Validation, Verification and Formal Methods Flashcards
Validation of critical systems (recap)
- Critical systems involve additional validation processes and analysis than non-critical systems:
- The costs and consequences
of failure are high so it is
cheaper to find and remove
faults than to pay for system
failure; - You may have to make a
formal case to customers or to
a regulator that the system
meets its dependability
requirements. - This dependability case may
require specific Verification &
Validation activities to be
carried out.
- The costs and consequences
How much does validation cost usually?
- Normally, Validation & Verification costs take up more than 50% of the total system development costs.
- The outcome of the validation process is a tangible body of evidence that demonstrates the level of dependability of a software system.
Note: Because of the additional activities involved, the validation costs for critical systems are usually significantly higher than for non-critical systems.
What is meant by Static Analysis (Technique)?
Meaning: Static analysis techniques are system verification techniques that do not involve executing a program.
Note: They work on a source representation of the software, i.e., either a model or the program code itself.
Examples of Static Analysis: Code Inspections and Reviews.
Other examples of Validation and Verification techniques include: Formal verification including model checking and automated program analysis.
Note on Verification and formal methods.
Formal methods can be used when a mathematical specification of the system is produced.
Note: The mathematical specification is based on well-understood mathematical theories such as formal logic and set theory.
Note: Used in the development of some critical systems.
What are Formal Methods?
Meaning: Formal methods are system design techniques that use rigorously specified
mathematical models to build software and hardware systems.
Note: Include verification techniques that may be used at different stages in the
development process, for instance:
- A formal specification may be developed and mathematically analysed for consistency.
- This helps discover specification errors and omissions.
- Formal arguments that a program conforms to its mathematical specification may be developed. This is effective in discovering programming and design errors.
Notes on Formal Methods
As always this is not a panacea (solution):
- “It is very important to note that formal verification does not obviate (remove) the need for testing”.
- “Formal verification cannot fix bad assumptions in the design, but it can help identify errors in reasoning which would otherwise be left unverified.”
- “In several cases, engineers have reported finding flaws in systems once they reviewed their designs formally.”
What are the advantages of Format Methods?
- Producing a mathematical specification requires a detailed analysis of the requirements and this is likely to uncover errors (aids with error detected in requirements).
- They can detect implementation errors before testing when the program is analysed alongside the specification.
What are the Disadvantages of Formal Methods?
- They require the use of specialised notations that cannot be understood by domain experts.
- Very expensive to develop a specification and even more expensive to show that a program meets that specification.
- Mathematical Proofs may contain errors.
- It may be possible to reach the same level of confidence in a program more cheaply using other V & V techniques. (Might be more cheaper to get the same level of confidence using other cheaper V & V techniques).
What is meant by model checking?
Meaning: A technique that verifies whether a system’s finite-state model meets a given specification.
Note: The model checker explores all possible paths through the model and checks
that a user-specified property is valid for each path.
Note: Model checking is particularly valuable for verifying concurrent systems, which are hard to test.
Note: Although model checking is computationally very expensive, it is now practical to use it in the verification of small to medium sized critical systems.
What is meant by Static Analysis
Meaning: A testing method that examines/analyses the code without executing the program.
Note: Static analysers are software tools for source text processing.
Note: They parse the program text and try to discover potential error conditions and bring these to the attention of the V & V team.
Note: They are very effective as an aid to program inspections.
Disadvantage: Inspections can catch errors of understanding that tools can’t.
Name and Describe all levels of static analysis?
Characteristic error checking:
* Check for code patterns that
are characteristic of errors
made by programmers using a
particular language.
User-defined error checking:
* Users of a programming
language dene error patterns,
thus extending the types of
error that can be detected. This
allows specific rules that apply
to a program to be checked.
Assertion checking:
* Developers include formal
assertions in their program and
relationships that must hold.
The static analyser symbolically
executes the code and
highlights potential problems.
Name all automated static analysis checks. (5 fault classes, 15 checks)
Data Faults:
* Variables used before
initialization
* Variables declared but never
used
* Variables assigned twice but
never used between
assignments.
* Possible array bound violations
* Undeclared variables
Control Faults:
* Unreachable code
* Unconditional branches into
loops
Input/Output Faults:
* Variables output twice with no
intervening assignment.
Interface Faults:
* Parameter-type mismatches
* Parameter number
mismatches
* Non-usage of the results of
functions
* Uncalled functions and
procedures
Storage Management Faults:
* Unassigned Pointers
* Pointer Arithmetic
* Memory Leaks
Where can Static Analysis be used? (2 cases)
- Valuable for languages such as C, JS is used which has weak
typing and hence many errors are undetected by the compiler. - Valuable for security checking - the static analyser can discover
areas of vulnerability such as buffer overflows or unchecked inputs.
Key Note: Static analysis is now routinely used in the development of many safety and
security critical systems.
What is meant by Statistical Testing?
Meaning: A method for testing software for reliability rather than fault detection.
Note: Measuring the number of errors allows the reliability of the software to be predicted. Note that, for statistical reasons, more errors than are allowed for in the reliability specification must be induced.
Note: An acceptable level of reliability should be specified and the software tested and amended until that level of reliability is reached.
Notes on creating operation profile from real data
Note: A set of test data whose frequency matches the actual frequency of these inputs from ‘normal’ usage of the system. A close match with actual usage is necessary otherwise the measured reliability will not be reflected in the actual usage of the system.
Note: It can be generated from real data collected from an existing system or (more often) depends on assumptions made about the pattern of usage of a system.
Note: It can change as you learn how the system really works.
