CN102184136B - Method for checking operation state and demand consistency of AADL (Architecture Analysis and Design Language) model - Google Patents

Method for checking operation state and demand consistency of AADL (Architecture Analysis and Design Language) model Download PDF

Info

Publication number
CN102184136B
CN102184136B CN201110109292.9A CN201110109292A CN102184136B CN 102184136 B CN102184136 B CN 102184136B CN 201110109292 A CN201110109292 A CN 201110109292A CN 102184136 B CN102184136 B CN 102184136B
Authority
CN
China
Prior art keywords
state
transition
demand
aadl
aadl model
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201110109292.9A
Other languages
Chinese (zh)
Other versions
CN102184136A (en
Inventor
王崑声
张辉
经小川
张刚
谢伟华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute No710 China Aerospace Science And Technology Corp
Original Assignee
Institute No710 China Aerospace Science And Technology Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute No710 China Aerospace Science And Technology Corp filed Critical Institute No710 China Aerospace Science And Technology Corp
Priority to CN201110109292.9A priority Critical patent/CN102184136B/en
Publication of CN102184136A publication Critical patent/CN102184136A/en
Application granted granted Critical
Publication of CN102184136B publication Critical patent/CN102184136B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a method for checking operation state and demand consistency of an AADL (Architecture Analysis and Design Language) model, which comprises the steps of: 1, constructing the AADL model according to state in demand and state transition, wherein mode and mode transition in the AADL model respectively correspond to the state in demand and the state transition; 2, converting the mode and the mode transition in the AADL mode into a Petri network model; 3, calculating an incidence matrix C of the Petri network mode; and 4, judging whether the operation state of the constructed AADL mode is consistent with the demand by using a state equation of the Petri network model. In the invention, the mode and the mode transition in the AADL model are mapped to place and transition in the Petri network model, and the Petri network model is used as a measured model, an accessible state set of the AADL model is calculated by combining with properties of the Petri network model and characteristics of the AADL model, therefore, the purpose of judging whether the operation state of the constructed AADL model is consistent to the demand is achieved, the correctness of the constructed AADL model is improved, the system building time is shortened, and the system building cost is saved.

Description

A kind of checking AADL model running state and the conforming method of demand
Technical field
The present invention relates to a kind of checking AADL model running state and the conforming method of demand,
Background technology
In recent years, be accompanied by the continuous increase of scale and the complexity of embedded software, its construction cycle and cost of development also sharply increase, also more and more higher to the requirement of NOT-function attribute.Traditional take the development approach that code is core and can not adapt to this trend, the emphasis of exploitation progressively advances to Stage from code level.Model-driven architecture method MDA (Model Driven Architecture) is exactly a kind of very promising software development methodology based on model being proposed by OMG.Use MDA software development methodology, system designer changes into demand in the design phase a kind of model of Formal Language Description, again system model is carried out to sufficient analysis verification, most of error and solution that may exist, the probability going wrong in the code that system model is generated automatically will reduce greatly, when there is change in system, regenerate code after only need to revising system model, MDA method has become the study hotspot in embedded software developing at present.The key problem of successful Application model driving development method is exactly that can model completely correctly reflect software requirement.The present invention proposes constructed system model running status and the conforming verification method of demand in a kind of software development process based on AADL model.
AADL (Architecture Analysis and Design Language, structure analysis and design language) the lower exploitation of the Shi Mechanic Engineer SAE of association (Society of Automotive Engineers) guidance, in the development approach based on model-driven, be most widely used at present.AADL by member abstract be software component, carry out 3 types of platform (hardware) and the components of a system, according to the interaction between member and member, the structure of application system is described and is analyzed, and support the description to embedded software NOT-function attribute.AADL model is also indifferent to concrete function and is realized, what describe is only system framework, thereby in architecture level, the NOT-function attribute of system is carried out to stipulations, be applicable to the embedded system that challenging resource constraint (as size, weight and power), strict requirement of real time and high-performance guarantee grade.
Towards the testing tool of AADL, mainly comprise at present the Open-Source Tools collection OSATE (open source AADL tool environment) of SEI exploitation, the global simulation instrument ADeS instrument of Axlog exploitation etc.OSATE provides modeling based on AADL and basic semantic test and Architecture Analysis etc., but the input and output connection etc. that lays particular emphasis on member in model checks and analyzes.It is target that the ADeS instrument of Axlog exploitation be take the global analysis of model, but also not support mode and pattern migration at present can only be carried out task analysis, not the running status of can completely verification system under originate mode.The Study on Test Method > > of the computer science disclosed < < of o. 11th AADL model in 2009 utilizes Markov chain model to test AADL model, to investigate the consistance of the model behavior of expecting in institute's established model and demand, but its threshold value etc. obtains according to experience, test result shortcoming accuracy, and last judged result can only broadly say that constructed AADL pattern migration is wrong, can not clearly state mistake and occur in which event migration.
Summary of the invention
Technology of the present invention is dealt with problems and is: overcome the deficiencies in the prior art, a kind of checking AADL model running state and the conforming method of demand are provided, improved the reliability that AADL model is set up.
Technical solution of the present invention is: a kind of checking AADL model running state and the conforming method of demand, and step is as follows:
(1) state according to demand and state transition build AADL model, pattern and pattern migration state and the state transition in corresponding demand respectively in AADL model;
(2) by pattern in AADL model and pattern Transport And Transformation, be Petri pessimistic concurrency control, the transformational relation of AADL model and Petri pessimistic concurrency control is: the mode map in AADL model is the s of storehouse institute in Petri pessimistic concurrency control i, the s of storehouse institute iset form S that storehouse collects, i ∈ [0, n], initially the storehouse s of institute 0token be that the migration of pattern in 1, AADL model is mapped as the transition t in Petri pessimistic concurrency control j, transition t jset form transition collection T, j ∈ [1, m];
(3) calculate the incidence matrix C of Petri pessimistic concurrency control, incidence matrix C is collected Sx transition with storehouse and is integrated T as order mark collection, the Elements C (s of its incidence matrix C i, t j)=W (t j, s i)-W (s i, t j), W (s, t) is the power on (s, t), W (t, s) is the power on (t, s);
(4) utilize the state equation of Petri pessimistic concurrency control to judge that whether the AADL model running state building is consistent with demand, concrete deterministic process is as follows:
1) all states in demand are identified to the state st in demand according to storehouse in its corresponding Petri pessimistic concurrency control icorresponding to the s of storehouse institute in Petri pessimistic concurrency control i, all state transitions in demand identify according to transition in its corresponding Petri pessimistic concurrency control, the state transition tr in demand jcorresponding to transition t in Petri pessimistic concurrency control j, list st according to demand 0become st iq transition sequence T, q>=1;
2) for each transition sequence, by the state equation M of Petri pessimistic concurrency control 0+ CU=M calculates dbjective state sign M, according to M (st in M i) value judge that whether AADL model running state consistent with demand;
The state equation of described Petri pessimistic concurrency control is M 0+ CU=M, M 0for the definite original state mark vector of the state according to demand,
Figure BSA00000484444500031
vector element M 0(st i) be the lower st of this sign ithe token value at place; C is incidence matrix; U is the definite transition mark vector of state transition according to demand,
Figure BSA00000484444500032
its state elements U (tr j) be transition tr in concrete transition sequence jcorresponding sign, as transition tr ju (tr during generation j) be 1, transition tr ju (tr while not occurring j) be 0; M is the dbjective state mark vector of Petri pessimistic concurrency control,
Figure BSA00000484444500033
vector element M (st i) be the lower st of this sign ithe token value at place;
According to M (st in M i) value judge that the AADL model running state process whether consistent with demand is: establish f pbe p transition sequence T pthe AADL model running state sign whether consistent with demand after conversion, p ∈ [1, q], if p transition sequence T pin contain and cause state st ithe direct transition number and the M (st that occur i) value identical, at p transition sequence T plower constructed AADL model running state is consistent with demand, puts f p=1; If p transition sequence T pin contain and cause state st ithe direct transition number and the M (st that occur i) value not identical, at p transition sequence T plower constructed AADL model running state and demand are inconsistent, put f p=0;
If F i=f 1* f 2* ... * f p* ... * f qif, F i=1, from st 0become st iq feasible transition sequence T under constructed AADL model running state consistent with demand; If F i=0, from st 0become st iq feasible transition sequence T under constructed AADL model running state and demand inconsistent.
The present invention's beneficial effect is compared with prior art: the present invention proposes " pattern " in AADL model and " pattern migration " to be mapped as the storehouse transition in one's power in Petri pessimistic concurrency control, and using this Petri pessimistic concurrency control as tested model, feature in conjunction with Petri pessimistic concurrency control character and AADL model is calculated the state set that AADL model can reach, reach whether consistent with the demand object of AADL model running state that judgement is set up, thereby improved the correctness of the AADL model of building, shorten the system made time, saved system made cost.
Accompanying drawing explanation
Fig. 1 is process flow diagram of the present invention;
Fig. 2 is the mapping relations figure of AADL model and Petri net.
Embodiment
By " pattern " of member in AADL model and " pattern migration " is mapped as to Petri pessimistic concurrency control, and incidence matrix and the state equation scheduling theory in conjunction with Petri, netted, formed and judged constructed AADL model running state and the conforming verification method of demand, as shown in Figure 1, concrete implementation step is as follows for its flow process:
(1) state according to demand and state transition build AADL model, pattern and pattern migration state and the state transition in corresponding demand respectively in AADL model;
(2) by pattern in AADL model and pattern Transport And Transformation, be Petri pessimistic concurrency control, the transformational relation of AADL model and Petri pessimistic concurrency control is: the mode map in AADL model is the s of storehouse institute in Petri pessimistic concurrency control i, the s of storehouse institute iset form S that storehouse collects, i ∈ [0, n], initially the storehouse s of institute 0token be that the migration of pattern in 1, AADL model is mapped as the transition t in Petri pessimistic concurrency control j, transition t jset form transition collection T, j ∈ [1, m];
Petri netting gear has abundant system to describe means and behavioral analysis technology, is a kind of model that is suitable for describing the behavior of distribution concurrent system.Petri pessimistic concurrency control is defined as hexa-atomic group of ∑=(S, T; F, K, W, M 0), S library representation institute (place) collection wherein, T represents transition (transition) collection, the flow relation (flow relation) of F for constructing from S and T.K, W and M 0be respectively the capacity function of ∑, weight function and initial marking.
Because AADL model is indifferent to concrete function, realize, but in framework level, system is carried out to modeling.Be that pattern in AADL model and pattern migration are the descriptions to system state and variation on system level, therefore in this sense, it is 1 that AADL model conversation is become to corresponding weight function W after Petri pessimistic concurrency control, capacity function K >=1.
(3) calculate the incidence matrix C of Petri pessimistic concurrency control, incidence matrix C is with S that storehouse is collected xtransition integrate T as order mark collection, the Elements C (s of its incidence matrix C i, t j)=W (t j, s i)-W (s i, t j), W (s, t) is the power on (s, t), W (t, s) is the power on (t, s);
(4) utilize the state equation of Petri pessimistic concurrency control to judge that whether the AADL model running state building is consistent with demand, concrete deterministic process is as follows:
1) all states in demand are identified to the state st in demand according to storehouse in its corresponding Petri pessimistic concurrency control icorresponding to the s of storehouse institute in Petri pessimistic concurrency control i, all state transitions in demand identify according to transition in its corresponding Petri pessimistic concurrency control, the state transition tr in demand jcorresponding to transition t in Petri pessimistic concurrency control j, list st according to demand 0become st iq transition sequence T, q>=1;
2) for each transition sequence, by the state equation M of Petri pessimistic concurrency control 0+ CU=M calculates dbjective state sign M, according to M (st in M i) value judge that whether AADL model running state consistent with demand;
The state equation of Petri pessimistic concurrency control is M 0+ CU=M, M 0for the definite original state mark vector of the state according to demand,
Figure BSA00000484444500061
vector element M 0(st i) be the lower st of this sign ithe token value at place; C is incidence matrix; U is the definite transition mark vector of state transition according to demand,
Figure BSA00000484444500062
its state elements U (tr j) be transition tr in concrete transition sequence jcorresponding sign, as transition tr ju (tr during generation j) be 1, transition tr ju (tr while not occurring j) be 0; M is the dbjective state mark vector of Petri pessimistic concurrency control,
Figure BSA00000484444500063
vector element M (st i) be the lower st of this sign ithe token value at place;
According to M (st in M i) value judge that the AADL model running state method whether consistent with demand is: establish f pbe p transition sequence T pthe AADL model running state sign whether consistent with demand after conversion, p ∈ [1, q], if p transition sequence T pin contain and cause state st ithe direct transition number and the M (st that occur i) value identical, at p transition sequence T plower constructed AADL model running state is consistent with demand, puts f p=1; If p transition sequence T pin contain and cause state st ithe direct transition number and the M (st that occur i) value not identical, at p transition sequence T plower constructed AADL model running state and demand are inconsistent, put f p=0;
If F i=f 1* f 2* ... * f p* ... * f qif, F i=1, from st 0become st iq feasible transition sequence T under constructed AADL model running state consistent with demand; If F i=0, from st 0become st iq feasible transition sequence T under constructed AADL model running state and demand inconsistent.
Embodiment:
The flight control system of take is example, and implementation step of the present invention is described:
First a given simple demand.The present invention pays close attention to the state in demand and causes the event of state transition.System receives takes off after signal, from original state, enters the standby condition of taking off.Then judge stating control condition, if stating control condition is improper, the system grounding, rudder controls 0, returns to original state.If stating control condition meets, enter takeoff condition, in the process of taking off, by calculating the control state of flights such as angle, until end of run enters grounding state, rudder controls 0, returns to original state.
(1) state according to demand and state transition build AADL model, pattern and pattern migration state and the state transition in corresponding demand respectively in AADL model, and constructed AADL model is as shown in the left-half of Fig. 2 according to demand.
(2) according to transformational relation, convert the pattern in constructed AADL model and pattern migration to Petri pessimistic concurrency control, result right half part as shown in Figure 2, wherein, s 0represent original state, s 1represent to take off standby condition, s 2represent grounding state, s 3represent takeoff condition; t 1represent to take off signal, t 2represent that stating control condition is improper, t 3represent that rudder controls 0, t 4represent that stating control condition is suitable, t 5represent end of run.
(3) calculate the incidence matrix C of Petri pessimistic concurrency control, the matrix element C (s of its incidence matrix i, t j)=W (t j, s i)-W (s i, t j), therefore, the corresponding incidence matrix of Fig. 2 right half part is:
Figure BSA00000484444500071
(4) utilize the state equation of Petri pessimistic concurrency control to judge that whether the AADL model running state building is consistent with demand;
All states in demand are identified according to storehouse in its corresponding Petri pessimistic concurrency control, obtain: st 0represent original state, st 1represent to take off standby condition, st 2represent grounding state, st 3represent takeoff condition; All state transitions in demand identify according to transition in its corresponding Petri pessimistic concurrency control, obtain: tr 1represent to take off signal, tr 2represent that stating control condition is improper, tr 3represent that rudder controls 0, tr 4represent that stating control condition is suitable, tr 5represent end of run.
According to demand, original state mark vector
Figure BSA00000484444500081
According to the determination methods described in invention, get i=1,2,3, carry out respectively the consistance judgement of AADL model running state and demand:
When i=1
1) list st according to demand 0become st 1feasible transition sequence, totally 1;
Transition sequence 1: receive the signal that takes off, corresponding to the tr in demand 1occur.
2) for this transition sequence, by the state equation M of Petri pessimistic concurrency control 0+ CU=M calculates dbjective state sign M, according to M (st in M 1) value judge that whether AADL model running state consistent with demand;
For this transition sequence T 1,
Figure BSA00000484444500082
according to the state equation M of ∑ 0+ CU=M, calculates under this transition sequence, the dbjective state collection M of system.
M = 1 0 0 0 + - 1 0 1 0 0 1 - 1 0 - 1 0 0 1 - 1 0 1 0 0 0 1 - 1 1 0 0 0 0 = 0 1 0 0
M (st now 1)=1.
Because T 1in contain 1 and cause state st 1the direct transition tr occurring 1, i.e. T 1in contain and cause state st 1the direct transition number and the M (st that occur 1) value identical, so f 1=1.
F 1=f 1=1, illustrate from st 0become st 1transition sequence under constructed AADL model running state be consistent with demand;
When i=2
1) list st according to demand 0become st 2feasible transition sequence, totally two;
Transition sequence 1: receive the signal that takes off, stating control condition does not meet, corresponding to the tr in demand 1, tr 2occur;
Transition sequence 2: receive the signal that takes off, stating control condition meets, and end of run, corresponding to the tr in demand 1, tr 4, tr 5occur.
2) for each transition sequence, by the state equation M of Petri pessimistic concurrency control 0+ CU=M calculates dbjective state sign M, according to M (st in M i) value judge that whether AADL model running state consistent with demand;
For the 1st transition sequence T 1, according to the state equation M of ∑ 0+ CU=M, calculates under this transition sequence, the dbjective state collection M of system.
M = 1 0 0 0 + - 1 0 1 0 0 1 - 1 0 - 1 0 0 1 - 1 0 1 0 0 0 1 - 1 1 1 0 0 0 = 0 0 1 0
M (st now 2)=1.
At this transition sequence T 1only comprise down 1 and cause st 2the direct transition tr occurring 2.So f 1=1.
For the 2nd transition T 2,
Figure BSA00000484444500093
according to the state equation M of ∑ 0+ CU=M, calculates under this transition sequence the target identification of system
M (st now 2)=1.
At this transition sequence T 2under contain 1 and cause st 2the direct transition tr occurring 5.Therefore under this transition sequence, constructed AADL meets demand, f 2=1.
To sum up, F 2=f 1* f 2=1, illustrate from st 0become st 2transition sequence under constructed AADL model running state be consistent with demand;
When i=3
1) list st according to demand 0become st 3feasible transition sequence, totally 1;
Transition sequence 1: receive the signal that takes off, stating control condition is suitable, corresponding to the tr in demand 1, tr 4occur.
2) for this transition sequence, by the state equation M of Petri pessimistic concurrency control 0+ CU=M calculates dbjective state sign M, according to M (st in M 1) value judge that whether AADL model running state consistent with demand;
For this transition sequence T 1, according to the state equation M of ∑ 0+ CU=M, calculates under this transition sequence, the dbjective state collection M of system.
M = 1 0 0 0 + - 1 0 1 0 0 1 - 1 0 - 1 0 0 1 - 1 0 1 0 0 0 1 - 1 1 0 0 1 0 = 0 0 0 1
M (st now 3)=1.
Because T 1in contain 1 and cause state st 3the direct transition tr occurring 4, i.e. T 1in contain and cause state st 3the direct transition number and the M (st that occur 3) value identical, so f 1=1.
F 3=f 1=1, illustrate from st 0become st 3transition sequence under constructed AADL model running state be consistent with demand;
Because F 1, F 2, F 3value be 1, so constructed AADL model is consistent with demand.
Illustrate: if F i=0, illustrate from original state st 0to dbjective state st itransition sequence have problem, need to return to modification modelling.
The present invention not detailed description is known to the skilled person technology.

Claims (1)

1. verify AADL model running state and the conforming method of demand, it is characterized in that step is as follows:
(1) state according to demand and state transition build AADL model, pattern and pattern migration state and the state transition in corresponding demand respectively in AADL model;
(2) by pattern in AADL model and pattern Transport And Transformation, be Petri pessimistic concurrency control, the transformational relation of AADL model and Petri pessimistic concurrency control is: the mode map in AADL model is the s of storehouse institute in Petri pessimistic concurrency control i, the s of storehouse institute iset form S that storehouse collects, i ∈ [0, n], initially the storehouse s of institute 0token be that the migration of pattern in 1, AADL model is mapped as the transition t in Petri pessimistic concurrency control j, transition t jset form transition collection T, j ∈ [1, m];
(3) calculate the incidence matrix C of Petri pessimistic concurrency control, incidence matrix C is multiplied by transition with S that storehouse is collected and integrates T as order mark collection, the Elements C (s of its incidence matrix C i, t j)=W (t j, s i)-W (s i, t j), W (s, t) is the power on (s, t), W (t, s) is the power on (t, s);
(4) utilize the state equation of Petri pessimistic concurrency control to judge that whether the AADL model running state building is consistent with demand, concrete deterministic process is as follows:
1) all states in demand are identified to the state st in demand according to storehouse in its corresponding Petri pessimistic concurrency control icorresponding to the s of storehouse institute in Petri pessimistic concurrency control i, all state transitions in demand identify according to transition in its corresponding Petri pessimistic concurrency control, the state transition tr in demand jcorresponding to transition t in Petri pessimistic concurrency control j, list st according to demand 0become st iq transition sequence T, q>=1;
2) for each transition sequence, by the state equation M of Petri pessimistic concurrency control 0+ CU=M calculates dbjective state sign M, according to M (st in M i) value judge that whether AADL model running state consistent with demand;
The state equation of described Petri pessimistic concurrency control is M 0+ CU=M, M 0for the definite original state mark vector of the state according to demand,
Figure FSA00000484444400021
vector element M 0(st i) be the lower st of this sign ithe token value at place; C is incidence matrix; U is the definite transition mark vector of state transition according to demand,
Figure FSA00000484444400022
its state elements U (tr j) be transition tr in concrete transition sequence jcorresponding sign, as transition tr ju (tr during generation j) be 1, transition tr ju (tr while not occurring j) be 0; M is the dbjective state mark vector of Petri pessimistic concurrency control,
Figure FSA00000484444400023
vector element M (st i) be the lower st of this sign ithe token value at place;
According to M (st in M i) value judge that the AADL model running state process whether consistent with demand is: establish f pbe p transition sequence T pthe AADL model running state sign whether consistent with demand after conversion, p ∈ [1, q], if p transition sequence T pin contain and cause state st ithe direct transition number and the M (st that occur i) value identical, at p transition sequence T plower constructed AADL model running state is consistent with demand, puts f p=1; If p transition sequence T pin contain and cause state st ithe direct transition number and the M (st that occur i) value not identical, at p transition sequence T plower constructed AADL model running state and demand are inconsistent, put f p=0;
If F i=f 1* f 2* ... * f p* ... * f qif, F i=1, from st 0become st iq feasible transition sequence T under constructed AADL model running state consistent with demand; If F i=0, from st 0become st iq feasible transition sequence T under constructed AADL model running state and demand inconsistent.
CN201110109292.9A 2011-04-29 2011-04-29 Method for checking operation state and demand consistency of AADL (Architecture Analysis and Design Language) model Active CN102184136B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110109292.9A CN102184136B (en) 2011-04-29 2011-04-29 Method for checking operation state and demand consistency of AADL (Architecture Analysis and Design Language) model

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110109292.9A CN102184136B (en) 2011-04-29 2011-04-29 Method for checking operation state and demand consistency of AADL (Architecture Analysis and Design Language) model

Publications (2)

Publication Number Publication Date
CN102184136A CN102184136A (en) 2011-09-14
CN102184136B true CN102184136B (en) 2014-04-02

Family

ID=44570316

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110109292.9A Active CN102184136B (en) 2011-04-29 2011-04-29 Method for checking operation state and demand consistency of AADL (Architecture Analysis and Design Language) model

Country Status (1)

Country Link
CN (1) CN102184136B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102566443A (en) * 2011-12-29 2012-07-11 中国航空工业集团公司第六三一研究所 Simulation verification system and method for integrated avionics system model based on artifact design description language (ADDL)
CN105701277B (en) * 2016-01-05 2018-11-27 中国航空无线电电子研究所 A kind of avionics system framework real time analysis method based on AADL modeling
CN108681502B (en) * 2018-05-21 2021-05-14 昆明理工大学 CPS software energy consumption calculation method based on layered parallel algorithm
CN108710361B (en) * 2018-05-30 2020-07-28 广州明珞软控信息技术有限公司 Security program checking method and system
CN117434909B (en) * 2023-12-18 2024-03-12 华侨大学 Intermittent chemical system Petri network model predictive control method

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101901186A (en) * 2010-07-08 2010-12-01 西北工业大学 Embedded system reliability analysis and evaluation method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101901186A (en) * 2010-07-08 2010-12-01 西北工业大学 Embedded system reliability analysis and evaluation method

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
AADL软件容错系统建模与评估;杨志义等;《计算机测量与控制》;20090425;第17卷(第4期);全文 *
基于AADL的嵌入式软件可靠性建模与评估;高志伟;《西安电子科技大学硕士学位论文》;20110101;全文 *
杨志义等.AADL软件容错系统建模与评估.《计算机测量与控制》.2009,第17卷(第4期),全文.
高志伟.基于AADL的嵌入式软件可靠性建模与评估.《西安电子科技大学硕士学位论文》.2011,全文.

Also Published As

Publication number Publication date
CN102184136A (en) 2011-09-14

Similar Documents

Publication Publication Date Title
Mhenni et al. Automatic fault tree generation from SysML system models
US7958475B2 (en) Synthesis of assertions from statements of power intent
CN108376221A (en) A kind of software system security verification and appraisal procedure based on AADL model extensions
CN102184136B (en) Method for checking operation state and demand consistency of AADL (Architecture Analysis and Design Language) model
CN103150440A (en) Simulation method of module-level circuit netlist
CN102063369B (en) Embedded software testing method based on AADL (Architecture Analysis and Design Language) mode time automata model
CN109634600A (en) A kind of code generating method based on security extension SysML and AADL model
Nuzzo et al. Contract-based design of control protocols for safety-critical cyber-physical systems
Reichwein et al. Maintaining consistency between system architecture and dynamic system models with SysML4Modelica
US20160357834A1 (en) Coverage data interchange
Fitzgerald et al. From embedded to cyber-physical systems: Challenges and future directions
Nuzzo et al. Methodology and Tools for Next Generation Cyber‐Physical Systems: The iCyPhy Approach
Lipaczewski et al. Comparison of modeling formalisms for safety analyses: SAML and AltaRica
Saadawi et al. Verification of real-time DEVS models
Cuenot et al. Applying model based techniques for early safety evaluation of an automotive architecture in compliance with the ISO 26262 standard
US11630938B1 (en) Failure mode analysis for circuit design
Langheim et al. System architecture, tools and modelling for safety critical automotive applications–the R&D project SASHA
Abdulhameed et al. An approach combining simulation and verification for SysML using SystemC and Uppaal
CN103093046A (en) Method for converting field programmable gate array (FPGA) Vhsic hardware description language (VHDL) to ordinary Petri network
WO2023164303A1 (en) Adaptive test generation for functional coverage closure
Awais et al. Hybrid simulation using SAHISim framework
CN101593149A (en) Embedded system performance evaluation technical proposal based on the interactive Markov chain model detection
Basagiannis Software certification of airborne cyber-physical systems under DO-178C
Lavagno et al. Alberto L. Sangiovanni-Vincentelli
Yuan et al. An automatic transformation method from AADL reliability model to CTMC

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant