CN103729523A - Automatic verification method orienting to parameterization system - Google Patents

Automatic verification method orienting to parameterization system Download PDF

Info

Publication number
CN103729523A
CN103729523A CN201410030123.XA CN201410030123A CN103729523A CN 103729523 A CN103729523 A CN 103729523A CN 201410030123 A CN201410030123 A CN 201410030123A CN 103729523 A CN103729523 A CN 103729523A
Authority
CN
China
Prior art keywords
state
predicate
model
module
lts
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410030123.XA
Other languages
Chinese (zh)
Other versions
CN103729523B (en
Inventor
屈婉霞
张龙
郭阳
李思昆
汪审权
胡慧俐
李暾
刘畅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National University of Defense Technology
Original Assignee
National University of Defense Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National University of Defense Technology filed Critical National University of Defense Technology
Priority to CN201410030123.XA priority Critical patent/CN103729523B/en
Publication of CN103729523A publication Critical patent/CN103729523A/en
Application granted granted Critical
Publication of CN103729523B publication Critical patent/CN103729523B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Stored Programmes (AREA)

Abstract

The invention discloses an automatic verification method orienting to a parameterization system and aims at solving the problems of high verification cost, low accuracy and low speed of the parameterization system. The automatic verification method adopting the technical scheme comprises the following steps: firstly constructing an automatic verification frame of the parameterization system based on the characteristics of the parameterization system; then reading-in a single progress model, the number of progresses, properties to be verified and a user-defined predicate library from the outside, and constructing a finite-state machine model with single progress; automatically constructing a true-concurrency synthetic model with complete description of the parameterization system according to a true-concurrency synthetic rule; then automatically carrying out abstraction simplification on the true-concurrency synthetic model by adopting a predicate abstract technology to obtain an abstract model described by a finite-state machine; and finally, traversing the abstract model by adopting a model inspection technology, and judging whether the properties to be verified are met. The automatic verification method disclosed by the invention has the advantages that the cost of modeling and verification of the parameterization system can be reduced, the verification accuracy can be improved, the verification scale of the parameterization system can be reduced and the verification speed can be increased.

Description

A kind of automatic verification method towards Parametric System
Technical field
The present invention relates to Model Checking in Formal Verification field, relate in particular to a kind of automatic verification method towards Parametric System.
Background technology
Parametric System is that one group of structure is identical, the process of synthetic operation, and between process, with the synchronous or concurrent execution of asynchronous system, the number of process is called systematic parameter.Parametric System is very general in reality, as communication protocol, Cache consistency protocol etc.Along with the demand of the aspects such as engineering and science improves constantly, system scale expanding day, function are increasingly sophisticated, cause Parametric System Design to be very easy to make mistakes, and must carry out checking comprehensively and effectively to it.Model testing technology is very extensive in the application of Formal Verification field, the method represents system to be verified with finite state machine, expect satisfied character with tense logical formula descriptive system, by traversal finite state machine, automatically judge the correctness of temporal logic formula, successfully being applied to the checking of software and hardware system, is the very effective method of one of checking finite state system.But, how to adopt model testing technique to high-efficiency certificate parameter system to be still the very challenging work in one, current checking field.
Between the arbitrariness of Parametric System parameter and process, mutual complicacy has caused the State space explosion of Parametric System scale.On the one hand, the increase of system scale brings stern challenge to checking personnel, how to guarantee that the accuracy of system modelling becomes a subject matter of Parametric System checking.On the other hand, Parametric System scale increases according to systematic parameter exponentially, State space explosion causes existing simplation verification and formalization verification method can not directly apply to system verification, and the scale and the verifying speed that how to improve better Parametric System checking are the another one subject matter facing.
Summary of the invention
The technical problem to be solved in the present invention is to propose a kind of automatic verification method towards Parametric System, solves Parametric System checking problem below: 1) the artificial participation of Parametric System checking is many, causes the problem of verifying that cost is high; 2) accuracy problem of Parametric System checking; 3) checking scale and verifying speed problem.The method, for the feature of Parametric System, builds Parametric System automatic Verification framework.The present invention, from the character to be verified of Parametric System, automatically builds parameterized model and carries out abstract letter, then automatically completes Property Verification.First, set up the finite state machine model of individual process; Then, automatically build complete Parametric System, reduce the artificial accuracy that participates in and guarantee modeling; Finally, adopt predicate abstraction method to carry out the abstract abbreviation of model to Parametric System, obtain the abstract model that finite state machine is described, and whether performance model method of inspection certificate parameter system meets character to be verified, raising checking scale and verifying speed.
Technical scheme of the present invention is:
The first step, builds Parametric System automatic Verification framework, for Parametric System Design personnel provide a verification platform, for completing the checking work of Parametric System.Parametric System automatic Verification framework forms by reading in module, true concurrency synthesis module, model abstract module and authentication module.Read in module and from outside, obtain the data that need, comprise that the one process that designer provides designs a model, process number and character to be verified, resolve these data and obtain one process model M, process number n and character p to be verified.Wherein, M adopts finite state machine to describe; N is a natural number, represents the process number that whole Parametric System comprises; P adopts regular grammer to describe, and represents character to be verified.Read in module M and n are sent to true concurrency synthesis module, p is sent to model abstract module; True concurrency synthesis module obtains one process model M from reading in module, and the true concurrency that then completes n process according to the true concurrency composition rule of definition synthesizes, and obtains describing the true concurrency synthetic model M of whole Parametric System n, wherein, M nalso adopt finite state machine to describe.True concurrency synthesis module is by M nsend model abstract module to, model abstract module, according to automatically choosing predicate from reading in the character p to be verified that module obtains from self-defined predicate storehouse B, forms predicate set Φ, and obtains predicate expression formula l, then adopts predicate expression formula l to M ncarry out equivalent partition, obtain the abstract model that finite state machine is described
Figure BDA0000460513900000021
and will send to authentication module; Authentication module is accepted abstract model
Figure BDA0000460513900000023
adopt Model Checking to provide Property Verification result, if meet character p to be verified, output message " meets ", otherwise output message " does not meet ".
Second step, chooses mark migratory system LTS (Labeled Transition System) and carries out individual process modeling.LTS is the one of finite state machine, increases that a migration action gets in common state transition diagram, is the basis of explaining the operational semantics of various ways model.LTS is a tlv triple <S, A, and → >, wherein, S represents state set; A represents set of actions, comprises the sightless internal actions of other process and the external action with other process interaction; → represent migration set, i.e. limit in LTS, wherein, → in each element be a tlv triple <s, a, t>, expression be from state s, in the situation that action a occurs, arrive a limit of state t, s and t are the elements in state set S.LTS descriptive system behavior very intuitively, is applicable to characterising parameter system.
The 3rd step, definition true concurrency composition rule.For given any two LTS, i.e. P=<S p, A p, → p> and Q=<S q, A q, → qthe true concurrency system P|||Q=<S of > composition pq, A pq, → pqthe formal semantic model of > is defined as follows:
3.1, S pq=S p× S q, wherein S prepresent a state in P, S qrepresent a state in Q, S pand S qa state of the two element group representation true concurrency system P|||Q that form, uses S pqrepresent.
3.2, A pq=A p× A q, wherein A prepresent an action in P, A qrepresent an action in Q, A pand A qan action of the two element group representation true concurrency system P|||Q that form, uses A pqrepresent.
3.3, for limit (s arbitrarily in P and Q 1, a 1, s ' 1) ∈ → p, (s 2, a 2, s' 2) ∈ → q, i.e. the migration of in P limit is from state s 1through action a 1arrival state s ' 1, a migration limit in Q is from state s 2through action a 2arrival state s' 2, synthetic migration → pqaccording to following rule, produce:
(a) if a 1for blank operation, a 2be not blank operation, so, s 1=s ' 1and (s 1s 2, a 2, s 1s' 2) ∈ → pq, in P|||Q, exist from state s 1s 2through action a 2to state s 1s' 2one migration limit, wherein, s 1s 2and s 1s' 2represent the new state in synthesis system, i.e. state s 1s 2represent that first process status is s 1, second process status is s 2the new state obtaining after synthetic, the designate similar of synthetic state in rule (b), (c);
(b) if a 1be not blank operation, a 2for blank operation, so, s 2=s' 2and (s 1s 2, a 1, s ' 1s 2) ∈ → pq, in P|||Q, exist from state s 1s 2through action a 1to state s ' 1s 2one migration limit;
(c) if a 1be not blank operation, a 2be not blank operation yet, and a 1and a 2that change is not s 1and s 2public variable, or be identical to the modification of public variable, so, claim s 1and s 2compatible capable of being combined, and (s 1s 2, a 1a 2, s ' 1s' 2) ∈ → pq, in P|||Q, exist from state s 1s 2through action a 1a 2to state s ' 1s' 2one migration limit.
The 4th step, reads in module and reads the data that validation framework needs, and method is:
Step 4.1, reads in module and reads in individual process state transition table T from external file, sets up the LTS model M of one process.State transition table T, with the state transition situation of the formal description individual process of file, comprises state, action and transition relationship three parts.Each transition relationship in state transition table is a tlv triple: < current state, action, dbjective state >.An element in each state corresponding states S set, an element in action respective action set A, between all processes complicated relation form whole transition relationship set →.T adopts the mode of text to store, and has set form.Concrete form is:
(1), the behavior key word " begin " that starts most of table T, represent that migration table starts.
(2), state description.The second behavior key word " states " and an integer sNumber of table T, the state number of expression individual process.The title of all states of ensuing sNumber behavior.
(3), action description.After state description finishes, newline is key word " acts " and an integer aNumber, represents the action number of individual process.The title of ensuing aNumber behavior everything.
(4), migration is described.After action description finishes, newline is key word " trans ".Next be the specific descriptions of each migration, these three information of current state, action and dbjective state are recorded in each provisional capital.
(5), table T last column is key word " end ", represents that migration table finishes.
The content of reading in line by line from top to bottom table T, builds state set, set of actions and transition relationship set successively, obtains the one process model M that LTS describes.
Step 4.2, reads in module and reads in system process number num from terminal, is then stored as integer type variable n.
Step 4.3, read in module and from terminal, read in the character text to be verified of text character string descriptor, and adopt the instrument Lex & Yacc(that increases income with reference to books: Jhon R.Levine, Tony Mason, Doug Brown work. Yang Zuomei, Zhang Xudong translates. < < Lex and Yacc > > (second edition), China Machine Press, in January, 2003) carry out lexical analysis, grammatical analysis and semantic analysis, obtain the character p to be verified that regular grammer is described.
The 5th step, true concurrency synthesis module carries out true concurrency to n one process model M and synthesizes, and automatically builds the true concurrency synthetic model M that describes complete Parametric System n, method is:
Step 5.1, making lts_set is the set of n LTS, lts_mdl=<S lts, A lts, → lts> is the true concurrency synthetic model of the true concurrency system of this n LTS composition, and corresponding initial value is respectively: lts_set={P 1, P 2..., P n, wherein P 1, P 2..., P nrepresent n LTS;
Figure BDA0000460513900000041
wherein
Figure BDA0000460513900000042
represent empty set.
Step 5.2 if the element in lts_mdl is empty set, first, is chosen arbitrarily two LTSP from lts_set iand P j(1≤i<n, 1<j≤n, i ≠ j); Then, from lts_set, delete P iand P j; Finally, set up by P iand P jthe true concurrency synthetic model P of the true concurrency system of composition i|| | P j, according to the true concurrency composition rule of the 3rd step definition, to P iand P jcarry out true concurrency synthetic, and by P i|| | P jassignment is to lts_mdl.
If the element in lts_mdl is not empty set entirely, first, from lts_set, choose arbitrarily a LTSP k(1≤k≤n); Then, from lts_set, delete P k; Finally, set up by lts_mdl and P kthe Formal Semantic model lts_mdl|||P of the true concurrency system of composition k, according to the true concurrency composition rule of the 3rd step definition, to lts_mdl and P kcarry out true concurrency synthetic, and by lts_mdl|||P kassignment is to lts_mdl.
Step 5.3, if lts_set is not empty, goes to step 5.2; Otherwise, by lts_mdl assignment to M n, true concurrency synthetic model is successfully established, and carries out the 6th step.
The 6th step, model abstract module adopts predicate abstraction method to Parametric System M ncarry out abbreviation, obtain the abstract model that finite state machine is described
Figure BDA0000460513900000051
model abstract module is by defining predicate module and predicate abstraction module forms.Definition predicate module obtains character p to be verified from reading in module, the predicate storehouse providing from user obtains self-defined predicate storehouse B, the partial predicate of choosing in B according to character p to be verified forms predicate set Φ, then with the element in Φ, character p to be verified is described, obtain predicate expression formula l, and l is sent to predicate abstraction module.Predicate abstraction module obtains predicate expression formula l from definition predicate module, from true concurrency synthesis module, obtains true concurrency synthetic model M n, adopt predicate expression formula l to true concurrency synthetic model M ncarry out character division, obtain the abstract model that finite state machine is described
Figure BDA0000460513900000052
concrete grammar is:
Step 6.1, definition predicate module obtains character p to be verified from reading in module, adopts Open-Source Tools Lex & Yacc to resolve character p to be verified, and p is divided into multiple subitems, and each subitem represents a character of Parametric System to be verified;
Step 6.2, making Φ is predicate set, represents all predicates that checking is used, and is initialized as empty set.Predicate is the formalization representation of certain character of Parametric System to be verified, if the character that predicate μ represents can embody on state s, claims state s to meet predicate μ.
Step 6.3, obtains self-defined predicate storehouse B from user, and B need to checking personnel provide.According to different verification models, the predicate storehouse that User Defined is suitable, has improved dirigibility and the adaptability of checking.
Step 6.4 to each subitem x of p, is chosen a corresponding predicate b from B x(be predicate b xthe character of describing is the character that subitem x expresses), by b xadd Φ to.A predicate μ is divided into two parts (being referred to as two equivalence classes here): S by whole state set μwith
Figure BDA0000460513900000053
s μin all states all meet predicate μ,
Figure BDA0000460513900000054
in all states all do not meet predicate μ.
Step 6.5, adopts in set Φ the logical and of predicate to represent that character p(to be verified is that multiple predicates adopt logical and connectors to couple together to form a long formula), obtain predicate expression formula l, l is exported to predicate abstraction module.Because predicate expression formula l is the logical and of multiple predicates, thus the expression formula being formed by m predicate the most at last state space be divided into 2 mindividual equivalence class.Each equivalence class distributes an equal tag, and equal tag is that length is the character string (or thinking a binary number) of m.If meet i predicate, the i position of equal tag is labeled as ' 1 ', otherwise is ' 0 '.Each equivalence class is a new state after predicate abstraction abbreviation, and equal tag is called the title of this new state.
Step 6.6, predicate abstraction module obtains predicate expression formula l from definition predicate module, from true concurrency synthesis module, obtains true concurrency synthetic model M n, then to true concurrency synthetic model M ncarry out predicate abstraction, obtain abstract model
Figure BDA0000460513900000061
abstract model
Figure BDA0000460513900000062
by state set S nwith transition relationship set R nform, the concrete grammar of predicate abstraction is:
Step 6.6.1, generating states set closes S n.If predicate expression formula l consists of the logical and of m predicate, S set nin have 2 mindividual state, each Status Name adopts binary coding, and the title of each state adopts binary digit.If binary digital i position is ' 1 ', represent to meet i predicate; Otherwise, i predicate of foot with thumb down.Check successively M neach state, and record this state satisfied information whether on m predicate, then according to the information of record, set corresponding to this state add to.The abstract model generating
Figure BDA0000460513900000063
state set S nin each element by multiple true concurrency synthetic model M nin state composition.
Step 6.6.2, generates transition relationship set R n, complete in accordance with the following steps:
6.6.2.1, initialization, transition relationship set R nbe initialized as empty set.
6.6.2.2, to S nin element according to the binary coding of Status Name according to ascending sort, and count initialized variable i=0.
If 6.6.2.3 i<2 m, count initialized variable j=0, turns 6.6.2.4 step; Otherwise go to step 6.6.3.
If 6.6.2.4 j<2 m, turn 6.6.2.5 step; Otherwise turn 6.6.2.6 step.
6.6.2.5, get abstract model
Figure BDA0000460513900000064
two states
Figure BDA0000460513900000065
with
Figure BDA0000460513900000066
respectively corresponding two equivalence classes, wherein each equivalence class is true concurrency synthetic model M nthe set of middle state.If
Figure BDA0000460513900000067
with
Figure BDA0000460513900000068
difference existence s and t in corresponding equivalence class, and in model M nthe migration of middle existence from s to state t, generate one from
Figure BDA0000460513900000071
arrive
Figure BDA0000460513900000072
migration, and add R to n.Counting variable j adds 1, turns 6.6.2.4 step.
6.6.2.6, counting variable i adds 1, turns 6.6.2.3 step.
Step 6.6.3, Computer Storage can directly adopt graph data structure storage.A node of each Abstract State corresponding diagram, a limit of each transition relationship corresponding diagram.
Step 6.6.4, predicate abstraction module will
Figure BDA0000460513900000074
send authentication module to.The abstract model that authentication module obtains
Figure BDA0000460513900000075
it is the finite state machine with graph data structure storage.The abstract model of predicate abstraction module output
Figure BDA0000460513900000076
status Name binary coding of middle existence is complete ' 1 ' state, is designated as S one, this state representation meets the equivalence class of character p to be verified.If S oneunreachable, represent not exist in Parametric System the state that does not meet character p to be verified.
The 7th step, authentication module is accessed abstract model successively
Figure BDA0000460513900000077
each state, check that whether p meets, if meet return messages, " meet ", if do not meet return messages " satisfied "." meet " and represent that Parametric System to be verified meets character p, " not meeting " represents to be that Parametric System to be verified does not meet character p, and concrete grammar is:
Step 7.1, detects true concurrency synthetic model M noriginal state whether at S onein, if, return messages " meet ", represent S onecan reach, turn the 8th step; Otherwise, go to step 7.2.
Step 7.2, if original state is not at S onein, traversal
Figure BDA0000460513900000078
in state set S nin except S oneoutside all states, if exist a state S yand S yto S onehave a migration, return messages " meet ", turn the 8th step; Otherwise return to " not meeting " and represent S oneunreachable, turn the 8th step.
The 8th step, finishes.
Adopt the present invention can reach following technique effect:
1, because the present invention need to manually provide necessary data except the first step and the 6th step, other steps complete by computer automation, have reduced artificial participation, have reduced the cost of Parametric System checking.
2, because the present invention's the 4th step is read in individual process model and the 5th step structure true concurrency model completes according to the rule of definition by computing machine, robotization builds Parametric System model, has improved the accuracy of Parametric System checking.
3, because the present invention's the 6th step adopts predicate abstraction technology, greatly compress the state space of verification system, and adopted efficient model testing technology to carry out state space traversal, reduced the checking scale of Parametric System, improved verifying speed.
Accompanying drawing explanation
Fig. 1 is the Parametric System automatic Verification frame logic structural drawing that the first step of the present invention builds.
Fig. 2 is overview flow chart of the present invention.
Fig. 3 is the present invention's the 3rd step true concurrency composition rule schematic diagram.
Embodiment
Fig. 1 is the Parametric System automatic Verification frame logic structural drawing that the first step of the present invention builds.Whole validation framework forms by reading in module, true concurrency synthesis module, model abstract module and authentication module.
Read in module and read in from file and terminal the data that need, send to after treatment true concurrency synthesis module and model abstract module.First, read in module and read in individual process state transition table T from external file, set up the LTS model M of one process.State transition table T, with the state transition situation of the formal description individual process of file, comprises state and transition relationship two large divisions.State transition table record Status Name, denomination of dive and transition relationship, each transition relationship is a tlv triple: < current state, action, dbjective state >.An element in the corresponding S of each state, an element in action corresponding A, the migration of all processes form whole transition relationship set →.Then, read in module and read in system process number num from terminal, and be stored as integer type variable n.Finally, read in module and from terminal, read in the character text to be verified of text character string descriptor, and adopt Lex & Yacc instrument to carry out lexical analysis, grammatical analysis and semantic analysis, obtain the character p to be verified that regular grammer is described.
True concurrency module receives from the input data M and the n that read in module, and the true concurrency that completes n one process model M is synthetic, builds the true concurrency synthetic model M that describes whole Parametric System n.
Model abstract module receives from the data p and the M that read in module and true concurrency synthesis module n, through after processing, obtain abstract model
Figure BDA0000460513900000081
and will deliver to authentication module.This module is divided into two submodules: definition predicate module and predicate abstraction module.Definition predicate module receives the p obtaining from reading in module; Then according to the predicate storehouse B manually providing, choose suitable predicate and form predicate set Φ, and adopt the logical and of predicate to describe character p to be verified, obtain predicate expression formula l; Finally l is delivered to predicate abstraction module.Predicate abstraction module receives the M from true concurrency synthesis module nwith the l of definition predicate module, and adopt predicate expression formula l to true concurrency synthesis module M ndivide, finally obtain the abstract model that finite state machine is described
The input data of authentication module are abstract model
Figure BDA0000460513900000092
adopt model testing technology traversal
Figure BDA0000460513900000093
state space, whether checking p meets.If system meets character p to be verified, return messages " meet "; Otherwise return messages " do not meet ".
Fig. 2 is overview flow chart of the present invention.The present invention includes following steps:
The first step, builds Parametric System automatic Verification framework, for Parametric System Design personnel provide a verification platform, for completing Parametric System checking.
Second step, this data structure of picks symbols migratory system is described individual process model.
The 3rd step, according to the function of Parametric System, defines the synthetic rule of multiple process true concurrencies.
The 4th step, reads in module and from outside, obtains the data that need, and comprises that the one process that designer provides designs a model, process number and character to be verified, resolves these data and obtains one process model, process number and character to be verified.
The 5th step, true concurrency synthesis module obtains individual process model and process number from reading in module, automatically builds the true concurrency synthetic model of having described Parametric System.
The 6th step, model abstract module obtains synthetic true concurrency synthetic model from true concurrency module, from reading in module, obtain character to be verified, the Parametric System that then adopts predicate abstraction method to describe true concurrency synthetic model carries out abstract abbreviation, obtains the abstract model that finite state machine is described.
The 7th step, authentication module is accessed each state of abstract model successively, checks and whether meets character to be verified, if meet return messages, " meets ", if do not meet return messages, " does not meet ".
The 8th step, checking finishes.
Fig. 3 is the present invention's the 3rd step true concurrency composition rule schematic diagram.With two LTSP=<S p, A p, → p> and Q=<S q, A q, → qsome states in > are example, the generation rule moving in true concurrency system provided by the invention is described intuitively, Fig. 3 (1), 3 (2), 3 (3) respectively corresponding the 3rd steps 3.3 described in migration generation rule (a) and (b), (c).
In Fig. 3 (1), s 1∈ S p, ε ∈ A pblank operation, s 2∈ S q, s' 2∈ S q, a 2∈ A qand (s 2, a 2, s' 2) ∈ → q, i.e. s 1be the state in P, currently without any operation, cause its state to change, s 2and s' 2two states in Q, action a 2initiation state s 2be transformed into state s' 2, show to move a 2do not change s 1and s 2public variable, only changed s 2local variable or s 2with the public variable of other states in P, so, s 1and s 2to the explanation of these public variables, be consistent, therefore s1 and s2 are compatible capable of being combined, meanwhile, and s 1and s' 2for the explanation of public variable, being also consistent, is also therefore compatible capable of being combined.According to the definition of true concurrency system, at the true concurrency system P|||Q=<S of P and Q formation pq, A pq, → pqin >, s 1s 2and s 1s' 2legal state, i.e. s 1s 2∈ S pq, s 1s' 2∈ S pq, a 2∈ A pq, and (s 1s 2, a 2, s 1s' 2) ∈ → pq.
In Fig. 3 (2), s 1∈ S p, s ' 1∈ S p, a 1∈ A pand (s 1, a 1, s ' 1) ∈ → p, s 2∈ S q, ε ∈ A qblank operation, i.e. s 2be the state in Q, currently without any operation, cause its state to change, s 1and s ' 1two states in P, action a 1initiation state s 1be transformed into state s ' 1, show to move a 1do not change s 1and s 2public variable, only changed s 1local variable or s 1with the public variable of other states in Q, so, s 1and s 2to the explanation of these public variables, be consistent, therefore s 1and s 2compatible capable of being combined, meanwhile, s ' 1and s 2for the explanation of public variable, being also consistent, is also therefore compatible capable of being combined.According to the definition of true concurrency system, at the true concurrency system P|||Q=<S of P and Q formation pq, A pq, → pqin >, s 1s 2and s ' 1s 2legal state, i.e. s 1s 2∈ S pq, s ' 1s 2∈ S pq, a 1∈ A pq, and (s 1s 2, a 1, s ' 1s 2) ∈ → pq.
In Fig. 3 (3), s 1∈ S p, s ' 1∈ S p, a 1∈ A p, s 2∈ S q, s' 2∈ S q, a 2∈ A q, and (s 1, a 1, s ' 1) ∈ → p, (s 2, a 2, s' 2) ∈ → q, i.e. s 1and s ' 1two states in P, s 2and s' 2two states in Q, action a 1initiation state s 1be transformed into state s ' 1, action a 2initiation state s 2be transformed into state s' 2.If a 1and a 2that change is not s 1and s 2public variable (that is to say a 1that change is s 1local variable or s 1with the public variable of other states in Q, a 2that change is s 2local variable or s 2public variable with other states in P), or a 1and a 2to the modification of public variable, be identical, so, action a 1and a 2be that permission is simultaneous, their execution can not cause any conflict, s 1and s 2the explanation of the public variable to them is consistent, s ' 1and s' 2the explanation of the public variable to them is also consistent, therefore, and s 1and s 2, s ' 1and s' 2all compatible capable of being combined.According to the definition of true concurrency system, at the true concurrency system P|||Q=<S of P and Q formation pq, A pq, → pqin >, s 1s 2and s ' 1s' 2legal state, i.e. s 1s 2∈ S pq, s ' 1s' 2∈ S pq, a 1a 2∈ A pq, and (s 1s 2, a 1a 2, s ' 1s 2) ∈ → pq.

Claims (3)

1. towards an automatic verification method for Parametric System, it is characterized in that comprising the following steps:
The first step, builds Parametric System automatic Verification framework, and Parametric System automatic Verification framework forms by reading in module, true concurrency synthesis module, model abstract module and authentication module; Read in module and from outside, obtain the data that need, comprise that the one process that designer provides designs a model, process number and character to be verified, resolve these data and obtain one process model M, process number n and character p to be verified, wherein, M adopts finite state machine to describe; N is a natural number, represents the process number that whole Parametric System comprises; P adopts regular grammer to describe, and represents character to be verified; Read in module M and n are sent to true concurrency synthesis module, p is sent to model abstract module; True concurrency synthesis module obtains one process model M from reading in module, and the true concurrency that then completes n process according to the true concurrency composition rule of definition synthesizes, and obtains describing the true concurrency synthetic model M of whole Parametric System n, wherein, M nalso adopt finite state machine to describe; True concurrency synthesis module is by M nsend model abstract module to, model abstract module, according to automatically choosing predicate from reading in the character p to be verified that module obtains from self-defined predicate storehouse B, forms predicate set Φ, and obtains predicate expression formula l, then adopts predicate expression formula l to M ncarry out equivalent partition, obtain the abstract model that finite state machine is described
Figure FDA0000460513890000011
and will send to authentication module; Authentication module is accepted abstract model
Figure FDA0000460513890000013
adopt Model Checking to provide Property Verification result, if meet character p to be verified, output message " meets ", otherwise output message " does not meet ";
Second step, chooses mark migratory system LTS and carries out individual process modeling, and LTS is the one of finite state machine, increases a migration action and get in common state transition diagram; LTS is a tlv triple <S, A, and → >, wherein, S represents state set; A represents set of actions, comprises the sightless internal actions of other process and the external action with other process interaction; → represent migration set, i.e. limit in LTS, wherein, → in each element be a tlv triple <s, a, t>, represents from state s, in the situation that action a occurs, arrive a limit of state t, s and t are the elements in state set S;
The 3rd step, definition true concurrency composition rule, is P=<S for given any two LTS p, A p, → p> and Q=<S q, A q, → qthe true concurrency system P|||Q=<S of > composition pq, A pq, → pqthe formal semantic model of > is defined as follows:
3.1.S pq=S p× S q, wherein S prepresent a state in P, S qrepresent a state in Q, S pand S qa state of the two element group representation true concurrency system P|||Q that form, uses S pqrepresent;
3.2.A pq=A p× A q, wherein A prepresent an action in P, A qrepresent an action in Q, A pand A qan action of the two element group representation true concurrency system P|||Q that form, uses A pqrepresent;
3.3. for limit (s arbitrarily in P and Q 1, a 1, s 1') ∈ → p, (s 2, a 2, s' 2) ∈ → q, i.e. the migration of in P limit is from state s 1through action a 1arrival state s ' 1, a migration limit in Q is from state s 2through action a 2arrival state s' 2, synthetic migration → pqaccording to following rule, produce:
(a) if a 1for blank operation, a 2be not blank operation, so, s 1=s ' 1and (s 1s 2, a 2, s 1s' 2) ∈ → pq, in P|||Q, exist from state s 1s 2through action a 2to state s 1s' 2one migration limit, wherein, s 1s 2and s 1s' 2represent the new state in synthesis system, i.e. state s 1s 2represent that first process status is s 1, second process status is s 2the new state obtaining after synthetic;
(b) if a 1be not blank operation, a 2for blank operation, so, s 2=s' 2and (s 1s 2, a 1, s ' 1s 2) ∈ → pq, in P|||Q, exist from state s 1s 2through action a 1to state s ' 1s 2one migration limit;
(c) if a 1be not blank operation, a 2be not blank operation yet, and a 1and a 2that change is not s 1and s 2public variable, or be identical to the modification of public variable, so, claim s 1and s 2compatible capable of being combined, and (s 1s 2, a 1a 2, s ' 1s' 2) ∈ → pq, in P|||Q, exist from state s 1s 2through action a 1a 2to state s ' 1s' 2one migration limit;
The 4th step, reads in module and reads the data that validation framework needs, and method is:
Step 4.1, reads in module and reads in individual process state transition table T from external file, sets up the LTS model M of one process; State transition table T is with the state transition situation of the formal description individual process of file, comprise state, action and transition relationship three parts, each transition relationship in state transition table is a tlv triple: < current state, action, dbjective state >, an element in each state corresponding states S set, an element in action respective action set A, between all processes complicated relation form whole transition relationship set →; The content of reading in line by line from top to bottom table T, builds state set, set of actions and transition relationship set successively, obtains the one process model M that LTS describes:
Step 4.2, reads in module and reads in system process number num from terminal, is then stored as integer type variable n;
Step 4.3, read in module and from terminal, read in the character text to be verified of text character string descriptor, and adopt the instrument Lex & Yacc increasing income to carry out lexical analysis, grammatical analysis and semantic analysis, obtain the character p to be verified that regular grammer is described;
The 5th step, true concurrency synthesis module carries out true concurrency to n one process model M and synthesizes, and builds the true concurrency synthetic model M that describes complete Parametric System n, method is:
Step 5.1: making lts_set is the set of n LTS, lts_mdl=<S lts, A lts, → lts> is the true concurrency synthetic model of the true concurrency system of this n LTS composition, and corresponding initial value is respectively: lts_set={P 1, P 2..., P n, wherein P 1, P 2..., P nrepresent n LTS;
Figure FDA0000460513890000034
wherein
Figure FDA0000460513890000032
represent empty set;
Step 5.2: if the element in lts_mdl is empty set, first, choose arbitrarily two LTS P from lts_set iand P j(1≤i<n, 1<j≤n, i ≠ j); Then, from lts_set, delete P iand P j; Finally, set up by P iand P jthe true concurrency synthetic model P of the true concurrency system of composition i|| | P j, according to the true concurrency composition rule of the 3rd step definition, to P iand P jcarry out true concurrency synthetic, and by P i|| | P jassignment is to lts_mdl;
If the element in lts_mdl is not empty set entirely, first, from lts_set, choose arbitrarily a LTSP k(1≤k≤n); Then, from lts_set, delete P k; Finally, set up by lts_mdl and P kthe Formal Semantic model lts_mdl|||P of the true concurrency system of composition k, according to the true concurrency composition rule of the 3rd step definition, to lts_mdl and P kcarry out true concurrency synthetic, and by lts_mdl|||P kassignment is to lts_mdl;
Step 5.3: if lts_set is not empty, go to step 5.2; Otherwise, by lts_mdl assignment to M n, true concurrency synthetic model is successfully established, and carries out the 6th step;
The 6th step, model abstract module adopts predicate abstraction method to Parametric System M ncarry out abbreviation, obtain the abstract model that finite state machine is described
Figure FDA0000460513890000033
model abstract module is by defining predicate module and predicate abstraction module forms, definition predicate module obtains character p to be verified from reading in module, the predicate storehouse providing from user obtains self-defined predicate storehouse B, the partial predicate of choosing in B according to character p to be verified forms predicate set Φ, then with the element in Φ, character p to be verified is described, obtain predicate expression formula l, and l is sent to predicate abstraction module; Predicate abstraction module obtains predicate expression formula l from definition predicate module, from true concurrency synthesis module, obtains true concurrency synthetic model M n, adopt predicate expression formula l to true concurrency synthetic model M ncarry out character division, obtain the abstract model that finite state machine is described concrete grammar is:
Step 6.1, definition predicate module obtains character p to be verified from reading in module, adopts Open-Source Tools Lex & Yacc to resolve character p to be verified, and p is divided into multiple subitems, and each subitem represents a character of Parametric System to be verified;
Step 6.2, making Φ is predicate set, represents all predicates that checking is used, and be initialized as empty set, predicate is the formalization representation of certain character of Parametric System to be verified, if the character that predicate μ represents can embody on state s, claims state s to meet predicate μ;
Step 6.3, obtains self-defined predicate storehouse B from user;
Step 6.4 to each subitem x of p, is chosen a corresponding predicate b from B x, b xthe character of describing is the character that subitem x expresses, by b xadd Φ to; A predicate μ is divided into two equivalence class: S by whole state set μwith
Figure FDA0000460513890000042
s μin all states all meet predicate μ,
Figure FDA0000460513890000043
in all states all do not meet predicate μ;
Step 6.5, adopt the logical and of predicate in set Φ to represent character p to be verified, multiple predicates employing logical and connectors couple together and form a long formula, obtain predicate expression formula l, l is exported to predicate abstraction module, and the expression formula consisting of m predicate the most at last state space is divided into 2 mindividual equivalence class; Each equivalence class distributes an equal tag, and equal tag is that length is the character string of m, if meet i predicate, the i position of equal tag is labeled as ' 1 ', otherwise is ' 0 '; Each equivalence class is a new state after predicate abstraction abbreviation, and equal tag is called the title of this new state;
Step 6.6, predicate abstraction module obtains predicate expression formula l from definition predicate module, from true concurrency synthesis module, obtains true concurrency synthetic model M n, to true concurrency synthetic model M ncarry out predicate abstraction, obtain abstract model
Figure FDA0000460513890000044
by state set S nwith transition relationship set R nform, the concrete grammar of predicate abstraction is:
Step 6.6.1, generating states set closes S n; If predicate expression formula l consists of the logical and of m predicate, S set nin have 2 mindividual state, each Status Name adopts binary coding, and the title of each state adopts binary digit; If binary digital i position is ' 1 ', represent to meet i predicate; Otherwise, i predicate of foot with thumb down; Check successively M neach state, and record this state satisfied information whether on m predicate, then according to the information of record, set corresponding to this state add to; The abstract model generating
Figure FDA0000460513890000051
state set S nin each element by multiple true concurrency synthetic model M nin state composition;
Step 6.6.2, generates transition relationship set R n, complete in accordance with the following steps:
6.6.2.1, initialization, transition relationship set R nbe initialized as empty set;
6.6.2.2, to S nin element according to the binary coding of Status Name according to ascending sort, and count initialized variable i=0;
If 6.6.2.3 i<2 m, count initialized variable j=0, turns 6.6.2.4 step; Otherwise go to step 6.6.3 step;
If 6.6.2.4 j<2 m, turn 6.6.2.5 step; Otherwise turn 6.6.2.6 step;
6.6.2.5, get abstract model two states
Figure FDA0000460513890000053
with
Figure FDA0000460513890000054
respectively corresponding two equivalence classes, wherein each equivalence class is true concurrency synthetic model M nthe set of middle state; If
Figure FDA0000460513890000055
with
Figure FDA0000460513890000056
difference existence s and t in corresponding equivalence class, and in model M nthe migration of middle existence from s to state t, generate one from arrive
Figure FDA0000460513890000058
migration, and add R to n; Counting variable j adds 1, turns 6.6.2.4 step;
6.6.2.6, counting variable i adds 1, turns 6.6.2.3 step;
Step 6.6.3, Computer Storage
Step 6.6.4, predicate abstraction module will
Figure FDA00004605138900000510
send authentication module to; status Name binary coding of middle existence is complete ' 1 ' state, is designated as S one, this state representation meets the equivalence class of character p to be verified, if S oneunreachable, represent not exist in Parametric System the state that does not meet character p to be verified;
The 7th step, authentication module is accessed abstract model successively
Figure FDA00004605138900000512
each state, check that whether p meets, if meet return messages, " meet ", if not meeting return messages " does not meet ", " meet " and represent that Parametric System to be verified meets character p, " not meeting " represents to be that Parametric System to be verified does not meet character p, and concrete grammar is:
Step 7.1, detects true concurrency synthetic model M noriginal state whether at S onein, if, return messages " meet ", represent S onecan reach, turn the 8th step; Otherwise, go to step 7.2;
Step 7.2, if original state is not at S onein, traversal
Figure FDA00004605138900000513
in state set S nin except S oneoutside all states, if exist a state S yand S yto S onehave a migration, return messages " meet ", turn the 8th step; Otherwise return to " not meeting " and represent S oneunreachable, turn the 8th step;
The 8th step, finishes.
2. a kind of automatic verification method towards Parametric System as claimed in claim 1, is characterized in that described state transition table T adopts the mode of text to store, and concrete form is:
(1), the behavior key word " begin " that starts most of table T, represent that migration table starts;
(2), table T the second behavior key word " states " and an integer sNumber, expression individual process state number, the title of all states of ensuing sNumber behavior;
(3), after state description finishes, newline is key word " acts " and an integer aNumber, represents the action number of individual process, the title of ensuing aNumber behavior everything;
(4), after action description finishes, newline is key word " trans ", is next the specific descriptions of each migration, these three information of current state, action and dbjective state are recorded in each provisional capital;
(5), table T last column is key word " end ", represents that migration table finishes.
3. a kind of automatic verification method towards Parametric System as claimed in claim 1, is characterized in that described step 6.6.3 Computer Storage method be: the storage of employing graph data structure, a node of each Abstract State corresponding diagram, a limit of each transition relationship corresponding diagram.
CN201410030123.XA 2014-01-22 2014-01-22 Automatic verification method orienting to parameterization system Active CN103729523B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410030123.XA CN103729523B (en) 2014-01-22 2014-01-22 Automatic verification method orienting to parameterization system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410030123.XA CN103729523B (en) 2014-01-22 2014-01-22 Automatic verification method orienting to parameterization system

Publications (2)

Publication Number Publication Date
CN103729523A true CN103729523A (en) 2014-04-16
CN103729523B CN103729523B (en) 2017-01-25

Family

ID=50453597

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410030123.XA Active CN103729523B (en) 2014-01-22 2014-01-22 Automatic verification method orienting to parameterization system

Country Status (1)

Country Link
CN (1) CN103729523B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110188432A (en) * 2019-05-20 2019-08-30 中汇信息技术(上海)有限公司 Verification method, electronic equipment and the computer readable storage medium of system architecture
CN111400716A (en) * 2020-02-25 2020-07-10 华东师范大学 Security mechanism verification method based on operating system
CN111428242A (en) * 2020-02-25 2020-07-17 华东师范大学 Safety mechanism verification device based on operating system
CN111475321A (en) * 2020-05-08 2020-07-31 中国人民解放军国防科技大学 Neural network security property verification method based on iterative abstract analysis

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1834931A (en) * 2005-03-17 2006-09-20 富士通株式会社 Error detection and correction apparatus, control method and program for error detection and correction apparatus
CN101438234A (en) * 2006-10-05 2009-05-20 美国日本电气实验室公司 Inter-procedural dataflow analysis of parameterized concurrent software
CN102540887A (en) * 2011-12-27 2012-07-04 浙江大学 Control method of non-linear parameterization system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1834931A (en) * 2005-03-17 2006-09-20 富士通株式会社 Error detection and correction apparatus, control method and program for error detection and correction apparatus
CN101438234A (en) * 2006-10-05 2009-05-20 美国日本电气实验室公司 Inter-procedural dataflow analysis of parameterized concurrent software
CN102540887A (en) * 2011-12-27 2012-07-04 浙江大学 Control method of non-linear parameterization system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110188432A (en) * 2019-05-20 2019-08-30 中汇信息技术(上海)有限公司 Verification method, electronic equipment and the computer readable storage medium of system architecture
CN111400716A (en) * 2020-02-25 2020-07-10 华东师范大学 Security mechanism verification method based on operating system
CN111428242A (en) * 2020-02-25 2020-07-17 华东师范大学 Safety mechanism verification device based on operating system
CN111475321A (en) * 2020-05-08 2020-07-31 中国人民解放军国防科技大学 Neural network security property verification method based on iterative abstract analysis
CN111475321B (en) * 2020-05-08 2024-04-26 中国人民解放军国防科技大学 Neural network security property verification method based on iterative abstract analysis

Also Published As

Publication number Publication date
CN103729523B (en) 2017-01-25

Similar Documents

Publication Publication Date Title
CN105446896B (en) The buffer memory management method and device of MapReduce application
CN107885499A (en) A kind of interface document generation method and terminal device
CN105095237B (en) Method and apparatus for the pattern for generating non-relational database
CN104298496B (en) data analysis type software development framework system
CN101841515B (en) Target variable protocol data unit codec code automatic generation implementation method
CN103593194A (en) Object serialization method and device
CN109086046A (en) A kind of front-end code automatic generation method and system based on interface specification document
CN103853650A (en) Test case generating method and device for fuzz testing
CN105706092A (en) Methods and systems of four-valued simulation
CN107609302B (en) Method and system for generating product process structure
CN103729523A (en) Automatic verification method orienting to parameterization system
CN111090417A (en) Binary file analysis method, device, equipment and medium
CN112667860A (en) Sub-graph matching method, device, equipment and storage medium
KR100596409B1 (en) Network modeling and simulation analysis apparatus for network simulatin package and the same method therefor
CN113254026B (en) Low code development method and device
Mousavi et al. Formal semantics and analysis of component connectors in Reo
Leporati et al. Shallow laconic P systems can count
CN114443656A (en) Customizable automated data model analysis tool and use method thereof
Bruni et al. Connector algebras, Petri nets, and BIP
CN103677841A (en) IETM code generation method and device based on element-level template
CN105912723A (en) Storage method of custom field
CN109388406A (en) Convert method and device, the storage medium, electronic device of java code
JPH04246776A (en) Method and device for organizing and analyzing timing information
US20150088483A1 (en) Simulated component connector definition and connection process
CN103164228B (en) A kind of generation method of field programmable gate array program and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant