基于定理证明的内存安全性动态检测算法的正确性研究

随着软件运行时验证技术的发展,出现了许多面向C语言的运行时内存安全验证工具。这些工具大多是基于源代码或者中间代码插桩技术来实现内存安全的运行时检测。但是,其中一些没有经过严格证明的验证工具往往存在两方面的问题,一是插桩程序的加入可能会改变源程序的行为及语义,二是插桩程序并不能有效保证内存安全。为了解决这些问题,文中提出了一种使用Coq定理证明器来判定内存安全验证工具算法是否正确的形式化方法,并使用该方法对C语言运行时验证工具Movec的动态检测算法的正确性进行了证明。对安全规范性质的证明结果表明了Movec的内存安全性动态检测算法是正确的。     

基于函数式语义的循环和递归程序结构通用证明技术

各类安全攸关系统的可靠运行离不开软件程序的正确执行.程序的演绎验证技术为程序执行的正确性提供高度保障.程序语言种类繁多,且用途覆盖高可靠性场景的新式语言不断涌现,难以为每种语言设计支撑其程序验证任务的整套逻辑规则,并证明其相对于形式语义的可靠性和完备性.语言无关的程序验证技术提供以程序语言的语义为参数的验证过程及其可靠性结果.对每种程序语言,提供其形式语义后可直接获得面向该语言的程序验证过程.提出一种面向大步操作语义的语言无关演绎验证技术,其核心是对不同语言中循环、递归等可导致无界行为的语法结构进行可靠推理的通用方法.特别地,借助大步操作语义的一种函数式形式化提供表达程序中子结构所执行计算的能力,从而允许借助辅助信息对子结构进行推理.证明所提出验证技术的可靠性和相对完备性,通过命令式、函数式语言中的程序验证实例初步评估了该技术的有效性,并在Coq辅助证明工具中形式化了所有理论结果和验证实例,为基于辅助证明工具实现面向大步语义的语言无关程序验证工具提供了基础.     

基于SolidWorks/MPI平台的注塑模设计

一、SolidWorks软件简介 SolidWorks是一款参数化建模设计软件,系统提供了强大的、基于特征的实体建模功能.该软件的三维零件设计工具,可以方便地通过拉伸、旋转、薄壁特征、抽壳、特征阵列以及打孔等操作来实现产品的设计;提供了众多的曲面创建命令,能够生成由复杂曲面产生的实体;提供了完善的装配特征功能,通过对设计模型的装配,可以发现零件设计尺寸是否正确、整个装配体的零件之间是否产生干涉.其中模具设计是SolidWorks自带的模块,可以使用一系列控制模具生成过程的集成工具来生成模具,它覆盖了初始分析到生成切削分割的整个范围.     

基于开源处理器的传感器节点SOPC设计

采用软硬件协同设计的方法,基于开源处理器OpenRISC1200设计一种面向无线HART网络应用的传感器节点可编程片上系统(SOPC),实现节点任务处理等基本功能.整个硬件系统首先进行功能仿真,然后使用ISE工具综合、评估了整体性能,最后下载到FPGA中进行软件开发与验证.针对实际应用,移植了实时操作系统RAW-OS和无线HART协议栈,编写相应的程序完成测试,结果表明:所设计的节点片上系统(SOC)功能稳定可靠.     

基于谓词动态切片技术的AOP测试用例生成方法研究

面向方面程序设计是面向对象程序设计技术的补充和完善,高效的面向方面程序测试方法是面向方面程序的质量保证.提出一个基于谓词动态切片技术的测试方法.首先,构造完整的AOP语句控制流图,它包含AOP的方面、切入点、连接点、建议等因素.然后,根据完整的AOP语句控制流图生成所有路径,针对每条路径,构造其分支函数,计算得到相应的测试数据,若路径不可执行,则不再计算其测试数据.在这个过程中,通过构建简化动态依赖图来生成谓词动态切片,再用谓词动态切片来帮助调整测试数据.最后,将各路径的实际输出数据与期望输出数据相比较,即可判断该程序是否有错误.经实例分析和实验验证,此方法可以系统地测试一个完整的面向方面程序,提高了测试数据的生成效率,并产生有效的测试用例.     

支持形状分析的符号执行引擎的设计与实现

目前提高软件可靠性的方法有3种:动态测试、静态分析和程序验证。动态测试的结果依赖于测试集的设计,误报率低,漏报率高,分析结果不稳定。程序验证可以对程序的各种性质进行完备的验证。但目前程序验证通常都需要手动证明,分析成本最高。而程序静态分析可以更早、更全面、较高效和低成本地检测到程序中的缺陷。其中符号执行技术是一种比较有应用前景的静态分析技术,可以很好地控制 精确度。针对符号执行可伸缩性差和容易产生路径爆炸的问题,在符号执行过程中利用形状分析技术实现自动推导循环不变式和构建函数行为规范,实现了一个较为实用的C程序分析工具。     

分类树方法在集成电路设计功能验证中的应用

功能验证是制约集成电路设计发展的主要瓶颈,针对功能验证中存在的测试集设计难度大及覆盖模型精度低等问题,提出一种基于分类树方法的高效测试集生成方法及功能覆盖模型搭建方法,将验证方法应用于模加/模减单元的功能验证中。结果证明,运用分类树方法管理测试向量和搭建覆盖模型,可以显著提高验证完备性和可靠性。     

断言语言支持自定义谓词的程序验证器原型

基于逻辑推理的方法进行程序验证是形式化程序验证的研究热点.目前的自动验证工具为了保证自动性,对描述程序性质的断言语言都有较多限制,导致程序的某些递归性质难以用断言语言表述.本文在一个面向指针程序、基于先前自行设计的形状图逻辑、依赖于自动定理证明工具Z3的自动程序验证原型系统上,通过在断言语言中引入自定义谓词来增强断言语言的表达能力,使得该原型系统不仅能自动验证含操作易变数据结构的程序的性质,也能自动验证一些不含指针的程序的性质.     

T-CBESD:一个构件化嵌入式软件设计模型验证工具

现代复杂嵌入式软件系统的高可靠性需要有效的基于模型的设计与分析技术.传统的嵌入式软件可靠性保障技术主要关注于系统开发后期.本文在Eclipse平台上设计并实现了一个基于接口自动机模型的构件化嵌入式软件设计的形式化验证原型工具T-CBESD(Tool for Component-Based Embedded Software Designs).工具直接使用UML顺序图模型作为系统规约,可以检验系统设计模型与场景式规约之间多种行为一致性问题;并使用消息事件的时间约束不等式,检验实时接口自动机网络与带时间约束的顺序图模型之间的实时行为一致性问题.工具设计与实现内容包括:输入输出接口、顺序图模型的预处理转换、状态空间数据结构设计、抽象验证算法的实现以及通信构件组合系统的实例应用分析.     

程序设计语言设计和实现的发展趋向

大约十年以后,在诸如结构程序设计,规格说明,验证和语言设计各方面的进展将使程序设计变成一门真正的工程学科。＊＊＊程序设计语言,和围绕着程序设计语言的研究代表了在计算机科学里一些不太难于理解的东西。一方面,尽管前途光明,但却很难证明最新的语言—20年来研究的结果—已经对软件问题产生了重要的影响。确实,存在着证据一大部分程序本文使用非常简单的结构。因此我们可以推断,由于很少使用较新的“功能更强”的语言功能,所以也不可能对实际程序设计产生重要的影响。另一个证据     

AspectMaps: Extending Moose to visualize AOP software

When using aspect-oriented programming the application implicitly invokes the functionality contained in the aspects. Consequently program comprehension of such a software is more intricate. To alleviate this difficulty we developed the AspectMaps visualization and tool. AspectMaps extends the Moose program comprehension and reverse engineering platform with support for aspects, and is implemented using facilities provided by Moose. In this paper we present the AspectMaps tool, and show how it can be used by performing an exploration of a fairly large aspect-oriented application. We then show how we extended the FAMIX meta-model family that underpins Moose to also provide support for aspects. This extension is called ASPIX, and thanks to this enhancement Moose can now also treat aspect-oriented software. Finally, we report on our experiences using some of the tools in Moose; Mondrian to implement the visualization, and Glamour to build the user interface. We discuss how we were able to implement a sizable visualization tool using them and how we were able to deal with some of their limitations.Note: This paper uses colors extensively. Please use a color version to better understand the ideas presented here.     

面向方面的实时系统形式化开发方法

实时系统复杂性的不断增加以及对可配置性和可重用性要求的不断提高,需要如面向方面和基于组件的软件工程方法的支持,同时实时系统的可信性要求采用形式化方法来开发实时系统。本文试图建立一种面向方面的实时系统形式化开发方法,这种方法对RT—Z进行了面向方面和面向部件的扩展,并通过实时组件模型在需求和设计阶段提供了对基于部件的系统开发方法(CBSD)和面向方面的系统开发方法(AOSD)的支持。本文给出了面向方面的实时Z(AO—RT—Z)的组件模型的框架结构、语法要求、方面的联结和功能接口和非功能接口的定义,重点讨论并证明了面向方面的实时Z(AO—RT—Z)作为规格描述语言的健全性。     

Modeling and detecting semantic-based interactions in aspect-oriented scenarios

Interactions between dependent or conflicting aspects are a well-known problem with aspect-oriented development (as well as related paradigms). These interactions are potentially dangerous and can lead to unexpected or incorrect results when aspects are composed. To date, the majority of aspect interaction detection methods either have been based on purely syntactic comparisons or have relied on heavyweight formal methods. We present a new approach that is based instead on lightweight semantic annotations of aspects. Each aspect is annotated with domain-specific markers and a separate influence model describes how semantic markers from different domains influence each other. Automated analysis can then be used both to highlight semantic aspect conflicts and to trade-off aspects. We apply this technique to early aspects, namely, aspect scenarios, because it is desirable to detect aspect interactions as early in the software lifecycle as possible. We evaluate the technique using two case studies—one from industry and one posed as a challenge problem by the community—and show that the technique detects interactions that cannot be discovered using syntactic techniques. In addition, we show that the technique can apply to many languages through the use of different aspect-oriented scenario notations in the case studies, namely, MATA sequence diagrams and Aspect-oriented Use Case Maps.     

Aspect-oriented interaction in multi-organisational web-based systems

Separation of concerns has been presented as a promising tool to tackle the design of complex systems in which cross-cutting properties that do not fit into the scope of a class must be satisfied. Unfortunately, current proposals assume that objects interact by means of object-oriented method calls, which implies that they embed interactions with others into their functional code. This makes them dependent on this interaction model, and makes it difficult to reuse them in a context in which another interaction model is more suited, e.g., tuple spaces, multiparty meetings, ports, and so forth. In this paper, we show that functionality can be described separately from the interaction model used, which helps enhance reusability of functional code and coordination patterns. Our proposal is innovative in that it is the first that achieves a clear separation between functionality and interaction in an aspect-oriented manner. In order to show that it is feasible, we adapted the multiparty interaction model to the context of multiorganisational web-based systems and developed a class framework to build business objects whose performance rates comparably to handmade implementations; the development time, however, decreases significantly.     

<Emphasis Type="Italic">RAMBUTANS</Emphasis>: automatic AOP-specific test generation tool

Aspect-oriented programming (AOP) is a programmatic methodology to handle better modularized code by separating crosscutting concerns from the traditional abstraction boundaries. Automated testing, as one of the most demanding needs of the software development to reduce both human effort and costs, is a delicate issue in testing aspect-oriented programs. Prior studies in the automated test generation for aspect-oriented programs have been very limited with respect to the need for both adequate tool support and capability concerning effectiveness and efficiency. This paper describes a new AOP-specific tool for testing aspect-oriented programs, called RAMBUTANS. The RAMBUTANS tool uses a directed random testing technique that is especially well suited for generating tests for aspectual features in AspectJ. The directed random aspect of the tool is parameterized by associating weights to aspects, advice, methods, and classes by controlling object and joint point creations during the test generation process. We present a comprehensive empirical evaluation of our tool against the current AOP test generation approaches on three industrial aspect-oriented projects. The results of the experimental and statistical tests showed that RAMBUTANS tool produces test suites that have higher fault-detection capability and efficiency for AspectJ-like programs.     

Aspect-Oriented Modeling and Verification with Finite State Machines

Aspect-oriented programming modularizes crosscutting concerns into aspects with the advice invoked at the specified points of program execution. Aspects can be used in a harmful way that invalidates desired properties and even destroys the conceptual integrity of programs. To assure the quality of an aspect-oriented system, rigorous analysis and design of aspects are highly desirable. In this paper, we present an approach to aspect-oriented modeling and verification with finite state machines. Our approach provides explicit notations (e.g., pointcut, advice and aspect) for capturing crosscutting concerns and incremental modification requirements with respect to class state models. For verification purposes, we compose the aspect models and class models in an aspect-oriented model through a weaving mechanism. Then we transform the woven models and the class models not affected by the aspects into FSP (Finite State Processes), which are to be checked by the LTSA (Labeled Transition System Analyzer) model checker against the desired system properties. We have applied our approach to the modeling and verification of three aspect-oriented systems. To further evaluate the effectiveness of verification, we created a large number of flawed aspect models and verified them against the system requirements. The results show that the verification has revealed all flawed models. This indicates that our approach is effective in quality assurance of aspect-oriented state models. As such, our approach can be used for model-checking state-based specification of aspect-oriented design and can uncover some system design problems before the system is implemented.     

一种基于CSP的面向方面状态图形式化描述方法

面向方面通过分离关注点解决软件系统中的横切问题,通过扩展UML可实现对面向方面的建模。本文利用UML的扩展机制将方面加入状态图中,描述了状态图中的方面与核心组件以及方面之间的编织,然后利用进程代数的形式化语义描述了扩展后的UML状态图,克服了扩展UML描述状态图的缺乏形式化动态语义,不利于对模型进行形式化验证和证明的缺
点。最后,以ATM自动取款机为例验证了基于CSP的面向方面状态图形式化描述的有效性。