CN110347588B - Software verification method, device, computer equipment and storage medium - Google Patents
Software verification method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN110347588B CN110347588B CN201910480992.5A CN201910480992A CN110347588B CN 110347588 B CN110347588 B CN 110347588B CN 201910480992 A CN201910480992 A CN 201910480992A CN 110347588 B CN110347588 B CN 110347588B
- Authority
- CN
- China
- Prior art keywords
- state machine
- protocol
- state
- requirements
- meets
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000012795 verification Methods 0.000 claims abstract description 61
- 230000006870 function Effects 0.000 claims description 63
- 238000006243 chemical reaction Methods 0.000 claims description 40
- 238000004590 computer program Methods 0.000 claims description 16
- 230000007704 transition Effects 0.000 claims description 14
- 238000012217 deletion Methods 0.000 claims description 3
- 230000037430 deletion Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000004566 IR spectroscopy Methods 0.000 description 1
- 108700031620 S-acetylthiorphan Proteins 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000013515 script Methods 0.000 description 1
- 238000013514 software validation Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
Abstract
The application relates to a software verification method, a software verification device, computer equipment and a storage medium. The method comprises the following steps: acquiring a specification, wherein the specification comprises a state machine specification and a statement specification, and the state machine specification and the statement specification are written according to a predefined writing rule; converting the state machine protocol into an implementation code; verifying whether the converted implementation code meets the requirements of the state machine protocol through a verifier; verifying whether the state machine protocol meets the requirements of the declaration protocol by a verifier; and if the converted implementation code meets the requirements of the state machine protocol and the state machine protocol meets the requirements of the statement protocol, the verification is passed. By adopting the method, the software verification can be rapidly performed, the software verification efficiency is improved, and the verification universality is realized.
Description
Technical Field
The present invention relates to the field of information processing technologies, and in particular, to a software verification method, a device, a computer device, and a storage medium.
Background
With the development of internet technology, the correctness of the system software can be verified in advance in a formal verification mode, so that the whole system crash caused by the occurrence of problems of the software can be effectively avoided. Currently, in the existing formal verification tools based on first-order logic solution, more SMT solvers are used.
The traditional formalized verification method mainly comprises model detection and theorem proving, wherein the model detection method is a verification technology based on a limited model and used for verifying expected characteristics of the model, however, the model detection method cannot directly verify the code, and a complex system is difficult to express; the theorem proving mode is a verification technology for expressing the system and the characteristics thereof by a certain mathematical logic formula, however, the theorem proving mode requires specialized mathematical theorem knowledge and support of an theorem proving device, and the semi-automatic verification tool not only needs to expend a great deal of manpower to write related conventions, but also has higher threshold requirements on researchers and needs professionals to design and develop related software.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a software verification method, apparatus, computer device, and storage medium that can perform software verification quickly, improve software verification efficiency, and achieve verification versatility.
A method of software validation, the method comprising:
acquiring a specification, wherein the specification comprises a state machine specification and a statement specification, and the state machine specification and the statement specification are written according to a predefined writing rule;
Converting the state machine protocol into an implementation code;
verifying whether the converted implementation code meets the requirements of the state machine protocol through a verifier;
verifying whether the state machine protocol meets the requirements of the declaration protocol by a verifier;
and if the converted implementation code meets the requirements of the state machine protocol and the state machine protocol meets the requirements of the statement protocol, the verification is passed.
In one embodiment, the state machine specification and the declaration specification are written according to predefined writing rules including:
the state machine protocol is written through a Python language and is used for describing the correctness of the system functions and system interfaces;
writing the declaration protocol based on the state machine protocol, wherein the declaration protocol is used for describing system attributes and system invariant information;
wherein the state machine conventions include abstract state machine conventions and state transition conventions;
preferably, the return value information is added in the function definition of the Python language;
setting a first parameter of a Python function as an object parameter of a system state space;
and dividing the parameter types and the parameter names of other parameters of the Python function through preset symbols.
In one embodiment, the state machine specification is written in Python language comprising:
describing a state space of the state machine protocol through an abstract state model, wherein the abstract state model comprises a system external interface set, a state machine state set, an output set, an initialization state and operation conversion;
preferably, the plurality of system objects are constructed using a data structure, wherein the data structure comprises: data type, data variable, system object type, and state machine object;
constructing the abstract state machine protocol according to the plurality of system objects;
further preferably, at least one precondition is set, and the precondition is used for judging whether the system call can be executed;
if the precondition is satisfied, the system state machine is converted from the first state space to the second state space.
In one embodiment, the converting the state machine specification to implementation code includes:
converting the state machine specification to an initial C language code by a translator;
manually modifying the initial C language code to obtain a final C language code;
the final C language code is converted into an intermediate representation of a compiling system, and the intermediate representation is used as the implementation code which can be identified by the system.
In one embodiment, the translating, by a translator, the state machine specification into an initial C language code includes: data structure conversion and function conversion, wherein,
the data structure conversion includes converting a kernel object in the state machine specification into a struct structure in the initial C language code, wherein the kernel object is described in a class manner;
the function conversion includes converting functions in the state machine specification into a Python syntax tree.
In one embodiment, the method further comprises:
if the verification is passed, compiling the intermediate representation into a system mirror image;
preferably, the method further comprises:
traversing a known abstract syntax tree, collecting related information and classifying the related information;
converting the abstract syntax tree into a form conforming to the semantic specification of the C language according to the structure of the abstract syntax tree and a pre-defined syntax conversion rule to obtain the Python syntax tree;
performing internal conversion of functions according to the Python syntax tree, including conversion of the class functions, deletion of state space variables and conversion of reference pointers;
the Python syntax tree is converted into the initial C language code.
In one embodiment, the verifying, by a verifier, whether the converted implementation code meets the requirements of the state machine specification includes:
inputting the converted implementation codes into a solver and a symbol execution engine respectively, solving the converted implementation codes sequentially through the solver and the symbol execution engine, and verifying whether the converted implementation codes meet the requirements of the state machine specifications;
preferably, the state machine protocol and the state space of the implementation code are acquired respectively;
acquiring a peer-to-peer function between a system and the state machine protocol;
providing the state space of the state machine protocol, the state space of the implementation code and the peer function for a solver to solve in a mode of meeting first-order logic to obtain a solving result;
judging whether the implementation code meets the requirements of the state machine protocol according to the solving result;
further preferably, the verifying, by a verifier, whether the state machine specification meets the requirements of the declaration specification includes:
and acquiring the state space by the state machine protocol through the symbol execution engine, wherein the state space is represented by a first-order logic expression, the state space represented by the first-order logic expression and the declaration protocol are simultaneously input into a solver for solving, and whether the state machine protocol meets the requirement of the declaration protocol is verified.
A software verification apparatus, the apparatus comprising:
the system comprises a protocol acquisition module, a protocol generation module and a protocol generation module, wherein the protocol acquisition module is used for acquiring a protocol, wherein the protocol comprises a state machine protocol and a statement protocol, and the state machine protocol and the statement protocol are written according to a predefined writing rule;
the conversion module is used for converting the state machine protocol into an implementation code;
the first verification module is used for verifying whether the converted implementation code meets the requirements of the state machine protocol or not through a verifier;
the second verification module is used for verifying whether the state machine protocol meets the requirements of the statement protocol or not through a verifier;
and the judging module is used for verifying if the converted implementation code meets the requirements of the state machine protocol and the state machine protocol meets the requirements of the statement protocol.
A computer device comprising a memory storing a computer program and a processor which when executing the computer program performs the steps of:
acquiring a specification, wherein the specification comprises a state machine specification and a statement specification, and the state machine specification and the statement specification are written according to a predefined writing rule;
Converting the state machine protocol into an implementation code;
verifying whether the converted implementation code meets the requirements of the state machine protocol through a verifier;
verifying whether the state machine protocol meets the requirements of the declaration protocol by a verifier;
and if the converted implementation code meets the requirements of the state machine protocol and the state machine protocol meets the requirements of the statement protocol, the verification is passed.
A computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
acquiring a specification, wherein the specification comprises a state machine specification and a statement specification, and the state machine specification and the statement specification are written according to a predefined writing rule;
converting the state machine protocol into an implementation code;
verifying whether the converted implementation code meets the requirements of the state machine protocol through a verifier;
verifying whether the state machine protocol meets the requirements of the declaration protocol by a verifier;
and if the converted implementation code meets the requirements of the state machine protocol and the state machine protocol meets the requirements of the statement protocol, the verification is passed.
The software verification method, the device, the computer equipment and the storage medium are characterized in that the state machine specifications and the declaration specifications written according to the predefined writing rules are obtained, the state machine specifications are converted into the realization codes which are input into the verifier for verification and input into the verifier for verification, and if the converted realization codes meet the requirements of the state machine specifications and the state machine specifications meet the requirements of the declaration specifications, the verification is passed. Thereby achieving the purpose of rapidly verifying the correctness of the software and the function.
Drawings
FIG. 1 is a formal verification framework diagram of a software verification method in one embodiment;
FIG. 2 is a flow diagram of a software verification method in one embodiment;
FIG. 3 is a flow chart illustrating the state machine protocol conversion steps in one embodiment;
FIG. 4 is a flow chart of a state machine protocol conversion step according to another embodiment;
FIG. 5 is a flow chart of a software verification step in one embodiment;
FIG. 6 is a block diagram of a software verification device in one embodiment;
fig. 7 is an internal structural diagram of a computer device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.
The software verification method provided by the application can be applied to a formalized verification framework shown in fig. 1. Writing two types of specifications, namely a state-machine (state-machine) specification and an declaration specification, according to a writing rule of a predefined specification, converting the state-machine specification into an initial C language code through a translator (Parser), then carrying out simple local addition and modification on the generated initial C language code in a manual mode to obtain a final C language code, and then converting the final C language code into an intermediate representation (LLVM IR) of the compiling system through a LLVM compiling system to be input into a verifier for verification; and meanwhile, inputting the state machine protocol into a verifier for verification, and when the converted realization code meets the requirements of the state machine protocol and the state machine protocol meets the requirements of the statement protocol, passing the verification, otherwise, giving a counterexample.
In one embodiment, as shown in fig. 2, a software verification method is provided, and the method is applied to the formalized verification framework in fig. 1 for illustration, and includes the following steps:
step S202, acquiring a protocol.
Wherein the conventions include state machine conventions and declaration conventions; the protocol is a representation of the upper level abstraction of the program, describing the relevant characteristics of the system and the requirements to be met by the corresponding program; the state machine is used for representing the abstract state of the system and describing the overall state of the system and the change condition of the system after state transition; the declaration conventions are expressed in the form of predicates for describing upper-layer attribute information of the system.
Specifically, the state machine specifications and the declaration specifications are written according to predefined writing rules, that is, writing rules of the specifications are predefined in a formal verification framework, then the state machine specifications and the declaration specifications are written according to the rules, and finally written state machine specifications and declaration specifications are obtained.
Step S204, converting the state machine protocol into an implementation code.
Wherein the implementation code refers to a code form that can be recognized by the verifier. Specifically, the state machine protocol acquired in step S202 is converted into an implementation code that can be recognized by the verifier in the formal verification framework.
Step S206, verifying whether the converted implementation code meets the requirements of the state machine protocol by a verifier.
Specifically, the implementation code converted in step S204 is input into a verifier in a formal verification framework, and the correctness of the implementation code is verified by the verifier.
Step S208, verifying whether the state machine protocol meets the requirements of the declaration protocol by a verifier.
Specifically, the state machine specifications acquired in step S202 are input into a verifier in a formal verification framework, and it is verified by the verifier whether the state machine specifications satisfy the requirements of the declaration specifications.
Step S210, if the converted implementation code meets the requirements of the state machine protocol and the state machine protocol meets the requirements of the declaration protocol, the verification is passed.
Specifically, when the converted implementation code meets the requirement of the state machine protocol and the state machine protocol meets the requirement of the declaration protocol, the verification is passed, otherwise, a counterexample is given, namely, relevant information is given in the output result for a programmer to find errors.
In the software verification method, the state machine specifications and the declaration specifications written according to the predefined writing rules are obtained, the state machine specifications are converted into the realization codes to be input into the verifier for verification, meanwhile, the state machine specifications are input into the verifier for verification, and if the converted realization codes meet the requirements of the state machine specifications and the state machine specifications meet the requirements of the declaration specifications, the verification is passed. Thereby achieving the purpose of rapidly verifying the correctness of the software and the function.
In one embodiment, the step S202 specifically includes the following steps:
in step S2022, the state machine specifications are written in Python language.
Wherein, the state machine protocol is used for describing the correctness of the system function and the system interface; the state machine conventions include abstract state machine conventions and state transition conventions; abstract state machine specifications are used to describe the overall state space of the system, the system objects contained in the system, and the relevant information for these system objects, such as: information such as data type, attribute, etc.; the state transition protocol is used for describing the system interface and the change condition of the whole state space of the system after the system interface is called.
As an alternative embodiment, step S2022 includes: the state space of the state machine specification is described by an abstract state model, wherein the abstract state model comprises a system external interface set, a state machine state set, an output set, an initialization state and operation conversion.
Specifically, the state space of the state machine specification may be described by an abstract state model < T, S, O, init, step >, where T represents the set of external interfaces of the system; s represents a state set of state machines; o represents an output set; init represents an initialization state; step represents an operation transition. Further, the conversion process of the system is that
step:S×T→S′×O
The representation state set S corresponds to a transformation set that is mapped to another state set S' and gives an output result set O.
As another alternative embodiment, the process of constructing the abstract state machine specification in step S2022 specifically includes the following steps:
in step S2023, various system objects are constructed using the data structure.
Wherein the data structure comprises: data type, data variable, system object type, and state machine object.
In particular, the system object may be built using the Python-related data types or the data types provided by the z3py library, such as: the variable of the size_t type is represented by z3.BitVecSort (64) in the formal verification framework, and represents that the system object is a 64-bit vector type, and the data type allows operation in a symbolic execution mode, so that a state space after the whole function is executed is obtained; the constant of the size_t=1 type is expressed using z3.bitvecsort (1, 64).
Specifically, a Class function Class provided by Python can be utilized to construct a system object, and attribute information in the Class can be described through a data structure (Map, refcnt), wherein the Map describes attributes contained in the system object; refcnt describes the resource usage of the system object relative to other system objects.
Step S2025 constructs the abstract state machine specification from the plurality of system objects.
As another alternative embodiment, the writing rule of the state transition specification in step S2022 specifically includes the following steps:
in step S2023a, at least one precondition is set, where the precondition is used to determine whether the system call can be executed.
Specifically, the system process may be set to a preset state, where the preset state refers to an "executable" state of the system, and at least one precondition for determining that the system call can be executed is set through a logic expression set condition. Since multiple branch decisions may be involved in the state transition process, various preconditions typically need to be set during the overall state transition process describing the state machine.
In step S2025a, if the precondition is satisfied, the system state machine is converted from the first state space to the second state space.
Wherein the first state space refers to a state space before conversion; the second state space refers to the converted state space; specifically, the If function in the util tool set provided by the formal verification framework is determined, if the precondition set in step S2023a is satisfied, the system state machine is converted into a new state, otherwise, the original state space is kept unchanged.
As another alternative embodiment, the writing rule of the state transition specification in step S2022 further includes: and setting attribute information in the first state space to establish a copy of the first state space.
Specifically, by setting the related attribute information in the new state space, that is, new=old.
Step S2024 writes the declaration specification on the basis of the state machine specification.
Wherein the declaration specification in the formal verification framework primarily describes exclusive use relationships of resources and shared reference count relationships of resources. Specifically, taking an operating system as an example, due to exclusivity of the operating system and isolation between processes, it is possible to ensure that the state space of the system remains unchanged before and after state transition by describing the relevant attributes of the page table, and to check these attributes by adding a check function.
In one embodiment, the writing of the state machine specification and the declaration specification in step S202 according to a predefined writing rule specifically includes the following steps:
step S2022a adds the return value information to the function definition in Python language.
Specifically, since the function in Python language has no return type, in order to ensure the correct conversion of the state machine protocol, return value information needs to be added in the function definition in Python language, and the return value type of the function can be resolved by '_' for example: def int_func_name (paramtype_xxx) can be translated into inffunc_ name (paramtype xxx) { }.
In step S2024a, the first parameter of the Python function is set as the object parameter of the system state space.
In step S2026a, the parameter types and parameter names of the other parameters of the Python function are segmented by preset symbols.
Specifically, the parameter types and parameter names of other parameters may be divided by a preset symbol '_' for example: the pid_t_pid may be translated into a pid_t pid.
In the software verification method, a programmer writes related protocols by using Python language according to a predefined writing rule, so that the personnel investment and the difficulty of formal verification can be reduced, and the current situation that the design and the implementation cannot be unified is avoided.
In one embodiment, as shown in fig. 3, step S204 specifically includes the following steps:
in step S2042, the state machine specifications are converted into an initial C language code by a translator.
Specifically, the state machine specifications are automatically converted by the translator into the initial C language code in the semi-finished state.
As an alternative embodiment, step S2042 includes data structure conversion and function conversion, and specifically includes the steps of:
step S2043, converting the kernel object in the state machine protocol into struct structure in the initial C language code, wherein the kernel object is described in a class manner.
Specifically, in the process of converting the state machine specification into the implementation code, the data structure of the state machine specification needs to be converted, that is, a kernel object (described in a Class type) in the state machine specification is converted into a struct structure body in the initial C language code.
Step S2045, converting the function in the state machine protocol into a Python syntax tree.
Specifically, in the process of converting the state machine protocol into the implementation code, the function of the state machine protocol needs to be converted, that is, the function in the state machine protocol is converted into a Python syntax tree, and the existing syntax tree is changed and the program is reorganized through an abstract syntax tree (Abstract Syntax Tree, AST) in the Python library.
As an alternative embodiment, as shown in fig. 4, step S2045 further includes the following steps:
step S2045a, traversing the known abstract syntax tree, collecting the related information and classifying the related information.
The collected related information comprises a function name set to be converted, a logic expression set condition of each function, a new state machine variable set, an old state machine variable set and the like.
Step S2045b, according to the structure of the abstract syntax tree and the predefined syntax conversion rule, converts the abstract syntax tree into a form conforming to the semantic specification of the C language, thereby obtaining the Python syntax tree.
Specifically, the abstract syntax tree may be converted by recording the skip condition and the corresponding logic code in the formal verification framework so as to satisfy the conversion condition as much as possible, for example: it is known that an AST has a jump condition util.if function, and the function needs to be converted into an if (condition) { } else { } or the like that conforms to the semantic specification of C language.
Step S2045c, performing internal conversion of the function according to the Python syntax tree, wherein the internal conversion comprises conversion of the class function, deletion of state space variables and conversion of the reference pointer.
And step S2045d, converting the Python grammar tree into the initial C language code.
And step S2044, manually modifying the initial C language code to obtain a final C language code.
Specifically, on the basis of the initial C language code obtained in step S2042, simple local addition and modification are performed manually, for example: the operations such as resource organization and the like are required to be manually added through a linked list, so that a final C language code is obtained.
Step S2046, converting the final C language code into an intermediate representation of the compiling system, and using the intermediate representation as the implementation code that can be recognized by the system.
As an alternative embodiment, the intermediate representation is compiled into a system image if validated.
Specifically, if the converted implementation code in step S204 meets the requirements of the state machine protocol, and meanwhile, the state machine protocol acquired in step S202 meets the requirements of the declaration protocol, the intermediate representation in step S2046 is finally compiled into the system image.
In the software verification method, the translator automatically converts the state machine protocol into the implementation code which can be identified by the system under the formal verification framework, so that the software verification can be quickly performed, the software verification efficiency is improved, the defect that the existing verification tool is limited to a specific programming language is overcome, and the verification universality is realized.
In one embodiment, as shown in fig. 5, step S206 specifically includes the following steps:
step S2062, obtaining the state machine specification and the state space of the implementation code, respectively.
Specifically, the state space of the state machine protocol acquired in step S202 and the state space of the implementation code obtained after conversion in step S204 are acquired respectively by a method of symbol execution. Among them, symbolic execution is a program analysis technique that can obtain input by analyzing a program to cause a specific code region to execute. When a program is analyzed using symbolic execution, the program will use the symbolic value as input, rather than the specific value used when the program is executed generally. When the target code is reached, the analyzer may get the corresponding path constraint, and then get a specific value that may trigger the target code through the constraint solver.
In step S2064, a peer function between the system and the state machine protocol is obtained.
Wherein the peer function is used to describe an equivalence relation between the LLVM IR data structure and the abstract state of the system. For example: the peer function llvm_global ('@ current')= state.current, through which current process is looked up in Llvm IR, which corresponds to the current PID in the implementation code, state.current represents the current PID in the abstract state specification.
Step S2066, providing the state space of the state machine protocol, the state space of the implementation code and the peer function to a solver for solving in a manner of satisfying the first order logic, thereby obtaining a solving result.
Wherein, the solver refers to a software tool for judging the satisfaction problem of the first-order logic formula under a specific theory, and comprises Z3, SATP and the like. Specifically, the state space of the state machine protocol acquired in step S2062, the state space of the implementation code, and the peer function acquired in step S2064 are simultaneously input into the solver, and the dynamic symbol solving of the function is performed by the symbol execution engine of the solver.
Further, before inputting the solver, the execution process is required to be conformed, firstly undefined actions in LLVM IR are excluded, wherein the undefined actions comprise zero removal operation, undefined operation and the like, and the operations can be realized through scripts provided by a framework; secondly, LLVM IR is mapped into a solver, and can be realized through the encapsulation operation of the LLVM IR.
Step S2068, determining whether the implementation code meets the requirements of the state machine protocol according to the solving result.
In one embodiment, step S206 further includes: and respectively inputting the converted implementation codes into a solver and a symbol execution engine, solving the converted implementation codes sequentially through the solver and the symbol execution engine, and verifying whether the converted implementation codes meet the requirements of the state machine specifications.
Wherein the compliance execution engine is designed and developed based on a solver, providing a dynamic symbol of a function to perform a solving process, such as: a=bitvecsort (64), which represents a 64-bit symbolized variable, def fun (a), and the parameters of fun are input using symbolized parameter a, i.e., the symbolized variable is input into the execution function, and the function fun will complete symbolization.
Specifically, the verification process in step S206 includes two parts, namely, solver verification and symbol execution engine verification, that is, the converted implementation codes are respectively input into the solver and the symbol execution engine, and the solver and the symbol execution engine are sequentially used for solving and verifying the converted implementation codes.
In the software verification method, the state space of the state machine protocol, the state space of the implementation code and the peer function are simultaneously input into the solver for solving, and whether the implementation code meets the requirement of the state machine protocol or not is judged according to the solving result, so that software verification can be conveniently and rapidly realized, the difficulty of formal verification is reduced, and the verification efficiency is improved.
In one embodiment, step S208 includes: and acquiring the state space by the state machine protocol through the symbol execution engine, wherein the state space is represented by a first-order logic expression, the state space represented by the first-order logic expression and the declaration protocol are simultaneously input into a solver for solving, and whether the state machine protocol meets the requirement of the declaration protocol is verified.
Specifically, step S208 first obtains a state space of a state machine protocol through a symbol execution engine, and inputs the state space expressed according to a first-order logic expression and the obtained declaration protocol into a solver for solving, so as to verify whether the state machine protocol meets the requirement of the declaration protocol.
It should be understood that, although the steps in the flowcharts of fig. 2-5 are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in fig. 2-5 may include multiple sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor do the order in which the sub-steps or stages are performed necessarily occur sequentially, but may be performed alternately or alternately with at least a portion of the sub-steps or stages of other steps or steps.
In one embodiment, as shown in fig. 6, there is provided a software verification apparatus including: a protocol acquisition module 301, a conversion module 302, a first verification module 303, a second verification module 304, and a judgment module 305, wherein:
The protocol acquisition module 301 is configured to acquire a protocol, where the protocol includes a state machine protocol and a declaration protocol, and the state machine protocol and the declaration protocol write according to a predefined writing rule;
the conversion module 302 is configured to convert the state machine specification into implementation code;
the first verification module 303 is configured to verify, by using a verifier, whether the converted implementation code meets a requirement of the state machine protocol;
the second verification module 304 is configured to verify, by a verifier, whether the state machine protocol meets a requirement of the declaration protocol;
the judging module 305 is configured to pass the verification if the converted implementation code meets the requirements of the state machine protocol and the state machine protocol meets the requirements of the declaration protocol.
In one embodiment, the protocol obtaining module 301 is specifically configured to write the state machine protocol through Python language, where the state machine protocol is used to describe the correctness of the system function and the system interface; writing the declaration protocol based on the state machine protocol, wherein the declaration protocol is used for describing system attributes and variable information of the system; wherein the state machine conventions include abstract state machine conventions and state transition conventions.
In one embodiment, the protocol obtaining module 301 is specifically configured to describe a state space of the state machine protocol through an abstract state model, where the abstract state model includes a set of external interfaces of the system, a set of state machine states, a set of outputs, an initialized state, and an operation transition.
In one embodiment, the protocol acquisition module 301 is specifically configured to construct a plurality of system objects using a data structure, where the data structure includes: data type, data variable, system object type, and state machine object; and constructing the abstract state machine protocol according to the various system objects.
In one embodiment, the protocol obtaining module 301 is specifically configured to set at least one pre-condition, where the pre-condition is used to determine whether the system call can be executed; if the precondition is satisfied, the system state machine is converted from the first state space to the second state space.
In one embodiment, the protocol obtaining module 301 is specifically configured to add the return value information to the function definition in the Python language; setting a first parameter of a Python function as an object parameter of a system state space; and dividing the parameter types and the parameter names of other parameters of the Python function through preset symbols.
In one embodiment, the conversion module 302 is specifically configured to convert, by a translator, the state machine specification into an initial C language code; manually modifying the initial C language code to obtain a final C language code; the final C language code is converted into an intermediate representation of a compiling system, and the intermediate representation is used as the implementation code which can be identified by the system.
In one embodiment, the conversion module 302 is specifically configured to convert a kernel object in the state machine protocol into a struct structure in the initial C language code, where the kernel object is described in a class manner; the functions in the state machine conventions are converted into Python syntax trees.
In one embodiment, the first verification module 303 is specifically configured to obtain the state space of the state machine specification and the implementation code respectively; acquiring a peer-to-peer function between a system and the state machine protocol; providing the state space of the state machine protocol, the state space of the implementation code and the peer function for a solver to solve according to a first-order logic mode meeting theorem to obtain a solving result; and judging whether the implementation code meets the requirements of the state machine protocol according to the solving result.
In one embodiment, the first verification module 303 is specifically configured to input the converted implementation code into a solver and a symbol execution engine, and sequentially solve the converted implementation code through the solver and the symbol execution engine, so as to verify whether the converted implementation code meets the requirements of the state machine protocol.
In one embodiment, the second verification module 304 is specifically configured to obtain the state space by using the symbol execution engine through the state machine protocol, where the state space is represented by a first-order logic expression, and the state space represented by the first-order logic expression and the declaration protocol are input into a solver at the same time to be solved, so as to verify whether the state machine protocol meets the requirement of the declaration protocol.
In one embodiment, the system image compiling module is further configured to compile the intermediate representation into a system image if the intermediate representation passes the verification.
For specific limitations of the software verification device, reference may be made to the above limitation of the software verification method, and the description thereof will not be repeated here. The respective modules in the above-described software verification apparatus may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 7. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is for storing software verification data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a software verification method.
It will be appreciated by those skilled in the art that the structure shown in fig. 7 is merely a block diagram of some of the structures associated with the present application and is not limiting of the computer device to which the present application may be applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided comprising a memory and a processor, the memory having stored therein a computer program, the processor when executing the computer program performing the steps of:
acquiring a specification, wherein the specification comprises a state machine specification and a statement specification, and the state machine specification and the statement specification are written according to a predefined writing rule;
converting the state machine protocol into an implementation code;
verifying whether the converted implementation code meets the requirements of the state machine protocol through a verifier;
verifying whether the state machine protocol meets the requirements of the declaration protocol by a verifier;
and if the converted implementation code meets the requirements of the state machine protocol and the state machine protocol meets the requirements of the statement protocol, the verification is passed.
In another embodiment, the steps of the software verification method in any of the above embodiments may also be implemented when the processor executes a computer program.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:
acquiring a specification, wherein the specification comprises a state machine specification and a statement specification, and the state machine specification and the statement specification are written according to a predefined writing rule;
Converting the state machine protocol into an implementation code;
verifying whether the converted implementation code meets the requirements of the state machine protocol through a verifier;
verifying whether the state machine protocol meets the requirements of the declaration protocol by a verifier;
and if the converted implementation code meets the requirements of the state machine protocol and the state machine protocol meets the requirements of the statement protocol, the verification is passed.
In an embodiment, the computer program may further implement the steps of the software verification method in any of the above embodiments when executed by a processor.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the various embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples merely represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the invention. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application is to be determined by the claims appended hereto.
Claims (14)
1. A method of software verification, the method comprising:
writing a state machine specification by Python language, and writing a statement specification on the basis of the state machine specification; the state machine protocol is used for describing the correctness of the system functions and the system interfaces; the declaration protocol is used for describing system attributes and system invariant information; wherein the state machine conventions include abstract state machine conventions and state transition conventions;
Converting the state machine protocol into an implementation code;
verifying whether the converted implementation code meets the requirements of the state machine protocol through a verifier;
verifying whether the state machine protocol meets the requirements of the declaration protocol by a verifier;
and if the converted implementation code meets the requirements of the state machine protocol and the state machine protocol meets the requirements of the statement protocol, the verification is passed.
2. The method of claim 1, wherein writing state machine specifications in Python language, writing declaration specifications based on the state machine specifications comprises:
adding return value information in the function definition of the Python language;
setting a first parameter of a Python function as an object parameter of a system state space;
and dividing the parameter types and the parameter names of other parameters of the Python function through preset symbols.
3. The method of claim 1, wherein writing state machine specifications in Python language comprises:
the state space of the state machine specification is described by an abstract state model, wherein the abstract state model comprises a system external interface set, a state machine state set, an output set, an initialization state and operation conversion.
4. The method of claim 3, wherein the describing the state space of the state machine specification by an abstract state model comprises:
constructing a plurality of system objects using a data structure, wherein the data structure comprises: data type, data variable, system object type, and state machine object;
and constructing the abstract state machine protocol according to the various system objects.
5. The method of claim 1, wherein writing state machine specifications in Python language comprises:
setting at least one pre-condition, wherein the pre-condition is used for judging whether the system call can be executed or not;
if the precondition is satisfied, the system state machine is converted from the first state space to the second state space.
6. The method of claim 1, wherein converting the state machine specification into implementation code comprises:
converting the state machine specification to an initial C language code by a translator;
manually modifying the initial C language code to obtain a final C language code;
the final C language code is converted into an intermediate representation of a compiling system, and the intermediate representation is used as the implementation code which can be identified by the system.
7. The method of claim 6, wherein said translating, by a translator, said state machine specification into an initial C language code comprises: data structure conversion and function conversion, wherein,
the data structure conversion includes converting a kernel object in the state machine specification into a struct structure in the initial C language code, wherein the kernel object is described in a class manner;
the function conversion includes converting functions in the state machine specification into a Python syntax tree.
8. The method of claim 7, wherein the method further comprises:
traversing a known abstract syntax tree, collecting related information and classifying the related information;
converting the abstract syntax tree into a form conforming to the semantic specification of the C language according to the structure of the abstract syntax tree and a pre-defined syntax conversion rule to obtain the Python syntax tree;
performing internal conversion of functions according to the Python syntax tree, wherein the internal conversion comprises class function conversion, deletion of state space variables and conversion of reference pointers;
converting the Python syntax tree into the initial C language code;
if the converted implementation code meets the requirements of the state machine protocol and the state machine protocol meets the requirements of the statement protocol, after passing the verification, the method further comprises the following steps:
The intermediate representation is compiled into a system image.
9. The method of claim 1, wherein verifying, by a verifier, whether the converted implementation code meets requirements of the state machine specification comprises:
and respectively inputting the converted implementation codes into a solver and a symbol execution engine, solving the converted implementation codes sequentially through the solver and the symbol execution engine, and verifying whether the converted implementation codes meet the requirements of the state machine specifications.
10. The method according to any one of claims 1 to 9, wherein said verifying whether the converted implementation code meets the requirements of the state machine specification comprises:
respectively acquiring the state machine protocol and the state space of the implementation code;
acquiring a peer-to-peer function between a system and the state machine protocol;
providing the state space of the state machine protocol, the state space of the implementation code and the peer function for a solver to solve in a mode of meeting first-order logic to obtain a solving result;
and judging whether the implementation code meets the requirements of the state machine protocol according to the solving result.
11. The method of claim 10, wherein verifying, by a verifier, whether the state machine specification meets requirements of the declaration specification comprises:
and acquiring the state space by the state machine protocol through the symbol execution engine, wherein the state space is represented by a first-order logic expression, the state space represented by the first-order logic expression and the declaration protocol are simultaneously input into a solver for solving, and whether the state machine protocol meets the requirement of the declaration protocol is verified.
12. A software verification apparatus, the apparatus comprising:
the protocol acquisition module is used for writing a state machine protocol through a Python language and writing a statement protocol on the basis of the state machine protocol; the state machine protocol is used for describing the correctness of the system functions and the system interfaces; the declaration protocol is used for describing system attributes and system invariant information; wherein the state machine conventions include abstract state machine conventions and state transition conventions;
the conversion module is used for converting the state machine protocol into an implementation code;
the first verification module is used for verifying whether the converted implementation code meets the requirements of the state machine protocol or not through a verifier;
The second verification module is used for verifying whether the state machine protocol meets the requirements of the statement protocol or not through a verifier;
and the judging module is used for verifying if the converted implementation code meets the requirements of the state machine protocol and the state machine protocol meets the requirements of the statement protocol.
13. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 11 when the computer program is executed.
14. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910480992.5A CN110347588B (en) | 2019-06-04 | 2019-06-04 | Software verification method, device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910480992.5A CN110347588B (en) | 2019-06-04 | 2019-06-04 | Software verification method, device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110347588A CN110347588A (en) | 2019-10-18 |
| CN110347588B true CN110347588B (en) | 2024-03-15 |
Family
ID=68181498
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910480992.5A Active CN110347588B (en) | 2019-06-04 | 2019-06-04 | Software verification method, device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110347588B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112685315A (en) * | 2021-01-05 | 2021-04-20 | 电子科技大学 | C-source code-oriented automatic formal verification tool and method |
| CN113282492A (en) * | 2021-05-24 | 2021-08-20 | 湖南大学 | Operating system kernel formal verification method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107111713A (en) * | 2014-10-02 | 2017-08-29 | 微软技术许可有限责任公司 | The automatic checking of software systems |
| CN108536581A (en) * | 2018-03-08 | 2018-09-14 | 华东师范大学 | Formalization verification method and system when a kind of operation for source code |
| CN109240907A (en) * | 2018-07-26 | 2019-01-18 | 华东师范大学 | The automatic verification method of embedded real-time operating system based on Hoare logic |
| CN109634869A (en) * | 2018-12-21 | 2019-04-16 | 中国人民解放军战略支援部队信息工程大学 | Binary translation intermediate representation correctness test method and device based on semantic equivalence verifying |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080229261A1 (en) * | 2007-03-16 | 2008-09-18 | Microsoft Corporation | Design rule system for verifying and enforcing design rules in software |
-
2019
- 2019-06-04 CN CN201910480992.5A patent/CN110347588B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107111713A (en) * | 2014-10-02 | 2017-08-29 | 微软技术许可有限责任公司 | The automatic checking of software systems |
| CN108536581A (en) * | 2018-03-08 | 2018-09-14 | 华东师范大学 | Formalization verification method and system when a kind of operation for source code |
| CN109240907A (en) * | 2018-07-26 | 2019-01-18 | 华东师范大学 | The automatic verification method of embedded real-time operating system based on Hoare logic |
| CN109634869A (en) * | 2018-12-21 | 2019-04-16 | 中国人民解放军战略支援部队信息工程大学 | Binary translation intermediate representation correctness test method and device based on semantic equivalence verifying |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110347588A (en) | 2019-10-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Enoiu et al. | Automated test generation using model checking: an industrial evaluation | |
| Semeráth et al. | Formal validation of domain-specific languages with derived features and well-formedness constraints | |
| CN110149800B (en) | Apparatus for processing abstract syntax tree associated with source code of source program | |
| US9983977B2 (en) | Apparatus and method for testing computer program implementation against a design model | |
| US8291372B2 (en) | Creating graphical models representing control flow of a program manipulating data resources | |
| Langer et al. | Semantic model differencing utilizing behavioral semantics specifications | |
| Bergmann | Translating OCL to graph patterns | |
| Beyer | Relational programming with CrocoPat | |
| JP7394213B2 (en) | Smart contract processing methods, systems, computer equipment, and readable storage media | |
| CN109597618B (en) | Program development method, program development device, computer device, and storage medium | |
| Tisi et al. | Improving higher-order transformations support in ATL | |
| Pinto et al. | Aspect composition for multiple target languages using LARA | |
| CN110347588B (en) | Software verification method, device, computer equipment and storage medium | |
| Torlak et al. | Applications and extensions of Alloy: past, present and future | |
| CN115357898A (en) | Dependency analysis method, device and medium for JAVA component | |
| US11593076B2 (en) | Method for merging architecture data | |
| Gotti et al. | UML executable: A comparative study of UML compilers and interpreters | |
| Darvas et al. | Generic representation of PLC programming languages for formal verification | |
| Marmsoler et al. | Conformance testing of formal semantics using grammar-based fuzzing | |
| Kerkouche et al. | Uml activity diagrams and maude integrated modeling and analysis approach using graph transformation | |
| CN115033212A (en) | Avionics system primitive model integrated construction method and device and computer equipment | |
| CN114153435A (en) | EB2S system for intelligent contract code design and generation and use method | |
| Nooraei Abadeh et al. | Delta‐based regression testing: a formal framework towards model‐driven regression testing | |
| Semeráth et al. | Validation of Derived Features and Well-Formedness Constraints in DSLs: By Mapping Graph Queries to an SMT-Solver | |
| Straszak et al. | Model-driven acceptance test automation based on use cases |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20221212 Address after: No. 259-10, Hengxue Road, Fangqiao Street, Fenghua District, Ningbo, Zhejiang 315000 (self declaration) Applicant after: Ningbo Qianchuan Technology Co.,Ltd. Address before: No. 303, B1, No. 36, Haidian West Street, Haidian District, Beijing 100,089 Applicant before: Beijing QianChuan Technology Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |