摘要
随着嵌入式软件系统在汽车、核工业、航空、航天等安全关键领域的广泛应用,其失效将会导致财产的损失、环境的破坏甚至人员的伤亡,使得保障软件安全性成为系统开发过程中的重要部分.传统的安全性分析方法主要应用在软件的需求分析阶段和设计阶段,然而需求与设计之间的鸿沟却一直是软件工程领域的一大难题.正是由于这一鸿沟的存在,使得需求分析阶段的安全性分析结果难以完整而详尽地反映在软件设计中.其根本原因是:当前的软件需求主要通过自然语言描述,存在二义性与模糊性,且难以进行自动化处理.为了解决这一问题,面向构件化嵌入式软件,首先提出了一种半结构化的限定自然语言需求模板用于需求规约,能够有效地降低自然语言需求的二义性与模糊性;然后,为了降低自动化处理的复杂性,采用需求抽象语法图作为中间模型,实现基于限定自然语言需求模板规约的软件需求与AADL模型之间的转换,并在此过程中自动记录两者之间的可追踪关系;最后,基于AADL开源工具OSATE对所提出方法进行了插件实现,并通过航天器导航、制导与控制系统(guidance,navigation and control,简称GNC)进行了实例性验证.
As embedded software systems are widely used in many crucial areas such as automotive, energy industries and aerospace, failures of these systems will cause pollution of environment, property losses and even casualties. Therefore, safety analysis has been critical for developing these systems. The traditional safety analysis method is mainly used in the software requirement analysis stage and the design stage. However, the gap between requirement and design is a challenge in software engineering area, for it is difficult to transmit and reflect the analysis result of the requirement analysis stage into software designing. The primary reason is that the current software requirement is mainly described in natural language, in which there is ambiguity and fuzziness, and that makes it difficult to be automatically processed. To solve this problem, this paper first focuses on component embedded software and proposes a set of requirement template based on restricted natural language to reduce the ambiguity and fuzziness of natural language requirements. Then, to lessen the complexity of automated processing, requirement abstract syntax diagrams are used as the intermediate model to realize the transition between software requirement specified by restricted natural language template and AADL model, and automatically record the traceability relations between them. Finally, a tool for the method proposed above is developed based on the AADL open source system OSATE, and an example validation is carried out through the spacecraft guidance, navigation and control system GNC (guidance, navigation and control).
作者
王飞
杨志斌
黄志球
周勇
刘承威
章文炳
薛垒
许金淼
WANG Fei;YANG Zhi-Bin;HUANG Zhi-Qiu;ZHOU Yong;LIU Cheng-Wei;ZHANG Wen-Bing;XUE Lei;XU Jin-Miao(School of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211106,China;Key Laboratory of Safety-Critical Software(Nanjing University of Aeronautics and Astronautics),Ministry of Industry and Information Technology,Nanjing 211106,China;Collaborative Innovation Center of Novel Software Technology and Industrialization,Nanjing 210093,China;Shanghai Aerospace Electronic Technology Institute,Shanghai 201109,China)
出处
《软件学报》
EI
CSCD
北大核心
2018年第8期2350-2370,共21页
Journal of Software
基金
国家自然科学基金(61502231,61272083)
阁家高技术发展计划(863)(2015AA105303)
GF基础科研重点项目(JCKY20162038011):国家重点研发计划(20J6YFB1000802)
江苏省自然科学基金(BK20150753)
软件开发环境国家重点实验室开放课题(SKLSDE-2015KF-04)
航空科学基金(2015ZC52027)
关键词
嵌入式软件
软件安全性
需求规约
限定自然语言需求模板
AADL
可追踪性
embedded software
software safety
requirement specification
restricted natural language requirement template
AADL
traceability
