CN105183652A - Temporal dynamic push-down network converting method - Google Patents
Temporal dynamic push-down network converting method Download PDFInfo
- Publication number
- CN105183652A CN105183652A CN201510581987.5A CN201510581987A CN105183652A CN 105183652 A CN105183652 A CN 105183652A CN 201510581987 A CN201510581987 A CN 201510581987A CN 105183652 A CN105183652 A CN 105183652A
- Authority
- CN
- China
- Prior art keywords
- territory
- clock
- time
- represent
- stack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 230000002123 temporal effect Effects 0.000 title abstract 3
- 238000006243 chemical reaction Methods 0.000 claims abstract description 24
- 238000013508 migration Methods 0.000 claims description 48
- 230000005012 migration Effects 0.000 claims description 45
- 230000007704 transition Effects 0.000 claims description 37
- 230000008859 change Effects 0.000 claims description 11
- 230000009471 action Effects 0.000 claims description 5
- 230000008569 process Effects 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 abstract description 12
- 238000004891 communication Methods 0.000 abstract description 2
- 238000005457 optimization Methods 0.000 abstract 2
- 230000015654 memory Effects 0.000 abstract 1
- 230000000875 corresponding effect Effects 0.000 description 24
- 238000013519 translation Methods 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 4
- 238000013461 design Methods 0.000 description 4
- 230000001617 migratory effect Effects 0.000 description 4
- 230000009467 reduction Effects 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 230000009466 transformation Effects 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000000638 solvent extraction Methods 0.000 description 2
- 238000005094 computer simulation Methods 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000004880 explosion Methods 0.000 description 1
- 238000010998 test method Methods 0.000 description 1
Landscapes
- Design And Manufacture Of Integrated Circuits (AREA)
Abstract
The invention discloses a temporal dynamic push-down network converting method used for describing real-time concurrent recursive modeling including recursive and dynamic thread creation. The converting method includes the steps that a global clock for describing continuous time and real number clocks capable of describing global variables and stack character ages related to time are introduced in DPN, so that asynchronous communication is achieved based on shared memories, and a real-time concurrent system with dynamic thread creation is modeled; for a clock equivalence technology based on integer division, an optimization technology based on a clock key point is given, a clock interval is reduced, and therefore state space obtained after conversion is reduced. As temporal dynamic push-down networks are abstract models of one kind of real-time concurrent recursive programs, the models are converted into the dynamic push-down networks by the clock equivalence optimization technology based on the key point, in this way, it is detected that the models are errors or bugs in the corresponding concurrent recursive program by verifying whether execution of the dynamic push-down networks operates into an error state or not.
Description
Technical field
The invention belongs to software security and reliability consideration field, relate to the verification method of multi-thread concurrent recursive program, a kind of accessibility solution technique be applicable to containing free multi-thread concurrent recursive program abstract model, the conversion method of network of pushing net under being specifically related to a kind of Time dynamic.
Background technology
Along with the development of multi-core technology, concurrent program has become the focus of present procedure design studies.Because concurrence performance exists uncertain, thus the mistake causing conventional test methodologies to be difficult to hide in discovery procedure and leak.Model testing is a kind of automatic Verification technology by exhaustive search, has become and has ensured program safety and reliable important means, and the one that can be used as method of testing is supplemented.Whether approachability analysis can reach by analyzing a certain state, is the important core technology of model testing.
In recent years, researchist, based on automaton model, introduces real-time clock, for describing real time system modelling and checking thereof.Within 1994, Alur proposes Timed Automata (R.Alur, D.Dill, Atheoryoftimedautomata [J] .TheoreticalComputerScience, 126 (2), pp.183-235, 1994.) be on the basis of automat, introduce the clock describing continuous time, and give clock equivalent technique, thus implementation model automat proving time (J.Bengtsson, W.Yi, Timedautomata:Semantics, algorithmsandtools [C], 4thAdvancedCourseonPetriNets, Eichstaat.Germany, pp.87-124, 2004).In order to solve the real time system modelling containing recurrence, Trivedi (A.Trivedi, D.Wojtczak, RecursiveTimedAutomata [C], ATVA2010.LNCS, vol.6252, Springer, Heidelberg, pp.306 – 324.2010.) time pushdown automata is proposed, and by clock equivalent technique, time pushdown automata is converted to pushdown automata, solve the Reachability question of minimum time cost.Li (LGqiang in 2013, CXjuan, O.Mizuhito, NestedTimedAutomata [R], Researchreport (SchoolofInformationScience, JapanAdvancedInstituteofScienceandTechnology), IS-RR-2013-004, pp.1-20,2013) propose nested Timed Automata, utilize nested thought to solve recurring problem in real-time system.But this class model cannot describe the Real-time and Concurrent system modelling with dynamic thread creation.Bouajjani (A.Bouajjani, M.M.Olm, T.Touili.Regularsymbolicanalysisofdynamicnetworksofpushd ownsystems [C] .Proceedingsofthe16thInternationalConferenceonConcurrenc yTheory.LNCS3653, SanFrancisco:CiscoSyst, 2005, 473-487.) propose a kind of and give pushing system (B.Bollig, D.Kuske, R.Mennicke, Thecomplexityofmodelcheckingmulti-stacksystems [C], Proceedingsofthe201328thAnnualACM/IEEESymposiumonLogicin ComputerScience, NewOrleans, LA, USA, pp.163-72, 2013) extended model---network (DPN) of pushing net dynamically, solve the dynamic creation of new thread in concurrent system, this model is applicable to containing recurrence and with the concurrent system modeling of dynamic thread creation.Based on DPN, Lammich (P.Lammich, M.M.Olm, H.Seidl, ContextualLockingforDynamicPushdownNetworks [C] .StaticAnalysis.Proceedingsof20thInternationalSymposium, Seattle, WA, USA, pp.47-98,2013.) propose the technology of context lock, solve stationary problem between process recurrence, and carried out reverse reachability analysis.Wenner (A.Wenner, Weighteddynamicpushdownnetworks [C], 19thEuropeansymposiumonprogramming, Paphos, Cyprus, pp.590-609,2010.) in DPN, introduce weights, be used for solving the accessibility of shortest path.
Because above-mentioned model cannot describe situation mutual between real-time multithread concurrent recursive system thread, for the concurrent recursive program of real-time multithread, this class method of Formal Verification will produce State-explosion problem, bring extreme difficulties to checking.
Summary of the invention
Technical matters to be solved by this invention is pushed net under being to provide a kind of Time dynamic the conversion method of network, network of pushing net under its Time dynamic is a kind of abstract model of Real-time and Concurrent recursive program, be network of pushing net under dynamically based on the clock optimisation technique of equal value of key point this model conversion, like this by confirming whether the execution pushing away network model dynamically can run to error condition, thus detect the mistake in this model i.e. corresponding concurrent recursive program or leak.
For solving the problem, the present invention is achieved by the following technical solutions:
To push net under Time dynamic the conversion method of network, comprise the steps:
Step (1) is pushed net under described Real-time and Concurrent recursive program is converted to a Time dynamic network.
To push net under the abstract model of step (1.1) structure Real-time and Concurrent recursive program and Time dynamic network.
Network of pushing net under the Time dynamic constructed is a four-tuple T=(P, Γ, Δ, X), wherein: P is state set; Γ is stack character set; Δ=Δ
nop∪ Δ
=∪ Δ
├∪ Δ
push∪ Δ
pop∪ Δ
dcmigration rules set, wherein Δ
noprepresent blank operation migration, Δ
=represent the migration of clock assignment, Δ
├represent migration time lapse, Δ
pushrepresent stacked migration, Δ
poprepresent migration of popping, Δ
dcrepresent that dynamic thread creation moves; X represents clock collection, its value function
represent for
be θ (x) in current value, with the global variable of time correlation and stack character " age " value also similar with it.
Construct Time dynamic under push away network situation
represent described model state at a time, wherein:
represent the two tuple <g of current global variable g and its " age " θ (g), θ (g) >;
p
i∈ P represents local state node,
represent that stack sequence is the stack contents ω of i
iwith its " age " θ (ω
i) two tuple < ω
i, θ (ω
i) >;
represent the two tuple <x of clock x and its value θ (x), θ (x) >.
Network operational semantics of pushing net under constructed Time dynamic is described by step (1.2).
Pushing net under Time dynamic the model of network as real-time multithread program, producing migration for describing multiple lower pushing system, its transition relationship Δ=Δ simultaneously
nop∪ Δ
=∪ Δ
├∪ Δ
push∪ Δ
pop∪ Δ
dcprovide it according to different migration actions below and perform implication;
1) Δ=Δ
noptime, op=nop,
represent that general layout interior element does not change;
2) Δ=Δ
=time, op=x ← I,
c ∈ I; Represent to the arbitrary value v within the scope of clock x assigned I, other general layout interior element does not change;
3) Δ=Δ
├time, op=Time ← c,
suppose
so
Represent that in general layout, all clocks increase v, in general layout, non-clock contents does not change;
4) Δ=Δ
pushtime, op=push (a, I),
v ∈ I,
represent and variable a is pressed into stack top, and to set corresponding clock be x, its clock value is the arbitrary value within the scope of I;
5) Δ=Δ
poptime, op=pop (a, I),
v ∈ I,
stack top internal clock value is that the variable a of I scope ejects by expression;
6) Δ=Δ
dctime, op=dc,
represent and create new thread stack contents.
Push net under the Time dynamic that step (1) obtains by step (2) network T=(P, Γ, Δ, X), is converted to by following conversion method the network M=(P that to push net dynamically
m, Γ
m, Δ
m);
Step (2.1) state P
mconversion:
namely the state set of T is identical with the state set of M.
Step (2.2) stack character set
conversion: if a ∈ { Γ, ├ }, then
and
Step (2.3) transition relationship Δ is to Δ
mtransformation rule.
Suppose the current TDPN containing n stack, for convenience, only describe lower pushing system execution pop down and Pop operations that sequence is i, other stack operation is similar with it.If the stack level of this lower pushing system is l, and is numbered 1 at the bottom of stack, stack top is numbered l.This TDPN contains global variable g, clock variable x, stack contents ω={ ω
1ω
iω
n, wherein ω
irepresent the stack contents of No. i lower pushing system, use ω
il| Γrepresent ω
ibe projected in the stack top character of Γ.
each expression its " age " and the key point of value under clock equivalence.Thus known correspondence is in the present clock of M territory of equal value
wherein
representative domain R
lrecord stack top character, ├ representative domain R
lreference clock character, ├
.representative domain R
lcorresponding character time lapse.
TDPN general layout
φ=(γ, op, γ ') ∈ Δ represents the general layout migration of T, and the general layout migration of corresponding M can be expressed as
wherein p with p ' is identical with state in T, represents the state before and after general layout migration respectively; R
l={ R
1lr
ilr
nlrepresent stack top territory, wherein R
ilrepresent the stack top territory of No. i lower pushing system, R
land R
l' represent that general layout moves the stack top territory of front and back respectively; Action migration collection op ' corresponding to the op of T, below main description construct R according to different op
l':
1) as op=nop, for
exist in and if only if M
only state is changed, so general layout migration also only changes state, territory R in M at T hollow operations
lremain unchanged.
2) as op=(x ← I), for
exist in and if only if M
this transition relationship represents DPN territory R
lmiddle clock is that the item of x performs
operation, wherein θ (x) ' ∈ I, carrys out structural domain R
l'.Concrete implementation is as follows:
● territory R
lpop, obtain R
lin item
resetting θ (x) is θ (x) ', forms new item
● item
replace territory R
lin item
obtain territory R
l', and stacked, be transformed into new state p '.
3) as op=(Time ← v), for
exist in and if only if M
this transition relationship representative domain R
lin except reference clock item (├, 0), the clock value of all the other all items adds v time lapse, carrys out structural domain R
l +.Concrete execution step is:
● territory R
lpop, except reference clock, all add v time lapse,
represent and correspond to g, ω
il, x new general term,
the corresponding new record item of each expression,
represent reference clock entry;
● new item replaces original item, obtains territory R
l +, and stacked, be transformed into new state p '.
4) as op=push (a, I), for
and if only if, and M exists
this transition relationship represents, carrying out stack-incoming operation to No. i lower pushing system, is a by character, is worth to be
the stacked territory R of item
il, carry out structural domain R
i (l+1).Detailed process is as follows:
● from R
ilobtain item
with
●
replace respectively
obtain territory R
i (l+1), and stacked, be transformed into new state p '.
5) as op=pop (a, I), for
and if only if, and M exists
this transition relationship represents, pop territory R
ilmiddle stack character is a, and the item of θ (a) ∈ I, carry out structural domain R
il'.Concrete steps are described below:
● pop territory R
ilwith territory R
i (l-1), obtain territory R
ilin item
● territory R
(l-1)in the clock value of all items add θ (├
.), obtain territory R
i (l-1)';
● pass through R
iland R
i (l-1)' obtain territory R
il', R
il' item is respectively: common stack character item is from territory R
i (l-1)'; Ordinary clock item, global variable item are from territory R
il; Entry is all from territory R
i (l-1)';
● stacked territory R
il', be transformed into new state p '.
6) when
time, for
exist in and if only if M
this transition relationship represents, creates new thread and carrys out structural domain R
l'.Suppose TDPN model, dynamic creation newly descends the stack of pushing system to be numbered n+1.Concrete execution step is as follows:
● pop territory R
l, the optimisation technique of equal value of the clock based on key point, can obtain general character item
entry
● item
with
join domain R
l, obtain territory R
l', and stacked, be transformed into new state p '.
The present invention studies based on network (TimeDynamicPushdownNetworks, TDPN) of pushing net under Time dynamic, for describing the Real-time and Concurrent recusive modeling containing recurrence, dynamically thread creation.First in DPN, introduce the global clock describing continuous time, and the real number clock that can describe with time correlation global variable and stack character " age ", thus asynchronous communication can be carried out to based on shared drive, and carry out modeling with the Real-time and Concurrent system of dynamic thread creation.Secondly to the clock equivalent technique based on integer partitioning, provide a kind of optimisation technique based on clock key point, reduction clock is interval, thus the state space after reduction conversion.In order to further reduced state space, adopt the dynamic converting method only paying close attention to stack top, convert continuous model TDPN to corresponding DPN, provide corresponding transfer algorithm simultaneously.Then prove that its correctness changed and TDPN can reach consistance, thus existing DPN can be utilized can to reach the Reachability question of technology solution TDPN.
Accompanying drawing explanation
Fig. 1 is x
i, x
jclock is of equal value interval.
Embodiment
The present invention proposes a kind of analysis method of reachability for pushing away network model under Time dynamic, network model is pushed away under Time dynamic, adopt the clock optimisation technique of equal value based on key point, by network model conversion of pushing net under continuous print Time dynamic be dynamically discrete dynamic under push away network model, thus to a kind of automatic mode that the accessibility problem pushing away network model under Time dynamic solves.
One, the TDPN model stage is constructed: TDPN model is the one expansion of DPN model, and basic thought is in DPN, introduce the real-time clock describing continuous time, is used for describing the Real-time and Concurrent recursive program being with dynamic thread creation.
Set out by the syntax and semantics of TMPDN, by Real-time and Concurrent Program transformation be the conversion method of TMPDN be divided into stack to move to the interior transfer is changed, switch transition and concurrence performance change three classes between stack.
1, concurrent program abstract model is built---network of pushing net under Time dynamic
TDPN model is a four-tuple T=(P, Γ, Δ, X), wherein: P is state set; Γ is stack character set; Δ=Δ
nop∪ Δ
=∪ Δ
├∪ Δ
push∪ Δ
pop∪ Δ
dcmigration rules set, wherein Δ
noprepresent blank operation migration, Δ
=represent the migration of clock assignment, Δ
├represent migration time lapse, Δ
pushrepresent stacked migration, Δ
poprepresent migration of popping, Δ
dcrepresent that dynamic thread creation moves; X represents clock collection, its value function
represent for
be θ (x) in current value, with the global variable of time correlation and stack character " age " value also similar with it.
When TDPN model moves, multiple lower pushing system concurrence performance, namely synchronization has multiple stack to move.Assuming that G is global variable collection, TDPN general layout can be expressed as:
wherein:
represent the two tuple <g of current global variable g and its " age " θ (g), θ (g) >;
p
i∈ P represents local state node,
represent that stack sequence is the stack contents ω of i
iwith its " age " θ (ω
i) two tuple < ω
i, θ (ω
i) >;
represent the two tuple <x of clock x and its value θ (x), θ (x) >.The migration behavior aggregate op of TDPN comprises blank operation nop; Clock resetting x ← I, wherein x ∈ X, I represent clock span; Time lapse Time ← v, wherein Time represents the time of passage, and v represents the real number value of concrete passage, represents that clock value increases v not having the present invention in ambiguity situation with θ+v; Stack-incoming operation push (a, I), represents stacked character a, and belongs to the real number of interval I to its age assignment; Pop operations pop (a, I), first judges whether " age " of stack symbol a meets interval I, if met, carries out Pop operations, otherwise undo; Dynamic thread creation operation
represent dynamic creation new thread.
2, the operational semantics of TDPN
For convenience, when general layout is moved, the migration only describing a lower pushing system performs, and its remaining pushing system is constant, and the situation of multiple lower pushing system concurrence performance is also similar with it, and the operational semantics of TDPN general layout transition relationship is defined as follows:
1) Δ=Δ
noptime, op=nop,
represent that general layout interior element does not change;
2) Δ=Δ
=time, op=x ← I,
c ∈ I; Represent to the arbitrary value v within the scope of clock x assigned I, other general layout interior element does not change;
3) Δ=Δ
├time, op=Time ← c,
suppose
so
Represent that in general layout, all clocks increase v, in general layout, non-clock contents does not change;
4) Δ=Δ
pushtime, op=push (a, I),
v ∈ I,
represent and variable a is pressed into stack top, and to set corresponding clock be x, its clock value is the arbitrary value within the scope of I;
5) Δ=Δ
poptime, op=pop (a, I),
v ∈ I,
stack top internal clock value is that the variable a of I scope ejects by expression;
6) Δ=Δ
dctime, op=dc,
represent and create new thread stack contents.
Two, the conversion method design phase: in order to analyze the accessibility of TDPN, need carry out abstract to it, reduce its state space, the present invention is based on the clock optimisation technique of equal value of key point, use the thought of on-the-fly, be only concerned about the conversion of stack top, dynamically convert discrete DPN model to by abstract for continuous model, then use existing DPN reachability analysis technology, thus solve the Reachability question of TDPN.
In order to reduce the state space after conversion, first reduced time region division, the optimisation technique of equal value of the clock based on key point, compared with integer partitioning region, can allow the state space exponential reduction after conversion.Secondly based on this technology, in TDPN model with correlated variables continuous time--global variable and " age ", stack character and " age ", clock variable and value thereof, be converted to the territory of the stack contents describing DPN in DPN model.
Utilize clock equivalent technique will be converted to discrete time continuous time, utilize the thought of dynamic translation to change one by one general layout migration, until all general layouts calculate complete.
1, based on key point clock optimisation technique
In order to describe the general layout converting DPN system to, introduce the concept of territory R, territory R is made up of one group of item r, and item r is made up of character set Z and set of keypoints key.
Character set Z comprises general character collection Y and record character set Y
., be described as Z=Y ∪ Y
..Wherein general character collection Y comprises: (1) clock collection X; (2) stack character Γ; (3) global variable collection G; (4) reference clock character ├, is used for passing, unless carried out Pop operations, be not so always 0, therefore general character collection Y can be described as Y=X ∪ Γ ∪ G ∪ { ├ } writing time.Record character set Y
.represent the time lapse of general character Y, if X
.={ x
.| x ∈ X} represents record global clock; Γ
.={ a
.| a ∈ Γ } represent recording stack character; G
.={ g
.| g ∈ G} represents record global variable; { ├
.representing record reference clock character set, main next passage writing time, so that update time during Pop operations, therefore record character set is described as Y
.=X
.∪ Γ
.∪ G
.∪ { ├
..
For arbitrarily and the character set of time correlation, its time-shift is determined by some key points, and has maximal value, therefore can to arbitrary character, can each self-defined maximal value constant k with time correlation
max, be allly greater than k
maxall represent with symbol ∞.To any character z
i∈ Z, according to the migration of time conversion, can find the time-critical point determining migration, therefore character z
itime-critical point set key
i={ 0, k
i1..., k
il..., k
im, k
iMax, ∞ }, wherein 1<l<m, 1<i≤| Z|.According to above-mentioned character set and crucial point set, territory can be obtained
Clock optimisation technique of equal value is exactly continuous clock value discretize, i.e. real number clock value
be divided into two parts: (1) key point part
represent and key point is got downwards to real number value x; (2) remainder
Suppose that x ∈ X is any clock element in TDPN, represent the real number value of clock x with θ (x),
represent and territory equivalence is carried out to clock x, get key point part.Suppose for any two clock x
i, x
j∈ X when meeting the clock value of following rule, is then clock of equal value:
(1) θ (x
i) >k
iMaxand if only if
i.e. x
iclock value be greater than maximal value, x
iget infinitely great ∞.
(2) k
il≤ θ (x
i) <k
i (l+1)and if only if
i.e. x
iclock value be less than key point k
i (l+1)and be more than or equal to k
iltime, x
iget key point k
il.
(3) suppose
and if only if re (θ (x
i) <re (θ (x
j)), i.e. x
iget key point k
il, x
jget key point k
jl, work as x
iclock value and key point k
ildifference be less than x
jclock value and key point k
jldifference time, be denoted as re (x
i) <re (x
j).
Suppose for any two clock x
i, x
j∈ X and key={key
1..., key
n, the rule of equal value of the clock zone based on clock key point.For example (0≤θ (x
i) <k
i1, 0≤θ (x
j) <k
j1) region,
and re (θ (x
i)) >re (θ (x
j)); At (k
i1≤ θ (x
i) <k
i2, k
j1≤ θ (x
j) <k
j2) region,
and re (θ (x
i)) <re (θ (x
j)), then the clock value in interval is clock of equal value, dash area as shown in Figure 1.
2, structural transform rule
In order to further reduced state space, adopt on-the-fly technology and use dynamic translation thought, only pay close attention to the territory conversion of stack top and lower one deck, and without the need to being concerned about stack other parts, then move according to difference, provide different switching rule, thus the TDPN accessibility problem of complexity can be converted to DPN accessibility problem.
Supposing a given TDPNT=(P, Γ, Δ, X), is DPNM=(P by T dynamic translation
m, Γ
m, Δ
m), to P
m, Γ
m, Δ
mcarry out dynamic transition rules as follows:
(I) state set P
m:
i.e. P
m=P.
(II) stack character set
if a is ∈ { Γ, ├ }, then
and
(III) transition relationship Δ
mstructure:
Suppose the current TDPN containing n stack, for convenience, only describe lower pushing system execution pop down and Pop operations that sequence is i, other stack operation is similar with it.If the stack level of this lower pushing system is l, and is numbered 1 at the bottom of stack, stack top is numbered l.This TDPN contains global variable g, clock variable x, stack contents ω={ ω
1ω
iω
n, wherein ω
irepresent the stack contents of No. i lower pushing system, use ω
il| Γrepresent ω
ibe projected in the stack top character of Γ.
each expression its " age " and the key point of value under clock equivalence.Thus known correspondence is in the present clock of M territory of equal value
wherein
representative domain R
lrecord stack top character, ├ representative domain R
lreference clock character, ├
.representative domain R
lcorresponding character time lapse.
TDPN general layout
φ=(γ, op, γ ') ∈ Δ represents the general layout migration of T, and the general layout migration of corresponding M can be expressed as
wherein p with p ' is identical with state in T, represents the state before and after general layout migration respectively; R
l={ R
1lr
ilr
nlrepresent stack top territory, wherein R
ilrepresent the stack top territory of No. i lower pushing system, R
land R
l' represent that general layout moves the stack top territory of front and back respectively; Action migration collection op ' corresponding to the op of T, below main description construct R according to different op
l':
(1) as op=nop, for
exist in and if only if M
only state is changed, so general layout migration also only changes state, territory R in M at T hollow operations
lremain unchanged.
(2) as op=(x ← I), for
exist in and if only if M
this transition relationship represents DPN territory R
lmiddle clock is that the item of x performs
operation, wherein θ (x) ' ∈ I, carrys out structural domain R
l'.Concrete implementation is as follows:
● territory R
lpop, obtain R
lin item
resetting θ (x) is θ (x) ', forms new item
● item
replace territory R
lin item
obtain territory R
l', and stacked, be transformed into new state p '.
(3) as op=(Time ← v), for
exist in and if only if M
this transition relationship representative domain R
lin except reference clock item (├, 0), the clock value of all the other all items adds v time lapse, carrys out structural domain R
l +.Concrete execution step is:
● territory R
lpop, except reference clock, all add v time lapse,
represent and correspond to g, ω
il, x new general term,
the corresponding new record item of each expression,
represent reference clock entry;
● new item replaces original item, obtains territory R
l +, and stacked, be transformed into new state p '.
(4) as op=push (a, I), for
and if only if, and M exists
this transition relationship represents, carrying out stack-incoming operation to No. i lower pushing system, is a by character, is worth to be
the stacked territory R of item
il, carry out structural domain R
i (l+1).Detailed process is as follows:
● from R
ilobtain item
with
●
replace respectively
obtain territory R
i (l+1), and stacked, be transformed into new state p '.
(5) as op=pop (a, I), for
and if only if, and M exists
this transition relationship represents, pop territory R
ilmiddle stack character is a, and the item of θ (a) ∈ I, carry out structural domain R
il'.Concrete steps are described below:
● pop territory R
ilwith territory R
i (l-1), obtain territory R
ilin item
● territory R
(l-1)in the clock value of all items add θ (├
.), obtain territory R
i (l-1)';
● pass through R
iland R
i (l-1)' obtain territory R
il', R
il' item is respectively: common stack character item is from territory R
i (l-1)'; Ordinary clock item, global variable item are from territory R
il; Entry is all from territory R
i (l-1)';
● stacked territory R
il', be transformed into new state p '.
(6) when
time, for
exist in and if only if M
this transition relationship represents, creates new thread and carrys out structural domain R
l'.Suppose TDPN model, dynamic creation newly descends the stack of pushing system to be numbered n+1.Concrete execution step is as follows:
● pop territory R
l, the optimisation technique of equal value of the clock based on key point, can obtain general character item
entry
● item
with
join domain R
l, obtain territory R
l', and stacked, be transformed into new state p '.
Three, in the algorithm design stage: optimize and dynamic translation thought based on clock equivalence, propose one and be converted to DPNM=(P for TDPNT=(P, Γ, Δ, X)
m, Γ
m, Δ
m) algorithm, this algorithm, for the transition relationship Δ of T, by transformation rule, calculates transition relationship Δ corresponding to M exhaustively
m.
Optimize and dynamic translation thought based on clock equivalence, propose to be converted to DPNM=(P for TDPNT=(P, Γ, Δ, X)
m, Γ
m, Δ
m) algorithm, this algorithm, for the transition relationship Δ of T, by the transformation rule of upper joint, calculates at transition relationship Δ corresponding to M exhaustively
m.The input of algorithm is continuous print TDPNT, and output is discrete DPNM.Suppose that the initial configuration of TDPN is
each stack contents is initially empty, corresponding structure M initial domain R
init.
If the transition relationship set of T exists φ=(γ, op, γ ') ∈ Δ, its general layout comprises global variable
stack string
clock
the current general layout of M is β=<p, R
l>, territory R
lcomprise
(├, 0) represents g, ω
il, general term that x, ├ are corresponding,
represent corresponding entry.According to φ and R
ldynamic structural domain R
l', namely there is transition relationship
add this transition relationship to Δ
min.
Algorithm: TDPN is converted into DPN algorithm
Input: TDPNT=(P, Γ, Δ, X)
Export: corresponding DPNM=(P
m, Γ
m, Δ
m)
In transfer algorithm, the 1st and 2 row represent the initialization in general layout to worker thread and territory respectively, and from the 4th row, for the general layout transition relationship Δ of T, limit calculates the transition relationship Δ with domain representation in M
m.Wherein the 8th and 9 row represent that blank operation is moved, and corresponding M only changes state, and territory is constant.10 to 12 line description clock resetting operation migration, territory R
lin the value of clock x
reset to
13 to 15 line description migration time lapse, territory R
lin except reference clock item (├, 0), the clock value of all the other all items, all adds v time lapse.16 to 18 line description stack-incoming operation migration, press-in character a.19 to 22 line description Pop operations migration, wherein R
i (l-1)' representative domain R
i (l-1)all items all add co-domain R
ilθ (├ time lapse
.).23 to 25 line description dynamic creation thread migration, the new thread of establishment is n+1.For TDPNT, this algorithm is terminable, and the time complexity of this algorithm, with the cartesian product exponentially relation of item character set and crucial point set, with the size exponentially relation of program.
For TDPNT, this algorithm is terminable, and the time complexity of this algorithm, with the cartesian product exponentially relation of item character set and crucial point set, with the size exponentially relation of program.
Four, Reachability question proves the stage: by proving state p
fits transition status p that can reach in TDPN that and if only if
f' can reach in DPN, thus whether Confirming model conversion exists mistake.
TDNP Reachability question is changed into DPN Reachability question by clock optimisation technique of equal value, the correctness changing into M from T need be proved, i.e. state p
fat TDPN its transition status p that can reach that and if only if
f' can reach at DPN.
Definition 1 (accessibility): establish migratory system TDPNT,
for the initial configuration of T, wherein
for global variable initial value; p
initfor original state; ε is stack initial value (representing that stack is empty);
for initial clock (assignment is 0), target pattern
if there is general layout migration in T
so state p
fcan reach at T.
If R=R
0r
1r
nit is one group of territory in the set of M stack territory.For R
1, R
2two territories, if R
1r
2strict partial ordering relation, remembers
if R
1r
2non-critical partial ordering relation, remembers
for territory collection R, if
then R is claimed to be the domain of dependence, if
then R is claimed to be the weak domain of dependence.If R is (weak) domain of dependence, then general layout β=<p, R> is (weak) relevant general layout.For weak domain of dependence R=R
0r
1r
nwith territory R '=R
0' R
1' ... R
n', if R
n'=R
n, R
i' ∈ R
i +(wherein R
i +r
itime-shift territory) and
then territory R
'it is the strong correlation territory of territory R.A given relevant general layout β at M=<p, R>, if territory R ' is the strong correlation territory of territory R, then general layout β '=<p, R ' > is exactly the strong correlation general layout of β.
Theorem 1: for any one general layout γ of T, is transformed by clock equivalence, all there is general layout β corresponding with it at M.
Prove: a general layout of establishing general layout β=<p, R>, a T of M
wherein
suppose that S is migratory system T variables collection this moment, S converts the territory R in M to through clock domain equivalence.If
r=R
0r
1r
nwith value θ (the i.e. θ of S
|=S), expression is set up:
●p′=p
●
●
So γ |=
s, namely for any one general layout γ of T, after encoded translated by clock zone, there is general layout β corresponding with it at M in β.
Prove that accessibility first need introduce two laws below:
Law 1: can general layout β be reached for any one canonical belonging to M, strong correlation general layout β '=<p, R ' >, the S of β is T variables collection this moment, must exist with it for general layout γ, there is γ in T |=
sβ and
Law 2: for any one the general layout γ belonging to T, corresponding pattern β must be there is in M, at least there is strong correlation general layout β '=<p, the R ' > of a β, and, so there is γ in the conversion S set of existence domain R ' |=
sβ and
Theorem 2: state p
fat the TDPNT p that can reach that and if only if
f' can reach at DPNM.
Prove: first demonstrate,prove adequacy: state p
fcan reach at TDPN
its transition status p
f' can reach at DPN.
If dbjective state p
f' be to reach at M, so just there is a canonical and can reach general layout β (p
f' be the state of general layout β).Reaching general layout because DPNM is all is all weak relevant, and can reach general layout β is weak relevant general layout, strong correlation general layout β '=<p, R ' > that therefore at least existence one is corresponding.By the known canonical general layout β at migratory system M of law 1, there is a strong correlation general layout β ' and the S set converting R ' to, corresponding pattern γ with it must be there is in T, there is γ |=
sβ and
i.e. state p
f(p
fstate for general layout γ) can reach at T.
Demonstrate,prove necessity again: state p
fcan reach at TDPN
its transition status p
f' can reach at DPN.
If dbjective state p
f' be to reach at T, must exist in M with it for general layout β (p by theorem 1 is known
f' be the state of general layout β), therefore at least there is strong correlation general layout β '=<p, R ' >.By the known general layout γ at migratory system T of law 2, there is a strong correlation general layout β ' and the territory S set converting R ' to, corresponding pattern β with it must be there is in M, there is γ |=
sβ and
i.e. state p
f' (p
f' be the state of general layout β) can reach at M.
Therefore, state p
fat TDPN its transition status p that can reach that and if only if
f' can reach at DPN.
The design mistake or leak that exist in concurrent recursive program can be found out by above method step, ensure reliability and the correctness of program.This method is the accessibility method for solving of robotization, and the judging of network Reachability question of pushing net under can realizing Time dynamic solves, and too much participates in without the need to user, can reach general layout computation process simple, effectively.
Claims (1)
1. to push net under Time dynamic the conversion method of network, it is characterized in that, comprise the steps:
Step (1) is pushed net under described Real-time and Concurrent recursive program is converted to a Time dynamic network;
To push net under the abstract model of step (1.1) structure Real-time and Concurrent recursive program and Time dynamic network;
Network of pushing net under the Time dynamic constructed is a four-tuple T=(P, Γ, Δ, X), and wherein P is state set; Γ is stack character set; Δ=Δ
nop∪ Δ
=∪ Δ
├∪ Δ
push∪ Δ
pop∪ Δ
dcmigration rules set, wherein Δ
noprepresent blank operation migration, Δ
=represent the migration of clock assignment, Δ
├represent migration time lapse, Δ
pushrepresent stacked migration, Δ
poprepresent migration of popping, Δ
dcrepresent that dynamic thread creation moves; X represents clock collection, its value function
represent for
be θ (x) in current value;
Construct Time dynamic under push away network situation
represent described model state at a time, wherein:
represent the two tuple <g at current global variable g and its age θ (g), θ (g) >;
p
i∈ P represents local state node,
represent that stack sequence is the stack contents ω of i
iwith its age θ (ω
i) two tuple < ω
i, θ (ω
i) >;
represent the two tuple <x of clock x and its value θ (x), θ (x) >;
Network operational semantics of pushing net under constructed Time dynamic is described by step (1.2);
Pushing net under Time dynamic the model of network as real-time multithread program, producing migration for describing multiple lower pushing system, its transition relationship Δ=Δ simultaneously
nop∪ Δ
=∪ Δ
├∪ Δ
push∪ Δ
pop∪ Δ
dcprovide it according to different migration actions below and perform implication;
1) Δ=Δ
noptime, op=nop,
represent that general layout interior element does not change;
2) Δ=Δ
=time, op=x ← I,
c ∈ I; Represent to the arbitrary value v within the scope of clock x assigned I, other general layout interior element does not change;
3) Δ=Δ
├time, op=Time ← c,
suppose
So
Represent that in general layout, all clocks increase v, in general layout, non-clock contents does not change;
4) Δ=Δ
pushtime, op=push (a, I),
v ∈ I,
represent and variable a is pressed into stack top, and to set corresponding clock be x, its clock value is the arbitrary value within the scope of I;
5) Δ=Δ
poptime, op=pop (a, I),
v ∈ I,
stack top internal clock value is that the variable a of I scope ejects by expression;
6) Δ=Δ
dctime, op=dc,
represent and create new thread stack contents;
Push net under the Time dynamic that step (1) obtains by step (2) network T=(P, Γ, Δ, X), is converted to by following conversion method the network M=(P that to push net dynamically
m, Γ
m, Δ
m);
Step (2.1) state P
mconversion:
namely the state set of T is identical with the state set of M;
Step (2.2) stack character set
conversion: if a ∈ { Γ, ├ }, then
and
Step (2.3) transition relationship Δ is to Δ
mtransformation rule;
If the stack level of this lower pushing system is l, and is numbered 1 at the bottom of stack, stack top is numbered l; This TDPN contains global variable g, clock variable x, stack contents ω={ ω
1ω
iω
n, wherein ω
irepresent the stack contents of No. i lower pushing system, use ω
il|
Γrepresent ω
ibe projected in the stack top character of Γ;
its age of each expression and the key point of value under clock equivalence; Thus known correspondence is in the present clock of M territory of equal value
wherein
representative domain R
lrecord stack top character, ├ representative domain R
lreference clock character, ├
.representative domain R
lcorresponding character time lapse;
TDPN general layout
φ=(γ, op, γ ') ∈ Δ represents the general layout migration of T, and the general layout migration of corresponding M can be expressed as
wherein p with p ' is identical with state in T, represents the state before and after general layout migration respectively; R
l={ R
1lr
ilr
nlrepresent stack top territory, wherein R
ilrepresent the stack top territory of No. i lower pushing system, R
land R
l' represent that general layout moves the stack top territory of front and back respectively; Action migration collection op ', corresponding to the op of T, the following describes and constructs R according to different op
l':
1) as op=nop, for
exist in and if only if M
only state is changed, so general layout migration also only changes state, territory R in M at T hollow operations
lremain unchanged;
2) as op=(x ← I), for
exist in and if only if M
this transition relationship represents DPN territory R
lmiddle clock is that the item of x performs
operation, wherein θ (x) ' ∈ I, carrys out structural domain R
l'; Concrete implementation is as follows:
Territory R
lpop, obtain R
lin item
resetting θ (x) is θ (x) ', forms new item
?
replace territory R
lin item
obtain territory R
l', and stacked, be transformed into new state p ';
3) as op=(Time ← v), for
exist in and if only if M
this transition relationship representative domain R
lin except reference clock item (├, 0), the clock value of all the other all items adds v time lapse, carrys out structural domain R
l +; Concrete execution step is:
Territory R
lpop, except reference clock, all add v time lapse,
represent and correspond to g, ω
il, x new general term,
the corresponding new record item of each expression,
represent reference clock entry;
New item replaces original item, obtains territory R
l +, and stacked, be transformed into new state p ';
4) as op=push (a, I), for
and if only if, and M exists
this transition relationship represents, carrying out stack-incoming operation to No. i lower pushing system, is a by character, is worth to be
the stacked territory R of item
il, carry out structural domain R
i (l+1); Detailed process is as follows:
From R
ilobtain item
with
replace respectively
obtain territory R
i (l+1), and stacked, be transformed into new state p ';
5) as op=pop (a, I), for
and if only if, and M exists
this transition relationship represents, pop territory R
ilmiddle stack character is a, and the item of θ (a) ∈ I, carry out structural domain R
il'; Concrete steps are described below:
Pop territory R
ilwith territory R
i (l-1), obtain territory R
ilin item
Territory R
(l-1)in the clock value of all items add θ (├
.), obtain territory R
i (l-1)';
Pass through R
iland R
i (l-1)' obtain territory R
il', R
il' item is respectively: common stack character item is from territory R
i (l-1)'; Ordinary clock item, global variable item are from territory R
il; Entry is all from territory R
i (l-1)';
Stacked territory R
il', be transformed into new state p ';
6) when
time, for
exist in and if only if M
this transition relationship represents, creates new thread and carrys out structural domain R
l'; Suppose TDPN model, dynamic creation newly descends the stack of pushing system to be numbered n+1; Concrete execution step is as follows:
Pop territory R
l, the optimisation technique of equal value of the clock based on key point, can obtain general character item
entry
Item
with
join domain R
l, obtain territory R
l', and stacked, be transformed into new state p '.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510581987.5A CN105183652B (en) | 2015-09-14 | 2015-09-14 | Pushed net under time dynamic the conversion method of network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510581987.5A CN105183652B (en) | 2015-09-14 | 2015-09-14 | Pushed net under time dynamic the conversion method of network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105183652A true CN105183652A (en) | 2015-12-23 |
| CN105183652B CN105183652B (en) | 2018-01-30 |
Family
ID=54905744
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510581987.5A Expired - Fee Related CN105183652B (en) | 2015-09-14 | 2015-09-14 | Pushed net under time dynamic the conversion method of network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105183652B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105786525A (en) * | 2016-03-23 | 2016-07-20 | 鼎点视讯科技有限公司 | Method and device for transplanting code from process model to thread model |
| CN106201881A (en) * | 2016-07-12 | 2016-12-07 | 桂林电子科技大学 | A kind of CSP concurrent system adjustment method based on ASP |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100023798A1 (en) * | 2008-07-25 | 2010-01-28 | Microsoft Corporation | Error recovery and diagnosis for pushdown automata |
| CN102231133A (en) * | 2011-07-05 | 2011-11-02 | 上海交通大学 | Concurrent real-time program verification ptimized processing system and method based on rewrite logic |
| US20130055207A1 (en) * | 2011-08-29 | 2013-02-28 | Microsoft Corporation | Demand-driven analysis of pointers for software program analysis and debugging |
| CN104267936A (en) * | 2014-09-16 | 2015-01-07 | 桂林电子科技大学 | Semantic tree based asynchronous dynamic push-down network reachability analysis method |
-
2015
- 2015-09-14 CN CN201510581987.5A patent/CN105183652B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100023798A1 (en) * | 2008-07-25 | 2010-01-28 | Microsoft Corporation | Error recovery and diagnosis for pushdown automata |
| CN102231133A (en) * | 2011-07-05 | 2011-11-02 | 上海交通大学 | Concurrent real-time program verification ptimized processing system and method based on rewrite logic |
| US20130055207A1 (en) * | 2011-08-29 | 2013-02-28 | Microsoft Corporation | Demand-driven analysis of pointers for software program analysis and debugging |
| CN104267936A (en) * | 2014-09-16 | 2015-01-07 | 桂林电子科技大学 | Semantic tree based asynchronous dynamic push-down network reachability analysis method |
Non-Patent Citations (2)
| Title |
|---|
| 钱俊彦等: ""一种基于时间自动机的域构造方法 "", 《计算机应用研究》 * |
| 钱俊彦等: ""一种基于时间自动机的时钟等价性优化方法"", 《计算机工程》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105786525A (en) * | 2016-03-23 | 2016-07-20 | 鼎点视讯科技有限公司 | Method and device for transplanting code from process model to thread model |
| CN105786525B (en) * | 2016-03-23 | 2019-01-25 | 鼎点视讯科技有限公司 | A kind of process model transplants the method and device of code to threading model |
| CN106201881A (en) * | 2016-07-12 | 2016-12-07 | 桂林电子科技大学 | A kind of CSP concurrent system adjustment method based on ASP |
| CN106201881B (en) * | 2016-07-12 | 2019-02-01 | 桂林电子科技大学 | A kind of CSP concurrent system adjustment method based on ASP |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105183652B (en) | 2018-01-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108376221B (en) | Software system security verification and evaluation method based on AADL (architecture analysis and design language) model extension | |
| Souri et al. | Behavioral modeling and formal verification of a resource discovery approach in Grid computing | |
| CN107783758B (en) | A kind of intelligence contract engineering method | |
| Cavalcante et al. | Statistical model checking of dynamic software architectures | |
| US6567959B2 (en) | Method and device for verification of VLSI designs | |
| Aminof et al. | Verification of asynchronous mobile-robots in partially-known environments | |
| CN106411635A (en) | Formal analysis and verification method for real-time protocol | |
| CN102508766B (en) | Static analysis method of errors during operation of aerospace embedded C language software | |
| CN102929781A (en) | Queue communication concurrency recursive program verification method based on context delimiting | |
| CN105425772A (en) | Fault tree simplified nuclear power plant risk assessment method based on logical equivalence | |
| CN107704235A (en) | The analytic method of data flowchart, system and storage medium in mathematics library | |
| CN104267936B (en) | Based on network analysis method of reachability of being pushed net under the semantic asynchronous dynamical of tree | |
| Abdurazik et al. | Using coupling-based weights for the class integration and test order problem | |
| Ubar et al. | Structural fault collapsing by superposition of BDDs for test generation in digital circuits | |
| CN105183652A (en) | Temporal dynamic push-down network converting method | |
| CN106446341A (en) | Process algebra-based real-time protocol analysis and verification system | |
| CN105426279A (en) | Celluar automata based servo system fault propagation analysis method | |
| CN111709138B (en) | CPS space-time property oriented hybrid AADL modeling and model conversion method | |
| Vörös et al. | Industrial applications of the PetriDotNet modelling and analysis tool | |
| CN112463133A (en) | Coq-based verification method for time sequence safety of robot control system | |
| Saadawi et al. | Verification of real-time DEVS models | |
| Bychko et al. | Automation of anti-race state encoding of asynchronous FSM for robust systems | |
| CN116955151A (en) | EFSM test sequence generation method based on deep learning and ant colony algorithm | |
| Karputkin et al. | Canonical representations of high-level decision diagrams. | |
| Salva et al. | Automatic Ajax application testing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180130 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |