CN102708228B - TMSVL (timed modeling simulation verification logic) real-time system modeling method - Google Patents

TMSVL (timed modeling simulation verification logic) real-time system modeling method Download PDF

Info

Publication number
CN102708228B
CN102708228B CN201210118810.8A CN201210118810A CN102708228B CN 102708228 B CN102708228 B CN 102708228B CN 201210118810 A CN201210118810 A CN 201210118810A CN 102708228 B CN102708228 B CN 102708228B
Authority
CN
China
Prior art keywords
time
state
tmsvl
statement
real
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210118810.8A
Other languages
Chinese (zh)
Other versions
CN102708228A (en
Inventor
段振华
韩萌
王小兵
田聪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201210118810.8A priority Critical patent/CN102708228B/en
Publication of CN102708228A publication Critical patent/CN102708228A/en
Application granted granted Critical
Publication of CN102708228B publication Critical patent/CN102708228B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Devices For Executing Special Programs (AREA)

Abstract

The invention discloses a TMSVL (timed modeling simulation verification logic) real-time system modeling method belonging to the field of formal modeling and verifying. According to the method, the TMSVL extended from the MSVL (modeling simulation verification logic) can model and verify the real-time system in the same logic frame. The TMSVL real-time system modeling method comprises the following steps: initializing a system clock, establishing a TMSVL model of the system and simplifying the TMSVL model. According to the method, the system clock with an explicit formulation of time variables is defined, the basic TMSVL sentences and common delay, overtime and interruption concepts in the real-time system can be defined and the TMSVL operational semantics are provided according to the system clock. After the real-time system is described by the TMSVL sentences, the operational semantics can simplify the TMSVL sentences so as to form a practical model of the system. The TMSVL real-time system modeling method disclosed by the invention is extended from the MSVL, has all advantages of the MSVL, can represent relative and absolute time constraints, and is suitable for modeling, simulating and verifying the real-time system.

Description

TMSVL real-time system modeling method
Technical Field
The invention belongs to the technical field of system formalization modeling and verification, mainly relates to modeling, simulating and verifying a real-time system by using a formalization method, and particularly relates to a TMSVL real-time system modeling method which can be used for modeling and simulating various real-time systems so as to ensure the safety, the activity and the stability of the real-time systems.
Technical Field
Real-time control plays an important role in modern industrial fields, scientific research and social life, and is increasingly applied to safety-related fields such as military, aerospace and traffic control. In practical application, there is a high requirement for the reliability of such real-time control, and if a certain time limit is not met, an error occurs and even a major accident is caused. Therefore, ensuring the correctness of real-time control becomes a critical issue, and the correctness of real-time control is a fundamental guarantee for the reliability of a real-time system applying the real-time control. In most engineering practices, the reliability of software is mainly guaranteed through testing, simulation and repeated trial and error, and for a real-time system applying real-time control, the operation of the real-time system is often related to the external environment, and a plurality of uncertain factors exist in the execution of the real-time system, so that great difficulty is brought to the testing of the real-time system. Moreover, the test can only be used to find errors, and no errors can be guaranteed. For example, the recent investigation result of the mars probe accident published by the russian federal space agency considers that the accident is probably due to the program error of an onboard computing system, and since the last year, none of six transmission accidents commonly encountered by russia is not related to the design and production links of a spacecraft, the transmission system of the mars probe belongs to a typical real-time system, and the system has strict requirements on time, which also indicates that the correctness of the system is difficult to guarantee only by relying on testing. Therefore, modeling and verification using a formal method with a strict mathematical basis is one of the fundamental methods for solving the safety and reliability of a real-time system, and it is possible to model and strictly verify the properties of a program or a system before the program or the system actually operates or is applied, and the reliability is ensured by using the strict formal method. The description of the system by the sequential logic is one of formalized methods, and can be used as a method for describing a real-time system because the sequential logic has a sequential concept.
Sequential logic as a system modeling and verification tool has been widely applied in the fields of software engineering, digital circuit design, and the like. Sequential logic mainly has three major branches: linear timing logic (ITL), branch timing logic (CTL), and Interval Timing Logic (ITL). The ITL is expanded by a projection sequential logic (PTL), a sequential logic language MSVL is an executable subset of the PTL, is a sequential logic programming language integrating Modeling (Modeling), Simulation (Simulation) and Verification (Verification), unifies Modeling and description of properties of a system in the same logical framework, and verifies the properties of the system through a model detection technology.
MSVL, a formalized tool, may be considered for modeling and validation of real-time systems. The PTL lacks a description of the quantization time, so the MSVL cannot be applied to modeling and verification of an actual real-time system. There are three methods to extend sequential logic in real time: 1. defining a time sequence operator: the time sequence operator is defined by time, and real-time constraint is introduced; 2. freezing and quantifying: freezing and binding variables related to time; 3. explicit clock variables: a dynamic clock variable is used. The three methods have stronger expressive ability, and almost all the properties of the related real-time system can be described by using the explicit clock variable. But the use of explicit clock variables results in a reduction in the abstraction of the logic and is therefore overly complex in describing the system and properties. Many sequential logic languages have already expanded sequential logic to the real-time category, including chur's tptl (time advanced technical Temporal logic) and Koymans' mtl (metric Temporal logic), etc., but most of these real-time expanded sequential logics are used for real-time property specifications, and modeling of a real-time system adopts other forms such as a time automaton and a time transition system, which enables a real-time system modeling method and a verification method to be implemented separately, and verification can be performed after a system model or property specification is converted during verification, so that not only the process is complex, but also errors are easy to occur, and a great obstacle is brought to property verification of the system. There is also some extended sequential logic for describing the system. XYZ/RE adopts a defined operator to expand time sequence logic, expression time constraint is intuitive, but only relative time can be described, and the logic basis is non-real-time LTL, so that the expression of sequence statements and loop statements is complex. TLA + uses a variable now to explicitly define the temporal characteristics by which the current actual time can describe the desired action. The module RealTime in TLA + may simplify the representation of time constraints, but lacks a description of relative time, cannot delineate the duration of one action, nor the time interval between two actions. So far, no real-time system modeling, simulation and verification method which can describe both relative time and absolute time under the same logic framework has been provided in engineering practice.
The project group of the invention searches domestic and foreign patent documents and published journal articles, and reports or documents closely related to the invention are not found.
Disclosure of Invention
The invention aims to overcome the defects of non-uniform logic framework and poor reliability of the existing real-time system modeling and verification method, and provides a method for formalized modeling under the same logic with the verification method, which can describe relative time and absolute time, is simple and feasible and is a TMSVL real-time system modeling method so as to meet the strict requirements of safety and reliability of a real-time system.
A TMSVL real-time system modeling method, modeling the real-time system by a formalization method, constructing the actual model of the system, is characterized in that: time variables and time constraint intervals are expanded on the basis of the syntax of the MSVL, so that the MSVL semantically supports quantitative time modeling, wherein time is simulated by the time variables, and time control is realized by the time constraint intervals; describing a real-time system to be modeled by using the syntactic semantics to obtain a TMSVL model of the system; simplifying the TMSVL model by utilizing the operation semantics of the TMSVL language to obtain an actual model of the system; the process of modeling the real-time system by the TMSVL comprises the following steps:
selecting proper clock starting time and time interval, modeling a clock module of a real-time system by using a TMSVL language and initializing the clock of the system, simulating the time of the current state of the system by using a variable T, expressing the time interval by using the variable Ts, generating the system clock, and modeling the clock module TP of the real-time system by using the TMSVL language0The following were used:
TP0≡T=eT∧Ts=eTs∧frame(Ts)∧keep(○T=T+Ts)
eTand eTsIs two time expressions, eTFor initializing the value of T, eTsTo initialize the value of Ts; an operator 'Λ' represents an 'and' for connecting simultaneous sentences; because the underlying logic of TMSVL is sequential logic in which the value of a subsequent state does not automatically inherit the value of a previous state, the framework technique framework of MSVL is used to declare a variable, Ts is declared as a frame variable, and in the next state if Ts is not assignedThe value automatically inherits the value of the previous state of Ts; keep means that each state except the terminating state is to execute the following statement in parentheses, keep (≈ T ═ T + Ts) means that in each state, the time value of the next state, i.e., · T, is equal to the time value T of the present state plus the time interval value Ts of the present state.
Step 2, describing the real-time system by using a defined TMSVL language according to the initialized system clock module to obtain a TMSVL model of the system; in the description process, the sub-modules under each time constraint in the real-time system are described first, corresponding time constraints are added to the sub-modules, then the related sub-modules are connected to form a new sub-module, and the description TP of the whole system is finally obtained through repeated connection and time constraint addition1The TMSVL model of the system is TP0∧TP1
Step 3, simplifying the TMSVL model obtained in the step 2 by utilizing the operational semantics of the TMSVL, and constructing all practical models of the system; each actual model of the system is an interval formed by a group of state sequences, each state has a timestamp T to represent the time of the state and comprises a group of propositions for assigning all state variables, the state variables and the assignments thereof describe one state of the system, a series of state sequences simulate the dynamic operation process of the system, and a series of state sequences are an interval simplified by the TMSVL model; if each model of the system is safe or meets certain real-time requirements, the system is safe or meets the real-time requirements;
and 4, constructing all actual models of the real-time system, and finishing modeling of the real-time system.
The invention mainly relates to modeling and verification of a real-time system by using a formalized method, and the model construction of the real-time system mainly comprises two parts of TMSVL model establishment and model simplification of the real-time system. The modeling process defines reasonable initial time and time interval according to the actual needs of a real-time system, realizes the initialization of time, generates time sampling points for each state of the system, and then analyzes the systemEach real-time control module obtains the TMSVL model TP of the system through repeated module definition and module connection0∧TP1. After modeling is finished, simplifying the model to construct an actual model of the system, namely, a plurality of state sequences for saving system state propositions. If the system has a property to be verified, the property is described by TMSVL and simplified by the same method, the property is also simplified into a sequence of states, a state proposition of each state of the sequence of states of the property is verified on each state of the sequence of states of the model, and if each state is satisfied, the model satisfies the property.
The syntax of the temporal expression is defined as:
t::=n|x|Θx|function|t0 op t1|T|○T|end(T)
op::=+|-|×|mod
n represents a positive integer, x represents the value of the variable x in the current state, Θ x represents the value of the variable x in the previous state, function represents the function return value, t0 op t1Representing two time expressions t0And t1The value obtained through arithmetic operation, op, represents the time expression t0And t1Arithmetic operations that can be performed, including addition, subtraction, multiplication and modulo operations, T represents the time value of the current state, and T represents the time of the next state, only occurring at the position of the start time in the time constraint interval if the time constraint is ([ T ], T1),t1Is a time expression, the time constraint interval represents the sentence under the constraint of the time expression is executed from the next state, end (T) represents the time of T at the execution end of the sentence, and the time can only appear at the position of the end time in the time constraint interval if the time constraint is (T)1,end(T)),t1The time constraint interval does not limit the ending time of the statement under the constraint of the time constraint interval, and the value of the semantically legal time expression t after simplification is a nonnegative integer.
In the invention, the time variable T is defined by the explicit method in the modeling of the real-time system, which not only facilitates the calling of time in the modeling process, but also expands the expression capability of sentences, and can describe the absolute time property which can not be described by a plurality of implicit time definitions. After the system clock is modeled by the time variable T, the time constraint of all sentences in the system controls the execution of the sentences by referring to the time variable. The time expression is used for initializing the time variable, and also represents the T value of the starting execution state or the T value of the ending execution state of the constrained statement in the time constraint interval, but once the time variable is initialized, the time variable cannot be assigned, and except for the initial state, the time value T of each subsequent state can only be obtained by adding the value of the time interval and the T value of the previous state.
The invention is also realized in that: in TMSVL, the most basic statement for describing the modeled real-time system is to add a time constraint interval (t) before the statement p that needs to be defined1,t2) Form the basic simple sentence (t) in TMSVL1,t2) p in the form of a time expression t1To define the time at which this statement starts to execute, expression t2To define the time at which this statement ends, the statement p under the time constraint must be executed strictly according to the time constraint.
In the invention, in the construction of modeling sentences, the most basic sentences are added with time constraints before the original MSVL sentences, multiple operators, such as ^ (parallel), < v > (select), | (parallel) and the like, are used for connecting sentences with mutual relations, and the connected sentences can still be limited to execute by adding the time constraints.
The invention is also realized in that: if p, tp represent MSVL and TMSVL statements, respectively, the TMSVL basic statements used to describe the real-time system have the following form:
(1).Original p (2).Time limie (t1,t2)tp
(3).Conjunction tp1∧tp2 (4).Selection tp1∨tp2
(5).Sequential tp1;tp2 (6).Point ()tp
(7).Projection (tp1,...,tpm)prj tp
(8).Conditional
(9).While loop
(10).Parallel
(11).For loop for 0 times do tp = def empty
for n + 1 times do tp = def ( for n times do tp ) ; tp
(12).Repeat loop <math> <mrow> <mi>repeat tp until b</mi> <mover> <mo>=</mo> <mi>def</mi> </mover> <mi>tp</mi> <mo>;</mo> <mi>while</mi> <mo>&Not;</mo> <mi>b do tp</mi> </mrow> </math>
wherein: p is a statement in MSVL that indicates whether the module described by p is time-unconstrainedIs semantically equivalent to a statement (T, end (T)) p, i.e. p is executed from the current time, and the ending time is not limited; (t)1,t2) tp denotes the time interval (t) of the block tp1,t2) From t1Time start to t2Ending the time; tp1∧tp2Means module tp1And tp2Executed in parallel and ended at the same time; tp1∨tp2Is a selection statement, representing tp1And tp2One of the processes can be selected; sequential execution of the statement tp1;tp2Denotes tp1And tp2Are in a sequence relation with each other when tp1Tp can only be executed after execution2(ii) a () tp is a state statement with space-time constraint, and execution of tp is finished only at the current time point; () tp is a state statement with space-time constraint, and execution of tp is finished only at the current time point; projection statement (tp)1,...,tpm) prj tp denotes tp1;...;tpmAnd tp are executed in parallel, each module may define its own interval length or execution time, but tp is only executed on tp1;...;tpmEach of the execution intervals is represented by tpi(1 ≦ i ≦ m) execution on end state of subinterval of execution interval division, tp and tp1,...,tpmMay not end at the same time; if b, then tp else tq is a conditional statement, if b is true, executing tp, otherwise executing tp; a loop statement while b do tp indicates that tp is repeatedly executed until b is false; the loop statement for n times do tp indicates that tp is executed circularly for n times; the loop repeat tp unstilb is similar to the while loop, and tp is repeated until b is true, except that tp is still performed once when the initial value of b is true.
When the invention defines the formalized modeling sentence, the 'A' (and), 'V' (or) ', or' V '(V)', or,(not), "(closure) and" → "(implication) are the same as in general mathematical logic; sequential operator □ indicates that each state thereafter executes the following bracketsThe statement in (1) has the same meaning as in general sequential logic; the for loop statement, the while loop statement and the condition statement have the same meaning as a common programming language, but have formal meaning, thereby being beneficial to application and understanding and having strict logic relation.
The invention is also realized in that: if p is a TMSVL statement, describing the delay, timeout and interruption of common concepts in the real-time system by using the basic statement of the TMSVL, wherein the specific form is as follows:
(1) the delay is described by TMSVL as follows:
{t1,tmp denotes that p starts from the current state, over t1Ending after a time, and delaying to t at mostmEnding after time, i.e. the statement is at system time T + T1To T + TmEnd in the state of T + T1And T + Tm,T+tiIs from time T + T1Time (1. ltoreq. i. ltoreq.m) for the state(s) of (d) to start the ith state.
(2) The timeouts are described below with TMSVL:
(t1tm) p denotes if the execution time of p exceeds tmThen it is forced to exit and the remaining unexecuted parts are forced to be discarded.
(3) The delay with timeout is described by TMSVL as follows:
{t1tmp denotes that the execution of p is delayed by t at mostmFor a long time, the remaining unexecuted parts are discarded if they are not executed yet.
(4) The interrupts are described in TMSVL as follows:
the interrupt statement indicates that q is executed, and p is executed when the condition b is satisfied, and the remainder of q is executed again after p is executed.
In the invention, a statement form of delaying implicit time is defined, wherein a time expression in a time constraint represented by { } 'is relative time from the current time, and a time in the time constraint represented by { }' is independent of the current time and is absolute time with reference to a system clock; in a real-time system, a certain signal is not always waited for or an event happens endlessly, so a timeout mechanism is defined in the invention, and if two time expressions are connected in a 'connection', the system waits after the time of the two time expressions reaches; the interrupt is used to switch to execute a higher priority event when a condition is satisfied.
The invention is also realized in that: after a TMSVL model of the system is obtained, simplifying the sentences forming the model by using the operational semantics of the TMSVL; through repeated state simplification and interval simplification, a TMSVL formal model of the system is simplified into a series of state sequences; the operation semantics comprises the following two parts:
A. state reduction of statements: for simple TMSVL statements in the base statement, p, () tp and (t)1,t2) tp, sentence without time constraint, using MSVL simplifying rule to simplify it, the sentence with time constraint firstly simplifies time constraint, then simplifies the sentence under time constraint, and so on; for other compound TMSVL sentences obtained by connecting the operators in the basic sentences, the definitions of the operators are the same as those in MSVL, only the constructed sub-sentences are TMSVL sentences, the simplification process is the same as that of MSVL, and the simplification of the sub-sentences is carried out by adopting a simplification method of TMSVL simple sentences; the delay, overtime and interruption defined by the basic statement are firstly converted into the expression mode of the basic statement and then are simplified by the state simplification method of the basic statement.
B. Interval simplification of sentences: after the stateful simplification is finished, the state proposition part is saved, and the rest part of the statement has two conditions: (. smallcircle.t) pfOr () empty, the former representing that the sentence needs to be reduced continuously in the next state, the latter representing model is reduced to null, and there is no sentence in the next state, for these two cases, the sentence enters the next state by adopting interval reduction, the interval reduction includes two rules:
TR1 ((○T,t)p,σi-1,si,i)→((T,t)p,σi,si+1,i+1)
TR2
in which the quadruple ((. smallcircle.T.t) p, sigmai-1,siI) denotes a schema in which (° T, T) p is the part of the statement that cannot be reduced by the current state after the current state holds the associated state proposition, σi-1Is a state sequence, s, which has been simplifiediIs the current state, i is σi-1A counter of middle state, representing the number of states that have been reduced;
rule TR1 indicates that if the current state is reduced to form (∘ T, T) p, then the next statement to be reduced to the next state is (T, T) p, and rule TR2 indicates that if the current state is reduced to form () empty, then the final schema is reached, the statement is reduced to null, the reduction is complete, σ isiIs a realistic model of the system.
When the TMSVL model is simplified, the state simplification of the statement inherits the simplification method of the MSVL program to simplify the statement without time constraint, only the simplification method is defined for the time constraint interval, and the simplification problem of all statements is reduced to the simplification of the basic simple statement by adopting a recursion mode; in interval simplification, corresponding interval conversion rules are defined according to two conditions of state simplification, so that model simplification enters into another state from one state, next state simplification is carried out, and the two states have a chronological precedence relationship.
The invention is also realized in that: simple statements () p and (t) with time constraints in step A1,t2) p, the state reduction step comprises:
step A1: the time constraint of the simplified sentence is converted to step A4 if it is in () form, and is (t)1,t2) Go to step a 2;
step A2: simplification t1If t is1If the current time is less than the current time, the step A6 is turned to; if t is1If the current time is greater than the current time, a time constraint (∘ T, T) is added to the current statement2) Turning to step a 5; if t is1To T, or its value equals the current time T, the time constraint is replaced by (T, T)2) Turning to step a 3; if t is1Equal to o T, go to step a 5;
step A3: simplification t2If t is2Less than t1If the time is illegal, returning to simplification failure, and turning to the step A6; if t is2Equal to the current time, the time constraint is reduced to () and the turn is madeStep A4; if t is2If the current time is greater than the current time or the current time is in the form of end (T), ending the time constraint simplification, and turning to step A4;
step A4: simplifying the state of p, if the returned form is () empty or empty, and the time constraint form is () or t2At end (T), the statement is reduced to () empty, and the flow goes to step A5 if the time constraint is (T, T)2) And t is2If T is greater than T, the simplification fails, and the step A6 is turned to; if the form of return is w ^ (O T, T)2)pfOr w ^ pfAnd the time constraint is of the form (T, T)2) Then w is saved in the current state and the statement is reduced to (∘ T, T)2)pfIf the time constraint is of the form () then go to step a 6; if p fails, go to step A6;
step A5: the state simplification is successful, and the form after sentence simplification is returned;
step A6: this state simplification fails.
The end time in the time constraint interval is end (t), which means that the time constraint does not limit the end time of the statement, but if other time constraints are nested in the constraint or the constraint statement is nested in other time constraints, end (t) may be replaced by the end time of other time constraints, such as: (T, end (T)) (T1,t2) p and (T, T)2)(t1End (T) p is equivalent to (T, T) respectively2)(t1,t2) p and (T, T)2)(t1,t2) p, if the constrained statement reduces to null, end (T) may be replaced by the current time T, such as: (T, end (T)) empty ≡ (T, T) empty ≡ () empty; when simplifying statements under time constraints, because there is logically O pf≡(○T,end(T))pfAnd (T, T)2)(○T,t2)pf≡(○T,t2)pfTherefore, the constrained sentences can be unified into a form no matter whether the constrained sentences contain time constraint sentences or do not contain time constraint sentences, and the same interval type is convenient to adoptSimplifying the rule; step A4 recursively calls the state simplification of p, so as to continually simplify the time interval, and calls the state simplification for the new constrained statement, until the constrained statement is a statement without time constraint, the simplified statement is simplified by adopting the MSVL simplification method, and then the simplified time constraint is added in sequence until the time constraint of the outermost layer is added, and after the state simplification is finished, the statement enters the next state simplification process by adopting the corresponding interval simplification rule according to the form of the statement.
Compared with the existing modeling method, the invention has the following advantages:
(1) the invention properly expands the time and time constraint interval of the existing tool MSVL, is more suitable for modeling, simulating and verifying a real-time system, is easy to realize in engineering, is simple and easy to implement and is convenient to use.
(2) The invention not only utilizes the explicit time definition method to expand the expression capability, but also utilizes the expression of implicit time, combines the application, can be used for describing relative time and absolute time, can be used for describing most real-time systems, and has strong expression capability and flexible use.
(3) The invention can also provide a simulation result for the modeling system, namely one of the actual models of the system, to simulate the real execution process of the real-time system.
(4) The statements of the first-order logic are used for describing the real-time system, and the corresponding propositional logic can be used for describing the properties of the system, so that the model construction and the property description use the same language, the modeling and the verification are carried out under the same logic framework, and the property verification of the system is facilitated.
(5) The logic basis of the MSVL modeling method is sequential logic belonging to a formalization method, and the TMSVL expanded on the basis also has strict mathematical background, so that the validity and reliability of verification and detection of the established model are ensured.
Drawings
FIG. 1 is a schematic flow chart of the TMSVL modeling of the present invention for a real-time system;
FIG. 2 is a pair () p or (t)1,t2) A state reduction flow chart of the p-form statement;
FIG. 3 is a reference diagram of interrupt execution in embodiment 1, and is a schematic diagram of the execution of an interrupt statement q where b do p, each node representing a state;
FIG. 4 is a block state diagram of a VOD real-time system; wherein fig. 4(a) is a state diagram of a foreground module of the VOD real-time system and fig. 4(b) is a state diagram of a background module of the VOD real-time system;
FIG. 5 is an exemplary diagram of the TMSVL model of the VOD real-time system showing the migration of the system real-time status.
Detailed Description
The invention is described in detail below with reference to the attached drawings and examples
Example 1
The invention discloses a TMSVL real-time system modeling method, and belongs to the field of formalization methods. The invention can be applied to formal modeling of a real-time system and modeling of a general parallel program, and the modeling of the system is an important basis of modern design or a necessary step for realizing high-speed safety no matter the modeling of the real-time system or the modeling of the general parallel program.
TMSVL is a real-time extension to MSVL, which is an executable subset of sequential logic PTL (projection sequential logic). The invention extends the PTL to the real-time category through the explicit definition of time and the definition of a time constraint formula, and then the TMSVL can be used for describing a real-time system and real-time properties.
Fig. 2 is a state diagram of a foreground module and a background module of a VOD (video-on-demand) VOD real-time system. A VOD system is composed of three sub-modules of a foreground, a background and a manual operation: the foreground module, as shown in (a), has four states of "prepare", "buffer", "play" and "pause", and there are two transition conditions related to time between the states: the transition from 'buffering' to 'playing' can be realized only when the connection with the background is established within 3 seconds; from "buffer" to "ready", the buffer time exceeds 3 seconds and the state is changed to ready again. The playing control method comprises the following steps that a pause state is selected and then the playing control method is started, and the playing control method is also provided with an interrupt, wherein in the playing state, the playing control method enters the pause state after the pause is selected, and the playing control method continues playing after the playing control method is resumed; the background module has two states of 'waiting' and 'connecting', as shown in (b), and enters the waiting state again only after the link is successfully established within 2 to 3 seconds; still another module is a human operation module, which can model the operation process. The parallelism of the three modules is the modeling of the whole VOD real-time system.
Referring to fig. 1, the method for modeling a real-time system comprises the following specific steps:
selecting proper clock starting time and time interval, modeling a clock module of a real-time system by using a TMSVL language and initializing the clock of the system, simulating the time of the current state of the system by using a variable T, expressing the time interval by using the variable Ts, generating the system clock, and modeling the clock module TP of the real-time system by using the TMSVL language0The following were used:
TP0≡T=eT∧Ts=eTs∧frame(Ts)∧keep(○T=T+Ts)
eTand eTsIs two time expressions, eTFor initializing the value of T, i.e. the initial value of the system clock, eTsTo initialize the value of Ts; an operator 'Λ' represents an 'and' for connecting simultaneous sentences; because the underlying logic of TMSVL is sequential logic in which the value of a subsequent state does not automatically inherit the value of a previous state, a framework technique framework employing MSVL declares a variable, Ts is declared as fAfter the random variable, if the Ts is not assigned, automatically inheriting the value of the previous state of the Ts in the next state; keep means that each state except the terminating state is to execute the following statement in parentheses, keep (≈ T ═ T + Ts) means that in each state, the time value of the next state, i.e., · T, is equal to the time value T of the present state plus the time interval value Ts of the present state.
Wherein the time expression is defined as:
t::=n|x|Θx|function|t0 op t1|T|○T|end(T)
op::=+|-|×|mod
n represents a positive integer, x represents the value of the variable x in the current state, Θ x represents the value of the variable x in the previous state, function represents the function return value, t0 op t1Representing two time expressions t0And t1The value obtained through arithmetic operation, op, represents the time expression t0And t1Arithmetic operations that can be performed, including addition, subtraction, multiplication and modulo operations, T represents the time value of the current state, and T represents the time of the next state, only occurring at the position of the start time in the time constraint interval if the time constraint is ([ T ], T1),t1Is a time expression, the time constraint interval represents the sentence under the constraint of the time expression is executed from the next state, end (T) represents the time of T at the execution end of the sentence, and the time can only appear at the position of the end time in the time constraint interval if the time constraint is (T)1,end(T)),t1The time constraint interval does not limit the ending time of the statement under the constraint of the time constraint interval, and the value of the semantically legal time expression t after simplification is a nonnegative integer. The time expression provided by the invention can be used for initializing the time variable and describing the starting time and the ending time in the time constraint interval.
Step 2, describing the real-time system by using a defined TMSVL language according to the initialized system clock module to obtain a TMSVL model of the system; in the description processFirstly, describing the sub-modules under each time constraint in the real-time system, adding corresponding time constraints for the sub-modules, and then connecting the related sub-modules to form a new sub-module, for example: the modules executed at the same time are connected by an operator V, the modules selected to be executed are connected by a V, and the modules with execution sequence are used; the ' connected and parallel executed modules are connected by ' I ', and the description TP of the whole system is finally obtained through repeated connection and time constraint addition1The TMSVL model of the system is TP0∧TP1
In TMSVL, the most basic statement for describing the modeled real-time system is to add a time constraint interval (t) before the statement p that needs to be defined1,t2) Form the basic simple sentence (t) in TMSVL1,t2) p in the form of a time expression t1To define the time at which this statement starts to execute, expression t2To define the time at which this statement ends, the statement p under the time constraint must be executed strictly according to the time constraint.
Assuming that p, tp represent MSVL and TMSVL statements, respectively, the TMSVL basic statements used to describe the real-time system have the following form:
(1).Original p (2).Time limie (t1,t2)tp
(3).Conjunction tp1∧tp2 (4).Selection tp1∨tp2
(5).Sequential tp1;tp2 (6).Point ()tp
(7).Proection (tp1,...,tpm)prj tp
(8).Conditional
(9).While loop
(10).Parallel
(11).For loop for 0 times do tp = def empty
for n + 1 times do tp = def ( for n times do tp ) ; tp
(12).Repeat loop <math> <mrow> <mi>repeat tp until b</mi> <mover> <mo>=</mo> <mi>def</mi> </mover> <mi>tp</mi> <mo>;</mo> <mi>while</mi> <mo>&Not;</mo> <mi>b do tp</mi> </mrow> </math>
wherein: p is a statement in MSVL, which means that the module described by p is not time-constrained and is semantically equivalent to a statement (T, end (T)) p, i.e. p is executed from the current time, and the end time is not limited; (t)1,t2) tp denotes the time interval (t) of the block tp1,t2) From t1Time start to t2Ending the time; tp1∧tp2Means module tp1And tp2Executed in parallel and ended at the same time; tp1∨tp2Is a selection statement, representing tp1And tp2One of the processes can be selected; sequential executionStatement tp1;tp2Denotes tp1And tp2Are in a sequence relation with each other when tp1Tp can only be executed after execution2(ii) a () tp is a state statement with space-time constraint, and execution of tp is finished only at the current time point; () tp is a state statement with space-time constraint, and execution of tp is finished only at the current time point; projection statement (tp)1,...,tpm) prj tp denotes tp1;...;tpmAnd tp are executed in parallel, each module may define its own interval length or execution time, but tp is only executed on tp1;...;tpmEach of the execution intervals is represented by tpi(1 ≦ i ≦ m) execution on end state of subinterval of execution interval division, tp and tp1,...,tpmMay not end at the same time; if b, then tp else tq is a conditional statement, if b is true, executing tp, otherwise executing tp; a loop statement while b do tp indicates that tp is repeatedly executed until b is false; the loop statement for n times do tp indicates that tp is executed circularly for n times; the loop repeat tp unstilb is similar to the while loop, and tp is repeated until b is true, except that tp is still performed once when the initial value of b is true. As can be seen from the definition of TMSVL statements, the statements of MSVL can still be applied in TMSVL, with their semantics remaining unchanged.
If p is a TMSVL statement, describing the delay, timeout and interruption of common concepts in the real-time system by using the basic statement of the TMSVL, wherein the specific form is as follows:
(1) the delay is described by TMSVL as follows:
{t1,tmp denotes that p starts from the current state, over t1Ending after a time, and delaying to t at mostmEnding after time, i.e. the statement is at system time T + T1To T + TmEnd in the state of T + T1And T + Tm,T+tiIs from time T + T1Time (1. ltoreq. i. ltoreq.m) for the state(s) of (d) to start the ith state.
(2) The timeouts are described below with TMSVL:
(t1tm) p denotes if the execution time of p exceeds tmThen it is forced to exit, the remaining unexecuted parts are forced to be discarded, pc iDenotes that the sentence p is in the range from T to T1The status proposition part obtained by simplifying the status of the ith status from the beginning of the status, if the mth status is the last status, pe mA state proposition section that represents this state.
(3) The delay with timeout is described by TMSVL as follows:
{t1tmp denotes that the execution of p is delayed by t at mostmFor a long time, the remaining unexecuted parts are discarded if they are not executed yet. T + TiIs from time T + T1Time (1. ltoreq. i. ltoreq.m) for the state(s) of (d) to start the ith state.
(4) The interrupts are described in TMSVL as follows:
the interrupt statement, see fig. 3, indicates that when the program q is executed, p is executed when the condition b is satisfied, and the remainder of q is continued after p is executed. skip is a statement defined in MSVL and comprising two states, does not execute any operation, and is only used for specifying the interval length to be 1; halt (r) represents that the statement terminates when proposition r is established, or makes r be established when statement terminates, and is used for identifying the ending state of q;the first half of the presentation prj statement has zero or more if b the p else skip statements, where the number is controlled by the establishment of r, so the prj statement ends both before and after.
The original statements in the MSVL and all statements described above, including the base statements and the definitional statements derived from the base statements, can be directly applied to modeling of the real-time system.
Step 3, simplifying the TMSVL model obtained in the step 2 by utilizing the operational semantics of the TMSVL, and constructing all practical models of the system; each actual model of the system is an interval formed by a group of state sequences, each state has a timestamp T to represent the time of the state and comprises a group of propositions for assigning all state variables, the state variables and the assignments thereof describe one state of the system, a series of state sequences simulate the dynamic operation process of the system, and a series of state sequences are an interval simplified by the TMSVL model; a system is safe or meets certain real-time requirements if each model of the system is safe or meets such real-time requirements.
The operation semantics of the TMSVL used for simplifying the model comprises two parts of state simplification and interval simplification, and through repeated state simplification and interval simplification, the model is simplified into a null, and a series of state sequences are generated, and the series of state sequences are the model of the system.
A. State reduction of statements: for simple TMSVL statements in the base statement, p, () tp and (t)1,t2) tp, see (1), (6) and (2) in the basic sentence. Simplifying the statement without time constraint by using MSVL simplification rule, saving state proposition, changing into () empty form if the result of simplification is empty, and if the result of simplification is O pfBecomes (∘ T, end (T)) pf(ii) a The sentence with time constraint firstly simplifies the time constraint, and then simplifies the sentence under the time constraint, and the operation is carried out recursively; for other compound TMSVL sentences obtained by connecting the operators in the basic sentences, the definitions of the operators are the same as those in MSVL, only the constructed sub-sentences are TMSVL sentences, the simplification process is the same as that of MSVL, and the simplification of the sub-sentences is carried out by adopting a simplification method of TMSVL simple sentences; the delay, overtime and interruption defined by the basic statement are firstly converted into the expression mode of the basic statement and then are simplified by the state simplification method of the basic statement.
Referring to FIG. 2, simple time-constrained statements () p and (t) in step A1,t2) p, the state reduction step comprises:
step A1: the time constraint of the simplified sentence is converted to step A4 if it is in () form, and is (t)1,t2) Go to step a 2;
step A2: simplification t1If t is1If the current time is less than the current time, the step A6 is turned to; if t is1If the current time is greater than the current time, a time constraint (∘ T, T) is added to the current statement2) Turning to step a 5; if t is1To T, or its value equals the current time T, the time constraint is replaced by (T, T)2) Turning to step a 3; if t is1Equal to o T, go to step a 5;
step A3: simplification t2If t is2Less than t1If the time is illegal, returning to simplification failure, and turning to the step A6; if t is2Equal to the current time, the time constraint is reducedTo () go to step a 4; if t is2If the current time is greater than the current time or the current time is in the form of end (T), ending the time constraint simplification, and turning to step A4;
step A4: simplifying the state of p, if the returned form is () empty or empty, and the time constraint form is () or t2At end (T), the statement is reduced to () empty, and the flow goes to step A5 if the time constraint is (T, T)2) And t is2If T is greater than T, the simplification fails, and the step A6 is turned to; if the form of return is w ^ (O T, T)2)pfOr w ^ pfAnd the time constraint is of the form (T, T)2) Then w is saved in the current state and the statement is reduced to (∘ T, T)2)pfIf the time constraint is of the form () then go to step a 6; if p fails, go to step A6;
step A5: the state simplification is successful, and the form after sentence simplification is returned;
step A6: this state simplification fails.
According to the steps A1 to A6, firstly simplifying the time constraint, then simplifying the statement under the time constraint according to a state simplification method, and recursively performing the steps until the constrained statement is a statement without the time constraint, adopting the MSVL simplification method to simplify the constrained statement, then sequentially adding the innermost time constraint for the statement according to the method in the step A4 from inside to outside, simplifying the statement into a new form until the outermost time constraint is added, and finishing the whole state simplification process.
For other compound TMSVL sentences obtained by connecting operators in the basic sentences, because the definitions of the compound TMSVL sentences are the same as those in the original MSVL, only the constructed sub-sentences are TMSVL sentences, the simplification process is the same as that of the MSVL, only the simplification method of the simple sentences of the TMSVL is adopted for the simplification of the sub-sentences, and then the simplified sentences are unified into the form of the simple sentences by using the following extraction rules with time constraint:
(○T,t1)p∧(○T,t1)q≡(○T,t1)(p∧q)
()empty∧(T,end(T))p≡()p
(○T,t1)p;(t2,t3)q≡(○T,t3)((T,t1)p;(t2,t3)q)
()empty;(t1,t2)p≡(t1,t2)p
()empty prj p≡p
p prj()empty≡p
((○T,t1)p1,p2,...,pm)prj(○T,t2)q≡(○T,end(T))((T,t1)p1;(p2,...,pm)prj(T,t2)q)
statements on both sides of the above rule "identical to" number are equivalent, when a statement is simplified according to the reduction steps of a multi-element operator, the statement is replaced in the form of the right if the form of the "identical to" number on the left appears, while the statement on the right can also be simplified in the reduction steps of a basic simple statement in the current state, otherwise the transition to the next state is continued according to the interval reduction rule.
The delay, the timeout and the interruption defined by the basic statement are firstly converted into the expression mode of the basic statement and then are simplified by the state simplification method of the basic statement.
B. Interval simplification of sentences: after the stateful simplification is finished, the state proposition part is saved, and the rest part of the statement has two conditions: (. smallcircle.t) pfOr () empty, the former representing that the sentence needs to be reduced continuously in the next state, the latter representing model is reduced to null, and there is no sentence in the next state, for these two cases, the sentence enters the next state by adopting interval reduction, the interval reduction includes two rules:
TR1 ((○T,t)p,σi-1,si,i)→((T,t)p,σi,si+1,i+1)
TR2
in which the quadruple ((. smallcircle.T.t) p, sigmai-1,siI) denotes a schema in which (° T, T) p is the part of the statement that cannot be reduced by the current state after the current state holds the associated state proposition, σi-1Is a state sequence, s, which has been simplifiediIs the current state, i is σi-1A counter of middle state, representing the number of states that have been reduced;
rule TR1 indicates that if the current state is reduced to form (∘ T, T) p, then the next statement to be reduced to the next state is (T, T) p, and rule TR2 indicates that if the current state is reduced to form () empty, then the final schema is reached, the statement is reduced to null, the reduction is complete, σ isiIs a realistic model of the system.
And 4, constructing all actual models of the real-time system, and finishing modeling of the real-time system.
The invention uses a formalization method to model a real-time system, constructs an actual model of the system, expands a time variable and a time constraint interval on the basis of the syntax of MSVL, and leads the time variable and the time constraint interval to support the quantitative time modeling in semantic, wherein the time is simulated by the time variable, and the time control is realized by the time constraint interval; describing a real-time system to be modeled by using the syntactic semantics to obtain a TMSVL model of the system; and simplifying the TMSVL model by utilizing the operation semantics of the TMSVL language to obtain an actual model of the system.
The modeling method of the invention takes the time sequence logic TPTL as the logic foundation, the language for modeling belongs to the formalized language, and the method has strict mathematical significance on the detection and the property verification of the model to ensure the effectiveness and the reliability of the model.
Example 2:
the modeling method of the TMSVL real-time system is the same as that of the embodiment 1, and the system clock of the VOD video-on-demand system is initialized. Initializing the clock of the VOD system by TMSVL language, and the system clock module represented by TMSVL statement is as follows:
P0≡frame(Ts)∧T=0∧Ts=1∧keep(○T=T+Ts)
in this example, P0The time of each state of the system is controlled by a time variable T which is a positive integer in the current state, namely the time of the current state, the unit of the time is defined by a user, such as minute or second, and only an integer 1 is required to represent a time unit in modeling. In this example, the time unit is unified into second when the model is established, and the clock module P0The value of a clock variable T representing the initialized system is 0 second, the value of a clock interval Ts is 1 second, the value of T is the sum of the value of T in the previous state and the value of Ts in each subsequent state, and if the value of Ts is not reassigned in the current state, the value of the previous state is retained. The time value T for the next state in this example is 1 second, and the value of Ts would still be 1 second if not reassigned.
The explicit time definition mode can directly call T to describe a plurality of properties directly related to time during modeling, and has strong expression capability and flexible application.
Example 3
The TMSVL real-time system modeling method is the same as the embodiment 1-2, and when describing the real-time system, the method uses (t)1,t2) p describes a general time constraint module, denoted by t1,t2P to describe the time constraint module with delay, with (t)1t2) p to describe the time constraint module for timeout exit, using { t }1t2P to describe the time constraint module with time delay and overtime exit, for the statement without time constraintFor describing modules without time constraints.
According to the description of the VOD system in embodiment 1, first, variables for describing the system are declared and part of the variables are initialized; since the system variables act on the whole operation process of the system and are not limited by time, the following statement P is used for the variables which are not limited by time1Declaration and initialization:
P1≡frame(req1,req2,movID,remtime,appstate,serstate,MovTime[5],conOK,stop)
∧remtime=0∧MovTime[5]=(3,4,4,6,2)
req1 is used for sending a video request to a foreground by a user, req2 is used for sending a connection request to a background by the foreground, movID is used for sending a video ID number required to be requested, remtime is used for recording the remaining time of the video being played, appstate and server are respectively used for storing the current state of the foreground and the background, an array Movtime [5] is used for recording the information of each video, the duration of each video is referred to herein, confirm indicates whether an application end and a service end establish connection, and stop is used for sending a pause signal; frame is a framework technique in MSVL such that a declared variable can automatically inherit the value of a previous state. The initialized remtime is 0, and the duration of each of the 5 videos is initialized. The variable use and declaration method of the invention is similar to the common programming language, thereby being convenient for users to use.
Describing the sub-modules of the VOD system with TMSVL basic sentences and defined delay, timeout and interrupt sentences, referring to FIG. 4(a), a foreground module P is constructed2
The foreground is a circular subsystem, and continues to wait for the next video request after processing the video request once, so that the whole module is represented by a while circular statement; the former module changes the next state into a waiting state every time a video request is processed; await () is a sentence for synchronous communication, which means that the following sentence is executed until the proposition in the bracket is established, the foreground module waits for the video request from the user, that is, req1 equals 1, and then sends a connection signal for the background, that is, req2 equals 1; after the connection signal is sent, the foreground is in a 'buffering' state, if a connection success signal is received within 3 seconds, namely conOK is 1, the video requested by the user starts to be played, otherwise, the foreground is overtime and quits, and the next cycle is entered; in the playing process, if the user sends a pause signal, that is, stop is 1, the playing is stopped, the foreground becomes a pause state, and the playing is restarted until stop is 0; when the video playing is finished, namely remtime is 0, the foreground enters the next cycle and waits for a new video request.
Referring to FIG. 4(b), a background module P is constructed3
The background is also a cyclic subsystem, and starts to be in a "waiting" state, when receiving the connection request req2 ═ 1, the background is in the "connecting" state during the connection, if the video exists, the background establishes a connection with the foreground within 2 to 3 seconds, and sends a signal conOK ═ 1, otherwise, the next cycle is entered to wait for a new connection request.
Assuming that a user sends a video request signal with a video number of 4 every 10 seconds, namely movID is 4, the user is described by TMSVL basic sentences and defined delay, timeout and interrupt sentences, and an artificial operation module of the video playing system is modeled as P4
P4≡while(true)do{(T,T+10){○req1=1∧○movID=4}}
In the video-on-demand system, the foreground, the background and the manual operation modules are mutually independent and parallel submodules which are connected by an operator "|", and the connected system submodules coexist with a clock module and a variable initialization module of the system, so that a TMSVL (TMSVL) model of the VOD system is P0∧P1∧(P2||P3||P4) TMSVL model TP of its form and system0∧TP1In which P is0Equivalent to the clock module TP in step 10,P1∧(P2||P3||P4) Equivalent to the system description module TP in step 21
The invention refers to the form of general programming language for the definition of the sentences, has intuitive meaning, has formal logic meaning and intuitive meaning of the general programming language by using various sentences defined by the invention to describe the real-time system, is beneficial to verification and is convenient to understand. Meanwhile, the invention introduces an expression form in implicit time on the basis of explicit time definition, can be used for describing relative time and absolute time, can be used for describing most real-time systems, and is flexible to use.
Real-time example 4
The real-time system modeling method of the TMSVL is the same as that of embodiments 1-3, and in this example, the model is more thoroughly simplified, assuming that a system modeling of a heating device with a reservation timing function is needed, the heating device is started after reserving for one minute, and heating is performed for one minute, x ═ 1 indicates that the system is in a heating state, and the unit of each time unit 1 is set to be minute, and the system modeling is performed in the TMSVL language as follows:
frame(Ts)∧T=0∧Ts=1∧keep(○T=T+Ts)∧(1,2)□x=1
according to the simplification method of the 'A' sentences, each sentence connected with the 'A' is subjected to state simplification, the sentence without time constraint in the former part is simplified by the simplification rule of MSVL, the sentence with time constraint in the latter part is simplified by the simplification rule of TMSVL, and the sentence simplification results are as follows:
the above statement is in this state s0Retention proposition And lbf is the proposition and predicate defined in MSVL that are related to framework variables, used to ensure that Ts follows the value of the previous state without being re-assigned, the remaining part of the statement is reduced, the time constraint is extracted, and the result of state reduction is as follows:
(○T,2)(lbf(Ts)∧T=1∧keep(lbf(Ts))∧keep(○T=T+Ts)∧(1,2)□x=1)
with the interval reduction rule TR1, the statements that need to be reduced to enter the next state are as follows:
(T,2)(lbf(Ts)∧T=1∧keep(lbf(Ts))∧keep(○T=T+Ts)∧(1,2)□x=1)
the starting time of the time constraint is T, and after the sentence under the time constraint is simplified, the sentence is simplified into the following form:
at this state s1Retention propositionThe remaining part of the above sentence is simplified, and the form is as follows:
(T,2)((○T,2)(lbf(Ts)∧T=2∧keep(lbf(Ts))∧keep(○T=T+Ts))∧□x=1))
and then carrying out state simplification on the time constraint statement part of the statement, wherein the statement is simplified again into the following form:
(○T,2)(lbf(Ts)∧T=2∧keep(lbf(Ts))∧keep(○T=T+Ts))∧□x=1)
with the interval reduction rule TR1, the statements that need to be reduced to enter the next state are as follows:
(T,2)(lbf(Ts)∧T=2∧keep(lbf(Ts))∧keep(○T=T+Ts))∧□x=1)
the state of the above statement is simplified, and the following form is obtained:
the above statement is in this state s2Retention propositionThe statement form of the rest part is () empty, and an actual model meeting statement description is found as a state sequence by using an interval simplification rule TR2<s0,s1,s2>Wherein:
<math> <mrow> <msub> <mi>s</mi> <mn>0</mn> </msub> <mo>=</mo> <mo>{</mo> <mi>T</mi> <mo>=</mo> <mn>0</mn> <mo>,</mo> <mo>&Not;</mo> <msub> <mi>p</mi> <mi>Ts</mi> </msub> <mo>,</mo> <mi>Ts</mi> <mo>=</mo> <mn>1</mn> <mo>}</mo> <mo>;</mo> </mrow> </math>
<math> <mrow> <msub> <mi>s</mi> <mn>1</mn> </msub> <mo>=</mo> <mo>{</mo> <mi>T</mi> <mo>=</mo> <mn>1</mn> <mo>,</mo> <mo>&Not;</mo> <msub> <mi>p</mi> <mi>Ts</mi> </msub> <mo>,</mo> <mi>Ts</mi> <mo>=</mo> <mn>1</mn> <mo>,</mo> <mi>x</mi> <mo>=</mo> <mn>1</mn> <mo>}</mo> <mo>;</mo> </mrow> </math>
<math> <mrow> <msub> <mi>s</mi> <mn>2</mn> </msub> <mo>=</mo> <mo>{</mo> <mi>T</mi> <mo>=</mo> <mn>2</mn> <mo>,</mo> <mo>&Not;</mo> <msub> <mi>p</mi> <mi>Ts</mi> </msub> <mo>,</mo> <mi>Ts</mi> <mo>=</mo> <mn>1</mn> <mo>,</mo> <mi>x</mi> <mo>=</mo> <mn>1</mn> <mo>}</mo> <mo>;</mo> </mrow> </math>
s0,s1and s2The three states respectively represent 3 discrete states in an actual system, and it can be seen from an actual model that when the system time is 0, the current state proposition does not include "x ═ 1", so the system is not in a heating state, and when the system time is 1, the state proposition includes "x ═ 1", so the system is in a heating state, and similarly, the system is also in a heating state when the time is 2, so the system is in a heating state in 1-2 minutes. Therefore, the heating device was scheduled at 0 minute, and the system was heated one minute after one minute.
When the state is simplified, each simplification step is equivalent conversion in logic, sentences which appear in the sentences or do not contain time constraint under time constraint interval constraint can be directly simplified by adopting an MSVL (modeling, simulation and verification language) simplification mode, an existing MSVL interpreter can provide automatic simplification, and the MSVL interpreter can be directly expanded into a TMSVL interpreter only by adding a time interval simplification rule into the MSVL interpreter during implementation, so that the implementation is very convenient.
Example 5
The modeling method of the TMSVL real-time system is the same as that of the embodiment 1-4, the TMSVL model of the VOD video-on-demand system in the embodiment 3 is simplified by using the operation semantics of the TMSVL language, and the obtained simplification is shown in the table 1.
Table 1: simplified results of TMSVL model for VOD systems
Wherein each state represents a state of the system, the proposition set of the states is the assignment of each system variable, the system variable values are used for describing the concrete form of the system state, and only a part of key variables for describing the system and the assignment of the key variables in each state are listed. This reduction result is represented by NFG (normal form graph), as shown in fig. 5, the double-line nodes are the starting nodes, each node represents a state transition, and each arrow represents a state. It can be seen that the system is a cyclic system, the state s of whichiAnd state si+10(i is a non-negative integer) is the same, i.e. the assignment of all system variables except the time variableSame, any slave state s0The starting cyclic path, which is made up of states, is a model of the system.
If it is verified whether the system satisfies a property, the property can be expressed by TMSVL proposition logic statement, and then simplified, so that the property required to be satisfied by each state can be obtained, and the satisfiability of each state can be judged to determine whether the system satisfies the property.
Assuming that the property to be verified is "the background, if it is a connected state, the foreground must be a buffered state", described as follows using the TMSVL statement:
□(serstate=‘connecting’→appstate=‘loading’)
simplifying the above property description statement to obtain that in each state:
the state s can be seen in the system model reduction result3、s4-1、s4-2And s5-2Satisfies the conditions of 'connecting' and 'loading', and the other conditions satisfySince the system is a circulation system, each state of each model of the system satisfies a property that needs to be verified, and each model satisfies the property □ (service ═ connecting → appstate ═ loading').
In this case, it is also possible to simulate an actual model of the system, for example the state s0To s9The loop of (a) is a result of a simulation run on the system.
The statement of the first-order logic is used for describing the real-time system, the corresponding propositional logic can be used for describing the property of the system, the model construction and the property description are carried out under the same logic framework, the process of mutual conversion is omitted, and the property verification or the model detection of the system is convenient to carry out.
In summary, the invention discloses a TMSVL real-time system modeling method, and belongs to the field of system formalization modeling and verification. The TMSVL real-time system modeling method mainly comprises three steps of initializing a system clock, establishing a TMSVL model of the system and simplifying the TMSVL model. Each statement used for modeling is defined in a formalized way, and the concepts of timeout, delay and interruption commonly used in real-time systems are also defined. After the system is defined by the TMSVL, the operational semantics can find the actual model of the system through the simplification of the TMSVL model. The invention provides a method for describing a system and the properties of the system, so that the system can be modeled and verified in the same logic framework, and the method can be used for modeling, simulating and verifying the real-time system.

