CN101894072B - Method for detecting abnormal termination during model detection - Google Patents
Method for detecting abnormal termination during model detection Download PDFInfo
- Publication number
- CN101894072B CN101894072B CN201010230743XA CN201010230743A CN101894072B CN 101894072 B CN101894072 B CN 101894072B CN 201010230743X A CN201010230743X A CN 201010230743XA CN 201010230743 A CN201010230743 A CN 201010230743A CN 101894072 B CN101894072 B CN 101894072B
- Authority
- CN
- China
- Prior art keywords
- state
- variable
- model
- trapping
- trap
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention discloses a method for detecting abnormal termination during model detection. In the method, a counter example path is generated and recorded by constructing E', describing the E' and performing a model detection process. The counter example path provides detail execution steps for an extended finite state machine (EFSM) model under a variable configuration corresponding to the EFSM model, and the latest part of the counter example path provides information of a terminable state in a trap state. According to logic expressed by the EFSM model, whether a termination state under the variable configuration is the terminable state can be easily determined. If the termination state under the variable configuration is not the terminable state, an abnormal termination phenomenon in the terminable state is detected under the corresponding variable configuration; and if the termination state under the variable configuration is the terminable state, the abnormal termination phenomenon in the terminable state is not detected. Therefore, the detection method provided by the invention realizes the detection of the abnormal termination phenomenon.
Description
Technical field
The present invention relates to abortive detection method in a kind of model detection; This method detects based on the temporal logic model; Belong to EFSM model and temporal logic model detection range, wherein, ESFM (Extended Finite State Machine) is the extended finite state automat.
Background technology
Finite-state automata (Finite State Machine, FSM) model is a kind of important descriptive tool in the computer realm, it can be described a lot of logical organizations in the computer system.Yet the FSM model can only carry out modeling to the control stream of system.Extended finite state automat (EFSM) is expanded FSM, has comprised some built-in variables, has operated and be defined in the decision condition on the built-in variable.Therefore, the EFSM model has stronger descriptive power than FSM model, particularly aspect description of data stream.At present, the EFSM model is widely used in fields such as telecommunications, embedded system, software development and test, and many modelling verification instruments (like UPPAAL and Spin) are all supported the EFSM model.In general, the EFSM model has very high research and practical value.
EFSM is a kind of special Mealy machine.In the EFSM model, the codomain of built-in variable is limited often.A state transition t (t ∈ T) can be defined as tuple (s, x, y, g, op, e), wherein:
● s and e are respectively initial state and the final states of t;
● g is the migration decision condition that is defined on the variable;
● x and y represent the input and output symbol respectively;
● the sequence of operation that op is made up of simple output or assignment.
The prerequisite that state transition is carried out is that migration decision condition g is true.Wherein, the decision condition of a state transition is uncertain, promptly has decision condition or does not have decision condition.If in a definite EFSM model, for the aleatory variable configuration, there is a state transition to carry out at most from free position, claim that then this EFSM model is definiteization.
Figure of description 1 has provided an EFSM model instance that comprises 4 states and 8 state transitions.In the EFSM illustraton of model, state is represented with circle, the final state of the STA representation automat of the two circles of band, and promptly automat can stop at the state place of the two circles of band.The initial state of state transition and final state represent that with the line of band arrow the arrow indication is the final state of this state transition, and the arrow tail is the initial state of this state transition, and other element is labeled in the line next door (label that is called state transition) of band arrow.Wherein, the label of state transition has " incoming symbol, decision condition/output symbol, operation " form, and decision condition all can be sky with operation and can be left in the basket.Label " a, w≤4/x, w:=w+1 " expression is as state s
2When incoming symbol a and satisfied " w≤4 " (w is a built-in variable), will be transformed into state s
4, and output symbol x and execution " w:=w+1 " operation.The present invention does as giving a definition: if certain state can be used as the final state of automat, but claim that then this state is the final state of automat.Yet the pairing final state of different list entries possibly be different, but promptly automat can only stop under the part final state under definite variable configuration.For example, in accompanying drawing 1, the final state that list entries " a, b " is corresponding is s
4, and the corresponding final state of list entries " a, b, b " is s
3
Figure of description 2 has provided other a kind of expression form of EFSM model.Wherein, this kind expression form is no longer clearly specified incoming symbol.Generally speaking, this expression method is used for the verification of model to EFSM.In fact, in to EFSM verification of model process, the initial value of given all variablees, checking can be carried out along the associated pathway of EFSM model.Therefore, incoming symbol does not have practical significance in this process.In this method for expressing, output symbol is optional, then uses the output of " printf " statement if need to describe; If decision condition does not exist with operation simultaneously, then "/" symbol no longer exists.An instantiation using above-mentioned representation is model checking tools Spin.
The EFSM model has been introduced variable and has been defined in the operation on the variable, makes its descriptive power strengthen.Yet the behavior and the variable of state transition are interrelated, produce reciprocation through the operation in the migration between the state transition.Therefore, describe in the EFSM model of certain system and possibly have some branch hazards, operating collision.
Operating collision: be located in the EFSM model M s
iAnd s
jBe two states among the M, and from s
iTo s
jThere is a directed walk.If, claim that then there is operating collision in this path because of the operation of certain state transition on this path causes certain state transition decision condition in the path for false.
For example, in accompanying drawing 1, comprise e (s
1, s
2) to e (s
2, s
4) the path have operating collision.Possibly there are many limits (being state transition) from a state to another state, but under the situation that does not cause ambiguity, available e (s, e) limit of expression from state s to state e.
Branch hazard: be located in the EFSM model M s
iAnd s
jBe two states among the M, and from s
iTo s
jThere is a directed walk.If, then claim this path existence condition conflict because of there being the state transition decision condition of conflict on this path.
The present invention no longer provides the instance of branch hazard.Branch hazard and operating collision are referred to as conflict, exist the path of conflict to be called the conflict path.The main embodiment in conflict path is that the EFSM model can not carry out state exchange according to set execution route under certain variable configuration.
It is a kind of formalization verification method that is proposed by people such as Clark the earliest that model detects, and it can effectively be verified system with less cost.The basic thought that model detects is through (expansion) finite-state automata model representation system action H, with logical formula F descriptive system character, whether satisfies F through formalization method checking H then.If the property of system is not being met, then returns corresponding information and the counter-example path (being test case) of violating corresponding properties is provided.This shows that except system being carried out the robotization checking and analyzing, the test case that another important application that model detects provides the high automation degree generates.In this test case generative process, at first utilize logical formula to describe testing requirement, this description can be described as trap community.The expectation attribute of trap community and appointment is opposite, and for example, if expectational model can arrive certain state, then trap community can represent that this state is inaccessible.On the basis of the above, lure that model detects generation counter-example path, promptly is met the test case of testing requirement into.
At present, the most frequently used model detection technique is that the temporal logic model detects.Difference according to the temporal logic type; Can the temporal logic model be detected and be divided into based on linear temporal logic (Linear-timeTemporal Logic; TLT) model detects (being also referred to as linear temporal logic model detects) and (Computation Tree Logic, model CTL) detects based on the computation tree logic.The model detection technique is applied to fields such as communication protocol, parallel system and aviation design in the world, has important research and using value.Typically the model checking tools based on LTL comprises NuSMV and Spin etc., and typically the model checking tools based on CTL comprises UPPAAL etc.
Summary of the invention
But therefore the present invention is directed to the final state abnormal termination phenomenon and can't a kind of method that can detect abnormal end in the model detection be provided by the problem of model checking tools discovery.
The present invention adopts following technical scheme:
Abortive detection method during this invention model detects, this detection method be based on the temporal logic model checking method, and it is characterized in that it may further comprise the steps:
1) a given ESFM model to be detected is designated as E, and the temporal logic model checking tools that adopts, and is designated as M;
2) in E, increase by two trapping states and the corresponding trap migration of two trapping states with this increase, the model that increases after trapping state and trap move is designated as E ';
3) according to the descriptive language that M provided E ' is described, and in description, add trap Boolean variable and trap community, generate to detect and describe;
4) list among the E ' variable configuring condition still to be tested, then successively under each variable configuring condition to be verified execution model detect and the counter-example path and the variables corresponding configuring condition thereof of record output;
5) but whether final state abort phenomenon takes place under this variable configuration according to counter-example path that step 4) write down and the checking of variables corresponding configuring condition thereof: but the final state information during the entering trapping state that provides according to the last part in counter-example path; But watch this variable configuration final state down and whether not should be above-mentioned final state, if but then explain under relevant variable disposes and detected the final state abnormal termination phenomenon; Otherwise, but explain and do not detect the final state abnormal termination phenomenon.
Abortive detection method in detecting according to the model of technical scheme of the present invention is explained at first that a drag testing process is actually in the program process of carrying out descriptive model, to realize.Generally, if said procedure can't implement at last, explain that then there is improper termination mistake in model to be detected.Yet the non-decline of some of said procedure also possibly be normal dwell section.In order to represent the non-last fair termination that implements, the model trace routine need be added " end " label in appropriate section, but this label is corresponding with final state.In the model testing process under certain variable configuring condition; But should not be when the final state of this termination through one; There is following possible abnormal termination phenomenon: have reasons such as conflict path during owing to descriptive model; But cause the state exchange that to expect from this final state, thereby but cause stopping in this final state.But deserving to be called and stating abnormal end is final state abnormal end.Yet according to the existing technology of model trace routine, but after above-mentioned final state has been added " end " label, above-mentioned said abnormal termination phenomenon can't be detected.
But the problem that can't be found by model checking tools to the final state abnormal termination phenomenon, but the method for detection final state abnormal occurrence provided by the invention through structure E ' it is described and the execution model testing process, generate counter-example path and record.The counter-example path has provided the EFSM model in its corresponding variable configuration detailed execution in step down, but and the final state information of its decline when having provided the entering trapping state.The logic expressed according to the EFSM model, but confirm easily whether the final state under this variable configuration should be above-mentioned final state., but then explain under relevant variable disposes and detect the final state abnormal termination phenomenon if but this variable configuration final state down not should be above-mentioned final state; Otherwise, but explain and do not detect the final state abnormal termination phenomenon.Thereby, realized the detection of abnormal termination phenomenon through detection method provided by the invention.
Abortive detection method during above-mentioned model detects, said ESFM model to be detected are the model that any mistake was verified and do not found to testing tool that use is adopted.
Abortive detection method during above-mentioned model detects, said testing tool is preferably Spin.
Preferably, but in two trapping states of said increase one is the final state of E, is called the termination trapping state, and another is the nonfinal state of E, is called the nonterminal trapping state.To the existence one bar state migration that stops trapping state, decision condition is not established in this state transition from the nonterminal trapping state, and its operation is composed falsity to the trap Boolean variable.
Preferably, after increasing by two trapping states and corresponding trap migration of two trapping states with this increase, all satisfy the automat final state of following condition simultaneously among the E but will find: a) existence is from the state transition of this state; B) box-like untrue from the migration decision condition of this state for forever.But and then all automat final states composition set A that find; And each the state a among the A done following the processing: add a state transition from state a to the nonterminal trapping state with state transition decision condition label, and this decision condition for from the migration decision condition of a box-like negate.Newly-increased state transition is called the trap migration.
Preferably; Said trap Boolean variable is one to be different from the newly-increased global variable of all variablees among the E, is designated as p, and its initial value is true; And " p:=false " label for labelling is from the trap between two trapping states migration, when representing that this migration is carried out with false to the p assignment.
Preferably, after the model testing process under a kind of variable configuring condition is accomplished, to provide this variable configuring condition drag and detect the sign of accomplishing.
Preferably, when the variable configuration space among the E ' comprises greater than the configuration of 1 variable, uses a file that variable is disposed and store.
Preferably, when using said file storage, variable configuration of every behavior, the variable in each row separates with the space, and each row is according to each variable of predesigned order storage.
Preferably, when certain variable configuration down during detection model process output counter-example path, break detection is also exported the row number in the file that this variable is configured in the storage of variables configuration, so that record counter-example path and corresponding variable configuration thereof; And when continue to carry out detecting, the variable configuration before the said row number is deleted.
Description of drawings
Below in conjunction with Figure of description technical scheme of the present invention is done further to set forth, wherein:
Fig. 1 is the EFSM model example of tape input/output symbol.
Fig. 2 is the EFSM model example of not tape input symbol.
But Fig. 3 is the final state abnormal end detection method framework in the detection of temporal logic model.
Fig. 4 is trapping state and the trap migration example corresponding with Fig. 2.
Embodiment
To combine instance that the present invention is specified below.
But Figure of description 3 has provided a kind of abortive method frame of final state that in the model testing process, detects, and concrete steps are following:
Step 1: a given extended finite state automaton model (ESFM) to be detected, be designated as E, and the temporal logic model checking tools that adopts, be designated as M.
This step indication extended finite state automaton model to be detected refers to pass through the model that normal model detects, and promptly when using the model checking tools that adopts to verify, does not find any mistake.Typically the model checking tools based on temporal logic comprises Spin, UPPAAL and NuSMV etc.Wherein, Spin is the earliest by a product of increasing income of Bell development in laboratory.2002, this software was authorized calendar year 2001 degree ACM " Software System Awards " (software that is honored all has very high influence power, like Java).Characteristics such as that Spin has is simple for structure, automaticity height, thus enjoy the relevant industries personnel to pay close attention to.Therefore, Spin is the preferential a kind of temporal logic model checking tools that adopts of this programme.
Step 2: in E, increase by two trapping states and the corresponding trap migration of two trapping states with this increase, the model that increases after trapping state and trap move is designated as E '.
Introduce the term that some these parts relate to below.If exist and (be made as the state transition of s), and these state transitions be designated as " t from a state
1, t
2..., t
m" (m is all the state transition quantity from s), t
iCorresponding decision condition is c
i(1≤i≤m), then claim the conjunction " c of these decision conditions
1∨ c
2∨ ... ∨ c
m" for box-like from the migration decision condition of s.This programme is further introduced trapping state and trap migration notion on this basis.In the method that this programme proposed, be the conflict path of finding possibly exist in the EFSM model, newly-increased two states claim that these two states are trapping state.In above-mentioned two trapping states, but one be the final state of automat, be called the termination trapping state; Another is a nonfinal state, is called the nonterminal trapping state.In addition, be the conflict path of finding possibly exist in the EFSM model, the present invention introduces trap migration notion.
The detailed step that in the EFSM model E, increases trapping state and trap migration is following:
1) increases by two trapping states and (be designated as T
1And T
2) and one from T
1To T
2State transition (this state transition be a trap migration), this state transition does not have decision condition, and it is operating as p is composed falsity operation, i.e. p:=false, or p:=0;
2) but find that all satisfy the automat final state of following condition simultaneously in the EFSM model: a) have state transition from this state; B) box-like untrue from the migration decision condition of this state for forever;
3) establish 2) in all states of finding form set A, then each state among the A (being made as a, a ∈ A) is done to handle as follows: from state a to trapping state T
1Add bar state migration (this state transition is a trap migration), its state transition label has decision condition, and this decision condition is for negating (promptly from the migration decision condition box-like (being made as c) of a
).
Next above-mentioned steps is done further explanation.1) step in, T
2But be final state, T
1Be nonfinal state.2) in, the migration decision condition is box-like not to make this logical formula for false for some variable assignments of true respresentation existence forever.Accompanying drawing 4 has provided this part-structure figure corresponding with accompanying drawing 2.
Step 3: the descriptive language that is provided according to the temporal logic model checking tools is to model E ' describe, and in description, adds trap Boolean variable and trap community.Generate to detect and describe.
The different model testing tool possibly provide different EFSM model description methods.NuSMV uses the SMV program that model is described, and a SMV program is made up of one or more modules.In Spin, the EFSM model uses the promela language to describe.The main design object of promela language provides the description to system model, so its grammer is simple relatively.The EFSM model is described the logic that is meant the EFSM model tormulation to be described with the language that model checking tools provided.Discern some necessary informations for the convenience of the user, in description, need to add some additional prompt information, the additional description of this type does not constitute influence to the correctness of EFSM model.As an instance, below code segment 1 provide the pairing promela language description of EFSM model shown in Figure 2 code segment.It is pointed out that to detect to describe and do not comprise the black matrix part in the code segment 1.
proctype?efsm(int?u,v,w,z)
{
if
::(u>2)->printf(″1″);
::(u<2)->end:w=u;z=3
::(u==2)->goto?L2
fi;
L1:if
::(w<=1)->printf(″end");goto?L4
:: (w>1)->goto L3//trap migration
fi;
L2:if
::(w<=1)->printf(″1″);goto?L1
:: (w>1)->goto L3//trap migration
fi;
L3:p=0;
L4:
Printf (" the procedure ends ") // additional information
}
Init{ // variable is configured in this init{} and carries out
int?v1,v2,v3,v4=0;
run?efsm(v?1,v2,v3,v4);
}
This part increases an overall Boolean variable newly, is designated as p, makes this variable be different from global variable and the local variable that exists in all EFSM models, and the initial value of this variable is true, is designated as: p:=true, or p:=1.Above-mentioned Boolean variable is called the trap Boolean variable, and it will partly define in the beginning in the description to be detected.
When the model checking tools used based on linear temporal logic, trap community can be used formula
expression." p " expression p is true always;
representes that then p is not always very, and promptly having p is false situation.Because model detects user mode limit algorithm search state space, and if only if ends at the trap migration that stops trapping state T2 when being performed at least one time, and p be vacation.When the model checking tools used based on CTL; Trap community can be used formula
expression; The meaning of its expression is identical with
, all expressions " p is not total for true ".
In above-mentioned code segment 1, the black matrix except that the init{} statement block partly is the resulting description of this step.Wherein,
command conversion of
available Spin instrument is following code:
Step 4: list among the E ' variable configuring condition still to be tested, and execution model testing process under each variable configuring condition to be verified successively, and the counter-example path and the variables corresponding configuring condition thereof of record output.
In the EFSM model, there are some variable configurations.If the argument table in the EFSM model is shown " v
1, v
2..., v
k", the codomain of variable vi is V
i, the configuration of variable available (v '
1, v '
2..., v '
k) expression, wherein v '
i∈ V
i, variable configuration space size does
In method proposed by the invention, the variable configuration space to be verified in the variable configuration space is conducted interviews, and under this configuration, carry out the model testing process of EFSM model.It is to be noted that variable configuration space to be verified can be a variable configuration space itself, also can be the part of variable configuration space.
If under certain variable configuration, the model testing process is not exported the counter-example path, but explain that then the EFSM model does not have the final state abnormal termination phenomenon under this variable configuration.But if can not be along the migration conversion of existing band decision condition under a final state, the trap migration meeting in the step 2 be taken automat to trapping state, and can detect this phenomenon through the help of trap community.Therefore, but comprise the final state abnormal termination phenomenon as if the EFSM model, then model detects output counter-example path.
It is to be noted; In order to distinguish the model detection case under each variable configuration; After a kind of variable configuration model testing process is down accomplished, provide this variable allocation models and detect the information of accomplishing, as: the information the printf statement output " variable disposes X and accomplished checking " can be used.
In the code segment 1 that step 3 provides, variable is configured in the init{} and carries out.For the sake of simplicity, in code segment 1, only provided a kind of situation of variable configuration.As an example, provide below when using a model testing tool Spin, the code segment 1 that provides in the step 3 is carried out the testing process that model detects.Corresponding model testing process execution and result thereof are following:
[zhangxclocalhost~]$?spin-a?exam
[zhangxclocalhost~]$?cc-o?pan?pan.c
[zhangxclocalhost~]$./pan-a
warning:for?p.o.reduction?to?be?valid?the?never?claim?mustbe?stutter-invariant
(never?claims?generated?from?LTL?formulae?arestutter-invariant)
pan:acceptance?cycle(at?depth?16)
pan:wrote?exam.trail
(Spin?Version?5.2.4--2?December?2009)
Warning:Search?not?completed
+Partial?Order?Reduction
Full?statespace?search?for:
never?claim+
assertion?Vio1ations+(if?within?scope?of?claim)
acceptance?cycles+(fairness?disabled)
invalid?end?states-(disabled?by?never?claim)
State-Vector?56?byte,depth?reached?17,
…
Note being added in the above-mentioned execution result black part and represent to detect a mistake.This wrong counter-example path that produces can with as issue orders and check:
The counter-example path is checked
[zhangxclocalhost~]$?spin-t-p?exam
Starting:init:with?pid?0
Starting:never:witth?pid?1
Never?claim?moves?to?line?34[(p)]
Starting?efsm?with?pid?2
2:proc?0(:init:)line?26″exam″(state?1)
4:proc?1(efsm)line 8″exam″(state?3)
6:proc?1(efsm)line 8″exam″(state?4)<valid?end?state>
8:proc?1(efsm)line 8″exam″(state?5)
10:proc?1(efsm)line?12″exam″(state?10)
end?10:proc?1(efsm)line 12″exam″(state
11)[printf(’end’)]
the?procedure?ends?12:proc?1(efsm)line?21
″exam″(state?25)[printf(’the?procedure?ends’)]
14:proc?1terminates
16:proc?0terminates
…
Superincumbent counter-example path is checked among the result, adds the series of steps that the blackboard branch has provided the mistake generation that causes.
When variable configuration space to be verified comprises greater than the configuration of 1 variable, uses a file to variable configuration store, in order to when detecting next time, can the variable configuration deletion that had detected being kept the variable of not verifying simultaneously and dispose.Above-mentioned file is designated as configuration file to be verified.When using configuration file stores to be verified, variable configuration of every behavior, the variable in each row separates with the space, and each row is according to each variable of graded storage.In the present invention, variable configuration space to be verified is designated as C.Provide the concrete execution algorithm of this part below:
1. reading of data in configuration space file to be verified, and accomplish the variable configuration space C of checking as yet with array conf [l] [n] storage, wherein, l is this model detection variable number of configured to be verified, n is a variable quantity;
2. variable i of initialization, i=0;
3.While(i<k){
4. execution model testing process under the configuration of variable that conf [i] [n] is stored;
(5.if the generation of no counter-example path) {
6.i:=i+1;
7.}else{
8.printf(“current?configuration:”,i+1);
9.break;
10.}
11.}
In above-mentioned algorithm, configuration space to be verified is represented with two-dimensional matrix.When in certain variable configuration drag testing process output counter-example path, break detection is also exported the row number that this variable is configured in variable configuration file to be verified, so that record counter-example path and corresponding variable configuration thereof.If need to continue carry out, then in variable configuration file to be verified, will export variable before the row number and dispose and delete, execution in step four then.
Step 5: write down generation counter-example path and variables corresponding configuring condition thereof according to step 4, but whether checking under this variable configuration the final state abnormal termination phenomenon takes place.
The counter-example path has provided the EFSM model in its corresponding variable configuration detailed execution in step down, but and the final state information of its decline when having provided the entering trapping state.The logic expressed according to the EFSM model, but confirm easily whether the final state under this variable configuration should be above-mentioned final state., but then explain under relevant variable disposes and detect the final state abnormal termination phenomenon if but this variable configuration final state down not should be above-mentioned final state; Otherwise, but explain and do not detect the final state abnormal termination phenomenon.
Claims (7)
1. abortive detection method during a model detects, this detection method be based on the temporal logic model checking method, and it is characterized in that it may further comprise the steps:
1) a given ESFM model to be detected is designated as E, and the temporal logic model checking tools that adopts, and is designated as M;
2) in E, increase by two trapping states and the corresponding trap migration of two trapping states with this increase, the model that increases after trapping state and trap move is designated as E ';
3) according to the descriptive language that M provided E ' is described, and in description, add trap Boolean variable and trap community, generate to detect and describe;
4) list among the E ' variable configuring condition still to be tested, then successively under each variable configuring condition to be verified execution model detect and the counter-example path and the variables corresponding configuring condition thereof of record output;
5) but whether final state abort phenomenon takes place under this variable configuration according to counter-example path that step 4) write down and the checking of variables corresponding configuring condition thereof: but the final state information during the entering trapping state that provides according to the last part in counter-example path; But watch this variable configuration final state down and whether not should be above-mentioned final state, if but then explain under relevant variable disposes and detected the final state abnormal termination phenomenon; Otherwise, but explain and do not detect the final state abnormal termination phenomenon;
But one in two trapping states of wherein said increase is the final state of E; Be called the termination trapping state; Another is the nonfinal state of E, is called the nonterminal trapping state, moves to existence one bar state that stops trapping state from the nonterminal trapping state; Decision condition is not established in this state transition, and its operation is composed falsity to the trap Boolean variable;
After increasing by two trapping states and corresponding trap migration of two trapping states with this increase, all satisfy the automat final state of following condition simultaneously among the E but will find: a) existence is from the state transition of this state; B) box-like untrue from the migration decision condition of this state for forever; But and then all automat final states composition set A that find; And each the state a among the A done following the processing: add a state transition from state a to the nonterminal trapping state with state transition decision condition label, and this decision condition for from the migration decision condition of a box-like negate; Newly-increased state transition is called the trap migration.
2. abortive detection method during model according to claim 1 detects is characterized in that: said ESFM model to be detected is the model that any mistake was verified and do not found to testing tool that use is adopted.
3. abortive detection method during model according to claim 1 detects; It is characterized in that: said trap Boolean variable is one to be different from the newly-increased global variable of all variablees among the E; Be designated as p; Its initial value is true, and " p:=false " label for labelling is in the trap between two trapping states migration, when representing that this migration is carried out with false to the p assignment.
4. abortive detection method during model according to claim 1 detects is characterized in that: after the model testing process under a kind of variable configuring condition is accomplished, will provide this variable configuring condition drag and detect the sign of accomplishing.
5. abortive detection method during model according to claim 4 detects is characterized in that: when the variable configuration space among the E ' comprises greater than 1 variable configuration, uses a file that variable is disposed and store.
6. abortive detection method during model according to claim 5 detects is characterized in that: when using said file storage, and variable configuration of every behavior, the variable in each row separates with the space, and each row is according to each variable of predesigned order storage.
7. abortive detection method during model according to claim 6 detects; It is characterized in that: when the detection model process is exported the counter-example path under certain variable configuration; Break detection is also exported the row number in the file that this variable is configured in storage of variables configuration, so that record counter-example path and corresponding variable configuration thereof; And when continue to carry out detecting, the variable configuration before the said row number is deleted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010230743XA CN101894072B (en) | 2010-07-20 | 2010-07-20 | Method for detecting abnormal termination during model detection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010230743XA CN101894072B (en) | 2010-07-20 | 2010-07-20 | Method for detecting abnormal termination during model detection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101894072A CN101894072A (en) | 2010-11-24 |
| CN101894072B true CN101894072B (en) | 2012-04-04 |
Family
ID=43103266
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010230743XA Expired - Fee Related CN101894072B (en) | 2010-07-20 | 2010-07-20 | Method for detecting abnormal termination during model detection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101894072B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102799517B (en) * | 2011-05-25 | 2015-03-11 | 中国科学院软件研究所 | Rapid circulating expansion detection method |
| CN106953843A (en) * | 2017-02-15 | 2017-07-14 | 江苏大学 | A kind of spreadability detection method of the access control rule based on NuSMV |
| CN107844415B (en) * | 2017-09-28 | 2021-02-05 | 西安电子科技大学 | Model detection path reduction method based on interpolation and computer |
| CN108681503B (en) * | 2018-03-23 | 2021-10-22 | 杭州电子科技大学 | Safety check method, device and equipment for programmable controller program |
| CN110309917B (en) * | 2019-07-05 | 2020-12-18 | 安徽寒武纪信息科技有限公司 | Verification method of off-line model and related device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040019457A1 (en) * | 2002-07-29 | 2004-01-29 | Arisha Khaled A. | Performance management using passive testing |
| CN100352204C (en) * | 2004-07-16 | 2007-11-28 | 北京航空航天大学 | Network invading alarm method based on finite state automation |
| CN101266550B (en) * | 2007-12-21 | 2011-02-16 | 北京大学 | Malicious code detection method |
-
2010
- 2010-07-20 CN CN201010230743XA patent/CN101894072B/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN101894072A (en) | 2010-11-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Huang et al. | Automated model checking and testing for composite web services | |
| US10915422B2 (en) | Automatic setting of multitasking configurations for a code-checking system | |
| US20130239098A1 (en) | Source code conversion method and source code conversion program | |
| Hegedüs et al. | Back-annotation of simulation traces with change-driven model transformations | |
| CN107644286A (en) | Workflow processing method and device | |
| CN109783346B (en) | Keyword-driven automatic testing method and device and terminal equipment | |
| CN101894072B (en) | Method for detecting abnormal termination during model detection | |
| US20180095861A1 (en) | Automated Test Generation for Structural Coverage for Temporal Logic Falsification of Cyber-Physical Systems | |
| CN109740122A (en) | The conversion method and device of mind map use-case file | |
| US11443168B2 (en) | Log analysis system employing long short-term memory recurrent neural net works | |
| US10970449B2 (en) | Learning framework for software-hardware model generation and verification | |
| US9524366B1 (en) | Annotations to identify objects in design generated by high level synthesis (HLS) | |
| CN102722610A (en) | Method and device for automatically generating coverage rate codes by flow chart | |
| CN110574005B (en) | Method and system for verifying software programs | |
| Jee et al. | FBDVerifier: Interactive and visual analysis of counter-example in formal verification of function block diagram | |
| Abid et al. | A Real-Time Specification Patterns Language | |
| CN115345600B (en) | RPA flow generation method and device | |
| CN102693128A (en) | Method, apparatus and computer program product for generating system specifications | |
| Jensen et al. | A proof of burns n-process mutual exclusion algorithm using abstraction | |
| CN112559359B (en) | S-based 2 ML security critical system analysis and verification method | |
| Rahim et al. | Recursive ECATNets‐based approach for formally verifying System Modelling Language activity diagrams | |
| CN112540744A (en) | Method for constructing embedded software system of industrial automation instrument | |
| CN106445524A (en) | SystemC code generation method based on model | |
| US20080082471A1 (en) | Resolve Trace Minimization | |
| CN109800155B (en) | Method and device for testing QTE interlocking application software based on Probe |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120404 Termination date: 20120720 |