JP2015197868A - Computer program checking apparatus - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a program checking apparatus capable of assessing the presence of a specific phenomenon and detecting an input test pattern that causes the phenomenon for every arithmetic path even when a program has a structure having conditional branches and multiple arithmetic paths.SOLUTION: A program checking apparatus of the present invention detects and stores all arithmetic paths that can arise during execution of a program, and performs generation of input values and an optimization process for assessing the presence of a specific phenomenon in an arithmetic path selected from the stored arithmetic paths. When the specific phenomenon is not detected, the apparatus iterates the process of performing input value generation and the optimization process for an assessment of the specific phenomenon selecting another arithmetic path from the stored arithmetic paths.

Description

  The present invention relates to an apparatus for inspecting a computer program or software. More specifically, the present invention inspects whether or not any specified phenomenon (specified phenomenon) such as a malfunction phenomenon caused by a computer program or software has occurred. And an apparatus for detecting an input (test pattern) that generates the specified phenomenon.

  Due to advances in computer technology, many devices and machinery are now operated by computer control. In such computer control, typically, a computer program or software (hereinafter simply referred to as “program”) for determining the operation of an apparatus or a machine is a computer mounted on the apparatus or machine. When a certain input is made to the apparatus or machine tool, the CPU executes a calculation process for calculating an output corresponding to the input according to the program, and an actuator corresponding to the calculated output. Etc. will be driven. Therefore, in order to ensure that a computer-controlled device or machine tool operates normally, it is of course necessary to perform debugging or error verification within the program when the program device or machine tool is mounted on the control computer. For any input that may be given to the device or machine tool, malfunctions in the operation of the computer controlled device or machine tool, eg hunting, sudden changes in value (such as sudden changes in the amount of movement), It is necessary to prepare a program so that a phenomenon such as deviation from a predetermined range does not occur. In this regard, a test for detecting the presence or absence of a malfunction phenomenon by human work has a large number of man-hours, and there is a concern that the malfunction phenomenon may be overlooked due to missing thoughts. In view of this, various techniques have been proposed in the past in which, when a program is implemented, a computer confirms that there is no occurrence of a malfunction phenomenon in the operation of the apparatus or machine tool as described above.

  As an example of performing a test for detecting the presence or absence of a malfunction phenomenon by a program to be inspected using such a computer, for example, in non-patent document 1 and patent document 1, a test pattern is included in a program to be inspected. A dynamic test method is disclosed in which a program is executed by inputting, and a result output is analyzed. In short, in these dynamic tests, first, the range of the result output value of the program corresponding to the failure phenomenon is specified, and then the result output value obtained by executing the program using the input of the test pattern is the result output value. The calculation of the result output value by executing the program is repeatedly executed while changing the input of the test pattern so as to approach the value range corresponding to the malfunction phenomenon (this iterative operation process is called “optimization process”. Called.). When a result output value that falls within a value range corresponding to a failure phenomenon is calculated with respect to an input of a certain test pattern, the program determines that the failure phenomenon can occur, and the test pattern is defective. Even if the pattern is identified as a pattern that generates a phenomenon and the result output value is closest to the range corresponding to the malfunction, if it does not fall within the range corresponding to the malfunction, the program will not generate the malfunction. Therefore, it is determined that there is no test pattern that causes a malfunction. Further, in a program inspection technique such as snapshot and ATG (Automated Test Generation) tool (for example, Patent Document 2), when a conditional branch is included in a program, all arithmetic processes that can be executed in the program A method of detecting a path and / or automatically generating an input test pattern or a test vector for executing a calculation process of each path is executed. In addition, a SAT (satisfiability problem) solver is used to detect all problems that may occur in the execution result of a program and events to be observed. Furthermore, in a method called “concolic testing”, to execute a program by a certain input, to detect a branch condition at a branch point by symbol execution, and to execute a route that has not been executed. And the repetitive execution of the program execution process by another route by the newly created input (Non-Patent Document 2).

JP2010-002370 JP 2006-244195 A

Tools and Algorithms for the Construction and Analysis of Systems Lecture Notes in Computer Science, Vol. Analysis of Systems Lecture Notes in Computer Science Volume 6605, 2011, pp254-257 S-TaLiRo: A Tool for Temporal Logic Falsification for Hybrid Systems, Yashwanth Annpureddy, Che Liu, Georgios Fainekos, Sriram Sankaranarayanan) Software Testing Mania X vol.7 1 page (Software Testing ManiaX vol.7 1) “Recently emerging testing techniques” Keizo Tsuji

  As described above, testing for detecting fault phenomena is important in program development. To optimize development and reduce oversight of fault phenomena, one of the test methods described above is “optimization”. A dynamic test automatic generation technique using a method using processing is proposed. However, the arithmetic processing includes conditional branch processing, which makes it possible to check the program that uses "optimization" for programs in which the result output value contains both discrete and continuous parts. If this method is used, it will often fail, and even if a malfunction occurs in the resulting output value, it will be difficult to detect it correctly. It may also be difficult to detect the test pattern.

  More specifically, when a conditional branch process (such as an If statement) is included in the program to be inspected, the arithmetic processing by the program to be inspected follows any one of a plurality of different arithmetic paths depending on the condition. In many cases, the range of the result output values that are executed through different computation paths are discretely isolated from each other. On the other hand, in the detection process of the presence or absence of the malfunction phenomenon by “optimization”, as already mentioned, a certain initial input value is input to the program to be inspected, the program is executed, and the result output value is calculated. A process of repeatedly calculating the result output value by executing the program is executed while continuously changing the input value so that the output value approaches the range of the result output value corresponding to the malfunction phenomenon. Then, when the ranges of the output values calculated through different calculation paths are discretely separated from each other, an “optimization” process is started using a certain initial input value, which corresponds to a malfunction phenomenon. Even if the input value is changed to bring the result output value closer to the range of the result output value and the result output value is calculated, the path through which the input value passes through the "optimization" process from the initial input value used first Is changed to pass through another route, and there is no guarantee that the “optimization” calculation process is executed. In that case, there is a possibility that a malfunction phenomenon hidden in a calculation path other than the path that passes through in the process of “optimization” from the initial input value used first may be missed.

  For example, in the case of a program code as illustrated in FIG. 2A, there are three paths for data flow as shown in FIG. 2B. In a program having this structure, in the situation where P is True with a probability of 99.99...%, The variable a is selected by the operation through the path 1, so that the optimization process using the variable a (that is, , Verification of the presence or absence of a malfunction phenomenon caused by a change in the value of the variable a) is executed, but the variable b is rarely selected by an operation through the path 2, and eventually the optimization process using the variable b is performed. It is not executed, that is, it cannot be detected whether or not a malfunction phenomenon occurs due to a change in the value of the variable b in the calculation through the path 2.

  On the other hand, among the existing verification tools that are different from optimization processing, tools such as the SAT solver that perform exhaustive verification on all input / output space points are input / output in time series. If the number of spatial points is enormous and the verification target space is too wide as in the processing described above, it is difficult to detect a specific point where the malfunction phenomenon occurs (particularly, it takes cost and time).

  Thus, one problem of the present invention is that the program to be inspected includes a conditional branch process, and thus has a structure in which a plurality of operation paths exist, and the range of output values of these operation paths is discrete. Even in some cases, a new program inspection device that can inspect the presence or absence of a specified phenomenon (designated phenomenon), such as a malfunction phenomenon caused by optimization processing, and detect a test pattern that generates the designated phenomenon for all computation paths Is to provide.

  According to the present invention, the above-described problem is an apparatus for inspecting the occurrence of a specified phenomenon in the operation of a program, detecting all the computation paths that can occur in the execution of the program, and detecting the detection Calculation path storage means for storing all of the calculated calculation paths, calculation path selection means for selecting one of all of the stored calculation paths, and an input value for executing the selected one calculation path Input generation means for executing generation of the program; optimization processing means for executing optimization processing of the program in the selected one computation path using the generated input value as an initial input value; and The specified phenomenon result output value range in which the result output value of the program obtained by executing the optimization process is the range of the result output value calculated by executing the program corresponding to the occurrence of the specified phenomenon A result output value determining means for determining whether or not it is included, and up to the specified phenomenon result output value range of the result output value of the program obtained by execution of the optimization process by the optimization processing means When the result output value is not included in the designated phenomenon result output value range when the distance of the distance is minimized, and there is an unselected computation path among all of the stored computation paths, One of them is selected by the calculation path selection means, and the newly selected calculation path is set as the selected one calculation path, the generation of the input value by the input generation means, and the optimization processing means This is achieved by an apparatus that repeatedly executes the optimization processing and the determination by the result output value determination means.

  In the above configuration, the “designated phenomenon” typically means hunting, sudden change in value (sudden change in operation amount, etc.), deviation of the value outside a predetermined range, etc., as already mentioned. Although this is an undesirable malfunction in the operation of the program, in the configuration of the present invention, the designation phenomenon does not necessarily have to be a malfunction phenomenon, and is a phenomenon that is arbitrarily designated. It should be understood that the value range corresponding to the occurrence of the specified phenomenon may be a phenomenon that can be defined. As described above, “program optimization processing” is performed by executing a program while changing an input value so that a result output value obtained by executing the program approaches a value range corresponding to occurrence of a specified phenomenon. This is a process of repeatedly calculating the result output value. Then, the iterative process is performed so that the result output value is included in the range corresponding to the occurrence of the specified phenomenon or the distance of the result output value to the range corresponding to the occurrence of the specified phenomenon (between the result output value and the range). Is finished when the (scalar amount) becomes minimum. In addition, detection of all computation paths that can occur in the execution of a program by the computation path selection means in the series of processes described above can be achieved using an arbitrary algorithm such as a snapshot or an ATG tool. Generation of an input value for executing one selected computation path by the input generation unit can be achieved using an arbitrary algorithm such as a SAT solver. The program optimization process can be achieved using various existing algorithms.

  In the operation of the above-described apparatus of the present invention, in short, first, all possible computation paths are detected in a program to be examined, and for each of these computation paths. Individually, the optimization process is executed one after another, and it is checked whether or not the specified phenomenon is generated by the program optimization process. When the specified phenomenon is a malfunction phenomenon, if it is detected that a result output value is included in the range corresponding to the malfunction phenomenon during the execution of a series of processes, the process is interrupted at that point, and the result An input value given an output value may be detected as a test pattern that causes a specified phenomenon, and the program may be determined to be corrected. According to such a configuration, the program includes a conditional branch process and has a structure in which a plurality of operation paths exist, and accordingly, the range of the result output value of the program includes a discrete part and a continuous part. Even so, since the optimization process can be executed in all of the plurality of computation paths, the oversight of the specified phenomenon or malfunction phenomenon is reduced. For example, in the computation path with a low probability of occurrence. Even when a specified phenomenon or a malfunction phenomenon occurs, the probability of detection without missing is greatly increased.

  In the above configuration, further, the calculation is executed along the selected calculation path with reference to the intermediate calculation value calculated in the middle of the calculation path selected during the execution of the optimization process. Intermediate calculation value monitoring means for determining whether or not there is provided may be provided. The determination as to whether or not an operation is being performed along the operation path can be achieved by determining whether or not the referenced intermediate operation value is included in a predetermined value range, for example. According to such a configuration, during the optimization process, it is possible to monitor whether or not the computation path being examined is intended (selected), and if the computation being examined If it is known that the route is not selected, the specified phenomenon result output value range is changed, and the processing correction is performed so that the arithmetic processing along the selected arithmetic route is executed reliably. It becomes possible.

  Thus, according to the present invention described above, when the program to be inspected has a structure capable of generating processing along a plurality of operation paths in which the range of the result output value is discretely separated, the result output value Considering the existence of discretely separated parts and continuous parts, the optimization process is performed for each computation path, or all computation paths are verified. Even when the target space to be processed is wide, it is possible to inspect whether there is a specified phenomenon or malfunction phenomenon by the optimization process and to detect a test pattern that generates the specified phenomenon. In particular, the program to be inspected is a program for computer control of the operation of the device or machine tool, and even if the operation of the device or machine tool includes discrete behavior, the specified phenomenon (the failure phenomenon is It is expected that detection of (but not limited to) can be achieved efficiently. In addition, the apparatus of the present invention automatically executes detection of a specified phenomenon or malfunction phenomenon in the operation of a program and detection of a test pattern that generates the specified phenomenon or malfunction phenomenon regardless of human work. Therefore, reduction of program development man-hours and further improvement of program and control quality are expected.

  Other objects and advantages of the present invention will become apparent from the following description of preferred embodiments of the present invention.

FIG. 1 (A) is a diagram schematically showing a program inspection apparatus according to the present invention, and FIG. 1 (B) is a diagram showing the configuration of the internal processing unit in the form of a block diagram. In the figure, arrows indicate the flow of information. FIG. 2A shows an example of a part of a program code to be inspected by the program inspection apparatus according to the present invention, and FIG. 2B shows a data flow graph of the program code in FIG. Show. FIG. 2C shows a data flow graph in which a plurality of operation paths included in the program code of FIG. FIG. 3A is a diagram for explaining the flow of optimization processing in the program inspection apparatus according to the present invention, and FIG. 3B is for explaining the robust value minimized in the optimization processing. It is a figure to do. FIGS. 3C, 3D, and 3E are schematic graphs for explaining changes in input values, output values, and robust values in the optimization process. FIG. 4A is a diagram showing the processing in the program inspection apparatus according to the present invention in the form of a flowchart, and FIG. 4B is an input when the processing of FIG. 4A is executed. It is the figure which represented typically the example of the relationship between the range of a value, the range of an output value, a calculation path | route, and the locus | trajectory of an output value in the format of a graph figure. In the figure, the arrow schematically shows the locus of the output value calculated in the optimization process, ● is the output for the initial value, and the tip of the arrow is the final arrival point. FIG. 5 (A) is a diagram showing, in the form of a flowchart, a process obtained by improving a part of the optimization process executed in the embodiment of FIG. 3 (A) of the program inspection apparatus according to the present invention. FIG. 5B is a schematic diagram showing an example of the relationship between the input value range, the output value range, the calculation path, and the output value trajectory when the process of FIG. 5A is executed. FIG. In the figure, the arrow schematically shows the locus of the output value calculated in the optimization process, ● is the output for the initial value, and the tip of the arrow is the final arrival point. FIG. 6 shows an example of the relationship between the input value range, the output value range, the calculation path, and the output value trajectory when the optimization processing of the program checking device is executed when the processing according to the present invention is not executed. Is a diagram schematically showing in the form of a graph. In the figure, the arrow schematically shows the locus of the output value calculated in the optimization process, ● is the output for the initial value, and the tip of the arrow is the final arrival point.

DESCRIPTION OF SYMBOLS 1 ... Computer body 2 ... Computer terminal 3 ... Monitor 4 ... Keyboard, mouse (input device)

Outline of Apparatus The program inspection apparatus according to the present invention may be realized by the operation of a program in the computer apparatus 1 of the type normally used in this field (FIG. 1A). The computer apparatus 1 is equipped with a CPU, a storage device, and an input / output device (I / O) connected to each other by a bidirectional common bus in a normal manner, and the storage device is used in the calculation of the present invention. A memory storing each program for executing the arithmetic processing, and a work memory and a data memory used during the calculation. In addition, the display and output of instructions, calculation results, and other information to the computer device 1 by the practitioner are performed through the computer terminal device 2 connected to the computer device 1. The computer terminal device 2 is provided with a monitor 3 and an input device 4 such as a keyboard and a mouse in a normal manner. When each of the programs is started, the practitioner follows the procedure of each program. According to the above display, it is possible to perform various instructions and inputs to the computer apparatus 1 using the input device 4 and to visually check the calculation state and calculation result from the computer apparatus 1 on the monitor 3. Become. Note that the computer device 1 and the computer terminal device 2 may be equipped with other peripheral devices (not shown) (printer for outputting results, storage device for inputting / outputting calculation conditions and calculation result information, etc.). Should be understood. When various processes or operations described below are executed using the computer apparatus 1, programs necessary for the various processes or calculations are started in a normal manner, and the practitioner can connect the computer terminal apparatus 2 to the computer terminal apparatus 2. Then, in accordance with the input procedure prepared in the program, data necessary for calculation, calculation conditions at the time of calculation, and other various settings are input, and calculation is started. Then, during or after the execution of the calculation, the calculation result can be output through the computer terminal device 2 as appropriate.

