CN107885607A - One kind is based on built-in system software multi views hazard model and its modeling method - Google Patents

One kind is based on built-in system software multi views hazard model and its modeling method Download PDF

Info

Publication number
CN107885607A
CN107885607A CN201710986470.3A CN201710986470A CN107885607A CN 107885607 A CN107885607 A CN 107885607A CN 201710986470 A CN201710986470 A CN 201710986470A CN 107885607 A CN107885607 A CN 107885607A
Authority
CN
China
Prior art keywords
software
view
accident
analysis
built
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710986470.3A
Other languages
Chinese (zh)
Other versions
CN107885607B (en
Inventor
王望
鲍晓红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN201710986470.3A priority Critical patent/CN107885607B/en
Publication of CN107885607A publication Critical patent/CN107885607A/en
Application granted granted Critical
Publication of CN107885607B publication Critical patent/CN107885607B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/008Reliability or availability analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/0736Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in functional embedded systems, i.e. in a data processing system designed as a combination of hardware and software dedicated to performing a certain function
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/079Root cause analysis, i.e. error or fault diagnosis

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Stored Programmes (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a kind of evaluation analysis method based on built-in system software multi views hazard model, model is produced including top layer accident generating process model and deep problems, interaction error analysis accident generating process of the top layer accident generating process model out of software failure and software and system between other compositions, state deep problems and produce model including establishing the exploitation view of software layer and system layer, forming view, logical view, environmental view;Software layer is analyzed the problem of initiation accident from the mechanism of software failure;The problem of mechanism of interaction error is to triggering accident occurs out of software and system and analyzes for system level between other compositions, the present invention is directed to software failure accident and software interactive accident, propose the description method of multi views by different level, the characteristics of more conforming to embedded system, the reason for accident occurs fundamentally is illustrated, describes in more detail and fully the process and mechanism of built-in system software accident.

Description

One kind is based on built-in system software multi views hazard model and its modeling method
Technical field
This method is related to embedded system field, particularly using embedded software as control system, with more highly reliable Property and the field of security requirement.Specifically, it is related to one kind based on built-in system software multi views hazard model and its builds Mould method.
Background technology
Embedded system has been widely used in a variety of applications in advanced industrial circle, particularly aerospace field.It is embedded System software act as important control action in these areas, typically ensure that safety-critical task is successfully carried out in system Important component.Because hardware resource is limited, running environment is severe, sequential logic is strict, long operational time, safety-critical The features such as grade is high, once built-in system software run-time error, it is possible to trigger accident, cause damage.
, can be total by establishing hazard model accurate description accident genesis mechanism and process, system for the accident occurred The defects of tying safety Design and management etc., targetedly design criteria or control measures are formed, to avoid similar accident Occur again.
Traditional hazard model mainly based on fault chains, accident is described as the dangerous shape of Unsafe behavior and thing Event chain result caused by state, as the dominoes principle of Heinrich, energy accident release theory and FTA, ETA, FMEA etc..In addition to event chain model, also a kind of hazard model is thought, system has multilayer proofing, overcoat for danger Leak is there may be, once danger carries out development by these overcoat leaks and will develop into accident, as people infects prevalence The process of disease, so being referred to as epidemiology theory, Switzerland's cheese model should be belonged to than more typical.
Accident mainly from system perspective, is regarded as internal system unit and unit is mutual by modern hazard model Between interactive result, such as STAMP, AcciMap, FRAM and some formal tools and dynamic continuous model.With regard to mesh Before for, either traditional or modern hazard models, its focus is mostly focused on scientific and technical system, i.e. industry is given birth to Production field security incident.Table 1 gives existing all kinds of hazard model features, and its in built-in field application.
All kinds of hazard model features of table 1 and its compare in built-in field application
But traditional hazard model is not particularly suited for built-in system software accident of the description with numerous interactions, and modern Although the hazard model based on systematology can describe the interaction of complication system, for built-in system software problem The description of specific mechanism is not comprehensive enough and gos deep into, while system and accident occurrence cause shortage to producing accident are effectively commented Valency and analysis.
The content of the invention
To solve above technical problem, the invention discloses a kind of accident mould of the built-in system software accident of description comprehensively The method of type and description embedded system, and security control is instructed based on the hazard model and System describe, carry The security of high system.
Complete technical scheme of the invention includes:One kind is based on built-in system software multi views hazard model, and it is modeled Method, and the method that evaluation analysis is carried out to the accident occurrence cause of embedded system using the model
It is characterised in that it includes:
Described built-in system software multi views hazard model includes:
(1) top layer accident generating process model;
(2) deep problems produce model;
The top layer accident generating process model fails from built-in system software, and in embedded software and system its The aspect of interaction error two between he forms analyzes the reason for accident occurs;Security control in embedded system includes internal pacify Full control and real-time dangerous item station, when software failure or interaction error cause internal security control failure, system enters dangerous State;If in real time dangerous item station fail, it is dangerous then spread form accident;
The deep problems produce model and regarded including establishing the exploitation view of two levels of software layer and system layer, forming Figure, logical view, environmental view;
The software layer is analyzed the problem of initiation accident from the mechanism of software failure;
The mechanism of interaction error occurs out of software and system for the system level to triggering thing between other compositions Therefore the problem of analyzed.
In the top layer accident generating process model, the security control in embedded system includes:
1) internal security controls:The internal security control is to be pre-designed the security control in embedded system, when When embedded software defect is excited or interaction error occurs, internal control carries out timely processing, avoids system from entering dangerous shape State;
2) real-time dangerous item station:The dangerous item station in real time is not designed in embedded system, when system because software lacks Fall into or interaction error and enter precarious position when, can in real time to danger be handled and make system return normal operation safety Control;
3) accident control:Accident control is to reduce the control of causality loss after accident occurs.
In the top layer accident generating process model, the occurrence cause of accident includes following condition:
1) software failure and interaction error
Think that what embedded system entered after starting is up state, and by the software in normal operating condition, point For defective software and zero-defect software;It is project software and its when system enters precarious position for flawless software He produces interaction error by system element;To defective software, when system enters precarious position, it is with other for project software The interaction error of system element, and/or software defect are triggered to form failure;
2) internal security control failure
The design of embedded system follows certain security constraint collection with running, and the security constraint collection is related to software Interface transmits in system, information communication, tasks carrying flow and sequential, the requirement in terms of time, precision, resource, jointly to being Unite into the safe range of one row constraint, formation bounded;Simultaneously associated safety is designed in embedded software or embedded system Control;When software failure or interaction error cause internal security constraint set and design safety controls failure, system enters dangerous State;
3) dangerous item station failure in real time
System in the hole controls the sprawling of danger by real-time dangerous item station, or system is returned normal peace Full running status, if in real time dangerous item station fail, it is dangerous then spread form accident.
The exploitation view of establishing includes establishing software development view and establishes system development view;The software development regards The defects of figure Trancking Software development phase, and propagation and evolution process of the defect in different phase.
Preferably, by the exploitation view of software, the various defect behaviors to software are arranged and classified, for each Major class, further segmented with reference to the action in the respective development phase.
Preferably, the software development view establishes tracked information one by one according to Software Requirement Specification, analyzes demand Whether correct, whether each demand in each development phase of following the trail of is designed, is implemented, is tested.
The Interface design and the uniformity of software and hardware mapping of the system development view tracking software and hardware.
Preferably, the interface between software and hardware design is analyzed with the uniformity mapped by software interface document.
Preferably, the system development view obtains software and hardware function segmentation information from system documentation, according to interface text Shelves establish interface between software and hardware mapping matrix, analysis interface integrality and uniformity, and whether follow-up analysis interface is accomplished.
The composition view of establishing includes establishing software composition view and system composition view, the software composition view point Analyse program and document, it is preferred that the module that the analysis to program and document includes analysis program is designed and divided, modular unit with And code composition;All the elements of software program are remained in software development document, and the analysis to software composition includes analysis The correctness and integrality of code and module in itself, and between establishing module interface matrix with the uniformity of analysis interface;
Each part connects each other in system composition view analysis system, the structure as description system action Basis, system composition figure be the static description to embedded system, embody embedded system part and they between Interface.
Preferably, the identification for establishing completion system constituent and interface of the system composition view.It is furthermore preferred that When establishing system composition view, by carry out hierarchical description from coarse to fine.
The logical view of establishing includes establishing software logic view and system logic view, the software logic view point The division of software function and the division of logical level are analysed, i.e. demand is converted into the mode of software function;Preferably, the software is patrolled Collect view and function information and Module Division information are obtained from exploitation document, and draw and establish software function hierarchy chart, to function Design and implementation process be tracked, whether analysis software function meets demand.
The dynamic moving related to software, is transported in embedded system in the system logic view analysis of built-in system The reflection of Mobile state.
Preferably, analyzed in terms of the system logic view system state, activity and interaction three, more preferably , analyzed by using the state diagram in UML, activity diagram (flow chart) and interaction figure (collaboration diagram and timing diagram).
It is furthermore preferred that the dynamic moving of system is presented in the system logic view, its object analyzed comes from system group The each object come is picked out into view.It is furthermore preferred that when being analyzed, by the state diagram in UML instruments, activity diagram It is described with traffic diagram.
The environmental view of establishing includes establishing software environment view and system environments view,
The software environment view analysis development environment and support environment, development environment influence speed measuring with software, support Environment influences software operation state.
Preferably, the software environment view includes analysis development environment (developing instrument, development approach) to software quality Influence, and analysis support environment (software support and hardware supported) and software compatibility.
The running environment of the system environments view analysis system, including physical environment and climatic environment.
Preferably, when establishing system environments view, environmental information is obtained from system development document, including residing for system Environment, and the ambient parameter that system operation needs gather;For physical environment and climatic environment, environment is specified to system material Influence.For ambient parameter, analytical parameters change produces influence greatly to system operation, while analyzes and influence these parameters The reason for anomalous variation.
The present invention is relative to the advantages of prior art:
This method establishes the top layer hazard model on embedded system, for software failure accident and software interactive thing Therefore, it is proposed that the description method of multi views by different level, the characteristics of more conforming to embedded system, fundamentally illustrate accident The reason for, process and mechanism more detailed and that fully describe built-in system software accident.And this method can be to insertion The exploitation of the safety-critical of formula system development and embedded software gives guidance, and the description to embedded system and embedded software is all It is based on embedded system and engineering of software development, the control suggestion described by this method, analyzed to provide can It is used in engineering to improve the security of embedded system and embedded software.
Brief description of the drawings
Fig. 1 is top layer accident process model schematic.
In figure:
1 Start 6 Lack internal security control or internal security control failure
2 Software inhouse defect is excited 7 Internal security controls
3 Interaction error 8 Lack actual time safety control or actual time safety control failure
4 Interaction error 9 Actual time safety controls
5 The interaction error as caused by software defect 10 Terminate
Fig. 2 is the hazard model schematic diagram of the present invention.
The problem of Fig. 3 is the hazard model of present invention classification chart.
Fig. 4 is the interface configurations figure of control software and hardware in certain engine control system in the embodiment of the present invention.
Fig. 5 is the structure chart of certain engine control system in the embodiment of the present invention.
Fig. 6 is the structure chart of electronic controller in Fig. 5.
Fig. 7 is the level one data flow graph of each functional module composition of certain engine control system in the embodiment of the present invention.
Fig. 8 is the activity diagram of engine control software " 5ms control tasks " in the embodiment of the present invention.
Fig. 9 is the timing diagram of engine control software " 5ms control tasks " in the embodiment of the present invention.
Embodiment
The present invention will be further described with reference to the accompanying drawings and detailed description.
A kind of evaluation analysis method based on built-in system software multi views hazard model, described insertion in the present invention Formula software disaster model mainly includes:
(1) the accident generating process model of top layer;
(2) the problem of profound, produces model;
1. the accident generating process model of top layer:
The reason for built-in system software accident occurs the accident generating process model of the top layer is divided into embedded system Interaction error in software failure and embedded software and the system of uniting between other compositions;The built-in system software accident Immediate cause be that dangerous item station fails and causes dangerous sprawling to turn into accident, be that the failure of security constraint makes the main reason for accident The system of obtaining enters precarious position, and the root of the accident is then because problem, including software failure be present in embedded system With software and system other elements in interaction error.
In the model, itself there is security control in system, accident is the generation and security control of problem Caused by failure occurs simultaneously when.Security control in system is divided into three classes by model:
1) internal control.Internal control refers to be pre-designed the security control in embedded system, works as embedded software When defect is excited or interaction error occurs, internal control can effectively carry out timely processing, avoid system from entering precarious position.
2) control in real time.Control refers to not design in embedded system in real time, when system is due to software defect or interaction Mistake and enter precarious position when, can in real time to danger be handled and make system return normal operation security control.
3) accident control.Accident control refers to accident after occurring reducing the control of causality loss.The top layer accident Process model is shown in accompanying drawing 1, and the figure use state figure represents the change procedure of system.The model mainly includes following three aspects Content:
1) software failure and interaction error
Because embedded system had been subjected to largely test before actual use, so generally it can be thought that embedded What system entered after starting is up state.Software in normal operating condition, it is theoretical from whether containing defective angle On can be divided into defective software and zero-defect software.For flawless software, the reason for causing system to enter precarious position It is the interaction error of project software and other systems element;And for defective software, cause system to enter dangerous shape The reason for state, is in addition to the interaction error of project software and other systems element, in addition to software defect is triggered to form failure.
2) internal security control failure causes danger
The design of embedded system should follow certain security constraint with processes such as operations.The security constraint collection is related to software Interface transmits in system, information communication, tasks carrying flow and sequential, many requirements of time, precision, resource etc., altogether With the safe range entered row constraint to system, form a bounded.On the other hand, generally also can be in insertion in order to avoid accident Some security controls are designed in formula software or embedded system.If software failure or interaction error cause internal security constraint and Design safety control failure, system will enter precarious position.
3) dangerous item station failure in real time causes accident
System in the hole can by some real-time control measure come control danger sprawling, or even make be System returns normal safe operation state.It is dangerous then accident can be spread into if this dangerous item station in real time fails.
2. the problem of profound, produces model
Find out from the accident in process model, the root of the accident be then because embedded system in problem be present, Including software failure and software with system other elements in interaction error.But why the class problem of this in embedded system two is specifically Caused by sample, then need to carry out analysis description with reference to the specific features of embedded system and embedded software.
Described problem, which produces model, to include establishing the exploitation view of two levels of software layer and system layer, composition view, patrols Volume view, environmental view, as shown in Fig. 2 the software layer from the mechanism of software failure to triggering accident the problem of retouch State and analyze.The mechanism of interaction error occurs out of software and system for the system level to triggering accident between other compositions The problem of be described and analyze.Reference can be made to problem of the present invention produces model asking based on two levels and four views in Fig. 3 Topic classification.Specifically include:
(1) exploitation view is established
The exploitation view includes software development view and system development view, the software development view, pays close attention to and chases after The propagation and evolution process of the defects of track software each development phase and defect in different phase.Regarded by the exploitation of software The various defect behaviors of software can be arranged and classified, such as software development View component in accompanying drawing 3 by figure.For each Major class, the action that can be combined in the respective development phase are further segmented.
The system development view is primarily upon and follows the trail of the Interface design and the uniformity of software and hardware mapping of software and hardware.It is soft Hardware interface design can be described with the uniformity mapped by software interface document.
It can specifically include:
1) software development view
Tracked information is established according to Software Requirement Specification one by one, whether analysis demand is correct, follows the trail of in each exploitation rank Whether each demand is designed, is implemented, is tested in section.As shown in table 1, by taking certain engine control system as an example, the engine Control software control function mainly include engines ground start, stable state control, transition state control, parameter limitation etc. work( Can, analysis is tracked to these functional requirements, it is first determined whether each function and subfunction are designed, realize and surveyed Examination, then analyze whether the different development phases goes wrong.
Certain the engine system control software demand trace table of table 1
2) system development view
System development view is primarily upon software and hardware mapping and interface exploitation.Software and hardware work(can be obtained from system documentation Energy segmentation information, interface between software and hardware mapping matrix, analysis interface integrality and uniformity, follow-up analysis are established according to interface document Whether interface is accomplished.
Equally by taking certain engine control system as an example, the system controlling software is the same as analog quantity processing unit, frequency quantity processing All there is communication between device, the pass amount hardware such as processing unit and timer, so its system hardware and software interface configurations figure, such as Shown in accompanying drawing 4.
(2) view is formed
Embedded software composition view is primarily upon program and document, wherein, the module design and division, module list of program Member and code composition are important perpetual objects.All the elements of software program are remained in software development document, to soft The description of part composition is in addition to code analysis and module correctness and integrality in itself, it is also necessary to establishes the interface of module Matrix, the uniformity of analysis interface.
Mainly each part connects each other in reflection system for embedded system composition view, as description system action Architecture basics.Description to system composition is completed by establishing system composition figure.System composition figure is to embedded The static description of system, embodies the part of embedded system and the interface between them.These compositions can introduce Object into system logic view as description.
1) software composition view
Software composition is mainly Software Coding and software document, is the main contents in soft project, repeats no more here.
2) system composition view
System composition view builds the identification for mainly completing system constituent and interface.Regarded establishing system composition , it is necessary to carry out hierarchical description from coarse to finely during figure.By taking certain engine control system as an example, can first it establish as shown in drawings System composition figure, such as accompanying drawing 5.For control device therein, then description can be further spread out, such as accompanying drawing 6.
(3) logical view
Embedded software logical view is primarily upon the division of software function and the division of logical level, i.e. demand is converted into The mode of software function.System logic view is mainly used to describe dynamic moving related to software in embedded system, is embedding The reflection of operation state in embedded system.
Embedded software logical view is needed to establish software function hierarchy chart, and the implementation process of function is tracked, point Whether analysis software function meets demand.
Embedded system logical view is mainly described in terms of system mode, activity and interaction three, Ke Yitong Cross using the state diagram in UML, activity diagram (flow chart) and interaction figure (collaboration diagram and timing diagram) to be described.
1) software logic view
Embedded software logical view is primarily upon the division of software function and the division of logical level, i.e. demand is converted into The mode of software function.Function information and Module Division information can be obtained from exploitation document, and draw functional hierarchy figure, it is right The design and realization of function are tracked.
By taking certain engine control software as an example,《Software requirement specification》In the user's request that refers to mainly include six sides Face, " function " one column seen in " certain engine system control software demand trace table ".In order to realize these functions, controller control Software processed should carry out hardware initialization first, to be adapted to the hardware platform of control software operation, then carry out data initialization, with Make data when corresponding task run starts in control software controllable.Software function mainly includes signal acquisition, signal transacting, event The functions such as barrier diagnosis calculates with processing, control logic, control calculating, signal output, communication.In order to specifically describe these functions it Between rapport, can establish as shown in Figure 7 each functional module composition level one data flow graph.
2) system logic view
The dynamic moving of system is mainly presented in system logic view, and its object described, which comes from system composition view, to be distinguished Know each object out.When being described, can be carried out by the state diagram in UML instruments, activity diagram and traffic diagram Description.By taking some task in launching control system as an example, the multidate information as shown in accompanying drawing 8 and accompanying drawing 9 can be drawn.Wherein scheme 8 be the activity diagram of engine control software " 5ms control tasks ", and Fig. 9 is the sequential of engine control software " 5ms control tasks " Figure.
(4) environmental view.
Embedded software environmental view is primarily upon development environment and supports environment, and development environment influences software product matter Amount, environment is supported to influence software operation state.System environments view mainly describes the running environment of system, including physical environment and Climatic environment etc..
Software environment mainly includes development environment and supports environment, and action mainly includes two aspects, first, analysis Influence of the development environment (developing instrument, development approach etc.) to software quality, second, environment (software support and hardware are supported in analysis Support) and software compatibility.
1) system environments view
, it is necessary to obtain environmental information from system development document during constructing system environmental view, including the ring residing for system Border, and the ambient parameter that system operation needs gather.For physical environment and climatic environment, it is necessary to which clear and definite environment can system material The influence of material.For ambient parameter, it is necessary to which analytical parameters change produces influence greatly to system operation, also to analyze influences this The possible cause of a little abnormal parameters changes.
It is described above, only it is presently preferred embodiments of the present invention, not the present invention is imposed any restrictions, it is every according to the present invention Any simple modification, change and the equivalent structure change that technical spirit is made to above example, still fall within skill of the present invention In the protection domain of art scheme.

Claims (7)

1. one kind is based on built-in system software multi views hazard model, it is characterised in that described built-in system software is more View hazard model includes:
(1) top layer accident generating process model;
(2) deep problems produce model;
The top layer accident generating process model fails from built-in system software, and embedded software and other groups in system The reason for aspect analysis accident of interaction error two between occurs;Security control in embedded system includes internal security control System and real-time dangerous item station, when software failure or interaction error cause internal security control failure, system enters precarious position; When real-time dangerous item station fails, it is dangerous then sprawling form accident;
The deep problems, which produce model, to include establishing the exploitation view of two levels of software layer and system layer, composition view, patrols Collect view, environmental view;
The software layer is analyzed the problem of initiation accident from the mechanism of software failure;
The mechanism of interaction error occurs out of software and system for the system level to triggering accident between other compositions Problem is analyzed.
2. one kind according to claim 1 is based on built-in system software multi views hazard model, it is characterised in that
In the top layer accident generating process model, the security control in embedded system includes:
1) internal security controls:The internal security control works as insertion to be pre-designed the security control in embedded system When formula software defect is excited or interaction error occurs, internal control carries out timely processing, avoids system from entering precarious position;
2) real-time dangerous item station:The dangerous item station in real time is not designed in embedded system, when system due to software defect or Interaction error and enter precarious position when, can in real time to danger be handled and make system return normal operation safety control System;
3) accident control:Accident control is to reduce the control of causality loss after accident occurs.
3. one kind according to claim 2 is based on built-in system software multi views hazard model, it is characterised in that
In the top layer accident generating process model, the occurrence cause of accident includes following condition:
1) software failure and interaction error
Think that what embedded system entered after starting is up state, and by the software in normal operating condition, being divided into has Defect software and zero-defect software;For flawless software, when system enters precarious position, it is with other for project software Element of uniting produces interaction error;It is project software and other systems member when system enters precarious position to defective software The interaction error of element, and/or software defect are triggered to form failure;
2) internal security control failure
The design of embedded system follows certain security constraint collection with running, and the security constraint collection is related to software systems Middle interface transmits, information communication, tasks carrying flow and sequential, the requirement in terms of time, precision, resource, system is entered jointly Row constraint, the safe range for forming a bounded;Associated safety control is designed in embedded software or embedded system simultaneously; When software failure or interaction error cause internal security constraint set and design safety controls failure, system enters precarious position;
3) dangerous item station failure in real time
System in the hole controls the sprawling of danger by real-time dangerous item station, or system is returned normal safety fortune Row state, if in real time dangerous item station fail, it is dangerous then spread form accident.
4. one kind according to claim 1 is based on built-in system software multi views hazard model, it is characterised in that described Establishing exploitation view includes establishing software development view and establishes system development view;The software development view Trancking Software is opened The defects of hair stage, and propagation and evolution process of the defect in different phase.
Preferably, by the exploitation view of software, the various defect behaviors to software are arranged and classified, for each big Class, further segmented with reference to the action in the respective development phase.
Preferably, the software development view establishes tracked information one by one according to Software Requirement Specification, and whether analysis demand Correctly, follow the trail of whether each demand in each development phase is designed, is implemented, is tested.
The Interface design and the uniformity of software and hardware mapping of the system development view tracking software and hardware.
Preferably, the interface between software and hardware design is analyzed with the uniformity mapped by software interface document.
Preferably, the system development view obtains software and hardware function segmentation information from system documentation, is built according to interface document Vertical interface between software and hardware mapping matrix, whether analysis interface integrality and uniformity, follow-up analysis interface are accomplished.
5. one kind according to claim 1 or 4 is based on built-in system software multi views hazard model, it is characterised in that
The composition view of establishing includes establishing software composition view and system composition view, the software composition view analysis journey Sequence and document, it is preferred that the analysis to program and document includes module design and division, modular unit and the generation of analysis program Code composition;All the elements of software program are remained in software development document, and the analysis to software composition includes code analysis With the correctness and integrality of module in itself, and between establishing module interface matrix with the uniformity of analysis interface;
Each part connects each other in system composition view analysis system, the structure base as description system action Plinth, system composition figure be the static description to embedded system, embody embedded system part and they between Interface.
Preferably, the identification for establishing completion system constituent and interface of the system composition view.It is furthermore preferred that establishing When system forms view, by carry out hierarchical description from coarse to fine.
6. one kind according to claim 1 or 4 is based on built-in system software multi views hazard model, it is characterised in that
The logical view of establishing includes establishing software logic view and system logic view, and the software logic view analysis is soft The division of part function and the division of logical level, i.e. demand are converted into the mode of software function;Preferably, the software logic regards Figure obtains function information and Module Division information from exploitation document, and draws and establish software function hierarchy chart, and function is set Meter and implementation process are tracked, and whether analysis software function meets demand.
The dynamic moving related to software in the system logic view analysis of built-in system, it is to run to move in embedded system The reflection of state.
Preferably, analyzed in terms of the system logic view system state, activity and interaction three, it is furthermore preferred that logical Cross using the state diagram in UML, activity diagram (flow chart) and interaction figure (collaboration diagram and timing diagram) to be analyzed.
It is furthermore preferred that the dynamic moving of system is presented in the system logic view, its object analyzed comes from system composition and regarded The each object come is picked out in figure.It is furthermore preferred that when being analyzed, by the state diagram in UML instruments, activity diagram and lead to Letter figure is described.
7. one kind according to claim 1 or 4 is based on built-in system software multi views hazard model, it is characterised in that The environmental view of establishing includes establishing software environment view and system environments view,
The software environment view analysis development environment and support environment, development environment influence speed measuring with software, support environment Influence software operation state.
Preferably, the software environment view includes analysis development environment (developing instrument, development approach) to the shadow of software quality Ring, and the compatibility of environment (software support and hardware supported) and software is supported in analysis.
The running environment of the system environments view analysis system, including physical environment and climatic environment.
Preferably, when establishing system environments view, environmental information, including the ring residing for system are obtained from system development document Border, and the ambient parameter that system operation needs gather;For physical environment and climatic environment, environment is specified to system material Influence.For ambient parameter, analytical parameters change produces influence greatly to system operation, while analyzes that to influence these parameters different Often the reason for change.
CN201710986470.3A 2017-10-20 2017-10-20 Modeling method based on embedded system software multi-view accident model Expired - Fee Related CN107885607B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710986470.3A CN107885607B (en) 2017-10-20 2017-10-20 Modeling method based on embedded system software multi-view accident model

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710986470.3A CN107885607B (en) 2017-10-20 2017-10-20 Modeling method based on embedded system software multi-view accident model

Publications (2)

Publication Number Publication Date
CN107885607A true CN107885607A (en) 2018-04-06
CN107885607B CN107885607B (en) 2020-11-20

Family

ID=61781877

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710986470.3A Expired - Fee Related CN107885607B (en) 2017-10-20 2017-10-20 Modeling method based on embedded system software multi-view accident model

Country Status (1)

Country Link
CN (1) CN107885607B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108762749A (en) * 2018-05-24 2018-11-06 福州大学 System object figure automatic generation method based on code analysis
CN113705616A (en) * 2021-07-30 2021-11-26 三维通信股份有限公司 Model construction method, software defect prediction device and electronic device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1928816A (en) * 2006-09-26 2007-03-14 武汉大学 Model drive for embedded system software and component development method
US20090009960A1 (en) * 2007-07-05 2009-01-08 Melanson Ronald J Method and apparatus for mitigating dust-fouling problems
CN103354055A (en) * 2013-07-09 2013-10-16 宁海斌 Simulating system for simulated training of electricity-consuming network operation
CN103677849A (en) * 2013-12-26 2014-03-26 北京控制工程研究所 Embedded software credibility guaranteeing method
CN105301481A (en) * 2015-11-20 2016-02-03 上海无线电设备研究所 Circuit testing method and applicable testing system
US20160291938A1 (en) * 2015-03-31 2016-10-06 Toyota Jidosha Kabushiki Kaisha Timing-oriented and architecture-centric system design using contracts

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1928816A (en) * 2006-09-26 2007-03-14 武汉大学 Model drive for embedded system software and component development method
US20090009960A1 (en) * 2007-07-05 2009-01-08 Melanson Ronald J Method and apparatus for mitigating dust-fouling problems
CN103354055A (en) * 2013-07-09 2013-10-16 宁海斌 Simulating system for simulated training of electricity-consuming network operation
CN103677849A (en) * 2013-12-26 2014-03-26 北京控制工程研究所 Embedded software credibility guaranteeing method
US20160291938A1 (en) * 2015-03-31 2016-10-06 Toyota Jidosha Kabushiki Kaisha Timing-oriented and architecture-centric system design using contracts
CN105301481A (en) * 2015-11-20 2016-02-03 上海无线电设备研究所 Circuit testing method and applicable testing system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
邹炳松: "嵌入式软件的图形化测试用例生成系统设计与实现", 《中国优秀硕士学位论文全文数据库》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108762749A (en) * 2018-05-24 2018-11-06 福州大学 System object figure automatic generation method based on code analysis
CN108762749B (en) * 2018-05-24 2021-12-21 福州大学 System object diagram automatic generation method based on code analysis
CN113705616A (en) * 2021-07-30 2021-11-26 三维通信股份有限公司 Model construction method, software defect prediction device and electronic device
CN113705616B (en) * 2021-07-30 2024-05-10 三维通信股份有限公司 Model construction method, software defect prediction method, device and electronic device

Also Published As

Publication number Publication date
CN107885607B (en) 2020-11-20

Similar Documents

Publication Publication Date Title
Littlewood et al. Software reliability and dependability: a roadmap
CN106682350B (en) Three-dimensional model-based multi-attribute decision quality detection method
Ferrari et al. Comparing formal tools for system design: a judgment study
Menzel et al. An experimental comparison regarding the completeness of functional requirements specifications
CN102541725A (en) Simulation test method of numerical control system functional module
Sarda et al. Performance analysis of vehicle assembly line using discrete event simulation modelling
CN105868115A (en) Building method and system for software test model of software intensive system
CN107885607A (en) One kind is based on built-in system software multi views hazard model and its modeling method
KR20130045584A (en) Design clash check system and method
Al‐Sarayreh et al. A standards‐based model of system maintainability requirements
CN103970654B (en) Software reliability virtual test method
Zou et al. BIM and knowledge based risk management system: A conceptual model
Silva et al. Towards making safety-critical systems safer: learning from mistakes
Khezami et al. A systematic literature review on software maintenance for cyber-physical systems
Cârlan et al. Arguing on software-level verification techniques appropriateness
Boydston et al. Joint common architecture (JCA) demonstration architecture centric virtual integration process (ACVIP) shadow effort
Ai et al. A scenario modeling method for software reliability testing
Muller AutoMod®: modeling complex manufacturing, distribution, and logisitics systems for over 30 years
Stavesand et al. Optimizing the Benefit of Virtual Testing with a Process-Oriented Approach
Saglietti Licensing reliable embedded software for safety-critical applications
US20220067238A1 (en) Computer-implemented method and computerized device for testing a technical system
Seidel et al. Approach to a simulation-based verification environment for material handling systems
Batra et al. Application of aadl for marine control systems
Kornecki et al. Criteria for software tools evaluation in the development of safety-critical real-time systems
Abdulmalek et al. Design of experiments for the analysis of the effects of pallet arrival patterns and maintenance policies on FMC productivity

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20201120

Termination date: 20211020

CF01 Termination of patent right due to non-payment of annual fee