This application is based upon and claims the benefit of priority of the prior Japanese Patent Application No. 2009-276767, filed on Dec. 4, 2009, the entire contents of which are incorporated herein by reference.
The embodiment discussed herein is related to verification of software or hardware.
In recent years, in system development for software and hardware, the progress of design techniques has lead to the advent of large-scale and complicated systems. A complicated, large-scale system in turn tends to increase the ratio of the verification process to the overall development period. In the verification process, whether a system is operating normally is verified (see, e.g., Japanese Laid-Open Patent Publication Nos. 2004-220356, H11-39179, and 2007-52703).
Specifically, in the verification process, for example, a test pattern is given in the form of a scenario to a system as a design under verification, and the behavior consequent to the test pattern is checked to verify whether the system operates normally. Here, if a fault is detected in a certain sequence, a scenario including a similar sequence identical to or similar to the fault-related sequence must be selected and tested to uncover a fault related to the detected fault.
According to the conventional technique, however, a criterion or a means for deriving a scenario including a similar sequence is not clear. This poses a problem of difficulty in properly selecting a scenario necessary for verifying the occurrence of a related fault. As a result, uncovering of the related fault turns out insufficient, bringing about a problem of a decline in verification quality.
According to an aspect of an embodiment, a non-transitory, computer-readable recording medium stores therein a verification program that causes a computer to execute detecting from a structure expressing a group of scenarios for verifying an operation of a design under verification and by hierarchizing sequences for realizing the operation as nodes, a similar node similar to a faulty node representing a sequence in which a fault has occurred; generating a string of sequences represented by a group of nodes on a path starting from a start node of the structure to the detected similar node; and outputting the generated string of sequences.
The object and advantages of the invention will be realized and attained by means of the elements and combinations particularly pointed out in the claims.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are not restrictive of the invention, as claimed.
Preferred embodiments of the present invention will be explained with reference to the accompanying drawings.
A sequence represents a procedure that expresses events (or messages) transmitted/received between objects (or instances) in a time-sequence. An object (or instance) represents a block included in the design under verification or an external environment interfering with the design under verification. The structure and the sequence will be described in detail later with reference to
As depicted in
According to the method, a node similar to the specified faulty node Nf (hereinafter “similar node”) is detected in the structure 100 ((2) in
The method is carried out to make a scenario including sequences represented by a group of nodes Na, Nc, Nd, and Ne on a path P starting from a start node Na of the structure 100 to the detected similar node Ne ((3) in
This scenario is the scenario for verifying the occurrence of a fault at the similar node Ne, that is, a scenario for uncovering a fault related to the fault occurring at the faulty node Nf. In this manner, the method allows automatic generation of a scenario for verifying the occurrence of another fault related to one fault occurring in a design under verification. This improves the comprehensiveness of verification of the design under verification, thus improves verification quality.
The data structure of a group of scenarios for verifying an operation of a design under verification will be described. A group of scenarios written in a high-level Message Sequence Chart (hMSC) are expressed as an Extensible Markup Language (XML) description. hMSC is a chart having a basic MSC (bMSC) element representing a sequence (diagram), being used as one method of expressing the structure.
The structure 200 is described as hMSC information 210 using XML. In the hMSC information 210, a group of nodes included in the structure 200 (XML description 211) and connection relations between nodes (XML description 212) are defined. A black circle in
The data structure of each node representing each sequence that is an element of hMSC will be described by taking a node N3 as an example.
The sequence Sq3 is described as bMSC information 310 using XML. In the bMSC information 310, a group of instances included in the sequence Sq3 (XML description 311) and messages transmitted/received between instances (XML description 312) are defined. The XML description 312 includes a description of the order of messages on the time axes of the instances (reference numeral 313).
Specifically, a message E1 is an event (transmission) that an instance A executes first and is an event (reception) that an instance X0 executes first. A message E0 is an event (transmission) that the instance X0 executes second and is an event (reception) that an instance B executes first. A message E2 is an event (transmission) that the instance X0 executes third and is an event (reception) that the instance A executes second.
In this manner, the group of scenarios for the design under verification are expressed by the hMSC information 210 depicted in
The detailed description of hMSC is, for example, found by referring to Peled, Doron, “Specification and Verification using Message Sequence Chart”, Electronic Notes in Theoretical Computer Science 65, No. 72002.
The CPU 401 governs overall control of the verification apparatus. The ROM 402 stores therein programs such as a boot program. The RAM 403 is used as a work area of the CPU 401. The magnetic disk drive 404, under the control of the CPU 401, controls the reading and writing of data with respect to the magnetic disk 405. The magnetic disk 405 stores therein data written under control of the magnetic disk drive 404.
The optical disk drive 406, under the control of the CPU 401, controls the reading and writing of data with respect to the optical disk 407. The optical disk 407 stores therein data written under control of the optical disk drive 406, the data being read by a computer.
The display 408 displays, for example, data such as text, images, functional information, etc., in addition to a cursor, icons, and/or tool boxes. A cathode ray tube (CRT), a thin-film-transistor (TFT) liquid crystal display, a plasma display, etc., may be employed as the display 408.
The I/F 409 is connected to a network 414 such as a local area network (LAN), a wide area network (WAN), and the Internet through a communication line and is connected to other apparatuses through the network 414. The IF 409 administers an internal interface with the network 414 and controls the input and the output of data with respect to external apparatuses. For example, a modem or a LAN adaptor may be employed as the IF 409.
The keyboard 410 includes, for example, keys for inputting letters, numerals, and various instructions and performs the input of data. Alternatively, a touch-panel-type input pad or numeric keypad, etc. may be adopted. The mouse 411 is used to move the cursor, select a region, or move and change the size of windows. A track ball or a joy stick may be adopted provided each respectively has a function similar to a pointing device.
The scanner 412 optically reads an image and takes in the image data into the verification apparatus. The scanner 412 may have an optical character recognition (OCR) function as well. The printer 413 prints image data and text data. The printer 413 may be, for example, a laser printer or an ink jet printer.
The input unit 501 has a function of receiving an input of a group of scenarios for verifying an operation of a design under verification. Specifically, for example, the input unit 501 receives the hMSC information 210 and the bMSC information 310 input by the user via the keyboard 410 or mouse 411 depicted in
The input unit 501 has a further function of receiving specification of a faulty node representing a sequence in which a fault has occurred, the faulty node being specified from a structure expressing the group of scenarios for verifying an operation of the design under verification. Specifically, for example, the input unit 501 may receive specification of the faulty node via specifying screens 610 and 620 depicted in
On the specifying screen 610, the user moves a cursor C to click the message E0, which is to be corrected because of a fault. Hence, the user is able to specify the faulty node N3 from the structure 200. When the cursor C is moved to be superposed on any one of the nodes N0 to N7, the contents of the corresponding sequence represented by the node N0 to N7 are displayed in an enlarged view, for example.
On the specifying screen 620, the user enters into a box B1, the node name of the faulty node and further enters into a box B2, the message name of the event that is to be corrected because of the fault. Hence, the user is able to specify the faulty node N3 from the structure 200.
Although the faulty node may be specified on the specifying screens 610 and 620, this is not the only case. For example, the input unit 501 may receive input of fault information for identifying a faulty node. The specified faulty node is, for example, stored to a similar node table 700 depicted in
In the following description, a group of nodes included in the structure are described as “group of nodes N1 to Nn”, and an arbitrary node among the group of nodes N1 to Nn is described as “node Ni” (i=0, 1, . . . , n). A faulty node specified from the structure is described as “faulty node TgN”, except when the faulty node is referred to by a specific denotation.
The faulty node ID is an identifier for identifying the faulty node TgN among the group of nodes N1 to Nn. The first similar node ID is an identifier for identifying a first similar node similar to the faulty node TgN. The second similar node ID is an identifier for identifying a second similar node similar to the faulty node TgN. The third similar node ID is an identifier for identifying a third similar node similar to the faulty node TgN.
The first, the second, and the third similar nodes are similar-nodes that are classified by similarity levels B1 to B3 according to similarity to the faulty node TgN. The magnitudes of the similarity levels B1 to B3 representing the levels of similarities between the first, the second, and the third similar nodes and the faulty node TgN are defined as “B1>B2>B3”, where a similarity level of a larger value indicates greater similarity to the faulty node TgN.
For example, when the faulty node N3 is specified, “N3” is entered into the faulty node ID item in the similar node table 700, and the similar node information 700-1 is stored as a new record. The similar node table 700 is realized by, for example, a memory device such as the RAM 403, the magnetic disk 405, and the optical disk 407.
In
Similar nodes are classified into multiple types according to similarity levels indicative of similarity to the faulty node TgN. Specifically, for example, the detecting unit 502 may detect from the structure, three types of similar nodes including the first, the second, and the third similar nodes. Specific contents of a detecting process will be described later with reference to
The generating unit 503 has a function of generating a scenario that includes sequences represented by a group of nodes on a path starting from a start node of the structure to a detected similar node. Specifically, for example, the generating unit 503 executes breadth first search from the start node of the structure to determine the depth di of each node Ni from the start node in the structure. The depth di is represented as the number of nodes included in the shortest path from the start node to the node Ni.
Subsequently, the generating unit 503 searches for a path from the similar node to the start node so that the depth di is determined to be small. The generating unit 503 then generates a string of sequences represented by a group of nodes Nq to Np given by reversely arranging the group of nodes Np to Nq included in a retrieved path, as a scenario for verifying a related fault.
In this manner, a scenario is generated as a scenario for verifying a fault in the sequence represented by the similar node, i.e., a related fault related to a fault occurring at the faulty node TgN. Specific contents of a generating process will be described later with reference to
The output unit 504 has a function of outputting the generated scenario. Specifically, for example, the output unit 504 may output the scenario written in XML. When outputting the scenario, the output unit 504 may output a scenario that is correlated with a similarity level indicative of the similarity to the faulty node TgN.
A specific example of the result of scenario output will be described later with reference to
In this example, the faulty node TgN is the node N3, which is excluded from being subject to similar node detection. Each of the similarity levels B1 to B3, for example, is set according to a similarity condition for determining similarity to the faulty node TgN (see
An example of detection of the first similar node having the similarity level B1 will first be described. The detecting unit 502 detects a node Ni representing the same sequence (MSC) as represented by the faulty node TgN, as the first similar node. Specifically, in
The XML description 311 is description that defines a group of instances included in the sequence Sq3 represented by the faulty node N3. The XML description 312 is description that defines messages transmitted/received between the instances.
In this example, instances A, X0, and B and messages E1, E2, and E0 included in a sequence Sq4 represented by a node N4 match those included in the sequence Sq3 and all attribute values (from, to, fromseq, and toseq) of each of the messages E1, E2, and E0 also match. This means that bMSC information 810 of the node N4 has XML descriptions 811 and 812 matching the XML descriptions 311 and 312.
As a result, the detecting unit 502 detects the node N4 from among the group of nodes N0 to N7, as the first similar node. The first similar node detected for the faulty node N3 is, for example, set in the similar node information 700-1 in the similar node table 700 depicted in
An example of detection of the second similar node having the similarity level B2 will be described. In the following description, a message that is to be corrected because of a fault is described as “message TgM”, and an instance that is an executor of the message TgM is described as “instance TgI”. A message sequence for the instance TgI is described as “message sequence TgMS”. A message sequence represents the order of execution of a group of events executed by an instance.
The detecting unit 502 detects a node Ni that includes the same instance TgI as the instance TgI in the faulty node TgN. When a message sequence for the instance TgI in the node Ni is the same as the message sequence TgMS for the instance TgI in the faulty node TgN, the detecting unit 502 detects the node Ni as the second similar node.
For example, in
Subsequently, the detecting unit 502 detects an XML description matching in the direction (from/to) and the order (fromseq/toseq) of a message having the instance TgI at “from” and “to”. In other words, the detecting unit 502 detects the node Ni having an XML description matching a description of portions encompassed by dotted lines in the XML description 312 of the faulty node N3. In this example, a description of portions encompassed by dotted lines in an XML description 822 of the node 5 matches the description of the portions encompassed by dotted lines in the XML description 312.
As a result, the detecting unit 502 detects from among the group of nodes N0 to N7, the node N5 as the second similar node. The second similar node detected for the faulty node N3 is, for example, set in the similar node information 700-1 in the similar node table 700. Specifically, in
An example of detection of the third similar node with the similarity level B3 will be described. The detecting unit 502 detects a node Ni that includes the same instance TgI as the instance TgI that is the executor of the fault-causing message TgM. When a message of the instance TgI in the detected node Ni is the same as the message TgM of the instance TgI in the faulty node TgN, the detecting unit 502 detects the node Ni as the third similar node.
For example, in
Subsequently, the detecting unit 502 detects an XML description of the same message as the message TgM of the instance TgI (matching in message name, from, and to). In other words, the detecting unit 502 detects a node Ni having an XML description matching an XML description 315 of the faulty node N3. In this example, an XML description 832 of the node N7 matches the XML description 315.
As a result, the detecting unit 502 detects from among the group of nodes N0 to N7, the node N7 as the third similar node. The third similar node detected for the faulty node N3 is, for example, set in the similar node information 700-1 in the similar node table 700. Specifically, in
A case of generating a scenario for verifying the occurrence of a fault at the similar node N4 will be described.
In
The generating unit 503 then generates a row of nodes (group of nodes N0, N1, N2, and N4) given by reversely arranging a group of nodes N4, N2, N1, and N0 included in the retrieved path P1, as a scenario S1 for verifying a similar fault. In other words, the generating unit 503 generates the scenario S1 for executing sequences represented by the nodes N0, N1, N2, and N4 in the order of “node N0→node N1→node N2→node N4”. The result of scenario generating is stored, for example, in a scenario database (DB) 1100 depicted in
The similarity level is an index value indicative of a level of similarity to the faulty node TgN. The scenario is scenario data for verifying a related fault described in XML. The scenario DB 1100 is realized by, for example, a memory area as such in the RAM 403, magnetic disk 405, and optical disk 407.
The XML description 1210 represents the scenario S1 for executing the sequences represented by the nodes N0, N1, N2, and N4 in the order of “node N0→node N1÷node N2→node N4”. The XML description 1220 represents a scenario S2 for executing sequences represented by nodes N0, N1, N2, and N5 in the order of “node N0→node N1-÷node N2→node N5”. The XML description 1230 represents a scenario S3 for executing sequences represented by nodes N0, N6, and N7 in the order of “node N0→node N6→node N7”.
According to the scenario information 1200, a scenario including a similar sequence having a high level of similarity to a sequence in which a fault occurred (scenario S1) is executed preferentially at verification, thereby improving the possibility of finding a related fault at an early stage, verification quality, and shortening the time consumed for verification work.
Input of the group of scenarios is waited for (step S1310: NO). When the group of scenarios has been input (step S1301: YES), the output unit 504 displays on the display 408, the specifying screen 610 for specifying the faulty node TgN (step S1302). The input unit 501 then determines whether specification of the faulty node TgN has been received (step S1303).
Specification of the faulty node TgN is waited for (step S1303: NO). When the faulty node TgN has been specified (step S1303: YES), the detecting unit 502 executes a similar-node detecting process of detecting a similar node similar to the faulty node TgN (step S1304). The specified faulty node TgN is stored in the similar node table 700 of
The generating unit 503 then executes a scenario generating process of generating a scenario for verifying the occurrence of a related fault related to a fault occurring at the design under verification (step S1305). Finally, the output unit 504 outputs the generated scenarios to the faulty node TgN, in descending order of similarity level (step S1306), and a series of operations of the flowchart comes to an end.
In this manner, a scenario for verifying a fault in a sequence represented by a similar node to the faulty node TgN, i.e., a related fault related to a fault occurring at the faulty node TgN is generated automatically.
As depicted in
If the node Ni is not the faulty node TgN (step S1403: NO), the detecting unit 502 determines whether the node Ni and the faulty node TgN have the same MSC (step S1404). If the nodes have the same MSC (step S1404: YES), the detecting unit 502 enters the node Ni in the first similar node ID item for the faulty node TgN in the similar node table 700 (step S1405).
The detecting unit 502 then increments i by 1 (step S1406), and determines whether “i>n” is satisfied (step S1407). If “in” is satisfied (step S1407: NO), the procedure returns to step S1402. If “i>n” is satisfied (step S1407: YES), the procedure proceeds to step S1305 of
If the node Ni is the faulty node TgN at step S1403 (step S1403: YES), the procedure proceeds to step S1406.
If the node Ni does not have the same MSC as that of the faulty node TgN at step S1404 (step S1404: NO), the detecting unit 502 determines whether the node Ni has the instance TgI (step S1408). The instance TgI is the instance that is the executor of a fault-causing event (message).
If the node Ni does not have the instance TgI (step S1408: NO), the procedure proceeds to step S1406. If the node Ni has the instance TgI (step S1408: YES), the detecting unit 502 determines whether a message sequence for the instance TgI in the node Ni matches the message sequence TgMS for the instance TgI in the faulty node TgN (step S1409).
If the message sequences match (step S1409: YES), the detecting unit 502 enters the node Ni in the second similar node ID item for the faulty node TgN in the similar node table 700 (step S1410).
If the message sequences do not match (step S1409: NO), the detecting unit 502 determines whether a message of the instance TgI in the node Ni matches the message TgM of the instance TgI in the faulty node TgN (step S1411).
If the messages match (step S1411: YES), the detecting unit 502 enters the node Ni in the third similar node ID item for the faulty node TgN in the similar node table 700 (step S1412), after which the procedure proceeds to step S1406. If the messages do not match (step S1411: NO), the procedure proceeds to step S1406.
In this manner, three types of similar nodes including the first, the second, and the third similar nodes can be detected according to the similarity levels B1, B2, and B3 indicative of similarity to the faulty node TgN.
As depicted in the flowchart of
If a similar node Nj has been selected from the first similar node ID item (step S1503: YES), the generating unit 503 searches for a group of nodes Np to Nq in a direction in which the depth dj from the similar node Nj is determined to be small in the structure (step S1504).
The generating unit 503 then generates, as a scenario, a string of sequences represented by the group of nodes Nq to Np given by reversely arranging the retrieved group of nodes Np to Nq (step S1505). The generated scenario is stored to the scenario DB 1100 depicted in
Subsequently, the generating unit 503 determines whether a similar node Nj not selected from the similar node table 700 is present (step S1506). If an unselected similar node is present (step S1506: YES), the procedure returns to step S1502.
If a similar node Nj has not been selected from the first similar node ID item at step S1503 (step S1503: NO), the generating unit 503 selects a similar node Nj from the second similar node ID item for the faulty node TgN in the similar node table 700 (step S1507).
If a similar node Nj has been selected from the second similar node ID item (step S1508: YES), the procedure proceeds to step S1504. If a similar node Nj has not been selected from the second similar node ID item (step S1508: NO), the generating unit 503 selects a similar node Nj from the third similar node ID item for the faulty node TgN in the similar node table 700 (step S1509), after which the procedure proceeds to step S1504.
If an unselected similar node Nj is not present at step S1506 (step S1506: NO), the procedure proceeds to step S1306 of
In this manner, scenarios including sequences represented by the first, the second, and the third similar nodes can be generated in descending order of similarity level with respect to the faulty node TgN, the order of which is the similarity levels B1, B2, and B3.
As described above, the present embodiment enables automatic generation of a scenario that includes sequences represented by a group of nodes on a path starting from the start node N0 to a similar node similar to the faulty node TgN in a structure expressing a group of scenarios for a design under verification. This allows automatic generation of a scenario for verifying a fault in a sequence represented by the similar node, i.e., a related fault related to a fault occurring at the faulty node TgN.
The present embodiment enables the detection of a node, as the first similar node, representing the same sequence as represented by the faulty node. The present embodiment also enables detection of a node Ni, as the second similar node, that includes the instance TgI having the same message sequence as the message sequence TgMS of the instance TgI in the faulty node TgN. The present embodiment further enables the detection of, as the third similar node, the node N3, which includes the same instance TgI as the instance TgI in the faulty node TgN. This allows detection of a plurality of types (three) of similar nodes having different levels of similarity (e.g., similarity levels B1 to B3) to the faulty node TgN.
The present embodiment enables the generation of a scenario that includes sequences represented by the first, the second, and the third similar nodes in descending order of similarity level with respect to the faulty node TgN, the order of which is the similarity levels B1, B2, and B3. As a result, a scenario including a similar sequence with a high level of similarity to a sequence in which a fault is occurring is executed preferentially. This improves the possibility of finding a related fault at an early stage, thereby improving verification quality and shortening the time consumed for verification work. A verifier has no need of determining the order of execution of a group of scenarios, thereby eliminating an erroneous determination by the verifier and reducing the burden on the verifier.
The verification method described in the present embodiment may be implemented by executing a prepared program on a computer such as a personal computer and a workstation. The program is stored on a computer-readable non-transitory medium such as a hard disk, a flexible disk, a CD-ROM, an MO, and a DVD, read out from the recording medium, and executed by the computer. The program may be a transmission medium that can be distributed through a network such as the Internet.
The embodiment offers an effect of improving the comprehensiveness of verification related to software or hardware.
All examples and conditional language recited herein are intended for pedagogical purposes to aid the reader in understanding the invention and the concepts contributed by the inventor to furthering the art, and are to be construed as being without limitation to such specifically recited examples and conditions, nor does the organization of such examples in the specification relate to a showing of the superiority and inferiority of the invention. Although the embodiment of the present invention has been described in detail, it should be understood that the various changes, substitutions, and alterations could be made hereto without departing from the spirit and scope of the invention.
Number | Date | Country | Kind |
---|---|---|---|
2009-276767 | Dec 2009 | JP | national |