Claims (6)

1. A TMSVL real-time system modeling method, modeling the real-time system by a formalization method, constructing the actual model of the system, is characterized in that: time variables and time constraint intervals are expanded on the basis of the syntax of the MSVL, so that the MSVL semantically supports quantitative time modeling, wherein time is simulated by the time variables, and time control is realized by the time constraint intervals; describing a real-time system to be modeled by using the syntactic semantics to obtain a TMSVL model of the system; simplifying the TMSVL model by utilizing the operation semantics of the TMSVL language to obtain an actual model of the system; the process of modeling the real-time system by the TMSVL comprises the following steps:
selecting proper clock starting time and time interval, modeling a clock module of a real-time system by using a TMSVL language and initializing the clock of the system, simulating the time of the current state of the system by using a variable T, expressing the time interval by using the variable Ts, generating the system clock, and modeling the clock module TP of the real-time system by using the TMSVL language0The following were used:
TP0≡T=eT∧Ts=eTs∧frame(Ts)∧keep(○T=T+Ts)
eTand eTsIs two time expressions, eTFor initializing the value of T, eTsTo initialize the value of Ts; the syntax of the temporal expression is defined as:
t::=n|x|Θx|function|t0op t1|T|T|○end(T)
op::=+|-|×|mod
where n represents a positive integer, x represents a value of the variable x in a current state, Θ x represents a value of the variable x in a previous state, function represents a function return value, t represents a function return value0op t1Representing two time expressions t0And t1The value obtained through arithmetic operation, op, represents the time expression t0And t1Arithmetic operations that can be performed, including addition, subtraction, multiplication and modulo operations, T represents the time value of the current state, and T represents the time of the next state, only occurring at the position of the start time in the time constraint interval if the time constraint is ([ T ], T1),t1Is a time expression, the time constraint interval represents the sentence under the constraint of the time expression is executed from the next state, end (T) represents the time of T at the execution end of the sentence, and the time can only appear at the position of the end time in the time constraint interval if the time constraint is (T)1,end(T)),t1The time constraint interval does not limit the ending time of the statement under the constraint of the time constraint interval, and the value of the time expression t with legal semantics after simplification is a non-negative integer; an operator 'Λ' represents an 'and' for connecting simultaneous sentences; because the underlying logic of the TMSVL is sequential logic, in sequential logic, postThe value of one state cannot automatically inherit the value of the previous state, so the framework technology frame declaration variable of MSVL is adopted, and after Ts is declared as the frame variable, the value of the previous state of Ts is automatically inherited in the next state if Ts is not assigned; keep means that each state except the terminating state executes the following statement in parentheses, keep (T + Ts) means that in each state, the time value of the next state, i.e., T, is equal to the time value T of the present state plus the time interval value Ts of the present state;
step 2, describing the real-time system by using a defined TMSVL language according to the initialized system clock module to obtain a TMSVL model of the system; in the description process, the sub-modules under each time constraint in the real-time system are described first, corresponding time constraints are added to the sub-modules, then the related sub-modules are connected to form a new sub-module, and the description TP of the whole system is finally obtained through repeated connection and time constraint addition1The TMSVL model of the system is TP0∧TP1
Step 3, simplifying the TMSVL model obtained in the step 2 by utilizing the operational semantics of the TMSVL, and constructing all practical models of the system; each actual model of the system is an interval formed by a group of state sequences, each state has a timestamp T to represent the time of the state and comprises a group of propositions for assigning all state variables, the state variables and the assignments thereof describe one state of the system, a series of state sequences simulate the dynamic operation process of the system, and a series of state sequences are an interval simplified by the TMSVL model; if each model of the system is safe or meets certain real-time requirements, the system is safe or meets the real-time requirements;
and 4, constructing all actual models of the real-time system, and finishing modeling of the real-time system.
2. The TMSVL real-time system modeling method of claim 1, wherein: in TMSVL, the most basic statement for describing the modeled real-time system is to add a time constraint interval (t) before the statement p that needs to be defined1,t2) Form the basic simple sentence (t) in TMSVL1,t2) p in the form of a time expression t1To define the time at which this statement starts to execute, expression t2To define the time at which this statement ends, the statement p under the time constraint must be executed strictly according to the time constraint.
3. The TMSVL real-time system modeling method of claim 2, wherein: if p, tp represent MSVL and TMSVL statements, respectively, the TMSVL basic statements used to describe the real-time system have the following form:
wherein: p is a statement in MSVL, which means that the module described by p is not time-constrained and is semantically equivalent to a statement (T, end (T)) p, i.e. p is executed from the current time, and the end time is not limited; (t)1,t2) tp denotes the time interval (t) of the block tp1,t2) From t1Time start to t2Ending the time; tp1∧tp2Means module tp1And tp2Parallel execution and end at the same time; tp1∨tp2Is a selection statement, representing tp1And tp2One of the processes can be selected; sequential execution of the statement tp1;tp2Denotes tp1And tp2Are in a sequence relation with each other when tp1Tp can only be executed after execution2(ii) a () tp is a state statement with space-time constraint, and execution of tp is finished only at the current time point; () tp is a state statement with space-time constraint, and execution of tp is finished only at the current time point; projection statement (tp)1,...,tpm) prj tp denotes tp1;...;tpmAnd tp are performed in parallelEach module may define its own interval length or execution time, but tp is only on tp1;...;tpmEach of the execution intervals is represented by tpiExecuting on the termination state of subintervals of interval division, i is more than or equal to 1 and less than or equal to m, tp and tp1;...;tpmMay not end at the same time; if b, then tp else tq is a conditional statement, if b is true, tp is executed, otherwise tq is executed; the loop statement while do tp indicates that tp is repeatedly executed until b is false, where "□" is a timing operator,is expressed as a sum of "*"represents the closure, tp ^ b represents the sum of tp and b, (tp ^ b)*Represents the closure of tp Λ b; the loop statement for n times do tp indicates that tp is executed circularly for n times; the loop repeat tp unity b is similar to the while loop, and tp is repeated until b is true, except that tp is still performed once when the initial value of b is true.
4. The TMSVL real-time system modeling method of claim 3, wherein: if p is a TMSVL statement, describing the delay, timeout and interruption of common concepts in the real-time system by using the basic statement of the TMSVL, wherein the specific form is as follows:
(1'), delay is described by TMSVL as follows:
{t1,tmp denotes that p starts from the current state, over t1Ending after a time, and delaying to t at mostmEnding after time, i.e. the statement is at system time T + T1To T + TmEnd in the state of T + T1And T + Tm,T+tiIs from time T + T1The time for starting the ith state from the state (i) is more than or equal to 1 and less than or equal to m;
(2'), timeout is described below with TMSVL:
(t1tm) p denotes if the execution time of p exceeds tmThen it is forced to exit, the remaining unexecuted parts are forced to be discarded,denotes that the sentence p is in the range from T to T1The mth state from which the state starts is subjected to state proposition part obtained by state reduction, if the mth state is the last state,a state proposition section representing this state;
(3'), the delay with timeout is described by TMSVL as follows:
{t1tmp denotes that the execution of p is delayed by t at mostmA long time, if not executed, discarding the remaining unexecuted part;
(4'), interrupts are described using TMSVL as follows:
the interrupt statement represents that when q is executed, when the condition b is satisfied, p is executed, and the rest part of q is executed continuously after p is executed; wherein,representing prj that there are zero or more if b the p else skip statements in the first half of the statement; wherein, halt (r) represents that the statement is terminated when proposition r is established, and r represents proposition.
5. The TMSVL real-time system modeling method of claim 4, wherein: after a TMSVL model of the system is obtained, simplifying the sentences forming the model by using the operational semantics of the TMSVL; through repeated state simplification and interval simplification, a TMSVL formal model of the system is simplified into a series of state sequences; the operation semantics comprises the following two parts:
A. state reduction of statements: for simple TMSVL statements in the base statement, P, () tp and (t)1,t2) tp, sentence without time constraint, using MSVL simplifying rule to simplify it, the sentence with time constraint firstly simplifies time constraint, then simplifies the sentence under time constraint, and so on; for other compound TMSVL sentences obtained by connecting the operators in the basic sentences, the definitions of the operators are the same as those in MSVL, only the constructed sub-sentences are TMSVL sentences, the simplification process is the same as that of MSVL, and the simplification of the sub-sentences is carried out by adopting a simplification method of TMSVL simple sentences; for the time delay, overtime and interruption defined by the basic statement, firstly converting the time delay, overtime and interruption into an expression form of the basic statement, and then simplifying the expression form by using a state simplification method of the basic statement;
B. interval simplification of sentences: after the stateful simplification is finished, the state proposition part is saved, and the rest part of the statement has two conditions: (. smallcircle.t) pfOr () empty, the former representing that the sentence needs to be reduced continuously in the next state, the latter representing model is reduced to null, and there is no sentence in the next state, for these two cases, the sentence enters the next state by adopting interval reduction, the interval reduction includes two rules:
TR1 ((○T,t)p,σi-1,si,i)→((T,t)p,σi,si+1,i+1)
in which the quadruple ((. smallcircle.T.t) p, sigmai-1,siI) denotes a pattern where (. smallcircle.T, T) p is current state save-related state proposition not followed by propositionPart of a sentence, σ, that can be simplified by the current statei-1Is a state sequence, s, which has been simplifiediIs the current state, i is σi-1A counter of middle state, representing the number of states that have been reduced;
rule TR1 indicates that if the current state is reduced to form (∘ T, T) p, then the next statement to be reduced to the next state is (T, T) p, and rule TR2 indicates that if the current state is reduced to form () empty, then the final schema is reached, the statement is reduced to null, the reduction is complete, σ isiIs a realistic model of the system.
6. The TMSVL real-time system modeling method of claim 5, wherein: simple statements () p and (t) with time constraints in step A1,t2) P, the state reduction step comprises:
step A1: the time constraint of the simplified sentence is converted to step A4 if it is in () form, and is (t)1,t2) Go to step a 2;
step A2: simplification t1If t is1If the current time is less than the current time, the step A6 is turned to; if t is1If the current time is greater than the current time, a time constraint (∘ T, T) is added to the current statement2) Turning to step a 5; if t is1To T, or its value equals the current time T, the time constraint is replaced by (T, T)2) Turning to step a 3; if t is1Equal to o T, go to step a 5;
step A3: simplification t2If t is2Less than t1If the time is illegal, returning to simplification failure, and turning to the step A6; if t is2Equal to the current time, the time constraint is reduced to () turning to step A4; if t is2If the current time is greater than the current time or the current time is in the form of end (T), ending the time constraint simplification, and turning to step A4;
step A4: simplifying the state of p, if the returned form is () empty or empty, and the time constraint form is () or t2At end (T), the statement is reduced to () empty, and the flow goes to step A5 if the time constraint is (T, T)2) And t is2If T is greater than T, the simplification fails, and the step A6 is turned to; if the form of return is w ^ (O T, T)2)pfOr w ^ pfW is the part of the state proposition after the completion of the stateization simplification, and the form of the time constraint is (T, T)2) Then w is saved in the current state and the statement is reduced to (∘ T, T)2)pfIf the time constraint is of the form () then go to step a 6; if p fails, go to step A6;
step A5: the state simplification is successful, and the form after sentence simplification is returned;
step A6: this state simplification fails.
CN201210118810.8A 2012-04-20 2012-04-20 TMSVL (timed modeling simulation verification logic) real-time system modeling method Active CN102708228B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210118810.8A CN102708228B (en) 2012-04-20 2012-04-20 TMSVL (timed modeling simulation verification logic) real-time system modeling method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210118810.8A CN102708228B (en) 2012-04-20 2012-04-20 TMSVL (timed modeling simulation verification logic) real-time system modeling method

Publications (2)

Publication Number Publication Date
CN102708228A CN102708228A (en) 2012-10-03
CN102708228B true CN102708228B (en) 2015-02-18

Family

ID=46900991

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210118810.8A Active CN102708228B (en) 2012-04-20 2012-04-20 TMSVL (timed modeling simulation verification logic) real-time system modeling method

Country Status (1)

Country Link
CN (1) CN102708228B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104111889B (en) * 2014-07-11 2017-10-20 西安电子科技大学 A kind of C language real-time system operation Formal Analysis Method based on TMSVL
CN104915514A (en) * 2015-06-25 2015-09-16 华东师范大学 Time requirement modeling and verification method based on problem frame method
CN105787214A (en) * 2016-04-05 2016-07-20 浪潮电子信息产业股份有限公司 Method and device for model verification
CN109783380A (en) * 2019-01-04 2019-05-21 北京航空航天大学 A kind of concurrent system combined authentication device
CN112230618B (en) * 2020-10-29 2021-10-15 中国人民解放军国防科技大学 Method for automatically synthesizing multi-robot distributed controller from global task

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5801938A (en) * 1994-10-03 1998-09-01 Nasser Kalantery Data processing method and apparatus for parallel discrete event simulation

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5801938A (en) * 1994-10-03 1998-09-01 Nasser Kalantery Data processing method and apparatus for parallel discrete event simulation

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
A Semantic Model for Many-Core Parallel Computing;Nan Zhang et al;《COCOA 2011》;20111231;464-479 *
A Unified Model Checking Approach with Projection Temporal Logic;Zhenhua Duan et al;《ICFEM 2008》;20081231;167-186 *
MSVL语言的公理***的程序验证;杨潇潇 等;《西安电子科技大学学报(自然科学版)》;20100228;第37卷(第1期);96-101 *
张丽.命题投影时序逻辑的判定性和表达性.《中国优秀硕士学位论文全文数据库(电子期刊)-信息科技辑》.2007,1-56. *

Also Published As

Publication number Publication date
CN102708228A (en) 2012-10-03

Similar Documents

Publication Publication Date Title
De Alfaro How to specify and verify the long-run average behaviour of probabilistic systems
Holzmann The model checker SPIN
Zhang et al. Model-based development of dynamically adaptive software
Emmi et al. Delay-bounded scheduling
CN102708228B (en) TMSVL (timed modeling simulation verification logic) real-time system modeling method
Nouri et al. Statistical model checking QoS properties of systems with SBIP
Srba Comparing the expressiveness of timed automata and timed extensions of Petri nets
Hillston et al. Stochastic process algebras: From individuals to populations
Seshia et al. Modeling for verification
Michael et al. Teaching rigorous distributed systems with efficient model checking
Baresi et al. From interaction overview diagrams to temporal logic
Di Stefano et al. Verification of distributed systems via sequential emulation
Arts et al. Development of a verified Erlang program for resource locking
Amirat et al. Automatic generation of PROMELA code from sequence diagram with imbricate combined fragments
Haddad et al. Models and Analysis for Distributed Systems
Arts et al. Verifying Erlang code: a resource locker case-study
KR101690948B1 (en) Method for verifying software using input output event scenario of time-line based aircraft apparatus and System thereof
Daszczuk Verification of temporal properties in concurrent systems
Dong et al. Towards verification of computation orchestration
Han et al. Time constraints with temporal logic programming
Basit ur Rahim et al. Translating activity diagram from duration calculus for modeling of real-time systems and its formal verification using UPPAAL and DiVinE
Beutner et al. Checking and sketching causes on temporal sequences
Shi et al. Modeling and verification of transmission protocols: A case study on CSMA/CD protocol
Daw et al. An extensible formal semantics for UML activity diagrams
Bohn et al. Traverdi—Transformation and verification of distributed systems

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant