A Systematic Approach to the Petri Net Based Specification of Concurrent Systems

We describe an approach to the specification of concurrent systems which enables a Petri net model of a system to be built up in a systematic way starting from a trace-based CSP specification. This method enables the separate specification of the behavior of each component (process) and their interactions in terms of the feasible sequences of events in which they can be involved. A set of rules is then applied to transform the trace-based specifications into a complete Petri net that is analyzed and/or executed to validate system behavior. The domain transformation procedure is fully automatable. The specification of a safety-critical railway control system is used as a case study.     

形式化方法概貌

形式化方法是基于严格数学基础,对计算机硬件和软件系统进行描述、开发和验证的技术.其数学基础建立在形式语言、语义和推理证明三位一体的形式逻辑系统之上.形式化方法已经以不同程度和不同方式愈来愈多地应用在计算系统生命周期的各个阶段.介绍了形式化方法的发展历程和基本方法体系;以形式规约和形式验证为主线,综述了形式化方法的理论、方法、工具和应用的现状,展示了形式化方法与软件学科其他领域的交叉和融合;分析了形式化方法的启示,并展望了其面临的发展机遇和未来趋势.形式化方法的发展和研究现状表明：其应用已经取得了长足的进步,在提高计算系统的可靠性和安全性方面发挥了重要作用.在当今软件日益成为社会基础设施的时代,形式化方法将与人工智能、网络空间安全、量子计算、生物计算等领域和方向交叉融合,得到更加广阔的应用.研究和建立这种交叉融合的理论和方法不仅重要,而且具有挑战性.     

构件适应和组装的形式化语义描述

构件适应技术是基于构件的软件工程中一个很难解决的问题,分析了三种构件适应结构的应用条件,采用了形式化语义的方法描述和推导了与构件以及构件适应相关的问题,根据构件描述与应用需求描述动态地选择不同的适应层次来适应构件,从被适应的构件描述中推导出复合构件的描述,为构件适应的形式化分析、组装正确性检验提供了保证,并列出了一些值得进一步研究的问题。     

基于序列的可靠性分析方法

随着软构件技术的快速发展，基于构件设计复杂软件系统的软件开发方法日趋成熟。如何利用系统架构和软构件的可靠性分析软件系统的可靠性成为一个亟待解决的问题。软件是静态的，而开发过程是动态的。为了在动态的开发过程中跟踪可靠性，本文提出了基于序列的场景模型，以便分析软件可靠性。与相关的其他方法不同的是，该方法更关注于动态开发过程中的可靠性分析。     

一种基于线性逻辑的构件组装方法研究

构件组装是基于构件的软件开发中的一个重要环节.本文利用线性逻辑描述了具有语义信息的构件结构,描述了独立于具体的计算环境、具有普遍适用性的三种构件组装关系,利用定理证明的方法,根据现存构件的描述和构件组装关系自动生成构件组装的方案,并从被适应的构件描述中推导出复合构件的描述,以提高对构件适应过程的描述和分析能力,为构件组装形式化分析、组装正确性的检验提供了保证,并列出了一些值得进一步研究的问题.     

一种从UML模型到可靠性分析模型的转换方法

以构件化的软件开发方法为背景,提出了一种将UML模型自动地转换为可靠性分析模型Markov链的方法.该方法基于构件化的软件体系结构,从UML的用况图、顺序图、活动图和构件图出发,对其进行扩展,在模型中标注了可靠性分析所需的信息.在此基础上,通过构造一个称为构件转移图的中间模型,将标注了可靠性信息的UML模型转换为Markov链.该方法产生的结果能够直接作为现有可靠性相关的数学分析方法的输入,从而使可靠性分析工作变得更加方便、高效.     

A Formal Approach to Agent Design: An Overview of Constraint-Based Agents

Formal models for agent design are important for both practical and theoretical reasons. The Constraint-Based Agent (CBA) design approach includes two formal models: Constraint Nets and Timed -automata. A constraint net models the agents and the environment symmetrically as, possibly hybrid, dynamical systems; a timed -automaton specifies the desired real-time dynamic behaviors of the situated agents. Given a constraint-based specification of the desired behavior, a constraint-based agent can be synthesized as a constraint solver. Using formal modeling and specification, it is also possible to verify complex agents as obeying real-time temporal constraint specifications. This overview paper presents a summary of the development and application of the CBA framework.     

基于串空间的安全协议形式化验证模型及算法

网络安全在信息时代非常重要，而网络安全的关键问题之一是安全协议。首先介绍了当前安全协议形式化验证的前沿方向－－串空间理论，随后阐述了基于该理论设计的自动验证模型－－T模型，给出了该模型的算法及描述，并通过验证改进前后的Needham-Schroeder协议来说明T模型的优势。     

一种网构软件体系结构中的纵横验证机制*

如何在开放、动态、复杂的Internet环境下开发网构软件是软件技术领域一个挑战性课题。从网构软件整个生命周期入手,对网构软件的形式化模型,在简单介绍抽象状态机(ASM)的基础理论之后,刻画了网构软件的构件模型,并对构件模型进行了基于ASM的形式化描述,在此基础上,将粗粒度抽象构件的精化问题转换为求解构件组合方案的问题,并在体系结构元层,提出一种双向验证方法对不同抽象程度的组合方案进行横向和纵向的验证,以保证目标系统的正确性和求精过程的正确性。以上形式化建模和双向验证方法尽可能地避免和消除了软件设计早期的错误。通过系统实验验证可以看出,该方法对网构软件的开发具有一定指导意义。     

一种获得应用软件规格说明的新途径

在4GL开发环境下,应用系统的开发都是以界面的设计为导向的。该文介绍了一种在4GL环境下获得应用软件规格说明的新途径,即通过确定界面模型来确定应用软件的规格说明,并详细介绍了确定界面模型的方法———OVID(ObjectViewInteractionDesign,对象视图交互设计)。     

Verifying Temporal Properties of Reactive Systems: A STeP Tutorial

We review a number of formal verification techniques supported by STeP, the Stanford Temporal Prover, describing how the tool can be used to verify properties of several versions of the Bakery Mutual exclusion algorithm for mutual exclusion. We verify the classic two-process algorithm and simple variants, as well as an atomic parameterized version. The methods used include deductive verification rules, verification diagrams, automatic invariant generation, and finite-state model checking and abstraction.     

Introduction to formal methods of software design

The potential benefits of using formal methods in the design of software are discussed. Concepts are illustrated by several small examples, with the objective of helping to bridge the gap between theory and practice. The paper introduces and explains some of the terminology, symbols and notation for the discrete mathematics used in the formal methods literature, intended to assist the reader in further study.     

An approach to systems verification

The term systems verification refers to the specification and verification of the components of a computing system, including compilers, assemblers, operating systems and hardware. We outline our approach to systems verification, and summarize the application of this approach to several systems components. These components consist of a code generator for a simple high-level language, an assembler and linking loader, a simple operating system kernel, and a microprocessor design.     

安全性苛求系统中关于软件安全性评价的研究

安全性苛求系统由于其行为直接关系人身和大宗财产的安全，需要有一个安全性定量指标来反映系统中计算机软件的安全性品质，由于安全性苛求系统的软件在开发时规定要采取一系列可靠性和安全性措施，到形成产品后，软件内部缺陷的暴露都是一些小概率事件，如果仅仅依靠测试数据进行安全性定量评估，由于测试开销的限制，依据似感不不足，本文提出一种多元、多模型，多阶段进行安全性评价的方法，在系统开发和运用的不同阶段，从不同角度，利用历史和当前的数据，依靠客观和主观的判断，对系统的安全性进行评价，希望较完整地反映系统的安全性。     

用带时钟变量的线性时态逻辑扩充Object-Z*

Object-Z是形式规格说明语言Z的面向对象扩充,适合描述大型面向对象软件规格说明,但它不能很好地描述连续性实时变量和时间限制。线性时态逻辑能够描述实时系统,但不能很好地处理连续时间关系,也不能很好地模块化描述形式规格说明。首先用时钟变量扩充线性时态逻辑,接着提出了一个方法——用带时钟变量的时态逻辑(LTLC)来扩充Object-Z。用LTLC扩充的Object-Z是一个模块化规格说明语言,是Object-Z语法和语义的最小扩充,其最大优点在于它能方便地描述和验证复杂的实时软件规格说明。     

带时间和资源约束的实例化过程模型验证方法

软件过程的性能是由软件过程模型和软件过程实例化两方面因素决定,如果对软件过程进行了不恰当的实例化,会导致成本超支、进度延期、甚至项目失败．已有的过程描述法不足以分析实例化过程模型,由于没有考虑实例化阶段的时间资源约束,语法结构正确的过程模型并不能保证过程执行的正确性．提出一种带时间和资源约束的实例化过程模型验证方法,为目前已有的s-TRISO／ML建模语言增加时间和资源约束属性,然后提出了从s-TRISO／ML模型转换成时间自动机的转换方法和实现算法,利用已有的分析工具Uppaal对转换得到的时间自动机的性质进行验证,得到一个合理的实例化模型,从而为真实的开发流程提供指导．     

Prospec: Support for Elicitation and Formal Specification of Software Properties

Although formal verification techniques have been demonstrated to improve program dependability, software practitioners have not widely adopted them. One reason often cited is the difficulty in writing formal specifications. This paper introduces Prospec, a tool to assist practitioners in formally specifying software properties. Prospec uses property patterns and scopes. Previous efforts at providing tool support for property specification have not provided convenient abstractions for specifying properties that include multiple events or conditions. A taxonomy of composite propositions is introduced to address this issue by defining relations among propositions and providing graphical abstractions that can assist in specification and validation of properties. This paper shows how composite propositions can enhance the specification pattern system by helping practitioners consider subtleties of behavior in sequences and concurrency through directed questions and visual abstractions. The paper introduces an elicitation and specification process to define patterns, scopes, and composite propositions.     

Formal hardware verification methods: A survey

Growing advances in VLSI technology have led to an increased level of complexity in current hardware systems. Late detection of design errors typically results in higher costs due to the associated time delay as well as loss of production. Thus it is important that hardware designs be free of errors. Formal verification has become an increasingly important technique towards establishing the correctness of hardware designs. In this article we survey the research that has been done in this area, with an emphasis on more recent trends. We present a classification framework for the various methods, based on the forms of the specification, the implementation, and the proff method. This framework enables us to better highlight the relationships and interactions between seemingly different approaches.