Lecture 8: Verification and Validation

Similar documents
Key Considerations for Implementing Bodies and Oversight Actors

Overview. Ø Neural Networks are considered black-box models Ø They are complex and do not provide much insight into variable relationships

30 Transformational Design with Essential Aspect Decomposition: Model-Driven Architecture (MDA)

Aspect Decomposition: Model-Driven Architecture (MDA) 30 Transformational Design with Essential. References. Ø Optional: Ø Obligatory:

NEWSLETTER MESSAGE FROM DEAN VOTING SYSTEMS ASSESSMENT PROJECT IN THIS ISSUE FUNDING UPDATE JUNE 2015 VOL. 1 ISSUE 1

30 Transformational Design with Essential Aspect Decomposition: Model-Driven Architecture (MDA)

Key Considerations for Oversight Actors

Agent Modeling of Hispanic Population Acculturation and Behavior

THE PRIMITIVES OF LEGAL PROTECTION AGAINST DATA TOTALITARIANISMS

IDENTIFYING FAULT-PRONE MODULES IN SOFTWARE FOR DIAGNOSIS AND TREATMENT USING EEPORTERS CLASSIFICATION TREE

Transition document Transition document, Version: 4.1, October 2017

Trusted Logic Voting Systems with OASIS EML 4.0 (Election Markup Language)

CHE 572: Modelling Process Dynamics

GRADE 9: Canada: Opportunities and Challenges

Hoboken Public Schools. PLTW Introduction to Computer Science Curriculum

INVESTMENT COMMITTEE CHARTER

Economic and Social Council

Towards a Structured Online Consultation Tool

1 ELECTRONIC COMMUNICATIONS IN CONTRACTUAL TRANSACTIONS 2 DRAFT TABLE OF CONTENTS 3 PART 1 4 GENERAL PROVISIONS

DIVISION E--INFORMATION TECHNOLOGY MANAGEMENT REFORM

CHAPTER 2 LITERATURE REVIEW

FIRST DRAFT VERSION - VISIT

Brexit Transition Support for Local Cymdeithas Llywodraeth Leol Cymru Welsh Local Government Association

POLÍCIA JUDICIÁRIA. ASSEMBLEIA DA REPUBLICA T.N. Act no. 73/2009 of 12 August 2009

Hoboken Public Schools. Project Lead The Way Curriculum Grade 8

2017 Municipal Election Review

Additional Case study UK electoral system

Servilla: Service Provisioning in Wireless Sensor Networks. Chenyang Lu

TERMS OF REFERENCE. Contracting Authority. 1.0 Beneficiaries. 1.1 Relevant Background SADC EPA

USDL Variant Management. Dr. Daniel Oberle, Senior Researcher, SAP Research Karlsruhe Gunther Stuhec, Standards Architect, SAP AG Walldorf

IBM Cognos Open Mic Cognos Analytics 11 Part nd June, IBM Corporation

Apply for Hot Works Permit

IC Chapter 15. Ballot Card and Electronic Voting Systems; Additional Standards and Procedures for Approving System Changes

Functional Requirements for a Secure Electronic Voting System

AUTOMATED CONTRACT REVIEW

Guidelines for Performance Auditing

U.S. Department of Homeland Security: Improved homeland security management and biometrics through the US-VISIT program

The EPO approach to Computer Implemented Inventions (CII) Yannis Skulikaris Director Operations, Information and Communications Technology

Case: 1:15-cv SO Doc #: Filed: 08/11/17 1 of 23. PageID #: 3143 EXHIBIT A

Guidance for Electoral Registration Officers. Part 4 Maintaining the register throughout the year

Aim is to simplify and update EU public procurement rules

ABC systems in Europe and beyond - status and recommendations for the way forward

Voting Systems Assessment Project

Aristotle s Model of Communication (Devito, 1978)

ForeScout Extended Module for McAfee epolicy Orchestrator

Committee on Civil Liberties, Justice and Home Affairs WORKING DOCUMENT

Ø Project Description. Ø Design Criteria. Ø Design Overview. Ø Design Components. Ø Schedule. Ø Testing Criteria. Background Design Implementation

Mining Toolkit. In-Migration

DIVISION E INFORMATION TECHNOLOGY MANAGEMENT REFORM

TRAFFIC NOTE 10. Revision 3. Trials of traffic control devices Guidelines. Date January 2011

For The New Government of Ontario

The Angola National ID Card

Overview of the Design Process. Avoid Bad Design, Use UCD Evidence-based Design Hypothesis testing!

