CN103036739A - Formalization method for verification and performance analysis of high reliable communication system - Google Patents

Formalization method for verification and performance analysis of high reliable communication system Download PDF

Info

Publication number
CN103036739A
CN103036739A CN201210533633XA CN201210533633A CN103036739A CN 103036739 A CN103036739 A CN 103036739A CN 201210533633X A CN201210533633X A CN 201210533633XA CN 201210533633 A CN201210533633 A CN 201210533633A CN 103036739 A CN103036739 A CN 103036739A
Authority
CN
China
Prior art keywords
verification
model
method
formal
state
Prior art date
Application number
CN201210533633XA
Other languages
Chinese (zh)
Other versions
CN103036739B (en
Inventor
李晓娟
关永
施智平
王瑞
张�杰
赵春娜
华伟
董玲玲
Original Assignee
首都师范大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 首都师范大学 filed Critical 首都师范大学
Priority to CN201210533633.XA priority Critical patent/CN103036739B/en
Publication of CN103036739A publication Critical patent/CN103036739A/en
Application granted granted Critical
Publication of CN103036739B publication Critical patent/CN103036739B/en

Links

Abstract

Provided is a formalization method for verification and performance analysis of a high reliable communication system. The formalization method includes five steps. The formalization method is a method for communication system formal verification and analysis based on the combination of model testing and theorem proving. Based on the method of hypothesis guarantee, an environmental state machine is established to achieve layering modeling for design of a network communication system, the formal verification for determinant attributes is achieved, high order logical formalization with a random variable statistic character is achieved for protocol transmission processes and the method and design of attributive high order logical formal modeling, and based on the high-order logic model and the correlation theorem which are established on HOL4, automatic verification and dynamic performance analysis based on the formal model are achieved. The formalization method has good practical value and wide application prospects in the technical field of formal verification engineering.

Description

—种用于高可靠通信系统验证与性能分析的形式化方法 - a kind of formal verification method for a communication system with the high reliability performance analysis

技术领域 FIELD

[0001] 本发明涉及一种用于高可靠通信系统验证与性能分析的形式化方法,它是嵌入式系统通信的可靠性验证(Reliability, Maintainability and Supportability,简称RMS)与性能分析的一体化实现方法,特别是基于形式化方法的验证与系统量化性能分析一体化流程构建方法,属于形式化验证工程应用技术领域。 [0001] The present invention relates to a method for highly reliable communication system, formal verification and performance analysis for a communication system to verify the reliability of which is embedded (Reliability, Maintainability and Supportability, referred to as RMS) to achieve integration and performance analysis methods, particularly those based verification system with formal methods to quantify the performance of an integrated process approach to building belonging to formal verification technology applications engineering analysis.

背景技术 Background technique

[0002] 许多关键应用的片上系统中通信系统通常具有极高的功能可靠性、严格的实时性等要求。 [0002] On-chip systems in many critical applications communication systems typically has a very high functional reliability, strict real-time requirements. 关键应用的片上系统失效导致生命与财产重大损失的例子枚不胜举;片上系统传统的检验方法是测试或故障模拟,其主要局限性在于对给定数据集通过了测试,但不能保证在实际运行中对其它输入不发生错误;并且难以发现系统潜在的不合理设计或隐含错误。 Examples of system-on-chip critical application failures have led to life and significant property damage pieces too numerous to cite; traditional testing methods system-on-chip test or fault simulation, its major limitation is that for a given data set passed the test, but can not guarantee the actual operation an error does not occur on other inputs; system and difficult to detect potential errors or implied unreasonable design. 如何保证系统同时满足给定的功能和非功能需求一直是高可靠片上计算领域中研究的关键问题之一。 How to ensure the system satisfies a given functional and non-functional requirements has been one of the key issues is highly reliable computing on-chip field research. 基于形式化的方法对通信系统正确性进行验证和性能分析将对保证片上通信系统正确性与可靠性具有重要意义。 To verify the correctness of the communication system and method for performance analysis based on formal sheet communication system will guarantee the accuracy and reliability is important. 面向片上系统实现数据传输或并发、分布式过程的广泛应用,而这些应用的功能属性的形式化验证通常都采用模型检验的方法,但是由于模型检验方法抽象层次较低,只能进行定性检验,如果抽象不当或协议较复杂,很容易导致状态过多,甚至状态爆炸的问题。 The system-on-chip for data transmission or concurrently, widely distributed process, and functional properties of these applications formal verification model checking method is usually employed, but due to the low level of abstraction model checking method, only qualitative test, If the agreement is more complex or abstract improperly, it can easily lead to excessive state, and even state explosion problem. 目前对网络通信系统的形式化方法只验证其正确性,要是实现量化分析,则通过建立模拟模型进行。 Currently formal methods network communication system only verify its correctness, and if achieve quantitative analysis is performed by creating a simulation model.

发明内容 SUMMARY

[0003]1、目的:本发明的目的是提供一种用于高可靠通信系统验证与性能分析的形式化方法,它是一种基于模型检验和定理证明相结合的通信系统形式化验证与分析的方法。 [0003] 1. Purpose: The purpose of the present invention is to provide a method for highly reliable communication system, formal verification and performance analysis for a communication system which is a model checking and theorem proving and formal verification combining Analysis Methods. 拟基于假设保证的方法,建立环境状态机,对网络通信系统的设计进行层次化建模,对关键属性进行形式化验证,对协议的传输过程、属性的高阶逻辑形式化建模方法、设计实现随机变量统计特征的高阶逻辑形式化,并基于在H0L4所建立的高阶逻辑模型和相关定理,实现自动验证和基于形式模型的量化动态性能分析。 Suppose the proposed method guarantees established based environment state machine, the design of network communication system is hierarchical modeling, formal verification key attributes, higher-order logic formal modeling of the transmission method, protocol properties, design achieve statistical characteristics of random variables formalization higher-order logic, the logic high-order model based on the established H0L4 and theorems, automatic verification and analysis of dynamic performance in the form of quantized model.

[0004] 2、技术方案:为了实现上述目的,本发明一种用于高可靠通信系统验证与性能分析的形式化方法,该方法具体步骤如下: [0004] 2. Technical Solution: To achieve the above object, the present invention is highly reliable communication method of a formal verification and performance analysis system, the method the following steps:

[0005] 步骤一:分析通信系统SOC功能实现结构,并提取关键的功能模块;进行验证模块分解、建模。 [0005] Step a: Analysis SOC System Communication function implementation structure, and extract the key functional modules; decomposition module to verify the modeling. 将高阶逻辑定理证明和符号模型检验相结合,进行组合形式化验证。 The higher-order logic and theorem proving combining symbolic model checking, formal verification combination.

[0006] 步骤二:对模块之间的接口属性、I/O 口及物理层功能实现,用模型检验的方法进行形式化验证,基于符号化模型检验平台,分层次地用模型检验方法验证模块之间的接口属性、I/o 口及物理层功能实现。 [0006] Step Two: Properties of the interface between the modules, I / O port and implement physical layer functions, for formal verification model checking method based on symbolic model checking internet, hierarchically by model checking verification module interface properties between, I / o port and implement physical layer functions.

[0007] 步骤三:针对复杂功能模块可能导致状态过多的问题,进行层次化抽象,基于假设一保证理论,建立环境状态机模型,进行组合验证策略。 [0007] Step three: for complex functional modules may lead to excessive state issues, hierarchical abstraction, on the assumption that a guarantee theory, the environment state machine model, combined authentication policies.

[0008] 步骤四:用定理证明的方法对数据通信协议、并行应用进程进行逻辑、功能实现的验证。 [0008] Step Four: the data communications protocol, a parallel application process logic theorem proving method, implemented authentication. 基于高阶逻辑对片上系统时态属性和随机行为进行形式化表达; Random behavior and state property of the system-on-chip for higher-order logic based on the formal representation;

[0009] 步骤五:在系统的逻辑分析表达式分析中,提取系统进程统计性质的数学逻辑形式表达函数,实现验证对象过程的动态量化性能分析。 [0009] Step Five: Expression analysis logic analysis system, in the form of mathematical logic to extract statistical properties of the expression system process function, performance verification objects dynamic quantization process analysis.

[0010] 其中,步骤一中所述的“提取关键的功能I旲块;进行验证I旲块分解、建I旲;将闻阶逻辑定理证明和符号模型检查相结合,进行组合形式化验证;”其具体实现过程如下:对通信系统中的发送、接收、链路管理、差错控制、流量控制等模块进行提取,进行验证模块的划分,对照协议设计规范,提取出验证的目标和子目标。 [0010] wherein, in said step a "key feature extraction block Dae I; I Dae verify deblocking, I built Dae; the smell order logic theorem proving and symbolic model checking combination, combining formal verification; "the specific implementation process is as follows: a transmission in a communication system, receiving, link management, error control, flow control modules extracted, divided authentication modules, control protocol design specification, and the extracted verification target subgoals. 功能较为独立的模块抽象为单独验证组件,再将低耦合模块间接口进行抽象建模及状态描述;建立发送/接收控制器的状态机模型,形成系统设计的形式化模型,采用模型检验的方法进行验证。 More independent function as a separate authentication module abstracted components, then the low coupling between the interface modules and abstract model described state; state machine model established transmission / reception controller, the system design is formed formal model, using the model test method authenticating. 对数据传输协议及并行的分布式组件等过程在H0L4平台上,建立高阶逻辑模型,采用定理证明的方法进行验证。 And the process of data transfer protocol parallel distributed components like on H0L4 platform, a model of higher-order logic, the method to verify the theorem proving.

[0011] 其中,步骤三中所述的“进行层次化抽象,基于假设一保证理论,建立环境状态机模型,进行组合验证策略;”其具体实现过程如下:对于多个模块级联耦合成的复杂功能属性进行验证时所产生的状态过多的问题,采用假设保证推理的方法,抽象环境状态机,对整个系统进行分层次的验证。 [0011] wherein, in the step of the three "in hierarchical abstraction, on the assumption that a guarantee theory, the state machine model environment, combined verification policy;" specific implementation process is as follows: for a plurality of modules coupled to the cascaded state attribute excessive complications arising for authentication problem, a method of assuming guarantee reasoning, abstract state machine environment, the whole system hierarchical verification. 假设保证推理过程如下: Assume guarantee reasoning as follows:

[0012] 如果两个子系统S1、S2具有属性:(I) SI满足性质Pl (2)当S2的环境满足性质Pl时,S2满足性质P2。 [0012] If the two subsystems S1, S2 have the attributes: (I) SI satisfies properties Pl (2) when S2 meet environmental properties Pl, S2 satisfy the properties P2. 那么子系统SI和S2的组合SI | | S2满足性质P2。 Then the combination of subsystems SI SI and S2 | | S2 satisfy nature P2. 用这种方法进行验证的优点在于:不用对SI和S2的组合建立状态机进行验证,只需用S2验证P1,然后把假设Pl抽象为S2的环境来验证P2。 The advantage of using this method to verify that: no combination of SI and S2 establish the authentication state machine, authentication only with S2 P1, and then setting the abstract Pl assumed to verify S2 P2. 假设Pl和SI相比,状态空间少了很多,有利于处理大规模的电路系统。 SI Pl and assumptions compared to the state-space lot less conducive to large-scale processing circuitry. 本发明通过以上步骤,给出了一种将模型检验和定理证明两种形式化方法相结合的通信系统形式化验证与性能分析的方法,同时给出较为通用的通信系统形式化验证所对应的流程方法。 Through the above steps of the present invention, the model gives a theorem proving and testing a communication system combining two kinds of formal methods formal verification and performance analysis, and gives a more general communication system corresponding to the formal verification flow method.

[0013] 3、优点及功效:本发明的主要优点是:提供一种SOC的通信系统在不同抽象级别下层次化的形式化验证方法,并实现系统并发属性的性能分析。 [0013] 3, advantages and effects: The main advantages of the present invention are: to provide a communication system SOC formal verification at different hierarchical levels of abstraction, and achieve concurrent system performance attribute analysis. 实现较为通用的SOC的通信系统功能正确性和可靠性分析的自动验证技术,便于SOC的设计者能在早期发现系统设计阶段的漏洞或逻辑错误。 Achieve a more versatile automatic verification technique SOC communication system functional correctness and reliability of the analysis, the SOC designer can facilitate discovery logic error or flaw in the early stage of system design.

附图说明 BRIEF DESCRIPTION

[0014] 图1基于模型检验和定理证明相结合的通信系统形式化验证与分析的方法实现整体图 Formal verification and analysis method [0014] FIG 1 the communication system based on the model test and theorem proving achieve the overall combination of FIG.

[0015] 图2为本发明的流程框图 [0015] FIG. 2 is a block flow diagram of the present invention,

[0016] 图3为典型SOC系统模型检验验证实施流程模板 [0016] FIG. 3 is a typical embodiment SOC system model checking verification process template

[0017] 图4为典型SOC系统的高阶逻辑定理证明的流程模板 Higher-order logic Theorem [0017] FIG. 4 is a typical system SOC proof process template

[0018] 图5为发送控制模块状态转移图 [0018] FIG. 5 is a transition diagram of the transmission control module status

具体实施方式 Detailed ways

[0019] 为使本发明的特征及优点得到更清楚的了解,以下结合附图,作详细说明如下:图1描述了本发明实现的整体架构。 [0019] For features and advantages of the invention will be more clearly understood in conjunction with the following drawings, described in detail below: Figure 1 describes the overall architecture of the present invention is implemented.

[0020] SOC设计人员对所设计或实现的片上通信系统进行行为、功能正确性验证时,本发明的一种形式化验证方法可以实现系统在不同抽象层次的属性验证并基于所建立的形式化模型,进行性能分析: [0020] SOC of the on-chip designers design or implementation of communication system behavior when the functional correctness verification, a formal verification method of the present invention may be implemented in a different property verification system and the level of abstraction based on the established formal model, performance analysis:

[0021] 见图2,本发明一种用于高可靠通信系统性能检验与分析的形式化验证方法,其具体实施步骤是: [0021] Figure 2, a formal verification method of the present invention is highly reliable communication system for a performance test and analysis, the specific embodiment the steps of:

[0022] 步骤一:分析系统设计,进行验证分解。 [0022] Step a: Analysis system design, verify decomposition. 如图2所示,根据系统功能、实现特点,进行验证任务的分解。 2, the system according to the function, implemented features, validation task decomposition.

[0023] (I)详细分析各关键模块或进程的属性、功能描述及其实现,提取出验证的目标和子目标, Detailed analysis of [0023] (I) or the attributes of each critical process modules, and implement the function described, and the extracted verification target sub-goals,

[0024] (2)进行系统功能模块的划分及其验证属性的抽象,将功能较为独立的模块抽象为单独验证组件,再将低耦合模块间接口进行抽象建模及状态描述,建立抽象状态机。 [0024] (2) is divided and verification system function module abstract properties will function more as a separate independent verification module abstracted components, then the low coupling between the interface modules and the abstract model described state, establish an abstract state machine .

[0025] (3)对数据传输协议及并行的分布式组件等过程建立高阶逻辑模型,采用定理证明的方法进行验证, [0025] (3) establishing higher-order logic model of the process and the data transfer protocol parallel distributed components, etc., a method to verify the theorem proving,

[0026] (4)对于功能较为独立的组件和低耦合模块间接口,本项目拟采用模型检验的方法进行验证。 [0026] (4) between the separate components and function more lower coupling module interface, this project is to validate the model checking method.

[0027] 步骤二:对模块之间的接口属性、I/O 口及物理层功能实现,用模型检验的方法进行形式化验证,基于符号模型检验平台,分层次地用模型检验方法验证模块之间的接口属性、I/O 口及物理层功能实现。 [0027] Step Two: Properties of the interface between the modules, I / O port and implement physical layer functions, for formal verification model checking method based on symbolic model checking internet, hierarchically with the model checking verification module interface properties between, I / O ports and physical layer functions implemented. 模型检验的过程包括建模、性质的描述和自动验证三个过程,如图3所示,对验证对象模块的系统实现进行抽象和形式化表达,使用5元组的Kripke结构表示系统的有限状态空间;用计算树时态逻辑(CTL)描述系统期望的属性,这个过程需要描述准确、避免二义性。 Model checking process including modeling, the nature of description and three automatic verification process, as shown in FIG verification system to achieve the object modules 3 and abstracting formal representation, Kripke structure using the 5-tuple representation of a finite state system space; with temporal logic (CTL) calculating a desired property tree system described, this process requires an accurate description, to avoid ambiguity. 利用符号模型检验工具SMV(Symbolic Modeling Verifier)自动穷举证明期望的属性是否在状态空间上成立,如果成立,则说明设计实现满足期望的属性。 The use of symbolic model checking tool SMV (Symbolic Modeling Verifier) ​​automatic exhaustive prove whether the desired property in the state space set up, if set up, designed and implemented to meet the expectations of the properties is illustrated. 如果不成立,则输出反例,可以再根据仿真测试,定位错误。 If false, the output counter-examples, you can then test the simulation, positioning error. 这可以是一个验证一报错—错误信息分析和模型修改一再验证的循环过程。 This can be a a verification error - error analysis and model validation modify the cycle again. 例如图5中,发送器在重置状态下处于等待状态,(I)如果来自主机系统的Tick_IN (请求发送时间码)信号为高,并且已经发送了ESC信号(即ESC_Gone_internal信号为高),则发送器会到达锁定时间码状态(在此状态下ProvidejimeCode置为1,传送给发送寄存器子模块),然后无条件的到达发送时间码状态.(2)如果Send_FCT (来自控制模块)为I并且EightMore=I (说明接收器有多于8个的空间来存储数据)并且ESC_Gone_internal=0 (如果ESC_Gone_internal=l,则ESC+FCT为一个空字符),那么发送器会到达锁定流控制标志状态(在此状态下Provide_FCT置为1,传送给发送寄存器子模块),然后无条件的到达发送常字符状态。 For example in FIG. 5, the transmitter is in a waiting state in the reset state, (the I) from the host system if Tick_IN (request transmission time code) signal is high, and the ESC signal has been transmitted (i.e. ESC_Gone_internal signal is high), then the transmitter will reach the time code state (in this state ProvidejimeCode set to 1, it is transmitted to the register sub-block), and then to transmit a time code status unconditionally. (2) If Send_FCT (from the control module) is I and EightMore = I (described receiver has more than eight space to store the data) and ESC_Gone_internal = 0 (if ESC_Gone_internal = l, then ESC + FCT is a null character), then the transmission will reach the locked flow control flag state (in this state, under Provide_FCT set to 1, be transmitted to the register sub-module), then to the state unconditionally transmits regular character. (3)如果SencLNULL (来自控制模块)=1并且ESC_Gone_internal=l,那么发送器会到达锁定流控制标志状态(在此状态下Provide_FCT置为I,传送给发送寄存器子模块)。 (3) If SencLNULL (from the control module) = 1 and ESC_Gone_internal = l, it will send a flow control flag in the locked state (in this state Provide_FCT set to I, be transmitted to the register sub-block). (4)如果Send_All (来自控制模块)=1并且NoCredit=O,那么发送器会到达锁定流控制标志状态,(在此状态下Provide_ESC置为1,传送给发送寄存器子模块)。 (4) If Send_All (from the control module) = 1 and NoCredit = O, then the transmission will reach the locked flow control flag state (in this state Provide_ESC set to 1, be transmitted to the register sub-block). (5)如果Send_EEP=l,那么发送器会到达锁定错误包结束标志状态,(在此状态下Provide_EEP置为1,传送给发送寄存器子模块)。 (5) If Send_EEP = l, it will send an error packet end flag in the locked state (in this state Provide_EEP set to 1, be transmitted to the register sub-block). (6)如果Send_E0P=1,那么发送器会到达锁定正确包结束标志状态,(在此状态下Provide_E0P置为1,传送给发送寄存器子模块)。 (6) If Send_E0P = 1, then the transmission will reach the end of packet flag correctly locked state (in this state Provide_E0P set to 1, be transmitted to the register sub-block). (7)如果Send_NChar_Flag=l,那么发送器会到达锁定常字符状态,(在此状态下Provide_NChar置为I,传送给发送寄存器子模块)。 (7) If Send_NChar_Flag = l, then the transmission will often character in the locked state (in this state Provide_NChar set to I, be transmitted to the register sub-block).

[0028] 图中一些主要输入变量的含义:[0029] [0030] [0028] FIG some of the major input variables meanings: [0029] [0030]

Figure CN103036739AD00061

[0031] I协议规范必须满足互斥性,因为存在优先级的问题,所以时间码,常字符和流控制标志不可能同时发送。 [0031] I must meet the protocol specification mutually exclusive because there are priority issues, the time code, and a flow control flag characters often not possible to send simultaneously.

[0032] Property1: assert G〜(! TX_Reset&Provi de_TimeCode&Provi de_NChar&Provide_FCT); [0032] Property1: assert G~; (TX_Reset & Provi de_TimeCode & Provi de_NChar & Provide_FCT!)

[0033] 2发送的字符之间存在有优先级的关系,所以必须对优先级的问题进行验证,性质2表示当同时要发送时间码和FCT时,优先发送时间码。 When the [0033] 2 is present between the transmitted characters have priority relationship, it must be verified priority issues, while the nature of the transmission 2 indicates that when the time code and the FCT, preferentially transmitted time code.

[0034] Property2 : SPEC AG (! TX_Reset&TX_ClockEnable& (Tick_IN&ESC_Gone_internal)&(Send_FCT&EightMore&!ESC_Gone_internal)->AF Provide_TimeCode); [0034] Property2: SPEC AG -; (TX_Reset & TX_ClockEnable & (Tick_IN & ESC_Gone_internal) & (Send_FCT & EightMore & ESC_Gone_internal)> AF Provide_TimeCode!!)

[0035] 3根据协议规范,要验证的性质主要涉及状态转移中的各个状态在条件满足后是否能够进入相应的状态以及在相应状态下输出信号是否符合协议规范要求,根据需求一共提取出7条分支时态逻辑公式性质。 [0035] 3 according to the protocol specification, to verify the nature of the primary concerning respective states of the state transition of the conditions are satisfied it is able to enter the corresponding state, and in the corresponding state output signal meets the protocol specifications, total extract 7 as required properties of the branch temporal logic formula.

[0036] Property3:SPEC AG(AG Send_NChar_Flag->AF present_state=l&AF present_state=2&AF Provide_NChar&AF NCharOnTrip&AF DCReg_Read); [0036] Property3: SPEC AG (AG Send_NChar_Flag-> AF present_state = l & AF present_state = 2 & AF Provide_NChar & AF NCharOnTrip & AF DCReg_Read);

[0037] Property4:SPEC AG(AG ESC_Gone_internal->AF present_state=3&AF present_state=4&AF Provide_TimeCode); [0037] Property4: SPEC AG (AG ESC_Gone_internal-> AF present_state = 3 & AF present_state = 4 & AF Provide_TimeCode);

[0038] Property5:SPEC AG (AG Send_FCT_>AF present_state=5&AF present_state=9&AFpresent_state=10&AF Provide_FCT); [0038] Property5: SPEC AG (AG Send_FCT_> AF present_state = 5 & AF present_state = 9 & AFpresent_state = 10 & AF Provide_FCT);

[0039] Property6:SPEC AG (AG Send_E0P_>AF present_state=6&AF present_state=9&AFpresent_state=10&AF Provide_E0P&AF DCReg_Read&AF NCharOnTrip); [0039] Property6: SPEC AG (AG Send_E0P_> AF present_state = 6 & AF present_state = 9 & AFpresent_state = 10 & AF Provide_E0P & AF DCReg_Read & AF NCharOnTrip);

[0040] Property7:SPEC AG (AG Send_EEP_>AF present_state=7&AF present_state=9&AFpresent_state=10&AF Provide_E0P&AF DCReg_Read&AF NCharOnTrip); [0040] Property7: SPEC AG (AG Send_EEP_> AF present_state = 7 & AF present_state = 9 & AFpresent_state = 10 & AF Provide_E0P & AF DCReg_Read & AF NCharOnTrip);

[0041] Property8:SPEC AG (AG Send_NULL->AF_present_state=8&AF present_state=9&AFpresent_state=10&AF Provide_ESC); [0041] Property8: SPEC AG (AG Send_NULL-> AF_present_state = 8 & AF present_state = 9 & AFpresent_state = 10 & AF Provide_ESC);

[0042] 以上部分的公式Property3到Property8主要验证当发送请求进入发送控制模块后,控制模块是否能否进入相应的状态并在该状态下输出对应的发送控制信号,以及进入这些状态后是否能够再回到重置复位的初始状态。 After whether [0042] the above formula Property3 Property8 main portion to verify when the transmission request into the transmission control module, the control module can enter whether the corresponding state and outputs a corresponding control signal is transmitted in this state, and these states can be entered again reset back to the initial state of the reset.

[0043] Property9:SPEC AG (AG(!ESC_Gone_internal&Send_FCT&EightMore&present_state=5)->AF EightMoreAcknowledge); [0043] Property9: SPEC AG (! AG (ESC_Gone_internal & Send_FCT & EightMore & present_state = 5) -> AF EightMoreAcknowledge);

[0044] 分支时态逻辑公式Property9表达了主机A的接收缓冲还有空间接收数据,请求发送一个流控制符FCT给发送端的主机B,这时A端主机的发送控制模块就会产生一个可以接收多余八个常字符的确认控制码送给发送器的寄存器,最终给主机发送一个FCT标识符。 [0044] When the branch condition logic formulas expressed Property9 host A receiving buffer has room to receive data, sending a flow control request to the sender identifier FCT host B, at this time end-host A transmission control module may receive will produce a confirmed that the extra eight-character control register normally given transmitter code, a last transmission to the host identifier FCT.

[0045] 步骤三:对各个模块的局部属性分别验证后,要对模块间组合的全局属性进行检验。 [0045] Step 3: attributes of each local authentication modules, respectively, between the modules to the global properties of the compositions tested. 对于多个模块级联耦合成的复杂功能属性进行验证时,会出现状态过多等问题,采用基于假设保证推理方法,进行抽象,建立环境状态机,并使验证对象与环境状态机进行通信。 When a plurality of authentication modules coupled in cascade to complex functional properties, problems can result in excessive state, based on assumptions used guarantee reasoning, abstract, establishing a state machine environment, the authentication object and the environment and communicate the state machine. 例如,将发送/接收器缓存抽象成数据字符的内存接口等。 For example, the transmission / reception data into abstract character cache memory interface. 在连接状态下,发送器输出的数据和滤波信号应该符合DS编码。 In the connected state, the data and strobe signals output from the transmitter should be encoded in accordance with DS. 如果数据信号连续两个比特的值相同,滤波信号的状态在传输后一个比特时改变,否则滤波信号在这两个比特时间里保持不变。 If the values ​​of two consecutive bits of the same data signal, the state of the filtered signal is changed after one bit transmission, or two bits of the filtered signal in that time remains unchanged. 这个性质成立的前提是流量控制信号Provide_FCT为真,这是由控制器来控制的,因此,增加一个有关环境的假设Pl,在连接状态,链路保活和流量控制标签必须有一个为真,这样才能保证在此状态下Provide_FCT为真。 This property is valid when Provide_FCT flow control signal is true, which is controlled by a controller, thereby increasing a Pl assumed on the environment, in the connected state, the keep-alive link and a flow control labels must be true, so as to ensure in this state Provide_FCT is true. 通过验证,控制器N满足性质Pl,然后把发送器模块嵌入在满足上述假设的环境中,就可以用模型验证的方法来检测该性质的正确性。 Verified, the controller N satisfies properties Pl, then the transmitter module is embedded in an environment satisfying the above assumptions, the model can be used to verify the accuracy of the method to detect properties. 并避免状态过多的问题。 And to avoid excessive state problem.

[0046] 步骤四:定理证明是基于形式逻辑系统的公理推导出系统所具有的性质。 [0046] Step Four: the form of theorem proving is axiomatic logic based system has derived properties. 它可以依赖结构化归纳技术在无限域上进行证明,可以直接处理无限的状态空间,这样就可以极大减少一个模型检查器需要分析的状态数。 It may depend on the structure of the induction technique demonstrated in the infinite domain, it can be processed directly infinite state space so that it can significantly reduce the need to analyze a model checker number of states. 高阶逻辑定理证明器H0L4具有表达能力强、类型多态性特点并且已经有相当的嵌入ML函数的基本定理库,利用H0L4可对上述第一步中所划分模块的属性进行验证,其基本过程如图4所示,待验证的形式化模型以目标形式输入HOL中,该模型在HOL中可交互式地进行子目标的任务划分,H0L4的证明检查系统会自动检查每个子任务的证明过程的正确性,在此过程我们将需要用到的新的定理和描述都要先建立形式化模型并添加到H0L4中,被添进去的定理是可重用的,这样很方便与验证工具中定理的可重用性和模块化的形式化验证。 Higher-order logic theorem prover H0L4 expressive ability, the type and characteristics of polymorphisms have considerable fundamental theorem library ML embedding function, using H0L4 can verify the attribute of the divided block in the first step, the basic process , the formal model to be verified inputs 4 HOL object form, this model is divided into sub-task in the target can be interactively HOL, H0L4 proof inspection system automatically checks each subtask certification process correctness, during which we will need new theorems and descriptions used must first establish a formal model and add to the H0L4 in being added into theorems are reusable, so it is convenient and verification tool theorem can reusability and modularity of formal verification. 本项目拟对离散随机变量的方差等统计属性进行形式化描述,先建立形式化模型并添加到H0L4中;对后续随机属性定量描述和性能分析所需要的方差属性完成证明,作为定理加入H0L4中。 The project intends discrete random variable variance statistical properties formal description, first create formal model and added to the H0L4; the variance of the random nature of the follow-up property performance analysis and quantitative description required to complete the proof, as in Theorem added H0L4 .

[0047] 在H0L4中建立传输协议逻辑模型,并进行推理验证: [0047] In the transfer protocol H0L4 logic model, the inference and verification:

[0048] I)在H0L4中为传输数据信息、控制信息、传输时间、包个数分别定义数据类型; [0048] I) H0L4 transmit data information, the control information, the transmission time, the number of packets of data types are defined;

[0049] 2)分别为信道及通信双方的发送、接收进程建立高阶逻辑谓词(函数)表达式; [0049] 2) and a communication channel are transmitted to parties, the establishment of higher-order logic predicates receiving process (function) expression;

[0050] 步骤五:在H0L4中形式化表达协议初始条件和约束条件,并与第四步中的谓词函数表示成析取表达式。 [0050] Step Five: Expression Protocol H0L4 formalized in initial conditions and constraints, and that the fourth step into a disjunction predicate function expressions. 传输协议是通过用发送数据包到收到确认信息的时间是否在预期的范围内,判断数据是否正确传输,并采用出错加重传机制进行纠错。 By packet transport protocol is transmission data to receive the acknowledgment information time is within the expected range, it is determined whether the data is properly transmitted, and using increased error retransmission mechanism for error correction. 若出错的概率是P,信道重传的次数是指数级分布,则数据传输时延可表示为: If P is the probability of error, the retransmission channel number is exponentially distributed, then the data transmission delay can be expressed as:

[0051] D=tr+dtran+dprog+ (tr+ttimer) (G(lp)-1) [0051] D = tr + dtran + dprog + (tr + ttimer) (G (lp) -1)

[0052] tr:重新发送数据时间, [0052] tr: time to resend the data,

[0053] ttimer:发送方从数据包发送完到超时的时间,[0054] dtran:数据包发送所需时间 [0053] ttimer: End sender to send the timeout time from the packet, [0054] dtran: the time required for packet transmission

[0055] dprog:信号在节点间传播时延 [0055] dprog: signal propagation delay between the nodes

[0056] 若上式中Gx服从高斯分布随机变量成功发送的概率为X. [0056] If the probability of the above formula Gx Gaussian random variable X. was successfully sent

[0057] 则传输一个数据包的时延均值可表示为: [0057] then transmits a packet average delay can be expressed as:

[0058] ((tr+ttimer) p/ (1-p)) +tr+dtran+dprog:利用H0L4中随机变量及其统计属性定理对协议时延进行表达和函数提取,并实现性能分·析。 [0058] ((tr + ttimer) p / (1-p)) + tr + dtran + dprog: H0L4 using random variables and their statistical properties theorem to express and protocol delay function to extract, and achieve performance sub-analysis .

Claims (3)

1. 一种用于高可靠通信系统验证与性能分析的形式化方法,其特征在于:该方法具体步骤如下:步骤一:分析通信系统SOC功能实现结构,并提取关键的功能模块,进行验证模块分解、建模,将高阶逻辑定理证明和符号模型检验相结合,进行组合形式化验证;步骤二:对模块之间的接口属性、I/o 口及物理层功能实现,用模型检验的方法进行形式化验证,基于符号化模型检验平台,分层次地用模型检验方法验证模块之间的接口属性、I/o 口及物理层功能实现;步骤三:针对复杂功能模块可能导致状态过多的问题,进行层次化抽象,基于假设一保证理论,建立环境状态机模型,进行组合验证策略;步骤四:用定理证明的方法对数据通信协议、并行应用进程进行逻辑、功能实现的验证;基于高阶逻辑对片上系统时态属性和随机行为进行形式化表达;步骤五 CLAIMS 1. A method for highly reliable communication system, formal verification and performance analysis, characterized in that: the method the following steps: Step 1: Analysis SOC System Communication function implementation structure, and extracts key features modules for verification module decomposition, modeling, combining the higher-order logic theorem proving and symbolic model checking, formal verification combination; step two: the attribute of the interface between the modules, I / o port and physical layer functions implemented by model checking method for formal verification, symbolic model checking on internet, interface properties between the modules are hierarchically verified by model checking method, I / o port and implement physical layer functions; step three: function module for complex may cause excessive state problems, hierarchical abstraction, on the assumption that a guarantee theory, the environmental state machine model for compositional verification policy; step IV: theorem proving approach to data communications protocol, a parallel application process validation logic functions implemented; high based order attributes and the logic state when the system-on-chip random behavior formally expressed; step five 在系统的逻辑分析表达式分析中,提取系统进程统计性质的数学逻辑形式表达函数,实现验证对象过程的动态量化性能分析。 In the logical expression analysis system analysis, mathematical logic is extracted in the form of statistical properties of the system processes the expression of function, dynamic objects quantify the performance verification process analysis.
2.根据权利要求1所述的一种用于高可靠通信系统验证与性能分析的形式化方法,其特征在于:步骤一中所述的“提取关键的功能模块,进行验证模块分解、建模,将高阶逻辑定理证明和符号模型检查相结合,进行组合形式化验证;”其具体实现过程如下:对通信系统中的发送、接收、链路管理、差错控制、流量控制模块进行提取,进行验证模块的划分,对照协议设计规范,提取出验证的目标和子目标;功能较为独立的模块抽象为单独验证组件,再将低耦合模块间接口进行抽象建模及状态描述;建立发送/接收控制器的状态机模型,形成系统设计的形式化模型,采用模型检验的方法进行验证;对数据传输协议及并行的分布式组件过程在H0L4平台上,建立高阶逻辑模型,采用定理证明的方法进行验证。 2. The method of claim 1 Formal verification and highly reliable communication system for performance analysis as claimed in claim, wherein: in the step of a "key feature extraction module, the module for verification decomposition model the higher-order logic and theorem proving symbolic model checking combination, combining formal verification; "specific implementation process is as follows: a transmission in a communication system, receiving, link management, error control, flow control module for extraction, dividing the authentication module, the control protocol design specification, and the extracted verification target sub-goals; separate modules function more abstract component independently verified, then a low coupling between the module interface abstraction model and state description; establishing transmission / reception controller the state machine model, the system design is formed formal model, the model test method is verified; data transfer protocol and distributed component parallel process on H0L4 platform, a model for higher-order logic, the method to verify the theorem .
3.根据权利要求1所述的一种用于高可靠通信系统验证与性能分析的形式化方法,其特征在于:步骤三中所述的“进行层次化抽象,基于假设一保证理论,建立环境状态机模型,进行组合验证策略;”其具体实现过程如下:对于多个模块级联耦合成的复杂功能属性进行验证时所产生的状态过多的问题,采用假设保证推理的方法,抽象环境状态机,对整个系统进行分层次的验证;假设保证推理过程如下:如果两个子系统S1、S2具有属性:(I) SI满足性质Pl ; (2)当S2的环境满足性质Pl时,S2满足性质P2 ;那么子系统SI和S2的组合SI II S2满足性质P2 ;用这种方法进行验证的优点在于:不用对SI和S2的组合建立状态机进行验证,只需用S2验证P1,然后把假设Pl抽象为S2的环境来验证P2 ;假设Pl和SI相比,状态空间少了很多,有利于处理大规模的电路系统。 According to one of the claims 1 to formal methods for highly reliable communication system verification and performance analysis, wherein: said step 3 "in hierarchical abstraction, on the assumption that a guarantee theory, the environment a state machine model for compositional verification policy; "specific implementation process is as follows: too many problems for authentication status for a plurality of modules coupled in cascade to complex functional properties produced using methods assume guarantee reasoning, abstract environment state machine, the whole system hierarchical verification; assume guarantee reasoning is as follows: If the two subsystems S1, S2 have the attributes: (I) SI properties Pl is satisfied; satisfies properties (2) when the nature of the environment meets Pl is S2, S2 P2; SI and S2 subsystem then combined to meet the nature of SI II S2 P2; the advantage of this method is to verify that: no combination of SI and S2 establish authentication state machine, authentication only with S2 P1, and the assumed Pl abstract environment to verify P2 S2; Pl and SI compared hypothesis, state space much less conducive to large-scale processing circuitry.
CN201210533633.XA 2012-12-11 2012-12-11 Formalization method for verification and performance analysis of high reliable communication system CN103036739B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210533633.XA CN103036739B (en) 2012-12-11 2012-12-11 Formalization method for verification and performance analysis of high reliable communication system

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201210533633.XA CN103036739B (en) 2012-12-11 2012-12-11 Formalization method for verification and performance analysis of high reliable communication system
AU2013263777A AU2013263777A1 (en) 2012-12-11 2013-11-28 A formal method of verification and performance analysis for highly reliable communication system
AU2018201721A AU2018201721A1 (en) 2012-12-11 2018-03-09 A formal method of verification and performance analysis for highly reliable communication system

Publications (2)

Publication Number Publication Date
CN103036739A true CN103036739A (en) 2013-04-10
CN103036739B CN103036739B (en) 2015-06-17

Family

ID=48023249

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210533633.XA CN103036739B (en) 2012-12-11 2012-12-11 Formalization method for verification and performance analysis of high reliable communication system

Country Status (2)

Country Link
CN (1) CN103036739B (en)
AU (2) AU2013263777A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103281160A (en) * 2013-05-31 2013-09-04 南京大学 Controller local area network frame transmission verification method
CN106126940A (en) * 2016-06-28 2016-11-16 云南大学 The Formal Verification of robot Fractional Order PID Controller stability
CN106802863A (en) * 2016-12-16 2017-06-06 华东师范大学 Interprocess communication security formalization analysis checking system based on micro-kernel prototype

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080134338A1 (en) * 2006-11-30 2008-06-05 Microsoft Corporation Systematic Approach to Uncover GUI Logic Flaws
CN101404045A (en) * 2007-07-02 2009-04-08 韵律设计系统公司 Method, system, and computer program product for generating automated assumption for compositional verification
US7653520B2 (en) * 2002-07-19 2010-01-26 Sri International Method for combining decision procedures with satisfiability solvers
CN102065083A (en) * 2010-12-03 2011-05-18 中国科学院软件研究所 Formal verification method for security protocol
CN102136047A (en) * 2011-02-25 2011-07-27 天津大学 Software trustworthiness engineering method based on formalized and unified software model

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7653520B2 (en) * 2002-07-19 2010-01-26 Sri International Method for combining decision procedures with satisfiability solvers
US20080134338A1 (en) * 2006-11-30 2008-06-05 Microsoft Corporation Systematic Approach to Uncover GUI Logic Flaws
CN101404045A (en) * 2007-07-02 2009-04-08 韵律设计系统公司 Method, system, and computer program product for generating automated assumption for compositional verification
CN102065083A (en) * 2010-12-03 2011-05-18 中国科学院软件研究所 Formal verification method for security protocol
CN102136047A (en) * 2011-02-25 2011-07-27 天津大学 Software trustworthiness engineering method based on formalized and unified software model

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
TAHAR, S: "Hybrid verification integrating HOL theorem proving with MDG model checking", 《MICROELECTRONICS JOURNAL》, vol. 37, no. 11, 30 November 2006 (2006-11-30) *
TUERK, THOMAS: "Model checking PSL using HOL and SMV", 《2ND INTERNATIONAL HAIFIA VERIFICATION CONFERENCE》, 26 October 2006 (2006-10-26) *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103281160A (en) * 2013-05-31 2013-09-04 南京大学 Controller local area network frame transmission verification method
CN103281160B (en) * 2013-05-31 2016-01-20 南京大学 A kind of controller local area network frame transmission verification method
CN106126940A (en) * 2016-06-28 2016-11-16 云南大学 The Formal Verification of robot Fractional Order PID Controller stability
CN106126940B (en) * 2016-06-28 2020-01-03 云南大学 Formalized verification method for stability of robot fractional order PID controller
CN106802863A (en) * 2016-12-16 2017-06-06 华东师范大学 Interprocess communication security formalization analysis checking system based on micro-kernel prototype

Also Published As

Publication number Publication date
CN103036739B (en) 2015-06-17
AU2013263777A1 (en) 2014-06-26
AU2018201721A1 (en) 2018-04-05

Similar Documents

Publication Publication Date Title
Agha et al. PMaude: Rewrite-based specification language for probabilistic object systems
Tel Introduction to distributed algorithms
Delporte-Gallet et al. The weakest failure detectors to solve certain fundamental problems in distributed computing
KR100982145B1 (en) A method for configurable address mapping
US8514889B2 (en) Use of common data format to facilitate link width conversion in a router with flexible link widths
US20060282419A1 (en) Diagnosing problems in distributed systems
Zave Using lightweight modeling to understand Chord
CN1421013A (en) Property coverage in formal verification
CN101782867A (en) Using and generating statistical representations of traffic flow in a design verification environment
TWI266216B (en) Design verification using formal techniques
Li et al. Reverse engineering circuits using behavioral pattern mining
CN101183406B (en) Method for establishing network chip module level function checking testing platform
Soeken et al. Verifying dynamic aspects of UML models
Souri et al. Behavioral modeling and formal verification of a resource discovery approach in Grid computing
US7725851B2 (en) Device, system and method for formal verification
CN201820227U (en) Electronic design automation equipment
RU2430409C2 (en) Method of measuring coverage in interconnection structural condition
US20080244476A1 (en) System and method for simultaneous optimization of multiple scenarios in an integrated circuit design
Jiang et al. Design and optimization of multiclocked embedded systems using formal techniques
Gardey et al. State space computation and analysis of time Petri nets
Grecu et al. Essential fault-tolerance metrics for NoC infrastructures
CN102169515A (en) Estimation method and system of clock tree delay time in specified integrated circuit
Vermeulen et al. A network-on-chip monitoring infrastructure for communication-centric debug of embedded multi-processor socs
US8099695B1 (en) Automated debugging method and system for over-constrained circuit verification environment
Ferro et al. ISIS: Runtime verification of TLM platforms

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
C14 Grant of patent or utility model