首页 | 本学科首页   官方微博 | 高级检索  
相似文献
 共查询到17条相似文献,搜索用时 156 毫秒
1.
本文结合作者课题内容,介绍了一种运行时验证技术中的监控器构造方法。该方法完整涵盖了从性质规约到监控器模型再到监控程序的全过程,过程中使用了相关开源的第三方软件使得该方法的自动化程度较高。同时由于该监控器的构造是基于三值语义,使得该监控器在一定意义上具有预测性。  相似文献   

2.
李晅松  陶先平  宋巍 《软件学报》2018,29(6):1622-1634
运行时验证是提升普适计算应用可靠性的重要手段.这类应用的很多性质同时涉及时间关系和空间位置关系,这样的时空性质给运行时验证带来了特有的挑战.一方面,传统的时态逻辑难以描述空间性质;另一方面,适合描述空间性质的Ambient Logic在真值不确定等情况下不能很好支持有限轨迹中时间性质的描述.为支持普适计算应用时空性质的运行时验证,本文引入三值逻辑语义,提出了AL3(3-valued Ambient Logic);并在此基础上设计实现了基于AL3的性质检验算法和运行时监控器.最后,通过案例分析和运行效率实验阐明了所提方法的有效性和可行性.  相似文献   

3.
一种嵌入式操作系统运行时验证方法   总被引:2,自引:0,他引:2  
作为测试、模型检验等开发阶段所用技术的有效补充,运行时验证技术越来越受到广泛的关注。然而,当前的运行时验证技术主要用于应用软件,很少专门针对操作系统进行研究。对面向嵌入式操作系统的运行时验证框架和关键技术进行了研究,并结合一个开源嵌入式操作系统FreeRTOS进行了设计与实现。首先提出了一种面向嵌入式操作系统的运行时验证和反馈调整框架,然后针对框架中的关键技术部分,完成了规约语言的设计、三值语义监控器的生成、FreeRTOS嵌入式操作系统相关接口的实现等主要工作。  相似文献   

4.
在开放和动态环境下,系统或环境的不安全的运行时变化可能为整个系统的正确执行埋下隐患,可能最终导致软件失效。基于监控器的软件运行时验证技术已经成为开放环境下侦测软件失效行为的基本方法,该工具采用了一种基于博弈论的从Property Sequence Charts(属性序列图)中自动生成监控器的方法。监控器被赋予多值语义:满足、无限可控、系统有限可控、系统紧急可控、环境有限可控、环境紧急可控以及违例。监控器可以提供足够的信息用来预测系统失效。正文中将描述一个名为"PSC2GS"的工具,该工具具有设计属性序列图、基于属性序列图生成博弈结构、基于博弈结构生成Aspect Oriented Programming(面向方面编程)代码(监控器)等一系列功能。PSC2GS提供的完全图形化的前端接口使软件设计者可以不用处理任何特殊的文本或者逻辑公式。  相似文献   

5.
UML Statecharts的模型检验方法   总被引:22,自引:2,他引:22       下载免费PDF全文
董威  王戟  齐治昌 《软件学报》2003,14(4):750-756
统一建模语言UML已广泛应用于软件开发中,验证UML模型是否满足某些关键性质成为一个重要问题.提出了对UML Statecharts进行模型检验的方法.首先用扩展层次自动机结构化地表示UML Statecharts,然后给出其操作语义,通过寻找最大无冲突迁移集可以保证语义的正确性.对于具有无穷运行的系统,该操作语义可以映射到一个Büchi自动机.使用基于自动机理论的模型检验方法来验证UML Statecharts的线性时态逻辑性质,并给出方法验证由Statecharts和协同图建模的复杂多对象系统.  相似文献   

6.
三值逻辑模型检验是对更高层的模型抽象验证的一种方法,对其验证中常常需要给出正例和反例.为此,讨论了三值逻辑模型检验以及正例和反例的提取,并在给出一套三值逻辑证明规则的基础上形成一个证明系统;运用该系统可以证明模型是否满足某个性质;在证明过程中为存在路径量词提取正例,为全称路径量词提取反例.正例和反例的提取可给模型的细化指明方向.最后通过实例给出了该证明系统在数字逻辑电路验证中的应用.  相似文献   

7.
Web应用系统性能测试研究与应用   总被引:2,自引:0,他引:2  
软件的性能测试是对被测系统执行效率、资源占用、稳定性等进行检验,以验证系统能力,尽早发现系统缺陷,为系统性能优化提供支持。研究了Web应用系统的体系结构与性能特点并结合实际测试经验提出一种通用的性能测试过程模型,基于此模型应用HP公司自动化测试工具LoadRunner对某市城市管理系统综合评价子系统进行测试分析,并验证了模型的可用性与有效性。  相似文献   

8.
LSC是一种表达能力很强的顺序图建模语言,模型检验技术是验证软件模型正确性的重要方法,提出了一个对LSC模型进行模型检验的方法,并实现了相关支持工具。首先分析了LSC语言,然后基于其语义提出了生成LSC等价状态模型的方法,进而对生成的状态模型进行模型检验;最后进行了实例研究,利用给出的实现工具检验了用CTL描述的验证性质。  相似文献   

9.
叶俊民  张坤  叶竹君  陈盼  陈曙 《计算机科学》2016,43(8):137-141, 164
运行时验证是一种轻量级的形式化验证方法,使用可视化的需求规约描述语言建模需求规约场景是运行时验证领域的研究热点。针对目前基于活性顺序图的运行时验证方法中容易产生冗余性质、二值语义的验证结果不准确、基于Maude工具引擎的重写逻辑验证算法效率较低等问题,提出一种基于活性顺序图的运行时验证的改进方法,以支持现有的运行时验证技术。实验表明,改进方法验证结果准确,且验证过程开销较小。  相似文献   

10.
为了确保分析与设计阶段分布式软件系统中模块之间交互行为的正确性,提出了一种分布式软件系统模块交互的抽象方法,分别通过系统状态机图和对象状态机图对各模块状态变迁进行建模,使用UML2.0序列图对模块之间交互行为进行描述.采用基于命题投影时序逻辑的模型检测技术,将对象状态机图转换为 Promela 模型,系统交互性质转换为命题投影时序逻辑公式,通过模型检测器验证交互模型是否满足于系统的性质,若不满足于该性质,则能够获得反例执行的路径.给出了一个分布式软件系统测试框架,在验证后的序列图模型基础上,使用基于模型的测试用例自动生成方法得到测试用例集合,该集合能够实现对交互行为的有效测试.实例结果表明,该方法可以提高分布式软件系统中模块交互行为的有效性和可靠性.  相似文献   

11.
孙小祥  陈哲 《计算机科学》2021,48(1):268-272
随着软件运行时验证技术的发展,出现了许多面向C语言的运行时内存安全验证工具。这些工具大多是基于源代码或者中间代码插桩技术来实现内存安全的运行时检测。但是,其中一些没有经过严格证明的验证工具往往存在两方面的问题,一是插桩程序的加入可能会改变源程序的行为及语义,二是插桩程序并不能有效保证内存安全。为了解决这些问题,文中提出了一种使用Coq定理证明器来判定内存安全验证工具算法是否正确的形式化方法,并使用该方法对C语言运行时验证工具Movec的动态检测算法的正确性进行了证明。对安全规范性质的证明结果表明了Movec的内存安全性动态检测算法是正确的。  相似文献   

12.
于斌  陆旭  田聪  段振华  张南 《软件学报》2022,33(8):2755-2768
作为轻量级的高可靠嵌入式数据库, SQLite3已被广泛应用于航空航天和操作系统等多个安全攸关领域, 其提供了丰富灵活API函数以支持用户快速实现项目构建.然而, 不正确的API函数调用序列会导致严重后果, 包括运行错误、内存泄露和程序崩溃等.为了高效准确地监控SQLite3数据库API函数的正确调用情况, 本文提出了基于多核系统的并行运行时验证方法.该方法首先分析API函数文档, 自动挖掘相关API调用序列规约描述, 辅助人工将其形式化表达为具有完全正则表达能力的命题投影时序逻辑公式; 然后在程序运行时, 采用多任务调度策略, 将程序执行产生的状态序列分割并对不同片段并行验证.实验结果表明, 该方法能够发现调用SQLite3数据库API函数的30个被验证C程序中, 违背API函数调用序列规约的达16个.另外, 与传统串行运行时验证方法的对比实验表明, 本文提出的并行运行时验证方法能够有效提高多核系统的验证效率.  相似文献   

13.
The goal of runtime verification is to monitor the behavior of a system to check its conformance to a set of desirable logical properties. The literature of runtime verification mostly focuses on event-triggered solutions, where a monitor is invoked when an event of interest occurs (e.g., change in the value of some variable). At invocation, the monitor evaluates the set of properties of the system that are affected by the occurrence of the event. This constant invocation introduces two major defects to the system under scrutiny at run time: (1) significant overhead, and (2) unpredictability of behavior. These defects are serious obstacles when applying runtime verification on safety-critical systems that are time-sensitive by nature. To circumvent the aforementioned defects in runtime verification, in this article, we introduce a novel time-triggered approach, where the monitor takes samples from the system with a constant frequency, in order to analyze the system’s health. We describe the formal semantics of time-triggered monitoring and discuss how to optimize the sampling period using minimum auxiliary memory. We show that such optimization is NP-complete and consequently introduce a mapping to Integer Linear Programming. Experiments on a real-time benchmark suite show that our approach introduces bounded overhead and effectively reduces the involvement of the monitor at run time by using negligible auxiliary memory. We also show that in some cases it is even possible to reduce the overall overhead of runtime verification by using our time-triggered approach when the structure of the system allows choosing a long enough sampling period.  相似文献   

14.
This paper exploits the observability of control messages in a control network to formally monitor safety properties to verify a control application's correct behaviour. A monitor scheme is proposed based on a runtime verification method, which can verify selected properties of an application's behaviour, including the verification of formally specified functional safety properties. A prototype hardware based circuit is developed to provide a monitor function. A case study example for an automotive gearbox control system is presented. The control application is evaluated in the target application environment, which is a controller area network (CAN) based network. The behaviour of the monitor is assessed and the results show that it is feasible to monitor and verify functional safety properties, as defined by the ISO 26262 standard for functional safety in road vehicles, using the proposed method.  相似文献   

15.
A typestate property describes which operations are available on an object or a group of inter-related objects, depending on this object??s or group??s internal state, the typestate. Researchers in the field of static analysis have devised static program analyses to prove the absence of typestate-property violations on all possible executions of a given program under test. Researchers in runtime verification, on the other hand, have developed powerful monitoring approaches that guarantee to capture property violations on actual executions. Although static analysis can greatly benefit runtime monitoring, up until now, most static analyses are incompatible with most monitoring tools. We present Clara, a novel framework that makes these approaches compatible. With Clara, researchers in static analysis can easily implement powerful typestate analyses. Runtime-verification researchers, on the other hand, can use Clara to specialize AspectJ-based runtime monitors to a particular target program. To make aspects compatible to Clara, the monitoring tool annotates them with so-called dependency state machines. Clara uses the static analyses to automatically convert an annotated monitoring aspect into a residual runtime monitor that is triggered by fewer program locations. If the static analysis succeeds on all locations, this proves that the program fulfills the stated typestate properties, making runtime monitoring entirely obsolete. If not, the residual runtime monitor is at least optimized. We instantiated Clara with three static typestate analyses and applied these analyses to monitoring aspects generated from tracematches. In two-thirds of the cases in our experiments, the static analysis succeeds on all locations, proving that the program fulfills the stated properties, and completely obviating the need for runtime monitoring. In the remaining cases, the runtime monitor is often significantly optimized.  相似文献   

16.
Runtime verification permits checking system properties that cannot be fully verified off-line. This is particularly true when the system includes complex third-party components, such as general-purpose operating systems and software libraries, and when the properties of interest include security and performance. The challenge is to find reliable ways to monitor these properties in realistic systems. In particular, it is important to have assurance that violations will be reported when they actually occur. For instance, a monitor may not detect a security violation if the violation results from a series of system events that are not in its model.We describe how combining runtime monitors for diverse features such as memory management, security-related events, performance data, and higher-level temporal properties can result in more effective runtime verification. After discussing some basic notions for combining and relating monitors, we illustrate their application in an intrusion-tolerant Web server architecture under development at SRI.  相似文献   

17.
In this paper we present a sound and complete semantics for the monitor concept of C.A.R. Hoare. First a method for specification of monitors, introduced by O.-J. Dahl, is reviewed. This method is based on the relation between the historic sequence of monitor procedure calls and the historic sequence of monitor procedure exits. Based on such specifications and our new monitor semantics we present a method by which it is possible to prove that a concrete monitor is an implementation of an abstract one. In the last part of the paper an axiomatic semantics for systems of concurrent processes and monitors is introduced. The method supports verification by separation of concerns: Properties of the communication to and from each process are proven in isolation by a usual Hoare style axiomatic semantics, while abstract monitors are also specified in isolation by the method reviewed in the first part of the paper. These properties of the components of the system are then used in a new proof rule to conclude properties of the complete system. Stein Gjessing received a Ph.D. (actually a Dr. philos.) from the University of Oslo (Norway) in 1985. Presently he is an Associate Professor at the Institute of informatics, University of Oslo, Norway. Dr. Gjessings research interests are in the area of concurrent and distributed programming, operating systems, formal specification and verification and programming languages.  相似文献   

设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号