Verification Validation Verification from Latin veritas meaning truth

Verification & Validation • Verification – from Latin veritas meaning truth. – Building the product right. • Validation – from Latin Valere meaning to be worth. – Building the right product.

Tools for V & V • Must be able to support – – modelling simulation state-space search testing • Must be scalable • Must be able to operate on different platforms – Unix or Linux – Windows NT – Windows 95, 98

Example: Telelogic Tau • Modelling – MSC(Message Sequence Chart) • consists of entities and events occurring in time between those entities. – SDL(Specification and Description Language) • consists of a system defining the boundaries of the overall task. • the system consists of components called blocks which are connected by channels. • the blocks can consist of blocks and/or processes. • the processes are the actors of the system and are series of actions, changes or functions that bring about a particular result.

– TTCN(Tree and Tabular Combined Notation) • A tree contained in a table. • Tree is composed of texts having different indentations. Texts having the same indentation have the same height in the tree. • Each text is preceded by “? ” (incoming event) or “!”(outgoing event). – State Space Coverage • A graph that shows all the different combinations of inputs and outputs possible and their resulting transitions. • It can be used to check for deadlocks and unspecified receptions.

• Simulation – Tau contains a simulator that allows the interactive inspection and checking of the system’s behavior. • State-space search – a bit-state or a random walk can be done with the validator in Tau. These will explore the state space of the SDL system to find the most possible run-time errors. • Testing – TTCN link – Autolink

Case study: Egg timer system • An egg timer which boils an egg for the amount of time specified by the user.

SDL System Diagram • A system defines a set of blocks and a set of channels through which interaction occurs between the environment and the system. • Signals, signal lists and types are also defined.

SDL • Specification and Description Language – Initially built for communicating systems – Divides the specification in • Environment • System(s) The Environment Border

Into the blocks • Blocks are composed of processes or of other blocks. • Each block eventually contains processes. • The processes communicate with the environment of the block via signal routes.

Signals and Signal lists • Signals are the means through which processes interact. • Signals to and from the environment are declared at the system level. • Signal lists group signals that are used in the same grouping at several places.

• A Whole system SDL Process Block Procedure

Inside an SDL System Channel (and channel name) System name Signals (Messages) Declarations Signalist (set of messages) Newtype definitions

SDL System Structure Signallists are declared like signals, but enclosed in parenthesis Environment of the system Channel name System blocks Signals are shown in square brackets, separated by a comma

The Egg. Timer SDL Block Connection points (system channel names) Signals routes Procedure declaration Process declarations General declarations (signals, types, vars)

The Egg-Timer SDL Block Structure Displaying sends to the environment and receives from Timing etc. . . Processes At least 1 instance and at most 1 instance of this process Procedure Reference

SDL Process example Initial state Initial transition State Input Timer Input (or timeout) Output If Declarations Procedure call Task

SDL Declaration example To say you’re declaring something Identifier (instance name) Instance type Timer declaration Timer Identifier Initialization

SDL Transition example FROM WHEN ACTIONS SEND TO Local variable Parameters to send

SDL Tasks Setting the timer Incrementing or attributing a value Making a procedure call Set([NOW+]<Duration>, <Timer. Name>) <variable> : = <expression>[; <another task]

SDL Procedures (and operators) Formal Parameters Procedure Start Param modifier name and type If first ‘seconds’ digit is 0 then go down, else go left Procedure return Modifiers: IN - Parameter is an Input parameter OUT - Parameter is an Output parameter IN/OUT - Parameter is both IN and OUT

SDL Message Handling Each process • has one and only one message queue • sends (by default) a message to the closest receiver (if the process itself is capable of receiving such message, it will send to itself) • the default sending procedure can be modified by • VIA: <Message_name> VIA <channel_name> • TO: <Message_name> TO <process_id>

SDL Message Handling This process queue has four possible messages • Inc. Minute • Start. Timer • Reset. Timer • One. Second The first three are external messages where One. Second is an internal message, indicating when the clock has decreased one second. There could be several other messages coming from other processes or other blocks

Simulation • Once a complete SDL system has been designed, the Tau tool allows us to simulate the system i. e. to inspect and check its behavior. • After having generated an executable simulator, a simulator user interface can be started. It looks like the following:

Validation • The validator is used to explore the state space to find errors or inconsistencies in the system. • It can also be used to verify the system against requirements by running system level MSCs in the validator. • An executable validator must be generated and the validator user interface can then be started.

Principles of Validation i) Design – User-centred view • • scenarios use-cases MSCs functional, blackbox, providing a service (or NOT), end to end – guided execution in SDL high-level design – refined design, re-run validation scenarios

SDL Guided execution • Using the Navigator in a SDL Validator tool. Up 1 Next 1: Signal: One. Minute. Btn. . . Next 1: Next i: Tr. Start Next 1: . . . Input: Display. Time Sender: Timing: 1 Parameter(s): 1, 0, 0 Next 2: Signal: Start. Btn Next 2: Signal: Reset. Stop. Btn By clicking on the Next, we go deriving a scenario by following the state-space tree

SDL Guided Execution (in MSC form)

Functional MSC for the previous Egg. Timer scenario And executing this MSC in the Validator Tool, by clicking on “Verify MSC” and selecting the proper file, we obtain (as the system has been correctly specified) 1 report 1 MSC Verification MSC Validator. Trace verified Depth: 7

Principles of Validation ii) Test • functional user interface tests in TTCN c S 2 S 1 b a a S 3 b + Test Name Event a Event b pass Tree and Tabular Combined Notation • TTCN standard formal test case descriptions • Facilitate sharing of tests • Eliminates Ambiguities • UNIX-based TTCN Workbench toolkit • TTCN used for X. 25, ISDN, CCS 7, and many other protocols • All PDU parameters specified

Principles of Validation ii) Test (cont’d) • basic syntax & semantics of TTCN (TREE and TABLE Combined Notation) – Test Case Dynamic Behaviour Test Case Name: Group: Purpose: Default: Label Behavior Description A!X A? Y A!J A? K Constr. Reference Ver dict Remarks Pass A? Z Fail Wrong Resp. A? Otherwise Inc. Test body not reached Extended Comments:

Principles of Verification i) Design – State-space search Process Chart Transition Chart State Space -transitions

Principles of Verification i) Design (cont’d) – Possible outcomes • • Unspecified reception queue overflow deadlock infinite livelock (no real progress) – Random walk

Principles of Verification ii) Test – Conformance Testing (TTCN) • • preamble test step verification sequence postamble

Principles of Verification Structure of a Transition Test Case for Conformance Testing PREAMBLE: Initialization to Preamble State TEST BODY: Application of Test Stimulus and Confirmation of System Response VERIFICATION: Confirmation of Post-Transition State POSTAMBLE: Reset to Stable State for Next Test

Principles of Verification Represent S 1 a/X S 3 b/Y S 4 As a sequence of user actions and system responses, starting in state 1 and finishing in state 4. In TTCN +Preamble(S 1) !a ? X !b ? Y +Verify(S 4) * * PASS FAIL Inconclusive

Industrial Strength Tool Support • Value added – MSC coverage and test coverage. – auto test generation. – reverse engineering can be done to a certain extent. – provides graphics editor(MSC & SDL). – provides editor for TTCN(ITEX).