Analysis of Checksum-Based Execution Schemes for Pipelined Processors

SYSTEM ANALYSISLESSON 15 :VERIFICATION AND VALIDATIONTopics covered•Software Installation technique•Software operation & Maintenance Verification and ValidationPhase•Strategies for checking techniques.ObjectivesUpon completion of this Lesson, you should be able to :Explain about software installation technique Explain the software operation & maintenance V&V Explain about different strategies for checking techniques.Software Installation Test•The software installation test activity is the final step beforelaunching full customer acceptance testing.•The purpose of installation test is to demonstrate that thecorrect software has been delivered and that the software interfaces are correct relative to any interfaces at the installation site.•Acceptance testing , which involves the user/customer, isoutside the scope of this document.General •— Conduct an installation configuration audit.•Determine that all software outputs needed to operate thesystem are present.•Check that the software installed in the system is the softwarethat underwent software V&V.•— Develop and execute tests that will examine and stress site-unique parameters (e.g., printer interface, operating system interface, monitor interfaces).•— Generate applicable documentation.•— Generate an SVVR (or generate it at the end of the softwareV&V process).Reuse-Specific•— Conduct an installation configuration audit to verify thatany reused software that has not been modified is the current version.KBS-Specific•— Ensure that data and updates to the knowledge base whichare supplied from external sources are in an acceptable form.Software Operation and Maintenance V&VØThe software operation V&V activity requires periodic checks that the integrity of the system has been maintained, that any changes to the system which affect its operation have beendocumented, and operators have received training in new or changed procedures.•The software maintenance V&V activity requires planning forsoftware V&V based on the extent of the maintenance (e.g.,adaptive, corrective, perfective ,and hence a revisit of all the software development activities to identify to what extent each software V&V activity must be performed.•If software V&V has not been performed during softwaredevelopment, then the V&V during software operations and maintenance must consider performing a selected set of tasks from the software V&V activities related to earlier development activities.•Some activities may include generating software requirementsor software design information from source code, an activity known as reverse engineering. While costly and time consuming, it is necessary when the need exists for rigorous software V&V effort.General•— Conduct an anomaly evaluation - Evaluate the severity ofanomalies during software operation and their effect on the system.•— Conduct a proposed change assessment - Assess proposedchanges to the software and their effect on the system to determine software V&V activities from earlier development to be repeated. Conduct them.•— Develop an SVVP.KBS-Specific•— Plan for update of knowledge base including domain model.•— Determine mechanisms used for updating knowledge base.Software V&V Techniques•The conduct of software V&V tasks to fulfill the requirementsof the V&V activities generally involves techniques selected from three major classes: static, dynamic, and formal analysis.•Static analysis techniques are those which directly analyze theform and structure of a product without executing the product•Reviews, inspections, audits and data flow analysis are examplesof static analysis techniques.Static Analysis Techniques•Are traditionally applied to software requirements, softwaredesign and source code.•They may also be applied to test documentation, especially testcases, to verify their traceability to the software requirements,their adequacy to fulfill test requirements, and their accuracy.Dynamic analysis techniquesSYSTEM ANALYSIS•Involve execution, or simulation, of a development activityproduct to detect errors by analyzing the response of a product to sets of input data .•For these techniques, the output values, or ranges of values,must be known.•Testing is the most frequent dynamic analysis technique.Prototyping, especially during the software requirements V&V activity, can be considered a dynamic analysis technique; in this case the exact output is not always known but enough knowledge exists to determine if the system response to the input stimuli meets system requirements.•Formal analysis is the use of rigorous mathematical techniques to analyze the algorithms of a solution .•Sometimes the software requirements may be written in a formal specification language (e.g., VDM, Z) which can be verified using a formal analysis technique like proof-of-correctness.•The term formal often is used to mean a formalized process,that is, a process that is planned, managed, documented, and is repeatable. In this sense, all software V&V techniques are formal,but do not necessarily meet the definition of the mathematical techniques involving special notations and languages.Strategies for Choosing Techniques•Some software V&V techniques used during softwarerequirements V&V tasks are control flow analysis, data flow analysis, algorithm analysis, and simulation.•Control and data flow analysis are most applicable for real timeand data driven systems.•These flow analyses transform logic and data requirements textinto graphic flows which are easier to analyze than the text.PERT, state transition, and transaction diagrams are examples of control flow diagrams.•Algorithm analysis involves re-derivation of equations or evaluation of the suitability of specific numerical techniques.•Simulation is used to evaluate the interactions of large, complex systems with many hardware, user, and other interfacing software units.•Some software V&V techniques used during software designV&V tasks include algorithm analysis, database analysis, sizing and timing analysis, and simulation.•Algorithm analysis examines the correctness of the equationsor numerical techniques as in the software requirements activity,but also examines truncation and round-off effects, numerical precision of word storage and variables (e.g., single- vs.extended-precision arithmetic), and data typing influences.•Database analysis is particularly useful for programs that storeprogram logic in data parameters.• A logic analysis of these data values is required to determinethe effect these parameters have on program control. Sizing and timing analysis is useful for real-time programs having response time requirements and constrained memory execution space requirements.•Some software V&V techniques used during code V&V tasksare control flow analysis, database analysis, regression analysis,and sizing and timing analysis.•For large code developments, control flow diagrams showingthe hierarchy of main routines and their sub functions are useful in understanding the flow of program control.•Database analysis is performed on programs with significantdata storage to ensure common data and variable regions are used consistently between all call routines.•Data integrity is enforced and no data or variable can be accidentally overwritten by overflowing data tables. Data typing and use are consistent throughout all program elements.•Regression analysis is used to reevaluate software requirements and software design issues whenever any significant code change is made.•This technique ensures project awareness of the original system requirements.•Sizing and timing analysis is done during incremental codedevelopment and compared against predicted values. Significant deviations between actual and predicted values is a possible indication of problems or the need for additional examination.•Another area of concern to software V&V is the ability ofcompilers to generate object code that is functionally equivalent to the source code, that is, reliance on the correctness of the language compiler to make data dependent decisions about abstract programmer coded information.•For critical applications, this problem is solved by validatingthe compiler or by validating that the object code produced by the compiler is functionally equivalent to the source.•Code reading is another technique that may be used for sourcecode verification. An expert reads through another programmer’s code to detect errors. In an experiment conducted at the National Aeronautics and Space Administration Goddard Space Flight Center, code reading was found to be more effective than either functional testing or structural testing.•The reason was attributed to the expertise of the readers who,as they read the code, were simulating its execution and were able to detect many kinds of errors.•Other techniques commonly used are walkthroughs,inspections and reviews.•These tasks occur in interactive meetings attended by a team which usually includes at least one member from the development group. Other members may belong to the development group or to other groups involved in software development.•The duration of these meetings is usually no more than a fewhours in which code is examined on a line-by-line basis. In these dynamic sessions, it may be difficult to examine the code thoroughly for control logic, data flow, database errors, sizing,timing and other features which may require considerable manual or automated effort. Advance preparation for these activities may be necessary and includes code analysis techniques.•The results of these techniques provide appropriate engineeringinformation for discussion at meetings where code is evaluated.SYSTEM ANALYSIS•Regardless of who conducts or participates in walkthroughs and inspections, software V&V analyses may be used tosupport these meetings.• A comprehensive test management approach to testing recognizes the differences in strategies and in objectives forunit, software integration, and software system test.•Unit test verifies the design and implementation of software units. Software integration test verifies functional requirementsas the software units are integrated.•Special attention is focused on software, hardware, and operator interfaces. Software system test validates the entire softwareprogram against system requirements and software performanceobjectives. Software system tests validate that the softwareexecutes correctly within its stated operating environment.•The software’s ability to deal properly with anomalies and stress conditions is emphasized.•These tests are not intended to duplicate or replace the user and development group’s test responsibilities, but insteadsupplement the development testing to test behavior notnormally tested by the user or development group.•Effective testing requires a comprehensive understanding of the system. Such understanding develops from systematicallyanalyzing the software’s concept, requirements, design, andcode.•By knowing internal software details, software V&V testing is effective at probing for errors and weaknesses that reveal hiddenfaults.•This is considered structural, or white-box, testing. It often finds errors for which some functional, or black-box, test casescan produce the correct output despite internal errors.•Functional test cases execute part or all of the system to validate that the user requirement is satisfied; these test cases cannotalways detect internal errors that will occur under specialcircumstances.•Another software V&V test technique is to develop test cases that violate software requirements.•This approach is effective at uncovering basic design assumption errors and unusual operational use errors.•The process of planning functional test cases requires a thorough examination of the functional requirements.•An analyst who carefully develops those test cases is likely to detect errors and omissions in the software requirements.•In this sense test planning can be effective in detecting errors and can contribute to uncovering some errors before testexecution.•The planning process for testing must take into account the specific objectives of the software V&V for the software andthe impact of different test strategies in satisfying theseobjectives.•Frequently, the most effective strategy may be to combine two or more strategies.•Criticality analysis may be used to identify software V&V techniques to address high-risk concerns.•The selection of V&V techniques for use on each critical area of the program is a method of tailoring the intensity of the software V&V against the type of risk present in each area of the software.•For example, software V&V would apply algorithm analysis to critical numerical software functions, and techniques such as sizing and timing analysis, data and control flow analysis and interface analysis to real-time executive functions. Descriptions of Techniques The following are summary descriptions of techniques taken from [BAHILL], [BEN], [EWICS3], [KIRANI], [NBS93], [NGUYEN], [NIST209], [NIST5589], [NUREG6316], [OKEEFE], [OLEARY], [TURING], [VOAS91,92,95], [WALLACE94], and [WILEY]. Algorithm analysis examines the logic and accuracy of the software requirements by translating algorithms into some language or structured format. The analysis involves rederiving equations or evaluating the suitability of specific numerical techniques. It checks that algorithms are correct, appropriate, stable, and meet all accuracy, timing, and sizing requirements. Algorithm analysis examines the correctness of the equations and numerical techniques, truncation and rounding effects, numerical precision of word storage and variables (single vs. extended-precision arithmetic), and data typing influences. Issues: accuracy; algorithm efficiency; correctness; consistency in computation; error propagation; numerical roundoff; numerical stability; space utilization evaluation; system performance prediction; timing.Analytic modeling provides performance evaluation and capacity planning information on software design. It represents the program logic and processing of some kind of model and analyzes it for sufficiency. Issues: accuracy; algorithm efficiency; bottlenecks; error propagation; feasibility; modeling; numerical roundoff; numerical stability; processing efficiency; system performance prediction.Back-to-back testing detects test failures by comparing the output of two or more programs implemented to the same specification. The same input data is applied to two or more program versions and their outputs are compared to detect anomalies. Any test data selection strategy can be used for this type of testing, although random testing is well suited to this approach. Also known as comparison testing. Issues: anomalies or discrepancies between versions.Boundary value analysis detects and removes errors occurring at parameter limits or boundaries. The input domain of the program is divided into a number of input classes. The tests should cover the boundaries and extremes of the classes. The tests check that the boundaries of the input domain of the specification coincide with those in the program. The value zero, whether used directly or indirectly, should be used with special attention (e.g., division by zero, null matrix, zero table entry). Usually, boundary values of the input produce boundary values for the output. Test cases should also be designed to force the output to its extreme values. If possible, a test case which causes output to exceed the specification boundary values should be specified. If output is a sequence of data, special attention should be given to the first and last elements and to lists containing zero, one, and two elements. Issues: algorithm analysis; array size; inconsistencies between limits; specification error.SYSTEM ANALYSISCode reading involves an expert reading through another programmer’s code to detect errors. The individual is likely to perform a pseudo-execution (mentally) of the code to pick up errors before compilation. Issues: correctness; misuse of variables;omitted functions; parameter checking; poor programming practices; redundancy.Control flow analysis transforms text describing software requirements into graphic flows where they can be examined for correctness. It checks that the proposed control flow is free of problems (e.g., unreachable or incorrect software design). Control flow analysis is used to show the hierarchy of main routines and their subfunctions and checks that the proposed control flow is free of problems (e.g., unreachable or incorrect code elements). It detects poor and potentially incorrect program structures. Issues:assertion testing/violations; bottlenecks; boundary test cases;branch and path identification; branch testing; cell structure of units; correctness; software design evaluation; error propagation;expected vs. actual results; file sequence error; formal specification evaluation; global information flow and consistency; hierarchical interrelationship of units; inaccessible code; software integration tests; inter-unit structure; loop invariants; path testing; processing efficiency; retest after change; system performance prediction; test case preparation; unit tests.Coverage analysis measures how much of the structure of a unit or system has been exercised by a given set of tests. System level coverage measures how many of the unit parts of the system have been called by a test set. Code coverage measures the percentage of statements, branches, or lines of code (LOC) exercised by a test set. Issues: unit tests, software integration tests, software system tests.Critical timing/flow analysis checks that the process and control timing requirements are satisfied by modeling those aspects of the software design. Issues: modeling; synchronization; timing.Database analysis ensures that the database structure and access methods are compatible with the logical design. It is performed on programs with significant data storage to ensure that common data and variable regions are used consistently between all calling routines; that data integrity is enforced and no data or variable can be accidentally overwritten by overflowing data tables; and that data typing and use are consistent throughout the program. Issues:access protection; data characteristics and types; software design evaluation; file sequence error; global information flow; processing efficiency; space utilization evaluation; unit tests.Data flow analysis is important for designing the high level (process) architecture of applications. It can check for variables that are read before they are written, written more than once without being read, and written but never read. Issues: assertion testing/violations; bottlenecks; boundary test cases; branch and path identification; branch testing; cell structure of units; data characteristics; environment interaction; error propagation;evaluation of program paths; expected vs actual results; file sequence error; global information flow and consistency; hierarchical interrelationship of units; inter-unit structure; loop invariants;processing efficiency; retest after changes; software design evaluation; software integration tests; system performance prediction; test case preparation; uninitialized variables; unused variables; variable references.Decision (truth) tables provide a clear and coherent analysis of complex logical combinations and relationships. This method uses two-dimensional tables to concisely describe logical relationships between boolean program variables. Issues: logic errors.Desk checking involves the examination of the software design or code by an individual, usually an expert other than the author, for obvious errors. It can include looking over the code for obvious defects, checking for correct procedure interfaces, reading the comments to develop a sense of what the code does and then comparing it to its external specifications, comparing comments to software design documentation, stepping through with input conditions contrived to “exercise” all paths including those not directly related to the external specifications, and checking for compliance with programming standards and conventions. Issues:anachronistic data; calls to subprograms that do not exist; data fields unconstrained by data boundaries; failure to implement the design; failure to save or restore registers; improper nesting of loops and branches; improper program linkages; improper sequencing of processes; incomplete predicates; incorrect access of array components; inefficient data transport; infinite loops;initialization faults; input-output faults; instruction modification;inverted predicates; mismatched parameter lists; missing labels or code; missing validity tests; misuse of variables; prodigal programming; unauthorized recursion; undeclared variables;unreachable code; unreferenced labels.ReviewSoftware Installation techniqueSoftware operation & Maintenance Verification and Validation PhaseStrategies for checking techniques.]Various TechniquesQuestionsExplain about Software Installation technique 12345Explain about operation and maintenance V&V.12345Explain about software V&V techniques.12345SYSTEM ANALYSIS Discuss the various types of techniques used in V&V.12345ReferencesHeuring, Vincent P.Computer systems design and architectureDelhi : Pearson Education Asia, 1997 Whitten, Jeffrey L.Systems analysis and design methods5th ed. New Delhi : Galgotia Publications, 2001 Shelly, Gary B.Systems analysis and design3rd ed. New Delhi : Galgotia Publications, 1999 Awad, Elias M.Systems analysis and designNew Delhi : Galgotia Publications, 1997 Hoffer, Jeffrey A.Modern systems analysis and design2nd ed. Delhi : Pearson Education Asia, 2000 Sarkar, A.K.Systems analysis, data processing andquantitative techniquesNew Delhi : Galgotia Publications, 1997 Hawryszkiewycz, IgorIntroduction to systems analysis & design4th ed. New Delhi : Prentice Hall of India, 2002。

