CN110134599A - A kind of system architecture misdeed verification method and device - Google Patents

A kind of system architecture misdeed verification method and device Download PDF

Info

Publication number
CN110134599A
CN110134599A CN201910384389.7A CN201910384389A CN110134599A CN 110134599 A CN110134599 A CN 110134599A CN 201910384389 A CN201910384389 A CN 201910384389A CN 110134599 A CN110134599 A CN 110134599A
Authority
CN
China
Prior art keywords
model
component
misdeed
hierarchical
automata
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910384389.7A
Other languages
Chinese (zh)
Other versions
CN110134599B (en
Inventor
丁明
张磊
张军
袁璐
李源
曹云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Aeronautics Computing Technique Research Institute of AVIC
Original Assignee
Xian Aeronautics Computing Technique Research Institute of AVIC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Aeronautics Computing Technique Research Institute of AVIC filed Critical Xian Aeronautics Computing Technique Research Institute of AVIC
Priority to CN201910384389.7A priority Critical patent/CN110134599B/en
Publication of CN110134599A publication Critical patent/CN110134599A/en
Application granted granted Critical
Publication of CN110134599B publication Critical patent/CN110134599B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3684Test management for test design, e.g. generating new test cases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3688Test management for test execution, e.g. scheduling of test suites

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The present invention provides a kind of system architecture misdeed verification method and device.This method comprises: establishing the component misdeed model of system using Architecture Analysis and design language AADL, the component misdeed model is the system of systems model comprising component error note;The component misdeed model is mapped as hierarchical automata, the hierarchical automata is formalized model;Use hierarchical automata described in Promela language description;The security attribute input model detection instrument Spin to be verified that the hierarchical automata of the Promela language description and linear time temporal logic are defined is verified, and confirms whether the system of systems model has the security attribute of verifying.The present invention solves the problems, such as that component faults impact analysis correctness is difficult to ensure in avionics system architecture security evaluation process.

Description

A kind of system architecture misdeed verification method and device
Technical field
The present invention relates to aerospace designs field more particularly to a kind of system architecture misdeed verification methods and dress It sets.
Background technique
What the safety of airborne electronic equipment system referred to that system has do not cause aircrew and passenger's injures and deaths, airborne equipment and Aircraft damage, property loss or the ability for not jeopardizing personnel health and environment.For the system architecture of design, how efficiently Ground is influenced on failure and processing is analyzed and verified, and the accuracy and efficiency for promoting safety evaluation is that the field is urgently to be resolved One of hot issue.
Avionics system is Safety-Critical System, system built-in type software, hardware platform and the mechanical system of control Interaction is complicated between system.For the security requirement of the development process of aircraft and airborne system, software, hardware, international automatic machine Society of Engineers (Society of Automotive Engineers International, SAE International) hair Cloth civil aircraft airborne system and device security evaluation process guide and method (number SAE ARP4761).It will in standard The a part of security assessment procedure as system development process, including function risk assessment, rudimentary system safety evaluation, Security of system is assessed, altogether because of links such as analyses.Evaluation process identifies the system with execution aircraft function since conceptual design Relevant harm, and derive security requirement, verifying design terminates after meeting security requirement.It is often used failure mould in the process Formula impact analysis (Failure Mode Effects and Analysis, FMEA), failure tree analysis (FTA) (Failure Tree Analysis, FTA) the methods of carry out system components failure and its influence assessed, above-mentioned conventional method point Analysis process is complex and has a large amount of repeated works, relies primarily on designer to the experience point of design documentation and system model Analysis.For complicated avionics system, comprising a large amount of crosslinking component, and intercouple between subsystem, manual analysis method Heavy workload, process can break down omission or interactive relation is obscured, it is difficult to quickly and accurately obtain analysis result and iteration frame Structure design.
Summary of the invention
Goal of the invention: it is correct to solve component faults impact analysis in avionics system architecture security evaluation process The problem of property is difficult to ensure.
In a first aspect, providing a kind of system architecture misdeed verification method, comprising:
The component misdeed model of system is established using AADL, the component misdeed model is to include component mistake The system of systems model of annotation;
The component misdeed model is mapped as hierarchical automata, the hierarchical automata is form Change model;
Use hierarchical automata described in Promela language description;
The safety to be verified that the hierarchical automata of the Promela language description and linear time temporal logic are defined belongs to Property input model detection instrument Spin is verified, and confirms whether the system of systems model has the security attribute of verifying.
Further, the component misdeed model that system is established using Architecture Analysis and design language AADL, packet It includes:
The architecture that system is described using AADL, obtains architectural model;The architectural model includes each group Part and its between connection;
Use the error model attachment thing wrong to the type of error of various components, initiation in the architectural model Part, error propagation and wrong relevant information are annotated, and the component misdeed model is obtained.
It is further, described that the component misdeed model is mapped as hierarchical automata, comprising:
It is sequence automatic machine by component misdeed model conversion;
According to the connection relationship between the system component by the sequence composition of automata be hierarchical automaton.
It is further, described to use hierarchical automata described in Promela language description, comprising:
The state, event and the condition of guarding of the hierarchical automaton are converted to the variable of Promela description;
Define the message interacting channel of Promela description;
The state transition of the hierarchical automaton is converted to the process function of Promela description.
Further, by the hierarchical automata of the Promela language description and linear time temporal logic define to Verifying security attribute input model detection instrument Spin is verified, and confirms whether the system of systems model has the peace of verifying Full attribute, comprising:
The system security attribute of expectation verifying is defined using linear time temporal logic;
By the hierarchical automata of the Promela language description and security attribute input model detection instrument to be verified Spin is verified.
Second aspect provides a kind of system architecture misdeed verifying device, comprising:
Module is established, for establishing the component misdeed model of system, the component misdeed model using AADL For the system of systems model comprising component error note;
Mapping block, for the component misdeed model to be mapped as hierarchical automata, the level is certainly Motivation Model is formalized model;
Describing module, for using hierarchical automata described in Promela language description;
Confirmation module, for defining the hierarchical automata of the Promela language description and linear time temporal logic Security attribute input model detection instrument Spin to be verified verified, confirm whether the system of systems model has verifying Security attribute.
Further, the module of establishing includes:
It describes unit and obtains architectural model for describing the architecture of system using AADL;The architecture Model include each component and its between connection;
Annotation unit, for use error model attachment to the type of error of various components in the architectural model, Event, error propagation and the wrong relevant information for causing mistake are annotated, and the component misdeed model is obtained.
Further, the mapping block includes:
Converting unit, for being sequence automatic machine by component misdeed model conversion;
Assembled unit, for according to the connection relationship between the system component by the sequence composition of automata be level Automatic machine.
Further, the describing module includes:
Converting unit, for the state, event and the condition of guarding of the hierarchical automaton to be converted to Promela description Variable;The state transition of the hierarchical automaton is converted to the process function of Promela description;
Definition unit, for defining the message interacting channel of Promela description.
The third aspect provides a kind of computer-readable storage medium, instruction, the finger is stored on the storage medium The step of enabling the method that first aspect is realized when being executed by processor.