Office of the Commissioner of Lobbying of Canada

World business and the multilateral trading system

Document Approval Process. SDR Forum Policy 001

Outline. Your Project Proposal an evolving plan. Project Proposal Guidelines (2 files) ECE496 Design Project Preparing Your Project Proposal

Uses and Challenges. Care. Health C. ents in H. ive Age. Normati. Javier Vazquez-Salceda Utrecht University.

An Electronic Voting System for a Legislative Assembly

Clarifications to this call for applications are presented at the end of this document

Preamble. THE GOVERNMENT OF THE UNITED STATES OF AMERICA AND THE GOVERNMENT OF THE KINGDOM OF SWEDEN (hereinafter referred to as the Parties ):

Hoboken Public Schools. Algebra II Honors Curriculum

Secure Electronic Voting: Capabilities and Limitations. Dimitris Gritzalis

Unit 03. Ngo Quy Nham Foreign Trade University

Chapter V. Governance and Management Issues of Privatization: Theory & Practice

Tentative Campus Town Plan Project Timeline

Department of Industrial Engineering: Research Groups

Committee on Development and Intellectual Property (CDIP)

Social accountability: What does the evidence really say?

Introduction to the declination function for gerrymanders

Free and Fair elections GUIDANCE DOCUMENT. Commission guidance on the application of Union data protection law in the electoral context

Software Agents Behaviour.

PLS 540 Environmental Policy and Management Mark T. Imperial. Topic: The Policy Process

closer look at Rights & remedies

COURSE PROFILE. Politics of Terrorism POLS 339 Fall Asst. Prof. Özlem Kayhan Pusane. Mehmet Turan Çağlar

27 July 2017 Without prejudice TITLE [XX] DIGITAL TRADE

Criminal Justice: Working Together

Prof. Dr. Bernhard Neumärker Summer Term 2016 Albert-Ludwigs-Universität Freiburg. Constitutional Economics. Exam. July 28, 2016

Secure Electronic Voting

the third day of January, one thousand nine hundred and ninety-six prescribe personnel strengths for such fiscal year for the Armed

Alex LeBlanc, New Brunswick Multicultural Council P2P Toronoto, November 17, 2017 NouLAB

Migration & Gender: Vocational and Educational counseling - MOVE ON Kick-off meeting

OASIS ELECTION AND VOTER SERVICES TECHNICAL COMMITTEE. ELECTION MARK-UP LANGUAGE (EML): e-voting PROCESS AND DATA REQUIREMENTS

City Planning & Environmental Services. 2 September 2010

ROSE-HULMAN INSTITUTE OF TECHNOLOGY POLICY REGARDING INTELLECTUAL PROPERTY

Terms of Reference 1. INTRODUCTION

The UK s Migration Statistics Improvement Programme - exploiting administrative sources to improve migration estimates

ALTERNATIVES TO ADJUDICATION. Toby Randle. 9 May 2005 THE SAVOY HOTEL, LONDON

FOOD SECURITY OUTCOME MONITORING : SYRIAN REFUGEES IN JORDAN

City of Toronto Election Services Internet Voting for Persons with Disabilities Demonstration Script December 2013

A Iterative Analysis to Improve Key Properties of Critical Human-Intensive Processes: An Election Security Example

ISLAMABAD, MONDAY, SEPTEMBER 27, 2004 PART I. Acts, Ordinances, President's Orders and Regulations SENATE SECRETARIAT

BA 20/20 Becoming a Benchmark Company for the Business Analyst Practice. BBC 2014 Building Business Capability

ON-LINE CONTEST (SWEEPSTAKES) Strongbow Big Apple Sweeps (the Contest )

Federated Decision Making

LESAT Facilitator s! Workshop!

Office of the Commissioner of Lobbying of Canada. Report on Plans and Priorities. The Honourable Tony Clement, PC, MP President of the Treasury Board

PNC Inspections: National overview report

Item 8 of the Provisional Agenda SEVENTH SESSION OF THE GOVERNING BODY. Kigali, Rwanda, 30 October 3 November 2017

MARTIN LUTHER UNIVERSITY HALLE-WITTENBERG. Senate

Transcription:

Thanks to Prof. Steve Easterbrook University of Toronto What are goals of V&V Validation Techniques Ø Inspection Ø Model Checking Ø Prototyping Verification Techniques Ø Consistency Checking Lecture 8: Verification and Validation Ø Making Specifications Traceable Independent V&V 278

Thanks to Prof. Steve Easterbrook University of Toronto What are goals of V&V V&V Techniques Ø Inspection Ø Model Checking Ø Prototyping Lecture 8: Verification and Validation Ø Making Specifications Traceable Ø Consistency Checking Independent V&V 279

Verification and Validation Validation: Ø Are we building the right system? Ø Does our problem statement accurately capture the real problem? Problem Situation Ø Did we account for the needs of all the stakeholders? Verification: Ø Are we building the system right? Ø Does our design meet the spec? Ø Does our implementation meet the spec? Ø Does the delivered system do what we said it would do? Verification Problem Statement Implementation Statement Validation Ø Are our requirements models consistent with one another? System 280

Application Domain Refresher: V&V Criteria Machine Domain Some distinctions: Ø Domain Properties: things in the application domain that are true anyway Ø Requirements: things in the application domain that we wish to be made true Ø Specification: a description of the behaviours the program must have in order to meet the requirements Two verification criteria: Ø The Program running on a particular Computer satisfies the Specification Ø The Specification, given the Domain properties, satisfies the Requirements Two validation criteria: Ø Did we discover (and understand) all the important Requirements? Ø Did we discover (and understand) all the relevant Domain properties? 281

Example: Ø Requirement R: V&V Example Ø Reverse thrust shall only be enabled when the aircraft is moving on the runway Ø Domain Properties D: Ø Wheel pulses on if and only if wheels turning Ø Wheels turning if and only if moving on runway Ø Specification S: Verification Ø Reverse thrust enabled if and only if wheel pulses on Ø Does the flight software, P, running on the aircraft flight computer, C, correctly implement S? Ø Does S, in the context of assumptions D, satisfy R? Validation Ø Are our assumptions, D, about the domain correct? Did we miss any? Ø Are the requirements, R, what is really needed? Did we miss any? 282

Inquiry Cycle Prior Knowledge (e.g. customer feedback) Initial hypotheses Intervene (replace the old system) Carry out the experiments (manipulate the variables) Observe (what is wrong with the current system?) Look for anomalies - what can t the current theory explain? Design experiments to test the new theory Design (invent a better system) Model (describe/explain the observed problems) Create/refine a better theory 283

Shortcuts in the inquiry cycle Prior Knowledge (e.g. customer feedback) Observe (what is wrong with the the current the prototype?) model?) system?) Check properties of the model Intervene (replace the old system) Get users to try it Analyze the model Model (describe/explain the observed problems) Build a Prototype Design (invent a better system) 284

Thanks to Prof. Steve Easterbrook University of Toronto What are goals of V&V V&V Techniques Ø Inspection Ø Model Checking Ø Prototyping Lecture 8: Verification and Validation Ø Making Specifications Traceable Ø Consistency Checking Independent V&V 285

Reviews, Walkthroughs, Inspections Management reviews Ø E.g. preliminary design review (PDR), critical design review (CDR), Ø Used to provide confidence that the design is sound Ø Attended by management and sponsors (customers) Ø Often just a dog-and-pony show Walkthroughs Ø developer technique (usually informal) Ø used by development teams to improve quality of product Ø focus is on finding defects These definitions are not widely agreed! Ø Other terms used: Ø Formal Technical Reviews (FTRs) Ø Formal Inspections Formality can vary: Ø informal: Ø meetings over coffee, Ø regular team meetings, Ø etc. Ø formal: Ø scheduled meetings, Ø prepared participants, Ø defined agenda, Ø specific format, Ø documented output 286

Benefits of formal inspection Formal inspection works well for programming: Ø For applications programming: Ø more effective than testing Ø most reviewed programs run correctly first time Ø Data from large projects Ø error reduction by a factor of 5; (10 in some reported cases) Ø improvement in productivity: 14% to 25% Ø percentage of errors found by inspection: 58% to 82% Ø cost reduction of 50%-80% for V&V (even including cost of inspection) Ø Effects on staff competence: Ø increased morale, reduced turnover Ø better estimation and scheduling (more knowledge about defect profiles) Ø better management recognition of staff ability These benefits also apply to requirements inspections Ø Many empirical studies investigated variant inspection processes Ø Mixed results on the relative benefits of different processes 287

Model Checking Has revolutionized formal verification: Ø emphasis on partial verification of partial models Ø E.g. as a debugging tool for state machine models Ø fully automated What it does: Ø Mathematically computes the satisfies relation: Ø Given a temporal logic theory, checks whether a given finite state machine is a model for that theory. Ø Engineering view checks whether properties hold: Ø Given a model (e.g. a FSM), checks whether it obeys various safety and liveness properties How to apply it in RE: Ø The model is an (operational) Specification Ø Check whether particular requirements hold of the spec Ø The model is (an abstracted portion of) the Requirements Ø Carry out basic validity tests as the model is developed Ø The model is a conjunction of the Requirements and the Domain Ø Formalise assumptions and test whether the model respects them 288

Prototyping A software prototype is a partial implementation constructed primarily to enable customers, users, or developers to learn more about a problem or its solution. [Davis 1990] Prototyping is the process of building a working model of the system [Agresti 1986] Approaches to prototyping Ø Presentation Prototypes Ø explain, demonstrate and inform then throw away Ø e.g. used for proof of concept; explaining design features; etc. Ø Exploratory Prototypes Ø used to determine problems, elicit needs, clarify goals, compare design options Ø informal, unstructured and thrown away. Ø Breadboards or Experimental Prototypes Ø explore technical feasibility; test suitability of a technology Ø Typically no user/customer involvement Ø Evolutionary (e.g. operational prototypes, pilot systems ): Ø development seen as continuous process of adapting the system Ø prototype is an early deliverable, to be continually improved. 289

Throwaway or Evolve? Throwaway Prototyping Ø Purpose: Ø to learn more about the problem or its solution Ø discard after desired knowledge is gained. Ø Use: Ø early or late Ø Approach: Ø horizontal - build only one layer (e.g. UI) Ø quick and dirty Ø Advantages: Ø Learning medium for better convergence Ø Early delivery early testing less cost Ø Successful even if it fails! Ø Disadvantages: Ø Wasted effort if reqts change rapidly Ø Often replaces proper documentation of the requirements Ø May set customers expectations too high Ø Can get developed into final product Evolutionary Prototyping Ø Purpose Ø to learn more about the problem or its solution Ø and reduce risk by building parts early Ø Use: Ø incremental; evolutionary Ø Approach: Ø vertical - partial impl. of all layers; Ø designed to be extended/adapted Ø Advantages: Ø Requirements not frozen Ø Return to last increment if error is found Ø Flexible(?) Ø Disadvantages: Ø Can end up with complex, unstructured system which is hard to maintain Ø early architectural choice may be poor Ø Optimal solutions not guaranteed Ø Lacks control and direction 290

Thanks to Prof. Steve Easterbrook University of Toronto What are goals of V&V V&V Techniques Ø Inspection Ø Model Checking Ø Prototyping Lecture 8: Verification and Validation Ø Making Specifications Traceable Ø Consistency Checking Independent V&V 291

We ve looked at the following non-uml diagrams Ø Goal Models Ø Capture strategic goals of stakeholders Ø Good for exploring how and why questions with stakeholders Ø Good for analysing trade-offs, especially over design choices Ø Strategic Dependency Models (i*) Ø Capture relationships between actors in an organisational setting Ø Helps to relate goal models to organisational setting Ø Good for understanding how the organisation will be changed 292

Class diagrams Ø Class Diagrams Ø capture the structure of the information used by the system Ø good for analysing the relationships between data items used by the system Ø good for helping you identify a modular structure for the system Ø Cross checks Ø Does the class diagram capture all the classes mentioned in other diagrams? Ø Does every class have methods to get/set its attributes? 293

Use cases Ø Use Cases Ø capture the view of the system from the view of its users Ø good starting point for specification of functionality Ø good visual overview of the main functional requirements Ø Cross-checks: Ø Does each use case have a user? Does each user have at least one use case? Ø Is each use case documented? Using sequence diagrams or use case template 294

Statecharts Ø Statecharts Ø capture all possible responses of an object to all uses cases in which it is involved Ø good for modeling the dynamic behavior of a class of objects Ø good for analyzing event ordering, reachability, deadlock, etc. Cross-checks: Ø Does each statechart diagram capture (the states of) a single class? Ø Is that class in the class diagram? Ø Does each transition have a trigger event? Ø Is it clear which object initiates each event? Ø Is each event listed as an operation for that object s class in the class diagram? Ø Does each state represent a distinct combination of attribute values? Ø Is it clear which combination of attribute values? Ø Are all those attributes shown on the class diagram? Ø Are there method calls in the class diagram for each transition? Ø a method call that will update attribute values for the new state? Ø method calls that will test any conditions on the transition? Ø method calls that will carry out any actions on the transition? 295

Ø Sequence Diagrams Sequence diagrams Ø capture an individual scenario (one path through a use case) Ø good for modelling dialog structure for a user interface or a business process Ø good for identifying which objects (classes) participate in each use case Ø helps you check that you identified all the necessary classes and operations Ø Cross-checks: Ø Is each class in the class diagram? Ø Can each message be sent? Is there an association connecting sender and receiver classes on the class diagram? Is there a method call in the sending class for each sent message? Is there a method call in the receiving class for each received message? 296

Verification Model Analysis Ø Is the model well-formed? Ø Are the parts of the model consistent with one another? Validation: Ø Animation of the model on small examples Ø Formal challenges: Ø if the model is correct then the following property should hold... Ø What if questions: Ø reasoning about the consequences of particular requirements; Ø reasoning about the effect of possible changes Ø will the system ever do the following... Ø State exploration Ø E.g. use a model checking to find traces that satisfy some property 297

Thanks to Prof. Steve Easterbrook University of Toronto What are goals of V&V V&V Techniques Ø Inspection Ø Model Checking Ø Prototyping Lecture 8: Verification and Validation Ø Making Specifications Traceable Ø Consistency Checking Independent V&V 298

Independent V&V V&V performed by a separate contractor Ø Independent V&V fulfills the need for an independent technical opinion. Ø Cost between 5% and 15% of development costs Ø Studies show up to fivefold return on investment: Ø Errors found earlier, cheaper to fix, cheaper to re-test Ø Clearer specifications Ø Developer more likely to use best practices Three types of independence: Ø Managerial Independence: Ø separate responsibility from that of developing the software Ø can decide when and where to focus the V&V effort Ø Financial Independence: Ø Costed and funded separately Ø No risk of diverting resources when the going gets tough Ø Technical Independence: Ø Different personnel, to avoid analyst bias Ø Use of different tools and techniques 299

Thanks to Prof. Steve Easterbrook University of Toronto What are goals of V&V Validation Techniques Ø Inspection Ø Model Checking Ø Prototyping Verification Techniques Ø Consistency Checking Lecture 8: Verification and Validation Ø Making Specifications Traceable Independent V&V 300

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback