CN109783380A - A kind of concurrent system combined authentication device - Google Patents
A kind of concurrent system combined authentication device Download PDFInfo
- Publication number
- CN109783380A CN109783380A CN201910007482.6A CN201910007482A CN109783380A CN 109783380 A CN109783380 A CN 109783380A CN 201910007482 A CN201910007482 A CN 201910007482A CN 109783380 A CN109783380 A CN 109783380A
- Authority
- CN
- China
- Prior art keywords
- event
- program
- state
- function
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Devices For Executing Special Programs (AREA)
Abstract
The application discloses a kind of concurrent system combined authentication device, and described device includes at least: configuration module, authentication module and constraints module;Wherein, configuration module mainly provides a kind of Formal Languages, which has to program, the representation function of event system and concurrent event system;The Formal Languages that authentication module is provided for configuration module are supplied to corresponding authentication function, mainly include program verification function and event system authentication function;Constraints module is mainly that authentication module provides verifying specification.
Description
Technical field
This application involves formal Verification Techniques field more particularly to a kind of concurrent system combined authentication devices.
Background technique
Isabelle is a general proof tool, it allows to indicate mathematical formulae with Formal Languages, and mentions
For for proving the tool of these formula in logic calculus.The present widest example of Isabelle is Isabelle/HOL,
It provides a higher-order logic environment of Proving Theorem, can be used for proving large-scale application program.
Reaction system is made of one group of clearly defined incoming event, and system is by executing relevant place to each event
Program is managed to make a response.In concurrent environment, button.onrelease can be interacted with the execution of other programs, such as tried to be the first and be
Hardware interrupts in system, or mostly with other examples of the reaction system in framework.The state-of-the-art verifying frame guaranteed based on dependence
Frame is into paying close attention to commanding program, and in dependence and guarantee relationship, in button.onrelease and event handling that may be unlimited
In the case of the input parameter of program, it is difficult to capture interaction relationship.
Dependence guarantees that technology represents the basic skills to the concurrent program combinational reasoning with shared variable, but existing
It relies on concurrent language used in ensuring method and specified and confirmatory reaction system mode is not provided.For example, if we examine
The service of call operation system offer is considered as incoming event, we can provide specification handles program for each service, and right
The modeling of OS processing routine is as the case for covering all services, but this makes to guarantee that relationship becomes more complicated.Furthermore parameter is inputted
It may be a part of state, they must not be changed during execution event sometimes, therefore relationship must react such case.So
And in the language for not considering event, when the sequence combination with event, is stated in dependence and guarantee parameter in event
Execution during not change be very difficult.However, when no frame appropriate is to handle these functions, the rule of this system
Model and verifying become more difficult.
Apply for content
In order to solve the above technical problems, the embodiment of the present application provides a kind of concurrent system combined authentication device.
Concurrent system combined authentication device provided by the embodiments of the present application, comprising:
Configuration module, for providing a kind of Formal Languages;
Authentication module, for providing program verification function and event system authentication function;
Constraints module, for providing constraint.
In the embodiment of the present application, the Formal Languages that the configuration module provides can describe program code, event
System and concurrent event system.
In the embodiment of the present application, the Formal Languages of the configuration module offer, comprising: Formal Languages are abstracted
Grammer and operational semantics.
In the embodiment of the present application, the abstract syntax includes program syntax and event grammer, in which:
Described program grammer includes: basic assignment statement, conditional statement, Do statement, sequential statement, atomic sentence;
The event grammer includes: elementary event, event system and concurrent event system.
In the embodiment of the present application, the authentication module, comprising:
Program verification submodule, for providing following function: the verifying of the authentication function, conditional statement of basic assignment statement
The combination of function, the authentication function of Do statement, the authentication function of sequential statement, the authentication function of atomic sentence and concurrent program
Authentication function;
Event system verifies submodule, for providing following function: elementary event authentication function, event system authentication function
With concurrent event system authentication function.
In the embodiment of the present application, the constraints module, comprising:
Precondition constrains submodule, for determining that the original state of program, the original state of described program must satisfy
Precondition constraint;
Rely on constraint submodule, for determining the conversion range of program execution enviroment, in the process of running any
Context conversion all must satisfy dependence constraint;
Guarantee condition constrains submodule, for determining the condition conversion range of program operation, in the process of implementation by the journey
The conversion of state caused by sequence all must satisfy guarantee condition constraint;
Postcondition constrains submodule, for determining the end state after the end of the program, after the end of the program
Internal storage state must satisfy postcondition constraint.
In the embodiment of the present application, the state is internal storage state, wherein the internal storage state include local variable state and
Global variable state.
Using the technical solution of the embodiment of the present application, solve in the prior art to the concurrently execution of program and concurrent event
The insufficient problem of assurance.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of concurrent system combined authentication device provided by the embodiments of the present application;
Fig. 2 is the abstract syntax of Formal Languages provided by the embodiments of the present application.
Fig. 3 is the operational semantics of Formal Languages provided by the embodiments of the present application.
Fig. 4 is the combined authentication rule of authentication module provided by the embodiments of the present application.
Fig. 5 is the structure chart that automatic driving vehicle provided by the embodiments of the present application detects barrier.
Fig. 6 is forward event provided by the embodiments of the present application.
Fig. 7 is the event that radar provided by the embodiments of the present application sends interrupt requests.
Fig. 8 is the event that program interrupt processing routine provided by the embodiments of the present application receives interrupt requests.
Fig. 9 is the structure chart of ARINC653 multicore kernel provided by the embodiments of the present application.
Figure 10 is Schedule event provided by the embodiments of the present application and Send_QMsg event.
Figure 11 is the conditional definition of Send_QMsg event provided by the embodiments of the present application.
It is condition invariant that system defines that Figure 12, which is provided by the embodiments of the present application,.
Figure 13 is the program syntax of the configuration module of Isabelle platform provided by the embodiments of the present application specific implementation.
Figure 14 is the event system grammer of the configuration module of Isabelle platform provided by the embodiments of the present application specific implementation.
Figure 15 provides the program statement operation of the configuration module of Isabelle platform specific implementation for the embodiment of the present application
It is semantic.
Figure 16 is the suite verifying of the authentication module of Isabelle platform provided by the embodiments of the present application specific implementation
Rule.
Figure 17 is the event system operation of the configuration module of Isabelle platform provided by the embodiments of the present application specific implementation
It is semantic;
Figure 18 is the event system combination of the authentication module of Isabelle platform provided by the embodiments of the present application specific implementation
Proof rule.
Specific embodiment
The technical solution of the embodiment of the present application for ease of understanding, below to the invention relates to the related notion arrived into
Row explanation.
Fig. 1 is the structural schematic diagram of concurrent system combined authentication device provided by the embodiments of the present application, as shown in Figure 1, institute
Stating concurrent system combined authentication device includes:
Configuration module, for providing a kind of Formal Languages;
Authentication module, for providing program verification function and event system authentication function;
Constraints module, for providing constraint.
The use of concurrent system combined authentication device in the embodiment of the present application the following steps are included:
1) Formal Languages provided using configuration module realize the program code or event system to be verified.
2) according to the demand of wanted Validation Code or event system, constraint condition is realized.
3) constraint condition according to the offer in constraints module, the code that use form language in configuration module is realized
Or event system is verified.
Wherein, specific implementation is completed on Isabelle platform, and wherein configuration module is real on Isabelle platform
Existing associated description, abstract syntax and operational semantics including Formal Languages.
Wherein, abstract syntax includes program abstraction grammer and event system abstract syntax.
The abstract syntax of program:
(1) Basic f: the basic assignment statement of representation program.
(2)P1;;P2: P1And P2Indicate two sections of programs, which indicates that the sequence of this two sections of programs executes.
(3)Cond b P1 P2: b is a decision condition, which indicates to execute P when b is true1, when b is false
Shi Zhihang P2。
(4) While b P: the sentence indicates Do statement, executes P when b is true, otherwise, which is finished.
(5) Await b P: atomic sentence, when b is true, the operation for executing program P is atomic operation.
(6) uncertainty Nondtr: is simulated by state relation r.
(7) ⊥: the sentence indicates null statement.
The abstract syntax of event system:
(1) Event α: indicating non-trigger events, referred to as elementary event, the event be a triple Event (l, g,
P), wherein the title of l expression event, g indicate the condition of event, and P indicates the main body of event.
(2)The trigger event indicated, P indicate the main body of event.
(3){ε0..., εn}: event sets are indicated, under finding in the sequence of events when an event, which executes, to be completed
One event executes.
(4)Indicate that an event and a sequence of events link the sequence of events to be formed.
(5) K → S: expression is function from K to event system, and wherein K indicates the identifier of event system, main to use
In concurrent event system.
Wherein operational semantics includes program statement operational semantics and event system operational semantics.
Program statement operational semantics includes:
(1) BASIC: the operational semantics of basic assignment statement, (Basic f, s), which is executed, to be completed to become (⊥, f s) later,
Current state becomes the state after f is executed.
(2) SEQ: the execution semanteme of sequential statement is divided into two kinds, and one is work as P1Executing becomes null statement after completing, and
And state becomes s ', then (P1;;P2, s) executed after become (P2, s ').Another kind is to work as P1Become P ' after having executed1, and
And state becomes s ', then (P1;;P2, s) and it executes and completes to become (P ' later1;;P2, s ').
(3) COND: the execution semanteme of conditional statement is also two kinds, when one kind is that current state s is unsatisfactory for b, (Cond b
P1 P2, s) and it executes and completes to become (P later2, s), current state s is constant.Second is that current state s meets b, then (cond b
P1 P2, s) and it executes and completes to become (P later1, s), current state s is constant.
(4) WHILET: the operational semantics of Do statement is divided into two kinds, and one kind is that current state s is unsatisfactory for b, (While b
P, s) it executes and completes to become (⊥, s) later, current state is constant.Another kind is that current state s meets b, then (While b P,
S) executing becomes (P after completing;;(While b P), s), program P is next executed, is then further continued for executing While sentence,
Current state s is constant.
(5) NONDT: if state conversion (s, s ') meets condition r, (Nondtr, s), which is executed, to be completed to become later
(6) AWAIT: the operational semantics of atomic sentence, if current state meets s and meets b, and (P, s) process is repeatedly held
Row becomes (⊥, s '), then (Await b P, s), which is executed, completes to become (⊥, s ') later, and current state becomes after P execution
State.
Event system operational semantics includes:
(1) INNEREVT: if (P, s), which is executed after completing, becomes (P ', s '),Executing becomes after completingWherein the event of event become after the execution of P program is completed, current state become after the execution completion of P program
State, the currently performed event of system is constant.
(2) BASICEVT: for event Event α, if P is the main body of Event α, s is the shape for meeting Event α
State then becomes after (Event α, s, x) execution eventWherein x ' is x (k → Event α), is indicated in event system
Event Event α is executed in system k.
(3) event ε EVTSET: is executed in event system ki, then there is (εi, s, x) and become (ε 'i, s, x ') conversion.
So for event sets { ε0..., εn, if executing event εi, then ({ ε0..., εn, s, x) execute complete after can become
For, indicate to first carry out trigger event ε 'i, then executing the event in event sets.
(4) EVTSEQ: the operational semantics is divided into two kinds, and one kind is if (ε, s, x) becomes by any type of conversion
(ε ', s ', x '), wherein ε ' is notThenConversion by the type can becomeIt is another
If become for (ε, s, x) by any type of conversionThenConversion by the type can become
For (S, s ', x ').
(5) PAR: for concurrent event system, if (PS (k), s, x) can become by any type of conversion (S ',
S ', x '), then the conversion of (PS, s, x) Jing Guo the type can become (PS ', s ', x '), and wherein PS ' is PS (k → S ').
The wherein associated description that authentication module is realized on Isabelle platform, including program verification submodule and event system
System verifying submodule.
The related realization of program verification submodule describes:
(1) BASIC: if for the state for including in precondition pre, the state after having executed sentence f is whole
Meet postcondition pst, the state after state and execution before sentence f execution is formed by tuple and belongs to G, and full
Sufficient stable (pre, R) and stable (pst, R), then can release (Basic f) sat<pre,R,G,pst>, i.e. Basic f
Sentence meets the specification.
(2) COND: if P1Meet<pre∩b,R,G,pst>, P2Meet<pre∩-b,R,G,pst>, meet stable
(pre, R), and for arbitrary state s, it is all satisfied (s, s) ∈ G, (Cond b P can be released1 P2) sat < pre, R, G,
Pst >, wherein pre ∩ b indicate pre in institute it is stateful execute b after result for true the morphogenetic set of shape, pre ∩-b table
Show the morphogenetic set of shape that the result after state all in pre executes b is false.
(3) SEQ: if program P meets<pre,R,G,m>, program Q satisfaction<m,R,G,pst>, (P can be released;;Q)
Sat<pre,R,G,pst>.
(4) WHILE: if program P meets<pre∩b,R,G,m>, pre ∩-b is the subset of postcondition pst, is met
Stable (pst, R) and stable (pst, R), and for arbitrary state s, it is all satisfied (s, s) ∈ G, can be released
(While b p) sat<pre,R,G,pst>.
(5) AWAIT: for arbitrary state V, if P sat < pre ∩ { V } can be released, Id, univ, s | (V, s) ∈
G } ∩ pst >, and meet stable (pre, R) and stable (pst, R), then (Await b P) sat < pre, R, G can be released,
pst>。
(6) NONDT: if there is state s ', so that (s, s ') ∈ r, and s ' can be released for any (s, s ') ∈ r
∈ pst, and set formed for (s, s ') is the subset of G, wherein s ∈ pre ∧ (s, s ') ∈ G, while meeting stable
(pre, R) and stable (pst, R), can release (Nondtr) sat<pre,R,G,pst>.
(7) CONSEQ: if pre is the subset of pre ', R is the subset of R ', and G is the subset of G ', and pst is the son of pst '
Collection, and random procedure is met<pre,R,G,pst>specification, then can release #sat<pre,R,G,pst>, wherein # is indicated
Random procedure.
The auxiliary authentication module related realization of program describes:
(1) UNPRE: if P sat<pre,R,G,pst>, and P sat<pre′,R,G,pst>, P sat can be released
<pre∪pre′,R,G,pst>.
(2) INTPOST: if P sat<pre,R,G,pst>, and P sat<pre,R,G,pst′>, P can be released
Sat<pre,R,G,pst∩pst′>.
(3) UNIVPRE: if having P sat<{ v }, R, G for state v arbitrary in pre, pst>, P can be released
Sat<pre,R,G,pst>.
(4) EMPTYPRE: if precondition pre is empty set, P sat<{ }, R, G, pst>establishment.
Event system verifies the related realization description of submodule:
(1) BASICEVT: if the main body of event Event α meets specification<pre∩guard ( α ) ,R,G,pst>, wherein
Guar d (α) indicates the state of setting out for meeting event Event α, and meets stable (pre, R), and for arbitrary shape
State s, is all satisfied (s, s) ∈ G, then can release Event α sat<pre,R,G,pst>.
(2) INNER: if program P meets specification<pre,R,G,pst>, then can release
(3) EVTSEQ: if event ε meets specification<pre,R,G,m>, event sets S, which meets, to be standardized<m,R,G,pst>,
It can then release
(4) EVTSET: for event sets { ε0..., εn, if for event ε arbitrary in gatheringi, there is εisat
<presi, Rsi, Gsi, pstsi>, wherein presiThe precondition for indicating i-th of event meets stable (pre, R), and right
Any one occurrence ε in event setsi, postcondition is all the subset of the precondition of other events, before event sets
The condition pre of setting is the subset of the precondition of any one occurrence in set, and the postcondition of any one occurrence is event set in set
The subset of the postcondition of conjunction, in addition, any one occurrence in event sets all meetsWithAnd for appointing
The state s of meaning is all satisfied (s, s) ∈ G, then can release ({ ε0..., εn) sat<pre,R,G,pst>.
(5) PAR: for the k event system in concurrent event system PS, all meet its corresponding specification < presk, Rsk,
Gsk, pstsk>, and for any one occurrence k in concurrent event system,
And for any different event system k and event system k ',PS sat < pre, R, G can be then released,
pst>。
Wherein referred to according to described stable (f, the g) condition for x and y in the state of any, if x ∈ f ∧ (x, y)
∈ g, then y ∈ f can be released.
The wherein associated description that constraints module is realized on Isabelle platform, including precondition constraint submodule, according to
Constraint submodule, guarantee condition constraint submodule and postcondition is relied to constrain submodule:
(1) precondition constrains submodule, before determining that the original state of program, the original state of program must satisfy
Set constraint;
(2) constraint of constraint precondition is relied on, for determining the conversion range of program execution enviroment, in operational process
In any context conversion all must satisfy dependence constraint;
(3) guarantee condition constraint precondition constraint, for determining the condition conversion range of program operation, in implementation procedure
In the state as caused by the program conversion all must satisfy guarantee condition constraint;
(4) postcondition constraint precondition constraint, for determining the end state after the end of the program, when program is transported
Internal storage state must satisfy postcondition constraint after row.
It is described in further details below in conjunction with technical solution of the concrete application example to the embodiment of the present application.
Using example one:
This using in example, the verification method of the application is applied to seize and interrupt by the application.The application uses
This method proves the correctness and safety with the automatic driving vehicle of stepper motor and radar controller detection barrier.It is right
Exemplary structure chart is applied in this as shown in figure 5, mainly including three modules: radar (R), controller (C) and program interrupt control
Device (PIC) processed.
The system of application is called and the detection of radar can send interrupt requests (IRQ) to PIC, and then PIC can block currently
It program and jumps to new program and executes.In order to indicate interrupt, the application defines a stack to save these
IRQ, and the application uses the sentence To indicate to only have
When processing routine is the top-level elements of stack, the internal step p of processing routine C could be executed.The state of the system is to pass through change
Car_pos, obstacle_pos, pos_aux are measured, obst_pos_aux is indicated, wherein parameter car_pos indicates current motor
The position at place, parameter obstacle_pos are used to indicate the position of all barriers being detected, parameter pos_
Aux and parameter obst_pos_aux is the local parameter applied in event.
The application defines one group of event and is used to specify system calling, detects barrier and sends IRQ to PIC.It is black in Fig. 6
It is forward event shown in color font, it is similar with forward event to backward event, it no longer lists here.This two
A event is used to that motor is driven to move forward or move backward, until the motor has moved distance v.In entire movement
In the process, if program finds that in the next position to be moved, motor will stop immediately there are barrier.The program most
Afterwards, iret sentence can carry out pop operation to IRQ stack.Shown in Fig. 7 is the processing routine of the IRQ sent from radar, the event meeting
The position of the barrier of appearance is inserted into variable obstacle_pos.Here the application assumes that barrier is not in that motor is worked as
The previous position or the latter position of front position.Event simulation shown in Fig. 8 PIC receives the operation of IRQ, and will be new
The IRQ received is added in stack.If the application assumes IRQ that an equipment is sent just processed, the equipment is just not
IRQ can be retransmited.Just at this using in example, the application guarantees event forward, event backward and event obstacle
Between can mutually seize.
For the function accuracy of system, the application is verified by the dependence guaranteed conditions of event.The application is to each
Event defines dependence guaranteed conditions.For example, expression formula | | it is the concrete syntax for indicating the state set met, the application uses
Indicate variable x value in the status, with and indicate variable x in state before switching with the value after conversion.For event
Forward, pre-condition are loosened to { | True | }.Rely-condition shows that variable car_pos and two parts become
Amount (i and pox_aux) is not changed by environment, in addition, rely-condition includes to get over when handling the IRQ of radar
The variation of state in part obstacle and event IRQs.In the first instance, execute stack operation and assignment operation=mistake
Cheng Zhong, variable onstacle_pos are always maintained at constant.In second example, new obstacle is likely to occur at any time, therefore,
It is identical before obstacle occurs and after occurring that rely-condition, which also requires the collision at+1, simultaneously.If do not detected
To new barrier, controller will continue to execute, and environment will not change variable obstacle_pos and variable obst_pos_
aux.PIC is likely to be received the IRQ of radar, and at this moment forward event will be interrupted.Post-condition is defined
The correctness of forward event, if it indicates that motor does not have barrier appearance in the range of distance v, i=v is otherwise electric
It is confidential to be parked in front of barrier.
The function accuracy of forward event is demonstrated by introducing dependence proof rule.The application is distinguished using R and G
Indicate the rely-condition and guar-condition of forward_RGCondition.In Fig. 6, before each sentence
Postcondition is with blue display, and verification condition is with green display.The application is that WHILE sentence applies a circulation
Invariant { | ' car_pos=' pos_aux+ ' i | }, then the EvtSet proof rule in application drawing 4 proves Ctrl, Radar
With the function accuracy of PIC.Last the application is that whole system is defined dependence guaranteed conditions and demonstrate,proved using par proof rule
The correctness of the bright system.
The application demonstrates the safety of inv ≡ { | | }, this means that vehicle at no time can be with barrier
Collision.According to the correctness of system function and Conseq proof rule, it can be seen that be correct.Then the application uses
Theorem2, and prove that inv is VehicleSpec for inv is stable according to the guaranteed conditions with each event
Invariant.
Using example two:
The content of this application example studies is related to that multicore is concurrent and the verifying of invariance.Since device driver is special
It is run in subregion, therefore the application does not consider the interrupt in kernel.As shown in figure 9, the IPC in ARINC653 passes through each
The channel configured in a subregion carries out transmitting message.Each subregion can be channel by port access path, these ports
Endpoint.
Kernel setup in Isabelle is divided into static and dynamic assembly.The application creates a constant conf, is used for
The static component of state in definition standard.In conf, c2s is the mapping from core to scheduler program, and is dijection.p2s
It is to dispose subregion for scheduler program.P2p indicates subregion belonging to port.Chsrc and chdest indicates the source port of queue paths
And target port.Finally, chmax defines the maximum capacity in channel.Specification has created the abstract number based on these elements
According to type: Core, Part, QChannel, Port, Message.This means that the application tests arbitrary system configuration
Card, rather than specific example.
The dynamic assembly of interior nuclear state is related to scheduler program, the state in channel and subregion.The status display of scheduler program is just
In the current partition of execution.The state in channel is by the information preservation of message in fifo queue.The state of subregion is defined as IDLE,
READY or RUN.The application will be defined as the original state of system.
The application defines one group of time to specify scheduling and communication service.The parameter and core that these events are inputted by it
Identifier k is parameterized.Schedule and Send_QMsg event is as shown in Figure 10.When p be deployed on k and the state of p not
When being IDLE, subregion p can be dispatched on core processor k.The event first sets currently running subregion state to
The k of current partition is set None by READY.Then current partition is set by p, and sets RUN for its state.When
When configuring source port p in current partition, Send_QMsg event is likely to occur in the current partition on processor core k.It should
What event was blocked always, until the information channel of operation is by available space.Then by its information insertion message queue
Tail portion and the size for increasing queue.
Therefore, more kernels it is parallel when event system be defined as follows.Each core is deployed in core identifier k parameter
The similar events sequence of change.When starting kernel execution instance on each processor cores, the application is come just using event Core_Init
The interior nuclear state of each kernel of beginningization.Then, system defined in the corresponding Esysk of kernel execution instance is called, and wherein Esysk is one
Event set.
For the purpose of the combinational reasoning based on event, the application specifies the dependence guaranteed conditions of each event.Event
The conditional definition of Send_QMsg such as Figure 11.The event dependent executed on k is in current partition on k not by other cores
Event changes.Guaranteed conditions show that event internal step will not modify the current partition in any core, the state of any subregion
And the size of message queue and other channels.If the event also guarantees the message count that size is equal to before internal step,
They are still equal after step.
Invariant inv verifying for system, such as Figure 12, inv1 are indicated if subregion p is the current of scheduler program sched
The subregion being carrying out should then recall and dispose p in program.Inv2 is indicated if disposing subregion p on scheduler program sched
And p is current partition, then the state of p is RUN.Inv3 is defined for any queue paths c, and current size should be queue
In message number.
The application has knownAnd all events are all elementary events in ARINCSpec.In addition, the application
The guaranteed conditions for demonstrating each event in ARINCSpec are stable for inv.The application uses these results and straight
Connect application affairs combination and event proof rule it can be concluded that.According to Theorem2, the application demonstrates the invariant that inv is.
It, in the absence of conflict, can be in any combination between technical solution documented by the embodiment of the present application.
The above, the only specific embodiment of the application, but the protection scope of the application is not limited thereto, it is any
Those familiar with the art within the technical scope of the present application, can easily think of the change or the replacement, and should all contain
Lid is within the scope of protection of this application.
Claims (7)
1. a kind of concurrent system combined authentication device, which is characterized in that described device includes:
Configuration module, for providing a kind of Formal Languages;
Authentication module, for providing program verification function and event system authentication function;
Constraints module, for providing constraint.
2. the apparatus according to claim 1, which is characterized in that the Formal Languages that the configuration module provides can
Program code, event system and concurrent event system are described.
3. device according to claim 1 or 2, which is characterized in that the Formal Languages that the configuration module provides,
It include: the abstract syntax and operational semantics of Formal Languages.
4. device according to claim 3, which is characterized in that the abstract syntax includes program syntax and event grammer,
Wherein:
Described program grammer includes: basic assignment statement, conditional statement, Do statement, sequential statement, atomic sentence;
The event grammer includes: elementary event, event system and concurrent event system.
5. the apparatus according to claim 1, which is characterized in that the authentication module, comprising:
Program verification submodule, for providing following function: the verifying function of the authentication function, conditional statement of assignment statement substantially
The combination of energy, the authentication function of Do statement, the authentication function of sequential statement, the authentication function of atomic sentence and concurrent program is tested
Demonstrate,prove function;
Event system verifies submodule, for providing following function: elementary event authentication function, event system authentication function and simultaneously
Row event system authentication function.
6. the apparatus according to claim 1, which is characterized in that the constraints module, comprising:
Precondition constrains submodule, for determining that the original state of program, the original state of described program must satisfy preposition
Constraint;
Rely on constraint submodule, for determining the conversion range of program execution enviroment, any environment in the process of running
Conversion all must satisfy dependence constraint;
Guarantee condition constrains submodule, for determining the condition conversion range of program operation, is led in the process of implementation by the program
The state conversion of cause all must satisfy guarantee condition constraint;
Postcondition constrains submodule, for determining the end state after the end of the program, memory after the end of the program
State must satisfy postcondition constraint.
7. device according to claim 6, which is characterized in that the state is internal storage state, wherein the internal storage state
Including local variable state and global variable state.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910007482.6A CN109783380A (en) | 2019-01-04 | 2019-01-04 | A kind of concurrent system combined authentication device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910007482.6A CN109783380A (en) | 2019-01-04 | 2019-01-04 | A kind of concurrent system combined authentication device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109783380A true CN109783380A (en) | 2019-05-21 |
Family
ID=66500040
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910007482.6A Pending CN109783380A (en) | 2019-01-04 | 2019-01-04 | A kind of concurrent system combined authentication device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109783380A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110347405A (en) * | 2019-07-01 | 2019-10-18 | 电子科技大学 | A kind of formalization verification method of schedule scheduler module |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102708228A (en) * | 2012-04-20 | 2012-10-03 | 西安电子科技大学 | TMSVL (timed modeling simulation verification logic) real-time system modeling method |
CN106708525A (en) * | 2016-12-27 | 2017-05-24 | 西安电子科技大学 | Coq-based MSVL program verification method |
WO2018007822A1 (en) * | 2016-07-08 | 2018-01-11 | Cocotec Limited | An interoperable extensible system for the generation of verified software code |
CN108228410A (en) * | 2018-01-24 | 2018-06-29 | 北京航空航天大学 | A kind of multinuclear concurrent system verification method based on Event-B |
CN108509336A (en) * | 2018-03-05 | 2018-09-07 | 华东师范大学 | A kind of operating system canonical form chemical examination card and test method |
-
2019
- 2019-01-04 CN CN201910007482.6A patent/CN109783380A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102708228A (en) * | 2012-04-20 | 2012-10-03 | 西安电子科技大学 | TMSVL (timed modeling simulation verification logic) real-time system modeling method |
WO2018007822A1 (en) * | 2016-07-08 | 2018-01-11 | Cocotec Limited | An interoperable extensible system for the generation of verified software code |
CN106708525A (en) * | 2016-12-27 | 2017-05-24 | 西安电子科技大学 | Coq-based MSVL program verification method |
CN108228410A (en) * | 2018-01-24 | 2018-06-29 | 北京航空航天大学 | A kind of multinuclear concurrent system verification method based on Event-B |
CN108509336A (en) * | 2018-03-05 | 2018-09-07 | 华东师范大学 | A kind of operating system canonical form chemical examination card and test method |
Non-Patent Citations (2)
Title |
---|
ZHAO YONGWANG等: "An Event-based Compositional Reasoning Approach for Concurrent Reactive Systems", 《HTTPS://ARXIV.ORG/ABS/1810.07855》 * |
吕毅: "形式化方法介绍及其在工程中的应用", 《微电子学与计算机》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110347405A (en) * | 2019-07-01 | 2019-10-18 | 电子科技大学 | A kind of formalization verification method of schedule scheduler module |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021238006A1 (en) | Artificial intelligence chip verification | |
EP0445942A2 (en) | Analytical development and verification of control-intensive systems | |
EP3696677A1 (en) | Script debugging method and device, and computer storage medium | |
AU2020102903A4 (en) | A Formal Modeling And Verification Method For A Microkernel Operating System Inter-Process Communication Mechanism Based on the Event-B Method | |
Jussila et al. | Model checking dynamic and hierarchical UML state machines | |
US11514225B2 (en) | Verification platform for system on chip and verification method thereof | |
Zimmermann et al. | Modelling and evaluation of manufacturing systems using dedicated Petri nets | |
US6701457B2 (en) | Partitioned avionics computer and a method and system for debugging | |
CN109783380A (en) | A kind of concurrent system combined authentication device | |
CN115826938B (en) | Method and device for generating and using real-time operating system, electronic equipment and medium | |
Xu et al. | Unified graphical co-modeling, analysis and verification of cyber-physical systems by combining AADL and Simulink/Stateflow | |
O'nils et al. | Device driver and DMA controller synthesis from HW/SW communication protocol specifications | |
Lin et al. | Modelling and Verification of Real-Time Publish and Subscribe Protocol Using U ppaal and Simulink/Stateflow | |
CN108874523A (en) | A kind of programmed method based on the AI and promise of children education control asynchronous function sequence | |
CN106874072B (en) | Embedded operating system partition virtual interrupt processing method based on PowerPC processor | |
CN110968876A (en) | MILS architecture-based secure operating system | |
JPH08511370A (en) | Software execution system | |
Rust et al. | Pr/T-Net based seamless design of embedded real-time systems | |
CN103530091A (en) | Method and device for implementing task of calculating CPMD (car-Parrinello molecular dynamics simulations) | |
CN110990112B (en) | Method and device for realizing interface simulation platform | |
CN112868038A (en) | Method and system for formulating business processes in event driven environments | |
Lu et al. | Constructing ECU Software Architecture Based on OSEK | |
Mika et al. | VEDLIoT: Next generation accelerated AIoT systems and applications | |
Strubbe et al. | Communicating piecewise deterministic Markov processes | |
Mousavi et al. | Cyber-Physical Systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190521 |