CN107885607A - One kind is based on built-in system software multi views hazard model and its modeling method - Google Patents
One kind is based on built-in system software multi views hazard model and its modeling method Download PDFInfo
- Publication number
- CN107885607A CN107885607A CN201710986470.3A CN201710986470A CN107885607A CN 107885607 A CN107885607 A CN 107885607A CN 201710986470 A CN201710986470 A CN 201710986470A CN 107885607 A CN107885607 A CN 107885607A
- Authority
- CN
- China
- Prior art keywords
- software
- view
- accident
- analysis
- built
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/008—Reliability or availability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0706—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
- G06F11/0736—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in functional embedded systems, i.e. in a data processing system designed as a combination of hardware and software dedicated to performing a certain function
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/079—Root cause analysis, i.e. error or fault diagnosis
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Stored Programmes (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a kind of evaluation analysis method based on built-in system software multi views hazard model, model is produced including top layer accident generating process model and deep problems, interaction error analysis accident generating process of the top layer accident generating process model out of software failure and software and system between other compositions, state deep problems and produce model including establishing the exploitation view of software layer and system layer, forming view, logical view, environmental view;Software layer is analyzed the problem of initiation accident from the mechanism of software failure;The problem of mechanism of interaction error is to triggering accident occurs out of software and system and analyzes for system level between other compositions, the present invention is directed to software failure accident and software interactive accident, propose the description method of multi views by different level, the characteristics of more conforming to embedded system, the reason for accident occurs fundamentally is illustrated, describes in more detail and fully the process and mechanism of built-in system software accident.
Description
Technical field
This method is related to embedded system field, particularly using embedded software as control system, with more highly reliable
Property and the field of security requirement.Specifically, it is related to one kind based on built-in system software multi views hazard model and its builds
Mould method.
Background technology
Embedded system has been widely used in a variety of applications in advanced industrial circle, particularly aerospace field.It is embedded
System software act as important control action in these areas, typically ensure that safety-critical task is successfully carried out in system
Important component.Because hardware resource is limited, running environment is severe, sequential logic is strict, long operational time, safety-critical
The features such as grade is high, once built-in system software run-time error, it is possible to trigger accident, cause damage.
, can be total by establishing hazard model accurate description accident genesis mechanism and process, system for the accident occurred
The defects of tying safety Design and management etc., targetedly design criteria or control measures are formed, to avoid similar accident
Occur again.
Traditional hazard model mainly based on fault chains, accident is described as the dangerous shape of Unsafe behavior and thing
Event chain result caused by state, as the dominoes principle of Heinrich, energy accident release theory and FTA, ETA,
FMEA etc..In addition to event chain model, also a kind of hazard model is thought, system has multilayer proofing, overcoat for danger
Leak is there may be, once danger carries out development by these overcoat leaks and will develop into accident, as people infects prevalence
The process of disease, so being referred to as epidemiology theory, Switzerland's cheese model should be belonged to than more typical.
Accident mainly from system perspective, is regarded as internal system unit and unit is mutual by modern hazard model
Between interactive result, such as STAMP, AcciMap, FRAM and some formal tools and dynamic continuous model.With regard to mesh
Before for, either traditional or modern hazard models, its focus is mostly focused on scientific and technical system, i.e. industry is given birth to
Production field security incident.Table 1 gives existing all kinds of hazard model features, and its in built-in field application.
All kinds of hazard model features of table 1 and its compare in built-in field application
But traditional hazard model is not particularly suited for built-in system software accident of the description with numerous interactions, and modern
Although the hazard model based on systematology can describe the interaction of complication system, for built-in system software problem
The description of specific mechanism is not comprehensive enough and gos deep into, while system and accident occurrence cause shortage to producing accident are effectively commented
Valency and analysis.
The content of the invention
To solve above technical problem, the invention discloses a kind of accident mould of the built-in system software accident of description comprehensively
The method of type and description embedded system, and security control is instructed based on the hazard model and System describe, carry
The security of high system.
Complete technical scheme of the invention includes:One kind is based on built-in system software multi views hazard model, and it is modeled
Method, and the method that evaluation analysis is carried out to the accident occurrence cause of embedded system using the model
It is characterised in that it includes:
Described built-in system software multi views hazard model includes:
(1) top layer accident generating process model;
(2) deep problems produce model;
The top layer accident generating process model fails from built-in system software, and in embedded software and system its
The aspect of interaction error two between he forms analyzes the reason for accident occurs;Security control in embedded system includes internal pacify
Full control and real-time dangerous item station, when software failure or interaction error cause internal security control failure, system enters dangerous
State;If in real time dangerous item station fail, it is dangerous then spread form accident;
The deep problems produce model and regarded including establishing the exploitation view of two levels of software layer and system layer, forming
Figure, logical view, environmental view;
The software layer is analyzed the problem of initiation accident from the mechanism of software failure;
The mechanism of interaction error occurs out of software and system for the system level to triggering thing between other compositions
Therefore the problem of analyzed.
In the top layer accident generating process model, the security control in embedded system includes:
1) internal security controls:The internal security control is to be pre-designed the security control in embedded system, when
When embedded software defect is excited or interaction error occurs, internal control carries out timely processing, avoids system from entering dangerous shape
State;
2) real-time dangerous item station:The dangerous item station in real time is not designed in embedded system, when system because software lacks
Fall into or interaction error and enter precarious position when, can in real time to danger be handled and make system return normal operation safety
Control;
3) accident control:Accident control is to reduce the control of causality loss after accident occurs.
In the top layer accident generating process model, the occurrence cause of accident includes following condition:
1) software failure and interaction error
Think that what embedded system entered after starting is up state, and by the software in normal operating condition, point
For defective software and zero-defect software;It is project software and its when system enters precarious position for flawless software
He produces interaction error by system element;To defective software, when system enters precarious position, it is with other for project software
The interaction error of system element, and/or software defect are triggered to form failure;
2) internal security control failure
The design of embedded system follows certain security constraint collection with running, and the security constraint collection is related to software
Interface transmits in system, information communication, tasks carrying flow and sequential, the requirement in terms of time, precision, resource, jointly to being
Unite into the safe range of one row constraint, formation bounded;Simultaneously associated safety is designed in embedded software or embedded system
Control;When software failure or interaction error cause internal security constraint set and design safety controls failure, system enters dangerous
State;
3) dangerous item station failure in real time
System in the hole controls the sprawling of danger by real-time dangerous item station, or system is returned normal peace
Full running status, if in real time dangerous item station fail, it is dangerous then spread form accident.
The exploitation view of establishing includes establishing software development view and establishes system development view;The software development regards
The defects of figure Trancking Software development phase, and propagation and evolution process of the defect in different phase.
Preferably, by the exploitation view of software, the various defect behaviors to software are arranged and classified, for each
Major class, further segmented with reference to the action in the respective development phase.
Preferably, the software development view establishes tracked information one by one according to Software Requirement Specification, analyzes demand
Whether correct, whether each demand in each development phase of following the trail of is designed, is implemented, is tested.
The Interface design and the uniformity of software and hardware mapping of the system development view tracking software and hardware.
Preferably, the interface between software and hardware design is analyzed with the uniformity mapped by software interface document.
Preferably, the system development view obtains software and hardware function segmentation information from system documentation, according to interface text
Shelves establish interface between software and hardware mapping matrix, analysis interface integrality and uniformity, and whether follow-up analysis interface is accomplished.
The composition view of establishing includes establishing software composition view and system composition view, the software composition view point
Analyse program and document, it is preferred that the module that the analysis to program and document includes analysis program is designed and divided, modular unit with
And code composition;All the elements of software program are remained in software development document, and the analysis to software composition includes analysis
The correctness and integrality of code and module in itself, and between establishing module interface matrix with the uniformity of analysis interface;
Each part connects each other in system composition view analysis system, the structure as description system action
Basis, system composition figure be the static description to embedded system, embody embedded system part and they between
Interface.
Preferably, the identification for establishing completion system constituent and interface of the system composition view.It is furthermore preferred that
When establishing system composition view, by carry out hierarchical description from coarse to fine.
The logical view of establishing includes establishing software logic view and system logic view, the software logic view point
The division of software function and the division of logical level are analysed, i.e. demand is converted into the mode of software function;Preferably, the software is patrolled
Collect view and function information and Module Division information are obtained from exploitation document, and draw and establish software function hierarchy chart, to function
Design and implementation process be tracked, whether analysis software function meets demand.
The dynamic moving related to software, is transported in embedded system in the system logic view analysis of built-in system
The reflection of Mobile state.
Preferably, analyzed in terms of the system logic view system state, activity and interaction three, more preferably
, analyzed by using the state diagram in UML, activity diagram (flow chart) and interaction figure (collaboration diagram and timing diagram).
It is furthermore preferred that the dynamic moving of system is presented in the system logic view, its object analyzed comes from system group
The each object come is picked out into view.It is furthermore preferred that when being analyzed, by the state diagram in UML instruments, activity diagram
It is described with traffic diagram.
The environmental view of establishing includes establishing software environment view and system environments view,
The software environment view analysis development environment and support environment, development environment influence speed measuring with software, support
Environment influences software operation state.
Preferably, the software environment view includes analysis development environment (developing instrument, development approach) to software quality
Influence, and analysis support environment (software support and hardware supported) and software compatibility.
The running environment of the system environments view analysis system, including physical environment and climatic environment.
Preferably, when establishing system environments view, environmental information is obtained from system development document, including residing for system
Environment, and the ambient parameter that system operation needs gather;For physical environment and climatic environment, environment is specified to system material
Influence.For ambient parameter, analytical parameters change produces influence greatly to system operation, while analyzes and influence these parameters
The reason for anomalous variation.
The present invention is relative to the advantages of prior art:
This method establishes the top layer hazard model on embedded system, for software failure accident and software interactive thing
Therefore, it is proposed that the description method of multi views by different level, the characteristics of more conforming to embedded system, fundamentally illustrate accident
The reason for, process and mechanism more detailed and that fully describe built-in system software accident.And this method can be to insertion
The exploitation of the safety-critical of formula system development and embedded software gives guidance, and the description to embedded system and embedded software is all
It is based on embedded system and engineering of software development, the control suggestion described by this method, analyzed to provide can
It is used in engineering to improve the security of embedded system and embedded software.
Brief description of the drawings
Fig. 1 is top layer accident process model schematic.
In figure:
1 | Start | 6 | Lack internal security control or internal security control failure |
2 | Software inhouse defect is excited | 7 | Internal security controls |
3 | Interaction error | 8 | Lack actual time safety control or actual time safety control failure |
4 | Interaction error | 9 | Actual time safety controls |
5 | The interaction error as caused by software defect | 10 | Terminate |
Fig. 2 is the hazard model schematic diagram of the present invention.
The problem of Fig. 3 is the hazard model of present invention classification chart.
Fig. 4 is the interface configurations figure of control software and hardware in certain engine control system in the embodiment of the present invention.
Fig. 5 is the structure chart of certain engine control system in the embodiment of the present invention.
Fig. 6 is the structure chart of electronic controller in Fig. 5.
Fig. 7 is the level one data flow graph of each functional module composition of certain engine control system in the embodiment of the present invention.
Fig. 8 is the activity diagram of engine control software " 5ms control tasks " in the embodiment of the present invention.
Fig. 9 is the timing diagram of engine control software " 5ms control tasks " in the embodiment of the present invention.
Embodiment
The present invention will be further described with reference to the accompanying drawings and detailed description.
A kind of evaluation analysis method based on built-in system software multi views hazard model, described insertion in the present invention
Formula software disaster model mainly includes:
(1) the accident generating process model of top layer;
(2) the problem of profound, produces model;
1. the accident generating process model of top layer:
The reason for built-in system software accident occurs the accident generating process model of the top layer is divided into embedded system
Interaction error in software failure and embedded software and the system of uniting between other compositions;The built-in system software accident
Immediate cause be that dangerous item station fails and causes dangerous sprawling to turn into accident, be that the failure of security constraint makes the main reason for accident
The system of obtaining enters precarious position, and the root of the accident is then because problem, including software failure be present in embedded system
With software and system other elements in interaction error.
In the model, itself there is security control in system, accident is the generation and security control of problem
Caused by failure occurs simultaneously when.Security control in system is divided into three classes by model:
1) internal control.Internal control refers to be pre-designed the security control in embedded system, works as embedded software
When defect is excited or interaction error occurs, internal control can effectively carry out timely processing, avoid system from entering precarious position.
2) control in real time.Control refers to not design in embedded system in real time, when system is due to software defect or interaction
Mistake and enter precarious position when, can in real time to danger be handled and make system return normal operation security control.
3) accident control.Accident control refers to accident after occurring reducing the control of causality loss.The top layer accident
Process model is shown in accompanying drawing 1, and the figure use state figure represents the change procedure of system.The model mainly includes following three aspects
Content:
1) software failure and interaction error
Because embedded system had been subjected to largely test before actual use, so generally it can be thought that embedded
What system entered after starting is up state.Software in normal operating condition, it is theoretical from whether containing defective angle
On can be divided into defective software and zero-defect software.For flawless software, the reason for causing system to enter precarious position
It is the interaction error of project software and other systems element;And for defective software, cause system to enter dangerous shape
The reason for state, is in addition to the interaction error of project software and other systems element, in addition to software defect is triggered to form failure.
2) internal security control failure causes danger
The design of embedded system should follow certain security constraint with processes such as operations.The security constraint collection is related to software
Interface transmits in system, information communication, tasks carrying flow and sequential, many requirements of time, precision, resource etc., altogether
With the safe range entered row constraint to system, form a bounded.On the other hand, generally also can be in insertion in order to avoid accident
Some security controls are designed in formula software or embedded system.If software failure or interaction error cause internal security constraint and
Design safety control failure, system will enter precarious position.
3) dangerous item station failure in real time causes accident
System in the hole can by some real-time control measure come control danger sprawling, or even make be
System returns normal safe operation state.It is dangerous then accident can be spread into if this dangerous item station in real time fails.
2. the problem of profound, produces model
Find out from the accident in process model, the root of the accident be then because embedded system in problem be present,
Including software failure and software with system other elements in interaction error.But why the class problem of this in embedded system two is specifically
Caused by sample, then need to carry out analysis description with reference to the specific features of embedded system and embedded software.
Described problem, which produces model, to include establishing the exploitation view of two levels of software layer and system layer, composition view, patrols
Volume view, environmental view, as shown in Fig. 2 the software layer from the mechanism of software failure to triggering accident the problem of retouch
State and analyze.The mechanism of interaction error occurs out of software and system for the system level to triggering accident between other compositions
The problem of be described and analyze.Reference can be made to problem of the present invention produces model asking based on two levels and four views in Fig. 3
Topic classification.Specifically include:
(1) exploitation view is established
The exploitation view includes software development view and system development view, the software development view, pays close attention to and chases after
The propagation and evolution process of the defects of track software each development phase and defect in different phase.Regarded by the exploitation of software
The various defect behaviors of software can be arranged and classified, such as software development View component in accompanying drawing 3 by figure.For each
Major class, the action that can be combined in the respective development phase are further segmented.
The system development view is primarily upon and follows the trail of the Interface design and the uniformity of software and hardware mapping of software and hardware.It is soft
Hardware interface design can be described with the uniformity mapped by software interface document.
It can specifically include:
1) software development view
Tracked information is established according to Software Requirement Specification one by one, whether analysis demand is correct, follows the trail of in each exploitation rank
Whether each demand is designed, is implemented, is tested in section.As shown in table 1, by taking certain engine control system as an example, the engine
Control software control function mainly include engines ground start, stable state control, transition state control, parameter limitation etc. work(
Can, analysis is tracked to these functional requirements, it is first determined whether each function and subfunction are designed, realize and surveyed
Examination, then analyze whether the different development phases goes wrong.
Certain the engine system control software demand trace table of table 1
2) system development view
System development view is primarily upon software and hardware mapping and interface exploitation.Software and hardware work(can be obtained from system documentation
Energy segmentation information, interface between software and hardware mapping matrix, analysis interface integrality and uniformity, follow-up analysis are established according to interface document
Whether interface is accomplished.
Equally by taking certain engine control system as an example, the system controlling software is the same as analog quantity processing unit, frequency quantity processing
All there is communication between device, the pass amount hardware such as processing unit and timer, so its system hardware and software interface configurations figure, such as
Shown in accompanying drawing 4.
(2) view is formed
Embedded software composition view is primarily upon program and document, wherein, the module design and division, module list of program
Member and code composition are important perpetual objects.All the elements of software program are remained in software development document, to soft
The description of part composition is in addition to code analysis and module correctness and integrality in itself, it is also necessary to establishes the interface of module
Matrix, the uniformity of analysis interface.
Mainly each part connects each other in reflection system for embedded system composition view, as description system action
Architecture basics.Description to system composition is completed by establishing system composition figure.System composition figure is to embedded
The static description of system, embodies the part of embedded system and the interface between them.These compositions can introduce
Object into system logic view as description.
1) software composition view
Software composition is mainly Software Coding and software document, is the main contents in soft project, repeats no more here.
2) system composition view
System composition view builds the identification for mainly completing system constituent and interface.Regarded establishing system composition
, it is necessary to carry out hierarchical description from coarse to finely during figure.By taking certain engine control system as an example, can first it establish as shown in drawings
System composition figure, such as accompanying drawing 5.For control device therein, then description can be further spread out, such as accompanying drawing 6.
(3) logical view
Embedded software logical view is primarily upon the division of software function and the division of logical level, i.e. demand is converted into
The mode of software function.System logic view is mainly used to describe dynamic moving related to software in embedded system, is embedding
The reflection of operation state in embedded system.
Embedded software logical view is needed to establish software function hierarchy chart, and the implementation process of function is tracked, point
Whether analysis software function meets demand.
Embedded system logical view is mainly described in terms of system mode, activity and interaction three, Ke Yitong
Cross using the state diagram in UML, activity diagram (flow chart) and interaction figure (collaboration diagram and timing diagram) to be described.
1) software logic view
Embedded software logical view is primarily upon the division of software function and the division of logical level, i.e. demand is converted into
The mode of software function.Function information and Module Division information can be obtained from exploitation document, and draw functional hierarchy figure, it is right
The design and realization of function are tracked.
By taking certain engine control software as an example,《Software requirement specification》In the user's request that refers to mainly include six sides
Face, " function " one column seen in " certain engine system control software demand trace table ".In order to realize these functions, controller control
Software processed should carry out hardware initialization first, to be adapted to the hardware platform of control software operation, then carry out data initialization, with
Make data when corresponding task run starts in control software controllable.Software function mainly includes signal acquisition, signal transacting, event
The functions such as barrier diagnosis calculates with processing, control logic, control calculating, signal output, communication.In order to specifically describe these functions it
Between rapport, can establish as shown in Figure 7 each functional module composition level one data flow graph.
2) system logic view
The dynamic moving of system is mainly presented in system logic view, and its object described, which comes from system composition view, to be distinguished
Know each object out.When being described, can be carried out by the state diagram in UML instruments, activity diagram and traffic diagram
Description.By taking some task in launching control system as an example, the multidate information as shown in accompanying drawing 8 and accompanying drawing 9 can be drawn.Wherein scheme
8 be the activity diagram of engine control software " 5ms control tasks ", and Fig. 9 is the sequential of engine control software " 5ms control tasks "
Figure.
(4) environmental view.
Embedded software environmental view is primarily upon development environment and supports environment, and development environment influences software product matter
Amount, environment is supported to influence software operation state.System environments view mainly describes the running environment of system, including physical environment and
Climatic environment etc..
Software environment mainly includes development environment and supports environment, and action mainly includes two aspects, first, analysis
Influence of the development environment (developing instrument, development approach etc.) to software quality, second, environment (software support and hardware are supported in analysis
Support) and software compatibility.
1) system environments view
, it is necessary to obtain environmental information from system development document during constructing system environmental view, including the ring residing for system
Border, and the ambient parameter that system operation needs gather.For physical environment and climatic environment, it is necessary to which clear and definite environment can system material
The influence of material.For ambient parameter, it is necessary to which analytical parameters change produces influence greatly to system operation, also to analyze influences this
The possible cause of a little abnormal parameters changes.
It is described above, only it is presently preferred embodiments of the present invention, not the present invention is imposed any restrictions, it is every according to the present invention
Any simple modification, change and the equivalent structure change that technical spirit is made to above example, still fall within skill of the present invention
In the protection domain of art scheme.
Claims (7)
1. one kind is based on built-in system software multi views hazard model, it is characterised in that described built-in system software is more
View hazard model includes:
(1) top layer accident generating process model;
(2) deep problems produce model;
The top layer accident generating process model fails from built-in system software, and embedded software and other groups in system
The reason for aspect analysis accident of interaction error two between occurs;Security control in embedded system includes internal security control
System and real-time dangerous item station, when software failure or interaction error cause internal security control failure, system enters precarious position;
When real-time dangerous item station fails, it is dangerous then sprawling form accident;
The deep problems, which produce model, to include establishing the exploitation view of two levels of software layer and system layer, composition view, patrols
Collect view, environmental view;
The software layer is analyzed the problem of initiation accident from the mechanism of software failure;
The mechanism of interaction error occurs out of software and system for the system level to triggering accident between other compositions
Problem is analyzed.
2. one kind according to claim 1 is based on built-in system software multi views hazard model, it is characterised in that
In the top layer accident generating process model, the security control in embedded system includes:
1) internal security controls:The internal security control works as insertion to be pre-designed the security control in embedded system
When formula software defect is excited or interaction error occurs, internal control carries out timely processing, avoids system from entering precarious position;
2) real-time dangerous item station:The dangerous item station in real time is not designed in embedded system, when system due to software defect or
Interaction error and enter precarious position when, can in real time to danger be handled and make system return normal operation safety control
System;
3) accident control:Accident control is to reduce the control of causality loss after accident occurs.
3. one kind according to claim 2 is based on built-in system software multi views hazard model, it is characterised in that
In the top layer accident generating process model, the occurrence cause of accident includes following condition:
1) software failure and interaction error
Think that what embedded system entered after starting is up state, and by the software in normal operating condition, being divided into has
Defect software and zero-defect software;For flawless software, when system enters precarious position, it is with other for project software
Element of uniting produces interaction error;It is project software and other systems member when system enters precarious position to defective software
The interaction error of element, and/or software defect are triggered to form failure;
2) internal security control failure
The design of embedded system follows certain security constraint collection with running, and the security constraint collection is related to software systems
Middle interface transmits, information communication, tasks carrying flow and sequential, the requirement in terms of time, precision, resource, system is entered jointly
Row constraint, the safe range for forming a bounded;Associated safety control is designed in embedded software or embedded system simultaneously;
When software failure or interaction error cause internal security constraint set and design safety controls failure, system enters precarious position;
3) dangerous item station failure in real time
System in the hole controls the sprawling of danger by real-time dangerous item station, or system is returned normal safety fortune
Row state, if in real time dangerous item station fail, it is dangerous then spread form accident.
4. one kind according to claim 1 is based on built-in system software multi views hazard model, it is characterised in that described
Establishing exploitation view includes establishing software development view and establishes system development view;The software development view Trancking Software is opened
The defects of hair stage, and propagation and evolution process of the defect in different phase.
Preferably, by the exploitation view of software, the various defect behaviors to software are arranged and classified, for each big
Class, further segmented with reference to the action in the respective development phase.
Preferably, the software development view establishes tracked information one by one according to Software Requirement Specification, and whether analysis demand
Correctly, follow the trail of whether each demand in each development phase is designed, is implemented, is tested.
The Interface design and the uniformity of software and hardware mapping of the system development view tracking software and hardware.
Preferably, the interface between software and hardware design is analyzed with the uniformity mapped by software interface document.
Preferably, the system development view obtains software and hardware function segmentation information from system documentation, is built according to interface document
Vertical interface between software and hardware mapping matrix, whether analysis interface integrality and uniformity, follow-up analysis interface are accomplished.
5. one kind according to claim 1 or 4 is based on built-in system software multi views hazard model, it is characterised in that
The composition view of establishing includes establishing software composition view and system composition view, the software composition view analysis journey
Sequence and document, it is preferred that the analysis to program and document includes module design and division, modular unit and the generation of analysis program
Code composition;All the elements of software program are remained in software development document, and the analysis to software composition includes code analysis
With the correctness and integrality of module in itself, and between establishing module interface matrix with the uniformity of analysis interface;
Each part connects each other in system composition view analysis system, the structure base as description system action
Plinth, system composition figure be the static description to embedded system, embody embedded system part and they between
Interface.
Preferably, the identification for establishing completion system constituent and interface of the system composition view.It is furthermore preferred that establishing
When system forms view, by carry out hierarchical description from coarse to fine.
6. one kind according to claim 1 or 4 is based on built-in system software multi views hazard model, it is characterised in that
The logical view of establishing includes establishing software logic view and system logic view, and the software logic view analysis is soft
The division of part function and the division of logical level, i.e. demand are converted into the mode of software function;Preferably, the software logic regards
Figure obtains function information and Module Division information from exploitation document, and draws and establish software function hierarchy chart, and function is set
Meter and implementation process are tracked, and whether analysis software function meets demand.
The dynamic moving related to software in the system logic view analysis of built-in system, it is to run to move in embedded system
The reflection of state.
Preferably, analyzed in terms of the system logic view system state, activity and interaction three, it is furthermore preferred that logical
Cross using the state diagram in UML, activity diagram (flow chart) and interaction figure (collaboration diagram and timing diagram) to be analyzed.
It is furthermore preferred that the dynamic moving of system is presented in the system logic view, its object analyzed comes from system composition and regarded
The each object come is picked out in figure.It is furthermore preferred that when being analyzed, by the state diagram in UML instruments, activity diagram and lead to
Letter figure is described.
7. one kind according to claim 1 or 4 is based on built-in system software multi views hazard model, it is characterised in that
The environmental view of establishing includes establishing software environment view and system environments view,
The software environment view analysis development environment and support environment, development environment influence speed measuring with software, support environment
Influence software operation state.
Preferably, the software environment view includes analysis development environment (developing instrument, development approach) to the shadow of software quality
Ring, and the compatibility of environment (software support and hardware supported) and software is supported in analysis.
The running environment of the system environments view analysis system, including physical environment and climatic environment.
Preferably, when establishing system environments view, environmental information, including the ring residing for system are obtained from system development document
Border, and the ambient parameter that system operation needs gather;For physical environment and climatic environment, environment is specified to system material
Influence.For ambient parameter, analytical parameters change produces influence greatly to system operation, while analyzes that to influence these parameters different
Often the reason for change.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710986470.3A CN107885607B (en) | 2017-10-20 | 2017-10-20 | Modeling method based on embedded system software multi-view accident model |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710986470.3A CN107885607B (en) | 2017-10-20 | 2017-10-20 | Modeling method based on embedded system software multi-view accident model |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107885607A true CN107885607A (en) | 2018-04-06 |
CN107885607B CN107885607B (en) | 2020-11-20 |
Family
ID=61781877
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710986470.3A Expired - Fee Related CN107885607B (en) | 2017-10-20 | 2017-10-20 | Modeling method based on embedded system software multi-view accident model |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107885607B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108762749A (en) * | 2018-05-24 | 2018-11-06 | 福州大学 | System object figure automatic generation method based on code analysis |
CN113705616A (en) * | 2021-07-30 | 2021-11-26 | 三维通信股份有限公司 | Model construction method, software defect prediction device and electronic device |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1928816A (en) * | 2006-09-26 | 2007-03-14 | 武汉大学 | Model drive for embedded system software and component development method |
US20090009960A1 (en) * | 2007-07-05 | 2009-01-08 | Melanson Ronald J | Method and apparatus for mitigating dust-fouling problems |
CN103354055A (en) * | 2013-07-09 | 2013-10-16 | 宁海斌 | Simulating system for simulated training of electricity-consuming network operation |
CN103677849A (en) * | 2013-12-26 | 2014-03-26 | 北京控制工程研究所 | Embedded software credibility guaranteeing method |
CN105301481A (en) * | 2015-11-20 | 2016-02-03 | 上海无线电设备研究所 | Circuit testing method and applicable testing system |
US20160291938A1 (en) * | 2015-03-31 | 2016-10-06 | Toyota Jidosha Kabushiki Kaisha | Timing-oriented and architecture-centric system design using contracts |
-
2017
- 2017-10-20 CN CN201710986470.3A patent/CN107885607B/en not_active Expired - Fee Related
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1928816A (en) * | 2006-09-26 | 2007-03-14 | 武汉大学 | Model drive for embedded system software and component development method |
US20090009960A1 (en) * | 2007-07-05 | 2009-01-08 | Melanson Ronald J | Method and apparatus for mitigating dust-fouling problems |
CN103354055A (en) * | 2013-07-09 | 2013-10-16 | 宁海斌 | Simulating system for simulated training of electricity-consuming network operation |
CN103677849A (en) * | 2013-12-26 | 2014-03-26 | 北京控制工程研究所 | Embedded software credibility guaranteeing method |
US20160291938A1 (en) * | 2015-03-31 | 2016-10-06 | Toyota Jidosha Kabushiki Kaisha | Timing-oriented and architecture-centric system design using contracts |
CN105301481A (en) * | 2015-11-20 | 2016-02-03 | 上海无线电设备研究所 | Circuit testing method and applicable testing system |
Non-Patent Citations (1)
Title |
---|
邹炳松: "嵌入式软件的图形化测试用例生成系统设计与实现", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108762749A (en) * | 2018-05-24 | 2018-11-06 | 福州大学 | System object figure automatic generation method based on code analysis |
CN108762749B (en) * | 2018-05-24 | 2021-12-21 | 福州大学 | System object diagram automatic generation method based on code analysis |
CN113705616A (en) * | 2021-07-30 | 2021-11-26 | 三维通信股份有限公司 | Model construction method, software defect prediction device and electronic device |
CN113705616B (en) * | 2021-07-30 | 2024-05-10 | 三维通信股份有限公司 | Model construction method, software defect prediction method, device and electronic device |
Also Published As
Publication number | Publication date |
---|---|
CN107885607B (en) | 2020-11-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Littlewood et al. | Software reliability and dependability: a roadmap | |
CN106682350B (en) | Three-dimensional model-based multi-attribute decision quality detection method | |
Ferrari et al. | Comparing formal tools for system design: a judgment study | |
Menzel et al. | An experimental comparison regarding the completeness of functional requirements specifications | |
CN102541725A (en) | Simulation test method of numerical control system functional module | |
Sarda et al. | Performance analysis of vehicle assembly line using discrete event simulation modelling | |
CN105868115A (en) | Building method and system for software test model of software intensive system | |
CN107885607A (en) | One kind is based on built-in system software multi views hazard model and its modeling method | |
KR20130045584A (en) | Design clash check system and method | |
Al‐Sarayreh et al. | A standards‐based model of system maintainability requirements | |
CN103970654B (en) | Software reliability virtual test method | |
Zou et al. | BIM and knowledge based risk management system: A conceptual model | |
Silva et al. | Towards making safety-critical systems safer: learning from mistakes | |
Khezami et al. | A systematic literature review on software maintenance for cyber-physical systems | |
Cârlan et al. | Arguing on software-level verification techniques appropriateness | |
Boydston et al. | Joint common architecture (JCA) demonstration architecture centric virtual integration process (ACVIP) shadow effort | |
Ai et al. | A scenario modeling method for software reliability testing | |
Muller | AutoMod®: modeling complex manufacturing, distribution, and logisitics systems for over 30 years | |
Stavesand et al. | Optimizing the Benefit of Virtual Testing with a Process-Oriented Approach | |
Saglietti | Licensing reliable embedded software for safety-critical applications | |
US20220067238A1 (en) | Computer-implemented method and computerized device for testing a technical system | |
Seidel et al. | Approach to a simulation-based verification environment for material handling systems | |
Batra et al. | Application of aadl for marine control systems | |
Kornecki et al. | Criteria for software tools evaluation in the development of safety-critical real-time systems | |
Abdulmalek et al. | Design of experiments for the analysis of the effects of pallet arrival patterns and maintenance policies on FMC productivity |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20201120 Termination date: 20211020 |
|
CF01 | Termination of patent right due to non-payment of annual fee |