WO2021214843A1 - Operation check assistance device, operation check assistance method, and operation check assistance program - Google Patents

Operation check assistance device, operation check assistance method, and operation check assistance program Download PDF

Info

Publication number
WO2021214843A1
WO2021214843A1 PCT/JP2020/017102 JP2020017102W WO2021214843A1 WO 2021214843 A1 WO2021214843 A1 WO 2021214843A1 JP 2020017102 W JP2020017102 W JP 2020017102W WO 2021214843 A1 WO2021214843 A1 WO 2021214843A1
Authority
WO
WIPO (PCT)
Prior art keywords
code
target arrival
inspection condition
inspection
target
Prior art date
Application number
PCT/JP2020/017102
Other languages
French (fr)
Japanese (ja)
Inventor
まどか 馬場
明香 坂本
Original Assignee
三菱電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 三菱電機株式会社 filed Critical 三菱電機株式会社
Priority to PCT/JP2020/017102 priority Critical patent/WO2021214843A1/en
Priority to JP2020570075A priority patent/JP6854994B1/en
Publication of WO2021214843A1 publication Critical patent/WO2021214843A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/28Error detection; Error correction; Monitoring by checking the correct order of processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software

Definitions

  • This disclosure relates to an operation confirmation support device, an operation confirmation support method, and an operation confirmation support program.
  • the person in charge of checking the operation (hereinafter referred to as the person in charge) is inside the software that transitions according to the input value in order to check the operation of the software itself being developed or the operation of the device controlled by the software.
  • the state may be transitioned to a specific state.
  • the person in charge needs to determine the input value for transitioning the internal state of the software to a specific target state.
  • the person in charge confirms whether the internal state of the software can actually transition to a specific target state by inputting the determined input value into the software.
  • the person in charge confirms whether the device controlled by the software can operate in response to the transition to the specific target state by realizing the transition to the specific target state.
  • the software installed in the embedded device has an internal state that transitions by input to the software in order to realize complicated control, and the output of the software changes depending on the input and the internal state.
  • the person in charge may change the internal state of the software to a specific state. Therefore, the person in charge sets an internal state value representing the internal state of the software as a target as a value at which the internal state becomes a specific state based on the software specification information, and inputs it to the software retroactively from the set target. It is necessary to determine the input value to be input.
  • the person in charge of software development does not always know all the software specifications.
  • the person in charge even if the person in charge knows the software specifications, the person in charge must determine the input value to reach the target internal state value in consideration of the software specifications, which is necessary for operation check. It took a lot of man-hours to create the input value.
  • the software installed in various systems or products has a large-scale complexity in software specifications by enhancing the functions in response to social demands.
  • the man-hours for the person in charge to manually create the input value are increasing.
  • the input values required for operation check are automatically calculated using formal verification technology that proves the properties of the system based on mathematics and logic. There is a method to generate with.
  • Patent Document 1 As an example of a method using such a formal verification technique, there is a method described in Patent Document 1.
  • the method described in Patent Document 1 is a method of an inspection device that confirms the operation of a software operation program by using model checking, which is one of formal verification techniques.
  • the inspection device is an input value sequence to the software or an input value sequence thereof, an internal state value of the software or an internal state value sequence to be a time series thereof, and an output value from the software or an output value to be a time series thereof.
  • the inspection condition is the condition that the column must meet.
  • a SAT (Satisfiability Problem) solver is used to search for a solution of the input value string that satisfies the inspection condition, and if a solution of the input value string exists, the input value string, the internal state value string, and the output are the solutions.
  • a method for outputting a value string is disclosed.
  • the SAT solver is a known technique that, when a logical expression is acquired, searches for a solution whose true expression is true and outputs a solution that exists as a result of the search.
  • the main purpose of this disclosure is to reduce the man-hours for software operation check work.
  • the operation confirmation support device is A program information acquisition unit that acquires the operation code, which is the source code of the operation program that operates by reading the input value, An inspection condition acquisition unit that acquires information about a target arrival point including the target arrival point of the operation code as an inspection condition, and an inspection condition acquisition unit.
  • An inspection condition conversion unit that generates a determination formula for determining that the target reached point included in the inspection condition acquired by the inspection condition acquisition unit has been reached. It is provided with an analysis unit that generates a generated value as the input value for reaching the target arrival point using the determination formula generated by the inspection condition conversion unit.
  • the person in charge inputs the information about the target arrival point including the operation code and the target arrival point of the operation code, so that the analysis unit inputs the input value required for the operation confirmation work. Generate. Therefore, the man-hours for the software operation check work can be reduced.
  • FIG. The figure which shows the hardware configuration example of the operation confirmation support apparatus which concerns on Embodiment 1.
  • FIG. The figure which shows the functional configuration example of the operation confirmation support apparatus which concerns on Embodiment 1.
  • FIG. The flowchart which shows the processing operation of the operation confirmation support apparatus which concerns on Embodiment 1.
  • the figure which shows the operation code which concerns on Embodiment 1. The figure which shows the marking method to the operation code which concerns on Embodiment 1.
  • FIG. The figure which shows the inspection code which concerns on Embodiment 1.
  • FIG. The figure which shows the input value which concerns on Embodiment 1 and the execution order of the confirmed software.
  • the flowchart which shows the processing operation of the operation confirmation support apparatus which concerns on Embodiment 2.
  • Embodiment 1 The present embodiment will be described with reference to FIGS. 1 to 7.
  • the operation confirmation support device 10 is a computer.
  • the operation confirmation support device 10 includes a processor 11, and other hardware such as a memory 12, a communication device 13, and an input / output device 14.
  • the processor 11 is connected to other hardware via a signal line and controls these other hardware.
  • the operation procedure of the operation confirmation support device 10 corresponds to the operation confirmation support method.
  • the program that realizes the operation of the operation confirmation support device 10 corresponds to the operation confirmation support program.
  • the processor 11 is an IC (Integrated Circuit) that performs processing. Specific examples of the processor 11 include a CPU (Central Processing Unit), a DSP (Digital Signal Processor), and the like.
  • the processor 11 executes a program that realizes the operation of the operation confirmation support device 10.
  • the program that realizes the operation of the operation confirmation support device 10 is a program that realizes the functions of the program information acquisition unit 15, the inspection condition acquisition unit 16, the inspection condition conversion unit 17, the analysis unit 18, and the input value output unit 19, which will be described later. Is.
  • the memory 12 is a storage device.
  • the memory 12 is, as a specific example, a RAM (Random Access Memory), a flash memory, or a combination thereof.
  • the memory 12 stores the program for realizing the operation of the operation confirmation support device 10, the operation code 30, and the specification information of the software to be confirmed.
  • the software to be confirmed may be any kind of software, but in the present embodiment, the description will proceed assuming that it is embedded software.
  • the communication device 13 is an electronic circuit that executes information communication processing with a connection destination via a signal line.
  • the communication device 13 includes a receiver that receives information input to the operation confirmation support device 10 and a transmitter that transmits information output from the operation confirmation support device 10.
  • the communication device 13 is a communication chip or a NIC (Network Interface Card).
  • the input / output device 14 is an electronic circuit that executes information input / output processing.
  • the input / output device 14 is connected to an input device used for input operation of input information input to the operation confirmation support device 10 or an external device such as a display for displaying output information output from the operation confirmation support device 10 on a screen.
  • the input device is, for example, a mouse, a keyboard, a touch panel, or a combination of some or all of them.
  • the display is an LCD (Liquid Crystal Display).
  • the display may display the operation code 30 acquired by the program information acquisition unit 15 described later. Further, the display may display the input value output by the input value output unit 19 described later.
  • the input value output by the input value output unit 19 is the same as the input value generated by the analysis unit 18 described later, and will be described below as the generated value 34.
  • the program that realizes the operation of the operation confirmation support device 10 is read from the memory 12 into the processor 11 and executed by the processor 11.
  • the memory 12 not only the program that realizes the operation of the operation confirmation support device 10 but also the OS (Operating System) is stored.
  • the processor 11 executes a program that realizes the operation of the operation confirmation support device 10 while executing at least a part of the OS. A part or all of the program that realizes the operation of the operation confirmation support device 10 may be incorporated in the OS.
  • the processor 11 executes the OS, task management, memory management, file management, communication control, and the like are performed.
  • the program for realizing the operation of the operation confirmation support device 10, the operation code 30, the specification information of the software to be confirmed, and the OS may be stored in the auxiliary storage device.
  • the auxiliary storage device is, for example, a hard disk, a flash memory, or a combination thereof.
  • Auxiliary storage devices include SSD (registered trademark, Solid State Drive), SD (registered trademark, Secure Digital) memory card, CF (registered trademark, CompactFlash), NAND flash, flexible disk, optical disk, compact disk, and Blu-ray (registered). It may be a portable recording medium such as a (trademark) disc, a DVD (registered trademark, Digital Versaille Disk), or a combination thereof.
  • the operation confirmation support device 10 may include a plurality of processors that replace the processor 11. These plurality of processors share the execution of the program that realizes the operation of the operation confirmation support device 10.
  • Each processor is, as a specific example, a CPU.
  • the data, information, signal values, and variable values used, processed, or output by the program that realizes the operation of the operation confirmation support device 10 are at least the memory 12, the auxiliary storage device, or the register or cache memory in the processor 11. It is stored in either.
  • the program that realizes the operation of the operation confirmation support device 10 may be stored and provided in a computer-readable medium, may be stored in the storage medium and provided, or may be provided as a program product.
  • a program product is not limited to a visual form, but is loaded with a computer-readable program. Further, the program that realizes the operation of the operation confirmation support device 10 may be provided via the network.
  • the operation confirmation support device 10 includes a program information acquisition unit 15, an inspection condition acquisition unit 16, an inspection condition conversion unit 17, an analysis unit 18, and an input value output unit 19.
  • the program information acquisition unit 15 acquires the operation code 30 from the memory 12 or from the connection destination via the communication device 13.
  • the inspection condition acquisition unit 16 provides information (hereinafter, referred to as target arrival location information) regarding the target arrival location including the target arrival location that is the target of the operation check in the operation code 30 acquired by the program information acquisition unit 15. get.
  • the inspection condition 31 according to the present embodiment is input by the person in charge from the external device via the input / output device 14.
  • the inspection condition 31 includes at least one or more target arrival points.
  • the target reaching location is a specific location in the operation code 30, and is a target location for operation confirmation. More specifically, the target arrival point is the line number of the operation code 30. Therefore, the target arrival location information is input as the line number of the operation code 30, and is acquired as the inspection condition 31 by the inspection condition acquisition unit 16.
  • the present invention is not limited to this, and the target arrival location information may be input by directly marking and designating the target arrival location on the operation code 30 displayed on the display via the input / output device 14.
  • the inspection condition conversion unit 17 generates a determination formula for determining that the target arrival point included in the inspection condition 31 has been reached, based on the inspection condition 31 acquired by the inspection condition acquisition unit 16.
  • the determination formula for determining that the target arrival point included in the inspection condition 31 has been reached is generated as a logical expression that can be analyzed by the analysis unit 18.
  • the logical expression of this determination expression is a logical expression of the conditional expression indicating the condition to be satisfied when the line number of the operation code 30 indicating the target arrival point is reached, and is also referred to as the target arrival condition expression 32.
  • the inspection condition conversion unit 17 adds a code used for the arrival determination using the target arrival location variable to the operation code 30 acquired by the program information acquisition unit 15 based on the inspection condition 31 acquired by the inspection condition acquisition unit 16. Generate the inspection code. Then, the inspection condition conversion unit 17 converts the inspection code into a logical expression that can be analyzed by the SAT solver of the analysis unit 18 to generate the logical expression 33 of the inspection code. Therefore, the output of the inspection condition conversion unit 17 becomes the target achievement condition expression 32 and the logical expression 33 of the inspection code.
  • the analysis unit 18 searches for an input value to reach the target arrival point using the target arrival condition formula 32 generated by the inspection condition conversion unit 17, and generates a generated value 34 as an input value to reach the target arrival point. More specifically, the analysis unit 18 uses the SAT solver to solve the logical product of the target achievement condition formula 32 generated by the inspection condition conversion unit 17 and the logical formula 33 of the inspection code to reach the target arrival location. Search for the input value to be reached. Then, the analysis unit 18 generates a generated value 34 as an input value for reaching the target arrival point.
  • solving the logical product means finding an input value that satisfies the logical expression represented by the logical product, that is, the solution of the logical variable that makes the logical expression true.
  • the input value output unit 19 outputs the generated value 34 generated by the analysis unit 18. Further, the input value output unit 19 outputs a notification that the generated value 34 cannot be generated when the analysis unit 18 cannot generate the generated value 34 as a result of the search.
  • the "units" of the program information acquisition unit 15, the inspection condition acquisition unit 16, the inspection condition conversion unit 17, the analysis unit 18, and the input value output unit 19 are “circuits” or “processes” or “procedures” or “processes”. May be read as.
  • the operation confirmation support device 10 may be realized by a processing circuit.
  • the processing circuit is, for example, a logic IC (Integrated Circuit), a GA (Gate Array), an ASIC (Application Specific Integrated Circuit), or an FPGA (Field-Programmable Gate Array).
  • the program information acquisition unit 15, the inspection condition acquisition unit 16, the inspection condition conversion unit 17, the analysis unit 18, and the input value output unit 19 are each realized as a part of the processing circuit.
  • the program that realizes the operation of the operation confirmation support device 10 acquires program information by performing the procedures performed by the program information acquisition unit 15, the inspection condition acquisition unit 16, the inspection condition conversion unit 17, the analysis unit 18, and the input value output unit 19, respectively. It is a program to be executed by a computer as a procedure, an inspection condition acquisition procedure, an inspection condition conversion procedure, an analysis procedure, and an input value output procedure.
  • step S101 the program information acquisition unit 15 acquires the operation code 30. Then, the process proceeds to step S102.
  • step S102 the inspection condition acquisition unit 16 acquires the target arrival location information of the operation code 30 from the external device via the input / output device 14 as the inspection condition 31. Then, the process proceeds to step S103.
  • step S103 the inspection condition conversion unit 17 defines a target arrival point variable based on the inspection condition 31 acquired by the inspection condition acquisition unit 16 in the process of step S102.
  • the target arrival point variable is a variable used for the arrival determination for determining that the target arrival point has been reached. Then, the process proceeds to step S104.
  • step S104 the inspection condition conversion unit 17 uses the code used for the arrival determination using the target arrival location variable based on the inspection condition 31 acquired by the inspection condition acquisition unit 16 in the process of step S102 as the operation code 30. Generate the inspection code added to.
  • the inspection code is the code indicated by the arithmetic expression of the target arrival point variable in one of the lines before and after the target arrival point line, which is always executed when the target arrival point line is reached in the operation code 30. Is inserted.
  • the inspection condition conversion unit 17 converts the inspection code into a logical expression that can be analyzed by the SAT solver of the analysis unit 18 to generate the logical expression 33 of the inspection code. Then, the process proceeds to step S105.
  • step S105 the inspection condition conversion unit 17 generates a target arrival condition expression 32 used for the arrival determination using the target arrival location variable based on the inspection condition 31 acquired in the process of step S102.
  • the target arrival condition expression 32 generated by the inspection condition conversion unit 17 is a condition satisfied by the target arrival location variable when the line in which the code used for the arrival determination using the target arrival location variable included in the inspection code is inserted is executed. Is a conditional expression shown by a logical expression.
  • the process proceeds to step S106. Since there is no dependency between the process of step S105 and the process of step S104, the operation confirmation support device 10 may be executed by changing the execution order or in parallel.
  • step S106 the analysis unit 18 searches for an input value to reach the target arrival point by solving the logical product of the logical expression 33 of the inspection code and the target arrival condition expression 32 using the SAT solver. ..
  • the analysis unit 18 When there is an input value that is a solution of the logical product, the analysis unit 18 generates a generated value 34 as an input value for reaching the target arrival point. Then, the process proceeds to step S107.
  • the analysis unit 18 does not generate the generated value 34 and notifies the input value output unit 19 that the generated value 34 could not be generated. Then, the process proceeds to step S108.
  • step S107 the input value output unit 19 outputs the generated value 34 generated by the analysis unit 18 in step S106 to the external device via the input / output device 14.
  • step S108 the input value output unit 19 indicates that in step S106, the analysis unit 18 does not have a solution of the logical product of the logical expression 33 of the inspection code and the target achievement condition expression 32, and the generated value 34 cannot be generated. Output a notification. By outputting this notification, the input value output unit 19 notifies the person in charge that the transition to the specific internal state indicated at the target arrival point is an operation that cannot occur in the confirmed software.
  • the operation confirmation support device 10 sets the internal state of the confirmed software to the SLEEP mode.
  • the operation of generating the generated value 34 to be transitioned to will be described.
  • the number string at the left end of FIG. 4 indicates the line number of the operation code 30.
  • the operation code 30 of this example has a mode variable mode representing the operation mode which is the internal state of the software to be confirmed, two input variables Demo_I_x and Demo_I_y for substituting the input value, and an output variable Demo_O for substituting the output value. ..
  • step S101 of FIG. 3 the program information acquisition unit 15 acquires the operation code 30 shown in FIG. Then, the process proceeds to step S102.
  • the operation code 30 is only one file in which one function main is described, but the operation code 30 is not limited to this, and may be a plurality of functions or a set of a plurality of files.
  • step S102 of FIG. 3 the inspection condition acquisition unit 16 acquires the target arrival location information in the operation code 30 as the inspection condition 31. Then, the process proceeds to step S103.
  • the target arrival point in the operation code 30 is the 26th line of the operation code 30 shown in FIG. 4, which corresponds to the “internal state of the confirmed software whose operation mode has changed to the SLEEP mode”. Therefore, in this example, the person in charge directly inputs the information "26th line of the operation code 30" to the inspection condition acquisition unit 16 via the input / output device 14 as the target arrival location information.
  • the method of inputting the target arrival point information is not limited to this, and as shown in FIG. 5, a method of visually marking the target arrival point on the operation code 30 displayed on the display via the input / output device 14, etc. Any method may be used as long as it is a method of designating and inputting a specific part in the operation code 30.
  • step S103 of FIG. 3 the inspection condition conversion unit 17 defines one target arrival point variable reach based on one inspection condition 31 of “26th line of the operation code 30”. Then, the process proceeds to step S104.
  • the initial value of the target arrival point variable reach defined here is 0.
  • step S104 of FIG. 3 the inspection condition conversion unit 17 is based on the inspection condition 31 of "the 26th line of the operation code 30", and as shown in FIG. Generate the inspection code added by inserting the code of reach ++;). Further, the inspection condition conversion unit 17 converts the inspection code into a logical expression that can be analyzed by the SAT solver, and generates the logical expression 33 of the inspection code. Then, the process proceeds to step S105.
  • step S105 of FIG. 3 the inspection condition conversion unit 17 sets the target arrival condition expression 32 to be satisfied when the target arrival point is reached, based on the target arrival point variable reach defined based on the inspection condition 31, “reach>. 0 "is generated. Then, the process proceeds to step S106.
  • step S106 of FIG. 3 the analysis unit 18 solves the logical product of the logical expression 33 of the inspection code and the target achievement condition expression 32 using the SAT solver. Then, the analysis unit 18 searches for the input values to be assigned to the input variables Demo_I_x and Demo_I_y by the time the execution process of the confirmed software reaches the 26th line of the operation code 30 which is the target arrival point. Then, the analysis unit 18 generates a generated value 34 as an input value for reaching the target arrival point. In this example, the execution process of the confirmed software reaches the 27th line of the inspection code in which reach ++; is inserted, and the target arrival location is a solution that makes "reach>0", which is the target achievement conditional expression 32, true. There is an input value to reach. Therefore, the generated value 34 is generated as an input value for reaching the target arrival point. Therefore, the process proceeds to step S107.
  • step S107 of FIG. 3 the input value output unit 19 outputs the generated value 34 generated in the process of step S106.
  • FIG. 7 shows the generated value 34 generated in this example and the execution order of the confirmed software until the target arrival point is reached.
  • the table at the lower right of FIG. 7 shows the input values assigned to the input variables Demo_I_x and Demo_I_y in each of the three execution cycles of the confirmed software as inputs to the confirmed software.
  • the input values assigned to the input variables Demo_I_x and Demo_I_y in the first cycle are 10 and 3.
  • the input values assigned to the input variables Demo_I_x and Demo_I_y in the second cycle are 90 and 3.
  • the input values assigned to the input variables Demo_I_x and Demo_I_y in the third cycle are both xx and yy indicating arbitrary values.
  • the table on the upper right of FIG. 7 shows the values of the output variable Demo_O and the value of the mode variable mode before and after the input values are assigned to the input variables Demo_I_x and Demo_I_y.
  • the output variable Demo_O has no value
  • the mode variable mode is START.
  • 10 and 3 are assigned to the input variables Demo_I_x and Demo_I_y
  • the processing of the 8th and 9th lines of the operation code 30 is executed, 100 is assigned to the output variable Demo_O, and RUN is assigned to the mode variable mode.
  • the output variable Demo_O becomes 100, and the mode variable mode becomes RUN.
  • the output variable Demo_O is 100 and the mode variable mode is RUN.
  • the processing of the 21st and 22nd lines of the operation code 30 is executed, 50 is assigned to the output variable Demo_O, and SLEEP is assigned to the mode variable mode.
  • the output variable Demo_O becomes 50
  • the mode variable mode becomes SLEEP.
  • the output variable Demo_O is 50 and the mode variable mode is SLEEP.
  • the input values to the input variables Demo_I_x and Demo_I_y shown in the lower right table of FIG. 7 are 10 and 3 in the first cycle, 90 and 3 in the second cycle, and arbitrary values in the third cycle, respectively.
  • the generated value 34 is output as an input value for three cycles.
  • the generated value 34 to be generated is not limited to one cycle, and may be generated as an input value string for a plurality of cycles.
  • the inspection condition acquisition unit 16 acquires the target arrival point information including one target arrival point as the inspection condition 31 has been described, but the present invention is not limited to this, and the target arrival point including a plurality of target arrival points is not limited to the above. Information may be acquired as inspection condition 31.
  • the inspection condition acquisition unit 16 acquires two line numbers of the operation code 30 indicating two target arrival points as the inspection condition 31, such as "11th line and 26th line of the operation code 30". You may. Then, the operation confirmation support device 10 may generate a generation value 34 that reaches both target arrival points of these two target arrival points, that is, the 11th line and the 26th line of the operation code 30. Further, when the operation confirmation support device 10 cannot generate the generated value 34 that reaches both target arrival points of the two target arrival points, the operation confirmation support device 10 is made to reach both target arrival points of the two target arrival points. It may be notified that the generated value 34 could not be generated.
  • the operation confirmation support device 10 cannot generate the generated value 34 that reaches both of the two target arrival points and can generate the generated value 34 that reaches only one of the target arrival points, 2 It may be notified that the generated value 34 that reaches both target arrival points of one target arrival point could not be generated and that only one of the target arrival points can be reached.
  • the person in charge does not need to refer to the specification information regarding the internal state of the software to be confirmed, but simply specifies the target arrival point (line 26 in the above example) in the operation code 30.
  • a specific internal state that is the target of operation confirmation can be input as the inspection condition 31.
  • the operation confirmation support device 10 can generate a generated value 34 to reach the target arrival point by using the inspection condition 31. Therefore, in the above example, the person in charge internally checks the operation of the confirmed software that transitions the internal state to the specific state shown in the 26th line, or confirms the operation of the device controlled by the confirmed software in the specific state. The work of determining the state value becomes unnecessary. Therefore, the man-hours required for operation check can be reduced.
  • the inspection condition conversion unit 17 generates a target arrival condition expression 32 (reach> 0) using the target arrival location variable (reach) based on the inspection condition 31 “26th line of the operation code 30”. .. Therefore, it is not necessary for the person in charge to manually create a logical expression that can be analyzed by the SAT solver used by the analysis unit 18. Therefore, in addition to reducing the man-hours required for operation check, it is possible for the person in charge to check the operation even if he / she does not have mathematical knowledge. In addition, by notifying that the generated value 34 cannot be generated, the person in charge informs that the state transition to the state indicated by the target arrival point input as the inspection condition 31 is an operation that cannot occur in the confirmed software. You can check. Therefore, it is possible to indicate that the behavior of the confirmed software may not be implemented according to the specifications.
  • the person in charge refers to the specification information of the software to be confirmed, extracts a variable representing the internal state targeted for operation confirmation, and the variable is It is necessary to set the internal state value to be satisfied. Furthermore, since the work of describing this internal state value in a logical expression that can be analyzed by the SAT solver is required, the person in charge needs mathematical knowledge.
  • a generated value 34 for transitioning the internal state of the confirmed software generated by the operation code 30 shown in FIG. 4 to the SLEEP mode is created by using the method of Patent Document 1.
  • the person in charge refers to the specification information of the software to be confirmed, and the SLEEP mode, which is the target of the operation check, is a specific state in the operation mode representing the internal state, and the operation mode is represented by the value of the mode variable mode. You need to understand that.
  • the person in charge needs to determine the value of the mode variable mode representing the SLEEP mode from the specification information of the software to be confirmed.
  • the operation code 30 in FIG. 4 is only one file in which one function main is described, but when the software to be confirmed is large-scale and complicated, the internal state values targeted for operation confirmation are many and complicated, so the operation is performed. Confirmation man-hours will increase significantly.
  • the program information acquisition unit 15 has described an example of acquiring the operation code 30.
  • the program information acquisition unit 15 acquires the AST program created by AST (Abstract Syntax Tree) including the node or branch as the operation program, converts it into the AST code which is the source code of the AST program, and converts the operation code 30. You may get the AST code as.
  • the person in charge directly inputs the information regarding the node or branch indicating the target arrival location to the inspection condition acquisition unit 16 via the input / output device 14 as the target arrival location information.
  • the method of inputting the target arrival location information is not limited to this, and a method of visually designating and inputting the nodes or branches included in the AST displayed on the display via the input / output device 14 may be used. ..
  • the inspection condition acquisition unit 16 sets the information about the node or branch indicating the target arrival location as the inspection condition 31 and uses the input / output device 14 as the inspection condition 31. It may be obtained from an external device.
  • the inspection condition conversion unit 17 extracts the line number of the code corresponding to the node or branch indicating the target arrival point from the operation code 30 based on the inspection condition 31, and determines the inspection code.
  • the formula 33 may be generated.
  • the target arrival conditional expression 32 that is satisfied when the line number of the code corresponding to the node or branch indicating the target arrival location in the operation code 30 is reached may be generated.
  • the program information acquisition unit 15 acquires a state transition program created in a state transition diagram including a node or an edge as an operation program, converts it into a state transition code which is a source code of the state transition program, and converts it into a state transition code.
  • the state transition code may be acquired as the operation code 30.
  • the person in charge directly inputs the information regarding the node or edge indicating the target arrival location to the inspection condition acquisition unit 16 via the input / output device 14 as the target arrival location information.
  • the method of inputting the target arrival location information is not limited to this, and is a method of visually designating and inputting a node or an edge in the state transition diagram displayed on the display via the input / output device 14.
  • step S101 of FIG. 3 the inspection condition acquisition unit 16 sets the input / output device 14 as the inspection condition 31 with the information regarding the node or edge indicating the target arrival point as the inspection condition 31. It may be obtained from an external device via.
  • step S104 of FIG. 3 the inspection condition conversion unit 17 extracts the line number of the code corresponding to the node or edge indicating the target arrival point from the operation code 30 based on the inspection condition 31, and determines the inspection code.
  • the formula 33 may be generated.
  • step S105 of FIG. 3 the target arrival conditional expression 32 that is satisfied when the line number of the code corresponding to the node or edge indicating the target arrival location in the operation code 30 is reached may be generated.
  • Embodiment 2 The present embodiment will be described with reference to FIGS. 8 to 11.
  • the inspection condition 31 includes a plurality of target arrival points and the arrival order of the plurality of target arrival points.
  • the difference from the first embodiment will be mainly described. The matters not explained below are the same as those in the first embodiment.
  • the inspection condition conversion unit 17 generates the target achievement condition formula 32 and the inspection code as in the first embodiment, and then performs a conditional inspection based on the inspection code and the inspection condition 31. Generate code for. Then, the inspection condition conversion unit 17 converts the conditional inspection code into a logical expression that can be analyzed by the SAT solver of the analysis unit 18 to generate a logical expression of the conditional inspection code. Therefore, the output of the inspection condition conversion unit 17 becomes a logical expression of the target achievement condition expression 32 and the conditional inspection code.
  • step S202 the inspection condition acquisition unit 16 acquires the target arrival location information of the operation code 30 from the external device via the input / output device 14 as the inspection condition 31. Then, the process proceeds to step S203.
  • the inspection condition 31 acquired by the inspection condition acquisition unit 16 includes a plurality of target arrival points and an order of arrival of the plurality of target arrival points (hereinafter, referred to as a target arrival order).
  • step S203 the inspection condition conversion unit 17 has the same number of plurality of target arrival points included in the inspection condition 31 based on the inspection condition 31 acquired by the inspection condition acquisition unit 16 in the process of step S202. Define the target reach variable. Then, the process proceeds to step S204.
  • step S204 the inspection condition conversion unit 17 operates a code used for arrival determination using a plurality of target arrival location variables based on the inspection condition 31 acquired by the inspection condition acquisition unit 16 in the process of step S202. Generate the inspection code added to the code 30. Then, the process proceeds to step S205.
  • the operation code 30 a code used for arrival determination using a plurality of target arrival point variables is added to a line that is always executed when each line of a plurality of target arrival points is reached. That is, the inspection code includes the code used for the arrival determination indicated by the calculation formula of each target arrival point variable in one of the lines before and after each line of the plurality of target arrival points in the operation code 30. It will be the one that was inserted.
  • step S205 the inspection condition conversion unit 17 uses a plurality of target arrival point variables defined in the process of step S203 based on the inspection condition 31 acquired by the inspection condition acquisition unit 16 in the process of step S202. Generate a target arrival order conditional expression. Then, the process proceeds to step S206.
  • the target arrival order conditional expression is a target arrival point variable or a condition that the target arrival point variable satisfies when the code used for the arrival determination is executed by reaching each of a plurality of target arrival points according to the target arrival order. It is an expression described by logical product using the denial of the target arrival point variable.
  • the number of target arrival order conditional expressions is the same as the number of a plurality of target arrival points.
  • step S206 the inspection condition conversion unit 17 generates a conditional inspection code in which the target arrival order conditional expression is added to the inspection code. Then, the inspection condition conversion unit 17 converts the conditional inspection code into a logical expression that can be analyzed by the SAT solver of the analysis unit 18 to generate a logical expression of the conditional inspection code. Then, the process proceeds to step S207.
  • the conditional inspection code generated by the inspection condition conversion unit 17 is a target in the line after each line in which the code used for the arrival determination indicated by the calculation formula of the target arrival point variable in the inspection code is inserted. The arrival order conditional expression is inserted.
  • step S207 the inspection condition conversion unit 17 generates the target arrival condition expression 32 using the target arrival order conditional expression generated in the process of step S205. Then, the process proceeds to step S208.
  • the target achievement condition expression 32 generated by the inspection condition conversion unit 17 is for inspecting that the target arrival points in the conditional inspection code are reached according to the target arrival order and all the target arrival order conditional expressions are true. It is a conditional expression of. Therefore, the target arrival condition expression 32 is composed of the logical product of the target arrival order conditional expression. Since there is no dependency between the process of step S207 and the process of step S206, the software to be confirmed may be executed by changing the execution order or in parallel.
  • step S208 the analysis unit 18 searches for an input value to reach the target arrival point by solving the logical product of the logical expression of the conditional inspection code and the target arrival condition expression 32 using the SAT solver. do.
  • the analysis unit 18 When there is an input value that is a solution of the logical product, the analysis unit 18 generates a generated value 34 as an input value for reaching the target arrival point. Then, the process proceeds to step S107.
  • the analysis unit 18 does not generate the generated value 34 and notifies the input value output unit 19 that the generated value 34 could not be generated. Then, the process proceeds to step S108. Since steps S107 and S108 are as described above, description thereof will be omitted.
  • the person in charge confirms the operation that "starting from the START mode, the operation mode changes in the order of the RUN mode, the STOP mode, the SLEEP mode, the ReSTART mode, and the END mode".
  • the person in charge specifies and inputs five target arrival points and the target arrival order in the operation code 30 as inspection conditions 31, so that the operation confirmation support device 10 reaches the five target arrival points.
  • An example of generating the generated value 34 to be reached in order will be described.
  • the leftmost circle in FIG. 9 indicates the target arrival point.
  • the numbers 1 to 5 described in the leftmost circle of FIG. 9 indicate the target arrival order. That is, in the example of FIG. 9, it is shown that five target arrival points are designated in the operation code 30.
  • the target arrival order is as follows: target arrival point 1 (10th line), target arrival point 2 (21st line), target arrival point 3 (33rd line), target arrival point 4 (56th line), target arrival point. It shows that the order is 5 (79th line).
  • step S101 of FIG. 8 the program information acquisition unit 15 acquires the operation code 30 shown in FIG. Then, the process proceeds to step S202.
  • the operation code 30 is only one file in which one function main is described, but the operation code 30 is not limited to this, and may be a plurality of functions or a set of a plurality of files.
  • step S202 of FIG. 8 the inspection condition acquisition unit 16 acquires the target arrival location information in the operation code 30 as the inspection condition 31. Then, the process proceeds to step S203.
  • the inspection condition 31 acquired by the inspection condition acquisition unit 16 includes a plurality of target arrival points and a target arrival order which is an arrival order of the plurality of target arrival points.
  • the goals of the operation check of this example are shown in (1) to (6) below.
  • the operation mode which is the internal state of the software to be confirmed, shifts to the RUN mode.
  • the operation mode shifts to the STOP mode.
  • the operation mode shifts to the SLEEP mode.
  • the operation mode shifts to the Reset mode.
  • the operation mode shifts to the END mode.
  • the operation mode starts from the START mode and changes in the order of the RUN mode, the STOP mode, the SLEEP mode, the ReSTART mode, and the END mode. Therefore, the plurality of target arrival points that satisfy the inspection condition 31 correspond to the transition of the internal state of the confirmed software in each of (1) to (5), that is, the 10th line, the 21st line, and the 33rd line of the operation code 30.
  • the target arrival order, which is the inspection condition 31, is the 21st line, the 33rd line, and the 56th line in order from the 10th line of the operation code 30, which corresponds to the transition order of the internal state of the confirmed software in (6). , 79th line.
  • the person in charge directly informs the inspection condition acquisition unit 16 via the input / output device 14 “10th line, 21st line, 33rd line, 56th line, 79th line of the operation code 30”.
  • Information indicating a plurality of target arrival points is input as target arrival point information.
  • the person in charge inputs information indicating the target arrival order of "first the 10th line, then the 21st line, the 33rd line, the 56th line, and the 79th line" as the target arrival location information.
  • the method of inputting the target arrival point information is not limited to this, and as shown in FIG. 9, a plurality of target arrival points and the target arrival order are directly displayed on the operation code 30 displayed on the display via the input / output device 14. Any method may be used as long as it is a method of designating and inputting a specific place and an order in the operation code 30, such as visually marking.
  • step S203 of FIG. 8 the inspection condition conversion unit 17 is based on the inspection condition 31 of "10th line, 21st line, 33rd line, 56th line, 79th line of the operation code 30", and these five Define five target arrival point variables corresponding to the target arrival point. Specifically, the inspection condition conversion unit 17 defines reach1, reach2, reach3, reach4, and reach5 as target arrival location variables. Then, the process proceeds to step S204.
  • the inspection condition conversion unit 17 is based on the inspection condition 31 that the target arrival location is "10th line, 21st line, 33rd line, 56th line, 79th line of the operation code 30".
  • the inspection code is generated by inserting the code used for the arrival determination indicated by the calculation formula of each target arrival point variable into the operation code 30.
  • the inspection condition conversion unit 17 has "reach1 ++;” on the 11th line, “reach2 ++;” on the 22nd line, "reach3 ++;” on the 34th line, "reach4 ++;” on the 57th line, and 80th line.
  • An operation code 30 is inserted into the eye to generate an inspection code. Then, the process proceeds to step S205.
  • the inspection condition conversion unit 17 defines five target arrival order conditional expressions as shown in FIG. 10 based on the target arrival order acquired as the inspection condition 31. Specifically, the inspection condition conversion unit 17 defines condition1, condition2, condition3, condition4, and condition5 as the target arrival order conditional expression. Then, the process proceeds to step S206.
  • the target arrival order conditional expression of this example is a condition satisfied by the five target arrival point variables when the five target arrival points of the operation code 30 are reached according to the target arrival order and the code used for the arrival determination is executed. Is an expression that describes. Further, the target arrival order conditional expression is an expression described by a logical product using the target arrival point variable or the negation of the target arrival point variable.
  • step S206 of FIG. 8, as shown in FIG. 11, the inspection condition conversion unit 17 generates a conditional inspection code in which the target arrival order conditional expression is added to the inspection code. Specifically, the inspection condition conversion unit 17 inserts condition1 on the 12th line, condition2 on the 25th line, condition3 on the 39th line, condition4 on the 64th line, and condition5 on the 89th line, and the conditional inspection code. To generate. Further, the inspection condition conversion unit 17 converts the conditional inspection code into a logical expression that can be analyzed by the SAT solver of the analysis unit 18 to generate a logical expression of the conditional inspection code. Then, the process proceeds to step S207.
  • step S207 of FIG. 8 the inspection condition conversion unit 17 indicates a condition to be satisfied when the five target arrival points in the conditional inspection code are reached according to the target arrival order by using the target arrival order conditional expression.
  • the target achievement conditional expression 32 is generated. Then, the process proceeds to step S208.
  • the target achievement condition expression 32 of this example is condition1 && condition2 && condition3 && condition4 && condition5.
  • step S208 of FIG. 8 the analysis unit 18 solves the logical product of the logical expression of the conditional inspection code and the target arrival condition expression 32 by using the SAT solver, so that the five target arrival points are arranged in the target arrival order. Search for the input value to reach. Then, the analysis unit 18 generates a generated value 34 as an input value for reaching the five target arrival points in the target arrival order.
  • the generated value 34 to be generated is not limited to one cycle, and may be generated as an input value string for a plurality of cycles. In this example, there are input values for reaching five target arrival points in the target arrival order, which is a solution that makes the logical product of the logical expression of the conditional inspection code and the target achievement condition expression 32 true. Therefore, the generated value 34 is generated as an input value for reaching the five target arrival points in the target arrival order. Then, the process proceeds to step S107.
  • step S107 of FIG. 8 the input value output unit 19 outputs the generated value 34 generated in the process of step S208.
  • the execution process of the confirmed software can reach the target arrival point in the target arrival order.
  • the execution process of the confirmed software goes to "10th line, 21st line, 33rd line, 56th line, 79th line of the operation code 30", first the 10th line, and then 21 lines.
  • the eyes, the 33rd line, the 56th line, and the 79th line can be reached in this order.
  • it is possible to confirm the operation that "starting from the START mode, the operation modes are changed in the order of the RUN mode, the STOP mode, the SLEEP mode, the ReSTART mode, and the END mode".
  • the person in charge does not refer to the specification information regarding the internal state of the software to be confirmed, the plurality of target arrival points in the operation code 30, and the targets of the plurality of target arrival points. Enter by specifying the arrival order. Then, only by the person in charge specifying in this way, it is possible to input a plurality of internal states that are targets for operation confirmation and their transition order as the inspection condition 31. Then, the operation confirmation support device 10 can generate the generated value 34 as an input value for transitioning a plurality of internal states according to the acquired transition order by using the inspection condition 31.
  • the internal states are changed to a plurality of states (10th line, 21st line, 33rd line, 56th line, 79th line) in a specific order (first 10th line, then 21st line, and so on.
  • the work of determining the internal state value becomes unnecessary. Therefore, the man-hours required for operation check can be reduced.
  • the inspection condition conversion unit 17 generates the target achievement condition expression 32 based on the inspection condition 31. Therefore, it is not necessary for the person in charge to manually create a logical expression that can be analyzed by the SAT solver used by the analysis unit 18. Therefore, in addition to reducing the man-hours required for operation check, it is possible for the person in charge to check the operation even if he / she does not have mathematical knowledge.
  • the program information acquisition unit 15 has described an example of acquiring the operation code 30.
  • the program information acquisition unit 15 acquires the AST program created by AST including the node or branch as the operation program, converts it into the AST code which is the source code of the AST program, and acquires the AST code as the operation code 30. You may.
  • the person in charge directly informs the inspection condition acquisition unit 16 via the input / output device 14 the information regarding the node, the branch, or the combination of the node and the branch, which indicates the plurality of target arrival points. Enter as information.
  • the person in charge directly inputs the target arrival order of the plurality of target arrival points indicated by the nodes or branches into the inspection condition acquisition unit 16 via the input / output device 14 as the target arrival point information.
  • the method of inputting the target arrival location information is not limited to this, and may be a method of visually designating and inputting the nodes or branches included in the AST displayed on the display via the input / output device 14. .. Further, the method of inputting the target arrival location information may be a method of inputting the target arrival order by designating the nodes or branches included in the AST displayed by the input / output device 14 in order.
  • the inspection condition acquisition unit 16 inspects the node, the branch, or the information regarding the combination of the node and the branch indicating the target arrival point. As the number 31, it may be acquired from an external device via the input / output device 14. Then, in step S204 of FIG. 8, the inspection condition conversion unit 17 extracts the line number of the code corresponding to the node or branch indicating the target arrival point from the operation code 30 based on the inspection condition 31, and inputs the inspection code. It may be generated. Then, in step S205 of FIG. 8, the inspection condition conversion unit 17 extracts the target arrival order of reaching the line number of each code corresponding to the node or branch indicating the plurality of target arrival points based on the inspection condition 31. A target arrival order conditional expression may be generated.
  • step S207 of FIG. 8 the target arrival condition expression that is satisfied when the line numbers of the codes corresponding to the nodes or branches indicating the plurality of target arrival points in the operation code 30 are reached in the order of the target arrival order. 32 may be generated.
  • the program information acquisition unit 15 acquires a state transition program created in a state transition diagram including a node or an edge as an operation program, converts it into a state transition code which is a source code of the state transition program, and converts it into a state transition code.
  • the state transition code may be acquired as the operation code 30.
  • the person in charge directly informs the inspection condition acquisition unit 16 via the input / output device 14 the information regarding the node, the edge, or the combination of the node and the edge, which indicates the plurality of target arrival points. Enter as information.
  • the person in charge directly inputs the target arrival order of the plurality of target arrival points indicated by the nodes or edges to the inspection condition acquisition unit 16 via the input / output device 14 as the target arrival point information.
  • the method of inputting the target arrival location information is not limited to this, and is a method of visually designating and inputting the nodes or edges included in the state transition diagram displayed on the display via the input / output device 14. May be good. Further, the method of inputting the target arrival location information may be a method of inputting the target arrival order by designating the nodes or edges included in the state transition diagram displayed by the input / output device 14 in order.
  • the inspection condition acquisition unit 16 inspects the node, the edge, or the information regarding the combination of the node and the edge indicating the target arrival point. As condition 31, it may be acquired from an external device via the input / output device 14. Then, in step S204 of FIG. 8, the inspection condition conversion unit 17 extracts the line number of the code corresponding to the node or edge indicating the target arrival point from the operation code 30 based on the inspection condition 31, and obtains the inspection code. It may be generated. Then, in step S205 of FIG. 8, the inspection condition conversion unit 17 extracts the target arrival order of reaching the line numbers of the respective codes corresponding to the nodes or edges indicating the plurality of target arrival points based on the inspection condition 31. A target arrival order conditional expression may be generated.
  • step S207 of FIG. 8 the target arrival condition expression that is satisfied when the line numbers of the codes corresponding to the nodes or edges indicating the plurality of target arrival points in the operation code 30 are reached in the order of the target arrival order. 32 may be generated.
  • Embodiment 3 The present embodiment will be described with reference to FIGS. 12 to 14.
  • the operation of the generated value 34 which is an input value such that the execution process of the confirmed software reaches the target arrival point and the output value output from the confirmed software becomes a specific value, is confirmed.
  • An example generated by the support device 10 will be described.
  • the difference from the first embodiment will be mainly described. The matters not explained below are the same as those in the first embodiment.
  • the operation confirmation support device 10 newly includes an input / output condition acquisition unit 20.
  • the input / output condition acquisition unit 20 sets the input / output condition 35 as a condition relating to at least one of the input value indicated by the input variable and the output value indicated by the output variable included in the operation code 30 acquired by the program information acquisition unit 15. Is obtained from an external device via the input / output device 14.
  • the input / output condition 35 is a condition that defines the input / output value condition of the software to be confirmed, and is specifically a range or a specific value.
  • the program that realizes the operation of the operation confirmation support device 10 is the input / output variable condition input procedure that realizes the function of the input / output condition acquisition unit 20 in the program that realizes the operation of the operation confirmation support device 10 of the first embodiment. Is added.
  • step S301 the program information acquisition unit 15 acquires the operation code 30. Further, when the program information acquisition unit 15 acquires the operation code 30, the program information acquisition unit 15 analyzes the operation code 30, and is an input value input to the confirmed software or an input value output from the confirmed software. Extract the input / output variables to which the output value is assigned. Then, the process proceeds to step S102.
  • step S102 is the same as that described in the first embodiment, the description thereof will be omitted.
  • step S302 the input / output condition acquisition unit 20 acquires the input / output condition 35 that defines the input / output value conditions of the software to be confirmed.
  • the input / output condition 35 is a range or a value, and indicates a condition to be satisfied by the input / output variable extracted in the process of step S301. Then, the process proceeds to step S303.
  • the inspection condition conversion unit 17 is at least one of an input variable inspection expression and an output variable inspection expression as an expression for inspecting the value of the input / output variable based on the input / output condition 35 acquired in the process of step S302. Generate one. Then, the inspection condition conversion unit 17 inserts and adds an expression for inspecting the value of the input / output variable into the operation code 30. Then, the process proceeds to step S103.
  • the code in which the expression for checking the value of the input / output variable is inserted in the operation code 30 is used as the operation code 30 in the processes after step S103. Since steps S103 and subsequent steps are as described above, the description thereof will be omitted.
  • the person in charge inputs the conditions related to the input / output values of the confirmed software assuming the usage environment, so that the operation of the confirmed software can be confirmed in the assumed usage environment. can.
  • a more detailed operation example of the operation confirmation support device 10 according to the present embodiment will be described with reference to a specific example of the operation code 30 shown in FIG. Specifically, in the following example, in order to confirm the operation of the confirmed software generated by the operation code 30 shown in FIG. 14 in the RUN mode, the generated values satisfying the following conditions (1) and (2). The operation of generating 34 will be described. (1) The internal state of the confirmed software transitions to the RUN mode. (2) The value of the output variable Demo_O to which the output value of the confirmed software is substituted is 300.
  • the operation code 30 of this example has a mode variable mode representing the operation mode which is the internal state of the software to be confirmed, two input variables Demo_I_x and Demo_I_y for substituting the input value, and an output variable Demo_O for substituting the output value. ..
  • step S301 of FIG. 13 the program information acquisition unit 15 acquires the operation code 30 shown in FIG. After that, the program information acquisition unit 15 analyzes the acquired operation code 30 and extracts input / output variables. Then, the process proceeds to step S102.
  • the input variables Demo_I_x and Demo_I_y and the output variable Demo_O are extracted by the program information acquisition unit 15.
  • step S102 of FIG. 13 the inspection condition acquisition unit 16 acquires the target arrival location information in the operation code 30 as the inspection condition 31. Then, the process proceeds to step S302.
  • the target arrival point in the operation code 30 is the 19th line of the operation code 30 shown in FIG. 14, which corresponds to the “internal state of the confirmed software whose operation mode has changed to the RUN mode”.
  • step S302 of FIG. 13 the input / output condition acquisition unit 20 acquires the input / output condition 35 that defines the input / output value conditions of the software to be confirmed. Then, the process proceeds to step S303.
  • step S303 of FIG. 13 the inspection condition conversion unit 17 generates an output variable inspection expression as an expression for inspecting the value of the output variable based on the input / output condition 35 acquired in the process of S302 in the operation code 30. .. Then, the inspection condition conversion unit 17 inserts the generated output variable inspection formula into the operation code 30. As a specific example, the output variable inspection formula is inserted as an assert statement. Then, the process proceeds to step S103.
  • step S103 of FIG. 13 the inspection condition conversion unit 17 defines one target arrival point variable reach based on one inspection condition 31 of "the 19th line of the operation code 30". Then, the process proceeds to step S104.
  • step S104 of FIG. 13 the inspection condition conversion unit 17 inserts the code of the calculation formula (reach ++;) of the target arrival location variable on the 20th line based on the inspection condition 31 of "19th line of the operation code 30". And generate the added inspection code. Further, the inspection condition conversion unit 17 converts the inspection code into a logical expression that can be analyzed by the SAT solver, and generates the logical expression 33 of the inspection code. Then, the process proceeds to step S105.
  • step S105 of FIG. 13 the inspection condition conversion unit 17 uses the target arrival point variable reach defined based on the inspection condition 31 to satisfy the target arrival condition expression 32 (reach> 0) when the target arrival point is reached. ) Is generated. Then, the process proceeds to step S106.
  • step S106 of FIG. 13 the analysis unit 18 satisfies the input / output condition 35 by solving the logical product of the logical expression 33 of the inspection code and the target arrival condition expression 32 using the SAT solver, and also satisfies the target arrival point. Search for the input value to reach. Then, the analysis unit 18 generates the generated value 34 as an input value that satisfies the input / output condition 35 and reaches the target arrival point. Specifically, the analysis unit 18 inputs the input values assigned to the input variables Demo_I_x and Demo_I_y, which reach the 19th line of the operation code 30 which is the target arrival point and the value of the output variable Demo_O is 300. Explore.
  • the analysis unit 18 generates the generated value 34 as an input value that satisfies the input / output condition 35 and reaches the target arrival point.
  • step S107 of FIG. 13 the input value output unit 19 outputs the generated value 34 generated in the process of step S106.
  • FIG. 15 shows the generated value 34 generated in this example and the execution order of the confirmed software until the target arrival point is reached.
  • the lower right table of FIG. 15 shows the input values assigned to the input variables Demo_I_x and Demo_I_y in each of the three execution cycles of the confirmed software as inputs to the confirmed software. Specifically, the input values assigned to the input variables Demo_I_x and Demo_I_y in the first cycle are 10 and 3. The input values assigned to the input variables Demo_I_x and Demo_I_y in the second cycle are also 10 and 3. The input values assigned to the input variables Demo_I_x and Demo_I_y in the third cycle are also 10 and 3.
  • the table on the upper right of FIG. 15 shows the values of the output variable Demo_O and the value of the mode variable mode before and after the assignment of the input values to the input variables Demo_I_x and Demo_I_y.
  • the output variable Demo_O has no value
  • the mode variable mode is START.
  • 10 and 3 are assigned to the input variables Demo_I_x and Demo_I_y
  • the processing of the 8th and 9th lines of the operation code 30 is executed, 100 is assigned to the output variable Demo_O
  • RUN is assigned to the mode variable mode.
  • the output variable Demo_O becomes 100
  • the mode variable mode becomes RUN.
  • the output variable Demo_O is 100 and the mode variable mode is RUN.
  • the processing of the 18th and 19th lines of the operation code 30 is executed, Demo_O + 100 is assigned to the output variable Demo_O, and RUN is assigned to the mode variable mode.
  • the output variable Demo_O becomes 200, and the mode variable mode becomes RUN.
  • the output variable Demo_O is 200 and the mode variable mode is RUN.
  • the input values to the input variables Demo_I_x and Demo_I_y are 10 and 3 in the first cycle, 10 and 3 in the second cycle, and 10 in the third cycle.
  • the generated value 34 is output as an input value for three cycles of 3.
  • the generated value 34 is not limited to one cycle, and may be generated as an input value string for a plurality of cycles.
  • the execution process is made to reach the 19th line of the operation code 30 which is the target arrival point in the third cycle.
  • the value of the output variable Demo_O can be set to 300.
  • the present invention is not limited to this, and the input / output condition acquisition unit 20 may acquire a specific input value as the input / output condition 35, or may acquire the range of the input / output value as the input / output condition 35.
  • the program information acquisition unit 15 has described an example of acquiring the operation code 30.
  • the program information acquisition unit 15 acquires the AST program created by AST (Abstract Syntax Tree) including the node or branch as the operation program, converts it into the AST code which is the source code of the AST program, and converts the operation code 30. You may get the AST code as.
  • the person in charge directly inputs the information regarding the node or branch indicating the target arrival location to the inspection condition acquisition unit 16 via the input / output device 14 as the target arrival location information.
  • the method of inputting the target arrival location information is not limited to this, and a method of visually designating and inputting the nodes or branches included in the AST displayed on the display via the input / output device 14 may be used. ..
  • the inspection condition acquisition unit 16 sets the information about the node or branch indicating the target arrival location as the inspection condition 31 and uses the input / output device 14 as the inspection condition 31. It may be obtained from an external device.
  • the inspection condition conversion unit 17 extracts the line number of the code corresponding to the node or branch indicating the target arrival point from the operation code 30 based on the inspection condition 31, and determines the inspection code.
  • the formula 33 may be generated.
  • the target arrival conditional expression 32 that is satisfied when the line number of the code corresponding to the node or branch indicating the target arrival location in the operation code 30 is reached may be generated.
  • the program information acquisition unit 15 acquires a state transition program created in a state transition diagram including a node or an edge as an operation program, converts it into a state transition code which is a source code of the state transition program, and converts it into a state transition code.
  • the state transition code may be acquired as the operation code 30.
  • the person in charge directly inputs the information regarding the node or edge indicating the target arrival location to the inspection condition acquisition unit 16 via the input / output device 14 as the target arrival location information.
  • the method of inputting the target arrival location information is not limited to this, and is a method of visually designating and inputting the nodes or edges included in the state transition diagram displayed on the display via the input / output device 14.
  • the inspection condition acquisition unit 16 sets the input / output device 14 as the inspection condition 31 with the information regarding the node or edge indicating the target arrival point as the inspection condition 31. It may be obtained from an external device via.
  • the inspection condition conversion unit 17 extracts the line number of the code corresponding to the node or edge indicating the target arrival point from the operation code 30 based on the inspection condition 31, and determines the inspection code. The formula 33 may be generated.
  • the target arrival conditional expression 32 that is satisfied when the line number of the code corresponding to the node or edge indicating the target arrival location in the operation code 30 is reached may be generated.

Abstract

A program information acquisition unit (15) acquires an operation code, which is a source code of an operation program that reads an input value to operate. An inspection condition acquisition unit (16) acquires information regarding a target reaching part including a target reaching part of the operation code as an inspection condition. An inspection condition conversion unit (17) generates a determination formula for determining that the target reaching part included in the inspection condition acquired by the inspection condition acquisition unit is reached. An analysis unit (18) generates, using the determination formula generated by the inspection condition conversion unit, a generated value as the input value that is caused to reach the target reaching part.

Description

動作確認支援装置、動作確認支援方法及び動作確認支援プログラムOperation check support device, operation check support method and operation check support program
 本開示は、動作確認支援装置、動作確認支援方法及び動作確認支援プログラムに関する。 This disclosure relates to an operation confirmation support device, an operation confirmation support method, and an operation confirmation support program.
 ソフトウェア開発時、動作確認を行う担当者(以下、担当者という)は開発しているソフトウェア自体の動作、又はソフトウェアにより制御される機器の動作確認をするために、入力値により遷移するソフトウェアの内部状態を特定の状態に遷移させる場合がある。
 このような場合、担当者は目標となる特定の状態にソフトウェアの内部状態を遷移させるための入力値を決定する必要がある。そして、担当者は決定した入力値をソフトウェアに入力することで、ソフトウェアの内部状態が実際に目標となる特定の状態へ遷移することが実現できるかを確認する。又は、担当者は、目標となる特定の状態への遷移の実現により、ソフトウェアにより制御される機器が目標となる特定の状態への遷移に対応して動作することができるかを確認する。 During software development, the person in charge of checking the operation (hereinafter referred to as the person in charge) is inside the software that transitions according to the input value in order to check the operation of the software itself being developed or the operation of the device controlled by the software. The state may be transitioned to a specific state.
In such a case, the person in charge needs to determine the input value for transitioning the internal state of the software to a specific target state. Then, the person in charge confirms whether the internal state of the software can actually transition to a specific target state by inputting the determined input value into the software. Alternatively, the person in charge confirms whether the device controlled by the software can operate in response to the transition to the specific target state by realizing the transition to the specific target state.
 このようなソフトウェア開発時の確認作業の具体例として、ソフトウェアを搭載したECU(Electronic Control Unit)等の組込み機器の動作確認作業がある。組込み機器に搭載されたソフトウェアは、複雑な制御を実現するために、ソフトウェアへの入力により遷移する内部状態を持ち、入力及び内部状態によりソフトウェアの出力が変化する。このような組込み機器の特定の動作確認するために、担当者はソフトウェアの内部状態を特定の状態に遷移させる場合がある。そのために、担当者は、ソフトウェアの仕様情報を基に、ソフトウェアの内部状態を表す内部状態値を、内部状態が特定の状態となる値として目標に設定し、設定した目標から遡ってソフトウェアへ入力する入力値を決定する必要がある。 As a specific example of such confirmation work at the time of software development, there is operation confirmation work of an embedded device such as an ECU (Electronic Control Unit) equipped with software. The software installed in the embedded device has an internal state that transitions by input to the software in order to realize complicated control, and the output of the software changes depending on the input and the internal state. In order to confirm the specific operation of such an embedded device, the person in charge may change the internal state of the software to a specific state. Therefore, the person in charge sets an internal state value representing the internal state of the software as a target as a value at which the internal state becomes a specific state based on the software specification information, and inputs it to the software retroactively from the set target. It is necessary to determine the input value to be input.
 しかし、ソフトウェア開発における担当者は、必ずしもソフトウェアの仕様を全て把握しているとは限らない。また、担当者がソフトウェアの仕様を把握しているとしても、担当者はソフトウェアの仕様を考慮して、目標の内部状態値に到達する入力値を決定しなければならず、動作確認に必要な入力値の作成には工数がかかっていた。加えて、様々なシステム又は製品に搭載されるソフトウェアは、社会的な要求に応えて機能を充実させることにより、ソフトウェアの仕様は大規模複雑化している。これに伴い、担当者が入力値を手動で作成する工数が増加している。
 このソフトウェア開発時の動作確認における入力値の作成に関する工数増加を抑制するために、数学及び論理学に基づいてシステムの性質を証明する形式検証技術を用いて、動作確認に必要な入力値を自動で生成する手法がある。 However, the person in charge of software development does not always know all the software specifications. In addition, even if the person in charge knows the software specifications, the person in charge must determine the input value to reach the target internal state value in consideration of the software specifications, which is necessary for operation check. It took a lot of man-hours to create the input value. In addition, the software installed in various systems or products has a large-scale complexity in software specifications by enhancing the functions in response to social demands. Along with this, the man-hours for the person in charge to manually create the input value are increasing.
In order to suppress the increase in man-hours related to creating input values in operation check during software development, the input values required for operation check are automatically calculated using formal verification technology that proves the properties of the system based on mathematics and logic. There is a method to generate with.
 このような形式検証技術を用いた手法の例として、特許文献1に記載された手法がある。特許文献1に記載の手法は、形式検証技術の一つであるモデル検査を用いて、ソフトウェアの動作プログラムの動作確認をする検査装置の手法である。当該文献では、検査装置がソフトウェアへの入力値又はその時系列である入力値列と、ソフトウェアの内部状態値又はその時系列である内部状態値列と、ソフトウェアからの出力値又はその時系列である出力値列とが満たすべき条件が検査条件とされる。そして、SAT(Satisfiability Problem)ソルバを用いて検査条件を満たす入力値列の解を探索し、入力値列の解が存在する場合は、解である入力値列と、内部状態値列と、出力値列とを出力する手法が開示されている。なお、SATソルバは、論理式を取得すると、論理式を真とする解を探索し、探索した結果存在した解を出力する公知の技術である。 As an example of a method using such a formal verification technique, there is a method described in Patent Document 1. The method described in Patent Document 1 is a method of an inspection device that confirms the operation of a software operation program by using model checking, which is one of formal verification techniques. In the document, the inspection device is an input value sequence to the software or an input value sequence thereof, an internal state value of the software or an internal state value sequence to be a time series thereof, and an output value from the software or an output value to be a time series thereof. The inspection condition is the condition that the column must meet. Then, a SAT (Satisfiability Problem) solver is used to search for a solution of the input value string that satisfies the inspection condition, and if a solution of the input value string exists, the input value string, the internal state value string, and the output are the solutions. A method for outputting a value string is disclosed. The SAT solver is a known technique that, when a logical expression is acquired, searches for a solution whose true expression is true and outputs a solution that exists as a result of the search.
特開2019-083018号公報Japanese Unexamined Patent Publication No. 2019-083018
 特許文献1の手法では、ソフトウェアを目標となる特定の内部状態へ遷移させる入力値を求めるために、担当者は目標となる特定の内部状態を表す内部状態値を検査条件として設定する必要がある。つまり、担当者が内部状態に関する仕様情報を参照して、設定対象として目標となる特定の内部状態を選択し、その目標となる特定の内部状態を表す内部状態値を決定する作業が必要となる。したがって、内部状態値を決定する作業により動作確認の工数が増加してしまうといった課題があった。
 また、担当者が人手で内部状態値をSATソルバが解析可能な論理式を作成しなければならない作業も必要となる。したがって、内部状態値をSATソルバが解析可能な論理式を作成する作業により動作確認の工数が増加してしまうといった課題があった。
 特に、大規模なソフトウェア等では、内部状態が取りうる状態の数は多く複雑である。このようなソフトウェアの動作確認では、目標となる特定の内部状態を選択し、内部状態に関する仕様情報を参照し、その目標となる特定の内部状態を表す内部状態値を決定する作業は困難であり、動作確認の工数が大幅に増加してしまう。 In the method of Patent Document 1, in order to obtain an input value for transitioning software to a specific target internal state, the person in charge needs to set an internal state value representing a specific target internal state as an inspection condition. .. That is, it is necessary for the person in charge to refer to the specification information about the internal state, select a specific target internal state as a setting target, and determine an internal state value representing the specific target internal state. .. Therefore, there is a problem that the man-hours for checking the operation increase due to the work of determining the internal state value.
In addition, it is necessary for the person in charge to manually create a logical expression in which the SAT solver can analyze the internal state value. Therefore, there is a problem that the man-hours for operation confirmation increase due to the work of creating a logical expression in which the SAT solver can analyze the internal state value.
In particular, in large-scale software and the like, the number of states that can be taken as internal states is large and complicated. In checking the operation of such software, it is difficult to select a specific internal state as a target, refer to specification information on the internal state, and determine an internal state value representing the specific internal state as the target. , The man-hours for operation check will increase significantly.
 本開示は、ソフトウェアの動作確認作業の工数を削減することを主な目的とする。 The main purpose of this disclosure is to reduce the man-hours for software operation check work.
 本開示に係る動作確認支援装置は、
 入力値を読み込んで動作する動作プログラムのソースコードである動作コードを取得するプログラム情報取得部と、
 前記動作コードの目標到達箇所を含む目標到達箇所に関する情報を検査条件として取得する検査条件取得部と、
 前記検査条件取得部が取得した前記検査条件に含まれる目標到達箇所へ到達したことを判定する判定式を生成する検査条件変換部と、
 前記検査条件変換部が生成した前記判定式を用いて前記目標到達箇所へ到達させる前記入力値として生成値を生成する解析部とを備える。 The operation confirmation support device according to the present disclosure is
A program information acquisition unit that acquires the operation code, which is the source code of the operation program that operates by reading the input value,
An inspection condition acquisition unit that acquires information about a target arrival point including the target arrival point of the operation code as an inspection condition, and an inspection condition acquisition unit.
An inspection condition conversion unit that generates a determination formula for determining that the target reached point included in the inspection condition acquired by the inspection condition acquisition unit has been reached.
It is provided with an analysis unit that generates a generated value as the input value for reaching the target arrival point using the determination formula generated by the inspection condition conversion unit.
 本開示によれば、動作確認の作業において、担当者が動作コードと動作コードの目標到達箇所を含む目標到達箇所に関する情報を入力することで、解析部は動作確認の作業に必要な入力値を生成する。したがって、ソフトウェアの動作確認作業の工数を削減することができる。 According to the present disclosure, in the operation confirmation work, the person in charge inputs the information about the target arrival point including the operation code and the target arrival point of the operation code, so that the analysis unit inputs the input value required for the operation confirmation work. Generate. Therefore, the man-hours for the software operation check work can be reduced.
実施の形態1に係る動作確認支援装置のハードウェア構成例を示す図。The figure which shows the hardware configuration example of the operation confirmation support apparatus which concerns on Embodiment 1. FIG. 実施の形態1に係る動作確認支援装置の機能構成例を示す図。The figure which shows the functional configuration example of the operation confirmation support apparatus which concerns on Embodiment 1. FIG. 実施の形態1に係る動作確認支援装置の処理動作を示すフローチャート。The flowchart which shows the processing operation of the operation confirmation support apparatus which concerns on Embodiment 1. 実施の形態1に係る動作コードを示す図。The figure which shows the operation code which concerns on Embodiment 1. FIG. 実施の形態1に係る動作コードへのマーキング方法を示す図。The figure which shows the marking method to the operation code which concerns on Embodiment 1. FIG. 実施の形態1に係る検査用コードを示す図。The figure which shows the inspection code which concerns on Embodiment 1. FIG. 実施の形態1に係る入力値及び被確認ソフトウェアの実行順序を示す図。The figure which shows the input value which concerns on Embodiment 1 and the execution order of the confirmed software. 実施の形態2に係る動作確認支援装置の処理動作を示すフローチャート。The flowchart which shows the processing operation of the operation confirmation support apparatus which concerns on Embodiment 2. 実施の形態2に係る動作コードを示す図。The figure which shows the operation code which concerns on Embodiment 2. 実施の形態2に係る目標到達順序条件式及び目標到達条件式を示す図。The figure which shows the target arrival order conditional expression and the target arrival condition expression which concerns on Embodiment 2. 実施の形態2に係る条件付き検査用コードを示す図。The figure which shows the conditional inspection code which concerns on Embodiment 2. FIG. 実施の形態3に係る動作確認支援装置の機能構成例を示す図。The figure which shows the functional configuration example of the operation confirmation support apparatus which concerns on Embodiment 3. FIG. 実施の形態3に係る動作確認支援装置の処理動作を示すフローチャート。The flowchart which shows the processing operation of the operation confirmation support apparatus which concerns on Embodiment 3. 実施の形態3に係る動作コードを示す図。The figure which shows the operation code which concerns on Embodiment 3. 実施の形態3に係る入力値及び被確認ソフトウェアの実行順序を示す図。The figure which shows the input value which concerns on Embodiment 3 and the execution order of the confirmed software.
 以下、本開示の実施の形態について、図を用いて説明する。各図中、同一又は相当する部分には、同一符号を付している。実施の形態の説明において、同一又は相当する部分については、説明を適宜省略又は簡略化する。
 なお、本開示は、以下に説明する実施の形態に限定されるものではなく、必要に応じて種々の変更が可能である。例えば、以下に説明する実施の形態のうち、2つ以上の実施の形態が組み合わせられて実施されても構わない。あるいは、以下に説明する実施の形態のうち、1つの実施の形態又は2つ以上の実施の形態の組み合わせが部分的に実施されても構わない。
 以下の説明では、本開示の動作確認対象のソフトウェアを被確認ソフトウェアと示す。そして、被確認ソフトウェアのプログラムを動作プログラムと示す。また、動作プログラムのソースコードを動作コードと示す。 Hereinafter, embodiments of the present disclosure will be described with reference to the drawings. In each figure, the same or corresponding parts are designated by the same reference numerals. In the description of the embodiment, the description will be omitted or simplified as appropriate for the same or corresponding parts.
The present disclosure is not limited to the embodiments described below, and various modifications can be made as necessary. For example, among the embodiments described below, two or more embodiments may be combined and implemented. Alternatively, of the embodiments described below, one embodiment or a combination of two or more embodiments may be partially implemented.
In the following description, the software whose operation is confirmed in the present disclosure is referred to as confirmed software. Then, the program of the confirmed software is shown as an operation program. In addition, the source code of the operation program is shown as the operation code.
 実施の形態1.
 本実施の形態について、図1から図7を用いて説明する。
***構成の説明***
 図1を参照して、本実施の形態に係る動作確認支援装置10のハードウェア構成例を説明する。
 動作確認支援装置10は、コンピュータである。動作確認支援装置10は、プロセッサ11を備えるとともに、メモリ12、通信装置13、及び入出力装置14といった他のハードウェアを備える。プロセッサ11は、信号線を介して他のハードウェアと接続され、これら他のハードウェアを制御する。
 なお、動作確認支援装置10の動作手順は、動作確認支援方法に相当する。また、動作確認支援装置10の動作を実現するプログラムは、動作確認支援プログラムに相当する。 Embodiment 1.
The present embodiment will be described with reference to FIGS. 1 to 7.
*** Explanation of configuration ***
A hardware configuration example of the operation confirmation support device 10 according to the present embodiment will be described with reference to FIG.
The operation confirmation support device 10 is a computer. The operation confirmation support device 10 includes a processor 11, and other hardware such as a memory 12, a communication device 13, and an input / output device 14. The processor 11 is connected to other hardware via a signal line and controls these other hardware.
The operation procedure of the operation confirmation support device 10 corresponds to the operation confirmation support method. Further, the program that realizes the operation of the operation confirmation support device 10 corresponds to the operation confirmation support program.
 プロセッサ11は、プロセッシングを行うIC(Integrated Circuit)である。プロセッサ11は、具体例としては、CPU(Central Processing Unit)、DSP(Digital Signal Processor)等である。
 プロセッサ11は、動作確認支援装置10の動作を実現するプログラムを実行する。動作確認支援装置10の動作を実現するプログラムは、後述の、プログラム情報取得部15、検査条件取得部16、検査条件変換部17、解析部18、及び入力値出力部19の機能を実現するプログラムである。 The processor 11 is an IC (Integrated Circuit) that performs processing. Specific examples of the processor 11 include a CPU (Central Processing Unit), a DSP (Digital Signal Processor), and the like.
The processor 11 executes a program that realizes the operation of the operation confirmation support device 10. The program that realizes the operation of the operation confirmation support device 10 is a program that realizes the functions of the program information acquisition unit 15, the inspection condition acquisition unit 16, the inspection condition conversion unit 17, the analysis unit 18, and the input value output unit 19, which will be described later. Is.
 メモリ12は、記憶装置である。メモリ12は、具体例としては、RAM(Random Access Memory)、フラッシュメモリ又はこれらの組み合わせである。
 メモリ12には、動作確認支援装置10の動作を実現するプログラム、動作コード30、及び被確認ソフトウェアの仕様情報が記憶される。被確認ソフトウェアは、任意の種類のソフトウェアでよいが、本実施の形態では組込みソフトウェアであるとして説明を進める。 The memory 12 is a storage device. The memory 12 is, as a specific example, a RAM (Random Access Memory), a flash memory, or a combination thereof.
The memory 12 stores the program for realizing the operation of the operation confirmation support device 10, the operation code 30, and the specification information of the software to be confirmed. The software to be confirmed may be any kind of software, but in the present embodiment, the description will proceed assuming that it is embedded software.
 通信装置13は、信号線を介して接続先との情報の通信処理を実行する電子回路である。通信装置13は、動作確認支援装置10に入力される情報を受信するレシーバと、動作確認支援装置10から出力される情報を送信するトランスミッタとを含む。通信装置13は、具体例としては、通信チップ又はNIC(Network Interface Card)である。 The communication device 13 is an electronic circuit that executes information communication processing with a connection destination via a signal line. The communication device 13 includes a receiver that receives information input to the operation confirmation support device 10 and a transmitter that transmits information output from the operation confirmation support device 10. As a specific example, the communication device 13 is a communication chip or a NIC (Network Interface Card).
 入出力装置14は、情報の入出力処理を実行する電子回路である。入出力装置14は、動作確認支援装置10へ入力される入力情報の入力操作に用いられる入力機器又は動作確認支援装置10から出力される出力情報を画面に表示するディスプレイ等の外部装置に接続される。
 入力機器は、具体例としては、マウス、キーボード、タッチパネル、又は、これらのうちいくつか、もしくは、すべての組み合わせである。ディスプレイは、具体例としては、LCD(Liquid Crystal Display)である。ディスプレイは、後述のプログラム情報取得部15が取得した動作コード30を表示してもよい。また、ディスプレイは、後述の入力値出力部19が出力した入力値を表示してもよい。なお、入力値出力部19が出力した入力値は、後述の解析部18が生成する入力値と同一であり、以下では生成値34として説明する。 The input / output device 14 is an electronic circuit that executes information input / output processing. The input / output device 14 is connected to an input device used for input operation of input information input to the operation confirmation support device 10 or an external device such as a display for displaying output information output from the operation confirmation support device 10 on a screen. NS.
The input device is, for example, a mouse, a keyboard, a touch panel, or a combination of some or all of them. As a specific example, the display is an LCD (Liquid Crystal Display). The display may display the operation code 30 acquired by the program information acquisition unit 15 described later. Further, the display may display the input value output by the input value output unit 19 described later. The input value output by the input value output unit 19 is the same as the input value generated by the analysis unit 18 described later, and will be described below as the generated value 34.
 動作確認支援装置10の動作を実現するプログラムは、メモリ12からプロセッサ11に読み込まれ、プロセッサ11によって実行される。メモリ12には、動作確認支援装置10の動作を実現するプログラムだけでなく、OS(Operating System)も記憶されている。プロセッサ11は、OSの少なくとも一部を実行しながら、動作確認支援装置10の動作を実現するプログラムを実行する。なお、動作確認支援装置10の動作を実現するプログラムの一部又は全部がOSに組み込まれていてもよい。プロセッサ11がOSを実行することで、タスク管理、メモリ管理、ファイル管理、通信制御等が行われる。
 動作確認支援装置10の動作を実現するプログラム、動作コード30、被確認ソフトウェアの仕様情報、及びOSは、補助記憶装置に記憶されていてもよい。補助記憶装置は、具体例としては、ハードディスク、フラッシュメモリ又はこれらの組み合わせである。また、補助記憶装置は、SSD(登録商標、Solid State Drive)、SD(登録商標、Secure Digital)メモリカード、CF(登録商標、CompactFlash)、NANDフラッシュ、フレキシブルディスク、光ディスク、コンパクトディスク、ブルーレイ(登録商標)ディスク、DVD(登録商標、Digital Versatile Disk)といった可搬記録媒体又はこれらの組み合わせであってもよい。 The program that realizes the operation of the operation confirmation support device 10 is read from the memory 12 into the processor 11 and executed by the processor 11. In the memory 12, not only the program that realizes the operation of the operation confirmation support device 10 but also the OS (Operating System) is stored. The processor 11 executes a program that realizes the operation of the operation confirmation support device 10 while executing at least a part of the OS. A part or all of the program that realizes the operation of the operation confirmation support device 10 may be incorporated in the OS. When the processor 11 executes the OS, task management, memory management, file management, communication control, and the like are performed.
The program for realizing the operation of the operation confirmation support device 10, the operation code 30, the specification information of the software to be confirmed, and the OS may be stored in the auxiliary storage device. The auxiliary storage device is, for example, a hard disk, a flash memory, or a combination thereof. Auxiliary storage devices include SSD (registered trademark, Solid State Drive), SD (registered trademark, Secure Digital) memory card, CF (registered trademark, CompactFlash), NAND flash, flexible disk, optical disk, compact disk, and Blu-ray (registered). It may be a portable recording medium such as a (trademark) disc, a DVD (registered trademark, Digital Versaille Disk), or a combination thereof.
 動作確認支援装置10の動作を実現するプログラム及びOSは、補助記憶装置に記憶されている場合、補助記憶装置からメモリ12にロードされ、メモリ12からプロセッサ11に読み込まれ、プロセッサ11によって実行される。
 動作確認支援装置10は、プロセッサ11を代替する複数のプロセッサを備えていてもよい。これら複数のプロセッサは、動作確認支援装置10の動作を実現するプログラムの実行を分担する。それぞれのプロセッサは、具体例としては、CPUである。
 動作確認支援装置10の動作を実現するプログラムにより利用、処理又は出力されるデータ、情報、信号値、及び変数値は、メモリ12、補助記憶装置、又は、プロセッサ11内のレジスタ又はキャッシュメモリの少なくともいずれかに記憶される。 When the program and OS that realize the operation of the operation confirmation support device 10 are stored in the auxiliary storage device, they are loaded from the auxiliary storage device into the memory 12, read from the memory 12 into the processor 11, and executed by the processor 11. ..
The operation confirmation support device 10 may include a plurality of processors that replace the processor 11. These plurality of processors share the execution of the program that realizes the operation of the operation confirmation support device 10. Each processor is, as a specific example, a CPU.
The data, information, signal values, and variable values used, processed, or output by the program that realizes the operation of the operation confirmation support device 10 are at least the memory 12, the auxiliary storage device, or the register or cache memory in the processor 11. It is stored in either.
 動作確認支援装置10の動作を実現するプログラムは、コンピュータ読取可能な媒体に記憶されて提供されてもよく、記憶媒体に格納されて提供されてもよく、またプログラムプロダクトとして提供されてもよい。プログラムプロダクトは、見た目形式の物に限られなく、コンピュータ読取可能なプログラムをロードしているものである。また、動作確認支援装置10の動作を実現するプログラムは、ネットワークを介して提供されてもよい。 The program that realizes the operation of the operation confirmation support device 10 may be stored and provided in a computer-readable medium, may be stored in the storage medium and provided, or may be provided as a program product. A program product is not limited to a visual form, but is loaded with a computer-readable program. Further, the program that realizes the operation of the operation confirmation support device 10 may be provided via the network.
 図2を参照して、本実施の形態に係る動作確認支援装置10の機能構成例を説明する。
 動作確認支援装置10は、プログラム情報取得部15、検査条件取得部16、検査条件変換部17、解析部18、及び入力値出力部19を備える。 An example of the functional configuration of the operation confirmation support device 10 according to the present embodiment will be described with reference to FIG.
The operation confirmation support device 10 includes a program information acquisition unit 15, an inspection condition acquisition unit 16, an inspection condition conversion unit 17, an analysis unit 18, and an input value output unit 19.
 プログラム情報取得部15は、動作コード30をメモリ12から、又は通信装置13を介して接続先から取得する。 The program information acquisition unit 15 acquires the operation code 30 from the memory 12 or from the connection destination via the communication device 13.
 検査条件取得部16は、検査条件31として、プログラム情報取得部15が取得した動作コード30における動作確認の目標となる目標到達箇所を含む目標到達箇所に関する情報(以下、目標到達箇所情報という)を取得する。本実施の形態に係る検査条件31は、担当者により入出力装置14を介して外部装置から入力される。
 検査条件31には、少なくとも1つ以上の目標到達箇所が含まれる。目標到達箇所は、動作コード30における特定の箇所であり、動作確認の目標とする箇所である。より具体的には、目標到達箇所は、動作コード30の行番号である。したがって、目標到達箇所情報は動作コード30の行番号として入力され、検査条件取得部16により検査条件31として取得される。また、それに限らず、入出力装置14を介してディスプレイに表示された動作コード30に直接、目標到達箇所をマーキングし、指定することで目標到達箇所情報が入力されてもよい。 As the inspection condition 31, the inspection condition acquisition unit 16 provides information (hereinafter, referred to as target arrival location information) regarding the target arrival location including the target arrival location that is the target of the operation check in the operation code 30 acquired by the program information acquisition unit 15. get. The inspection condition 31 according to the present embodiment is input by the person in charge from the external device via the input / output device 14.
The inspection condition 31 includes at least one or more target arrival points. The target reaching location is a specific location in the operation code 30, and is a target location for operation confirmation. More specifically, the target arrival point is the line number of the operation code 30. Therefore, the target arrival location information is input as the line number of the operation code 30, and is acquired as the inspection condition 31 by the inspection condition acquisition unit 16. Further, the present invention is not limited to this, and the target arrival location information may be input by directly marking and designating the target arrival location on the operation code 30 displayed on the display via the input / output device 14.
 検査条件変換部17は、検査条件取得部16が取得した検査条件31を基に、検査条件31に含まれる目標到達箇所へ到達したことを判定する判定式を生成する。
 本実施の形態では、検査条件31に含まれる目標到達箇所へ到達したことを判定する判定式は、解析部18が解析可能な論理式として生成される。この判定式の論理式は、目標到達箇所を示す動作コード30の行番号へ到達したときに満たされる条件を示した条件式の論理式であり、目標到達条件式32ともいう。
 また、検査条件変換部17は、検査条件取得部16が取得した検査条件31を基に、目標到達箇所変数を用いた到達判定に用いるコードをプログラム情報取得部15が取得した動作コード30に追加した検査用コードを生成する。そして、検査条件変換部17は、検査用コードを解析部18のSATソルバが解析可能な論理式へ変換して検査用コードの論理式33を生成する。
 したがって、検査条件変換部17の出力は、目標到達条件式32と検査用コードの論理式33となる。 The inspection condition conversion unit 17 generates a determination formula for determining that the target arrival point included in the inspection condition 31 has been reached, based on the inspection condition 31 acquired by the inspection condition acquisition unit 16.
In the present embodiment, the determination formula for determining that the target arrival point included in the inspection condition 31 has been reached is generated as a logical expression that can be analyzed by the analysis unit 18. The logical expression of this determination expression is a logical expression of the conditional expression indicating the condition to be satisfied when the line number of the operation code 30 indicating the target arrival point is reached, and is also referred to as the target arrival condition expression 32.
Further, the inspection condition conversion unit 17 adds a code used for the arrival determination using the target arrival location variable to the operation code 30 acquired by the program information acquisition unit 15 based on the inspection condition 31 acquired by the inspection condition acquisition unit 16. Generate the inspection code. Then, the inspection condition conversion unit 17 converts the inspection code into a logical expression that can be analyzed by the SAT solver of the analysis unit 18 to generate the logical expression 33 of the inspection code.
Therefore, the output of the inspection condition conversion unit 17 becomes the target achievement condition expression 32 and the logical expression 33 of the inspection code.
 解析部18は、検査条件変換部17が生成した目標到達条件式32を用いて目標到達箇所へ到達させる入力値を探索し、目標到達箇所へ到達させる入力値として生成値34を生成する。より具体的には、解析部18は、SATソルバを用いて、検査条件変換部17が生成した目標到達条件式32と検査用コードの論理式33の論理積を解くことで、目標到達箇所へ到達させる入力値を探索する。そして、解析部18は、目標到達箇所へ到達させる入力値として生成値34を生成する。なお、論理積を解くとは、論理積で表される論理式を充足する解、つまり論理式を真とさせる論理変数の解である入力値を求めることである。 The analysis unit 18 searches for an input value to reach the target arrival point using the target arrival condition formula 32 generated by the inspection condition conversion unit 17, and generates a generated value 34 as an input value to reach the target arrival point. More specifically, the analysis unit 18 uses the SAT solver to solve the logical product of the target achievement condition formula 32 generated by the inspection condition conversion unit 17 and the logical formula 33 of the inspection code to reach the target arrival location. Search for the input value to be reached. Then, the analysis unit 18 generates a generated value 34 as an input value for reaching the target arrival point. Note that solving the logical product means finding an input value that satisfies the logical expression represented by the logical product, that is, the solution of the logical variable that makes the logical expression true.
 入力値出力部19は、解析部18が生成した生成値34を出力する。また、入力値出力部19は、解析部18は探索の結果、生成値34が生成できなかった場合には、生成値34が生成できなかった旨の通知を出力する。 The input value output unit 19 outputs the generated value 34 generated by the analysis unit 18. Further, the input value output unit 19 outputs a notification that the generated value 34 cannot be generated when the analysis unit 18 cannot generate the generated value 34 as a result of the search.
 また、プログラム情報取得部15、検査条件取得部16、検査条件変換部17、解析部18、及び入力値出力部19の「部」を、「回路」又は「工程」又は「手順」又は「処理」に読み替えてもよい。
 また、動作確認支援装置10は、処理回路により実現されてもよい。処理回路は、例えば、ロジックIC(Integrated Circuit)、GA(Gate Array)、ASIC(Application Specific Integrated Circuit)、FPGA(Field-Programmable Gate Array)である。
 この場合は、プログラム情報取得部15、検査条件取得部16、検査条件変換部17、解析部18、及び入力値出力部19は、それぞれ処理回路の一部として実現される。
 なお、本明細書では、プロセッサと処理回路との上位概念を、「プロセッシングサーキットリー」という。
 つまり、プロセッサと処理回路とは、それぞれ「プロセッシングサーキットリー」の具体例である。
 動作確認支援装置10の動作を実現するプログラムは、プログラム情報取得部15、検査条件取得部16、検査条件変換部17、解析部18、及び入力値出力部19により行われる手順をそれぞれプログラム情報取得手順、検査条件取得手順、検査条件変換手順、解析手順及び入力値出力手順としてコンピュータに実行させるプログラムである。 Further, the "units" of the program information acquisition unit 15, the inspection condition acquisition unit 16, the inspection condition conversion unit 17, the analysis unit 18, and the input value output unit 19 are "circuits" or "processes" or "procedures" or "processes". May be read as.
Further, the operation confirmation support device 10 may be realized by a processing circuit. The processing circuit is, for example, a logic IC (Integrated Circuit), a GA (Gate Array), an ASIC (Application Specific Integrated Circuit), or an FPGA (Field-Programmable Gate Array).
In this case, the program information acquisition unit 15, the inspection condition acquisition unit 16, the inspection condition conversion unit 17, the analysis unit 18, and the input value output unit 19 are each realized as a part of the processing circuit.
In this specification, the superordinate concept of the processor and the processing circuit is referred to as "processing circuit Lee".
That is, the processor and the processing circuit are specific examples of the "processing circuit Lee", respectively.
The program that realizes the operation of the operation confirmation support device 10 acquires program information by performing the procedures performed by the program information acquisition unit 15, the inspection condition acquisition unit 16, the inspection condition conversion unit 17, the analysis unit 18, and the input value output unit 19, respectively. It is a program to be executed by a computer as a procedure, an inspection condition acquisition procedure, an inspection condition conversion procedure, an analysis procedure, and an input value output procedure.
***動作の説明***
 図3から図7を参照して、本実施の形態に係る動作確認支援装置10の動作例を説明する。 *** Explanation of operation ***
An operation example of the operation confirmation support device 10 according to the present embodiment will be described with reference to FIGS. 3 to 7.
 まず、図3のフローチャートを参照して、本実施の形態に係る動作確認支援装置10の処理動作の例を説明する。 First, an example of the processing operation of the operation confirmation support device 10 according to the present embodiment will be described with reference to the flowchart of FIG.
 ステップS101において、プログラム情報取得部15は、動作コード30を取得する。そして、処理はステップS102へ進む。 In step S101, the program information acquisition unit 15 acquires the operation code 30. Then, the process proceeds to step S102.
 次に、ステップS102において、検査条件取得部16は、検査条件31として、動作コード30の目標到達箇所情報を、入出力装置14を介して外部装置から取得する。そして、処理はステップS103へ進む。 Next, in step S102, the inspection condition acquisition unit 16 acquires the target arrival location information of the operation code 30 from the external device via the input / output device 14 as the inspection condition 31. Then, the process proceeds to step S103.
 次に、ステップS103において、検査条件変換部17は、ステップS102の処理において検査条件取得部16が取得した検査条件31を基に、目標到達箇所変数を定義する。目標到達箇所変数は、目標到達箇所へ到達したことを判定する到達判定に用いられる変数である。そして、処理はステップS104へ進む。 Next, in step S103, the inspection condition conversion unit 17 defines a target arrival point variable based on the inspection condition 31 acquired by the inspection condition acquisition unit 16 in the process of step S102. The target arrival point variable is a variable used for the arrival determination for determining that the target arrival point has been reached. Then, the process proceeds to step S104.
 次に、ステップS104において、検査条件変換部17は、ステップS102の処理において検査条件取得部16が取得した検査条件31を基に、目標到達箇所変数を用いた到達判定に用いるコードを動作コード30に追加した検査用コードを生成する。
 検査用コードは、動作コード30において、目標到達箇所の行へ到達時に必ず実行される、目標到達箇所の行の前後の行のうちどちらか一方に、目標到達箇所変数の演算式で示されるコードを挿入したものとなる。
 そして、検査条件変換部17は、検査用コードを解析部18のSATソルバが解析可能な論理式へ変換して検査用コードの論理式33を生成する。そして、処理はステップS105へ進む。 Next, in step S104, the inspection condition conversion unit 17 uses the code used for the arrival determination using the target arrival location variable based on the inspection condition 31 acquired by the inspection condition acquisition unit 16 in the process of step S102 as the operation code 30. Generate the inspection code added to.
The inspection code is the code indicated by the arithmetic expression of the target arrival point variable in one of the lines before and after the target arrival point line, which is always executed when the target arrival point line is reached in the operation code 30. Is inserted.
Then, the inspection condition conversion unit 17 converts the inspection code into a logical expression that can be analyzed by the SAT solver of the analysis unit 18 to generate the logical expression 33 of the inspection code. Then, the process proceeds to step S105.
 次に、ステップS105において、検査条件変換部17は、ステップS102の処理において取得された検査条件31を基に、目標到達箇所変数を用いて到達判定に用いる目標到達条件式32を生成する。検査条件変換部17が生成する目標到達条件式32は、検査用コードに含まれる目標到達箇所変数を用いた到達判定に用いるコードを挿入した行が実行されたときに目標到達箇所変数が満たす条件を論理式で示した条件式である。そして、処理はステップS106へ進む。
 なお、ステップS105の処理とステップS104の処理とは依存関係がないため、動作確認支援装置10は実行順序を入れ替えて実行したり並行して実行したりしてもよい。 Next, in step S105, the inspection condition conversion unit 17 generates a target arrival condition expression 32 used for the arrival determination using the target arrival location variable based on the inspection condition 31 acquired in the process of step S102. The target arrival condition expression 32 generated by the inspection condition conversion unit 17 is a condition satisfied by the target arrival location variable when the line in which the code used for the arrival determination using the target arrival location variable included in the inspection code is inserted is executed. Is a conditional expression shown by a logical expression. Then, the process proceeds to step S106.
Since there is no dependency between the process of step S105 and the process of step S104, the operation confirmation support device 10 may be executed by changing the execution order or in parallel.
 次に、ステップS106において、解析部18は、SATソルバを用いて検査用コードの論理式33と目標到達条件式32との論理積を解くことで、目標到達箇所へ到達させる入力値を探索する。
 論理積の解である入力値が存在した場合、解析部18は、目標到達箇所へ到達させる入力値として生成値34を生成する。そして、処理はステップS107へ進む。
 一方、論理積の解である入力値が存在しない場合、解析部18は、生成値34を生成せず、生成値34を生成できなかったことを入力値出力部19に通知する。そして、処理はステップS108へ進む。 Next, in step S106, the analysis unit 18 searches for an input value to reach the target arrival point by solving the logical product of the logical expression 33 of the inspection code and the target arrival condition expression 32 using the SAT solver. ..
When there is an input value that is a solution of the logical product, the analysis unit 18 generates a generated value 34 as an input value for reaching the target arrival point. Then, the process proceeds to step S107.
On the other hand, when the input value which is the solution of the logical product does not exist, the analysis unit 18 does not generate the generated value 34 and notifies the input value output unit 19 that the generated value 34 could not be generated. Then, the process proceeds to step S108.
 次に、ステップS107において、入力値出力部19は、ステップS106において解析部18が生成した生成値34を、入出力装置14を介して外部装置に出力する。 Next, in step S107, the input value output unit 19 outputs the generated value 34 generated by the analysis unit 18 in step S106 to the external device via the input / output device 14.
 次に、ステップS108において、入力値出力部19は、ステップS106において解析部18が検査用コードの論理式33と目標到達条件式32の論理積の解がなく、生成値34が生成できない旨の通知を出力する。入力値出力部19は、この通知を出力することによって、目標到達箇所で示される特定の内部状態への遷移は、被確認ソフトウェアにおいて起こりえない動作であることを担当者に通知する。 Next, in step S108, the input value output unit 19 indicates that in step S106, the analysis unit 18 does not have a solution of the logical product of the logical expression 33 of the inspection code and the target achievement condition expression 32, and the generated value 34 cannot be generated. Output a notification. By outputting this notification, the input value output unit 19 notifies the person in charge that the transition to the specific internal state indicated at the target arrival point is an operation that cannot occur in the confirmed software.
 図4に示す動作コード30の具体例を用いて、本実施の形態における動作確認支援装置10のより詳細な動作例を説明する。
 具体的には、以下の例では、図4に示す動作コード30で生成される被確認ソフトウェアのSLEEPモードでの動作確認のために、動作確認支援装置10が被確認ソフトウェアの内部状態をSLEEPモードへ遷移させる生成値34を生成する動作を説明する。
 なお、図4の左端にある数字列は動作コード30の行番号を示す。
 本例の動作コード30は、被確認ソフトウェアの内部状態である動作モードを表すモード変数modeと、入力値を代入する2つの入力変数Demo_I_x及びDemo_I_yと、出力値を代入する出力変数Demo_Oとを有する。 A more detailed operation example of the operation confirmation support device 10 according to the present embodiment will be described with reference to a specific example of the operation code 30 shown in FIG.
Specifically, in the following example, in order to confirm the operation of the confirmed software generated by the operation code 30 shown in FIG. 4 in the SLEEP mode, the operation confirmation support device 10 sets the internal state of the confirmed software to the SLEEP mode. The operation of generating the generated value 34 to be transitioned to will be described.
The number string at the left end of FIG. 4 indicates the line number of the operation code 30.
The operation code 30 of this example has a mode variable mode representing the operation mode which is the internal state of the software to be confirmed, two input variables Demo_I_x and Demo_I_y for substituting the input value, and an output variable Demo_O for substituting the output value. ..
 図3のステップS101において、プログラム情報取得部15は、図4に示す動作コード30を取得する。そして、処理はステップS102へ進む。
 なお、本例では動作コード30は1つの関数mainを記述した1ファイルだけだが、これに限らず、複数の関数又は複数のファイルの集合であってもよい。 In step S101 of FIG. 3, the program information acquisition unit 15 acquires the operation code 30 shown in FIG. Then, the process proceeds to step S102.
In this example, the operation code 30 is only one file in which one function main is described, but the operation code 30 is not limited to this, and may be a plurality of functions or a set of a plurality of files.
 図3のステップS102において、検査条件取得部16は、動作コード30における目標到達箇所情報を検査条件31として取得する。そして、処理はステップS103へ進む。
 本例において、動作コード30における目標到達箇所は、「動作モードがSLEEPモードに遷移した被確認ソフトウェアの内部状態」に相当する図4に示す動作コード30の26行目である。
 したがって、本例では、担当者は、入出力装置14を介して検査条件取得部16に直接、「動作コード30の26行目」という情報を、目標到達箇所情報として入力する。
 ただし、目標到達箇所情報の入力方法はこれに限らず、図5で示すように、入出力装置14を介してディスプレイに表示された動作コード30に目標到達箇所を視覚的にマーキングする方法等、動作コード30の中の特定箇所を指定して入力する方法であればよい。 In step S102 of FIG. 3, the inspection condition acquisition unit 16 acquires the target arrival location information in the operation code 30 as the inspection condition 31. Then, the process proceeds to step S103.
In this example, the target arrival point in the operation code 30 is the 26th line of the operation code 30 shown in FIG. 4, which corresponds to the “internal state of the confirmed software whose operation mode has changed to the SLEEP mode”.
Therefore, in this example, the person in charge directly inputs the information "26th line of the operation code 30" to the inspection condition acquisition unit 16 via the input / output device 14 as the target arrival location information.
However, the method of inputting the target arrival point information is not limited to this, and as shown in FIG. 5, a method of visually marking the target arrival point on the operation code 30 displayed on the display via the input / output device 14, etc. Any method may be used as long as it is a method of designating and inputting a specific part in the operation code 30.
 図3のステップS103において、検査条件変換部17は、「動作コード30の26行目」という1つの検査条件31を基に、1つの目標到達箇所変数reachを定義する。そして、処理はステップS104へ進む。
 ここで定義される目標到達箇所変数reachの初期値は0である。 In step S103 of FIG. 3, the inspection condition conversion unit 17 defines one target arrival point variable reach based on one inspection condition 31 of “26th line of the operation code 30”. Then, the process proceeds to step S104.
The initial value of the target arrival point variable reach defined here is 0.
 図3のステップS104において、検査条件変換部17は、「動作コード30の26行目」という検査条件31を基に、図6に示すように、27行目に目標到達箇所変数の演算式(reach++;)のコードを挿入して追加した、検査用コードを生成する。
 さらに、検査条件変換部17は、検査用コードをSATソルバが解析可能な論理式に変換して、検査用コードの論理式33を生成する。そして、処理はステップS105に進む。 In step S104 of FIG. 3, the inspection condition conversion unit 17 is based on the inspection condition 31 of "the 26th line of the operation code 30", and as shown in FIG. Generate the inspection code added by inserting the code of reach ++;).
Further, the inspection condition conversion unit 17 converts the inspection code into a logical expression that can be analyzed by the SAT solver, and generates the logical expression 33 of the inspection code. Then, the process proceeds to step S105.
 図3のステップS105において、検査条件変換部17は、検査条件31を基に定義した目標到達箇所変数reachを基に、目標到達箇所へ到達したときに満たされる目標到達条件式32として「reach>0」を生成する。そして、処理はステップS106へ進む。 In step S105 of FIG. 3, the inspection condition conversion unit 17 sets the target arrival condition expression 32 to be satisfied when the target arrival point is reached, based on the target arrival point variable reach defined based on the inspection condition 31, “reach>. 0 "is generated. Then, the process proceeds to step S106.
 図3のステップS106において、解析部18は、SATソルバを用いて検査用コードの論理式33と目標到達条件式32との論理積を解く。そして、解析部18は、被確認ソフトウェアの実行処理が目標到達箇所である動作コード30の26行目に到達するまでに入力変数Demo_I_x及びDemo_I_yへ代入される入力値を探索する。そして、解析部18は、目標到達箇所へ到達させる入力値として生成値34を生成する。
 本例では、被確認ソフトウェアの実行処理がreach++;を挿入された検査用コードの27行目に到達し、目標到達条件式32である「reach>0」を真にする解である目標到達箇所へ到達させる入力値が存在する。したがって、目標到達箇所へ到達させる入力値として生成値34が生成される。そのため、処理はステップS107へ進む。 In step S106 of FIG. 3, the analysis unit 18 solves the logical product of the logical expression 33 of the inspection code and the target achievement condition expression 32 using the SAT solver. Then, the analysis unit 18 searches for the input values to be assigned to the input variables Demo_I_x and Demo_I_y by the time the execution process of the confirmed software reaches the 26th line of the operation code 30 which is the target arrival point. Then, the analysis unit 18 generates a generated value 34 as an input value for reaching the target arrival point.
In this example, the execution process of the confirmed software reaches the 27th line of the inspection code in which reach ++; is inserted, and the target arrival location is a solution that makes "reach>0", which is the target achievement conditional expression 32, true. There is an input value to reach. Therefore, the generated value 34 is generated as an input value for reaching the target arrival point. Therefore, the process proceeds to step S107.
 図3のステップS107において、入力値出力部19は、ステップS106の処理で生成された生成値34を出力する。 In step S107 of FIG. 3, the input value output unit 19 outputs the generated value 34 generated in the process of step S106.
 図7では、本例で生成される生成値34及び目標到達箇所へ到達するまでの被確認ソフトウェアの実行順序を示す。
 図7の右下の表は、被確認ソフトウェアへの入力として、3回の被確認ソフトウェアの実行周期の各々の周期に入力変数Demo_I_x及びDemo_I_yへ代入される入力値を示す。
 具体的には、1周期目に入力変数Demo_I_x及びDemo_I_yへ代入される入力値は、10と3である。また、2周期目に入力変数Demo_I_x及びDemo_I_yへ代入される入力値は、90と3である。また、3周期目に入力変数Demo_I_x及びDemo_I_yへ代入される入力値は、どちらも任意の値を示すxxとyyである。 FIG. 7 shows the generated value 34 generated in this example and the execution order of the confirmed software until the target arrival point is reached.
The table at the lower right of FIG. 7 shows the input values assigned to the input variables Demo_I_x and Demo_I_y in each of the three execution cycles of the confirmed software as inputs to the confirmed software.
Specifically, the input values assigned to the input variables Demo_I_x and Demo_I_y in the first cycle are 10 and 3. The input values assigned to the input variables Demo_I_x and Demo_I_y in the second cycle are 90 and 3. Further, the input values assigned to the input variables Demo_I_x and Demo_I_y in the third cycle are both xx and yy indicating arbitrary values.
 図7の右上の表は、入力変数Demo_I_x及びDemo_I_yに入力値が代入される前後の出力変数Demo_Oの値及びモード変数modeの値を示す。
 具体的には、1周期目の開始時、出力変数Demo_Oは値をもたず、モード変数modeはSTARTである。入力変数Demo_I_x及びDemo_I_yへ10と3が代入されると、動作コード30の8行目及び9行目の処理が実行され、出力変数Demo_Oに100が、モード変数modeにRUNが代入される。そして、1周期目の終了時には出力変数Demo_Oは100となり、モード変数modeはRUNとなる。
 また、2周期目の開始時、出力変数Demo_Oは100、モード変数modeはRUNである。入力変数Demo_I_x及びDemo_I_yへ90と3が代入されると、動作コード30の21行目及び22行目の処理が実行され、出力変数Demo_Oに50が、モード変数modeにSLEEPが代入される。そして、1周期目の終了時には出力変数Demo_Oは50となり、モード変数modeはSLEEPとなる。
 また、3周期目の開始時、出力変数Demo_Oは50、モード変数modeはSLEEPである。入力変数Demo_I_x及びDemo_I_yへ代入される値がどの値であるかに関わらず、被確認ソフトウェアの実行処理が本例の目標到達箇所を示す動作コード30の26行目に到達する。 The table on the upper right of FIG. 7 shows the values of the output variable Demo_O and the value of the mode variable mode before and after the input values are assigned to the input variables Demo_I_x and Demo_I_y.
Specifically, at the start of the first cycle, the output variable Demo_O has no value, and the mode variable mode is START. When 10 and 3 are assigned to the input variables Demo_I_x and Demo_I_y, the processing of the 8th and 9th lines of the operation code 30 is executed, 100 is assigned to the output variable Demo_O, and RUN is assigned to the mode variable mode. Then, at the end of the first cycle, the output variable Demo_O becomes 100, and the mode variable mode becomes RUN.
At the start of the second cycle, the output variable Demo_O is 100 and the mode variable mode is RUN. When 90 and 3 are assigned to the input variables Demo_I_x and Demo_I_y, the processing of the 21st and 22nd lines of the operation code 30 is executed, 50 is assigned to the output variable Demo_O, and SLEEP is assigned to the mode variable mode. Then, at the end of the first cycle, the output variable Demo_O becomes 50, and the mode variable mode becomes SLEEP.
At the start of the third cycle, the output variable Demo_O is 50 and the mode variable mode is SLEEP. Regardless of which value is assigned to the input variables Demo_I_x and Demo_I_y, the execution process of the confirmed software reaches the 26th line of the operation code 30 indicating the target arrival point of this example.
 本例では、図7の右下の表で示される、入力変数Demo_I_x及びDemo_I_yへの入力値が、1周期目では10と3、2周期目では90と3、3周期目では各々任意の値、という3周期分の入力値として生成値34が出力される。
 このように、本実施の形態では、生成される生成値34は、1周期分のみとは限らず、複数周期分の入力値列として生成されてもよい。 In this example, the input values to the input variables Demo_I_x and Demo_I_y shown in the lower right table of FIG. 7 are 10 and 3 in the first cycle, 90 and 3 in the second cycle, and arbitrary values in the third cycle, respectively. The generated value 34 is output as an input value for three cycles.
As described above, in the present embodiment, the generated value 34 to be generated is not limited to one cycle, and may be generated as an input value string for a plurality of cycles.
 以上のように生成された生成値34を各々の実行周期で被確認ソフトウェアへ入力して実行することで、被確認ソフトウェアの実行処理は3周期目において動作コード30の26行目に到達し、内部状態がSLEEPモードへと遷移する。したがって、SLEEPモードにおける動作確認を行うことが可能となる。
 なお、本例では、検査条件取得部16が1つの目標到達箇所を含む目標到達箇所情報を検査条件31として取得する場合を説明したが、それに限らず、複数の目標到達箇所を含む目標到達箇所情報を検査条件31として取得してもよい。具体例としては、「動作コード30の11行目と26行目」というように、検査条件取得部16は2つの目標到達箇所を示す動作コード30の2つの行番号を検査条件31として取得してもよい。
 そして、動作確認支援装置10は、これら「動作コード30の11行目と26行目」という2つの目標到達箇所の両方の目標到達箇所へ到達するような生成値34を生成してもよい。
 また、動作確認支援装置10は、2つの目標到達箇所の両方の目標到達箇所へ到達するような生成値34を生成できなかった場合、2つの目標到達箇所の両方の目標到達箇所へ到達するような生成値34を生成できなかったことを通知してもよい。
 また、動作確認支援装置10は、2つの目標到達箇所の両方へ到達するような生成値34を生成できず、且ついずれかの目標到達箇所へのみ到達する生成値34を生成できた場合、2つの目標到達箇所の両方の目標到達箇所へ到達するような生成値34を生成できなかったことと共にいずれかの目標到達箇所へしか到達できないことを通知してもよい。 By inputting the generated value 34 generated as described above into the confirmed software in each execution cycle and executing it, the execution process of the confirmed software reaches the 26th line of the operation code 30 in the third cycle. The internal state transitions to SLEEP mode. Therefore, it is possible to check the operation in the SLEEP mode.
In this example, the case where the inspection condition acquisition unit 16 acquires the target arrival point information including one target arrival point as the inspection condition 31 has been described, but the present invention is not limited to this, and the target arrival point including a plurality of target arrival points is not limited to the above. Information may be acquired as inspection condition 31. As a specific example, the inspection condition acquisition unit 16 acquires two line numbers of the operation code 30 indicating two target arrival points as the inspection condition 31, such as "11th line and 26th line of the operation code 30". You may.
Then, the operation confirmation support device 10 may generate a generation value 34 that reaches both target arrival points of these two target arrival points, that is, the 11th line and the 26th line of the operation code 30.
Further, when the operation confirmation support device 10 cannot generate the generated value 34 that reaches both target arrival points of the two target arrival points, the operation confirmation support device 10 is made to reach both target arrival points of the two target arrival points. It may be notified that the generated value 34 could not be generated.
Further, when the operation confirmation support device 10 cannot generate the generated value 34 that reaches both of the two target arrival points and can generate the generated value 34 that reaches only one of the target arrival points, 2 It may be notified that the generated value 34 that reaches both target arrival points of one target arrival point could not be generated and that only one of the target arrival points can be reached.
***実施の形態の効果の説明***
 以上のように、本実施の形態では、担当者が被確認ソフトウェアの内部状態に関する仕様情報を参照せずとも、動作コード30に目標到達箇所(上記例では26行目)を指定するだけで、動作確認の目標となる特定の内部状態を検査条件31として入力できる。そして、動作確認支援装置10は、この検査条件31を用いて、目標到達箇所へ到達させる生成値34を生成することができる。
 よって、上記例では、内部状態を26行目で示される特定の状態へ遷移させる被確認ソフトウェアの動作確認、又はその特定の状態において被確認ソフトウェアにより制御される機器の動作確認に担当者が内部状態値を決定する作業が不要となる。したがって、動作確認に要する工数を削減することができる。 *** Explanation of the effect of the embodiment ***
As described above, in the present embodiment, the person in charge does not need to refer to the specification information regarding the internal state of the software to be confirmed, but simply specifies the target arrival point (line 26 in the above example) in the operation code 30. A specific internal state that is the target of operation confirmation can be input as the inspection condition 31. Then, the operation confirmation support device 10 can generate a generated value 34 to reach the target arrival point by using the inspection condition 31.
Therefore, in the above example, the person in charge internally checks the operation of the confirmed software that transitions the internal state to the specific state shown in the 26th line, or confirms the operation of the device controlled by the confirmed software in the specific state. The work of determining the state value becomes unnecessary. Therefore, the man-hours required for operation check can be reduced.
 また、検査条件変換部17が、検査条件31である「動作コード30の26行目」を基に、目標到達箇所変数(reach)を用いた目標到達条件式32(reach>0)を生成する。
 よって、解析部18の用いるSATソルバが解析可能な論理式を担当者が人手で作成する必要が無くなる。したがって、動作確認に要する工数の削減に加えて、数学的知識を持っていなくても担当者が動作確認することも可能となる。
 また、生成値34が生成できないことを通知することによって、担当者は、検査条件31として入力した目標到達箇所で示される状態への状態遷移が、被確認ソフトウェアにおいて起こりえない動作であることを確認することができる。
 したがって、被確認ソフトウェアの振舞いが仕様に従って実装されていない可能性を示すこともできる。 Further, the inspection condition conversion unit 17 generates a target arrival condition expression 32 (reach> 0) using the target arrival location variable (reach) based on the inspection condition 31 “26th line of the operation code 30”. ..
Therefore, it is not necessary for the person in charge to manually create a logical expression that can be analyzed by the SAT solver used by the analysis unit 18. Therefore, in addition to reducing the man-hours required for operation check, it is possible for the person in charge to check the operation even if he / she does not have mathematical knowledge.
In addition, by notifying that the generated value 34 cannot be generated, the person in charge informs that the state transition to the state indicated by the target arrival point input as the inspection condition 31 is an operation that cannot occur in the confirmed software. You can check.
Therefore, it is possible to indicate that the behavior of the confirmed software may not be implemented according to the specifications.
 一方、本実施の形態と比較して、特許文献1の手法では、担当者が被確認ソフトウェアの仕様情報を参照して、動作確認の目標とする内部状態を表す変数を抽出し、その変数が満たすべき内部状態値を設定する作業が必要である。さらに、この内部状態値をSATソルバが解析可能な論理式で記述する作業が発生するため、担当者は数学的知識が必要となる。 On the other hand, as compared with the present embodiment, in the method of Patent Document 1, the person in charge refers to the specification information of the software to be confirmed, extracts a variable representing the internal state targeted for operation confirmation, and the variable is It is necessary to set the internal state value to be satisfied. Furthermore, since the work of describing this internal state value in a logical expression that can be analyzed by the SAT solver is required, the person in charge needs mathematical knowledge.
 より効果を明確にするために、具体例として、特許文献1の手法を用いて、図4に示す動作コード30で生成される被確認ソフトウェアの内部状態をSLEEPモードへ遷移させる生成値34を作成した場合について説明する。
 まず、担当者は、被確認ソフトウェアの仕様情報を参照し、動作確認の目標とするSLEEPモードが、内部状態を表す動作モードにおける特定の状態であり、動作モードはモード変数modeの値により表されることを理解する必要がある。
 次に、担当者は、被確認ソフトウェアの仕様情報から、SLEEPモードを表すモード変数modeの値を決定する必要がある。
 さらに、このようにして決定したSLEEPモードを表すモード変数modeを、SATソルバが解析可能な論理式に変換する必要がある。
 図4の動作コード30は1つの関数mainを記述した1ファイルだけであるが、被確認ソフトウェアが大規模かつ複雑な場合は、動作確認の目標となる内部状態値は多く複雑であるため、動作確認の工数は大幅に増加する。 In order to clarify the effect, as a specific example, a generated value 34 for transitioning the internal state of the confirmed software generated by the operation code 30 shown in FIG. 4 to the SLEEP mode is created by using the method of Patent Document 1. This case will be described.
First, the person in charge refers to the specification information of the software to be confirmed, and the SLEEP mode, which is the target of the operation check, is a specific state in the operation mode representing the internal state, and the operation mode is represented by the value of the mode variable mode. You need to understand that.
Next, the person in charge needs to determine the value of the mode variable mode representing the SLEEP mode from the specification information of the software to be confirmed.
Further, it is necessary to convert the mode variable mode representing the SLEEP mode determined in this way into a logical expression that can be analyzed by the SAT solver.
The operation code 30 in FIG. 4 is only one file in which one function main is described, but when the software to be confirmed is large-scale and complicated, the internal state values targeted for operation confirmation are many and complicated, so the operation is performed. Confirmation man-hours will increase significantly.
***他の構成***
 <変形例1>
 実施の形態1では、プログラム情報取得部15は、動作コード30を取得する例を説明した。しかし、プログラム情報取得部15は、動作プログラムとしてノード又はブランチを含むAST(Abstract Syntax Tree)で作成されたASTプログラムを取得し、ASTプログラムのソースコードであるASTコードへと変換し、動作コード30としてASTコードを取得してもよい。
 変形例1では、担当者は、入出力装置14を介して検査条件取得部16に直接、目標到達箇所を示すノード又はブランチに関する情報を、目標到達箇所情報として入力する。また、目標到達箇所情報の入力方法は、これに限らず、入出力装置14を介してディスプレイに表示されたASTに含まれるノード又はブランチを視覚的に指定して入力する方法であってもよい。
 図3のステップS101においてASTコードが取得された場合、図3のステップS102において、検査条件取得部16は、目標到達箇所を示すノード又はブランチに関する情報を検査条件31として、入出力装置14を介して外部装置から取得してもよい。そして、図3のステップS104において、検査条件変換部17は、検査条件31に基づき動作コード30の中から目標到達箇所を示すノード又はブランチに対応するコードの行番号を抽出し、検査用コードの論理式33を生成してもよい。そして、図3のステップS105において、動作コード30の中の目標到達箇所を示すノード又はブランチに対応するコードの行番号へ到達したときに満たされる目標到達条件式32を生成してもよい。 *** Other configurations ***
<Modification example 1>
In the first embodiment, the program information acquisition unit 15 has described an example of acquiring the operation code 30. However, the program information acquisition unit 15 acquires the AST program created by AST (Abstract Syntax Tree) including the node or branch as the operation program, converts it into the AST code which is the source code of the AST program, and converts the operation code 30. You may get the AST code as.
In the first modification, the person in charge directly inputs the information regarding the node or branch indicating the target arrival location to the inspection condition acquisition unit 16 via the input / output device 14 as the target arrival location information. Further, the method of inputting the target arrival location information is not limited to this, and a method of visually designating and inputting the nodes or branches included in the AST displayed on the display via the input / output device 14 may be used. ..
When the AST code is acquired in step S101 of FIG. 3, in step S102 of FIG. 3, the inspection condition acquisition unit 16 sets the information about the node or branch indicating the target arrival location as the inspection condition 31 and uses the input / output device 14 as the inspection condition 31. It may be obtained from an external device. Then, in step S104 of FIG. 3, the inspection condition conversion unit 17 extracts the line number of the code corresponding to the node or branch indicating the target arrival point from the operation code 30 based on the inspection condition 31, and determines the inspection code. The formula 33 may be generated. Then, in step S105 of FIG. 3, the target arrival conditional expression 32 that is satisfied when the line number of the code corresponding to the node or branch indicating the target arrival location in the operation code 30 is reached may be generated.
 <変形例2>
 変形例2として、プログラム情報取得部15は、動作プログラムとしてノード又はエッジを含む状態遷移図で作成された状態遷移プログラムを取得し、状態遷移プログラムのソースコードである状態遷移コードへと変換し、動作コード30として状態遷移コードを取得してもよい。
 変形例2では、担当者は、入出力装置14を介して検査条件取得部16に直接、目標到達箇所を示すノード又はエッジに関する情報を、目標到達箇所情報として入力する。また、目標到達箇所情報の入力方法は、これに限らず、入出力装置14を介してディスプレイに表示された状態遷移図の中のノード又はエッジを視覚的に指定して入力する方法であってもよい。
 図3のステップS101において状態遷移コードが取得された場合、図3のステップS102において、検査条件取得部16は、目標到達箇所を示すノード又はエッジに関する情報を検査条件31として、入出力装置14を介して外部装置から取得してもよい。そして、図3のステップS104において、検査条件変換部17は、検査条件31に基づき動作コード30の中から目標到達箇所を示すノード又はエッジに対応するコードの行番号を抽出し、検査用コードの論理式33を生成してもよい。そして、図3のステップS105において、動作コード30の中の目標到達箇所を示すノード又はエッジに対応するコードの行番号へ到達したときに満たされる目標到達条件式32を生成してもよい。 <Modification 2>
As a modification 2, the program information acquisition unit 15 acquires a state transition program created in a state transition diagram including a node or an edge as an operation program, converts it into a state transition code which is a source code of the state transition program, and converts it into a state transition code. The state transition code may be acquired as the operation code 30.
In the second modification, the person in charge directly inputs the information regarding the node or edge indicating the target arrival location to the inspection condition acquisition unit 16 via the input / output device 14 as the target arrival location information. Further, the method of inputting the target arrival location information is not limited to this, and is a method of visually designating and inputting a node or an edge in the state transition diagram displayed on the display via the input / output device 14. May be good.
When the state transition code is acquired in step S101 of FIG. 3, in step S102 of FIG. 3, the inspection condition acquisition unit 16 sets the input / output device 14 as the inspection condition 31 with the information regarding the node or edge indicating the target arrival point as the inspection condition 31. It may be obtained from an external device via. Then, in step S104 of FIG. 3, the inspection condition conversion unit 17 extracts the line number of the code corresponding to the node or edge indicating the target arrival point from the operation code 30 based on the inspection condition 31, and determines the inspection code. The formula 33 may be generated. Then, in step S105 of FIG. 3, the target arrival conditional expression 32 that is satisfied when the line number of the code corresponding to the node or edge indicating the target arrival location in the operation code 30 is reached may be generated.
 実施の形態2.
 本実施の形態について、図8から図11を用いて説明する。
 本実施の形態では、検査条件31に複数の目標到達箇所とそれら複数の目標到達箇所の到達順序とが含まれる例を説明する。
 本実施の形態では、主に実施の形態1との差異を説明する。
 なお、以下で説明していない事項は、実施の形態1と同様である。 Embodiment 2.
The present embodiment will be described with reference to FIGS. 8 to 11.
In the present embodiment, an example will be described in which the inspection condition 31 includes a plurality of target arrival points and the arrival order of the plurality of target arrival points.
In this embodiment, the difference from the first embodiment will be mainly described.
The matters not explained below are the same as those in the first embodiment.
***構成の説明***
 本実施の形態に係る動作確認支援装置10のハードウェア構成は、図1に示した実施の形態1の構成と同一であるため、その説明を省略する。
 本実施の形態に係る検査条件変換部17は、実施の形態1と同様に目標到達条件式32と検査用コードとを生成した後、検査用コードと検査条件31とを基に、条件付き検査用コードを生成する。
 そして、検査条件変換部17は、条件付き検査用コードを解析部18のSATソルバが解析可能な論理式に変換して条件付き検査用コードの論理式を生成する。
 したがって、検査条件変換部17の出力は、目標到達条件式32と条件付き検査用コードの論理式となる。 *** Explanation of configuration ***
Since the hardware configuration of the operation confirmation support device 10 according to the present embodiment is the same as the configuration of the first embodiment shown in FIG. 1, the description thereof will be omitted.
The inspection condition conversion unit 17 according to the present embodiment generates the target achievement condition formula 32 and the inspection code as in the first embodiment, and then performs a conditional inspection based on the inspection code and the inspection condition 31. Generate code for.
Then, the inspection condition conversion unit 17 converts the conditional inspection code into a logical expression that can be analyzed by the SAT solver of the analysis unit 18 to generate a logical expression of the conditional inspection code.
Therefore, the output of the inspection condition conversion unit 17 becomes a logical expression of the target achievement condition expression 32 and the conditional inspection code.
***動作の説明***
 まず、図8のフローチャートを参照して、本実施の形態に係る動作確認支援装置10の処理動作の例を説明する。なお、実施の形態1と同一の動作には同一番号を付してその説明を省略する。
 ステップS101が完了した後、ステップS202において、検査条件取得部16は、検査条件31として、動作コード30の目標到達箇所情報を、入出力装置14を介して外部装置から取得する。そして、処理はステップS203へ進む。
 検査条件取得部16が取得した検査条件31には、複数の目標到達箇所とそれら複数の目標到達箇所の到達順序(以下、目標到達順序という)とが含まれる。 *** Explanation of operation ***
First, an example of the processing operation of the operation confirmation support device 10 according to the present embodiment will be described with reference to the flowchart of FIG. The same operations as those in the first embodiment are designated by the same numbers, and the description thereof will be omitted.
After the completion of step S101, in step S202, the inspection condition acquisition unit 16 acquires the target arrival location information of the operation code 30 from the external device via the input / output device 14 as the inspection condition 31. Then, the process proceeds to step S203.
The inspection condition 31 acquired by the inspection condition acquisition unit 16 includes a plurality of target arrival points and an order of arrival of the plurality of target arrival points (hereinafter, referred to as a target arrival order).
 次に、ステップS203において、検査条件変換部17は、ステップS202の処理において検査条件取得部16が取得した検査条件31を基に、検査条件31に含まれる複数の目標到達箇所と同数の複数の目標到達箇所変数を定義する。そして、処理はステップS204へ進む。 Next, in step S203, the inspection condition conversion unit 17 has the same number of plurality of target arrival points included in the inspection condition 31 based on the inspection condition 31 acquired by the inspection condition acquisition unit 16 in the process of step S202. Define the target reach variable. Then, the process proceeds to step S204.
 次に、ステップS204において、検査条件変換部17は、ステップS202の処理において検査条件取得部16が取得した検査条件31を基に、複数の目標到達箇所変数を用いた到達判定に用いるコードを動作コード30に追加した検査用コードを生成する。そして、処理はステップS205へ進む。
 動作コード30には、複数の目標到達箇所の各々の行へ到達時に必ず実行される行に、複数の目標到達箇所変数を用いた到達判定に用いるコードが追加される。つまり、検査用コードは、動作コード30に、複数の目標到達箇所の各々の行の前後の行のうちどちらか一方に、各々の目標到達箇所変数の演算式で示される到達判定に用いるコードを挿入したものとなる。 Next, in step S204, the inspection condition conversion unit 17 operates a code used for arrival determination using a plurality of target arrival location variables based on the inspection condition 31 acquired by the inspection condition acquisition unit 16 in the process of step S202. Generate the inspection code added to the code 30. Then, the process proceeds to step S205.
In the operation code 30, a code used for arrival determination using a plurality of target arrival point variables is added to a line that is always executed when each line of a plurality of target arrival points is reached. That is, the inspection code includes the code used for the arrival determination indicated by the calculation formula of each target arrival point variable in one of the lines before and after each line of the plurality of target arrival points in the operation code 30. It will be the one that was inserted.
 次に、ステップS205において、検査条件変換部17は、ステップS202の処理において検査条件取得部16が取得した検査条件31を基に、ステップS203の処理において定義した複数の目標到達箇所変数を用いて目標到達順序条件式を生成する。そして、処理はステップS206へ進む。
 目標到達順序条件式は、目標到達順序の通りに複数の目標到達箇所の各々へ到達して、到達判定に用いるコードが実行された場合の目標到達箇所変数が満たす条件を、目標到達箇所変数又は目標到達箇所変数の否定を用いた論理積で記述した式である。なお、目標到達順序条件式の数は、複数の目標到達箇所の数と同数である。 Next, in step S205, the inspection condition conversion unit 17 uses a plurality of target arrival point variables defined in the process of step S203 based on the inspection condition 31 acquired by the inspection condition acquisition unit 16 in the process of step S202. Generate a target arrival order conditional expression. Then, the process proceeds to step S206.
The target arrival order conditional expression is a target arrival point variable or a condition that the target arrival point variable satisfies when the code used for the arrival determination is executed by reaching each of a plurality of target arrival points according to the target arrival order. It is an expression described by logical product using the denial of the target arrival point variable. The number of target arrival order conditional expressions is the same as the number of a plurality of target arrival points.
 次に、ステップS206において、検査条件変換部17は、検査用コードに目標到達順序条件式を追加した条件付き検査用コードを生成する。そして、検査条件変換部17は、条件付き検査用コードを解析部18のSATソルバが解析可能な論理式に変換して条件付き検査用コードの論理式を生成する。そして、処理はステップS207へ進む。
 検査条件変換部17が生成する条件付き検査用コードは、検査用コードの中の目標到達箇所変数の演算式で示される到達判定に用いるコードを挿入した各々行の後の行に、各々の目標到達順序条件式を挿入したものとなる。 Next, in step S206, the inspection condition conversion unit 17 generates a conditional inspection code in which the target arrival order conditional expression is added to the inspection code. Then, the inspection condition conversion unit 17 converts the conditional inspection code into a logical expression that can be analyzed by the SAT solver of the analysis unit 18 to generate a logical expression of the conditional inspection code. Then, the process proceeds to step S207.
The conditional inspection code generated by the inspection condition conversion unit 17 is a target in the line after each line in which the code used for the arrival determination indicated by the calculation formula of the target arrival point variable in the inspection code is inserted. The arrival order conditional expression is inserted.
 次に、ステップS207において、検査条件変換部17は、ステップS205の処理において生成した目標到達順序条件式を用いて目標到達条件式32を生成する。そして、処理はステップS208へ進む。
 検査条件変換部17が生成する目標到達条件式32は、条件付き検査用コードにおける目標到達箇所を目標到達順序の通りに到達し、全ての目標到達順序条件式が真となることを検査するための条件式である。そのため、目標到達条件式32は、目標到達順序条件式の論理積により構成される。
 なお、ステップS207の処理とステップS206の処理とは依存関係がないため、被確認ソフトウェアは実行順序を入れ替えて実行したり並行して実行したりしてもよい。 Next, in step S207, the inspection condition conversion unit 17 generates the target arrival condition expression 32 using the target arrival order conditional expression generated in the process of step S205. Then, the process proceeds to step S208.
The target achievement condition expression 32 generated by the inspection condition conversion unit 17 is for inspecting that the target arrival points in the conditional inspection code are reached according to the target arrival order and all the target arrival order conditional expressions are true. It is a conditional expression of. Therefore, the target arrival condition expression 32 is composed of the logical product of the target arrival order conditional expression.
Since there is no dependency between the process of step S207 and the process of step S206, the software to be confirmed may be executed by changing the execution order or in parallel.
 次に、ステップS208において、解析部18は、SATソルバを用いて条件付き検査用コードの論理式と目標到達条件式32との論理積を解くことで、目標到達箇所へ到達させる入力値を探索する。
 論理積の解である入力値が存在する場合、解析部18は、目標到達箇所へ到達させる入力値として生成値34を生成する。そして、処理はステップS107へ進む。
 一方、論理積の解である入力値が存在しない場合、解析部18は、生成値34を生成せず、生成値34を生成できなかったことを入力値出力部19に通知する。そして、処理はステップS108へ進む。
 ステップS107及びステップS108は、上述の通りであるため、説明を省略する。 Next, in step S208, the analysis unit 18 searches for an input value to reach the target arrival point by solving the logical product of the logical expression of the conditional inspection code and the target arrival condition expression 32 using the SAT solver. do.
When there is an input value that is a solution of the logical product, the analysis unit 18 generates a generated value 34 as an input value for reaching the target arrival point. Then, the process proceeds to step S107.
On the other hand, when the input value which is the solution of the logical product does not exist, the analysis unit 18 does not generate the generated value 34 and notifies the input value output unit 19 that the generated value 34 could not be generated. Then, the process proceeds to step S108.
Since steps S107 and S108 are as described above, description thereof will be omitted.
 図9に示す動作コード30の具体例を用いて、本実施の形態における動作確認支援装置10のより詳細な動作例を説明する。
 具体的には、以下の例では、担当者が「STARTモードから開始して、RUNモード、STOPモード、SLEEPモード、ReSTARTモード、ENDモードの順序で動作モードが遷移する」という動作確認を行う。
 この動作確認のため、担当者が動作コード30に5つの目標到達箇所と目標到達順序とを検査条件31として指定して入力することによって、動作確認支援装置10が5つの目標到達箇所へ目標到達順序の通りに到達させる生成値34を生成する例を説明する。
 図9の左端の円は目標到達箇所を示す。また、図9の左端の円内に記述された1から5までの数字は目標到達順序を示す。
 つまり、図9の例では、動作コード30に5つの目標到達箇所が指定されていることを示す。また、目標到達順序は、目標到達箇所1(10行目)、目標到達箇所2(21行目)、目標到達箇所3(33行目)、目標到達箇所4(56行目)、目標到達箇所5(79行目)の順であることを示す。 A more detailed operation example of the operation confirmation support device 10 according to the present embodiment will be described with reference to a specific example of the operation code 30 shown in FIG.
Specifically, in the following example, the person in charge confirms the operation that "starting from the START mode, the operation mode changes in the order of the RUN mode, the STOP mode, the SLEEP mode, the ReSTART mode, and the END mode".
In order to confirm this operation, the person in charge specifies and inputs five target arrival points and the target arrival order in the operation code 30 as inspection conditions 31, so that the operation confirmation support device 10 reaches the five target arrival points. An example of generating the generated value 34 to be reached in order will be described.
The leftmost circle in FIG. 9 indicates the target arrival point. Further, the numbers 1 to 5 described in the leftmost circle of FIG. 9 indicate the target arrival order.
That is, in the example of FIG. 9, it is shown that five target arrival points are designated in the operation code 30. The target arrival order is as follows: target arrival point 1 (10th line), target arrival point 2 (21st line), target arrival point 3 (33rd line), target arrival point 4 (56th line), target arrival point. It shows that the order is 5 (79th line).
 図8のステップS101において、プログラム情報取得部15は、図9に示す動作コード30を取得する。そして、処理はステップS202へ進む。
 なお、本例では動作コード30は1つの関数mainを記述した1ファイルだけだが、これに限らず、複数の関数又は複数のファイルの集合であってもよい。 In step S101 of FIG. 8, the program information acquisition unit 15 acquires the operation code 30 shown in FIG. Then, the process proceeds to step S202.
In this example, the operation code 30 is only one file in which one function main is described, but the operation code 30 is not limited to this, and may be a plurality of functions or a set of a plurality of files.
 図8のステップS202において、検査条件取得部16は、動作コード30における目標到達箇所情報を検査条件31として取得する。そして、処理はステップS203へ進む。
 検査条件取得部16が取得した検査条件31には、複数の目標到達箇所と複数の目標到達箇所の到達順序である目標到達順序とが含まれる。
 本例の動作確認の目標は、以下の(1)から(6)で示される。
(1)被確認ソフトウェアの内部状態である動作モードがRUNモードに遷移する。
(2)動作モードがSTOPモードに遷移する。
(3)動作モードがSLEEPモードに遷移する。
(4)動作モードがReSTARTモードに遷移する。
(5)動作モードがENDモードに遷移する。
(6)動作モードが、STARTモードから開始して、RUNモード、STOPモード、SLEEPモード、ReSTARTモード、ENDモードの順序で遷移する。
 そのため、検査条件31となる複数の目標到達箇所は、(1)から(5)の各々の被確認ソフトウェアの内部状態の遷移に相当する、動作コード30の10行目、21行目、33行目、56行目、79行目となる。
 また、検査条件31となる目標到達順序は、(6)の被確認ソフトウェアの内部状態の遷移順序に相当する、動作コード30の10行目から順に、21行目、33行目、56行目、79行目となる。
 したがって、本例では、担当者は、入出力装置14を介して検査条件取得部16に直接、「動作コード30の10行目、21行目、33行目、56行目、79行目」という複数の目標到達箇所を示す情報を、目標到達箇所情報として入力する。また、担当者は、「最初に10行目、続いて21行目、33行目、56行目、79行目の順」という目標到達順序を示す情報を、目標到達箇所情報として入力する。
 ただし、目標到達箇所情報の入力方法はこれに限らず、図9で示すように、入出力装置14を介してディスプレイに表示された動作コード30に直接、複数の目標到達箇所と目標到達順序とを視覚的にマーキングする等、動作コード30の中の特定箇所と順序とを指定して入力する方法であればよい。 In step S202 of FIG. 8, the inspection condition acquisition unit 16 acquires the target arrival location information in the operation code 30 as the inspection condition 31. Then, the process proceeds to step S203.
The inspection condition 31 acquired by the inspection condition acquisition unit 16 includes a plurality of target arrival points and a target arrival order which is an arrival order of the plurality of target arrival points.
The goals of the operation check of this example are shown in (1) to (6) below.
(1) The operation mode, which is the internal state of the software to be confirmed, shifts to the RUN mode.
(2) The operation mode shifts to the STOP mode.
(3) The operation mode shifts to the SLEEP mode.
(4) The operation mode shifts to the Reset mode.
(5) The operation mode shifts to the END mode.
(6) The operation mode starts from the START mode and changes in the order of the RUN mode, the STOP mode, the SLEEP mode, the ReSTART mode, and the END mode.
Therefore, the plurality of target arrival points that satisfy the inspection condition 31 correspond to the transition of the internal state of the confirmed software in each of (1) to (5), that is, the 10th line, the 21st line, and the 33rd line of the operation code 30. The eyes, the 56th line, and the 79th line.
The target arrival order, which is the inspection condition 31, is the 21st line, the 33rd line, and the 56th line in order from the 10th line of the operation code 30, which corresponds to the transition order of the internal state of the confirmed software in (6). , 79th line.
Therefore, in this example, the person in charge directly informs the inspection condition acquisition unit 16 via the input / output device 14 “10th line, 21st line, 33rd line, 56th line, 79th line of the operation code 30”. Information indicating a plurality of target arrival points is input as target arrival point information. In addition, the person in charge inputs information indicating the target arrival order of "first the 10th line, then the 21st line, the 33rd line, the 56th line, and the 79th line" as the target arrival location information.
However, the method of inputting the target arrival point information is not limited to this, and as shown in FIG. 9, a plurality of target arrival points and the target arrival order are directly displayed on the operation code 30 displayed on the display via the input / output device 14. Any method may be used as long as it is a method of designating and inputting a specific place and an order in the operation code 30, such as visually marking.
 図8のステップS203において、検査条件変換部17は、「動作コード30の10行目、21行目、33行目、56行目、79行目」という検査条件31を基に、これら5つの目標到達箇所に対応する5つの目標到達箇所変数を定義する。具体的には、検査条件変換部17は、目標到達箇所変数としてreach1、reach2、reach3、reach4、reach5を定義する。そして、処理はステップS204へ進む。 In step S203 of FIG. 8, the inspection condition conversion unit 17 is based on the inspection condition 31 of "10th line, 21st line, 33rd line, 56th line, 79th line of the operation code 30", and these five Define five target arrival point variables corresponding to the target arrival point. Specifically, the inspection condition conversion unit 17 defines reach1, reach2, reach3, reach4, and reach5 as target arrival location variables. Then, the process proceeds to step S204.
 図8のステップS204において、検査条件変換部17は、目標到達箇所が「動作コード30の10行目、21行目、33行目、56行目、79行目」という検査条件31を基に、各々の目標到達箇所変数の演算式で示される到達判定に用いるコードを動作コード30に挿入することで検査用コードを生成する。
 具体的には、検査条件変換部17は、11行目に「reach1++;」、22行目に「reach2++;」、34行目に「reach3++;」、57行目に「reach4++;」、80行目に「reach5++;」を動作コード30挿入して検査用コードを生成する。そして、処理はステップS205へ進む。 In step S204 of FIG. 8, the inspection condition conversion unit 17 is based on the inspection condition 31 that the target arrival location is "10th line, 21st line, 33rd line, 56th line, 79th line of the operation code 30". , The inspection code is generated by inserting the code used for the arrival determination indicated by the calculation formula of each target arrival point variable into the operation code 30.
Specifically, the inspection condition conversion unit 17 has "reach1 ++;" on the 11th line, "reach2 ++;" on the 22nd line, "reach3 ++;" on the 34th line, "reach4 ++;" on the 57th line, and 80th line. An operation code 30 is inserted into the eye to generate an inspection code. Then, the process proceeds to step S205.
 図8のステップS205において、検査条件変換部17は、検査条件31として取得した目標到達順序に基づき、図10で示すような5つの目標到達順序条件式を定義する。具体的には、検査条件変換部17は、目標到達順序条件式として、condition1、condition2、condition3、condition4、condition5を定義する。そして、処理はステップS206へ進む。
 本例の目標到達順序条件式は、動作コード30の5つの目標到達箇所を目標到達順序の通りに到達して、到達判定に用いるコードが実行された場合の5つの目標到達箇所変数が満たす条件を記述した式である。また、目標到達順序条件式は、目標到達箇所変数又は目標到達箇所変数の否定を用いた論理積で記述した式である。 In step S205 of FIG. 8, the inspection condition conversion unit 17 defines five target arrival order conditional expressions as shown in FIG. 10 based on the target arrival order acquired as the inspection condition 31. Specifically, the inspection condition conversion unit 17 defines condition1, condition2, condition3, condition4, and condition5 as the target arrival order conditional expression. Then, the process proceeds to step S206.
The target arrival order conditional expression of this example is a condition satisfied by the five target arrival point variables when the five target arrival points of the operation code 30 are reached according to the target arrival order and the code used for the arrival determination is executed. Is an expression that describes. Further, the target arrival order conditional expression is an expression described by a logical product using the target arrival point variable or the negation of the target arrival point variable.
 図8のステップS206において、検査条件変換部17は、図11に示すように、検査用コードに目標到達順序条件式を追加した条件付き検査用コードを生成する。
 具体的には、検査条件変換部17は、12行目にcondition1、25行目にcondition2、39行目にcondition3、64行目にcondition4、89行目にcondition5を挿入し、条件付き検査用コードを生成する。さらに、検査条件変換部17は、条件付き検査用コードを解析部18のSATソルバが解析可能な論理式に変換して条件付き検査用コードの論理式を生成する。そして、処理はステップS207へ進む。 In step S206 of FIG. 8, as shown in FIG. 11, the inspection condition conversion unit 17 generates a conditional inspection code in which the target arrival order conditional expression is added to the inspection code.
Specifically, the inspection condition conversion unit 17 inserts condition1 on the 12th line, condition2 on the 25th line, condition3 on the 39th line, condition4 on the 64th line, and condition5 on the 89th line, and the conditional inspection code. To generate. Further, the inspection condition conversion unit 17 converts the conditional inspection code into a logical expression that can be analyzed by the SAT solver of the analysis unit 18 to generate a logical expression of the conditional inspection code. Then, the process proceeds to step S207.
 図8のステップS207において、検査条件変換部17は、目標到達順序条件式を用いて条件付き検査用コードにおける5つの目標到達箇所へ目標到達順序の通りに到達したときに満たされる条件を示す、目標到達条件式32を生成する。そして、処理はステップS208へ進む。
 図10で示すように、本例の目標到達条件式32は、condition1 && condition2 && condtion3 && condtion4 && condtion5である。 In step S207 of FIG. 8, the inspection condition conversion unit 17 indicates a condition to be satisfied when the five target arrival points in the conditional inspection code are reached according to the target arrival order by using the target arrival order conditional expression. The target achievement conditional expression 32 is generated. Then, the process proceeds to step S208.
As shown in FIG. 10, the target achievement condition expression 32 of this example is condition1 && condition2 && condition3 && condition4 && condition5.
 図8のステップS208において、解析部18は、SATソルバを用いて条件付き検査用コードの論理式と目標到達条件式32との論理積を解くことで、目標到達順序通りに5つの目標到達箇所へ到達させる入力値を探索する。そして、解析部18は、目標到達順序通りに5つの目標到達箇所へ到達させる入力値として、生成値34を生成する。
 なお、本実施の形態では、生成される生成値34は、1周期分のみとは限らず、複数周期分の入力値列として生成されてもよい。
 本例では、条件付き検査用コードの論理式と目標到達条件式32との論理積を真にする解である目標到達順序通りに5つの目標到達箇所へ到達させる入力値が存在する。したがって、目標到達順序通りに5つの目標到達箇所へ到達させる入力値として生成値34が生成される。そして、処理はステップS107へ進む。 In step S208 of FIG. 8, the analysis unit 18 solves the logical product of the logical expression of the conditional inspection code and the target arrival condition expression 32 by using the SAT solver, so that the five target arrival points are arranged in the target arrival order. Search for the input value to reach. Then, the analysis unit 18 generates a generated value 34 as an input value for reaching the five target arrival points in the target arrival order.
In the present embodiment, the generated value 34 to be generated is not limited to one cycle, and may be generated as an input value string for a plurality of cycles.
In this example, there are input values for reaching five target arrival points in the target arrival order, which is a solution that makes the logical product of the logical expression of the conditional inspection code and the target achievement condition expression 32 true. Therefore, the generated value 34 is generated as an input value for reaching the five target arrival points in the target arrival order. Then, the process proceeds to step S107.
 図8のステップS107において、入力値出力部19は、ステップS208の処理で生成された生成値34を出力する。 In step S107 of FIG. 8, the input value output unit 19 outputs the generated value 34 generated in the process of step S208.
 以上のように生成された生成値34を各々の周期で被確認ソフトウェアへ入力して実行することで、被確認ソフトウェアの実行処理が目標到達箇所へ目標到達順序の通りに到達させることができる。具体的には、被確認ソフトウェアの実行処理は、「動作コード30の10行目、21行目、33行目、56行目、79行目」へ、最初に10行目、続いて21行目、33行目、56行目、79行目の順の通りに到達することができる。
 その結果、「STARTモードから開始して、RUNモード、STOPモード、SLEEPモード、ReSTARTモード、ENDモードの順序で動作モードが遷移する」という動作確認が可能となる。 By inputting the generated value 34 generated as described above into the confirmed software at each cycle and executing the execution, the execution process of the confirmed software can reach the target arrival point in the target arrival order. Specifically, the execution process of the confirmed software goes to "10th line, 21st line, 33rd line, 56th line, 79th line of the operation code 30", first the 10th line, and then 21 lines. The eyes, the 33rd line, the 56th line, and the 79th line can be reached in this order.
As a result, it is possible to confirm the operation that "starting from the START mode, the operation modes are changed in the order of the RUN mode, the STOP mode, the SLEEP mode, the ReSTART mode, and the END mode".
***実施の形態の効果の説明***
 以上のように、本実施の形態では、担当者が被確認ソフトウェアの内部状態に関する仕様情報を参照せずに、動作コード30の中の複数の目標到達箇所と、それら複数の目標到達箇所の目標到達順序とを指定して入力する。そして、担当者がこのように指定するだけで、動作確認の目標となる複数の内部状態とそれらの遷移順序を検査条件31として入力することができる。そして、動作確認支援装置10は、この検査条件31を用いて、取得された遷移順序の通りに複数の内部状態を遷移させる入力値として生成値34を生成することができる。
 よって、上記例では、内部状態を複数の状態(10行目、21行目、33行目、56行目、79行目)へ特定の順序(最初に10行目、続いて21行目、33行目、56行目、79行目の順)で遷移させる動作確認において、内部状態値を決定する作業が不要となる。したがって、動作確認に要する工数を削減することができる。 *** Explanation of the effect of the embodiment ***
As described above, in the present embodiment, the person in charge does not refer to the specification information regarding the internal state of the software to be confirmed, the plurality of target arrival points in the operation code 30, and the targets of the plurality of target arrival points. Enter by specifying the arrival order. Then, only by the person in charge specifying in this way, it is possible to input a plurality of internal states that are targets for operation confirmation and their transition order as the inspection condition 31. Then, the operation confirmation support device 10 can generate the generated value 34 as an input value for transitioning a plurality of internal states according to the acquired transition order by using the inspection condition 31.
Therefore, in the above example, the internal states are changed to a plurality of states (10th line, 21st line, 33rd line, 56th line, 79th line) in a specific order (first 10th line, then 21st line, and so on. In the operation check of transitioning in the order of the 33rd line, the 56th line, and the 79th line), the work of determining the internal state value becomes unnecessary. Therefore, the man-hours required for operation check can be reduced.
 また、検査条件変換部17が、検査条件31を基に目標到達条件式32を生成する。
 よって、解析部18の用いるSATソルバが解析可能な論理式を担当者が人手で作成する必要が無くなる。したがって、動作確認に要する工数の削減に加えて、数学的知識を持っていなくても担当者が動作確認することも可能となる。 Further, the inspection condition conversion unit 17 generates the target achievement condition expression 32 based on the inspection condition 31.
Therefore, it is not necessary for the person in charge to manually create a logical expression that can be analyzed by the SAT solver used by the analysis unit 18. Therefore, in addition to reducing the man-hours required for operation check, it is possible for the person in charge to check the operation even if he / she does not have mathematical knowledge.
***他の構成***
 <変形例1>
 実施の形態2では、プログラム情報取得部15は、動作コード30を取得する例を説明した。しかし、プログラム情報取得部15は、動作プログラムとしてノード又はブランチを含むASTで作成されたASTプログラムを取得し、ASTプログラムのソースコードであるASTコードへと変換し、動作コード30としてASTコードを取得してもよい。
 変形例1では、担当者は、入出力装置14を介して検査条件取得部16に直接、複数の目標到達箇所を示す、ノード、ブランチ、又はノードとブランチとの組み合わせに関する情報を、目標到達箇所情報として入力する。また、担当者は、入出力装置14を介して検査条件取得部16に直接、ノード又はブランチで示される複数の目標到達箇所の目標到達順序を、目標到達箇所情報として入力する。
 なお、目標到達箇所情報の入力方法は、これに限らず、入出力装置14を介してディスプレイに表示されたASTに含まれるノード又はブランチを視覚的に指定して入力する方法であってもよい。また、目標到達箇所情報の入力方法は、入出力装置14により表示されたASTに含まれるノード又はブランチを順に指定して目標到達順序を入力する方法であってもよい。
 図8のステップS101においてASTコードが取得された場合、図8のステップS202において、検査条件取得部16は、目標到達箇所を示す、ノード、ブランチ、又はノードとブランチとの組み合わせに関する情報を検査条件31として、入出力装置14を介して外部装置から取得してもよい。そして、図8のステップS204において、検査条件変換部17は、検査条件31に基づき動作コード30の中から目標到達箇所を示すノード又はブランチに対応するコードの行番号を抽出し、検査用コードを生成してもよい。そして、図8のステップS205において、検査条件変換部17は、検査条件31に基づき複数の目標到達箇所を示すノード又はブランチに対応する各々のコードの行番号へ到達する目標到達順序を抽出し、目標到達順序条件式を生成してもよい。そして、図8のステップS207において、動作コード30の中の複数の目標到達箇所を示すノード又はブランチに対応するコードの行番号へ、目標到達順序の通りに到達したときに満たされる目標到達条件式32を生成してもよい。 *** Other configurations ***
<Modification example 1>
In the second embodiment, the program information acquisition unit 15 has described an example of acquiring the operation code 30. However, the program information acquisition unit 15 acquires the AST program created by AST including the node or branch as the operation program, converts it into the AST code which is the source code of the AST program, and acquires the AST code as the operation code 30. You may.
In the first modification, the person in charge directly informs the inspection condition acquisition unit 16 via the input / output device 14 the information regarding the node, the branch, or the combination of the node and the branch, which indicates the plurality of target arrival points. Enter as information. Further, the person in charge directly inputs the target arrival order of the plurality of target arrival points indicated by the nodes or branches into the inspection condition acquisition unit 16 via the input / output device 14 as the target arrival point information.
The method of inputting the target arrival location information is not limited to this, and may be a method of visually designating and inputting the nodes or branches included in the AST displayed on the display via the input / output device 14. .. Further, the method of inputting the target arrival location information may be a method of inputting the target arrival order by designating the nodes or branches included in the AST displayed by the input / output device 14 in order.
When the AST code is acquired in step S101 of FIG. 8, in step S202 of FIG. 8, the inspection condition acquisition unit 16 inspects the node, the branch, or the information regarding the combination of the node and the branch indicating the target arrival point. As the number 31, it may be acquired from an external device via the input / output device 14. Then, in step S204 of FIG. 8, the inspection condition conversion unit 17 extracts the line number of the code corresponding to the node or branch indicating the target arrival point from the operation code 30 based on the inspection condition 31, and inputs the inspection code. It may be generated. Then, in step S205 of FIG. 8, the inspection condition conversion unit 17 extracts the target arrival order of reaching the line number of each code corresponding to the node or branch indicating the plurality of target arrival points based on the inspection condition 31. A target arrival order conditional expression may be generated. Then, in step S207 of FIG. 8, the target arrival condition expression that is satisfied when the line numbers of the codes corresponding to the nodes or branches indicating the plurality of target arrival points in the operation code 30 are reached in the order of the target arrival order. 32 may be generated.
 <変形例2>
 変形例2として、プログラム情報取得部15は、動作プログラムとしてノード又はエッジを含む状態遷移図で作成された状態遷移プログラムを取得し、状態遷移プログラムのソースコードである状態遷移コードへと変換し、動作コード30として状態遷移コードを取得してもよい。
 変形例2では、担当者は、入出力装置14を介して検査条件取得部16に直接、複数の目標到達箇所を示す、ノード、エッジ、又はノードとエッジとの組み合わせに関する情報を、目標到達箇所情報として入力する。また、担当者は、入出力装置14を介して検査条件取得部16に直接、ノード又はエッジで示される複数の目標到達箇所の目標到達順序を、目標到達箇所情報として入力する。
 なお、目標到達箇所情報の入力方法は、これに限らず、入出力装置14を介してディスプレイに表示された状態遷移図に含まれるノード又はエッジを視覚的に指定して入力する方法であってもよい。また、目標到達箇所情報の入力方法は、入出力装置14により表示された状態遷移図に含まれるノード又はエッジを順に指定して目標到達順序を入力する方法であってもよい。
 図8のステップS101において状態遷移コードが取得された場合、図8のステップS202において、検査条件取得部16は、目標到達箇所を示す、ノード、エッジ、又はノードとエッジとの組み合わせに関する情報を検査条件31として、入出力装置14を介して外部装置から取得してもよい。そして、図8のステップS204において、検査条件変換部17は、検査条件31に基づき動作コード30の中から目標到達箇所を示すノード又はエッジに対応するコードの行番号を抽出し、検査用コードを生成してもよい。そして、図8のステップS205において、検査条件変換部17は、検査条件31に基づき複数の目標到達箇所を示すノード又はエッジに対応する各々のコードの行番号へ到達する目標到達順序を抽出し、目標到達順序条件式を生成してもよい。そして、図8のステップS207において、動作コード30の中の複数の目標到達箇所を示すノード又はエッジに対応するコードの行番号へ、目標到達順序の通りに到達したときに満たされる目標到達条件式32を生成してもよい。 <Modification 2>
As a modification 2, the program information acquisition unit 15 acquires a state transition program created in a state transition diagram including a node or an edge as an operation program, converts it into a state transition code which is a source code of the state transition program, and converts it into a state transition code. The state transition code may be acquired as the operation code 30.
In the second modification, the person in charge directly informs the inspection condition acquisition unit 16 via the input / output device 14 the information regarding the node, the edge, or the combination of the node and the edge, which indicates the plurality of target arrival points. Enter as information. Further, the person in charge directly inputs the target arrival order of the plurality of target arrival points indicated by the nodes or edges to the inspection condition acquisition unit 16 via the input / output device 14 as the target arrival point information.
The method of inputting the target arrival location information is not limited to this, and is a method of visually designating and inputting the nodes or edges included in the state transition diagram displayed on the display via the input / output device 14. May be good. Further, the method of inputting the target arrival location information may be a method of inputting the target arrival order by designating the nodes or edges included in the state transition diagram displayed by the input / output device 14 in order.
When the state transition code is acquired in step S101 of FIG. 8, in step S202 of FIG. 8, the inspection condition acquisition unit 16 inspects the node, the edge, or the information regarding the combination of the node and the edge indicating the target arrival point. As condition 31, it may be acquired from an external device via the input / output device 14. Then, in step S204 of FIG. 8, the inspection condition conversion unit 17 extracts the line number of the code corresponding to the node or edge indicating the target arrival point from the operation code 30 based on the inspection condition 31, and obtains the inspection code. It may be generated. Then, in step S205 of FIG. 8, the inspection condition conversion unit 17 extracts the target arrival order of reaching the line numbers of the respective codes corresponding to the nodes or edges indicating the plurality of target arrival points based on the inspection condition 31. A target arrival order conditional expression may be generated. Then, in step S207 of FIG. 8, the target arrival condition expression that is satisfied when the line numbers of the codes corresponding to the nodes or edges indicating the plurality of target arrival points in the operation code 30 are reached in the order of the target arrival order. 32 may be generated.
 実施の形態3.
 本実施の形態について、図12から図14を用いて説明する。
 本実施の形態では、被確認ソフトウェアの実行処理が目標到達箇所へ到達し、かつ、被確認ソフトウェアから出力される出力値が特定の値となるような入力値である生成値34を、動作確認支援装置10が生成する例を説明する。
 本実施の形態では、主に実施の形態1との差異を説明する。
 なお、以下で説明していない事項は、実施の形態1と同様である。 Embodiment 3.
The present embodiment will be described with reference to FIGS. 12 to 14.
In the present embodiment, the operation of the generated value 34, which is an input value such that the execution process of the confirmed software reaches the target arrival point and the output value output from the confirmed software becomes a specific value, is confirmed. An example generated by the support device 10 will be described.
In this embodiment, the difference from the first embodiment will be mainly described.
The matters not explained below are the same as those in the first embodiment.
***構成の説明***
 図12を参照して、本実施の形態に係る動作確認支援装置10の機能構成を説明する。なお、図2に示した実施の形態1と同一構成部分には同一番号を付してその説明を省略する。
 本実施の形態では、動作確認支援装置10は、新たに入出力条件取得部20を備える。
 入出力条件取得部20は、入出力条件35として、プログラム情報取得部15が取得した動作コード30に含まれる入力変数で示される入力値及び出力変数で示される出力値の少なくともいずれか一方に関する条件を、入出力装置14を介して外部装置から取得する。
 入出力条件35は、被確認ソフトウェアの入出力値の条件を定めた条件であり、具体的には値域又は特定の値である。
 なお、動作確認支援装置10の動作を実現するプログラムは、実施の形態1の動作確認支援装置10の動作を実現するプログラムに、入出力条件取得部20の機能を実現する入出力変数条件入力手順を追加したものである。 *** Explanation of configuration ***
The functional configuration of the operation confirmation support device 10 according to the present embodiment will be described with reference to FIG. The same components as those in the first embodiment shown in FIG. 2 are designated by the same numbers, and the description thereof will be omitted.
In the present embodiment, the operation confirmation support device 10 newly includes an input / output condition acquisition unit 20.
The input / output condition acquisition unit 20 sets the input / output condition 35 as a condition relating to at least one of the input value indicated by the input variable and the output value indicated by the output variable included in the operation code 30 acquired by the program information acquisition unit 15. Is obtained from an external device via the input / output device 14.
The input / output condition 35 is a condition that defines the input / output value condition of the software to be confirmed, and is specifically a range or a specific value.
The program that realizes the operation of the operation confirmation support device 10 is the input / output variable condition input procedure that realizes the function of the input / output condition acquisition unit 20 in the program that realizes the operation of the operation confirmation support device 10 of the first embodiment. Is added.
***動作の説明***
 図13から図15を参照して、本実施の形態に係る動作確認支援装置10の動作例を説明する。 *** Explanation of operation ***
An operation example of the operation confirmation support device 10 according to the present embodiment will be described with reference to FIGS. 13 to 15.
 まず、図13のフローチャートを参照して、本実施の形態に係る動作確認支援装置10の処理動作の例を示す。
 なお、実施の形態1と同一の動作には同一番号を付してその説明を省略する。 First, with reference to the flowchart of FIG. 13, an example of the processing operation of the operation confirmation support device 10 according to the present embodiment is shown.
The same operations as those in the first embodiment are designated by the same numbers, and the description thereof will be omitted.
 ステップS301において、プログラム情報取得部15は、動作コード30を取得する。また、プログラム情報取得部15が動作コード30を取得すると、プログラム情報取得部15が動作コード30を解析し、被確認ソフトウェアへ入力される入力値又は被確認ソフトウェアから出力される出力値である入出力値が代入される入出力変数を抽出する。そして、処理はステップS102へ進む。 In step S301, the program information acquisition unit 15 acquires the operation code 30. Further, when the program information acquisition unit 15 acquires the operation code 30, the program information acquisition unit 15 analyzes the operation code 30, and is an input value input to the confirmed software or an input value output from the confirmed software. Extract the input / output variables to which the output value is assigned. Then, the process proceeds to step S102.
 ステップS102は実施の形態1で説明したものと同じであるため、説明を省略する。 Since step S102 is the same as that described in the first embodiment, the description thereof will be omitted.
 ステップS102の処理が完了後、ステップS302において、入出力条件取得部20は、被確認ソフトウェアの入出力値の条件を定めた入出力条件35を取得する。
 この入出力条件35は、値域又は値であり、ステップS301の処理で抽出した入出力変数が満たすべき条件を示す。そして、処理はステップS303へ進む。 After the processing of step S102 is completed, in step S302, the input / output condition acquisition unit 20 acquires the input / output condition 35 that defines the input / output value conditions of the software to be confirmed.
The input / output condition 35 is a range or a value, and indicates a condition to be satisfied by the input / output variable extracted in the process of step S301. Then, the process proceeds to step S303.
 ステップS303において、検査条件変換部17は、ステップS302の処理で取得された入出力条件35を基に、入出力変数の値を検査する式として、入力変数検査式及び出力変数検査式の少なくともいずれか一方を生成する。そして、検査条件変換部17は、入出力変数の値を検査する式を動作コード30に挿入して追加する。そして、処理はステップS103へ進む。
 動作コード30に入出力変数の値を検査する式が挿入されたコードは、ステップS103以降の処理で動作コード30として用いられる。
 ステップS103以降は、上述の通りであるため、説明を省略する。 In step S303, the inspection condition conversion unit 17 is at least one of an input variable inspection expression and an output variable inspection expression as an expression for inspecting the value of the input / output variable based on the input / output condition 35 acquired in the process of step S302. Generate one. Then, the inspection condition conversion unit 17 inserts and adds an expression for inspecting the value of the input / output variable into the operation code 30. Then, the process proceeds to step S103.
The code in which the expression for checking the value of the input / output variable is inserted in the operation code 30 is used as the operation code 30 in the processes after step S103.
Since steps S103 and subsequent steps are as described above, the description thereof will be omitted.
 このように、本実施の形態では、被確認ソフトウェアの入出力値に関する条件を、担当者が使用環境を想定して入力することで、想定した使用環境における被確認ソフトウェアの動作確認をすることができる。 As described above, in the present embodiment, the person in charge inputs the conditions related to the input / output values of the confirmed software assuming the usage environment, so that the operation of the confirmed software can be confirmed in the assumed usage environment. can.
 図14に示す動作コード30の具体例を用いて、本実施の形態における動作確認支援装置10のより詳細な動作例を説明する。
 具体的には、以下の例では、図14に示す動作コード30で生成される被確認ソフトウェアの、RUNモードにおける動作確認のために、以下の(1)及び(2)の条件を満たす生成値34を生成する動作を説明する。
(1)被確認ソフトウェアの内部状態がRUNモードへ遷移する。
(2)被確認ソフトウェアの出力値を代入する出力変数Demo_Oの値が300となる。
 本例の動作コード30は、被確認ソフトウェアの内部状態である動作モードを表すモード変数modeと、入力値を代入する2つの入力変数Demo_I_x及びDemo_I_yと、出力値を代入する出力変数Demo_Oとを有する。 A more detailed operation example of the operation confirmation support device 10 according to the present embodiment will be described with reference to a specific example of the operation code 30 shown in FIG.
Specifically, in the following example, in order to confirm the operation of the confirmed software generated by the operation code 30 shown in FIG. 14 in the RUN mode, the generated values satisfying the following conditions (1) and (2). The operation of generating 34 will be described.
(1) The internal state of the confirmed software transitions to the RUN mode.
(2) The value of the output variable Demo_O to which the output value of the confirmed software is substituted is 300.
The operation code 30 of this example has a mode variable mode representing the operation mode which is the internal state of the software to be confirmed, two input variables Demo_I_x and Demo_I_y for substituting the input value, and an output variable Demo_O for substituting the output value. ..
 図13のステップS301において、プログラム情報取得部15は、図14に示す動作コード30を取得する。その後、プログラム情報取得部15は、取得した動作コード30を解析し、入出力変数を抽出する。そして、処理はステップS102へ進む。
 本例では、入力変数Demo_I_x及びDemo_I_yと、出力変数Demo_Oとがプログラム情報取得部15により抽出される。 In step S301 of FIG. 13, the program information acquisition unit 15 acquires the operation code 30 shown in FIG. After that, the program information acquisition unit 15 analyzes the acquired operation code 30 and extracts input / output variables. Then, the process proceeds to step S102.
In this example, the input variables Demo_I_x and Demo_I_y and the output variable Demo_O are extracted by the program information acquisition unit 15.
 図13のステップS102において、検査条件取得部16は、検査条件31として、動作コード30における目標到達箇所情報を取得する。そして、ステップS302へ進む。
 本例において、動作コード30における目標到達箇所は、「動作モードがRUNモードに遷移した被確認ソフトウェアの内部状態」に相当する図14に示す動作コード30の19行目である。 In step S102 of FIG. 13, the inspection condition acquisition unit 16 acquires the target arrival location information in the operation code 30 as the inspection condition 31. Then, the process proceeds to step S302.
In this example, the target arrival point in the operation code 30 is the 19th line of the operation code 30 shown in FIG. 14, which corresponds to the “internal state of the confirmed software whose operation mode has changed to the RUN mode”.
 図13のステップS302において、入出力条件取得部20は、被確認ソフトウェアの入出力値の条件を定めた入出力条件35を取得する。そして、処理はステップS303へ進む。
 本例における動作確認では、「出力変数の値が300となる」という条件を満たすため、この入出力条件35は「Demo_O=300」という出力変数の条件となる。 In step S302 of FIG. 13, the input / output condition acquisition unit 20 acquires the input / output condition 35 that defines the input / output value conditions of the software to be confirmed. Then, the process proceeds to step S303.
In the operation check in this example, since the condition that "the value of the output variable is 300" is satisfied, this input / output condition 35 is the condition of the output variable "Demo_O = 300".
 図13のステップS303において、検査条件変換部17は、動作コード30に、S302の処理で取得した入出力条件35を基に、出力変数の値を検査する式として、出力変数検査式を生成する。そして、検査条件変換部17は、生成した出力変数検査式を動作コード30に挿入する。具体例としては、出力変数検査式をassert文として挿入する。そして、処理はステップS103へ進む。 In step S303 of FIG. 13, the inspection condition conversion unit 17 generates an output variable inspection expression as an expression for inspecting the value of the output variable based on the input / output condition 35 acquired in the process of S302 in the operation code 30. .. Then, the inspection condition conversion unit 17 inserts the generated output variable inspection formula into the operation code 30. As a specific example, the output variable inspection formula is inserted as an assert statement. Then, the process proceeds to step S103.
 図13のステップS103において、検査条件変換部17は、「動作コード30の19行目」という1つの検査条件31を基に、1つの目標到達箇所変数reachを定義する。そして、処理はステップS104へ進む。 In step S103 of FIG. 13, the inspection condition conversion unit 17 defines one target arrival point variable reach based on one inspection condition 31 of "the 19th line of the operation code 30". Then, the process proceeds to step S104.
 図13のステップS104において、検査条件変換部17は、「動作コード30の19行目」という検査条件31を基に、20行目に目標到達箇所変数の演算式(reach++;)のコードを挿入して追加した、検査用コードを生成する。
 さらに、検査条件変換部17は、検査用コードをSATソルバが解析可能な論理式に変換して、検査用コードの論理式33を生成する。そして、処理はステップS105へ進む。 In step S104 of FIG. 13, the inspection condition conversion unit 17 inserts the code of the calculation formula (reach ++;) of the target arrival location variable on the 20th line based on the inspection condition 31 of "19th line of the operation code 30". And generate the added inspection code.
Further, the inspection condition conversion unit 17 converts the inspection code into a logical expression that can be analyzed by the SAT solver, and generates the logical expression 33 of the inspection code. Then, the process proceeds to step S105.
 図13のステップS105において、検査条件変換部17は、検査条件31を基に定義した目標到達箇所変数reachを基に、目標到達箇所へ到達したときに満たされる目標到達条件式32(reach>0)を生成する。そして、処理はステップS106へ進む。 In step S105 of FIG. 13, the inspection condition conversion unit 17 uses the target arrival point variable reach defined based on the inspection condition 31 to satisfy the target arrival condition expression 32 (reach> 0) when the target arrival point is reached. ) Is generated. Then, the process proceeds to step S106.
 図13のステップS106において、解析部18は、SATソルバを用いて検査用コードの論理式33と目標到達条件式32との論理積を解くことで入出力条件35を満たし、かつ、目標到達箇所へ到達させる入力値を探索する。そして、解析部18は、入出力条件35を満たし、かつ、目標到達箇所へ到達させる入力値として生成値34を生成する。具体的には、解析部18は、目標到達箇所である動作コード30の19行目に到達し、かつ、出力変数Demo_Oの値が300となる、入力変数Demo_I_x及びDemo_I_yへ代入される入力値を探索する。そして、解析部18は、入出力条件35を満たし、かつ、目標到達箇所へ到達させる入力値として生成値34を生成する。
 本例では、reach++;が挿入された検査用コードの20行目に到達し、目標到達条件式32である「reach>0」を真にする解である入力値が存在する。したがって、「Demo_O=300」という入出力条件35を満たし、かつ、動作コード30の19行目へ到達させる入力値として生成値34が生成される。そのため、処理はステップS107へ進む。 In step S106 of FIG. 13, the analysis unit 18 satisfies the input / output condition 35 by solving the logical product of the logical expression 33 of the inspection code and the target arrival condition expression 32 using the SAT solver, and also satisfies the target arrival point. Search for the input value to reach. Then, the analysis unit 18 generates the generated value 34 as an input value that satisfies the input / output condition 35 and reaches the target arrival point. Specifically, the analysis unit 18 inputs the input values assigned to the input variables Demo_I_x and Demo_I_y, which reach the 19th line of the operation code 30 which is the target arrival point and the value of the output variable Demo_O is 300. Explore. Then, the analysis unit 18 generates the generated value 34 as an input value that satisfies the input / output condition 35 and reaches the target arrival point.
In this example, there is an input value that reaches the 20th line of the inspection code in which reach ++; is inserted and is a solution that makes "reach>0", which is the target achievement conditional expression 32, true. Therefore, the generated value 34 is generated as an input value that satisfies the input / output condition 35 of "Demo_O = 300" and reaches the 19th line of the operation code 30. Therefore, the process proceeds to step S107.
 図13のステップS107において、入力値出力部19は、ステップS106の処理で生成された生成値34を出力する。
 図15では、本例で生成される生成値34及び目標到達箇所へ到達するまでの被確認ソフトウェアの実行順序を示す。 In step S107 of FIG. 13, the input value output unit 19 outputs the generated value 34 generated in the process of step S106.
FIG. 15 shows the generated value 34 generated in this example and the execution order of the confirmed software until the target arrival point is reached.
 図15の右下の表は、被確認ソフトウェアへの入力として、3回の被確認ソフトウェアの実行周期の各々の周期に入力変数Demo_I_x及びDemo_I_yへ代入される入力値を示す。
 具体的には、1周期目に入力変数Demo_I_x及びDemo_I_yへ代入される入力値は、10と3である。また、2周期目に入力変数Demo_I_x及びDemo_I_yへ代入される入力値も、10と3である。また、3周期目に入力変数Demo_I_x及びDemo_I_yへ代入される入力値も、10と3である。 The lower right table of FIG. 15 shows the input values assigned to the input variables Demo_I_x and Demo_I_y in each of the three execution cycles of the confirmed software as inputs to the confirmed software.
Specifically, the input values assigned to the input variables Demo_I_x and Demo_I_y in the first cycle are 10 and 3. The input values assigned to the input variables Demo_I_x and Demo_I_y in the second cycle are also 10 and 3. The input values assigned to the input variables Demo_I_x and Demo_I_y in the third cycle are also 10 and 3.
 図15の右上の表は、入力変数Demo_I_x及びDemo_I_yへの入力値の代入前後の出力変数Demo_Oの値及びモード変数modeの値を示す。
 具体的には、1周期目の開始時、出力変数Demo_Oは値をもたず、モード変数modeはSTARTである。入力変数Demo_I_x及びDemo_I_yへ10と3が代入されると、動作コード30の8行目及び9行目の処理が実行され、出力変数Demo_Oに100が、モード変数modeにRUNが代入される。そして、1周期目の終了時には出力変数Demo_Oは100となり、モード変数modeはRUNとなる。
 また、2周期目の開始時、出力変数Demo_Oは100、モード変数modeはRUNである。入力変数Demo_I_x及びDemo_I_yへ10と3が代入されると、動作コード30の18行目及び19行目の処理が実行され、出力変数Demo_OにDemo_O+100が、モード変数modeにRUNが代入される。そして、1周期目の終了時には出力変数Demo_Oは200となり、モード変数modeはRUNとなる。
 また、3周期目の開始時、出力変数Demo_Oは200、モード変数modeはRUNである。入力変数Demo_I_x及びDemo_I_yへ10と3が代入されると、動作コード30の18行目及び19行目の処理が実行され、出力変数Demo_OにDemo_O+100が、モード変数modeにRUNが代入される。そして、1周期目の終了時には出力変数Demo_Oは300となり、モード変数modeはRUNとなる。
 したがって、3周期目の終了時点で被確認ソフトウェアの実行処理は本例の目標到達箇所を示す動作コード30の19行目に到達し、かつ、入出力条件35である「Demo_O=300」が満たされる。 The table on the upper right of FIG. 15 shows the values of the output variable Demo_O and the value of the mode variable mode before and after the assignment of the input values to the input variables Demo_I_x and Demo_I_y.
Specifically, at the start of the first cycle, the output variable Demo_O has no value, and the mode variable mode is START. When 10 and 3 are assigned to the input variables Demo_I_x and Demo_I_y, the processing of the 8th and 9th lines of the operation code 30 is executed, 100 is assigned to the output variable Demo_O, and RUN is assigned to the mode variable mode. Then, at the end of the first cycle, the output variable Demo_O becomes 100, and the mode variable mode becomes RUN.
At the start of the second cycle, the output variable Demo_O is 100 and the mode variable mode is RUN. When 10 and 3 are assigned to the input variables Demo_I_x and Demo_I_y, the processing of the 18th and 19th lines of the operation code 30 is executed, Demo_O + 100 is assigned to the output variable Demo_O, and RUN is assigned to the mode variable mode. Then, at the end of the first cycle, the output variable Demo_O becomes 200, and the mode variable mode becomes RUN.
At the start of the third cycle, the output variable Demo_O is 200 and the mode variable mode is RUN. When 10 and 3 are assigned to the input variables Demo_I_x and Demo_I_y, the processing of the 18th and 19th lines of the operation code 30 is executed, Demo_O + 100 is assigned to the output variable Demo_O, and RUN is assigned to the mode variable mode. Then, at the end of the first cycle, the output variable Demo_O becomes 300, and the mode variable mode becomes RUN.
Therefore, at the end of the third cycle, the execution process of the confirmed software reaches the 19th line of the operation code 30 indicating the target arrival location of this example, and the input / output condition 35 “Demo_O = 300” is satisfied. Is done.
 本例では、図7の右下の表で示されるように、入力変数Demo_I_x及びDemo_I_yへの入力値が、1周期目では10と3、2周期目でも10と3、3周期目でも10と3、という3周期分の入力値として生成値34が出力される。
 このように、本実施の形態では、生成値34は、1周期分のみとは限らず、複数周期分の入力値列として生成されてもよい。 In this example, as shown in the lower right table of FIG. 7, the input values to the input variables Demo_I_x and Demo_I_y are 10 and 3 in the first cycle, 10 and 3 in the second cycle, and 10 in the third cycle. The generated value 34 is output as an input value for three cycles of 3.
As described above, in the present embodiment, the generated value 34 is not limited to one cycle, and may be generated as an input value string for a plurality of cycles.
 以上のように生成された生成値34を各々の周期で被確認ソフトウェアへ入力して実行することで、3周期目において、実行処理を目標到達箇所である動作コード30の19行目に到達させ、かつ、出力変数Demo_Oの値を300とすることができる。 By inputting the generated value 34 generated as described above into the confirmed software in each cycle and executing the execution, the execution process is made to reach the 19th line of the operation code 30 which is the target arrival point in the third cycle. Moreover, the value of the output variable Demo_O can be set to 300.
 本例では、入出力条件取得部20が、出力変数Demo_O=300という出力値に関する条件を入出力条件35として取得した場合を説明した。しかし、それに限らず、入出力条件取得部20が、特定の入力値を入出力条件35として取得してもよく、また入出力値の値域を入出力条件35として取得してもよい。 In this example, the case where the input / output condition acquisition unit 20 acquires the condition related to the output value of the output variable Demo_O = 300 as the input / output condition 35 has been described. However, the present invention is not limited to this, and the input / output condition acquisition unit 20 may acquire a specific input value as the input / output condition 35, or may acquire the range of the input / output value as the input / output condition 35.
***実施の形態の効果の説明***
 以上のように、担当者が被確認ソフトウェアの入出力値に関する入出力条件35を入力することで、被確認ソフトウェアの使用環境において取りえない入出力値を生じさせる生成値34の生成を除外することができる。
 これにより、担当者は被確認ソフトウェアの使用環境において想定されない不要な処理動作の実行を除外し、動作確認を実行することが可能となる。しがたって、動作確認に要する工数を削減することができる。 *** Explanation of the effect of the embodiment ***
As described above, when the person in charge inputs the input / output condition 35 regarding the input / output value of the confirmed software, the generation of the generated value 34 that causes the input / output value that cannot be taken in the usage environment of the confirmed software is excluded. be able to.
As a result, the person in charge can exclude the execution of unnecessary processing operations that are not expected in the environment in which the software to be confirmed is used, and execute the operation confirmation. Therefore, the man-hours required for operation check can be reduced.
 <変形例1>
 実施の形態3では、プログラム情報取得部15は、動作コード30を取得する例を説明した。しかし、プログラム情報取得部15は、動作プログラムとしてノード又はブランチを含むAST(Abstract Syntax Tree)で作成されたASTプログラムを取得し、ASTプログラムのソースコードであるASTコードへと変換し、動作コード30としてASTコードを取得してもよい。
 変形例1では、担当者は、入出力装置14を介して検査条件取得部16に直接、目標到達箇所を示すノード又はブランチに関する情報を、目標到達箇所情報として入力する。また、目標到達箇所情報の入力方法は、これに限らず、入出力装置14を介してディスプレイに表示されたASTに含まれるノード又はブランチを視覚的に指定して入力する方法であってもよい。
 図13のステップS301においてASTコードが取得された場合、図13のステップS102において、検査条件取得部16は、目標到達箇所を示すノード又はブランチに関する情報を検査条件31として、入出力装置14を介して外部装置から取得してもよい。そして、図13のステップS104において、検査条件変換部17は、検査条件31に基づき動作コード30の中から目標到達箇所を示すノード又はブランチに対応するコードの行番号を抽出し、検査用コードの論理式33を生成してもよい。そして、図13のステップS105において、動作コード30の中の目標到達箇所を示すノード又はブランチに対応するコードの行番号へ到達したときに満たされる目標到達条件式32を生成してもよい。 <Modification example 1>
In the third embodiment, the program information acquisition unit 15 has described an example of acquiring the operation code 30. However, the program information acquisition unit 15 acquires the AST program created by AST (Abstract Syntax Tree) including the node or branch as the operation program, converts it into the AST code which is the source code of the AST program, and converts the operation code 30. You may get the AST code as.
In the first modification, the person in charge directly inputs the information regarding the node or branch indicating the target arrival location to the inspection condition acquisition unit 16 via the input / output device 14 as the target arrival location information. Further, the method of inputting the target arrival location information is not limited to this, and a method of visually designating and inputting the nodes or branches included in the AST displayed on the display via the input / output device 14 may be used. ..
When the AST code is acquired in step S301 of FIG. 13, in step S102 of FIG. 13, the inspection condition acquisition unit 16 sets the information about the node or branch indicating the target arrival location as the inspection condition 31 and uses the input / output device 14 as the inspection condition 31. It may be obtained from an external device. Then, in step S104 of FIG. 13, the inspection condition conversion unit 17 extracts the line number of the code corresponding to the node or branch indicating the target arrival point from the operation code 30 based on the inspection condition 31, and determines the inspection code. The formula 33 may be generated. Then, in step S105 of FIG. 13, the target arrival conditional expression 32 that is satisfied when the line number of the code corresponding to the node or branch indicating the target arrival location in the operation code 30 is reached may be generated.
 <変形例2>
 変形例2として、プログラム情報取得部15は、動作プログラムとしてノード又はエッジを含む状態遷移図で作成された状態遷移プログラムを取得し、状態遷移プログラムのソースコードである状態遷移コードへと変換し、動作コード30として状態遷移コードを取得してもよい。
 変形例2では、担当者は、入出力装置14を介して検査条件取得部16に直接、目標到達箇所を示すノード又はエッジに関する情報を、目標到達箇所情報として入力する。また、目標到達箇所情報の入力方法は、これに限らず、入出力装置14を介してディスプレイに表示された状態遷移図に含まれるノード又はエッジを視覚的に指定して入力する方法であってもよい。
 図13のステップS301において状態遷移コードが取得された場合、図13のステップS102において、検査条件取得部16は、目標到達箇所を示すノード又はエッジに関する情報を検査条件31として、入出力装置14を介して外部装置から取得してもよい。
そして、図13のステップS104において、検査条件変換部17は、検査条件31に基づき動作コード30の中から目標到達箇所を示すノード又はエッジに対応するコードの行番号を抽出し、検査用コードの論理式33を生成してもよい。そして、図13のステップS105において、動作コード30の中の目標到達箇所を示すノード又はエッジに対応するコードの行番号へ到達したときに満たされる目標到達条件式32を生成してもよい。 <Modification 2>
As a modification 2, the program information acquisition unit 15 acquires a state transition program created in a state transition diagram including a node or an edge as an operation program, converts it into a state transition code which is a source code of the state transition program, and converts it into a state transition code. The state transition code may be acquired as the operation code 30.
In the second modification, the person in charge directly inputs the information regarding the node or edge indicating the target arrival location to the inspection condition acquisition unit 16 via the input / output device 14 as the target arrival location information. Further, the method of inputting the target arrival location information is not limited to this, and is a method of visually designating and inputting the nodes or edges included in the state transition diagram displayed on the display via the input / output device 14. May be good.
When the state transition code is acquired in step S301 of FIG. 13, in step S102 of FIG. 13, the inspection condition acquisition unit 16 sets the input / output device 14 as the inspection condition 31 with the information regarding the node or edge indicating the target arrival point as the inspection condition 31. It may be obtained from an external device via.
Then, in step S104 of FIG. 13, the inspection condition conversion unit 17 extracts the line number of the code corresponding to the node or edge indicating the target arrival point from the operation code 30 based on the inspection condition 31, and determines the inspection code. The formula 33 may be generated. Then, in step S105 of FIG. 13, the target arrival conditional expression 32 that is satisfied when the line number of the code corresponding to the node or edge indicating the target arrival location in the operation code 30 is reached may be generated.
 10 動作確認支援装置、11 プロセッサ、12 メモリ、13 通信装置、14 入出力装置、15 プログラム情報取得部、16 検査条件取得部、17 検査条件変換部、18 解析部、19 入力値出力部、20 入出力条件取得部、30 動作コード、31 検査条件、32 目標到達条件式、33 検査用コードの論理式、34 生成値、35 入出力条件。 10 operation check support device, 11 processor, 12 memory, 13 communication device, 14 input / output device, 15 program information acquisition unit, 16 inspection condition acquisition unit, 17 inspection condition conversion unit, 18 analysis unit, 19 input value output unit, 20 Input / output condition acquisition unit, 30 operation code, 31 inspection condition, 32 target achievement condition formula, 33 inspection code logical formula, 34 generated value, 35 input / output condition.

Claims (10)

  1.  入力値を読み込んで動作する動作プログラムのソースコードである動作コードを取得するプログラム情報取得部と、
     前記動作コードの目標到達箇所を含む目標到達箇所に関する情報を検査条件として取得する検査条件取得部と、
     前記検査条件取得部が取得した前記検査条件に含まれる目標到達箇所へ到達したことを判定する判定式を生成する検査条件変換部と、
     前記検査条件変換部が生成した前記判定式を用いて前記目標到達箇所へ到達させる前記入力値として生成値を生成する解析部とを備えた動作確認支援装置。     A program information acquisition unit that acquires the operation code, which is the source code of the operation program that operates by reading the input value,
    An inspection condition acquisition unit that acquires information about a target arrival point including the target arrival point of the operation code as an inspection condition, and an inspection condition acquisition unit.
    An inspection condition conversion unit that generates a determination formula for determining that the target reached point included in the inspection condition acquired by the inspection condition acquisition unit has been reached.
    An operation confirmation support device including an analysis unit that generates a generated value as an input value for reaching the target arrival point using the determination formula generated by the inspection condition conversion unit.
  2.  前記検査条件変換部は、
     前記判定式として前記目標到達箇所への到達判定に用いる論理式を生成し、前記目標到達箇所への到達判定に用いるコードを前記動作コードに追加した検査用コードを作成し、前記検査用コードを論理式へ変換して前記検査用コードの論理式を生成し、
     前記解析部は、
     前記判定式と前記検査用コードの論理式との論理積を充足する前記入力値を探索して、前記目標到達箇所へ到達させる前記入力値として生成値を生成する請求項1に記載の動作確認支援装置。     The inspection condition conversion unit
    As the determination formula, a logical expression used for determining the arrival at the target arrival point is generated, a code used for determining the arrival at the target arrival point is added to the operation code to create an inspection code, and the inspection code is used. Convert to a logical expression to generate the logical expression of the inspection code,
    The analysis unit
    The operation check according to claim 1, wherein the input value that satisfies the logical product of the determination formula and the logical formula of the inspection code is searched for, and the generated value is generated as the input value to reach the target arrival point. Support device.
  3.  前記検査条件取得部は、
     前記目標到達箇所を示す前記動作コードの行番号を前記検査条件として取得し、
     前記検査条件変換部は、
     前記判定式として、前記目標到達箇所を示す前記動作コードの行番号へ到達したときに満たされる目標到達条件式を生成する請求項1又は請求項2に記載の動作確認支援装置。     The inspection condition acquisition unit
    The line number of the operation code indicating the target arrival point is acquired as the inspection condition, and the line number is acquired.
    The inspection condition conversion unit
    The operation confirmation support device according to claim 1 or 2, wherein as the determination expression, a target arrival condition expression that is satisfied when the line number of the operation code indicating the target arrival location is reached is generated.
  4.  前記検査条件取得部は、
     複数の目標到達箇所を示す前記動作コードの行番号と、前記複数の目標到達箇所の到達順序である目標到達順序とを前記検査条件として取得し、
     前記検査条件変換部は、
     前記判定式として、前記目標到達順序の通りに前記複数の目標到達箇所を示す前記動作コードの行番号へ到達したときに満たされる目標到達条件式を生成する請求項1から請求項3のいずれか1項に記載の動作確認支援装置。     The inspection condition acquisition unit
    The line numbers of the operation code indicating the plurality of target arrival points and the target arrival order, which is the arrival order of the plurality of target arrival points, are acquired as the inspection conditions.
    The inspection condition conversion unit
    As the determination formula, any one of claims 1 to 3 that generates a target arrival condition expression that is satisfied when the line numbers of the operation codes indicating the plurality of target arrival locations are reached in the target arrival order. The operation confirmation support device according to item 1.
  5.  動作確認支援装置は、更に、
     前記入力値及び前記動作プログラムが出力する出力値の少なくともいずれか一方の値域又は値である入出力条件を取得する入出力条件取得部を備え、
     前記解析部は、
     前記検査条件変換部が生成した前記判定式を用いて、前記入出力条件を満たし、かつ、前記目標到達箇所へ到達させる前記入力値として生成値を生成する請求項1から請求項4のいずれか1項に記載の動作確認支援装置。     The operation check support device is further equipped.
    It is provided with an input / output condition acquisition unit that acquires an input / output condition that is a range or value of at least one of the input value and the output value output by the operation program.
    The analysis unit
    Any one of claims 1 to 4, which uses the determination formula generated by the inspection condition conversion unit to generate a generated value as the input value that satisfies the input / output conditions and reaches the target arrival point. The operation confirmation support device according to item 1.
  6.  前記解析部は、
     前記目標到達箇所へ到達させる前記入力値を生成できなかった場合に、生成できなかったことを通知する請求項1から請求項5のいずれか1項に記載の動作確認支援装置。     The analysis unit
    The operation confirmation support device according to any one of claims 1 to 5, which notifies that the input value for reaching the target arrival point could not be generated.
  7.  前記プログラム情報取得部は、
     前記動作プログラムとしてノード又はブランチを含むAST(Abstract Syntax Tree)で作成されたASTプログラムを取得し、前記ASTプログラムを前記ASTプログラムのソースコードであるASTコードへと変換し、前記ASTコードを前記動作コードとして取得し、
     前記検査条件取得部は、
     前記目標到達箇所を示す前記ノード又はブランチを前記検査条件として取得し、
     前記検査条件変換部は、
     前記検査条件の前記ノード又はブランチに対応する前記動作コードの行番号を抽出し、
     前記判定式として、前記動作コードの行番号へ到達したときに満たされる目標到達条件式を生成する請求項1から請求項6のいずれか1項に記載の動作確認支援装置。     The program information acquisition unit
    An AST program created by an AST (Abstract Syntax Tree) including a node or a branch as the operation program is acquired, the AST program is converted into an AST code which is a source code of the AST program, and the AST code is converted into the operation. Get as code,
    The inspection condition acquisition unit
    The node or branch indicating the target arrival point is acquired as the inspection condition, and the inspection condition is acquired.
    The inspection condition conversion unit
    The line number of the operation code corresponding to the node or branch of the inspection condition is extracted.
    The operation confirmation support device according to any one of claims 1 to 6, which generates a target achievement condition expression that is satisfied when the line number of the operation code is reached as the determination expression.
  8.  前記プログラム情報取得部は、
     前記動作プログラムとしてノード又はエッジを含む状態遷移図で作成された状態遷移プログラムを取得し、前記状態遷移プログラムを前記状態遷移プログラムのソースコードである状態遷移コードへと変換し、前記状態遷移コードを前記動作コードとして取得し、
     前記検査条件取得部は、
     前記目標到達箇所を示す前記ノード又はエッジを前記検査条件として取得し、
     検査条件変換部は、
     前記検査条件の前記ノード又はエッジに対応する前記動作コードの行番号を抽出し、
     前記判定式として、前記動作コードの行番号へ到達したときに満たされる目標到達条件式を生成する請求項1から請求項6のいずれか1項に記載の動作確認支援装置。     The program information acquisition unit
    The state transition program created in the state transition diagram including the node or edge is acquired as the operation program, the state transition program is converted into the state transition code which is the source code of the state transition program, and the state transition code is converted into the state transition code. Obtained as the above operation code
    The inspection condition acquisition unit
    The node or edge indicating the target arrival point is acquired as the inspection condition, and the inspection condition is acquired.
    The inspection condition conversion unit
    The line number of the operation code corresponding to the node or edge of the inspection condition is extracted, and the line number is extracted.
    The operation confirmation support device according to any one of claims 1 to 6, which generates a target achievement condition expression that is satisfied when the line number of the operation code is reached as the determination expression.
  9.  コンピュータが、
     入力値を読み込んで動作する動作プログラムのソースコードである動作コードを取得し、
     前記動作コードの目標到達箇所を含む目標到達箇所に関する情報を検査条件として取得し、
     前記検査条件に含まれる目標到達箇所へ到達したことを判定する判定式を生成し、
     前記判定式を用いて前記目標到達箇所へ到達させる前記入力値として生成値を生成する動作確認支援方法。     The computer
    Get the operation code which is the source code of the operation program that operates by reading the input value.
    Obtain information about the target arrival point including the target arrival point of the operation code as an inspection condition, and obtain the information.
    A determination formula for determining that the target reached point included in the inspection conditions has been reached is generated.
    An operation confirmation support method for generating a generated value as the input value for reaching the target arrival point using the determination formula.
  10.  入力値を読み込んで動作する動作プログラムのソースコードである動作コードを取得するプログラム情報取得処理と、
     前記動作コードの目標到達箇所を含む目標到達箇所に関する情報を検査条件として取得する検査条件取得処理と、
     前記検査条件取得処理により取得した前記検査条件に含まれる目標到達箇所へ到達したことを判定する判定式を生成する検査条件変換処理と、
     前記検査条件変換処理により生成した前記判定式を用いて前記目標到達箇所へ到達させる前記入力値として生成値を生成する解析処理とをコンピュータに実行させる動作確認支援プログラム。     Program information acquisition process to acquire the operation code which is the source code of the operation program that reads the input value and operates,
    The inspection condition acquisition process for acquiring information about the target arrival point including the target arrival point of the operation code as an inspection condition, and
    An inspection condition conversion process for generating a determination formula for determining that a target reached point included in the inspection condition acquired by the inspection condition acquisition process has been reached, and an inspection condition conversion process.
    An operation confirmation support program for causing a computer to execute an analysis process for generating a generated value as an input value for reaching the target arrival point using the determination formula generated by the inspection condition conversion process.
PCT/JP2020/017102 2020-04-20 2020-04-20 Operation check assistance device, operation check assistance method, and operation check assistance program WO2021214843A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2020/017102 WO2021214843A1 (en) 2020-04-20 2020-04-20 Operation check assistance device, operation check assistance method, and operation check assistance program
JP2020570075A JP6854994B1 (en) 2020-04-20 2020-04-20 Operation check support device, operation check support method and operation check support program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2020/017102 WO2021214843A1 (en) 2020-04-20 2020-04-20 Operation check assistance device, operation check assistance method, and operation check assistance program

Publications (1)

Publication Number Publication Date
WO2021214843A1 true WO2021214843A1 (en) 2021-10-28

Family

ID=75267904

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/017102 WO2021214843A1 (en) 2020-04-20 2020-04-20 Operation check assistance device, operation check assistance method, and operation check assistance program

Country Status (2)

Country Link
JP (1) JP6854994B1 (en)
WO (1) WO2021214843A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001306648A (en) * 2000-03-20 2001-11-02 Nec Corp Test bench generating device, automatic test bench generating method, verifying method, and evaluating method
JP2010140407A (en) * 2008-12-15 2010-06-24 Nomura Research Institute Ltd Source code inspection device
JP2011159115A (en) * 2010-02-01 2011-08-18 Fuji Electric Co Ltd Automatic programming device, automatic programming method, and program for monitoring sequence
JP2014063415A (en) * 2012-09-24 2014-04-10 Mitsubishi Electric Corp Test case automatic generation device and test case automatic generation program
JP2015197868A (en) * 2014-04-02 2015-11-09 トヨタ自動車株式会社 Computer program checking apparatus
JP2016031622A (en) * 2014-07-29 2016-03-07 日立オートモティブシステムズ株式会社 Software verification system and control device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001306648A (en) * 2000-03-20 2001-11-02 Nec Corp Test bench generating device, automatic test bench generating method, verifying method, and evaluating method
JP2010140407A (en) * 2008-12-15 2010-06-24 Nomura Research Institute Ltd Source code inspection device
JP2011159115A (en) * 2010-02-01 2011-08-18 Fuji Electric Co Ltd Automatic programming device, automatic programming method, and program for monitoring sequence
JP2014063415A (en) * 2012-09-24 2014-04-10 Mitsubishi Electric Corp Test case automatic generation device and test case automatic generation program
JP2015197868A (en) * 2014-04-02 2015-11-09 トヨタ自動車株式会社 Computer program checking apparatus
JP2016031622A (en) * 2014-07-29 2016-03-07 日立オートモティブシステムズ株式会社 Software verification system and control device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
HASHIMOTO, YUUSUKE: "A Tool Chain to Combine Software Model Checking and Test Case Generation", SYMPOSIUM OF INFORMATION PROCESSING SOCIETY OF JAPAN, SOFTWARE ENGINEERING SYMPOSIUM 2011, vol. 3, 2011 *

Also Published As

Publication number Publication date
JPWO2021214843A1 (en) 2021-10-28
JP6854994B1 (en) 2021-04-07

Similar Documents

Publication Publication Date Title
US8181134B2 (en) Techniques for performing conditional sequential equivalence checking of an integrated circuit logic design
US8996339B2 (en) Incremental formal verification
US9002694B2 (en) Verification of design derived from power intent
WO2015159501A1 (en) Verification property integration device, verification property integration method, and recording medium having verification property integration program stored therein
Plaza et al. Node mergers in the presence of don't cares
US20150310154A1 (en) Method and apparatus for testing
US9218273B2 (en) Automatic generation of a resource reconfiguring test
US8484591B2 (en) Enhancing redundancy removal with early merging
US8909579B2 (en) Identifying invariant candidates based on proofs
US8813036B2 (en) Visual representation of a difference between Cartesian product models
US9378000B1 (en) Determination of unreachable elements in a design
JP6854994B1 (en) Operation check support device, operation check support method and operation check support program
US8949766B2 (en) Detecting corresponding paths in combinationally equivalent circuit designs
JP2009230677A (en) Property generation system and property verification system
US10666255B1 (en) System and method for compacting X-pessimism fixes for gate-level logic simulation
US8397189B2 (en) Model checking in state transition machine verification
US11461079B2 (en) Non-transitory computer-readable medium
JP6318976B2 (en) DEBUG CIRCUIT, DEBUGGER DEVICE, SEMICONDUCTOR DEVICE, AND DEBUG METHOD
US10635845B2 (en) Method and apparatus for improving Boolean satisfiability solver generated based on input design with data qualifier signals
US10482206B1 (en) System, method, and computer program product for providing feedback during formal verification
WO2019142266A1 (en) Test case generation device, test case generation method, and test case generation program
US8996435B2 (en) Determining invariants in a model
JP6818568B2 (en) Communication device, communication specification difference extraction method and communication specification difference extraction program
Plassan et al. Mining missing assumptions from counter-examples
US20180196907A1 (en) Architecture generating device

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2020570075

Country of ref document: JP

Kind code of ref document: A

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20932354

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20932354

Country of ref document: EP

Kind code of ref document: A1