Model process, where the final system is integrated, tested, and ready for delivery to stakeholders.

Main Approaches to Verification: Static vs. Dynamic Analysis

Verification techniques can be broadly categorized into static analysis and dynamic analysis, each serving a distinct purpose in identifying defects.

  1. Static Analysis:

    • Involves examining the source code without executing it.
    • Identifies potential defects based on code structure, logic, or compliance with coding standards.
    • Despite being “static,” it verifies properties related to the software’s dynamic behavior, such as potential runtime errors or performance bottlenecks.

  2. Dynamic Analysis (Testing):

    • Relies on executing the software with various input scenarios.
    • Compares the actual behavior of the software with the expected behavior to identify mismatches.
    • Typically uses sampling, as it is infeasible to test all possible input combinations due to the sheer size of the input space.

Backlinks

Graph View