There are sometimes facts, that connot be checked directly. Let's say there is a refrigerator in a box, that may not be opened. Imagine refrigerator can be of 5 different colors - white, blue, red, black and green. The manual says that it is blue. But the only thing that is avaliable is a black-and-white photo of the refrigerator. The direct color check test is hard to make using just the photo (assume it is impossible). But one can defenately say (looking at the photo) that the refrigerator is either white or not. So the test doesn't check the color itself, it actually tests if the color is white.

Similar situations occur all the time. That's why there are two kinds of assertions. The first one is the direct one, when there is a possible test that checks the exact fact stated by this assertion. The second kind is the indirect derived assertion. It is not written in a specification, but is derived from one or several that are.

Going back to refrigerators and black-and-white photo, here are some examples:

• Direct assertion:
  Written is the spec: "The refrigerator is white". The test simply checks if it is white.

• Derived assertion:
  The base assertion in a spec is "The refrigerator is blue".
  The derived could be "The refrigerator is white or black". The tests checks if it is not blue (white/black).

It is not true, that derived assertions are only useful when there is no ability to test the base assertion from spec. In many cases they help to increase depth coverage of an assertion.