The utility model has the advantages that
This method is related to a kind of system architecture misdeed verification method and device, first against system function requirement And security objectives, establish architectural model;Then, the misdeed of component and caused is described using error model attachment Failure influences, and uses hierarchical automaton as intermediate state, realizes architecture misdeed model by transfer algorithm Formalized description;Finally, realizing the verification of correctness of security requirement by model inspection.It is applied to airborne electronic equipment system Safety analysis process, is able to verify that whether the component erroneous effects of architecture Design and counter-measure meet the safety of system Property target, promotes the accuracy and efficiency of safety evaluation.
Detailed description of the invention
Fig. 1 is the schematic diagram of architecture misdeed validation framework provided in an embodiment of the present invention;
Fig. 2 is the schematic diagram of component misdeed model description provided in an embodiment of the present invention;
Fig. 3 is component misdeed illustraton of model provided in an embodiment of the present invention;
Fig. 4 is the schematic diagram of the system architecture model of Promela description provided in an embodiment of the present invention;
Fig. 5 is the schematic diagram of verification result provided in an embodiment of the present invention.
Specific embodiment
The frame of this method modeling and verifying is as shown in Figure 1.Frame first against system function requirement, security objectives, Design and develop the system architecture model comprising component error note;Then application construction algorithm is by architectural model form Change is converted to hierarchical automaton, and uses Promela language description;System of systems is verified finally by model checking tools Spin Whether structure energy model meets security requirement, is such as unsatisfactory for, and provides counter-example and realizes location of mistake, provides for system Iterative Design Foundation.
The embodiment of the present invention by establish system architecture model, modelling component misdeed, formalized description conversion, The mechanism such as model inspection realize the Formal Verification of security attribute, are provided with for the component misdeed analysis of avionics system Power is supported.
The specific embodiment of each component part of this method are as follows:
The modeling of 1 component misdeed
AADL is the architecture modeling standard language of embedded system, describes the level of system software and hardware component Structure.AADL defines three types component: component software executes platform assembly, system component.Component software include thread, The submodels such as sets of threads, process, data, the architecture of the types of applications software for including in description system;Execute platform Component includes the submodels such as processor, memory, equipment, bus, the architecture of each hardware module for describing composition system; Syntagmatic and hierarchical structure of the system component for soft and hardware component in abstract system, establish the architecture of system.Component Using the external interface of characterizing definition in statement, component realize in using the interface between connection series component, description component it Between behavior interaction, use stream description inter-module information transmit.
In order to support the fault modeling of embedded system, SAE International to extend AADL standard, increase mistake Model attachment (Error Model Annex) carries out the attributes such as type of error, event, the propagation of architectural model of system Annotation, newest released version are EMV2.EMV2 introduces the classification of type of error concept identification mistake, supports in three abstraction levels Architecture misdeed modeling: (1) in modeling the error source of failure and its by propagate to other assemblies or operation ring The influence in border;(2) malfunction caused by the event and misdeed that the mistake inside modelling component occurs;(3) from subsystem The angle of system is combined system mistake behavior abstract, builds to the subordinate relation for the subsystem error that the system failure includes Mould.In addition, EMV2 introduces type of error concept to identify different types of fault, failure and propagation.AADL description EMV2 model as shown in Fig. 2, define type of error, error condition, error propagation receive and outgoing interface, modeled error row For state transition caused by combinations of states and mistake.The graphic representation of model is as shown in figure 3, subsystem Sub2 receives mistake Error1 spreads out of mistake Error2.
The formalization of 2 architectural models is converted
AADL is the unified language for modeling software architecture of system engineering, has the characteristics that grammer is simple, graphical, expansible, is used To describe and the hierarchical structure of each component part of analysis system and connection interaction.Formalization method can be realized to it is semantic more Accurate description, and AADL belongs to high-rise modeling language, the natural language description constraint and detailed semanteme formalized using half, this Body lacks verifying analysis means.In order to realize Formal Verification and the analysis of architecture, use hierarchical automata as Intermediate state realizes the conversion for arriving Promela language.
Define 1: sequence automatic machine (Sequential Automata, SA) may be defined as following four-tuple SA=(σ, S0,λ,δ)。
σ is the finite state set in SA;
S0It is unique original state;
λ is state transition set, and λ is special composite construction, can be indicated with five-tuple, t ∈ λ=(sr, ev, g, ac, Td), sr is source state, and ev is the event sets of triggering migration, and g is the condition of guarding of migration, and ac is the action lists executed, td It is dbjective state;
Indicate the transition relationship set between each state;
Define 2: hierarchical automaton (Hierarchical Automata, HA), is formed by sequence composition of automata, table Show the nesting and the contents such as concurrently of state in system.HA can be expressed as a five-tuple, HA=(F, E, ρ, Λ).
F is the finite aggregate with the SA of non-intersecting state set;
E is one group of limited event sets;
Tree is constructed for F set by refining function ρ, wherein the root automatic machine of existence anduniquess, each non-root is certainly Motivation has a parent status, and does not have cyclic structure;
Λ=∪A∈FλAIt is the state transition set in hierarchical automaton.
AADL description system architecture misdeed model describe system each component units and its between mutually close System, and EMV2 model is introduced for each component, the attributes such as annotation type of error, event, propagation can pass through following transformation rule structure It is made as hierarchical automata.
Algorithm 1: the hierarchical automaton construction algorithm of architecture misdeed
Input: the system architecture misdeed model of AADL description
Output: hierarchical automata
Step 1: it is sequence automatic machine by the misdeed model conversion of each component, it first will be fixed in error behavior The error condition (state) of justice is mapped as state in the σ set of sequence automatic machine SA, and wherein initial mode is mapped as S0, Indicate original state;Then the error condition automatic machine migration (transitions) of component is mapped as to the shape of sequence automatic machine State migrates set λ, and wherein sr is the mapping of source error condition, ev be the received error propagation of component (in propagation) and The mapping of the internal event (events) of definition, g be the type of error that causes of error propagation interface or component internal event whether The mapping of type is defined, ac is the movement that component propagates that wrong (in propagation) is executed outward, and td is target error shape The mapping of state;All error conditions of component and the compound mapping of migration are the transition relationship set between each state of sequence automatic machine δ。
Step 2: built-up sequence automatic machine is hierarchical automaton, and whole sequence automatic machines that step 1 is converted are collected into not Intersection set F;The outside propagation of all components mistake (out propagation) is defined as event sets E;It refines letter Number ρ is the mapping function of inter-module inclusion relation and component error condition, and SA is mapped to (parallel) automatic machine with tree form In set;Inter-module mistake propagates (out propagation) outward and inwardly receives error propagation (in propagation) Matching forms the transition relationship Λ of each SA in hierarchical automaton.
3 component misdeed security verifications
Formalization method is a kind of method of mathematics, using sequential logic, automatic machine, Petri network scheduling theory, can standardize ground Verify the computer system model of multiple fields.Model inspection is one of authentication policy of formalization method, is establishing system mould On the basis of type, the desired property of system is described using temporal logic formula, passes through explicit state search or implicit fixed point meter It calculates to verify mode/proposition property of finite state concurrent system, provides counter-example for wrong properties, realize location of mistake. SPIN (Simple Promela Interpreter) is the model checking tools developed by AT&T Labs, has good calculation Method design and efficient detectability are cited as the prize of ACM Excellent Software system.SPIN tool uses Promela Language Modeling pair As system, the property of expectation verifying is expressed based on LTL (Linear Temporal Logic, linear time temporal logic).
By architecture misdeed model form specification at Promela model is converted into after hierarchical automaton, realize The model inspection of SPIN tool inputs.The method that it is converted is as follows:
Algorithm 2: hierarchical automaton is converted to Promela and describes algorithm
Input: hierarchical automaton SEHA
Output: the system model of Promela description
Each state Sx (x is status number) is defined as bit type in σ set in the sequence automatic machine HA that step 1:SEHA includes Variable FSx indicates to be activated when mistake occurs for the state when equal to 1;It enumerates (mtype) and defines each state variable MSx, indicate shape Purpose process identification (PID) message is sent between state process in channel;
Step 2: by set E in SEHA and comprising HA in ev set in event Ey (y is Case Number) be defined as bit Type variable BEy indicates event when being equal to 1;
Step 3: by set Λ in SEHA and comprising HA in g set in guard condition Gz (z is condition number) definition For bit type variable BGz, indicate that condition is true when equal to 1;
Step 4: defining the channel (chan) of inter-process messages interaction, transmitting type of message is the state piece that step 1 defines It lifts type (mtype);
Step 5: state Sx being converted into corresponding process (proctype) function Statex one by one and is defined, process process is Indivisible atomic unit executes, and uses atomic key prefix.To each state, all migration letters in Λ and λ are traversed Number t ∈ (λ ∪ Λ)=(sr, ev, g, ac, td), as td be equal to current state generate receive message (?), activate corresponding states FSx =1;As sr be equal to current state generate send message (!), adding corresponding migration event and guarding condition is decision condition (BEy==1&&BGz==1), as td be combined state, need to based on priority solve conflict, successively activate dbjective state (contain Parallel state);The movement in ac is executed, the event of error propagation and the condition of guarding are set to true (BEy=1, BGz=1), triggering Error propagation.
By the architecture misdeed model form specification of AADL description at being converted into Promela after hierarchical automaton The system model of description, code snippet are as shown in Figure 4.By the LTL with property to be verified of the system model of Promela description Formula Input Technology detection instrument Spin, emulation obtain the other assemblies mistake caused by component faults, obtain after executing Property Verification Can be as shown in Figure 5 as a result, judging whether system meets the attribute of verifying.
Architecture misdeed verification method the present invention is based on model is by the system knot of research object during MDA Structure model is introduced into safety evaluation process, is analyzed and is organically combined with model inspection, promotes the degree of automation of verification process, Whether effective confirmation system meets security requirement to the processing of component misdeed.
This method has the advantage that
1) measured unified language for modeling software architecture AADL describes the hierarchical structure of system software and hardware component, makes The attributes such as the type of error of component, event, propagation are annotated with error model attachment (Error Model Annex), clearly It is clear, system architecture is accurately described.
2) the system architecture model comprising misdeed is established using error model attachment, by architecture design and safety Property analysis organically combine.
3) use hierarchical automaton as intermediate state, application construction algorithm realizes the automatic conversion to Promela model, The architecture modeling and formalization high conversion efficiency, reusability of system are good.
4) whether application form method meets peace using model checking tools Spin verifying system architecture energy model Full property requirement, analytic process are accurate, efficient.
The operation troubles of avionics system may cause catastrophic consequence, it is necessary to carry out as early as possible to architecture Design Assessment, analytic unit misdeed influence the security objectives for whether meeting system with counter-measure.This method can be verified in advance The misdeed and influence of system components, are confirmed whether to meet security requirement, improve architecture security demand and test The efficiency and accuracy of card are effective supplements to conventional method.

Claims (10)

1. a kind of system architecture misdeed verification method characterized by comprising
The component misdeed model of system, the component misdeed model are established using Architecture Analysis and design language AADL For the system of systems model comprising component error note;
The component misdeed model is mapped as hierarchical automata, the hierarchical automata is formalization mould Type;
Use hierarchical automata described in Promela language description;
The security attribute to be verified that the hierarchical automata of the Promela language description and linear time temporal logic are defined is defeated Enter model checking tools Spin to be verified, confirms whether the system of systems model has the security attribute of verifying.
2. the method according to claim 1, wherein described established using Architecture Analysis and design language AADL is The component misdeed model of system, comprising:
The architecture that system is described using AADL, obtains architectural model;The architectural model include each component and Connection between it;
Using error model attachment to the type of error of various components, the event for causing mistake, mistake in the architectural model Misinformation is broadcast and wrong relevant information is annotated, and obtains the component misdeed model.
3. according to the method described in claim 2, it is characterized in that, described be mapped as level for the component misdeed model Automaton model, comprising:
It is sequence automatic machine by component misdeed model conversion;
According to the connection relationship between the system component by the sequence composition of automata be hierarchical automaton.
4. according to the method described in claim 3, it is characterized in that, described automatic using level described in Promela language description Machine model, comprising:
The state, event and the condition of guarding of the hierarchical automaton are converted to the variable of Promela description;
Define the message interacting channel of Promela description;
The state transition of the hierarchical automaton is converted to the process function of Promela description.
5. according to the method described in claim 4, it is characterized in that, by the hierarchical automaton mould of the Promela language description The security attribute input model detection instrument Spin to be verified that type and linear time temporal logic define is verified, and confirms the system Whether system model has the security attribute of verifying, comprising:
The system security attribute of expectation verifying is defined using linear time temporal logic;
By the hierarchical automata of the Promela language description and security attribute input model detection instrument Spin to be verified It is verified.
6. a kind of system architecture misdeed verifies device characterized by comprising
Module is established, for establishing the component misdeed model of system using Architecture Analysis and design language AADL, described group Part misdeed model is the system of systems model comprising component error note;
Mapping block, for the component misdeed model to be mapped as hierarchical automata, the hierarchical automaton Model is formalized model;
Describing module, for using hierarchical automata described in Promela language description;
Confirmation module, for by the hierarchical automata of the Promela language description and linear time temporal logic define to Verifying security attribute input model detection instrument Spin is verified, and confirms whether the system of systems model has the peace of verifying Full attribute.
7. device according to claim 6, which is characterized in that the module of establishing includes:
It describes unit and obtains architectural model for describing the architecture of system using AADL;The architectural model Including each component and its between connection;
Annotation unit, for using error model attachment to the type of error of various components, initiation in the architectural model Event, error propagation and the wrong relevant information of mistake are annotated, and the component misdeed model is obtained.
8. device according to claim 7, which is characterized in that the mapping block includes:
Converting unit, for being sequence automatic machine by component misdeed model conversion;
Assembled unit, for according to the connection relationship between the system component that the sequence composition of automata is automatic for level Machine.
9. device according to claim 8, which is characterized in that the describing module includes:
Converting unit, for the state, event and the condition of guarding of the hierarchical automaton to be converted to the change of Promela description Amount;The state transition of the hierarchical automaton is converted to the process function of Promela description;
Definition unit, for defining the message interacting channel of Promela description.
10. a kind of computer-readable storage medium, instruction is stored on the storage medium, which is characterized in that described instruction The step of any one of claim 1-5 the method is realized when being executed by processor.
CN201910384389.7A 2019-05-09 2019-05-09 System architecture error behavior verification method and device Active CN110134599B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910384389.7A CN110134599B (en) 2019-05-09 2019-05-09 System architecture error behavior verification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910384389.7A CN110134599B (en) 2019-05-09 2019-05-09 System architecture error behavior verification method and device

Publications (2)

Publication Number Publication Date
CN110134599A true CN110134599A (en) 2019-08-16
CN110134599B CN110134599B (en) 2023-06-23

Family

ID=67576776

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910384389.7A Active CN110134599B (en) 2019-05-09 2019-05-09 System architecture error behavior verification method and device

Country Status (1)

Country Link
CN (1) CN110134599B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111274699A (en) * 2020-01-19 2020-06-12 北京航空航天大学 SmartIflow-based AADL (architecture analysis and design language) model security analysis method
CN111679646A (en) * 2020-04-28 2020-09-18 华东师范大学 Formalization-based automobile electronic system safety target confirmation method
CN112306476A (en) * 2020-11-03 2021-02-02 中国航空工业集团公司西安航空计算技术研究所 Embedded system security modeling method
CN112416336A (en) * 2020-11-11 2021-02-26 北京京航计算通讯研究所 Software architecture design method for aerospace embedded system
CN112559359A (en) * 2020-12-22 2021-03-26 华东师范大学 Based on S2ML safety critical system analysis and verification method
WO2024095270A1 (en) * 2022-11-03 2024-05-10 Codium Ltd. System and method of software behavior analysis

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102880548A (en) * 2012-09-18 2013-01-16 西北工业大学 AADL (Architecture Analysis and Design Language) reliability model generation method based on behavior description
US20140208287A1 (en) * 2013-01-18 2014-07-24 Harbin Institute Of Technology Energy Consumption Simulation and Evaluation System for Embedded Device
US20170169149A1 (en) * 2015-12-15 2017-06-15 International Business Machines Corporation System design using accurate performance models
CN108376221A (en) * 2018-02-27 2018-08-07 哈尔滨工业大学 A kind of software system security verification and appraisal procedure based on AADL model extensions
CN108491196A (en) * 2018-02-07 2018-09-04 南京航空航天大学 A kind of graphical behaviour modeling methods of AADL
CN109634600A (en) * 2018-10-30 2019-04-16 西安电子科技大学 A kind of code generating method based on security extension SysML and AADL model

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102880548A (en) * 2012-09-18 2013-01-16 西北工业大学 AADL (Architecture Analysis and Design Language) reliability model generation method based on behavior description
US20140208287A1 (en) * 2013-01-18 2014-07-24 Harbin Institute Of Technology Energy Consumption Simulation and Evaluation System for Embedded Device
US20170169149A1 (en) * 2015-12-15 2017-06-15 International Business Machines Corporation System design using accurate performance models
CN108491196A (en) * 2018-02-07 2018-09-04 南京航空航天大学 A kind of graphical behaviour modeling methods of AADL
CN108376221A (en) * 2018-02-27 2018-08-07 哈尔滨工业大学 A kind of software system security verification and appraisal procedure based on AADL model extensions
CN109634600A (en) * 2018-10-30 2019-04-16 西安电子科技大学 A kind of code generating method based on security extension SysML and AADL model

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
QIANXIN WEI,JIAN JIAO,TINGDI ZHAO: "Flight control system failure modeling and verification based on SPIN", 《SCIENCEDIRECT》 *
刘建军等: "基于AADL的机载设备***可靠性建模", 《航空计算技术》 *
张频等: "UML模型检测方法的研究", 《计算机应用》 *
李东民,李静,林华锋: "基于故障树分析的嵌入式***AADL模型可靠性分析方法", 《计算机科学》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111274699A (en) * 2020-01-19 2020-06-12 北京航空航天大学 SmartIflow-based AADL (architecture analysis and design language) model security analysis method
CN111679646A (en) * 2020-04-28 2020-09-18 华东师范大学 Formalization-based automobile electronic system safety target confirmation method
CN112306476A (en) * 2020-11-03 2021-02-02 中国航空工业集团公司西安航空计算技术研究所 Embedded system security modeling method
CN112306476B (en) * 2020-11-03 2023-04-14 中国航空工业集团公司西安航空计算技术研究所 Embedded system security modeling method
CN112416336A (en) * 2020-11-11 2021-02-26 北京京航计算通讯研究所 Software architecture design method for aerospace embedded system
CN112416336B (en) * 2020-11-11 2023-04-28 北京京航计算通讯研究所 Software architecture design method for aerospace embedded system
CN112559359A (en) * 2020-12-22 2021-03-26 华东师范大学 Based on S2ML safety critical system analysis and verification method
CN112559359B (en) * 2020-12-22 2024-03-22 华东师范大学 S-based 2 ML security critical system analysis and verification method
WO2024095270A1 (en) * 2022-11-03 2024-05-10 Codium Ltd. System and method of software behavior analysis

Also Published As

Publication number Publication date
CN110134599B (en) 2023-06-23

Similar Documents

Publication Publication Date Title
CN110134599A (en) A kind of system architecture misdeed verification method and device
Bozzano et al. The COMPASS approach: Correctness, modelling and performability of aerospace systems
Abdulkhaleq et al. A comprehensive safety engineering approach for software-intensive systems based on STPA
Lahtinen et al. Model checking of safety-critical software in the nuclear engineering domain
Huang et al. Complete model-based equivalence class testing
Clark et al. A study on run time assurance for complex cyber physical systems
Backes et al. Requirements analysis of a quad-redundant flight control system
Bochot et al. Model checking flight control systems: The Airbus experience
US20190179727A1 (en) Automatic setting of multitasking configurations for a code-checking system
Grunske et al. Automatic generation of analyzable failure propagation models from component-level failure annotations
Singh et al. Software reliability early prediction in architectural design phase: Overview and Limitations
Peleska et al. Model-based testing for avionic systems proven benefits and further challenges
Laurent Using formal methods and testability concepts in the avionics systems validation and verification (v&v) process
Buzhinsky et al. Model-checking detailed fault-tolerant nuclear power plant safety functions
CN107808020A (en) Based on the computer interlocking software exploitation of formalized model exploitation with realizing system
Heitmeyer Formal methods for specifying, validating, and verifying requirements.
Grunske et al. Specification and evaluation of safety properties in a component-based software engineering process
Pakonen et al. Verification of fault tolerant safety I&C systems using model checking
Sinha et al. Reliability and availability prediction of embedded systems based on environment modeling and simulation
Lawford et al. Application of tabular methods to the specification and verification of a nuclear reactor shutdown system
CN112559359B (en) S-based 2 ML security critical system analysis and verification method
Björkman et al. Verification of safety logic designs by model checking
Zhang et al. Test case generation from formal models of cyber physical system
Nagy et al. Simulation-based Safety Assessment of High-level Reliability Models
US20220067239A1 (en) Computer-implemented method and computerized device for testing a technical system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant