NASA IVV Facility Software Independent Verification and Validation

NASA IV&V Facility Software Independent Verification and Validation (IV&V) NASA IV&V Facility Fairmont, West Virginia Judith N. Bruner Acting Director 304 -367 -8202 judith. n. bruner. 1@gsfc. nasa. gov

NASA IV&V Facility • • Content Why are we discussing IV�&V? What is IV&V? How is IV&V done? IV&V process Why perform IV&V? Summary Points of Contact

NASA IV&V Facility Why are we discussing IV&V?

NASA IV&V Facility Setting the Stage In the 90 s, the Commanding General of the. Army’s Operational Test and Evaluation Agency noted that 90 percent of systems that were not ready for scheduled operational tests had been delayed by immature software.

NASA IV&V Facility Software “Chaos” The Standish Group examined 8, 380 Software Projects. 53% “Challenged” - Over budget by 189% - Late by 222% - Missing 39% of Capabilities Note: For Large Companies - 9% were Successful - 61. 5% Challenged - Over budget by 178% - Late by 230% - Missing 58% of Capabilities - 29. 5% were Cancelled 16% Successful - In Budget - On Time - Meets Requirements - User involved 31% Cancelled - Development

NASA IV&V Facility Error Densities Design & Implementation Requirements Specification 68% 23% Installation & Commissioning 9%

NASA IV&V Facility Increasing Cost of Changes Cost scale factor The cost to correct an software error multiplies during the development lifecycle. (Normalized to Requirements Phase)

NASA IV&V Facility What is IV&V?

NASA IV&V Facility Independent Verification and Validation (IV&V) • Independent – Technical: IV&V prioritizes its own efforts – Managerial: Independent reporting route to Program Management – Financial: Budget is allocated by program and controlled at high level such that IV&V effectiveness is not compromised • Verification (Are we building the product right? ) – The process of determining whether or not the products of a given phase of the software development cycle fulfill the requirements established during the previous phase – Is internally complete, consistent and correct enough to support next phase • Validation (Are we building the right product? ) – The process of evaluating software throughout its development process to ensure compliance with software requirements. This process ensures: • Expected behavior when subjected to anticipated events • No unexpected behavior when subjected to unanticipated events • System performs to the customer’s expectations under all operational conditions

NASA IV&V Facility Independent Verification & Validation Software IV&V is a systems engineering process employing rigorous methodologies for evaluating the correctness and quality of the software product throughout the software life cycle Adapted to characteristics of the target program

NASA IV&V Facility How is IV&V done?

NASA IV&V Facility IV&V Activities Throughout Lifecycle Requirements Phase • System Reqts Analysis • S/W Reqts Analysis • Interface Analysis • Process Analysis • Technical Reviews & Audits Design Phase • Design Analysis • Interface Analysis • Test Program Analysis • Supportability Analysis • Process Analysis • Technical Reviews & Audits Code Phase • Code Analysis • Test Program Analysis • Supportability Analysis • Process Analysis • Technical Reviews & Audits Verify Validate Verify Test Phase • Test Program Analysis • Independent Test • Supportability Analysis • Technical Reviews & Audits

NASA IV&V Facility IV&V Life Cycle Functions • IV&V Process provides tools and analysis procedures appropriate to each phase of the software development life cycle: – Formulation Phase: • Is development process sound, repeatable, and managed? – Requirements Phase: • Verify that system and software requirements are correct, complete, traceable and testable • Analyze system-level requirements: Are test plans and acceptance criteria sufficient to validate system requirements and operational needs? • Are testing methods sufficient to verify and validate software requirements? • Are the correct software development, management, and support processes in place? – Design Phase: • Does the design support the requirements? • Are test plans and test environments sufficient to verify and validate software and operational requirements? • Does the design have any characteristics that will cause it to fail under operational scenarios? What solutions are appropriate?

NASA IV&V Facility IV&V Life Cycle Functions (cont. ) • Typical IV&V functions by Software life-cycle phase (cont. ): – Coding Phase: • • Does the code reflect the design? Is the code correct? Verify that test cases trace to and cover software requirements and operational needs Verify that software test cases, expected results, and evaluation criteria fully meet testing objectives • Analyze selected code unit test plans and results to verify full coverage of logic paths, range of input conditions, error handling, etc. – Test Phase: • Analyze correct dispositioning of software test anomalies • Validate software test results versus acceptance criteria • Verify tracing and successful completion of all software test objectives – Operational Phase: • Verify that regression tests are sufficient to identify adverse impacts of changes

NASA IV&V Facility IV&V Testing Involvement • IV&V identifies deficiencies in program’s test planning • Program changes their procedures to address deficiencies vice IV&V independently test • IV&V may independently test highly critical software using an IV&V testbed – – Whitebox Stress Endurance Limit • Developer motivated to show software works • IV&V attempts to break software

NASA IV&V Facility IV&V Process

IV&V Process NASA IV&V Facility Integrates IV&V into program Provides IV&V funding Resolves Exception issues IV&V Assessment agreement information Planning CARA results IV&V proposal Defines IV&V scope and objectives Program Developer Reflects IV&V in program mgmt plan Agrees to data transfer plan Reflects agreement in subcontracts Requirements Design Code Test Planning Execute Normal Introduce issues at lowest level Allow developer time to respond Issue resolved Exception IV&V in phase with development Introduce issues at lowest level Allow developer time to respond If no resolution, take issue to program

NASA IV&V Facility IV&V Scope • Scope is determined so as to minimize the risk within the Program’s IV&V budget. Effort is based on: – Criticality and risk of system functions performed/managed by software – Budget limitations Program’s Specifications Program goals Criticality Analysis and Risk Assessment Dev plans/schedules Estimate resource requirements Revise scope: - Breadth vs depth - Exceptions IV&V budget Acceptable? No Yes IV&V Plan

NASA IV&V Facility CARA Scoring Methodology For each Software Function: Set IV&V Analysis Level (IAL) Thresholds IAL CARA Score None: 1 < CARA < 2 Limited (L): 2 < CARA < 5 Focused (F): 5 < CARA < 8 Comprehensive (C): 8 < CARA < 12 Criticality: Category Performance and Operations Safety Cost/schedule Rating Catastrophic=4 Critical=3 Moderate=2 Low=1 Risk: Average Criticality CARA score Rating Category Complexity Technology Maturity Reqts Dfn & Stability Testability Developer Experience High=3 Moderate=2 Low=1 Average Risk

NASA IV&V Facility Sample Criticality Evaluation Criteria CARA Criticality

NASA IV&V Facility Sample Risk Driver Criteria CARA Risk

NASA IV&V Facility Requirements Analysis IALs

NASA IV&V Facility Design Analysis IALs

NASA IV&V Facility Code Analysis IALs

NASA IV&V Facility Test Analysis IALs

NASA IV&V Facility IV&V Is Process As Well As Product Oriented Program processes Software schedules, development tracking, critical path analysis, configuration mgmt Ancillary developments Simulations, trainers, test environments Increased probability of success - Good processes allow early error identification and correction - Quality documentation enhances software maintenance

IV&V Week Month Phase complete analysis report Status Reviews Program Identification of top risks Eval of Program Devel status Eval of Program Schedule status IV&V Increases Program Awareness NASA IV&V Facility Week Reqts IV&V is a program level “tool” to efficiently and effectively manage software development risk. Design

Staffing Paradigm NASA IV&V Facility Program Site S/W IV&V Facility Developer Site Pgm Mgmt Developers IV&V Eyes, Ears, Advocates, & Domain Experts (Validation) Critical Mass of: - Analysts - Tools

NASA IV&V Facility Why perform IV&V?

NASA IV&V Facility Technical IV&V Benefits Management • Better software/system Performance • Better Visibility into Development • Higher Confidence in Software Reliability • Better Decision Criteria • Compliance between Specs & Code • Criteria for Program Acceptance • Second Source Technical Alternative • Reduced maintenance cost • Reduced Frequency of Operational Change

NASA IV&V Facility Summary

NASA IV&V Facility IV&V Key Points • IV&V works with the Project – Goal is project success • IV&V is an engineering discipline – IV&V processes are defined and tailored to the specific program – Mission, operations and systems knowledge is used to perform engineering analyses of system components • IV&V is most effective when started early – 70% of errors found in testing are traceable to problems in the requirements and design • IV&V works problems at the lowest possible level – Primarily work via established informal interfaces with the development organization - working groups, IPTs, etc. – Elevate issues only when necessary

NASA IV&V Facility IV&V Approach Efficiently Mitigates Risk • It is not necessary or feasible to perform all IV&V analyses on all software functions • IV&V resources allocated to reduce overall exposure to operational, development, and cost/schedule risks – Software functions with higher cirticality and development risk receive enhanced levels of analysis (‘CARA’ process) – Systems analyses performed to reduce costly interface and integration problems – Process analyses performed to verify ability to produce desired result relative to program plans, needs and goals • IV&V working interfaces promote timely problem resolution – Proactive participation on pertinent development teams – Emphasis on early identification of technical problems – Engineering recommendations provided to expedite solution development and implementation

NASA IV&V Facility Analyses Are Value Added and Complementary - Not Duplicative • Analyses performed from a systems perspective considering mission needs and system use, hazards and interfaces – Discipline experts assigned to perform analysis across all life cycle phases – Horizontal specialty skills are matrixed across IV&V functional teams to verify correct systems integration – Specialized tools and simulations perform complex analyses • IV&V testing activities complement developer testing enhancing overall software confidence – Developer testing focuses on demonstrating nominal behavior, IV&V testing activities try to break the software • Overall program integration, test and verification approach analyzed for completeness, integrity and effectiveness

NASA IV&V Facility Why use NASA IV&V Facility? Software IV&V, as practiced by the NASA Software IV&V Facility, is a well-defined, proven, systems engineering discipline designed to reduce the risk in major software developments.

NASA IV&V Facility Points of Contact • Judy Bruner Acting Director 304 -367 -8202 judith. n. bruner. 1@gsfc. nasa. gov • Bill Jackson Deputy Director 304 -367 -8215 bill. jackson@ivv. nasa. gov