CN110347588A - Software verification method, device, computer equipment and storage medium - Google Patents
Software verification method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN110347588A CN110347588A CN201910480992.5A CN201910480992A CN110347588A CN 110347588 A CN110347588 A CN 110347588A CN 201910480992 A CN201910480992 A CN 201910480992A CN 110347588 A CN110347588 A CN 110347588A
- Authority
- CN
- China
- Prior art keywords
- state machine
- machine specification
- state
- conversion
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000006243 chemical reaction Methods 0.000 claims abstract description 85
- 230000006870 function Effects 0.000 claims description 62
- 238000004458 analytical method Methods 0.000 claims description 20
- 238000004590 computer program Methods 0.000 claims description 19
- 230000008859 change Effects 0.000 claims description 4
- 238000010606 normalization Methods 0.000 claims description 4
- 238000012217 deletion Methods 0.000 claims description 3
- 230000037430 deletion Effects 0.000 claims description 3
- 238000012795 verification Methods 0.000 description 24
- 230000008569 process Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 7
- 238000007689 inspection Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004566 IR spectroscopy Methods 0.000 description 1
- 108700031620 S-acetylthiorphan Proteins 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000007717 exclusion Effects 0.000 description 1
- 230000005094 fruit set Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Devices For Executing Special Programs (AREA)
- Stored Programmes (AREA)
Abstract
This application involves a kind of software verification method, device, computer equipment and storage mediums.The described method includes: obtaining specification, wherein the specification includes state machine specification and statement specification, and the state machine specification and the statement specification are write according to rules for writing predetermined;The state machine specification is converted into realization code;Whether meet the requirement of the state machine specification by the realization code after validator verifying conversion;The requirement whether the state machine specification meets the statement specification is verified by validator;If the realization code after conversion meets the requirement of the state machine specification, and the state machine specification meets the requirement of the statement specification, then passes through verifying.Software verification can quickly be carried out using this method, improve software verification efficiency, while realizing verifying versatility.
Description
Technical field
This application involves technical field of information processing, more particularly to a kind of software verification method, device, computer equipment
And storage medium.
Background technique
With the development of internet technology, the correctness for verifying system software in advance by way of Formal Verification can
Effectively avoid causing whole system to be collapsed since software goes wrong.Currently existing Formal Verification tool is based on single order
In the Formal Verification tool that logic solves, with the more of SMT solver.
Traditional Formal Verification mode mainly includes model inspection and theorem proving, and model inspection mode is based on limited
Model and the verification technique for examining the model desired characteristic, however, model inspection mode can not directly Validation Code itself, simultaneously
It is difficult the complicated system of expression;Theorem proving mode is the verifying for indicating system and its characteristic with certain mathematical logic formula
Technology, however, theorem proving mode needs the mathematical theorem knowledge of profession and the support of theorem prover, this semi-automation
Verification tool not only need to spend a large amount of manpower to write related specification, but also it is higher to the threshold requirement of research staff,
Professional is needed to design and develop related software.
Summary of the invention
Based on this, it is necessary to which in view of the above technical problems, software verification can quickly be carried out by providing one kind, improved software and tested
Efficiency is demonstrate,proved, while realizing software verification method, device, computer equipment and the storage medium of verifying versatility.
A kind of software verification method, which comprises
Obtain specification, wherein the specification includes state machine specification and statement specification, the state machine specification and the sound
Bright specification is write according to rules for writing predetermined;
The state machine specification is converted into realization code;
Whether meet the requirement of the state machine specification by the realization code after validator verifying conversion;
The requirement whether the state machine specification meets the statement specification is verified by validator;
If the realization code after conversion meets the requirement of the state machine specification, and the state machine specification meets institute
The requirement for stating statement specification, then pass through verifying.
The state machine specification and the statement specification are according to rules for writing predetermined in one of the embodiments,
Writing includes:
The state machine specification is write by Python, and the state machine specification is for describing system function and system
The correctness of interface;
The statement specification is write on the basis of the state machine specification, the statement specification is for describing system property
And system invariants information;
Wherein, the state machine specification includes abstract state machine specification and state conversion specification;
Preferably, increase in the function definition of Python and return to value information;
Set first parameter of Python function to the image parameter of system state space;
It is split by parameter type and parameter name of the predetermined symbol to the other parameters of the Python function.
The state machine specification includes: by Python writing in one of the embodiments,
The state space of the state machine specification is described by Abstract State model, wherein the Abstract State model packet
Include system external set of interfaces, state machine state set, output set, init state and operation conversion;
Preferably, multiple systems object is constructed using data structure, wherein the data structure includes: data type, number
According to variable, system object type and state machine object;
The abstract state machine specification is constructed according to the multiple systems object;
It is further preferred that at least one precondition is arranged, the precondition is for judging that can system calling be held
Row;
If meeting the precondition, system mode machine is converted to the second state space by first state space.
Described be converted to the state machine specification realizes that code includes: in one of the embodiments,
The state machine specification is converted into initial C language code by translater;
Manual amendment is carried out to the initial C language code, obtains final C language code;
The final C language code is converted to the intermediate representation of compiling system, and using the intermediate representation as system
The realization code that can be identified.
It is described in one of the embodiments, that the state machine specification is converted to by initial C language code by translater
It include: data structure conversion and function conversion, wherein
The data structure conversion includes that the kernel objects in the state machine specification are converted to the initial C language generation
Struct structural body in code, wherein the kernel objects are described in a manner of class;
The function conversion includes that the function in the state machine specification is converted to Python syntax tree.
