ISVV Effectiveness Measurement in ESA Space Projects Pedro

  • Slides: 33
Download presentation
ISVV Effectiveness Measurement in ESA Space Projects Pedro A. Barrios, Maria Hernek, Marek Prochazka

ISVV Effectiveness Measurement in ESA Space Projects Pedro A. Barrios, Maria Hernek, Marek Prochazka European Space Agency NASA IV&V Workshop 11 -13 September 2012 ESA UNCLASSIFIED – For Official Use

Objective / Outline Objective Present the results of an ESA study to assess the

Objective / Outline Objective Present the results of an ESA study to assess the effectiveness of the ISVV process carried out in the scope of ESA missions Assessment of past ISVV projects, with the following final objectives: – Identify what is useful in ISVV process (i. e. what brings results) – Identify what needs to be improved (i. e. added/removed/clarified/. . . ) – Make unified metrics collection an integrated part of the process Outline • ESA ISVV process: a quick overview • ISVV metrics definition • ISVV metrics collection & analysis • Conclusions and future work ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 2 ESA UNCLASSIFIED – For Official Use

Independent Software Verification & Validation (ISVV) by ESA 1. ISVV is required for Mission

Independent Software Verification & Validation (ISVV) by ESA 1. ISVV is required for Mission and Safety Critical software, (ECSS-E-40/ECSS-Q-80) 2. ISVV tasks are additional and complementary to the nominal SW supplier’s verification and validations tasks 3. ISVV tasks cover verification and validation of software requirements, design, code and tests (typically starting at SW-SRR and finishing before the SW-QR) 4. ISVV supplier is required to be an organization independent of the software supplier as well as the prime/system integrator (full technical, managerial, and financial independence) 5. Most ESA projects implement the ISVV process as an industrial contract placed by the Prime contractor ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 3 ESA UNCLASSIFIED – For Official Use

ESA ISVV Process overview • • 6 activities/STAGES: Management (MAN), Verification (IVE) and Validation

ESA ISVV Process overview • • 6 activities/STAGES: Management (MAN), Verification (IVE) and Validation (IVA) Activities are composed of TASKS, and these are further split into SUBTASKS MAN. Management MAN. PM. ISVV Process Management MAN. VV. ISVV level definition 1. Management (MAN. PM and MAN. VV) is concerned with issues such as ISVV objectives and scope, planning, roles, responsibilities, budget, communication, competence, confidentiality, schedule and ISVV level definition (to limit the scope of ISVV) 2. Technical Specification Analysis (IVE. TA) is verification of the software requirements 3. Design Analysis (IVE. DA) is verification of the SW Architectural Design and the Software Detailed Design 4. Code Analysis (IVE. CA) is verification of the SW source code 5. Validation (IVA) is testing of the SW to demonstrate that the implementation meets the technical specification IVE. Independent Verification IVE. TA. Technical Specification Analysis IVE. DA. Design Analysis IVE. CA. Code Analysis IVA. Independent Validation IVA. Validation ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 4 ESA UNCLASSIFIED – For Official Use

ESA ISVV Process overview Example of a Task/Subtask description • Activity: Technical Specification Analysis

ESA ISVV Process overview Example of a Task/Subtask description • Activity: Technical Specification Analysis • Task: SW Requirements Verification • Subtasks: T 1. S 1, T 1. S 2 … T 1. S 11 • Start/End Events • Inputs/Outputs • Methods are identified for each subtask Some numbers: • IVE. TA 1 task 11 subtasks • IVE. DA 3 tasks 15/12/5 subtasks • IVE. CA 3 tasks 10/5/3 subtasks • IVA 3 tasks 3/3/3 subtasks ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 5 ESA UNCLASSIFIED – For Official Use

ESA ISVV Process overview IVE: Technical Specification Analysis TA. T 1: Software Requirements Verification

ESA ISVV Process overview IVE: Technical Specification Analysis TA. T 1: Software Requirements Verification Subtasks: To verify • Software Requirements external consistency with the system requirements System Requirements allocated to Requirements Software (SRR) allocated to SW-HW Interface SW- Requirements (SRR) Requirements • Interface Requirements external consistency with the system requirements • software requirements correctness • consistent documentation of the software requirements • software requirements completeness • dependability and safety requirements SW Requirements Specification (PDR) • readability of the software requirements • timing and sizing budgets of the software requirements • Identify test areas and test cases for Independent Validation • that software requirements are testable • software requirements conformance with applicable standards ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 6 ESA UNCLASSIFIED – For Official Use Interfaces Control Document (PDR)

ESA ISVV Process overview IVE: Design Analysis DA. T 1: Architectural Design Verification Subtasks:

ESA ISVV Process overview IVE: Design Analysis DA. T 1: Architectural Design Verification Subtasks: To verify • SW architectural design external consistency with Technical Specification (PDR) • SW architectural design external consistency with Interface Control Documents • interfaces consistency between different SW components • architectural design correctness • architectural design completeness SW Architectural • dependability & safety of the design Design (PDR) • readability of the architectural design • timing and sizing budgets of the software • Identify test areas and test cases for independent Validation • architectural design conformance with applicable standards if models are produced by the SW suppliers: • Verify test performed on high level model • Verify development and verification and testing methods and environment • then construct model test cases & model test procedures • then execution of model test procedures ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 7 ESA UNCLASSIFIED – For Official Use Interfaces Control Doc (PDR)

ESA ISVV Process overview IVE: Design Analysis DA. T 2: Detailed Design Verification Subtasks:

ESA ISVV Process overview IVE: Design Analysis DA. T 2: Detailed Design Verification Subtasks: To verify • detailed design external consistency with Technical Specification • detailed design external consistency with Interface Control Documents • detailed design external consistency with Architectural Design • interfaces consistency between different SW components • detailed design correctness • detailed design completeness • dependability & safety of design • readability of detailed design • timing and sizing budgets of software • accuracy of the model (in case models are produced by the SW suppliers) • Identify test areas and test cases for independent Validation • Verify detailed design conformance with applicable standards DA. T 3: Software User Manual Verification Subtasks: To verify • timing and sizing budgets of software • that dependability & safety aspects on product are specified in the SUM • readability of User Manual • completeness of User Manual • correctness of User Manual ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 8 ESA UNCLASSIFIED – For Official Use

ESA ISVV Process overview IVE: Code Analysis CA. T 1: Source Code Verification Subtasks:

ESA ISVV Process overview IVE: Code Analysis CA. T 1: Source Code Verification Subtasks: To verify • source code external consistency with Technical Specification • source code external consistency with Interface Control Documents • source code external consistency with Architectural Design and Detailed Design • interfaces consistency between different SW units • source code correctness with respect to technical specification, architectural design and detailed design • source code readability, maintainability and conformance with the applicable standards • dependability & safety of source code • Source code accuracy • Identify test areas and test cases for independent Validation • timing and sizing budgets of the software ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 9 ESA UNCLASSIFIED – For Official Use

ESA ISVV Process overview IVE: Code Analysis CA. T 2: Integration Test Specification and

ESA ISVV Process overview IVE: Code Analysis CA. T 2: Integration Test Specification and Test Data Verification Subtasks: To verify • consistency with Technical Specification • consistency with Software Architectural Design • integration test procedures correctness and completeness • If models are produced by the SW suppliers, then evaluate model verification and validation test results • integration test reports CA. T 3: Unit Test Procedure and Test Data Verification Subtasks: To verify • consistency with Software Detailed Design • unit test procedures correctness and completeness • unit test reports ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 10 ESA UNCLASSIFIED – For Official Use

ISVV effectiveness metrics • Key goal of activity is to estimate effectiveness of the

ISVV effectiveness metrics • Key goal of activity is to estimate effectiveness of the ISVV process carried out in scope of ESA projects • Major objective is to provide measurements and conclusions to support identification and prioritization of ISVV activities based on their ‘efficiency’ • Improve ISVV process is an additional objective ISVV effectiveness to be calculated based on number of findings and their acceptance and impact Based on number of findings, the following metrics are computed: findings per ISVV stage / task / subtask; finding per severity; findings per type and effective findings. ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 11 ESA UNCLASSIFIED – For Official Use

Measurement Process • 3 steps activity: ISVV metrication definition / ISVV metrics collection /

Measurement Process • 3 steps activity: ISVV metrication definition / ISVV metrics collection / ISVV metrics assessment • Industrial context: • Measurement needs and processes started by ESA • Provision of metrics performed through different small contracts granted by ESA to different ESA ISVV suppliers • Data analysis, collection and metrics analysis and calculation performed by an ESA contractor to this activity ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 12 ESA UNCLASSIFIED – For Official Use

Measurement Process Data gathering, with following contents: • SW product metrics (size in k.

Measurement Process Data gathering, with following contents: • SW product metrics (size in k. LOC, number of requirements, criticality) • ISVV project metrics (ISVV level, ISVV scope and stages, documentation quality at reviews) • Findings (task, subtask, which document, type, severity, use of tools, acceptance, impact measured in number of changes) Note: excel tool was used ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 13 ESA UNCLASSIFIED – For Official Use

Measurement Process • 15 products from 5 projects • 4 different ISVV suppliers •

Measurement Process • 15 products from 5 projects • 4 different ISVV suppliers • The IVE effectiveness metrics are assessed: • Project GAIA Product GAIA intermediate SIZE Big TYPE ASW Cryo. Sat LISA PF Galileo MSF Cryo. Sat CDMU Cryo. Sat AOCS LISA PF BSW LISA PF ASW LISA PF DHSW Galileo MSF Medium Small Big Medium Big ASW BSW ASW ASW o per product Galileo MGF Big ASW o per SW products of similar size Galileo IPF AF Medium ASW o In total, i. e. in all projects and SW products considered Galileo NSGU Galileo Px. SU Galileo IPF RTMC Galileo NSGU Big ASW Galileo Px. SU BSW Medium BSW Galileo Px. SU ASW Medium ASW ATV FAS ATV MSU Big Medium ASW Analysis is performed: o Per all stages o Per ISVV project stage ATV o Per ISVV task /subtask Note: Only one product classified as small Findings per stage/task/sub-task, per severity, per type, Effective Findings & Tools usage ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 14 ESA UNCLASSIFIED – For Official Use

ISVV metrics collection & analysis (1/10) Total Findings • Total number of IVE findings

ISVV metrics collection & analysis (1/10) Total Findings • Total number of IVE findings for 15 products within this analysis is 2492 • No clear relationship between findings & product size Mean & Standard deviation red=big products ; blue=medium; green=small ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 15 ESA UNCLASSIFIED – For Official Use

ISVV metrics collection & analysis (2/10) Findings per stage per Product Share of total

ISVV metrics collection & analysis (2/10) Findings per stage per Product Share of total findings per stage Findings per size per stage • Although there is some variability per product, number of findings are roughly 1/3 for three stages • The majority of findings are at the TA stage for big type products, and CA stage for small ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 16 ESA UNCLASSIFIED – For Official Use TA: Technical Specification Analysis CA: Code Analysis DA: Design Analysis

ISVV metrics collection & analysis (3/10) Findings per task (TA: Technical Specification Analysis) Findings

ISVV metrics collection & analysis (3/10) Findings per task (TA: Technical Specification Analysis) Findings per product for TA tasks Share of total findings for TA tasks Findings per size for TA tasks • • Majority of findings of TA stage are at TA. T 2 task (Software Requirements Verification) for all products, all projects, all product sizes with only one exception. As the size of products decreases, more findings are discovered at TA. T 2 task ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 17 ESA UNCLASSIFIED – For Official Use

ISVV metrics collection & analysis (4/10) Findings per task (DA: Design Analysis) Findings per

ISVV metrics collection & analysis (4/10) Findings per task (DA: Design Analysis) Findings per product for DA tasks Total share of findings for DA stage Majority of findings of the DA stage are either at DA. T 2 (Architectural Design Verification) task or at DA. T 4 task (Detailed Design Verification) depending of the different products. ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 18 ESA UNCLASSIFIED – For Official Use Findings per size for DA tasks

ISVV metrics collection & analysis (5/10) Findings per task (CA: Code Analysis) Findings per

ISVV metrics collection & analysis (5/10) Findings per task (CA: Code Analysis) Findings per size for CA tasks Total share of findings for CA stage Majority of findings of CA stage are at the CA. T 2 task (Source Code Verification) in totals, then it varies product by product. CA. T 3 (IT tests Verification) also represents a big share Share of findings per product for CA tasks ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 19 ESA UNCLASSIFIED – For Official Use

ISVV metrics collection & analysis (6/10) Findings per sub-task (e. g. TA subtasks) T

ISVV metrics collection & analysis (6/10) Findings per sub-task (e. g. TA subtasks) T 1: Requirements Traceability Verification T 2: Software Requirements Verification • Exact numbers are available for all the subtasks • There are subtasks producing a reduced number of findings. Three possible cases: subtask not performed within the ISVV project, subtask not producing findings or data not available for the subtask ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 20 ESA UNCLASSIFIED – For Official Use

ISVV metrics collection & analysis (7/10) Findings per severity Comment, very low 141 6%

ISVV metrics collection & analysis (7/10) Findings per severity Comment, very low 141 6% Major 908 36% Minor 1443 58% • • Most of findings are minor. Major findings account for 36%. Proportions found across the three stages (TA, DA, CA) are similar to these numbers ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 21 ESA UNCLASSIFIED – For Official Use

ISVV metrics collection & analysis (8/10) Findings per type Most of findings are of

ISVV metrics collection & analysis (8/10) Findings per type Most of findings are of type correctness, followed by findings of type completeness ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 22 ESA UNCLASSIFIED – For Official Use

ISVV metrics collection & analysis (9/10) Tools usage Majority of findings were discovered manually

ISVV metrics collection & analysis (9/10) Tools usage Majority of findings were discovered manually (97% of the total findings) and only very few of them using tools (either to automatically discover the finding or the so-called ‘semi-automated’, using tools to further evaluate to discover any finding) ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 23 ESA UNCLASSIFIED – For Official Use

ISVV metrics collection & analysis (10/10) Effective findings (ISVV findings that implied a change,

ISVV metrics collection & analysis (10/10) Effective findings (ISVV findings that implied a change, improvement, correction to the software product) Accepted findings per product • Majority of findings are effective no matter product & size, except for small product for which majority of findings are not effective • Majority of findings per stage are effective (72% TA & DA stages; 61% at CA stage) • Majority of findings are effective for all severities (70% for major, 69% for minor) Accepted findings per size ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 24 ESA UNCLASSIFIED – For Official Use

Conclusions (1/2) • Total number of findings - Measurements based on number of findings

Conclusions (1/2) • Total number of findings - Measurements based on number of findings - Focus on IVE metrics - No correlation found between number of findings & product size • Total number of findings per ISVV stage / task /subtask - Stage: Roughly even distribution (39% TA, 28% DA, 33% CA) - Task/Subtasks: Identified the tasks producing most of the findings for TA, DA, CA (e. g. ‘Correctness/Completeness’ subtasks are producing many findings; ‘consistency’ subtasks produce some) • Type of findings: The majority of findings are of type correctness (36%) & completeness (28%) • Effective findings: The majority of findings (69%) are effective (i. e. implying changes/corrections to the software product) ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 25 ESA UNCLASSIFIED – For Official Use

Conclusions (2/2) • Severity: Most findings are minor at all stages, with 58% minor,

Conclusions (2/2) • Severity: Most findings are minor at all stages, with 58% minor, 36% major and remaining 6% for other severity (comment, very low) • Tools: The majority of the findings were discovered manually (97%) and only very few of them using tools. Tools were used only for 3% of findings (especially at the CA stage) Example: if we started today an ISVV contract on a project, we could expect, on average: 166 findings, from which 115 would be effective findings; out of those, 41 would be major findings, and those would be spread on the different stages as: IVE: 16 TA, 11 DA, 14 CA ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 26 ESA UNCLASSIFIED – For Official Use

Future work • Collect metrics for the upcoming ISVV projects. • Analyze tasks/sub-tasks not

Future work • Collect metrics for the upcoming ISVV projects. • Analyze tasks/sub-tasks not producing many findings (they might need better explanations within the ISVV guide, review the methods and tools proposed to be used when performing them, …) • Analyze Independent Validation: o Define useful metrics for IVA and asses IVA effectiveness o Extend the scope of IVA, to cover Qualification & Acceptance of the SW and the Operational scenarios (i. e. having the operational view to create SW validation campaigns) • Modeling: o Some model related sub-tasks have not been ‘profiled’ o Understand how models produced during SW development could be used during ISVV activities (e. g. Model-Based Testing techniques to produce validation campaigns) • ISVV effectiveness Metrics: o Some other way how to measure effectiveness? o Cost figures? ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 27 ESA UNCLASSIFIED – For Official Use

Thanks for your attention !!!! For more information, please contact: Pedro A. Barrios, European

Thanks for your attention !!!! For more information, please contact: Pedro A. Barrios, European Space Agency Pedro. Barrios@esa. int ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 28 ESA UNCLASSIFIED – For Official Use

Back-up Slides ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency |

Back-up Slides ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 29 ESA UNCLASSIFIED – For Official Use

Findings per sub-task (1/3) High level view of number of findings per sub-task Legend:

Findings per sub-task (1/3) High level view of number of findings per sub-task Legend: (+++): Subtask producing a considerable number of findings (===): Subtask producing some findings (---): Subtask producing a reduced number of findings (xxx): Metrics not available for that subtask IVE: Technical Specification Analysis TA. T 1: Software Requirements Verification (===) IVE. TA. T 1. S 1: Verify Software Requirements external consistency with the system requirements (===) IVE. TA. T 1. S 2: Verify Interface Requirements external consistency with the system requirements (+++) IVE. TA. T 1. S 3: Verify software requirements correctness (===) IVE. TA. T 1. S 4: Verify the consistent documentation of the software requirements (+++) IVE. TA. T 1. S 5: Verify software requirements completeness (+++) IVE. TA. T 1. S 6: Verify the dependability and safety requirements (+++) IVE. TA. T 1. S 7: Verify the readability of the software requirements (---) IVE. TA. T 1. S 8: Verify the timing and sizing budgets of the software requirements (---) IVE. TA. T 1. S 9: Identify test areas and test cases for Independent Validation (---) IVE. TA. T 1. S 10: Verify that the software requirements are testable (---) IVE. TA. T 1. S 11: Verify software requirements conformance with applicable standards ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 30 ESA UNCLASSIFIED – For Official Use

Findings per sub-task (2/3) IVE: Design Analysis DA. T 1: Architectural Design Verification (===)

Findings per sub-task (2/3) IVE: Design Analysis DA. T 1: Architectural Design Verification (===) IVE. DA. T 1. S 1: Verify the SW architectural design external consistency with the Technical Specification (---) IVE. DA. T 1. S 2: Verify the SW architectural design external consistency with the Interface Control Documents (===) IVE. DA. T 1. S 3: Verify interfaces consistency between different SW components (===) IVE. DA. T 1. S 4: Verify architectural design correctness (===) IVE. DA. T 1. S 5: Verify architectural design completeness (===) IVE. DA. T 1. S 6: Verify the dependability & safety of the design (+++) IVE. DA. T 1. S 7: Verify the readability of the architectural design (===) IVE. DA. T 1. S 8: Verify the timing and sizing budgets of the software (---) IVE. DA. T 1. S 9: Identify test areas and test cases for independent Validation (---) IVE. DA. T 1. S 10: Verify architectural design conformance with applicable standards (xxx) IVE. DA. T 1. S 11: Verify the test performed on the high level model (xxx) IVE. DA. T 1. S 12: Verify the development and verification and testing methods and environment (xxx) IVE. DA. T 1. S 13: then construct model test cases (xxx) IVE. DA. T 1. S 14: then construct model test procedures (xxx) IVE. DA. T 1. S 15: then execution of model test procedures DA. T 2: Detailed Design Verification (---) IVE. DA. T 2. S 1: Verify the detailed design external consistency with the Technical Specification (---) IVE. DA. T 2. S 2: Verify the detailed design external consistency with the Interface Control Documents (---) IVE. DA. T 2. S 3: Verify the detailed design external consistency with the Architectural Design (+++) IVE. DA. T 2. S 4: Verify interfaces consistency between different SW components (===) IVE. DA. T 2. S 5: Verify detailed design correctness (===) IVE. DA. T 2. S 6: Verify detailed design completeness (+++) IVE. DA. T 2. S 7: Verify the dependability & safety of the design (---) IVE. DA. T 2. S 8: Verify the readability of the detailed design (===) IVE. DA. T 2. S 9: Verify the timing and sizing budgets of the software (xxx) IVE. DA. T 2. S 10: Verify the accuracy of the model (in case models are produced by the SW suppliers) (---) IVE. DA. T 2. S 11: Identify test areas and test cases for independent Validation (---) IVE. DA. T 2. S 12: Verify detailed design conformance with applicable standards ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 31 ESA UNCLASSIFIED – For Official Use

Findings per sub-task (3/3) DA. T 3: Software User Manual Verification (---) (---) IVE.

Findings per sub-task (3/3) DA. T 3: Software User Manual Verification (---) (---) IVE. DA. T 3. S 1: IVE. DA. T 3. S 2: IVE. DA. T 3. S 3; IVE. DA. T 3. S 4; IVE. DA. T 3. S 5: Verify Verify the the the timing and sizing budgets of the software dependability & safety aspects on the product are specified in the SUM readability of the User Manual completeness of the User Manual correctness of the User Manual IVE: Code Analysis CA. T 1: Source Code Verification (---) IVE. CA. T 1. S 1: Verify source code external consistency with Technical Specification (---) IVE. CA. T 1. S 2: Verify source code external consistency with Interface Control Documents (---) IVE. CA. T 1. S 3: Verify source code external consistency with Architectural Design and Detailed Design (---) IVE. CA. T 1. S 4: Verify interfaces consistency between different SW units (+++) IVE. CA. T 1. S 5: Verify source code correctness with respect to technical specification, architectural design & detailed design (+++) IVE. CA. T 1. S 6: Verify the source code readability, maintainability and conformance with the applicable standards (+++) IVE. CA. T 1. S 7: Verify the dependability & safety of the source code (---) IVE. CA. T 1. S 8: Verify the accuracy of the source code (---) IVE. CA. T 1. S 9: Identify test areas and test cases for independent Validation (===) IVE. CA. T 1. S 10: Verify the timing and sizing budgets of the software CA. T 2: Integration Test Specification and Test Data Verification (===) IVE. CA. T 2. S 1: Verify consistency with Technical Specification (---) IVE. CA. T 2. S 2: Verify consistency with Software Architectural Design (+++) IVE. CA. T 2. S 3: Verify integration test procedures correctness and completeness (xxx) IVE. CA. T 2. S 4: If models are produced by the SW suppliers, then evaluate model verification and validation test results (xxx) IVE. CA. T 2. S 5: Verify integration test reports CA. T 3: Unit Test Procedure and Test Data Verification (---) IVE. CA. T 3. S 1: Verify consistency with Software Detailed Design (===) IVE. CA. T 3. S 2: Verify unit test procedures correctness and completeness (xxx) IVE. CA. T 3. S 3: Verify unit test reports ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 32 ESA UNCLASSIFIED – For Official Use

IVA: Independent Validation IVA. T 1: Identification of Test Cases • IVA. T 1.

IVA: Independent Validation IVA. T 1: Identification of Test Cases • IVA. T 1. S 1: Evaluate Task Input Inspection • IVA. T 1. S 2: Perform Analysis • IVA. T 1. S 3: Writing Independent Validation Test Plan IVA. T 2: Construction of Test Procedures • IVA. T 2. S 1: Achieve knowledge about the SVF • IVA. T 2. S 2: Implement Test Cases into Test Procedures • IVA. T 2. S 3: Updating the Independent Validation Test Plan IVA. T 3: Execution of Test Procedures • IVA. T 3. S 1: Execute the Test Procedures • IVA. T 3. S 2: Investigation of failed tests • IVA. T 3. S 3: Produce Test Report ISVV Effectiveness Measurement | Pedro A. Barrios | European Space Agency | 27/07/2012 | TEC-SWS | Slide 33 ESA UNCLASSIFIED – For Official Use