  In the configuration for executing each process of the program inspection apparatus according to the present invention, specifically, as shown in FIG. 1B, it occurs in the program to be inspected (program to be inspected). A computation path detection unit that detects all of the computation paths to be obtained; a computation path storage unit that stores all of the detected computation paths; and an inspected computation path selection unit that selects one of the stored computation paths; A specified phenomenon objective function setting section for setting an objective function (a function for determining a range of a result output value by executing a program) of a phenomenon (designated phenomenon) for which occurrence / non-occurrence in the program to be inspected is determined. And an optimization processing unit that executes an optimization process, which will be described in detail later, in the calculation path and determines whether or not a specified phenomenon occurs in the calculation path. In the optimization processing unit, an initial input test pattern generation unit that generates an initial input test pattern that is input first in the optimization processing, and a result output value obtained in the course of the optimization processing and designation A modified input test pattern generation unit that generates an input test pattern that is modified to reduce the distance (robust value) from the range defined by the objective function of the phenomenon, and the program to be inspected is executed by inputting the generated test pattern Result output determination that determines whether the result output value is included in the range of the specified phenomenon by determining the distance between the program execution unit to be executed and the range of the result output value of the program execution unit determined by the objective function of the specified phenomenon Are provided. In addition, an intermediate calculation value monitor that monitors whether the calculation process is along the selected calculation path with reference to the calculation value (intermediate calculation value) in the middle of the calculation process of the program of the program execution unit May be provided (in the case of FIG. 5). It should be understood that each of these processing units is realized by arithmetic processing according to a program in the computer apparatus 1.

As described in the section “Inventory Summary” of the inspection process of the program to be inspected , when a conditional branch process (If statement etc.) is included in a certain program, the arithmetic processing by the program to be inspected is Depending on the conditions, the range of the result output values that are executed along any one of a plurality of different computation paths and calculated through the different computation paths are often discretely isolated from each other. For example, as shown in the program code of FIG. 2A, if a conditional branch depending on the states of P and Q is included, as shown in the data flow graph of FIG. There are three routes, route 1, route 2, and route 3, as the routes on which the program can be executed depending on the state of Q. In this case, the calculation results performed along each of the route 1, the route 2, and the route 3, that is, the values of the result outputs are the variables a, b, and c, respectively. The range of the resulting output value obtained when it changes can usually be a range of values discretely isolated from each other.

  On the other hand, the method of inspecting whether or not a specified phenomenon has occurred by the optimization process and detecting or generating a test pattern that generates the specified phenomenon typically has a substantial range of output values of the program to be inspected. It is assumed that the output value range of the program is a discrete value range. Therefore, if the program to be inspected has a range of output values that are discretely separated from each other, for example, by including conditional branch processing, the optimization processing started from a certain path alone will cause other The specified phenomenon lurking in the value range generated from the route is likely to be missed.

  This point will be described in more detail. In the method based on the optimization process, first, as shown in FIG. 3A, the presence / absence in the result output value of the program to be checked is checked. Designated phenomena to be specified, such as hunting, sudden changes in values (such as sudden changes in the amount of movement), deviations of values out of the specified range, etc. are designated, and the designated designated phenomena in the result output value are specified. The corresponding range is determined. Then, a test pattern to be input as an initial value to the program to be inspected is generated, the program is executed (typically by computer simulation), and a result output value for the initial value is calculated. The calculated result output value is fed back to the processing unit for executing the input test pattern generation, where a robust value (specifically, between the calculated result output value and the range corresponding to the specified phenomenon). (Distance between them or scalar quantity) is calculated. After that, the input test pattern is corrected so that the calculated robust value becomes small, the program using the corrected test pattern is executed, the result feedback of the output value, the calculation of the robust value, the test Each pattern correction process is executed repeatedly.

  According to the series of processes in the above optimization process, it is possible to finally detect or generate a test pattern in which the robust value is 0 or less or becomes the minimum. More specifically, for example, as illustrated in FIGS. 3C to 3E, the above-described optimum for the inspection of a program in which the output value corresponding to the specified phenomenon is the behavior of the line d in FIG. In the case of applying the conversion processing (at this stage, the input value of the solid line d in FIG. 3C which gives the behavior of the solid line d is unknown), as an arbitrary test pattern of FIG. When the input a is given, the behavior of the line a in FIG. 3D is output first, and thereby the robust value a in FIG. 3E is calculated. Next, the test pattern b is generated (correction of the test pattern a) and input to the program so that the robust value is smaller than the obtained value (value of a). ) Of the line b is obtained, and thereby the robust value b of FIG. 3E is calculated. When the test pattern generation and input for further reducing the robust value, the execution of the program, and the calculation of the robust value are repeated, as the input value is corrected from b → c → d, FIG. ) Line approaches b → c → d and behavior d, and therefore the robust value further changes from b → c → d, and finally the robust value becomes the minimum value d. In this process, if the robust value d is 0 or less, the behavior as the result output value coincides with the specified phenomenon, thereby detecting the occurrence of the specified phenomenon and the test pattern for giving it. Is generated. When the minimum robust value is larger than 0, the result output value does not reach the value range of the specified phenomenon, and it can be determined that the specified phenomenon does not occur in the program to be inspected.

  In the process of minimizing the robust value in the above optimization process, basically, as understood with reference to FIG. 3B or FIG. It is assumed that the robust value changes continuously, i.e., the resulting output value changes continuously, for a modification that changes to. That is, since the case where the result output value changes discretely is not taken into consideration, if the range of the result output value of the program to be inspected is divided into a plurality of discretely separated value ranges, for example, In the inspection program, if conditional branch processing is included and a plurality of operation paths can be executed, the optimization process searches for the existence of the specified phenomenon in only one of the plurality of operation paths. First, if a specified phenomenon exists in another value range in which the optimization process is started, the presence of the specified phenomenon is overlooked. For example, as illustrated in FIG. 6, in a program to be inspected that has calculation paths 1 to 4 and the range of output values of these paths is different for each path, the output value = 0 as a specified phenomenon. When the optimization process is executed using a value that causes the program to be inspected to perform an operation through the path 1 as an initial input value when it is attempted to determine whether or not there is a case where the specified phenomenon occurs. The presence / absence search is executed only within the range of the output value range of path 1, and as shown in the figure, the specified phenomenon (output value = 0) existing in the range of the output value of paths 2 and 3 and the test that gives them. A pattern (combination of input values) may not be detected (in the figure, the arrow indicating the history of output values calculated in the optimization process does not reach output value = 0). In this regard, usually, an optimization process using a test pattern selects an operation path with a high probability of being executed, and an operation is executed along the selected path. Therefore, an operation with a low probability of being executed is performed. In the route, even the search for the presence or absence of the specified phenomenon may not be executed.

  Therefore, in the present invention, the program to be inspected includes the conditional branch processing, and the program to be inspected also when the result output value changes continuously and when it changes discretely (when it has a hybrid structure). The program inspection technique is improved so that a specified phenomenon that can occur can be detected more reliably and an input value (test pattern) that gives the specified phenomenon can be detected or generated. In the specific method, in short, in the program to be inspected, all detections of possible computation paths are first executed. Then, an optimization process for detecting the specified phenomenon is executed for each detected computation path. For example, in the case of a program including the conditional branch processing illustrated in FIGS. 2A and 2B, first, as illustrated in FIG. 3 are detected and stored, respectively. Then, one of the stored computation paths is sequentially selected, for example, the path 1 is selected, and an initial value of an input test pattern for executing the computation along the path is searched, and the initial value The optimization process is executed using the value, and the search for the occurrence of the specified phenomenon is performed. Such a series of processing may be executed for all of the computation paths that can occur, but if the specified phenomenon is a malfunction phenomenon, if one is found, it is determined that the program to be inspected should be corrected. In this case, if a specified phenomenon is detected in the process of executing optimization processing for each computation path one by one, the program to be inspected is determined as needing correction at that point and optimized. The search for the occurrence of the specified phenomenon due to the processing may be terminated.

With reference to the flow diagram of the inspection processing program 4 (A), it is In one embodiment of the inspection process of the program according to the present invention, first, specified phenomenon occurrence or non-occurrence at the inspection program is tested The range of the result output value corresponding to is set (step 10: designated phenomenon objective function setting unit). The range of the output value as a result of such a specified phenomenon is typically defined by a function, and the function is referred to as an “objective function” in the present embodiment. Next, in the program to be inspected, all possible computation paths are detected, and a set of data such as information specifying each computation path, for example, a condition parameter in each of the conditional branch processes, is obtained. (Step 20: calculation path detection unit, calculation path storage unit). Computational path detection may be accomplished using any or existing ATG tool. Note that information specifying each computation path is stored in a memory defined by the inspection program, and this memory is referred to as a “queue” in the present embodiment.

  Thus, when the detection and storage of information about each computation path in the program to be inspected is completed, computation paths are selected one by one from the group of computation paths stored in the queue, and optimization processing is executed. . Specifically, it is first determined whether or not there is a computation path in the queue that has not been subjected to the optimization process (whether or not the queue is empty?) (Step 30). When there is an operation path that has not been processed, one operation path is selected from the queue as the operation path to be inspected (step 40: inspected operation path selection unit), and passes through the inspected operation path. A search for an input value (test pattern) for executing a calculation along the inspection calculation path is executed (step 50: initial input test pattern generation unit). This test pattern search may be accomplished, for example, using any or existing SAT solver. At this stage, if there is no input value for executing the computation along the computation route to be inspected (step 60: initial input test pattern generation unit), another computation route stored in the queue is selected. Steps 30 to 50 are repeated. On the other hand, when there is an input value for executing an operation along the inspection operation path, the input value is used as an initial value, and a search for occurrence of a specified phenomenon by an optimization process by executing a program is executed. (Step 70). In the optimization process, as described above, test pattern input, program execution and result output value calculation (program execution unit), robust value calculation and determination of whether or not the robust value is the minimum value (result) The output determination unit) and the test pattern correction (corrected input test pattern generation unit) are repeatedly executed until the robust value reaches the minimum value (optimization processing unit). If the specified phenomenon is not detected, it is determined that the specified phenomenon has not occurred in the inspected computation path (step 80), and the optimization process remaining in the queue is not executed. Steps 30 to 80 are executed for another calculation path. On the other hand, when a specified phenomenon is detected, the test pattern at that time is recorded as a test pattern that generates the specified phenomenon. In the example shown in the figure, the process is terminated when even one specified phenomenon is detected. However, until all the calculation paths stored in the queue are emptied, all the calculation paths are specified. The presence or absence of the phenomenon may be inspected.

  According to the above processing, even if a specified phenomenon is not detected in a certain calculation path, a search for occurrence of the specified phenomenon is executed in another calculation path. For example, as illustrated in FIG. 4B, the presence / absence of the specified phenomenon (output value = 0) in the program to be inspected having the operation paths 1 to 4 described with reference to FIG. 6 is checked. In the case of the above, even if the specified phenomenon is not found by executing the optimization process using the value that executes the operation through the path 1 as the initial input value, the occurrence of the specified phenomenon in each of the paths 2, 3, and 4 Therefore, the designated phenomenon that can be reached by the routes 2 and 3 can be detected. (In the figure, the arrows indicate the history of output values calculated in the optimization process.)

Modification Example of Optimization Process By the way, referring to the parts of paths 4 and 3 in FIG. 4B, when the optimization process is executed in a certain computation path, depending on the conditions, the computation The process flow may transition to another route. In this case, if the specified phenomenon may occur in the first route (route 4 in the figure), but the transition is made to another route before the robust value becomes zero, There may be cases where a specified phenomenon in a route is missed. Therefore, in the optimization process of FIG. 4A, the calculation value (intermediate calculation value) in the middle of the calculation process of the program is referred to and monitoring whether the calculation process is along the selected calculation path or not. The process to perform may be performed. Specifically, referring to FIG. 5A, after starting the optimization process in step 70 of FIG. 4A (step 71), the intermediate calculation value is referred to in a timely manner (step 73). It is determined whether or not the intermediate calculation value is a value that can be calculated in the currently selected calculation path (step 75: intermediate calculation value monitoring unit). Specifically, when the intermediate calculation value is in an expected value range in the currently selected operation path, it is determined that the operation being executed passes through the selected operation path. Good. If it is determined that the operation being executed passes through the selected operation path, the operation is continued as it is (step 77).

  On the other hand, when it is determined that the operation being executed does not pass through the selected operation path, the objective function is changed so that the operation passes through the selected operation path more reliably (step 79). ), The computation may be resumed. For example, the objective function is changed such that the value range given by the objective function is close to the result output value obtained by the initial value in the optimization process. According to the change of the objective function, the transition between the paths of the operations to be executed is suppressed in the process until the robust value reaches the minimum value, and as a result, the optimization process can be concentrated on the selected calculation path. It becomes. For example, as shown in FIG. 5B, in the case of checking whether or not there is a specified phenomenon (output value = 0) in the program to be inspected having the operation paths 1 to 4 described in relation to FIG. The possibility of the transition from the path 4 to the path 3 occurring in the case of FIG. 4B is reduced, and the search for the occurrence of the specified phenomenon by the optimization process is separately performed for the paths 3 and 4 respectively. Will be executed.

  Thus, according to the present invention described above, even for a program that includes conditional branch processing and has a plurality of discretely separated result output value ranges, a comprehensive search for the occurrence of a specified phenomenon and the specified phenomenon are performed. It is possible to detect or generate a given test pattern. Since the program inspection of the present invention is basically automatically executed by a computer, it is expected that the number of development steps of the program will be reduced and the program and control quality will be further improved. Typically, a failure phenomenon is selected as the specified phenomenon, but it should be understood that the above-described apparatus according to the present invention can be used for searching for the occurrence of a specified phenomenon other than the failure phenomenon. . The program inspection apparatus of the present invention can be advantageously used for the inspection of the presence or absence of a malfunction phenomenon in a control program for an apparatus or machine tool.

  Although the above description has been made in relation to the embodiment of the present invention, many modifications and changes can be easily made by those skilled in the art, and the present invention is limited to the embodiment exemplified above. It will be apparent that the invention is not limited and applies to various devices without departing from the inventive concept.

Claims (1)

A device for inspecting the occurrence of a specified phenomenon in the operation of a program,
A calculation path storage means for detecting all of the calculation paths that can occur in the execution of the program and storing all of the detected calculation paths;
Calculation path selection means for selecting one of all of the stored calculation paths;
Input generation means for generating an input value for executing the selected one computation path;
Optimization processing means for executing optimization processing of the program in the selected one computation path using the generated input value as an initial input value;
Whether the result output value of the program obtained by executing the optimization process is included in the specified phenomenon result output value range that is the range of the result output value calculated by executing the program corresponding to the occurrence of the specified phenomenon A result output value determination means for determining whether or not,
And the result output value is the specified phenomenon when the distance from the result output value of the program obtained by execution of the optimization process by the optimization processing unit to the specified phenomenon result output value range is minimized. When there is a computation path that is not included in the result output value range and is not yet selected among all of the stored computation paths, one of the computation paths is selected by the computation path selection means, and the newly selected one is selected. The selected computation path is used as the selected computation path, the generation of the input value by the input generation means, the optimization process by the optimization processing means, and the determination by the result output value determination means A device that repeatedly executes

Images