基于SystemVerilog可重用测试平台的实现

对于中小型设计,传统的验证效率低、可重用性差,而基于方法学的高级验证测试平台搭建较繁琐,验证流程不太灵活。以ARINC429收发器IP核为验证对象,采用System Verilog语言,通过层次化设计,改善工程组织架构,运用虚接口与回调等关键技术,实现了一种可重用测试平台。将不同的测试案例在测试平台上运行,结合断言与覆盖率驱动等验证技术完成了对ARINC429收发器IP核的功能验证,代码覆盖率和功能覆盖率均达到100%。实践表明,该测试平台具有良好的可重用性、易操作性,验证效率较高。     

Exception handling analysis and transformation using fault injection: Study of resilience against unanticipated exceptions

ContextIn software, there are the error cases that are anticipated at specification and design time, those encountered at development and testing time, and those that were never anticipated before happening in production. Is it possible to learn from the anticipated errors during design to analyze and improve the resilience against the unanticipated ones in production?ObjectiveIn this paper, we aim at analyzing and improving how software handles unanticipated exceptions. The first objective is to set up contracts about exception handling and a way to assess them automatically. The second one is to improve the resilience capabilities of software by transforming the source code.MethodWe devise an algorithm, called short-circuit testing, which injects exceptions during test suite execution so as to simulate unanticipated errors. It is a kind of fault-injection techniques dedicated to exception-handling. This algorithm collects data that is used for verifying two formal contracts that capture two resilience properties w.r.t. exceptions: the source-independence and pure-resilience contracts. Then we propose a code modification technique, called “catch-stretching” which allows error-recovery code (of the form of catch blocks) to be more resilient.ResultsOur evaluation is performed on 9 open-source software applications and consists in analyzing 241 catch blocks executed during test suite execution. Our results show that 101/214 of them (47%) expose resilience properties as defined by our exception contracts and that 84/214 of them (39%) can be transformed to be more resilient.ConclusionOur work shows that it is possible to reason on software resilience by injecting exceptions during test suite execution. The collected information allows us to apply one source code transformation that improves the resilience against unanticipated exceptions. This works best if the test suite exercises the exceptional programming language constructs in many different scenarios.     

分布式软件系统交互行为建模、验证与测试

为了确保分析与设计阶段分布式软件系统中模块之间交互行为的正确性,提出了一种分布式软件系统模块交互的抽象方法,分别通过系统状态机图和对象状态机图对各模块状态变迁进行建模,使用UML2．0序列图对模块之间交互行为进行描述．采用基于命题投影时序逻辑的模型检测技术,将对象状态机图转换为 Promela 模型,系统交互性质转换为命题投影时序逻辑公式,通过模型检测器验证交互模型是否满足于系统的性质,若不满足于该性质,则能够获得反例执行的路径．给出了一个分布式软件系统测试框架,在验证后的序列图模型基础上,使用基于模型的测试用例自动生成方法得到测试用例集合,该集合能够实现对交互行为的有效测试．实例结果表明,该方法可以提高分布式软件系统中模块交互行为的有效性和可靠性．     

核电厂稳压器压力控制系统闭环验证

稳压器是压水堆核电站的重要部件之一,其压力控制的优劣直接影响到核电站能否安全的运行。在正常的运行瞬态情况下,稳压器压力控制系统使稳压器的压力维持或恢复到设定值。在瞬态过程中,稳压器控制系统产生相应动作,防止压力增加某限值,当压力大于该限值时,会触发反应堆紧急停堆或需要驱动专设安全设施来防止压力边界超压。同样,也要防止压力降低到需要驱动专设安全设施动作,以防止偏离泡核沸腾的情况发生。首先通过仿真技术建立了核电厂高精度工艺模型和实时的仪控系统模型,并基于OPC技术开发了验证真实DCS控制逻辑策略的接口通信软件,完成了对稳压器压力控制系统控制策略和响应特性的闭环验证。     

安全数据库顶层规范中SQL操作的形式化分析与验证

介绍了安全数据库形式化顸层规范,定义了顶层规范中SQL操作的描述,在此基础上给出简单SQL操作的定义,并对其进行分析验证,最后将一般SQL操作的分析验证转换为多个简单SQL操作的分析验证.验证过程表明,该方法既对SQL操作作了完整清晰的描述,又简化了证明.     

具有自动加载功能的SPI总线控制器设计与验证

本文结合设计需求,提出了一种SPI主模式的接口电路设计,使其可以在多种SPI传输模式下进行数据的传输,且针对实时信息处理占用时间较长的不足,采取信息自动加载方法,有效降低了处理器占用时间.设计并搭建仿真验证平台对其进行验证.仿真测试结果表明,该SPI总线接口电路满足实际应用需求.     

非接触式掌脉图像的点集操作定位法

非接触式手掌静脉采集系统中存在诸多干扰因素影响感兴趣区域定位的准确性.为了克服干扰,提高认证性能,将“点集操作”引入掌脉图像的预处理中,直接实现针对区域的分析和处理.通过对分割手掌区域点集进行平移、交、并运算,获取手掌指根区域,即指根点集.然后根据约束条件对指根点集元素进行筛选,得到四个指根点的准确位置.根据指根点建立相应坐标系,动态定位感兴趣区域.实验对比证明,上述方法具有更优的抗干扰能力和定位准确性.     

Query verification schemes for cloud-hosted databases: a brief survey

Database query verification schemes provide correctness guarantees for database queries. Typically such guarantees are required and advisable where queries are executed on untrusted servers. This need to verify query results, even though they may have been executed on one’s own database, is something new that has arisen with the advent of cloud services. The traditional model of hosting one’s own databases on one’s own servers did not require such verification because the hardware and software were both entirely within one’s control, and therefore fully trusted. However, with the economical and technological benefits of cloud services beckoning, many are now considering outsourcing both data and execution of database queries to the cloud, despite obvious risks. This survey paper provides an overview into the field of database query verification and explores the current state of the art in terms of query execution and correctness guarantees provided for query results. We also provide indications towards future work in the area.     

用户身份认证技术在计算机信息安全中的应用

用户身份认证是安全的第一道大门,是各种安全措施可以发挥作用的前提。在计算机信息安全领域中,身份认证是一门重要课程。通过概述信息用户身份认证技术在学校数字校园网络中的应用,阐述了身份认证系统的设计目标,提出了身份认证系统要能以多种方式加以运用,然后对基于PHP的互联网身份认证系统的原理及实现进行了分析,对动态口令用户身份验证流程进行了研究。最后,对依托图片动态验证码实现身份认证和应用MD5算法实现身份验证方法进行了举例分析。     

Verification of Knowledge Assets in Electronic Repositories: Expert- and Community-Governance

Two mechanisms that verify knowledge contributions in electronic repositories are expert-governance and community-governance. Our goal is to examine repository users' perceptions of the conditions under which these mechanisms verify knowledge contributions. Qualitative data show that perceived credibility of experts, perceived ownership of content, and experts' (meticulous) execution of governance functions are salient for expert-governance, and the perceived involvement of community members, and community members' (continuous and collective) execution of governance functions are important for community-governance.