How to model and prove hybrid systems with KeYmaera: a tutorial on safety

This paper is a tutorial on how to model hybrid systems as hybrid programs in differential dynamic logic and how to prove complex properties about these complex hybrid systems in KeYmaera, an automatic and interactive formal verification tool for hybrid systems. Hybrid systems can model highly nontrivial controllers of physical plants, whose behaviors are often safety critical such as trains, cars, airplanes, or medical devices. Formal methods can help design systems that work correctly. This paper illustrates how KeYmaera can be used to systematically model, validate, and verify hybrid systems. We develop tutorial examples that illustrate challenges arising in many real-world systems. In the context of this tutorial, we identify the impact that modeling decisions have on the suitability of the model for verification purposes. We show how the interactive features of KeYmaera can help users understand their system designs better and prove complex properties for which the automatic prover of KeYmaera still takes an impractical amount of time. We hope this paper is a helpful resource for designers of embedded and cyber–physical systems and that it illustrates how to master common practical challenges in hybrid systems verification.     

基于图像匹配的指纹识别

研究的是一种基于图像匹配的指纹识别方法，指纹图像在经过细化过程后通过快速傅立叶变换得到相关系数，从而能得到识别。该技术能直接应用于未经预处理的灰度指纹图像上。基于图像匹配的相关系数方法比基于节点匹配的方法能更高效地发现输入的指纹图像和存储的登记模板间的一致性，它有在外部条件较弱的情形下进行指纹识别的健壮性。该文提出了一种自动识别系统的设计和模型应用。实践中，项目达到的高匹配率表明，一个有效的小规模指纹识别系统是可行的。     

龙腾Stream流处理器验证

芯片设计复杂度的提高迫切地需要先进的方法学以应对巨大的验证工作量。通过开发基于System Verilog的覆盖率驱动的自动化验证平台,对龙腾Stream流处理器的指令集进行了功能验证。实验结果表明,该验证平台提高了验证效率和功能覆盖率,具有良好的重用性和可移植性。搭建FPGA原型验证系统对流处理器的功能和系统性能进行了评测,并提出了优化流处理器加速性能的方法。     

电子台秤自动检测装置的设计

针对我国目前电子台秤出厂检验以手工检测为主,存在人为因素影响较大、工作效率较低的客观实际,研制了一种电子台秤自动检测装置;在介绍了该检测系统的硬件构成、各部分作用、工作原理的基础上,重点进行了主控电路图设计、PLC的I/O地址分配及控制程序设计等;经过实验测试表明,该装置操作方便,自动化程度高,工作可靠,原先手工测试一台电子台秤需要十几min才能完成全部测试项目,现在只需3～5 min就能完成,并且实现了测试数据的自动处理与保存等工作;既提高了电子台秤出厂检验效率,又提高了产品质量与管理水平,具有良好的推广应用价值.     

Verification Approach of Metropolis Design Framework for Embedded Systems

In this paper, we focus on the verification approach of Metropolis, an integrated design framework for heterogeneous embedded systems. The verification approach is based on the formal properties specified in Linear Temporal Logic (LTL) or Logic of Constraints (LOC). Designs may be refined due to synthesis or be abstracted for verification. An automatic abstraction propagation algorithm is used to simplify the design for specific properties. A user-defined starting point may also be used with automatic propagation. Two main verification techniques are implemented in Metropolis the formal verification utilizing the model checker Spin and the simulation trace checking with automatic generated checkers. Translation algorithms from specification models to verification models, as well as algorithms of generated checkers are discussed. We use several case studies to demonstrate our approach for verification of system level designs at multiple levels of abstraction.     

基于逻辑等效模型的快速功能仿真验证

随着集成电路设计技术的发展,集成电路的规模越来越大,这使得在设计的各个阶段设计验证越来越重要,验证耗时的缩短也成为了SOC设计的关键。介绍了基于逻辑等效模型的快速功能仿真验证的方法和技巧,首先研究了验证的策略和方法,然后阐述了采用NC-Verilog进行快速功能仿真验证所使用的逻辑等效模型,最后给出了该方案的仿真结果和结论,证明该技术不仅能达到功能仿真验证的目的,而且有效地缩短了仿真周期,显著地提高了仿真效率。     

共识协议的形式化验证研究现状与展望

分布式系统在计算环境中发挥重要的作用,其中的共识协议算法用于保证节点间行为的一致性.共识协议的设计错误可能导致系统运行故障,严重时可能对人员和环境造成灾难性的后果,因此保证共识协议设计的正确性非常重要.形式化验证能够严格证明设计模型中目标性质的正确性,适合用于验证共识协议.然而,随着分布式系统的规模增大,问题复杂度提升,使得分布式共识协议的形式化验证更为困难.采用什么方法对共识协议的设计进行形式化验证、如何提升验证规模,是共识协议形式化验证的重要研究问题.对目前采用形式化方法验证共识协议的研究工作进行调研,总结其中提出的重要建模方法和关键验证技术,并展望该领域未来有潜力的研究方向.     

Genesys-Pro: innovations in test program generation for functional processor verification

Functional verification is widely recognized as the bottleneck of the hardware design cycle. With the ever-growing demand for greater performance and faster time to market, coupled with the exponential growth in hardware size, verification has become increasingly difficult. Although formal methods such as model checking and theorem proving have resulted in noticeable progress, these approaches apply only to the verification of relatively small design blocks or to very focused verification goals. Current industry practice is to use separate, automatic, random stimuli generators for processor- and multiprocessor-level verification. The generated stimuli, usually in the form of test programs, trigger architecture and microarchitecture events defined by a verification plan. MAC-based algorithms are well suited for the test program generation domain because they postpone heuristic decisions until after consideration of all architectural and testing-knowledge constraints. Geneysys-Pro is currently the main test generation tool for functional verification of IBM processors, including several complex processors. We've found that the new language considerably reduces the effort needed to define and maintain knowledge specific to an implementation and verification plan.     

VERTAF: an application framework for the design and verification of embedded real-time software

The growing complexity of embedded real-time software requirements calls for the design of reusable software components, the synthesis and generation of software code, and the automatic guarantee of nonfunctional properties such as performance, time constraints, reliability, and security. Available application frameworks targeted at the automatic design of embedded real-time software are poor in integrating functional and nonfunctional requirements. To bridge this gap, we reveal the design flow and the internal architecture of a newly proposed framework called verifiable embedded real-time application framework (VERTAF), which integrates software component-based reuse, formal synthesis, and formal verification. A formal UML-based embedded real-time object model is proposed for component reuse. Formal synthesis employs quasistatic and quasidynamic scheduling with automatic generation of multilayer portable efficient code. Formal verification integrates a model checker kernel from SGM, by adapting it for embedded software. The proposed architecture for VERTAF is component-based and allows plug-and-play for the scheduler and the verifier. Using VERTAF to develop application examples significantly reduced design effort and illustrated how high-level reuse of software components combined with automatic synthesis and verification can increase design productivity.     

结合形式化的面向对象设计方法与支撑系统

为了有效地结合形式化和非形式化设计方法各自的优点,克服其不足之处,以尽可能保证软件设计的质量与可靠性,文章提出了一种将形式化方法与非形式化的面向对象设计方法ＨＯＯＤ（ｈｉｅｒａｒｃｈｉｃａｌｏｂｊｅｃｔ－ｏｒｉｅｎｔｅｄｄｅｓｉｇｎ）相结合的途径,并介绍了其机器支撑环境的设计与实现．该途径在对层次式面向对象设计方法ＨＯＯＤ进行必要扩充的基础上,有机地集成了Ｚ语言等形式规约技术．支持这一途径的支撑环境提供了一套方便灵活的图形构筑工具、语法制导的形式语言与文本编辑工具,以及自动检查机制等．     

专用集成电路的设计验证方法及一种实际的通用微处理器设计的多级验证体系

随着专用集成电路制造工艺及设计方法的飞速发展,片上系统可集成的功能越来越多,规模越来越大,设计验证越来越复杂,只有使用先进的设计验证方法充分地验证其设计,才能保证一次投片成功.文中针对专用集成电路设计验证的各种方法和一种实际的通用微处理器设计的多级验证体系作了专门的描述,对片上系统设计者在构建自己的设计验证方案、使设计得以充分验证方面能给予一定的参考.     

In-System Silicon Validation and Debug

Silicon validation - proving a chip works correctly at speed and in system under different operating conditions - is always necessary, even for a "perfect" design. Silicon debug - finding the root cause of a malfunction - is necessary whenever a design is not flawless. First-silicon validation and debug require a labor-intensive engineering effort of several months and have become the least predictable and most time-consuming part of a new 90-nm chip's development cycle. Lack of adequate tools and automatic procedures is a big factor in this bottleneck. The difficulty of silicon validation will increase at 65 nm and below because existing ad hoc methodologies don't scale with the unprecedented levels of SoC device complexity. Even the most sophisticated SoC design methodology cannot fully account for all the parameters that affect silicon behavior, or for all logic corner cases occurring in the life of a chip working at speed and in system. For example, the simultaneous occurrence of two unlikely events might not be anticipated pre- silicon, so it is never simulated or analyzed; however, when it occurs in system, it can cause unexpected behavior. Presilicon verification methods - simulation, emulation, FPGA prototyping, timing analysis, and formal verification - don't address many deep-submicron problems that occur in the actual device.     

一种决策模型的自动生成及管理系统

本文说明了一种决策模型的自动生成及管理系统的设计与实现方法。该系统能够辅助人们去建立一种基于决策表的决策模型，自动进行各种检验，并能将此模型转换成另外两种决策模型。此外，它还具有决策模型库和应用案例库的管理功能。该系统已成功地运用到多个大型信息系统的开发之中。     

A new method for the synthesis of signature data with natural variability.

The collection of human biometric test data for system development and evaluation within any chosen modality generally requires significant time and effort if data are to be obtained in workable quantities. To overcome this problem, techniques to generate synthetic data have been developed. This paper describes a novel technique for the automatic synthesis of human handwritten-signature images, which introduces modeled variability within the generated output based on positional variation that is naturally found within genuine source data. The synthesized data were found to generate similar verification rates to those obtained using genuine data with the use of a commercial verification engine, thereby indicating the suitability of the data synthesized by using this method for a wide range of application scenarios.     

Automatic Generation of Test Oracles—From Pilot Studies to Application

We describe a progression from pilot studies to development and use of domain-specific verification and validation (V&V) automation. Our domain is the testing of an AI planning system that forms a key component of an autonomous spacecraft. We used pilot studies to ascertain opportunities for, and suitability of, automating various analyses whose results would contribute to V&V in our domain. These studies culminated in development of an automatic generator of automated test oracles. This was then applied and extended in the course of testing the spacecraft's AI planning system.Richardson et al. (1992, In Proceedings of the 14th International Conference on Software Engineering, Melbourne, Australia, pp. 105–118), presents motivation for automatic test oracles, and considered the issues and approaches particular to test oracles derived from specifications. Our work, carried through from conception to application, confirms many of their insights. Generalizing from our specific domain, we present some additional insights and recommendations concerning the use of test oracles for V&V of knowledge-based systems.     

集成电路的设计验证

集成电路设计业正面临着一系列的挑战：芯片性能越来越强，规模越来越大，开发周期越来越长，设计质量越采越难于控制。而随着半导体技术的发展，设计验证已经逐渐成为大规模集成电路设计的主要瓶颈。而设计验证最基本的内容是功能验证，用于判别设计规范和实现之间是否一致；对模拟验证、形式验证中的等价性检验和模型检验进行了介绍，然后引入传统方法的一种改进——基于覆盖率的验证方法。     

集成电路的设计验证

集成电路设计业正面临着一系列的挑战:芯片性能越来越强,规模越来越大,开发周期越来越长,设计质量越来越难于控制。而随着半导体技术的发展,设计验证已经逐渐成为大规模集成电路设计的主要瓶颈。而设计验证最基本的内容是功能验证,用于判别设计规范和实现之间是否一致。对模拟验证、形式验证中的等价性检验和模型检验进行了介绍,然后引入传统方法的一种改进——基于覆盖率的验证方法。     

砝码自动检定系统

现有标准砝码检定仍以实验室手工检定为主,检测效率低下、人工成本高.根据JJG99-2006《砝码》国家检定规程要求,系统选用高精度响应特点的传感机构和传感器,设计了方便不同外形砝码取放、具有防划防撞功能、满足精准定位要求的机械定位机构;设计了高效的控制系统,实现实时数据远程传输,完成砝码性能指标全自动检测,大大提高检测效率与管理水平,保证检定质量.     

异构环境下电子秘钥身份远程自动验证系统设计

电子秘钥数字证书身份信息远程验证的应用场景逐渐增多,而传统验证系统的自动化程度低,在验证效率和准确性方面也无法得到有效保证。为此提出基于PKI技术的电子秘钥身份远程自动验证系统,系统的硬件部分主要由于CA验证模块、RA验证模块、电子秘钥管理模块和数据存储管理模块等四个主要的功能模块构成,重点研究了CA模块内部的逻辑功能;给出了验证系统主程序的工作流程,并在现有加密算法中融入了二进制规则,通过设计电子秘钥,增加了系统的总体安全性。实验结果表明,提出自动验证系统在多并发用户同时验证条件下的系统响应时长优势明显,拥有更高的数字证书身份信息自动验证成功率。