SOFTWARE IN PRACTICE
Verification & Validation
Trust, but verify (a translation of the Russian proverb: "doveryai, no proveryai")
Verification and validation is a systems engineering discipline that determines if work products comply with their specifications and are fit for their intended use. More specifically:
The Wright brothers experienced one of mankind's most sublime moments of validation when their aircraft The Wright Flyer proved it was fit for the purpose for which it was designed: for man to fly.
The verifier establishes that a software product faithfully implements all the requirements documented in a software requirements specification (SRS). In contrast the validator establishes that the SRS is a true reflection of the user's needs. For example he might use a prototype to encourage users to think more deeply about their needs and discover that some of the requirements were incorrectly stated in the first place. The validator therefore establishes that the specifications correctly describe a system that is fit for its intended purpose - will the Wright Flier actually fly? In contrast the verifier makes sure that the specifications are followed to the letter - was the Wright Flier constructed as per its specification? In this way verification and validation are complimentary disciplines.
Why Is V&V Necessary?
V&V is necessary because the designers and implementers of computer based systems are human; they will make errors. These errors will result in undetected faults in delivered systems. Faults can result in dangerous failures causing loss of life, financial loss or property damage. The mission of V&V is therefore to find and correct errors as early as possible in the development life cycle thus preventing the delivery of a faulty product to a customer.
How Much V&V is Required?
The level of effort applied to V&V is a function of the criticality of the software or systems product. That is, the risks involved if the system fails. At one end of the scale the software controlling the shutdown of a nuclear reactor will likely be thoroughly verified and validated by an independent organisation. At the other end of the scale, a website providing a company brochure will likely have no formal verification and validation applied. See sidebar How Much V&V do You Need?
What Do V&V People Do?
V&V is carried out in parallel with the software/system development process. V&V activities include traceability analysis, evaluation, review, inspection, assessment, and testing. Refer to IEEE 1012 - Standard for Software Verification and Validation2 for a comprehensive description of V&V life cycle activities.
What Is Verification?
Verification is achieved through:
What Is Validation?
Validation demonstrates that a software or systems product is fit for purpose. That is, it satisfies all the customer's stated an implied needs (the Wright brothers needed to fly).
Validation can be performed progressively throughout the development life cycle. For example, written user requirements can be validated by creating a model or prototype and asking the user to confirm (or validate) that the demonstrated functionality meets their needs. System testing is a major validation event where a system is validated against the user's statement of requirement. It aims to show that all faults which could degrade system performance have been removed before the system is operated. Validation is not complete however until the end user formally agrees that the operational system is fit for purpose.
International Standards Requirements for V&V
ISO 9001 Quality management systems - Requirements1 requires verification and validation to be planned and carried out and records kept (refer clauses: 7.3.5 Design and development verification and 7.3.6 Design and development validation)
IEEE 1012 - Standard for Software Verification and Validation2 provides a comprehensive how-to for software V&V planning and execution.
How Much V&V do You Need?
The level of effort you expend on V&V should be commensurate with the size and criticality of your application. If you are uncertain as to how much V&V you need on your project take the Socratic approach and ask yourself these hard questions:
If the answer is yes to any of questions 1 to 3 or no to question 4 your project needs verification and validation services.