WO2016174743A1 - ソースコード等価性検証装置、および、ソースコード等価性検証方法 - Google Patents
ソースコード等価性検証装置、および、ソースコード等価性検証方法 Download PDFInfo
- Publication number
- WO2016174743A1 WO2016174743A1 PCT/JP2015/062852 JP2015062852W WO2016174743A1 WO 2016174743 A1 WO2016174743 A1 WO 2016174743A1 JP 2015062852 W JP2015062852 W JP 2015062852W WO 2016174743 A1 WO2016174743 A1 WO 2016174743A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- source code
- verification
- equivalence
- change
- equivalence verification
- Prior art date
Links
- 238000012795 verification Methods 0.000 title claims abstract description 303
- 238000000034 method Methods 0.000 title claims description 58
- 238000012937 correction Methods 0.000 claims abstract description 85
- 230000014509 gene expression Effects 0.000 claims abstract description 78
- 238000004364 calculation method Methods 0.000 claims abstract description 20
- 230000008859 change Effects 0.000 claims description 151
- 238000000354 decomposition reaction Methods 0.000 claims description 28
- 230000010354 integration Effects 0.000 claims description 4
- 238000012986 modification Methods 0.000 claims description 4
- 230000004048 modification Effects 0.000 claims description 4
- 238000012545 processing Methods 0.000 description 24
- 230000010365 information processing Effects 0.000 description 23
- 230000008569 process Effects 0.000 description 16
- 230000006870 function Effects 0.000 description 15
- 238000004458 analytical method Methods 0.000 description 8
- 230000006399 behavior Effects 0.000 description 8
- 238000012360 testing method Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000000717 retained effect Effects 0.000 description 2
- 206010016275 Fear Diseases 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006866 deterioration Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/75—Structural analysis for program understanding
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/52—Binary to binary
Definitions
- the present invention verifies that the behavior between the source codes is equivalent when the source code is changed, and assists the developer to correct the behavior so as to be equivalent if the behavior is not equivalent, and , Concerning the verification method.
- Patent Document 1 There is a technique described in Patent Document 1 as a method for verifying equivalence of source codes.
- Japanese Patent Application Laid-Open No. 2004-228561 discloses a method of performing a test on a portion where a difference is caused by source code comparison and comparing the result.
- Non-Patent Document 1 discloses a method for verifying that a behavior is retained using symbol execution.
- Refactoring and language replacement are methods for improving software maintainability.
- Refactoring is a general term for techniques for improving the design quality of software by changing the internal structure without changing the behavior of the software.
- Language replacement is to re-create the same function as software developed using a programming language with low maintainability using another programming language with high maintainability.
- This refactoring and language replacement technique is a promising technique for ensuring the maintainability of software that is becoming increasingly complex and large-scale.
- the behavior of the target source code is changed when the software source code is changed or recreated, there is a possibility that a new defect may be mixed. Therefore, there is a possibility that the software developer fears that a defect will be mixed in software that has been operating correctly due to refactoring or language replacement, and may decide not to do so.
- a method for verifying that there is no change in the behavior of the source code before and after the change of the source code is required.
- both source codes are “equivalent” that the external behavior of the two source codes is the same, that is, the same output is obtained at runtime for any same input. It is defined as Further, verifying whether the source code before the change and the source code after the change are equivalent is referred to as “equivalence verification”.
- Conditions required for the method for verifying that the source code before the change and the source code after the change are equivalent include the following conditions.
- (1) One condition is that most of the work is automated, and there are few manual work. Traditionally, source code equivalence has been verified by manual review and testing. By realizing automatic verification using a tool, verification man-hours are reduced, and refactoring and the like are promoted.
- (2) Another condition is to provide the developer with information that is the basis, information about the location to be corrected, and information regarding the correction method when it is determined that they are not equivalent by the equivalence verification method. By providing the developer with easy-to-understand information on points to be corrected and further providing information on the correction method, correction by the developer is facilitated, leading to a reduction in development period and man-hours.
- Patent Document 1 requires a test and cannot satisfy the condition (1).
- the method according to Non-Patent Document 1 generates a logical expression for verifying equivalence and verifies it using a solver, but does not provide information on a portion to be corrected or a correction method.
- the condition (2) cannot be satisfied.
- an object of the present invention is to provide a technique for presenting information on corrections in source code.
- the disclosed source code equivalence verifying device uses the symbol execution calculation unit that executes symbol execution on the source code before change and the source code after change, and the symbol execution result of the symbol execution calculation unit, respectively.
- an equivalence verification formula generator that generates an equivalence verification formula with the source code
- an equivalence verification formula verifier that verifies the equivalence verification formula generated by the equivalence verification formula generator
- an equivalence verification formula verifier Generation of a correction candidate that generates a correction candidate that makes the source code before the change and the source code after the change equivalent when the source code before the change and the source code after the change are not equivalent in the verification result of the equivalence verification expression
- a verification result generation unit that generates a verification result report using the verification result by the equivalence verification formula verification unit and the correction candidate by the correction candidate generation unit.
- the developer can confirm on the source code the part to be modified to make the source code before the change and the source code after the change equivalent.
- 2 is a hardware configuration of the source code equivalence verification apparatus according to the first embodiment.
- 3 is a software configuration of the source code equivalence verification apparatus according to the first embodiment. It is a function structure of a source code equivalence verification apparatus. It is a structure and data flow of the control part and memory
- Symbol execution refers to execution using symbols instead of executing source code while substituting specific values for variables (input variables, global variables, etc.) used in source code when verifying source code
- a combination of a variable state (hereinafter also referred to as a variable state) in a source code execution process and a conditional expression (hereinafter also referred to as a path constraint) for passing through the path in the source code (hereinafter referred to as a snapshot). This is a technique for obtaining the input / output relationship of the source code using the above.
- FIG. 1 is an example of source code before change used for source code equivalence verification.
- symbol execution is performed using the information processing apparatus for the source code C100 described in the C language in FIG. 1 as an example.
- FIG. 2 is an example of a structure graph obtained as a result of analyzing the source code.
- the information processing apparatus first generates a structure graph N100 shown in FIG. 2 by performing lexical analysis and syntax analysis similar to compilation on the source code C100.
- the structure graph N100 is obtained by removing the information that is not related to the meaning of the language and extracting only the information that is related to the meaning (abstracted) from the syntax tree.
- a control flow is shown.
- a solid line arrow indicates an unconditional control flow, and a broken line arrow indicates a conditional control flow.
- each control flow starting from the node N1 corresponding to the function entry point and ending at the node N5 corresponding to the return statement that is the exit of the function is illustrated.
- a plurality of conditional control flows are output from the node N2 corresponding to the if statement, which indicates that different control flows are passed depending on whether or not the condition of the if statement is satisfied.
- the information processing apparatus gives position information on the source code C100 corresponding to each node.
- the information processing apparatus assigns a line number in the source code C100 as position information. For example, it can be seen that position information L4 is assigned to the node N2, and the corresponding if sentence is described in the fourth line of the source code C100.
- FIG. 3 is an example of an execution tree resulting from symbol execution of the source code.
- the information processing apparatus generates an execution tree S100 shown in FIG. 3 based on the structure graph N100.
- Each node of the execution tree S100 is represented by a combination of the path constraint (upper column) and the variable state (middle column) described above, and further, position information (lower column) indicating the position via the source code is displayed.
- a root node (root node) S101 of the execution tree S100 corresponds to an initial state of execution of the source code.
- the information processing apparatus adds new nodes to the execution tree S100 each time the variable state is updated as the source code is executed.
- the information processing apparatus When generating the execution tree S100, the information processing apparatus assigns a symbol variable corresponding to the value of the variable that becomes the input variable of the function foo.
- the value of a variable serving as an input variable is a value of a variable that is given from outside the function and affects the operation of the function, and includes a function variable and a global variable that is accessed within the function.
- a function argument a and a global variable g are input variables.
- the information processing apparatus assigns “ ⁇ ” and “ ⁇ ” to the variables a and g as symbolic variables.
- the information processing apparatus generates a root node S101 in the execution tree S100 based on the node N1 of the structure graph N100.
- the information processing apparatus sets “no condition” indicating “no constraint” in the path constraint (upper column) S101a of the root node S101, and inputs variable a and g in the variable state (middle column) S101b.
- the position information L2 acquired from the node N1 is set in the position information (lower column) S101c.
- the information processing apparatus executes processing based on the next node N2 on the control flow of the node N1 in the structure graph N100.
- the node N2 is a conditional branch node having two conditional control flows N21 and N22, a child node S102 corresponding to the conditional control flow N21, and a child node S105 corresponding to the conditional control flow N22.
- variable state (middle column) in the node S102 is set to be the same as the variable state S101b of the parent node because the variable state is not changed by the if statement.
- position information (lower column) is “L2, 4” by adding the position information (L4) of the node N2 to the position information S101c of the parent node S101, and the second and fourth lines of the source code. Means you have been through.
- variable state (middle column) in the node S105 is set to be the same as the variable state S101b of the parent node because the variable state is not changed by the if statement. Further, the position information (lower column) is “L2, 4” by adding the position information (L4) of the node N2 in addition to the position information S101c of the parent node.
- the information processing apparatus executes processing based on N3 which is the next node on the control flow N21 of the node N2.
- the information processing apparatus generates a child node S103 of S102 as a node in the execution tree S100 corresponding to the node N3.
- the information processing apparatus executes processing based on N5 which is the next node on the control flow of N3.
- the information processing apparatus executes processing based on N4 which is the next node on the control flow N22 of N2.
- the node N4 is a conditional branch node having two conditional control flows N41 and N42, and the information processing apparatus displays a child node S106 corresponding to the conditional control flow N41 and a child node S110 corresponding to the conditional control flow N42. , Respectively, under the node S105.
- the information processing apparatus repeats the above operation for all branches until generation of all branches is completed.
- the information processing apparatus finally obtains an execution tree S100 as shown in FIG. 3 from the structure graph N100 shown in FIG. 2 by the above operation.
- child nodes corresponding to conditional branches are generated in the execution tree so that all possible control flows are covered.
- a leaf node in an execution tree is to obtain a set of a set of a condition (path constraint) for an input value of a source code and a state (variable state) of an output variable.
- the leaf node of the execution tree at the time when the symbol execution is completed is referred to as “snapshot”, and the set of snapshots is referred to as “symbol execution summary”.
- symbol execution summary the set of snapshots.
- the leaf nodes in the execution tree S100 are the three nodes S104, S109, and S113, which are snapshots, and these sets are the symbol execution summary S120. However, the variable states of variables r and a which are local variables are excluded.
- the symbol execution is described using the source code written in the C language.
- the present invention is not limited to the C language, and can be similarly applied to the source code written using another programming language. .
- FIG. 4 shows the hardware configuration of the source code equivalence verification apparatus 1000 of this embodiment.
- the source code equivalence verification apparatus is realized by, for example, a personal computer which is a general information processing apparatus as shown in FIG.
- the source code equivalence verification device 1000 includes a central processing unit (CPU) 101, a main storage device 102, a network I / F 103, a graphic I / F 104, an input / output I / F 105, and an auxiliary storage device I / F 106 connected by a bus. It has become a form.
- the CPU 101 controls each part of the source code equivalence verification apparatus 1000, loads the source code equivalence verification program 200 to the main storage device 102, and executes it.
- the main storage device 102 is usually composed of a volatile memory such as a RAM, and a program executed by the CPU 101 and data to be referenced are loaded from an auxiliary storage device or the like and stored.
- the network I / F 103 is an interface for connecting to the external network 150.
- the graphic I / F 104 is an interface for connecting a display device 120 such as a Liquid Crystal Display (LCD).
- a display device 120 such as a Liquid Crystal Display (LCD).
- the input / output I / F 105 is an interface for connecting an input / output device.
- a keyboard 131 and a mouse 132 as a pointing device are connected.
- the auxiliary storage device I / F 106 is an interface for connecting an auxiliary storage device such as an HDD (Hard Disk Drive) 141 or a DVD (Digital Versatile Disk) drive device 142.
- an auxiliary storage device such as an HDD (Hard Disk Drive) 141 or a DVD (Digital Versatile Disk) drive device 142.
- the HDD 141 has a large storage capacity, and stores a source code equivalence verification program 200 for executing the processing of this embodiment.
- the DVD drive device 142 is a device that writes data to or reads data from an optical disk such as a DVD or a CD.
- the source code equivalence verification program 200 is provided by, for example, a CD-ROM. Can be installed.
- the test data generation apparatus 1000 installs the source code equivalence verification program 200 in the personal computer as described above and executes each function.
- FIG. 5 shows the software configuration of the source code equivalence verification apparatus of this embodiment.
- a source code equivalence verification program 200 executed by the source code equivalence verification apparatus 1000 includes a source code reading module 2001, a structure graph generation module 2002, a symbol execution calculation module 2003, an equivalence verification expression generation module 2004, and an equivalence verification expression verification.
- a module 2005, a correction candidate generation module 2006, and a verification result display module 2007 are included.
- the program equivalence verification program 200 is application software that runs on the operating system (OS), and includes the OS and library program as the software configuration of the source code equivalence verification device, but is omitted in FIG. ing.
- OS operating system
- the source code reading module 2001 is a module that reads the source code before change and the source code after change from the HDD or another computer and stores them in the storage unit.
- the structure graph generation module 2002 is a module that generates a structure graph (for example, N100 described above) by performing lexical analysis / syntactic analysis of a source code (for example, C100 described above) and extracting a control flow.
- the symbol execution calculation module 2003 performs symbol execution based on the structure graph generated by the structure graph generation module 2002 to calculate an execution tree (for example, S100 described above) and collects the leaf nodes of the symbol execution summary (for example, This module generates S120) described above.
- the equivalence determination formula generation module 2004 generates, for each combination of snapshots included in the symbol execution summary, the symbol execution summary of the source code before change and the symbol execution summary of the source code after change generated by the symbol execution calculation module 2003. Is a module that generates a path constraint conjunction expression, a path constraint equivalence determination expression, and a path equivalence verification expression for determining the equivalence of.
- the equivalence verification formula verification module 2005 uses the path constraint conjunction formula, the path constraint equivalence judgment formula, and the path equivalence verification formula generated by the equivalence judgment formula generation module 2004 as a SAT (SATisfiability) solver or SMT (Satfiability Modulo Theories). This module solves a satisfiability problem using a solver.
- SAT SATisfiability
- SMT Statfiability Modulo Theories
- the correction candidate generation module 2006 uses the verification result output from the equivalence verification formula verification module 2005 to determine which combination of the symbol execution summary of the source code before the change and the snapshot included in the symbol execution summary of the source code after the change. This module analyzes whether non-equivalence has occurred and derives correction candidates for logical equivalence in the case of non-equivalence.
- the verification result generation module 2007 generates a verification result report using the verification results output from the equivalence verification formula verification module 2005, the correction candidates output from the correction candidate generation module 2006, symbol execution summary, and source code information. A module that displays or notifies.
- FIG. 6 shows a functional configuration of the source code equivalence verification apparatus 1000.
- the control unit 110 is realized by the CPU 101 and the main storage device 102 in FIG. 4, and the storage unit 140 is mainly realized by the HDD 141 in FIG. 4, but may include the main storage device 102.
- the input device 130 includes the input / output I / F 105, the keyboard 131, the mouse 132, and the like of FIG. 4, and may further include a configuration for reading from the DVD drive device 142 via the auxiliary storage device I / F 106.
- the output device 121 includes a graphic I / F 104, a display device 120, and the like, and may further include a configuration for writing to the DVD drive device 142 via the auxiliary storage device I / F 106.
- the communication unit 103 represents the network I / F 103 in FIG. 4 and is connected to, for example, an external computer 160 via the network 150. Details of the control unit 110 and the storage unit 140 of FIG. 6 will be described with reference to FIG
- FIG. 7 shows the configuration and data flow of the control unit 110 and the storage unit 140 of the source code equivalence verification apparatus 1000.
- the source code input unit 111 reads the pre-change source code 301 and the post-change source code 302 to be verified, and stores them in the pre-change / post-change source code storage area 201.
- the example in which the source code 301 before change and the source code 302 after change are described in C language has been described, but the structure graph generation unit 112 and symbol execution calculation corresponding to other programming languages are also described.
- the unit 113 it is also possible to use source code written in another programming language. Different programming languages may be used for the source code 301 before change and the source code 302 after change.
- the structure graph generation unit 112 performs source code analysis on the pre-change source code and the post-change source code stored in the pre-change / post-source code storage area 201, and the pre-change structure which is the analysis result
- the graph and the post-change structure graph are stored in the pre-change / post-change structure graph storage area 202.
- the symbol execution calculation unit 113 executes symbol calculation for each of the before / after structure graphs stored in the before / after structure graph storage area 202, and shows the calculation result (symbol execution result).
- the symbol execution summary is stored in the before / after symbol execution result storage area 203.
- the equivalence verification expression generation unit 114 stores the symbol execution summary of the source code before change and the symbol of the source code after change, which are stored in the pre-change / post-symbol execution result storage area 203, and are the pre-change / post-sign execution results. From the execution summary, for each combination of snapshots included in the symbol execution summary, a path constraint conjunction expression, a path constraint equivalence judgment expression, and a path equivalence verification expression for determining the equivalence of both are generated, and the equivalence Store in the verification expression storage area 204.
- the equivalence verification formula verification unit 115 executes verification of the path constraint conjunction formula, the path constraint equivalence determination formula, and the path equivalence verification formula stored in the equivalence verification formula storage area 204, and the verification results thereof. Is stored in the equivalence verification formula result storage area 205.
- the path constraint equivalence determination formula, and the path equivalence verification formula stored in the equivalence verification formula storage area 204 is unequal Then, it is determined which snapshot combination is non-equivalent, an operation for becoming equivalent is derived, and stored in the correction candidate storage area 206 as a correction candidate.
- the verification result generation unit 117 generates the verification result report 310 using the verification results of the path constraint conjunction formula, the path constraint equivalence determination formula, and the equivalence verification formula, the correction candidate, the symbol execution summary, and the source code information. And stored in the verification result storage area 207 and displayed on the screen using the output device 121, or transmitted to the external computer 160 using the communication unit 103.
- each unit included in the control unit 110 is realized by the source code equivalence verification apparatus 1000 executing each module of the source code equivalence verification program shown in FIG. .
- FIG. 8 is a process flowchart of the source code equivalence verification apparatus. An example will be described in which the pre-change source code C100 shown in FIG. 1 is input as the pre-change source code, and the post-change source code C200 shown in FIG.
- the source code input unit 111 reads the pre-change source code 301 to be verified and stores it in the pre-change / post-source code storage area 201. (P110).
- the structure graph generation unit 112 executes source code analysis of the pre-change source code stored in the pre-change / post-change source code storage area 201, generates a pre-change structure graph N100 that is the analysis result, and The data is stored in the post-structure graph storage area 202 (P120).
- the symbol execution calculation unit 113 performs symbol execution on the pre-change structure graph stored in the pre-change / post-structure graph storage area 202, generates the execution result as the change issue execution summary S120, It is stored in the subsequent symbol execution result storage area 203 (P130).
- the post-change symbol execution summary is stored in the pre-change / post-symbol execution result storage area 203.
- processing steps P110, P120, and P130 for the source code 301 before change can be executed independently of the processing steps P111, P121, and P131 for the source code 302 after change, both may be processed in parallel.
- the structure graph generation and re-use can be performed by reusing the previous processing result stored in the pre-change / post-symbol execution result storage area 203. Symbolic execution calculations can be omitted.
- the equivalence verification formula generator 114 generates an equivalence verification formula using the symbol execution summary of the source code before the change and the symbol execution summary of the source code after the change (P140).
- FIG. 10 is an example of an execution tree resulting from symbol execution of the changed source code C200.
- a specific processing procedure includes a symbol execution summary S120 shown in FIG. 3 generated from the pre-change source code C100 shown in FIG. 1 and a symbol execution summary S220 shown in FIG. 10 generated from the post-change source code C200 shown in FIG. It explains using.
- FIG. 11 is a processing flowchart of the equivalence verification expression generation unit 114.
- the equivalence verification formula generation unit 114 acquires the symbol execution summary of the source code before the change from the pre-change / post-symbol execution result storage area 203 (P141). The following process is executed for each snapshot of the change execution summary, and if there is no unprocessed snapshot before change (P142), the equivalence verification expression generation unit 114 ends the process.
- the equivalence verification expression generation unit 114 selects one snapshot from the summary before the change issue execution (P143).
- the equivalence verification formula generation unit 114 acquires a post-change symbol execution summary from the pre-change / post-symbol execution result storage area 203 (P144).
- the equivalence verification expression generation unit 114 selects one snapshot for the post-change symbol execution summary (P146) and generates a path equivalence verification expression (P147). If there is no unprocessed snapshot after change (P145), the equivalence verification expression generation unit 114 returns to step P142. Therefore, the equivalence verification expression for all combinations of the pre-change snapshot and the post-change snapshot is returned.
- the generation unit 114 generates a path equivalence verification formula.
- the equivalence verification expression generation unit 114 generates a snapshot constraint expression by taking a conjunction of a path constraint and an equality condition of each variable state for each snapshot of the symbol execution summary.
- the equivalence verification expression generation unit 114 selects a path constraint conjunction expression for determining whether there is a portion that overlaps both path constraints for the selected pre-change snapshot and post-change snapshot, and a selection.
- Path constraint equivalence judgment formula for determining whether the path constraints of the modified snapshot and modified snapshot are equivalent, and within the range of paths corresponding to the selected snapshot before and modified
- a path equivalence verification formula for verifying equivalence in the above is generated and recorded in the equivalence verification formula storage area 204.
- the path constraint conjunction expression is a conjunction of the selected path constraint of the pre-change snapshot and the path constraint of the post-change snapshot.
- the path constraint equivalence judgment formula is an expression for verifying that, when the path constraint conjunction formula is satisfied, a portion that overlaps both path constraints has already occurred, and a portion that does not overlap exists.
- the path constraint equivalence judgment expression is represented by (A ⁇ B) ⁇ ( ⁇ A ⁇ B), where A is the path constraint of the selected snapshot before change and B is the path constraint of the snapshot after change. . If this expression is unsatisfiable, the path constraint A and the path constraint B all overlap and are equivalent.
- the path equivalence verification expression consists of the negation expression of the conjunction of the equality constraint expression between the corresponding output variables, the snapshot constraint expression of the selected before-change snapshot, and the snapshot constraint expression of the selected after-change snapshot. It becomes the conjunction of When the source code before change and the source code after change are equivalent in the selected snapshot, that is, in the selected path, the output variable is equal to any input variable that passes through that path. The conjunction of the equality constraint is always valid.
- the output variables g and R on the changed symbol execution summary side are replaced with g ′ and R ′, respectively, in order to avoid a collision with the variable name in the change execution summary.
- one snapshot was selected at a time and a path equivalence verification formula was generated.
- multiple snapshots may be selected at once. In that case, the selection of the snapshot constraint formula corresponding to the selected snapshot is used instead of the snapshot constraint formula used to generate the path equivalence verification formula.
- the processing of the equivalence verification expression generation unit 114 is started after the processing of the symbol execution calculation unit 113 is completed.
- generation of the snapshot is completed, generation of a path equivalence verification expression for the combination related to the snapshot may be started.
- the equivalence verification formula verification unit 115 uses a SAT solver or the like for each of the plurality of path constraint conjunction formulas, path constraint equivalence determination formulas, and path equivalence verification formulas generated by the equivalence verification formula generation unit 114. Satisfiability is determined (P150). The equivalence verification expression verification unit 115 determines whether each of the expressions can be satisfied or not, and if the path equivalence verification expression can be satisfied, the value of the variable that the solver outputs is satisfied. The counterexample as an example is stored in the equivalence verification expression verification result storage area 205.
- FIG. 12 is an example of a verification result 1200 of each path equivalence verification formula by the equivalence verification formula verification unit 115 in this example.
- the path equivalence verification formula cannot be satisfied for all, so the post-change source code C100 and the post-change source code C200 are equivalent. It is determined.
- the correction candidate generation unit 116 generates a correction operation that makes the changed source code equivalent in the case of non-equivalence, but does not execute anything because it is determined as equivalent in this example (P160).
- FIG. 13 is an example of a verification result report.
- the verification result generation unit 117 generates a verification result report 500 as shown in FIG. 13 based on the verification result (P170).
- the verification result report 500 as the verification result 510, “equivalent” is displayed when all the path equivalence verification formulas cannot be satisfied, and “non-equivalent” when any of them can be satisfied. In this example, since all the path equivalence verification formulas are recorded as unsatisfactory, the verification result 510 is displayed as “equivalent”.
- the verification result report 500 may include display of the source code 521 before change and the source code 522 after change using the source code information stored in the before / after source code storage area 201.
- the verification result report 500 may include a display of the change issue execution summary 531 and the post-change symbol execution summary 532 using the symbol execution summary information stored in the before / after change execution result storage area 203. .
- the symbol execution summary displays 531 and 532 in FIG. 13 the path constraints and variable states are displayed in one line for each snapshot.
- the equivalence (referred to as path equivalence) between when a specific path of the source code before change and a specific path of the source code after change are combined is a combination of all paths.
- Equivalence verification is realized by verifying against.
- Fig. 14 shows an example of the changed source code that has been changed to be non-equivalent.
- the source code C100 before change shown in FIG. 1 as the source code before change is changed, and the change shown in FIG. 14 as the source code after change which is a change not equivalent to C100.
- a case where the post source code C300 is input will be described as an example.
- FIG. 15 shows the processing contents in each step processing of FIG. 8 as described above.
- the changed source code C300 starts from the changed source code C300 as shown in FIG.
- An execution summary S320 is generated.
- the equivalence verification expression generation unit 114 generates a path constraint conjunction expression, a path constraint equivalence determination expression, and a path equivalence verification expression for each combination of the pre-change snapshot and the post-change snapshot.
- the equivalence verification expression verification unit 115 performs equivalence determination by determining satisfiability of all the generated path constraint conjunction expressions, path constraint equivalence determination expressions, and path equivalence verification expressions using a SAT solver or the like. .
- FIG. 16 shows the verification result of each path equivalence verification formula.
- FIG. 17 is a process flowchart in step P160 of the correction candidate generation unit 116.
- the correction candidate generation unit 116 arranges the snapshot results before the change in rows and the snapshots after the change in columns in order to satisfy the satisfaction results of the respective expressions determined by the equivalence verification expression verification unit 115.
- the verification result by the equivalence verification formula verification unit 115 will be described with reference to a verification table (see FIG. 18) described in squares.
- the satisfaction determination result shown in FIG. 16 is the verification table 1800 of FIG.
- the path constraint of the snapshot before change and the path constraint of the snapshot after change are non-equivalent, so it is expressed as path constraint non-equivalence.
- the path equivalence verification expression cannot be satisfied, it means that the variable output state is equivalent in the range of the path indicated by the path constraint of the snapshot before the change and the path constraint of the snapshot after the change. If it is satisfiable, it is expressed as variable state inequality.
- the correction candidate generating unit 116 determines that it is equivalent and ends the process (P162).
- attention is paid to a cell whose variable state is non-equivalent (P163).
- the correction candidate generation unit 116 proceeds to Step P165 if the focused cell is path constraint equivalent, and proceeds to Step P166 if the target cell is not equivalent to the path constraint (P163).
- the correction candidate generating unit 116 changes the variable state of the snapshot after changing the focused cell.
- the operation to replace the variable state of the snapshot before the change is saved as a correction candidate in the correction candidate storage area 206 (P165), and the process proceeds to Step P161.
- the correction candidate generation unit 116 scans in the vertical direction of the target square in the verification table 1800, searches for other squares that are not equivalent to path constraints, and there is another square that is not equivalent to path constraints. Advances to step P167. If not, the process proceeds to Step P168 (P166).
- the target square is not equivalent to the path constraint and the variable state is not equivalent, and the path constraint is not equivalent to the vertical direction from the target square. It is a state in which other cells exist.
- the fact that other squares with non-equivalent path constraints exist in the vertical direction means that the path constraint of the snapshot after the change of the target square is the same as that of the snapshot before the change of the non-equivalent square in the vertical direction. Both path constraints indicate overlapping parts. Therefore, the correction candidate generation unit 116 sets an operation of decomposing the snapshot after the change of the focused cell using the path restriction of the snapshot before the change of the focused cell as the correction candidate in the correction candidate storage area 206. Save (P167) and go to Step P161.
- the correction candidate generation unit 116 focuses on the cell 1804 in FIG. 18, and the cell 1803 becomes another cell that is not equivalent to the path constraint existing in the vertical direction. Detect and proceed to step P167.
- the constraint terms that appear in common in the decomposition standard and the decomposition target are removed from the decomposition standard.
- the decomposition criterion is ⁇ ( ⁇ > 1).
- the mass 1803 is decomposed by adding the decomposition standard to the object to be decomposed with affirmative and negative.
- FIG. 19 is an example of a snapshot disassembly operation and a variable state change operation, and is a result of disassembling the post-change snapshot S322 into a snapshot S3221 and a snapshot S3222.
- the path constraint of the snapshot S3221 is added with ⁇ ( ⁇ > 1) which is an affirmative of the decomposition criterion, and the path constraint of the other snapshot S3222 is ⁇ ( ⁇ ( ⁇ > 1)) which is a negative of the decomposition criterion.
- the variable states of both snapshots are the same as before decomposition.
- the correction candidate generation unit 116 stores this decomposition operation in the correction candidate storage area 206.
- the correction candidate generation unit 116 scans in the horizontal direction of the target cell in the verification table 1800, searches for other cells that are not path constraint non-equivalent, and there are other cells that are not path constraint non-equivalent Advances to Step P169 (P168). If there is no correction candidate, the correction candidate generation unit 116 ends the process.
- the correction candidate generation unit 116 uses, as a correction candidate, an operation for integrating the snapshot after the change of the target square and the snapshot after the change of another square that is not equivalent to the path constraint in the horizontal direction.
- the data is stored in the storage area 206 (P169), and the process proceeds to Step P161.
- the path constraints of both snapshots are combined by disjunction, and either variable state is adopted as the variable state.
- the correction candidate generation unit 116 reconstructs the verification table 1800 using a variable state change operation, a path constraint decomposition operation, or a path constraint integration operation stored in the correction candidate storage area 206 (P161).
- the correction candidate generation unit 116 since the post-change snapshot S322 is decomposed into the snapshot S3221 and the snapshot S3222, the correction candidate generation unit 116 divides the column 1805 in FIG. 18 to verify the verification table 2000 shown in FIG. , And using the disassembled snapshot, again determine the satisfiability of the path constraint conjunction expression, path constraint equivalence judgment expression, and path equivalence verification expression for each cell, and update the validation table. After reconstructing the verification table, the correction candidate generating unit 116 returns to Step P162 and repeats the same process.
- the verification table 2000 in FIG. 20 shows that the cell 2001 that is a combination of the pre-change snapshot S109 and the post-change snapshot S3222 is noted in step P163, and the path restrictions of the focused cell are equivalent.
- the correction candidate generating unit 116 stores an operation for replacing the variable state of the post-change snapshot S3222 with the variable state of the pre-change snapshot S109 in the correction candidate storage area 206.
- the corrected snapshot to which the operation of replacing the variable state of the pre-change snapshot S109 is applied becomes the snapshot S3223 of FIG. 19, and the correction candidate generation unit 116 proceeds to step P161.
- the correction candidate generating unit 116 replaces the snapshot S3222 in FIG. 20 with the snapshot S3223 in FIG.
- the correction candidate generation ends in step P162.
- the operation stored in the correction candidate storage area 206 is applied to the changed source code, so that it becomes logically equivalent to the source code before the change.
- FIG. 22 is an example of a verification result report 600 generated by the verification result generation unit 117.
- the verification result report 600 as the verification result display 610, “equivalent” is displayed when all the path equivalence verification expression verification results cannot be satisfied, and “non-equivalent” when there is a satisfyable path equivalence verification expression. Is displayed. In this example, for example, “not equivalent” is displayed because the path equivalence verification formula when the snapshot S109 and the snapshot S322 are selected can be satisfied.
- the verification result report 600 may include a display of the change issue execution summary 631 and the post-change symbol execution summary 632 using the symbol execution summary information stored in the pre-change / post-change symbol execution result storage area 203. At this time, the snapshot verification result 639 can be displayed on the display of the post-change symbol execution summary 632.
- the verification result 639 of the snapshot refers to the verification result 1602 of each path equivalence verification formula shown in FIG. 16, and if all the verification results of the path equivalence verification formula that selected the snapshot are unsatisfactory, “ “Equivalent” or “Not Equivalent” is displayed if there is a satisfiable path equivalence verification formula.
- other snapshots are displayed as “non-equivalent” because they include a satisfying path equivalence verification formula.
- the verification result report may include a display of counterexample information 640 that is not equivalent using counterexample information stored in the equivalence verification formula verification result storage area 205.
- a check box 638 for selecting a snapshot may be provided while the symbol execution summary is displayed, and a counter-example of the path equivalence verification formula for the selected combination of snapshots may be displayed.
- the verification result report 600 may further include a display of the pre-change source code 621 and the post-change source code 622 using the source code information stored in the pre-change / post-source code storage area 201.
- the path of the snapshot may be displayed on the source code from the position information of the snapshot.
- the path of the snapshot S109 is displayed as an underline on the source code 621 before the change using the position information of the snapshot S109. Further, the path of the snapshot S322 is displayed as an underline on the changed source code 622 using the position information of the snapshot S322.
- the background is displayed in a different color, highlighted by changing the font or character size, and the display of the portion other than the route is deleted. Then, the route is displayed in a different manner from other parts, such as displaying only the route.
- the path corresponding to the selected snapshot is displayed on the source code, and the counter example corresponding to the combination of them is displayed. It becomes possible to narrow down the range to be investigated, and it becomes easy to find the cause that is not equivalent.
- the verification result report 600 includes a display of a correction candidate 2501 to be equivalent to the correction target portion of the post-change symbol execution summary 632 using the correction candidate information stored in the correction candidate storage area 206. But it ’s okay.
- the decomposition operation for the snapshot S322 after the change into the snapshots S3221 and S3222 shown in FIG. 19 is stored as the correction candidates in the correction candidate storage area 206
- the snapshot S3221 A corresponding post-decomposition snapshot 2502 and a post-decomposition snapshot 2503 corresponding to the snapshot S3222 are displayed.
- an operation for correcting the variable state from snapshot S3222 to snapshot S3223 is stored in the correction candidate storage area 206 as a correction candidate, so that the variable state 2504 of the post-decomposition snapshot 2503 includes It is displayed reflecting the variable status replacement.
- the correction candidates are displayed on the path corresponding to the selected snapshot of the post-change source code. There are methods.
- the verification result report 600 uses the source code information stored in the pre-change / post-change source code storage area 201 and the correction candidate information stored in the correction candidate storage area 206, to the post-change source code 622.
- a display of modified source code 2505 modified to be logically equivalent to the unmodified source code by applying a modification candidate may be included.
- the correction candidate information stored in the correction candidate storage area 206 is first the decomposition of the post-change snapshot S322 in which the decomposition criterion is ⁇ ( ⁇ > 1).
- the decomposition criterion a branch by the if statement is added to the seventh line of the modified source code 2505 on the path through the modified snapshot S322, and a branch by the else statement indicating the negative path of the decomposition criterion is added to the tenth line. It has been added.
- the disassembled snapshot S3221 that is, the disassembled snapshot 2502 in FIG. 22, there is no change in the variable state, so the 8th and 9th lines remain as they are.
- the decomposed snapshot S3222 is subjected to a variable state change operation to become a snapshot S3223. Therefore, the 11th line of the modified source code 2505 is the source code for realizing the changed variable state.
- the portion corrected by the path constraint decomposition operation or the variable state change operation is underlined.
- the background is displayed in a different color, the font or character size is changed and highlighted, and the display of parts other than the correction part is displayed. Is displayed in a different manner from the other parts, such as deleting only and displaying only the route.
- the modified source code is a source code that is mechanically applied with modifications that are logically equivalent to the pre-change source code, so readability and maintainability may be reduced, and may be difficult to use as is There is sex.
- the developer can indicate which changes in the source code after the change are equivalent to the source code before the change. It becomes easy to consider how to correct it.
- Source code equivalence verification device 101 ... CPU, 102 ... main storage device, 103 ... network I / F, 104 ... graphic I / F, 105 ... input / output I / F, 106 ... auxiliary storage device I / F, DESCRIPTION OF SYMBOLS 110 ... Control part, 120 ... Display / output device, 121 ... Output device, 130 ... Input device, 131 ... Keyboard, 132 ... Mouse, 140 ... Memory
- symbol execution summary S104, S109, S113, S221 to S223, S321 to S323 ... Snapshot in symbol execution, S101a ... Path constraint of node of symbol execution tree, S101b ... Variable state of node of symbol execution tree, S101c ... Position information of node of symbol execution tree, N100 ... Structure graph, 1800, 2000, 2200 ... verification table, 500, 600 ... verification result report.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Stored Programmes (AREA)
- Debugging And Monitoring (AREA)
Abstract
Description
(1)1つの条件は、その作業の大部分が自動化されており、人手による作業が少ないことである。従来、ソースコードの等価性は、人手によるレビューやテストによって検証されていた。これをツールによる自動的な検証を実現にすることにより、検証工数が削減され、リファクタリング等が促進される。
(2)もう1つの条件は、等価性検証手法により非等価であると判断された場合に、その根拠となる情報や修正すべき箇所や修正方法に関する情報を開発者に提供することである。開発者に分かりやすく修正すべき箇所の情報を提供し、さらに修正方法についての情報を提供することにより、開発者による修正が容易となり、開発期間や工数の短縮につながる。
Claims (12)
- 変更前ソースコードと変更後ソースコードに対して、それぞれ記号実行する記号実行計算部、
前記記号実行計算部の記号実行結果を用いて、前記変更前ソースコードと前記変更後ソースコードとの等価性検証式を生成する等価性検証式生成部、
前記等価性検証式生成部で生成された前記等価性検証式を検証する等価性検証式検証部、
前記等価性検証式検証部による前記等価性検証式の検証結果が、前記変更前ソースコードと前記変更後ソースコードとが非等価の場合、前記変更前ソースコードと前記変更後ソースコードとが等価になるための修正候補を生成する修正候補生成部、および、
前記等価性検証式検証部による前記検証結果と前記修正候補生成部による前記修正候補を用いて、検証結果リポートを生成する検証結果生成部を有することを特徴とするソースコード等価性検証装置。 - 請求項1に記載のソースコード等価性検証装置において、前記等価性検証式生成部は、前記等価性検証式として、前記変更前ソースコードおよび前記変更後ソースコードの記号実行サマリを構成する各スナップショットの組み合わせに対するパス制約連言式、パス制約等価判定式、およびパス等価性検証式を生成することを特徴とするソースコード等価性検証装置。
- 請求項2に記載のソースコード等価性検証装置において、前記等価性検証式検証部は、前記パス制約連言式、前記パス制約等価判定式、および前記パス等価性検証式を検証することを特徴とするソースコード等価性検証装置。
- 請求項3に記載のソースコード等価性検証装置において、前記等価性検証式検証部による前記検証結果が、前記変更前ソースコードと前記変更後ソースコードとが非等価の場合、前記修正候補生成部は、前記変更後ソースコードが前記変更前ソースコードに等価になるための前記修正候補となる、変数状態の変更操作、パス制約の分解操作、およびパス制約の統合操作の少なくとも一つ操作を生成することを特徴とするソースコード等価性検証装置。
- 請求項4に記載のソースコード等価性検証装置において、前記等価性検証式検証部による前記検証結果が非等価である場合、前記検証結果生成部は、前記修正候補生成部が生成する前記検証結果リポートに前記操作の表示を含むことを特徴とするソースコード等価性検証装置。
- 請求項4に記載のソースコード等価性検証装置において、前記等価性検証式検証部による前記検証結果が非等価の場合、前記検証結果生成部は、前記修正候補生成部が生成する前記操作を、前記変更後ソースコードに適用し、前記変更前ソースコードと等価になるように修正された前記変更後ソースコードを、前記検証結果リポートに含むことを特徴とするソースコード等価性検証装置。
- ソースコード等価性検証装置によるソースコード等価性検証方法であって、前記ソースコード等価性検証装置は、
変更前ソースコードと変更後ソースコードのそれぞれを記号実行し、
前記記号実行の結果を用いて、前記変更前ソースコードと前記変更後ソースコードとの等価性検証式を生成し、
前記等価性検証式を検証し、
前記等価性検証式の検証結果が、前記変更前ソースコードと前記変更後ソースコードとが非等価の場合、前記変更前ソースコードと前記変更後ソースコードとが等価になるための修正候補を生成し、
前記等価性検証式の前記検証結果と前記修正候補を用いて、検証結果リポートを生成することを特徴とするソースコード等価性検証方法。 - 請求項7に記載のソースコード等価性検証方法において、前記ソースコード等価性検証装置は、
前記等価性検証式として、前記変更前ソースコードおよび前記更後ソースコードの記号実行サマリを構成する各スナップショットの組み合わせに対するパス制約連言式、パス制約等価判定式、およびパス等価性検証式を生成することを特徴とするソースコード等価性検証方法。 - 請求項8に記載のソースコード等価性検証方法において、前記ソースコード等価性検証装置は、
前記パス制約連言式、前記パス制約等価判定式、および前記パス等価性検証式を検証することを特徴とするソースコード等価性検証方法。 - 請求項9に記載のソースコード等価性検証方法において、前記ソースコード等価性検証装置は、
前記検証結果が、前記変更前ソースコードと前記変更後ソースコードとが非等価の場合、前記変更後ソースコードが前記変更前ソースコードに等価になるための前記修正候補となる、変数状態の変更操作、パス制約の分解操作、およびパス制約の統合操作の少なくとも一つ操作を生成することを特徴とするソースコード等価性検証方法。 - 請求項10に記載のソースコード等価性検証方法において、前記ソースコード等価性検証装置は、
前記検証結果が非等価の場合、前記検証結果リポートに前記操作の表示を含むことを特徴とするソースコード等価性検証方法。 - 請求項10に記載のソースコード等価性検証方法において、前記ソースコード等価性検証装置は、
前記検証結果が非等価の場合、前記操作を、前記変更後ソースコードに適用し、前記変更前ソースコードと等価になるように修正された前記変更後ソースコードを、前記検証結果リポートに含むことを特徴とするソースコード等価性検証方法。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2015/062852 WO2016174743A1 (ja) | 2015-04-28 | 2015-04-28 | ソースコード等価性検証装置、および、ソースコード等価性検証方法 |
JP2017515328A JP6419953B2 (ja) | 2015-04-28 | 2015-04-28 | ソースコード等価性検証装置、および、ソースコード等価性検証方法 |
CN201580078612.5A CN107533464A (zh) | 2015-04-28 | 2015-04-28 | 源代码等价性检查装置以及源代码等价性检查方法 |
US15/561,207 US20180181485A1 (en) | 2015-04-28 | 2015-04-28 | Source code equivalence verification device and source code equivalence verification method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2015/062852 WO2016174743A1 (ja) | 2015-04-28 | 2015-04-28 | ソースコード等価性検証装置、および、ソースコード等価性検証方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016174743A1 true WO2016174743A1 (ja) | 2016-11-03 |
Family
ID=57199649
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2015/062852 WO2016174743A1 (ja) | 2015-04-28 | 2015-04-28 | ソースコード等価性検証装置、および、ソースコード等価性検証方法 |
Country Status (4)
Country | Link |
---|---|
US (1) | US20180181485A1 (ja) |
JP (1) | JP6419953B2 (ja) |
CN (1) | CN107533464A (ja) |
WO (1) | WO2016174743A1 (ja) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2018133034A (ja) * | 2017-02-17 | 2018-08-23 | 三菱重工エンジニアリング株式会社 | ソフトウェア試験装置、ソフトウェア試験システム、ソフトウェア試験方法およびプログラム |
KR20190129549A (ko) * | 2018-05-11 | 2019-11-20 | 니덱모빌리티코리아 주식회사 | 비언어 요구사항 정보에 대한 소스코드 추적이 가능한 시스템 및 방법 |
JP2020038521A (ja) * | 2018-09-05 | 2020-03-12 | 株式会社日立製作所 | ソースコード生成支援装置およびソースコード生成支援方法 |
US11461079B2 (en) | 2020-06-22 | 2022-10-04 | Fujitsu Limited | Non-transitory computer-readable medium |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10176086B2 (en) * | 2016-10-03 | 2019-01-08 | Fujitsu Limited | Event-driven software test sequence determination |
US20180240356A1 (en) * | 2017-02-21 | 2018-08-23 | Microsoft Technology Licensing, Llc | Data-driven feedback generator for programming assignments |
US11487641B1 (en) * | 2019-11-25 | 2022-11-01 | EMC IP Holding Company LLC | Micro services recommendation system for identifying code areas at risk |
CN113110874B (zh) * | 2021-04-14 | 2024-05-17 | 北京沃东天骏信息技术有限公司 | 用于生成代码结构图的方法和装置 |
CN117743658B (zh) * | 2024-02-20 | 2024-04-19 | 成都融见软件科技有限公司 | 一种约束信息的集中可视化方法、电子设备及存储介质 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2014126985A (ja) * | 2012-12-26 | 2014-07-07 | Hitachi Ltd | ソースコード等価性検証装置、および、ソースコード等価性検証方法 |
JP2014186477A (ja) * | 2013-03-22 | 2014-10-02 | International Business Maschines Corporation | 情報処理装置、情報処理方法、及び、プログラム |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6553362B2 (en) * | 2000-07-14 | 2003-04-22 | Hewlett-Packard Development Company, L.P. | Case-reduced verification condition generation system and method using weakest precondition operator expressed using strongest postcondition operators |
US20060041873A1 (en) * | 2004-08-19 | 2006-02-23 | Cisco Technology, Inc. | Computer system and method for verifying functional equivalence |
US8683441B2 (en) * | 2006-01-11 | 2014-03-25 | International Business Machines Corporation | Software equivalence checking |
CN103645987B (zh) * | 2013-12-20 | 2016-01-20 | 南京大学 | 基于代码生成和符号执行的访问控制策略测试自动生成方法 |
-
2015
- 2015-04-28 CN CN201580078612.5A patent/CN107533464A/zh not_active Withdrawn
- 2015-04-28 WO PCT/JP2015/062852 patent/WO2016174743A1/ja active Application Filing
- 2015-04-28 JP JP2017515328A patent/JP6419953B2/ja not_active Expired - Fee Related
- 2015-04-28 US US15/561,207 patent/US20180181485A1/en not_active Abandoned
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2014126985A (ja) * | 2012-12-26 | 2014-07-07 | Hitachi Ltd | ソースコード等価性検証装置、および、ソースコード等価性検証方法 |
JP2014186477A (ja) * | 2013-03-22 | 2014-10-02 | International Business Maschines Corporation | 情報処理装置、情報処理方法、及び、プログラム |
Non-Patent Citations (2)
Title |
---|
MASATOSHI YOSHIDA: "Shiyo Kijutsu o Hitsuyo to shinai Yukai Regression Kenchi Framework no Teian", LECTURE NOTE/SOFTWARE GAKU 36, SOFTWARE KOGAKU NO KISO XVII, 30 November 2010 (2010-11-30), pages 181 - 182 * |
TAKESHI MATSUMOTO: "C Base Koi Sekkei ni Okeru Tokasei Kensho Framework to Hanrei Kaiseki Shuho no Teian", THE 18TH WORKSHOP ON CIRCUITS AND SYSTEMS IN KARUIZAWA RONBUNSHU, 26 April 2005 (2005-04-26), pages 557 - 562 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2018133034A (ja) * | 2017-02-17 | 2018-08-23 | 三菱重工エンジニアリング株式会社 | ソフトウェア試験装置、ソフトウェア試験システム、ソフトウェア試験方法およびプログラム |
WO2018151277A1 (ja) * | 2017-02-17 | 2018-08-23 | 三菱重工エンジニアリング株式会社 | ソフトウェア試験装置、ソフトウェア試験システム、ソフトウェア試験方法およびプログラム |
US10915438B2 (en) | 2017-02-17 | 2021-02-09 | Mitsubishi Heavy Industries Engineering, Ltd. | Software-testing device, software-testing system, software-testing method, and program |
KR20190129549A (ko) * | 2018-05-11 | 2019-11-20 | 니덱모빌리티코리아 주식회사 | 비언어 요구사항 정보에 대한 소스코드 추적이 가능한 시스템 및 방법 |
KR102091420B1 (ko) * | 2018-05-11 | 2020-03-20 | 니덱모빌리티코리아 주식회사 | 비언어 요구사항 정보에 대한 소스코드 추적이 가능한 시스템 및 방법 |
JP2020038521A (ja) * | 2018-09-05 | 2020-03-12 | 株式会社日立製作所 | ソースコード生成支援装置およびソースコード生成支援方法 |
US11461079B2 (en) | 2020-06-22 | 2022-10-04 | Fujitsu Limited | Non-transitory computer-readable medium |
Also Published As
Publication number | Publication date |
---|---|
US20180181485A1 (en) | 2018-06-28 |
JP6419953B2 (ja) | 2018-11-07 |
JPWO2016174743A1 (ja) | 2018-01-25 |
CN107533464A (zh) | 2018-01-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6419953B2 (ja) | ソースコード等価性検証装置、および、ソースコード等価性検証方法 | |
Gervasi et al. | Lightweight validation of natural language requirements | |
US20160034270A1 (en) | Estimating likelihood of code changes introducing defects | |
US20170235661A1 (en) | Integration of Software Systems via Incremental Verification | |
US8515727B2 (en) | Automatic logic model build process with autonomous quality checking | |
Könighofer et al. | Repair with on-the-fly program analysis | |
Segall et al. | Simplified modeling of combinatorial test spaces | |
Lahiri et al. | Automatic rootcausing for program equivalence failures in binaries | |
Schneid et al. | Automated regression tests: a no-code approach for BPMN-based process-driven applications | |
Brown et al. | Guidance for using formal methods in a certification context | |
Sun et al. | BPELDebugger: An effective BPEL-specific fault localization framework | |
US10970183B1 (en) | System and method for improving model performance | |
JP6279750B2 (ja) | ソースコード等価性検証装置 | |
Khalid | Towards an automated tool for software testing and analysis | |
Sinha et al. | Reliability and availability prediction of embedded systems based on environment modeling and simulation | |
Liu et al. | Using contracts and boolean queries to improve the quality of automatic test generation | |
Manolios et al. | A model-based framework for analyzing the safety of system architectures | |
CN110399156B (zh) | 面向航天软件的在轨升级方法 | |
Erazo et al. | Maritaca: from textual use case descriptions to behavior models | |
JP2016126700A (ja) | プログラム検証装置、プログラム検証方法及びプログラム検証プログラム | |
Burnard et al. | Verifying and validating automatically generated code | |
WO2016151703A1 (ja) | ソースコード等価性検証装置、および、ソースコード等価性検証方法 | |
Ukai et al. | Test design as code: JCUnit | |
Chaari et al. | Efficient exploration of safety-relevant systems through a link between analysis and simulation | |
Yayan et al. | Tailored Mutation-based Software Fault Injection Tool (IM-FIT) for Industrial Robotic Systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15890727 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15561207 Country of ref document: US |
|
ENP | Entry into the national phase |
Ref document number: 2017515328 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 15890727 Country of ref document: EP Kind code of ref document: A1 |