JP5326633B2 - DATA GENERATION PROGRAM, DATA GENERATION DEVICE, AND DATA GENERATION METHOD IN PROGRAM MODEL CHECK - Google Patents

Description

  The present invention relates to a data generation technique for performing efficient model checking.

  Model checking is a test executed by extracting the behavior of the test target system from the design document / specification, creating a program (pseudo system) described in a model check dedicated language, and inputting test data to the pseudo system. That's it. The test data is obtained by extracting all possible combinations of each state transition state based on the design document / specification document.

  FIG. 11 is a diagram showing a configuration used when a conventional model check is performed. Input data 116 imitating a user operation is input from the driver 111 to the inspection target program 112 instead of the client. In FIG. 11, an exhaustive inspection is performed on the inspection target program 112 and the database stub 113 and the network stub 114 connected to the inspection target program 112.

  The driver 111 continuously calls the inspection target program 112 a plurality of times with various variations. The model checking device 115 checks whether the functional specification (stored in the property 117) is satisfied. When the inspection target program 112 is called in various execution orders, the input data passed as an argument needs various variations.

  In addition, in order to create the driver 111 that can be inspected assuming all operations of the target program 112, it is possible to reproduce possible combinations in the specifications of the operation event of the target program 112 and the data that is the argument of the operation event. It is necessary to.

  Therefore, in the past, for data design for comprehensive driver creation as described above, a method (boundary value analysis) has been implemented in which equivalence partitioning is performed from the functional specification for each data and representative values are selected from each equivalence class. Yes.

  However, when a conventional boundary value analysis is applied to a program model checking method represented by Java PathFinder that explicitly searches the state space, the following problems occur.

If the state space is created from the representative values created based on the existing boundary value analysis, there is a possibility that a partial graph representing the same situation from the viewpoint of inspection repeatedly appears a plurality of times.
As described above, the conventional boundary value analysis cannot perform equivalence division taking into account the prevention of a partial repetitive structure of the graph, and there is a problem that leads to a state explosion particularly in model checking.

  Patent Document 1 proposes a technique for extracting various representative values from a data definition sentence and a technique for using various representative values as test data.

Japanese Patent No. 3105279

  In consideration of the above situation, the program model checking method extracts repetition factors from the properties of the pseudo system and generates an optimal equivalence class taking into account the conditions for stopping the repetition due to the factors. Accordingly, an object of the present invention is to provide a data generation program, a data generation device, and a data generation method that reduce unnecessary repetition.

In one aspect, a repetition factor identification process, a repetition stop condition extraction process, and an optimized equivalence class generation process are executed.
In the repetitive factor specifying process, a result part is extracted from a property constituted by a condition part and a result part used for model checking of the pseudo system recorded in the recording part. Then, the partial expression constituting the consequent portion is determined whether it is described in the form of a predetermined recursive definition, identifying said type factor if it is described by the equation. Further, a recursive variable included in the factor expression is identified and used as a recursive variable, and a factor variable that is a repetition factor included in the factor expression is specified based on the factor expression and the recursive variable. The repeated stop condition extraction processing extracts a sub-expression including the recursive variable from the equivalence class corresponding to the factor property including the factor expression. A negative conditional expression that negates the extracted conditional expression is created, and a repeated stop condition for the factor variable is calculated based on the negative conditional expression and the factor expression. In the optimized equivalence class generation process, an optimized equivalence class is generated based on the conditional expression and the iterative stop condition, and recorded in the recording unit.

  By extracting the factor of repetition from the properties of the pseudo system and generating an optimal equivalence class that takes into account the condition for stopping the repetition due to the factor, useless repetition can be reduced.

1 is a diagram illustrating a configuration of Example 1. FIG. It is a figure which shows the relationship between a property and an equivalence class. It is a figure which shows the comparison result of the model check of the equivalence class with respect to properties P1-P3, and an optimization equivalence class. 2 is a diagram illustrating a detailed configuration of a data generation device 1. FIG. It is a figure which shows the structure of a property table and an equivalence class table. FIG. 6 is a flowchart showing the operation of the data generation device 1. It is a figure which shows the structure of a consequence formula table and a factor table. It is a figure which shows the structure of a stop condition table. It is a figure which shows the structure of an equivalence class table. It is the block diagram which showed the system configuration | structure for implement | achieving this invention It is a figure which shows the structure used when implementing the conventional model check.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
Example 1
FIG. 1 is a diagram illustrating a configuration of a system that performs model checking of a test target program that is a pseudo system.

The data generation apparatus 1 uses a test target program, a driver that controls execution of the test target program, and a property 8 indicating the functional specification to determine whether the functional specification indicated by the property 8 is satisfied. Input data to be input (not shown in FIG. 1) is generated.
The data generation device 1 that generates input data used for model checking includes a repetition factor specifying unit 2, a repetition stop condition extraction unit 3, and an optimized equivalence class generation unit 4.

(Repetition factor identification processing)
The repetition factor specifying unit 2 extracts a result unit from the property 8 used for model checking of the pseudo system recorded in the recording unit. For example, in the property 8, the functional specification described in the specification or design document is indicated in the form of “A (condition part) if B (consecutive part)” (A-> B) (see FIG. 2). ). The consequent part is the part that hits B.

  In the case of P1 in FIG. 2, the condition part is (10 ≦ stock quantity−quantity) and (customer code! = Null), and the result part is (message = null) and (stock quantity (after) = stock). Number-quantity). Also, the consequent part may be identified by detecting “→” and identifying the character string following “→” as the consequent part.

Next, it is determined whether or not the sub-expression constituting the consequent part is described in a predetermined format. If the sub-expression is described in a predetermined format, a factor expression and a recursive variable are specified.
In the case of P1 in FIG. 2, the subexpression constituting the consequent section is (message = null) and (stock quantity (after) = stock quantity-quantity), and the subexpression is (message = null) and (stock quantity (after) = stock quantity-quantity). As a method for specifying a sub-expression, a method of detecting “and” (logical product) and dividing and specifying a character string before and after “and” can be considered.

  The factor expression and the recursive variable are identified by a recursive expression (an expression described by a predetermined recursive definition) in a predetermined format var (after) = op (var, var ′). Determine if it is a subexpression. Here, op is a binary operator (for example, +, −), and var indicates a recursive variable.

  In the case of P1 in FIG. 2, it can be seen that the sub-expression (stock quantity (after) = stock quantity-quantity) is represented by a recursive formula. That is, the inventory quantity is a recursive variable (var), and a partial expression including the inventory quantity is specified as a factor expression (recursive expression). A property including a factor expression is particularly called a factor property.

Next, based on the factor expression and the recursive variable, a factor variable that becomes a repetition factor included in the factor expression is specified. The identification of the factor variable is a variable corresponding to var ′ of the above var (after) = op (var, var ′). In the case of the property of P1 in FIG. 2, the factor variable corresponds to the quantity of the factor expression (stock quantity (after) = stock quantity-quantity).
Thereafter, the specified factor expression, recursive variable, and factor variable are recorded in the recording unit.

(Repeated stop condition extraction process)
The repeated stop condition extraction unit 3 extracts a sub-expression including a recursive variable from the equivalence class corresponding to the factor property including the factor expression recorded in the recording unit.

Here, the equivalence class is generated by the boundary value analyzer 7 based on the property. The generation of the equivalence class will not be described in detail, but in the example of P1 in FIG. 2, the boundary value analysis device 7 specifies the condition part (10 ≦ the number of stocks−quantity) and (customer code! = Null). Then, a partial expression including a predetermined variable is specified. In this example, a sub-expression (10 ≦ number of inventory−quantity) is specified. Next, equivalence division is performed, and for example, an equivalence class for a sub-expression (10 ≦ stock quantity−quantity) is obtained under the condition of inventory quantity = 100 and quantity> 0. As a result, 0 <quantity ≦ 90 as shown in C1 of the equivalence class in FIG. 2 is obtained. Furthermore, representative value selection is performed,
Obtain a representative value. In this example, the quantity = 1 as shown by the representative value C1 in FIG. 2 is obtained. The equivalence class obtained in this way is recorded in the recording unit in association with each property.

  Next, the equivalence class corresponding to the factor property is identified from the equivalence class obtained corresponding to each property, and the subexpression (conditional expression) including the recursive variable in the identified equivalence class is extracted. For example, a conditional expression including a recursive variable (stock quantity) corresponding to (stock quantity (after) = stock quantity−quantity) becomes (quantity <= stock quantity−10).

Next, a negative conditional expression that negates the conditional expression is created. For example, the negative conditional expression of the conditional expression (quantity <= stock quantity−10) becomes (stock quantity−10 <quantity).
Thereafter, the repeated stop condition for the factor variable is calculated based on the negative condition formula and the factor formula. By substituting the factor expression into the recursive variable part for the calculated negative condition expression, the repeated stop condition for the factor variable is obtained. For example, when a recursive process (repeatedly the same process) is performed on a certain property, a condition that the property is not satisfied is obtained so that the same process is not continued repeatedly.

  For example, if the negative conditional expression is (stock quantity−10 <quantity), the “stock quantity (after)” of the factor expression is substituted into “stock quantity” to generate (stock quantity−quantity) −10 <quantity. Further, this (number of stocks-quantity) -10 <quantity is transformed with respect to the quantity to repeatedly generate a quantity that becomes a stop condition> (stock quantity-10 / 2). Thereafter, the repeated stop condition is recorded in the recording unit.

(Optimized equivalence class generation process)
The optimized equivalence class generation unit 4 creates a logical product of the conditional expression and the repeated stop condition, reconstructs the conditional expression regarding the factor variable, and adds the conditional expression regarding the variable other than the factor variable to the reconstructed conditional expression. Generate the added optimized equivalence class.

The optimized equivalence class narrows the original equivalence class for the factor variable so that after the factor property is filled once, the same factor property is not satisfied the second time.
For example, based on the conditional expression (quantity <= stock quantity−10) and repeated stop condition and quantity> (stock quantity−10 / 2), (stock quantity−10 / 2) <quantity <= stock quantity−10 is generated. . In the case of the property of P1 in FIG. 2, the following optimized equivalence class 10 is generated.
((Stock quantity -10/2) <quantity <= stock quantity-10) and (customer code! = Null)

FIG. 3 shows a comparison result of model checking between the equivalence class and the optimized equivalence class for the properties P1 to P3 shown in FIG.
In the case of the property P1, C1 of the equivalence class is 0 <quantity ≦ 90, C2 is 90 <quantity ≦ 100, and C3 is 100 <quantity. The representative value C1 is quantity = 1, C2 is quantity = 100, and C3 is quantity = 101. Therefore, in the case of the equivalence class, 89 purchase processes are repeated. In other words, when a state space is created from representative values created based on the existing boundary value analysis, depending on how the representative values are taken, multiple subgraphs representing the same situation appear repeatedly even if an event occurs. (The set of satisfying properties does not change).

  However, when the optimized equivalence class is used, a representative value of 45 <quantity <= 90 is represented by quantity = ((stock quantity−10 / 2) <quantity <= stock quantity−10) and (customer code! = Null). Since it becomes 46, it turns out that a state converges by one process.

  In other words, by extracting the recursive variable that causes the repetition from the properties of the pseudo system and generating an optimized equivalence class that takes into account the condition for stopping the repetition (subgraph) by the recursive variable, the classification of cases that should be inspected originally It is possible to reduce wasteful repetition while maintaining the above.

(Example 2)
FIG. 4 is a diagram illustrating a detailed configuration of the data generation device 1.
The repetition factor specifying unit 2 of the data generation device 1 includes a factor expression extracting unit 41 and a factor variable extracting unit 42.
The repeated stop condition extraction unit 3 of the data generation device 1 includes a factor variable conditional expression extraction unit 43 and a stop condition extraction unit 44.

  In addition, the data generation device 1 has a consequence storage unit 45 (consequence table), a factor storage unit 46 (factor table), a stop condition storage unit 47 (stop condition table), and a property storage unit 48 (property table) as recording units. The equivalence class storage unit 49 (equivalence class table) is provided.

  The factor expression extraction unit 41 extracts a factor expression. Extracts the consequent part from the properties used for model checking of the pseudo system recorded in the property storage part 48 (property table), and determines whether the subexpression constituting the consequent part is described by a predetermined recursive definition To do. If it is described in a predetermined formula, the factor formula is extracted and recorded in the factor storage unit 46 (factor table). Further, a recursive variable included in the factor expression is specified, and the recursive variable is recorded in the factor storage unit 46 (factor table).

