EP1200894A1 - Procede et dispositif permettant d'obtenir une description d'erreur totale au moins d'une partie d'un programme d'ordinateur ainsi que produit programme informatique et support d'enregistrement lisible par un ordinateur - Google Patents

Procede et dispositif permettant d'obtenir une description d'erreur totale au moins d'une partie d'un programme d'ordinateur ainsi que produit programme informatique et support d'enregistrement lisible par un ordinateur

Info

Publication number
EP1200894A1
EP1200894A1 EP00929272A EP00929272A EP1200894A1 EP 1200894 A1 EP1200894 A1 EP 1200894A1 EP 00929272 A EP00929272 A EP 00929272A EP 00929272 A EP00929272 A EP 00929272A EP 1200894 A1 EP1200894 A1 EP 1200894A1
Authority
EP
European Patent Office
Prior art keywords
int
error
description
slicec
iterator
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP00929272A
Other languages
German (de)
English (en)
Inventor
Peter Liggesmeyer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Publication of EP1200894A1 publication Critical patent/EP1200894A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3604Software analysis for verifying properties of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/008Reliability or availability analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0796Safety measures, i.e. ensuring safe condition in the event of error, e.g. for controlling element

Definitions

  • the invention relates to a method and an arrangement for determining an overall error description of at least part of a computer program as well as a computer product and a computer-readable storage medium.
  • a control flow description in the form of a control flow graph is determined for the computer program.
  • an element error description is determined using a stored error description, which is assigned to a stored reference element.
  • the error description of a reference element describes possible errors of the respective reference element.
  • the overall error description is determined from the element error descriptions in the form of element error trees, taking into account the control flow graph for the computer program.
  • the method and the arrangement from [1] have the following disadvantages in particular.
  • the overall fault tree determined is incomplete with regard to the faults examined and their causes and is therefore unreliable. Thus, this procedure cannot be used sensibly for safety-critical applications in the context of fault tree generation for a computer program.
  • Slicing corresponds to the analysis that is carried out when searching for the cause of a malfunction of a computer program. This procedure checks whether the misconduct was caused by an instruction that is currently being viewed. If this is not the case, the statements that supply data for the statement or control its execution are checked. This process continues until no more processes exist, that is, input data of the computer program are reached. So-called slices are determined during slicing. A slice is used to show which instructions are influenced in which way by a value under consideration. In the following, the term slicing is always understood to mean backward slicing.
  • the invention is based on the problem of determining an overall fault description which is more reliable than a determination of an overall fault tree known according to the method from [1].
  • a method for determining an overall error description of at least part of a computer program by a computer at least the part of the computer program is stored.
  • a control flow description and a data flow description for the part of the computer program are determined and program elements are selected from the part of the computer program.
  • An element error description is determined for each selected program element using a stored error description.
  • the error description is assigned to a reference element.
  • the element error description describes possible errors of the respective program element.
  • An error description of a reference element describes possible errors of the respective reference element.
  • the overall error description is determined from the element error descriptions taking into account the control flow description and the data flow description.
  • An arrangement for determining an overall fault description of at least part of a computer program has a processor which is set up in such a way that the following method steps can be carried out: at least the part of the computer program is stored,
  • control flow description and a data flow description are determined for the part of the computer program
  • an element error description is determined using a stored error description, which is assigned to a reference element, with which possible errors of the respective program element are described,
  • the total error description is determined from the element error descriptions taking into account the control flow description and the data flow description.
  • a computer program product comprises a computer readable storage medium on which a program is stored that enables a computer after it has been stored in a memory of the
  • At least the part of the computer program is stored, a control flow description and a data flow description for the part of the computer program are determined,
  • Program elements are selected from the part of the computer program, - For each selected program element, an element error is used using a stored error description, which is assigned to a reference element. ler description determined with which possible errors of the respective program element are described,
  • an error description of a reference element describes possible errors of the respective reference element
  • the overall error description is determined taking into account the control flow description and the data flow description.
  • a program is stored on a computer-readable storage medium, which enables a computer, after it has been loaded into a memory of the computer, to carry out the following steps to determine an overall error description of at least part of a computer program: At least the part of the computer program is stored,
  • control flow description and a data flow description are determined for the part of the computer program
  • an element error description is determined using a stored error description, which is assigned to a reference element, with which possible errors of the respective program element are described,
  • the total error description is determined from the element error descriptions taking into account the control flow description and the data flow description.
  • the invention now makes it possible to determine a reliable overall error description for a computer program or a part thereof, taking into account the peculiarities of a computer program. Since the determined overall fault description is much more reliable than that according to The method can be determined from [1] overall error description, the invention is also suitable for security-critical applications, ie in particular for determining an overall error description of a security-critical computer program.
  • control flow description and / or the data flow description can be in the form of a control flow graph or a data flow graph.
  • the error description can be in the form of a stored error tree and the element error description can be determined as an element error tree.
  • the overall error description can be determined as an overall error tree.
  • the overall error description can be used in a further development for error analysis of the part of the computer program.
  • the overall error description is determined as an overall error tree and the overall error tree is changed with regard to predefinable framework conditions.
  • the change can be made by adding a supplementary fault tree.
  • FIG. 1 shows a computer with which the method according to the embodiment is carried out;
  • FIG. 2 shows a flow chart in which the individual method steps of the method according to the exemplary embodiment are shown;
  • FIG. 3 shows a general fault tree, as it is principally formed for a reference element; 4a to 4c a control flow graph (FIG. 4a), a slice (FIG. 4b) and a fault tree (FIG. 4c) for an instruction sequence as a reference element of a computer program;
  • FIG. 5a to 5c a control flow graph (FIG. 5a), a slice (FIG. 5b) and an error tree (FIG. 5c) for a selection sequence as a reference element of a computer program; 6a to 6c a control flow graph (FIG. 6a), a slice (FIG. 6b) and an error tree (FIG. 6c) for a loop as a reference element of a computer program;
  • FIG. 7 shows a control flow graph with a data flow graph for a computer program according to the exemplary embodiment
  • Figures 8a and 8b a slice of the output of the variable max
  • FIG. 8a or a slice for the variable avr (FIG. 8b) for the program according to the exemplary embodiment
  • FIG. 9 shows the slice for the variable avr, in which a structure of the loop is highlighted from the program of the exemplary embodiment
  • FIG. 10 shows an error tree for the assumption that the variable avr is incorrect
  • FIG. 11 shows the overall fault construction according to FIG. 10, redundant events from the overall fault tree according to FIG. 10 having been combined into one event.
  • Fig.l shows a computer 100 with which the method described below is carried out.
  • the computer 100 has a processor 101 which is connected to a memory 102 via a bus 103.
  • An input / output interface 106 is also connected to the bus 103.
  • a computer program 104 is stored in the memory 102, for which an overall error description is determined in the manner described below.
  • a program 105 is also stored in the memory 102, by means of which the method described below is implemented.
  • error descriptions 115 are different in the memory
  • Reference elements of a computer program saved.
  • An error description of a reference element describes possible errors of the respective reference element.
  • Various reference elements and error descriptions assigned to the reference elements are explained in detail below.
  • a keyboard 108 is connected to the input / output interface 106 via a first connection 107.
  • the input / output interface 106 is connected to a computer mouse 110 via a second connection 109, and the input / output interface 106 is connected to a screen 112 via a third connection 111, on which the determined overall error description of the computer program 104 is displayed.
  • Output cut parts 106 connected to an external storage medium 114. 2 shows in a block diagram the procedure according to the exemplary embodiment described below.
  • a control flow graph 201 and a data flow graph 202 for the computer program 104 are determined from the stored computer program 104.
  • Individual program elements are selected from the computer program (step 203). For each selected program element, an element error description is determined using a stored error description that is assigned to a reference element corresponding to the selected program element (step 204). The element error description describes possible errors of the selected program element.
  • an overall error description of the computer program for the error case to be examined is determined from the element error descriptions, taking into account the control flow graph and the data flow graph .
  • the determined overall fault tree is displayed to the user on the screen 112.
  • FIG 3 shows the basic procedure for creating an error tree, as was used in the context of the starting example, to form the error trees described below for the reference elements.
  • an erroneous output of a variable can be a selected erroneous event (undesirable event) 301 are caused by a control flow error 303 and / or a data error 304 (INCLUSIVE-OR link 302).
  • a control flow error 303 is to be understood as an incorrect control of the processing of the respective variables.
  • the data flow error 304 is to be understood as an error that arises from incorrect data during processing.
  • the data flow error 304 can arise again in the processing step currently under consideration (block 306) and / or it can already have been present and can only be retained by error propagation (block 307) (INCLUSIVE-OR link 305).
  • the fault tree 420 shown in FIG. C results for the following predetermined undesired event 421:
  • the faulty event 421 may have been generated by an error in the considered third instruction 404 even with data correct up to this instruction step (element 422 in FIG. 4c).
  • the erroneous event 421 can also be caused by corrupted input data of the third instruction, i.e. by INCLUSIVE-ORing 424 the events that the second variable k after the second
  • FIGS. 5 a to 5 c there is a control flow graph 501 (see FIG. 5 a), a slice 520 (see FIG. 5 b) and an error tree 540 (see Fig. 5c) for an If-Then-Else statement as a selection element.
  • a third instruction 504 in which it is checked whether the second variable k has a value greater than 0; if the value of the second variable is greater than 0, the instruction branches to a fourth instruction 505, otherwise to a fifth instruction 506,
  • the control flow graph 501 shown in FIG. 5 a results in the slice 520 shown in FIG. 5 b for the selection element.
  • Solid edges in the slice 520 represent a data dependency of the different instructions from one another.
  • Control dependencies of the corresponding instructions from one another are indicated with dashed edges.
  • control edges are directed from instructions which contain a predictive reference (failure constructs, loop control) to the instructions which are directly controlled, ie to those instructions which are only executed if the predicate has a certain value.
  • Control edges are only drawn between the control instruction and immediately nested instructions. If another control level is nested in a controlled block, no control edges are drawn that cover more than one level. Since a control relationship is transitive, this indirect control can be inferred from the slice by using transitivity.
  • - Solid edges hereinafter referred to as data flow edges, are directed from instructions in which a variable is defined to instructions in which this variable is referenced. The considered variable must not be redefined between the definition and the reference. This is known as the path free of definition with regard to the variables under consideration.
  • the slice is determined by searching the control flow graph against the edge direction for the definition of the variables under consideration, based on the instruction with the variables under consideration, for which the undesired event is specified. If there are computational references to the definition, the process continues recursively until no additional nodes are found.
  • the dependencies between statements found in this way are data dependencies. If a node under consideration is in a block, the execution of which is directly controlled by a decision, this represents a control dependency. For the predictive references of the variables involved in the decision, nodes with corresponding definitions - that is, data flow dependencies - are recursively searched for have further control dependencies.
  • 5b shows the slice 520 belonging to the failure element with corresponding control edges and data flow edges.
  • 5c shows the error tree 540 for the specified event "the third variable i is faulty before the 6th instruction" 541.
  • a multiple selection element as a reference element can be treated according to the above-described scheme by breaking the multiple selection into a cascade of two-sided selection elements which are processed in accordance with the above procedure, in order thus to determine an error tree for a multiple selection element.
  • FIGS. 6 a to 6 c show an error tree 601 (see FIG. 6 a), the corresponding slice 620 (see FIG. 6 b) and the associated error tree 640 (see FIG. 6 c) for the reference element of a loop.
  • the control flow graph 601 for a loop element has the following seven instructions:
  • a fourth instruction 605 which specifies as a loop instruction a condition that a fifth instruction and a sixth instruction are carried out as long as the value of the second variable is j> 0 (WHILE j> 0 DO),
  • FIG. 6b shows the corresponding slice 620 for the control flow graph 601 shown in FIG. 6a with associated control flow edges and data flow edges.
  • the fault tree 640 shown in FIG. 6c is formed for the predetermined event 641 that the "first variable i before the seventh instruction is faulty".
  • the error tree 640 results from the INCLUSIVE-OR link 642 of the following four events:
  • Loop body has been run through at least twice (element 645) and the event that the sixth instruction 607 is incorrect (646),
  • error trees described above which are assigned to the individual reference elements, are stored in the memory 102 as error trees 115.
  • 7 shows a control flow graph 700 for the following computer program:
  • FIG. 8a shows the associated slice 800 for the variable max
  • FIG. 8b shows the associated slice 810 for the variable avr .
  • the numbering of the individual instructions in the slices corresponds to the numbering of the individual instructions in the control flow graph 700 from FIG. 7.
  • FIG. 9 shows the slice 900 for the variable avr, as shown in FIG. 8b.
  • the structure of the loop element contained in the program shown above is highlighted in bold. This structure corresponds to the slice shown in FIG. 6b for a loop element.
  • An overall fault tree 1000 for the computer program shown above is shown in FIG.
  • the overall fault tree for the computer program is generated by instantiating the corresponding fault tree that is assigned to the reference element that corresponds to the selected program element. By proceeding backwards starting from the predetermined undesired event, the overall error tree 1000 is thus determined using the error trees assigned to the reference elements.
  • the fault tree 1000 is related to the event that "the variable avr is faulty before the thirteenth instruction" (element 1001).
  • the variable avr may be incorrect before the thirteenth instruction 13 due to at least one of the following three events, as is also shown in the slice 900 for the variable avr shown in FIG. 9 (INCLUSIVE-OR operation 1002):
  • variable sum is faulty before the eleventh instruction 11 (element 1005) if at least one of the following events is fulfilled (INCLUSIVE-OR link 1006):
  • variable sum is incorrect after the fourth statement 4 (element 1007)
  • the error tree 1000 from FIG. 10 is changed so that events that are shown several times in the error tree 1000 are combined to form a node of a cause and effect graph 1100 (see FIG. 11).
  • a fault tree analysis method as described in [5] is applied to the fault tree 1000 shown in FIG. 10, as a result of which an analysis of the computer program with regard to a predetermined undesired event is analyzed.
  • the overall fault tree generated with the method described above can be used for various purposes:
  • KFGListNode.h "usmg namespace std; class GraphNodeC: public
  • KFGListC SL 2 void sliceForLoops (KFGListC SL 2 , KFGListC:: iterator LOOPIT); KFGListC:: iterator defineVariableToSlice (KFGListC SL 2 );
  • KFGListC:: iterator findUpperLimit KFGListC s Ll, KFGListC:: iterator ITER, KFGP UseListC:: iterator PUSEIT);
  • KFGListC:: iterator fmdLowerLimit (KFGListC & Ll, KFGListC:: iterator ITER, KFGListC :: iterator UPPERLIMIT);
  • KFGListC:: iterator findLowerLimitFromCUse KFGListC S Ll, KFGListC: -.iterator ITER, KFGListC:: iterator UPPERLIMIT
  • KFGListC:: iterator findUpperLimitFromCUse KFGListC S Ll, KFGListC:: iterator ITER
  • KFGUseListC iterator USEIT); int checkForNodes (int NodeNumber); void KFKPUseToCUse (KFGListC:: ⁇ terator PUSEIT, int LoopEnd); void fmdDefToCUse (KFGListC S Ll, KFGListC:: iterator ITER); void deflnLooplKFGListC S Ll, KFGListC:: iterator ITER); void startBuildSlice (KFGListC S Ll); void sliceExpendl); );
  • template ⁇ class corner type, class edge type> void graph ⁇ corner type, edge type>:: verbindeEcken (int posl, int pos2, const edge type value) (
  • MILES.DAT (128 knots).
  • the stack depth corresponds to the number of edges
  • KFGListC public l ⁇ st ⁇ KFGL ⁇ stNodeC> (int number_defs, number_Uses, number_P_Uses, number of declarations; int loop decisions, decisions, counting loop decisions; int instructions; publlc: KFGListC () ( ⁇ ; void TokenL ⁇ st2KFn); node (S) void node identifier (KFGListC:: iterator KFG); void list output!); void addLmelnToList (); void addL ⁇ neToKFG (KFGProgL ⁇ stC S LP); int count declarations (KFGTokenL ⁇ stC S TL); void base size file ();
  • class KFGDefListC public list ⁇ KFGDefC> ( ⁇ ; class KFGUseListC: public reads ⁇ KFGUseC> ( ⁇ ; class KFGP_UseL ⁇ stC: public reads ⁇ KFGUseC> ( ⁇ ;
  • KFGListNodeCO (strcpy (Statement, "- unknown -");
  • NodeNr Dummy myNodeNr ++
  • KFGL ⁇ stNodeC (char _Statement [], KFGNodeTypeT _KFGNodeType) strcpy (statement, _Statement);
  • NodeNr Dummy myNodeNr ++
  • KFGL ⁇ stNodeC (char _Statement [], KFGNodeTypeT _KFGNodeType, int _Level)
  • NodeNr Dummy myNodeNr ++
  • Node number 0; Node identifier - NONE;
  • NodeNr Dummy myNodeNr ++
  • LineNr LineNr; strcpy (CodeLine, "—unknown—”); ⁇ ; from the setStatement (char _Statement []) strcpy (Statement, _Statement); ⁇ ; void setCodeL e (char _CodeL ⁇ ne []) strcpy (CodeLine, _CodeL ⁇ ne); ⁇ ; void setKFGKnoten endeavor (int _KnotenNr)
  • Node ID _ node ID; ⁇ ; int getNodeNumber () (return NodeNumber; ⁇ ; char * getStatement!) (return Statement; ⁇ ; char * getCodeL e () (return CodeLme; ⁇ ; int getLevel () (return Level; ⁇ ; int getNodeNrl) (return NodeNr; ⁇ ; int getL ⁇ neNr () (return LineNr; ⁇ ;
  • NodeC creates " « endl; * / ⁇ ;
  • ScopeLevel 0; ); KFGNodeCIchar _Name [], int _ScopeLevel)
  • NodeC creates " « endl; * / ⁇ ;
  • KFGLlstNodeC (char _Name []) (strcpy (Name, _Name);
  • ScopeLevel 0; ⁇ ; KFGLlstNodeC (char _Name [], int _ScopeLevel)
  • NodeC creates " « endl; * / ⁇ ;
  • ScopeLevel 0; ); KFGLlstNodeC (char _Name [], int _ScopeLevel)
  • KFGListeC inherits all properties // from the list created with STL ⁇ KFGNodeC>.
  • «Lfdef _KFGProgL ⁇ stHeader (quietly « define _KFGProgListHeader ffinclude ⁇ str ⁇ ng> ffinclude ⁇ ostream> ffinclude ⁇ std ⁇ o.h> flinclude ⁇ l ⁇ st> ffinclude ⁇ fstream> ffinclude ⁇ terator> namfinespodehsting using KFNclodGlist using the class; using the FinNodeGlist; KFNclingGlist using the name; using the FinNodeGlead; KFNclodGlist using the "; KFGL ⁇ neNodeC> (public:
  • KFGProgListC (); // void KFGListeAusgabel);
  • KFGTokenListC public reads ⁇ KFGTokenNodeC> (public:
  • KFGTokenListC ( ⁇ ; Void KFGListeAusgabel);
  • KFGTokenNodeC (char _Name [], int _ScopeLevel, TokenNodeTypeT TokenNodeType)
  • ScopeLevel _ScopeLevel
  • KFGTokenNodeC (char _Name [], t _ScopeLevel, TokenNodeTypeT _TokenNodeType, int LineNumber)
  • KFGUseC (strcpy (Use, "- unknown -");
  • ScopeLevelU 0; );
  • KFGUseC (char _Use [], int _ScopeLevelU) (strcpy (Use, _Use);
  • H include "AS Slice. H” using namespace std; class uwggraphC: public graph ⁇ uwgknotenC, uwgkanteC> (public:
  • SliceC iterator definelterator (SliceC S Sl, mt SliceNr); void addFirstNodesToFTISliceC s Sl, int NodeNo, int Posl);
  • SliceC iterator returnCondNode (SliceC S Sl, mt SliceNr); mt checkUWGNode ( ⁇ nt SliceNr); void Slice SliceC S Sl) t void startBuildFT (SliceC S Sl); void buildInLoopTree (SliceC S Sl, int Posl, SliceC:: iterator SLPUSE, SliceC:: iterator SLNODE); void bu ⁇ ldIn_Dl_Part (SliceC S Sl, int posOR_Dl, SliceC:: iterator SLPUSE, SliceC:: iterator SLNODE, int D2_RefNr); SliceC:: ⁇ terator f dOutmostPUse (SliceC S Sl, SliceC:: iterator SLPUSE); int checkPUsesl (SliceC Sl, SliceC:: iterator SLPUSE, SliceC:: iterator SLPUSEREF);
  • SliceC:: iterator f ⁇ nd_Dl_Node (SliceC S Sl, SliceC:: iterator SLPUSE, SliceC:: ⁇ terator SLNODE); void addAllDlNodes (SliceC S Sl, SliceC:: iterator SLNODE, int posGatter, int D2_RefNr);
  • SliceC :: ⁇ terator findLastPUse (SliceC S Sl, int SliceNr);
  • SliceC:: iterator fmdLastPUse2 (SliceC S Sl, int SliceNr, mt RefNr); void checkLoopOrCondl SliceC S Sl, SliceC:: ⁇ terator SLl, SliceC:: ⁇ terator SLORIG, int Posil); void buildIn_D2_Part (SliceC S Sl, int posOR_D2, SliceC:: iterator SLl, SliceC:: iterator SLPUSE, int nodeNoD2); int f ⁇ ndD2Node (SliceC S Sl, SliceC:: iterator PUSE); t buildlnlfTree (SliceC s Sl, SliceC:: ⁇ terator SLIF, SliceC:: iterator SLORIG, int posl);
  • SliceC:: iterator lookForNextPUse (SliceC S Sl, SliceC:: ⁇ terator SNODE, SliceC:: iterator SLPUSE); void bu ⁇ ld_IFKF_Part (SliceC Sl, t posKFOR, SliceC:: iterator SLPUSE); void build_Al_Part (SliceC Sl, int posIFDFOR, SliceC:: iterator SLIF, SliceC:: iterator SLORIG); void bu ⁇ ldD2_IFKF_Part (SliceC Sl, int posKFOR, SliceC:: iterator SLPUSE); void bu ⁇ ldD2_Al_Part (SliceC Sl, int posIFDFOR, SliceC:: iterator SLIF, SliceC:: ⁇ terator SLNODE); int bu ⁇ ldD2InIfTree (SliceC S Sl, SliceC:::: it
  • Gatterldent DummyNr ++; ⁇ ; uwgknotenC (NodeldentT _NodeIdent)
  • Gatterldent DummyNr ++; ); uwgknotenC (NodeldentT _NodeIdent, t _CauseNr / *, char _gattertext [] * / )
  • CauseNr CauseNr; strepyl gate text, "- unknown -”); strepyl gate remark, "—none—”); / * strcpy (gattertext, _gattertext); * /
  • VARDEFI L2.beginl
  • HLevel LOOPIT-> getLevel ();
  • (HELPLOOP-> getLevel ⁇ )! Akt- Level)) ⁇
  • HELPIT HELPLOOP
  • (HELPLOOP-> getLevel () ' HELPIF-> getLevel ())) (
  • KFGListC :: iterator HELPDEF ITER
  • KFGListC :: iterator HELPLOOP ITER
  • HELPLOOP HELPIT; if (HELPIT-> getLevel ()> 2) (
  • HELPIT ⁇ HELPLOOP
  • KFGListC:: iterator HELPIT ITER;
  • KFGListC:: iterator HELPLOOP ITER;
  • KFGListC:: iterator LOWERLIMIT ITER;
  • HELPLOOP HELPIT; if (HELPIT-> getLevel ()> 2) (
  • AktLevel UPPERLIMIT-> getLevel (); while
  • LOWERLIMIT HELPLOOP; ⁇ return LOWERLIMIT;
  • KFGUseLi ⁇ tC iterator USEIT
  • KFGPJJseListC iterator PUSEIT2
  • KFGUseListC iterator CUSEIT2; int node level; int node number;
  • UPPERLIMIT findUpperLimitFromCUse (Ll, ITER, USEIT1); HELPIT - findLowerLimitFromCUse (Ll, ITER, UPPERLIMIT); UPPERLIMIT—;
  • KFGListC :: iterator HELPIT ITER;
  • KFGListC :: iterator HELPLOOP ITER;
  • KFGListC:: iterator LOWERLIMIT ITER;
  • HELPIT HELPLOOP; // iterator points to the end of the outermost
  • HELPIT—; ⁇ if (HELPIT-> getNodeNr () ⁇ UPPERLIMIT-> getNodeNr ()) (LOWERLIMIT HELPLOOP; // upper limit outside the outermost loop;
  • LOWERLIMIT HELPLOOP; // upper limit in the same outer loop, but ⁇ // inside a different loop before the c-use; ice (
  • LOWERLIMIT HELPLOOP; // upper limit in a lower loop than the c-use; ⁇
  • KFGListC:: iterator HELPDEF ITERl
  • KFGListC:: iterator HELPLOOP ITERl
  • KFGListC:: iterator HELPIT ITERl
  • KFGListC:: iterator HELPIF ITERl
  • KFGDefListC iterator DEFIT
  • AktLevel ITERl-> getLevel ();
  • HELPDEF HELPDEFRETURN
  • HELPDEFRETURN HELPDEF
  • KFGListC TokenL ⁇ st2KFGL ⁇ st (KFGTokenListC S Ll) (int dummy;
  • KFGP_UseL ⁇ stC iterator P_USEI
  • KFGUseC hUsel (TLI-> getName (), TLI-> getScopeLevel ());
  • P_USEI f ⁇ nd (HNl. P_Uses.beginl), hNl. P_Uses.end (), hUsel);
  • push_front (hNl); ⁇ break; case DO: push_front (KFGL ⁇ stNodeC ("DOWHILELOOP", DOWL, TLI-> getScopeLevel ())); TLI -;
  • HLevel TLI-> getScopeLevel (); push_front (KFGLlstNodeC ("ENDLOOP", EL, LI-> getScopeLevel ()));
  • KFGLlstNodeC hNl ("NORMAL", NO, TLI-> getScopeLevel (), TLI-> getLmeNumber ()); hNl.Defs.push_back (KFGDefC (TLI-> getName (), TLI-> getScopeLevel ()));
  • Number_defs ++ if (TLI-> getTokenNodeType () - N) (helpNodel.Defs.pop_front (); number_defs—; // in this case it is an array and
  • KFGUseC hUse2 (TLI-> getName (), TLI-> getScopeLevel ());
  • helpNodel Defs .push_back (KFGDefC (TLI-> getName (), TLI-> getScopeLevel ())); push_front (helpNodel);
  • helpNodel > getL ⁇ neNumber ()); helpNodel .Uses. push_back (KFGUseC (TLI-> getName (), TLI-> getScopeLevel ())); push_front (helpNodel);
  • PROG1—; dummy 1; ) else ⁇ PROG1—;
  • Target «" STOP " « endl «endl; Target «" BASIC SIZES: “« endl; Target «" Number of empty branches: “ « “0” «endl; Target «" Number of decisions: “ « Decisions «final;
  • Target « Number of atomic predicates, which are arithmetic relations: " « “0” «endl; Target «" Number of loop decisions: " « Loop decisions «endl;
  • Target «" Number of non-nested loop decisions: “« “0” «endl; Target «" number of counting loop decisions: “ « counting loop decisions «endl;
  • Target «" Number of declarations of structured data types: “ « “0” «endl; Target «" Number of declarations: “« Number_declarations «endl;
  • Target «" Number of real element declarations: “ « “0” «endl; Target «" number of base type declarations: “« number_declarations «endl; Target «" number of defs: “« number_defs «endl; Target «" Number of Uses: “ « Number_Uses «endl; Target «" Number of P-Uses: “ « Number_P_Uses «endl» endl; base size file (); ⁇ void KFGListC:: bas ⁇ sgroessenIn voyage () (ofstream file ("Basisgroessen.bgd”, ⁇ os :: out); file «" 0 "« endl; file «decisions « endl; file «instructions « endl; file «decisions « endl; file «decisions« endl; file «" 0 "« endl; file «loop decisions « endl; file «" 0 " « endl; file «counting loop decisions « endl; file «" 0 " « endl; file «number_declarations
  • KFGTokenList.h D void KFGTokenListC:: KFGL ⁇ steAusgabe () (D ofstream destination ("CFGTokenList”); D ostream_ ⁇ terator ⁇ KFGTokenNodeC> oPos (Z ⁇ el, " ⁇ n");
  • KFGTokenNode.h include ⁇ ostream> ostreamS Operator «(ostreamS os, const KFGTokenNodeCS Node) (os « Node.Name «" "« Node. ScopeLevel «” "« Node. TokenNodeType «” «Node. IneNumber « endl; return os;
  • KFGProgList .h " include ⁇ ostream> static void usagelchar * progname); int maindnt arge, char * argv

