CN117271344A - Safety severity software form verification method for protection and lifesaving system - Google Patents
Safety severity software form verification method for protection and lifesaving system Download PDFInfo
- Publication number
- CN117271344A CN117271344A CN202311268151.0A CN202311268151A CN117271344A CN 117271344 A CN117271344 A CN 117271344A CN 202311268151 A CN202311268151 A CN 202311268151A CN 117271344 A CN117271344 A CN 117271344A
- Authority
- CN
- China
- Prior art keywords
- model
- formal verification
- safety
- verification
- checking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 title claims abstract description 58
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000004088 simulation Methods 0.000 claims abstract description 9
- 238000013461 design Methods 0.000 claims abstract description 5
- 238000004458 analytical method Methods 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 7
- 238000012360 testing method Methods 0.000 claims description 5
- 238000006243 chemical reaction Methods 0.000 claims description 4
- 238000007689 inspection Methods 0.000 claims description 2
- 230000001681 protective effect Effects 0.000 claims 3
- 238000010200 validation analysis Methods 0.000 claims 1
- 230000007547 defect Effects 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 7
- 230000015572 biosynthetic process Effects 0.000 description 4
- 238000003786 synthesis reaction Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000015556 catabolic process Effects 0.000 description 2
- 238000006731 degradation reaction Methods 0.000 description 2
- ONIBWKKTOPOVIA-BYPYZUCNSA-N L-Proline Chemical compound OC(=O)[C@@H]1CCCN1 ONIBWKKTOPOVIA-BYPYZUCNSA-N 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3608—Software analysis for verifying properties of programs using formal methods, e.g. model checking, abstract interpretation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a software form verification method for protecting safety severity of a life-saving system, which comprises the following steps: creating a blank formal verification project as an observer model; defining an observer model according to the safety requirement and the use scene of the functional model to obtain the output of the safety attribute; creating a top-level operator model, and connecting the functional model with the observer model; creating a custom formal verification target according to the output of the security attribute; a corresponding formal verification strategy is formulated according to the formal verification target; starting a formalization engine to analyze the functional model and the corresponding observation model; obtaining and outputting a formal verification result; checking the verification result, and if the checking result is true, the functional model is correct; if the checking result is false, a counterexample is derived, the counterexample is used for model simulation, and after the model is corrected, the next round of formalized verification is iterated. The invention can find out the design defect of the model and provide the model developer with correction of the model.
Description
Technical Field
The invention belongs to the technical field of aviation, and particularly relates to a software-form verification method for protecting safety severity of a life-saving system.
Background
The new generation of protection and lifesaving system software needs to select different modes to control the multi-path mechanism to work according to factors such as speed, height, three-way angle and three-way angular speed in different working scenes, so as to complete the ejection lifesaving function, and can perform mode degradation conversion in real time according to the degradation condition of a multi-factor data source when the modes are executed, so that the lifesaving performance of the ejection lifesaving system is ensured to be exerted to the maximum extent. The new generation of protection and lifesaving system software has the characteristics of high safety (disaster accidents can be caused by software failure), high control precision (time precision is in millisecond level), more complex logic (speed, three-way angular speed, three-way angle and high multi-factor combined control), and along with the establishment of a software demand model, formal verification of the model is required, so that the correctness of the model is ensured. In the prior art, there are few methods for formalized verification of models.
Disclosure of Invention
The invention aims to provide a method for verifying the safety severity software form of a protection and lifesaving system, which can realize formal verification of a safety severity software demand model of the protection and lifesaving system, can find out design defects of the model and is used for a model developer to correct the model.
In order to solve the technical problems, the technical scheme of the invention is as follows:
a method for verifying a security severity software form of a protection and rescue system, comprising the steps of:
s1, creating a blank formalized verification project as an observer model;
s2, defining an observer model according to the safety requirement of a functional model to be verified and a use scene to obtain the output of safety attributes;
s3, creating a top-level operator model, and connecting the functional model with the observer model;
s4, creating a self-defined formal verification target according to the output of the security attribute;
s5, formulating a corresponding formal verification strategy according to the formal verification target;
s6, starting a formalization engine to analyze the functional model and the corresponding observation model;
s7, obtaining a formal verification result and outputting the formal verification result;
s8, checking the formal verification result, and if the checking result is true, the functional model is correct; if the checking result is false, a test case is derived, the output result of the functional model and the observer model is false, the test case is used for carrying out model simulation, the functional model is corrected based on the simulation result, and then the system returns to S1, and the next round of formalization verification is carried out in an iteration mode.
Step S1 may be replaced with enabling the formalized analysis engine.
The output type of the security attribute is a bool type, and the true value output represents the security guide for analysis by the formalization engine.
Constraints are added in the top-level operator model through assertion techniques, excluding extraneous scenes.
S4, the step of enabling the original design model to build a preset formal verification target can be replaced.
There are 4 types of preset formal verification targets, including:
a) Divide by 0 inspection: for verifying whether a divide by 0 is possible;
b) Overflow checking, namely verifying whether the value type data overflows during assignment, shift or type conversion;
c) Dynamic access checking: for verifying whether the array index crosses the boundary;
d) Consistency check, which is to verify whether the assumptions and constraints are consistent.
There is also provided a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method as claimed in any one of the preceding claims when the computer program is executed.
There is also provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method as claimed in any of the preceding claims.
Compared with the prior art, the invention has the beneficial effects that:
the invention can realize formal verification of the safety severity software demand model of the protection and lifesaving system, and can find out the design defect of the model for a model developer to correct the model; the method can be used for software formalization verification of the rocket ejection seat electronic program controller, can also be used for safety requirement analysis of other safety-critical software, and has good application prospect.
Drawings
FIG. 1 is a schematic flow chart of an embodiment of the present invention;
FIG. 2 is a schematic diagram of a formal verification model for verifying the calculation function of the catapult speed Vi in an embodiment of the invention;
fig. 3 is a schematic diagram of a formal verification model for verifying Vi as a synthesis speed V when h= -100m in the embodiment of the present invention;
fig. 4 is a diagram of a formal verification model structure when h=8000 m and the synthesis speed V is 0.6547578 in the embodiment of the present invention;
fig. 5 is a diagram of a formal verification model configuration when h=15000 m and the synthesis speed V is 0.1821692 in the embodiment of the present invention;
fig. 6 is a diagram of a formal verification model configuration when h=25000 m and the synthesis speed V is 0.2680766 in the embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention. In addition, the technical features of the embodiments of the present invention described below may be combined with each other as long as they do not collide with each other.
The technical scheme of the invention is as follows:
the bounded model checking (BMC: bounded Model Checking) method is a supplementary method for symbolic model checking based on binary decision diagram (BDD: binary Decision Diagram), the main idea is to limit the number of model behavior steps by an integer k, encode the behaviors in the system k steps into a set of Boolean constraints, then solve the Boolean satisfaction SAT (Boolean Satisfiability) problem analysis method based on the Boolean satisfaction problem analysis method so as to efficiently find out all errors in the k steps, and the method is adopted to conduct formal verification scheme on a safety critical software requirement model of the protection and rescue system as shown in figure 1, wherein the formal verification scheme is as follows:
s1, a formal verification personnel creates a new formal verification project or enables a formal analysis engine in the current development project, so that a model predefined library related to the formal verification can be automatically imported into the project.
S2, defining an observer model according to the safety requirements of the functional model to be verified and the use scene established by a model designer, wherein the safety attribute contained in the observer model is designed by the model, the output of the safety attribute is required to be designed into a bool type, and the true value output represents safety guidance for analysis by a formalization engine.
And S3, creating a top-level operator model, and connecting the functional model to be verified with the observer/attribute model. Constraints can be added in the top-level operation model using assertion techniques (asseries) to exclude extraneous scenes to accelerate the formalized analysis process.
S4, creating a self-defined formal verification target according to the security attribute, or directly starting the built-in pre-defined formal verification target of the model.
S5, customizing the formal verification strategy and applying the strategy to the formal verification target.
S6, starting the formalization engine for analysis.
S7, outputting a formal verification result.
S8, checking results, if true, obtaining a certificate, if false, importing a given counterexample to perform model simulation, and then, after correcting the model based on the simulation results, iterating to perform the next formalized analysis.
There are 4 predefined formal verification targets indicated in S4:
a) divide-by-Zero PO (Division-by-Zero PO): verifying whether a divide by 0 is possible;
b) Overflow checking (Overflow PO) to verify if the value type data overflows during assignment, shifting or type conversion, etc.;
c) Dynamic access check (Dynamic Access PO): verifying whether the array index crosses the boundary or not, and the like;
the invention is further described in detail by the following embodiments:
the calculation function of the electronic program controller for monitoring the running software ejection table speed Vi is described as follows: if the calibrated airspeed signal is invalid, the electronic program controller calculates the ejection meter speed Vi according to the real-time height H and the synthetic speed V of the ejection instant inertial measurement module, and the range of H is minus 500m and 25000 m.
Step 1: and establishing formal verification engineering, defining an observer model according to security requirements, identifying 4 groups of security attribute outputs (Prol 1-Prol 4) as shown in table 1, and then establishing connection between the functional model to be verified and the observer model by using assertion (assertion) as shown in fig. 2.
TABLE 1
| Name | Type | Information |
| V_DEC | float32 | Input device |
| h_DEC | float32 | Input device |
| Vi | float32 | Input device |
| prol1 | Bool | Security attribute output |
| Prol2 | Bool | Security attribute output |
| Prol3 | Bool | Security attribute output |
| Prol4 | Bool | Security attribute output |
Step 2: and creating verification targets according to different security attributes, such as verification security attribute Prol1, taking H= -100m, starting a formal verification engine for analysis, and checking analysis results, as shown in fig. 3.
Step 3: h=8000 m, v= 0.6547578 verification security attribute proc 2, h=15000 m, v= 0.1821692 verification security attribute proc 3, h=25000 m, v= 0.2680766 verification security attribute proc 4 are set in order according to step 2, as shown in fig. 4 to 6.
Step 4: and checking and verifying results, if the results are true, obtaining the security attribute, if false, performing model simulation according to a counterexample (a test example with the output results of the functional model and the observer model being false), correcting the model based on the simulation results, and then iterating to perform the next round of formalized analysis.
Consistency check (PO) verifies that the assumptions and constraints are consistent.
It will be readily appreciated by those skilled in the art that the foregoing description is merely a preferred embodiment of the invention and is not intended to limit the invention, but any modifications, equivalents, improvements or alternatives falling within the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (8)
1. A method for verifying a safety severity software form of a protection and rescue system, comprising the steps of:
s1, creating a blank formalized verification project as an observer model;
s2, defining an observer model according to the safety requirement of a functional model to be verified and a use scene to obtain the output of safety attributes;
s3, creating a top-level operator model, and connecting the functional model with the observer model;
s4, creating a self-defined formal verification target according to the output of the security attribute;
s5, formulating a corresponding formal verification strategy according to the formal verification target;
s6, starting a formalization engine to analyze the functional model and the corresponding observation model;
s7, obtaining a formal verification result and outputting the formal verification result;
s8, checking the formal verification result, and if the checking result is true, the functional model is correct; if the checking result is false, a test case is derived, the output result of the functional model and the observer model is false, the test case is used for carrying out model simulation, the functional model is corrected based on the simulation result, and then the system returns to S1, and the next round of formalization verification is carried out in an iteration mode.
2. A method of validating the security severity software form of a protective life saving system according to claim 1, wherein step S1 is replaced with an enabling formalization analysis engine.
3. The method of claim 1, wherein the output type of the security attribute is a bol type, and the true value output represents a security guide for analysis by the formalization engine.
4. A method of validating the security severity software form of a protective life saving system according to claim 1, wherein constraints are added by asserting techniques in the top-level operator model, excluding extraneous scenes.
5. A method of validating the security severity software form of a protective life saving system according to claim 1, wherein step S4 is replaced by enabling the original design model to build in a preset form validation target.
6. The method of claim 5, wherein the predetermined formal verification targets are 4 types, and the method comprises:
a) Divide by 0 inspection: for verifying whether a divide by 0 is possible;
b) Overflow checking, namely verifying whether the value type data overflows during assignment, shift or type conversion;
c) Dynamic access checking: for verifying whether the array index crosses the boundary;
d) Consistency check, which is to verify whether the assumptions and constraints are consistent.
7. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1-6 when the computer program is executed.
8. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method according to any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311268151.0A CN117271344A (en) | 2023-09-27 | 2023-09-27 | Safety severity software form verification method for protection and lifesaving system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311268151.0A CN117271344A (en) | 2023-09-27 | 2023-09-27 | Safety severity software form verification method for protection and lifesaving system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117271344A true CN117271344A (en) | 2023-12-22 |
Family
ID=89205811
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311268151.0A Pending CN117271344A (en) | 2023-09-27 | 2023-09-27 | Safety severity software form verification method for protection and lifesaving system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117271344A (en) |
-
2023
- 2023-09-27 CN CN202311268151.0A patent/CN117271344A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20080228338A1 (en) | Automated engine data diagnostic analysis | |
| CA2987186C (en) | Reducing nuisance fault indications from a vehicle using physics based and data driven models | |
| CN106446412A (en) | Model-based test method for avionics systems | |
| KR20210031111A (en) | Device and method of data acqusition for safety certification | |
| CN112560269B (en) | Rhapbody state machine-based high fault tolerance electronic system task reliability simulation analysis method | |
| CN113221362B (en) | Satellite launching field performance test subject purpose selection method and device and electronic equipment | |
| CN112712305A (en) | Aircraft system and health assessment method and device thereof | |
| US10586014B1 (en) | Method and system for verification using combined verification data | |
| Menkhaus et al. | Metric suite for directing the failure mode analysis of embedded software systems | |
| CN117271344A (en) | Safety severity software form verification method for protection and lifesaving system | |
| CN104572470B (en) | A kind of integer overflow fault detection method based on transformation relation | |
| Wu et al. | Development, verification and validation of an FPGA-based core heat removal protection system for a PWR | |
| US20220269846A1 (en) | Structural analysis for determining fault types in safety related logic | |
| Basagiannis | Software certification of airborne cyber-physical systems under DO-178C | |
| CN110688152B (en) | Software reliability quantitative evaluation method combining software development quality information | |
| CN115408967A (en) | Identifying associations of security-related ports with their security mechanisms through structural analysis | |
| Abraham | Verification and validation spanning models to code | |
| Saifan et al. | Using formal methods for test case generation according to transition-based coverage criteria | |
| Elliott et al. | A process for developing safe software | |
| Schuster | Certification of software tools used in safety-critical software development | |
| CN111913953B (en) | Diagnostic database generation method and device | |
| US11847393B2 (en) | Computing device and method for developing a system model utilizing a simulation assessment module | |
| Wei et al. | An optimized method for generating fault tree from a counter-example | |
| CN117453470A (en) | Verification method, device, equipment and medium for memory bank in system-level chip | |
| Valfre | Testability modeling usage in design-for-test and product lifecycle cost reduction |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |