CN110119358B - Test method and device for FBD (film bulk digital) program - Google Patents

Test method and device for FBD (film bulk digital) program Download PDF

Info

Publication number
CN110119358B
CN110119358B CN201910407461.3A CN201910407461A CN110119358B CN 110119358 B CN110119358 B CN 110119358B CN 201910407461 A CN201910407461 A CN 201910407461A CN 110119358 B CN110119358 B CN 110119358B
Authority
CN
China
Prior art keywords
execution model
state
determining
fbd
program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910407461.3A
Other languages
Chinese (zh)
Other versions
CN110119358A (en
Inventor
邬惠峰
严义
孙洁香
陈佰平
赵建勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dianzi University
Original Assignee
Hangzhou Dianzi University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dianzi University filed Critical Hangzhou Dianzi University
Priority to CN201910407461.3A priority Critical patent/CN110119358B/en
Publication of CN110119358A publication Critical patent/CN110119358A/en
Application granted granted Critical
Publication of CN110119358B publication Critical patent/CN110119358B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)
  • Stored Programmes (AREA)

Abstract

The invention provides a test method and a test device of an FBD program, wherein the method comprises the following steps: formally describing an FBD program to generate a first execution model, wherein the execution model comprises an input stream combination, an output stream combination, a state combination, an initial state, a state conversion function and an output stream generation function; formally describing the design specification of the FBD program to generate a second execution model; determining an equivalence verification result of the FBD program and the design specification according to the first execution model and the second execution model; and according to the verification result, determining that the reliability of the FBD program passes the verification. The test method and the test device for the FBD program provided by the invention can test the program of the complex system.

Description

Test method and device for FBD (film bulk digital) program
Technical Field
The invention relates to the field of industrial control, in particular to a test method and device of an FBD program.
Background
The programmable controller (programmable logic controller, PLC) is used as a core of industrial automation control and is widely applied to the fields of robots, numerical control equipment, traffic, electric power, communication and the like. With the increasing complexity of control systems and the development of industrial internet, more and more PLCs need to access a network while completing complex control (mixing of logic quantity, analog quantity and motion control), so that the reliability and safety of the PLCs become unavoidable problems. Because of language specificity, system complexity, environmental sealing and special instruction introduction, testing and verification of the PLC hybrid system is a problem which has not been solved effectively so far.
Formalization is a means of ensuring the reliability of a program in the prior art, and is often a technique for analyzing and validating a program by applying mathematical models, and typical methods include model verification. In particular, in the model test proposed by Clarke et al in 1983, the basic idea is to use a finite state machine as a model in which the property described by the validation logic formula is established.
However, the model detection has the problems that the reasoning and the state explosion of the complicated data type and the recursion structure cannot be completed, so that the model detection can only process the program of the system mainly controlled and simple in data, and cannot detect the program of the complicated system.
Disclosure of Invention
The invention provides a test method and a test device of an FBD program, which are used for solving the problem that the program of a complex system cannot be detected in the prior art.
A first aspect of the present invention provides a test method of an FBD program, comprising: formally describing the FBD program to generate a first execution model, wherein the execution model comprises input stream combination, output stream combination, state combination, initial state, state conversion function and output stream generation function;
formally describing the design specification of the FBD program to generate a second execution model;
determining equivalence verification results of the FBD program and the design specification according to the first execution model and the second execution model;
and according to the verification result, determining that the reliability of the FBD program is verified.
Optionally, the generating the first execution model includes:
determining the type of input stream combination of the first execution model according to the input variables of the FBD program;
determining the type of output flow combination of the first execution model according to the output variable of the FBD program;
determining the type of the initial state and the type of the state combination of the first execution model according to the Cartesian products of the intermediate variables and the output variables of the FBD program;
determining a state transition function of the first execution model according to a functional block network structure of the FBD program;
and determining an output flow generating function of the first execution model according to the state transition function of the first execution model.
Optionally, the generating the second execution model includes:
determining the type of the input stream combination of the second execution model according to the type of the input stream combination of the first execution model;
determining the type of the output flow combination of the second execution model according to the type of the output flow combination of the first execution model;
respectively determining the initial state and the type of the state combination of the second execution model according to the design specification;
determining a state transition function of the second execution model according to a state transition rule in the design specification;
and determining an output flow generating function of the second execution model according to the state transition function of the second execution model.
Optionally, before said verifying the equivalence of said FBD procedure and said design specification, comprising:
and constructing theorem of the FBD program by using equivalent predicates.
Optionally, said verifying the equivalence of said FBD procedure and said design criteria comprises:
inputting a first input stream and a first state into the first execution model, and receiving a first output stream and a second state output by the first execution model;
inputting a first input stream and a third state into the second execution model, and receiving a second output stream and a fourth state output by the second execution model, wherein the first state and the third state are two abstract modes of the same state;
and proving theorem of the FBD program according to the first output flow, the second state and the fourth state, and verifying equivalence of the FBD program and the design criterion.
A second aspect of the present invention provides a test apparatus for an FBD program, comprising:
the first model generation module is used for formally describing the FBD program and generating a first execution model, and the execution model comprises an input stream combination, an output stream combination, a state combination, an initial state, a state conversion function and an output stream generation function;
the second model generation module is used for formally describing the design specification of the FBD program and generating a second execution model;
an equivalence determination module for determining an equivalence verification result of the FBD program and the design specification according to the first execution model and the second execution model;
and the result module is used for determining that the reliability of the FBD program passes the verification according to the verification result.
Optionally, the first model generating module is specifically configured to determine, according to input variables of the FBD program, a type of input stream combination of the first execution model; determining the type of output flow combination of the first execution model according to the output variable of the FBD program; determining the type of the initial state and the type of the state combination of the first execution model according to the Cartesian products of the intermediate variables and the output variables of the FBD program; determining a state transition function of the first execution model according to a functional block network structure of the FBD program; and determining an output flow generating function of the first execution model according to the state transition function of the first execution model.
Optionally, the second model generating module is specifically configured to determine a type of input stream combination of the second execution model according to a type of input stream combination of the first execution model; determining the type of the output flow combination of the second execution model according to the type of the output flow combination of the first execution model; respectively determining the initial state and the type of the state combination of the second execution model according to the design specification; determining a state transition function of the second execution model according to a state transition rule in the design specification; and determining an output flow generating function of the second execution model according to the state transition function of the second execution model.
Optionally, the method further comprises:
and the theorem constructing module is used for constructing the theorem of the FBD program by using equivalent predicates.
Optionally, the equivalence determination module is specifically configured to input a first input stream and a first state into the first execution model, and receive a first output stream and a second state output by the first execution model; inputting a first input stream and a third state into the second execution model, and receiving a second output stream and a fourth state output by the second execution model, wherein the first state and the third state are two abstract modes of the same state; and proving theorem of the FBD program according to the first output flow, the second state and the fourth state, and verifying equivalence of the FBD program and the design criterion.
A third aspect of the present invention provides an electronic device comprising:
a memory for storing program instructions;
and the processor is used for calling and executing the program instructions in the memory and executing the method steps in the first aspect.
A fourth aspect of the present invention provides a storage medium having stored therein a computer program for executing the method of any of the first aspects.
The method and the device for testing the FBD program provided by the invention perform formal description on the FBD program to generate a first execution model; formally describing the design specification of the FBD program to generate a second execution model; determining an equivalence verification result of the FBD program and the design specification according to the first execution model and the second execution model; and according to the verification result, determining that the reliability of the FBD program passes the verification. According to the method, regardless of the complexity of the program, the FBD program and the design specification can be respectively converted into the preset execution models, the reliability verification of the FBD program is further completed through the two execution models, and the detection of the complex program is further realized.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description of the embodiments or the drawings used in the description of the prior art will be given in brief, it being obvious that the drawings in the description below are some embodiments of the invention and that other drawings can be obtained from them without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a testing method of an FBD program according to the present invention;
FIG. 2 is a flow chart of another method for testing an FBD program according to the present invention;
FIG. 3 is a flow chart of a testing method of an FBD program according to the present invention;
FIG. 4 is a schematic diagram illustrating a state transition of an fb_close_delay procedure according to the present invention;
FIG. 5 is a flow chart of another method for testing an FBD program according to the present invention;
FIG. 6 is a schematic diagram of a testing apparatus for an FBD program according to the present invention;
fig. 7 is a schematic structural diagram of another testing apparatus for FBD procedure according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the present application, the eval function, the trans function, the build_trans function, the build_exec function, the exec function, and the like are named only for distinguishing the functions or the programs, and are not limited to the structures.
The functional block (function block diagram, FBD) is one of three graphic languages in the IEC61131-3 standard, and has wide application in the PLC field.
Formalization is a means of ensuring the reliability of a program in the prior art, and is typically a technique for analyzing and validating a program by applying mathematical models, a typical method including model verification. In particular, the basic idea is to use a finite state machine as a model in which the properties described by the validation logic formula are valid, as detected by the model proposed by Clarke et al in 1983.
However, the model detection has the problems that the reasoning and the state explosion of the complicated data type and the recursion structure cannot be completed, so that the model detection can only process the program of the system mainly controlled and simple in data, and cannot detect the program of the complicated system.
In view of the above problems, the present invention provides a method and apparatus for validating an FBD program, which generates a first execution model by formally describing the FBD program; formally describing the design specification of the FBD program to generate a second execution model; determining an equivalence verification result of the FBD program and the design specification according to the first execution model and the second execution model; and according to the verification result, determining that the reliability of the FBD program passes the verification, and further realizing the detection of the program of the complex system.
The execution subject of the method for confirming the FBD program provided by the present invention may be a confirmation device of the FBD program. The confirmation device of the FBD program may be a program, program code software, or a medium storing the relevant execution code, for example, a usb disk.
In some embodiments, the confirmation device of the FBD program may also be a physical device integrated with or installed with relevant execution code, such as a processor, a chip, a micro control unit (Microcontroller Unit, abbreviated as MCU), a computer, an electronic device, etc.
The following describes the technical solution of the present invention in detail with specific embodiments by taking a processor of an electronic device integrated with or installed with relevant execution codes as an example. The following embodiments may be combined with each other, and some embodiments may not be repeated for the same or similar concepts or processes.
Fig. 1 is a flow chart of a testing method of an FBD program according to the present invention. The present embodiment relates to how the processor formally describes the FBD program and design specifications to complete the process of equivalence verification. As shown in fig. 1, the method includes:
s101, formally describing the FBD program to generate a first execution model.
The execution model is based on a Mealy automaton and comprises a model with 6-tuples. The execution model ε= (I, O, S) 0 ,trans,exec)。
Wherein I is a finite input combination; o is a finite output combination; s is a finite state group; s is S 0 Is in an initial state; trans is a state transfer function, trans accepts input I and state S, generates output O and new state S The method comprises the steps of carrying out a first treatment on the surface of the exec is an output stream generating function, and exec receives an input stream and an initial state to generate an output stream.
Optionally, the execution model may further include o_default, where o_default is a default output value.
In this step, the FBD procedure is formally described and can be implemented by the certification assistance tool Coq. The method comprises the steps of carrying out formal description on an FBD program, namely determining the type of each item in 6-tuple through the variables and the functions of the FBD function, so as to generate a first execution model corresponding to the FBD program.
S102, formally describing the design specification of the FBD program, and generating a second execution model.
In this step, as in S101, the design specification of the FBD program may be separately determined by the certification assistance tool Coq to determine the type of each item in the 6-tuple, thereby generating a second execution model corresponding to the design specification.
S103, determining an equivalence verification result of the FBD program and the design specification according to the first execution model and the second execution model.
In this step, the first execution model and the equivalence of the first execution model may be demonstrated using a method of mutual simulation equivalence. Specifically, first, input streams and states of the first execution model and the second execution model are respectively proved to be consistent. Then, on the premise that the input streams and states of the first execution model and the second execution model are consistent, mutual simulation equivalence between the FBD program and the design specification can be proved.
And S104, determining that the reliability of the FBD program passes the verification according to the verification result.
In this step, when the input streams and states of the first execution model and the second execution model are consistent, the FBD program and the design specification may be further proved to be equivalent, and further it may be determined that the FBD program meets the design specification, and the reliability of the FBD program is determined to pass the verification.
The method and the device for testing the FBD program provided by the embodiment formally describe the FBD program to generate a first execution model; formally describing the design specification of the FBD program to generate a second execution model; determining an equivalence verification result of the FBD program and the design specification according to the first execution model and the second execution model; and according to the verification result, determining that the reliability of the FBD program passes the verification. According to the method, regardless of the complexity of the program, the FBD program and the design specification can be respectively converted into the preset execution model, and the reliability verification of the FBD program is further completed through the two execution models, so that the detection of the complex program is further realized.
The process of generating the first execution model will be explained in detail below taking the elevator door control program fb_close_delay as an example.
Fig. 2 is a flow chart of another method for testing an FBD program according to the present invention. The present embodiment relates to a process of generating a first execution model. As shown in fig. 2, on the basis of the above embodiment, the step S102 includes:
s201, determining the type of input stream combination of the first execution model according to the input variable of the FBD program.
In this step, three input variables vin= { open, open_request, close_request }, of fb_close_delay, where open is a boolean type variable for marking whether the door is open; open_request is a boolean type variable for prompting whether a door opening request is received; close_request is a boolean type variable that is used to indicate whether a door closing request is accepted. Thus, the first and second substrates are bonded together, the first execution may be determined in Coq model input type record i=b×b×b. In addition, since the input types of the first execution model and the second execution model are the same, i_common may also be defined in Coq for determining the input type of the second execution model.
S202, determining the type of output flow combination of the first execution model according to the output variable of the FBD program.
In this step, the output variable of fb_close_delay is vout= { close }, and close is a boolean type variable for indicating whether to close the door. Thus, the model output type can be noted as o=b. In addition, since the input types of the first execution model and the second execution model are the same, o_common may also be defined in Coq for determining the output type of the second execution model.
S203, determining the type of the initial state and the type of the state combination of the first execution model according to the Cartesian products of the intermediate variable and the output variable of the FBD program.
In this step, four intermediate variables of fb_close_delay, vintl= { timeout_force, timeout_keep, force, keep }, wherein force and keep are time instance variables for counting the foece_open and keep_open processes; timeout_force and timeout_keep are boolean type variables that are used to mark whether the force-open and keep-open processes are complete. The state type S can be written as a cartesian product of an intermediate variable and an output variable, the state type of the first model is s=b x B x STON x B, and then can determine S 0
S204, determining a state transition function of the first execution model according to the function block network structure of the FBD program.
In this step, the function body of the FBD procedure may be used as a combination of network structures. In fb_close_delay, there are two networks, ntwk1 and Ntwk2, respectively. For each network Ntwki (i=1, 2), a function evali I x O x s→o x S can be defined to update the state after each network pass, the function evali being used to accept input and output and state of the previous module and to generate output and new state. Taking the first Ntwk1 as an example, ntwk1 has 4 functional blocks: NOT, AND, TON (named force), TON (named keeper).
In Coq, the trans function can be determined by the eval function. the trans-function accepts input to update the state of the first execution model. Specifically, the build_trans function may be defined in Coq to implement this process. The build_trans function is used to receive I, O, S, o _default and eval function lists and generate a trans function.
S205, determining an output flow generating function of the first execution model according to the state transition function of the first execution model.
In this step, exec functions corresponding to the trans functions can be generated by the build_exec functions in Coq.
According to the method and the device for testing the FBD program, which are provided by the embodiment, the function and the variable type in the first execution model are respectively determined, and further the FBD program is formally described to generate the first execution model. By the method, the reliability verification of the FBD program can be finished through the first execution model and the second execution model corresponding to the design specification of the FBD program, and then the detection of the complex program is realized.
The process of generating the second execution model will be explained in detail below taking the elevator door control program fb_close_delay as an example.
Fig. 3 is a flow chart of a testing method of an FBD procedure according to the present invention. The present embodiment relates to a process of generating a second execution model. As shown in fig. 3, on the basis of the above embodiment, the step S103 includes:
s301, determining the type of input stream combination of the second execution model according to the type of input stream combination of the first execution model.
In this step, since the input of the design specification of the FBD program is the same as the input of the FBD program, the input of the specification can be directly formalized by the above-described i_common, and the input stream combination type of the second execution model is the same as the input stream combination type of the first execution model.
S302, determining the type of the output flow combination of the second execution model according to the type of the output flow combination of the first execution model.
In this step, since the output of the design specification of the FBD program is the same as the output of the FBD program, the output of the specification can be directly formalized by the above-described o_common, and the type of the output stream combination of the second execution model is the same as the type of the output stream combination of the first execution model.
S303, respectively determining the initial state and the type of the state combination of the second execution model according to the design specification.
In this step, for the state S of the specification, it may be specifically determined according to the design specification corresponding to the FBD program. For example, in fb_close_delay, the canonical state is sspec= (unopened, force_open (et)), where et is a natural number; unopened is the state where the elevator door is not fully opened; force_open (et) is that the elevator is in the force-open process and has been subjected to et times, the state type of force_open is N- > Sspec; keep_open (et) is that the elevator is in the keep-open process and has been for a period of time, the type of keep_open is N- > Sspec. Depending on the state of the specification, the Sspec type may be defined in Coq in indictive.
S304, determining a state transition function of the second execution model according to the state transition rule in the design specification.
Fig. 4 is a schematic diagram of state transformation of an fb_close_delay procedure according to the present invention. FIG. 1 is a state transition table of the fb_close_delay program. As in fig. 4, the corresponding conversion conditions for each of the conversion processes in fig. 4 are listed in table 1 according to the numbering. Wherein, state 1 is unopened, state 2 is force_open (et), state 3 is keep_open (et), and "_indicates that the input variable is negligible in the conversion rule, and ptforce and ptkeep are preset times of force-open and keep-open processes, respectively.
TABLE 1
According to the transformation rules shown in fig. 4 and table 1, the corresponding trans function can be determined in Coq by the build_exec function.
S305, determining an output flow generating function of the second execution model according to the state transition function of the second execution model.
In this step, exec functions corresponding to the trans functions can be generated by the build_exec functions in Coq.
According to the testing method and device for the FBD program, the function and the variable type in the second execution model are respectively determined, and further formal description is carried out on the FBD program to generate the second execution model. By the method, the reliability verification of the FBD program can be completed through the second execution model and the first execution model of the FBD program, and then the detection of the complex program is realized.
The process of determining the equivalence verification results of the FBD procedure and design specifications is described below.
Fig. 5 is a flow chart of a testing method of an FBD procedure according to the present invention. This embodiment relates to a specific procedure of how the processor determines the equivalence verification result of the FBD program and the design specification. As shown in fig. 5, on the basis of the above embodiment, the method includes:
s401, performing formal description on the FBD program to generate a first execution model, wherein the execution model comprises input stream combination, output stream combination, state combination, initial state, state conversion function and output stream generation function.
S402, formally describing the design specification of the FBD program, and generating a second execution model.
The technical terms, effects, features, and alternative embodiments of steps S401 to S402 may be understood with reference to steps S101 to S102 shown in fig. 1, and will not be described again here for repeated contents.
S403, constructing theorem of the FBD program by using the equivalent predicates.
In this step, the first argument head_equivalent may be defined according to the definition of mutual simulation equivalence. Specifically, under any given input stream and state groups corresponding to two execution models, the first lemma is the first element equivalence of output streams respectively generated by the first execution model and the second execution model, that is, the first step equivalence of mutual simulation of the two execution models.
The second argument state_index may also be defined according to the definition of mutual simulation equivalence. Specifically, the second lemma is the next state group equivalent to be generated for any given input stream and the state groups corresponding to the two execution models. Based on the first and second quotations, a proof of the equivalence theorem close_delay_eq of the FBD program defined by the mutually simulated equivalence predicates bisimiar can be constructed.
S404, inputting the first input stream and the first state into the first execution model, and receiving the first output stream and the second state output by the first execution model.
S405, inputting the first input stream and the third state into the second execution model, and receiving the second output stream and the fourth state output by the second execution model.
In this step, the input stream combination of the first execution model and the input stream combination of the second execution model are the same, and any input stream from the input stream combination may be selected as the first input stream. The definitions of the states of the first execution model and the second execution model are different. Therefore, any one state in the state combination of the first execution model may be selected as the first state simple, and at the same time, a state in the state combination of the second execution model, which is consistent with the first state simple, may be determined as the second state Sspec. The first state and the third state are two abstract ways of the same state. Specifically, the isCorr type (simple×sspec) may be defined in Coq, indicating that both simple and Sspec are identical.
For any first input stream and given set of states, a corresponding first output stream and second state may be generated by the first execution model, while a corresponding second output stream and fourth state are generated by the second execution model.
S406, proving theorem of the FBD program according to the first output stream, the second state and the fourth state, and verifying the equivalence of the FBD program and the design criteria.
In this step, it is determined whether the first output stream and the second output stream are equivalent and whether the second state and the fourth state are equivalent according to the theorem of the FBD program. If the first output stream and the second output stream, and the second state and the fourth state are equivalent, the FBD procedure and the design criteria are equivalent. If there is any inequality between the first output stream and the second output stream, and between the second state and the fourth state, the FBD procedure and the design criteria are not equivalent.
The method and the device for testing the FBD program provided by the embodiment formally describe the FBD program to generate a first execution model; formally describing the design specification of the FBD program to generate a second execution model; determining an equivalence verification result of the FBD program and the design specification according to the first execution model and the second execution model; and according to the verification result, determining that the reliability of the FBD program passes the verification. According to the method, regardless of the complexity of the program, the FBD program and the design specification can be respectively installed and replaced into the preset execution model, the reliability verification of the FBD program is further completed through the two execution models, and the detection of the complex program is further realized.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
Fig. 6 is a schematic structural diagram of a testing device for an FBD procedure according to the present invention. The test device of the FBD program may be implemented by software, hardware or a combination of both, and may be the aforementioned processor.
As shown in fig. 6, the test apparatus 50 of the FBD program includes: a first model generation module 51, a second model generation module 52, an theorem construction module 53, an equivalence determination module 54, and a result module 55.
The first model generating module 51 is configured to formally describe the FBD program and generate a first execution model, where the execution model includes an input stream combination, an output stream combination, a state combination, an initial state, a state transfer function, and an output stream generating function.
The first model generating module 51 is specifically configured to determine, according to input variables of the FBD program, a type of input stream combination of the first execution model; determining the type of output stream combination of the first execution model according to the output variable of the FBD program; determining the type of the initial state and the type of the state combination of the first execution model according to Cartesian products of intermediate variables and output variables of the FBD program; determining a state transition function of the first execution model according to the function block network structure of the FBD program; and determining an output flow generating function of the first execution model according to the state transition function of the first execution model.
The second model generating module 52 is configured to formally describe the design specification of the FBD program, and generate a second execution model.
The second model generation module 52 is specifically configured to determine a type of input stream combination of the second execution model according to the type of input stream combination of the first execution model; determining the type of the output flow combination of the second execution model according to the type of the output flow combination of the first execution model; respectively determining the initial state and the type of the state combination of the second execution model according to the design specification; determining a state transition function of the second execution model according to a state transition rule in the design specification; and determining an output flow generating function of the second execution model according to the state transition function of the second execution model.
The theorem constructing module 53 is configured to construct the theorem of the FBD program using the equivalent predicates.
An equivalence determination module 54 for determining an equivalence verification result of the FBD program and the design specification based on the first execution model and the second execution model;
the equivalence determination module 54 is specifically configured to input a first input stream and a first state into the first execution model, and receive a first output stream and a second state output by the first execution model; inputting the first input stream and the third state into a second execution model, and receiving a second output stream and a fourth state output by the second execution model, wherein the first state and the third state are two abstract modes of the same state; the theorem of the FBD procedure is proved according to the first output stream, the second state and the fourth state, and the equivalence of the FBD procedure and the design criterion is verified.
And a result module 55, configured to determine that the reliability of the FBD procedure is verified according to the verification result.
The test device for the FBD program provided by the invention can execute the actions of the processor in the method embodiment, and the implementation principle and the technical effect are similar, and are not repeated here.
Fig. 7 is a schematic structural diagram of another testing apparatus for FBD procedure according to the present invention. As shown in fig. 7, the test apparatus of the FBD procedure may include: at least one processor 61 and a memory 62. Fig. 7 shows an electronic device, for example, a processor.
And a memory 62 for storing programs. In particular, the program may include program code including computer-operating instructions.
The memory 62 may comprise high-speed RAM memory or may further comprise non-volatile memory (non-volatile memory), such as at least one disk memory.
The processor 61 is configured to execute computer-executable instructions stored in the memory 62 to implement a graphics card driving method.
The processor 61 may be a central processing unit (Central Processing Unit, abbreviated as CPU), or an application specific integrated circuit (Application Specific Integrated Circuit, abbreviated as ASIC), or one or more integrated circuits configured to implement embodiments of the present application.
Alternatively, in a specific implementation, if the communication interface, the memory 62 and the processor 61 are implemented independently, the communication interface, the memory 62 and the processor 61 may be connected to each other through a bus and perform communication with each other. The bus may be an industry standard architecture (Industry Standard Architecture, abbreviated ISA) bus, an external device interconnect (Peripheral Component, abbreviated PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, abbreviated EISA) bus, among others. Buses may be divided into address buses, data buses, control buses, etc., but do not represent only one bus or one type of bus.
Alternatively, in a specific implementation, if the communication interface, the memory 62 and the processor 61 are integrated on a chip, the communication interface, the memory 62 and the processor 61 may complete communication through an internal interface.
The present invention also provides a computer-readable storage medium, which may include: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk or an optical disk, etc., in which program codes may be stored, and in particular, the computer-readable storage medium stores program instructions for the methods in the above embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.

Claims (6)

1. A method of testing an FBD procedure, comprising:
formally describing the FBD program to generate a first execution model, wherein the execution model comprises input stream combination, output stream combination, state combination, initial state, state conversion function and output stream generation function;
formally describing the design specification of the FBD program to generate a second execution model;
determining equivalence verification results of the FBD program and the design specification according to the first execution model and the second execution model;
determining that the reliability of the FBD program passes verification according to the verification result;
wherein the generating a first execution model includes:
determining the type of input stream combination of the first execution model according to the input variables of the FBD program;
determining the type of output flow combination of the first execution model according to the output variable of the FBD program;
determining the type of the initial state and the type of the state combination of the first execution model according to the Cartesian products of the intermediate variables and the output variables of the FBD program;
determining a state transition function of the first execution model according to a functional block network structure of the FBD program;
determining an output flow generating function of the first execution model according to the state transition function of the first execution model;
wherein the generating a second execution model includes:
determining the type of the input stream combination of the second execution model according to the type of the input stream combination of the first execution model;
determining the type of the output flow combination of the second execution model according to the type of the output flow combination of the first execution model;
respectively determining the initial state and the type of the state combination of the second execution model according to the design specification;
determining a state transition function of the second execution model according to a state transition rule in the design specification;
and determining an output flow generating function of the second execution model according to the state transition function of the second execution model.
2. The method of claim 1, comprising, prior to said verifying the equivalence of said FBD program and said design specification:
and constructing theorem of the FBD program by using equivalent predicates.
3. The method of claim 2, wherein said verifying the equivalence of said FBD procedure and said design specification comprises:
inputting a first input stream and a first state into the first execution model, and receiving a first output stream and a second state output by the first execution model;
inputting a first input stream and a third state into the second execution model, and receiving a second output stream and a fourth state output by the second execution model, wherein the first state and the third state are two abstract modes of the same state;
and proving theorem of the FBD program according to the first output flow, the second state and the fourth state, and verifying equivalence of the FBD program and the design specification.
4. A test apparatus for an FBD program, comprising:
the first model generation module is used for formally describing the FBD program and generating a first execution model, and the execution model comprises an input stream combination, an output stream combination, a state combination, an initial state, a state conversion function and an output stream generation function;
the second model generation module is used for formally describing the design specification of the FBD program and generating a second execution model;
an equivalence determination module for determining an equivalence verification result of the FBD program and the design specification according to the first execution model and the second execution model;
the result module is used for determining that the reliability of the FBD program passes verification according to the verification result;
the first model generation module is specifically configured to determine a type of input stream combination of the first execution model according to input variables of the FBD program; determining the type of output flow combination of the first execution model according to the output variable of the FBD program; determining the type of the initial state and the type of the state combination of the first execution model according to the Cartesian products of the intermediate variables and the output variables of the FBD program; determining a state transition function of the first execution model according to a functional block network structure of the FBD program; determining an output flow generating function of the first execution model according to the state transition function of the first execution model;
the second model generation module is specifically configured to determine a type of input stream combination of the second execution model according to the type of input stream combination of the first execution model; determining the type of the output flow combination of the second execution model according to the type of the output flow combination of the first execution model; respectively determining the initial state and the type of the state combination of the second execution model according to the design specification; determining a state transition function of the second execution model according to a state transition rule in the design specification; and determining an output flow generating function of the second execution model according to the state transition function of the second execution model.
5. The apparatus as recited in claim 4, further comprising:
and the theorem constructing module is used for constructing the theorem of the FBD program by using equivalent predicates.
6. The apparatus of claim 5, wherein the equivalence determination module is specifically configured to input a first input stream and a first state into the first execution model and receive a first output stream and a second state output by the first execution model; inputting a first input stream and a third state into the second execution model, and receiving a second output stream and a fourth state output by the second execution model, wherein the first state and the third state are two abstract modes of the same state; and proving theorem of the FBD program according to the first output flow, the second state and the fourth state, and verifying equivalence of the FBD program and the design specification.
CN201910407461.3A 2019-05-15 2019-05-15 Test method and device for FBD (film bulk digital) program Active CN110119358B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910407461.3A CN110119358B (en) 2019-05-15 2019-05-15 Test method and device for FBD (film bulk digital) program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910407461.3A CN110119358B (en) 2019-05-15 2019-05-15 Test method and device for FBD (film bulk digital) program

Publications (2)

Publication Number Publication Date
CN110119358A CN110119358A (en) 2019-08-13
CN110119358B true CN110119358B (en) 2023-08-08

Family

ID=67522664

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910407461.3A Active CN110119358B (en) 2019-05-15 2019-05-15 Test method and device for FBD (film bulk digital) program

Country Status (1)

Country Link
CN (1) CN110119358B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110928602B (en) * 2019-12-06 2022-09-20 浙江中控技术股份有限公司 FBD program operation method and device
CN112463133B (en) * 2020-12-02 2022-06-10 杭州电子科技大学 Coq-based verification method for time sequence safety of robot control system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104991863A (en) * 2015-07-14 2015-10-21 株洲南车时代电气股份有限公司 Method for automatically generating testing case on basis of function block diagram testing module
CN107003648A (en) * 2014-12-17 2017-08-01 西门子公司 The inspection of the functional module of automation equipment
CN108509336A (en) * 2018-03-05 2018-09-07 华东师范大学 A kind of operating system canonical form chemical examination card and test method
CN108681445A (en) * 2018-04-16 2018-10-19 华中科技大学 A kind of PLC program design method based on Timed Automata

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7698668B2 (en) * 2006-10-10 2010-04-13 Honeywell International Inc. Automatic translation of simulink models into the input language of a model checker
WO2010018415A1 (en) * 2008-08-15 2010-02-18 Verum Holding B.V. A method and system for testing complex machine control software
JP5287092B2 (en) * 2008-09-26 2013-09-11 富士通株式会社 Verification support program, verification support apparatus, and verification support method
US20160085883A1 (en) * 2014-09-19 2016-03-24 Toyota Jidosha Kabushiki Kaisha Verification System for System Design Consistency
US10387585B2 (en) * 2014-10-30 2019-08-20 The Mathworks, Inc. System and method for performing model verification

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107003648A (en) * 2014-12-17 2017-08-01 西门子公司 The inspection of the functional module of automation equipment
CN104991863A (en) * 2015-07-14 2015-10-21 株洲南车时代电气股份有限公司 Method for automatically generating testing case on basis of function block diagram testing module
CN108509336A (en) * 2018-03-05 2018-09-07 华东师范大学 A kind of operating system canonical form chemical examination card and test method
CN108681445A (en) * 2018-04-16 2018-10-19 华中科技大学 A kind of PLC program design method based on Timed Automata

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
元模型层次的UML动态子图到Coq形式规范的转换;窦亮;尹敏;李超;杨宗源;;计算机应用与软件(08);全文 *

Also Published As

Publication number Publication date
CN110119358A (en) 2019-08-13

Similar Documents

Publication Publication Date Title
Reissig et al. Feedback refinement relations for the synthesis of symbolic controllers
Ouedraogo et al. Nonblocking and safe control of discrete-event systems modeled as extended finite automata
Aarts et al. Learning i/o automata
Brzozowski et al. Asynchronous circuits
Rudie et al. Minimal communication in a distributed discrete-event system
Chakrabarti et al. Synchronous and bidirectional component interfaces
CN107783758B (en) A kind of intelligence contract engineering method
CN110119358B (en) Test method and device for FBD (film bulk digital) program
CN105786500B (en) Automatic generation method of embedded controller program framework
CN109739740A (en) A kind of AADL model combination formalization verification method
US5491639A (en) Procedure for verifying data-processing systems
CN106446341A (en) Process algebra-based real-time protocol analysis and verification system
Robinson Asynchronous logic circuits and sheaf obstructions
CN111400716A (en) Security mechanism verification method based on operating system
Simko et al. A framework for unambiguous and extensible specification of DSMLs for cyber-physical systems
CN112199913A (en) Coq-based RTL vulnerability formalization analysis method for very large scale integrated circuit
Li et al. Modeling and verification of component connectors in Coq
Hierons Controllable testing from nondeterministic finite state machines with multiple ports
Golden A unified formalism for complex systems architecture
CN114564202B (en) Symbol model detection method and system based on SAT solver and application thereof
Krause et al. Model based specification, verification, and test generation for a safety fieldbus profile
CN107450516B (en) A kind of closed loop test method based on element
Shanmugham et al. Application of graphical specification methodologies to manufacturing control logic development: a classification and comparison
Bollig et al. Modelling, specifying, and verifying message passing systems
Dhananjayan et al. A metric temporal logic specification interface for real-time discrete-event control

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant