Software verification is a discipline of software engineering whose goal is to assure that software fully satisfies all the expected requirements.
Broad scope and classification
A broad definition of verification makes it equivalent to software testing. In that case, there are two fundamental approaches to verification:
- Dynamic verification, also known as experimentation, dynamic testing or, simply testing. - This is good for finding faults (software bugs).
- Static verification, also known as analysis or, static testing - This is useful for proving the correctness of a program. Although it may result in false positives when there are one or more conflicts between the process a software really does and what the static verification assumes it does.
Dynamic verification (Test, experimentation)
Dynamic verification is performed during the execution of software, and dynamically checks its behavior; it is commonly known as the Test phase. Verification is a Review Process. Depending on the scope of tests, we can categorize them in three families:
- Test in the small: a test that checks a single function or class (Unit test)
- Test in the large: a test that checks a group of classes, such as
- Module test (a single module)
- Integration test (more than one module)
- System test (the entire system)
- Acceptance test: a formal test defined to check acceptance criteria for a software
- Functional test
- Non functional test (performance, stress test)
The aim of software dynamic verification is to find the errors introduced by an activity (for example, having a medical software to analyze bio-chemical data); or by the repetitive performance of one or more activities (such as a stress test for a web server, i.e. check if the current product of the activity is as correct as it was at the beginning of the activity).
Static verification (Analysis)
Static verification is the process of checking that software meets requirements by inspecting the code before it runs. For example:
- Code conventions verification
- Bad practices (anti-pattern) detection
- Software metrics calculation
- Formal verification
Verification by Analysis - The analysis verification method applies to verification by investigation, mathematical calculations, logical evaluation, and calculations using classical textbook methods or accepted general use computer methods. Analysis includes sampling and correlating measured data and observed test results with calculated expected values to establish conformance with requirements.
When it is defined more strictly, verification is equivalent only to static testing and it is intended to be applied to artifacts. And, validation (of the whole software product) would be equivalent to dynamic testing and intended to be applied to the running software product (not its artifacts, except requirements). Notice that requirements validation can be performed statically and dynamically (See artifact validation).
Comparison with validation
Software verification is often confused with software validation. The difference between verification and validation:
- Software verification asks the question, "Are we building the product right?"; that is, does the software conform to its specifications? (As a house conforms to its blueprints.)
- Software validation asks the question, "Are we building the right product?"; that is, does the software do what the user really requires? (As a house conforms to what the owner needs and wants.)
- Verification and validation (software)
- Runtime verification
- Hardware verification
- IEEE: SWEBOK: Guide to the Software Engineering Body of Knowledge
- Carlo Ghezzi, Mehdi Jazayeri, Dino Mandrioli: Fundamentals of Software Engineering, Prentice Hall, ISBN 0-13-099183-X
- Alan L. Breitler: A Verification Procedure for Software Derived from Artificial Neural Networks, Journal of the International Test and Evaluation Association, Jan 2004, Vol 25, No 4.
- Vijay D'Silva, Daniel Kroening, Georg Weissenbacher: A Survey of Automated Techniques for Formal Software Verification. IEEE Trans. on CAD of Integrated Circuits and Systems 27(7): 1165-1178 (2008)