CN103729523B - Automatic verification method orienting to parameterization system - Google Patents

Automatic verification method orienting to parameterization system Download PDF

Info

Publication number
CN103729523B
CN103729523B CN201410030123.XA CN201410030123A CN103729523B CN 103729523 B CN103729523 B CN 103729523B CN 201410030123 A CN201410030123 A CN 201410030123A CN 103729523 B CN103729523 B CN 103729523B
Authority
CN
China
Prior art keywords
state
predicate
module
model
lts
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410030123.XA
Other languages
Chinese (zh)
Other versions
CN103729523A (en
Inventor
屈婉霞
张龙
郭阳
李思昆
汪审权
胡慧俐
李暾
刘畅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National University of Defense Technology
Original Assignee
National University of Defense Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National University of Defense Technology filed Critical National University of Defense Technology
Priority to CN201410030123.XA priority Critical patent/CN103729523B/en
Publication of CN103729523A publication Critical patent/CN103729523A/en
Application granted granted Critical
Publication of CN103729523B publication Critical patent/CN103729523B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Stored Programmes (AREA)

Abstract

The invention discloses an automatic verification method orienting to a parameterization system and aims at solving the problems of high verification cost, low accuracy and low speed of the parameterization system. The automatic verification method adopting the technical scheme comprises the following steps: firstly constructing an automatic verification frame of the parameterization system based on the characteristics of the parameterization system; then reading-in a single progress model, the number of progresses, properties to be verified and a user-defined predicate library from the outside, and constructing a finite-state machine model with single progress; automatically constructing a true-concurrency synthetic model with complete description of the parameterization system according to a true-concurrency synthetic rule; then automatically carrying out abstraction simplification on the true-concurrency synthetic model by adopting a predicate abstract technology to obtain an abstract model described by a finite-state machine; and finally, traversing the abstract model by adopting a model inspection technology, and judging whether the properties to be verified are met. The automatic verification method disclosed by the invention has the advantages that the cost of modeling and verification of the parameterization system can be reduced, the verification accuracy can be improved, the verification scale of the parameterization system can be reduced and the verification speed can be increased.

Description

A kind of automatic verification method towards Parametric System
Technical field
The present invention relates to Model Checking in Formal Verification field, more particularly, to a kind of towards Parametric System from Dynamic verification method.
Background technology
Parametric System is that one group of structure is identical, synthetic operation process, concurrent in either synchronously or asynchronously mode between process Execution, the number of process is referred to as systematic parameter.Parametric System is very universal in reality, such as communication protocol, cache uniformity Agreement etc..Demand with aspects such as engineering and science improves constantly, and system scale expanding day, function are increasingly sophisticated, lead to Parametric System Design is very easy to error it is necessary to carry out comprehensively and effectively verifying to it.Model testing technology is in formalization Checking field is applied widely, and the method finite state machine represents system to be verified, with tense logical formula descriptive system Expect the property meeting, automatically judge the correctness of temporal logic formula by traveling through finite state machine, be successfully applied to In the checking of software and hardware system, it is a kind of very effective method of checking finite state system.However, how using model inspection Testing technique to high-efficiency certificate parameter system is still the very challenging work in one, current authentication field.
Between the arbitrariness of Parametric System parameter and process, the complexity of interaction result in the shape of Parametric System scale State space explodes.On the one hand, the increase of system scale brings stern challenge to checking personnel, how to ensure the standard of system modelling Really property becomes a subject matter of Parametric System checking.On the other hand, Parametric System scale becomes to refer to according to systematic parameter Number increases, and State space explosion leads to existing simplation verification and formalization verification method to be not directly applicable system checking, How preferably to improve the scale of Parametric System checking and verifying speed is the another one subject matter facing.
Content of the invention
The technical problem to be solved in the present invention is to propose a kind of automatic verification method towards Parametric System, solves parameter The following problem of change system checking: 1) the artificial participation of Parametric System checking is many, leads to verify the problem of high cost;2) parameterize The accuracy problem of system checking;3) checking scale and verifying speed problem.The method is directed to the feature of Parametric System, builds Parametric System automatic Verification framework.The present invention, from the property to be verified of Parametric System, builds parametrization mould automatically Type simultaneously carries out abstract letter, is then automatically performed Property Verification.First, set up the finite state machine model of individual process;Then, Automatically build complete Parametric System, reduce the accuracy manually participating in and ensureing modeling;Finally, using predicate abstraction side Method carries out Model Abstraction abbreviation to Parametric System, obtains the abstract model of finite state machine description, and performance model inspection party Whether method certificate parameter system meets property to be verified, improves checking scale and verifying speed.
The technical scheme is that
The first step, builds Parametric System automatic Verification framework, provides a checking for Parametric System Design personnel Platform, for completing the checking work of Parametric System.Parametric System automatic Verification framework by read in module, true concurrency close Become module, Model Abstraction module and authentication module composition.Read in module from the outside data obtaining and needing, carry including designer For one process design a model, process number and property to be verified, parse these data and obtain one process model m, process Number n and property p to be verified.Wherein, m adopts finite state machine to describe;N is a natural number, represents whole Parametric System bag The process number containing;P adopts regular grammer to describe, and represents property to be verified.Read in module and m and n is sent to true concurrency conjunction Become module, p is sent to Model Abstraction module;True concurrency synthesis module obtains one process model m, then basis from reading module The true concurrency composition rule of definition completes the true concurrency synthesis of n process, and the true concurrency obtaining describing whole Parametric System closes Become model mn, wherein, mnIt is also adopted by finite state machine description.True concurrency synthesis module is by mnSend Model Abstraction module, model to Abstract module chooses predicate according to property p to be verified obtaining from reading module from self-defined predicate base b automatically, constitutes predicate Set φ, and obtain predicate expressions l, then adopt predicate expressions l to mnCarry out equivalent partition, obtain finite state machine and retouch The abstract model statedAnd willIt is sent to authentication module;Authentication module accepts abstract modelUsing model testing Method provides Property Verification result, if meeting property p to be verified, output message " meets ", otherwise output message " being unsatisfactory for ".
Second step, selection Labeled transition system lts (labeled transition system) carries out individual process and builds Mould.Lts is one kind of finite state machine, increases what a migration action got in common state transition diagram, is that explanation is many Plant the basis of the operational semantics of formalized model.Lts is a triple<s, a, →>, and wherein, s represents state set;A represents Set of actions, including other sightless internal actions of process and the external action with other process interactions;→ represent migration collection Close, i.e. side in lts, wherein, → each of element be all a triple < s, a, t >, expression is from state s, In the case that action a occurs, reach a line of state t, s and t is the element in state set s.Lts can be very straight See ground descriptive system behavior it is adaptable to characterising parameter system.
3rd step, defines true concurrency composition rule.For given any two lts, i.e. p=< sp,ap,→p> and q=< sq,aq,→q>true concurrency system p that forms | | | q=<spq,apq,→pq> formal semantic model be defined as follows:
3.1、spq=sp×sq, wherein spRepresent one of p state, sqRepresent one of q state, spAnd sqConstitute Two element group representation true concurrency systems p | | | a state of q, use spqTo represent.
3.2、apq=ap×aq, wherein apRepresent one of p action, aqRepresent one of q action, apAnd aqConstitute Two element group representation true concurrency systems p | | | an action of q, use apqTo represent.
3.3rd, for side (s arbitrary in p and q1,a1,s1′)∈→p, (s2,a2,s′2)∈→q, i.e. a migration in p While from state s1Through action a1Arrival state s1', in q migration side is from state s2Through action a2Arrival state s '2, close The migration becoming →pqProduce according to following rule:
If (a) a1For do-nothing operation, a2It is not do-nothing operation, then, s1=s1' and (s1s2,a2,s1s′2)∈→pq, i.e. p | | | exist from state s in q1s2Through action a2To state s1s′2One migration side, wherein, s1s2And s1s′2Represent synthesis system New state in system, i.e. state s1s2Represent that first process status is s1, second process status is s2Obtain after synthesis New state, in regular (b), (c), the mark of synthetic state is similar to;
If (b) a1It is not do-nothing operation, a2For do-nothing operation, then, s2=s '2And (s1s2,a1,s1′s2)∈→pq, i.e. p | | | exist from state s in q1s2Through action a1To state s1′s2One migration side;
If (c) a1It is not do-nothing operation, a2It is not do-nothing operation yet, and a1And a2That change is not s1And s2Public change Amount, or be identical to the modification of public variable, then, claim s1And s2It is compatible combined, and (s1s2,a1a2,s1′ s′2)∈→pq, i.e. p | | | exist from state s in q1s2Through action a1a2To state s1′s′2One migration side.
4th step, reads in module and reads the data that validation framework needs, method is:
Step 4.1, reads in module and reads in individual process state transition table t from external file, set up the lts model of one process m.State transition table t describes the state transition situation of individual process in the form of a file, including state, action and transition relationship three Most of.Each of state transition table transition relationship is a triple:<current state, action, dbjective state>.Each One of individual state corresponding states set s element, one of action respective action set a element, wrong between all processes The comprehensive complicated relation whole transition relationship set of composition →.T is stored by the way of text, and has fixing form.Tool Physique formula is:
(1), the behavior keyword " begin " that table t starts most, represents that migration table starts.
(2), state description.The second behavior keyword " states " of table t and an integer snumber, represent single enter The state number of journey.The title of all states of ensuing snumber behavior.
(3), action description.After state description terminates, newline is keyword " acts " and an integer anumber, Represent the action number of individual process.The title of ensuing anumber behavior everything.
(4), migration description.After action description terminates, newline is keyword " trans ".Next move for each The specific descriptions moved, every a line all records this three information of current state, action and dbjective state.
(5), table t last column is keyword " end ", represents migration end of list (EOL).
Read in the content of table t from top to bottom line by line, build state set, set of actions and transition relationship set successively, obtain One process model m to lts description.
Step 4.2, reads in module and reads in system process number num from terminal, is then store as integer type and becomes Amount n.
Step 4.3, reads in property text to be verified that module reads in text character string descriptor from terminal, and adopts Increase income instrument lex&yacc (with reference to books: jhon r.levine, tony mason, doug brown write. Yang Zuomei, Zhang Xu East is translated. " lex and yacc " (second edition), China Machine Press, in January, 2003) carry out morphological analysis, syntactic analysis and semanteme Analysis, obtains property p to be verified of regular grammer description.
5th step, true concurrency synthesis module carries out true concurrency synthesis to n one process model m, automatically builds description complete The true concurrency synthetic model m of Parametric Systemn, method is:
Step 5.1, makes the set that lts_set is n lts, lts_mdl=< slts,alts,→lts> form for this n lts True concurrency system true concurrency synthetic model, corresponding initial value is respectively as follows: lts_set={ p1,p2,…,pn, wherein p1, p2,…,pnRepresent n lts;WhereinRepresent empty set.
Step 5.2, if the element in lts_mdl is empty set, first, arbitrarily chooses two lts from lts_set piAnd pj(1≤i < n, 1 < j≤n, i ≠ j);Then, delete p from lts_setiAnd pj;Finally, set up by piAnd pjComposition The true concurrency synthetic model p of true concurrency systemi|||pj, i.e. the true concurrency composition rule according to the 3rd step definition, to piAnd pjEnter Row true concurrency synthesizes, and by pi|||pjIt is assigned to lts_mdl.
If the element in lts_mdl is not all empty set, first, arbitrarily choose a lts p from lts_setk(1≤k ≤n);Then, delete p from lts_setk;Finally, set up by lts_mdl and pkThe Formal Semantic mould of the true concurrency system of composition Type lts_mdl | | | pk, i.e. the true concurrency composition rule according to the 3rd step definition, to lts_mdl and pkCarry out true concurrency synthesis, and By lts_mdl | | | pkIt is assigned to lts_mdl.
Step 5.3, if lts_set is not empty, goes to step 5.2;Otherwise, lts_mdl is assigned to mn, true concurrency synthesis Model is successfully established, and executes the 6th step.
6th step, Model Abstraction module adopts predicate abstraction method to Parametric System mnCarry out abbreviation, obtain limited shape The abstract model of state machine descriptionModel Abstraction module is by defining predicate module and predicate abstraction module forms.Define predicate Module obtains property p to be verified from reading module, and the predicate base providing from user obtains self-defined predicate base b, according to be verified The partial predicate that property p is chosen in b constitutes predicate set φ, then describes property p to be verified with the element in φ, obtains predicate Expression formula l, and predicate expressions l is sent to predicate abstraction module.Predicate abstraction module obtains predicate from definition predicate module Expression formula l, obtains true concurrency synthetic model m from true concurrency synthesis modulen, using predicate expressions l to true concurrency synthetic model mn Carry out property division, obtain the abstract model of finite state machine descriptionConcrete grammar is:
Step 6.1, defines predicate module and obtains property p to be verified from reading module, using Open-Source Tools lex&yacc solution Analyse property p to be verified, p is divided into multiple subitems, each subitem represents a property of Parametric System to be verified;
Step 6.2, makes φ be predicate set, represents all predicates that checking is used, and is initialized as empty set.Predicate is to treat The formalization representation of certain property of Parametric System of checking, if the property that predicate μ represents can embody in state s, claims State s meets predicate μ.
Step 6.3, obtains self-defined predicate base b from user, and b needs checking personnel to provide.According to different checking models, The suitable predicate base of User Defined, improves flexibility and the adaptability of checking.
Step 6.4, each subitem x to p, chooses a corresponding predicate b from bx(i.e. predicate bxThe property of description Property for subitem x expression), by bxIt is added to ф.Whole state set is divided into two parts and (is referred to as here by one predicate μ For two equivalence classes): sμWithsμIn all states be satisfied by predicate μ,In all states be all unsatisfactory for predicate μ.
Using the logical AND of predicate in set ф, step 6.5, to represent that (i.e. multiple predicates adopt logic to property p to be verified Couple together one long formula of composition with connector), obtain predicate expressions l, l is exported to predicate abstraction module.Due to meaning Word expression formula l is the logical AND of multiple predicates, thus the expression formula being made up of m predicate the most at last state space be divided into 2mIndividual Equivalence class.Each equivalence class distributes an equal tag, and equal tag is that character string that length is m (or is considered one Binary number).If meeting the i-th predicate, the i-th bit of equal tag is labeled as ' 1 ', otherwise for ' 0 '.Each equivalence class is A new state after predicate abstraction abbreviation, equal tag is referred to as the title of this new state.
Step 6.6, predicate abstraction module obtains predicate expressions l from definition predicate module, obtains from true concurrency synthesis module Obtain true concurrency synthetic model mn, then to true concurrency synthetic model mnCarry out predicate abstraction, obtain abstract modelAbstract mould TypeBy state set snWith transition relationship set rnConstitute, the concrete grammar of predicate abstraction is:
Step 6.6.1, generating states set closes sn.If predicate expressions l is made up of the logical AND of m predicate, set sn In have 2mIndividual state, each Status Name adopts binary coding, and that is, the title of each state adopts binary digit.As Really binary digital i-th bit is ' 1 ', represents and meets i-th predicate;Otherwise, i-th predicate of foot with thumb down.It is examined in mnEach state, and record the information whether this state meets on m-th predicate, then should according to the information of record State is added to corresponding set.The abstract model generatingState set snEach of element by multiple true concurrencies Synthetic model mnIn state composition.
Step 6.6.2, generates transition relationship set rn, complete in accordance with the following steps:
6.6.2.1, initialize, transition relationship set rnIt is initialized as empty set.
6.6.2.2, to snIn element according to the binary coding of Status Name according to ascending sort, and count initialized Variable i=0.
If 6.6.2.3 i < 2m, count initialized variable j=0, turn 6.6.2.4 step;Otherwise go to step 6.6.3.
If 6.6.2.4 j < 2m, then turn 6.6.2.5 step;Otherwise turn 6.6.2.6 step.
6.6.2.5, take abstract modelTwo statesWithCorrespond to two equivalence classes, each of which respectively Equivalence class is all true concurrency synthetic model mnThe set of middle state.IfWithIt is respectively present state s in corresponding equivalence class With t, and in model mnMiddle existence from one of s to state t migration, then generate one fromArriveMigration, and add It is added to rn.Counting variable j adds 1, turns 6.6.2.4 step.
6.6.2.6, counting variable i adds 1, turns 6.6.2.3 step.
Step 6.6.3, Computer Storage Graph data structure can be directly adopted to store.Each Abstract State One node of corresponding diagram, a line of each transition relationship corresponding diagram.
Step 6.6.4, predicate abstraction module willSend authentication module to.The abstract model that authentication module obtains It is with the finite state machine of graph data structure storage.The abstract model of predicate abstraction module outputOne state name of middle presence Binary coding is called complete ' 1 ' state, is designated as sone, this state representation meets the equivalence class of property p to be verified.If soneNo Up to then it represents that there is not the state being unsatisfactory for property p to be verified in Parametric System.
7th step, authentication module accesses abstract model successivelyEach state, check p whether meet, if meet Then returning message " satisfaction ", if being unsatisfactory for, returning message " being unsatisfactory for "." satisfaction " represents Parametric System satisfaction property to be verified Matter p, " being unsatisfactory for " expression is that Parametric System to be verified is unsatisfactory for property p, and concrete grammar is:
Step 7.1, detects true concurrency synthetic model mnOriginal state whether in soneIn, if returning message " satisfaction ", represents soneUp to turn the 8th step;Otherwise, 7.2 are gone to step.
Step 7.2, if original state is not in soneIn, then travel through mp nIn state set snIn remove soneOutside all State, if there is state syAnd syTo soneThere is a migration, then return message " satisfaction ", turn the 8th step;Otherwise Return " being unsatisfactory for " and represent soneUnreachable, turn the 8th step.
8th step, terminates.
Following technique effect can be reached using the present invention:
1st, due to the present invention except the first step and the 6th step need to manually provide in addition to necessary data, other steps are by calculating Machine automatically completes, and decreases artificial participation, reduces the cost of Parametric System checking.
2nd, because the present invention the 4th step reads in individual process model and the 5th step builds true concurrency model by computer root Rule according to definition completes, and automation builds Parametric System model, improves the accuracy of Parametric System checking.
3rd, because the present invention the 6th step adopts predicate abstraction technology, greatly have compressed the state space of checking system, and And state space traversal is carried out using efficient model testing technology, reduce the checking scale of Parametric System, improve and test Card speed.
Brief description
Fig. 1 is the Parametric System automatic Verification frame logic structure chart that the first step of the present invention builds.
Fig. 2 is overview flow chart of the present invention.
Fig. 3 is the present invention the 3rd step true concurrency composition rule schematic diagram.
Specific embodiment
Fig. 1 is the Parametric System automatic Verification frame logic structure chart that the first step of the present invention builds.Whole checking frame Frame is formed by reading in module, true concurrency synthesis module, Model Abstraction module and authentication module.
Read in module and read in, from file and terminal, the data needing, be sent to true concurrency synthesis module and mould after treatment Type abstract module.First, read in module and read in individual process state transition table t from external file, set up the lts model of one process m.State transition table t describes the state transition situation of individual process in the form of a file, including state and the big portion of transition relationship two Point.State transition table record Status Name, denomination of dive and transition relationship, each transition relationship is a triple: < current State, action, dbjective state >.One of the corresponding s of each state element, one of corresponding a of action element, Suo Youjin The migration whole transition relationship set of composition of journey →.Then, read in module and read in system process number num from terminal, And it is stored as integer type variable n.Finally, read in the property to be verified that module reads in text character string descriptor from terminal Text, and morphological analysis, syntactic analysis and semantic analysis are carried out using lex&yacc instrument, obtain the to be tested of regular grammer description Card property p.
True concurrency module receives from input data m reading in module and n, and the true concurrency completing n one process model m closes Become, build the true concurrency synthetic model m describing whole Parametric Systemn.
Model Abstraction module receives from data p reading in module and true concurrency synthesis module and mn, after processing Obtain abstract modelAnd willDeliver to authentication module.This module is divided into two submodules: defines predicate module and predicate Abstract module.Define predicate module and receive the p obtaining from reading module;Then according to predicate base b manually providing, it is suitable to choose Predicate constitute predicate set ф, and property p to be verified is described using the logical AND of predicate, obtains predicate expressions l;Finally will L delivers to predicate abstraction module.Predicate abstraction module receives the m from true concurrency synthesis modulenWith define predicate module l, and Using predicate expressions l to true concurrency synthesis module mnDivided, finally obtained the abstract model of finite state machine description
The input data of authentication module is abstract modelUsing model testing technology traversalState space, test Whether card p meets.If system meets property p to be verified, return message " satisfaction ";Otherwise return message " being unsatisfactory for ".
Fig. 2 is overview flow chart of the present invention.The present invention comprises the following steps:
The first step, builds Parametric System automatic Verification framework, provides a checking for Parametric System Design personnel Platform, is used for completing Parametric System checking.
Second step, this data structure of picks symbols migratory system describes individual process model.
3rd step, according to the function of Parametric System, defines the rule of multiple process true concurrency synthesis.
4th step, reads in module from the outside data obtaining and needing, the one process including designer's offer designs a model, Process number and property to be verified, parse these data and obtain one process model, process number and property to be verified.
5th step, true concurrency synthesis module obtains individual process model and process number from reading module, automatically builds and retouches State the true concurrency synthetic model completing Parametric System.
6th step, Model Abstraction module obtains the true concurrency synthetic model of synthesis from true concurrency module, obtains from reading in module Obtain property to be verified, then abstract is carried out using the Parametric System that predicate abstraction method describes to true concurrency synthetic model Letter, obtains the abstract model of finite state machine description.
7th step, authentication module accesses each state of abstract model successively, checks whether and meets property to be verified, if Meeting and then return message " satisfaction ", if being unsatisfactory for, returning message " being unsatisfactory for ".
8th step, checking terminates.
Fig. 3 is the present invention the 3rd step true concurrency composition rule schematic diagram.With two ltsp=< sp,ap,→p>and q=<sq, aq,→q> in some states as a example, intuitively describe the present invention offer true concurrency system in migration generation rule, Fig. 3 (1), 3 (2), 3 (3) migration generation rule (a) described in the 3.3 of the 3rd step, (b), (c) are corresponded to respectively.
In Fig. 3 (1), s1∈sp, ε ∈ apIt is do-nothing operation, s2∈sq, s '2∈sq, a2∈aqAnd (s2,a2,s′2)∈ →q, i.e. s1It is the state in p, lead to its state to change currently without any operation, s2With s '2It is two states in q, Action a2Initiation state s2It is transformed into state s '2, show action a2Do not change s1And s2Public variable, only change s2 Local variable or s2Public variable with other states in p, then, s1And s2Explanation to these public variables is consistent , therefore s1And s2It is compatible combined, meanwhile, s1With s '2Explanation for public variable is also consistent, is also therefore Compatibility can be combined.According to the definition of true concurrency system, in true concurrency system p of p and q composition | | | q=< spq,apq,→pq> In, s1s2And s1s′2Legal state, i.e. s1s2∈spq, s1s′2∈spq, a2∈apq, and (s1s2,a2,s1s′2)∈→pq.
In Fig. 3 (2), s1∈sp, s1′∈sp, a1∈apAnd (s1,a1,s1′)∈→p, s2∈sq, ε ∈ aqIt is empty behaviour Make, i.e. s2It is the state in q, lead to its state to change currently without any operation, s1And s1' it is two states in p, Action a1Initiation state s1It is transformed into state s1', show action a1Do not change s1And s2Public variable, only change s1 Local variable or s1Public variable with other states in q, then, s1And s2Explanation to these public variables is consistent , therefore s1And s2It is compatible combined, meanwhile, s1' and s2Explanation for public variable is also consistent, is also therefore Compatibility can be combined.According to the definition of true concurrency system, in true concurrency system p of p and q composition | | | q=< spq,apq,→pq> In, s1s2And s1′s2Legal state, i.e. s1s2∈spq, s1′s2∈spq, a1∈apq, and (s1s2,a1,s1′s2)∈→pq.
In Fig. 3 (3), s1∈sp, s1′∈sp, a1∈ap, s2∈sq, s '2∈sq, a2∈aq, and (s1,a1,s1′)∈ →p, (s2,a2,s′2)∈→q, i.e. s1And s1' it is two states in p, s2With s '2It is two states in q, action a1Cause State s1It is transformed into state s1', action a2Initiation state s2It is transformed into state s '2.If a1And a2That change is not s1And s2Public affairs Covariate (that is, a1That change is s1Local variable or s1With the public variable of other states in q, a2Change be s2Local variable or s2Public variable with other states in p), or a1And a2Modification to public variable is identical, So, action a1And a2It is that permission is simultaneous, their execution will not cause any conflict, s1And s2Public to them The explanation of variable is consistent, s1' and s '2Explanation to their public variable is also consistent, therefore, s1And s2、s1' and s′2It is all compatible can be combined.According to the definition of true concurrency system, in true concurrency system p of p and q composition | | | q=< spq,apq, →pq> in, s1s2And s1′s′2Legal state, i.e. s1s2∈spq, s1′s′2∈spq, a1a2∈apq, and (s1s2,a1a2,s1′ s2)∈→pq.

Claims (3)

1. a kind of automatic verification method towards Parametric System is it is characterised in that comprise the following steps:
The first step, builds Parametric System automatic Verification framework, and Parametric System automatic Verification framework is by reading in module, true Concurrent synthesis module, Model Abstraction module and authentication module composition;Read in module from the outside data obtaining and needing, including design The one process that personnel provide designs a model, process number and property to be verified, parse these data obtain one process model m, Process number n and property p to be verified, wherein, m adopts finite state machine to describe;N is a natural number, represents whole and parameterizes The process number that system comprises;P adopts regular grammer to describe, and represents property to be verified;Read in module to be sent to very m and n Concurrent synthesis module, p is sent to Model Abstraction module;True concurrency synthesis module obtains one process model m from reading module, so Complete the true concurrency synthesis of n process afterwards according to the true concurrency composition rule of definition, obtain describing the true of whole Parametric System Concurrent synthetic model mn, wherein, mnIt is also adopted by finite state machine description;True concurrency synthesis module is by mnSend Model Abstraction mould to Block, Model Abstraction module chooses predicate according to property p to be verified obtaining from reading module from self-defined predicate base b automatically, Constitute predicate set φ, and obtain predicate expressions l, then adopt predicate expressions l to mnCarry out equivalent partition, obtain limited The abstract model of state machine descriptionAnd willIt is sent to authentication module;Authentication module accepts abstract modelUsing mould The type method of inspection provides Property Verification result, if meeting property p to be verified, output message " meets ", and otherwise output message is " no Meet ";
Second step, chooses Labeled transition system lts and carries out individual process modeling, lts is one kind of finite state machine, common Increase a migration action in state transition diagram to get;Lts is a triple<s, a, →>, and wherein, s represents state set;a Represent set of actions, including other sightless internal actions of process and the external action with other process interactions;→ represent and move Move set, i.e. side in lts, wherein, → each of element be all a triple < s, a, t >, represent from state s, In the case that action a occurs, reach a line of state t, s and t is the element in state set s;
3rd step, defines true concurrency composition rule, is p=< s for given any two ltsp,ap,→p>and q=<sq,aq, →q>true concurrency system p that forms | | | q=<spq,apq,→pq> formal semantic model be defined as follows:
3.1.spq=sp×sq, wherein spRepresent one of p state, sqRepresent one of q state, spAnd sqThe binary constituting Group represents true concurrency system p | | | a state of q, use spqTo represent;
3.2.apq=ap×aq, wherein apRepresent one of p action, aqRepresent one of q action, apAnd aqThe binary constituting Group represents true concurrency system p | | | an action of q, use apqTo represent;
3.3. for side (s arbitrary in p and q1,a1,s′1)∈→p, (s2,a2,s′2)∈→q, that is, in p one migration side from State s1Through action a1Arrival state s '1, a migration side in q is from state s2Through action a2Arrival state s'2, synthesis Migration →pqProduce according to following rule:
If (a) a1For do-nothing operation, a2It is not do-nothing operation, then, s1=s '1And (s1s2,a2,s1s'2)∈→pq, i.e. p | | | q Middle exist from state s1s2Through action a2To state s1s'2One migration side, wherein, s1s2And s1s'2Represent in synthesis system New state, i.e. state s1s2Represent that first process status is s1, second process status is s2The new shape obtaining after synthesis State;
If (b) a1It is not do-nothing operation, a2For do-nothing operation, then, s2=s'2And (s1s2,a1,s′1s2)∈→pq, i.e. p | | | q Middle exist from state s1s2Through action a1To state s '1s2One migration side;
If (c) a1It is not do-nothing operation, a2It is not do-nothing operation yet, and a1And a2That change is not s1And s2Public variable, or Person is identical to the modification of public variable, then, claim s1And s2It is compatible combined, and (s1s2,a1a2,s′1s'2)∈ →pq, i.e. p | | | exist from state s in q1s2Through action a1a2To state s '1s'2One migration side;
4th step, reads in module and reads the data that validation framework needs, method is:
Step 4.1, reads in module and reads in individual process state transition table t from external file, set up the lts model m of one process;Shape State migration table t describes the state transition situation of individual process in the form of a file, including state, action and the big portion of transition relationship three Point, each of state transition table transition relationship is a triple:<current state, action, dbjective state>, each shape One of state corresponding states set s element, one of action respective action set a element, crisscross multiple between all processes The miscellaneous relation whole transition relationship set of composition →;Read in the content of table t from top to bottom line by line, build state set successively, move Make set and transition relationship set, obtain lts description one process model m:
Step 4.2, reads in module and reads in system process number num from terminal, be then store as integer type variable n;
Step 4.3, reads in property text to be verified that module reads in text character string descriptor from terminal, and using increasing income Instrument lex&yacc carry out morphological analysis, syntactic analysis and semantic analysis, obtain regular grammer description property p to be verified;
5th step, true concurrency synthesis module carries out true concurrency synthesis to n one process model m, builds description complete parameter system The true concurrency synthetic model m of systemn, method is:
Step 5.1: make the set that lts_set is n lts, lts_mdl=< slts,alts,→lts> it is the true of this n lts composition The true concurrency synthetic model of concurrent system,Corresponding initial value is respectively:Lts_set={ p1,p2,…,pn, wherein p1, p2,…,pnRepresent n lts;WhereinRepresent empty set;
Step 5.2: if the element in lts_mdl is empty set, first, arbitrarily choose two lts p from lts_setiWith pj, 1≤i < n, 1 < j≤n, i ≠ j;Then, delete p from lts_setiAnd pj;Finally, set up by piAnd pjComposition very simultaneously The true concurrency synthetic model p of the system of sending outi|||pj, i.e. the true concurrency composition rule according to the 3rd step definition, to piAnd pjCarry out true Concurrently synthesize, and by pi|||pjIt is assigned to lts_mdl;
If the element in lts_mdl is not all empty set, first, arbitrarily choose a lts p from lts_setk,1≤k≤n; Then, delete p from lts_setk;Finally, set up by lts_mdl and pkThe Formal Semantic model of the true concurrency system of composition lts_mdl|||pk, i.e. the true concurrency composition rule according to the 3rd step definition, to lts_mdl and pkCarry out true concurrency synthesis, and will lts_mdl|||pkIt is assigned to lts_mdl;
Step 5.3: if lts_set is not empty, go to step 5.2;Otherwise, lts_mdl is assigned to mn, true concurrency synthetic model It is successfully established, execute the 6th step;
6th step, Model Abstraction module adopts predicate abstraction method to Parametric System mnCarry out abbreviation, obtain finite state machine and retouch The abstract model statedModel Abstraction module, by defining predicate module and predicate abstraction module forms, defines predicate module from reading Enter module and obtain property p to be verified, the predicate base providing from user obtains self-defined predicate base b, chosen according to property p to be verified Partial predicate in b constitutes predicate set φ, then describes property p to be verified with the element in φ, obtains predicate expressions l, And predicate expressions l is sent to predicate abstraction module;Predicate abstraction module obtains predicate expressions l from definition predicate module, Obtain true concurrency synthetic model m from true concurrency synthesis modulen, using predicate expressions l to true concurrency synthetic model mnCarry out property Divide, obtain the abstract model of finite state machine descriptionConcrete grammar is:
Step 6.1, is defined predicate module and obtains property p to be verified from reading module, treated using Open-Source Tools lex&yacc parsing Checking property p, p is divided into multiple subitems, each subitem represents a property of Parametric System to be verified;
Step 6.2, makes φ be predicate set, represents all predicates that checking is used, and is initialized as empty set, predicate is to be verified Certain property of Parametric System formalization representation, if the property that predicate μ represents can embody in state s, claim state s Meet predicate μ;
Step 6.3, obtains self-defined predicate base b from user;
Step 6.4, each subitem x to p, chooses a corresponding predicate b from bx, bxThe property of description is expressed for subitem x Property, by bxIt is added to φ;Whole state set is divided into two equivalence class: s by one predicate μμWithsμIn all State is satisfied by predicate μ,In all states be all unsatisfactory for predicate μ;
Step 6.5, the logical AND using predicate in set φ to represent property p to be verified, and that is, multiple predicates adopt logical AND even Connect symbol and couple together one long formula of composition, obtain predicate expressions l, predicate expressions l is exported to predicate abstraction module, by The expression formula that m predicate is constituted the most at last state space be divided into 2mIndividual equivalence class;Each equivalence class distributes one and waits price card Note, equal tag is the character string that length is m, if meeting the i-th predicate, the i-th bit of equal tag is labeled as ' 1 ', otherwise For ' 0 ';Each equivalence class is a new state after predicate abstraction abbreviation, and equal tag is referred to as the name of this new state Claim;
Step 6.6, predicate abstraction module obtains predicate expressions l from definition predicate module, obtains very from true concurrency synthesis module Concurrent synthetic model mn, to true concurrency synthetic model mnCarry out predicate abstraction, obtain abstract model By state set sn With transition relationship set rnConstitute, the concrete grammar of predicate abstraction is:
Step 6.6.1, generating states set closes sn;If predicate expressions l is made up of the logical AND of m predicate, set snIn have 2mIndividual state, each Status Name adopts binary coding, and that is, the title of each state adopts binary digit;If two The i-th bit of binary digits is ' 1 ', represents and meets i-th predicate;Otherwise, i-th predicate of foot with thumb down;It is examined in mn's Each state, and record the information whether this state meets on m-th predicate, then the information according to record is by this state It is added to corresponding set;The abstract model generatingState set snEach of element synthesized by multiple true concurrencies Model mnIn state composition;
Step 6.6.2, generates transition relationship set rn, complete in accordance with the following steps:
6.6.2.1, initialize, transition relationship set rnIt is initialized as empty set;
6.6.2.2, to snIn element according to the binary coding of Status Name according to ascending sort, and count initialized variable i =0;
If 6.6.2.3 i < 2m, count initialized variable j=0, turn 6.6.2.4 step;Otherwise go to step 6.6.3 step;
If 6.6.2.4 j < 2m, then turn 6.6.2.5 step;Otherwise turn 6.6.2.6 step;
6.6.2.5, take abstract modelTwo statesWithCorrespond to two equivalence classes respectively, each of which is of equal value Class is all true concurrency synthetic model mnThe set of middle state;IfWithIt is respectively present state s and t in corresponding equivalence class, And in model mnMiddle existence from one of s to state t migration, then generate one fromArriveMigration, and be added to rn;Counting variable j adds 1, turns 6.6.2.4 step;
6.6.2.6, counting variable i adds 1, turns 6.6.2.3 step;
Step 6.6.3, Computer Storage
Step 6.6.4, predicate abstraction module willSend authentication module to;One Status Name binary coding of middle presence For complete ' 1 ' state, it is designated as sone, this state representation meets the equivalence class of property p to be verified, if soneUnreachable then it represents that There is not the state being unsatisfactory for property p to be verified in Parametric System;
7th step, authentication module accesses abstract model successivelyEach state, check p whether meet, if met; would return Message " meets ", if being unsatisfactory for, returns message " being unsatisfactory for ", and " satisfaction " represents that Parametric System to be verified meets property p, " no Satisfaction " expression is that Parametric System to be verified is unsatisfactory for property p, and concrete grammar is:
Step 7.1, detects true concurrency synthetic model mnOriginal state whether in soneIn, if, return message " satisfaction ", Represent soneUp to turn the 8th step;Otherwise, 7.2 are gone to step;
Step 7.2, if original state is not in soneIn, then travel throughIn state set snIn remove soneOutside all shapes State, if there is state syAnd syTo soneThere is a migration, then return message " satisfaction ", turn the 8th step;Otherwise return Return " being unsatisfactory for " and represent soneUnreachable, turn the 8th step;
8th step, terminates.
2. as claimed in claim 1 a kind of automatic verification method towards Parametric System it is characterised in that described state is moved Shifting table t is stored by the way of text, and concrete form is:
(1), the behavior keyword " begin " that table t starts most, represents that migration table starts;
(2), the second behavior keyword " states " of table t and an integer snumber, represents the state number of individual process, The title of all states of ensuing snumber behavior;
(3), after, state description terminates, newline is keyword " acts " and an integer anumber, represents individual process Action number, the title of ensuing anumber behavior everything;
(4) after, action description terminates, newline is keyword " trans ", is next the specific descriptions of each migration, Every a line all records this three information of current state, action and dbjective state;
(5), table t last column is keyword " end ", represents migration end of list (EOL).
3. as claimed in claim 1 a kind of automatic verification method towards Parametric System it is characterised in that described step 6.6.3 Computer StorageMethod be:Stored using graph data structure, one of each Abstract State corresponding diagram Node, a line of each transition relationship corresponding diagram.
CN201410030123.XA 2014-01-22 2014-01-22 Automatic verification method orienting to parameterization system Active CN103729523B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410030123.XA CN103729523B (en) 2014-01-22 2014-01-22 Automatic verification method orienting to parameterization system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410030123.XA CN103729523B (en) 2014-01-22 2014-01-22 Automatic verification method orienting to parameterization system

Publications (2)

Publication Number Publication Date
CN103729523A CN103729523A (en) 2014-04-16
CN103729523B true CN103729523B (en) 2017-01-25

Family

ID=50453597

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410030123.XA Active CN103729523B (en) 2014-01-22 2014-01-22 Automatic verification method orienting to parameterization system

Country Status (1)

Country Link
CN (1) CN103729523B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110188432B (en) * 2019-05-20 2023-01-31 中汇信息技术(上海)有限公司 System architecture verification method, electronic device and computer-readable storage medium
CN111428242A (en) * 2020-02-25 2020-07-17 华东师范大学 Safety mechanism verification device based on operating system
CN111400716A (en) * 2020-02-25 2020-07-10 华东师范大学 Security mechanism verification method based on operating system
CN111475321B (en) * 2020-05-08 2024-04-26 中国人民解放军国防科技大学 Neural network security property verification method based on iterative abstract analysis

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1834931A (en) * 2005-03-17 2006-09-20 富士通株式会社 Error detection and correction apparatus, control method and program for error detection and correction apparatus
CN101438234A (en) * 2006-10-05 2009-05-20 美国日本电气实验室公司 Inter-procedural dataflow analysis of parameterized concurrent software
CN102540887A (en) * 2011-12-27 2012-07-04 浙江大学 Control method of non-linear parameterization system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1834931A (en) * 2005-03-17 2006-09-20 富士通株式会社 Error detection and correction apparatus, control method and program for error detection and correction apparatus
CN101438234A (en) * 2006-10-05 2009-05-20 美国日本电气实验室公司 Inter-procedural dataflow analysis of parameterized concurrent software
CN102540887A (en) * 2011-12-27 2012-07-04 浙江大学 Control method of non-linear parameterization system

Also Published As

Publication number Publication date
CN103729523A (en) 2014-04-16

Similar Documents

Publication Publication Date Title
Probert et al. Synthesis of communication protocols: survey and assessment
Shahbaz et al. Inferring mealy machines
CN105608088B (en) A kind of database based on configuration file automatically creates and data dynamic recording method
Hromkovič Theoretical computer science: introduction to Automata, computability, complexity, algorithmics, randomization, communication, and cryptography
CN103729523B (en) Automatic verification method orienting to parameterization system
Mousavi et al. Formal semantics and analysis of component connectors in Reo
CN116956801B (en) Chip verification method, device, computer equipment and storage medium
Bruni et al. Connector algebras, Petri nets, and BIP
US20140013290A1 (en) Input Space Reduction for Verification Test Set Generation
Gorbachov et al. Formal transformations of structural models of complex network systems
CN114841103B (en) Parallel simulation method, system, storage medium and equipment for gate-level circuit
US7093224B2 (en) Model-based logic design
CN116050312A (en) Method and system for extracting hardware logic design hierarchical structure information based on linked list tree
CN109298857A (en) Method for building up, medium, device and the calculating equipment of DSL statement model
US20130139125A1 (en) Method and system for data modeling according to object perspectives
Oberg et al. Grammar-based hardware synthesis from port-size independent specifications
Beyer Rabbit: Verification of Real Time Systems
Boiten et al. From ODP viewpoint consistency to integrated formal methods
Grosu et al. What is behind UML-RT?
CN117807948A (en) Method and device for generating top-level netlist file, computer equipment and storage medium
Dorman et al. Structured operational semantics for graph rewriting
Barlas et al. Towards a correct translation from ASN. 1 into CafeOBJ
Mousavi et al. Specification, simulation, and verification of component connectors in Reo
Šimoňák et al. Abstraction-enriched Formal Methods Integration
CN118278355A (en) Method for generating circuit hierarchy structure diagram

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant