JP2009032233A - Exclusive control fault candidate extraction device, exclusive control fault candidate extraction method, and exclusive control fault candidate extraction program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an exclusive control fault candidate extraction device capable of precisely detecting a fault relating to exclusive control of software by using static analysis. <P>SOLUTION: The exclusive control fault candidate extraction device inputs a source program 106 of software being a fault detection target by a source program input part 101 and inputs design information 107 of the source program 106 by a design information input part 102. An exclusive control function extraction part 103 uses an exclusive control function/shared resource name correspondence table and a task main function list of the design information to extract exclusive control functions for accessing shared resources to be used on a plurality of tasks. An exclusive control determination execution part 104 detects an exclusive control fault candidate from the exclusive control functions and outputs the exclusive control fault candidate from an exclusive control fault candidate output part 105 as a detection result. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an exclusive control defect candidate extraction apparatus, an exclusive control defect candidate extraction method, and an exclusive control defect candidate extraction program, and more particularly to an exclusive control defect candidate extraction apparatus and an exclusive control defect candidate extraction method for detecting defects related to software exclusive control. , And an exclusive control defect candidate extraction program.

  Tasks that operate on a real-time OS (Operating System) share resources such as global variables and display devices as needed. When a task accesses a resource shared between tasks (hereinafter referred to as a shared resource), it is impossible to access other tasks using a semaphore that is an exclusive control mechanism provided by the real-time OS. It is necessary to access after setting (locked) and releasing the lock after the access is completed. Therefore, when creating a program for a task to access a shared resource, the program creator needs to create a program that is executed in the order of locking, access to the shared resource, and unlocking.

  However, a module that accesses a shared resource without locking may be created due to carelessness of the program creator. In this case, if access to the shared resource using the module is performed simultaneously by a plurality of tasks, there is a possibility that a defect such as data inconsistency (hereinafter, exclusive control defect) may occur.

  Japanese Patent Laid-Open No. 3-288239 (hereinafter referred to as Patent Document 1) detects a location where a shared resource is accessed without locking, in order to prevent the occurrence of such a problem due to forgetting to lock the shared resource. The technology to do is disclosed.

Specifically, in the technique disclosed in Patent Document 1, when a source program is given as an input, a flag indicating whether data is handled as a shared resource is set in the data allocation recognition area A1 when the source program is compiled. An instruction sequence that sets a lock indicating a lock (hereinafter referred to as a lock flag) in the lock recognition area is generated in the object program when generating an instruction sequence to be locked at the time of execution, and the lock is released at the time of execution. An instruction sequence for releasing the lock flag when generating the instruction sequence is generated in the object program, and finally a load module is generated. Further, when the load module is executed by a debugger and a resource is accessed by a certain task, the data allocation recognition area A1 is referred to and it is known whether or not the resource is a shared resource. When the resource is a shared resource, it can be determined whether or not the shared resource is locked by referring to the lock flag. When the lock is not applied, it can be seen that an access to an unlocked shared resource is performed. In the technique of Patent Document 1, access to an unlocked shared resource is detected as a failure by the above procedure.
JP-A-3-288239

  However, in the technique disclosed in Patent Document 1, detection of an exclusive control failure such as data definition reference to a shared area when unlocked is performed by dynamic analysis. For this reason, in order to cover the conditional branches in the process, there has been a problem that it is necessary to perform dynamic analysis numerous times while changing the conditions. This is raised as the first problem.

  In addition, in order to detect an exclusive control failure using the technique disclosed in Patent Document 1, there is a problem that it is necessary to separately prepare an environment necessary for executing the dynamic analysis. This is raised as a second problem.

The first problem will be described in detail.
FIG. 30 is a diagram illustrating a source program of the function f1 for accessing the shared resource A. Specifically, referring to FIG. 30, line 201 is a function for locking a shared resource, line 202 is a function for reading the value of the shared resource, line 203 is a function f1_1 called, and line 205 is a value for the shared resource. A function to be written, line 204, represents a function for unlocking the shared resource.

  FIG. 31 shows a source program of the function f2 for accessing the shared resources B and C. Specifically, referring to FIG. 31, a row 301 represents a function condition. The function f2 is a function (hereinafter referred to as an exclusive control function) that accesses the shared resource including the determination of the condition of the row 301. The row group 305 in FIG. 31 branches into two flows as shown in FIGS. 32 and 33 according to the function conditions of the row 301.

  In the case of the flow in FIG. 32, before and after the access (read / write) to the shared resources B and C in the row group 402, locking and unlocking to the shared resources B and C are performed on the rows 401 and 403, respectively. Therefore, there is no problem of exclusive control failure. On the other hand, in the case of the flow in FIG. 33, the shared resource C is unlocked in line 501 before the shared resource C is accessed (written) in line 502. Therefore, the line 502 causes an exclusive control failure.

  When detecting the exclusive control failure of the exclusive control function of FIG. 31 using the technique of Patent Document 1, the presence / absence of the exclusive control failure of the flow of FIGS. For this purpose, it is necessary to set the conditions so as to satisfy the conditions in the two cases of the line 301, v2> 0 and v2 ≦ 0, and to perform dynamic verification using a debug tool in each case. It was. For this reason, if the judgment of the condition of v2 ≦ 0 among the conditions of the line 301 in FIG. 31 is leaked due to incomplete setting at the time of debugging, the exclusive control malfunction of the line 502 in FIG. 33 could not be detected. There is a problem.

  The present invention has been made in view of such problems, and is capable of accurately detecting defects related to software exclusive control using static analysis while suppressing the processing amount and processing time. An object is to provide a candidate extraction device, an exclusive control defect candidate extraction method, and an exclusive control defect candidate extraction program.

  In order to achieve the above object, according to one aspect of the present invention, an exclusive control defect candidate extracting device is extracted with an exclusive control function extracting unit that extracts an exclusive control function that is a function for accessing a shared resource from a software configuration. Exclusive control determination execution means for executing processing for determining whether or not exclusive control can be performed on the exclusive control function.

  Preferably, the process executed by the exclusive control determination execution unit includes a process of determining whether or not the exclusive control function is accessing the shared resource in the unlocked state.

  Preferably, the process executed by the exclusive control determination execution unit is a process for determining whether or not the exclusive control function ends the process without bringing the shared resource into the unlocked state after accessing the shared resource in the locked state. including.

  Preferably, the exclusive control function extracting unit extracts an exclusive control function for accessing a shared resource used on a plurality of tasks of the software configuration.

  More preferably, when the exclusive control function extracting unit specifies an exclusive control function for accessing a shared resource used on a plurality of tasks in the software configuration, a function that is called first when each task in the software configuration is activated. The task main function list, which is a list of names, is used to trace the function called when each task is started, and the exclusive control function accesses shared resources used on multiple tasks in the software configuration. Is determined, and an exclusive control function is specified based on the determination result.

  Alternatively, more preferably, when the exclusive control function extracting unit specifies an exclusive control function that accesses a shared resource used on a plurality of tasks in the software configuration, the function name that generates the task in the software configuration is selected. A process of creating a task main function list that is a list of function names that are first called when a task is started based on the description of the calling part, and a process of tracing a function that is called from the task main function list To determine whether or not the exclusive control function accesses a shared resource used on a plurality of tasks of the software configuration, and specifies the exclusive control function based on the determination result.

  Preferably, the exclusive control defect candidate extraction device further includes an acquisition unit that acquires, as the software design information, a function for accessing a shared resource and a correspondence relationship between the shared resource included in the software configuration, and the exclusive control The function extracting means extracts the exclusive control function based on the correspondence relationship.

  Alternatively, preferably, the exclusive control defect candidate extracting device acquires, for each shared resource, an acquisition unit that acquires a correspondence relationship between the shared resource and a function that locks / unlocks the shared resource, and the correspondence relationship from a software configuration. And an access function extracting means for extracting an access function to the shared resource defined in the above, and the exclusive control function extracting unit extracts a function calling the access function from the software configuration as an exclusive control function.

  Preferably, the exclusive control defect candidate extraction device includes a qualifier acquisition unit that acquires a qualifier that specifies a storage area that is used to declare a variable that can be a shared resource, and a list of qualifiers that specify the software and the storage area. A shared resource extraction unit that extracts the shared resource list from the shared resource list, and a correspondence relationship extraction unit that extracts a correspondence relationship between the shared resource and a function that accesses the shared resource included in the software from the shared resource list, The exclusive control function extracting means extracts the exclusive control function based on the correspondence relationship.

  Preferably, the exclusive control defect candidate extraction device includes a qualifier acquisition unit that acquires a qualifier that specifies a storage area used for the declaration of a variable that can be a shared resource, and a function that locks / unlocks the shared resource. A lock / unlock function acquisition means for acquiring a list; a shared resource extraction means for extracting a list of shared resources from software and a list of modifiers that specify the storage area; a list of functions for performing lock / unlock; Correspondence extraction means for extracting a correspondence between a shared resource and a function that locks / unlocks the shared resource from the list of shared resources, and the correspondence defined by the software And an access function extracting means for extracting an access function to the shared resource. Control function extraction unit extracts a function that calls the access function from the software as an exclusive control function.

  Preferably, the exclusive control defect candidate extraction device acquires, for each shared resource, a shared resource, a correspondence between a function that locks / unlocks the shared resource, and an access function to the shared resource, and Extracting a part directly accessing the shared resource from the software, replacing the part with a specific character string, and adding the specific character string to the correspondence as an access function to the shared resource And an exclusive control function extracting unit that extracts a function that calls the access function from the software as an exclusive control function.

  According to another aspect of the present invention, an exclusive control defect candidate extraction method is an exclusive control defect candidate extraction method in an exclusive control defect candidate extraction apparatus that includes an input unit, a calculation unit, and an output unit. The step of inputting the software configuration, the step of extracting the exclusive control function that is a function for accessing the shared resource from the software configuration in the calculation means, and the calculation means can perform exclusive control on the extracted exclusive control function. And a step of outputting the result of the determination in the output means.

  According to still another aspect of the present invention, the exclusive control defect candidate extraction program is a program that causes a computer to execute an exclusive control defect candidate extraction process, and the computer includes an input unit, a calculation unit, and an output unit. A step of inputting a software configuration in the input unit; a step of extracting an exclusive control function that is a function for accessing the shared resource from the software configuration in the calculation unit; and a step of extracting the exclusive control function in the calculation unit The step of determining whether or not the exclusive control can be performed and the step of outputting the result of the determination in the output means are executed.

  According to still another aspect of the present invention, the recording medium is a computer-readable recording medium and records the above-described exclusive control defect candidate extraction program.

  According to the present invention, a large amount of processing and processing time are not required, and defects related to software exclusive control can be accurately detected. Furthermore, it is possible to reduce the labor of the operator when performing detection.

  Embodiments of the present invention will be described below with reference to the drawings. In the following description, the same parts and components are denoted by the same reference numerals. Their names and functions are also the same.

  In the following embodiments, the exclusive control defect candidate extraction system includes a personal computer or the like as an exclusive control defect candidate extraction device. The hardware configuration is the same as that of a general personal computer, and includes a calculation unit including a central processing unit (CPU) that controls the whole, a read only memory (ROM), and a random access memory (RAM). ) And HD (Hard Disk) storage device, a CD-ROM (Compact Disk-Read Only Memory) read-out device for reading information, an input device for inputting information such as a keyboard, mouse and communication device, and It includes an output device that outputs calculation results such as a communication device and a display device. These are connected by a bus. Alternatively, the exclusive control defect candidate extraction system may be configured by a plurality of devices and connected by a dedicated line or a wireless communication line.

  Furthermore, the above-described storage device stores, as a predetermined storage area, an area for storing a source program and design information, which will be described later, input from the input device, and an exclusive control defect candidate extraction program executed by the CPU. And area.

[First Embodiment]
FIG. 1 is a diagram illustrating a specific example of the configuration of the exclusive control defect candidate extraction system according to the first embodiment of this invention. Each configuration shown in FIG. 1 is a function realized by the CPU of the exclusive control defect candidate extraction system executing an exclusive control defect candidate extraction program stored in the storage device. At least a part of the configuration shown in FIG. 1 may be realized by the hardware configuration of the exclusive control defect candidate extraction system described above.

  Referring to FIG. 1, an exclusive control defect candidate extraction system according to this exemplary embodiment includes a source program input unit 101, a design information input unit 102, an exclusive control function extraction unit 103, an exclusive control determination execution unit 104, and an exclusive control. A defect candidate output unit 105 is included.

  The source program input unit 101 acquires and stores a source program 106 that is a software configuration for which an exclusive control defect is to be extracted.

  The design information input unit 102 acquires the design information 107 of the source program 106 and stores it. Here, the design information includes an exclusive control function candidate / shared resource name correspondence table, a shared resource specification, and a task main function list.

  The “exclusive control function candidate / shared resource name correspondence table” is tabular data representing the correspondence between a function that accesses a shared resource and the shared resource name, as shown in FIG. Here, “shared resource” refers to a resource shared between tasks, such as a global variable and a static variable within a function.

  "Shared resource specification" is the name of API (Application Program Interface), which is a function for accessing shared resources, and what kind of access is performed for each shared resource as shown in FIG. This is information representing the correspondence relationship with the information (type) to be represented. “Type” includes three types: lock that locks the shared resource, unlock that unlocks the shared resource, and access that reads or writes to the shared resource.

  The “task main function list” is a list of function names that are called first when each task is started, as shown in FIG.

  The exclusive control function extraction unit 103 includes a source program 106 acquired by the source program input unit 101, an exclusive control function / shared resource name correspondence table and a task main function list in the design information 107 acquired by the design information input unit 102, From the above, an exclusive control function called from a plurality of tasks is extracted.

  FIG. 5 is a flowchart illustrating a specific example of processing in the exclusive control function extraction unit 103. Specifically, in the flowchart of FIG. 5, the source program input unit 101 is a source program 106 including the source program of FIGS. 30 and 31, and the design information input unit 102 is the design information 107 of FIG. 4 shows processing of the exclusive control function extraction unit 103 when the shared resource name correspondence table and the task main function list of FIG. 4 are acquired.

  Referring to FIG. 5, first, in step S801, the exclusive control function extraction unit 103 receives from the source program input unit 101 the source program including the source programs of FIGS. 30 and 31 and the design information input unit 102 from FIG. The exclusive control function / shared resource name correspondence table Table and the task main function list TaskmainTable of FIG. 4 are respectively acquired.

  Next, when the exclusive control function extraction unit 103 has not performed processing on all the shared resources in the correspondence table Table (NO in step S802), in step S803, one exclusive resource is taken out from the correspondence table Table, and the correspondence is also handled. A list F_serv of a function for accessing this shared resource is generated from the table Table. In the case of the exclusive control function / shared resource name correspondence table Table in FIG. 2, when the shared resource A is extracted from the correspondence table Table, the list F_serv becomes {f1}, and the shared resource B and the shared resource C are extracted, respectively. In this case, the list F_serv becomes {f2}.

  Subsequently, in step S804, the exclusive control function extraction unit 103 extracts, from the source program, a function that calls the function f () for each function f () in the list F_serv, and calls this function in the list F_serv. Add to function list F_use (F_serv). For example, if the analysis of the source program reveals that there are two functions g1 and g2 that call the function f1 which is one function in the list F_serv, the function g1 and the function g2 are listed in the list F_use ( F_serv).

  Subsequently, in step S805, the exclusive control function extraction unit 103 extracts, from the source program, a function that calls the function g () for each function g () in the list F_use (F_serv), and recursively lists F_use (F_serv ) Here, “recursively” means that a function h () is added to the list F_use (F_serv) as a function that calls the function g (). Is extracted from the source program and added to the list F_use (F_serv). If there is no function calling the function g (), the same processing is performed with the next function in the list F_use (F_serv) as the function g (). For example, when the list F_use (F_serv) is {g1, g2}, the exclusive control function extracting unit 103 extracts a function calling the function g1 (for example, the function h1 and the function h2) from the source program, and the list F_use (F_serv ) (F_use (F_serv) = {g1, g2, h1, h2}). Subsequently, the exclusive control function extraction unit 103 similarly extracts a function calling the function g2 of the next element of the list F_use (F_serv) from the source program and adds it to the list F_use (F_serv). Subsequently, for the function h1 of the next element of the list F_use (F_serv), if there is no function calling this, nothing is added to the list F_use (F_serv), and the function h2 of the next element is Extract the function that calls. The above processing is performed for all the lists F_use (F_serv).

  Subsequently, in step S806, the exclusive control function extraction unit 103 counts the number of task main functions in the task main function list TaskmainTable in the list F_use (F_serv), and when this is 2 or more (in step S806). YES), it can be seen that the shared resource extracted in step S803 is used by two or more tasks. Therefore, in step S807, the exclusive control function extraction unit 103 adds the exclusive control function list F_serv that accesses the shared resource extracted in step S803 to the exclusive control function list F_exclusive as an exclusive control defect candidate detection target. On the other hand, if there is only one task main function in the task main function list TaskmainTable in the list F_use (F_serv) (NO in step S806), the shared resource extracted in step S803 is only from a single task. You can see that it is used. Therefore, the exclusive control function extraction unit 103 does not set the exclusive control function F_serv that accesses this shared resource as a target of exclusive control defect detection.

  The exclusive control function extraction unit 103 performs the above processing on all the shared resources in the exclusive control function / shared resource name correspondence table Table, and sends the exclusive control function list F_exclusive to the exclusive control determination execution unit 104 in step S808. Output.

  The exclusive control determination execution unit 104 includes an exclusive control function list F_exclusive output by the exclusive control function extraction unit 103, an exclusive control function / shared resource name correspondence table and a shared resource specification acquired by the design information input unit 102, and a source program The acquisition unit 101 acquires the acquired source program and detects an exclusive control defect candidate.

  FIG. 6 is a flowchart illustrating a specific example of processing in the exclusive control determination execution unit 104. Specifically, the flowchart of FIG. 6 includes {f1, f2} as the exclusive control function list F_exclusive, the exclusive control function / shared resource name correspondence table of FIG. 2, the shared resource specification of FIG. 3, and FIGS. The process of the exclusive control determination execution part 104 when the source program containing is given to the exclusive control determination execution part 104 is represented.

  Referring to FIG. 6, first, in step S <b> 901, exclusive control determination execution unit 104 receives a source program from source program input unit 101, exclusive control function / shared resource name correspondence table and shared resource from design information input unit 102. The exclusive control function list F_exclusive is acquired from the specification and the exclusive control function extraction unit 103.

  If the exclusive control function list F_exclusive acquired in step S901 is not empty (NO in step S902), the exclusive control determination execution unit 104 extracts one element from the exclusive control function list F_exclusive in step S903, and extracts this element as a function f (). And

  Next, in step S904, the exclusive control determination execution unit 104 finds a location where the function f () and the function called from the function f () are defined from the source program, and finds this location as SourceCodeSet (f ( )). However, the shared resource access API described in the shared resource specification is not included. For example, when the function f () is the function f1, in step S904, the source program of the function f1 in the source program of FIG. 30 and the function f1_1 called from the function f1 is SourceCodeSet (f ()).

Next, in step S905, the exclusive control determination execution unit 104 generates a control flow graph of SourceCodeSet (f ()), converts the control flow graph of function f () into the function f () of SourceCodeSet (f ()). Create a flow graph (Graph) expanded with the control flow graph of functions other than. The “control flow graph” is a graph representing the flow of control within each function. Specifically, when SourceCodeSet (f ()) is the source program of FIG. 30, the control flow graph of the function f1 is represented in FIG. 7, and the control flow graph of the function f1_1 is represented in FIG. In step S905, the flow graph Graph of the function f1 shown in FIG. 9 is obtained by expanding the node 1001 in FIG. 7 with the control flow graph of the function f1_1 in FIG. Created. Similarly, the flow graph Graph of the function f2 shown in FIG. 10 is created for the source program of FIG.

  Next, the exclusive control determination execution unit 104 determines which shared resource the function f () accesses in step S906, the exclusive control function / shared resource name correspondence table acquired in step S901 (FIG. 2). Get from. Then, for the acquired shared resource name, a set API_set (f ()) of a set of the API name that accesses the shared resource and the type of the API is extracted from the shared resource specification (FIG. 3) acquired in step S901. Then, the flow graph Graph created in step S905 is analyzed. As a specific analysis method, each node of the flow graph Graph is locked to the shared resource x (lock (x)), unlocked to the shared resource x (unlock (x)), and accessed to the shared resource x ( access (x)) or other (others) is determined from the correspondence between the API name and type in API_set (f ()) extracted from the shared resource specification. According to the determination result, the flow graph Graph is converted into a sequence of nodes to which the events lock (x), unlock (x), access (x), and others are assigned. When the flow graph Graph of FIG. 9 is specifically analyzed and the above allocation is performed, in step S906, the arrangement of the nodes after the event allocation of the function f1 shown in FIG. 11 is shown from the flow graph Graph of the function f1 of FIG. Further, from the flow graph Graph of the function f2 in FIG. 10, the sequence of nodes after the event assignment of the function f2 shown in FIG. 12 is obtained.

  Next, in step S907, the exclusive control determination execution unit 104 sequentially reads the sequence of nodes obtained in step S906 as an event sequence, sets the initial state of the shared resource x as unlock, and sets the shared resource of FIG. State transition is executed according to the lock state transition diagram. In the state transition diagram of FIG. 13, the state “unlock” indicates that the shared resource x is not locked, and the state “lock” indicates the locked state. The state transition diagram shown in FIG. 13 defines the transition of the lock state of the shared resource, and is stored in the exclusive control determination execution unit 104 in advance. In step S907, the exclusive control determination execution unit 104 performs transition between these states statically according to the state transition diagram shown in FIG. Specifically, if the node sequence is the node sequence related to the shared resource A in FIG. 11, in step S907, the exclusive control determination execution unit 104 reads the event lock (A) that is the node 1401 in the initial state unlock, Transition from the initial state unlock to the state lock is made according to the state transition diagram of FIG. Subsequently, the access (A) event of the nodes 1402 and 1403 is read and remains in the state lock. Finally, an unlock (A) event that is the node 1404 is read, and the state shifts to the state unlock. In the case of the node arrangement in FIG. 12, since there are two shared resources B and C, the exclusive control determination execution unit 104 prepares the state transition diagram of FIG. 13 for each shared resource, and similarly transitions from the initial state unlock. To start. In addition, when the flow branches for condition determination as in the node 1504 in FIG. 12, the exclusive control determination execution unit 104 performs state transition for each of the flows that pass through the events that are the branched nodes 1505 and 1510, and excludes them. Control defect candidates are detected.

  Next, in step S908, the exclusive control determination execution unit 104 checks whether an access event has occurred in the state unlock. If an access event occurs in the state unlock (YES in step S908), access to the unlocked shared resource occurs, so that the exclusive control determination execution unit 104 determines in step S910 an exclusive control defect candidate. As a result, the function name of the function f () and information including defect contents such as “access in unlocked state” are added to the exclusive control defect candidate list NG_List. For example, when state transition is performed for the flow passing through the event of the node 1510 in the node arrangement of FIG. 12, the arrangement of the nodes related to the shared resource C is, in order, node 1502 (lock), node 1510 (access), 1511 (unlock), node 1507 (access), and node 1508 (unlock). According to the state transition diagram of FIG. 13, it can be seen that an access event occurs in the node 1507 in the state unlock. Therefore, in step S908, the exclusive control determination execution unit 104 adds “function name: f2 content: access in unlocked state” to the exclusive control defect candidate list NG_List as an exclusive control defect candidate.

  On the other hand, if an access event has not occurred in the state unlock (NO in step S908), the exclusive control determination execution unit 104 determines whether the end of the node sequence has been reached in step S909. When the end of the node has been reached (YES in step S909), the state of the shared resource at the end of the end is confirmed in step S911. If the shared resource is in the locked state (YES in step S911), an uncheck is made in step S910. Assuming that the processing is terminated without locking, the function name of the function f () and information including the malfunction content such as “end processing in locked state” are added to the exclusive control defect candidate NG_List as an exclusive control defect candidate.

  When the access to the shared resources of the nodes 1402 and 1403 is all performed in the locked state and the terminal node 1404 where the processing ends is in the unlocked state as in the arrangement of nodes illustrated in FIG. Since NO is determined in S908, YES is determined in Step S909, and NO is determined in Step S911, it is determined that there is no exclusive control failure. Therefore, the extraction of the exclusive control failure candidate of this node arrangement is finished, and the processing from Step S902 is performed again. Repeat.

  The exclusive control determination execution unit 104 repeats the above procedure until the exclusive control function list F_exclusive becomes empty (YES in step S902), and in step S912, performs exclusive control on the exclusive control defect candidate list NG_List as shown in FIG. Output to the defect candidate output unit 105.

  The exclusive control defect candidate output unit 105 outputs the exclusive control defect candidate acquired from the exclusive control determination execution unit 104, for example, in a list format as shown in FIG.

  The exclusive control failure candidate extraction system according to the first embodiment is configured as described above, and the above-described processing is performed, so that a test for covering conditional branches when detecting an exclusive control failure is performed. It is possible to detect an exclusive control failure with high accuracy by eliminating the need for environment creation necessary for data creation and dynamic analysis. Therefore, it is possible to reduce the labor of the user of the system. Further, the system configuration for detecting the exclusive control failure can be facilitated. Moreover, since the exclusive control failure is detected, the processing amount can be reduced and the processing speed can be increased.

[Second Embodiment]
FIG. 15 is a diagram illustrating a specific example of the configuration of the exclusive control defect candidate extraction system according to the second embodiment of this invention. Each configuration shown in FIG. 15 is also a function realized by the CPU of the exclusive control defect candidate extraction system executing the exclusive control defect candidate extraction program stored in the storage device. At least a part of the configuration shown in FIG. 15 may be realized by the hardware configuration of the exclusive control defect candidate extraction system.

  Referring to FIG. 15, the exclusive control defect candidate extraction system according to the second embodiment includes a design information input unit in the configuration of the exclusive control defect candidate extraction system according to the first embodiment shown in FIG. Instead of 102, an exclusive control function / shared resource name correspondence table generation unit 2201, a shared resource specification generation unit 2202, and a task main function list generation unit 2203 are configured.

  The design information 2204 includes a shared resource name, a function name of a function that locks / unlocks the shared resource, and a function type that is either locked / unlocked as shown in FIG. Includes shared resource / lock / unlock function correspondence table and function name to create task. The design information 2204 is input and acquired by the exclusive control function / shared resource name correspondence table generation unit 2201, the shared resource specification generation unit 2202, and the task main function list generation unit 2203.

  The shared resource specification generation unit 2202 acquires the function that accesses the shared resource described in the shared resource / unlock function correspondence table included in the acquired design information 2204 by the source program input unit 101. A shared resource specification is generated by extracting from 106 and adding it to the acquired shared resource / lock unlock function correspondence table.

  The exclusive control function / shared resource name correspondence table generation unit 2201 uses the source program input unit 101 to call a function that calls the shared resource access function described in the shared resource specification generated by the shared resource specification generation unit 2202. Extracted from the acquired source program 106, an exclusive control function / shared resource name correspondence table is generated.

  The task main function list generation unit 2203 searches the source program 106 acquired by the source program input unit 101 for a location where a function for generating a task included in the acquired design information 2204 is called, and describes it as an argument of the function. The task main function is extracted to generate a task main function list.

  The exclusive control function / shared resource name correspondence table generated by the exclusive control function / shared resource name correspondence table generation unit 2201 is used for processing by the exclusive control function extraction unit 103 and the exclusive control determination execution unit 104. The shared resource specification generated by the shared resource specification generation unit 2202 is used for processing by the exclusive control determination execution unit 104. The task main function list generated by the task main function list generation unit 2203 is used for processing by the exclusive control function extraction unit 103.

  FIG. 17 is a flowchart illustrating a specific example of processing in the shared resource specification generation unit 2202 and the exclusive control function / shared resource name correspondence table generation unit 2201. The flowchart in FIG. 17 specifically uses a source program including the shared resource / lock / unlock function correspondence table shown in FIG. 16 and the source program of the function for accessing the shared resource A in FIGS. The shared resource specification generation unit 2202 generates a shared resource specification, and the exclusive control function / shared resource name correspondence table generation unit 2201 represents a process of generating an exclusive control function / shared resource name correspondence table.

  Referring to FIG. 17, first, shared resource specification generation unit 2202 includes shared resource / lock unlock function correspondence table Var_Com shown in FIG. 16 and the source programs of FIGS. 30 and 18 in step S1801. Get the source program. If all the shared resources in the correspondence table Var_Com have not been checked (NO in step S1802), the shared resource specification generation unit 2202 acquires the shared resource as v_c from the correspondence table Var_Com in step S1803. For example, the shared resources A, B, and C are acquired as v_c from the shared resource / lock unlock function correspondence table Var_Com shown in FIG.

  Next, in step S1804, the shared resource specification generation unit 2202 searches the source program input in step S1801, finds a place where the shared resource v_c is assigned or referred to, and finds this place. A function group including the function group is defined as a function group F_list (v_c). When the source program shown in FIG. 18 is given in step S1801 above, if the shared resource v_c acquired in step S1803 is the shared resource A, the locations in the rows 2101 and 2102 are applicable, so in step S1804, as shown in FIG. As described above, the functions ACCESS_READ_A and ACCESS_WRITE_A are extracted as the function group F_list (v_c) that is a list of functions that access the shared resource A. The shared resource specification generation unit 2202 adds these to the correspondence table Var_Com as an access function of the shared resource v_c, and generates a shared resource specification.

  Next, in step S1805, the exclusive control function / shared resource name correspondence table generation unit 2201 searches for the source program input in step S1801 and accesses the shared resource v_c in the shared resource specification Var_Com. A function calling a function included in F_list (v_c) is found, and this function group is defined as a function group F_call (F_list (v_c)). When the function in FIG. 19 is extracted as the function group F_list (v_c) in step S1804, in step S1805, the function group in the line 202 of the source program in FIG. 30 is searched by searching the source program including the source program in FIG. A function f1 that calls a function in F_list (v_c) is extracted as one of the function group F_call (F_list (v_c)).

  Next, in step S1806, the exclusive control function / shared resource name correspondence table generation unit 2201 associates the shared resource v_c as a shared resource name for each function in the function group F_call (F_list (v_c)), and performs the exclusive control function. -Add to the shared resource name correspondence table m_list. When the shared resource v_c is the shared resource A and the function in the function group F_call (F_list (v_c)) is the function f1 in FIG. 30, in step S1806, the function f1 and the shared resource A are associated with each other and exclusive control is performed. It is added to the function / shared resource name correspondence table m_list, and the shared resource specification of the shared resource A shown in FIG. 20 is generated. When the above processing is repeated for all shared resources (YES in step S1802), the exclusive control function / shared resource name correspondence table generation unit 2201 uses the generated shared resource specification Var_Com in step S1807 as in FIG. The exclusive control function / shared resource name correspondence table m_list is output to the exclusive control determination execution unit 104 in a format, and the exclusive control function extraction unit 103 and the exclusive control determination execution unit 104 Output for.

  The exclusive control defect candidate extraction system according to the second embodiment is configured as described above, and the processing as described above is performed, so that the exclusive control defect candidate extraction system according to the first embodiment is compared. Necessary design information can be reduced from the exclusive control function / shared resource name correspondence table, the shared resource specification, and the task main function list to the shared resource / lock unlock function correspondence table and the task generation function. For this reason, it is possible to reduce the effort for the user of the system to create design information given as input.

[Third Embodiment]
In the exclusive control defect candidate extraction system according to the first embodiment, the source program of the function f3 including a description for directly accessing the shared resource D as shown in FIG. 21, and the exclusive control as shown in FIG. A function candidate / shared resource name correspondence table and a shared resource specification of the shared resource D as shown in FIG. 23 are given. When the function f3 is a function called from a plurality of tasks, the exclusive control determination execution unit 104 generates a flow graph Graph of the function f3 shown in FIG. 24 in step S905 according to the flowchart of FIG. Further, in step S906, using the exclusive control function candidate / shared resource name correspondence table of FIG. 22 and the shared resource specification of FIG. 23, a sequence of nodes after the event assignment of the function f3 shown in FIG. 25 is generated. . Here, the description that directly accesses the shared resource refers to a sentence that assigns to the shared resource on the source program or a sentence that refers to the shared resource. In line 2601 of the source program in FIG. 21, although the shared resource D is accessed, the access method (direct access) is a method other than that described in the shared resource specification in FIG. In step S906, "other" is assigned to the node 2903 in FIG. For this reason, in the exclusive control defect candidate extraction system according to the first embodiment, it cannot be determined that the shared resource D is accessed in the unlocked state in the node 2903 from the arrangement of the nodes in FIG. The location of line 2601 of 21 source programs cannot be detected as an exclusive control failure.

  The exclusive control defect candidate extraction system according to the third embodiment is configured such that an exclusive control defect can be detected even when a shared resource is directly accessed.

  FIG. 26 is a diagram illustrating a specific example of the configuration of the exclusive control defect candidate extraction system according to the third embodiment of this invention. Each configuration shown in FIG. 26 is also a function realized by the CPU of the exclusive control defect candidate extraction system executing the exclusive control defect candidate extraction program stored in the storage device. 26 may be realized by the hardware configuration of the exclusive control defect candidate extraction system.

  Referring to FIG. 26, the exclusive control defect candidate extraction system according to the third embodiment has a shared resource specification in addition to the configuration of the exclusive control defect candidate extraction system according to the first embodiment shown in FIG. A document / source program changing unit 2501 is included.

  The shared resource specification / source program change unit 2501 acquires a source program from the source program input unit 101 and acquires a shared resource specification as design information from the design information input unit 102. The shared resource specification / source program changing unit 2501 searches the source program for a location where the shared resource described in the shared resource specification is accessed, changes the shared resource access location of the source program to a pseudo function, Add the pseudo function name as an access function to the shared resource specification.

  Specifically, when the source program of FIG. 21 is acquired from the source program input unit 101 and the shared resource specification of FIG. 23 is acquired from the design information input unit 102, the shared resource specification / source program change unit 2501 The location where the shared resource D is directly accessed is retrieved from the source program of the above-mentioned source program, and the location is replaced with a specific character string (for example, TRANS_ACCESS_D) including the shared resource name D. The source program line 2601 in FIG. 21 is changed by the shared resource specification / source program change unit 2501 to a line 3001 in FIG. Further, the shared resource specification / source program changing unit 2501 adds the replaced character string (for example, TRANS_ACCESS_D) to the shared resource specification as an access function of the shared resource D. As shown in the row 3101 of FIG. 28, the replaced character string and type are added to the shared resource specification of the shared resource D of FIG.

  The processing in the other configuration is the same in the configuration of the exclusive control defect candidate extraction system according to the first embodiment. In the exclusive control defect candidate extraction system according to the third embodiment, the source program of FIG. 21 which is the source program 106 input from the source program input unit 101 by the processing in the shared resource specification / source program change unit 2501 Is changed as shown in FIG. 27, and the shared resource specification of FIG. 23 as the design information 107 input from the design information input unit 102 is changed as shown in FIG. Therefore, in the exclusive control defect candidate extraction system according to the third exemplary embodiment, the exclusive control determination execution unit 104 can generate a sequence of nodes after the event assignment of the function f3 as shown in FIG. It can be detected that shared resource access is being performed in the unlocked state at the node 3203.

  The exclusive control defect candidate extraction system according to the third embodiment is configured as described above, and the processing as described above is performed, so that the source program includes a description that directly accesses the shared resource. Even in such a case, it is possible to extract exclusive control defect candidates. Therefore, the defect detection accuracy in the exclusive control defect candidate extraction system according to the first embodiment can be improved.

[Fourth Embodiment]
FIG. 34 is a diagram illustrating a specific example of the configuration of the exclusive control defect candidate extraction system according to the fourth embodiment of this invention. Each configuration shown in FIG. 34 is also a function realized by the CPU of the exclusive control defect candidate extraction system executing the exclusive control defect candidate extraction program stored in the storage device. 34 may be realized by the hardware configuration of the exclusive control defect candidate extraction system.

  Referring to FIG. 34, the exclusive control defect candidate extraction system according to the fourth embodiment has a shared resource name in addition to the configuration of the exclusive control defect candidate extraction system according to the second embodiment shown in FIG. A list generation unit 4001 and a shared resource / lock / unlock function correspondence table generation unit 4002 are included.

  The design information 4003 according to the fourth embodiment includes a storage area designation qualifier name list as shown in FIG. 35, a lock / unlock function name list as shown in FIG. 36, and as shown in FIG. Contains a list of task generation function names.

  Referring to FIG. 35, the storage area specification qualifier name list is a list including a qualifier name that specifies a storage area used for declaration of a variable that can be a shared resource, and a type of declaration that the qualifier specifies. It is. Referring to FIG. 36, the lock / unlock function name list is a list including a function name of a function that performs lock / unlock on a shared resource and a function type that is either lock / unlock. . Referring to FIG. 41, the task generation function name list is a list including function names of functions that generate tasks.

  In the fourth embodiment, the design information 4003 is input to the shared source name list generation unit 4001, the shared resource / lock unlock function correspondence table generation unit 4002, and the task main function list generation unit 2203.

  The shared resource name list generation unit 4001 extracts shared resources included in the source program 106 from the source program 106 acquired by the source program input unit 101 and the storage area designation qualifier name list included in the acquired design information 4003. And generate a shared resource name list. The generated shared resource name list is input to the shared resource / lock unlock function correspondence table generation unit 4002 and used for processing in the shared resource / lock unlock function correspondence table generation unit 4002.

  The shared resource / lock / unlock function correspondence table generation unit 4002 includes a shared resource name list generated by the shared resource name list generation unit 4001 and a lock / unlock function name list included in the acquired design information 4003. A lock function and an unlock function for the shared resource are extracted, and a shared resource name / lock unlock function correspondence table is generated. The generated shared resource / lock unlock function correspondence table is input to the shared resource specification generation unit 2202 and used for processing in the shared resource specification generation unit 2202.

  FIG. 38 is a flowchart illustrating a specific example of processing in the shared resource name list generation unit 4001. The flowchart of FIG. 38 specifically shows a source including the storage area designating qualifier name list shown in FIG. 35 and the source program (L1 to L3 in FIG. 40) performing the variable declaration shown in FIG. 37 shows a process of generating a shared resource name list in FIG. 37 using a program.

  Referring to FIG. 38, first, shared resource name list generation unit 4001 obtains the storage area designating qualifier name list shown in FIG. 35 and the source program including the source program of FIG. 40 in step S4101. . In step S4102, the shared resource name list generation unit 4001 searches the source program in FIG. 40, finds a portion where variables are declared (L1 to L3 in FIG. 40), and acquires a list of this variable group as var_list. For example, in the case of the source program of FIG. 40, the list of variable groups is var_list = [A, B, C]. If all the variables in the list var_list have not been checked (NO in step S4103), the shared resource name list generation unit 4001 acquires the variable v from the variable group list var_list in step S4104. For example, the shared resource candidates A, B, and C are acquired as variables v from the source program shown in FIG.

  Next, the shared resource name list generation unit 4001 determines whether or not the variable v is a global variable (a variable declared outside the function definition). If so (YES in step S4105), step S4106 The variable v is added to the shared resource name list c_list as the shared resource name. For example, from the source program shown in FIG. 40, variables A, B, and C are added to the shared resource name list c_list as shared resource names.

  The above process is repeated for all variables. When the above processing is completed for all variables (YES in step S4013), the shared resource name list generation unit 4001 in FIG. 34 displays the generated shared resource name list in the same format as in FIG. 37 in step S4107. Output to the lock / unlock function correspondence table generation unit 4002.

  If it is determined in step 4105 that the variable v is not a global variable (NO in step S4105), the process proceeds to step S4108. For example, when the input is a source program in which variables D, E, and G are declared in the function f shown in FIG. 42, in step S4102, the shared resource name list generation unit 4001 displays a variable group list var_list. = [D, E] is obtained, and in step 4104, the variables D and E are obtained as the variable v that is a candidate for the shared resource. At this time, the shared resource name list generation unit 4001 determines that the variable v is not a global variable (NO in step S4105), and the process advances to step S4108.

  Next, in step S4108, the shared resource name list generation unit 4001 acquires a function f_call that declares the variable v. For example, when the input is the source program shown in FIG. 42, the function f_call = f is acquired in step S4108.

  Next, the shared resource name list generation unit 4001 determines whether or not the variable v is declared as a static variable. If so (YES in step S4109), the variable v is changed to the shared resource name list c_list in step S4106. to add. For example, when variable v = D, shared resource name list generation section 4001 determines that variable v, which is variable D, is declared as a static variable, and adds the variable to shared resource name list c_list in step 4106. As a result, the shared resource name list c_list = [D].

  On the other hand, when it is determined that the variable v is not declared as a static variable, that is, when it is determined that an external variable is declared (NO in step S4109), the process proceeds to step S4110. Next, the shared resource name list generation unit 4001 determines whether or not the variable v is declared for the first time in the function f_call (YES in step S4110), and in step S4106, the variable v is set to the shared resource. Add to name list c_list. For example, when the variable v = E, the shared resource name list generation unit 4001 determines that the variable v, which is the variable E, is declared as an external variable (NO in step S4109), and the variable v is the first in the function f_call. It is determined that it is declared (YES in step S4110), and the variable E is added to the shared resource name list c_list. As a result, the shared resource name list c_list = [E] is obtained.

  FIG. 39 is a flowchart showing a specific example of processing of the shared resource / unlock function correspondence table generation unit 4002. The flowchart of FIG. 39 specifically uses the shared resource name list shown in FIG. 37 and the lock / unlock function name list shown in FIG. 36 to share the resource lock / unlock shown in FIG. This shows a process for generating a function correspondence table.

  Referring to FIG. 39, first, in step S4201, the shared resource / lock / unlock function correspondence table generating unit 4002 and the shared resource name list c_list shown in FIG. 37 and the lock / unlock function shown in FIG. Get name list l_list. In step S4202, the shared resource / lock / unlock function correspondence table generation unit 4002 sets a function whose type is lock in the lock / unlock function name list l_list as a lock function f_l, and a function whose type is unlock. Is an unlock function f_u. For example, when the lock / unlock function name list l_list shown in FIG. 36 is acquired as an input, the shared resource / lock / unlock function correspondence table generation unit 4002 sets the lock function f_l = LOCK and the unlock function f_u = UNLOCK. .

  Next, when all the variables in the shared resource name list c_list have not been checked by performing the following processing (NO in step S4203), the shared resource name list generation unit 4002 shares the shared resource name list c_list from the shared resource name list c_list in step 4204. Get resource name v_c. For example, the shared resource names A, B, and C are acquired as the shared resource name v_c from the shared resource name list c_list shown in FIG.

  Next, in step S4205, the shared resource / lock / unlock function correspondence table generating unit 4002 sets the lock function for the shared resource v_c extracted from the shared resource v_c and the lock function f_l as a function f_l (v_c), and An unlock function for the shared resource v_c extracted from v_c and the unlock function f_u is assumed to be a function f_u (v_c). For example, when the shared resource name list shown in FIG. 37 and the lock / unlock function name list shown in FIG. 36 are acquired as inputs, the shared resource / lock unlock function correspondence table generation unit 4002 sets the variable v_c = When A, the lock function f_l (v_c) = LOCK (A) and the unlock function f_u (v_c) = UNLOCK (A).

  Next, in step S4206, the shared resource / lock / unlock function correspondence table generating unit 4002 associates the shared resource v_c, the lock function f_l (v_c), and the type lock with each other and adds them to the correspondence table cl_table. The shared resource v_c, the unlock function f_u (v_c), and the type unlock are associated with each other and added to the correspondence table cl_table. For example, when the shared resource name list shown in FIG. 37 and the lock / unlock function name list shown in FIG. 36 are acquired as inputs, the shared resource / lock unlock function correspondence table generation unit 4002 sets the variable v_c = When A, the correspondence table cl_table = [(A, LOCK (A), lock), (A, UNLOCK (A), unlock)].

  When the above processing is repeated for all variables in the shared resource name list c_list (YES in step S4203), the shared resource / lock unlock function correspondence table generation unit 4002 generates the shared resource / lock unlock generated in step S4202. The correspondence table cl_table is output to the shared resource specification generation unit 2202 in the same format as in FIG.

  The exclusive control defect candidate extraction system according to the fourth embodiment is configured as described above, and the processing as described above is performed, so that the exclusive control defect candidate extraction system according to the second embodiment is compared. Therefore, it is possible to create an input of an extraction system for exclusive control disabled candidates with a small number of steps.

  That is, in the input of the second embodiment, the shared resource / lock / unlock function correspondence table includes the shared resource name, but in the case of large-scale development, the source code of more than 1 million lines It may be possible to extract thousands of shared resource names from the inside, which may be troublesome. On the other hand, in the input of the fourth embodiment, the storage area designation qualifier name list includes a qualifier name for designating a storage area in the variable declaration. A variable that may be a shared resource can be determined from the storage area. Usually, there are several types of modifiers (for example, two types in the case of C language) for designating the storage area to be input in order to determine the shared resource name, and the number of qualifiers is less than that in the case of inputting the shared resource name. The lock / unlock function name list is for setting a shared resource / lock / unlock function correspondence table, and usually has several types. This can be set with fewer steps than in the second embodiment in which a lock / unlock function needs to be input for each shared resource. From the above, in the fourth embodiment, it is possible to reduce the number of steps required to create an input compared to the second embodiment.

  Furthermore, it is possible to provide an exclusive control defect candidate extraction program that causes a computer to execute processing in the above-described exclusive control defect candidate extraction system. Such a program is stored in a computer-readable recording medium such as a flexible disk attached to the computer, a CD-ROM (Compact Disk-Read Only Memory), a ROM (Read Only Memory), a RAM (Random Access Memory), and a memory card. And can be provided as a program product. Alternatively, the program can be provided by being recorded on a recording medium such as a hard disk built in the computer. A program can also be provided by downloading via a network.

  The program according to the present invention is a program module that is provided as a part of a computer operating system (OS) and calls necessary modules in a predetermined arrangement at a predetermined timing to execute processing. Also good. In that case, the program itself does not include the module, and the process is executed in cooperation with the OS. A program that does not include such a module can also be included in the program according to the present invention.

  The program according to the present invention may be provided by being incorporated in a part of another program. Even in this case, the program itself does not include the module included in the other program, and the process is executed in cooperation with the other program. Such a program incorporated in another program can also be included in the program according to the present invention.

  The provided program product is installed in a program storage unit such as a hard disk and executed. The program product includes the program itself and a recording medium on which the program is recorded.

  The embodiment disclosed this time should be considered as illustrative in all points and not restrictive. The scope of the present invention is defined by the terms of the claims, rather than the description above, and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.

It is a figure which shows the specific example of a structure of the exclusive control malfunction candidate extraction system of 1st Embodiment. It is a figure which shows the specific example of an exclusive control function candidate and a shared resource name correspondence table. It is a figure which shows the specific example of a shared resource specification. It is a figure which shows the specific example of a task main function list | wrist. 10 is a flowchart illustrating a specific example of processing in the exclusive control function extraction unit 103. 5 is a flowchart showing a specific example of processing in exclusive control determination execution unit 104. It is a figure which shows the control flow graph of the function f1. It is a figure which shows the control flow graph of the function f1_1. FIG. 6 is a diagram illustrating a flow graph Graph of a function f1. It is a figure which shows the flow graph Graph of the function f2. FIG. 10 is a diagram showing a sequence of nodes after event assignment of function f1. FIG. 10 is a diagram illustrating a sequence of nodes after event assignment of function f2. It is a figure which shows the specific example of the lock state transition of a shared resource. It is a figure which shows the specific example of the output of an exclusive control malfunction candidate. It is a figure which shows the specific example of a structure of the exclusive control malfunction candidate extraction system of 2nd Embodiment. It is a figure which shows the specific example of a shared resource and a lock / unlock function correspondence table. 10 is a flowchart illustrating a specific example of processing in a shared resource specification generation unit 2202 and an exclusive control function / shared resource name correspondence table generation unit 2201. It is a figure which shows the source program of the function which accesses the shared resource A. It is a figure which shows the specific example of the list | wrist of the function which accesses the shared resource A. FIG. 11 is a diagram illustrating a specific example of an exclusive control function candidate / shared resource name correspondence table generated by an exclusive control function / shared resource name correspondence table generation unit 2201. It is a figure which shows the source program of the function f3. It is a figure which shows the specific example of an exclusive control function candidate and a shared resource name correspondence table. It is a figure which shows the specific example of a shared resource specification. It is a figure which shows the flow graph Graph of the function f3. FIG. 11 is a diagram showing a sequence of nodes after event assignment of function f3. It is a figure which shows the specific example of a structure of the exclusive control malfunction candidate extraction system of 3rd Embodiment. It is a figure which shows the source program of the function f3 after a change. It is a figure which shows the specific example of the shared resource specification after the shared resource D is changed. It is a figure which shows the arrangement | sequence of the node after the event allocation of the function f3 after a change. It is a figure showing the source program of function f1. It is a figure showing the source program of the function f2. This is a source program of the first branch of the function f2. This is a source program of the second branch of the function f2. It is a figure which shows the specific example of a structure of the exclusive control malfunction candidate extraction system of 4th Embodiment. It is a figure which shows the specific example of a storage area designation | designated qualifier name list. It is a figure which shows the specific example of a lock / unlock function name list. It is a figure which shows the specific example of a shared resource name list. 10 is a flowchart illustrating a specific example of processing in a shared resource name list generation unit 4001. 10 is a flowchart illustrating a specific example of processing of a shared resource / unlock function correspondence table generation unit 4002. It is a diagram showing a source program in which variables A, B, and C are declared globally. It is a figure which shows the specific example of the function name list | wrist of the function which produces | generates a task. It is a figure showing the source program by which variables D, E, and G are declared in function f.

Explanation of symbols

  101 source program input unit, 102 design information input unit, 103 exclusive control function extraction unit, 104 exclusive control determination execution unit, 105 exclusive control defect candidate output unit, 106 source program, 107,4003 design information, 2201 exclusive control function / shared Resource name correspondence table generation unit 2202 Shared resource specification generation unit 2203 Task main function list generation unit 2501 Shared resource specification / source program change unit 4001 Shared resource name list generation unit 4002 Shared resource lock unlock function Correspondence table generator.

Claims (14)

An exclusive control function extracting means for extracting an exclusive control function that is a function for accessing a shared resource from a software configuration;
An exclusive control defect candidate extraction device comprising: exclusive control determination execution means for executing processing for determining whether or not exclusive control can be performed on the extracted exclusive control function.   The exclusive control defect candidate extraction according to claim 1, wherein the process executed by the exclusive control determination execution unit includes a process of determining whether or not the exclusive control function is accessing a shared resource in an unlocked state. apparatus.   The process executed by the exclusive control determination execution unit determines whether the exclusive control function has finished the process without bringing the shared resource into an unlocked state after accessing the shared resource in the locked state. The exclusion control defect candidate extraction device according to claim 1, comprising a process.   The exclusive control defect candidate extracting device according to claim 1, wherein the exclusive control function extracting unit extracts an exclusive control function for accessing a shared resource used on a plurality of tasks of the software configuration. .   The exclusive control function extracting means, when specifying an exclusive control function that accesses a shared resource used on a plurality of tasks of the software configuration, a function name that is called first when each task of the software configuration is started A shared resource in which the exclusive control function is used on a plurality of tasks of the software configuration by performing a process of tracing a function called when each task is activated using a task main function list which is a list of The exclusion control defect candidate extraction device according to claim 4, wherein it is determined whether or not access is to be performed, and the exclusive control function is specified based on the determination result. The exclusive control function extracting means includes
When specifying an exclusive control function for accessing a shared resource used on a plurality of tasks of the software configuration, the task is based on a description of a location where a function name that generates a task is called in the software configuration. Creating a task main function list, which is a list of function names that will be called first when
Performing a process of tracing a function called from the task main function list, and determining whether or not the exclusive control function accesses a shared resource used on a plurality of tasks of the software configuration, The exclusive control defect candidate extraction device according to claim 4, wherein the exclusive control function is specified based on the determination result. The software design information further includes an acquisition unit for acquiring a correspondence relationship between the shared resource and a function for accessing the shared resource included in the software configuration,
The exclusive control defect candidate extracting device according to claim 1, wherein the exclusive control function extracting unit extracts the exclusive control function based on the correspondence relationship. For each shared resource, an acquisition means for acquiring a correspondence relationship between the shared resource and a function that locks / unlocks the shared resource;
An access function extracting unit that extracts an access function to the shared resource defined in the correspondence relationship from the software configuration;
The exclusive control defect candidate extracting device according to claim 1, wherein the exclusive control function extracting unit extracts a function calling the access function from the software configuration as the exclusive control function. Qualifier acquisition means for acquiring a qualifier that specifies a storage area used for the declaration of a variable that can be a shared resource;
Shared resource extraction means for extracting the list of shared resources from a list of qualifiers that specify the software and the storage area;
A correspondence relationship extracting unit that extracts a correspondence relationship between the shared resource and a function that accesses the shared resource included in the software from the list of the shared resource;
The exclusive control function extracting means extracts the exclusive control function based on the correspondence;
The exclusive control defect candidate extraction device according to claim 1. Qualifier acquisition means for acquiring a qualifier that specifies a storage area used for the declaration of a variable that can be a shared resource;
Lock / unlock function acquisition means for acquiring a list of functions for performing lock / unlock on the shared resource;
Shared resource extraction means for extracting the list of shared resources from the software and a list of modifiers specifying the storage area;
Correspondence that extracts a correspondence between the shared resource and a function that locks / unlocks the shared resource for each shared resource from the list of functions that perform the lock / unlock and the list of shared resources Extraction means;
An access function extracting means for extracting an access function to the shared resource defined in the correspondence relationship from the software;
The exclusive control defect candidate extracting device according to claim 1, wherein the exclusive control function extracting unit extracts a function calling the access function from the software as the exclusive control function. Acquisition means for acquiring, for each shared resource, the shared resource, a function that performs locking / unlocking on the shared resource, and a correspondence relationship between the access function to the shared resource;
A process of extracting a part directly accessing the shared resource from the software, replacing the part with a specific character string, and a process of adding the specific character string to the correspondence as an access function to the shared resource. And further changing means to perform,
The exclusive control defect candidate extracting device according to claim 1, wherein the exclusive control function extracting unit extracts a function calling the access function from the software as the exclusive control function. An exclusive control defect candidate extraction method in an exclusive control defect candidate extraction apparatus comprising an input means, a calculation means, and an output means,
In the input means, inputting a software configuration;
In the computing means, extracting an exclusive control function that is a function for accessing a shared resource from the software configuration;
In the computing means, determining whether or not exclusive control is possible for the extracted exclusive control function; and
And a step of outputting the result of the determination in the output means. A program for causing a computer to execute exclusive control defect candidate extraction processing,
The computer includes input means, calculation means, and output means,
In the input means, inputting a software configuration;
In the computing means, extracting an exclusive control function that is a function for accessing a shared resource from the software configuration;
In the computing means, determining whether or not exclusive control is possible for the extracted exclusive control function; and
An exclusive control defect candidate extraction program for causing the output means to execute a step of outputting the result of the determination.   A computer-readable recording medium on which the exclusive control defect candidate extraction program according to claim 13 is recorded.

Images