The invention relates to a method and a system for ascertaining an overall fault description for at least one section of a computer program, and also to a computer product and a computer-readable storage medium.
Such a method and such a system are known from N. Leveson, “Safety Verification of ADA Programs Using Software Fault Trees”, IEEE Software, July 1991, pages 48–59, which discloses the practice of using computers to ascertain an overall fault description in the form of an overall fault tree for a computer program. For the computer program, a control flow description is ascertained in the form of a control flow graph. For various program elements of the computer program, a stored fault description associated with a respective stored reference element is used to ascertain an element fault description. The fault description for a reference element describes possible faults in the respective reference element. The element fault descriptions in the form of element fault trees are used to ascertain the overall fault description, taking into account the control flow graph for the computer program.
The method and the system taught by Leveson have the following drawbacks, in particular. The overall fault tree ascertained is incomplete in terms of the faults examined and the causes thereof, and is therefore unreliable. Hence, this practice is not appropriate for use within the context of generating fault trees for a computer program for safety-critical applications. The individual fault trees associated with the reference elements are also incomplete and hence unreliable.
M. Weiser, “Program Slicing”, in IEEE Transaction on Software Engineering, Vol. 10, No. 4, July 1984, pp. 352–357 provides an overview of “slicing”. Slicing is the analysis carried out when searching for causes of incorrect action in a computer program. This procedure involves checking whether the incorrect action has been caused by an instruction currently under consideration. If this is not the case, the instructions which deliver data for or control the execution of the instruction are checked. This method is continued until no further operations exist, that is to say it gets to input data for the computer program. In slicing, “slices” are ascertained. A slice shows which instructions are affected in what way by a value under consideration. Below, the term slicing is always understood to mean backwardly directed slicing.
P. Liggesmeyer, Modultest und Modulverifikation—State of the Art, Mannheim, Vienna, Zurich: BI Wissenschaftsverlag, 1990 discloses the practice of ascertaining a control flow description and a data flow description for a computer program. In Liggesmeyer, this representation is used as an initial basis for “data-flow-oriented testing” of the computer program. The instructions (nodes) of the control flow graph are assigned data flow attributes (data flow description) which describe the nature of the data access operations contained in the instructions of the computer program. A distinction is drawn between write access operations and read access operations. Write access operations are referred to as definitions (def). Read access operations are referred to as a reference. If a read access operation takes place in a decision, this access operation is referred to as a predicative reference (p-use, predicate use). A read access operation during calculation of a value is referred to as a computational reference (c-use, computational use).
DIN 25424-1: Fehlerbaumanalysen; Methoden und Bildzeichen, September 1981, which has a title that can be translated “Fault Tree Analyses; Methods and Graphic Symbols”, discloses principles relating to a fault tree. A fault tree is to be understood, as described in DIN 25424-1, to mean a structure which describes logical relationships between input variables for the fault tree which lead to a prescribed undesirable event.
In addition, DIN 25424-2: Fehlerbaumanalyse; Handrechenverfahren zur Auswertung eines Fehlerbaums, Berlin, Beuth Verlag GmbH, April 1990 which has a title that can be translated “Fault Tree Analysis; Manual Computation Methods for Evaluating a Fault Tree”, discloses various methods for fault tree analysis.