CN112667215A - Automatic repairing method for formalized requirement specification - Google Patents
Automatic repairing method for formalized requirement specification Download PDFInfo
- Publication number
- CN112667215A CN112667215A CN202110022180.3A CN202110022180A CN112667215A CN 112667215 A CN112667215 A CN 112667215A CN 202110022180 A CN202110022180 A CN 202110022180A CN 112667215 A CN112667215 A CN 112667215A
- Authority
- CN
- China
- Prior art keywords
- conflict
- formula
- ltl
- conflicts
- true
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses an automatic repairing method for formalized requirement specifications, which comprises the following steps: s1: inputting the environmental constraint and system assertion of a requirement specification, automatically searching conflicts by using a local search algorithm, and forming a conflict set by the searched conflicts; s2: screening conflicts in the conflict set, sequencing the screened conflicts according to the occurrence probability, and taking the conflict with the highest probability; s3: negating the conflict with the highest probability obtained in the step S2 and adding the negation into the system assertion of the requirement specification; s4: returning to step S1, where the system assertion of the requirement specification is the system assertion processed in step S3, until no new conflict can be found, proceeding to step S5; s5: the environmental constraints of the demand specification and the system assertions at that time are output. The invention provides an automatic demand refinement method, which can efficiently and automatically search the conflict of demand protocols, thereby providing a direction for restoring the demand protocols.
Description
Technical Field
The invention relates to the field of formalized demand repair, in particular to an automatic repair method for formalized demand specifications.
Background
In a software system, software and environment always run as expected, and the realization of the software system is difficult because a situation that assertions are contradictory can be caused is inevitable, and because the software system is naturally designed in a manual design process, a phenomenon of lack of demand naturally exists, and the lack of demand is known to be one of main reasons for software failure. The requirement engineering is just a subject aiming at the problem of lack of requirements, and the main work of the requirement engineering is to perform requirement analysis according to proven effective technologies, principles and methods, so as to obtain requirement setting under the current target as much as possible, thereby increasing the robustness and completeness of software. In the formalized demand engineering, firstly, modeling is carried out on demands, and then whether the models meet the demands is analyzed. One of the analysis stages is a conflict analysis stage, the main work content of the stage is to find the problems and conflicts existing in the current system demand model, then add and modify the current demand according to the problems and conflicts, and further repair the demand model, and the conflict analysis stage mainly comprises three steps: (1) identifying conditions that cause a divergence in system assertions, i.e., a conflict; (2) assessing the severity of the conflict and the priority of the treatment; (3) and processing the conflict.
The Chinese patent with publication number CN109918049A, publication number of 2019, 06 and 21, discloses a verification method of a software development model based on formal verification, which combines the formal verification and the software development process to improve the high credibility of software and logically ensure the reliability of the developed software; the method plays a role in verifying the development logic in the software development process in the field of software error detection by formalized verification; the possibility of the program running in an abnormal state is reduced. But the invention does not give a general collision recovery method for the system.
For a better description of the requirements, the following basic concepts are explained. Linear Temporal Logic (LTL) is a fuzzy sequential logic expressed in time. A linear temporal logic formula is a logical proposition with temporal attributes. In addition to the AND (^) or (V.V.), Not (Not), implication (→), true (true), false (false) in propositional logic, LTL contains some special operators whose underlying semantic and symbolic representations are shown in Table 1. When there is a variable assignment such that the LTL formula is true, then we call this formula satisfiable, and satisfiable; when no assignment exists, the LTL formula is true, and the formula is called as mutually exclusive and is not satisfied; when any assignment can make the LTL formula true, we call this formula a perpetual formula. The satisfiability of LTL is determinable, and the primary role of the LTL solver is to determine whether an LTL formula is satisfiable. Generally speaking, given an LTL equation as an input, a solver may give a satisfiability decision for the equation, i.e., Satisfiable (SAT) and Unsatisfiable (UNSAT).
In the target-oriented demand engineering methodology, the demand specifications are derived from two parts, namely, the environment constraint (Domain property) and the system assertion (Goal) under the form of LTL (Linear Temporal logic). Environmental constraints are state descriptions of current system requirements and system assertions are assertions of system functionality. Conditions that satisfy the environmental constraint requirements but cause the system to assert a conflict are defined as a conflict. Colloquially, a conflict is a scenario that causes a software system to be in error. Environmental constraint (Domain Property): the description of the state of the current system requirement is denoted as Domain ═ dom1,dom2,...,domn}. System assertion (Goal): assertion of system function, marked as Goal ═ g1,g2,...,gn}. Conflict (Boundary Condition): a valuation scenario that satisfies the environmental constraints but causes the system to assert conflicts. Since LTL can reflect the variable in time seriesThe state changes, so it is obvious that in a system, the states of different physical quantities and their changes can be expressed using the LTL formula. Environmental constraints and system assertions are just formulas that are formally represented using LTL. We give a complete property definition of the conflict, for the system assertion set, Goal ═ g1,g2,...,gnAnd the set of environmental constraints, Domain, conflicts
The following properties exist:
(1) logical inconsistency:
is not satisfactory;
(2) minimum property:
is satisfactory;
(3) non-trivial:
is of a permanent type.
Wherein G is the conjunctive of all system assertions in the system assertion set Goal, i.e., G ═ G1∧g2∧...∧gn;G-iAsserting the conjunctive of all the other elements except the ith element in the set of good for the system, i.e. G-i=g1∧...∧gi-1∧gi+1∧...∧gn。
TABLE 1
Disclosure of Invention
The invention mainly aims to provide an automatic repair method for formalized requirement specifications, which solves the problem of assertion conflict of an automatic repair system in formalized requirement engineering.
In order to solve the technical problems, the technical scheme of the invention is as follows:
an automatic repairing method for formalized requirement specification comprises the following steps:
s1: inputting the environmental constraint and system assertion of a requirement specification, automatically searching conflicts by using a local search algorithm, and forming a conflict set by the searched conflicts;
s2: screening conflicts in the conflict set, sequencing the screened conflicts according to the occurrence probability, and taking the conflict with the highest probability;
s3: negating the conflict with the highest probability obtained in the step S2 and adding the negation into the system assertion of the requirement specification;
s4: returning to step S1, where the system assertion of the requirement specification is the system assertion processed in step S3, until no new conflict can be found, proceeding to step S5;
s5: the environmental constraints of the demand specification and the system assertions at that time are output.
Preferably, the step S1 of automatically searching for a conflict by using a local search algorithm specifically includes the following steps:
s11: input the environmental constraint Domain of the requirement specification, the System asserts Goal ═ g1,g2,...,gn};
S12: initializing the current candidate solution to Not (g)1∧g2∧...∧gn) The initial LTL formula is adopted, and the constant transform is utilized to push Not down to a variable, wherein the Not represents non-logic;
s13: randomly selecting a plurality of neighbor LTL formulas of candidate solution to form a Set;
s14: scoring each neighbor LTL formula in the Set by using a target function;
s15: adding the conflict in the Set into the result Set;
s16: updating the current candidate solution for the formula with the highest Set score;
s17: repeating steps S3-S6 until the run reaches a maximum time;
s18: and outputting the result set as a conflict set.
Preferably, the neighbor LTL formula is generated by a formula editing operation, specifically:
definition of O1Is a set of unary operators { Not, X, F, G }, λ1∈O1X, F, G are all logical symbols,
to represent
At the next moment in time that is true,
to represent
At some point in the future is true,
to represent
True at any time in the future;
definition of O2Is a binary operator set { < v, →, U, R }, λ2∈O2A, < V >, < U >, R are all logical symbols, < V > represents AND logic, < V > represents OR logic, < V > represents implied logic,
is shown in
Before being true, psi must always be true,
is shown in
Before being true, including that time instant, psi must always be true if
It is not possible to be true, psi remains true forever;
p is a variable, and p is a variable,
for the initial LTL formula, the LTL is,
for a new LTL formula obtained after one operation, the three formula editing operations are as follows:
a) addition of
Add a unary operator:
adding a binary operator and a variable:
or
b) Modifying
Modifying one variable:
when in use
When the current is over;
modify a unary operator:
when in use
When the current is over;
modify a binary operator:
when in use
When the current is over;
c) deleting
Delete a unary operator:
when in use
When the current is over;
deleting a binary operator:
or p' when
For an LTL formula
Any sub-formula of the LTL is subjected to the formula editing operation once to obtain a new LTL formula, and the set of the new LTL formula is formed into a neighborhood of the LTL formula.
Preferably, in step S14, each neighbor LTL formula in the Set is scored using an objective function. First, each component function of the objective function is introduced
Auxiliary function
Reintroducing the objective function
The method specifically comprises the following steps:
where | Goal | is the number of elements in the assertion set of the system, G-i=g1∧...∧gi-1∧gi+1∧...∧gn。
Objective function
Comprises the following steps:
in the formula (I), the compound is shown in the specification,
is a formula
The number of variables and operators.
Preferably, when the formula
Is higher than 3, it is regarded as a conflict, an
The shorter the length of (c), the higher the score.
Preferably, in step S2, the method includes the steps of screening the conflicts in the conflict set, sorting the screened conflicts according to the occurrence probability, and selecting the conflict with the highest probability, and specifically includes the following steps:
s21: inputting a conflict set sigma and outputting a general conflict set with the highest probability;
s22: traversing each LTL formula in Σ
If found using LTL solver
The presentation logic is to push out a symbol,
logically deducing psi, then deleting
Finally forming a general conflict set by the residual LTL formulas of the sigma;
s23: calculating the probability of each conflict in the general conflict set by using a model counting method;
s24: and selecting the general conflict with the highest probability and outputting.
Preferably, in step S23, a model counting method is used to calculate the probability of each collision in the general collision set, specifically:
respectively calculating the number # a of models which are asserted by an environment constraint inverted V system and the number # b of models which are asserted by the environment constraint inverted V system within the limited model length by using a model counting method,
compared with the prior art, the technical scheme of the invention has the beneficial effects that:
the invention provides an automatic demand refinement method, which can efficiently and automatically search and describe the conflict of demand protocols, thereby providing a direction for demand restoration. On the aspect of the problem of automatic search conflict, the local search algorithm designed by the invention greatly improves the search performance.
Drawings
FIG. 1 is a schematic flow chart of the method of the present invention.
Detailed Description
The drawings are for illustrative purposes only and are not to be construed as limiting the patent;
for the purpose of better illustrating the embodiments, certain features of the drawings may be omitted, enlarged or reduced, and do not represent the size of an actual product;
it will be understood by those skilled in the art that certain well-known structures in the drawings and descriptions thereof may be omitted.
The technical solution of the present invention is further described below with reference to the accompanying drawings and examples.
Example 1
The embodiment provides an automatic repairing method for formalized requirement specifications, as shown in fig. 1, including the following steps:
s1: inputting the environmental constraint and system assertion of a requirement specification, automatically searching conflicts by using a local search algorithm, and forming a conflict set by the searched conflicts;
s2: screening conflicts in the conflict set, sequencing the screened conflicts according to the occurrence probability, and taking the conflict with the highest probability;
s3: negating the conflict with the highest probability obtained in the step S2 and adding the negation into the system assertion of the requirement specification;
s4: returning to step S1, where the system assertion of the requirement specification is the system assertion processed in step S3, until no new conflict can be found, proceeding to step S5;
s5: the environmental constraints of the demand specification and the system assertions at that time are output.
In step S1, the conflict is automatically found by using a local search algorithm, which specifically includes the following steps:
s11: the environment constraint Domain of the input requirement, the system declares the good ═ g1,g2,...,gn};
S12: initializing the current candidate solution to Not (g)1∧g2∧...∧gn) Is the initial LTL formula and utilizes constantsThe transformation pushes Not down to the variable, Not representing Not logic;
s13: randomly selecting a plurality of neighbor LTL formulas of candidate solution to form a Set;
s14: scoring each neighbor LTL formula in the Set by using a target function;
s15: adding the conflict in the Set into the result Set;
s16: updating the current candidate solution for the formula with the highest Set score;
s17: repeating steps S3-S6 until the run reaches a maximum time;
s18: and outputting the result set as a conflict set.
The neighbor LTL formula is generated by formula editing operation, and specifically comprises the following steps:
definition of O1Is a set of unary operators { not, X, F, G }, λ1∈O1X, F, G are all logical symbols,
to represent
At the next moment in time that is true,
to represent
At some point in the future is true,
to represent
True at any time in the future;
definition of O2Is a binary operator set { < v, →, U, R }, λ2∈O2A, < V >, < U >, R are all logical symbols, < V > represents AND logic, < V > represents OR logic, < V > represents implied logic,
is shown in
Before being true, psi must always be true,
is shown in
Before being true, including that time instant, psi must always be true if
It is not possible to be true, psi remains true forever;
p is a variable, and p is a variable,
for the initial LTL formula, the LTL is,
for a new LTL formula obtained after one operation, the three formula editing operations are as follows:
a) addition of
Add a unary operator:
adding a binary operator and a variable:
or
b) Modifying
Modifying one variable:
when in use
When the current is over;
modify a unary operator:
when in use
When the current is over;
modify a binary operator:
when in use
When the current is over;
c) deleting
Delete a unary operator:
when in use
When the current is over;
deleting a binary operator:
or p' when
For an LTL formula
Any sub-formula of the LTL is subjected to the formula editing operation once to obtain a new LTL formula, and the set of the new LTL formula is formed into a neighborhood of the LTL formula.
In step S14, each neighbor LTL formula in the Set is scored using an objective function. First, each component function of the objective function is introduced
Auxiliary function
Reintroducing the objective function
The method specifically comprises the following steps:
where | Goal | is the number of elements in the assertion set of the system, G-i=g1∧...∧gi-1∧gi+1∧...∧gn. Objective function
Comprises the following steps:
in the formula (I), the compound is shown in the specification,
is a formula
The number of variables and operators.
When the formula
Is higher than 3, it is regarded as a conflict, an
The shorter the length of (c), the higher the score.
The prior art has two kinds of conflict of automatic search, one is to adopt a table decomposition method, and the other is to adopt a genetic algorithm. The table decomposition method belongs to a construction method, and expands the LTL formula semantics into a syntax tree with a back edge, thereby constructing a conflict. The genetic algorithm belongs to a search method, and initializes a batch of LTL formulas, and simulates chromosome behaviors through the formulas to carry out mutation and cross exchange so as to obtain conflicts. The invention adopts a local search algorithm in the automatic search conflict, also belongs to a search method, and is different from a genetic algorithm in that the direction of formula change is appointed by a formula neighborhood, a target function is appointed to lead the search to advance towards the conflict, and the conflict of the local search is appointed, so that the conflict can be found with less iteration times.
In step S2, the method includes the steps of screening conflicts in the conflict set, sorting the screened conflicts according to the occurrence probability, and selecting the conflict with the highest probability, which specifically includes the following steps:
s21: inputting a conflict set sigma and outputting a general conflict set with the highest probability;
s22: traversing each LTL formula in Σ
If found using LTL solver
The presentation logic is to push out a symbol,
logically deducing psi, then deleting
Finally forming a general conflict set by the residual LTL formulas of the sigma;
s23: calculating the probability of each conflict in the general conflict set by using a model counting method;
s24: and selecting the general conflict with the highest probability and outputting.
In step S23, a model counting method is used to calculate the probability of each collision in the general collision set, specifically:
respectively calculating the number # a of models which are asserted by an environment constraint inverted V system and the number # b of models which are asserted by the environment constraint inverted V system within the limited model length by using a model counting method,
in a particular embodiment, a water pump system in a mine tunnel is considered, the system being aimed at preventing flood bursts in the mine tunnel. But when the system detects that the water level is too high, the water pump is started to pump water. But when the system detects that gas exists in the mine hole, the water pump cannot be started. Now, the water level is represented by a Boolean variable h, p represents that the water pump is started, and m represents that gas exists in the mine hole. Then the environmental constraints and system assertions are as follows:
and (3) environmental constraint: when the water pump is continuously started for two times, the water level is changed to a low water level at the third time
The LTL formula describes: g ((p. lamda. Xp) → X (X Not h))
The system asserts 1: when the water level is too high, the system starts the water pump
The LTL formula describes: g (h → Xp)
The system asserts 2: when gas exists in the mine hole, the system can not start the water pump
The LTL formula describes: g (m → X Not h)
The steps of the process using this embodiment are as follows:
the method comprises the following steps: and inputting an environment constraint and a system assertion set after formalized requirements, and positioning conflicts by using a local search algorithm.
1. Initializing the current candidate formula to be Not (G (h → Xp) ^ G (m → X Not h));
2. the current candidate formula is rewritten as F (h ^ X (Notp)) V-V (m ^ X (p)) by removing → and pushing Not down on the variable with the constant transform;
3. obtaining a plurality of neighbors of the current candidate formula by using formula editing operation, wherein one neighbor is as follows:
F(h∧X(Not p))∨(m∧X(p))
deleting F of the current candidate formula to obtain;
calculating the score of the neighbor formula, F (h Λ x (not p)) (m Λ x (p))) score of 1+1+1+0.09 ═ 3.09, i.e. it is a conflict, added to the result set;
4. and modifying the current candidate formula into the formula with the highest score in the neighborhood. Assuming that the formula with the highest score among the currently selected neighbors is F (h ^ X (Notp)) (m ^ X (p)), then this formula is called the current candidate formula for the next iteration.
5. And repeating the steps 3-4, and finally outputting a result set as a conflict set.
And step two, screening and sorting the conflict set.
Suppose step one outputs a set of conflicts as
{F(h∧m),h∧m,F(h∧Notm∧p∧X((Not h∧Not p)∨(h∧(m∨Not p))))}
1. Only is provided with
Thus deleting h ^ m
2. Obtain the general conflict set { F (h ^ m), F (h ^ Not m ^ p ^ X ((Not h ^ Not p) ((h ^ m) (Not))))) }
3. The probability of collision occurrence within the length of the model 1000 is calculated by using a model counting method as shown in table 2:
TABLE 2
4. The general conflict F with the highest output probability (h ^ Not m ^ p ^ X ((Not h ^ Not p) V (h ^ Not p)))) is thus obtained.
Step three, selecting the general conflict with the highest probability, negating the general conflict, and adding the general conflict into a system assertion set;
not (F (h ^ Not m ^ p ^ x ((Not h ^ Notp) V-shaped (h ^ (m ^ Notp)))) is added into the original system assertion set as a newly added system assertion.
Step four: and repeating the first step to the third step until no conflict is found.
The same or similar reference numerals correspond to the same or similar parts;
the terms describing positional relationships in the drawings are for illustrative purposes only and are not to be construed as limiting the patent;
it should be understood that the above-described embodiments of the present invention are merely examples for clearly illustrating the present invention, and are not intended to limit the embodiments of the present invention. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the claims of the present invention.
Claims (7)
1. An automatic repairing method for formalized requirement specification is characterized by comprising the following steps:
s1: inputting the environmental constraint and system assertion of a requirement specification, automatically searching conflicts by using a local search algorithm, and forming a conflict set by the searched conflicts;
s2: screening conflicts in the conflict set, sequencing the screened conflicts according to the occurrence probability, and taking the conflict with the highest probability;
s3: negating the conflict with the highest probability obtained in the step S2 and adding the negation into the system assertion of the requirement specification;
s4: returning to step S1, where the system assertion of the requirement specification is the system assertion processed in step S3, until no new conflict can be found, proceeding to step S5;
s5: the environmental constraints of the demand specification and the system assertions at that time are output.
2. The automated formal requirement specification repair method according to claim 1, wherein the step S1 of automatically searching for conflicts by using a local search algorithm includes the following steps:
s11: input the environmental constraint Domain of the requirement specification, the System asserts Goal ═ g1,g2,...,gn};
S12: initializing the current candidate solution to Not (g)1∧g2∧...∧gn) The initial LTL formula is adopted, and the constant transform is utilized to push Not down to a variable, wherein the Not represents non-logic;
s13: randomly selecting a plurality of neighbor LTL formulas of candidate solution to form a Set;
s14: scoring each neighbor LTL formula in the Set by using a target function;
s15: adding the conflict in the Set into the result Set;
s16: updating the current candidate solution for the formula with the highest Set score;
s17: repeating steps S3-S6 until the run reaches a maximum time;
s18: and outputting the result set as a conflict set.
3. The method for automated repair of formal requirement conventions according to claim 2, wherein the neighbor LTL formula is generated by a formula editing operation, specifically:
definition of O1Is a set of unary operators { Not, X, F, G }, λ1∈O1X, F, G are all logical symbols,
to represent
At the next moment in time that is true,
to represent
At some point in the future is true,
to represent
True at any time in the future;
definition of O2Is a binary operator set { < v, →, U, R }, λ2∈O2A, < V >, < U >, R are all logical symbols, < V > represents AND logic, < V > represents OR logic, < V > represents implied logic,
is shown in
Before being true, psi must always be true,
is shown in
Before being true, including that time instant, psi must always be true if
It is not possible to be true, psi remains true forever;
p is a variable, and p is a variable,
for the initial LTL formula, the LTL is,
for a new LTL formula obtained after one operation, the three formula editing operations are as follows:
a) addition of
Add a unary operator:
adding a binary operator and a variable:
or
b) Modifying
Modifying one variable:
when in use
When the current is over;
modify a unary operator:
when in use
When the current is over;
modify a binary operator:
when in use
When the current is over;
c) deleting
Deleting a unary operationSymbol:
when in use
When the current is over;
deleting a binary operator:
or p' when
For an LTL formula
Any sub-formula of the LTL is subjected to the formula editing operation once to obtain a new LTL formula, and the set of the new LTL formula is formed into a neighborhood of the LTL formula.
4. The method for automated repair of formal requirement conventions according to claim 3, wherein in step S14, the objective function is used to score each neighbor LTL formula in the Set, and each score function of the objective function is introduced first
Auxiliary function
Reintroducing the objective function
The method specifically comprises the following steps:
where | Goal | is the number of elements in the assertion set of the system, G-i=g1∧...∧gi-1∧gi+1∧...∧gn;
Objective function
Comprises the following steps:
in the formula (I), the compound is shown in the specification,
is a formula
The number of variables and operators.
5. The formalized requirement specification automated repair method according to claim 4, wherein when the formula is
Is higher than 3, it is regarded as a conflict, an
The shorter the length of (c), the higher the score.
6. The method for automatically repairing formalized requirement stipulations according to claim 5, wherein the step S2 is to screen conflicts in the conflict set, sort the screened conflicts according to the probability of occurrence, and select the conflict with the highest probability, and specifically comprises the following steps:
s21: inputting a conflict set sigma and outputting a general conflict set with the highest probability;
s22: traversing each LTL formula in Σ
If phi e sigma can be found using the LTL solver,
the presentation logic is to push out a symbol,
logically deducing psi, then deleting
Finally forming a general conflict set by the residual LTL formulas of the sigma;
s23: calculating the probability of each conflict in the general conflict set by using a model counting method;
s24: and selecting the general conflict with the highest probability and outputting.
7. The automated formal requirement specification repair method according to claim 6, wherein in step S23, a model counting method is used to calculate the probability of each conflict in the general conflict set, specifically:
respectively calculating the length of limited model and the environmental constraint A within the limited model by using a model counting methodThe number of models # a of system assertion Λ conflict and the number of models # b of environment constraint Λ system assertion,
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011453300 | 2020-12-11 | ||
| CN2020114533007 | 2020-12-11 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112667215A true CN112667215A (en) | 2021-04-16 |
| CN112667215B CN112667215B (en) | 2022-02-25 |
Family
ID=75413747
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110022180.3A Active CN112667215B (en) | 2020-12-11 | 2021-01-08 | Automatic repairing method for formalized requirement specification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112667215B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114356294A (en) * | 2021-12-21 | 2022-04-15 | 华东师范大学 | Instance generation method and system based on FQLTL language |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030225552A1 (en) * | 2002-05-30 | 2003-12-04 | Nec Corporation | Efficient approaches for bounded model checking |
| US20080271000A1 (en) * | 2007-04-25 | 2008-10-30 | Microsoft Corporation | Predicting Conflicts in a Pervasive System |
| US20160371167A1 (en) * | 2015-06-17 | 2016-12-22 | General Electric Company | Scalable methods for analyzing formalized requirements and localizing errors |
| CN109388377A (en) * | 2018-10-08 | 2019-02-26 | 广西民族大学 | A kind of software security requirement acquisition method based on Formal Modeling |
| CN109918049A (en) * | 2019-01-12 | 2019-06-21 | 西北工业大学 | The verification method of software development model based on Formal Verification |
| US20190317760A1 (en) * | 2018-04-17 | 2019-10-17 | The Regents Of The University Of Michigan | Interactive And Dynamic Search Based Approach To Software Refactoring Recommendations |
| CN110532167A (en) * | 2019-07-05 | 2019-12-03 | 华东师范大学 | A kind of state machine model timing property verification method based on model conversion |
-
2021
- 2021-01-08 CN CN202110022180.3A patent/CN112667215B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030225552A1 (en) * | 2002-05-30 | 2003-12-04 | Nec Corporation | Efficient approaches for bounded model checking |
| US20080271000A1 (en) * | 2007-04-25 | 2008-10-30 | Microsoft Corporation | Predicting Conflicts in a Pervasive System |
| US20160371167A1 (en) * | 2015-06-17 | 2016-12-22 | General Electric Company | Scalable methods for analyzing formalized requirements and localizing errors |
| US20190317760A1 (en) * | 2018-04-17 | 2019-10-17 | The Regents Of The University Of Michigan | Interactive And Dynamic Search Based Approach To Software Refactoring Recommendations |
| CN109388377A (en) * | 2018-10-08 | 2019-02-26 | 广西民族大学 | A kind of software security requirement acquisition method based on Formal Modeling |
| CN109918049A (en) * | 2019-01-12 | 2019-06-21 | 西北工业大学 | The verification method of software development model based on Formal Verification |
| CN110532167A (en) * | 2019-07-05 | 2019-12-03 | 华东师范大学 | A kind of state machine model timing property verification method based on model conversion |
Non-Patent Citations (4)
| Title |
|---|
| RENZO DEGIOVANNI ET AL.: "A Genetic Algorithm for Goal-Conflict Identification", 《HTTPS://DOI.ORG/10.1145/3238147.3238220》 * |
| RENZO DEGIOVANNI ET AL.: "Goal-Conflict Detection based on Temporal Satisfiability Checking", 《2016 31ST IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING (ASE)》 * |
| RENZO DEGIOVANNI ET AL.: "Goal-Conflict Likelihood Assessment based on Model Counting", 《HTTPS://DOI.ORG/10.1145/3180155.3180261》 * |
| 文志诚: "面向对象软件的形式验证技术", 《中国优秀博硕士学位论文全文数据库(博士)信息科技辑》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114356294A (en) * | 2021-12-21 | 2022-04-15 | 华东师范大学 | Instance generation method and system based on FQLTL language |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112667215B (en) | 2022-02-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109918127B (en) | Defect error correction method based on code modification mode difference | |
| CN109991951B (en) | Multi-source fault detection and diagnosis method and device | |
| CN117951701A (en) | Method for determining flaws and vulnerabilities in software code | |
| Tang et al. | Adversarial attack on hierarchical graph pooling neural networks | |
| CN102598001A (en) | Techniques for analysis of logic designs with transient logic | |
| CN112667215B (en) | Automatic repairing method for formalized requirement specification | |
| Gurumurthy et al. | Fair simulation minimization | |
| US10540468B1 (en) | Verification complexity reduction via range-preserving input-to-constant conversion | |
| Kim et al. | Application of natural language processing (NLP) and text-mining of big-data to engineering-procurement-construction (EPC) bid and contract documents | |
| Tran et al. | Parallel symmetric class expression learning | |
| CN114579430A (en) | Test case recommendation system and method based on pre-training language model | |
| CN114329482A (en) | C/C + + vulnerability based on sequencing and inter-patch link recovery system and method thereof | |
| CN116305158A (en) | Vulnerability identification method based on slice code dependency graph semantic learning | |
| Niloofar et al. | Fusion of data and expert knowledge for fault tree reliability analysis of cyber-physical systems | |
| CN113094863A (en) | Civil aircraft system operation reliability assessment method considering failure propagation | |
| CN114579761A (en) | Information security knowledge entity relation connection prediction method, system and medium | |
| CN112948193B (en) | FPGA comprehensive tool defect detection method based on difference test | |
| CN114564202A (en) | Symbol model detection method and system based on SAT solver and application thereof | |
| Luo et al. | Compact Abstract Graphs for Detecting Code Vulnerability with GNN Models | |
| Kim et al. | Improving the Robustness of the Bug Triage Model through Adversarial Training | |
| Hao et al. | A novel vulnerability severity assessment method for source code based on a graph neural network | |
| Viet et al. | Transfer learning for predicting software faults | |
| Bogaerts et al. | SAT-to-SAT in QBFEval 2016. | |
| de la Higuera et al. | Inference of ω-languages from prefixes | |
| US20240054369A1 (en) | Ai-based selection using cascaded model explanations |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |