一种大规模并行程序模型的检测方法

JPF是NASA开发的Java程序模型检测工具。该文通过改写JPF内核中生成状态空间的模块,使待检测程序在受监控状态下模拟执行。用Data-Race算法收集警告信息,引导程序模型检测工具只对死锁相关线程进行模型检测,避免了状态空间爆炸,实现了对大规模并行程序部分线程死锁问题的模型检测。利用启发式搜索算法,在不同的搜索深度赋给待执行线程不同的权值,进一步优化了模拟执行 结果。     

任务流模型检验的研究

对任务流模型检验技术进行了讨论。任务流方法不关心状态数量、能否从一个指定状态到达另一指定状态及系统必须的状态是否存在,而是关心状态组合提供的功能是否存在及各状态组合之间是否存在指定的转换关系,从而避免了状态空间爆炸问题。模块搜索算法以模块为基础对任务流模型进行搜索来验证给定系统是否满足规范要求。     

分布式软件系统交互行为建模、验证与测试

为了确保分析与设计阶段分布式软件系统中模块之间交互行为的正确性,提出了一种分布式软件系统模块交互的抽象方法,分别通过系统状态机图和对象状态机图对各模块状态变迁进行建模,使用UML2.0序列图对模块之间交互行为进行描述.采用基于命题投影时序逻辑的模型检测技术,将对象状态机图转换为Promela模型,系统交互性质转换为命题投影时序逻辑公式,通过模型检测器验证交互模型是否满足于系统的性质,若不满足于该性质,则能够获得反例执行的路径.给出了一个分布式软件系统测试框架,在验证后的序列图模型基础上,使用基于模型的测试用例自动生成方法得到测试用例集合,该集合能够实现对交互行为的有效测试.实例结果表明,该方法可以提高分布式软件系统中模块交互行为的有效性和可靠性.     

模糊计算树逻辑的符号模型检测

对含有模糊不确定性信息的系统进行模型检测时,状态空间爆炸问题成为了亟待解决的主要问题.将形式化的系统模型用拟布尔公式表示,用多终端二叉决策图来对拟布尔公式进行存储.对模糊计算树逻辑的不动点语义给出了解释和证明,然后给出模糊计算树逻辑的符号化模型检测算法,最后通过一个实例验证算法的正确性.该算法可有效缓解对模糊模型检测验证时的状态空间爆炸问题,并扩展了模型检测的应用范围.     

AFLNeTrans：状态间关系感知的网络协议模糊测试

网络协议是现代通信系统中不可缺少的部分,其实现程序的安全性不容忽视。模糊测试已经成为现代漏洞挖掘的主流方式,并在软件安全领域中取得了较大的成功。网络协议模糊测试通常指对网络协议实现程序进行模糊测试,然而传统模糊测试在此类程序的测试上仍存在一些问题。首先,由于网络协议实现程序中不同状态对应不同代码,传统灰盒模糊测试中使用的代码覆盖不能表示网络协议实现程序的内部状态。其次现有灰盒协议模糊器中的状态引导机制依赖于代码覆盖率,不能很好地挖掘网络协议实现程序的状态间关系。对此,文章提出了一种由协议状态间关系和程序代码覆盖率共同引导模糊测试过程从而提升模糊测试效果的模糊器AFLNeTrans,其利用状态间关系作为主要引导机制,引导模糊测试快速探索协议实现程序更多的状态空间,并在Profuzzbench上对其进行了评估实验。实验结果表明,AFLNeTrans在发现状态转移数量上有较明显的提升,并且在代码覆盖率和unique＿crash数量上相比现有工具也有提升。     

基于UML模型的多态性与Java接口代码信息一致性检测的方法

UML模型是面向对象系统开发常用的建模语言,在由模型生成代码的过程中常常出现不一致问题,从而造成系统后期测试成本以及维护成本的增加。而UML模型中的多态性因执行路径的不确定性会对模型与代码的一致性产生重要影响,因此针对此问题提出以UML模型为基准,针对多态特性,对UML模型类图、时序图以及Java接口代码信息进行解析预处理从而获取时序调用图以及代码调用图,并对其进行多态性扩展。根据模型的信息来对代码的信息进行检测,如果出现不一致问题时根据模型信息对代码信息进行修改。通过以上提出的方法能够更加完善模型与代码的一致性检测,使检测更为有效、精准。     

基于状态约简的顺序图和状态图一致性检测

为了解决系统设计过程中模型一致性问题,提出了一种对UML顺序图和状态图的语义一致性检测方法。该方法对顺序图和状态图一致性进行符号化描述,为一致性检测提供理论基础;提出状态约简规则和状态约简算法,能够减少冗余状态和迁移,证明了状态约简不影响一致性检测;提出改进的UML模型到PROMELA的转换方法并使用SPIN进行验证。实验表明上述方法能够有效地检测顺序图和状态图的一致性,在验证过程中减少冗余状态和迁移,转换后的代码结构简单、执行效率高。     

面向设计流图的代码支撑工具

在通信网络软件中,代码的可靠性格外重要,编码与测试在很大程度上决定着代码的可靠性。如果让机器自动生成代码,将会减少人工编码出错的概率,而且,也为代码的跟踪、测试提供了方便。为此,本文结合UML的相关理论,提出了设计流图的概念并描述基于设计流图的代码生成的原理及其应用。本文首先描述设计流图在软件开发过程中的作用,然后,给出设计流图的形式化定义,第3部分给出代码自动生成算法,第4部分给出基于设计流图的跟踪、测试方法,最后一部分对工具作了简要的介绍。本文详细描述了如何根据设计流图生成代码,并简要介绍实现基于设计流图的跟踪与测试。本文还实现了一个集成开发环境AutoCodeGen,在该环境中可以编辑设计流图、对设计流图进行简单的检查、编译设计流图（生成代码）、编译代码、执行设计流图（执行编译后的代码）、基于设计流图的跟踪与洲试（动态显示执行路径、当前执行点、路径覆盖情况、异常点位置等）。在实践中,利用该工具实现了TCAP（Transaction Capabilities Application Part）协议中部分编码与解码。     

时间自动机的LTL性质模型检测研究

为了增强模型检测工具的检测能力,拓宽模型检测技术的应用范围,对基于时间自动机的LTL性质模型检测进行了研究,对自动机的状态空间的存储方式和状态空间的展开过程进行了分析,讨论了LTL性质模型检测工具的检测流程和检测算法的实现策略对工具检测性能的影响,针对制约模型工具的检测能力和检测效率的因素,采取了一些相应的优化改进策略.采用了BDD(二叉决策图)共享存储技术和位编码压缩存储,较有效地减小了空间消耗,缓解了模型检测中状态爆炸引起的内存空间不足问题.与DTSpin等著名的模型检测工具进行了实验比较,取得了较好的实验结果.     

A symbolic model checking approach to verifying satellite onboard software

This paper discusses the use of symbolic model checking technology to verify the design of an embedded satellite software control system called the attitude and orbit control system (AOCS). This system is mission critical because it is responsible for maintaining the attitude of the satellite and for performing fault detection, isolation, and recovery decisions. An executable AOCS implementation by Space Systems Finland has been provided in Ada source code form, and we use the input language of the symbolic model checker NuSMV 2 to model the implementation at a detailed level. We describe the modeling techniques and abstractions used to alleviate the state space explosion due to the handling of timers and the large number of system components controlled by the AOCS. The required behavior has been specified as extended state machine diagrams and translated to temporal logic properties. Besides well-known LTL and CTL model checking algorithms, we adapt a previously unexplored form of the liveness-to-safety approach to the problem. The latter new technique turns out to successfully prove all desired properties of the system, outperforming both the LTL and CTL implementations of NuSMV 2.     

Automated Compositional Abstraction Refinement for Concurrent C Programs: A Two-Level Approach

The state space explosion problem in model checking remains the chief obstacle to the practical verification of real-world distributed systems. We attempt to address this problem in the context of verifying concurrent (message-passing) C programs against safety specifications. More specifically, we present a fully automated compositional framework which combines two orthogonal abstraction techniques (operating respectively on data and events) within a counterexample-guided abstraction refinement (CEGAR) scheme. In this way, our algorithm incrementally increases the granularity of the abstractions until the specification is either established or refuted. Our explicit use of compositionality delays the onset of state space explosion for as long as possible. To our knowledge, this is the first compositional use of CEGAR in the context of model checking concurrent C programs. We describe our approach in detail, and report on some very encouraging preliminary experimental results obtained with our tool MAGIC.     

IDD-based model validation of biochemical networks

This paper presents efficient techniques for the qualitative and quantitative analysis of biochemical networks, which are modeled by means of qualitative and stochastic Petri nets, respectively. The analysis includes standard Petri net properties as well as model checking of the Computation Tree Logic and the Continuous Stochastic Logic. Efficiency is achieved by using Interval decision diagrams to alleviate the well-known problem of state space explosion, and by applying operations exploiting the Petri structure and the principle of locality. All presented techniques are implemented in our tool IDD-MC which is available on our website.     

一种基于离散时间自动机的LTL性质检测工具

模型检测是一种自动完成性质验证的算法过程,在模型检测过程中会遇到状态空间爆炸的问题,即随系统规模的增长状态空间的大小呈指数增长,如何缓解此问题一直是研究者研究的重点.目前利用模型检测方法对线性时序逻辑(LTL)性质进行检测的工具还比较少,且效率都较低.介绍了一种基于离散时间自动机的LTL性质检测工具,采用了在状态空间中存储延迟序列(DS)的技术,对状态进行压缩存储,减小了时间空间的消耗,加快了检测速度.实验表明,该工具的检测效果是不错的,要好于同类工具,如DTSpin.     

Using heuristic search for finding deadlocks in concurrent systems

Model checking is a formal technique for proving the correctness of a system with respect to a desired behavior. This is accomplished by checking whether a structure representing the system (typically a labeled transition system) satisfies a temporal logic formula describing the expected behavior. Model checking has a number of advantages over traditional approaches that are based on simulation and testing: it is completely automatic and when the verification fails it returns a counterexample that can be used to pinpoint the source of the error. Nevertheless, model checking techniques often fail because of the state explosion problem: transition systems grow exponentially with the number of components. The aim of this paper is to attack the state explosion problem that may arise when looking for deadlocks in concurrent systems described through the calculus of communicating systems. We propose to use heuristics-based techniques, namely the A* algorithm, both to guide the search without constructing the complete transition system, and to provide minimal counterexamples. We have realized a prototype tool to evaluate the methodology. Experiments we have conducted on processes of different size show the benefit from using our technique against building the whole state space, or applying some other methods.     

有限精度时间自动机的可达性检测

为了缓解状态空间爆炸问题,减小模型检测过程中生成的状态空间,加快模型检测速度,引入有限精度时间自动机(finite precision timed automata,简称FPTA)作为实时系统的形式模型,并提出了一种数据结构SDS(series of delay sequence)符号化表示状态空间中的状态集.FPTA只记录时钟变量的整数值及时钟变化的先后次序,从而减小生成的状态空间.在一定的时间约束下,Alur与Dill提出的时间自动机的可达性检测可简化为FPTA的可达性检测.举例描述了状态空间的生成过程和表示方法.最后,列出部分初步的实验结果,分析了SDS的特点及不足.     

Symbolic model checking for self-stabilizing algorithms

A distributed system is said to be self-stabilizing if it converges to safe states regardless of its initial state. In this paper we present our results of using symbolic model checking to verify distributed algorithms against the self-stabilizing property. In general, the most difficult problem with model checking is state explosion; it is especially serious in verifying the self-stabilizing property, since it requires the examination of all possible initial states. So far applying model checking to self-stabilizing algorithms has not been successful due to the problem of state explosion. In order to overcome this difficulty, we propose to use symbolic model checking for this purpose. Symbolic model checking is a verification method which uses Ordered Binary Decision Diagrams (OBDDs) to compactly represent state spaces. Unlike other model checking techniques, this method has the advantage that most of its computations do not depend on the initial states. We show how to verify the correctness of algorithms by means of SMV, a well-known symbolic model checker. By applying the proposed approach to several algorithms in the literature, we demonstrate empirically that the state spaces of self-stabilizing algorithms can be represented by OBDDs very efficiently. Through these case studies, we also demonstrate the usefulness of the proposed approach in detecting errors     

Uppaal到PVS的时间自动机翻译器

Uppaal是一种对实时系统模型进行建模和验证的工具,PVS（Prototype Verification System）是开发和分析形式化规格说明的原型证明系统。介绍了Uppaal2PVS翻译器的设计与实现,给出了一种将用Uppaal生成的时间自动机规格说明翻译成PVS文件的方法,从而将模型检查问题转换成了定理证明问题,解决了潜在的状态空间爆炸问题。最后给出了一个实例。