In one of the embodiments, the method also includes:
If the intermediate representation is compiled as system image by verifying;
Preferably, the method also includes:
Known abstract syntax tree is traversed, relevant information is collected and is classified to the relevant information;
According to the structure of the abstract syntax tree and syntax conversion predetermined rule, the abstract syntax tree is turned
It is changed to the form for meeting C language semantic normalization, obtains the Python syntax tree;
The internal conversion of function, conversion, state space including the class function are carried out according to the Python syntax tree
The deletion of variable and the conversion of reference pointer;
The Python syntax tree is converted into the initial C language code.
Whether the realization code after the verifying conversion by validator meets described in one of the embodiments,
State machine specification requires to include:
The realization code after conversion is inputted respectively in solver and semiology analysis engine, the solution is passed sequentially through
Device and the semiology analysis engine solve the realization code after conversion, and the realization code after verifying conversion is
The no requirement for meeting the state machine specification;
Preferably, the state machine specification and the state space for realizing code are obtained respectively;
Reciprocity function between acquisition system and the state machine specification;
By the state space of the state machine specification, the state space for realizing code and the reciprocity function according to
The mode for meeting first order logic is supplied to solver and is solved, and obtains solving result;
Judge whether the realization code meets the requirement of the state machine specification according to the solving result;
It is further preferred that described verify whether the state machine specification meets wanting for the statement specification by validator
It asks and includes:
The state machine specification is obtained into the state space by the semiology analysis engine, wherein the state is empty
Between indicated by first order logic expression formula, by the state space indicated according to first order logic expression formula and the statement specification
It inputs in solver and is solved simultaneously, verify the requirement whether the state machine specification meets the statement specification.
A kind of software verification device, described device include:
Specification obtains module, for obtaining specification, wherein the specification includes state machine specification and states specification, described
State machine specification and the statement specification are write according to rules for writing predetermined;
Conversion module, for the state machine specification to be converted to realization code;
First authentication module, for whether meeting the state machine by the realization code after validator verifying conversion
The requirement of specification;
Second authentication module, for verifying whether the state machine specification meets wanting for the statement specification by validator
It asks;
Judgment module, if meeting the requirement of the state machine specification for the realization code after converting, and the shape
State machine specification meets the requirement of the statement specification, then passes through verifying.
A kind of computer equipment, including memory and processor, the memory are stored with computer program, the processing
Device performs the steps of when executing the computer program
Obtain specification, wherein the specification includes state machine specification and statement specification, the state machine specification and the sound
Bright specification is write according to rules for writing predetermined;
The state machine specification is converted into realization code;
Whether meet the requirement of the state machine specification by the realization code after validator verifying conversion;
The requirement whether the state machine specification meets the statement specification is verified by validator;
If the realization code after conversion meets the requirement of the state machine specification, and the state machine specification meets institute
The requirement for stating statement specification, then pass through verifying.
A kind of computer readable storage medium, is stored thereon with computer program, and the computer program is held by processor
It is performed the steps of when row
Obtain specification, wherein the specification includes state machine specification and statement specification, the state machine specification and the sound
Bright specification is write according to rules for writing predetermined;
The state machine specification is converted into realization code;
Whether meet the requirement of the state machine specification by the realization code after validator verifying conversion;
The requirement whether the state machine specification meets the statement specification is verified by validator;
If the realization code after conversion meets the requirement of the state machine specification, and the state machine specification meets institute
The requirement for stating statement specification, then pass through verifying.
Above-mentioned software verification method, device, computer equipment and storage medium, by obtaining according to writing predetermined
The state machine specification and statement specification that rule is write, and the state machine specification is converted in realization code input validator and is carried out
It is verified in verifying input validator, if the realization code after conversion meets the requirement of state machine specification, and state machine specification
The requirement for meeting statement specification, then pass through verifying.To achieve the purpose that fast verification software and function correctness.
Detailed description of the invention
Fig. 1 is the Formal Verification frame diagram of software verification method in one embodiment;
Fig. 2 is the flow diagram of software verification method in one embodiment;
Fig. 3 is the flow diagram of state machine specification switch process in one embodiment;
Fig. 4 is the flow diagram of state machine specification switch process in another embodiment;
Fig. 5 is the flow diagram of software verification step in one embodiment;
Fig. 6 is the structural block diagram of software verification device in one embodiment;
Fig. 7 is the internal structure chart of computer equipment in one embodiment.
Specific embodiment
It is with reference to the accompanying drawings and embodiments, right in order to which the objects, technical solutions and advantages of the application are more clearly understood
The application is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the application, not
For limiting the application.
Software verification method provided by the present application can be applied in Formal Verification frame as shown in Figure 1.According to pre-
The rules for writing of the specification first defined write two kinds of specification, i.e. state machine (state-machine) specification and statement rule
About, state machine specification is passed through into translater (Parser) first and is converted to initial C language code, then by artificial mode to life
At initial C language code carry out simple part addition and modification, final C language code is obtained, then by final C language generation
Code is inputted in validator by the intermediate representation (LLVM IR) that LLVM compiling system is converted to the compiling system and is verified;Together
When, state machine specification is inputted in validator and is verified, realization code after conversion meets the requirement of state machine specification, and
When state machine specification meets the requirement of statement specification, then by verifying, counter-example is otherwise provided.
In one embodiment, as shown in Fig. 2, providing a kind of software verification method, it is applied in Fig. 1 in this way
It is illustrated for Formal Verification frame, comprising the following steps:
Step S202 obtains specification.
Wherein, the specification includes state machine specification and statement specification;Specification is a kind of abstract expression in the upper layer of program
Form describes the correlation properties and the corresponding program requirement to be met of system;State machine is used to indicate the Abstract State of system,
Can describe the integrality of system and after state is converted system situation of change;State specification table in the form of predicate
Show, for describing the upper layer attribute information of system.
Specifically, the state machine specification and the statement specification are write according to rules for writing predetermined, that is,
It says, the rules for writing of specification is pre-defined first in Formal Verification frame, then write state machine specification according to the rule
With statement specification, the state machine specification write and statement specification are finally obtained.
The state machine specification is converted to realization code by step S204.
Wherein, realize that code refers to the code form that validator can identify.Specifically, in Formal Verification frame
The state machine specification obtained in step S202 is converted into the realization code that validator can identify.
Whether step S206 meets wanting for the state machine specification by the realization code after validator verifying conversion
It asks.
Specifically, in the realization code input validator after being converted in step S204 in Formal Verification frame, and
The correctness of the realization code is verified by the validator.
Step S208 verifies the requirement whether the state machine specification meets the statement specification by validator.
Specifically, the state machine specification obtained in step S202 is inputted in validator in Formal Verification frame, and
The requirement whether the state machine specification meets statement specification is verified by the validator.
Step S210, if the realization code after conversion meets the requirement of the state machine specification, and the state machine
Specification meets the requirement of the statement specification, then passes through verifying.
Specifically, realization code after conversion meets the requirement of state machine specification, and state machine specification meets statement rule
When requirement about, then by verifying, otherwise provide counter-example, i.e., provided in output result relevant information programmer search it is wrong
Accidentally.
In above-mentioned software verification method, by obtaining the state machine specification harmony write according to rules for writing predetermined
Bright specification, and the state machine specification is converted to and realizes and is verified in code input validator, while by the state machine specification
It is verified in input validator, if the realization code after conversion meets the requirement of state machine specification, and state machine specification meets
The requirement for stating specification, then pass through verifying.To achieve the purpose that fast verification software and function correctness.
In one of the embodiments, step S202 specifically includes the following steps:
Step S2022, the state machine specification are write by Python.
Wherein, the state machine specification is used to describe the correctness of system function and system interface;The state machine specification
Specification is converted including abstract state machine specification and state;Abstract state machine specification is used to describe the integrality space of system, is
The relevant information of the system object for including in system and these system objects, such as: the information such as data type, attribute;State turns
Change specification for describe system interface and system interface it is called after, the situation of change in system integrality space.
As an alternative embodiment, step S2022 includes: to describe the state machine rule by Abstract State model
State space about, wherein the Abstract State model includes system external set of interfaces, state machine state set, output collection
It closes, init state and operation are converted.
Specifically, can by Abstract State model<T, S, O, init, step>description state machine specification state space,
Wherein, T indicates system external set of interfaces;S indicates state machine state set;O indicates output set;Init indicates initialization shape
State;Step indicates a kind of operation conversion.Further, the conversion process of system is
step:S×T→S′×O
It indicates that state set S corresponds to conversion collection credit union and is mapped to another state set S ', and provides output knot
Fruit set O.
As another optional embodiment, the building process of abstract state machine specification specifically includes in step S2022
Following steps:
Step S2023 constructs multiple systems object using data structure.
Wherein, the data structure includes: data type, data variable, system object type and state machine object.
Specifically, the relevant data type of Python or the data type building system pair that the library z3py provides be can use
As, such as: the variable of size_t type is indicated using z3.BitVecSort (64) in Formal Verification frame, representing should
System object is the vector type of a 64bit, and this data type permission is run in a manner of semiology analysis, to obtain whole
State space after a function execution;The constant of size_t=1 type is indicated using z3.BitVecSort (1,64).
Specifically, can use Python offer class function Class building system object, by data structure (Map,
Refcnt the attribute information in Class) is described, wherein Map describes the attribute that system object is included;Refcnt description
Resource service condition of the system object relative to other systems object.
Step S2025 constructs the abstract state machine specification according to the multiple systems object.
As another optional embodiment, in step S2022 state conversion specification rules for writing specifically include with
Lower step:
At least one precondition is arranged in step S2023a, and the precondition is for judging that can system calling execute.
Specifically, preset state first can be set by system process, wherein preset state refers to " can transporting for system
Row " state, be arranged by logical expression set condition at least one judgement system call be able to carry out it is preposition
Condition.Due to that may judge comprising multiple branches in state conversion process, it is converted in the integrality of description state machine
The a variety of preconditions of setting are usually required in journey.
Step S2025a, if meeting the precondition, system mode machine is converted to the second shape by first state space
State space.
Wherein, first state space refers to the state space before conversion;Second state space refers to the shape after conversion
State space;Specifically, the If function in util tool set provided by Formal Verification frame is judged, if meeting step
The precondition being arranged in S2023a, then system mode machine is converted to a new state, otherwise keeps original state space
It is constant.
As another optional embodiment, in step S2022 state conversion specification rules for writing further include: pass through
Attribute information in the first state space is set, the copy in the first state space is established.
