JPH08249373A - Device and method for system verification - Google Patents

Abstract

PURPOSE: To provide a system verification device and system verification method which perform simulation based upon abstract input data. CONSTITUTION: An equation expressing the design of a system is inputted by using a design input means 1. A data input means 2 is used to input input data to a system and simulation data including a couple of output data expected to be outputted from the system in response to the input data by using terms containing only variables. A verification means 3 calculates the output value from the system which is based upon the input data by performing simulation by term rewriting on the basis of a specific term rewriting rule corresponding to the equation, input data, and elements of the design, and verifies whether or not the output value matches with the expected output data. An output means 4 outputs the result of the verification.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an improvement of a system verification device for verifying whether a designed system meets requirements, and more particularly to a device suitable for verification of process control logic.

[0002]

2. Description of the Related Art In the development of various systems composed of software and hardware, it is important to verify whether the contents of the designed system meet the requirements for the design. In particular, the process control logic requires high reliability.

The process control logic is implemented in the control system of the plant in order to appropriately start and stop the equipment of the plant based on information obtained from various sensors installed in the plant. It is logical and naturally requires high reliability.

An example of process control logic is the emergency core cooling system of a nuclear power plant. The emergency core cooling system is a series of systems whose purpose is to supply sufficient cooling water to the reactor pressure vessel in the event of a loss of coolant. In this system, sensors provided for various process quantities compare an input value with a predetermined limit value to determine whether the limit is satisfied {on, of
It is expressed by the signal value of f}. The emergency core cooling system receives inputs from these sensors and controls opening / closing of valves and start / stop of pumps necessary for supplying cooling water. In such a system, not only can each device be manually controlled from the console panel, but also automatic control by mode selection is possible to eliminate human error as much as possible.

A process control logic represented by such an emergency core cooling system of a nuclear power plant is required to have high reliability, but the plant structure is becoming more and more complicated and the amount of processes to be measured is increasing. Therefore, it is difficult to understand the correspondence between the control logic and the specifications (requests). In addition, other systems are becoming more complicated, and verification of the validity of the contents has become a difficult task during development.

Therefore, verification is important at the design stage, but conventionally, the validity of the process control logic has been performed by manual matching of documents (specifications, design documents, etc.) and simulation. The manual matching of books means that the verifier confirms on the desk that the design meets the requirements of the specifications. However, the confirmation work while turning over dozens of design documents takes man-hours and may be overlooked.

On the other hand, the confirmation by simulation reduces the complexity of such confirmation work by hand and is effective for verifying the process control logic, but it is necessary to create simulation data. However, in real-level design, it is impossible to perform a simulation with all combinations of input values. Therefore, some data assuming a certain situation (for example, a coolant loss accident in the emergency core cooling system) will be selected and simulated.

[0008]

However, the simulation data in the prior art is specific,
In such concrete data, the concreteness of the data may bring about some assumptions that the verifier did not intend, and the assumptions may affect the simulation, so that appropriate verification may not be performed. That is, it is difficult to properly represent the situation intended by the verifier and to create simulation data that does not include unintended assumptions.

For example, in the case of creating simulation data in which a certain input signal changes from off to on, if the timing of change is appropriately assumed to be 5 seconds after the start of the simulation, the concreteness of the condition "5 seconds later" depends on the verifier. It may be an unintended premise and may affect the verification results. In such a case, it is desired to use abstract simulation data in which the input signal simply changes from off to on without specifically specifying the timing.

The present invention has been proposed in order to solve the above-mentioned problems of the prior art, and its object is to provide a system verification device and a system verification method for performing a simulation based on abstract input data. Is to provide. Another object of the present invention is to provide a system verification device and a system verification method in which information can be easily input.

[0011]

In order to achieve the above object, the system verification device according to claim 1 uses a design input means for inputting an equation representing a system design and a term that can include a variable. And input data to the system,
Data input means for inputting simulation data including a pair of output data expected to be output from the system with respect to this input data, and a predetermined input corresponding to the equation, the input data and the element of the design. The output value from the system is calculated based on the input data by performing a simulation by the term rewriting based on the term rewriting rule, and it is verified whether or not the output value matches the expected output data. It is characterized by having a verification means and an output means for outputting the result of the verification.

According to a second aspect of the present invention, in the system verification apparatus according to the first aspect, the data input means is a language for inputting each element forming the simulation data in a natural language having a predetermined syntax. It is characterized by comprising input means and first conversion means for converting each input element into a term corresponding to the element based on the syntax.

