JP2010238057A - Apparatus, method and program for extracting test restriction - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To automatically extract a test restriction satisfying operation requirements by analyzing golden (a program) by applying a SAT procedure. <P>SOLUTION: The golden is input, a CFG is generated by prescribed function of the input golden, and a control route by prescribed function is analytically generated by extracting only branch nodes arriving at a target from a control structure. A logical expression expressing the control route is generated by prescribed function, and a logical function expressing the entire control conditions of the golden is configured by combining respective obtained logical expressions. Then, a satisfactory solution satisfying the values of the entire logical function is found out by using the SAT method. When the satisfactory solution of the logical function exists, the satisfactory solution is displayed as an example of test restrictions, the obtained satisfactory solution is stored as a test restriction, AND of the logical NOT of the satisfactory solution and the original logical function is calculated, and search of other test restrictions is repeated. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an apparatus, a method, and a program for automatically extracting test constraints used for function verification.

  There is a requirement (specification S) for realizing a certain system, there is software (implementation D1) that realizes the function, and, for reasons such as higher performance, hardware such as LSI is provided with an equivalent function. Consider a case where it is realized by (Mounting D2). In this case, the function verification is to ensure that the mounted system completely matches the desired operation planned for the specification. Functional verification can be broadly divided into two approaches.

  One is a method called formal verification. This is solved by reducing the function verification problem to a mathematical proof problem. Although it cannot be said that it is widely spread industrially, there are some technically sufficient practical levels. In particular, the SAT method for solving the satisfiability determination problem of a logical function has been established as a core engine of formal verification, and can be applied to, for example, software static analysis technology (see Non-Patent Document 1). This is intended for verification of the implementation D1, and efficiently solves the verification problem of the property that the software should generally satisfy by the SAT method.

  On the other hand, there is simulation as a widely used method. When it is assumed that there is an implementation D1 that completely satisfies the requirements of the specification S, the program of the implementation D1 is called golden. When checking whether or not the mounting D2 is functionally correctly realized, usually, a test pattern is input to the golden and the mounting D2, and a match between both outputs is confirmed by simulation. At this time, Golden operates as a reference program for determining whether or not the implementation D2 has been correctly realized. In order to perform matching verification, a peripheral module called a test bench is required.

  When simulating as many verification items as possible, if the verifier is familiar with the specifications, the operation can be confirmed pinpointly, which is effective. However, the man-hours for creating the test bench and test pattern become a problem. In addition, it is necessary to identify the complex test constraints that are preconditions for verification from the specification S, but a third party who does not necessarily know the specifications and design intent completely creates test constraints that satisfy the operation requirements. It is not easy to do. Furthermore, it is difficult to create as many test patterns as possible based on test constraints and test constraints.

  An object of the present invention is to enable automatic extraction of test constraints satisfying operation requirements by analyzing a golden by applying a SAT method.

  In order to achieve the above object, the invention according to claim 1 is a test constraint extraction device that extracts a test constraint from a golden control condition that satisfies a desired specification, and generates a control structure for each target golden function. A control structure generating means for analyzing, a control path analyzing means for analyzing and generating a control path for each predetermined function obtained by extracting only a branch node reaching a target from the control structure, and a logical expression representing the control path for each predetermined function And a logical function constructing unit that constructs a logical function that represents the whole of the control condition by combining the obtained logical expressions, and a satisfying solution that satisfies the entire value of the logical function using the SAT method. The satisfiability determination means to be obtained and the obtained satisfiable solution are stored as test constraints, and a logical product of the logical negation of the sufficiency solution and the original logical function is calculated to obtain another test. And another solution search and storing means for repeating the search for bets constraint, and a control means for controlling said each means, characterized in that it comprises.

  The invention according to claim 2 is a test constraint extraction method for extracting a test constraint from a golden control condition satisfying a desired specification, wherein a control structure generation step is performed for generating a control structure for each predetermined golden function, A control path analysis step for analyzing and generating a control path for each predetermined function that extracts only the branch node that reaches the target from the control structure, and a logical expression representing the control path for each predetermined function is generated, and each obtained Combining a logical expression, a logical function configuration step that configures a logical function that represents the entire control condition, and a satisfiability determination step that finds a satisfactory solution that satisfies the entire value of the logical function using a SAT technique; The obtained satisfactory solution is stored as a test constraint, and a logical product of the logical negation of the satisfied solution and the original logical function is calculated, and another test constraint Characterized in that it comprises a separate solution searching and storing step of repeating cord, a.

  According to a third aspect of the present invention, in the test constraint extraction program for extracting test constraints from golden control conditions satisfying desired specifications, a control structure generation step for generating a control structure for each predetermined golden function, A control path analysis step for analyzing and generating a control path for each predetermined function that extracts only the branch node that reaches the target from the control structure, and a logical expression representing the control path for each predetermined function is generated, and each obtained Combining a logical expression, a logical function configuration step that configures a logical function that represents the entire control condition, and a satisfiability determination step that finds a satisfactory solution that satisfies the entire value of the logical function using a SAT technique; The obtained satisfied solution is stored as a test constraint, and a logical product of the logical negation of the sufficiency solution and the original logical function is calculated, and another test is performed. And another solution search and storing steps are repeated about the search, characterized in that it comprises a.

  According to the present invention, by analyzing the golden by applying the SAT method, it is possible to automatically extract a plurality of sets of test constraints that match the verification purpose when performing functional verification. Can reduce the burden of creating In addition, test constraints can be extracted even if the specifications are not fully understood, so it can be expected to reduce the man-hours for understanding the specifications. The extracted test constraints can be used not only for software testing but also for hardware functional verification. Furthermore, since the test constraints extracted by the present invention can be used for creating test sequences, there is a possibility that the man-hours required for creating test patterns can be reduced. These effects improve the verification productivity and shorten the total verification period required for building the simulation environment.

It is a block diagram of the system which implements the test constraint extraction method of this invention. It is a flowchart which shows the operation | movement procedure of the control apparatus 8 of FIG. It is a figure which shows the state which paid its attention to the control conditions of the function 1. FIG. It is the figure which expressed the control condition of function 1 with the logical formula. It is a figure which shows the state which paid its attention to the control conditions of the function 2. FIG. It is the figure which expressed the control condition of function 2 with a logical formula. It is a figure which shows the example which comprises the logical function F from the logical expression of the function 1 and the function 2. FIG. It is a figure which shows the procedure which extracts the satisfaction solution of the logic function F, and multiple satisfaction solutions.

  Next, embodiments of the present invention will be described with reference to the drawings. FIG. 1 is a block diagram of a system (apparatus) that implements the test constraint extraction method of the present invention. This device has an input device 1 for inputting a golden (program), a control structure generating device 2 for generating a control structure (CFG described later) for each input golden function, and reaching the target from the control structure. A control path analyzer 3 that analyzes and generates a control path for each predetermined function that extracts only a branch node, generates a logical expression that represents the control path for each predetermined function, and combines the obtained logical expressions, A logical function construction device 4 that constitutes a logical function that represents the entire golden control condition, a satisfiability determiner 5 that finds a satisfactory solution that satisfies the overall value of the logical function using the SAT method, and a logical function An output device 6 that displays the satisfaction solution as an example of a test constraint when a satisfaction solution exists, stores the obtained satisfaction solution as a test constraint, and logically negates the original solution and the original A separate solution search / storage device 7 that calculates a logical product with a logical function and repeats a search for another test constraint, a computer control device 8 that controls the overall control by a control program, and a signal line 9. The Thus, the processing by this system can be realized by a computer and a control program, and the control program can be recorded on a recording medium or provided through a network.

  FIG. 2 is a flowchart showing an operation procedure of the control device 8 of FIG. Hereinafter, steps S1 to S4 will be described as the first half of the process, and steps S5 to S9 will be described as the second half of the process.

<First half of processing>
First, in step S1, golden is input from the input device 1 to the test constraint extraction system of FIG. The control structure generator 2 generates a control flow graph (hereinafter referred to as CFG) with Golden as an input. In FIG. 3, a program of a control structure of a function (hereinafter referred to as function 1) constituting Golden is shown in (a), and a CFG automatically generated from the function 1 is shown in (b). What is widely known as a program front end can be used for automatic generation of CFG.

  In step S2, a pointer (position) Pi indicating the position of the control node of the CFG is defined. A control node is a unit representing control information of a program execution path, and is indicated with a number in FIG. 3B (i = 933 to 948). Control nodes are connected by a one-way arrow to indicate a control vector. The arrow is called a control edge. A larger value of i means a deeper functional position in the CFG. In the function 1 function, i = 933 indicates the start node of the function, and i = 948 indicates the end node of the function. In the present embodiment, i = 947 is reached, that is, function 1 is executed up to the final stage of the function and some calculation result is returned as a target for function confirmation, and a program for reaching i = 948 The execution path is analyzed and test constraints are extracted.

  Also, since Golden is usually configured as a collection of multiple functions, it holds multiple functions, but the functions have functional dependencies such as calling each other, which makes the entire Golden operation Is decided. FIG. 5A shows a program of a control structure (hereinafter function 2) of a function called by cond 4 of FIG. 3B, and FIG. 5B shows a CFG automatically generated from the function 2 function. In function 2, i = 912 indicates the start node of the function, and i = 930 is specified as the function check target at the end node.

  In step S3, the control path analyzer 3 analyzes the control path based on the CFG. FIG. 3B and FIG. 5B show a state in which attention is paid to the CFG control node representing the branch condition. In the corresponding branch node, a left edge is indicated if the evaluation value of the conditional expression cond is TRUE, and a right edge is indicated if it is FALSE. 4 and 6 are directed graphs showing the control relationships in which only branch nodes are extracted for function 1 and function 2. FIG. In other words, the CFG is abstracted by excluding nodes that are not directly related to the increase or decrease of sequential execution statements and other routes. Since the repetition control statement basically repeats the same sequential execution statement, it is considered that the contents of the expanded loop are traced only once and is not handled on the abstracted CFG model.

In step S4, the logical function construction device 4 determines the path information between the start and end nodes of the function, the conditional expression values TRUE / FALSE, and the logical expressions AND (∧), OR (∨), and NOT (˜). Describe in. This is the logical expression En. Specifically, a logical variable is assigned to each CFG branch node in FIGS. Let this logical variable be the literal Ln. A literal represents a positive form (Ln) or a negative form (˜Ln) of a logical variable. The literal of FIG. 4 is assigned as L ₅ = (a, b, c, d, e), and the literal of FIG. 6 is assigned as L ₇ = (m, n, o, p, q, r, s). At this time, CFGs in FIGS. 4 and 6 are expressed by the following logical expressions (1) and (2), respectively.
E _func1 = ~ a∧ ~ b∧ ~ c∧d∧ (e∨ ~ e) (1)
E _func2 = ~ m∧ ~ n∧ ~ o∧p∧ (q∨ ~ q) ∧r∧ (s∨ ~ s) (2)

  That is, if there is a single path between nodes, each positive / negative literal is combined as a term with AND, and if two paths are combined, a positive literal and a negative literal are combined with OR as a term. In this way, by repeating the processes of steps S3 and S4 for all functions, the control path information can be expressed by a logical expression.

<Second half of processing>
In step S5 of FIG. 2, as preprocessing, a logical function F constituting the entire golden is created from the logical expression En obtained up to step S4. The expression format of the logical function F needs to adopt a method described according to some rules for the convenience of subsequent processing. There are standard forms such as sum-of-products formulas and sum-of-products formulas. Many of the known satisfiability determiners accept sum-product type logical expressions, but an appropriate expression format may be used depending on the usage scene. In this embodiment, it is expressed by a sum product type logical expression as shown in Expression (1) and Expression (2). An example of creating the logical function F is shown in FIG. The logical function F is represented by a logical product of the logical expression En. That is, the logical function F created from the logical expressions of function 1 and function 2 in this embodiment is as follows.
F = E _func1 ∧ E _func2 (3)

Here, function 2 is called with i = 942 of function 1 in FIG. According to FIG. 4, the logical variable d is assigned to the i = 942 node. Therefore, the logical variable d can be replaced by the logical expression E _func2 of function 2. That is, the function 1 calls the function 2 and the logical function F expressing the entire dependency relationship can be described as follows.
F = ˜a∧-b∧-c∧-m∧-n∧-o∧p∧ (q∨-q) ∧r∧ (s∨-s) ∧ (e∨-e) (4)

  Next, in step S7, the logical function F of Expression (4) is given to the satisfiability determiner 5. As the satisfiability determiner 5, a known satisfiability determiner using the SAT method can be used. The satisfiability determiner 5 determines whether or not there is a combination of input logical variables such that the entire logical function F is 1. When such a set of logical variables exists, it is displayed on the output device 6 as satisfiable, and conversely, when such a combination of variables does not exist, it is indicated as UNSATisable It is displayed on the output device 6.

In step S8, if SATisfiable is displayed, since there is a satisfactory solution that satisfies the logical function F, one satisfactory solution is exemplified. This satisfactory solution is a test constraint. The test constraint is control information represented by a combination of TRUE / FALSE, and is guaranteed to reach the function confirmation target specified in step S2. That is, the control information obtained here means the test constraint itself that satisfies the purpose of function verification. An example is shown in FIG. Here, since satisfaction solution A ₈ is displayed and stored in a separate solution search-storage device 7 as satisfaction solution A _8. Since the satisfiability determination unit 5 normally displays only one satisfiable solution, the following step S9 is performed when it is desired to exemplify another sufficiency solution.

  In order to display another solution when there are a plurality of satisfactory solutions Ai, “F = F∧˜Ai” is calculated in step S9 to generate a new logical function F ′, and is satisfied again in step S7. It is necessary to let the possibility determiner 5 solve it.

A specific example is shown in FIG. Since satisfaction solution A ₈ is outputted already once, there is no need to display again the same solution. However, satisfiability determiner remains logic function F 5 is likely to output a satisfaction solution A ₈ again. Therefore, to exclude the satisfaction solution A ₈ from candidates of satisfaction solution which is displayed as follows.
F '= F∧ ~ A ₈ (5)
From the table of FIG. 8, since “A ₈ = ˜a ∧˜b ∧˜c ∧˜m ∧˜n ∧˜o ∧p ∧q ∧r ∧s ∧e”, “˜A ₈ = ˜ (˜a ∧ ~ B∧ ~ c∧ ~ m∧ ~ n∧ ~ o∧p∧q∧r∧s∧e) "and without double negation, it is expressed as follows according to De Morgan's law.
~A ₈ = a∨b∨c∨m∨n∨o∨~p∨~q∨~r∨~s∨~e (6)
By substituting equation (6) into equation (5) and solving F ′, another solution other than the satisfactory solution A ₈ can be obtained. Figure 8 is satisfaction solution A ₃ shows an example obtained next to the satisfaction solution A _8.

  Similarly, the satisfiability solution that has been once displayed and output is excluded, and step S7 of the satisfiability determination is repeatedly performed until UNSATisable is displayed. As long as a satisfactory solution exists, a new test constraint can be generated and stored in another solution search / storage device 7. In this embodiment, since all of A1 to A8 are output and displayed as UNSATisfiable, the processing is terminated at that time.

  As described above, in this embodiment, by analyzing the golden by applying the SAT method, it is possible to automatically extract a plurality of sets of test constraints that match the verification purpose when performing functional verification. In addition, test constraints can be extracted without necessarily knowing the specifications. The extracted test constraints can be used not only for software testing but also for hardware functional verification. Furthermore, the extracted test constraints can be used to create a test sequence.

1: Input device 2: Control structure generation device 3: Control path analysis device 4: Logic function configuration device 5: Satisfiability determiner 6: Output device 7: Alternative solution search / storage device 8: Control device 9: Signal line

Ben Chelf and Andy Chou, “The Next Generation of Static Analysis (Boolean Satisfiability and Path Simulation − A Perfect Match)”, White Paper, Coverity, Inc., [Search March 17, 2009], Internet <URL: http : //www.coverity.com/html_en/research-library.html> (Boolean satisfaction: next-generation static analysis)

Claims (3)

In a test constraint extraction device that extracts test constraints from golden control conditions that meet desired specifications,
Control structure generating means for generating a control structure for each predetermined function of the target golden;
Control path analysis means for analyzing and generating a control path for each of the predetermined functions in which only the branch node that reaches the target is extracted from the control structure;
Generating a logical expression representing the control path for each of the predetermined functions, and combining the obtained logical expressions to form a logical function representing the entire control condition;
Satisfiability determination means for obtaining a satisfiable solution that satisfies the entire value of the logic function using a SAT method;
Storing the obtained sufficiency solution as a test constraint, calculating a logical product of the logical negation of the sufficiency solution and the original logic function, and repeating a search for another test constraint;
Control means for controlling each means;
A test constraint extraction device comprising: In a test constraint extraction method for extracting test constraints from golden control conditions that satisfy a desired specification,
A control structure generation step for generating a control structure for each predetermined function of the target golden;
A control path analyzing step for analyzing and generating a control path for each of the predetermined functions, in which only the branch nodes reaching the target are extracted from the control structure;
A logical function configuration step of generating a logical expression representing the control path for each predetermined function and combining the obtained logical expressions to form a logical function representing the entire control condition;
A satisfiability determination step for obtaining a sufficiency solution that satisfies the entire value of the logical function using a SAT method;
Storing the obtained sufficiency solution as a test constraint, calculating a logical product of the logical negation of the sufficiency solution and the original logic function, and repeating a search for another test constraint;
A test constraint extraction method characterized by comprising: In a test constraint extraction program that extracts test constraints from golden control conditions that meet the desired specifications,
A control structure generation step for generating a control structure for each predetermined function of the target golden;
A control path analyzing step for analyzing and generating a control path for each of the predetermined functions, in which only the branch nodes reaching the target are extracted from the control structure
A logical function configuration step of generating a logical expression representing the control path for each predetermined function and combining the obtained logical expressions to form a logical function representing the entire control condition;
A satisfiability determination step for obtaining a sufficiency solution that satisfies the entire value of the logical function using a SAT method;
Storing the obtained sufficiency solution as a test constraint, calculating a logical product of the logical negation of the sufficiency solution and the original logic function, and repeating a search for another test constraint;
A test constraint extraction program characterized by comprising:

Images