Specifically, by the correlation attribute information in setting new state space, i.e., new=old.copy () is to the first shape
State space is replicated, and copy is established for the conversion of state space, so that it is guaranteed that will not destroy original in state conversion process
Carry out the relevant information of state space.
Step S2024 writes the statement specification on the basis of state machine specification.
Wherein, state that specification mainly describes the exclusive use relationship of resource and being total to for resource in Formal Verification frame
Enjoy reference count relationship.Specifically, it is illustrated by taking operating system as an example, due between the exclusiveness and process of operating system
Isolation can ensure state space its attribute holding before and after state conversion of the system by describing the association attributes of page table
It is constant, and these attributes are checked by addition check function.
State machine specification described in step S202 and the statement specification are according to pre-defined in one of the embodiments,
Rules for writing write specifically includes the following steps:
Step S2022a increases in the function definition of Python and returns to value information.
Specifically, since the function of Python does not have return type, in order to guarantee the correct conversion of state machine specification,
Need to increase in the function definition of Python and return to value information, can by ' _ ' come the return Value Types of resolution function,
Such as: def int_func_name (paramtype_xxx) can be translated into intfunc_name (paramtype xxx)
{}。
Step S2024a sets first parameter of Python function to the image parameter of system state space.
Step S2026a, by predetermined symbol to the parameter type and parameter name of the other parameters of the Python function
It is split.
Specifically, it can be split by parameter type and parameter name of the predetermined symbol ' _ ' to other parameters, example
Such as: pid_t_pid can be translated into pid_t pid.
In above-mentioned software verification method, programmer is write according to rules for writing predetermined using Python related
Specification, can reduce the difficulty of personnel's investment and Formal Verification, while avoid the status that design and implementation can not be unified.
In one of the embodiments, as shown in figure 3, step S204 specifically includes the following steps:
The state machine specification is converted to initial C language code by translater by step S2042.
Specifically, state machine specification is automatically converted to the initial C language code of half completion status by translater.
As an alternative embodiment, step S2042 include data structure conversion and function conversion, specifically include with
Lower step:
Step S2043 is converted to the kernel objects in the state machine specification in the initial C language code
Struct structural body, wherein the kernel objects are described in a manner of class.
Specifically, during state machine specification is converted to and realizes code, the data structure to state machine specification is needed
It is converted, i.e., the kernel objects (describing in a manner of Class class) in state machine specification is converted into the initial C language generation
Struct structural body in code.
Function in the state machine specification is converted to Python syntax tree by step S2045.
Specifically, it during state machine specification is converted to and realizes code, needs to carry out the function of state machine specification
Conversion, i.e., be converted to Python syntax tree for the function in state machine specification, especially by the abstract syntax tree in the library Python
(Abstract Syntax Tree, AST) changes existing syntax tree and again organization procedure.
As an alternative embodiment, as shown in figure 4, further comprising the steps of after step S2045:
Step S2045a traverses known abstract syntax tree, collects relevant information and classifies to the relevant information.
Wherein, the relevant information of collection includes the function name set to be converted, the logical expression set of each function
The information such as condition, new and old state machine variable set.
Step S2045b will be described according to the structure of the abstract syntax tree and syntax conversion predetermined rule
Abstract syntax tree is converted to the form for meeting C language semantic normalization, obtains the Python syntax tree.
Specifically, condition and corresponding logical code can be jumped by record to carry out in Formal Verification frame
The conversion of abstract syntax tree makes it meet switch condition as far as possible, such as: exist in known AST and jumps condition util.if letter
Number, needs to be converted to the function and meets the forms such as if (condition) { } else { } of C language semantic normalization.
Step S2045c carries out the internal conversion of function according to the Python syntax tree, turns including the class function
It changes, the deletion of state space variable and the conversion of reference pointer.
The Python syntax tree is converted into the initial C language code by step S2045d.
Step S2044 carries out manual amendment to the initial C language code, obtains final C language code.
Specifically, it on the basis of the initial C language code that step S2042 is obtained, is carried out simply by artificial mode
Part addition and modification, such as: the operations such as tissue of resource need artificially to add by chained list, to obtain final C language
Code.
The final C language code, is converted to the intermediate representation of compiling system by step S2046, and by the middle table
The realization code that the system of being shown as can identify.
As an alternative embodiment, if the intermediate representation is compiled as system image by verifying.
Specifically, if the realization code after converting in step S204 meets the requirement of state machine specification, meanwhile, step S202
In the state machine specification that gets meet the requirement of statement specification, then the intermediate representation in step S2046 is finally compiled as be
System mirror image.
In above-mentioned software verification method, state machine specification is automatically converted under Formal Verification frame by translater it is
The realization code that system can identify can quickly carry out software verification, improve software verification efficiency, while solving existing test
The drawbacks of card tool is confined to specific programming language realizes verifying versatility.
In one of the embodiments, as shown in figure 5, step S206 specifically includes the following steps:
Step S2062 obtains the state machine specification and the state space for realizing code respectively.
Specifically, the state space of the state machine specification obtained in obtaining step S202 is distinguished by the method for semiology analysis
And the state space of the realization code obtained after being converted in step S204.Wherein, semiology analysis is a kind of program analysis technique,
It can obtain the input for allowing particular code region to execute by analysis program.When analyzing a program using semiology analysis,
The program will use value of symbol conduct and input, rather than the occurrence used when general execution program.When reaching object code, point
Then the available corresponding path constraint of parser obtains the occurrence that can trigger object code by constraint solver.
Step S2064 obtains the reciprocity function between system and the state machine specification.
Wherein, reciprocity function is used to describe the equivalence relation between the LLVM IR data structure of system and Abstract State.Example
Such as: reciprocity function Llvm_global ('@current ')==state.current, by Llvm_global function in LLVM
Current process is searched in IR, it corresponds to the current PID realized in code, and state.current is represented to advise in Abstract State
Current PID in about.
Step S2066, by the state space of the state machine specification, the state space of code and described right realized
Equal functions are supplied to solver in the way of meeting first order logic and are solved, and obtain solving result.
Wherein, solver refers to the software tool that first order logic formula satisfiability problem is determined under specific theory,
Including Z3, SATP etc..Specifically, by the state of the state space of the state machine specification got in step S2062, realization code
It the reciprocity function that is got in space and step S2064 while inputting in solver, passes through the semiology analysis engine of solver
The dynamic symbol for executing function solves.
Further, also need to meet the process of execution before inputting solver, it is undefined in exclusion LLVM IR first
Behavior, wherein undefined behavior includes except Z-operation and undefined operation etc., and the script that can be provided by frame is real
The now operation;Secondly LLVM IR is mapped in solver, can be realized by the encapsulation operation of LLVM IR.
Step S2068 judges whether the realization code meets wanting for the state machine specification according to the solving result
It asks.
Step S206 in one of the embodiments, further include: the realization code after conversion is inputted into solution respectively
In device and semiology analysis engine, the solver and the semiology analysis engine are passed sequentially through to the realization code after conversion
It is solved, whether the realization code after verifying conversion meets the requirement of the state machine specification.
Wherein, meeting enforcement engine is designed and is developed based on solver, and the dynamic symbol execution for providing function is asked
Solution preocess, such as: a=BitVecSort (64) indicates one 64 symbolism variables, def fun (a), by the parameter of fun
It is inputted, i.e., symbolism variable is input in the execution function using the parameter a of symbolism, then function fun will complete to accord with
Number execute.
Specifically, the verification process of step S206 includes that solver verifying and semiology analysis engine verify two parts, i.e., will
Realization code after conversion is inputted respectively in solver and semiology analysis engine, passes sequentially through solver and semiology analysis engine pair
Realization code after conversion carries out solution verifying.
In above-mentioned software verification method, by by the state space of state machine specification, realize code state space and
Reciprocity function inputs in solver solved simultaneously, and judges whether the realization code meets the state machine according to solving result
The requirement of specification, can realization software verification easily and fast, reduce the difficulty of Formal Verification, improve verification efficiency.
Step S208 includes: that the state machine specification is passed through the semiology analysis engine in one of the embodiments,
Obtain the state space, wherein the state space indicated by first order logic expression formula, will be according to first order logic expression formula
The state space indicated inputs in solver simultaneously with the statement specification to be solved, and verifying the state machine specification is
The no requirement for meeting the statement specification.
Specifically, step S208 passes through the state space that semiology analysis engine obtains state machine specification first, and will be according to
The state space that first order logic expression formula indicates inputs in solver simultaneously with the statement specification got to be solved, and verifying should
Whether state machine specification meets the requirement of the statement specification.
It should be understood that although each step in the flow chart of Fig. 2-5 is successively shown according to the instruction of arrow,
These steps are not that the inevitable sequence according to arrow instruction successively executes.Unless expressly stating otherwise herein, these steps
Execution there is no stringent sequences to limit, these steps can execute in other order.Moreover, at least one in Fig. 2-5
Part steps may include that perhaps these sub-steps of multiple stages or stage are not necessarily in synchronization to multiple sub-steps
Completion is executed, but can be executed at different times, the execution sequence in these sub-steps or stage is also not necessarily successively
It carries out, but can be at least part of the sub-step or stage of other steps or other steps in turn or alternately
It executes.
In one embodiment, as shown in fig. 6, providing a kind of software verification device, comprising: specification acquisition module 301,
Conversion module 302, the first authentication module 303, the second authentication module 304 and judgment module 305, in which:
Specification obtains module 301 for obtaining specification, wherein the specification includes state machine specification and statement specification, institute
It states state machine specification and the statement specification is write according to rules for writing predetermined;
Conversion module 302 is used to the state machine specification being converted to realization code;
First authentication module 303 is used to whether meet the state by the realization code after validator verifying conversion
The requirement of machine specification;
Second authentication module 304 is used to verify whether the state machine specification meets the statement specification by validator
It is required that;
If judgment module 305 meets the requirement of the state machine specification for the realization code after converting, and described
State machine specification meets the requirement of the statement specification, then passes through verifying.
Specification acquisition module 301 passes through Python language specifically for the state machine specification in one of the embodiments,
Speech is write, and the state machine specification is used to describe the correctness of system function and system interface;In the base of the state machine specification
The statement specification is write on plinth, the statement specification is for describing system property and system variable information;Wherein, the shape
State machine specification includes abstract state machine specification and state conversion specification.
Specification obtains module 301 and is specifically used for describing the shape by Abstract State model in one of the embodiments,
The state space of state machine specification, wherein the Abstract State model include system external set of interfaces, state machine state set,
Output set, init state and operation conversion.
Specification obtains module 301 and is specifically used for constructing multiple systems pair using data structure in one of the embodiments,
As, wherein the data structure includes: data type, data variable, system object type and state machine object;According to institute
It states multiple systems object and constructs the abstract state machine specification.
Specification obtains module 301 and is specifically used for that at least one precondition is arranged in one of the embodiments, before described
Condition is set for judging that can system calling execute;If meeting the precondition, system mode machine is by first state space
Be converted to the second state space.
Specification obtains module 301 and is specifically used for increasing in the function definition of Python in one of the embodiments,
Add return value information;Set first parameter of Python function to the image parameter of system state space;Pass through default symbol
Number the parameter type and parameter name of the other parameters of the Python function are split.
Conversion module 302 is specifically used for converting the state machine specification by translater in one of the embodiments,
For initial C language code;Manual amendment is carried out to the initial C language code, obtains final C language code;By the final C
Language codes are converted to the intermediate representation of compiling system, and the realization generation that the intermediate representation can be identified as system
Code.
Conversion module 302 is specifically used for turning the kernel objects in the state machine specification in one of the embodiments,
The struct structural body being changed in the initial C language code, wherein the kernel objects are described in a manner of class;It will be described
Function in state machine specification is converted to Python syntax tree.
The first authentication module 303 is specifically used for obtaining the state machine specification and institute respectively in one of the embodiments,
State the state space for realizing code;Reciprocity function between acquisition system and the state machine specification;By the state machine specification
State space, the state space for realizing code and the reciprocity function in the way of the first order logic for meeting theorem
It is supplied to solver to be solved, obtains solving result;Judge whether the realization code meets institute according to the solving result
State the requirement of state machine specification.
The first authentication module 303 is specifically used for the realization code difference after converting in one of the embodiments,
It inputs in solver and semiology analysis engine, passes sequentially through the solver and the semiology analysis engine to described in after conversion
Realize that code is solved, whether the realization code after verifying conversion meets the requirement of the state machine specification.
The second authentication module 304 is specifically used for the state machine specification passing through the symbol in one of the embodiments,
Number enforcement engine obtains the state space, wherein the state space indicated by first order logic expression formula, will be according to single order
The state space that logical expression indicates inputs in solver simultaneously with the statement specification to be solved, and the shape is verified
Whether state machine specification meets the requirement of the statement specification.
It in one of the embodiments, further include system image collector, if for by verifying, by the centre
Expression is compiled as system image.
Specific about software verification device limits the restriction that may refer to above for software verification method, herein not
It repeats again.Modules in above-mentioned software verification device can be realized fully or partially through software, hardware and combinations thereof.On
Stating each module can be embedded in the form of hardware or independently of in the processor in computer equipment, can also store in a software form
In memory in computer equipment, the corresponding operation of the above modules is executed in order to which processor calls.
In one embodiment, a kind of computer equipment is provided, which can be server, internal junction
Composition can be as shown in Figure 7.The computer equipment include by system bus connect processor, memory, network interface and
Database.Wherein, the processor of the computer equipment is for providing calculating and control ability.The memory packet of the computer equipment
Include non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system, computer program and data
Library.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The calculating
The database of machine equipment is for storing software verification data.The network interface of the computer equipment is used to pass through with external terminal
Network connection communication.To realize a kind of software verification method when the computer program is executed by processor.
It will be understood by those skilled in the art that structure shown in Fig. 7, only part relevant to application scheme is tied
The block diagram of structure does not constitute the restriction for the computer equipment being applied thereon to application scheme, specific computer equipment
It may include perhaps combining certain components or with different component layouts than more or fewer components as shown in the figure.
In one embodiment, a kind of computer equipment, including memory and processor are provided, is stored in memory
Computer program, the processor perform the steps of when executing computer program
Obtain specification, wherein the specification includes state machine specification and statement specification, the state machine specification and the sound
Bright specification is write according to rules for writing predetermined;
The state machine specification is converted into realization code;
Whether meet the requirement of the state machine specification by the realization code after validator verifying conversion;
The requirement whether the state machine specification meets the statement specification is verified by validator;
If the realization code after conversion meets the requirement of the state machine specification, and the state machine specification meets institute
The requirement for stating statement specification, then pass through verifying.
In another embodiment, software in any of the above-described embodiment can also be realized when processor executes computer program
The step of verification method.
In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated
Machine program performs the steps of when being executed by processor
Obtain specification, wherein the specification includes state machine specification and statement specification, the state machine specification and the sound
Bright specification is write according to rules for writing predetermined;
The state machine specification is converted into realization code;
Whether meet the requirement of the state machine specification by the realization code after validator verifying conversion;
The requirement whether the state machine specification meets the statement specification is verified by validator;
If the realization code after conversion meets the requirement of the state machine specification, and the state machine specification meets institute
The requirement for stating statement specification, then pass through verifying.
In one embodiment, software in any of the above-described embodiment can also be realized when computer program is executed by processor
The step of verification method.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer
In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein,
To any reference of memory, storage, database or other media used in each embodiment provided herein,
Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM
(PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include
Random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms,
Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhancing
Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM
(RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
Each technical characteristic of above embodiments can be combined arbitrarily, for simplicity of description, not to above-described embodiment
In each technical characteristic it is all possible combination be all described, as long as however, the combination of these technical characteristics be not present lance
Shield all should be considered as described in this specification.
The several embodiments of the application above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously
It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art
It says, without departing from the concept of this application, various modifications and improvements can be made, these belong to the protection of the application
Range.Therefore, the scope of protection shall be subject to the appended claims for the application patent.
Claims (10)
1. a kind of software verification method, which is characterized in that the described method includes:
Obtain specification, wherein the specification includes state machine specification and statement specification, and the state machine specification and the statement are advised
About write according to rules for writing predetermined;
The state machine specification is converted into realization code;
Whether meet the requirement of the state machine specification by the realization code after validator verifying conversion;
The requirement whether the state machine specification meets the statement specification is verified by validator;
If the realization code after conversion meets the requirement of the state machine specification, and the state machine specification meets the sound
The requirement of bright specification then passes through verifying.
2. the method according to claim 1, wherein the state machine specification and the statement specification are according to preparatory
The rules for writing of definition are write
The state machine specification is write by Python, and the state machine specification is for describing system function and system interface
Correctness;
The statement specification is write on the basis of the state machine specification, the statement specification is for describing system property and being
System invariant information;
Wherein, the state machine specification includes abstract state machine specification and state conversion specification;
Preferably, increase in the function definition of Python and return to value information;
Set first parameter of Python function to the image parameter of system state space;
It is split by parameter type and parameter name of the predetermined symbol to the other parameters of the Python function.
3. according to the method described in claim 2, it is characterized in that, the state machine specification writes packet by Python
It includes:
The state space of the state machine specification is described by Abstract State model, wherein the Abstract State model includes being
System external interface set, state machine state set, output set, init state and operation conversion;
Preferably, multiple systems object is constructed using data structure, wherein the data structure includes: data type, data change
Amount, system object type and state machine object;
The abstract state machine specification is constructed according to the multiple systems object;
It is further preferred that at least one precondition is arranged, the precondition is for judging that can system calling execute;
If meeting the precondition, system mode machine is converted to the second state space by first state space.
4. the method according to claim 1, wherein described be converted to the state machine specification realizes code packet
It includes:
The state machine specification is converted into initial C language code by translater;
Manual amendment is carried out to the initial C language code, obtains final C language code;
The final C language code is converted to the intermediate representation of compiling system, and can as system using the intermediate representation
The realization code of identification.
5. according to the method described in claim 4, it is characterized in that, described be converted to the state machine specification by translater
Initial C language code includes: data structure conversion and function conversion, wherein
The data structure conversion includes being converted to the kernel objects in the state machine specification in the initial C language code
Struct structural body, wherein the kernel objects are described in a manner of class;
The function conversion includes that the function in the state machine specification is converted to Python syntax tree.
6. according to the method described in claim 5, it is characterized in that, the method also includes:
If the intermediate representation is compiled as system image by verifying;
Preferably, the method also includes:
Known abstract syntax tree is traversed, relevant information is collected and is classified to the relevant information;
According to the structure of the abstract syntax tree and syntax conversion predetermined rule, the abstract syntax tree is converted to
The form for meeting C language semantic normalization obtains the Python syntax tree;
The internal conversion of function, conversion, state space variable including the class function are carried out according to the Python syntax tree
Deletion and reference pointer conversion;
The Python syntax tree is converted into the initial C language code.
7. the method according to claim 1, wherein the realization generation after the verifying conversion by validator
Whether code meets requiring to include for the state machine specification:
The realization code after conversion is inputted respectively in solver and semiology analysis engine, pass sequentially through the solver and
The semiology analysis engine solves the realization code after conversion, and whether the realization code after verifying conversion is full
The requirement of the foot state machine specification;
Preferably, the state machine specification and the state space for realizing code are obtained respectively;
Reciprocity function between acquisition system and the state machine specification;
By the state space of the state machine specification, the state space for realizing code and the reciprocity function according to satisfaction
The mode of first order logic is supplied to solver and is solved, and obtains solving result;
Judge whether the realization code meets the requirement of the state machine specification according to the solving result;
It is further preferred that described verify the requirement packet whether the state machine specification meets the statement specification by validator
It includes:
The state machine specification is obtained into the state space by the semiology analysis engine, wherein the state space is logical
The expression of first order logic expression formula is crossed, simultaneously with the statement specification by the state space indicated according to first order logic expression formula
It is solved in input solver, verifies the requirement whether the state machine specification meets the statement specification.
8. a kind of software verification device, which is characterized in that described device includes:
Specification obtains module, for obtaining specification, wherein the specification includes state machine specification and statement specification, the state
Machine specification and the statement specification are write according to rules for writing predetermined;
Conversion module, for the state machine specification to be converted to realization code;
First authentication module, for whether meeting the state machine specification by the realization code after validator verifying conversion
Requirement;
Second authentication module, for verifying the requirement whether the state machine specification meets the statement specification by validator;
Judgment module, if meeting the requirement of the state machine specification for the realization code after converting, and the state machine
Specification meets the requirement of the statement specification, then passes through verifying.
9. a kind of computer equipment, including memory and processor, the memory are stored with computer program, feature exists
In the step of processor realizes any one of claims 1 to 7 the method when executing the computer program.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
The step of method described in any one of claims 1 to 7 is realized when being executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910480992.5A CN110347588B (en) | 2019-06-04 | 2019-06-04 | Software verification method, device, computer equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910480992.5A CN110347588B (en) | 2019-06-04 | 2019-06-04 | Software verification method, device, computer equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110347588A true CN110347588A (en) | 2019-10-18 |
CN110347588B CN110347588B (en) | 2024-03-15 |
Family
ID=68181498
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910480992.5A Active CN110347588B (en) | 2019-06-04 | 2019-06-04 | Software verification method, device, computer equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110347588B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112685315A (en) * | 2021-01-05 | 2021-04-20 | 电子科技大学 | C-source code-oriented automatic formal verification tool and method |
CN113282492A (en) * | 2021-05-24 | 2021-08-20 | 湖南大学 | Operating system kernel formal verification method |
CN117573537A (en) * | 2023-11-23 | 2024-02-20 | 晞德求索(北京)科技有限公司 | Software form verification method, system and equipment based on bit vector SMT |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080229261A1 (en) * | 2007-03-16 | 2008-09-18 | Microsoft Corporation | Design rule system for verifying and enforcing design rules in software |
CN107111713A (en) * | 2014-10-02 | 2017-08-29 | 微软技术许可有限责任公司 | The automatic checking of software systems |
CN108536581A (en) * | 2018-03-08 | 2018-09-14 | 华东师范大学 | Formalization verification method and system when a kind of operation for source code |
CN109240907A (en) * | 2018-07-26 | 2019-01-18 | 华东师范大学 | The automatic verification method of embedded real-time operating system based on Hoare logic |
CN109634869A (en) * | 2018-12-21 | 2019-04-16 | 中国人民解放军战略支援部队信息工程大学 | Binary translation intermediate representation correctness test method and device based on semantic equivalence verifying |
-
2019
- 2019-06-04 CN CN201910480992.5A patent/CN110347588B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080229261A1 (en) * | 2007-03-16 | 2008-09-18 | Microsoft Corporation | Design rule system for verifying and enforcing design rules in software |
CN107111713A (en) * | 2014-10-02 | 2017-08-29 | 微软技术许可有限责任公司 | The automatic checking of software systems |
CN108536581A (en) * | 2018-03-08 | 2018-09-14 | 华东师范大学 | Formalization verification method and system when a kind of operation for source code |
CN109240907A (en) * | 2018-07-26 | 2019-01-18 | 华东师范大学 | The automatic verification method of embedded real-time operating system based on Hoare logic |
CN109634869A (en) * | 2018-12-21 | 2019-04-16 | 中国人民解放军战略支援部队信息工程大学 | Binary translation intermediate representation correctness test method and device based on semantic equivalence verifying |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112685315A (en) * | 2021-01-05 | 2021-04-20 | 电子科技大学 | C-source code-oriented automatic formal verification tool and method |
CN113282492A (en) * | 2021-05-24 | 2021-08-20 | 湖南大学 | Operating system kernel formal verification method |
CN117573537A (en) * | 2023-11-23 | 2024-02-20 | 晞德求索(北京)科技有限公司 | Software form verification method, system and equipment based on bit vector SMT |
CN117573537B (en) * | 2023-11-23 | 2024-04-26 | 晞德求索(北京)科技有限公司 | Software form verification method, system and equipment based on bit vector SMT |
Also Published As
Publication number | Publication date |
---|---|
CN110347588B (en) | 2024-03-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Cabot et al. | UMLtoCSP: a tool for the formal verification of UML/OCL models using constraint programming | |
Nidhra et al. | Black box and white box testing techniques-a literature review | |
US6671874B1 (en) | Universal verification and validation system and method of computer-aided software quality assurance and testing | |
US9983977B2 (en) | Apparatus and method for testing computer program implementation against a design model | |
Baudry et al. | Model transformation testing challenges | |
US8954936B2 (en) | Enhancing functional tests coverage using traceability and static analysis | |
González et al. | Atltest: A white-box test generation approach for ATL transformations | |
US7895575B2 (en) | Apparatus and method for generating test driver | |
US20110138362A1 (en) | Software equivalence checking | |
CN110347588A (en) | Software verification method, device, computer equipment and storage medium | |
US10248545B2 (en) | Method for tracking high-level source attribution of generated assembly language code | |
CN105975269B (en) | A kind of requirements verification method based on procedural model | |
US11340898B1 (en) | System and method for automating software development life cycle | |
US9058427B2 (en) | Iterative generation of symbolic test drivers for object-oriented languages | |
CN103186463A (en) | Method and system for determining testing range of software | |
US11921621B2 (en) | System and method for improved unit test creation | |
CN111752841A (en) | Single test simulation method, device, equipment and computer readable storage medium | |
EP2113837A1 (en) | Computer implemented method for generating interrelated computer executable files, computer-based system and computer program product | |
US10824402B2 (en) | Bytecode generation from UML models | |
Engels et al. | Model-based verification and validation of properties | |
Iqbal et al. | Exhaustive simulation and test generation using fuml activity diagrams | |
CN109359036A (en) | Test method, device, computer readable storage medium and computer equipment | |
Deng et al. | Model-based testing and maintenance | |
Weiß et al. | Towards establishing formal verification and inductive code synthesis in the PLC domain | |
Busch et al. | Model transformers for test generation from system models |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20221212 Address after: No. 259-10, Hengxue Road, Fangqiao Street, Fenghua District, Ningbo, Zhejiang 315000 (self declaration) Applicant after: Ningbo Qianchuan Technology Co.,Ltd. Address before: No. 303, B1, No. 36, Haidian West Street, Haidian District, Beijing 100,089 Applicant before: Beijing QianChuan Technology Co.,Ltd. |
|
TA01 | Transfer of patent application right | ||
GR01 | Patent grant | ||
GR01 | Patent grant |