电子技术• Electronic Technology88 •电子技术与软件工程 Electronic Technology & Software Engineering【关键词】动态取样 工艺风险 Cpk1 介绍现如今随着半导体制造过程的复杂性不断提升，采用科学有效的工艺管控方法来帮助快速侦测并改进异常工艺表现是非常重要的。

工艺管控方法中最有效的方法就是改进取样方案。

通过高效的取样方案，能够快速检测到工艺的偏离，并实现改进和预防措施。

目前业界常用的取样方法是在初始阶段建立，之后根据需要人工改变频率。

本文介绍了一种新的动态取样解决方案，通过采用工艺风险评估并配合多种因素作用，实现针对不同工艺风险的取样决定。

2 全面动态取样方案全面动态取样系统是基于工艺状况、机台情况、工艺不确定性、异常事件信号以及量测机台产能来调整取样率的。

我们根据工艺风险将取样方案分成三个区间，即低-基准-高。

当工艺流程处在一个较低的风险级时，取样在低频率下进行,反之将在高频率下进行。

如果线上工艺流程表现出向高风险发展的趋势，取样率会随着提升，并伴随改进方案的实施，从而减少风险产品的数量。

反之取样率会随之降低，量测机台的产能得到缓解，同时低取样率也能够缩短制造工艺的周期。

本文的取样方案是以传统方案作为框架并配合动态改变取样率实现的。

下面对各影响因素作介绍：2.1 工艺状况整体的工艺状况代表了生产出满足客户需求的产品的能力。

线上量测的图表是一个表现工艺状况好坏的重要指标，而Cpk 又是表现工艺能力的重要参数，我们基于Cpk 的表现来判断工艺流程的风险级别，高风险的将会一种针对半导体制造工艺的全面动态取样方案文/陈彧触发高取样率。

2.2 机台情况机台情况是影响整体工艺风险的重要因素。

当机台接近它们的维护周期时，机台性能会出现退化，这种情况会给工艺带来额外的风险，因此取样方案也要做相应的调整。

机台的风险会随着定期维护的周期发生着变化，当机台越接近维护的时间前后，机台的风险会随着增加。

看为WO-EX的CSSU单元)
数据可能丢失!保证VDS的连接指向,保存计费数据,先进行主备切换后再对备用单元进行重启动作.要频繁切换,且注意切换顺序.(SP-WO)
总线连接及状态.
时隙路由配置
间的电缆连接
故障期间的文件拷入该硬盘,以保证数据文件的正确传送.
复之前不要重启主用单元,以避免数据重写.
致性.
重新用ZII?命令将报告连至disk文件(逻辑文件为FRAUDREP),用MXR(MSC中)和MJR (HLR中)增加TCP/IP地址和端口
能是硬件存在故障,用ISI及ISC命令检查并将DISK状态改为WO-BU(注意解决硬件故障后需要update内存中的SOMAFI文件到DISK) 4.确认硬盘故障则按正障引起,应按正确的操作方法进行更换.
4.从另一正常的DISK上拷贝整个目录(IPS)
5.将硬盘状态改回WO-BU
6.允许文件更新(DUR,DBR)
确认硬盘故障则按正确的操作步骤进行更换.。

FTMCTRL: 32-bit (P)ROM EDAC Checksum ProgrammingApplication note2018-04-17Doc. No GRLIB-AN-0011Issue 1.0M S -T P L T -1-1-0Date:2018-04-17Page: 2 of 9CHANGE RECORDIssue Date Section / Page Description1.02018-04-17All First issue.TABLE OF CONTENTS1INTRODUCTION (3)1.1Scope of the document (3)1.2Reference documents (3)2ABBREVIATIONS (3)3OVERVIEW (4)3.1Overview (4)3.2FTMCTRL PROM EDAC (5)3.3Sources of memory accesses (5)3.4Programming parallel checkbits (6)3.5Alternatives (6)4CONTROLLING THE PARALLEL CHECKBIT BUS (7)4.1UT699, UT699E and UT700 (7)4.2GR712RC (7)4.3GR740 (8)4.4LEON3FT-RTAX (8)4.5Other designs with FTMCTRL (8)5GRMON (8)Date:2018-04-17Page: 3 of 91INTRODUCTION1.1Scope of the documentThis document describes programming of parallel EDAC checksum (also referred to as checkbits in this document) in systems that make use of the FTMCTRL memory controller. The focus is on programming checksums for non-volatile memories, specifically parallel NOR Flash, that require special address and data sequences to issue commands to the memory devices.Parallel EDAC checksum is only used when EDAC protection is enabled with 32-bit data width. 1.2Reference documents[RD1]GRLIB IP Core User's Manual, Cobham Gaisler AB, http s:///grip.pdf [RD2]GRLIB-AN-0011-flash32 software package, available viahttps:///notes2ABBREVIATIONSBCH Bose–Chaudhuri–Hocquenghem, class of cyclic error-correcting codes EDAC Error Correction And DetectionFTMCTRL Fault-Tolerant Memory controllerMCFG Memory Configuration Register, control register for memory controllerTCB Test Check Bits, field in FTMCTRL MCFG2 register3OVERVIEW3.1OverviewThe FTMCTRL memory controller is commonly used in LEON3FT and LEON4FT processor devices and also in custom designs based on the GRLIB IP library [RD1].The memory controller is a combined 8/16/32-bit memory controller that provides a bridge between external memory and the on-chip bus and is configured through memory-mapped registers referred to as the Memory Configuration (MCFG) registers. The memory controller can handle four types of devices: PROM, asynchronous static ram (SRAM), synchronous dynamic ram (SDRAM) and memory mapped I/O devices (IO). The PROM, SRAM and SDRAM areas can be EDAC-protected using a (39,7) BCH code. The BCH code provides single-error correction and double-error detection for each 32-bit memory word.The PROM device type above typically means that parallel NOR Flash, MRAM or EEPROM is connected to the memory controller. A block diagram of how FTMCTRL can be connected toexternal devices and the on-chip system is shown in the figure below.Figure 1: FTMCTRL generic block diagramThe types of devices supported and the signals available on external pins of a device depends on the specific device implementation.Date:2018-04-17Page: 5 of 93.2FTMCTRL PROM EDACThe FTMCTRL is provided with an BCH EDAC that can correct one error and detect two errors in a 32-bit word. For each word, a 7-bit checksum is generated. A correctable error will be handled transparently by the memory controller. If an un-correctable error (double-error) is detected, the current AHB cycle will end with an AMBA ERROR response. The EDAC is enabled for the PROM area by setting the corresponding EDAC enable bit in the MCFG3 register. When working in 32-bit mode, the checksum is present on the CB bus (see figure 1) and will be stored in a memory device present in parallel with the device(s) providing the 32-bit data bus.For 8-bit mode, the EDAC checkbit bus (CB[7:0]) is not used but it is still possible to use EDAC protection. Data is always accessed as words (4 bytes at a time) and the corresponding checkbits are located at the address acquired by inverting the word address (bits 2 to 27) and using it as a byte address. Please refer to the relevant device user's manual or the FTMCTRL IP core documentation for further documentation on the 8-bit mode and EDAC.When using a parallel device to hold the checkbits, the only way to set the data bus of that device to an arbitrary value is to use the write bypass and read bypass functionality provided by FTMCTRL. If the MCFG3.WB (Memory Configuration register 3, WB field - write bypass) bit is set, then the value in the MCFG3.TCB field will replace the normal checkbits during memory write cycles. If the RB (read bypass) is set, the memory checkbits of the loaded data will be stored in the TCB field during memory read cycles. This bypass functionality has some limitations:•When read bypass is activated, then any memory read access will cause MCFG3.TCB to be updated.•The read bypass functionality requires that EDAC is enabled.•When write bypass is activated, then any memory write access will make use of the MCFG3.TCB field for the checksum valueThis means that accesses to the memory controller must be limited in order for the read bypass and write bypass functionality to be reliable. The next section describes sources of memory accesses. 3.3Sources of memory accessesThis document covers parallel checkbits for the PROM area. Since the same memory controller often provides provides access also to RAM memory used as the primary memory for a processor system, unwanted accessed may be caused by:•Processor instruction fetches due to misses in the instruction cache•Processor data fetches due to misses in the data cache•Peripherals that perform direct-memory access (DMA)Date:2018-04-17Page: 6 of 93.4Programming parallel checkbitsProgramming of parallel checkbits is straightforward for memory types that accept write operations performed in the same way as a read operation, with the difference that a write signal is asserted. Other devices, such as NOR Flash devices using the Common Flash Interface (CFI), require that both the address bus and the data bus are controlled when issuing commands to the memory devices and reading the responses to these commands. Controlling the data bus means that the write bypass functionality must be used in FTMCTRL and reading responses from a memory device means that the read bypass functionality needs to be enabled.The read bypass and write bypass functionality of FTMCTRL can be used safely from a debugger such as GRMON by stopping the processor(s) and all on-chip peripherals capable of DMA in the system. If the bypass functionality shall be used from software running on the processor then it is possible to design a program, taking into account the cache structure and replacement policy of the processor implementation, that runs completely from cache. It is not possible to guarantee that the sequence will run from cache in an environment where radiation effects can case single-event upsets in the processor's cache or if interrupts are enabled which can lead to a changed flow of execution and changes in the cache state (and also to unintended write accesses from interrupt handling).It should also be noted that a complicating, but not blocking, factor is that since read-bypass requires EDAC to be enabled, it is necessary to handle the corresponding AMBA ERROR, leading to a processor trap when reading CFI command responses via read-bypass.Because of the limitations described above it is considered infeasible to perform CFI Flash programming with parallel checkbits from a processor that is executing from memory mapped to the same FTMCTRL, when using an operating system or when operating in an environment where L1 cache parity errors may be encountered.3.5AlternativesConfigurations with memory devices with 32-bit data and parallel checkbits may be wanted due to attainable memory size and memory access latency. In case the non-volatile memory devices need to be reprogrammed during operation then use of NOR Flash devices needs to be considered in combination with the limitations described in section 3.4. It can also be noted that if the non-volatile memory needs to be updated at random addresses then Flash devices usually only support erase operations on a page granularity. Alternatives to NOR Flash include MRAM devices and EEPROM devices.A hybrid solution, usable unless the boot software needs to be updated, is to boot from FTMCTRL with EDAC enabled and make use of parallel checkbits. Once the system is up and running from RAM memory then the EDAC functionality for the PROM area can be disabled. EDAC for other parts of the PROM can then be implemented in software by creating a checksum for EDAC pages and storing it as part of the data that is memory-mapped. This way software will calculate andDate:2018-04-17Page:7 of 9validate checksums for the memory blocks that it reads and writes from non-volatile memory. The memory controller will not cause traps due to EDAC errors from the PROM after the EDAC is disabled.4CONTROLLING THE PARALLEL CHECKBIT BUSThe subsections below contain device specific observations and recommendations for CFI Flash programming.4.1UT699, UT699E and UT700To safely read and control the parallel checkbit bus on a UT699 device from the LEON3FT processor, all accesses to the shared FTMCTRL memory controller must be controlled. This means that:•All DMA units must be stopped•Interrupts must be disabled•Flash programming routines and their corresponding data must reside in L1 cache (cannot be guaranteed if L1 cache encounters parity-errors due to single-event upsets)For the UT699 processor, L1 cache coherency through bus snooping cannot be used and this functionality will be disabled by software. For the UT699E and UT700 the cache snooping functionality can optionally be enabled by software. If bus snooping is enabled then snooping will invalidate cache lines due to DMA traffic and this could have effects for software implementations that rely on data being present in cache for PROM programming.4.2GR712RCFor software running out of external memory, the same limitations apply as described for theUT699E and UT700 in section 4.1.Many of the limitations come from the need to execute software from the same memory controller as the one that provides access to the external non-volatile memory. The GR712RC also has an on-chip RAM. If this RAM is utilized to hold the programming application then it is sufficient if the following rules are met:•All DMA units using external memory must be stopped•The full program, including trap table, must reside in the on-chip RAM•An adapted trap handler for handling AMBA ERROR responses caused by reading memory device command responses with read-bypass must be installed.A software example for programming NOR Flashes with parallel checkbits is available [RD2].Date:2018-04-17Page:8 of 94.3GR740The FTMCTRL in GR740 supports 8- and 16-bit interfaces. EDAC check bits are programmed in the memory-mapped area and the special precautions described in this document do not need to be considered for the GR740.4.4LEON3FT-RTAXThe same restrictions as the ones listed in section 4.1 apply.4.5Other designs with FTMCTRLThe same restrictions as the ones listed in section 4.1 apply for devices that has one FTMCTRL that provides access to both RAM and non-volatile memory. For devices that have other RAM or ROM that software can use, the restrictions described in 4.2 apply.5GRMONGRMON versions 1.x.y and 2.x.y do not support programming parallel check bits. Support will be added for GRMON3 and this document will be updated with version information once the feature is available in GRMON3.Date:2018-04-17Page:9 of 9Copyright © 2018 Cobham Gaisler.Information furnished by Cobham Gaisler is believed to be accurate and reliable. However, no responsibility is assumed by Cobham Gaisler for its use, or for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of Cobham Gaisler.All information is provided as is. There is no warranty that it is correct or suitable for any purpose, neither implicit nor explicit.。

高斯朴素贝叶斯训练集精确度的英语Gaussian Naive Bayes (GNB) is a popular machine learning algorithm used for classification tasks. It is particularly well-suited for text classification, spam filtering, and recommendation systems. However, like any other machine learning algorithm, GNB's performance heavily relies on the quality of the training data. In this essay, we will delve into the factors that affect the training set accuracy of Gaussian Naive Bayes and explore potential solutions to improve its performance.One of the key factors that influence the training set accuracy of GNB is the quality and quantity of the training data. In order for the algorithm to make accurate predictions, it needs to be trained on a diverse and representative dataset. If the training set is too small or biased, the model may not generalize well to new, unseen data. This can result in low training set accuracy and poor performance in real-world applications. Therefore, it is crucial to ensure that the training data is comprehensive and well-balanced across different classes.Another factor that can impact the training set accuracy of GNB is the presence of irrelevant or noisy features in the dataset. When the input features contain irrelevant information or noise, it can hinder the algorithm's ability to identify meaningful patterns and make accurate predictions. To address this issue, feature selection and feature engineering techniques can be employed to filter out irrelevant features and enhance the discriminative power of the model. Byselecting the most informative features and transforming them appropriately, we can improve the training set accuracy of GNB.Furthermore, the assumption of feature independence in Gaussian Naive Bayes can also affect its training set accuracy. Although the 'naive' assumption of feature independence simplifies the model and makes it computationally efficient, it may not hold true in real-world datasets where features are often correlated. When features are not independent, it can lead to biased probability estimates and suboptimal performance. To mitigate this issue, techniques such as feature extraction and dimensionality reduction can be employed to decorrelate the input features and improve the training set accuracy of GNB.In addition to the aforementioned factors, the choice of hyperparameters and model tuning can also impact the training set accuracy of GNB. Hyperparameters such as the smoothing parameter (alpha) and the covariance type in the Gaussian distribution can significantly influence the model's performance. Therefore, it is important to carefully tune these hyperparameters through cross-validation andgrid search to optimize the training set accuracy of GNB. By selecting the appropriate hyperparameters, we can ensure that the model is well-calibrated and achieves high accuracy on the training set.Despite the challenges and limitations associated with GNB, there are several strategies that can be employed to improve its training set accuracy. By curating a high-quality training dataset, performing feature selection and engineering, addressing feature independence assumptions, and tuning model hyperparameters, we can enhance the performance of GNB and achieve higher training set accuracy. Furthermore, it is important to continuously evaluate and validate the model on unseen data to ensure that it generalizes well and performs robustly in real-world scenarios. By addressing these factors and adopting best practices in model training and evaluation, we can maximize the training set accuracy of Gaussian Naive Bayes and unleash its full potential in various applications.。

Black Duck provides complete control over open source risk, regardless of your organization’s size or budget OverviewBlack Duck® software composition analysis (SCA) can be implemented in two out-of-the-box configurations—Security Edition and Professional Edition. Black Duck Binary Analysis and the cryptography module can be added to either edition to provide greater insight into your application risk posture and enhanced control over your open source and third-party software consumption.Black Duck Security EditionAutomatically identify and remediate open source risks throughout your entire SDLCBlack Duck Security Edition can run either a full dependency scan during a build or a fast scan using the Code Sight™ IDE plugin to provide visibility into the open source security risks in your applications. Black Duck automatically discovers open source components in your applications, and also provides a complete open source Bill of Materials (BOM) for your software projects, giving you critical insight into any known vulnerabilities, as well as the license and code quality risks affecting your applications.• Vulnerability mapping identifies any security risks associated with the open source components in your applications at any point in your software development life cycle (SDLC).• Vulnerability monitoring and alerting automatically monitors for new vulnerabilities against inventoried open source components. It also helps accelerate remediation by instantly alerting security and development teams with detailed and actionable information.• Black Duck Security Advisories (BDSAs) provide notifications of vulnerable open source component versions, including detailed descriptions, exploit profiles, severity scoring, impact analysis, and detailed remediation guidance that security experts and developers alike can understand.• License risk identification safeguards sensitive intellectual property and helps avoid litigation by identifying the open source licenses that apply to the components in your applications. You can view license terms and obligations, automatically generate notice files, and define your own custom policy and let Black Duck handle the enforcement.• Operational risk metrics mitigates the risk of higher support and remediation costs for your development teams by identifying out-of-date component versions or those with limited project activity and community engagement.• Rapid Scan instantly analyzes open source dependencies for vulnerabilities and policy violations before code is built or merged into release branches.• Policy configuration lets you manage and mitigate risk throughout the SDLC. Structure policies for secure and compliant open source consumption and usage, and automate policy violation notifications for faster enforcement and remediation.• DevOps integrations automate open source discovery and provide critical risk insight to the teams who need it, when they needit. Integrations are available for CI/CD tools, package managers, IDEs, container platforms, code repositories, issue trackers, and application security suites.• Black Duck KnowledgeBase is the industry’s largest database of open source project, vulnerability, and license data. Map your BOMto more than 15 years of data, 30% more vulnerabilities than are tracked in the National Vulnerability Database (NVD), and over 2,750 unique licenses.Black Duck Professional EditionCompletely manage open source risk and consumption in your SDLCBlack Duck Professional Edition gives teams the tools they need to fully manage open source risks across their applications and containers. Professional Edition includes all the capabilities of Black Duck Security Edition, plus Black Duck’s advanced security and license compliance capabilities. Regardless of how large your organization or development team is, or what languages and technology you’re employing in your applications, Black Duck scales to meet your unique business needs and provides the most complete risk picture on the market.Multifactor open source discoveryNot all open source is explicitly declared or included in its original form, but it still carries risk. Black Duck identifies all open source components in your applications, modified or unmodified, partial or whole, via a combination of discovery techniques.• Dependency analysis tracks declared components and dependencies• Code print analysis finds undeclared, modified, and partial components, even in languages that don’t use package managers, like C/C++• Snippet matching identifies snippets of open source embedded in your code• Binary analysis detects open source in virtually any compiled software, firmware, or installer format without access to source code or build systems• Custom component detection uses string searching and code printing to find non-open-source, internal, or third-party commercial componentsAdvanced license complianceProtect intellectual property and mitigate the risk of open source license noncompliance with greater insight into license obligations and attribution requirements. Black Duck provides:• Identification and analysis of all applicable licenses beyond those declared• Automated generation of customizable open source software reports at the project/release level• Full texts for the most popular open source licenses• The ability to view license responsibilities and confirm that license commitments have been metSnippet analysis identifies small sections of code originating from open source components that carry the same license obligation as those components. Black Duck enables you to:• View code snippet matches highlighted in the component source, augmenting the accuracy of your open source BOM• Perform a full codebase scan or accelerate your analysis with a delta scan, examining only the files that have changed• Evaluate and triage matches by license risk, matched component version release data, and prevalence• Review key snippet data, including matched component name and version, component license, path, percentage of scanned code matched to component file, and release date• Confirm, flag, or ignore potential matches en masse with bulk edit capabilitiesAdditional Black Duck solutionsBlack Duck is available with additional security enhancements to further your open source risk management capabilities. Both Black Duck Binary Analysis (BDBA) and the cryptography module can be added to Black Duck Security Edition or Professional Edition.Black Duck Binary AnalysisModern software is a patchwork of open source software, commercial code, and internally developed components, and the tendencyto defer accountability throughout today’s complex software supply chain exposes you to significant risk. Vulnerable open source components in your applications are weak links in the supply chain, providing a viable point of entry for attackers. Take steps to identify the risks in the software libraries, executables, and vendor-supplied binaries in your codebase. Black Duck Binary Analysis helps you:• Analyze virtually any compiled software, firmware, mobile application, or installer format without access to source code• Create a detailed BOM of vulnerable open source components, including version, location, license, and known vulnerabilities• Use data from the NVD, including CVSS 2.0 and 3.x metrics, to rank vulnerabilities for remediation• Access detailed vulnerability descriptions, links to vendor advisories, patches, and more• Receive automatic alerts about new vulnerabilities in previously scanned software• Identify declared open source licenses and any potential risk of noncompliance• Use the REST API to accelerate and automate essential risk mitigation and remediation tasks• Identify potential sources of sensitive data leakage that might be in a software package• Gain insight into requested permissions for binary code types where relevant, such as in Android and iOS apps• Identify components that have been compiled without exploit mitigation mechanisms or that contain dangerous execution configurationsCryptography moduleThis module supports data security initiatives and regulations around the legal export of cryptography by tracking the cryptographic algorithms in the open source components in your applications and identifying weak cryptography or obsolete hashing mechanisms. The Black Duck cryptography module provides:• Identification of encryption algorithms found in each open source component version• Detailed cryptography data including key length, originator, licensing, and patent information• Indication of weak encryptionSecurity Edition Professional EditionScanning Dependency, rapid Multifactor scanningVulnerability info BDSA BDSALicense info Basic AdvancedPolicy●●Monitoring●●Reporting●●Integrations All AllAuto-remediation●●Reachability●●Containers●●On-prem options●●ScanningLanguages• C • C++ • C# • Clojure • Erlang • Golang • Groovy • Java• JavaScript • Kotlin • Node.js • Objective-C • Perl • Python • PHP • R • Ruby • Scala •Swift• .NET Cloud technologiesPackage managers• NuGet • Hex • Vndr • Godep • Dep • Maven • Gradle • Npm• CocoaPods • Cpanm • Conda • Pear• Composer • Pip• Packrat • RubyGems • SBT • Bazel • Cargo• C/C++ (Clang)• GoLang • Erlang/Hex • Rebar • Python • Yarn •YoctoBlack Duck | Source and Package Manager ScanningBDBA package manager support• Distro-package-manager: Leverages information from a Linux distribution package manager database to extract component information• The remaining four methods are only applicable to Java bytecode:–pom: Extracts the Java package, group name, and version from the pom.xml or pom.properties files in a JAR file –manifest: extracts the Java package name and version from the entries in the MANIFEST.MF file in a JAR file –jar-filename: Extracts the Javapackage name and version from the jar-filename–hashsum: Uses the sha1 checksum of the JAR file to look it up from known Maven Central registered Java projectsBinary formats• Native binaries • Java binaries • .NET binaries • Go binaries Compression formats• Gzip (.gz) • bzip2 (.bz2) • LZMA (.lz) • LZ4 (.lz4) • Compress (.Z) • XZ (.xz)• Pack200 (.jar) • UPX (.exe) • Snappy • DEFLATE•zStandard (.zst)Archive formats• ZIP (.zip, .jar, .apk, and other derivatives) • XAR (.xar) • 7-Zip (.7z) • ARJ (.arj) • TAR (.tar)• VM TAR (.tar) • cpio (.cpio) • RAR (.rar) • LZH (.lzh)• Electron archive (.asar) •DUMPInstallation formats• Red Hat RPM (.rpm) • Debian package (.deb) • Mac installers (.dmg, .pkg)• Unix shell file installers (.sh, .bin) • Windows installers (.exe, .msi, .cab)• vSphere Installation Bundle (.vib) • Bitrock Installer•Installer generator formats that are supported:–7z, zip, rar self-extracting .exe –MSI Installer –CAB Installer –InstallAnywhere –Install4J –InstallShield –InnoSetup –Wise Installer–Nullsoft Scriptable Install System (NSIS)–WiX InstallerFirmware formats• Intel HEX • SREC • U-Boot• Arris firmware • Juniper firmware • Kosmos firmware•Android sparse file system• Cisco firmwareFile systems / disk images• ISO 9660 / UDF (.iso) • Windows Imaging • ext2/3/4 • JFFS2 • UBIFS • RomFS• Microsoft Disk Image • Macintosh HFS• VMware VMDK (.vmdk, .ova) • QEMU Copy-On-Write (.qcow2) • VirtualBox VDI (.vdi) • QNX—EFS, IFS• NetBoot image (.nbi) •FreeBSD UFSContainer formats• DockerBlack Duck only BDBA onlyCloud technologiesCloud platforms• Amazon Web Services • Google Cloud Platform • Microsoft Azure• Pivotal Cloud FoundryContainer platforms• Docker • OpenShift• Pivotal Cloud Foundry•Kubernetes Package managersDatabases• PostgreSQLBlack Duck | IntegrationsDevOps toolsIDEs• Eclipse• Visual Studio IDE • IntelliJ IDEA • WebStorm • PyCharm • RubyMine • PhpStorm • VS Code• Android StudioContinuous integration• Jenkins • TeamCity • Bamboo• Team Foundation Server • Travis CI • CircleCI • GitLab CI• Visual Studio Team Services • Concourse CI • AWS CodeBuild • Codeship • Azure DevOps • GitHub Actions •OpenShiftWorkflow and notifications• Jira • Slack • Email • SPDX•Azure Boards• Microsoft TeamsBinary and source repositories• Artifactory • NexusApplication security suites• IBM AppScan• Micro Focus Fortify • SonarQube • ThreadFix • Cybric • Code Dx • Fortify •ZeroNorth。

x-sel错误指令表Error Cause Description802 SCIF Receiving ER Status (TheIAI protocol is received. )Interference. Check for noise,disconnected equipment, and impropercommunication setting. When thecommunication is established when PC/TP ismis-connected with user opening SIO-CH1,it is generated.803 Reception Time-out Status(The IAI protocol isreceived. )The interval after the initial byte of datais received is too long. Also, there couldbe a disconnection of the communicationscable or a possibility of disconnectedequipment, too.804 SCIF Overrun Status (SEL isreceived. )Check for noise, disconnected equipment,and improper communication setting.805 SCIF Receiving ER Status (SELis received. )Check for noise, disconnected equipment,and improper communication setting.806 SCIF Other Factor Reception ERStatus (SEL is received. )Interference. Please deal same as ErrorNo.804,805.807 Shutdown Relay ER Status The motor(s) are still energized although the system is in shutdown status. It is possible that the relay has welded shut808 Slave Parameter Write DuringOFF StatusPower was turned OFF during slave parameterwrite. (Only when the backup battery isused, is it possible to detect. )809 Data Flash ROM Write DuringOFF StatusPower supply was turned OFF during dataflash ROM write. (Only when the backupbattery is used, it is possible to detectit. )80A Enhancing SIO Overrun Status(SEL is received. )Check for noise, disconnected equipment,and improper communication setting80B Enhancing SIO Parity ER Status(SEL is received. )Check for noise, disconnected equipment,and improper communication setting80C Enhancing SIO Framing ERStatus (SEL is received. )Check for noise, disconnected equipment,and improper communication setting.80D Enhancing SIO Other FactorReception ER status (SEL isreceived. )Interference. Please deal same as ErrorNo.80A, 80B, and 80C80E Enhancing SIO ReceptionBuffer Overflow Status (SEL isThe reception buffer overflowed. Moreexcessive data than the outside is receivedreceived. ) 900 Empty Step Shortage Error An empty step to preserve the step data isinsufficient. Please secure an empty stepnecessary for preservation901 Step No. ErrorInvalid Step No 902 Symbol Definition Table No. ErrorInvalid Symbol definition table No 903 Point No. Error Invalid Point No904 Variable No. Error Invalid Variable No905 Flag No. Error Invalid Flag No906 I/O Port Flag No. Error Invalid I/O port flag No930 Coordinate System No. ErrorInvalid Coordinate system No. - only newSCARA. 931 Coordinate System Type Error Invalid coordinate system type - only new SCARA.932 Coordinate System Definition Data Number Specification Error The specification of the number ofcoordinate system definition data isinvalid. - Only a new scalar :.933 Axis No. ErrorInvalid Axis No. - only new SCARA. 934SCARA ABS Reset Special Movement Operation Type Error SCARA ABS reset special movement operation type is invalid - only new SCARA. 935PositioningOperation Type Error The positioning operation type is invalid - only new SCARA. 936Interference Check Zone No. Error Interference check zone No. is invalid - only new SCARA. 937Interference Check Zone Specification Invalid Error When the interference check zone invades, the error type is invalid. - only new SCARA. 801 SCIF Overrun Status (The IAI protocol is received. ) Check for noise, disconnected equipment,and improper communication setting.ECB Communication Error (PC)Loss of communication possibly due to lossof power. 938 Interference Check Zone Data Number Specification Error The specification of the number of interference check zone data is invalid. - only new SCARA939 Interference Check Zone Invasion Detection (message level specification) The interference check zone invasion was detected. (message level specification)-only new SCARA93A Rotary Axis CP Jog Prohibition Error Outside Range of Motion Please move in range of motion with eachaxis Jog. - Only a new scalar :.(Tool XY offset, exist, and. )A01 Low System Memory BackupBattery WarningThe voltage of the system memory backupbattery is low. Please exchange thebattery. (voltage level in which data canbe backed up)A02 Low System Memory BackupBattery WarningThe voltage of the system memory backupbattery is low. Please exchange the battery(voltage level at which data cannot bebacked up).A03 Low Absolute Encoder DataBackup BatteryThe voltage of the absolute encoder databattery is low. Please check for batteryconnection or exchange. Chattering contactin the brake connection can also be aculprit.A04 System Mode Error During CoreSection UpdateWhen the system mode was not a core partupdate mode, the update command wasreceived. Please confirm the presence ofthe chip resistance for the core partupdate mode on substrate setting when youupdate the core part. (for maintenance)A05 Motorola, Inc. S Record FormatErrorThe update program file is invalid. Pleaseconfirm the file.A06 Motorola, Inc. S ChecksumErrorThe update program file is invalid. Pleaseconfirm the file.A07 Motorola, Inc. S LoadingAddress ErrorThe update program file is invalid. Pleaseconfirm the file.A08 Over Motorola, Inc. S WritingAddress ErrorThe update program file is invalid. Pleaseconfirm the file.A09 Flash ROM Timing Limit ExcessError (write)Flash ROM write has timed outA0A Flash ROM Timing Limit ExcessError (erase)Flash ROM erase has timed outA0B Flash ROM Verify Error Flash ROM write/erase is invalidA0C Flash ROM ACK Time-out The write is erase/invalid of flash ROM.A0D The First Sector No.Specification ErrorFlash ROM erase ErrorA0E Sector Number SpecificationErrorFlash ROM erase ErrorA0F Offset Address Error atWriting Destination (oddThe write is invalid of flash ROM.number address)A10 Writing Source Data BufferAddress Error (odd number address)The write is invalid of flash ROM.A11 Core Part Code Sector Block ID Invalid Error The core part program written in flash ROMis invalid now.A12 Core Part Code Sector Block ID Deletion Frequency ExaggeratedThe deletion frequency of flash ROM exceeds a permissible frequency. A13 Flash ROM Write Demand Error when Erase Incompleteness is Ended Flash ROM writing command had been received before flash ROM erase command was received when updating it. Please confirm Appdatop ? log ram file, and update it again.A14 Busy Status Release Time-out Error when EEPROM Busy state release waiting time-out afterwriting of EEPROMA15 Mount, target, EEPROM, write in. Demand Error With the unit with CPU of the driver etc. Mount, one, EEPROM, write in, demand, provide.A16 Mount, target, EEPROM, read. Demand Error It was a unit with CPU of the driver etc. , and reading was demanded for the one of the unmounting.A17Sum Check Error (The IAI protocol is received. ) Checksum in reception is invalid. A18 Header Error (The IAI protocol is received. )The header in reception is invalid. A19 Message Addressing Error (During IAI Protocolreceiving)The receiving address is invalid. A1A ID Error (The IAI protocol is received. )ID in reception is invalid. A1C Conversion Error Transmitted data does not agree to protocolor illegal data is included. Please confirmtransmission.A1D Start Mode ErrorProgram start not permitted in present mode(MANU/AUTO). A1E Start Condition Failure Error Program start was given while writing Flash ROM or during E-STOP or Open Safety Gate.A1F Axis Multiple Use Error (SIO) Axis already in useA20 Servo Use write Acquisition Error (SIO) There is not becoming empty in the servo useright.A21Error to have acquired servo use right (SIO) The servo use right has already been acquired. A22 Servo use right unacquisition Error (SIO) It failed in the continuance acquisition ofthe servo use right.A23 Low ABS Encoder Backup Battery Warning (main analysis) The voltage of the absolute encoder data battery is low. Please check for battery connection or exchange.A25Step Number Specification Error Step number specification is invalid. A26 Program Number Specification ErrorProgram number specification is invalid. A27 Program Unregistration Error A pertinent program is not registeredA28 Error which cannot be reorganized while executing program The program area reorganization operation was done while executing the program. Please end all programs previously executing itA29 Error not to be able to edit program while executing it The edit operation was done to the program under execution. Please end the execution of the programA2A Defined Program is not Running The specified program is not running A2B Illegal Program Execution in AUTO Mode Program execution from the software isprohibited in AUTO modeA2C Program No. Error Invalid Program NoA2D Program Restart ErrorThe restart was demanded for a programwhich was not running A2E Program Temporary Stop Error The temporary stop was demanded for a program which was not runningA2F Breakpoint ErrorStep No. specified for a breakpoint is invalid A30 Breakpoint Setting NumberSpecification Error The set number of breakpoints exceeds the limit valueA31 Parameter Change Number Error The number of parameter changes is invalid A32 Parameter Type Error Invalid parameter typeA33 Parameter No. ErrorInvalid parameter No A34Card Parameter Buffer Read Error The card parameter buffer is read and it is invalid A35 Card Parameter Buffer Write Error The card parameter buffer is written and itis invalidA36 Parameter Change Rejection Parameters cannot be changed while an axisError During Movement is in motionA37 Card Manufacturing andFunction Information ChangeRejection ErrorThe card manufacturing and the functioninformation change are prohibitedA38 Parameter Change RejectionError at Servo ONParameters cannot be changed while theservo is onA39 Deferred Collection CardParameter Change ErrorThe change of the parameter of the cardwhich had not been recognized whenresetting it was triedA3A Device No. Error Device No. is invalidA3C Memory Initialization TypeSpecification ErrorAbnormality is found in the specificationof the memory initialization typeA3D Unit Type Error The unit type is invalidA3E SEL Write Data TypeSpecification ErrorAbnormality is found in the specificationof the SEL write data typeA3F Flash ROM Write RejectionError when Program is BeingExecutedWriting Flash ROM while executing a programis prohibitedA40 Flash ROM write inside datachange rejection ErrorThe data change writing flash ROM isprohibitedA41 Multiple Flash ROM WriteInstruction Rejection ErrorFlash ROM writing instruction was receivedagain while writing flash ROMA42 Inside Flash ROM Write DirectMonitor Prohibition ErrorA direct monitor writing flash ROM isprohibitedA43 P0 and P3 Area Direct MonitorProhibition ErrorA direct monitor to P0 and the P3 area isprohibitedA44 Point Data NumberSpecification ErrorInvalid specification of the number ofpoint dataA45 Specification of Number ofSymbol Records ErrorInvalid specification of the number ofsymbol recordsA46 Variable Data NumberSpecification ErrorInvalid specification of the number ofvariable dataErrorCause Description A48One Error Details Inquiry Type Error Type 1 of the Error details inquiry is invalid A49 Two Error DetailsInquiry Type Errors Type 2 of the Error details inquiry is invalidA4A Monitor Data Type Error The data type of the monitor data inquiry is invalidA4B Specification ofNumber of MonitorRecords ErrorInvalid specification of the number of records of monitor data inquiries A4C Monitor OperationSpecial CommandRegister Busy Error Driver special command ACK became a time-out by the monitor operationA4E Parameter Register Busy Error When Slave Command is IssuedDriver special command ACK became a time-out because of the slave command issue A4F Software Reset Rejection Error while In-Motion Software reset (SIO) operating (middle the servo use when the program is being executed) isprohibitedA50 Driving SourceRestoration DemandRejection Error Driving source interception factor (Error, dead man SW, safety gate, and emergency stop, etc.) has not been releasedA51 Temporary Stop of Motion Release Request Rejection ErrorThe stop factor has not been released at temporary stop of all operation A53Rejection Error when Servo is In-Use. The processing not permitted was tried while using the servo A54Function Unsupport Rejection Error It is a unsupport function A55 Function Use Rejection Error Only for The processing not opened except the manufacturerwas triedManufacturerA56 Data Failure RejectionErrorData is invalidA57 Program Multiple StartErrorIllegal execution of a program which is alreadyrunningA58 BCD Failure Warning The data being written to variable 99 is not a valid BCD numberA59 IN/OUT InstructionPort Flag InvalidityWarningIt is possible that the number of input and outputports exceeds 32. Check I/O Parameters 2-9 forproper settingsA5B Character String ->Numerical ValueConversion InvalidityWarningSpecified values of the number of characters whenconverting it are invalid or there is a characterinto which the numerical value cannot be convertedA5C SCPY Instruction CopyCharacter NumberInvalidity WarningSpecified values of the number of characters whencopying it are invalidA5D SIO Channel OpeningError in Non-AUTO modeThe user SIO channel can only be opened in AUTOmodeA5E Specification ofNumber of I/O PortFlags ErrorInvalid specification of the number of I/O portflagsA5F Field Bus Error(LERROR-ON)LERROR-ON was detectedA60 Field Bus Error(LERROR-BLINK)LERROR-blink was detectedA61 Field Bus Error(HERROR-ON)HERROR-ON was detectedA62 Field Bus Error(HERROR-BLINK)HERROR-blink was detectedA63 Field Bus Not Ready The field bus lady cannot confirm itA64 SCIF Overrunning Error(At the SIO bridge. )Check for noise, disconnected equipment, andimproper communication settingA65 SCIF Receiving Error(At the SIO bridge. )Check for noise, disconnected equipment, andimproper communication settingA66 SCI Overrunning Error(At the SIO bridge. )Check for noise, disconnected equipment, andimproper communication settingA67 SCI Framing Error (Atthe SIO bridge. )Check for noise, disconnected equipment, andimproper communication settingA68SCI Parity Error (At the SIO bridge. ) Check for noise, disconnected equipment, and improper communication setting A69Data Change Rejection Error while Running Program data cannot be changed while program is running A6ASoftware Reset During Flash ROM Write Controller was reset through I/O while writing flash ROM. Write again A6B Field Bus Error (FBRS link Error)The FBRS link Error was detected A6C Program Start in AUTO Mode Error While Other Parameter #45 is set to 0, a program cannot be started serially in AUTO mode. Change Other Parameter #45 to 1A6D P0, P3, and FROM area Direct Write Prohibition ErrorP0, P3, and a direct write to the FROM area are prohibited A6E Write Inside Rejection Error The processing not permitted in the slaveparameter write in data flash ROM write was triedB00 SCHA Setting Error The ending character set using SCHA is invalidB01 TPCD Setting Error Set value must be either 0 or 1B02 SLEN Setting Error The setting of SLEN is out of rangeB03 Homing Method ErrorHoming Method specified in Specific AxisParameter #10 is invalid for that particular axis B041 Shot Pulse Output Simultaneous Use Error BTPN and the BTPF timer simultaneous number of operation in one program exceed upper bound (16) B05 Over Travel ErrorDuring Homing Possibly bad limit switch/creep sensorB06 Multiple OPEN ErrorAttempted to OPEN a channel which was alreadyopened in another program B07 SIO channel Usage Error Attempted to use a channel which has not been opened (OPEN command)B08 Multiple WRIT ErrorThe WRIT instruction was executed at the same time by two or more tasks for the same channel B09 SIO RS485 WRIT?READSimultaneous Error The WRIT instruction and the READ instruction were executed at the same timeB0A Usage of Unassigned SIO Channel It tried to use the channel that normally cracked and was not applied. Please confirm I/O parameter No.100-111 and the state of the I/O slotB10 Z-phase SearchTime-out Error Z-phase cannot be detected. Check encoder connections or possibly defective encoderB11 HOME Limit SwitchThe escape from the starting point sensor cannotTime-out Error be confirmed. Please confirm the restraint,wiring, and the starting point sensor etc. ofoperationB12 SEL Command Return CodeStorage Variable No.ErrorSEL command return code storage variable No. isinvalid. Please confirm "Other parameter No.24READ instruction return code storage localvariable No." etcB13 Backup SRAM DataChecksum ErrorBackup SRAM data is destroyed. Please confirm thebatteryB14 Flash ROM8Mbit VersionUnsupport FunctionErrorIt tried to use a function not supported underflash ROM8Mbit substrate environment. (HTconnection specification etc.)B15 Input Port DebuggingFilter Type ErrorThe input port debugging filter type setting valueis invalidB16 SEL OperandSpecification ErrorInvalid SEL instruction word operandspecificationB17 Parameter RegisterBusy Error when SlaveCommand is IssuedDriver special command ACK became a time-outbecause of the slave command issueB18 Device No. Error Device No. is invalidB19 Unit Type Error The unit type is invalidB1A ABS ResetSpecification ErrorThe ABS reset specification is illegal. Itspecifies more than two axes the axis excludingthe specification simultaneously and the ABSencoderC03 Unregistered ProgramSpecification ErrorThe specified program is not registeredC04 Program Entry PointUndetected ErrorExecution was demanded for program No. in whichthe program step was not registeredC05 Program First Step BGSRErrorThe first command in a program cannot be BGSRC06 Executable StepUndetected ErrorIn the program being executed, there are noexecutable stepsC07 Subroutine UndefinedErrorThe subroutine which was called is not definedC08 Multiple SubroutineDefined ErrorThe subroutine is defined in same subroutine No.by two or more placesC0A Multiple Tag DefineErrorTag is defined in same tag No. by two or more placesC0B Tag Undefined Error The tag specified for a jump destination of theGOTO command is not definedC0C DW, IF, IS, and SL PairEnd Mismatch ErrorThe syntax of the branch instruction is invalid.Correspondence with the branch instruction whichappeared last time is invalid at EDIF, EDDO, andEDSL. Please confirm the IF?IS instruction, thecorrespondence of EDIF, the correspondence of theDO instrucC0D DW, IF, IS, and SL PairEnd Shortage ErrorNeither EDIF, EDDO nor EDSL are found. Pleaseconfirm the IF?IS instruction, the correspondenceof EDIF, the correspondence of the DO instructionand EDDO, the SLCT instructions, and thecorrespondences of EDSLC0E BGSR Pair End ShortageErrorEDSR corresponding to BGSR is insufficient or BGSRcorresponding to EDSR is insufficient. Pleaseconfirm the correspondence of BGSR and EDSRC0F DO, IF, and Over IS NestSteps Number ErrorThe frequency of the nest of the DO instructionand the IF?IS instruction exceeds the limit value.The limit is 15 nested statements. Also, check forexiting with a GOTO command before the end ofstatementC10 Over SLCT Nest StepsNumber ErrorThe frequency of the nest of the SLCT exceeds thelimit value. The limit is 15 nested statements.Also, check for exiting with a GOTO command beforethe end of statementC11 Over Error of Frequencyof Subroutine NestThe frequency of the nest of subroutines exceedsthe limit value. The limit is 15 nestedsubroutines. Also, check for exiting with a GOTOcommand before the end of the subroutineC12 DO, IF, and IS NestSteps Number ErrorUnderThe position of EDIF or EDDO is invalid. Pleasedo not confirm whether diverge the correspondenceof the IF?IS instruction, the correspondence ofEDIF, the DO instruction, and EDDO and in syntaxes(outside the syntax in the GOTO instruction)C13 SLCT Nest Steps NumberError underThe position of EDSL is invalid. Please do notconfirm whether diverge the correspondence ofSLCT and EDSL and in syntaxes (outside the syntaxin the GOTO instruction)C14 Error of Frequency ofSubroutine Nest UnderThe position of EDSR is invalid. Please do notconfirm whether diverge the correspondence ofBGSR and EDSR and in syntaxes (outside the syntaxin the GOTO instruction)C15 Error of the Next StepInstruction Code ofSLCTWhich must be the next program step of SLCT ofWHEQ, WHNE, WHGT, WHGE, WHLT, WHLE, WSEQ, WSNE,OTHE, and EDSL?C16 Create Stack Failure It failed in the initialization of the input condition state storage stackC17 Enhancing ConditionCode ErrorThe program step is invalid. The code of theenhancing condition is invalidC18 Enhancing Condition LDSimultaneousProcessing NumericalExcessive ErrorThe number of simultaneous processings of LDexceeds the limit valueC19 Enhancing Condition LDShortage DetectionError 1When O is used enhancing condition A, LD isinsufficientC1A Enhancing Condition LDShortage DetectionError 2When OB is used enhancing condition AB, LD isinsufficientC1C Unused LD DetectionErrorIt tried to execute the command without the useof the input condition that LD was used and savedtwo or more times with enhancing condition AB orOBC1F Input Condition CNDShortage DetectionErrorThere is no necessary input condition when theenhancing condition is usedC21 Input Condition UseError at InputCondition ProhibitionCommandAn input condition cannot be used on the specifiedcommandC22 Positional CommandIllegal Error at InputCondition ProhibitionCommandThere must not be input condition prohibitioncommand on the way of the nest of the inputconditionC23 Operand Invalid Error The program step is invalid. Necessary operand data is invalidC24 Operand Type Error The program step is invalid. The data type of the operand is invalidC25 Actuator ControlDeclaration ErrorA set value of the actuator control declarationinstruction is invalidC26 Over Set Range Error ofTime of TimerInvalid setting for the timerC27 Over Set Range Error ofTime-out Time at WAITInvalid setting of the time-out timeC28 Tick Frequency SettingRange ErrorInvalid setting of the Tick frequencyC29 HOME Limit SwitchTime-out ErrorWhen DIV was ordered, 0 was specified for a divisorC2A Range Error when SQR isOrderedThe operand value of the SQR instruction isinvalid. Operand must be greater than zero.C2B BCD Mark Digit NumberRange ErrorSpecified values of the number of BCD mark digitsare invalid. Please specify the value from 1 to8C2C Program No. Error Program No. is invalid C2D Step No. Error Step No. is invalidC2E Empty Step ShortageErrorAn empty step to preserve the step data isinsufficient. Please secure an empty stepnecessary for preservationC2F Axis No. Error Axis No. is invalidC30 Axis Pattern Error The axis pattern is invalidC32 Operation AxisAddition Error whenCommand is BeingExecutedIt moved a continuous point or the operation axisof the point data was added while processing theOts movement calculationError Cause DescriptionC33 Base Axis No. Error Base axis No. is invalidC34 Zone No. Error Zone No. is invalid. - Only X-SEL : C35 Point No. Error Point No. is invalidC36 I/O port Flag No. Error I/O port flag No. is invalidC37 Flag No. Error Flag No. is invalidC38 Tag No. Error Tag No. is invalidC39 Subroutine No. Error Subroutine No. is invalidC3A Open User Serial Channel No.ErrorInvalid User SIO Channel specified.Verify settings in I/O Parameter Nos.100-111C3B Parameter No. Error Parameter No. is invalid C3C Variable No. Error Variable No. is invalid C3D String No. Error String No. is invalidC3E String Variable Data NumberSpecification ErrorString length goes beyond range of columns(1 ~ 999)C40 Delimiter Non Detection Errorin String VariableThe delimiter in the string variablecannot be detectedC41 String Variable Copy Size OverErrorThe size of the string variable copy is toolargeC42 Character Number Error whenString is ProcessedThe character string length when thestring is processed is not defined. Pleaseexecute the string processing instructionafter it defines it by the SLENinstructionC43 Character String Length Errorwhen String is ProcessedThe character string length when thestring is processed is invalid. Pleaseconfirm the value of the character stringlength defined by the SLEN instructionC46 Source Symbol Storage TableEmpty Area Shortage ErrorAn empty area to store the source symbolis insufficient. Please confirm thesource symbol use frequencyC47 Symbol Retrieval Error The definition of the symbol used in the program step is not foundC48 Error SIO Continuous SwitchingErrorSIO transmission is not corresponding tothe format or includes illegal dataC49 Error During Tasks Other ThanSEL-SIOSIO is being used by other interpretertasksC4A SCIF Non-Open Error It is not opened by the task that cereal of the user open channel 1 tried to use. Please open the channel previously by the OPEN instructionC4B Delimiter Error The ending character is not defined. Please set the ending character before OPEN using the SCHA commandC4E Illegal OPEN of SIO Channel 1 User SIO Channel 1 was opened illegally. If I/O Parameter #90 is set to 2, channel 1 cannot be used for user SIO, only IAI Protocol appliesC4F SEL Program Source Symbol SumCheck ErrorFlash ROM data is destroyedC50 Symbol Definition Table SumCheck ErrorFlash ROM data is destroyedC51 Point Data Sum Check Error Flash ROM data is destroyedC52 Backup SRAM Data DestructionErrorBackup SRAM data is destroyed. Pleaseconfirm the batteryC53 Flash ROM SEL Global Data ErrorList Invalid ErrorSEL global data Error list in flash ROM isinvalidC54 Flash ROM SEL Global Data ErrorList Overlap ErrorSEL global data Error list in flash ROMoverlapsC55 SEL Global Data Error List FlashROM Erase No. Over ErrorFlash ROM erase limit has been exceededC56 Timing Limit Over Error (flashROM erase)Erase is invalid of flash ROMC57 Flash ROM Verifying Error(flash ROM erase)Erase is invalid of flash ROMC58 Flash ROM ACK Time-out Error(flash ROM erase)Erase is invalid of flash ROMC59 Front Sector No. DesignationError (flash ROM erase)Erase is invalid of flash ROMC5A Front Sector No. DesignationError (flash ROM erase)Erase is invalid of flash ROMC5B Timing Limit Over Error (flashROM write)The write is invalid of flash ROMC5C Flash ROM Verifying Error(flash ROM write)The write is invalid of flash ROMC5D Flash ROM ACK Time-out Error(flash ROM write)The write is invalid of flash ROMC5E Writing Destination OffsetAddress Error (flash ROM write)The write is invalid of flash ROMC5F Writing Source Data BufferAddress Error (flash ROM write)The write is invalid of flash ROMC60 Error Without SEL Global DataError Restructuring AreaThere is no erase settlement SEL globaldata error restructuring area。

面向漏洞挖掘的基于符号分治区的测试用例生成技术李明磊，黄晖，陆余良（国防科技大学电子对抗学院，合肥 230009）doi ：10.3969/j.issn.1671-1122.2020.05.005收稿日期：2020-4-22基金项目：国家重点研发计划[2017YFB0802900]作者简介：李明磊（1996—），男，江苏，硕士研究生，主要研究方向为网络安全、漏洞挖掘与利用；黄晖（1987—），男，江苏，讲师，博士，主要研究方向为二进制软件分析；陆余良（1964—），男，江苏，教授，硕士，主要研究方向为网络空间安全、漏洞挖掘与利用、网络态势感知。

通信作者：黄晖 hhui_123@摘 要：在漏洞挖掘中，符号执行技术是一种常用的测试用例生成技术。

但当软件中包含加解密、校验和检验等复杂数学运算函数时，使用符号执行技术生成测试用例存在无法有效求解约束表达式的问题，导致漏洞挖掘效率低下。

针对该问题，文章结合分治算法的思想提出基于符号分治区的测试用例生成技术。

首先通过静态分析技术识别软件中的加解密、校验和检验等函数；然后以程序中的加解密、校验和检验函数为分界点对软件进行分区，符号执行引擎每执行到软件的一个分治区，就在本区引入一个新的符号变元进行约束构建，在约束求解时从软件最后一个分治区开始递归求解。

基于该方法，文章在符号执行平台S2E 上实现了漏洞挖掘原型系统Divide，并与现有的符号执行生成测试用例技术进行对比实验。

实验结果表明，文章方法能够快速、有效地生成测试用例，提高漏洞挖掘的效率。

关键词：符号执行；约束求解；测试用例生成；静态分析；漏洞挖掘中图分类号：TP309 文献标志码： A 文章编号：1671-1122（2020）05-0039-08中文引用格式：李明磊,黄晖,陆余良.面向漏洞挖掘的基于符号分治区的测试用例生成技术[J].信息网络安全，2020，20（5）：39-46.英文引用格式：LI Minglei, HUANG Hui ，LU Yuliang. Test Case Generation Technology Based on Symbol Divide and Conquer Area for Vulnerability Mining [J]. Netinfo Security, 2020, 20(5): 39-46.Test Case Generation Technology Based on Symbol Divide andConquer Area for Vulnerability MiningLI Minglei, HUANG Hui ，LU Yuliang(College of Electronic Engineering , National University of Defense Technology , Hefei 230009, China )Abstract: In vulnerability mining, symbol execution technology is a common test casegeneration technology. However, when the software contains complex mathematical operation functions such as encryption and decryption, checksum verification, using symbol execution technology to generate test cases cannot effectively solve constraint expressions, which results in low efficiency in vulnerability mining. In order to solve this problem, combining the idea of divideand conquer algorithm, this paper proposes a test case generation technique based on symbol divide and conquer area. Firstly, the functions of encryption and decryption, checksum verification in software are identified through static analysis technology. Then using the functions of encryption and decryption, checksum verification in the program as the partition point to partition the software. Every time the symbol execution engine executes to a divide and conquer area of software, a new symbol variable is introduced into this area for constraint construction. When solving constraints, the software will start to solve recursively from the last divide and conquer area of software. Based on this method, this paper implements a vulnerability mining prototype system Divide on the symbolic execution platform S2E, and compares with the existing symbol execution generation test case technologies. The experimental results show that this method can generate test cases quickly and effectively, and improve the efficiency of vulnerability mining.Key words: symbol execution; constraint solving; test case generation; static analysis ; vulnerability mining0 引言随着信息技术的不断普及，网络安全成为国家安全的重中之重，软件安全是确保网络安全的关键一环。

专利名称：CHECKSUM DETERMINATION 发明人：THAKUR, Anshuman,CALLUM, Roy 申请号：US2004027731申请日：20040825公开号：WO05/027463P1公开日：20050324专利内容由知识产权出版社提供摘要：One embodiment of a method may include partitioning data into segments of the data, storing in memory a set of checksums of the segments of the data, selecting a portion of the data, and determining a checksum of the portion of the data. The portion of the data may comprise a subset of the segments of the data and/or at least one part of at least one segment of the data. The checksum of the portion of the data may be determined, based, at least in part, upon a checksum of the subset of the segmentsand/or a checksum of the at least one part of the at least one segment. The checksum of the subset of the segments may be based, at least in part, upon respective checksums, read from the checksums stored in the memory, of segments of the data comprised in the subset of the segments.申请人：INTEL CORPORATION地址：US国籍：US代理机构：VINCENT, Lester, J.更多信息请下载全文后查看。

checksum规则Checksum规则什么是Checksum？•Checksum是一种用于验证数据完整性的算法。

•它通过计算数据的校验和，将结果与预期的校验和进行比对，以确定数据是否被篡改或损坏。

## Checksum的应用领域•计算机网络通信–在数据包传输中，Checksum被用于验证数据的完整性。

–接收方可以通过计算数据的校验和，判断数据是否受到了损坏或篡改。

•存储介质–在硬盘、光盘等存储介质中，Checksum用于检测数据的完整性。

–当读取数据时，Checksum可以帮助判断数据是否出现了位错误或损坏。

•数据库管理系统–许多数据库管理系统使用Checksum来确保数据文件的完整性。

–当数据库文件损坏时，Checksum可以帮助识别出出错的部分，并进行修复或恢复。

## Checksum的原理•Checksum通常是通过对数据中的每个字节进行加法运算或位运算来得到的。

•在计算Checksum时，需要定义一个初始化值，然后将每个字节与该值进行运算，得到的结果再与下一个字节进行运算，直到计算完所有数据。

•最后，将得到的Checksum与预期的Checksum进行比较，以决定数据的完整性。

## Checksum的特点•Checksum是一种简单高效的数据完整性验证算法。

•它只需要进行一次运算即可得到校验结果，速度较快。

•当数据发生错误时，Checksum可以帮助发现错误的位置。

•但Checksum也存在一定的局限性，如果数据受到大幅度损坏，有可能无法正确检测出错误。

## 结论•Checksum在现代计算机系统和网络中扮演着重要的角色。

•它是一种简单有效的数据完整性验证算法。

•在进行数据传输、存储和数据库管理时，Checksum的应用可以增加数据的可靠性和安全性。

•然而，Checksum也有局限性，需要根据具体的应用场景进行权衡和选择。

Checksum算法的种类•校验和算法：通过对数据中每个字节进行加法运算得到一个校验和，常用的校验和算法有Fletcher校验和、Luhn算法等。

pt-table-checksum原理pt-table-checksum是一个Percona Toolkit中的工具，用于检查和比较MySQL主从服务器上的数据一致性。

它通过计算主库和从库上的表的校验和来实现数据比对。

这个过程可以用来检测主从复制中的数据不一致问题，帮助管理员及时发现并解决这些问题。

1. 创建一个特殊的 checksums表，用于存储每个被检查的表的校验和和其他相关信息。

2. 在主库上，pt-table-checksum会向checksums表中插入一个行记录，表示这个表正在被检查。

然后，它会对这个表的每个分区或者每个chunk（取决于配置）进行数据校验和计算，并将校验和值存储到checksums表中。

3. 在从库上，pt-table-checksum会根据主库上checksums表的信息，计算每个被检查的表的校验和，并与checksums表中的值进行比对。

4. 检查完所有表后，pt-table-checksum会生成一个报告，显示哪些表在主从之间存在数据不一致。

5. 可选地，pt-table-checksum可以修复数据不一致的表。

它会在数据不一致表的主库上找到不一致的chunk，并将其修复到从库上，以确保主从服务器之间的数据完全一致。

通过这种方式，pt-table-checksum可以高效地检查主从服务器之间的数据一致性。

它利用了MySQL引擎的一些特性来优化校验和的计算过程，并且可以在大型数据库环境中处理大量的数据。

然而，pt-table-checksum也有一些限制和注意事项：1. pt-table-checksum只能检查可以使用主键或唯一索引分区的表。

对于没有主键或唯一索引分区的表，无法使用pt-table-checksum进行数据一致性检查。

2. pt-table-checksum用到了大量的系统资源，尤其是在计算校验和和进行数据修复时。

因此，在使用pt-table-checksum之前，需要仔细评估系统的性能和资源使用情况。

ISSN 1000-9825, CODEN RUXUEW E-mail: jos@Journal of Software , Vol.20, No.6, June 2009, pp.1393−1405 doi: 10.3724/SP.J.1001.2009.03497 Tel/Fax: +86-10-62562563© by Institute of Software , the Chinese Academy of Sciences . All rights reserved.组合测试:原理与方法∗严 俊+, 张 健(中国科学院 软件研究所 计算机科学国家重点实验室,北京 100190) Combinatorial Testing: Principles and MethodsYAN Jun +, ZHANG Jian(State Key Laboratory of Computer Science, Institute of Software, The Chinese Academy of Sciences, Beijing 100190, China)+ Corresponding author: E-mail: yanjun@Yan J, Zhang J. Combinatorial testing: Principles and methods. Journal of Software , 2009,20(6):1393−1405./1000-9825/3497.htmAbstract : Combinatorial testing can use a small number of test cases to test systems while preserving faultdetection ability. However, the complexity of test case generation problem for combinatorial testing is NP-complete.The efficiency and complexity of this testing method have attracted many researchers from the area ofcombinatorics and software engineering. This paper summarizes the research works on this topic in recent years.They include: various combinatorial test criteria, the relations between the test generation problem and otherNP-complete problems, the mathematical methods for constructing test cases, the computer search techniques fortest generation and fault localization techniques based on combinatorial testing.Key words : combinatorial testing; covering array; test case generation摘 要: 组合测试能够在保证错误检出率的前提下采用较少的测试用例测试系统.但是,组合测试用例集的构造问题的复杂度是NP 完全的.组合测试方法的有效性和复杂性吸引了组合数学领域和软件工程领域的学者们对其进行深入的研究.总结了近年来在组合测试方面的研究进展,主要内容包括:组合测试准则的研究、组合测试生成问题与其他NP 完全问题的联系、组合测试用例的数学构造方法、采用计算机搜索的组合测试生成方法以及基于组合测试的错误定位技术.关键词: 组合测试;覆盖数组;测试用例生成中图法分类号: TP301 文献标识码: A在软件的功能测试中,可以通过检查系统参数的所有取值组合来进行充分的测试.例如:对一个具有k 个参数的待测系统(software under test,简称SUT),这些参数分别有v 1,v 2,…,v k 个可能取值,完全测试这个系统需要1ki i v =∏个测试用例.对于一般的被测系统而言,这个组合数是一个很庞大的数字.如何从中选择一个规模较小的子集作为测试用例集是测试用例生成(test case generation)中一个很重要的问题.在测试性能和代价上的一个折衷就是组合测试(combinatorial testing),因为根据观察,对于很多应用程序来说,很多程序错误都是由少数几个参∗ Supported by the National Natural Science Foundation of China under Grant Nos.60673044, 60633010 (国家自然科学基金) Received 2008-05-16; Revised 2008-08-07; Accepted 2008-10-071394 Journal of Software软件学报 V ol.20, No.6, June 2009数的相互作用导致的.例如:Kuhn和Reilly分析了Mozilla浏览器的错误报告记录,发现超过70%的错误是由某两个参数的相互作用触发的,超过90%的错误是由3个以内的参数互相作用而引发的[1].这样,我们可以选择测试用例,使得对于任意t(t是一个小的正整数,一般是2或者3)个参数,这t个参数的所有可能取值的组合至少被一个测试用例覆盖.我们称这种测试准则(test criterion)为t组合测试.组合测试方法在系统测试中是非常有效的,因为对于有k个参数的系统来说,完成t组合测试所需要的最小测试用例数目是按照k的对数级增长的[2].美国国家标准和技术协会(NIST)的Kuhn等人采用4个软件系统研究了组合测试的错误检出率.其结果表明,3组合测试的错误检出率已经超过80%[3].Grindal的研究指出,组合测试方法具有模型简单、对测试人员要求低、能够有效处理较大规模的测试需求的特点,是一种可行的实用测试方案[4].下面用一个简单的例子来说明组合测试方法.表1描述了一个电子商务系统,这个系统有4个参数,每个参数有3个可选值,完全测试该系统需要34=81个测试用例.采用2组合测试准则,测试时仅需要表2中的9个测试用例,即可覆盖任意两个参数的所有取值组合.Table 1 A system with four parameters表1一个四参数系统Client Web Server Payment DatabaseFirefox WebSphere MasterCard DB/2IE Apache Visa Orade UnionPay AccessTable 2 Test suite covering all pairs表22组合测试用例Test No. Client Web Server Payment Database1 FirefoxWebSphere MasterCard DB/22 Firefox .NET UnionPay Orade3 Firefox Apache Visa Access4 IEAccessWebSphere UnionPayMasterCard Orade5 IE Apache6 IE .NET Visa DB/2WebSphere Visa Orade7 Opera8 Opera .NET MasterCard Access9 Opera Apache UnionPay DB/2本文总结了近年来学术界和工业界在组合测试上的研究成果.第1节介绍组合测试的基础概念.第2节介绍部分数学构造方法.第3节介绍利用其他NP完全问题来研究组合测试生成问题.第4节分类介绍采用计算机搜索方法自动生成测试用例集合的方法.第5节介绍如何利用组合测试的结果定位错误的位置.第6节是总结和展望.1 基本概念大部分的组合测试方法,也就是传统的组合测试方法,都是基于覆盖数组的.另外,针对一部分特殊的软件测试,学术界提出了一些变种的组合测试方法.1.1 覆盖数组从表2可以看出,组合测试用例集合可以用一个矩阵来表示,矩阵的每一行表示一个测试用例,每一列代表系统的一个参数,每一项(entry)代表测试用例的相应参数的取值.Cohen等人给出了如下覆盖数组CA(covering array)和混合覆盖数组MCA(mixed level covering array)的定义[5],用以描述测试用例集.定义1(覆盖数组). 覆盖数组CA(N;t,k,v)是一个值域大小为v的N×k矩阵,任意的N×t子矩阵包含了在v值域上所有大小为t的排列.这里,t被称为强度(strength,国内某些文献将其翻译为水平,见文献[6]).k被称为阶数(degree),v称为序(order).一个覆盖数组如果具有最小的行数,则被称为最优的.这个最小的行数称为覆盖数(covering array number),记为CAN(t,k,v).严俊 等:组合测试:原理与方法1395v 一般地,强度为t 的覆盖数组被称为t 覆盖数组(t -covering array).特别地,t =2的覆盖数组称为成对覆盖数组(pairwise covering array).覆盖数组要求矩阵的每一列具有相同大小的值域,表2中的测试集合即是一个覆盖数组CA(9;2,4,3).由于任意两个参数之间的组合至少有32=9种,故这个覆盖数组是最优的.目前已知的一些覆盖数组的最好结果可以参见文献[7].对于真实的程序,并不一定都满足每一个参数具有相同的值域这个限制,于是,我们可以进一步扩展覆盖数组的概念.定义2(混合覆盖数组). 混合覆盖数组MCA(N ;t ,k ,v 1v 2…v k )是一个由v 个符号组成的N ×t 矩阵,其中 1ki i v ==∑,并具有以下性质: i) 第i 列的所有符号是一个大小为v i 的集合S i 的元素.ii) 任意的N ×t 子矩阵包含了在相应值域上的所有t 元组.类似地,我们可以定义混合覆盖数组的强度t 以及覆盖数MCAN(t ,k ,v 1v 2…v k ).在记录CA 或者MCA 时,可以把一些具有相同值域的项合并,并省略参数的个数k .例如,如果矩阵有3 列,其值域大小都是2,则记为23.在这种情况下,一个MCA(N ;t ,k ,v 1v 2…v k )可以表示为1212MCA(;,...)r p p p r N t s s s ,其中 1ri i k ==∑p .下面用一个对真实程序进行测试的例子来说明混合覆盖数组. 例1(ldd 的测试):Linux 程序ldd 的主要功能是打印目标文件FILE(包括编译好的可执行程序或者动态链接库)依赖的动态链接库,它的用法是ldd [OPTION] FILE假定我们要对ldd 进行功能测试,根据ldd 的用法,影响程序的参数包括所有选项(OPTION)以及输入文件(FILE).在实际测试时,显然无法穷举所有的文件,于是将FILE 通过等价类划分(equivalence partitioning)抽象成3个等价类:无输入文件(unused)、无效文件(invalid file)以及有效文件(valid file).这样,根据ldd(version 2.6.1)的使用说明,我们可以列出ldd 的所有控制参数,见表3.Table 3 Parameters of ldd表3 ldd 的参数Parameter Meaning LevelsFILE Object program or shared library. Unused, Invalid File, Valid File--version Print the version number of ldd. Unused, Used-v Print all information. Unused, Used-u Print unused direct dependencies. Unused, Used-d Perform relocations and report any missing objects. Unused, Used-r Perform relocations for both data objects and functions, and report any missing objects or functions. Unused, Used --help Usage information. Unused, Used从表3可以看出,ldd 有6个二值参数,1个三值参数,那么,对于这样一个简单程序的所有可能的输入有31×26=192种.假定我们需要测试任意3个参数之间的所有取值组合,可以用表4的18个测试用例来对ldd 进行测试,显然这一组测试用例构成了一个MCA(18;3,3126).可以证明,对于这个实例至少需要18个测试用例(证明参见第2节),即这个测试集合是最优测试集.区别CA 和MCA 的原因主要在于,在构造这些矩阵时,某些数学构造方法只适用于CA.而采用其他构造方法,尤其是在利用计算机搜索的自动化方法时,CA 可以看成MCA 的一个特例,在处理时并没有区别.下文中如无特别说明,本文所指的覆盖数组包含CA 以及MCA.Seroussi 和Bshouty 的工作[8]表明,构造最优t 覆盖数组这个问题是NP 完全的.同时,Lei 等人[9]也证明了这个问题的判定问题,即判断一个被测系统是否有一个大小为N 的成对覆盖集也是NP 完全的.所以,我们不大可能找到一种对所有实例都很高效的构造算法.这两个问题,即寻找最优覆盖数组和其判定问题,目前已都有较多的 研究[5].1396Journal of Software 软件学报 V ol.20, No.6, June 2009Table 4 Test cases for ldd表4 ldd 的测试用例Test No.FILE --version -v -u -d -r --help1 Unused Unused Unused Unused Unused Unused Unused2 Unused Unused Used Unused Unused Unused Used3 Unused Used Unused Unused Used Used Unused4 Unused Used Used Used Unused Used Unused5 Invalid file Unused Unused Unused Unused Unused Unused6 Invalid file Unused Used Unused Unused Unused Used7 Invalid file Used Unused Unused Used Used Unused8 Invalid file Used Used Used Unused Used Unused9 Valid file Unused Unused Unused Used Used Used10 Valid file Unused Used Used Used Unused Unused11 Valid file Used Unused Used Unused Unused Used12 Valid file Used Used Unused Unused Used Used13 Unused Unused Unused Used Used Used Used14 Unused Used Used Used Used Unused Used15 Invalid file Unused Used Used Used Used Used16 Invalid file Used Unused Used Used Unused Used17 Valid file Unused Unused Used Unused Used Unused18 Valid file Used Used Unused Used Unused Unused1.2 非经典组合测试采用覆盖数组的组合测试要求任意t 个参数的所有参数组合都必须被覆盖,而没有考虑具体参数的特性.近年来,一些学者将组合测试的方法进行了扩展,提出了一些非经典的组合测试方法.另外,对于某些测试实例而言,即使采用组合测试方法,测试用例数目还是太多.因此,学术界针对某些具体问题提出了一些非经典的组合测试方法,这些测试方法的主要出发点一般是对测试用例集合中的参数取值组合加入一些限制.这些限制主要包括以下几个方面.1.2.1 种子组合在实际测试中,用户可能会要求某些取值组合必须被测试,这种取值组合被称为种子(seed)[10].目前,很多贪心算法支持这些参数限制(参见第4.1节).例如,本文第4.1.1节介绍的AETG(automatic efficient test generator)等工具的输入规范AETGSpec [10]支持如下描述:seed {a b c d2 4 8 3}这一段约束表示(a,b,c,d)=(2,4,8,3)这种组合形式在测试用例集中至少出现1次. 1.2.2 参数之间的限制某些参数组合事实上是不允许出现或者是没有意义的.例如,简单的计算器,在非十进制的时候是不支持浮点数运算的,那么,“十六进制+浮点数”的组合是无效组合,测试中应该禁止出现.这种情况称为参数之间的冲突(conflict)[4].AETG [11]等工具支持参数之间具有这样的约束关系.例如,其规范支持形如If b<9 then c>=8 and d<=3的表达式,用以描述对参数b,c,d 之间的限制.另外微软的免费测试工具PICT(pairwise independent combinatorial testing)也支持较为复杂的约束,包括数值和字符串的比较以及布尔逻辑约束[12].更多关于冲突处理的介绍见文献[4].1.2.3 变强度组合测试Cohen 等人提出了变强度的组合测试方法,允许不同参数之间的覆盖强度不同[13].他们将覆盖数组扩 展到了变强度覆盖数组.例如,表示一个强度为2的混合覆盖数组,但是其中包含 9233VCA(27;2,32,{CA(27;3,3)})3个子数组,每个数组包含3个值域大小为3的参数,并且在每个子数组内部需要所有的参数组合满足3覆盖.这种方法适合于重点测试系统中的某些关键参数.严俊 等:组合测试:原理与方法13971.2.4 特殊的测试场景 某些被测程序可能不仅有多个输入,也可能有多个输出.如果每个输出O j 是由少数几个参数 12{,,...,}s j j j I I I 所影响,那么测试集合需要覆盖影响任意一个输出的所有输入参数的取值组合[14].如何自动生成满足这种覆盖的测试用例集是一个很复杂的问题.Cheng 等人指出,可以利用图染色方法将这个测试生成问题约简为变强度组合测试[15].王子元等人针对一种特殊的测试场景提出了另一种组合测试方法[16].在这种场景中,仅有相邻的参数之间可能有关联.例如,在中国铁路的信号系统中,火车前一个信号灯的状态取决于之前3个区间的状态,这样可以采用强度为3的相邻因素组合测试方法来测试该系统.该文同时提出了一种自动测试生成方法,可以在多项式时间内产生最优测试用例集合.相对于经典的组合测试方法,这些非经典的组合测试方法的研究不是很成熟.王子元等人借鉴了Cheng 的集合覆盖问题思想(参见第3.2节),提出了一个较为通用的非经典组合测试框架,试图将这些非经典组合测试统一用参数的交叉关系(interaction relationship)来描述.所有的交叉关系组成一个集合(称为interaction coverage requirement),那么,非经典的组合测试生成问题可以统一为寻找覆盖这个关系集合的测试用例集合[17].下文中的内容,若无特殊声明,针对的都是标准的组合测试.2 数学构造方法最早的构造方法是利用正交数组(orthogonal array,简称OA).OA 的定义与CA 类似,二者的区别是,对于任意的N ×t 子矩阵,所有的t 元组出现的次数(大于0)均相同.OA 是被组合数学界研究很久的问题,N ≤100的OA(N ;t ,k ,v )已经被完全构造[18],也可以用计算机自动搜索的方法(如文献[19,20])构造小规模的OA.在某些特殊 情形下,OA 就是最优的CA.例如就是一个最优的覆盖数组;又如,如果v ≥t −1是一个素数的幂(prime power),那么也是一个最优覆盖数组OA(;,1,)t v t t v +OA(;,1,)t v t v v +[21].一般情况下,我们可以通过如下两步的坍塌(collapse)方法由一个OA(N ;t ,k ,v )构造出一个12MCA(;,,...)k M t k v v v ,其中M ≤N 并且v i ≤v (0<i ≤k )[22].i) 将第i (0<i ≤k )列上在值域v i 以外的符号用值域内任意一个符号替换;ii) 删除某些冗余的列(这些列包含的所有t 元组已经被其他列覆盖).另一种坍塌方法是利用大的覆盖数组构造小的覆盖数组.例如,我们可以分别利用和12MCA(;,,(1)...)k N t k v v v +12MCA(;,,...)k M t k v v v 构造12MCA(;,,...)k N t k v v v ′和2MCA(;,1,...),k M t k v v ′−其中,N N M M ′′≤≤.坍塌方法的缺陷在于,最终得到的覆盖数组往往比最优解要大,尤其是对MCA [23].另一种构造方法是用小的矩阵递归构造大的覆盖矩阵.例如,Stevens 和Mendelsohn 证明了,如果存在一个CA(;2,,)N k v 实例A =(a ij )以及一个CA(;2,,)M v A 实例B =(b ij ),那么我们可以构造一个CA(;2,,)N M k v +A 的实例,如图1所示[24].Fig.1 An instance of CA(;2,,)N M k v +A图1 一个CA(;2,,)N M k v +A 实例递归构造方法在组合数学中是一种常见的研究方法.更多关于覆盖数组的递归构造方法,可以参见文献1398 Journal of Software 软件学报 V ol.20, No.6, June 2009⎞⎟[21,25−27].递归构造方法对于一些特殊的实例能够给出优美的结论.但是,对于一般的组合测试问题,这些方法并不具备通用性.构造方法还有一些副产品,即给出了部分实例的覆盖数的范围.对于t =v =2的情况,Katona [28],Kleitman 和Spencer [29]分别于1973年证明了对于21(1)/2/2N N k N N −−⎛⎞⎛<≤⎜⎟⎜−⎡⎤⎡⎤⎢⎥⎢⎝⎠⎝⎥⎠的CA,其覆盖数为N .那么对于所有的t =v =2 的最优覆盖问题已经在理论上完全解决.对于这个问题,聂长海等人利用覆盖数组任意两列不相同、不互补等特性给出了一种构造算法,实验结果接近理论值[6].对于其他形式的覆盖数组,目前的理论研究还无法精确地给出所有覆盖数的值.不少数学结论是关于一些不同覆盖数组实例的覆盖数之间的关系.例如,易知下列结论成立[26]:1212MCAN(,,...)MCAN(1,1,...),k k t k v v v v t k v v ≥⋅−−又由以前结论可知,6CAN(2,2)6=(t =v =2的最优覆盖问题).那么,166MCAN(3,32)3CAN(2,2)18,≥⋅=这就证明了表4的测试用例集合是最优的.利用这些相互关系可以更一般地给出覆盖数的上、下界.例如Chateauneuf 等人证明[30]了2CAN(3,,3) 6.1209(log ),k k ≤更多的结论可见文献[25],这里不再赘述.目前已有一些采用数学方法构造覆盖数组的工具.Bell 实验室的工具CATS [31]以及在线服务Testcover [32]采用递归构造和坍塌的方法构造覆盖数组.Williams 等人曾经采用坍塌和递归构造的方法测试分布式系统[22],并开发了一个工具Tconfig [33].该工具的运行速度比较快,但是得到的覆盖数组往往比较大.IBM Haifa 研究院的WHITCH 项目(以前称为CTS 项目)[34]中采用了一些递归构造方法,在部分实例上取得了很好的结果[35]. 3 转化成其他问题本文在第1节中指出,覆盖数组的构造问题的复杂度是NP 完全的,目前已有一些NP 完全问题的研究比较深入,如可满足问题、整数规划问题以及图上的一些问题.一些学者通过将覆盖数组的构造问题转化为其他类型的问题,然后借鉴这些问题的理论和方法来研究覆盖数组.3.1 转化为可满足问题可满足问题(SAT)[36]是指,给定一组布尔逻辑公式,是否存在一组对所有变量的赋值,使得这一组公式是可满足的.SAT 是第一个被证明为NP 完全的问题,近年来在国际上是一个比较热门的研究方向.理论上说,所有NP 完全问题都可以转化为SAT 问题求解.目前,SAT 问题的求解算法主要包括两类,基于DPLL 的穷举搜索算法和基于局部搜索的随机算法.其中前者是完备的,即一个问题是可满足的,算法就一定能够找到一组解;而后者对某些可满足的实例有较快的求解速度.关于SAT 的求解算法和工具可以在相关网站[37]上找到.Hnich 等人[38]尝试将组合测试的判定问题的约束转化为SAT 的子句(CNF 形式)集,并采用基于局部搜索的SAT 工具walksat 来处理这个问题.其实验结果表明,walksat 能够在数分钟内处理一些小规模的实例.由于walksat 不是完备算法,采用这种方法生成的覆盖数组可能不是最优的.严俊等人[39]采用与Hnich 等人类似的SAT 编码方法,并且尝试使用另一个SAT 工具zChaff(这是最高效的完备求解工具之一)来处理这个问题.一般来说,直接编码得到的SAT 子句集合zChaff 处理起来比较困难.为了减小搜索空间,该方法使用了工具Shatter 来打破SAT 子句中的对称性,然后调用zChaff 处理.但实验结果却令人失望.即使对一些较小的实例, zChaff 也要花费大量的时间.SAT 方法的主要问题在于,即使是针对一个小规模覆盖数组问题转化得来的SAT 子句集合规模也可能是非常庞大的.另外,在翻译过程中,一些覆盖数组的组合特性(如对称性)也丢失了,简单地调用SAT 工具的求解效率并不高.改进SAT 翻译方法以及SAT 工具调用的方式(如文献[20]采用的将SAT 与回溯算法结合的方式)是较为可严俊 等:组合测试:原理与方法1399行的研究方向.3.2 转化为整数规划问题 Cheng 等人指出,一个一般的组合测试问题(包括非经典的组合测试问题)可以形式化为一个集合覆盖问题 (set-covering problem)[15].一个集合覆盖问题包括一个有限集合12{,,...,}m X x x x =(这里指的是所有可能的参数值组合)以及由X 的子集组成的集合(这里指的是所有测试用例集合,每个测试用例对应着若干 12{,,...,}n F f f f =参数值组合).集合覆盖问题的目标是寻找F 的一个最小子集C ,使得C 覆盖X 中的所有元素.Williams 等人采用0-1整数规划的方法求解这个问题[40].令二值变量y i =1表示f i ∈C .假定F 中的元素 12,,...,s j j j f f f 包含x j ,则寻找最小集合C 的问题可以描述为最优化问题:min 12...m y y y +++s.t.for all j , 12... 1.s j j j y y y +++≥与SAT 方法类似,由于集合X 的规模很大,采用0-1规划虽然能够得到最优解,但是能够处理问题的规模却很小.3.3 转化为图问题前面我们在第1.2.4节中提到,可以用图染色的方法来约简基于I/O 关系的组合测试.此外,加拿大Ottawa 大学的研究小组将成对覆盖数组(包括非经典的覆盖数组)转化为图,然后利用图的理论研究覆盖数组的性质.他们的研究方法是,首先定义属性无关(qualitatively independent,简称QI)的概念.所谓属性无关,指的是两 个N 维向量,两个向量的值域分别为,则对于任意,总存在一个整数i ,使得A ,B 的第i 维的数对,N u A B ∈∈Z Z N v v (,)u αβ∈×Z Z (,)(,)i i a b αβ=.接下来,我们定义图上的覆盖数组(covering array on graph)CA(N ,G ,v )是一个具 有k 个顶点的图,每个顶点代表一个N 维向量(即覆盖数组中的一列).两个顶点之间有边当且仅当对应覆盖矩阵的两列是QI 的.显然,标准的成对覆盖数组CA(N ;2,k ,v )对应的图是一个k 完全图(complete graph),而王子元等人的相邻因素覆盖数组[16]对应的图是一个长为k 的链.最后定义图同态(graph homomorphism)这一概念.如果从图G 到H 存在一个映射φ,使得对于任意相邻的顶点x ,y ∈V (G ),φ(x )和φ(y )在H 上也是相邻的,那么图G 和H 是同态的.利用图同态的性质,我们可以给出覆盖数的范围.Meagher 采用这种方法研究了成对覆盖数组[41]和混合覆盖数组[42]的一些性质,Zekaoui 研究了一些非经典覆盖数组的性质[43].4 直接搜索方法组合测试的很大一部分研究是利用传统的约束求解或者最优化方法来直接搜索覆盖数组.由于这个问题的复杂性是NP 完全的,大部分的方法都是局部搜索算法,这些方法不能保证得到最优解,但是处理时间相对较少.这些方法主要包括贪心算法和启发式搜索方法.另外,有少量的研究采用全局搜索算法,能够对一定规模的问题得到最优解.直接搜索方法中有不少算法已经形成了实用的工具,关于这些工具的介绍可以参见文献[44].4.1 贪心算法贪心算法的思想是从空矩阵开始,逐行或者逐列扩展矩阵,直到所有的t 组合都被覆盖.按照扩展方式的不同,可以分成一维扩展和二维扩展两类,另外还有一些方法将其他算法与贪心算法结合起来使用.4.1.1 一维扩展我们主要介绍逐行扩展的一维扩展方法,所谓的one-test-at-a-time 方法,即在构造覆盖数组时,按照贪心策略依次增加一行,使得这一行覆盖一些未覆盖的t 元组,直到所有的t 元组都被覆盖.最直接的贪心策略就是,每次选择的新测试用例覆盖最多的未覆盖t 元组.Cohen 等人证明,对于成对测试CA(N ;2,k ,v ),采用这种一维扩张策略产生的贪心测试集大小与SUT 参数的个数呈对数关系(O (v 2log k ))[11].但是,枚举所有可能的测试用例是不现实的(复杂度随着参数个数的增加呈指数增长),因而,大部分的贪心策略都是从一个较小的测试用例集合(称为候选测试用例,candidates)中选择下一个测试用例.一维扩张这个算法框架最初由商业工具AETG [11]提出来.AETG 的贪心策略如下:1400Journal of Software 软件学报 V ol.20, No.6, June 2009i) 首先随机选择一些(50个左右)候选测试用例.候选用例的选择方法是,随机指定一个参数(也就是矩阵的列)的次序,然后按照这个次序依次给每个参数赋值.赋值的策略是,新的赋值和用例中已有的赋值能够覆盖最多的t 元组.ii) 然后从这些测试用例中选择一个覆盖了最多的未覆盖t 元组作为数组的下一行.AETG 的贪心策略是非确定的,所以多次运行AETG 的结果可能不同.TCG [45]也是从若干候选中选择最好的一 行.与AETG 不同,TCG 在对参数排序的时候是按照参数的值域从大到小的次序使,然后依次 12...k v v v ≥≥≥给第1个参数赋值为1,2,…,v 1,最后按照与AETG 相同的方式产生v 1个候选用例.因而,TCG 的贪心策略是确定的.微软开发的工具PICT 采用类似AETG 的方法选择候选测试用例.与AETG 的不同之处在于,PICT 不产生固定大小的候选测试用例集(或者说只选择大小为1的候选测试用例),并且总是采用固定的随机种子,所以PICT 的贪心策略实际上是确定性的.PICT 目前仅能用于成对测试中[12].AETG 框架存在一个不足之处是,在给某一项赋值时,采用的贪心策略是新的赋值和当前测试用例(行)中“已有的赋值”能覆盖最多的t 元组,而没有考虑未赋值的项.鉴于此,Bryce 等人提出了DDA [23]算法.该算法采用了所谓的tie-breaking 的确定型贪心策略,给每个项以及可能的赋值定义了一个密度(density)值.通过计算密度选择最佳赋值.目前DDA 算法也只能应用在成对测试中.在处理成对测试这一类特殊问题时,史亮等人提出了一个解空间树(solution space tree)的模型,这样,测试集合中的每个元素对应解空间树的一条从根到叶节点的路径.那么,根据2组合测试的性质,可以选择的贪心策略是,新加入的用例与测试集已有元素的重叠数不超过2(这里,重叠数的定义为两个测试用例中取值相同的参数个数.例如,(1,2,3)与(1,2,1)在前两个参数的取值相同,所以重叠数为2).史亮等人的实验结果表明,该方法对于部分实例能够给出最优的结果[46].4.1.2 二维扩展Lei 等人提出的IPO(in-parameter-order)[9]是另外一种类型的贪心算法.该算法主要针对成对测试.首先构造前2个参数的所有组合,形成一个较小的矩阵,然后重复如下两步的二维扩展:i) 水平扩展(horizontal growth):在矩阵中增加一个参数(列),给这一列上的每一项赋值,尽可能覆盖更多的t 元组;ii) 垂直扩展(vertical growth):在水平扩展的基础上,如果有t 元组没有覆盖,则增加新的测试用例(行). 图2是IPO 算法处理实例的过程.首先构造前两个参数A 和B 的所有取值组合,共4个.然后水 21MCA(6;2,23)平扩展到第3列.依次选择第3列的值为C1,C2,C3,C1能够覆盖尽可能多的新2元组.这时,算法发现还有(A1,-,C3), (A2,-,C2),(-,B1,C2),(-,B2,C3)这些2元组未覆盖.为了使用最少的垂直扩展,IPO 算法将(A2,-,C2)与(-,B1,C2),以及(A1,-,C3)与(-,B2,C3)分别合并,于是通过垂直扩展两行得到了最后的结果.A B A1B2A2B1A2B2A B C A1 B2C2A2 B1C3A2 B2C1 A B C A1B2C2A2B1C3A2B2C1A2B1C2A1B2C3 Horizontal growthVertical growth Fig.2 Horizontal and vertical growth of IPO algorithm图2 IPO 算法的水平扩展与垂直扩展最初的IPO 算法只能产生成对覆盖数组.后来,Lei 等人将这种算法扩展,得到了一种能产生任意t 组合测试用例的算法IPOG,并开发了一个工具FireEye [47].IPOG 算法虽然是贪心算法,但它采用了指数级复杂度的方法来选择最少行进行垂直扩展,故在处理大规模实例时仍然需要花费大量时间.4.1.3 其他贪心算法对大规模的难解问题,随机型的算法是不错的选择.Kuhn 提出的Paintball [48]采用随机策略生成大量的测试用例,然后采用贪心算法补足未覆盖的t 元组,最后合并一些冗余的行.这种算法在处理大规模问题时相对于。