- 1. The Requirement
- 2. Rationale
- 3. Guidance
- 4. Small Projects
- 5. Resources
- 6. Lessons Learned
- 7. Software Assurance
4.5.5 The project manager shall evaluate test results and record the evaluation.
NPR 7150.2, NASA Software Engineering Requirements, does not include any notes for this requirement.
Click here to view the history of this requirement: SWE-068 History
1.3 Applicability Across Classes
Key: - Applicable | - Not Applicable
A & B = Always Safety Critical; C & D = Sometimes Safety Critical; E - F = Never Safety Critical.
Test results are the basis for confirming that the team has fulfilled the software requirements in the resulting software product. In order to make such decisions, test results must be reviewed and evaluated using a documented, repeatable process. The team can derive quality conclusions by capturing the actual test results, comparing them to expected results, analyzing those results against pre-established criteria, and documenting that analysis/evaluation process.
It is important to document and retain elements used to generate and analyze the results for future regression testing and related test results analysis.
Evaluation of software testing is a complicated activity and the evaluations are further impacted by the amount of data produced by the software test. All software test data should be evaluated and compared to the expected results for the test. The evaluation process and evaluation tools used should be recorded for future assessments. If a software test evaluation tool has an error, the software test data may be misinterpreted by the evaluation team. The process for software test evaluations should be repeatable.
Per NASA-GB-8719.13, NASA Software Safety Guidebook 276, the analysis methodology for software and system test results includes the following steps:
- Verify that software and system test data meet the requirements for verifying all functional software safety requirements and safety-critical software elements.
- Verify via test coverage analysis that all safety requirements, functions, controls, and processes have been completely covered within the unit, component, system, and acceptance level tests.
- Verify that all software safety requirements have been tested, or evaluated, inspected, or demonstrated.
- Verify that all software safety functions are correctly performed and that the software system does not perform unintended functions.
- Verify that all safety requirements have been satisfied.
- Verify that all identified hazards have been eliminated or controlled to an acceptable level of risk.
The following from IEEE-STD-1012-2004, IEEE Standard for Software Verification and Validation, 209 are also appropriate considerations when developing a test results analysis methodology:
- Validate that software correctly implements the design.
- Validate that the test results trace to test criteria established by the test traceability in the test planning documents.
- Validate that the software satisfies the test acceptance criteria.
- Verify that the software components are integrated correctly.
- Validate that the software satisfies the system requirements.
Other elements for the evaluation methodology include:
- Verify that the test results cover the requirements.
- Determine if actual results match expected results.
- Verify adequacy and completeness of test coverage.
- Determine the appropriateness of test standards and methods used.
For all levels of software testing (unit, component, integration, etc.) capture and record items used to generate and collect the results. These items are an important part of analyzing the test results since some anomalies could have been caused by the tests themselves. The following are captured, not only for results analysis but for future regression testing:
- Test drivers and stubs.
- Test suites.
- Test data.
In addition to the information used to generate test results, the following may be important inputs to the analysis of the result:
- Discrepancies found during testing (e.g., discrepancies between expected and actual results).
- Disposition of discrepancies.
- Retest history.
When performing the actual test results analysis/evaluation, consider the following practices 047 :
- Use application or domain specialists as part of the analysis/evaluation team.
- Use checklists to assist in the analysis and ensure consistency.
- Use automated tools to perform the analysis, when possible.
- Capture a complete account of the procedures that were followed.
- If a test cannot be evaluated, capture that fact and the reasons for it.
- Plan the criteria to be used to evaluate the test results, consider (from a 1997 University of Southern California Center for System and Software Engineering project file entitled, “Software Test Description and Results”):
- The range or accuracy over which output can vary and still be acceptable.
- The minimum number of combinations or alternatives of input and output conditions that constitute an acceptable test result.
- Maximum/minimum allowable test duration, in terms of time or number of events.
- The maximum number of interrupts, halts, or other system breaks that may occur.
- Allowable severity of processing errors.
- Conditions under which the result is inconclusive and retesting is to be performed.
- Conditions under which the outputs are to be interpreted as indicating irregularities in input test data, in the test database/data files, or in test procedures.
- Allowable indications of the control, status, and results of the test and the readiness for the next test case (maybe the output of auxiliary test software).
- Additional criteria not mentioned above.
When recording the outcome of the analysis, important items to include are:
- Major anomalies.
- Problem reports generated as a result of the test.
- Operational difficulties (e.g, constraints or restrictions imposed by the test, aspects of the requirement under test that could not be fully verified due to test design or testbed limitations).
- Abnormal terminations.
- Reasons/justifications for discrepancies (e.g., caused by test cases or procedures, not a product issue).
- Any known requirement deficiencies present in the software element tested.
- Corrective actions were taken during testing.
- Success/failure status of the test.
Additional guidance related to software test results may be found in the following related requirements in this Handbook:
4. Small Projects
No additional guidance is available for small projects.
6. Lessons Learned
6.1 NASA Lessons Learned
A documented lesson from the NASA Lessons Learned database notes the following:
- Flight Software Reviews (Have test results peer-reviewed.) Lesson Number 1294 548: "Rigorous peer reviews of spacecraft bus software resulted in good on-orbit performance. A lack of rigorous peer reviews of the instrument software has resulted in numerous on-orbit patches and changes."
6.2 Other Lessons Learned
No other Lessons Learned have currently been identified for this requirement.
7. Software Assurance
7.1 Tasking for Software Assurance
Confirm that test results are assessed and recorded.
Confirm that the project documents software non-conformances in a tracking system.
Confirm that test results are sufficient verification artifacts for the hazard reports.
7.2 Software Assurance Products
- SA assessment of verification adequacy for hazard reports.
Definition of objective evidence
- Evidence of confirmations that Tasks 1 2 and 3 have occurred.
Objective evidence is an unbiased, documented fact showing that an activity was confirmed or performed by the software assurance/safety person(s). The evidence for confirmation of the activity can take any number of different forms, depending on the activity in the task. Examples are:
- Observations, findings, issues, risks found by the SA/safety person and may be expressed in an audit or checklist record, email, memo or entry into a tracking system (e.g. Risk Log).
- Meeting minutes with attendance lists or SA meeting notes or assessments of the activities and recorded in the project repository.
- Status report, email or memo containing statements that confirmation has been performed with date (a checklist of confirmations could be used to record when each confirmation has been done!).
- Signatures on SA reviewed or witnessed products or activities, or
- Status report, email or memo containing Short summary of information gained by performing the activity. Some examples of using a “short summary” as objective evidence of a confirmation are:
- To confirm that: “IV&V Program Execution exists”, the summary might be: IV&V Plan is in draft state. It is expected to be complete by (some date).
- To confirm that: “Traceability between software requirements and hazards with SW contributions exists”, the summary might be x% of the hazards with software contributions are traced to the requirements.
- # of software work product Non-Conformances identified by life-cycle phase over time
- # of safety-related Non-Conformances
- Total # of Non-Conformances over time (Open, Closed, # of days Open, and Severity of Open)
- # of Non-Conformances in current reporting period (Open, Closed, Severity)
- # of safety critical requirement verifications vs. total # of safety critical requirement verifications completed
- # of Open issues vs. # of Closed over time
- # of tests successfully completed vs. total # of tests
- # of Hazards containing software that have been successfully tested vs. total # of Hazards containing software
- # of Non-Conformances identified during each testing phase (Open, Closed, Severity)
- # of tests executed vs. # of tests successfully completed
- # of Non-Conformances identified while confirming hazard controls are verified through test plans/procedures/cases
- # of hazards with completed test procedures/cases vs. total number of hazards over time
- # of safety-related non-conformances identified by life-cycle phase over time
- # of Safety Critical tests executed vs. # of Safety Critical tests witnessed by SA
- Total # of tests completed vs. number of test results evaluated and signed off
Software assurance needs to review all software test reports and assess whether the results of the test(s) have been accurately captured. Software assurance will confirm that any discrepancies /nonconformances found during the test(s) are fully described in the test report and documented in the project tracking system. The discrepancies/nonconformances need to be addressed and resolutions agreed upon before software assurance signs off on the test completion.
Software assurance will review the test reports and confirm that all software safety-related verifications in the Hazard Report or Safety Package have been tested and assure they are performed according to the test plan, test procedures, and or safety plan. Testing of these features should include correct and safe operations in known operational and nominal configurations as well as the ability to handle off-nominal conditions and transition to a safe state. Testing should also include testing of the software under load, stress, and off-nominal conditions including the operation of software controls and mitigations in various modes and states. Any discrepancies or nonconformances should be documented and addressed before the closure of the hazard verification.