CN105183652A

CN105183652A - Temporal dynamic push-down network converting method

Info

Publication number: CN105183652A
Application number: CN201510581987.5A
Authority: CN
Inventors: 钱俊彦; 徐力; 古天龙; 赵岭忠; 蔡国永
Original assignee: Guilin University of Electronic Technology
Current assignee: Guilin University of Electronic Technology
Priority date: 2015-09-14
Filing date: 2015-09-14
Publication date: 2015-12-23
Anticipated expiration: 2035-09-14
Also published as: CN105183652B

Abstract

The invention discloses a time dynamic push-down network conversion method, which is used to describe real-time concurrent recursive modeling including recursion and dynamic thread creation. Firstly, a global clock that describes continuous time and a real-number clock that can describe the "age" of time-related global variables and stack characters are introduced in DPN, so that asynchronous communication based on shared memory and real-time concurrent system with dynamic thread creation can be implemented. for modeling. Secondly, for the clock equivalence technology based on integer division, an optimization technology based on clock key points is given to reduce the clock interval, thereby reducing the converted state space. Since the time dynamic pushdown network is an abstract model of a real-time concurrent recursive program, the clock equivalent optimization technology based on key points converts the model into a dynamic pushdown network, so that by confirming whether the execution of the dynamic pushdown network model will run to Error status to detect bugs or vulnerabilities in the concurrent recursive program corresponding to this model.

Description

A Transformation Method for Temporal Dynamic Pushdown Networks

技术领域technical field

本发明属于软件安全性和可靠性研究领域，涉及多线程并发递归程序的验证方法，是一种适用于含有时间的多线程并发递归程序抽象模型的可达性求解技术，具体涉及一种时间动态下推网络的转换方法。The invention belongs to the field of software security and reliability research, relates to a verification method for a multi-threaded concurrent recursive program, is a reachability solution technology applicable to an abstract model of a multi-threaded concurrent recursive program containing time, and specifically relates to a time dynamic The transformation method for the pushdown network.

背景技术Background technique

随着多核技术的发展，并发程序已成为当前程序设计研究的热点。由于并发执行存在不确定性，从而导致传统测试方法很难发现程序中隐匿的错误和漏洞。模型检验是一种通过穷尽搜索的自动化验证技术，已成为保证程序安全和可靠的重要手段，可作为测试方法的一种补充。可达性分析通过分析某一状态是否可达，是模型检验的重要核心技术。With the development of multi-core technology, concurrent programs have become a hot spot in current program design research. Due to the uncertainty of concurrent execution, it is difficult for traditional testing methods to find hidden errors and loopholes in programs. Model checking is an automatic verification technology through exhaustive search, which has become an important means to ensure the safety and reliability of programs, and can be used as a supplement to testing methods. Reachability analysis is an important core technology of model checking by analyzing whether a certain state is reachable.

近年来，研究人员基于自动机模型，引入实时时钟，用于描述实时系统建模及其验证。1994年Alur提出时间自动机(R.Alur，D.Dill，Atheoryoftimedautomata[J].TheoreticalComputerScience，126(2)，pp.183-235，1994.)是在自动机的基础上引入描述连续时间的时钟，并给出了时钟等价技术，从而实现模型检验时间自动机(J.Bengtsson，W.Yi，Timedautomata:Semantics，algorithmsandtools[C]，4thAdvancedCourseonPetriNets，Eichstaat.Germany，pp.87-124，2004)。为了解决含有递归的实时系统建模，Trivedi(A.Trivedi，D.Wojtczak，RecursiveTimedAutomata[C]，ATVA2010.LNCS，vol.6252，Springer，Heidelberg，pp.306–324.2010.)提出时间下推自动机，并通过时钟等价技术把时间下推自动机转换为下推自动机，解决最小时间花费的可达性问题。2013年Li(LGqiang，CXjuan，O.Mizuhito，NestedTimedAutomata[R]，Researchreport(SchoolofInformationScience，JapanAdvancedInstituteofScienceandTechnology)，IS-RR-2013-004，pp.1-20，2013)提出了嵌套时间自动机，利用嵌套的思想来解决实时系统中的递归问题。但此类模型无法描述带有动态线程创建的实时并发系统建模。Bouajjani(A.Bouajjani，M.M.Olm，T.Touili.Regularsymbolicanalysisofdynamicnetworksofpushdownsystems[C].Proceedingsofthe16thInternationalConferenceonConcurrencyTheory.LNCS3653，SanFrancisco:CiscoSyst，2005，473-487.)提出一种并发下推系统(B.Bollig，D.Kuske，R.Mennicke，Thecomplexityofmodelcheckingmulti-stacksystems[C]，Proceedingsofthe201328thAnnualACM/IEEESymposiumonLogicinComputerScience，NewOrleans，LA，USA，pp.163-72，2013)的扩展模型——动态下推网络(DPN)，解决并发系统中新线程的动态创建，该模型适用于含有递归且带有动态线程创建的并发系统建模。基于DPN，Lammich(P.Lammich，M.M.Olm，H.Seidl，ContextualLockingforDynamicPushdownNetworks[C].StaticAnalysis.Proceedingsof20thInternationalSymposium，Seattle，WA，USA，pp.47-98，2013.)提出了上下文锁的技术，解决进程递归之间同步问题，并进行了逆向可达分析。Wenner(A.Wenner，Weighteddynamicpushdownnetworks[C]，19thEuropeansymposiumonprogramming，Paphos，Cyprus，pp.590-609，2010.)在DPN中引入权值，用来求解最短路径的可达性。In recent years, researchers have introduced real-time clocks based on automata models to describe real-time system modeling and verification. In 1994, Alur proposed time automata (R.Alur, D.Dill, Atheory of timed automata [J]. TheoreticalComputerScience, 126(2), pp.183-235, 1994.) is based on automata and introduces a clock describing continuous time. , and the clock equivalent technology is given to realize the model checking time automaton (J.Bengtsson, W.Yi, Timedautomata: Semantics, algorithms and tools [C], 4thAdvancedCourseonPetriNets, Eichstaat.Germany, pp.87-124, 2004). In order to solve the modeling of real-time systems containing recursion, Trivedi (A.Trivedi, D.Wojtczak, RecursiveTimedAutomata[C], ATVA2010.LNCS, vol.6252, Springer, Heidelberg, pp.306–324.2010.) proposed a timed pushdown automata , and convert the time push-down automaton into push-down automaton through the clock equivalence technique to solve the accessibility problem of minimum time cost. In 2013, Li (LGqiang, CXjuan, O.Mizuhito, NestedTimedAutomata[R], Research report (School of Information Science, Japan Advanced Institute of Science and Technology), IS-RR-2013-004, pp.1-20, 2013) proposed a nested timed automata, using nested Set of ideas to solve recursive problems in real-time systems. But such models cannot describe the modeling of real-time concurrent systems with dynamic thread creation. Bouajjani (A.Bouajjani, M.M.Olm, T.Touili.Regularsymbolicanalysisofdynamicnetworksofpushdownsystems[C].Proceedingsofthe16thInternationalConferenceonConcurrencyTheory.LNCS3653, SanFrancisco: CiscoSyst, 2005, 473-487.) proposed a concurrent pushdown system, R.Bouskellig .Mennicke, The complexity of model checking multi-stack systems [C], Proceedings of the 2013 28th Annual ACM/IEEE Symposium on Logic in Computer Science, New Orleans, LA, USA, pp.163-72, 2013) extended model - dynamic pushdown network (DPN), to solve the dynamic creation of new threads in concurrent systems , which is suitable for modeling concurrent systems with recursion and dynamic thread creation. Based on DPN, Lammich (P.Lammich, M.M.Olm, H.Seidl, ContextualLockingforDynamicPushdownNetworks[C].StaticAnalysis.Proceedingsof20thInternationalSymposium, Seattle, WA, USA, pp.47-98, 2013.) proposed a context lock technology to solve process recursion The synchronization problem between them, and a reverse reachability analysis was carried out. Wenner (A.Wenner, Weighteddynamicpushdownnetworks[C], 19thEuropeansymposiumonprogramming, Paphos, Cyprus, pp.590-609, 2010.) introduces weights in DPN to solve the accessibility of the shortest path.

由于上述模型无法描述实时多线程并发递归系统中线程间交互的情况，对于实时多线程并发递归程序而言，形式化验证此类程序将产生状态空间爆炸问题，给验证带来了极大困难。Since the above model cannot describe the interaction between threads in a real-time multi-threaded concurrent recursive system, for real-time multi-threaded concurrent recursive programs, the formal verification of such programs will cause the state space explosion problem, which brings great difficulties to the verification.

发明内容Contents of the invention

本发明所要解决的技术问题是提供一种时间动态下推网络的转换方法，其时间动态下推网络为一种实时并发递归程序的抽象模型，基于关键点的时钟等价优化技术把该模型转换为动态下推网络，这样通过确认动态下推网络模型的执行是否会运行到错误状态，从而检测出此模型即所对应并发递归程序中的错误或漏洞。The technical problem to be solved by the present invention is to provide a conversion method of a time dynamic push-down network. The time dynamic push-down network is an abstract model of a real-time concurrent recursive program, and the model is converted based on the clock equivalent optimization technology of key points For the dynamic push-down network, by confirming whether the execution of the dynamic push-down network model will run into an error state, the error or vulnerability in the corresponding concurrent recursive program of this model is detected.

为解决上述问题，本发明是通过以下技术方案实现的：In order to solve the above problems, the present invention is achieved through the following technical solutions:

时间动态下推网络的转换方法，包括如下步骤：The conversion method of time dynamic push-down network includes the following steps:

步骤(1)把所述的实时并发递归程序转换为一个时间动态下推网络。Step (1) converts the real-time concurrent recursive program into a time dynamic push-down network.

步骤(1.1)构造实时并发递归程序的抽象模型即时间动态下推网络。Step (1.1) Construct the abstract model of real-time concurrent recursive program, that is, the temporal dynamic pushdown network.

所构造的时间动态下推网络是一个四元组T＝(P，Γ，Δ，X)，其中：P是状态集；Γ是栈字符集；Δ＝Δ_nop∪Δ_＝∪Δ_├∪Δ_push∪Δ_pop∪Δ_dc是迁移规则集合，其中Δ_nop表示空操作迁移，Δ_＝表示时钟赋值迁移，Δ_├表示时间流逝迁移，Δ_push表示入栈迁移，Δ_pop表示出栈迁移，Δ_dc表示动态线程创建迁移；X表示时钟集，其取值函数表示对于在当前取值为θ(x)，与时间相关的全局变量和栈字符“年龄”取值亦与之类似。The constructed temporal dynamic push-down network is a quadruple T=(P, Γ, Δ, X), where: P is the state set; Γ is the stack character set; Δ=Δ _nop ∪Δ _＝ ∪Δ _├ ∪Δ _push ∪Δ _pop ∪Δ _dc is a set of migration rules, where Δ _nop means no-operation migration, Δ ₌ means clock assignment migration, Δ _├ means time lapse migration, Δ _push means stack migration, Δ _pop means stack migration, Δ _dc Represents dynamic thread creation migration; X represents the clock set, and its value function express for When the current value is θ(x), the value of the time-related global variable and the stack character "age" is also similar.

所构造时间动态下推网络格局表示所述模型在某一时刻的状态，其中：表示当前全局变量g和其“年龄”θ(g)的二元组<g,θ(g)>；p_i∈P表示局部状态节点，表示栈序列为i的栈内容ω_i和其“年龄”θ(ω_i)的二元组<ω_i,θ(ω_i)>；表示时钟x和其取值θ(x)的二元组<x,θ(x)>。The constructed temporal dynamic push-down network pattern Indicates the state of the model at a certain moment, where: A binary group <g,θ(g)> representing the current global variable g and its "age"θ(g); p _i ∈ P represents a local state node, A binary group <ω _i ,θ(ω _i )> representing the stack content ω _i with the stack sequence i and its "age" θ(ω _i ); Represents the binary group <x,θ(x)> of the clock x and its value θ(x).

步骤(1.2)将所构造的时间动态下推网络用操作语义进行描述。Step (1.2) describes the constructed temporal dynamic pushdown network with operational semantics.

时间动态下推网络作为实时多线程程序的模型，用于描述多个下推系统同时产生迁移，其迁移关系Δ＝Δ_nop∪Δ_＝∪Δ_├∪Δ_push∪Δ_pop∪Δ_dc下面根据不同的迁移动作给出其执行含义；As a model of real-time multi-threaded programs, the temporal dynamic _pushdown network _is used to describe the _migration of _multiple _pushdown _systems at the same time. The migration action gives its execution meaning;

1)Δ＝Δ_nop时，op＝nop，表示格局内元素未发生变化；1) When Δ=Δ _nop , op=nop, Indicates that the elements in the pattern have not changed;

2)Δ＝Δ_＝时，op＝x←I，c∈I；表示给时钟x指定I范围内的任意值v，其它格局内元素未发生变化；2) When Δ=Δ ₌ , op=x←I, c∈I; means assign any value v within the range of I to the clock x, and the elements in other patterns do not change;

3)Δ＝Δ_├时，op＝Time←c，假设那么 ${\overset{&OverBar;}{ω}}^{+ v} = < a_{1}, x_{1} + v > < a_{2}, x_{2} + v > ... < a_{n}, x_{n} + v >, {\overset{&OverBar;}{x}}^{'} = {\overset{&OverBar;}{x}}^{+ v};$ 表示格局内所有时钟增加v，格局内非时钟内容未发生变化；3) When Δ=Δ _├ , op=Time←c, suppose So ${\overset{&OverBar;}{ω}}^{+ v} = < a_{1}, x_{1} + v > < a_{2}, x_{2} + v > ... < a_{no}, x_{no} + v >, {\overset{&OverBar;}{x}}^{'} = {\overset{&OverBar;}{x}}^{+ v};$ Indicates that all clocks in the pattern increase v, and the non-clock content in the pattern does not change;

4)Δ＝Δ_push时，op＝push(a,I)，v∈I，表示将变量a压入栈顶，并设定相应时钟为x，其时钟值为I范围内的任意值；4) When Δ=Δ _push , op=push(a, I), v ∈ I, Indicates that variable a is pushed into the top of the stack, and the corresponding clock is set as x, and its clock value is any value within the range of I;

5)Δ＝Δ_pop时，op＝pop(a,I)，v∈I，表示将栈顶内时钟值为I范围的变量a弹出；5) When Δ=Δ _pop , op=pop(a,I), v ∈ I, Represent that the variable a whose clock value in the top of the stack is 1 range is popped up;

6)Δ＝Δ_dc时，op＝dc,表示创建新线程栈内容。6) When Δ=Δ _dc , op=dc, Indicates the creation of a new thread stack content.

步骤(2)将步骤(1)所获得的时间动态下推网络T＝(P,Γ,Δ,X)，通过下述转换方法转换为动态下推网络M＝(P^M,Γ^M,Δ^M)；Step (2) Convert the temporal dynamic push-down network T=(P,Γ,Δ,X) obtained in step (1) into a dynamic push-down network M=(P ^M ,Γ ^M ,Δ ^M );

步骤(2.1)状态P^M的转换：即T的状态集与M的状态集相同。Step (2.1) transition of state P ^M : That is, the state set of T is the same as the state set of M.

步骤(2.2)栈字符集的转换：若a∈{Γ,├},则且 Step (2.2) stack character set Transformation: If a∈{Γ,├}, then and

步骤(2.3)迁移关系Δ到Δ^M的转换规则。Step (2.3) is the conversion rule of migration relation Δ to ^ΔM .

假设当前含有n个栈的TDPN，为了描述方便，仅描述序列为i的下推系统执行压栈和出栈操作，其它栈操作与之类似。设该下推系统的栈深度为l，且栈底编号为1，栈顶编号为l。该TDPN含有全局变量g，时钟变量x，栈内容ω＝{ω₁…ω_i…ω_n}，其中ω_i表示i号下推系统的栈内容，用ω_il|Γ表示ω_i投影在Γ的栈顶字符。各表示其“年龄”和取值在时钟等价下的关键点。从而可知对应在M的当前时钟等价域其中表示域R_l记录栈顶字符，├表示域R_l的参考时钟字符，├^·表示域R_l对应的时间流逝字符。Assuming that the current TDPN contains n stacks, for the convenience of description, only the push-down system with sequence i is described to perform stack push and pop operations, and other stack operations are similar. Assume that the stack depth of the push-down system is l, and the number of the bottom of the stack is 1, and the number of the top of the stack is l. The TDPN contains the global variable g, the clock variable x, and the stack content ω={ω ₁ …ω _i …ω _n }, where ω _i represents the stack content of the push-down system of number i, and ω _i is projected on Γ by ω _il| Γ The top character of the stack. Each represents a keypoint whose "age" and value are under clock equivalence. Thus it can be known that the equivalent domain corresponding to the current clock in M in Indicates the character at the top of the record stack in domain R _l , ├ indicates the reference clock character in domain R _l , and ├ ^· indicates the time lapse character corresponding to domain R _l .

TDPN格局φ＝(γ,op,γ′)∈Δ表示T的格局迁移，对应M的格局迁移可表示为其中p和p′与T中状态相同，分别表示格局迁移前后的状态；R_l＝{R_1l…R_il…R_nl}表示栈顶域，其中R_il表示i号下推系统的栈顶域，R_l和R_l′分别表示格局迁移前后的栈顶域；动作迁移集op′对应于T的op，下面主要描述根据不同的op构造R_l′：TDPN pattern φ=(γ, op, γ′) ∈ Δ represents the pattern migration of T, and the corresponding pattern migration of M can be expressed as Among them, p and p′ are the same as the state in T, and respectively represent the state before and after the pattern migration; R _l = {R _1l ... R _il ... R _nl } represents the stack top domain, where R _il represents the stack top domain of the number i push-down system , R _l and R _l ′ represent the stack top domains before and after pattern migration respectively; the action migration set op′ corresponds to the op of T, and the following mainly describes the construction of R _l ′ according to different ops:

1)当op＝nop时，对于当且仅当M中存在在T中空操作只改变了状态，所以在M中格局迁移也只改变状态，域R_l保持不变。1) When op=nop, for If and only if there exists in M In T, the empty operation only changes the state, so in M, the pattern migration only changes the state, and the domain R _l remains unchanged.

2)当op＝(x←I)时，对于当且仅当M中存在该迁移关系表示对DPN域R_l中时钟为x的项执行操作，其中θ(x)′∈I，来构造域R_l′。具体执行过程如下：2) When op=(x←I), for If and only if there exists in M This transition relation represents the execution of the item whose clock is x in the DPN domain R _l operation, where θ(x)′∈I, to construct the domain R _l ′. The specific implementation process is as follows:

●域R_l出栈，获得R_l里的项重置θ(x)为θ(x)′，形成新项 Pop the field R _l out of the stack and get the items in R _l Reset θ(x) to θ(x)′, forming a new term

●项代替域R_l中的项获得域R_l′，并入栈，转换到新的状态p′。● item instead of terms in the field R _l Obtain the field R _l ′, put it into the stack, and switch to the new state p′.

3)当op＝(Time←v)时，对于当且仅当M中存在该迁移关系表示域R_l中除了参考时钟项(├，0)，其余所有项的时钟值加上时间流逝v，来构造域R_l ⁺。具体执行步骤为：3) When op=(Time←v), for If and only if there exists in M This transition relation means that except the reference clock item (├, 0) in the domain R _l , the clock values of all other items plus the time elapsed v are used to construct the domain R _l ⁺ . The specific execution steps are:

●域R_l出栈，除了参考时钟，全部加上时间流逝v，表示对应于g、ω_il、x的新普通项，各表示相应的新记录项，表示参考时钟记录项；The field R _l is popped out of the stack, except for the reference clock, all add the time elapsed v, Denotes a new general term corresponding to g, ω _il , x, Each represents the corresponding new entry, Indicates the reference clock entry;

●新项代替原来项，得到域R_l ⁺，并入栈，转换到新的状态p′。●The new item replaces the original item, obtains the field R _l ⁺ , puts it into the stack, and transitions to the new state p′.

4)当op＝push(a,I)时，对于当且仅当M存在该迁移关系表示，对i号下推系统进行入栈操作，将字符为a，值为的项入栈域R_il，来构造域R_i(l+1)。具体过程如下：4) When op=push(a, I), for if and only if M exists The migration relationship indicates that the push-down system for number i is pushed into the stack, and the character is a, and the value is Items of the stack field R _il are used to construct the field R _i(l+1) . The specific process is as follows:

●从R_il获得项和 ● Get items from R _il and

●分别代替获得域R_i(l+1)，并入栈，转换到新的状态p′。● replace respectively Obtain the field R _i(l+1) and put it on the stack, and switch to the new state p′.

5)当op＝pop(a,I)时，对于当且仅当M存在该迁移关系表示，出栈域R_il中栈字符为a，且θ(a)∈I的项，来构造域R_il′。具体步骤描述如下：5) When op=pop(a, I), for if and only if M exists The transition relation indicates that the field R _il ′ is constructed by popping the stack character a in the stack domain R _il and the item θ(a)∈I. The specific steps are described as follows:

●出栈域R_il和域R_i(l-1)，获得域R_il里的项 ● Pop domain R _il and domain R _i(l-1) to get items in domain R _il

●域R_(l-1)中所有项的时钟值加上θ(├^·)，获得域R_i(l-1)′；The clock value of all items in the domain R _(l-1) is added to θ(├ ^· ) to obtain the domain R _i(l-1) ';

●通过R_il和R_i(l-1)′获得域R_il′，R_il′项分别为：普通栈字符项来自域R_i(l-1)′；普通时钟项、全局变量项来自域R_il；记录项全部来自域R_i(l-1)′；● Obtain the field R _il ′ through R _il and R _i(l-1) ′, and the items of R _il ′ are: common stack character items come from field R _i(l-1) ′; common clock items and global variable items come from field R _il ; the record items all come from the field R _i(l-1) ′;

●入栈域R_il′，转换到新的状态p′。● Push the domain R _il ' into the stack, and switch to the new state p'.

6)当时，对于当且仅当M中存在该迁移关系表示，创建新线程来构造域R_l′。假设TDPN模型，动态创建新下推系统的栈编号为n+1。具体执行步骤如下：6) When when, for If and only if there exists in M This migration relation means that a new thread is created to construct domain R _l '. Assuming the TDPN model, the stack number for dynamically creating a new push-down system is n+1. The specific execution steps are as follows:

●出栈域R_l，基于关键点的时钟等价优化技术，可得普通字符项记录项 ● Popping domain R _l , based on the clock equivalence optimization technology of key points, ordinary character items can be obtained entry

●把项和加入域R_l，得到域R_l′，并入栈，转换到新的状态p′。●Put item and Add field R _l to get field R _l ′, put it on the stack, and switch to new state p′.

本发明研究基于时间动态下推网络(TimeDynamicPushdownNetworks，TDPN)，用于描述含有递归、动态线程创建的实时并发递归建模。首先在DPN中引入描述连续时间的全局时钟，以及能描述与时间相关全局变量和栈字符“年龄”的实数时钟，从而可对基于共享内存进行异步通信，且带有动态线程创建的实时并发系统进行建模。其次对基于整数划分的时钟等价技术，给出一种基于时钟关键点的优化技术，缩减时钟区间，从而缩减转换后的状态空间。为了进一步缩减状态空间，采用仅关注栈顶的动态转换方法，将连续模型TDPN转换成相应DPN，同时给出相应的转换算法。然后证明其转换的正确性及TDPN可达一致性，从而可利用现有的DPN可达技术解决TDPN的可达性问题。The research of the present invention is based on Time Dynamic Pushdown Networks (TimeDynamicPushdownNetworks, TDPN), which is used to describe real-time concurrent recursive modeling with recursion and dynamic thread creation. Firstly, a global clock that describes continuous time and a real-number clock that can describe the "age" of time-related global variables and stack characters are introduced in DPN, so that asynchronous communication based on shared memory and real-time concurrent system with dynamic thread creation can be implemented. for modeling. Secondly, for the clock equivalence technology based on integer division, an optimization technology based on clock key points is given to reduce the clock interval, thereby reducing the converted state space. In order to further reduce the state space, the continuous model TDPN is converted into the corresponding DPN by using the dynamic conversion method that only focuses on the top of the stack, and the corresponding conversion algorithm is given at the same time. Then prove the correctness of its conversion and the consistency of TDPN reachability, so that the existing DPN reachability technology can be used to solve the TDPN reachability problem.

附图说明Description of drawings

图1为x_i，x_j时钟等价区间。Figure 1 shows the equivalence interval of x _i and x _j clocks.

具体实施方式Detailed ways

本发明提出一种针对时间动态下推网络模型的可达性分析方法，针对时间动态下推网络模型，采用基于关键点的时钟等价优化技术，动态地将连续的时间动态下推网络模型转换为离散的动态下推网络模型，从而对时间动态下推网络模型的可达问题进行求解的一种自动化方法。The present invention proposes an accessibility analysis method for the time dynamic push-down network model. For the time dynamic push-down network model, the clock equivalence optimization technology based on key points is adopted to dynamically convert the continuous time dynamic push-down network model It is an automatic method for solving the reachability problem of the time dynamic pushdown network model for a discrete dynamic pushdown network model.

一、构造TDPN模型阶段：TDPN模型为DPN模型的一种扩展，基本思想为在DPN中引入了描述连续时间的实时时钟，用来描述带动态线程创建的实时并发递归程序。1. The stage of constructing TDPN model: TDPN model is an extension of DPN model. The basic idea is to introduce a real-time clock describing continuous time into DPN, which is used to describe real-time concurrent recursive programs with dynamic thread creation.

通过TMPDN的语法和语义出发，将实时并发程序转换为TMPDN的转换方法分为栈内迁移转换、栈间切换转换和并发执行转换三类。Based on the syntax and semantics of TMPDN, the conversion methods for converting real-time concurrent programs into TMPDN are divided into three categories: intra-stack migration conversion, inter-stack switching conversion and concurrent execution conversion.

1、构建并发程序抽象模型——时间动态下推网络1. Constructing an abstract model of concurrent programs - time dynamic push-down network

TDPN模型为一个四元组T＝(P，Γ，Δ，X)，其中：P是状态集；Γ是栈字符集；Δ＝Δ_nop∪Δ_＝∪Δ_├∪Δ_push∪Δ_pop∪Δ_dc是迁移规则集合，其中Δ_nop表示空操作迁移，Δ_＝表示时钟赋值迁移，Δ_├表示时间流逝迁移，Δ_push表示入栈迁移，Δ_pop表示出栈迁移，Δ_dc表示动态线程创建迁移；X表示时钟集，其取值函数表示对于在当前取值为θ(x)，与时间相关的全局变量和栈字符“年龄”取值亦与之类似。The TDPN model is a quaternion T=(P, Γ, Δ, X), where: P is the state set; Γ is the stack character set; Δ=Δ _nop ∪Δ ₌ ∪Δ _├ ∪Δ _push ∪Δ _pop ∪Δ _dc is a set of migration rules, wherein Δ _nop represents no-operation migration, Δ ₌ represents clock assignment migration, Δ _├ represents time lapse migration, Δ _push represents stack migration, Δ _pop represents stack migration, and Δ _dc represents dynamic thread creation migration; X represents the clock set, and its value function express for When the current value is θ(x), the value of the time-related global variable and the stack character "age" is also similar.

当TDPN模型迁移时，多个下推系统并发执行，即同一时刻有多个栈进行迁移。假定G为全局变量集，TDPN格局可表示为：其中：表示当前全局变量g和其“年龄”θ(g)的二元组<g,θ(g)>；p_i∈P表示局部状态节点，表示栈序列为i的栈内容ω_i和其“年龄”θ(ω_i)的二元组<ω_i,θ(ω_i)>；表示时钟x和其取值θ(x)的二元组<x,θ(x)>。TDPN的迁移动作集op包含空操作nop；时钟重置x←I，其中x∈X，I表示时钟取值范围；时间流逝Time←v，其中Time表示流逝的时间，v表示具体流逝的实数值，在没有歧义情况下本发明用θ+v表示时钟值增加v；入栈操作push(a,I)，表示入栈字符a，并且对其年龄赋值属于区间I的实数；出栈操作pop(a,I)，先判断栈符a的“年龄”是否满足区间I，如果满足则进行出栈操作，否则不执行操作；动态线程创建操作表示动态创建一个新线程。When the TDPN model is migrated, multiple pushdown systems are executed concurrently, that is, multiple stacks are migrated at the same time. Assuming that G is a global variable set, the TDPN structure can be expressed as: in: A binary group <g,θ(g)> representing the current global variable g and its "age"θ(g); p _i ∈ P represents a local state node, A binary group <ω _i ,θ(ω _i )> representing the stack content ω _i with the stack sequence i and its "age" θ(ω _i ); Represents the binary group <x,θ(x)> of the clock x and its value θ(x). The migration action set op of TDPN includes the empty operation nop; clock reset x←I, where x∈X, I represents the value range of the clock; time lapse Time←v, where Time represents the elapsed time, and v represents the real value of the specific elapse , the present invention uses θ+v to represent that the clock value increases v without ambiguity; push operation push (a, I) into the stack, represent the character a that pushes into the stack, and its age assignment belongs to the real number of interval I; the stack operation pop( a, I), first judge whether the "age" of the stack symbol a satisfies the interval I, if it is satisfied, perform the stack operation, otherwise do not perform the operation; dynamic thread creation operation Indicates that a new thread is dynamically created.

2、TDPN的操作语义2. Operational Semantics of TDPN

为了描述方便，当格局迁移时，只描述一个下推系统的迁移执行，其余下推系统不变，多个下推系统并发执行的情况亦与之类似，TDPN格局迁移关系的操作语义定义如下：For the convenience of description, when the layout is migrated, only the migration execution of one pushdown system is described, and the rest of the pushdown systems remain unchanged. The concurrent execution of multiple pushdown systems is also similar. The operational semantics of the TDPN layout migration relationship are defined as follows:

二、转换方法设计阶段：为了分析TDPN的可达性，需对其进行抽象，缩减其状态空间，本发明基于关键点的时钟等价优化技术，使用on-the-fly的思想，仅关心栈顶的转换，动态地将连续模型抽象转换成离散DPN模型，然后使用现有DPN可达分析技术，从而解决TDPN的可达性问题。2. Conversion method design stage: In order to analyze the accessibility of TDPN, it is necessary to abstract it and reduce its state space. The present invention is based on the clock equivalent optimization technology of key points, uses the idea of on-the-fly, and only cares about the stack The conversion of the top dynamically abstracts the continuous model into a discrete DPN model, and then uses the existing DPN reachability analysis technology to solve the reachability problem of TDPN.

为了缩减转换后的状态空间，首先缩减时间区域的划分，基于关键点的时钟等价优化技术与整数划分区域相比，可让转换后的状态空间指数缩减。其次基于该技术，把TDPN模型中与连续时间相关变量--全局变量及其“年龄”、栈字符及其“年龄”、时钟变量及其取值，转换为DPN模型中描述DPN的栈内容的域。In order to reduce the transformed state space, the division of the time region is firstly reduced. Compared with the integer division region, the clock equivalence optimization technology based on key points can reduce the transformed state space exponentially. Secondly, based on this technology, the variables related to continuous time in the TDPN model--global variables and their "ages", stack characters and their "ages", clock variables and their values, are converted into DPN models that describe the stack content of DPN area.

利用时钟等价技术将连续时间转换为离散时间，利用动态转换的思想对格局迁移逐条转换，直至所有格局计算完毕。Use clock equivalent technology to convert continuous time to discrete time, and use the idea of dynamic conversion to convert pattern migration one by one until all pattern calculations are completed.

1、基于关键点时钟优化技术1. Clock optimization technology based on key points

为了描述转换成DPN系统的格局，引入域R的概念，域R是由一组项r组成，而项r是由字符集合Z和关键点集合key组成。In order to describe the pattern converted into a DPN system, the concept of domain R is introduced. Domain R is composed of a set of items r, and item r is composed of character set Z and key point set key.

字符集Z包含普通字符集Y和记录字符集Y^·，描述为Z＝Y∪Y^·。其中普通字符集Y包括：(1)时钟集X；(2)栈字符Γ；(3)全局变量集G；(4)参考时钟字符├，用来记录时间流逝，除非进行出栈操作，不然始终为0，故普通字符集Y可描述为Y＝X∪Γ∪G∪{├}。记录字符集Y^·表示普通字符Y的时间流逝，设X^·＝{x^·|x∈X}表示记录全局时钟；Γ^·＝{a^·|a∈Γ}表示记录栈字符；G^·＝{g^·|g∈G}表示记录全局变量；{├^·}表示记录参考时钟字符集，主要来记录时间流逝，以便出栈操作时更新时间，故记录字符集描述为Y^·＝X^·∪Γ^·∪G^·∪{├^·}。Character set Z includes common character set Y and record character set Y ^· , described as Z=Y∪Y ^· . The common character set Y includes: (1) clock set X; (2) stack character Γ; (3) global variable set G; (4) reference clock character ├, which is used to record the passage of time, unless the stack operation is performed, otherwise It is always 0, so the common character set Y can be described as Y=X∪Γ∪G∪{├}. Record character set Y represents the time lapse ^of ordinary character Y ^, let X ＝{x ＝ |x∈X} represent ^the record global clock; Γ ＝{a ^· | ^a∈Γ } represents ^the record stack character; G ＝{ g | ^g∈G } means to record global variables; {├ ^} means to record the reference clock character set, which is mainly used to record the passage of time so that the time can be updated ^when popping the stack, so the record character set is described as Y ＝X ^∪Γ ^· ∪G ^· ∪{├ ^· }.

对于任意与时间相关的字符集，其时间迁移是由一些关键点所确定的，且有最大值，故可对任一字符，可各自定义与时间相关的最大值常量k_Max，所有大于k_Max都用符号∞来表示。对任意字符z_i∈Z，根据时间转换的迁移，可找到决定迁移的时间关键点，故字符z_i的时间关键点集key_i＝{0，k_i1，…，k_il，…，k_im，k_iMax，∞}，其中1<l<m，1<i≤|Z|。根据上述字符集和关键点集，可得域 $R = r_{1} ... r_{n} &Element; {(2^{Σ_{i = 1}^{| Z |} z_{i} \times {key}_{i}})}^{+} .$ For any time-related character set, its time migration is determined by some key points, and has a maximum value, so for any character, you can define a time-related maximum constant k _Max , all greater than k _Max are represented by the symbol ∞. For any character z _i ∈ Z, according to the migration of time conversion, the time key point that determines the migration can be found, so the time key point set key _{i of character z i} ₌ {0, k _i1 ,..., k _il ,..., k _im , k _iMax , ∞}, where 1<l<m, 1<i≤|Z|. According to the above character set and key point set, the domain can be obtained $R = r_{1} ... r_{no} &Element; {(2^{Σ_{i = 1}^{| Z |} z_{i} \times {key}_{i}})}^{+} .$

时钟等价优化技术就是把连续时钟值离散化，即实数时钟值划分为两个部分：(1)关键点部分表示对实数值x向下取关键点；(2)剩余部分 The clock equivalent optimization technique is to discretize the continuous clock value, that is, the real clock value Divided into two parts: (1) key point part Indicates that the key points are taken downward for the real value x; (2) the remaining part

假设x∈X为TDPN中的任意时钟元素，用θ(x)表示时钟x的实数值，表示对时钟x进行域等价，取关键点部分。假设对于任意两个时钟x_i，x_j∈X，当满足如下规则的时钟值，则为等价时钟：Suppose x ∈ X is any clock element in TDPN, denote the real value of clock x by θ(x), Indicates that the domain equivalence is performed on the clock x, and the key point part is taken. Assume that for any two clocks x _i , x _j ∈ X, when the clock value satisfies the following rules, it is an equivalent clock:

(1)θ(x_i)>k_iMax当且仅当即x_i的时钟值大于最大值，x_i取无穷大∞。(1) θ( _xi )>k _iMax if and only if That is, the clock value of _xi is greater than the maximum value, and _xi takes infinity ∞.

(2)k_il≤θ(x_i)<k_i(l+1)当且仅当即x_i的时钟值小于关键点k_i(l+1)且大于等于k_il时，x_i取关键点k_il。(2)k _il ≤θ(x _i )<k _i(l+1) if and only if That is, when the clock value of x _i is less than the key point k _i(l+1) and greater than or equal to k _il , x _i takes the key point k _il .

(3)假定当且仅当re(θ(x_i)<re(θ(x_j))，即x_i取关键点k_il，x_j取关键点k_jl，当x_i的时钟值与关键点k_il的差值小于x_j的时钟值与关键点k_jl的差值时，记作re(x_i)<re(x_j)。(3) assume If and only if re(θ( _xi )<re(θ(x _j )), that is, x _i takes the key point k _il , x _j takes the key point k _jl , when the clock value of _xi and the key point k _il When the difference is smaller than the difference between the clock value of x _j and the key point k _jl , it is recorded as re( _xi )<re(x _j ).

假设对于任意两个时钟x_i，x_j∈X和key＝{key₁，…，key_n}，基于时钟关键点的时钟域等价规则。譬如(0≤θ(x_i)<k_i1，0≤θ(x_j)<k_j1)区域，且re(θ(x_i))>re(θ(x_j))；在(k_i1≤θ(x_i)<k_i2，k_j1≤θ(x_j)<k_j2)区域，且re(θ(x_i))<re(θ(x_j))，则区间内的时钟值为等价时钟，如图1所示的阴影部分。Assuming that for any two clocks _xi , x _j ∈X and key={key ₁ , . . . , key _n }, clock domain equivalence rules based on clock key points. For example (0≤θ(x _i )<k _i1 , 0≤θ(x _j )<k _j1 ) area, And re(θ(x _i ))>re(θ(x _j )); in (k _i1 ≤θ(x _i )<k _i2 , k _j1 ≤θ(x _j )<k _j2 ) area, And re(θ( _xi ))<re(θ(x _j )), then the clock values in the interval are equivalent clocks, as shown in the shaded part in Figure 1.

2、构造转换规则2. Construct conversion rules

为了进一步缩减状态空间，采用on-the-fly技术和用动态转换思想，仅关注栈顶及下一层的域转换，而无需关心栈其它部分，然后根据不同迁移，给出不同转换规则，从而可将复杂的TDPN可达问题转换为DPN可达问题。In order to further reduce the state space, adopt the on-the-fly technology and use the idea of dynamic conversion, only focus on the domain conversion of the top of the stack and the next layer, without caring about other parts of the stack, and then give different conversion rules according to different migrations, so that The complex TDPN reachability problem can be transformed into a DPN reachability problem.

假设给定一个TDPNT＝(P，Γ，Δ，X)，将T动态转换为DPNM＝(P^M，Γ^M，Δ^M)，对P^M，Γ^M，Δ^M进行动态转换规则如下：Assuming a given TDPNT=(P, Γ, Δ, X), dynamically convert T to DPNM=(P ^M , Γ ^M , Δ ^M ), the dynamic conversion rules for ^PM , Γ ^M , Δ ^M are as follows:

(Ⅰ)状态集P^M：即P^M＝P。(I) State set P ^M : That is, P ^M =P.

(Ⅱ)栈字符集若a∈{Γ，├}，则且 (Ⅱ) Stack character set If a ∈ {Γ, ├}, then and

(Ⅲ)迁移关系Δ^M的构造：(Ⅲ) Construction of migration relationship Δ ^M :

(1)当op＝nop时，对于当且仅当M中存在在T中空操作只改变了状态，所以在M中格局迁移也只改变状态，域R_l保持不变。(1) When op=nop, for If and only if there exists in M In T, the empty operation only changes the state, so in M, the pattern migration only changes the state, and the domain R _l remains unchanged.

(2)当op＝(x←I)时，对于当且仅当M中存在该迁移关系表示对DPN域R_l中时钟为x的项执行操作，其中θ(x)′∈I，来构造域R_l′。具体执行过程如下：(2) When op=(x←I), for If and only if there exists in M This transition relation represents the execution of the item whose clock is x in the DPN domain R _l operation, where θ(x)′∈I, to construct the domain R _l ′. The specific implementation process is as follows:

(3)当op＝(Time←v)时，对于当且仅当M中存在该迁移关系表示域R_l中除了参考时钟项(├，0)，其余所有项的时钟值加上时间流逝v，来构造域R_l ⁺。具体执行步骤为：(3) When op=(Time←v), for If and only if there exists in M This transition relation means that except the reference clock item (├, 0) in the domain R _l , the clock values of all other items plus the time elapsed v are used to construct the domain R _l ⁺ . The specific execution steps are:

(4)当op＝push(a,I)时，对于当且仅当M存在该迁移关系表示，对i号下推系统进行入栈操作，将字符为a，值为的项入栈域R_il，来构造域R_i(l+1)。具体过程如下：(4) When op=push(a,I), for if and only if M exists The migration relationship indicates that the push-down system for number i is pushed into the stack, and the character is a, and the value is Items of the stack field R _il are used to construct the field R _i(l+1) . The specific process is as follows:

●从R_il获得项和 ● Get items from R _il and

(5)当op＝pop(a,I)时，对于当且仅当M存在该迁移关系表示，出栈域R_il中栈字符为a，且θ(a)∈I的项，来构造域R_il′。具体步骤描述如下：(5) When op=pop(a,I), for if and only if M exists The transition relation indicates that the field R _il ′ is constructed by popping the stack character a in the stack domain R _il and the item θ(a)∈I. The specific steps are described as follows:

(6)当时，对于当且仅当M中存在该迁移关系表示，创建新线程来构造域R_l′。假设TDPN模型，动态创建新下推系统的栈编号为n+1。具体执行步骤如下：(6) when when, for If and only if there exists in M This migration relation means that a new thread is created to construct domain R _l '. Assuming the TDPN model, the stack number for dynamically creating a new push-down system is n+1. The specific execution steps are as follows:

三、在算法设计阶段：基于时钟等价优化和动态转换思想，提出一种针对TDPNT＝(P，Γ，Δ，X)转换为DPNM＝(P^M，Γ^M，Δ^M)的算法，该算法针对T的迁移关系Δ，通过转换规则，穷尽地计算M对应的迁移关系Δ^M。3. In the algorithm design stage: Based on the idea of clock equivalent optimization and dynamic conversion, an algorithm for converting TDPNT=(P, Γ, Δ, X) to DPNM=(P ^M , Γ ^M , Δ ^M ) is proposed, which Based on the migration relationship Δ of T, the algorithm exhaustively calculates the migration relationship Δ ^M corresponding to M through conversion rules.

基于时钟等价优化和动态转换思想，提出针对TDPNT＝(P，Γ，Δ，X)转换为DPNM＝(P^M，Γ^M，Δ^M)的算法，该算法针对T的迁移关系Δ，通过上节的转换规则，穷尽地计算在M对应的迁移关系Δ^M。算法的输入是连续的TDPNT，输出是离散的DPNM。假设TDPN的初始格局为每个栈内容初始都为空，对应构造M初始域R_init。Based on the idea of clock equivalent optimization and dynamic conversion, an algorithm for converting TDPNT=(P, Γ, Δ, X) to DPNM=(P ^M , Γ ^M , Δ ^M ) is proposed. The algorithm is aimed at the migration relationship Δ of T, through The conversion rules in the previous section exhaustively calculate the migration relationship Δ ^M corresponding to M. The input of the algorithm is continuous TDPNT, and the output is discrete DPNM. Suppose the initial pattern of TDPN is The content of each stack is initially empty, which corresponds to the construction of the initial field R _init of M.

若T的迁移关系集合存在φ＝(γ,op,γ′)∈Δ，其格局包含全局变量栈字符串时钟M的当前格局为β＝<p,R_l>，域R_l包含 (├,0)表示g、ω_il、x、├对应的普通项，表示相应的记录项。根据φ和R_l可动态构造域R_l′，即存在迁移关系将该迁移关系添加到Δ^M中。If there is φ=(γ,op,γ′)∈Δ in the set of transfer relations of T, its pattern includes global variables stack string clock The current configuration of M is β=<p,R _l >, and the field R _l contains (├,0) means the common items corresponding to g, ω _il , x, ├, Indicates the corresponding entry. According to φ and R _l , the domain R _l ′ can be dynamically constructed, that is, there is a migration relationship Add this migration relation to ^ΔM .

算法：TDPN转化为DPN算法Algorithm: TDPN into DPN algorithm

输入：TDPNT＝(P，Γ，Δ，X)Input: TDPNT = (P, Γ, Δ, X)

输出：对应的DPNM＝(P^M，Γ^M，Δ^M)Output: Corresponding DPNM=(P ^M , Γ ^M , Δ ^M )

转换算法中第1和2行分别表示对工作线程的格局和域的初始化，从第4行开始，针对T的格局迁移关系Δ，穷尽计算在M中用域表示的迁移关系Δ^M。其中第8和9行表示空操作迁移，对应M只改变状态，域不变。第10至12行描述时钟重置操作迁移，域R_l中的时钟x的值重置为第13至15行描述时间流逝迁移，域R_l中除参考时钟项(├，0)，其余所有项的时钟值，全部加上时间流逝v。第16至18行描述入栈操作迁移，压入字符a。第19至22行描述出栈操作迁移，其中R_i(l-1)′表示域R_i(l-1)所有项都加上域R_il的时间流逝θ(├^·)。第23至25行描述动态创建线程迁移，创建的新线程为n+1。对于TDPNT，该算法是可终止的，且该算法的时间复杂度，与项字符集和关键点集的笛卡尔积呈指数关系，与程序的大小呈指数关系。Lines 1 and 2 in the conversion algorithm represent the initialization of the configuration and domain of the worker thread respectively. Starting from the fourth line, for the configuration migration relationship Δ of T, exhaustively calculate the migration relationship Δ ^M represented by the domain in M. Lines 8 and 9 represent no-operation migration, corresponding to M, only the state is changed, and the domain remains unchanged. Lines 10 to 12 describe the clock reset operation transition, the value of clock x in field R _l reset to The 13th to 15th lines describe the migration of time lapse. Except the reference clock item (├, 0) in domain R _l , the clock values of all other items are all added with time lapse v. Lines 16 to 18 describe the migration of the push operation, pushing the character a. Lines 19 to 22 describe the migration of the pop operation, where R _i(l-1) ′ means that all items in the domain R _i(l-1) plus the time lapse θ(├ ^· ) of the domain R _il . Lines 23 to 25 describe dynamic creation of thread migration, and the number of new threads created is n+1. For TDPNT, the algorithm is terminated, and the time complexity of the algorithm is exponential with the Cartesian product of item character set and keypoint set, and is exponential with the size of the program.

对于TDPNT，该算法是可终止的，且该算法的时间复杂度，与项字符集和关键点集的笛卡尔积呈指数关系，与程序的大小呈指数关系。For TDPNT, the algorithm is terminated, and the time complexity of the algorithm is exponential with the Cartesian product of item character set and keypoint set, and is exponential with the size of the program.

四、可达性问题证明阶段：通过证明状态p_F在TDPN中可达当且仅当其转换状态p_F′在DPN中可达，从而确定模型转换是否存在错误。4. Proving stage of reachability problem: By proving that the state p _F is reachable in TDPN if and only if its transition state p _F ′ is reachable in DPN, it is determined whether there is an error in the model transformation.

把TDNP可达性问题通过时钟等价优化技术转化成DPN可达性问题，需证明从T转化成M的正确性，即状态p_F在TDPN可达当且仅当其转换状态p_F′在DPN可达。To transform the TDNP reachability problem into the DPN reachability problem through the clock equivalent optimization technique, it is necessary to prove the correctness of the transformation from T to M, that is, the state p _F is reachable in TDPN if and only if its transition state p _F ′ is in DPN reachable.

定义1(可达性):设迁移系统TDPNT，为T的初始格局，其中为全局变量初始值；p_init为初始状态；ε为栈初始值(表示栈空)；为初始时钟(赋值为0)，目标格局如果T存在格局迁移那么状态p_F在T可达。Definition 1 (Accessibility): Let the migration system TDPNT, is the initial configuration of T, where is the initial value of the global variable; p _init is the initial state; ε is the initial value of the stack (indicating that the stack is empty); is the initial clock (assigned to 0), the target pattern If there is pattern migration in T Then state p _F is reachable at T.

设R＝R₀R₁…R_n是M栈域集合上的一组域。对于R₁、R₂两个域，如果R₁是R₂严格偏序关系，记住如果R₁是R₂非严格偏序关系，记住对于域集R，如果则称R为相关域，如果则称R为弱相关域。如果R为(弱)相关域，则格局β＝<p，R>为(弱)相关格局。对于弱相关域R＝R₀R₁…R_n和域R′＝R₀′R₁′…R_n′，如果R_n′＝R_n、R_i′∈R_i ⁺(其中R_i ⁺是R_i的时间迁移域)、并且则域R^′是域R的强相关域。给定一个在M的相关格局β＝<p，R>，如果域R′是域R的强相关域，则格局β′＝<p，R′>就是β的强相关格局。Let R=R ₀ R ₁ . . . R _n be a group of domains on the set of M-stack domains. For the two domains R ₁ and R ₂ , if R ₁ is a strict partial order relationship of R ₂ , remember If R1 is _R2 non _- strict partial ordering, remember For a domain set R, if Then R is called a correlation domain, if Then R is called a weak correlation domain. If R is a (weakly) correlated domain, then the pattern β=<p, R> is a (weakly) correlated pattern. For weak correlation domain R=R ₀ R ₁ ...R _n and domain R′=R ₀ ′R ₁ ′…R _n ′, if R _n ′=R _n , R _i ′∈R _i ⁺ (where R _i ⁺ is the time shift domain of R _i ), and Then domain R ^' is a strongly correlated domain of domain R. Given a correlation pattern β=<p, R> in M, if domain R′ is a strongly correlated domain of domain R, then pattern β′=<p, R′> is a strongly correlated pattern of β.

定理1：对于T任意一个格局γ，通过时钟等价转化，在M都存在与之对应的格局β。Theorem 1: For any pattern γ of T, through the equivalent transformation of the clock, there is a corresponding pattern β in M.

证明：设M的一个格局β＝<p，R>，T的一个格局其中假设S为迁移系统T此刻变量集合，S经过时钟域等价转换成M中的域R。设R＝R₀R₁…R_n和S的值θ(即θ_|＝S)，下面表达式成立：Proof: Suppose a pattern of M β=<p, R>, a pattern of T in Assuming that S is the variable set of the migration system T at the moment, S is equivalently transformed into the domain R in M through the clock domain. set up R=R ₀ R ₁ ... R _n and the value θ of S (that is, θ _|=S ), the following expression is established:

●p′＝p●p'=p

● ●

那么γ|＝_Sβ，即对于T任意一个格局γ，通过时钟域编码转化后，在M都存在与之对应的格局β。Then γ|= _S β, that is, for any pattern γ of T, there is a corresponding pattern β in M after it is converted by clock domain coding.

要证明可达性需先引入下面两个定律：To prove accessibility, the following two laws must be introduced first:

定律1：对于属于M的任意一个正则可达格局β，β的强相关格局β′＝<p，R′>，S为T此刻变量集合，在T里必定存在与之对于格局γ，存在γ|＝_Sβ并且 Law 1: For any regular reachable pattern β belonging to M, the strongly correlated pattern β′=<p, R′> of β, S is the set of variables at the moment of T, and there must be a corresponding pattern γ in T, there is γ |= _S β and

定律2：对于属于T的任意一个格局γ，在M里必定存在对应格局β，至少存在一个β的强相关格局β′＝<p，R′>，并且存在域R′的转换集合S，那么存在γ|＝_Sβ并且 Law 2: For any pattern γ belonging to T, there must be a corresponding pattern β in M, there is at least one strongly correlated pattern β′=<p, R′> of β, and there is a transformation set S of domain R′, then There exists γ|= _S β and

定理2：状态p_F在TDPNT可达当且仅当p_F′在DPNM可达。Theorem 2: The state p _F is reachable in TDPNT if and only if p _F ′ is reachable in DPNM.

证明：先证充分性：状态p_F在TDPN可达其转换状态p_F′在DPN可达。Proof: Proof of Sufficiency: State p _F is reachable in TDPN Its transition state p _F ' is reachable in DPN.

如果目标状态p_F′在M是可达，那么就存在一个正则可达格局β(p_F′为格局β的状态)。由于DPNM所有可达格局都是弱相关，即可达格局β为弱相关格局，因此至少存在一个对应的强相关格局β′＝<p，R′>。由定律1可知在迁移系统M的一个正则格局β，存在一个强相关格局β′和转换成R′的集合S，在T里必定存在与之对应格局γ，存在γ|＝_Sβ并且即状态p_F(p_F为格局γ的状态)在T可达。If the target state p _F ′ is reachable in M, then there is a regular reachable pattern β (p _F ′ is the state of pattern β). Since all the reachable patterns of DPNM are weakly correlated, that is, the reachable pattern β is a weakly correlated pattern, so there is at least one corresponding strongly correlated pattern β′=<p, R′>. It can be seen from Law 1 that in a regular pattern β of the migration system M, there is a strongly correlated pattern β′ and a set S transformed into R′, there must be a corresponding pattern γ in T, there exists γ|= _S β and That is, the state p _F (p _F is the state of the pattern γ) is reachable at T.

再证必要性：状态p_F在TDPN可达其转换状态p_F′在DPN可达。Re-certification necessity: state p _F is reachable in TDPN Its transition state p _F ' is reachable in DPN.

如果目标状态p_F′在T是可达，由定理1可知在M里必定存在与之对于格局β(p_F′为格局β的状态)，因此至少存在一个强相关格局β′＝<p，R′>。由定律2可知在迁移系统T的一个格局γ，存在一个强相关格局β′和转换成R′的域集合S，在M里必定存在与之对应格局β，存在γ|＝_Sβ并且即状态p_F′(p_F′为格局β的状态)在M可达。If the target state p _F ′ is reachable in T, it can be seen from Theorem 1 that there must be a corresponding pattern β in M (p _F ′ is the state of pattern β), so there is at least one strongly correlated pattern β′=<p, R'>. It can be seen from Law 2 that in a pattern γ of the migration system T, there exists a strongly correlated pattern β′ and a field set S transformed into R′, and there must be a corresponding pattern β in M, there exists γ|= _S β and That is, the state p _F ′ (p _F ′ is the state of pattern β) is reachable in M.

因此，状态p_F在TDPN可达当且仅当其转换状态p_F′在DPN可达。Therefore, state p _F is reachable in TDPN if and only if its transition state _pF ' is reachable in DPN.

通过以上方法步骤可以查找出并发递归程序中存在的设计错误或漏洞，保证程序的可靠性与正确性。本方法为自动化的可达性求解方法，可以实现时间动态下推网络可达性问题的可判定求解，而无需用户过多参与，可达格局计算过程简单、有效。Design errors or loopholes existing in the concurrent recursive program can be found through the above method steps to ensure the reliability and correctness of the program. This method is an automatic reachability solution method, which can realize the decidable solution to the time dynamic pushdown network reachability problem without too much participation of users, and the reachability pattern calculation process is simple and effective.

Claims

1. to push net under Time dynamic the conversion method of network, it is characterized in that, comprise the steps:

Step (1) is pushed net under described Real-time and Concurrent recursive program is converted to a Time dynamic network;

To push net under the abstract model of step (1.1) structure Real-time and Concurrent recursive program and Time dynamic network;

Network of pushing net under the Time dynamic constructed is a four-tuple T=(P, Γ, Δ, X), and wherein P is state set; Γ is stack character set; Δ=Δ _nop∪ Δ ₌∪ Δ _├∪ Δ _push∪ Δ _pop∪ Δ _dcmigration rules set, wherein Δ _noprepresent blank operation migration, Δ ₌represent the migration of clock assignment, Δ _├represent migration time lapse, Δ _pushrepresent stacked migration, Δ _poprepresent migration of popping, Δ _dcrepresent that dynamic thread creation moves; X represents clock collection, its value function represent for be θ (x) in current value;

Construct Time dynamic under push away network situation represent described model state at a time, wherein: represent the two tuple <g at current global variable g and its age θ (g), θ (g) >; p _i∈ P represents local state node, represent that stack sequence is the stack contents ω of i _iwith its age θ (ω _i) two tuple < ω _i, θ (ω _i) >; represent the two tuple <x of clock x and its value θ (x), θ (x) >;

Network operational semantics of pushing net under constructed Time dynamic is described by step (1.2);

Pushing net under Time dynamic the model of network as real-time multithread program, producing migration for describing multiple lower pushing system, its transition relationship Δ=Δ simultaneously _nop∪ Δ ₌∪ Δ _├∪ Δ _push∪ Δ _pop∪ Δ _dcprovide it according to different migration actions below and perform implication;

1) Δ=Δ _noptime, op=nop, represent that general layout interior element does not change;

2) Δ=Δ ₌time, op=x ← I, c ∈ I; Represent to the arbitrary value v within the scope of clock x assigned I, other general layout interior element does not change;

3) Δ=Δ _├time, op=Time ← c, suppose

\overset{&OverBar;}{ω} = < a_{1}, x_{1} > < a_{2}, x_{2} > ... < a_{n}, x_{n} >,

So

{\overset{&OverBar;}{ω}}^{+ v} = < a_{1}, x_{1} + v > < a_{2}, x_{2} + v > ... < a_{n}, x_{n} + v >,

{\overset{&OverBar;}{x}}^{'} = {\overset{&OverBar;}{x}}^{+ v},

Represent that in general layout, all clocks increase v, in general layout, non-clock contents does not change;

4) Δ=Δ _pushtime, op=push (a, I), v ∈ I, represent and variable a is pressed into stack top, and to set corresponding clock be x, its clock value is the arbitrary value within the scope of I;

5) Δ=Δ _poptime, op=pop (a, I), v ∈ I, stack top internal clock value is that the variable a of I scope ejects by expression;

6) Δ=Δ _dctime, op=dc, represent and create new thread stack contents;

Push net under the Time dynamic that step (1) obtains by step (2) network T=(P, Γ, Δ, X), is converted to by following conversion method the network M=(P that to push net dynamically ^m, Γ ^m, Δ ^m);

Step (2.1) state P ^mconversion: namely the state set of T is identical with the state set of M;

Step (2.2) stack character set conversion: if a ∈ { Γ, ├ }, then and

Step (2.3) transition relationship Δ is to Δ ^mtransformation rule;

If the stack level of this lower pushing system is l, and is numbered 1 at the bottom of stack, stack top is numbered l; This TDPN contains global variable g, clock variable x, stack contents ω={ ω ₁ω _iω _n, wherein ω _irepresent the stack contents of No. i lower pushing system, use ω _il| _Γrepresent ω _ibe projected in the stack top character of Γ; its age of each expression and the key point of value under clock equivalence; Thus known correspondence is in the present clock of M territory of equal value wherein representative domain R _lrecord stack top character, ├ representative domain R _lreference clock character, ├ ^.representative domain R _lcorresponding character time lapse;

TDPN general layout φ=(γ, op, γ ') ∈ Δ represents the general layout migration of T, and the general layout migration of corresponding M can be expressed as wherein p with p ' is identical with state in T, represents the state before and after general layout migration respectively; R _l={ R _1lr _ilr _nlrepresent stack top territory, wherein R _ilrepresent the stack top territory of No. i lower pushing system, R _land R _l' represent that general layout moves the stack top territory of front and back respectively; Action migration collection op ', corresponding to the op of T, the following describes and constructs R according to different op _l':

1) as op=nop, for exist in and if only if M only state is changed, so general layout migration also only changes state, territory R in M at T hollow operations _lremain unchanged;

2) as op=(x ← I), for exist in and if only if M this transition relationship represents DPN territory R _lmiddle clock is that the item of x performs operation, wherein θ (x) ' ∈ I, carrys out structural domain R _l'; Concrete implementation is as follows:

Territory R _lpop, obtain R _lin item resetting θ (x) is θ (x) ', forms new item

? replace territory R _lin item obtain territory R _l', and stacked, be transformed into new state p ';

3) as op=(Time ← v), for exist in and if only if M this transition relationship representative domain R _lin except reference clock item (├, 0), the clock value of all the other all items adds v time lapse, carrys out structural domain R _l ⁺; Concrete execution step is:

Territory R _lpop, except reference clock, all add v time lapse, represent and correspond to g, ω _il, x new general term, the corresponding new record item of each expression, represent reference clock entry;

New item replaces original item, obtains territory R _l ⁺, and stacked, be transformed into new state p ';

4) as op=push (a, I), for and if only if, and M exists this transition relationship represents, carrying out stack-incoming operation to No. i lower pushing system, is a by character, is worth to be the stacked territory R of item _il, carry out structural domain R _{i (l+1)}; Detailed process is as follows:

From R _ilobtain item with

replace respectively obtain territory R _{i (l+1)}, and stacked, be transformed into new state p ';

5) as op=pop (a, I), for and if only if, and M exists this transition relationship represents, pop territory R _ilmiddle stack character is a, and the item of θ (a) ∈ I, carry out structural domain R _il'; Concrete steps are described below:

Pop territory R _ilwith territory R _{i (l-1)}, obtain territory R _ilin item

Territory R _(l-1)in the clock value of all items add θ (├ ^.), obtain territory R _{i (l-1)}';

Pass through R _iland R _{i (l-1)}' obtain territory R _il', R _il' item is respectively: common stack character item is from territory R _{i (l-1)}'; Ordinary clock item, global variable item are from territory R _il; Entry is all from territory R _{i (l-1)}';

Stacked territory R _il', be transformed into new state p ';

6) when time, for exist in and if only if M this transition relationship represents, creates new thread and carrys out structural domain R _l'; Suppose TDPN model, dynamic creation newly descends the stack of pushing system to be numbered n+1; Concrete execution step is as follows:

Pop territory R _l, the optimisation technique of equal value of the clock based on key point, can obtain general character item entry

Item with join domain R _l, obtain territory R _l', and stacked, be transformed into new state p '.