CN103778062A - Multi-interrupt routine data access conflict detection method based on abstract interpretation - Google Patents
Multi-interrupt routine data access conflict detection method based on abstract interpretation Download PDFInfo
- Publication number
- CN103778062A CN103778062A CN201410031451.1A CN201410031451A CN103778062A CN 103778062 A CN103778062 A CN 103778062A CN 201410031451 A CN201410031451 A CN 201410031451A CN 103778062 A CN103778062 A CN 103778062A
- Authority
- CN
- China
- Prior art keywords
- task
- shared variable
- data access
- access conflict
- target shared
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a multi-interrupt routine data access conflict detection method based on abstract interpretation. The multi-interrupt routine data access conflict detection method comprises the following steps: (1) describing interrupt-driven type routines by using an abstract interpretation framework, wherein modification on target-shared variation by other missions in each mission and modification conditions are abstracted to be one piece of interrupt information, all pieces of the interrupt information in each mission form an interrupt information set, and the stable interrupt information set is output through iterative computation; (2) collecting the interrupt information sets of all the missions to form an overall interrupt information set and obtaining the stable overall interrupt information set through the iterative computation; (3) traversing each mission by using the stable overall interrupt information set, and if the interrupt information which simultaneously satisfies the target-shared variation and the modification conditions exists in the overall interrupt information set, judging that a data access conflict exists. The multi-interrupt routine data access conflict detection method based on the abstract interpretation has the advantages of simple method, low complexity, accuracy and high reliability, and is applicable to detection of spaceflight embedded software.
Description
Technical field
The present invention relates to data access collision detection technical field, relate in particular to a kind of multiple interrupt routine data access conflict detection method based on abstract interpretation.
Background technology
Along with the development of China's aerospace industry, space flight embedded software becomes and becomes increasingly complex, and has also produced various software issues thereupon, and the data access collision problem of space flight embedded program is exactly one wherein.The generation of data access collision problem problem is between the different components due to spacecraft, have complicated data interaction between the software of multiple concurrent runnings.If therefore synchronous, mutual exclusion mechanism is misorient, be easy to produce the data access collision problem such as data contention, atomicity destruction, thereby cause software issue or the system failure.But because data access collision problem relates to the overlapping and sequential relationship of complexity between concurrent software, it detects comparatively difficulty.
Data access conflict refers to that multiple concurrent execution streams (as task, interruption, thread) read while write and wherein have an operation at least same data cell is write operation, main manifestations is that data contention and atomicity are destroyed two kinds of forms, data contention is the data collision between wall scroll statement, and the broken ring of atomicity is the data collision between wall scroll statement and statement block.Because the order between twice access relating in data access conflict can not be determined, therefore program may produce abnormal behaviour, even can cause software or thrashing when serious.
Because space flight embedded software scale is large, interruption and task scheduling deposit and running environment complexity be can not determine, thereby may cause producing the problem of State space explosion in analyzing and testing.Drives interrupts type software package, containing compositions such as normal work to do, interrupt handling routines, is a kind of special concurrent software, and how analyzing this class method is the problem that first needs solution.On the one hand, drives interrupts type software has the common problem of general concurrent program, because the integrality Space Explosion problem that the concurrent combination of state causes; On the other hand, drives interrupts type software is different from general multithread programs, because the dynamic that the uncertainty of down trigger and interruption are controlled, the implementation of drives interrupts type program is more complicated, need to make special semantic interpretation.
In prior art, by code source program being carried out to the abstract problem with solution State space explosion to a certain degree, but need to guarantee simultaneously the character that the detects model after abstract with before not abstract code be consistent, to guarantee the reliability of abstract rear model.At present existing multiple method of program being carried out to abstract modeling, but also lack for special concurrent software, as effective abstract modeling method of the driving program of multiple interrupt and corresponding data collision detection method.
Summary of the invention
The technical problem to be solved in the present invention is just: the technical matters existing for prior art, the invention provides that a kind of implementation method is simple, complexity is low, accuracy and reliability high, be applicable to the multiple interrupt routine data access conflict detection method based on abstract interpretation of space flight embedded software.
For solving the problems of the technologies described above, the technical scheme that the present invention proposes is:
A multiple interrupt routine data access conflict detection method based on abstract interpretation, step is:
(1) what between task, affect is abstract: using each drives interrupts type program as a task and adopt abstract interpretation framework to be described, modification each time by other tasks in each task to target shared variable and the modification condition of revising are each time abstract is an interfere information, and all interfere informations to target shared variable in each task form an interfere information set; The interfere information set of each task is independently carried out to iterative computation, until all tasks obtain stable interfere information set;
(2) obtain Static disturbance: collect stable interfere information set corresponding to all tasks and form a global disturbs information aggregate, obtain stable global disturbs information aggregate by iterative computation; When each iteration, global disturbs information aggregate is traveled through each task by the merging of input global disturbs information set, target jamming information aggregate after each task obtains influencing each other between a task after iteration, after the target jamming information aggregate of all tasks merges as the input of next iteration, until global disturbs information aggregate reaches fixed point;
(3) access conflict detects: use stable global disturbs information aggregate to travel through each task, when task to be detected conducts interviews to target shared variable, if there is the interfere information that meets target shared variable modification condition in global disturbs information aggregate, be judged to be to exist data access conflict simultaneously.
As a further improvement on the present invention, modification condition comprises in described step (1): arrive the path condition of modifying target shared variable, the executing state condition of program while arriving modifying target shared variable.
As a further improvement on the present invention, in described step (3), meet target shared variable revises the determination methods of condition and is simultaneously: judge whether path that the access path of task to be detected to target shared variable and other tasks arrive modifying target shared variable meets simultaneously and be executable state simultaneously, if yes, be judged to be to meet simultaneously, if NO while, being judged to be difference, meet.
As a further improvement on the present invention, the specific implementation method of in described step (1), the interfere information set of each task independently being carried out to iterative computation is: each task is carried out repeatedly to independently iteration, when the each iteration of each tasks carrying, all tasks are merged and as the input of iteration to the interfere information set that output is upgraded after iteration to the interfere information set of target shared variable; The interfere information set of the renewal that all tasks obtain merges and as the input of next iteration, until the interfere information set of all tasks reaches fixed point.
As a further improvement on the present invention, the concrete grammar that carries out abstract interpretation in described step (1) to interrupting driving program is:
(1.1) carry out formalized description to interrupting driving program, the task using main task and the unification of drives interrupts type program as whole system, each task is abstract is program statement and the corresponding priority of task;
(1.2) carry out semantic interpretation to interrupting driving program, describe the form of drives interrupts type program in the time carrying out, obtain state transition function by the concrete executing state of drives interrupts type program.
As a further improvement on the present invention, also comprise the semantical definition flow process of the atomic sentence after step (1.2), concrete methods of realizing is: original state is filtered, describe the semantics of every atomic sentence in drives interrupts type program.
As a further improvement on the present invention, the determination methods that reaches fixed point in described step (2) is: judge that whether the global disturbs information aggregate of exporting after adjacent twice iteration is identical, if yes, judgement reaches fixed point.
As a further improvement on the present invention, in described step (3), judge the concrete methods of realizing that produces access conflict: when task to be detected is carried out read access to target shared variable, judge in global disturbs information aggregate whether have the interfere information that simultaneously meets target shared variable modification condition, judge if yes and produce data access conflict; When task to be detected is carried out write access to target shared variable, judge in the shared information aggregate of the overall situation and whether have the interfere information that simultaneously meets target shared variable modification condition, judge and produce data access conflict if yes, if otherwise judge whether to exist other tasks to have data access conflict to the read access of target shared variable.
Compared with prior art, the invention has the advantages that:
(1) the present invention adopts Abstract Interpretation Theory to analyze drives interrupts type program, set up the formalization system of the drives interrupts type program of data-oriented access conflict analysis, on the basis of the existing abstract interpretation framework to program, the semantic description to interrupting driving program and the formal description to data access conflict are increased; By the abstract direct combination of avoiding between concurrent composition of the phase mutual interference to task and between interrupting, state of a control blast problem, improves the correctness to testing result.
(2) the present invention introduces the phase mutual interference between concurrent program to the detection of data access conflict, influencing each other between concurrent program adopted to disturb and be described, only need to analyze data stream flowing between program to the overlapping executing state of concurrent program, avoid analyzing overlapping complex state, thereby greatly reduce the complexity of data access collision detection.
(3) the present invention is from aspect description disturbance conditions such as interruption status, conditional-variable values, and then obtains Static disturbance by iterative computation, by the generation of Static disturbance specified data access conflict, effectively improves efficiency and the accuracy of data access collision detection.
Accompanying drawing explanation
Fig. 1 is the realization flow schematic diagram of the multiple interrupt routine data access conflict detection method of the present embodiment based on abstract interpretation.
Fig. 2 is the concrete treatment scheme schematic diagram of interfere information in the present embodiment.
Embodiment
Below in conjunction with Figure of description, the invention will be further described with concrete preferred embodiment, but protection domain not thereby limiting the invention.
As shown in Figure 1, the multiple interrupt routine data access conflict detection method of the present embodiment based on abstract interpretation, step is:
step 1,what between task, affect is abstract: using each drives interrupts type program as a task and adopt abstract interpretation framework to be described, modification each time by other tasks in each task to target shared variable and the modification condition of revising are each time abstract is an interfere information, and all interfere informations to target shared variable in each task form an interfere information set; The interfere information set of each task is independently carried out to iterative computation, until all tasks obtain stable interfere information set.
Because space flight embedded software scale is large, interruption and task scheduling and deposit and running environment complexity uncertain, thereby may cause producing the problem of State space explosion in analyzing and testing, in order to overcome this problem, need to carry out to a certain degree abstract to code source program, but need to guarantee simultaneously the character that the detects model after abstract with before not abstract code be consistent, to guarantee the reliability of abstract rear model.
In the present embodiment, on the basis of existing abstract interpretation framework, increase interrupting the abstract of driving program and data access conflict, carry out abstract by the formalization system of setting up drives interrupts type program to the source code that interrupts driving program.Can Realization analysis and the proof of the property of system by formalization system, comprise data access conflict character and numerical property, guarantee not fail to report the data access conflict of existence.
In the present embodiment, the formalization system of drives interrupts type program specifically comprises:
(1.1) drives interrupts type program is abstract: carry out formalized description to interrupting driving program, and the task using main task and the unification of drives interrupts type program as whole system, each task is abstract is program statement and the corresponding priority of task; Carry out semantic interpretation to interrupting driving program, describe the form of drives interrupts type program in the time carrying out, determine state transition function by the concrete executing state of drives interrupts type program;
(1.2) what between task, affect is abstract: task is abstract in the interference of current task to other tasks to the modification of target shared variable, carry out the modification process of description task to target shared variable by an interfere information, the interfere information between task is described the overlapping executing state between concurrent task;
(1.4) numerical value of variable-value is abstract: adopt method for expressing in abstract interpretation to carry out numerical value to variable-value abstract;
(1.5) data access conflict is abstract: adopt the interference possibility data of description access conflict simultaneously to same target shared variable between different task.
In the present embodiment, adopt the theory based on abstract interpretation to carry out abstract to interrupting driving program, to interrupting driving program while carrying out formalized description, the task of main task and the unification of drives interrupts type program being regarded as to whole system, the key element that each task comprises is: the corresponding priority of program statement and task.
In the present embodiment, program is divided into program statement and priority, owing to may having interrupt mask statement in program statement, the program statement that can also comprise each task in other embodiments is further distinguished, to guarantee can to show program statement to interrupting the impact that concurrent execution was produced of driving program in the time that concrete statement is semantic.
In the present embodiment, to interrupting driving program while carrying out semantic interpretation, on the basis of Interrupt driver program formalized description, describe the execution form of program, describe Interrupt driver program after the formalized description state in the time carrying out.Each task in drives interrupts type program is after formalized description, the state transition function of each task can utilize the concrete executing state of drives interrupts type program to determine, as high level interrupt can interrupt the execution of low level interrupts, when the concrete executing state that is drives interrupts type program is highest interruption, in state transition function, do not allow other to interrupt carrying out generation.In the concrete execution of program, can be specific to the concrete state of corresponding operation, state transition function is to determine in the time of static analysis, how to change Abstract State, last Abstract State by analysis determines whether program exists the situation of data contention.Interrupt whether allowing to carry out according to the priority of each task determining, be whether interruption to be determined is higher than the interrupt priority level of carrying out, owing to being provided with interrupt mask word, make the state transition in interrupt mask can meet semanteme when drives interrupts type program is actual concurrent to be carried out simultaneously.
Because the path of multiple interrupt concurrent program is overlapping the forming in path by each concurrent task, the path of interrupt task may occur repeatedly, although overlapping semanteme is directly perceived, structural bad, is not easy to further abstract.The atomic sentence relating between interrupt task is the basic statement of describing that condition judgment, assignment, interruption arrange etc., and an atomic sentence is counted as a state transition function.In the present embodiment, to interrupting driving program while carrying out semantic interpretation, the atomic sentence in multiple interrupt concurrent program is carried out abstract, the semantical definition step of atomic sentence is: the first step, filters out impossible original state; Second, the semantics of every atomic sentence is described.
Because the concurrent execution of drives interrupts type program is uncertain, high level interrupt may occur after any function statement of low level interrupts or main task in theory, and this has caused all possible states of the analysis concurrent program of wanting completely detailed can cause the state space of required analysis extremely huge.
In the present embodiment, by between concurrent program influencing each other adopt disturb be described, using task to the modification of target shared variable as the interference to other tasks, by the interfere information of each task, the overlapping executing state between concurrent task is described.Interference can be regarded as a kind of flow direction of data stream, for example, in the concurrent execution of reality, high level interrupt has been revised the value of certain overall shared variable, and in low level interrupts subsequently or main task, use the value of this global variable, modification process subsequently can the abstract data stream of revising for high level interrupt flow in task subsequently, and this senior variable is defined as to the interference to other tasks to the modification of overall shared variable.
In the present embodiment, to disturbing the interfere information that carries out formalized description and form each task, interfere information is the concrete abstract content of the modification process of other tasks to target shared variable, just can describe the overlapping executing state between concurrent task by the formalized description disturbing.The formalized description disturbing mainly comprises: the value of target shared variable, other tasks are to the required satisfied modification condition of the modification of target shared variable, the issuable impact of interference between different task, wherein other tasks comprise the modification condition of target shared variable: the executing state condition of program when arriving the path condition of modifying target shared variable and arriving modifying target shared variable, the issuable impact of interference between different task mainly comprises the modification of different task to target shared variable, relation between value and the shared variable of these shared variables all may affect the concrete implementation status that program is carried out.Path condition is to meet the path that arrives modifying target shared variable simultaneously, executing state condition is executable state, meets simultaneously to the modification condition of target shared variable is that the path that arrives modifying target shared variable meets simultaneously and is executable state between different task.
The present invention adopts to disturb and describes reciprocal influence between concurrent program, in the time of the concurrent execution of actual analysis drives interrupts type program, do not need to be concerned about complicated overlapping executing state, and only need to judge impact and the judgement interference impact on task generation of all interference on task, can alleviate greatly the State-explosion problem producing due to concurrent execution.
In the present embodiment, for the semanteme of structural description multiple interrupt concurrent program, adopt and disturb semantic description to interrupt the semanteme of concurrent program.Disturbing semanteme is mainly to exert an influence in the time of corresponding specific procedure transition condition, by different task, the change of target shared variable is reflected in when program is analyzed and produces different Abstract States and analyze different path branches.The semanteme that interrupts concurrent program with disturb semantic with level different, what interrupt that Parallel Semantics describes is between different task, how to switch execution, disturbs semantic description due to the impact of the task switching of interrupting Parallel Semantics on the generation of target shared variable.A concurrent program disturb semanteme of multiple interrupt is actually the set of a faulty operation label, by disturbing semantic iterative computation to obtain stable interfere information set.Disturb semantic being calculated as to solve a stable fixed point, the process that solves fixed point is also the process that iteration becomes steady, when calculation stability fixed point, each task is carried out to repeatedly iteration, the interfere information upgrading after inputting interfere information while carrying out each iteration and exporting iteration.In an iterative process, the computation process of all tasks is all independently carried out, when the each iteration of each tasks carrying, all tasks are merged and as the input of iteration to the interfere information set that output is upgraded after iteration to the interfere information set of target shared variable; The interfere information set of the renewal that all tasks obtain merges and obtains new interfere information set and as the input of each task iteration next time, until the interfere information set of all tasks reaches fixed point.。
The present invention adopts and disturbs semantic description to interrupt the semanteme of concurrent program, makes to disturb semantical definition structuring, is convenient to carry out further abstract, as introduces various numerical value abstract fields etc.
In the present embodiment, variable-value is carried out to numerical value abstract, determine its method for expressing according to the concrete abstract field using.The numerical value of variable-value is abstract can adopt multiple method for expressing in abstract interpretation, and concrete method for expressing comprises: interval, interval power set, inequality etc.In concrete application, need to indicate its task under concrete to the numerical value of variable-value is abstract, and the impact that also needs the interference of considering other tasks to produce the concrete value of variable when concrete analysis.
In the present embodiment, be to judge that between different task, the interference possibility to same variable occurs simultaneously by data access collision detection procedural abstraction.In the time carrying out data access collision detection, collect the interfere information of each task, and in the collection process of disturbing, comprised all values to overall shared variable and arrived the required concrete modification condition reaching of this modifying target overall situation shared variable, disturb possibility the access of target shared variable to be produced and to be conflicted with other tasks according to the concrete modification condition criterion obtaining.
In the present embodiment, the formalized description result of the interfere information by overall shared variable is carried out formal description to data access conflict, and this description comprises two aspect conditions: be the access conflict of same shared variable on the one hand; That the path condition that arrives two tasks of same shared variable operation can meet simultaneously and be executable state on the other hand.
The present invention adopts Abstract Interpretation Theory to analyze drives interrupts type program, set up the formalization system of the drives interrupts type program of data-oriented access conflict analysis, carry out formal description and semantic description to interrupting driving program, adopt the impact of disturbing interrupting between driving program carry out abstract and carry out influencing each other between abstract concurrent execution stream by interference calculation, avoid direct combination between concurrent composition with the state of a control problem of exploding, thereby improve the correctness to testing result
.
In the present embodiment, set up after drives interrupts type program form system, by basic sequential programme abstract interpretation analysis tool to array, simple pointer, interprocedual call, abstract processing is carried out in parameter transmission etc.
The invocation of procedure and parameter transmission are comparatively complicated, need to consider the solution of extensibility, at present existing disposal route comprises: first method be when interprocedual is invoked to frontal chromatography directly inline (inline) in call function, the method method simple and that can replace by variable solves the problem that function parameter transmits, and its shortcoming is that internal memory cost is larger; Second method is in the time analyzing interprocedual and call, to go to process separately called function again, and this class methods advantage is that internal memory cost is smaller, and shortcoming is to increase the extra processing that parameter is transmitted, and may exert an influence to analysis efficiency.Because second method required memory is less, the present embodiment adopts second method to call between processing procedure.
The mainly contain three kind disposal routes of abstract interpretation to array at present: the first array manipulation method is to regard all array elements as a data element; The second array manipulation method is to regard each array element as independent data element; The data element in array is divided into some regions by the third array manipulation method, and regard each region as independent data element.The loss of significance of the first array manipulation method is maximum but the most simple and convenient, the second array manipulation method cost the most accurate but required consumption is larger, and the third array manipulation method is well simultaneously lower than the cost of the second array manipulation method method again than the precision of the first array manipulation method.In order to reduce owing to using array to cause the wrong report of data access collision detection as far as possible, in the present embodiment, adopt the third data processing method to process array.
In the present embodiment, on the basis of basic sequential programme analysis tool, expand, utilize drives interrupts type program form system to carry out abstract to interrupting driving program, by abstract in disturbing to the modification of shared variable in task, make it carry interfere information, describe the overlapping state between executed in parallel stream by interfere information; By the semanteme that disturbs semantic description multiple interrupt concurrent program, and calculate and disturb semanteme by the iterative computation of interfere information.
step 2,obtain Static disturbance: collect stable interfere information set corresponding to all tasks and form a global disturbs information aggregate, obtain stable global disturbs information aggregate by iterative computation; When each iteration, global disturbs information aggregate is traveled through each task by the merging of input global disturbs information set, target jamming information aggregate after each task obtains influencing each other between a task after iteration, after the target jamming information aggregate of all tasks merges as the input of next iteration, until global disturbs information aggregate reaches fixed point.
In the present embodiment, interfere information acquisition methods is: utilize the framework of abstract interpretation once to analyze to each task including main task and drives interrupts type program, in this process, analyze separately and collect the interference that current task may produce other tasks, obtain the relevant interference information of single program, for influencing each other between next step analysis task submits necessary information.
Owing to having comprised each task impact on overall shared variable value at distinct program point in program in interfere information, between distinct program point, shared variable may exist with the form of another name, in the present embodiment, in interfere information collection process, also comprise alias analysis flow process, and specific implementation method for: the another name type having for space flight embedded program is done special adaptation to basic sequential programme analysis tool, for example, in space flight embedded program, exist and directly a slice target region of memory is conducted interviews and produces another name, may be that the mode that directly address is assigned to pointer by employing operates to the access of target internal memory, can judge between pointer, whether there is another name by record pointer concrete memory address pointed for this class name.
In the present embodiment, on the basis of basic sequential programme analysis tool of carrying interfere information, again expand, add outermost iteration fixed point Computational frame, the global disturbs information aggregate of collecting is carried out to fixed point iterative computation, obtain stable global disturbs information aggregate.
In the present embodiment, stable global disturbs information aggregate computing method are: by all tasks to other tasks issuable interference put into a global disturbs information aggregate, and utilize this global disturbs information aggregate again each task to be traveled through to analysis, to each task concrete migration statement analyze, now due to the existence of global disturbs information aggregate, make each task can perceive the interference of other tasks to self, the interfere information set of each program that therefore this time traversal analysis is obtained is exactly the interfere information set after influencing each other between task, interfere information set after influencing each other between the task that each task is obtained merges, obtain a global disturbs information aggregate after renewal, global disturbs information aggregate after this renewal and the front once global disturbs information aggregate that traversal produces are compared, if reached fixed point, be that these two set are identical, illustrate that now all interfere informations are all by suitable processing, whole inspection analytic process finishes, otherwise, by the global disturbs information aggregate of this new generation, as the global disturbs information aggregate traveling through next time, carry out iterative computation again, until this global disturbs information aggregate reaches fixed point, obtain stable global disturbs information aggregate.Stable global disturbs information aggregate is Static disturbance, Static disturbance show interference set-inclusion now task shared variable is operated to all states that produce.
The process of iteration fixed point is a process not restraining sometimes, and the process of iteration fixed point is also a problem more consuming time on the other hand.For guaranteeing the convergence of iteration and reducing the iterations of fixed point, in the present embodiment, widen strategy by introducing in iteration fixed point Computational frame, in the time calculating global disturbs information aggregate, the information of some interfere information set is widened, guarantee that iterative computation convergence reduces the number of times of iterative computation simultaneously, thereby reach the object that improves analysis efficiency.
The present invention is from aspect description disturbance conditions such as interruption status, conditional-variable values, and and then obtain Static disturbance by iterative computation, determine whether to occur data access conflict by Static disturbance, can effectively improve the accuracy of data access collision detection.
In the present embodiment, utilize above-mentioned analysis tool program to carry out data access collision detection, specific implementation method is: each task is analyzed again, and adopt the incompatible analytic process that instructs of stable global disturbs information set that obtains, owing to comprising all modifications value of other tasks to this overall situation shared variable in global disturbs information aggregate, i.e. writing this shared variable, therefore can utilize on the one hand interfere information set to instruct abstract interpretation to analyze current task, due to the value information of overall shared variable wherein existing, can judge that whether branch or cycling condition be feasible, maybe can judge the number of times of circulation etc., can utilize on the other hand global disturbs information aggregate to check current task, analyze now whether can produce data access conflict.
When there being pair accessing operation of target shared variable in a certain program statement, if when write operation, do not allow other tasks simultaneously to shared variable read and write, exist other tasks shared variable to be carried out to read and write operation simultaneously and produce access conflict; If when read operation, do not allow other tasks target shared variable to be write simultaneously, exist other tasks shared variable to be carried out to write operation simultaneously and produce access conflict.
In the present embodiment, the concrete grammar that the stable state global disturbs information aggregate that utilization obtains carries out data access collision detection is: travel through each task by stable state global disturbs information aggregate, while having the accessing operation of pair target shared variable in task to be detected, while there is the interfere information that simultaneously meets target shared variable modification condition in global disturbs information aggregate, judge and produce data access conflict.Target shared variable modification condition comprises the executing state of program when arriving the path condition of modifying target shared variable and arriving modifying target shared variable, in the time that task to be detected conducts interviews to target shared variable, exist other tasks to meet to arrive the path of modifying target shared variable simultaneously and be executable state, exist more than two task target shared variable to be modified simultaneously, detect data access conflict now occurs.
Owing to only containing program point and the opportunity of write operation in interfere information, do not comprise the information of read operation, other tasks are all included in interfere information set the write operation of target shared variable, therefore simpler for the data access collision detection of the read operation of target shared variable.In the present embodiment, when task to be detected is read operation to target shared variable, judges in global disturbs information aggregate and whether exist the interfere information that simultaneously meets modification condition to judge whether to exist access conflict, if yes, judge data access conflict occurs.
For the write operation collision detection of target shared variable, owing to not only needing to judge whether to exist the write operation of other tasks to target shared variable, also need to judge whether other tasks carry out read operation to target shared variable, and in interfere information, do not comprise other tasks to target shared variable read operation information.From another angle, task to be detected is necessarily included in global disturbs information aggregate the write operation of target shared variable, cause data access conflict if now exist a goal task to carry out read operation to target shared variable, goal task is in the time carrying out collision detection so, because the write operation of task to be detected exists as the interfere information of goal task, must detect the write operation of task to be detected to the conflict of its generation.In the present embodiment, write operation collision detection specific implementation method for target shared variable is: when task to be detected is write operation to target shared variable, judge that in global disturbs information aggregate, whether existing the interfere information that simultaneously meets modification condition to judge exists access conflict, if yes, judge data access conflict occurs, whether the read operation that if NO, detects target shared variable in other tasks there is access conflict.
In the present embodiment, judge between different task and to the whether simultaneous method of the operation of target shared variable be: judge between different task whether the path of same target shared variable access is met simultaneously and be executable state, judge whether the statement in two tasks of conflict can be can execution route simultaneously.Due to the modification condition comprising in interfere information set target shared variable, required satisfied path condition will arrive the operation of modifying target shared variable time just can judge whether can occur the access of target shared variable by path condition simultaneously.
As shown in Figure 2, the concrete treatment scheme of interfere information in the present embodiment, interfere information set of model is also initialized as sky by interfere information set, each task analysis is obtained to the interfere information set of each task to target shared variable, the interfere information set of each task is carried out to iterative computation to obtain stable interfere information set; When each task iteration, interfere information set after the interfere information set that each task is produced shared variable is merged, interfere information set after merging is analyzed again to each task, until each task obtains stable interfere information set; Each task merges the interfere information set of each task to obtain global disturbs information aggregate after obtaining stable interfere information set, by global disturbs information aggregate, each task is traveled through to analysis, obtains Static disturbance until reach fixed point; Finally utilize Static disturbance to analyze the data access conflict in drives interrupts type program, exist access conflict to send data contention if detect and report to the police.
It is abstract that one aspect of the present invention adopts abstract interpretation to carry out program, lasts and removed unreachable path in analysis pass, reduces the wrong report producing due to static analysis; On the other hand, the phase mutual interference between introducing task, only need to analyze data stream flowing between task, avoids analyzing complex state when concurrent program is overlapping to be carried out, thereby has greatly simplified the complexity of data access collision detection; In addition, due to the reliability that abstract interpretation framework itself has, also can guarantee that testing result does not exist failing to report of data access conflict situations.
Above-mentioned is preferred embodiment of the present invention, not the present invention is done to any pro forma restriction.Although the present invention discloses as above with preferred embodiment, but not in order to limit the present invention.Any those of ordinary skill in the art, in the situation that not departing from technical solution of the present invention scope, can utilize the technology contents of above-mentioned announcement to make many possible variations and modification to technical solution of the present invention, or be revised as the equivalent embodiment of equivalent variations.Therefore, every content that does not depart from technical solution of the present invention,, all should drop in the scope of technical solution of the present invention protection any simple modification made for any of the above embodiments, equivalent variations and modification according to the technology of the present invention essence.
Claims (8)
1. the multiple interrupt routine data access conflict detection method based on abstract interpretation, is characterized in that, step is:
(1) what between task, affect is abstract: using each drives interrupts type program as a task and adopt abstract interpretation framework to be described, modification each time by other tasks in each task to target shared variable and the modification condition of revising are each time abstract is an interfere information, and all interfere informations to target shared variable in each task form an interfere information set; The interfere information set of each task is independently carried out to iterative computation, until all tasks obtain stable interfere information set;
(2) obtain Static disturbance: collect stable interfere information set corresponding to all tasks and form a global disturbs information aggregate, obtain stable global disturbs information aggregate by iterative computation; When each iteration, global disturbs information aggregate is traveled through each task by the merging of input global disturbs information set, target jamming information aggregate after each task obtains influencing each other between a task after iteration, after the target jamming information aggregate of all tasks merges as the input of next iteration, until global disturbs information aggregate reaches fixed point;
(3) access conflict detects: use stable global disturbs information aggregate to travel through each task, when task to be detected conducts interviews to target shared variable, if there is the interfere information that meets target shared variable modification condition in global disturbs information aggregate, be judged to be to exist data access conflict simultaneously.
2. the multiple interrupt routine data access conflict detection method based on abstract interpretation according to claim 1, it is characterized in that, modification condition comprises in described step (1): arrive the path condition of modifying target shared variable, the executing state condition of program while arriving modifying target shared variable.
3. the multiple interrupt routine data access conflict detection method based on abstract interpretation according to claim 2, it is characterized in that, in described step (3), meet target shared variable revises the determination methods of condition and is simultaneously: judge whether path that the access path of task to be detected to target shared variable and other tasks arrive modifying target shared variable meets simultaneously and be executable state simultaneously, if yes, be judged to be to meet simultaneously, if NO while, being judged to be difference, meet.
4. the multiple interrupt routine data access conflict detection method based on abstract interpretation according to claim 1, it is characterized in that, the specific implementation method of in described step (1), the interfere information set of each task independently being carried out to iterative computation is: each task is carried out repeatedly to independently iteration, when the each iteration of each tasks carrying, all tasks are merged and as the input of iteration to the interfere information set that output is upgraded after iteration to the interfere information set of target shared variable; The interfere information set of the renewal that all tasks obtain merges and as the input of next iteration, until the interfere information set of all tasks reaches fixed point.
5. the multiple interrupt routine data access conflict detection method based on abstract interpretation according to claim 1, is characterized in that, the concrete grammar that carries out abstract interpretation in described step (1) to interrupting driving program is:
(1.1) carry out formalized description to interrupting driving program, the task using main task and the unification of drives interrupts type program as whole system, each task is abstract is program statement and the corresponding priority of task;
(1.2) carry out semantic interpretation to interrupting driving program, describe the form of drives interrupts type program in the time carrying out, obtain state transition function by the concrete executing state of drives interrupts type program.
6. the multiple interrupt routine data access conflict detection method based on abstract interpretation according to claim 5, it is characterized in that, also comprise the semantical definition flow process of the atomic sentence after step (1.2), concrete methods of realizing is: original state is filtered, describe the semantics of every atomic sentence in drives interrupts type program.
7. according to the multiple interrupt routine data access conflict detection method based on abstract interpretation described in any one in claim 1 ~ 6, it is characterized in that, the determination methods that reaches fixed point in described step (2) is: judge that whether the global disturbs information aggregate of exporting after adjacent twice iteration is identical, if yes, judgement reaches fixed point.
8. according to the multiple interrupt routine data access conflict detection method based on abstract interpretation described in any one in claim 1 ~ 6, it is characterized in that, in described step (3), judge the concrete methods of realizing that produces access conflict: when task to be detected is carried out read access to target shared variable, judge in global disturbs information aggregate whether have the interfere information that simultaneously meets target shared variable modification condition, judge if yes and produce data access conflict; When task to be detected is carried out write access to target shared variable, judge in the shared information aggregate of the overall situation and whether have the interfere information that simultaneously meets target shared variable modification condition, judge and produce data access conflict if yes, if otherwise judge whether to exist other tasks to have data access conflict to the read access of target shared variable.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410031451.1A CN103778062B (en) | 2014-01-23 | 2014-01-23 | Multiple interrupt routine data access conflict detection method based on abstract interpretation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410031451.1A CN103778062B (en) | 2014-01-23 | 2014-01-23 | Multiple interrupt routine data access conflict detection method based on abstract interpretation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103778062A true CN103778062A (en) | 2014-05-07 |
| CN103778062B CN103778062B (en) | 2016-08-17 |
Family
ID=50570323
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410031451.1A Active CN103778062B (en) | 2014-01-23 | 2014-01-23 | Multiple interrupt routine data access conflict detection method based on abstract interpretation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103778062B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104090798A (en) * | 2014-07-08 | 2014-10-08 | 南京大学 | Dynamic and static combined interrupt drive program data race detection method |
| CN106990971A (en) * | 2017-04-06 | 2017-07-28 | 上海航天测控通信研究所 | A kind of system drive method suitable for multiple interrupt data receiver |
| CN108845938A (en) * | 2018-06-11 | 2018-11-20 | 南京航空航天大学 | A kind of plug in software module Cache behavior analysis method based on abstract interpretation |
| CN109388573A (en) * | 2018-10-23 | 2019-02-26 | 北京轩宇信息技术有限公司 | A kind of driving program Runtime error checking method and system of the interruption that nothing is failed to report |
| CN111124723A (en) * | 2019-11-04 | 2020-05-08 | 北京轩宇信息技术有限公司 | Interrupt-driven program integer overflow model detection method based on interference variables |
| CN111159022A (en) * | 2019-12-20 | 2020-05-15 | 北京轩宇信息技术有限公司 | Interrupt data access conflict detection method and device based on univariate access sequence mode |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040130438A1 (en) * | 2002-10-08 | 2004-07-08 | Colder Products Company | Data collision detection device and method |
| CN1581808A (en) * | 2004-05-15 | 2005-02-16 | 中兴通讯股份有限公司 | Address conflict detecting method in communcation system |
-
2014
- 2014-01-23 CN CN201410031451.1A patent/CN103778062B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040130438A1 (en) * | 2002-10-08 | 2004-07-08 | Colder Products Company | Data collision detection device and method |
| CN1581808A (en) * | 2004-05-15 | 2005-02-16 | 中兴通讯股份有限公司 | Address conflict detecting method in communcation system |
Non-Patent Citations (2)
| Title |
|---|
| XUEGUANG WU: "Data Race Detection for Interrupt-Driven Programs via Bounded Model Checking", 《SOFTWARE SECURITY AND RELIABILITY-COMPANION(SERE-C),2013 IEEE 7TH INTERNATIONAL CONFERENCE ON》, 20 June 2013 (2013-06-20), pages 204 - 210, XP032495122, DOI: doi:10.1109/SERE-C.2013.33 * |
| 吴学光 等: "多重终端C程序中数据竞争及原子性检测", 《计算机科学与探索》, vol. 5, no. 12, 31 December 2011 (2011-12-31), pages 1085 - 1092 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104090798A (en) * | 2014-07-08 | 2014-10-08 | 南京大学 | Dynamic and static combined interrupt drive program data race detection method |
| CN104090798B (en) * | 2014-07-08 | 2017-02-15 | 南京大学 | Dynamic and static combined interrupt drive program data race detection method |
| CN106990971A (en) * | 2017-04-06 | 2017-07-28 | 上海航天测控通信研究所 | A kind of system drive method suitable for multiple interrupt data receiver |
| CN106990971B (en) * | 2017-04-06 | 2020-05-12 | 上海航天测控通信研究所 | System driving method suitable for multi-interrupt data reception |
| CN108845938A (en) * | 2018-06-11 | 2018-11-20 | 南京航空航天大学 | A kind of plug in software module Cache behavior analysis method based on abstract interpretation |
| CN108845938B (en) * | 2018-06-11 | 2021-04-30 | 南京航空航天大学 | Embedded software modularization Cache behavior analysis method based on abstract interpretation |
| CN109388573A (en) * | 2018-10-23 | 2019-02-26 | 北京轩宇信息技术有限公司 | A kind of driving program Runtime error checking method and system of the interruption that nothing is failed to report |
| CN109388573B (en) * | 2018-10-23 | 2022-03-04 | 北京轩宇信息技术有限公司 | Error detection method and system during running of interrupt-driven program without false alarm |
| CN111124723A (en) * | 2019-11-04 | 2020-05-08 | 北京轩宇信息技术有限公司 | Interrupt-driven program integer overflow model detection method based on interference variables |
| CN111124723B (en) * | 2019-11-04 | 2023-04-14 | 北京轩宇信息技术有限公司 | Interrupt-driven program integer overflow model detection method based on interference variables |
| CN111159022A (en) * | 2019-12-20 | 2020-05-15 | 北京轩宇信息技术有限公司 | Interrupt data access conflict detection method and device based on univariate access sequence mode |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103778062B (en) | 2016-08-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Alur et al. | Hierarchical hybrid modeling of embedded systems | |
| Ghica et al. | Bounded linear types in a resource semiring | |
| CN103778062A (en) | Multi-interrupt routine data access conflict detection method based on abstract interpretation | |
| Hermanns et al. | The how and why of interactive Markov chains | |
| CN102063328B (en) | System for detecting interrupt-driven type program data competition | |
| Johnsen et al. | Automated verification of AADL-specifications using UPPAAL | |
| Zhao et al. | Formal specification and verification of a coordination protocol for an automated air traffic control system | |
| US20130159477A1 (en) | Method for configuring a distributed avionics control system | |
| Mkaouar et al. | A formal approach to AADL model-based software engineering | |
| Güdemann et al. | Probabilistic model-based safety analysis | |
| CN104090798A (en) | Dynamic and static combined interrupt drive program data race detection method | |
| Bolton et al. | Using task analytic models to visualize model checker counterexamples | |
| Hu et al. | Exploring AADL verification tool through model transformation | |
| CN102508766B (en) | Static analysis method of errors during operation of aerospace embedded C language software | |
| Navet et al. | Lean model-driven development through model-interpretation: the CPAL design flow | |
| Frehse et al. | A toolchain for verifying safety properties of hybrid automata via pattern templates | |
| Yu et al. | Polychronous modeling, analysis, verification and simulation for timed software architectures | |
| Biallas et al. | Efficient handling of states in abstract interpretation of industrial programmable logic controller code | |
| Bourdil et al. | Model-checking real-time properties of an auto flight control system function | |
| Bai et al. | Multi-Dimensional and Message-Guided Fuzzing for Robotic Programs in Robot Operating System | |
| CN108469987A (en) | It is a kind of that system is verified based on the interruption for interrupting controlling stream graph | |
| Albore et al. | A Model-Checking approach to analyse temporal failure propagation with altaRica | |
| Bornot et al. | An abstract model for sequential function charts | |
| Hou et al. | Interrupt modeling and verification for embedded systems based on time Petri nets | |
| Hanisch et al. | Modeling and Verification of a Modular Level-Crossing Controller Design |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |