CN103778062B - Multiple interrupt routine data access conflict detection method based on abstract interpretation - Google Patents
Multiple interrupt routine data access conflict detection method based on abstract interpretation Download PDFInfo
- Publication number
- CN103778062B CN103778062B CN201410031451.1A CN201410031451A CN103778062B CN 103778062 B CN103778062 B CN 103778062B CN 201410031451 A CN201410031451 A CN 201410031451A CN 103778062 B CN103778062 B CN 103778062B
- Authority
- CN
- China
- Prior art keywords
- task
- interference information
- information aggregate
- shared variable
- target shared
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The present invention discloses a kind of multiple interrupt routine data access conflict detection method based on abstract interpretation, step is: 1) be described by driving for interruption program employing abstract interpretation framework, in each task, other tasks are abstract to the amendment of target shared variable and amendment condition is an interference information, in each task, all interference information structures one interference information aggregate, exports stable interference information aggregate by iterative computation;2) the interference information aggregate collecting all tasks constitutes an overall situation interference information aggregate, obtains stable overall situation interference information aggregate by iterative computation;3) use stable overall situation interference information aggregate that each task is traveled through, if overall situation interference information aggregate exists the interference information meeting target shared variable amendment condition simultaneously, it is determined that for there is data access conflict.The present invention has that implementation method is simple, complexity is low, accuracy and the high advantage of reliability and be applicable to the detection of space flight embedded software.
Description
Technical field
The present invention relates to data access collision detection technical field, particularly relate to a kind of multiple interrupt routine data access conflict detection method based on abstract interpretation.
Background technology
Along with the development of China's aerospace industry, space flight embedded software becomes to become increasingly complex, and creates various software issue the most therewith, and the data access collision problem of space flight embedded program is exactly one therein.The generation of data access collision problem problem is the data interaction owing to there is complexity between the different components of spacecraft, between multiple software concurrently run.If therefore synchronize, mutual exclusion mechanism misorient, it is easy to produce the data access collision problem such as data contention, atomicity destruction, thus cause software issue or the system failure.Relate to the complexity between concurrent software yet with data access collision problem overlap and sequential relationship, its detection more difficulty.
Data access conflict refer to multiple concurrently perform stream (such as task, interruption, thread) same data cell is read while write and at least one of which operation be write operation, mainly show as data contention and atomicity destroys two kinds of forms, data contention is the data collision between wall scroll statement, and it is the data collision between wall scroll statement and statement block that atomicity breaks ring.Owing to the order between twice access relating in data access conflict not can determine that, therefore program may produce abnormal behaviour, results even in software or thrashing time serious.
Owing to space flight embedded software scale is big, interrupt and task scheduling deposit and running environment complexity not can determine that, consequently, it is possible to the problem causing producing State space explosion in analyzing detection.Interrupting driving software kit composition Han normal work to do, interrupt handling routine etc., be a kind of special concurrent software, how analyzing this class method is firstly the need of the problem solved.On the one hand, interrupt driving software and there is the common problem of general concurrent program, i.e. because state concurrently combine the integrality Space Explosion problem caused;On the other hand, it is different from general multithread programs to interrupt driving software, because the uncertainty of down trigger and interrupt the dynamic controlled, the execution process interrupting driving program is more complicated, needs to make special semantic interpretation.
In prior art, by code source program being carried out a certain degree of abstract problem to solve State space explosion, but simultaneously need to ensure the character that the detected model after abstract with before the most abstract code holding consistent, to ensure the reliability of abstract rear model.The most existing multiple method that program is carried out abstract modeling, but also lack for special concurrent software, effective abstract modeling method of program as driving in multiple interrupt and corresponding data collision detection method.
Summary of the invention
The technical problem to be solved in the present invention is that the technical problem existed for prior art, the present invention provides that a kind of implementation method is simple, complexity is low, accuracy and reliability high, it is adaptable to the multiple interrupt routine data access conflict detection method based on abstract interpretation of space flight embedded software.
For solving above-mentioned technical problem, the technical scheme that the present invention proposes is:
A kind of multiple interrupt routine data access conflict detection method based on abstract interpretation, step is:
(1) affect between task is abstract: as a task and use abstract interpretation framework to be described each driving program of interruption, by abstract to the amendment each time of target shared variable and the amendment condition revised each time for other tasks in each task be an interference information, in each task, all interference information structures one to target shared variable disturb information aggregate;What each task was disturbed information aggregate independence is iterated calculating, until all of task obtains stable interference information aggregate;
(2) Static disturbance is obtained: collect stable interference information aggregate corresponding to all tasks and constitute an overall situation interference information aggregate, obtain stable overall situation interference information aggregate by iterative computation;Every time during iteration, the overall situation is also disturbed information aggregate to travel through each task by input overall situation interference information aggregate, each task obtains the target jamming information aggregate after influencing each other between a task after iteration, as the input of next iteration after the target jamming information aggregate merging of all tasks, until overall situation interference information aggregate reaches fixed point;
(3) access conflict detection: use stable overall situation interference information aggregate that each task is traveled through, when target shared variable is conducted interviews by task to be detected, if there is the interference information meeting target shared variable amendment condition in overall situation interference information aggregate, it is determined that for there is data access conflict simultaneously.
As a further improvement on the present invention, in described step (1), amendment condition includes: arrives the path condition of amendment target shared variable, arrive the execution status condition of program when revising target shared variable.
As a further improvement on the present invention, the determination methods simultaneously meeting target shared variable amendment condition in described step (3) is: judge that the access path of target shared variable is met and simultaneously for executable state by task to be detected with the path of other tasks arrival amendment target shared variable the most simultaneously, if yes, it is judged to meet simultaneously, if it has not, meet when being judged to difference.
As a further improvement on the present invention, each task is disturbed by described step (1) information aggregate independence be iterated calculate specific implementation method be: each task is carried out the most independent iteration, during each iteration of each tasks carrying, disturb information aggregate to merge target shared variable all tasks and as the input of iteration, after iteration, export the interference information aggregate of renewal;The interference information aggregate of the renewal that all tasks obtain merges and as the input of next iteration, until the interference information aggregate of all tasks reaches fixed point.
As a further improvement on the present invention, described step (1) carries out abstract interpretation to the driving program of interruption method particularly includes:
(1.1) formalized description is carried out to interrupting driving program, by main task with interrupt driving program collectively as the task of whole system, the abstract priority corresponding to program statement and task of each task;
(1.2) the driving program of interruption is carried out semantic interpretation, describe and interrupt driving program form upon execution, the concrete execution state interrupting driving program obtain state transition function.
As a further improvement on the present invention, also including the semantical definition flow process of the atomic sentence after step (1.2), concrete methods of realizing is: filter original state, describes and interrupts the semantics of every atomic sentence in driving program.
As a further improvement on the present invention, the determination methods reaching fixed point in described step (2) is: after judging adjacent twice iteration, the overall situation of output disturbs information aggregate the most identical, if it is, judge to reach fixed point.
As a further improvement on the present invention, described step (3) judges to produce the concrete methods of realizing of access conflict: when task to be detected carries out read access to target shared variable, judge whether overall situation interference information aggregate exists the interference information simultaneously meeting target shared variable amendment condition, if yes judge to produce data access conflict;When task to be detected carries out write access to target shared variable, judge whether globally shared information aggregate exists the interference information simultaneously meeting target shared variable amendment condition, if yes judge to produce data access conflict, if it is otherwise, judge whether that other tasks exist data access conflict to the read access of target shared variable.
Compared with prior art, it is an advantage of the current invention that:
(1) present invention uses Abstract Interpretation Theory analysis to interrupt driving program, set up the formalization system interrupting driving program that data-oriented access conflict is analyzed, on the basis of the existing abstract interpretation framework to program, add interrupting the semantic description of driving program and the form of data access conflict being described;By to the abstract direct combination avoided between concurrent composition interfered between task and interruption, state of a control explosion issues, improving the correctness to testing result.
(2) data access conflict is detected and introduces interfering between concurrent program by the present invention, the employing interference that influences each other between concurrent program is described, have only to analyze the flowing between program of the data stream to the overlapping execution state of concurrent program, avoid analyzing overlapping complex state, thus greatly reduce the complexity of data access collision detection.
(3) present invention description disturbance condition in terms of interrupt status, conditional-variable value etc., and then obtain Static disturbance by iterative computation, Static disturbance determine the generation that data access conflicts, the effective efficiency improving data access collision detection and accuracy.
Accompanying drawing explanation
Fig. 1 be the present embodiment multiple interrupt based on abstract interpretation routine data access conflict detection method realize schematic flow sheet.
Fig. 2 is the concrete handling process schematic diagram disturbing information in the present embodiment.
Detailed description of the invention
Below in conjunction with Figure of description and concrete preferred embodiment, the invention will be further described, but protection domain not thereby limiting the invention.
As it is shown in figure 1, the present embodiment multiple interrupt based on abstract interpretation routine data access conflict detection method, step is:
Step one,Between task, impact is abstract: as a task and use abstract interpretation framework to be described each driving program of interruption, by abstract to the amendment each time of target shared variable and the amendment condition revised each time for other tasks in each task be an interference information, in each task, all interference information structures one to target shared variable disturb information aggregate;What each task was disturbed information aggregate independence is iterated calculating, until all of task obtains stable interference information aggregate.
Owing to space flight embedded software scale is big, interrupt and task scheduling deposit and running environment complexity is uncertain, consequently, it is possible to the problem causing producing State space explosion in analyzing detection, in order to overcome this problem, need code source program is carried out a certain degree of abstract, but simultaneously need to ensure the character that the detected model after abstract with before the most abstract code holding consistent, to ensure the reliability of abstract rear model.
In the present embodiment, increase interrupting the abstract of driving program and data access conflict on the basis of existing abstract interpretation framework, carry out abstract by setting up the break source code of driving program of the formalization system alignment interrupting driving program.Can realize analyzing and the proof of the property of system by formalization system, including data access conflict character sum value character, it is ensured that do not fail to report the data access conflict of existence.
In the present embodiment, the formalization system interrupting driving program specifically includes:
(1.1) the abstract of driving program is interrupted: carry out formalized description to interrupting driving program, by main task with interrupt driving program collectively as the task of whole system, the abstract priority corresponding to program statement and task of each task;Carry out semantic interpretation to interrupting driving program, describe and interrupt driving program form upon execution, the concrete execution state interrupting driving program determine state transition function;
(1.2) affect between task is abstract: target shared variable is revised the abstract interference for current task to other tasks by task, being described the task amendment process to target shared variable by an interference information, the interference information between task then describes the overlapping execution state between concurrent tasks;
(1.4) numerical value of variable-value is abstract: use the method for expressing in abstract interpretation that variable-value is carried out numerical value abstract;
(1.5) data access conflict is abstract: between employing different task, whether the interference to same target shared variable may describe data access conflict simultaneously.
In the present embodiment, theory based on abstract interpretation is used to carry out abstract to interrupting driving program, when the driving program of interruption is carried out formalized description, by main task and the unified task of regarding whole system as of the driving program of interruption, the key element that each task is comprised is: the priority corresponding to program statement and task.
Program is divided into program statement and priority by the present embodiment, owing to program statement there may be interruption masking statement, the program statement that each task is comprised further can also be distinguished in other embodiments, affect produced by the program statement concurrently execution on interrupting driving program to ensure can show when concrete statement is semantic.
In the present embodiment, when the driving program of interruption is carried out semantic interpretation, on the basis of Interrupt driver program formalized description, describe the execution form of program, i.e. describe the state upon execution of the Interrupt driver program after formalized description.Interrupt each task in driving program after formalized description, the state transition function of each task then can utilize the concrete execution state interrupting driving program to determine, as high level interrupt can interrupt the execution of low level interrupts, i.e. interrupt the concrete execution state of driving program when interrupting for the superlative degree, do not allow other interruptions to perform generation in state transition function.In the concrete execution of program, can be specific to corresponding operation particular state, state transition function then determines that how to change Abstract State when static analysis, eventually passes analysis Abstract State to determine whether program exists the situation of data contention.Interrupt whether allowing to perform to determine according to the priority of each task, interruption the most to be determined is higher than the interrupt priority level being carrying out, simultaneously because be provided with interrupt mask word so that the state transition in interruption masking can meet the semanteme interrupted when driving program reality concurrently performs.
Owing to the path of multiple interrupt concurrent program is to be formed by the path of each concurrent tasks is overlapping, the path of interrupt task it is possible that repeatedly, although overlapping semantic directly perceived, but structural bad, be not easy to the most abstract.The atomic sentence related between interrupt task be condition judgment is described, assignment, interruption are arranged etc. basic statement, and an atomic sentence is counted as a state transition function.In the present embodiment, when the driving program of interruption is carried out semantic interpretation, carrying out abstract by the atomic sentence in multiple interrupt concurrent program, the semantical definition step of atomic sentence is: the first step, filters out impossible original state;Second, the semantics of every atomic sentence is described.
Due to interrupt driving program concurrently perform uncertainty, for the most in theory, high level interrupt may occur after any function statement of low level interrupts or main task, and all possible states which results in analysis concurrent program that will be the most detailed can cause the required state space analyzed abnormal the hugest.
In the present embodiment, the employing interference that influences each other between concurrent program is described, target shared variable is revised by task as the interference to other tasks, the interference information of each task describe the overlapping execution state between concurrent tasks.Interference can be regarded as a kind of flow direction of data stream, such as in reality concurrently performs, high level interrupt have modified the value of certain globally shared variable, and in low level interrupts subsequently or main task, employ the value of this global variable, amendment process subsequently can flow in task subsequently by the abstract data stream revised by high level interrupt, and to the amendment of globally shared variable, this senior variable is defined as the interference to other tasks.
In the present embodiment, interference is carried out formalized description and constitutes the interference information of each task, target shared variable is revised the concrete abstract content of process by interference information i.e. other tasks, just can describe the overlapping execution state between concurrent tasks by the formalized description of interference.The formalized description of interference specifically includes that the value of target shared variable, target shared variable is revised the required amendment condition met by other tasks, the issuable impact of interference between different task, wherein the amendment condition of target shared variable is included by other tasks: the execution status condition of program when arriving the path condition of amendment target shared variable and arrive amendment target shared variable, issuable impact of disturbing between different task mainly includes the different task amendment to target shared variable, relation between the value of these shared variables and shared variable all may affect the concrete implementation status that program performs.Path condition is the path meeting simultaneously and arriving amendment target shared variable, execution status condition is executable state, meets to be the amendment condition of target shared variable simultaneously arrive the path of amendment target shared variable and meet and for executable state simultaneously between different task.
The present invention uses interference to describe reciprocal influence between concurrent program, when actual analysis interrupts the concurrently execution of driving program, need not be concerned about complicated overlapping execution state, and have only to judge that all of interference on the impact of task and judges the impact that task is produced by interference, can alleviate greatly owing to concurrently performing produced State-explosion problem.
In the present embodiment, for the semanteme of structural description multiple interrupt concurrent program, interference semantic description is used to interrupt the semanteme of concurrent program.Interference semanteme mainly produces impact when corresponding specific procedure transition condition, different task will produce different Abstract States and analyze different path branches time the change of target shared variable is reflected in and is analyzed program.Interrupt the semanteme of concurrent program semantic from interference and level different, interrupt that Parallel Semantics describes is how to switch execution between different task, disturbs the impact that target shared variable is produced by semantic then describing owing to interrupting Parallel Semantics of task switching.The semantic set being actually a faulty operation label of program interference that one multiple interrupt is concurrent, the iterative computation semantic by interference obtains stable interference information aggregate.What interference was semantic be calculated as solving one stablizes fixed point, the process solving fixed point is also the process that iteration becomes steady, calculate when stablize fixed point, each task is carried out successive ignition, input nonlinearities information the interference information of renewal after exporting iteration when performing each iteration.During an iteration, the calculating process of all tasks is the most independently carried out, during each iteration of each tasks carrying, disturb information aggregate to merge target shared variable all tasks and as the input of iteration, after iteration, export the interference information aggregate of renewal;The interference information aggregate of the renewal that all tasks obtain merges and obtains new interference information aggregate the input as the most each task iteration, until the interference information aggregate of all tasks reaches fixed point..
The present invention uses interference semantic description to interrupt the semanteme of concurrent program so that interference semantical definition structuring, it is simple to carry out the most abstract, as introduced various numerical value abstract fields etc..
In the present embodiment, it is abstract that variable-value carries out numerical value, and the concrete abstract field according to using determines its method for expressing.The numerical value of variable-value is abstract can use multiple method for expressing in abstract interpretation, and concrete method for expressing includes: interval, interval power set, inequality etc..In a particular application, the abstract needs of numerical value of variable-value is indicated its concrete affiliated task, and during concrete analysis, also needs to impact produced by the interference considering other tasks value concrete on variable.
In the present embodiment, it is to judge between different task whether the interference to same variable may occur simultaneously by data access collision detection procedural abstraction.When carrying out data access collision detection, collect the interference information of each task, and contained all values to globally shared variable and arrived the concrete modification condition reached needed for this globally shared variable of amendment target during the collection of interference, whether with other tasks, the access generation of target shared variable may be conflicted according to the concrete modification condition criterion interference obtained.
In the present embodiment, by the formalized description result of the interference information of globally shared variable, data access conflict being carried out formal description, this description includes two aspect conditions: on the one hand for the access conflict of same shared variable;On the other hand it is that the path condition arriving two tasks that same shared variable operates can meet simultaneously and be executable state.
The present invention uses Abstract Interpretation Theory analysis to interrupt driving program, set up the formalization system interrupting driving program that data-oriented access conflict is analyzed, form description and semantic description is carried out to interrupting driving program, interference is used the impact interrupted between driving program to be carried out abstract and carry out influencing each other between abstract concurrently execution stream by interference calculation, avoid directly combining with state of a control explosion issues between concurrent composition, thus improve the correctness to testing result。
In the present embodiment, set up and interrupt after driving program form system, basic sequential programme abstract interpretation analysis tool call array, simple pointer, interprocedual, parameter transmission etc. carries out abstract process.
The invocation of procedure and parameter transmission are complex, need to consider the solution of extensibility, have processing method at present to include: when first method is that interprocedual is invoked at frontal chromatography, the most inline (inline) is to calling in function, the method is simple and can solve, by the method for variable replacement, the problem that function parameter transmits, and its shortcoming is that internal memory cost is bigger;Second method is to go when analyzing interprocedual and calling individually to process called function again, and this type of method advantage is that internal memory cost is smaller, and shortcoming is to need to increase the extra process to parameter transmission, analysis efficiency may be produced impact.Owing to second method required memory is less, the present embodiment uses second method to call between processing procedure.
At present abstract interpretation mainly has three kinds of processing methods to array: the first array manipulation method is that all array elements are regarded as a data element;The second array manipulation method is to regard each array element as single data element;Data element in array is divided into some regions by the third array manipulation method, and regards each region as single data element.The first array manipulation method loss of significance is maximum but the most simple and convenient, the second array manipulation method is the most accurate but the cost of required consumption is bigger, and the third array manipulation method is lower than the cost of the second array manipulation method method again than the precision of the first array manipulation method.In order to reduce owing to using array to cause the wrong report of data access collision detection as far as possible, the present embodiment use the third data processing method array is processed.
In the present embodiment, expand on the basis of basic sequential programme analysis tool, utilize and interrupt driving program form system alignment driving program of breaking and carry out abstract, by abstract for interference to the amendment of shared variable in task, make it carry interference information, describe the overlapping state between executed in parallel stream by interference information;By the semanteme of interference semantic description multiple interrupt concurrent program, and calculate interference semanteme by the iterative computation of interference information.
Step 2,Obtain Static disturbance: collect stable interference information aggregate corresponding to all tasks and constitute an overall situation interference information aggregate, obtain stable overall situation interference information aggregate by iterative computation;Every time during iteration, the overall situation is also disturbed information aggregate to travel through each task by input overall situation interference information aggregate, each task obtains the target jamming information aggregate after influencing each other between a task after iteration, as the input of next iteration after the target jamming information aggregate merging of all tasks, until overall situation interference information aggregate reaches fixed point.
In the present embodiment, interference information getting method is: utilize the framework of abstract interpretation once to analyze to include main task and each task interrupted including driving program, in the process, individually analyze and collect the interference that other tasks may be produced by current task, obtain the relevant interference information of single program, submit necessary information for influencing each other between next step analysis task.
Owing to interference information containing each task in program in the impact on globally shared variable-value of the distinct program point, between distinct program point, shared variable may be presented in another name, the present embodiment disturbs in infonnation collection process and also includes alias analysis flow process, and specific implementation method by: basic sequential programme analysis tool is done special adaptation by the alias type being had for space flight embedded program, such as, in space flight embedded program, exist and directly a piece of target memory region is conducted interviews and produces another name, the access of target memory is probably and directly uses the mode that address is assigned to pointer to operate, can judge whether there is another name between pointer by the concrete memory address pointed by record pointer for this class name.
In the present embodiment, again expand on the basis of carrying the basic sequential programme analysis tool of interference information, add outermost iteration fixed point Computational frame, the overall situation interference information aggregate collected is carried out fixed point iteration calculating, obtain stable overall situation interference information aggregate.
In the present embodiment, stable overall situation interference information aggregate computational methods are: issuable to other tasks for all tasks interference put in an overall situation interference information aggregate, and utilize this overall situation interference information aggregate that each task carries out traversal analysis again, i.e. to each task the concrete statement that migrates be analyzed, now due to the existence of overall situation interference information aggregate, make each task can perceive the interference to self of other tasks, therefore this time the interference information aggregate of each program that traversal analyzes acquisition is exactly the interference information aggregate after influencing each other between task;Interference information aggregate after influencing each other between each task obtained of task merges, obtain the overall situation interference information aggregate after a renewal, the overall situation interference information aggregate that overall situation interference information aggregate after this renewal and front once traversal produce is compared, if having reached fixed point, i.e. the two set is identical, then illustrate that the most all interference information is the most suitably processed, whole Inspection and analysis process terminates, otherwise, the overall situation interference information aggregate newly generated by this, as the overall situation interference information aggregate traveled through next time, carry out iterative computation again, until this overall situation interference information aggregate reaches fixed point, obtain stable overall situation interference information aggregate.Stable overall situation interference information aggregate is Static disturbance, and Static disturbance shows that interference set now contains task and shared variable carries out all states that operation produces.
The process of iteration fixed point is a process not restrained sometimes, on the other hand the process of iteration fixed point be also one than relatively time-consuming problem.For ensureing the convergence of iteration and reducing the iterations of fixed point, the present embodiment widens strategy by introducing in iteration fixed point Computational frame, when calculating overall situation interference information aggregate, the information of some interference information aggregate is widened, ensure that iterative computation convergence reduces the number of times of iterative computation simultaneously, thus reach to improve the purpose of analysis efficiency.
The present invention is description disturbance condition in terms of interrupt status, conditional-variable value etc., and and then obtain Static disturbance by iterative computation, Static disturbance determine whether data access conflict, it is possible to the effective accuracy improving data access collision detection.
Step 3,Access conflict detects: use stable overall situation interference information aggregate to travel through each task, when target shared variable is conducted interviews by task to be detected, if there is the interference information meeting target shared variable amendment condition in overall situation interference information aggregate, it is determined that for there is data access conflict simultaneously.
In the present embodiment, above-mentioned analysis tool program is utilized to carry out data access collision detection, specific implementation method is: be again analyzed each task, and use the stable overall situation interference information aggregate obtained to instruct analysis process, owing to overall situation interference information aggregate comprising other tasks all modifications value to this globally shared variable, i.e. this shared variable is write, therefore interference information aggregate on the one hand can be utilized to instruct abstract interpretation to analyze current task, i.e. due to the value information of globally shared variable present in it, may determine that branch or cycling condition are the most feasible, or may determine that the number of times etc. of circulation;On the other hand overall situation interference information aggregate can be utilized current task to be checked analyze the most whether can produce data access conflict.
When a certain program statement there being the access to target shared variable operate, if during write operation, do not allow other tasks shared variable read simultaneously and write, i.e. there are other tasks and shared variable is carried out read and write operation simultaneously and then produce access conflict;If during read operation, do not allow other tasks target shared variable to be write simultaneously, i.e. there are other tasks and shared variable is carried out write operation simultaneously and then produce access conflict.
In the present embodiment, the stable state overall situation obtained interference information aggregate is utilized to carry out data access collision detection method particularly includes: to be traveled through each task by stable state overall situation interference information aggregate, when task to be detected having the access to target shared variable operate, when there is the interference information simultaneously meeting target shared variable amendment condition in overall situation interference information aggregate, it is determined that produce data access conflict.The execution state of program when target shared variable amendment condition includes the path condition arriving amendment target shared variable and arrives amendment target shared variable, when target shared variable is conducted interviews by task to be detected, there are other tasks to meet simultaneously and arrive the path of amendment target shared variable and for executable state, i.e. there is two or more task to modify target shared variable, now there is data access conflict in detection simultaneously.
Owing to interference information comprising only program point and the opportunity of write operation, do not comprise the information of read operation, the write operation of target shared variable is all contained in disturbing in information aggregate by other tasks, and therefore the data access collision detection for the read operation of target shared variable is simpler.In the present embodiment, when task to be detected is read operation to target shared variable, it is judged that whether overall situation interference information aggregate exists and meets the interference information of amendment condition simultaneously and judge whether access conflict, if it is, judge data access conflict.
Write operation collision detection for target shared variable, owing to not only needing the write operation judging whether other tasks to target shared variable, also need to judge whether other tasks carry out read operation to target shared variable, and do not comprise in interference information other tasks to target shared variable read operation information.From the point of view of another angle, the write operation of target shared variable is necessarily included in overall situation interference information aggregate by task to be detected, if now there is a goal task target shared variable is carried out read operation to cause data access conflict, so goal task is when carrying out collision detection, owing to the write operation of task to be detected is as the interference information existence of goal task, the conflict that it is produced by the write operation of task to be detected necessarily can be detected.In the present embodiment, write operation collision detection specific implementation method for target shared variable is: when task to be detected is write operation to target shared variable, judge whether overall situation interference information aggregate exists and meet the interference information of amendment condition simultaneously and then it is determined that the presence of access conflict, if yes, judge data access conflict, if it has not, detect whether the read operation of target shared variable in other tasks occurs access conflict.
In the present embodiment, the most simultaneous method of operation to target shared variable that judges between different task is: judge that the path between different task accessed same target shared variable meets and for executable state the most simultaneously, i.e. judges that the statement in two tasks of conflict whether can be simultaneously for can execution route.Owing to comprising the amendment condition to target shared variable in interference information aggregate, required satisfied path condition when i.e. arriving the operation of amendment target shared variable, by path condition it may determine that whether the access to target shared variable can occur simultaneously.
As shown in Figure 2, the present embodiment disturbs the concrete handling process of information, initially set up an interference information aggregate and interference information aggregate is initialized as sky, each task is analyzed the interference information aggregate obtaining each task to target shared variable, each task is disturbed information aggregate be iterated calculating to obtain stable interference information aggregate;During each task iteration, shared variable generation is disturbed information aggregate merge the interference information aggregate after being merged by each task, each task is analyzed by interference information aggregate after merging again, until each task obtains stable interference information aggregate;The interference information aggregate merging of each task is obtained overall situation interference information aggregate after obtaining stable interference information aggregate by each task, overall situation interference information aggregate each task is carried out traversal analysis, until reaching fixed point to obtain Static disturbance;Finally utilizing Static disturbance analysis to interrupt the data access conflict in driving program, if detecting, there is access conflict sends data contention warning.
One aspect of the present invention uses abstract interpretation to carry out abstract to program, lasts in analysis pass and eliminates infeasible paths, reduces the wrong report produced due to static analysis;On the other hand, interfering between introducing task, it is only necessary to analyze the flowing between task of the data stream, it is to avoid analysis concurrent program overlaps complex state during execution, thus enormously simplify the complexity of data access collision detection;Further, since the reliability that abstract interpretation framework itself is had, it is also ensured that there is not failing to report of data access conflict situations in testing result.
Above-mentioned simply presently preferred embodiments of the present invention, not makees any pro forma restriction to the present invention.Although the present invention is disclosed above with preferred embodiment, but it is not limited to the present invention.Any those of ordinary skill in the art, in the case of without departing from technical solution of the present invention scope, technical solution of the present invention is made many possible variations and modification by the technology contents that all may utilize the disclosure above, or is revised as the Equivalent embodiments of equivalent variations.Therefore, every content without departing from technical solution of the present invention, according to the technology of the present invention essence to any simple modification made for any of the above embodiments, equivalent variations and modification, all should fall in the range of technical solution of the present invention is protected.
Claims (7)
1. a multiple interrupt routine data access conflict detection method based on abstract interpretation, it is characterised in that step is:
(1) affect between task is abstract: as a task and use abstract interpretation framework to be described each driving program of interruption, by abstract to the amendment each time of target shared variable and the amendment condition revised each time for other tasks in each task be an interference information, in each task, all interference information structures one to target shared variable disturb information aggregate;What each task was disturbed information aggregate independence is iterated calculating, until all of task obtains stable interference information aggregate;
(2) Static disturbance is obtained: collect stable interference information aggregate corresponding to all tasks and constitute an overall situation interference information aggregate, obtain stable overall situation interference information aggregate by iterative computation;Every time during iteration, the overall situation is also disturbed information aggregate to travel through each task by input overall situation interference information aggregate, each task obtains the target jamming information aggregate after influencing each other between a task after iteration, as the input of next iteration after the target jamming information aggregate merging of all tasks, until overall situation interference information aggregate reaches fixed point;
(3) access conflict detection: use stable overall situation interference information aggregate that each task is traveled through, when target shared variable is conducted interviews by task to be detected, if there is the interference information meeting target shared variable amendment condition in overall situation interference information aggregate, it is determined that for there is data access conflict simultaneously;
Described step (1) carries out abstract interpretation to the driving program of interruption method particularly includes:
(1.1) formalized description is carried out to interrupting driving program, by main task with interrupt driving program collectively as the task of whole system, the abstract priority corresponding to program statement and task of each task;
(1.2) the driving program of interruption is carried out semantic interpretation, describe and interrupt driving program form upon execution, the concrete execution state interrupting driving program obtain state transition function.
Multiple interrupt routine data access conflict detection method based on abstract interpretation the most according to claim 1, it is characterized in that, in described step (1), amendment condition includes: arrives the path condition of amendment target shared variable, arrive the execution status condition of program when revising target shared variable.
Multiple interrupt routine data access conflict detection method based on abstract interpretation the most according to claim 2, it is characterized in that, the determination methods simultaneously meeting target shared variable amendment condition in described step (3) is: judge that the access path of target shared variable is met and simultaneously for executable state by task to be detected with the path of other tasks arrival amendment target shared variable the most simultaneously, if yes, it is judged to meet simultaneously, if it has not, meet when being judged to difference.
Multiple interrupt routine data access conflict detection method based on abstract interpretation the most according to claim 1, it is characterized in that, each task is disturbed by described step (1) information aggregate independence be iterated calculate specific implementation method be: each task is carried out the most independent iteration, during each iteration of each tasks carrying, disturb information aggregate to merge target shared variable all tasks and as the input of iteration, after iteration, export the interference information aggregate of renewal;The interference information aggregate of the renewal that all tasks obtain merges and as the input of next iteration, until the interference information aggregate of all tasks reaches fixed point.
Multiple interrupt routine data access conflict detection method based on abstract interpretation the most according to claim 1, it is characterized in that, also include the semantical definition flow process of the atomic sentence after step (1.2), concrete methods of realizing is: filter original state, describes and interrupts the semantics of every atomic sentence in driving program.
6. according to the multiple interrupt routine data access conflict detection method based on abstract interpretation described in any one in claim 1 ~ 5, it is characterized in that, the determination methods reaching fixed point in described step (2) is: after judging adjacent twice iteration, the overall situation of output disturbs information aggregate the most identical, if it is, judge to reach fixed point.
7. according to the multiple interrupt routine data access conflict detection method based on abstract interpretation described in any one in claim 1 ~ 5, it is characterized in that, described step (3) judges to produce the concrete methods of realizing of access conflict: when task to be detected carries out read access to target shared variable, judge whether overall situation interference information aggregate exists the interference information simultaneously meeting target shared variable amendment condition, if yes judge to produce data access conflict;When task to be detected carries out write access to target shared variable, judge whether globally shared information aggregate exists the interference information simultaneously meeting target shared variable amendment condition, if yes judge to produce data access conflict, if it is otherwise, judge whether that other tasks exist data access conflict to the read access of target shared variable.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410031451.1A CN103778062B (en) | 2014-01-23 | 2014-01-23 | Multiple interrupt routine data access conflict detection method based on abstract interpretation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410031451.1A CN103778062B (en) | 2014-01-23 | 2014-01-23 | Multiple interrupt routine data access conflict detection method based on abstract interpretation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103778062A CN103778062A (en) | 2014-05-07 |
| CN103778062B true CN103778062B (en) | 2016-08-17 |
Family
ID=50570323
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410031451.1A Active CN103778062B (en) | 2014-01-23 | 2014-01-23 | Multiple interrupt routine data access conflict detection method based on abstract interpretation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103778062B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104090798B (en) * | 2014-07-08 | 2017-02-15 | 南京大学 | Dynamic and static combined interrupt drive program data race detection method |
| CN106990971B (en) * | 2017-04-06 | 2020-05-12 | 上海航天测控通信研究所 | System driving method suitable for multi-interrupt data reception |
| CN108845938B (en) * | 2018-06-11 | 2021-04-30 | 南京航空航天大学 | Embedded software modularization Cache behavior analysis method based on abstract interpretation |
| CN109388573B (en) * | 2018-10-23 | 2022-03-04 | 北京轩宇信息技术有限公司 | Error detection method and system during running of interrupt-driven program without false alarm |
| CN111124723B (en) * | 2019-11-04 | 2023-04-14 | 北京轩宇信息技术有限公司 | Interrupt-driven program integer overflow model detection method based on interference variables |
| CN111159022B (en) * | 2019-12-20 | 2023-05-02 | 北京轩宇信息技术有限公司 | Interrupt data access conflict detection method and device based on univariate access sequence mode |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1581808A (en) * | 2004-05-15 | 2005-02-16 | 中兴通讯股份有限公司 | Address conflict detecting method in communcation system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7352771B2 (en) * | 2002-10-08 | 2008-04-01 | Colder Products Company | Data collision detection device and method |
-
2014
- 2014-01-23 CN CN201410031451.1A patent/CN103778062B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1581808A (en) * | 2004-05-15 | 2005-02-16 | 中兴通讯股份有限公司 | Address conflict detecting method in communcation system |
Non-Patent Citations (2)
| Title |
|---|
| Data Race Detection for Interrupt-Driven Programs via Bounded Model Checking;Xueguang Wu;《Software Security and Reliability-Companion(SERE-C),2013 IEEE 7th International Conference on》;20130620;第204-210页 * |
| 多重终端C程序中数据竞争及原子性检测;吴学光 等;《计算机科学与探索》;20111231;第5卷(第12期);第1085-1092页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103778062A (en) | 2014-05-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103778062B (en) | Multiple interrupt routine data access conflict detection method based on abstract interpretation | |
| Wallace | Modular architectural representation and analysis of fault propagation and transformation | |
| CN101286132B (en) | Test method and system based on software defect mode | |
| CN102073588B (en) | Code static analysis based multithread deadlock detection method and system | |
| CN103218296B (en) | A kind of method of abundant detection null pointer dereference defect | |
| CN102063328B (en) | System for detecting interrupt-driven type program data competition | |
| Johnsen et al. | Automated verification of AADL-specifications using UPPAAL | |
| CN103440196B (en) | A kind of operating-system resources failure detecting method | |
| Sung et al. | Modular verification of interrupt-driven software | |
| CN104090798A (en) | Dynamic and static combined interrupt drive program data race detection method | |
| CN102508766B (en) | Static analysis method of errors during operation of aerospace embedded C language software | |
| CN101710303B (en) | Memory leakage detecting method based on flow sensitivity and context sensitivity directing picture | |
| CN105027089B (en) | Core functions detector | |
| CN117271328A (en) | Event-B formalization-based real-time scheduling algorithm schedulability modeling and verifying method, system and application | |
| Albert et al. | Actor-and task-selection strategies for pruning redundant state-exploration in testing | |
| Jafari et al. | Performance analysis of distributed and asynchronous systems using probabilistic timed actors | |
| Caltais et al. | (De-) Composing Causality in Labeled Transition Systems | |
| Giet et al. | Towards zero alarms in sound static analysis of finite state machines | |
| Long et al. | Mutation-based exploration of a method for verifying concurrent Java components | |
| Bornot et al. | An abstract model for sequential function charts | |
| Albore et al. | A Model-Checking approach to analyse temporal failure propagation with altaRica | |
| Kaiser | Extending the expressive power of fault trees | |
| Maraninchi et al. | SystemC/TLM semantics for heterogeneous system-on-chip validation | |
| Mansky et al. | Verifying optimizations for concurrent programs | |
| Abdelqawy et al. | A survey on testing concurrent and multi-threaded applications tools and methodologies |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |