基于uppaal的飞机着陆控制系统模型验证

为了避免飞机在着陆过程中出现事故,同时又能充分利用机场的跑道资源,对飞机数量多于跑道的情况进行了研究,采用了模型验证的方法.介绍了时间自动机的相关理论,以及基于该理论的验证工具uppaal,在此基础上使用uppaal工具对飞机着陆过程构造了模型,然后对模型的需求规范进行了验证,验证结果表明该模型不存在死锁问题,最终可以保证飞机安全和及时地着陆.     

Oracle数据库死锁问题研究

数据库是网络环境下多用户使用的共享资源,数据库在处理多线程大量数据存取过程中很可能出现死锁现象。文中介绍了Oracle数据库锁机制和死锁发生的原因,Oracle数据库检测死锁采用的相关视图。详细叙述了SQL语句检测死锁、死锁的定位方法和解决数据库死锁的方法。编写了在Linux环境中死锁检测脚本,模拟Oracle数据库死锁测试了脚本的正确性。实际应用表明该方法可以有效监测程序中的主要模块是否发生死锁,而且简单有效。     

面向适航标准的机载软件测试验证工具综述

机载软件的测试与验证是保障机载软件正确性和可靠性的重要方法。软件的测试与验证离不开工具的支持,使用工具能够提高效率、降低成本,对机载软件的测试验证工具研究是对其进行充分测试验证的保障。对机载软件及适航标准进行了简介;按照系列适航标准,从DO-178C、基于模型的开发与验证（DO-331）和形式化方法（DO-333）三个维度对工具的功能、特性及应用进行了详细介绍,并对其发展现状进行小结;总结机载嵌入式软件测试验证及其工具研发中存在的问题,并对其发展趋势进行了分析。     

基于SMT的时钟约束语言CCSL的形式化分析方法与工具

时钟约束语言CCSL是一种用于描述实时嵌入式系统中事件之间约束的形式化语言.它是UML针对实时嵌入式系统建模的扩展包MARTE （Modeling and Analysis of Real-Time and Embedded systems）中用于对时间建模的一个子语言.给定一组由CCSL定义的时钟约束条件,需要判断是否存在某种调度策略满足约束,是否所有满足这些约束的行为都不会导致系统死锁等分析.针对CCSL的形式化分析目前已经有一定的研究工作,如基于状态迁移系统与时间自动机的方法等.但这些方法要么只针对某种特定的分析,要么只适用于部分CCSL约束,要么分析效率较低.本文提出一种基于SMT的统一且高效的CCSL形式化分析方法.统一性体现在其可用于有效性证明、迹分析、死锁检测、LTL模型检测等方面的验证与分析.基于该方法开发了原型工具同时支持上述四种验证功能.工具集成了当前最高效的SMT求解器Z3和CVC4.得益于SMT求解器的高效性,实验中大部分的验证可以在短时间内完成.     

μC/OS-Ⅱ优先级反转与死锁问题的解决

μC/OS-Ⅱ没有真正实现优先级继承协议解决优先级反转,也没有提供有效的死锁解决方法。对任务管理机制改进后,扩展了同优先级任务的时间片轮转调度算法,实现了真正的优先级继承协议;并且使用资源请求、分配矩阵来表示资源分配情况,在任务申请资源阻塞时进行死锁的检测与解除。通过性能分析与测试验证证明了改进算法的有效性和实时性。     

基于死锁的并发类单元测试用例自动生成

自动生成多线程程序的单元测试用例是一种能节约测试成本的技术。为提高并发类单元测试用例生成效率,先依据死锁故障的特征分析出并发类中潜在的死锁代码,然后再针对这些代码自动生成测试用例。实验在7个常用Java类库中的并发类上进行验证。实验结果显示提出的方法(CTCG)不仅找到了现有死锁故障,而且当检测到死锁故障时,其所生成的测试用例数更少,其所花费的时间更少,提高了并发类单元测试用例自动生成的效率。     

基于时间自动机的Web服务模型检测

传统的基于有限状态机的组合Web服务模型检测方法不能保证带有时间约束的组合Web服务的正确性.把组合Web服务看成多智能体系统,将带有时间约束的Web服务智能体建模为时间自动机,通过并发组合构成时间自动机网络,从而用时间自动机验证工具UPPAAL对组合Web服务的运行过程进行模拟,并验证其活性、安全性和死锁等性质.采用该方法对雇员出差安排组合Web服务进行建模和验证,结果表明,该组合Web服务存在死锁问题.最后通过分析死锁产生的路径,完善该组合Web服务的通信协议,从而消除了死锁.     

GPSS源程序中死锁问题的检测和处理

本文分析了GPSS死锁产生的原因,提出了检测和解决GPSS死锁的方法,介绍了设计GPSS-DLDP工具软件的主要思想和方法。GPSS-DLDP能动画演示GPSS程序中死锁发生过程,并能自动修改GPSS源程序,消除其中的死锁,是GPSS程序开发和调试的有力工具。     

基于资源等待图的死锁检测算法

死锁是操作系统、数据库系统以及通信网络中经常出现的现象.分析了使用资源分配图和进程等待图完成死锁检测的不足,提出了资源等待图的概念,并给出了基于资源等待图进行死锁检测的方法,该算法能够完成当资源类含有多个实例时的死锁检测.     

Web应用程序的动态测试生成方法

现有的网页验证方法和工具无法处理动态页面的Web脚本冲突和动态生成的畸形网页错误,为此,提出一个在Web应用领域的动态测试生成方法.该方法使用显式状态模型校验,自动生成测试,并运行测试来捕获输入的逻辑约束,最终输出一个故障报告集.通过一个校园BBS系统实例,验证了该方法在故障检测方面的有效性.     

A cost-effective approach to deadlock handling in wormhole networks

Wormhole networks have traditionally used deadlock avoidance strategies. More recently, deadlock recovery strategies have begun to gain acceptance. In particular, progressive deadlock recovery techniques allocate a few dedicated resources to quickly deliver deadlocked packets. Deadlock recovery is based on the assumption that deadlocks are rare; otherwise, recovery techniques are not efficient. Measurements of deadlock occurrence frequency show that deadlocks are highly unlikely when enough routing freedom is provided. However, networks are more prone to deadlocks when the network is close to or beyond saturation, causing some network performance degradation. Similar performance degradation behavior at saturation was also observed in networks using deadlock avoidance strategies. In this paper, we take a different approach to handling deadlocks and performance degradation. We propose the use of an injection limitation mechanism that prevents performance degradation near the saturation point and, at the same time, reduces the probability of deadlock to negligible values. We also propose an improved deadlock detection mechanism that uses only local information, detects all deadlocks, and considerably reduces the probability of false deadlock detection over previous proposals. In the rare case when impending deadlock is detected, our proposal consists of using a simple recovery technique that absorbs the deadlocked message at the current node and later reinjects it for continued routing toward its destination. Performance evaluation results show that our new approach to handling deadlock is more efficient than previously proposed techniques     

A deadlock recovery strategy for unified automated material handling systems in 300 mm wafer fabrications

A key issue emerging from the unified automated material handling systems (UAMHSs) in 300 mm wafer fabrications is the system deadlock. This paper addresses the deadlock recovery strategy of unified automated material handling systems (UAMHSs) with limited buffers. A formal model for UAMHSs deadlock detection is proposed. Sufficient conditions for system deadlocks based on actual UAMHS characteristics are defined along with a novel deadlock recovery strategy. Moreover, an effective heuristic algorithm is proposed for parallel resolving UAMHS deadlocks. The performances are evaluated in simulation by monitoring indexes reflecting efficiency of the material handling system. Results of the simulation experiments show that the novel deadlock recovery strategy is superior to the benchmark strategy in reducing deadlock time and improving tools’ utilization. Furthermore, the proposed algorithm features real-time operation and large scale cases, and is suitable for practical applications.     

FC3D: flow control-based distributed deadlock detection mechanism for true fully adaptive routing in wormhole networks

Two general approaches have been proposed for deadlock handling in wormhole networks. Traditionally, deadlock-avoidance strategies have been used. In this case, either routing is restricted so that there are no cyclic dependencies between channels or cyclic dependencies between channels are allowed provided that there are some escape paths to avoid deadlock. More recently, deadlock recovery strategies have begun to gain acceptance. These strategies allow the use of unrestricted fully adaptive routing, usually outperforming deadlock avoidance techniques. However, they require a deadlock detection mechanism and a deadlock recovery mechanism that is able to recover from deadlocks faster than they occur. In particular, progressive deadlock recovery techniques are very attractive because they allocate a few dedicated resources to quickly deliver deadlocked messages, instead of killing them. Unfortunately, distributed deadlock detection is usually based on crude time-outs, which detect many false deadlocks. As a consequence, messages detected as deadlocked may saturate the bandwidth offered by recovery resources, thus degrading performance. Additionally, the threshold required by the detection mechanism (the time-out) strongly depends on network load, which is not known in advance at the design stage. This limits the applicability of deadlock recovery on actual networks. We propose a novel distributed deadlock detection mechanism that uses only local information, detects all the deadlocks, considerably reduces the probability of false deadlock detection over previously proposed techniques, and is not significantly affected by variations in message length and/or message destination distribution.     

Protocols for Deadlock Detection in Distributed Database Systems

In distributed databases, deadlocks may occur due to conflicts in data file lockings A system is in a deadlock if and only if there is a directed cycle in its demand graph. However, due to the inherent communication delay in a distributed system, it is not easy to construct a consistent demand graph for a distributed system. In this paper, three deadlock detection protocols are discussed. The first protocol uses two communication phases. The second protocol uses a single communication phase. Based on the second protocol, a one-phase hierarchical deadlock detection protocol is developed.     

On Deadlock Detection in Distributed Systems

A hierarchically organized and a distributed protocol for deadlock detection in distributed databases are presented in [1]. In this paper we show that the distributed protocol is incorrect, and present possible remedies. However, the distributed protocol remains impractical because "condensations" of "transaction-wait-for" graphs make graph updates difficult to perform. Delayed graph updates cause the occurrence of false deadlocks in this as well as in some other deadlock detection protocols for distributed systems. The performance degradation that results from false deadlocks depends on the characteristics of each protocol.     

Comments on "Protocols for Deadlock Detection in Distributed Database Systems"

The two-phase deadlock detection protocol in the above paperl detects false deadlocks. This is contrary to what the authors claim. The false detection o. f deadlocks is shown using a counterexample.     

Invariant-based verification of a distributed deadlock detectionalgorithm

It is argued that most previous proposals for distributed deadlock detection are incorrect because they have used informal/intuitive arguments to prove the correctness of their algorithms. Informal and intuitive arguments are prone to errors because of the highly complex nature of distributed deadlock detection/resolution algorithms. The priority-based probe algorithm for distributed deadlock detection and resolution of A.L. Choudhary et al. (1989) is corrected, and it is formally proven that the modified algorithm is correct (i.e., that it does detect all deadlocks and does not report phantom deadlocks). The proof technique is novel in that the authors first abstract the properties of the deadlock detection and resolution algorithm by invariants, and then show that the invariants imply the desired correctness of the algorithm     

Efficient detection and resolution of OR deadlocks in distributed systems

This paper proposes a distributed algorithm for resolving deadlocks under the OR request model. The algorithm builds a distributed spanning tree by propagating probes. An encoding scheme is devised to deduce the ancestor–descendant relationship between tree nodes, so that the initiator of the algorithm collects only non-tree edge information to detect deadlock, whereas the current algorithms require all the edge information for deadlock detection. The proposed algorithm resolves all deadlocks reachable from the initiator. Its performance in terms of number of messages and execution time is better than or comparable to that of the existing algorithms. We further showed through analytic evaluation that the suggested algorithm substantially shortens deadlock detection time.     

On Concurrency Control in Multidatabase Systems with an Extended Transaction Model

A major concurrency control problem that we have to cope in multidatabase systems is the global deadlock detection and resolution problem. This detection must take into account the autonomy of local systems, which make impossible the visibility of the state of local transactions. A well-known approach to detect such deadlocks, called potential global deadlocks, is one based on the potential conflict graph (PCG) appropriate for the multidatabase transaction model with a global commit protocol. This classical transaction model is very constraining for applications manipulating great volumes of information, and where subtransaction terminations (commit or abort) of global transactions are not totally dependant. In this paper we present an effective potential global deadlock characterization, and an efficient potential global deadlock detection algorithm, in multidatabase systems with an extended transaction model more suited for such applications.     

PDR: A protocol for dynamic network reconfiguration based on deadlock recovery scheme

Dynamic network reconfiguration is described as the process of replacing one routing function with another while the network keeps running. The main challenge is avoiding deadlock anomalies while keeping limitations on packet injection and forwarding minimal. Current approaches which have a high complexity and as a result have a limited practical applicability either require the existence of extra network resources, or they will affect the network performance during the reconfiguration process. In this paper we present a simple, fast and efficient mechanism for dynamic network reconfiguration which is based on regressive deadlock recovery instead of avoiding deadlock. The mechanism which is referred to as PDR guarantees a deadlock-free reconfiguration based on wormhole switching. In PDR, a particular approach is taken to handle both deadlocks and performance degradation. We propose the use of a packet injection restriction mechanism that prevents performance degradation near the saturation by controlling the network traffic. Further, in this approach, to accurately detect deadlocks, the deadlock detection mechanism is implemented and also improved by using only the local information, thereby considerably reducing false deadlock detections. In the rare cases when deadlocks are suspected, we propose a new technique that absorbs the deadlocked packet at the current node instead of dropping deadlocked packets and re-injects it later into the network. The main advantage of this method is its simplicity and also it does not require any additional buffers in intermediate nodes to handle deadlocks. It requires only some buffer space in the local node to temporarily hold the deadlocked packets removed from the network. Evaluating results reveal that the mechanism shows substantial performance improvements over the other methods and it works efficiently in different topologies with various routing algorithms.