The factor variable extracting unit 42 extracts a factor variable that becomes a repetition factor included in the factor formula based on the factor expression and the recursive variable, and records the factor variable in the factor storage unit 46 (factor table).
The factor variable conditional expression extraction unit 43 extracts a partial expression (constraint expression) including a recursive variable from the equivalence class corresponding to the factor property including the equivalence class storage unit 49 (equivalence class table) factor expression.

  The stop condition extraction unit 44 creates a negative conditional expression that negates the conditional expression that is the extracted partial expression (constraint expression), calculates a repeated stop condition related to the factor variable based on the negative conditional expression and the factor expression, and repeatedly stops. The condition is recorded in the stop condition storage unit 47 (stop condition table).

  The consequence formula storage unit 45 has a consequence formula table described later (FIG. 7). The factor storage unit 46 has a factor table described later (FIG. 7). The stop condition storage unit 47 has a stop condition table to be described later (FIG. 8). The property storage unit 48 has a property table shown in FIG. The equivalence class storage unit 49 has an equivalence class table shown in FIG.

FIG. 5 is a diagram showing the structure of the property table and the equivalence class table.
The property table has “property ID” and “property expression”. In “Property ID”, an identification number assigned to identify a property is recorded. In the example of FIG. 5, P1 to P3 are recorded. In the “property expression”, a property (condition part → result part: property expression) associated with the identification number is recorded. In the example of FIG. 5, (10 <= stock quantity-quantity) and (customer code! = Null) → (message == null) and (stock quantity (after) == stock quantity-quantity) are linked to P1. ing. Similarly, properties are associated with P2 and P3.

The equivalence class table has “equivalence class ID”, “property ID”, and “constraint expression”. In “equivalent class ID”, the identification number of the equivalent class corresponding to the property ID is recorded. In the example of FIG. 5, C1 to C3 are recorded. In the “constraint formula”, a constraint formula associated with the equivalence class ID is recorded. In the example of FIG. 5, (0 <quantity <= stock quantity−10) AND (customer code! = Null) is linked to C1. Similarly, constraint expressions are associated with C2 and C3.

FIG. 6 is a flowchart showing the operation of the data generation device 1.
In step S1, it is determined whether there are properties to be processed remaining in the property table. The control function of the repetition factor specifying unit 2 determines whether or not the processing in step S2 has been performed for all the property expressions recorded in the property table. If all the processing has been completed, the process proceeds to step S3. If there are still properties to be processed, the process proceeds to step S2. In the example of FIG. 5, it is determined whether or not processing between P1 and P3 has been performed.

In step S <b> 2, the factor expression extraction unit 41 sets the result part of the property in the result table.
As shown in FIG. 7, the result formula table has “result ID”, “property ID”, and “result formula”. In the “result ID”, the identification number of the result portion of each property associated with the property ID described above is recorded. In FIG. 7, P1 ′ to P3 ′ are recorded in the “consequence ID”. In the “result formula”, a result portion of each property associated with the result ID described above is recorded. In FIG. 7, the consequent expression (message = null) and (stock quantity (after) = stock quantity-quantity) associated with P1 ′ is recorded. Similarly, P2′P3 ′ is also associated with a consequence equation.

  In step S3, it is determined whether or not an expression to be processed remains in the result expression table. It is determined whether or not the processing of steps S4 to S5 described later has been performed for all the property expressions recorded in the property table by the control function provided in the repetition factor specifying unit 2, and if all the processing is completed, the step is performed. The process proceeds to S6, and if there are still properties to be processed, the process proceeds to Step S4.

  In step S4, the factor expression extraction unit 41 determines whether or not a recursive definition is included in the corresponding result part of the result formula table. If the recursive definition is included, the process proceeds to step S5, and if not included, the process proceeds to step S6. For example, the factor expression extraction unit 41 has a sub-expression described in a recursive expression such as a predetermined format var (after) = op (var, var ′) in a corresponding consequent part of the consequent expression table. Determine whether. Here, op is a binary operator (for example, +, −), and var indicates a recursive variable. var (after) indicates a value after the operation of op (var, var ').

  In the case of the consequent expression associated with P1 'in the consequent expression table of FIG. 7, it can be seen that the sub-expression (stock quantity (after) = stock quantity-quantity) is represented by a recursive expression. That is, the inventory quantity is a recursive variable (var), and a partial expression including the inventory quantity is specified as a factor expression (recursive expression). A property including a factor expression is particularly called a factor property.

  Next, the factor variable extracting unit 42 identifies a factor variable that becomes a repetition factor included in the factor formula based on the factor expression and the recursive variable in the factor table. The identification of the factor variable is a variable corresponding to var 'of the above var (after) = op (var, var'). In the case of the property of P1 in FIG. 7, the factor variable corresponds to the quantity of the factor expression (stock quantity (after) = stock quantity-quantity).

In step S5, the factor expression extracting unit 41 and the factor variable extracting unit 42 record the factor expression, recursive variable, and factor variable specified by the factor expression extracting unit 41 and the factor variable extracting unit 42 in the factor table.
The factor table includes “factor ID”, “factor property”, “factor expression”, “factor variable”, and “recursive variable”. “Factor ID” is an identification number associated with a factor expression, and is also associated with a property including the factor expression. In the case of the factor table of FIG. 7, F1 is recorded. In “Factor property”, the identification number of the property including the factor expression is recorded. In the case of the factor table of FIG. 7, P1 is recorded. In “Factor formula”, a factor formula is recorded. In the case of the factor table shown in FIG. 7, a factor expression (stock quantity (after) = stock quantity-quantity) is associated with F1 and P1 and recorded. In addition, a factor variable and a recursive variable related to the corresponding factor expression are recorded in “factor variable” and “recursive variable”. In the case of the factor table of FIG. 7, the quantity and the inventory quantity are recorded in association with F1 and P1.

  In step S6, it is determined whether or not a factor expression to be processed remains in the factor table. It is determined by the control function provided in the repeated stop condition extraction unit 3 whether or not all the factor expressions recorded in the factor table have been processed in step S7, which will be described later. If all the processes have been completed, step S8 is performed. If there is still a factor expression to be processed, the process proceeds to step S6.

  In step S7, the factor variable conditional expression extraction unit 43 extracts a conditional expression (constraint expression) corresponding to the factor variable in the equivalence class corresponding to the factor property of the corresponding factor expression and records it in the stop condition table.

  The stop condition table has “stop condition ID”, “original equivalence class”, “original constraint equation”, and “stop condition”. In the “stop condition ID”, an identification number associated with the identification number C1 of the equivalence class corresponding to the factor property is recorded. In the case of FIG. 8, S1 is recorded. In the “original equivalence class”, the identification number of the equivalence class corresponding to the factor property is recorded. In the case of FIG. 8, C1 is recorded. In the “original constraint formula”, the sub-expression related to the factor variable and the recursive variable of the constraint formula recorded in the equivalence class table is recorded.

  In the example of S1 in FIG. 8, the constraint expression (0 <quantity <= stock quantity−10) AND (customer code! = Null) in FIG. 5 is specified, and the subexpression including the factor variable and the recursive variable is specified. . In this example, a partial expression (0 <quantity <= stock quantity−10) is specified, and (0 <quantity <= stock quantity−10) is recorded in association with S1 as a constraint expression of the equivalence class table.

  In step S8, it is determined whether a stop condition to be processed remains in the stop condition table. With the control function provided in the repeated stop condition extraction unit 3, it is determined whether all the stop conditions recorded in the stop condition table have been processed in steps S9 to S10 described later, and all the processes have been completed. If the property to be processed still remains, the process proceeds to step S9.

  In step S9, the stop condition extraction unit 44 creates negation of the original constraint expression of the corresponding stop condition. Create a negative conditional expression that negates the conditional expression. For example, the negative conditional expression of the conditional expression (constraint expression) (quantity <= stock quantity−10) becomes (stock quantity−10 <quantity).

  In step S10, the stop condition extraction unit 44 records an expression in which the corresponding factor expression is substituted into the recursive variable portion in the created negative expression in the stop condition table. By substituting the factor expression into the recursive variable part for the calculated negative condition expression, the repeated stop condition for the factor variable is obtained.

  For example, if the negative conditional expression is (stock quantity−10 <quantity), the “stock quantity (after)” of the factor expression is substituted into “stock quantity” to generate (stock quantity−quantity) −10 <quantity. Further, this (number of stocks-quantity) -10 <quantity is transformed with respect to the quantity to repeatedly generate a quantity that becomes a stop condition> (stock quantity-10 / 2). Thereafter, the repeated stop condition is recorded in the stop condition table.

  In step S11, it is determined whether a stop condition to be processed remains in the stop condition table. With the control function provided in the optimized equivalence class generation unit 4, it is determined whether or not the processing of steps S12 to S13 described later has been performed for all the property expressions recorded in the stop condition table, and all the processing has been completed. If the stop condition to be processed still remains, the process proceeds to step S12.

In step S12, the optimized equivalence class generation unit 4 creates a logical product of the original constraint expression and the stop condition in the stop condition table. For example, based on the original constraint formula (quantity <= stock quantity−10) and stop condition and quantity> (stock quantity−10 / 2) in the stop condition table, (stock quantity−10 / 2) <quantity <= stock quantity− 10 is generated. In the case of the property P1 in FIG. 2, the following optimized equivalence class is generated.
((Stock quantity -10/2) <quantity <= stock quantity-10) and (customer code! = Null)

  In step S13, the created logical product is recorded in the corresponding constraint expression in the equivalence class table as shown in FIG. At this time, the logical product may be overwritten on the current equivalence class.

  By applying the above-described embodiment after boundary value analysis as described above, a necessary and sufficient state space (a space free from leakage and waste) is generated from the viewpoint of inspection (the viewpoint that property groups are properly inspected). A driver is generated. Since model checking generally causes a state explosion easily, a state space that eliminates waste (repetitive structure) contributes greatly to reducing search time, and has the effect of expanding the applicability of model checking technology. There is.

(Configuration when the embodiment of the present invention is implemented as a computer program)
FIG. 10 is a diagram illustrating an example of a hardware configuration of a computer that can implement the apparatus according to the embodiment of the present invention.

  The computer hardware 100 includes a CPU 101, a recording unit 102 (ROM, RAM, hard disk drive, etc.), a recording medium reader 103, an input / output interface 104 (input / output I / F), a communication interface 105 (communication I / F), and the like. It has. Further, each of the above components is connected by a bus 106.

The CPU 101 executes the above-described repetition factor identification process, repetition stop condition extraction process, and optimized equivalence class generation process stored in the recording unit 102 according to input data.
The recording unit 102 records programs and data executed by the CPU 101. In addition, a consequent expression storage unit 45, a factor storage unit 46, a stop condition storage unit 47, a property storage unit 48, and an equivalence class storage unit 49 are provided. It is also used as a work area.

  The recording medium reader 103 controls reading / writing of data with respect to the recording medium 103 a according to the control of the CPU 101. And the data written by control of the recording medium 103a and the recording medium reader 103 are memorize | stored, or the data memorize | stored in the recording medium 103a are read. The detachable recording medium 103a includes a computer readable recording medium such as a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory. The magnetic recording device includes a hard disk device (HDD). Examples of the optical disc include a DVD (Digital Versatile Disc), a DVD-RAM (Random Access Memory), a CD-ROM (Compact Disc Read Only Memory), and a CD-R (Recordable) / RW (ReWritable). Magneto-optical recording media include MO (Magneto-Optical disk).

  An input / output device 104 a (mouse, keyboard, display, etc.) is connected to the input / output interface 104, receives information input by the user, and transmits it to the CPU 101 via the bus 106. Further, operation information and the like are displayed on the display screen in accordance with a command from the CPU 101.

  The communication interface 105 is an interface for LAN connection, Internet connection, or wireless connection with another computer as necessary. It is also connected to other devices and controls data input / output from external devices.

  By using one or more computers having such a hardware configuration, the various processing functions described above (the processing described in the embodiments (such as flowcharts)) are realized. In that case, a program describing the processing contents of the functions that the system should have is provided. By executing the program on a computer, the above processing functions are realized on the computer. The program describing the processing contents can be recorded in a computer-readable recording medium 103a.

  When distributing the program, for example, a portable recording medium such as a DVD or a CD-ROM in which the program is recorded is sold. It is also possible to store the program in a storage device of a server computer and transfer the program from the server computer to another computer via a network.

  The computer that executes the program stores, for example, the program recorded on the portable recording medium or the program transferred from the server computer in its own storage device. Then, the computer reads the program from its own storage device and executes processing according to the program. The computer can also read the program directly from the portable recording medium and execute processing according to the program. Further, each time the program is transferred from the server computer, the computer can sequentially execute processing according to the received program.

  The present invention is not limited to the above-described embodiment, and various improvements and modifications can be made without departing from the gist of the present invention.

Regarding the embodiment including the above-described examples, the following additional notes are further disclosed.
(Appendix 1)
On the computer,
The consequent part is extracted from the property composed of the condition part and the consequent part used for the model checking of the pseudo system recorded in the recording part, and the subexpressions constituting the consequent part are described by a predetermined recursive definition. If it is described in the format, it is specified as a factor expression, and a recursive variable included in the factor expression is specified as a recursive variable. Based on the factor expression and the recursive variable, the factor A repetition factor identification process that identifies a factor variable that is a repetition factor included in the expression;
Extracting the sub-expression including the recursive variable from the equivalence class corresponding to the factor property including the factor expression, creating a negative condition expression negating the conditional expression that is the extracted sub-expression, the negative condition expression and the factor expression A repeated stop condition extraction process for calculating a repeated stop condition for the factor variable based on
An optimized equivalence class generating process for generating an optimized equivalence class based on the conditional expression and the iterative stop condition and recording it in the recording unit;
A data generation program characterized in that
(Appendix 2)
The optimized equivalence class generation process
An optimized equivalence class is created by creating a logical product of the conditional expression and the repeated stop condition, reconstructing the conditional expression related to the factor variable, and adding the conditional expression related to the variable other than the factor variable to the reconstructed conditional expression The data generation program according to attachment 1, wherein the data generation program is generated.
(Appendix 3)
The consequent part is extracted from the property composed of the condition part and the consequent part used for the model checking of the pseudo system recorded in the recording part, and the subexpressions constituting the consequent part are described by a predetermined recursive definition. If it is described in the format, it is specified as a factor expression, and a recursive variable included in the factor expression is specified as a recursive variable. Based on the factor expression and the recursive variable, the factor A repetition factor identification part that identifies a factor variable that becomes a repetition factor included in the formula;
Extracting the sub-expression including the recursive variable from the equivalence class corresponding to the factor property including the factor expression, creating a negative condition expression negating the conditional expression that is the extracted sub-expression, the negative condition expression and the factor expression A repetitive stop condition extracting unit that calculates a repetitive stop condition related to the factor variable based on
An optimized equivalence class generating unit that generates an optimized equivalence class based on the conditional expression and the iterative stop condition and records it in the recording unit;
A data generation device comprising:
(Appendix 4)
The consequent part is extracted from the property composed of the condition part and the consequent part used for the model checking of the pseudo system recorded in the recording part, and the subexpressions constituting the consequent part are described by a predetermined recursive definition. Determine whether
If it is described in the predetermined format, it is specified as a factor expression, and a recursive variable included in the factor expression is specified as a recursive variable.
Based on the factor expression and the recursive variable, a factor variable that becomes a repetition factor included in the factor expression is specified,
Extract a sub-expression including the recursive variable from an equivalence class corresponding to a factor property including the factor expression,
Create a negative conditional expression that negates the conditional expression that is the extracted sub-expression,
Based on the negative conditional expression and the factor expression, a repeated stop condition for the factor variable is calculated,
Generate an optimized equivalence class based on the conditional expression and the repeated stop condition and record it in the recording unit,
A data generation method characterized by the above.
(Appendix 5)
The optimized equivalence class generator
An optimized equivalence class is created by creating a logical product of the conditional expression and the repeated stop condition, reconstructing the conditional expression related to the factor variable, and adding the conditional expression related to the variable other than the factor variable to the reconstructed conditional expression The data generation device according to attachment 3, wherein the data generation device generates the data.
(Appendix 6)
An optimized equivalence class is created by creating a logical product of the conditional expression and the repeated stop condition, reconstructing the conditional expression related to the factor variable, and adding the conditional expression related to the variable other than the factor variable to the reconstructed conditional expression The data generation method according to appendix 4, wherein the data is generated.

1 data generator,
2 Repeat factor identification part,
3 Repeating stop condition extraction unit,
4 Optimization equivalence class generator,
5 factor expressions and factor variables,
6 Repeat stop condition,
7 Boundary value analyzer,
8 properties
9 properties and equivalence classes,
10 optimized equivalence classes,
41 factor expression extraction unit,
42 factor variable extractor,
43 factor variable conditional expression extraction unit,
44 Stop condition extraction unit,
45 Consecutive expression storage,
46 factor storage,
47 Stop condition storage unit,
48 property storage,
49 equivalence class storage,

Claims (4)

On the computer,
Extracting the consequent part from the property composed of the condition part and the consequent part used for the model checking of the pseudo system recorded in the recording part, and the subexpression constituting the consequent part is in the form of a recursive definition determined in advance. It is determined whether it is described, and if it is described in the format, it is specified as a factor expression, a recursive variable included in the factor expression is specified as a recursive variable, and based on the factor expression and the recursive variable, Repetitive factor specifying processing for specifying a factor variable that becomes a repetitive factor included in the factor expression;
Extracting the sub-expression including the recursive variable from the equivalence class corresponding to the factor property including the factor expression, creating a negative condition expression negating the conditional expression that is the extracted sub-expression, the negative condition expression and the factor expression A repeated stop condition extraction process for calculating a repeated stop condition for the factor variable based on
An optimized equivalence class generating process for generating an optimized equivalence class based on the conditional expression and the iterative stop condition and recording it in the recording unit;
A data generation program characterized in that The optimized equivalence class generation process
An optimized equivalence class is created by creating a logical product of the conditional expression and the repeated stop condition, reconstructing the conditional expression related to the factor variable, and adding the conditional expression related to the variable other than the factor variable to the reconstructed conditional expression The data generation program according to claim 1, wherein the data generation program is generated. Extracting the consequent part from the property composed of the condition part and the consequent part used for the model checking of the pseudo system recorded in the recording part, and the subexpression constituting the consequent part is in the form of a recursive definition determined in advance. It is determined whether it is described, and if it is described in the format, it is specified as a factor expression, a recursive variable included in the factor expression is specified as a recursive variable, and based on the factor expression and the recursive variable, A repetition factor identifying unit that identifies a factor variable that is a factor of repetition included in the factor expression;
Extracting the sub-expression including the recursive variable from the equivalence class corresponding to the factor property including the factor expression, creating a negative condition expression negating the conditional expression that is the extracted sub-expression, the negative condition expression and the factor expression A repetitive stop condition extracting unit that calculates a repetitive stop condition related to the factor variable based on
An optimized equivalence class generating unit that generates an optimized equivalence class based on the conditional expression and the iterative stop condition and records it in the recording unit;
A data generation device comprising: A data generation method executed by a data generation apparatus including a repetition factor identification unit, a repetition stop condition extraction unit, and an optimized equivalence class generation unit,
The repetition factor specifying unit is
Extracting the consequent part from the property composed of the condition part and the consequent part used for the model checking of the pseudo system recorded in the recording part, and the subexpression constituting the consequent part is in the form of a recursive definition determined in advance. determining whether the written, along with specifying a factor expression if it is described in the format, to identify recursive variables included in the factor equation and recursive variable, based on the recursion variable and the factors formula , Identify a factor variable that becomes a repetition factor included in the factor expression,
The repeated stop condition extraction unit
The subexpression including the recursive variable is extracted from the equivalence class corresponding to the factor property including the factor expression, a negative conditional expression in which the conditional expression that is the extracted subexpression is negated is created, and the negative condition expression and the factor Calculate the repeated stop condition for the factor variable based on the formula,
The optimized equivalence class generation unit includes:
Generate an optimized equivalence class based on the conditional expression and the repeated stop condition and record it in the recording unit,
A data generation method characterized by the above.