According to a third aspect of the present invention, in the system verification apparatus according to the first aspect, the data input means inputs the elements constituting the simulation data by selecting from a plurality of element displays. And display means for displaying an expression representing the input element in natural language, and second conversion means for converting the input element into a term corresponding to the term.

According to a fourth aspect of the system verification method of the present invention, the step of design input for inputting an equation representing the design of the system and the input data to the system using the term that can include variables, and this input A step of data input for inputting simulation data including a pair of output data expected to be output from the system with respect to the data, and a predetermined term corresponding to the equation, the input data and the element of the design. Verification of calculating an output value from the system based on the input data by performing a simulation by rewriting the term based on a rewriting rule, and verifying whether the output value matches the expected output data. And a step of outputting the result of the verification.

Further, the invention of claim 5 is the system verification method according to claim 4, wherein the step of inputting data includes elements constituting the simulation data,
A language input step for inputting in a natural language having a predetermined syntax, and a first conversion step for converting each input element into a term corresponding to the element based on the syntax. Is characterized by.

The invention of claim 6 is the system verification method according to claim 4, wherein in the data input step, selection of inputting an element forming the simulation data is made by selecting from a plurality of display elements. And a display step of displaying an expression expressing the input element in a natural language, and a second conversion step of converting the input element into a term corresponding to the term. Characterize.

[0017]

The present invention having the above structure has the following functions. That is, in the inventions of claims 1 and 4,
Since input data such as signals can be expressed in an abstract manner using terms that can include variables, verification results are not affected by unnecessary assumptions caused by the concreteness of input data, and accurate simulation with a high degree of abstraction Verification can be done.

Further, in the inventions of claims 2 and 5, elements constituting the simulation data can be input in natural language,
The input element is converted into a term corresponding to the element by character string matching, pattern matching, or the like. For this reason, it is possible to avoid the complexity of directly describing the elements of the simulation data by terms that are difficult to understand in terms of visual content, such as signal expressions.

According to the third and sixth aspects of the present invention, the elements constituting the simulation data can be input by simply selecting from a plurality of displayed elements such as a menu, and the input elements are expressed in natural language, so that the elements can be easily input. I can confirm. Then, the input element is converted into a term corresponding to the element. Therefore, the elements of the simulation data do not need to be expressed in terms and input, and can be input by the simplest method of selection, so that verification can be made efficient. Moreover, since the input contents can be confirmed in the natural language, more reliable input can be performed.

[0020]

Embodiments of the present invention will now be specifically described with reference to the drawings. The embodiments described later are realized on a computer and its peripheral devices, and the functions of the embodiments are realized by controlling this computer by predetermined software. Hereinafter, software for realizing the functions of the embodiments will be referred to as “configuration software”. This is for distinguishing the target software (process) of the apparatus or method according to the embodiment from the software targeted for such a process when the target software is also computer software.

In this specification, the invention and the embodiments are described.
The description is given assuming a virtual circuit block (means) having each function of the invention and the embodiment. That is, each "-means" or "-section" in this specification is a concept corresponding to each function of the embodiment, and does not necessarily correspond to a specific hardware or software routine for configuration one-to-one. Therefore, even the same hardware element can be a certain means when executing a certain instruction and a different means when executing another instruction. Further, one means may be realized by only one instruction or may be realized by a large number of instructions.

The use of a computer is an example,
All or part of each function may be realized on an electronic circuit such as a custom chip (dedicated integrated circuit) if possible.

The scale of the computer used in the embodiments is arbitrary, and any scale such as a personal computer, a workstation, a mainframe, etc. may be used. The hardware of the computer used in the embodiment is at least a CPU (central processing unit).
And a main storage device including a RAM (write-once read-only storage element), typically, an input device such as a keyboard and a mouse, an external storage device such as a hard disk device, a CRT display device and printer printing. It includes an output device such as a device and necessary input / output control circuits. However, the hardware configuration can be freely changed within the scope of the present invention.

For example, the embodiment may be realized on a computer connected to a computer network, or may be realized by distributed processing on a plurality of computers connected to each other. In addition, the number, type, and format of the CPUs and the mode of use are arbitrary. It is up to you whether you want to use it or perform simultaneous parallel processing by time sharing (time division).

Also, as an input device, a touch panel
A pointing device such as a light pen, a trackball, or a digitizer, an image input device such as an image scanner or a video camera, a voice recognition device, or various sensors can be freely used. Also, as an external storage device, a floppy disk device, a RAM card device, a magnetic tape device, an optical disk device, a magneto-optical disk device,
A bubble memory device, a flash memory, etc. can be used freely. Also, as the output device, a liquid crystal display device, a plasma display device, a video projector, an audio circuit, etc. can be freely used.

The configuration software may typically be application software executed on an OS (operating system). Further, the description format of the constituent software is typically considered to be a machine language compiled (translated) from a high-level language or an assembler. However, the aspect of the configuration software can be freely changed as long as the present invention can be implemented. For example, the OS is not essential, and the description format of software may be an interpreter (sequential interpretation execution type) language such as BASIC or an intermediate code.

The software can be stored in any manner, and may be stored in a ROM (read-only memory). Alternatively, the software may be stored in an external storage device such as a hard disk drive at the time of starting the computer. It may be loaded into the main memory at the start of processing. Alternatively, the software may be divided into a plurality of parts and stored in an external storage device, and only the necessary modules may be loaded on the main memory at any time according to the processing content. Further, each software portion may be stored in a different manner.

Further, each step of each procedure in this embodiment may be executed in a different order, a plurality of steps may be executed at the same time, or a different order may be executed for each execution, as long as it does not violate its nature. Such an order change can be realized by a menu-type interface method, such as a user selecting an executable process.

The term "input" used in this specification includes not only the original input of information but also other processing closely related to the input of information. Such processing is, for example, echo back or correction / editing of input contents. Further, the “input” is not necessarily limited to the input from the outside of the computer, and may be performed by reading the information from a predetermined storage device.

In the present specification, the term "output" includes not only the original output of information but also other processing closely related to the output of information. Such processing is, for example, input of a range to be output or an instruction for screen scrolling. Further, the “output” is not necessarily limited to the output to the outside of the computer, and may be performed by writing information in a predetermined storage device. It should be noted that input and output may be realized by an integrated operation by an interactive input / output procedure, and selection / designation /
You may perform processing, such as specification.

The data (information) and the data storage means in the present specification may exist in any form on the computer. For example, in terms of hardware, the data may exist in any part such as the main storage device, the external storage device, the CPU register, and the cache memory. In addition, whether or not to use virtual memory / virtual addressing or bank switching for storing data is also free. In addition, the data can be held in any manner, for example, the file format is not essential, and the data may be stored by directly accessing a storage device such as a memory or a disk with a physical address. In addition, the expression format of the data is arbitrary, and for example, the unit of the code representing the character string may be a character unit or a word unit. Further, the data need only be retained for as long as necessary, and may be lost thereafter. Information that is not changed for the time being, such as dictionary data, may be stored in the ROM.

Further, in the present specification, reference to specific information is a confirmation and does not deny the existence of information not referred to. That is, in the operation of the present invention, general information necessary for the operation and its storage area, for example, various pointers, stacks, counters, flags, parameters, work areas, buffers, etc. are appropriately used.

Unless otherwise specified, information required by each part of the embodiment for processing is obtained from another part holding the information, for example, access to a variable or memory storing the information. Earned by. Further, the erasure / deletion of information can be performed by modifying the information such as setting an erasure flag without actually deleting the content itself of the information from the storage area.

Also, the embodiments may be implemented as a part of some software or may be operated together with other software on a single computer.

(1) Configuration of the First Embodiment The first embodiment is a system verification apparatus and system verification method corresponding to claims 1 and 4, and its purpose is to perform a simulation based on abstract input data. An object of the present invention is to provide a system verification device and a system verification method to be performed.
Further, another object of the first embodiment is to provide a system verification device and a system verification method in which information can be easily input.

First, FIG. 1 is a functional block diagram showing the configuration of the system verification apparatus (hereinafter referred to as "this apparatus") of the first embodiment. As shown in this figure, the present apparatus includes design input means 1 for inputting an equation representing a system design,
Data input means 2 for inputting input data to the system and simulation data including a pair of output data expected to be output from the system with respect to the input data using a term that can include a variable; An output value from the system based on the input data is calculated by performing simulation by term rewriting based on the equation, the input data, and a predetermined term rewriting rule corresponding to the design element, and the output It has verification means 3 for verifying whether or not the value matches the expected output data, and output means 4 for outputting the result of the verification.

(2) Operation and effect of the first embodiment The first embodiment having the above-mentioned structure has the following operation and effect.

[Term Rewriting] First, the term rewriting used in this embodiment is a calculation for rewriting terms based on a term rewriting rule of the form (left term) ==> (right term).

The term is composed of a function symbol and a variable.
Function symbols have types, and the number and types of arguments that can be taken are fixed. Variables also have types. For example, adding natural numbers +
Takes two arguments of natural number type, which means that the function type is a natural number type. When M and N are natural number type variables,
From +, M, N to M + N, M + (N + M), (M + M) + (N + M),
You can make a term like ...

A subterm of a term is the term itself or a term contained in the term. For example, M + (N +
The term N) has subterms M + (N + N), M, N + N, N.

Substitution into a term means replacing a variable in the term with a term. For example, for M + N, M to 5 N
Substituting to M + M yields the term 5+ (M + M).

The term rewriting is the following procedure. -When the term to be rewritten, or its subterm, matches the left term of the term rewriting rule in which an appropriate substitution has been performed, replaces it with the substituted right term. This is called simplification. -Repeat this reduction until there are no applicable rewriting rules.

For example,

[Equation 1] If (M + 1) + (0 + 1) is rewritten by the term rewriting rule

[Equation 2] In this explanation, I explained with one type called natural number type,
When there are multiple types, the type of the item to be assigned must match the type of the variable to which it is assigned.

[Step of design input] First, the verifier
The design input means 1 is used to input equations that represent the design of the system process control logic. FIG. 2 shows each symbol used in the description of the design drawing in the first embodiment, and each symbol represents an element included in the system design. Their meanings are as follows. It should be noted that the "set" is not a unit part on the blueprint because it consists of a logical sum and wipeout, but since it is considered as a part because of its function, it is added to FIG.

That is, logical product, logical sum, and negation are ordinary logical operations. In the case of "wipe out", if the second signal (input is a signal) is on, the output signal is off.
If the second signal is off, the first signal is output. In the "timer", if the input signal is off, the output signal is off, and if the input signal remains on for a specified number of seconds or longer, an on signal is output. In the “set (1)”, if the first signal is on, the on signal continues to be output until the second signal turns on. However, if the first signal is on even if the second signal is on, the output signal is on. In "set (2)", if the first signal is on, the on signal continues to be output until the second signal turns on. However, if the first signal is on and the second signal is on, the output signal is off.

FIG. 3 is an example of the design of the process control logic represented in diagram form using the symbols of FIG. The design of FIG. 3 is designed based on the following requirements, and in this embodiment, it is verified whether or not the design of FIG. 3 actually complies with the following requirements.

Request 1: When the push button is pressed, the control signal for opening the valve A is turned on, and when the sensor detects that the valve A is opened, the control signal is turned off after 1 second.
Return to. Request 2: If the bulb does not open for 60 seconds or longer, turn on the warning lamp.

Each of these elements is defined as a function, and the definition of the function is expressed by the term rewriting rule. The term rewriting rule is stored in a predetermined storage area. Since the system in this embodiment is the process control logic and the inputs and outputs in the process control logic are signals, a set of terms "signal" for expressing signals is defined in advance as follows.

(Equation 3)

Further, the correspondence between the signal and the signal is defined as follows. on signal (value of on) is t, off signal (off
Value) is represented by f. The changing signal is represented by (symbol corresponding to initial value) + (time when change occurs) / (representing signal).

FIG. 4 shows an example of correspondence between signals and terms. The following term rewriting rules are given for signal representations.

[Equation 4] Then, the term rewriting rule is given to each component of the diagram that describes the design. For example, the logical sum, which is one of the components of the diagram, is a binary function named “and”. The following are the term rewriting rules for "and".

(Equation 5) In the term rewriting rules for "and", if. ． ． then. ． ． else. ． ． Although it is said that this is also a term of a special form. The following term rewriting rules are given for if:

(Equation 6)

The equation may be directly input as a character string from a keyboard or the like, or a symbol may be selected on the screen and an equation corresponding to the symbol may be automatically generated. here,
Corresponding functions are defined by the term rewriting rules for each component of the diagram, and therefore the equations are used to express the connection relation between the elements. Below is a set of equations representing the design of FIG.

(Equation 7)

Here, and is a logical product, timer is a timer, and set1 and set2 are function names corresponding to set (1) and set (2). For example, point x on the diagram is connected to point y through a 1 second timer. This function

[Expression 8] x == timer (y, 1) This information about the design is referred to during the simulation by rewriting the terms.

[Data Input Step] Next, the verifier inputs the simulation data through the data input means 2 using the terms that may include variables. The simulation data includes a pair of input data for the system and output data expected to be output from the system for the input data.

Although the simulation data is expressed as a signal of the signal type, it is possible to express the signal with a high degree of abstraction by using a variable here. An example is shown below (hereinafter, the unit time is set to seconds. There is no problem in selecting an appropriate unit time according to the design target).

[Equation 9]

(1) in the above signal expression can be any term whose initial value is off by substituting an appropriate term for a and s. In that sense, (1) is a representative element in the set of terms whose initial value is off.

Simulation data 1 and 2 corresponding to requests 1 and 2 are shown below.

[Equation 10]

That is, in the simulation data 1, it means that the push button for opening the valve A is pressed in the first line of the input data. The second line represents that the sensor detects that the valve has been opened. The third line shows that the reset push button is not pressed. For this input data, the output data indicates that the control signal to valve A starts on and then turns off. c <d means “valve A when the sensor value is turned on.
The control signal to is turned off. "

In the simulation data 2, the first line of the input data indicates that the push button for opening the valve A is pressed. The second line shows that the valve A does not open even after 60 seconds. The output data indicates that the warning lamp blinks in response to the input data.

The simulation data 1 and 2 sufficiently express the contents of the requests 1 and 2 and do not include the contents more than necessary. Therefore, if the verification of these simulation data is successful, it is guaranteed that the design satisfies requirements 1 and 2.

[Verification Step] When the simulation data is input, the verification means 3 performs a simulation by rewriting terms based on the equation and the input data to output from the system based on the input data. Calculate the value. Then, it is verified whether this output value matches the expected output data. The fact that the calculated output value matches the expected output data means that the calculated output value is a concrete embodiment of the expected output data. For example,

[Equation 11] In the case of, the calculated output value embodies the expected output data by substituting a = 10 and b = t + c / d. Therefore, the calculated output value matches the expected output data.

Here, the verification process of the simulation data 1 will be described. That is, first, the input condition is set as follows.

PB_valve A = t + a / b (0 <a) Sensor_valve A fully open = f + c / t (0 <c) PB_reset = f

Since the signal for opening the valve A is fed back, the consequence itself is also assumed.

[Equation 13] Open the valve A = t + d / f (c <d)

Based on these, each design point is calculated by rewriting terms as follows.

[Equation 14]

(Equation 15) By rewriting terms

[Equation 16] I got the result. In this case, assuming d = c + 1, this result was initially assumed

⁢ 17 Match valve A = open + t + d / f (c <d).

[Output Step] The above verification result is output from the output means 4. The output may be performed from any output device such as a display screen, a disk file, or a printer. An output example of the verification result corresponding to the simulation 1 is shown in FIG.

As described above, in the first embodiment, since the input data such as a signal can be abstractly expressed by using the term that can include the variable, the verification result is influenced by the unnecessary premise brought about by the concreteness of the input data. It is possible to perform verification by an accurate simulation with a high degree of abstraction.

(3) Second Embodiment In the data input, each element constituting the simulation data is input in a natural language having a predetermined syntax, and the input element corresponds to the term based on the syntax. You may make it convert into a term. Here, an example of simulation data expressed in natural language is shown.

(Equation 18) In this way, the elements that make up the simulation data can be input in natural language, and the input elements are converted into terms corresponding to the elements by character string matching, pattern matching, or the like. For this reason, it is possible to avoid the complexity of directly describing the elements of the simulation data by terms that are difficult to understand in terms of visual content, such as signal expressions.

(4) Third Embodiment Further, in the data input, an element forming the simulation data is selected from the display of a plurality of elements such as a menu format, and the selected element is confirmed by an expression expressed in natural language. The element thus input may be automatically converted into a term corresponding to the term. in this case,
The simulation data can be confirmed in Japanese similar to that shown in the second embodiment by simply selecting the element.

FIG. 6 shows a screen display example for realizing the data input means. FIG. 6 shows a display example of a window of a display device for realizing the data input means in the third embodiment. In this window, the system name from the design information,
Take out the signal name and display it in a list on the right side. Icons corresponding to the constraints of the simulation data are arranged in the center.
This icon is associated with typical constraints such as “starts with on” and “changes from on to off”. Select signals and constraints by mouse operation and register them in the input or output frame. For example, "P
B_valve A ”

[Formula 19] After selecting, click "Enter"

[Equation 20] [PB_valve A starts with on] is added to the input data. This input is internally

[Equation 21] Is converted into a signal representation by the term.

According to the third embodiment as described above, the elements constituting the simulation data can be input simply by selecting from a plurality of displayed elements such as a menu, and the input elements are expressed in natural language, so that it is easy. I can confirm. Then, the input element is converted into a term corresponding to the element. Therefore, the elements of the simulation data do not need to be expressed in terms and input, and can be input by the simplest method of selection, so that verification can be made efficient. Moreover, since the input contents can be confirmed in the natural language, more reliable input can be performed.

(5) Other Embodiments The present invention is not limited to the above embodiments,
Since the embodiment can be changed as appropriate, it includes the following other embodiments. For example, the present invention can be used to verify not only process control logic, but various systems such as computer software and traffic control systems. Alternatively, the design may be input by selecting a graphic so that the selected content is automatically converted into an equation. Further, the variable for realizing the abstraction does not have to be included in all the terms, and there may be terms including the variables and terms not including the variables.

When a natural language is used to input the simulation data, the language type can be freely selected as well as Japanese.

[0072]

As described above, according to the present invention, since input data such as a signal can be abstractly expressed by using a term that can include a variable, a verification result can be obtained by an unnecessary premise brought about by the concreteness of the input data. Can be verified by accurate simulation with a high degree of abstraction.

[Brief description of drawings]

FIG. 1 is a functional block diagram showing a configuration of a system verification device according to a first embodiment of the present invention.

FIG. 2 is a diagram showing each symbol used to describe a design drawing in the first embodiment of the present invention.

FIG. 3 is a diagram showing a design example of the process control logic represented in a diagram form using the symbols of FIG. 2 in the first embodiment of the present invention.

FIG. 4 is a diagram showing an example of correspondence between signals and terms in the first embodiment of the present invention.

FIG. 5 is a diagram showing an output example of a verification result corresponding to the simulation data 1 in the first embodiment of the present invention.

FIG. 6 is a diagram showing a display example of a screen for realizing data input means in the third embodiment of the present invention.

[Explanation of symbols]

 1: Design input means 2: Data input means 3: Verification means 4: Output means

Claims (6)

[Claims] 1. Input data for the system and output from the system for the input data using a design input means for inputting an equation representing the design of the system and a term that can include variables. And a data input means for inputting simulation data including a pair of output data expected, and a simulation by term rewriting based on a predetermined term rewriting rule corresponding to the equation, the input data and the element of the design. A verification means for calculating an output value from the system based on the input data by performing the verification, and verifying whether the output value matches the expected output data, and an output for outputting the verification result. A system verification apparatus comprising: 2. The data input means includes a language input means for inputting each element constituting the simulation data in a natural language having a predetermined syntax; and the input element based on the syntax. The system verification apparatus according to claim 1, further comprising: first conversion means for converting into a term corresponding to the element. 3. The data input means, selecting means for inputting an element constituting the simulation data by selecting from a plurality of element displays, and a display for displaying an expression expressing the input element in a natural language. The system verification apparatus according to claim 1, further comprising: a unit and a second conversion unit that converts the input element into a term corresponding to the term. 4. Input data for the system and output from the system for the input data using a step of design input for inputting an equation representing a design of the system, and a term that can include variables. Data input step of inputting simulation data including a pair of output data expected to be input, and by term rewriting based on a predetermined term rewriting rule corresponding to the equation, the input data and the element of the design. A verification step of calculating an output value from the system based on the input data by performing a simulation, and verifying whether the output value matches the expected output data, and the verification result. A system verification method comprising: an output step of outputting. 5. The data input step includes a language input step for inputting each element constituting the simulation data in a natural language having a predetermined syntax, and each of the input data based on the syntax. The system verification method according to claim 4, further comprising: a first conversion step of converting an element into a term corresponding to the element. 6. The data input step includes a step of inputting an element constituting the simulation data by selecting from a plurality of element displays, and an expression expressing the input element in natural language. 5. The system verification method according to claim 4, further comprising: a display step of performing the conversion, and a second conversion step of converting the input element into a term corresponding to the term.