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Stored Programmes (AREA)
  • Debugging And Monitoring (AREA)

Abstract

On détermine à partir d'une partie du programme d'ordinateur une description de flux de commande et une description de flux de données et on sélectionne dans cette partie du programme d'ordinateur des éléments programme. Pour chaque élément de programme sélectionné, on détermine une description des erreurs sur les éléments en utilisant une description des erreurs mémorisée qui est respectivement associée à un élément de référence. Cette description des erreurs sur les éléments permet de décrire les erreurs éventuelles de l'élément programme concerné. A partir des descriptions des erreurs sur les éléments, on détermine la description d'erreur totale en tenant compte de la description de flux de commande et de la description de flux de données.
EP00929272A 1999-06-02 2000-04-03 Procede et dispositif permettant d'obtenir une description d'erreur totale au moins d'une partie d'un programme d'ordinateur ainsi que produit programme informatique et support d'enregistrement lisible par un ordinateur Withdrawn EP1200894A1 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE19925239 1999-06-02
DE19925239 1999-06-02
PCT/DE2000/001001 WO2000075780A1 (fr) 1999-06-02 2000-04-03 Procede et dispositif permettant d'obtenir une description d'erreur totale au moins d'une partie d'un programme d'ordinateur ainsi que produit programme informatique et support d'enregistrement lisible par un ordinateur

Publications (1)

Publication Number Publication Date
EP1200894A1 true EP1200894A1 (fr) 2002-05-02

Family

ID=7909989

Family Applications (1)

Application Number Title Priority Date Filing Date
EP00929272A Withdrawn EP1200894A1 (fr) 1999-06-02 2000-04-03 Procede et dispositif permettant d'obtenir une description d'erreur totale au moins d'une partie d'un programme d'ordinateur ainsi que produit programme informatique et support d'enregistrement lisible par un ordinateur

Country Status (3)

Country Link
US (1) US7047523B1 (fr)
EP (1) EP1200894A1 (fr)
WO (1) WO2000075780A1 (fr)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE50213782D1 (de) * 2001-02-20 2009-10-01 Siemens Ag Verfahren und anordnung zur ermittlung einer gesamtfehlerbeschreibung zumindest eines teils eines technischen systems, computer programm-element und computerlesbares speichermedium
JP2006113934A (ja) * 2004-10-18 2006-04-27 Hitachi Ltd プログラム開発支援装置、プログラム開発支援方法およびプログラム
US7563542B2 (en) * 2005-10-05 2009-07-21 California Institute Of Technology Subfluorinated graphite fluorides as electrode materials
US7685471B2 (en) * 2007-02-01 2010-03-23 Fujitsu Limited System and method for detecting software defects
CN100461132C (zh) * 2007-03-02 2009-02-11 北京邮电大学 基于源代码静态分析的软件安全代码分析器及其检测方法
US9189318B2 (en) * 2013-05-15 2015-11-17 Oracle International Corporation Path-sensitive analysis framework for bug checking
US11036866B2 (en) 2018-10-18 2021-06-15 Denso Corporation Systems and methods for optimizing control flow graphs for functional safety using fault tree analysis

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5740357A (en) * 1990-04-26 1998-04-14 Digital Equipment Corporation Generic fault management of a computer system
US5586252A (en) * 1994-05-24 1996-12-17 International Business Machines Corporation System for failure mode and effects analysis
US5500941A (en) * 1994-07-06 1996-03-19 Ericsson, S.A. Optimum functional test method to determine the quality of a software system embedded in a large electronic system
US5903453A (en) * 1996-01-19 1999-05-11 Texas Instruments Incorporated Method for estimating software operation and performance using a goal-question-metric paradigm
US6012152A (en) * 1996-11-27 2000-01-04 Telefonaktiebolaget Lm Ericsson (Publ) Software fault management system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0075780A1 *

Also Published As

Publication number Publication date
WO2000075780A1 (fr) 2000-12-14
US7047523B1 (en) 2006-05-16

Similar Documents

Publication Publication Date Title
DE69622219T2 (de) Optimierungsgerät zum Entfernen von Gefahren durch Arrangierung der Befehlsreihenfolge
Sivaramakrishnan et al. Declarative programming over eventually consistent data stores
Georgakopoulos et al. Specification and management of extended transactions in a programmable transaction environment
DE69503065T2 (de) Objektorientierte vorrichtung für konfigurationsverlaufsverwaltung
EP1764715B1 (fr) Méthode pour déterminer la qualité d'un nombre des propriétés, utilisable pour la vérification et la spécification des circuits
DE69626377T2 (de) Vorrichtung, Verfahren, Speichermedium und computerlesbare Module zur raumeffizienten Objektverriegelung
Back et al. Superposition refinement of reactive systems
DE112005002402T5 (de) Hybride Hardware-/Software-Implementierung eines Transaktionsspeicherzugriffs
DE19926116A1 (de) Mehr-Teilprozeß-Protokollierung in einer Konfigurationsdatenbank
DE69421346T2 (de) Verklemmungsanalyseverfahren in einem Betriebssystem
DE102004058288A1 (de) Vorrichtung und Verfahren zur Behebung von Fehlern bei einem Prozessor mit zwei Ausführungseinheiten
Dong et al. Ensuring structure and behavior correctness in design composition
DE112013007083B4 (de) Programmanalysevorrichtung, Programmanalyseverfahren und Programmanalyseprogramm
Aggarwal et al. Software Design Metrics for Object-Oriented Software.
EP1200894A1 (fr) Procede et dispositif permettant d'obtenir une description d'erreur totale au moins d'une partie d'un programme d'ordinateur ainsi que produit programme informatique et support d'enregistrement lisible par un ordinateur
DE69128908T2 (de) Verfahren zum Durchführen von erlässlichen Befehlen in einem Rechner
Frühwirth Parallelizing union-find in Constraint Handling Rules using confluence analysis
DE112004002576T5 (de) Management externer Speicheraktualisierung zur Fehlererfassung in redundanten Multithreading-Systemen unter Verwendung einer spekulativen Speicherunterstützung
Xu et al. JMLAutoTest: A novel automated testing framework based on JML and JUnit
DE10038499A1 (de) Verfahren und System für die verbesserte Entwicklungsprüfung mittels angepasster Ablaufverfolgung
DE69328664T2 (de) Verfahren und Anordnung zur Zusammenbindung von Objekten
Lyu et al. Software diversity metrics and measurements
DE102015102034A1 (de) Verfahren zum Analysieren von Ergebnissen in einem Entwurfsautomatisierungsablauf für elektronische Systeme, Computersystem und Computerprogrammprodukt
Georgakopoulos et al. An environment for the specification and management of extended transactions in DOMS
WO2005109196A1 (fr) Procede pour determiner des blocages dans des processus paralleles

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20011106

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

RBV Designated contracting states (corrected)

Designated state(s): DE FR GB

17Q First examination report despatched

Effective date: 20060627

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20100817