一个命题投影时序逻辑符号模型检测器

现有模型检测工具的形式化规范语言,如计算树逻辑(computation tree logic,简称CTL)和线性时序逻辑(linear temporal logic,简称LTL)等的描述能力不足,无法验证ω正则性质.提出了一个命题投影时序逻辑(propositional projection temporal logic,简称PPTL)符号模型检测工具——PLSMC(PPTL symbolic model checker)的设计与实现过程.该工具基于著名的符号模型检测系统NuSMV,实现了PPTL的符号模型检测算法.PLSMC的规范语言PPTL具有完全正则表达能力,这使得定性性质和定量性质均可被验证.此外,PLSMC可以有效地缓解模型检测工具中容易发生的状态空间爆炸问题.最后,利用PLSMC对铁路公路交叉道口护栏控制系统的安全性质和周期性性质进行验证.实验结果表明,PPTL符号模型检测工具扩充了NuSMV系统的验证能力,使得时间敏感、并发性和周期性等实时性质可以被描述和验证.     

基于事件确定有限自动机的UML2.0 序列图描述与验证

为了确保软件分析与设计阶段UML2.0序列图模型的可靠性,采用命题投影时序逻辑(propositional projection temporal logic,简称PPTL)模型检测方法对该模型进行分析和验证.提出了事件确定有限自动机(event deterministic finite automata,简称ETDFA),并使用该自动机为序列图建立形式化模型,通过给出的基于ETDFA的PPTL模型检测算法得到验证结果.该方法可以在基于Spin的PPTL模型检测器的支持下实现.实例结果表明,该方法可以验证序列图的性质并保证其可靠性.     

基于进化规划的多Agent系统任务调度

Agent任务调度是多Agent系统研究的重要内容之一.调度方法直接影响调度方案的优劣与否和系统的执行效率.进化规划是近年来兴起的一种进化计算方法,具有对实数直接操作及全局寻优能力.将之用于Agent任务调度,建立了Agent任务调度模型,设计了进化规划调度算法.采取多个体竞争策略有效地解决了进化规划的早熟问题.实例验证了这种方法的可行性及性能,进一步的研究是在资源及优先度限制的条件下,如何用进化规划算法解决Agent任务调度问题.     

协同任务调度构架模型及关键算法研究

为提高协同工作平台服务系统的协同任务调度的柔性及系统的平台伸缩性,需要从调度过程,软件结构和调度算法等方面进行研究.首先提出协同任务调度软件构架模型,采用多种软件优化方法对构架模型进行优化.然后提出驱动协 同任务调度的过程元模型.最后,研究协同任务调度中的成员指派过程的关键算法,给出算法的形式化描述,并对算法效果进行验证.该软件构架和算法在实际应用中取得良好效果.     

AADL分级调度模型的分析与验证

针对嵌入式系统体系结构分析设计语言(architecture analysis and design language,AADL)分级调度模型的分析问题,提出了基于模型检验的可调度性分析和验证方法.基于时间自动机理论,将AADL分级调度模型转换为时间自动机网络,将待验证性质描述为时序逻辑公式,通过模型检验工具对可调度性进行分析和验证.研究结果表明,使用模型检验方法来分析AADL分级调度模型的可调度性是可行的.相对其他方法而言,该方法利用了形式化方法的穷举性来分析系统的性质,分析结果更加精确.     

卫星任务调度统一化建模与多策略协同求解方法

针对卫星任务调度“一星一系统”、测运控分离的现状,以卫星执行任务产生的星上独立事件和星地协同事件作为调度对象,以事件可执行时机作为调度资源,建立卫星任务调度统一化约束满足模型,将传统运控任务调度与测控任务调度纳入统一的建模方法.为保障模型的通用性和适应性,设计包含构造启发式、智能优化和针对性算法改进的多策略协同求解方法,搭建卫星任务调度算法与调度模型松耦合、模块化的系统架构.实验测试表明,所提出方法能够弥补传统模型在敏捷遥感卫星任务调度和高轨卫星测控调度场景下的局限性,在Benchmark问题和实际应用场景中均表现出良好的适用性和优化效果.     

导弹并行测试系统优化模型与性能评价

并行测试是一代测试(NxTest)的关键技术之一,其核心是测试任务调度.基于此,在改进的蚁群算法基础上提出并行测试任务调度方法,获得测试任务最优调度序列,Matlab仿真结果证明了该方法的有效性.采用赋时有色Petri网对并行测试系统进行建模,并基于线性代数的方法验证模型结构的有界性、守恒性、活性和公平性.性能分析结果...     

UML顺序图的自动验证

UML顺序图反映了系统中并发对象之间的消息交互及顺序,在软件建模中占有重要地位。该文对UML顺序图模型的自动验证方法进行了研究,在把UML顺序图转换为Promela语言后,使用模型检验器SPIN来验证系统设计模型是否满足某些关键性质需求。为了加强该方法的适用性,采用可扩展的标记语言XML文件格式定义顺序图模型的外部表示形式,该表示方法遵从OMG的XMI标准,从而使验证过程适用于不同的UML建模环境。     

PS系统的一种精确语义描述

规约模式系统SPS是根据性质的语义抽象而成的描述程序性质的表达模式,既能方便程序员使用,又有对应的时序逻辑表达式.但是,它现有的语义描述不够精确.首先介绍了规约模式系统及其现有的语义,并用它描述了实例的性质,接着采用模型检测工具SPIN验证了该系统表达的性质,通过对比验证结果及现有语义,给出了系统精确的语义描述.     

UML模型检测方法的研究

统一建模语言（UML）是设计和分析软件系统最常用的方法，如何保证UML模型满足某些特性是一个非常重要的问题，而模型检测是一种能够有效提高系统可靠性的自动化技术。研究了使用简单进程元语言解释器（SPIN）对UML模型进行检测的方法。首先对UML模型进行形式化描述，使用层次自动机来描述状态图，然后根据层次自动机的操作语义将状态图和类图的部分信息转化为SPIN的输入语言PROMELA，使用SPIN来验证模型是否满足给定的线性时序逻辑所描述的系统约束，通过LTL公式描述顺序图的方式来验证与状态图之间的一致性问题。项目组基于此方法还开发了一套模型检测工具UMLChecker。     

实时系统的多任务调度

讨论了实时系统多任务的调度，对速率单调调度算法进行了改进，以便其能应用于具有非周期任务的实时系统，同时对系统的瞬时过载有一定的适应性。最后，给出了系统中任务可调度的条件。     

应用于实时系统的RMS算法的改进

本文阐述了以PLC为核心的HGJD001实验台电气控制系统，并采用上位计算机实现对实验台运行状态的通讯监测。     

Verification and optimization of a PLC control schedule

We report on the use of model checking techniques for both the verification of a process control program and the derivation of optimal control schedules. Most of this work has been carried out as part of a case study for the EU VHS project (Verification of Hybrid Systems), in which the program for a Programmable Logic Controller (PLC) of an experimental chemical plant had to be designed and verified. The original intention of our approach was to see how much could be achieved here using the standard model checking environment of SPIN/Promela. As the symbolic calculations of real-time model checkers can be quite expensive it is interesting to try and exploit the efficiency of established non-real-time model checkers like SPIN in those cases where promising work-arounds seem to exist. In our case we handled the relevant real-time properties of the PLC controller using a time-abstraction technique; for the scheduling we implemented in Promela a so-called variable time advance procedure . To compare and interpret the results we carried out the same case study with the aid of the real-time model checker Uppaal, enhanced with facilities for cost-guided state space exploration. Both approaches proved sufficiently powerful to verify the design of the controller and/or derive (time-)optimal schedules within reasonable time and space requirements. Published online: 2 October 2002 The work reported here was carried out while the second and third authors were employed by the Computer Science Department of the University of Nijmegen, Netherlands. The second author was supported by an NWO postdoc grant, the third author by an NWO PhD grant, and both were supported by the EU LTR project VHS (Project No. 26270).     

基于排队论和时间需求分析法的实时系统时间行为分析

针对目前广泛使用的固态优先级RMS调度策略,利用时间需求分析算法对系统中所有周期任务进行可调度性分析测试,保证其在临界点仍可以满足时限。利用排队论中的M/M/1/K排队系统,根据非周期事件接收缓冲和可延期服务器定量分析非周期事件的平均响应时间和系统异步事件丢失率,使之符合系统要求。     

A New Approach for Scheduling of Parallelizable Tasks in Real-Time Multiprocessor Systems

In a parallelizable task model, a task can be parallelized and the component tasks can be executed concurrently on multiple processors. We use this parallelism in tasks to meet their deadlines and also obtain better processor utilisation compared to non-parallelized tasks. Non-preemptive parallelizable task scheduling combines the advantages of higher schedulability and lower scheduling overhead offered by the preemptive and non-preemptive task scheduling models, respectively. We propose a new approach to maximize the benefits from task parallelization. It involves checking the schedulability of periodic tasks (if necessary, by parallelizing them) off-line and run-time scheduling of the schedulable periodic tasks together with dynamically arriving aperiodic tasks. To avoid the run-time anomaly that may occur when the actual computation time of a task is less than its worst case computation time, we propose efficient run-time mechanisms.We have carried out extensive simulation to study the effectiveness of the proposed approach by comparing the schedulability offered by it with that of dynamic scheduling using Earliest Deadline First (EDF), and by comparing its storage efficiency with that of the static table-driven approach. We found that the schedulability offered by parallelizable task scheduling is always higher than that of the EDF algorithm for a wide variety of task parameters and the storage overhead incurred by it is less than 3.6% of the static table-driven approach even under heavy task loads.     

支持索引式的PPTL定理证明器的实现

定理证明是目前主流的形式化验证方法,拥有强大的抽象和逻辑表达能力,且不存在状态空间爆炸问题,可用于有穷和无穷状态系统,但其不能完全自动化,并且要求用户掌握较强的数学知识.含索引式的命题投影时序逻辑(PPTL)是一种具有完全正则表达能力,并且包含LTL的时序逻辑,具有较强的建模和性质描述能力.目前,一个可靠完备的含索引式的PPTL公理系统已被构建,然而基于该公理系统的定理证明尚未得到良好工具的支持,存在证明自动化程度较低以及证明冗长易错的问题.鉴于此,首先设计了支持索引式的PPTL定理证明器的实现框架,包括公理系统的形式化与交互式定理证明;然后,在Coq中形式化定义了含索引式的PPTL公式、公理与推理规则,完成了框架中公理系统的实现;最后,通过两个实例的交互式证明验证了该定理证明器的可用性.     

Comments on “The Model Checker SPIN”

The paper by G.J. Holzmann (see ibid., vol.23, no.5, p.279-95, 1997) describes how to apply SPIN to the verification of a synchronization algorithm (L.M. Ruane, 1990) in process scheduling of an operating system. We report an error in the verification model presented by G.J. Holzmann and present a revised model with verification result. Our result explains the reason why SPIN found the race condition in the synchronization algorithm. We also show that the suggested fix by G.J. Holzmann is incorrect     

Control of resource-intensive computations under uncertainty. I. Multiparametric model

A complex of models, algorithms and programs designed to control a high-performance heterogeneous specialized computing system that executes heterogeneous tasks is presented. A multi-parametric model designed to control processing of resource-intensive heterogeneous computational tasks that can be parallelized with respect to data is given. The model relies on operation research technique and uses the principle of guaranteed result for control under objective uncertainty. During scheduling, maximin estimates of unknown variables (time in the system, processing duration, etc.) are calculated at each check point and used to form scheduling control commands. This approach allowed implementing a fundamentally new service discipline in practice that implies less resource-intensive tasks to be solved first.     

Verification support for ARINC‐653‐based avionics software

Software model checking consists in applying the most powerful results in formal verification research to programming languages such as C. One general technique to implement this approach is producing a reduced model of the software in order to employ existing and efficient tools, such as SPIN . This paper focusses on the application of this approach to the avionics software constructed on top of the Application Executive Software (APEX ) Interface, which is widely employed by manufacturers in the avionics industry. It presents a method to automatically extract PROMELA models from the C source code. In order to close the extracted model during verification, we built a reusable APEX ‐specific environment. This APEX environment models the execution engine (i.e. an APEX compliant real‐time operating system) that implements APEX services. In particular, it explains how to deal with aspects such as real‐time and APEX scheduling. Time is modelled in such a way that the we save time and memory by avoiding the analysis of irrelevant steps. This model of time and the construction of a deterministic scheduler guarantees the scalability of our approach. The paper also presents a tool that can verify realistic applications, and that has been used as a novel testing method to ensure the correctness of our APEX environment. This testing method uses SPIN to execute official APEX test cases. Copyright © 2010 John Wiley & Sons, Ltd.