Conformal_Verification_Guide_8.1

Unix AuthenticationThank you for your interest in authenticated scanning! When you configure and use authentication, you get a more in-depth assessment of your hosts, the most accurate results and fewer false positives. This document provides tips and best practices for setting up Unix authentication using Qualys Cloud Suite 8.10 or later.Qualys supports authentication to systems running Unix, Cisco and Checkpoint Firewall.Few things to knowWhy use authentication?With authentication we can remotely log in to each target system with credentials that you provide, and because we’re logged in we can do more thorough testing. This will give you better visibility into each system’s security posture. Is it required? It’s required for compliance scans and recommended for vulnerability scans.Are my credentials safe?Yes, credentials are exclusively used for READ access to your system. The service does not modify or write anything on the device in any way. Credentials are securely handled by the service and are only used for the duration of the scan.Which technologies are supported?For the most current list of supported authentication technologies and the versions that have been certified for VM and PC by record type, please refer to the following article: Authentication Technologies MatrixWhat are the steps?First, set up a user account (on target hosts) for authenticated scanning. Then, using Qualys, complete these steps: 1) Add an authentication record to associate credentials with hosts (IPs). We have separate records for Unix, Cisco and Checkpoint Firewall. 2) Launch a scan using an option profile. For a VM scan be sure to enable authentication in the option profile. 3) Run the Authentication Report to find out if authentication passed or failed for each scanned host.Can I have multiple records?Yes. You can create multiple records with different IP addresses. Each IP address may be included in one Unix type record (Unix Record, Cisco Record or CheckPoint Firewall Record).Login CredentialsYou’ll provide us with credentials in authentication records. Many third party vaults are supported. See the Vault Support Matrix in the online help.What privileges are needed for vulnerability scans?The account you provide must be able to perform certain commands like 1) execute “uname” to detect the platform for packages, 2) read /etc/redhat-release and execute “rpm” (if the target is running Red Hat), and 3) read /etc/debian_version and execute “dpkg” (if the target is running Debian). There are many more commands that must be performed.Where can I find a list of commands? The article *NIX Authenticated Scan Process and Commands describes the types of commands run, and gives you an idea of the breadth and scope of the commands executed. It includes a list of commands that a Qualys service account might run during a scan. Not every command is run every time, and *nix distributions differ. This list is neither comprehensive nor actively maintained.What privileges are needed for compliance scans?In order to evaluate all compliance checks you must provide an account with superuser (root) privileges. The compliance scan confirms that full UID=0 access has been granted even if the initial SSH access has been granted to a non-root user. Without full UID=0 access, the scan will not proceed. Note also the account must be configured with the “sh” or “bash” shell.We support use of Sudo or PowerBroker root delegation for systems where remote root login has been disabled for the system to be scanned. However, you cannot use a restricted Unix/Linux account by delegating specific root level commands to the account specified in the sudoers file or equivalent. A non-root account can be used to establish the initial SSH connection but that account must be able to execute a “sudo su –“ command (or equivalent) so that account can gain root level (UID=0) access for the compliance scan to proceed.Using root delegation tools(Supported for Unix authentication in Unix record settings). These root delegation tools are supported for Unix authentication: Sudo, Pismu, PowerBroker. By enabling root delegation you can provide a lower-privileged user account in the record and still perform scan tests with the elevated privileges of the superuser (root).Tip - If you have multiple tools you can arrange the tools in a particular order in the record. We’ll attempt each root delegation method in sequence, depending on the order configured.Can I access a password in my password vault?Yes. We support integration with multiple third party password vaults, including CyberArk PIM Suite, CyberArk AIM, Thycotic Secret Server, Quest Vault, Lieberman ERPM, and more. Go to Scans > Authentication > New > Authentication Vaults and tell us about your vault system. Then choose “Authentication Vault” in your authentication record and select your vault name. At scan time, we’ll authenticate to hosts using the account name in your record and the password we find in your vault.Using Kerberos AuthenticationKerberos is a network authentication protocol designed to provide secure and encrypted authentication for your systems and services. You can specify Kerberos authentication details and perform authenticated scans on Unix systems that have Kerberos (GSSAPI) enabled.Turn on the Use Kerberos toggle and specify the following details for realm discovery and authentication:Parameter DescriptionRealm Discovery Specify the realm discovery method. The available values are manual, single, and DNS.User Realm Specify the name of the realm that a user belongs to and the KDC (KeyDistribution Center) that is responsible for authenticating users and issuingticket-granting tickets (TGTs) for the realm.User KDCService Realm When a user wants to access a service that is part of a different realm,specify:•The name of the realm that a service belongs to.•The KDC that manages authentication for the service in its realm. Service KDCAuthentication Type Specify the authentication type. Only basic or vault-based authentication is supported for Kerberos.Using private keysFor Unix authentication key authentication is supported for SSH2 only. You can define private keys in Unix authentication records.Clear Text Password optionThe service uses credentials provided in your authentication record for remote access to different command line services such as SSH, telnet and rlogin. The Clear Text Password setting in your record determines whether your credentials may be transmitted in clear text when connecting to services which do not support strong password encryption.Clear Text Password: Not Selected (the default)Your password will not be transmitted in clear text. The scanning engine only uses strong password encryption for remote login. This setting may prevent the scanning engine from detecting some vulnerabilities on hosts which do not support strong password encryption.Clear Text Password: SelectedYour password may be transmitted in clear text. The scanning engine uses strong password encryption for remote login, if possible, and falls back to transmitting credentials with weak encryption or in clear text for services which do not support strong password encryption. Important: If these credentials are intercepted by a malicious person, then they may be used to completely compromise a host for attack and theft of information. It is recommended that you replace unsecured services, such as telnet and rlogin, with a secured SSH service. If you must operate unsecured command line services, it is recommended that you operate them within a secured tunnel like SSL/TLS or VPN.Target TypesYou can provide a target type while creating or updating the Unix (SSH2) authentication record. With this field, you can define the non-shell based target types in the SSH2 authentication record. Targets with a standard Unix shell will continue to be auto-detected. Thetarget types are set to "Auto (default)" for these records. Currently, Qualys offers only the "auto (default)" option. With upcoming releases, more target types will be available.Unix Authentication RecordHow to add a Unix recordGo to Scans > Authentication. Then select New > Operating Systems > Unix. You might be interested in Unix subtypes. You’ll see records for Cisco authentication and Checkpoint Firewall authentication.Enter the Unix login credentials (user name, password) our service will use to log in to Unix hosts at scan time. Then walk through our wizard to select the options you want for private keys, root delegation, policy compliance and target IPs. Our online help is always available to assist you.Choose options!If you provide multiple credentials, authentication is attempted in this order:1) RSA key, 2) DSA key and then 3) password.Option to get the password for login credentials from a vault. Choose from vaults available in your account.Specify Kerberosauthentication details if Kerberos authentication is enabled on the target host.Use any combination of private keys (RSA, DSA, ECDSA, ED25519) and certificates (OpenSSH, X.509) for authentication. Key authentication is supported for SSH2 only.(1) Option to get private(2) Choose certificate type OpenSSH or X.509.Use multiple rootWe’ll attempt each root delegation method in sequence, depending onthe order configured.from vault. Choosefrom vaults available inyour account.Add IPsAdd the IPs you want toscan on the IPs tab.Each IP may beincluded in one Unixtype record (Unix,Cisco, CheckPointFirewall).Ports for compliance scansThe Policy Compliance Ports tab is where you define a custom ports list if services (SSH, telnet, rlogin) are not running on well-known ports for the hosts you will be scanning. By default, these well-known ports are scanned: 22 (SSH), 23 (telnet) and 513 (rlogin). Any one of these services is sufficient for authentication. Good to Know - The actual ports scanned also depends on the Ports setting in the compliance option profile used at scan time.Using Private Keys / CertificatesFor successful authentication, the user account must be added to all target hosts along with the public key, which will be appended to the “.ssh/authorized_keys2” file in the user’s home directory. Our service must have full access to the target hosts during scanning. It’s possible that manually added options in “.ssh/authorized_keys2” files (like no-pty) lockout our service and in this case security tests cannot be performed. SSH keys and certificates listed below are supported. All of the private keys can either be unencrypted or encrypted with a passphrase.SSH Private keysPEM-encoded RSA private keyPEM-encoded DSA private keyPEM-encoded ECDSA private keyOpenSSH-encoded RSA private keyOpenSSH-encoded DSA private keyOpenSSH-encoded ECDSA private keyOpenSSH-encoded EDDSA (currently only ED25519) private key Supported CertificatesPEM-encoded X.509 certificate using RSAPEM-encoded X.509 certificate using DSAPEM-encoded X.509 certificate using ECDSAOpenSSH certificate using RSAOpenSSH certificate using DSAOpenSSH certificate using ECDSAOpenSSH certificate using EDDSA (currently only ED25519)Cisco Authentication RecordWhich technologies are supported?Cisco IOS, Cisco ASA, Cisco IOS XE, Cisco NX-OS and Cisco ACS (version 5.8 is not supported) Which vaults are supported?CyberArk AIM, CyberArk PIM SuiteWhat login credentials are required for Cisco?1) The user account provided for authentication must have privilege level 15 (equivalent to root level privileges) on the Cisco device in order to perform all checks. You can find a list of commands the account must be able to execute in the online help.2) We need port 22 (for SSH authentication) or port 23 (for Telnet authentication). If Telnet is the only option for the target you must select the Clear Text Password option in the record since Telnet is an insecure protocol (all information is sent in clear text). We’ll use strong password encryption for remote login, if possible, and fall back to transmitting credentials in clear text only when the Clear Text Password option is selected.3) Your password must not include any spaces.Checkpoint Firewall Authentication RecordWhich technologies are supported?CheckPoint Gaia and SecurePlatform PRO operating systems:- CheckPoint Gaia R75-R77- CheckPoint SecurePlatform PRO R75-77Which vaults are supported?CyberArk AIM, CyberArk PIM SuiteWhat login credentials are required for Checkpoint Firewall?1) The user account you provide for authentication must have administrative level privileges on the Checkpoint device to perform all checks, and must be able to execute these commands: verexpert (to switch to expert mode)cpstat os2) TCP port 22 must be open on the scan target for SSH authentication.3) Your password must not include any spaces.Tell me about the Expert Password optionIf the “expert” command on the target host requires a password, then you must also provide the expert password in the record. (Note: The pooled credentials feature is not supported if the "expert" command requires a password and the password is specified.)Last updated: April 27, 2023Qualys Unix Authentication 11。

H3C SecPath UTM系列安全产品特征库License注册/激活指导目录1 为什么要进行设备注册 (1)2 设备License的注册 (1)3 设备License文件的激活 (2)1 为什么要进行设备注册H3C SecPath UTM系列安全产品在使用前需要完成License注册/激活程序来保证您享有一系列基于特征库的更新升级服务，H3C网站提供License的注册的功能。

网站将根据设备序列号及随机附带的授权书上的序列号生成相应的License文件。

只有在设备中导入License文件，才能更新升级IPS、AV等相应的特征库，从而保障安全设备能实时抵御最新攻击；同时设备配置导入等功能的完成也需要在License激活的状态下才能进行。

2 设备License的注册访问H3C公司中文网站，依次点击“产品技术->产品介绍->IP安全产品”，点击该页面右下方处的“H3C特征库服务专区”，进入设备注册页面。

图2-1H3C公司产品技术栏目图2-2特征库服务专区图2-3设备注册界面设备注册的详细说明如表2-1所示。

表2-1设备注册项说明表z License文件具有唯一性，每份软件使用授权书只能给一台设备使用。

z网站根据注册信息生成的License文件通过您提供的Email地址发送给您。

此工作一般在两个工作日之内完成，请您注意查收邮件。

3 设备License文件的激活(1) 启动浏览器，输入登录信息z用交叉以太网线将PC和设备的以太网口GigabitEthernet0/0相连；为PC配置IP地址（例如192.168.0.2），保证能与设备互通。

z将网站通过您所提供的Email地址发送给您的License文件保存在这台PC上。

z在PC上启动浏览器，在地址栏中输入IP地址“192.168.0.1”（UTM设备默认的IP地址）后回车，即可进入设备的Web登录页面，如图3-1所示。

输入用户名“admin”、密码“admin”和验证码，选择Web网管的语言种类，单击<登录>按钮即可登录。

Cadence OrCAD电子电路设计Synopsys Star-HSpice v2006 03 SP1 1CD(电路仿真软件)Synopsys Star-rcxt vB-2008.06 SP2 Linux 1CD Synopsys Vera v6.3.10 for linux&solaris 1CD Synopsys.VCS.v6.0.1.WinNT_2k 1CD Synopsys VCSvB-2008.12 Linux 2CD Synopsys VCS vA-2008.09 LinuxAMD64 1CD Synopsys VCS-MX vA-2008.09 Linux 2CD Synopsys VCS-MX vA-2008.09 LinuxAMD64 2CD Synopsys.2001.08.Core.Synthesis.for.linux 1CD Synplicity Amplify v3.7 1CD(第一款为FPGA设计的物理综合产品)SynpliCity Identify RTL Debugger v2.0.1 1CD Synplify FPGA C-200903 for Windows 1CD Synplify DSP v3.6 1CD Synplify.Premier.v9.61 Linux 1CD Synplify.Premier.v9.6.2.with.Identify.v3.02 1CD(针对复杂可编程逻辑设计的功能强大的FPGA综合工具，独有的特性和极快的运算速度使它成为业界的最流行的也是最强力的综合工具，而且还附加了调试于优化功能)Synplify Pro v9.2.2 Linux 1CD Synplify v8.5 with Identify v2.3.2 Linux 1CD Synplify ASIC v5.02 for win&linux&sun&unix 1CD TaurusMedici vV-2003.12 linux 1CD Virtio VPAI 2.0 Platform 1CD BoschRexroth Group产品：Bosch.Rexroth.Indraworks.v7.04-ISO 3CD(是一个简单易操作的工程环境，用于所有力士乐电子控制系统及驱动系统)Bos ch.Rexroth.WinStudio.v6.5.WinNT_2K 1CD(提供了制造执行系统(MES)和用于监控及性能监视功能的数据采集与监视控制系统(SCADA)SANDWORK DESIGN INC.产品：Design Spice Explorer v2007.1 1CD Design Spice Explorer v2003.1 Linux 1CD Tanner产品：Tanner.L-EDIT.pro.with.LVS.v10.0-ISO 1CD(IC设计验证系统软件)Tanner.S-EDIT.v7.03 1CD(电路框架的制作和编辑工具)Tanner.T-SPICE.Pro.v8.1(大规模模拟和混合信号IC的精确高效分析模拟软件)Tanner Tools v13.14 1CD(集成电路设计环境)===客服专用QQ：16264558用我们的诚信打造专业服务客服专用QQ：16264558用我们的诚信打造专业服务phone：139****2271列表中的各类软件基本都经过安装测试，可以放心使用。

DesignWare (DW) Verification Guide Product Version 12.1June 8, 2013Copyright Statement© 2013 Cadence Design Systems, Inc. All rights reserved worldwide. Cadence and the Cadence logo are registered trademarks of Cadence Design Systems, Inc. All others are the property of their respective holders.ContentsPurpose (4)Support DW Models (4)Disabling translate_off/on Directives (5)DW Verification in DC (5)Benefits of Using Supported DW Models (5)Non-Synthesizable DW Substitution Flow (7)Flow Examples (8)Automatic Replacement Flow (8)Manual Replacement Flow (9)DW Verification in RC (9)PurposeThis guide describes how to perform Conformal equivalence checking on designs that instantiate DesignWare (DW) models, and how to verify the instantiated models using Design Compiler (DC) and RTL Compiler (RC).The Conformal equivalence checker can read in and verify most types of synthesizable DW models. Non-synthesizable models are, by default, modeled as blackboxes and are skipped during equivalence checking. When a design contains models that are modeled as blackboxes, you can run into false non-equivalent points (NEQs) or aborts.Note: Equivalence checkers (not limited to Conformal) cannot handle instantiated DW models whose simulation model is non-synthesizable, because the checker cannot read in the model description or build the model in the golden design.This guide describes how you can handle non-synthesizable DW models within the Conformal equivalence checker. Other equivalence checkers offer solutions that run in the background, but these solutions generally involve replacing all non-synthesizable DW models. Using the methods described in this guide, you can tailor the replacement/handling of non-synthesizable DW models to your own design and increase the quality of your verification results.Support DW ModelsWhen you read in a design with instantiated DW models, Conformal first uses the user-defined models. If the design does not contain any user-defined models, Conformal uses a set of DW Verilog models that is available in the following directory of your Conformal installation:<install_dir>/share/cfm/lec/library/verilog/dwTo change the specification as to which DW models are used first, use the SET DW DEFINITION command before you read in the designs.This directory also contains a README file that lists all of the supported DW models; it also lists all of the models that are not supported (blackboxed).Disabling translate_off/on DirectivesWhen you read in a DW model, it might have embedded translate_on or translate_off directives that can cause Conformal to inadvertently blackbox most of the design's Verilog and VHDL DW models.To disable these directives, use the following command before reading in the Verilog or VHDL DW models:set directive off translate_off translate_onIf you need to use these directives in other parts of the design, use the -file option to disable the directives in only the Verilog or VHDL DW model files. For example:set directive off translate_off translate_on –file DW*The tool will issue a DIR3.1 warning message for models where these directives are not disabled.// Warning: (DIR3.1) synthesis/translate/compile on/off directive is detected (occurrence:2)SETUP> report rule check DIR3.1 -verboseDIR3.1: synthesis/translate/compile on/off directive is detectedType: Golden Severity: Warning Occurrence: 21: DW01_add:synopsys translate_offon line 49 in file 'DW01_add.v'2: DW01_add:synopsys translate_onon line 81 in file 'DW01_add.v'SETUP> report black boxSYSTEM: (G) DW01_addDW Verification in DCBenefits of Using Supported DW ModelsYou should always first use the provided set of Conformal-supported DW models, before any other type of models. These models have been set up for verification and the non-synthesizable models have empty module descriptions. You do not have to use the SET DIRECTIVE command with these models; LEC will parse them, as is, without any error messages.The following lists additional benefits to using the provided set of Conformal-supported DW models:•Some DW models are synthesizable, but are not ideal for verification when used "as is". For example, the following DW models can lead to false NEQs or abort points when you read them in using their original Synopsys description:o DW_div_pipeo DW_shiftero DW_squarepo DW01_bsho DW02_maco DW02_mult_2_stageo DW02_mult_3_stageo DW02_mult_4_stageo DW02_mult_5_stageo DW02_mult_6_stageo DW02_multpo DW02_prod_sumo DW02_prod_sum1o DW02_treeNOTE:You must use the ANALYZE MODULE command when verifying DW02_multp, DW02_tree, and DW_squarep. Refer to the Conformal Equivalence Checking Reference for more information on this command.•If you read in the following models using their original Synopsys description, LEC will most likely abort with a long run time. Therefore, these models are not supported in Conformal: o DW02_multo DW_divThere will be a HRC5 warning message when DW02_mult or DW_div is instantiated and no simulation model is read in for them:// Warning: (HRC5) Designware referenced but not defined (occurrence:1)SETUP> report rule check HRC5 -verboseHRC5: Designware referenced but not definedType: Golden Severity: Warning Occurrence: 11: top/DW02_multon line 10 in file 'test.v'When you use the provided set of Conformal-supported DW models, the verification can complete successfully and with minimum setup.LEC parsing will report the correct path of the used DW model:// Parsing file <install_dir>/share/cfm/lec/library/verilog/dw/DW02_multp.v ...Non-Synthesizable DW Substitution FlowThe current release has a flow in place for handling designs that instantiate non-synthesizable DW models. This flow helps set up synthesis scripts to generate generic DW gate netlists for the non-synthesizable DW models. Conformal will then substitute the generic DW gate netlists with the DW instantiations.For example, consider a design with a Verilog DW_stackctl instantiation:module test (...);...DW_stackctl ...;...endmoduleRead in the design files and have LEC use the supported DW models to automatically create a blackbox for the DW_stackctl module:Note: If you are not using the set of Conformal-supported DW models, do not use the SET DIRECTIVE command on non-synthesizable models; Conformal might issue a parsing error instead of blackboxing the model. If your design does not use the supported set of DW models and contains a combination of synthesizable and non-synthesizable DW models, instead use the -file option with the SET DIRECTIVE command to read and correctly compile the synthesizable DW components.After you read in the design and LEC creates a blackbox for the non-synthesizable DW model, use the following commands to automatically create a directory called dw_generic/RUN with DW wrapper scripts to run synthesis:set hdl options -synthesis_executable <dc_install_dir>/bin/dc_shellwrite blackbox wrapper -directory dw_generic DW* -auto_substitute// Note: Wrapper file will be written into directory:// <current_work_dir>/dw_generic/RUN// Note: Writing wrapper file dw_generic/RUN/_DW_stackctl.v// for blackbox module DW_stackctlThe SET HDL OPTIONS -synthesis_executable specifies the path to the synthesis executable. The WRITE BLACKBOX WRAPPER -auto_substitute command uses this path to when it performsautomatic DW substitution. Automatic DW substitution creates a wrapper file for each blackbox instance in the design whose module name matches those in a specified pattern list (in this case, models whose name starts with DW*) and automatically substitutes the blackbox models with the synthesized models.// Note: Running synthesis tool, logfile: dw_generic/RUN/dc.tcl.log// Parsing file dw_generic/RUN/_DW_stackctl.g.v ......// Note: Substituting module of bbox instance i0 with new module// _DW_stackctl(dw_generic/RUN/_DW_stackctl.g.v:6)Once the blackbox models have been substituted with the synthesized models, you can read in the revised gate netlist and compare the two designs.Note the following when using WRITE BLACKBOX WRAPPER -auto_substitute:•If the -directory option is not specified, LEC creates directory called CFM_BBOX_DIR/RUN directory by default.•If the -directory option is not specified and the SET PROJECT NAME command is used, LEC creates a directory called <CFM_BBOX_DIR/RUN> within the <project_directory>/<project_name>.cfm directory.•If both -directory and SET PROJECT NAME are used, then LEC creates a directory called <my_bbox_dir>/RUN in the current working directory and not the project directory.When you are using automatic substitution (WRITE BLACKBOX WRAPPER -auto_substitute), you do not need to use the SUBSTITUTE BLACKBOX WRAPPER command. You need to use the SUBSTITUTE BLACKBOX WRAPPER command only when automatic substitution is disabled (WRITE BLACKBOX WRAPPER -noauto_substitute).Flow ExamplesAutomatic Replacement FlowWith the automatic flow, you read in the design files that contain the DW modules and then specify the path to the DC executable. Then, create the synthesis script ('<dir>/RUN/synth.tcl') wrapper file using the WRITE BLACKBOX WRAPPER command (with -auto_substitute).The tool will automatically run the synthesis tool to generate the synthesis models and replace the old models with the new ones.read design design_file1.v design_file2.v -verilog -goldenset hdl options -synthesis_executable <dc_install_dir>/bin/dc_shellwrite blackbox wrapper -directory dw_generic DW* -auto_substituteread design -revised...Manual Replacement FlowIn the manual flow, you would read in the design files that contain the DW modules, then create the synthesis script ('<dir>/RUN/synth.tcl') wrapper file using the WRITE BLACKBOX WRAPPER command (without -auto_substitute).read design design_file1.v design_file2.v -verilog -goldenwrite blackbox wrapper -directory dw_generic DW*Use the wrapper file in DC to generate the synthesized models (the models will be stored in the same directory as *.g.v).Then, read in the newly created *.g.v file into the design. Then, substitute the blackbox instances with the new models using the SUBSTITUTE BLACKBOX WRAPPER command.read design -append CFM_BBOX_DIR/RUN/*.g.vsubstitute blackbox wrapper DW*read design -revised...DW Verification in RCFor RC DW support, use the dofile generated by the RC command write_do_lec. You do not have to modify the dofile for Conformal in order to verify any of the DW models; however, you might need to uncomment the path to the RC DW models that will be used. For example:// tclmode// set env(CDN_SYNTH_ROOT)...// vpxmodeNote: Do not use the provided set of Conformal-supported DW models when verifying in RC. Refer to the RC ChipWare Support document for detailed information regarding RC DesignWare support.。

ORIGINATE DEPT.相关部门 RELEVANT DEPT.& CFR21 FDA 21 CFR QSR(Quality System Regulation) 820文件类型Document Type 应用范围 Application Scope品质管理体系程序 QMS PROCEDURE通用 GENERAL修订记录 REVISION HISTORY版本 Rev.A修改内容 Revised ContentsInitial releasing with ISO/TS16949 requirements作者 AuthorXXX生效日期 EFF. DateNov.07,2006Change the title from “ 改正和预防行动程序CorrectiveB and Preventive Action Procedure” to “ 纠正和预防措施 XXX Jan.10th, 2009程序 Procedure for Corrective & Preventive Action”Revised the procedure t o meet ISO13485 regulations (China) CXXX15-07-2014(USA) requirements文件审批 APPROVAL本文件须经相关部门工程师（或主管）签批，请作者指定。

This d o cu m ent shall be reviewed by ISO Coordinator and. The author shall determine.编写部门部门名称DEPT. TITLEQA ManufacturingMachining Engineering PE工程师姓名NAME OF ENGINEER工程师签署SIGNATURE经理姓名NAME OF MANAGER经理签署SIGNATURE管理者代表签署 SIGNATURE OF M.R.拒签理由 Reason of reject:Ditto总经理签署 SIGNATURE OF GM.文件分发 DISTRIBUTION部门 DEPT.EngineeringQAHR 数量 Q’TY1 部门 DEPT.AssemblyPlatingS tamping 数量 Q’TY 部门 DEPT.OFFSourcingFinance数量 Q’TYMaintenanceMolding1目的Purpose本程序规范了为消除存在或潜在的不合格而采取纠正预防措施的流程，以确保类似不合格不再发生或潜在不合格的发生，促进质量管理体系的持续改进。

w r f手册中文(总20页) -CAL-FENGHAI.-(YICAI)-Company One1-CAL-本页仅作为文档封面，使用请直接删除Chapter 1: OverviewIntroductionThe Advanced Research WRF (ARW) modeling system has been in development for the past few years. The current release is Version 3, available since April 2008. The ARW is designed to be a flexible, state-of-the-art atmospheric simulation system that is portable and efficient on available parallel computing platforms. The ARWis suitable for use in a broad range of applications across scales ranging from meters to thousands of kilometers, including:Idealized simulations (e.g. LES, convection, baroclinic waves)Parameterization researchData assimilation researchForecast researchReal-time NWPCoupled-model applicationsTeaching简介Advanced Research WRF (ARW)模式系统在过去的数年中得到了发展。

最近公布了第三版，从2008年4月开始可供使用。

ARW是灵活的，最先进的大气模拟系统，它易移植，并且有效的应用于各种操作系统。

摘要：本文介绍了数字集成电路设计中静态时序分析（Static Timing Analysis）和形式验证（Formal Verification）的一般方法和流程。

这两项技术提高了时序分析和验证的速度，在一定程度上缩短了数字电路设计的周期。

本文使用Synopsys 公司的PrimeTime进行静态时序分析，用Formality进行形式验证。

由于它们都是基于Tcl（Tool Command Language）的工具，本文对Tcl也作了简单的介绍。

关键词：静态时序分析形式验证 PrimeTime Formality Tcl目录第一章绪论 (1)1.1 静态时序分析1.2 时序验证技术第二章PrimeTime简介 (3)2.1 PrimeTime的特点和功能2.2 PrimeTime进行时序分析的流程2.3 静态时序分析中所使用的例子2.4 PrimeTime的用户界面第三章Tcl与pt_shell的使用 (6)3.1 Tcl中的变量3.2 命令的嵌套3.3 文本的引用3.4 PrimeTime中的对象3.4.1 对象的概念3.4.2 在PrimeTime中使用对象3.4.3 针对collection的操作3.5 属性3.6 查看命令第四章静态时序分析前的准备工作 (12)4.1 编译时序模型4.1.1 编译Stamp Model4.1.2 编译快速时序模型4.2 设置查找路径和链接路径4.3 读入设计文件4.4 链接4.5 设置操作条件和线上负载4.6 设置基本的时序约束4.6.1 对有关时钟的参数进行设置4.6.2 设置时钟－门校验4.6.3 查看对该设计所作的设置4.7 检查所设置的约束以及该设计的结构第五章静态时序分析 (18)5.1 设置端口延迟并检验时序5.2 保存以上的设置5.3 基本分析5.4 生成path timing report5.5 设置时序中的例外5.6 再次进行分析第六章 Formality简介 (22)6.1 Formality的基本特点6.2 Formality在数字设计过程中的应用6.3 Formality的功能6.4 验证流程第七章形式验证 (27)7.1 fm_shell命令7.2 一些基本概念7.2.1 Reference Design和Implementation Design7.2.2 container7.3 读入共享技术库7.4 设置Reference Design7.5 设置Implementation Design7.6 保存及恢复所作的设置7.7 验证第八章对验证失败的设计进行Debug (32)8.1 查看不匹配点的详细信息8.2 诊断程序8.3 逻辑锥8.3.1 逻辑锥的概念8.3.2 查看不匹配点的逻辑锥8.3.3 使用逻辑锥来Debug8.3.4 通过逻辑值来分析第一章 绪论我们知道，集成电路已经进入到了VLSI和ULSI的时代，电路的规模迅速上升到了几十万门以至几百万门。

目录说明 (2)一.验证RTL与GATE网表 (2)（一）图形用户界面进行形式验证 (2)1.设置reference design (3)1.1读取源文件 (3)1.2设置搜索目录 (4)1.3设置搜索目录 (4)1.4加载源文件 (5)1.5设置fifo为reference的顶层 (6)2.设置Implementation Design (7)2.1加载Technology library (7)3.设置环境(Setup) (8)4.Match (8)5.Verify (9)6. Debug (9)7.清理工作 (13)（二）命令行方式进行形式验证 (13)命令行方式运行 (13)二. 验证GATE网表和插入扫描链的GATE网表 (14)1. set referenc design (14)2. set implementation design (15)3. setup (16)设置SCAN链的功能无效 (16)4. match (17)5. verify (18)三. 验证带有扫描链和JTAG链的GA TE网表和插入扫描链的GATE网表 (19)检查fifo_with_scan_jtag.v和fifo_with_scan.v一致性 (19)禁止scan和jtag功能 (20)运行match (21)Verify (21)说明FiFo的Tutorial目录下包含以下几个子目录：Rtl：fifo的RTL源代码；包含fifo.v, gray_counter.v, push_ctrl.v, gray2bin.v, pop_ctrl.v, rs_flop.v。

Lib：门级网表需要的技术库；包含lsi_10k.db。

Gate：综合的门级网表；包含fifo.vg 和fifo_mod.vg。

Gate_with_scan：插入扫描链的门级网表；包含fifo_with_scan.v。

Gate_with_scan_jtag：带有扫描链和JTAG链的门级网表；包含fifo_with_scan_jtag.v。

Fortify SCA 安装使用手册目录1. 产品说明 (5)1.1.特性说明 (5)1.2.产品更新说明 (5)2. 安装说明 (6)2.1.安装所需的文件 (6)2.2.F ORTIFY SCA支持的系统平台 (6)2.3.支持的语言 (6)2.4.F ORTIFY SCA的插件 (7)2.5.F ORTIFY SCA支持的编译器 (7)2.6.F ORTIFY SCA在WINDOWS上安装 (8)2.7.F ORTIFY SCA安装E CLISPE插件 (9)2.8.F ORTIFY SCA在LINUX上的安装(要有LINUX版本的安装文件) (9)2.9.F ORTIFY SCA在U NIX上的安装(要有U NIX版本的安装文件) (10)3. 使用说明 (11)3.1.F ORTIFY SCA扫描指南 (11)3.2.分析F ORTITFY SCA扫描的结果 (16)4．故障修复 (20)4.1使用日志文件去调试问题 (20)4.2转换失败的信息 (20)如果你的C/C++应用程序能够成功构建，但是当使用F ORTIFY SCA来进行构建的时候却发现一个或者多个“转换失败”的信息，这时你需要编辑<INSTALL_DIRECTORY>/C ORE/CONFIG/FORTIFY-SCA.PROPERTIES 文件来修改下面的这些行：20 COM.FORTIFY.SCA.CPFE.OPTIONS=--REMOVE_UNNEEDED_ENTITIES --SUPPRESS_VTBL (20)TO (20)COM.FORTIFY.SCA.CPFE.OPTIONS=-W --REMOVE_UNNEEDED_ENTITIES -- (20)SUPPRESS_VTBL (20)重新执行构建，打印出转换器遇到的错误。

如果输出的结果表明了在你的编译器和F ORTIFY 转换器之间存在冲突 (20)4.3JSP的转换失败 (20)4.4C/C++预编译的头文件 (21)前言Fortify SCA是目前业界最为全面的源代码白盒安全测试工具，它能精确定位到代码级的安全问题，完全自动化的完成测试，最广泛的安全漏洞规则，多维度的分析源代码的安全问题。

RELEASE NOTESMeasurement Studio™These release notes introduce Measurement Studio 8.1.2. Refer to thisdocument for installation requirements, deployment requirements,installation instructions, information about new features and functionality,and resources in Measurement Studio.These release notes are a subset of the Measurement Studio User Manual,which has not been updated for Measurement Studio 8.1.2. SelectStart»All Programs»National Instruments»<Measurement Studio>»Measurement Studio User Manual to access the Measurement Studio8.0.1 User Manual.ContentsInstallation Requirements (2)Deployment Requirements (3)Installation Instructions (3)Installing the Current Version of Measurement Studioover Previous Versions of Measurement Studio (4)What’s New in Measurement Studio 8.1.2 (4)Legend Control Scrollbars (5)WYSIWYG Editing of Labels with Engineering Formatting inMeasurement Studio User Interface Controls (5)Programmatic Parsing of Strings with Engineering Formatting (6)Network Variable Library Enhancements (7)Increased Performance with Network Variable (7)Updated Visual Studio 6.0 Support (7)Analysis Code Snippets (8)NI-SCOPE .NET Driver Support (8)Learning Measurement Studio (8)Measurement Studio Release Notes Installation RequirementsTo use Measurement Studio, your computer must have the following:•Microsoft Windows XP/2000 for Visual Studio .NET 2003 orMicrosoft Windows Vista/XP/2000 for Visual Studio 2005Note If you have Windows Vista installed, you must also have both Visual Studio 2005 Service Pack 1 and Visual Studio Service Pack 1 Update for Windows Vista installed on your machine for Measurement Studio to function properly.•Microsoft .NET Framework 1.1 for Visual Studio .NET 2003 orMicrosoft .NET Framework 2.0 for Visual Studio 2005 (requiredonly for the Measurement Studio .NET class libraries)•Standard, Professional, Enterprise Developer, Enterprise Architect, orAcademic edition of Microsoft Visual Studio .NET 2003; Standard,Professional, or Team System edition of Microsoft Visual Studio 2005(required to use the Measurement Studio integrated tools); or VisualC#, Visual Basic .NET, or Visual C++ Express Editions of MicrosoftVisual Studio 2005•Intel Pentium III class processor, 1 GHz or higher•Video display—1024 × 768, 256 colors (16-bit color recommended foruser interface controls)•Minimum of 256 MB of RAM (512 MB or higher recommended)•Minimum of 405 MB of free hard disk space for Visual Studio .NET2003 support and minimum of 385 MB of free hard disk space forVisual Studio 2005 support•Microsoft-compatible mouse•Microsoft Internet Explorer 6.0 or later Optional Installation —In order for links from Measurement Studiohelp topics to .NET Framework help topics to work, you must installthe Microsoft .NET Framework SDK 1.1 or Microsoft .NET FrameworkSDK2.0.© National Instruments Corporation 3Measurement Studio Release Notes Deployment RequirementsTo deploy an application built with Measurement Studio .NET classlibraries, the target computer must have a Windows Vista/XP/2000operating system and the .NET Framework version 1.1 for Visual Studio.NET 2003 or the .NET Framework version 2.0 for Visual Studio 2005.To deploy an application built with Measurement Studio Visual C++ classlibraries, the target computer must have a Windows Vista/XP/2000 operating system.Installation InstructionsComplete the following steps to install Measurement Studio. These stepsdescribe a typical installation. Please carefully review all additionallicensing and warning dialog boxes.Note There are separate installers for Measurement Studio support for Visual Studio .NET 2003 and Measurement Studio support for Visual Studio 2005. Repeat the installation instructions to install support for both. Also, if prompted, insert the Device Drivers CD and select Rescan Drive to install device drivers.National Instruments recommends that you exit all programs beforerunning the Measurement Studio installer. Applications that run in thebackground, such as virus scanning utilities, might cause the installer totake longer than average to complete.Complete the following steps to install Measurement Studio:1.Log on as an administrator or as a user with administrator privileges.2.Insert the Measurement Studio 8.1.2 installation CD and follow theinstructions that appear on the screen.National Instruments recommends that you install the completeMeasurement Studio program. If you perform a custom installation and donot install all the Measurement Studio features, you can run the installationprogram again later to install additional features.Note The option to browse for an installation location is valid only if you have not already installed any Measurement Studio features for the version of Visual Studio or the .NET Framework that you are installing. If you have any Measurement Studio features installed, then Measurement Studio installs to the same root directory to which you installed otherMeasurement Studio features.Installing the Current Version of Measurement Studio over Previous Versions of Measurement StudioYou can have only one version of Measurement Studio installed on asystem for each version of Visual Studio or the .NET Framework installedon the system. For example, you can have Measurement Studio 8.1.1 forVisual Studio .NET 2003 installed on the same system as MeasurementStudio 8.1.2 for Visual Studio 2005, but you cannot have MeasurementStudio 8.1.1 for Visual Studio 2005 installed on the same system asMeasurement Studio 8.1.2 for Visual Studio 2005.If you install a newer version of Measurement Studio on a machine that hasa prior version of Measurement Studio installed, the newer version installerreplaces the prior version functionality, including class libraries. However,the prior version assemblies remain in the global assembly cache (GAC);therefore, applications that reference the prior version continue to use theprior version .NET assemblies.1The default directory for Measurement Studio 8.1 support for Visual Studio.NET 2003 (Program Files\NationalInstruments\MeasurementStudioVS2003) is different than the default directory forMeasurement Studio 7.0 support for Visual Studio .NET 2003 (ProgramFiles\NationalInstruments\MeasurementStudio70). IfMeasurement Studio 7.0 is installed on your machine when you installMeasurement Studio 8.1, Measurement Studio 8.1 installs to the 7.0directory. If you prefer to install Measurement Studio 8.1 to the default 8.1directory, you must first uninstall all Measurement Studio class libraries,including class libraries installed with National Instruments driversoftware, such as NI-VISA, NI-488.2, and NI-DAQmx.What’s New in Measurement Studio 8.1.2Measurement Studio includes support for Visual Studio 2005, VisualStudio .NET 2003, and Visual Studio 6.0. New features in MeasurementStudio 8.1.2 include legend control scrollbars, WYSIWYG editing oflabels with engineering formatting in Measurement Studio user interfacecontrols, programmatic parsing of strings with engineering formatting,network variable library enhancements, an updated version of the VisualStudio 6.0 support, analysis code snippets, and NI-SCOPE .NET DriverSupport.1 This does not apply to mon.dll. mon.dll uses a publisher policy file to redirect applications to always use the newest version of mon.dll installed on the system, for each version of the .NET Framework. mon.dll is backward-compatible. Measurement Studio Release Legend Control ScrollbarsYou can use the Measurement Studio legend control scrollbar to scrollthrough the legend items at run time instead of having a fixed size for thecontrol. This enables you to conserve valuable space in your applicationwhile still representing all the items necessary for a useful legend.For more information, refer to Using the Measurement Studio WindowsForms Legend .NET Control or Using the Measurement Studio Web FormsLegend .NET Control topics in the NI Measurement Studio Help.Figure 1. Legend Control with Horizontal Scrollbar WYSIWYG Editing of Labels with Engineering Formatting in Measurement Studio User Interface ControlsPrior versions of Measurement Studio only support editing engineeringformatted values at run time as basic numeric formatted strings. InMeasurement Studio 8.1.2, you can edit engineering formatted values atrun time as engineering formatted strings or as basic numeric formattedstrings. Engineering formatted values are numeric values formatted withengineering notation and International System of Units (SI) prefixes andsymbols. You can edit engineering formatted values for the WindowsForms and Web Forms numeric edit control and the Windows Formsnumeric edit array control. You can edit engineering formatted ranges forthe Windows Forms numeric pointer controls and the Windows Forms andWeb Forms scatter, waveform, and complex graph axes.© National Instruments Corporation5Measurement Studio Release NotesThis feature is enabled by default for new Measurement Studio controlsyou add to your project. You can enable this feature for existingMeasurement Studio controls in your project by checking the WYSIWYGEditing check box in the Numeric Format Mode Editor dialog box. Youaccess the Numeric Format Mode Editor dialog box for the numeric editcontrol and the numeric edit array control by selecting the FormatModeproperty on the Property Pages for the control. You access the NumericFormat Mode Editor dialog box for the numeric pointer controls and theaxes of the graph controls by selecting theEditRangeNumericFormatMode property in the Property Pages for thecontrol.Figure 2. Numeric Format Mode Editor Programmatic Parsing of Strings with Engineering FormattingYou can use theNationalInstruments.EngineeringFormatInfo.TryParsemethod or theNationalInstruments.EngineeringFormatInfo.Parse method toconvert the engineering string representation of a number to itsdouble-precision floating-point number equivalent based on the format youspecify. You use TryParse or Parse to parse an engineering stringrepresentation of a value, such as a formatted string returned byNationalInstruments.EngineeringFormatInfo.Format, toobtain the actual value.Measurement Studio Release Network Variable Library EnhancementsIn the Network Variable Browser dialog box, you can now select multiplenetwork variable locations. To enable this feature, right-click theNetworkVariableBrowserDialog component and select Properties. Inthe Property Pages, set MultipleSelect to True. You can use theSelectedLocationS property to return an array of the selected networkvariable locations.Increased Performance with Network VariableLogos is the underlying technology of the NI-Publish Subscribe Protocol(psp:), a National Instruments proprietary protocol for inter-processcommunication. Network variables in Measurement Studio 8.1.2,LabWindows/CVI 8.5, and LabVIEW 8.5 and later use a newimplementation of Logos called LogosXT. You can use LogosXT toincrease the speed of network variable data transfer—LogosXT isapproximately 3.5 times faster when all host machines are runningLogosXT instead of Logos. LogosXT is automatically installed when youinstall Measurement Studio 8.1.2.Updated Visual Studio 6.0 SupportMeasurement Studio Support for Visual Studio 6.0 will now require you torun only one installer instead of an initial installation and an updaterinstaller. Measurement Studio Support for Visual Studio 6.0 also includessupport for Microsoft Windows Vista.As you work with Measurement Studio Support for Visual Studio 6.0, youmight need to consult additional resources. For detailed MeasurementStudio help, including function reference and in-depth documentation ondeveloping with Measurement Studio, refer to the Measurement StudioReference and Measurement Studio Reference Addendum. For a list of allMeasurement Studio documentation in electronic format, refer to theMeasurement Studio Library. To view the Measurement Studio Reference,Reference Addendum, and Library, select Start»All Programs»NationalInstruments»Measurement Studio Support for Visual Studio 6»Help.Refer to Measurement Studio for Visual Basic Support and MeasurementStudio for Visual C++ Support on for additional information.© National Instruments Corporation7Measurement Studio Release NotesAnalysis Code SnippetsMeasurement Studio 8.1.2 includes analysis code snippets in thedocumentation that can be copied and pasted into an application and usedimmediately. The following classes include new example code snippets:•CurveFit•ArrayOperations•Digital Filters—Bessel, Butterworth, and Chebyshev•StatisticsFor more information, refer to Using the Measurement Studio Analysis.NET Library in the NI Measurement Studio Help.NI-SCOPE .NET Driver SupportThe .NET class libraries for NI-SCOPE include .NET APIs for NI-SCOPE,NI-TClk, and NI-ModInst instrument drivers. These class libraries providea .NET interface to the underlying driver API. You can use the .NET classlibraries to create and configure NI-SCOPE components programmaticallyand at design time.For further information on NI-SCOPE .NET driver support and todownload the NI-SCOPE .NET class libraries, refer to NI-SCOPE.NET Driver Support on .Learning Measurement StudioAs you work with Measurement Studio, you might need to consultadditional resources. For detailed Measurement Studio help, includingfunction reference and in-depth documentation on developing withMeasurement Studio, refer to the NI Measurement Studio Help within theVisual Studio environment. The NI Measurement Studio Help is fullyintegrated with the Visual Studio help. You must have Visual Studioinstalled to view the online help, and you must have the Microsoft .NETFramework SDK 1.1 for Visual Studio .NET 2003 or the Microsoft .NETFramework SDK 2.0 for Visual Studio 2005 installed in order for linksfrom Measurement Studio help topics to .NET Framework help topics towork. You can launch the NI Measurement Studio Help in the followingways:•From the Windows Start menu, select Start»All Programs»NationalInstruments»<Measurement Studio>»Measurement StudioDocumentation. The help launches in a stand-alone help viewer.•From Visual Studio, select Help»Contents to view the Visual Studiotable of contents. The NI Measurement Studio Help is listed in the tableof contents.Measurement Studio Release •From Visual Studio, select Measurement Studio»NI MeasurementStudio Help. The help launches within the application.The following resources also are available to provide you with informationabout Measurement Studio.•Getting Started information—Refer to the Measurement Studio CoreOverview topic and the Getting Started with the Measurement StudioClass Libraries section in the NI Measurement Studio Help for anintroduction to Measurement Studio and for walkthroughs that guideyou step-by-step in learning how to develop Measurement Studioapplications.•Examples—Measurement Studio installs examples organized by classlibrary, depending on the component, the version of Visual Studio orthe .NET Framework that the example supports, the version ofMeasurement Studio installed on the system, and the operating system.For more information on example locations, refer to Where To FindExamples in the NI Measurement Studio Help.•Measurement Studio Web site, /mstudio—ContainsMeasurement Studio news, support, downloads, white papers, producttutorials, and purchasing information.•NI Developer Zone, —Provides access to onlineexample programs, tutorials, technical news, and a MeasurementStudio Discussion Forum where you can participate in discussionforums for Visual Basic 6.0, Visual C++, and .NET Languages.•Measurement Studio .NET Class Hierarchy Chart and MeasurementStudio Visual C++ Class Hierarchy Chart—Provide overviews ofclass relationships within class libraries. Charts are included with allMeasurement Studio packages and are posted online at/manuals.•Review the information from the Microsoft Web site on using VisualStudio.National Instruments, NI, , and LabVIEW are trademarks of National Instruments Corporation.Refer to the Terms of Use section on /legal for more information about NationalInstruments trademarks. Other product and company names mentioned herein are trademarks or tradenames of their respective companies. For patents covering National Instruments products, refer to theappropriate location: Help»Patents in your software, the patents.txt file on your CD, or/patents.© 2006–2007 National Instruments Corporation. All rights reserved.373085C-01Sep07。

5 放射肿瘤学（放射治疗学） 5.1 放射肿瘤学 radiation oncology 原先称放射治疗学，专门研究肿瘤放射治疗的分⽀学科。

放射肿瘤学与外科肿瘤学、内科肿瘤学⼀起构成肿瘤防治的主要⽀柱。

5.2 远距治疗 teletherapy 辐射源⾄⽪肤间距离⼤于50cm的体外辐射柬放射治疗。

5.3 近距治疗 brachytherapy ⽤⼀个或多个密封辐射源在患者腔内、组织间隙或表浅部位进⾏的放射治疗。

5.4 ⽴体定向放射治疗 stereotactic radiotherapy 利⽤专门设备通过⽴体定向定位、摆位技术实现⼩照射野聚焦式的放射治疗。

它是⽴体定向放射⼿术（sterotactic radio surgery，SRS）和⽴体定向放射治疗（SRT）的统称。

SRS采⽤单次⼤剂量照射，SRT采⽤分次⼤剂量照射，SRS是SRT的⼀个特例。

使⽤钴60ν射线进⾏⽴体定向放射治疗的设备俗称γ-⼑;使⽤医⽤电⼦加速器的⾼能X射线进⾏⽴体定向放射治疗的设备俗称X-⼑。

5.5 ⾼传能线密度辐射 high linear energy transfer radiation 快中⼦、负π介⼦以及氦、碳、氖、氩等重离⼦在沿次级粒⼦径迹上能量沉积⾼，多⼤于100keV/µm，统称⾼LET辐射。

具有相对⽣物效能（RBE）⾼、氧增强⽐（OER）低、放射敏感性随细胞周期的变化⼩、治疗增益因⼦（TGF）⼤等优良的⽣物学特性。

质⼦的LET并不⾼，但因其物理特性与负π介⼦等相似，具有很理想的剂量曲线，故也纳⼊⾼LET辐射之列。

它们正不断被开发⽤于肿瘤的放射治疗。

5.6 三维适形放射治疗 3-dimensional conformal radiation therapy 使治疗区剂量分布的形状在三维⽅向上与靶区肿瘤的实际形状⼀致的放射治疗技术。

5.7 靶区 target volume 放射治疗中对患者体内照射⼀定吸收剂量的区域。

Application NoteTABLE OF CONTENTS1. Introduction (3)2. Conformal Software and DesignWare Support (4)3. Synthesizable DW Components (4)4. Non-synthesizable DW Components (7)5. Non-synthesizable DW Replacement Flow (8)6. Conformal Built-in DW Models (9)7. Conformal Modified Verilog DW Models (9)8. Revisions (11)1. IntroductionThis application note will describe the methods to complete Conformal equivalence checking of designs instantiating Synopsys Verilog or VHDL DesignWare (DW) components.The quality of DW verification available with Conformal is always at least equal to, and in the vast majority of cases is far superior to what is possible with any other equivalence checking solution. Conformal is able to read in a majority of synthesizable Verilog and VHDL DW components and verify them. However, if the simulation model of an instantiated DW component is non-synthesizable, Conformal cannot read in the Verilog or VHDL model description and build the component in the golden design. No equivalence checker can. This means that without taking additional steps available within Conformal to handle such a DW component, it will be treated as a black box. If a DW component is allowed to be modeled as a black box, the equivalence checking of that particular DW component is skipped, and other complications in completing equivalency checking versus a flattened revised gate netlist can arise. In addition, even though Conformal can read in synthesizable DW components, some of them can lead to Conformal false non-equivalent points or aborts. The flow described here covers all these scenarios.It is important to note that while Conformal recommends these additional flow steps to allow equivalence checking of non-synthesizable or problematic DW components only, other equivalence checking solutions employ hidden techniques of DW component replacement for ALL DW equivalence checking. That lowers the quality of verification for ALL designs that contain DW components.2. Conformal Software and DW SupportThe Conformal DW flow is supported with the following Conformal software and Synopsys DW versions:Conformal Software: Conformal 6.1 and laterSynopsys DesignWare: 2004.06 (Verilog and VHDL)NOTE: Within the majority of Verilog and VHDL DW component descriptions, there are embedded translate_off and translate_on directives that will cause Conformal to unnecessarily black-box contents. To disable these directives so Conformal will build the DW correctly, use the following command before reading in the Verilog or VHDL DW components:set directive off translate_off translate_onIf these directives need to be used in other parts of the design, then use the –file option to disable the directives in the Verilog or VHDL DW component files only as follows:set directive off translate_off translate_on –file DW*3. Synthesizable DW ComponentsThe following tables, Table 1 for Verilog and Table 2 for VHDL, shows the DW components that Conformal can read in natively for equivalency checking. However, if a component is listed with an asterisk (*), it means that Conformal comparison will result in non-equivalent points. If those components listed with an asterisk (*) are used, it is recommended that the user follows the Non-synthesizable DW replacement flow in Section 5 for those particular components, to eliminate the non-equivalent points and maximize functional verification.DW DW01 DW02 DW03 DW04 DW_8b10b_dec DW01_absval DW02_cos DW03_bictr_dcnto DW04_par_gen DW_8b10b_unbal DW01_add DW02_multp * DW03_bictr_scnto DW04_shad_reg DW_addsub_dx DW01_addsub DW02_prod_sum DW03_cntr_gray * DW04_sync DW_arbiter_dp * DW01_ash DW02_sin DW03_lfsr_dcnto *DW_arbiter_sp * DW01_binenc DW02_sincos DW03_lfsr_load *DW_bc_1 * DW01_cmp2 DW02_sum DW03_lfsr_scnto *DW_bc_10 DW01_cmp6 DW02_tree DW03_lfsr_updn *DW_bc_2 * DW01_csa DW03_pipe_regDW_bc_3 * DW01_dec DW03_reg_s_plDW_bc_4 * DW01_decode DW03_shiftregDW_bc_5 * DW01_inc DW03_updn_ctrDW_bc_7 * DW01_incdecDW_bc_8 DW01_mux_anyDW_bc_9 DW01_priencDW_bin2gray DW01_satrndDW_cmp_dx DW01_subDW_control_forceDW_crc_p *DW_dpll_sd *DW_ecc *DW_fir_seq *DW_gray2binDW_iir_dc *DW_iir_sc *DW_inc_grayDW_minmaxDW_mult_dxDW_observ_dgenDW_ram_2r_w_a_dff *DW_ram_2r_w_a_latDW_ram_2r_w_s_latDW_ram_r_w_a_dff *DW_ram_r_w_a_latDW_ram_r_w_s_latDW_ram_rw_a_dff *DW_ram_rw_a_latDW_ram_rw_s_latDW_sqrtDW_squareDW_Z_control_forceTable 1. Synthesizable Verilog DW ComponentsDW DW01 DW02 DW03 DW04 DW_8b10b_dec DW01_absval DW02_cos DW03_bictr_dcnto DW04_par_gen DW_8b10b_enc DW01_add DW02_mac DW03_bictr_decode DW04_sync DW_8b10b_unbal DW01_addsub DW02_mult_2_stage DW03_bictr_scntoDW_addsub_dx DW01_ash DW02_mult_3_stage DW03_cntr_gray *DW_arbiter_2t * DW01_binenc DW02_mult_4_stage DW03_lfsr_dcnto *DW_arbiter_dp * DW01_bsh DW02_mult_5_stage DW03_lfsr_loadDW_arbiter_fcfs * DW01_cmp2 DW02_mult_6_stage DW03_lfsr_scntoDW_arbiter_sp * DW01_cmp6 DW02_mult DW03_lfsr_updnDW_bc_10 DW01_csa DW02_multp * DW03_reg_s_plDW_bc_8 DW01_dec DW02_prod_sum DW03_shftreg *DW_bc_9 DW01_decode DW02_prod_sum1 DW03_updn_ctrDW_bin2gray DW01_inc DW02_sinDW_cmp_dx DW01_incdec DW02_sincosDW_cntr_gray DW01_prienc DW02_sumDW_control_force DW01_satrnd DW02_treeDW_crc_p DW01_subDW_crc_s *DW_div *DW_div_pipeDW_div_seq *DW_ecc *DW_fifoctl_s2_sf *DW_fifoctl_s2dr_sf *DW_fir_seq *DW_gray2binDW_iir_dcDW_iir_sc *DW_inc_grayDW_minmaxDW_mult_dxDW_mult_pipe *DW_mult_seq *DW_observ_dgenDW_prod_sum_pipe *DW_ram_2r_w_a_lat *DW_ram_2r_w_s_lat *DW_ram_r_w_a_lat *DW_ram_r_w_s_lat *DW_ram_rw_a_lat *DW_ram_rw_s_latDW_shifterDW_sqrtDW_sqrt_pipe *DW_sqrt_seq *DW_squareDW_squarepDW_wc_d1_sDW_wc_s1_sDW_Z_control_forceTable 2. Synthesizable VHDL DW Components4. Non-synthesizable DW ComponentsThe following tables, Table 3 for Verilog and Table 4 for VHDL, shows the DW components thatConformal cannot read in natively and will either give a parsing error or create a black box.DW DW DW DW03 DW_8b10b_enc DW_fifo_s1_df DW_ram_r_w_s_dff DW03_bictr_decodeDW_arbiter_2t DW_fifo_s1_sf DW_ram_rw_s_dffDW_arbiter_fcfs DW_fifo_s2_sf DW_sqrt_pipeDW_asymfifo_s1_df DW_fifoctl_s1_df DW_sqrt_seqDW_asymfifo_s1_sf DW_fifoctl_s1_sf DW_squarepDW_asymfifo_s2_sf DW_fifoctl_s2_sf DW_stackDW_asymfifoctl_s1_df DW_fifoctl_s2dr_sf DW_stackctlDW_asymfifoctl_s1_sf DW_fir DW_tapDW_asymfifoctl_s2_sf DW_mult_pipe DW_tap_ucDW_cntr_gray DW_mult_seq DW_wc_d1_sDW_crc_s DW_prod_sum_pipe DW_wc_s1_sDW_div_seq DW_ram_2r_w_s_dffTable 3. Non-synthesizable Verilog DW ComponentsDW DW DW01 DW03 DW04 DW_bc_1 DW_fifoctl_s1_df DW01_mux_any DW03_pipe_reg DW04_shad_reg DW_bc_2 DW_fifoctl_s1_sfDW_bc_3 DW_firDW_bc_4 DW_ram_2r_w_a_dffDW_bc_5 DW_ram_2r_w_s_dffDW_bc_7 DW_ram_r_w_a_dffDW_asymfifo_s1_df DW_ram_r_w_s_dffDW_asymfifo_s1_sf DW_ram_rw_a_dffDW_asymfifo_s2_sf DW_ram_rw_s_dffDW_asymfifoctl_s1_df DW_stackDW_asymfifoctl_s1_sf DW_stackctlDW_asymfifoctl_s2_sf DW_tapDW_dpll_sd DW_tap_ucDW_fifo_s1_dfDW_fifo_s1_sfDW_fifo_s2_sfTable 4. Non-synthesizable VHDL DW ComponentsIf the design contains any DW instantiations listed in Table 3 or 4, it is recommended that the userfollows the Non-synthesizable DW replacement flow in Section 5 for those particular components,to properly verify the design without having DW blackboxes.5. Non-synthesizable DW Replacement FlowIf non-synthesizable DW components are instantiated in the design, Conformal has a DW replacement flow that will help setup synthesis scripts to generate generic DW gate netlists for the non-synthesizable DW components. Conformal will then substitute the generic DW gate netlists for those DW instantiations so that equivalency checking can be performed cleanly.For example, consider a design with a Verilog DW_tap instantiation:module test (…);…DW_tap …;…endmoduleProceed to read in the Verilog DW component with the other design files:read design DW_tap.v design_file1.v design_file2.v … -verilog –goldenNOTE: Do not use the Set Directive command for non-synthesizable DW components or Conformal will give a parsing error instead of creating a black box for this DW component. If the design does contain other synthesizable DW components, use the Set Directive command with the –file option to be able to read and compile the synthesizable DW components correctly.After the design is read in and Conformal created a blackbox for this non-synthesizable DW component, use the Write Blackbox Wrapper command to generate the synthesis scripts: write blackbox wrapper –directory dw_generic DW* -goldenThere will be a note confirming the creation of the wrapper files:// Note: Writing wrapper file dw_generic/_DW_tap.v for blackbox module DW_tapIn the ‘dw_generic’ directory, there will be three files: _DW_tap.v, dc.tcl, and rc.tcl. The_DW_tap.v file is the wrapper file for synthesis. There are two synthesis scripts in which Design Compiler (DC) or RTL Compiler (RC) can be used to synthesize DW_tap into a generic gate netlist. Once the synthesis script is executed using the proper synthesis tool, the generic gate netlist‘_DW_tap.g.v’ will be created in the dw_generic directory.Restart Conformal using the following commands:read library gtech_lib.v -goldenread design DW_tap.v design_file1.v design_file2.v … -verilog –goldenread design dw_generic/_DW_tap.g.v –golden –appendsubstitute blackbox wrapper –golden DW*The substitution of the DW component is successful when the following note is reported: // Note: Substituting module of bbox instance <instance_name> with new module_DW_tap (dw_generic/_DW_tap.g.v:2)Now, the revised gate netlist can be read in and comparison can be performed on the two designs.6. Conformal Built-in DW ModelsThe following table (Table 5) shows the original Verilog Synopsys DW components that should not be read into Conformal:DW DW02DW_div DW02_multTable 5. Conformal Built-in ModelsNever read in these two Verilog Synopsys DW component files. Conformal will report a HRC5 warning message when the design is read into Conformal correctly using these Conformal built-in DW models:// Warning: (HRC5) Designware referenced but not defined (occurrence:1)…SETUP> report rule check hrc5 -verboseHRC5: Designware referenced but not definedType: Golden Severity: Warning Occurrence: 11: top/DW02_multon line 10 in file 'design1.v'If the original Verilog Synopsys DW component file is read into Conformal, the comparison will most likely abort and the runtime will be very long.7. Conformal Modified Verilog DW ModelsThe following table (Table 6) shows the original Verilog Synopsys DW components that should not be read into Conformal:DW DW01 DW02 DW02DW_div_pipe DW01_bsh DW02_mac DW02_prod_sum1DW_shifter DW02_mult_2_stageDW02_mult_3_stageDW02_mult_4_stageDW02_mult_5_stageDW02_mult_6_stageTable 6. Conformal Modified Verilog DW ModelsIf the design contains any Verilog DW instantiations listed in Table 6, then the<conformal_install_dir>/library/verilog/verplex_dw02.v file should be read along with the design files into Conformal:read design <conformal_install_dir>/library/verilog/verplex_dw02.v \design_file1.v design_file1.v … -verilog –goldenThe <conformal_install_dir>/library/verilog/verplex_dw02.v file contains modified descriptions of these Verilog DW components which will make equivalency checking easier using Conformal.If the original Verilog Synopsys DW component file is read into Conformal, the comparison will either abort or result in false non-equivalent points.8. RevisionsVersion 1.1:•Added missing models DW02_mac, DW02_multp, DW02_prod_sum to Table 1.Version 1.2:•Added VHDL DW support•Verilog DW_shifter is now supported with a modified modelVersion 1.3:•Verilog DW02_mac and DW_div_pipe are now supported with a modified model Version 1.4:•Moved DW_div_seq from Verilog synthesizable model to non-synthesizable model listCadence Confidential 11。

Author: Vikas JohariDate: 06 March 2020 Document Version: v0.1Installing Fortify SSC 19.2.0 withMySQL 8 in Easy Steps onCentOS 8Fortify SCA 19.xDeployment GuideContents Contents (2)Introduction (3)Installation of Oracle JDK 1.8 (3)Installing Tomcat 9.0.31 (4)Configure Apache (optional) (5)Installing MySQL 8 Community Edition (6)Configuring MySQL Database for SSC (8)Deploying JDBC Driver on Tomcat Server (11)Deploying SSC on Tomcat Server (11)IntroductionThis document is written to guide Pre-Sales and Partners to install Fortify SSC 19.2.0 in CentOS 8 with MySQL 8 Community edition Database, in the same server.This document is not written to install Fortify SSC 19.2.0 in a Production Environment. However, this document can be used to setup Fortify SSC 19.2.0 in a controlled environment like Lab or PoC or CoE Environment.The Hardware and Software requirements are given in the link –https:///documentation/fortify-software-security-center/1920/Fortify_Sys_Reqs_19.2.0/index.htm#SSC/SSC_Reqs.htm%3FTocPath%3DFortify%2520Software %2520Security%2520Center%2520Server%2520Requirements%7C_____0Detailed SSC 19.2.0 User Guide is given in https:///documentation/fortify-software-security-center/1920/SSC_Help_19.2.0/index.htmI have used a VM with the below hardware configuration –CPU: 4 VCPURAM: 8 GB RAMDisk: 100 GB Thin ProvisionedCentOS 8: Download link /centos/8/isos/x86_64/CentOS-8.1.1911-x86_64-dvd1.isoMySQL 8 Community EditionInternet Connection on CentOS VMInstall CentOS 8 and apply all the required patches.Installation of Oracle JDK 1.8Download Oracle JDK 1.8 “jdk-8u241-linux-x64.rpm” file fromhttps:///technetwork/java/javase/downloads/jdk8-downloads-2133151.html and upload “jdk-8u241-linux-x64.rpm” to server.Install Oracle JDK 1.8 using –[root@localhost ~]# rpm -ivh jdk-8u241-linux-x64.rpmVerify that only Oracle JDK is installed in the server –[root@localhost ~]# rpm -qa | grep -i jdkjdk1.8-1.8.0_241-fcs.x86_64Add the below lines in /etc/profile file (at the end of it) using a text editor.export JAVA_HOME=$(dirname $(dirname $(readlink $(readlink $(which javac))))) export PATH=$PATH:$JAVA_HOME/binexport CLASSPATH=.:$JAVA_HOME/jre/lib:$JAVA_HOME/lib:$JAVA_HOME/lib/tools.jarReboot the server and login as root.Installing Tomcat 9.0.31Post-installation of JDK 1.8, now we can install tomcat 9.[root@localhost ~]# cd Downloads[root@localhost Downloads]# wgethttps:///dist/tomcat/tomcat-9/v9.0.31/bin/apache-tomcat-9.0.31.tar.gzExtract tomcat[root@localhost Downloads]# tar -xvf apache-tomcat-9.0.31.tar.gz -C /usr/share/Create a symbolic link -[root@localhost Downloads]# ln -s /usr/share/apache-tomcat-9.0.31/ /usr/share/tomcatCreate a tomcat service[root@localhost Downloads]# vi /etc/systemd/system/tomcat.service Add the below configuration –[Unit]Description=Tomcat 9 ServerAfter=syslog.target network.target[Service]Type=forkingUser=rootGroup=rootEnvironment='JAVA_OPTS=-Djava.awt.headless=true'Environment=CATALINA_HOME=/usr/share/tomcatEnvironment=CATALINA_BASE=/usr/share/tomcatEnvironment=CATALINA_PID=/usr/share/tomcat/temp/tomcat.pidEnvironment='CATALINA_OPTS=-Xms4096M -Xmx4096M'ExecStart=/usr/share/tomcat/bin/catalina.sh startExecStop=/usr/share/tomcat/bin/catalina.sh stop[Install]WantedBy=multi-user.targetStart and enable the tomcat service[root@localhost Downloads]# systemctl daemon-reload[root@localhost Downloads]# systemctl start tomcat[root@localhost Downloads]# systemctl status tomcat● tomcat.service - Tomcat 9 ServerLoaded: loaded (/etc/systemd/system/tomcat.service; disabled; vendor preset: disabled)Active: active (running) since Wed 2020-02-12 07:13:31 EST; 6s agoProcess: 3949 ExecStart=/usr/share/tomcat/bin/catalina.sh start (code=exited, status=0/SUCCESS)Main PID: 3963 (java)Tasks: 33 (limit: 49658)Memory: 194.7MCGroup: /system.slice/tomcat.service└─3963 /usr/bin/java -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.C>Feb 12 07:13:31 localhost.localdomain systemd[1]: Starting Tomcat 9 Server...Feb 12 07:13:31 localhost.localdomain catalina.sh[3949]: Existing PID file found during start.Feb 12 07:13:31 localhost.localdomain catalina.sh[3949]: Removing/clearing stale PID file.Feb 12 07:13:31 localhost.localdomain catalina.sh[3949]: Tomcat started.Feb 12 07:13:31 localhost.localdomain systemd[1]: Started Tomcat 9 Server.[root@localhost Downloads]# systemctl enable tomcatCreated symlink /etc/systemd/system/multi-user.target.wants/tomcat.service →/etc/systemd/system/tomcat.service.Open Port 8080 & 80 in the firewall.[root@localhost Downloads]# firewall-cmd --permanent --add-port=8080/tcp success[root@localhost Downloads]# firewall-cmd --permanent --add-port=80/tcp success[root@localhost Downloads]# firewall-cmd --reloadsuccessConfigure Apache (optional)Apache is an optional component, it is used to act as a reverse proxy for tomcat server.Install apache server using -[root@localhost ~]# yum install httpd -yCreate a reverse proxy configuration for tomcat using a text editor -[root@localhost ~]# vi /etc/httpd/conf.d/tomcat9.conf<VirtualHost *:80>ServerAdmin root@localhostServerName DefaultType text/htmlProxyRequests offProxyPreserveHost OnProxyPass / http://localhost:8080/ProxyPassReverse / http://localhost:8080/</VirtualHost>Configure SELinux Rules –[root@localhost ~]# setsebool -P httpd_can_network_connect 1[root@localhost ~]# setsebool -P httpd_can_network_relay 1[root@localhost ~]# setsebool -P httpd_graceful_shutdown 1[root@localhost ~]# setsebool -P nis_enabled 1Restart and enable the apache service.[root@localhost ~]# systemctl restart httpd[root@localhost ~]# systemctl enable httpdUse a browser to validate the tomcat and apache service is running as per configuration, using, http://ip, :8080, http://ip:8080 of the server.Installing MySQL 8 Community EditionRun the below command to download and install MySQL 8 community edition database.[root@localhost Downloads]# wget https:///get/Downloads/MySQL-8.0/mysql-community-libs-8.0.19-1.el8.x86_64.rpm[root@localhost Downloads]# wget https:///get/Downloads/MySQL-8.0/mysql-community-common-8.0.19-1.el8.x86_64.rpm[root@localhost Downloads]# wget https:///get/Downloads/MySQL-8.0/mysql-community-client-8.0.19-1.el8.x86_64.rpm[root@localhost Downloads]# wget https:///get/Downloads/MySQL-8.0/mysql-community-server-8.0.19-1.el8.x86_64.rpm[root@localhost Downloads]# rpm -ivh mysql-community-client-8.0.19-1.el8.x86_64.rpm mysql-community-common-8.0.19-1.el8.x86_64.rpm mysql-community-libs-8.0.19-1.el8.x86_64.rpm mysql-community-server-8.0.19-1.el8.x86_64.rpmStart and Enable the MySQL Service[root@localhost Downloads]# systemctl start mysqld[root@localhost Downloads]# systemctl enable mysqldGrab the temporary password for root user of mysql[root@localhost ~]# cat /var/log/mysqld.log | grep -i 'temporary password' Note down the password.2020-02-12T13:23:05.319292Z 5 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: niy4pkkn1t,TTest MySQL server.[root@localhost ~]# mysql -u root -pEnter password: niy4pkkn1t,T <- Enter the temporary password from log fileWelcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 8Server version: 8.0.19 MySQL Community Server - GPLCopyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> show databases;+--------------------+| Database |+--------------------+| information_schema || mysql || performance_schema || sys |+--------------------+4 rows in set (0.00 sec) mysql>quitByeConfiguring MySQL Database for SSCModify the MySQL Configuration file for SSC.[root@localhost ~]# mv /etc/f /etc/f_orig [root@localhost ~]# mv /etc/fPaste the below content in the file -[client]port = 3306socket = /var/run/mysqld/mysqld.sock[mysql]no-beepsocket = /var/run/mysqld/mysqld.sock[mysqld]collation-server = latin1_general_csinit-connect = 'SET NAMES latin1'character-set-server = latin1pid-file = /var/run/mysqld/mysqld.pidsocket = /var/run/mysqld/mysqld.sockport = 3306datadir = /var/lib/mysql/datadefault_authentication_plugin = mysql_native_passworddefault-storage-engine = INNODBsql-mode = "TRADITIONAL"long_query_time=10report_port = 3306lower_case_table_names = 1secure-file-priv = NULLsymbolic-links = 0max_connections = 151table_open_cache = 2000tmp_table_size = 648Mthread_cache_size = 10myisam_max_sort_file_size = 100Gmyisam_sort_buffer_size = 2Gkey_buffer_size = 8Mread_buffer_size = 64Kread_rnd_buffer_size = 256Kinnodb_flush_log_at_trx_commit = 1innodb_log_buffer_size = 1Minnodb_buffer_pool_size = 10Ginnodb_log_file_size = 5Ginnodb_lock_wait_timeout = 300innodb_thread_concurrency = 9innodb_autoextend_increment = 64innodb_buffer_pool_instances = 8innodb_concurrency_tickets = 5000innodb_old_blocks_time = 1000innodb_open_files = 300innodb_stats_on_metadata = 0innodb_file_per_table = 1innodb_checksum_algorithm = 0back_log = 80flush_time = 0join_buffer_size = 256Kmax_allowed_packet = 1Gmax_connect_errors = 100open_files_limit = 4161sort_buffer_size = 256Ktable_definition_cache = 1400binlog_row_event_max_size = 8Ksync_master_info = 10000sync_relay_log = 10000sync_relay_log_info = 10000#!includedir /etc/mysql/conf.d/[mysqldump]max_allowed_packet = 1GStop MySQL Service[root@localhost ~]# service mysqld stopInitialize the MySQL Database server.[root@localhost ~]# mysqld --initialize-insecure --console --user=mysql 2020-03-05T10:20:08.891111Z 0 [Warning] [MY-011070] [Server] 'Disabling symbolic links using --skip-symbolic-links (or equivalent) is the default. Consider not using this option as it' is deprecated and will be removed in a future release.2020-03-05T10:20:08.891266Z 0 [System] [MY-013169] [Server] /usr/sbin/mysqld (mysqld8.0.19) initializing of server in progress as process 32938100 200 300 400 500 600 700 800 900 1000 1100 1200 1300 1400 1500 1600 1700 1800 1900 2000 2100 2200 2300 2400 2500 2600 2700 2800 2900 3000 3100 3200 3300 3400 3500 3600 3700 3800 3900 4000 4100 4200 4300 4400 4500 4600 4700 4800 4900 5000 5100100 200 300 400 500 600 700 800 900 1000 1100 1200 1300 1400 1500 1600 1700 1800 1900 2000 2100 2200 2300 2400 2500 2600 2700 2800 2900 3000 3100 3200 3300 3400 3500 3600 3700 3800 3900 4000 4100 4200 4300 4400 4500 4600 4700 4800 4900 5000 51002020-03-05T10:21:25.170585Z 5 [Warning] [MY-010453] [Server] root@localhost is createdwith an empty password ! Please consider switching off the --initialize-insecure option. Start the MySQL Service[root@localhost ~]# service mysqld startValidate the service, make sure it is running[root@localhost ~]# service mysqld statusSecure the installation of MySQL server.[root@localhost ~]# mysql_secure_installationThis wizard will ask many questions, answer them carefully.Would you like to setup VALIDATE PASSWORD component?Press y|Y for Yes, any other key for No: nPlease set the password for root here.New password: <- Enter a password for root user of mysqlRe-enter new password: <- ReEnter a password for root user of mysqlEstimated strength of the password: 100Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y......Remove anonymous users? (Press y|Y for Yes, any other key for No) : y......Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y......Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y....Reload privilege tables now? (Press y|Y for Yes, any other key for No) : ySuccess.All done!Now let's create a Database and a User which will be used by SSC.[root@localhost ~]# mysql -u root -pEnter password:<- Enter the root’s password of mysqlmysql> create database SSC_DB DEFAULT CHARACTER SET latin1 COLLATElatin1_general_cs;mysql> CREATE USER 'sscuser'@'localhost' IDENTIFIED WITH mysql_native_password BY 'SscUser@123';mysql> GRANT ALL PRIVILEGES ON *.* TO 'sscuser'@'localhost' WITH GRANT OPTION; Query OK, 0 rows affected (0.02 sec)mysql> FLUSH PRIVILEGES;mysql> quitByeNow Create the DB structure.Extract the Fortify_SSC_Server_19.2.0.zip file, then extract Fortify_19.2.0_Server_WAR_Tomcat.zip file. The \Fortify_SSC_Server_19.2.0\Fortify_19.2.0_Server_WAR_Tomcat\sql\mysqlIt contains two files.Upload “create-tables.sql” file into /root/Downloads folder of CentOS server.[root@localhost Downloads]# mysql --user="sscuser" -p --database="ssc_db" --host="localhost" < "create-tables.sql"Enter password: <- Type the password of sscuser and then hit enterValidate the DB Structure is created.[root@localhost Downloads]# mysql -u sscuser -pEnter password: <- Type the password of sscuser and then hit enterWelcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 23Server version: 8.0.19 MySQL Community Server - GPLCopyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> use ssc_db;Reading table information for completion of table and column namesYou can turn off this feature to get a quicker startup with -ADatabase changedmysql> show tables;+------------------------------+| Tables_in_ssc_db |+------------------------------+| activity || activity_persona || activitycomment || activityinstance |mysql> quit;Deploying JDBC Driver on Tomcat ServerDownload the JDBC Driver of MySQL 8.[root@localhost Downloads]# wget https:///get/Downloads/Connector-J/mysql-connector-java-8.0.19.tar.gzExtract the Driver.[root@localhost Downloads]# tar -zxvf mysql-connector-java-8.0.19.tar.gzCopy the JDBC Driver to tomcat’s lib folder.[root@localhost Downloads]# cp mysql-connector-java-8.0.19/mysql-connector-java-8.0.19.jar /usr/share/tomcat/lib/Restart tomcat server[root@localhost Downloads]# service tomcat restartDeploying SSC on Tomcat ServerStop Tomcat server.[root@localhost Downloads]# service tomcat stopUpload ssc.war file from Fortify_19.2.0_Server_WAR_Tomcat.zip file to /usr/share/tomcat/webapps. Start tomcat.[root@localhost Downloads]# service tomcat startWait for few mins, tomcat will take few mins to deploy ssc war file.Open Chrome browser and open the URL http://ip_of_server:8080/sscClick on ADMINISTRATORS.Token will be in the file /root/.fortify/ssc/init.token, copy the token from /root/.fortify/ssc/init.token and paste it in the token field.Click Sign In.Click Next.Click Upload, browse and select “fortify.license” file, click on “I have read and understood this warning.” Click Next.In the URL: http://ip_of_server:8080/sscEnable HTTP host header validation: DisabledGlobal Search: /globalsearchI have read and understood this warning: EnabledClick Next.Database username: sscuserDatabase Password: sscuser’s passwordJDBC URL:jdbc:mysql://127.0.0.1:3306/ssc_db?connectionCollation=latin1_general_cs&rewriteB atchedStatements=trueClick Test Connection.If Test connection is successful, then click Next.Browse and Select the Process Seed Bundle, then click Seed Database.Browse and Select Report Seed Bundle and click on Seed Database.Browse and Select PCI Basic Seed Bundle and click on Seed Database.Browse and select PCI SSF Basic Bundle then click on Seed Database.Click Next.Click Finish.Restart tomcat.Close and Start Browser, then open SSC url.Login as “admin” and password “admin”.In the Change Password window, change the admin’s password. Click Save.Login with new admin credentials.Click on ADMINISTRTION.Click on Rulepacks, then click on “Update from Server”.Wait for Rulepacks to be download and deployed in SSC. Click Close.Now SSC is ready to use.Note: This guide is not an official documentation by Micro Focus. Please read and refer to the official product documentation for additional information.< !! End of the Document !! >21。

GlobalPlatform卡⽚规范--中⽂版GlobalPlatform卡⽚规范V2.2 2006年5⽉⽬录GlobalPlatform卡⽚规范 (1)1 介绍 (5)1.1 受众 (6)1.2 标准参考规范 (6)1.3 术语及定义 (8)1.4 缩写和符号 (11)2 系统架构 (13)3 卡⽚架构 (14)3.1 安全域 (14)3.2 全局服务应⽤ (15)3.3 运⾏时环境 (15)3.4 可信任框架 (15)3.5 GlobalPlatform环境(OPEN) (15)3.6 GlobalPlatform API (16)3.7 卡⽚内容 (16)3.8 卡⽚管理器 (16)4 安全架构 (17)4.1 ⽬标 (17)4.2 安全职责和要求 (17)4.2.1 发卡⽅的职责 (17)4.2.2 应⽤提供⽅的职责 (18)4.2.3 授权管理者的职责 (18)4.2.4 卡⽚组件的安全性要求 (18)4.2.4.1 运⾏时环境的安全性要求 (18)4.2.4.4 安全域的的安全性要求 (19)4.2.4.5 全局服务应⽤的安全性要求 (19)4.2.4.6 应⽤的安全性要求 (19)4.2.5 后台系统的安全性要求 (19)4.3 加密⽀持 (19)4.3.1 安全的卡⽚内容管理 (20)4.3.1.1 加载⽂件数据块散列值 (20)4.3.1.2 加载⽂件数据块签名(DAP) (20)4.3.1.3 委托管理令牌 (20)4.3.1.4 收条 (20)4.3.2 安全通信 (20)5 ⽣命周期模型 (23)5.1 卡⽚⽣命周期 (23)5.1.1 卡⽚⽣命周期状态 (23)OP_READY (23)INITIALIZED (23)5.1.1.1 卡⽚⽣命周期状态OP_READY (23)5.1.1.2 卡⽚⽣命周期状态INITIALIZED (24)5.1.1.3 卡⽚⽣命周期状态SECURED (24)5.1.1.4 卡⽚⽣命周期状态CARD_LOCKED (24) 5.1.1.5 卡⽚⽣命周期状态TERMINATED (24)5.1.2 卡⽚⽣命周期状态的迁移 (24)5.2 可执⾏加载⽂件和可执⾏模块⽣命周期 (25) 5.2.1 可执⾏加载⽂件⽣命周期 (25)5.2.1.1 Executable Load Life Cycle LOADED (25) 5.2.1.2 可执⾏加载⽂件的删除 (26)5.2.2 可执⾏模块的⽣命周期 (26)5.3 应⽤和安全域的⽣命周期 (26)5.3.1 应⽤⽣命周期状态 (26)INSTALLED (26)SELECTABLE (26)5.3.1.1 应⽤⽣命周期状态INSTALLED (26)5.3.1.2 应⽤⽣命周期状态SELECTABLE (27)5.3.1.3 应⽤⽣命周期状态LOCKED (27)5.3.1.4 应⽤的删除 (27)5.3.1.5 应⽤⾃定义的⽣命周期状态 (27)5.3.1.6 应⽤⽣命周期状态的迁移 (27)5.3.2 安全域⽣命周期状态 (28)INSTALLED (28)SELECTABLE (28)5.3.2.1 安全域⽣命周期状态INSTALLED (28)5.3.2.2 安全域⽣命周期状态SELECTABLE (29) 5.3.2.3 安全域⽣命周期状态PERSONALIZED (29) 5.3.2.4 安全域⽣命周期状态LOCKED (29)5.3.2.5 安全域的删除 (29)5.3.2.6 安全域⽣命周期状态的迁移 (29)5.4 ⽣命周期图解 (30)6 GlobalPlatform环境(OPEN) (32)6.1 综述 (33)6.3 命令分发 (34)6.4 逻辑通道和应⽤选择 (35)6.4.1 隐式选择的分派 (35)6.4.2 基本逻辑通道 (35)6.4.2.1 基本逻辑通道的应⽤选择 (35)6.4.2.1.1 基本逻辑通道上应⽤的隐式选择 (35)6.4.2.1.2 基本逻辑通道上应⽤的显式选择 (36)6.4.2.2 基本逻辑通道上的逻辑通道管理 (37)6.4.2.3 基本逻辑通道上的应⽤命令分发 (37)6.4.3 补充逻辑通道 (37)6.4.3.1 补充逻辑通道的应⽤选择 (37)6.4.3.1.1 补充逻辑通道上应⽤的隐式选择 (38)6.4.3.1.2 补充逻辑通道上应⽤的显式选择 (38)6.4.3.2 补充逻辑通道上的逻辑通道管理 (39)6.4.3.3 补充逻辑通道上的应⽤命令分发 (39)6.5 GlobalPlatform注册表 (39)6.5.1 应⽤/可执⾏加载⽂件/可执⾏模块等数据元素 (40) 6.5.1.1 应⽤/可执⾏加载⽂件/可执⾏模块的AID (40)6.5.1.2 应⽤/可执⾏加载⽂件/可执⾏模块的⽣命周期 (40) 6.5.1.3 内存资源管理参数 (40)6.5.1.4 权限 (40)6.5.1.5 隐式应⽤选择参数 (40)6.5.1.6 关联安全域的AID (40)6.5.1.7 应⽤提供⽅ID (40)6.5.1.8 服务参数 (40)6.5.2 卡⽚级数据 (41)6.6 权限 (41)6.6.1 权限定义 (41)6.6.2 权限分配 (42)6.6.3 权限管理 (43)6.7 GlobalPlatform可信任框架 (43)7 安全域 (45)7.1 概要描述 (45)7.1.1 发卡⽅安全域 (45)7.2 关联到安全域 (46)7.3 安全域服务 (47)7.3.1 应⽤对安全域服务的访问 (47)7.3.2 安全域对应⽤的访问 (48)7.3.3 个⼈化⽀持 (48)7.3.4 运⾏时消息的⽀持 (49)7.4 安全域数据 (50)7.4.1 发卡⽅安全域 (50)7.4.1.1 发卡⽅标识编号 (50)7.4.1.2卡⽚映像编号 (51)7.4.1.3 卡⽚标识数据 (51)7.4.2 补充安全域 (51)7.4.2.1 安全域提供⽅标识编号 (51)7.4.2.2 安全域映像编号 (51)7.5.2 密钥访问条件 (52)7.6 数据和密钥管理 (53)8 全局平台服务 (54)8.1 全局服务应⽤ (54)8.1.1 注册全局服务 (54)8.1.2 应⽤对全局服务的访问 (54)8.1.3 全局服务参数 (55)'A0'：⽤于USSM (55)8.2 持卡⽅验证⽅法(CVM)应⽤ (55)8.2.1 应⽤对CVM服务的访问 (56)8.2.2 CVM管理 (56)8.2.2.1 注册CVM (56)8.2.2.2 CVM状态 (56)8.2.2.2.1 CVM状态ACTIVE (57)8.2.2.2.2 CVM状态INV ALID_SUBMISSION (57) 8.2.2.2.3 CVM状态V ALIDATED (57)8.2.2.2.4 CVM状态BLOCKED (57)8.2.2.3 CVM格式 (57)9 卡⽚和应⽤的管理 (58)9.1 卡⽚内容管理 (58)9.1.1 概述 (58)9.1.2 对OPEN的要求 (58)9.1.3 对安全域的要求 (59)9.1.3.1 具备“令牌验证权限”的安全域 (59)9.1.3.2 具备“授权管理权限”的安全域 (59)9.1.3.3 具备“委托管理权限”的安全域 (59)9.1.3.4 具备“全局删除权限”的安全域 (59)9.1.3.5 具备“全局锁定权限”的安全域 (59)9.1.3.6 具备“收条创建权限”的安全域 (60)9.2 卡⽚内容的授权和管理 (60)9.2.1 数据鉴别(DAP)模式验证 (60)9.2.2 加载⽂件数据块的散列值 (60)9.2.3 令牌 (60)9.3 卡⽚内容的加载、安装和可选择化 (60)9.3.1 概述 (60)9.3.2 卡⽚内容的加载 (61)9.3.3 卡⽚内容的安装 (62)9.3.4 卡⽚内容的加载、安装和可选择化联合操作 (62) 9.3.5 卡⽚内容加载过程 (62)9.3.6 卡⽚内容的安装过程 (65)9.3.7 卡⽚内容的可选择化过程 (66)9.3.8 卡⽚内容的加载、安装和可选择化联合操作过程 (67) 9.3.9 加载和安装流程的⽰例 (69)9.4 内容的让渡和注册表的更新 (72)9.4.1 内容的让渡 (72)9.4.2 注册表的更新 (74)9.4.2.1 普通的注册表更新 (74)9.5.2 可执⾏加载⽂件的删除 (78)9.5.3 可执⾏加载⽂件和相关应⽤的删除 (79)9.6 安全管理 (81)9.6.1 ⽣命周期管理 (81)9.6.2 应⽤的锁定和解锁 (81)9.6.3 卡⽚的锁定和解锁 (82)9.6.4 卡⽚终结 (83)9.6.5 应⽤状况的查询 (84)9.6.6 卡⽚状况的查询 (84)9.6.7 操作的频度检测 (84)9.6.7.1 内容加载和安装 (84)9.6.7.2 异常 (85)9.6.8 跟踪和事件⽇志 (85)9.7 内存资源管理 (85)10 安全通信 (86)10.1 安全通信 (87)10.2 显式和隐式安全通道 (87)10.2.1 显式安全通道的开启 (87)10.2.2 隐式安全通道的开启 (87)10.2.3 安全通道的终⽌ (87)10.3 安全通道协议的直接处理和间接处理 (88)10.4 实体认证 (88)10.4.1 对称加密算法下的认证 (88)10.4.2 ⾮对称加密下的认证 (88)10.5 安全的消息传送 (89)10.6 安全级别 (89)10.7 安全通道协议标识符 (89)第⼀部介绍1 介绍GlobalPlatform是⼀家由⽀付和通信业的领先⼚商、政府相关部门以及供应商社区共同建⽴的⼀个组织，并率先提出了⼀个跨⾏业的智能卡全局基础架构及其实现，其⽬标是为了减少隐藏在快速增长的跨⾏业、多应⽤的智能卡背后的障碍，使得发卡商在各种各样的卡⽚、终端和后台系统前，继续享有选择的⾃由。

Unit 9helical 螺旋状的，螺旋线的innovative 革新的，创新的confer 授与，颁与visualize (使)显现；想像unprecedented 没有前例的anatomical 解剖的，解剖(学)上的prescription 命令，训令conformal 共形的，保形的，保角的counterpart 相对物；变体，变型precision 精密，精确性concomitant 相伴的，并在的toxicity 有毒的；中毒的infancy 婴儿期，幼时escalation 逐步上升component 部分，成分verification 证实，证明venue 立场，根据prohibit 阻止，防止conceptually 概念的harbor 包含，聚藏diagnostic 诊断的conventional 常规的；形式上的static 静止的，静态的gantry 桶架fan 扇子modulation 调整，调节binary 二，双，复collimator 准直仪clinical 临床(讲授)的encompass 包含modification 改进；缓和deformable 变了形的；丑陋的registration 记录，登记circuit 电路，线路loop 圈，环，匝aggregate 集合，(使)聚集utilize 利用subsequent 其后的，其次的geometry 几何学therapeutic 治疗(学)的，疗法(上)的counterpart 相对物；变体，变型parotid 耳边的，耳下的，腮腺的mandible 下颚骨；颚，(特指)下颚anatomic 解剖的，解剖(学)上的irradiate 放射，扩散，送出simultaneously 同时，一齐prostate 前列腺(的)morbidity 病况,病状mortality 死亡率intermediate 中间的，居间的rectum 直肠bladder 膀胱advent 到来，出现tailoring 裁缝业，成衣业portal 门静脉parameter 参数，变数correlate 使互相关联administer 管理，管制multiple 复合的,复式的proliferate 激增；扩散ample 丰富的，充足的index 指标，标准kinetics 〔用作单数〕动力学scheme 计划；方案prolongation 延长；延期antagonize 反抗，对抗median 中央的，中间的optimal 最适宜的；最理想的implement 工具；器具。

3D- CRT 3dimensional comformal radiation therapy 三维适形放射治疗ABC active breath control 主动呼吸控制技术ABMT autologous bone marrow transplantation 自体骨髓移植AF accelerated fractionation 加速分割AHF accelerated hyperfractionation 加速超分割ART adaptive radiotherapy 适应性照射AT Ataxia Talangiectasia 毛细血管扩张性共济失调BD basal dose 基准剂量BED biologically effective dose 生物等效剂量BEV beam eye view 射束方向视图BMI body mass index 身体质量指数BOLD blood—oxygen-level-dependent 血氧水平依赖法BRMs biological response modifiers 生物反应调节剂BTV biological target volume 生物靶区CBHART concomitant boost hyperfractionated accelerated radiation therapy 同时小野加量加速超分割放疗CCG Children’s Cancer Group 儿童癌症研究组织CDK cyclin-dependent kinase 细胞周期依赖性蛋白激酶CF conventional fractionation 常规分割CHART continuous hyperfractionated accelerated radiation therapy 连续加速超分割放疗CI coverage index 靶区覆盖指数CIN cerbical intraepithelial neoplasia 宫颈上皮内瘤变CLDR continuous low dose rate radiotherapy 抵剂量率持续照射CML cutaneous malignant lymphoma 皮肤恶性淋巴瘤CPV coach’s preview 床角预览视图CT computed tomography 计算机体层显影CTV clinical target volume 临床靶区CUP carcinoma of unknown primary 原发灶不明的转移癌DDCs dermal dendritic cells 真皮内树突状细胞DFS disease free survival 无瘤生存DMF dose modifying factor 剂量修饰因子DPC DNA protein cross—linking DNA—蛋白质交联DRF dose reduction factor 剂量减少系数DRR digitally reconstructed radiography 数字重建图像DSA digital subtractive angiography 数字减影血管造影DSB double strand break 双链断裂DVH dose volume histograms 剂量—体积直方图EBF electron backscatter factor 电子反向散射因子ECM extracellular matrix 细胞外基质EGFR epithelial growth factor receptor 表皮生长因子受体EHART escalating hyperfractionated accelerated radiation gherapy 逐步递量加速超分割放疗EI external volume index 靶外体积指数EPID electronic portal imaging device 电子射野影像系统EUD dffective uniform dose 等效均一剂量18F-FDG 18F—fluorodeoxyglucose 氟代脱氧葡萄糖FCCL follicular center cell lymphoma 滤泡中心性淋巴瘤FDF fractionation—dosage factor 分次剂量因子FHDR fractionated high dose rate brachytherapy 高剂量率分次近距离治疗FL—HCC fibrolamellar hepatocellular carcinoma 纤维板层样肝细胞肝癌FNH focal nodular hyperplasia 局灶性结节增生FSRT fractionated stereotactic radiotherapy 分次立体定向放射治疗FSU functional subunits 功能亚单元GCT germ cell tumor生殖细胞瘤GTV gross tumor volume 肿瘤靶区或肉眼靶区HA hepatocellular adenoma 肝细胞腺瘤HC hyperthermia and chemotherapy 热疗加化疗HCC hepatocellular carcinoma肝细胞肝癌HD hyperdose sleeve超剂量区HF hyperfractionation超分割HI relative dose homogeneity index靶区剂量均匀性指数HR hyperthermia and radiation 热疗加放疗HRC hyperthermia and radiochemotherapy 热疗加放化疗HVL half value layer 半价层IC immunocytoma 免疫细胞瘤ICR interval cytoreductive or intervening cytoreduction 间隔细胞减灭术ICRU International Commission on Radiation units and Measurements 国际辐射单位与测量委员会IGART image guided adaptive radiotherapy 影像学引导的适应性照射IGRT image guided radiotherapy影像学引导的放射治疗IM internal margin 内边界IMAT intensity modulated arc therapy 弧形调强技术IMRT intensity modulated radiation therapy 调强放射治疗IM-WPRT intensity—modulated whole pelvic radiotherapy 全盆调强放射治疗IPSID immunoproliferative small intestinal disease 免疫增值性小肠病ISO international Organization for Standardization 国际标准化组织ITV internal target volume 内靶区IV irradiation volume 照射靶区KCs keratinocytes表皮胶原细胞LCHART late-course hyperfractionated accelerated radiation therapy 后程加速超分割放疗LCs Langerhans cells 朗罕氏细胞LD lethal damage 致死损伤LENT late effective normal tissues正常晚反应组织LET linear energy transfer 线性能量传递LH local hyperthermia 局部加温LI labeling index 标记指数LLS linear least squares线性最小二乘法LQ linear quadratic model LQ 模型或线性二次模型MCD mean central dose 平均中心剂量MIMiC multivaane intensity modulation compensator多叶调强补偿器MLC multileaf collimator 多叶准直器MRI magnetic resonance imaging磁共振成像MTD minimum target dose 最小靶剂量MTH mild temperature hyperthermia 温和加温MU monitor unit 机器跳数NCCN National Comprehensive Cancer Network美国综合癌症工作者NED no evidence of disease无疾病证据NF neurofibromatosis神经纤维瘤病NHL non—Hodgkin Lymphoma 非霍奇金淋巴瘤NSCLC non—small cell lung cancer非小细胞肺癌NSD nominal standard dose名义标准剂量NSGCT nonseminomatous germ cell tumor非精原细胞性生殖细胞瘤NTCP normal tissue complication probability正常组织并发症概率OAR off axial ratio离轴比OAR organ at risk敏感器官OER oxygen enhancement ratio氧增强比OI overdose volume index超剂量体积指数OPM ocult primary malignancy隐匿原发灶OUF output factor射野输出因子PCI propylactic cranial irradiation预防性全脑照射PCML primary cutaneous malignant lymphoma 原发性皮肤恶性淋巴瘤PDD percentage depth dose百分深度剂量PDRR pulsed dose rate brachytherapy 脉冲剂量率近距离治疗PET positron emission tomography 正电子发射断层扫描PF protection factor 防护系数PLD potential lethal damage 潜在致死损伤PNAd peripheral node addressin 外周淋巴结地址素PNETs primitive neuroectodermal tumor 原始神经外胚层肿瘤POA pancreatic oncofetal antigen 胰腺癌胚抗原PSA prostate specific antigen 前列腺特异抗原PT precision radiotherapy 精确放疗PTCA percutaneous transluminal coronary angioplasty经皮腔内冠状动脉成型术PTV planning target volume 计划靶区PUC probability of uncomplicated control 无并发症控制概率PUFA polyunsaturated fatty acid 多不饱和脂肪酸QA/QC quality assurance/quality control 质量保证／质量控制QOL quality of life 生活质量QP quadratic programming二次规划法RBE relative biological effectiveness相对生物效应RD reference dose参考剂量REV room＇s eye view 治疗室内视图RH regional hyperthermia区域加温SAD source axis distance源轴距SALT skin associated lymphoid tissue皮肤相关淋巴样组织SAR scatter air ratio散射空气比SCHART split-course hyperfractionated accelerated radiation therapy分段加速超分割放疗SCLC small cell lung cancer 小细胞肺癌SER sensitization enhancement ratio增敏比SI sum index加权综合指数SIB simultaneously integrated boosting大野照射及小野追加剂量照射SIOP International Society for Paediatric Oncology国际儿童肿瘤研究组织SIS skin immune system皮肤免疫系统SLD sublethal damage亚致死损伤SLN sentinel lymph node哨位淋巴结SLNB sentinel lymph node biopsy哨位淋巴结活检技术SM set-up margin摆位边界SMR scatter maximum ratio散射最大剂量比SOBP spread out Bragg peak扩展布拉格峰SPECT single photo emmision computerized tomography单光子发射型计算机扫描SPR scatter phantom ratio散射体模比SRS stereotactic radiosurgery立体定向放射外科SRT stereotactic radiation therapy立体定向放射治疗SSB single strand break单链断裂SSD source skin distance源皮距STD source tumor distance源瘤距SVCS superior vena cave syndrome上腔静脉综合征SVD singular value decomposition奇异值分解法TAA tumor associated antigen肿瘤相关抗原TAE transcatheter arterial embolization经导管动脉栓塞术TAR tissue air ratio组织空气比TCD tumor control dose肿瘤控制剂量TCP tumor control probability肿瘤控制概率TER thermal enhancement ratio热增强比TGF therapeutic gain factor治疗增益系数(因子）TLD thermoluminescence dosimeters热释光剂量计TMR tissue maximum ratio组织最大剂量比Tpot potertial doubling time潜在倍增时间TPR tissue phantom ratio组织体模比TPS treatment planning system 治疗计划系统TR therapeutic ratio治疗比TSEI total skin electron irradiation电子线全身照射TV treatment volume治疗靶区TVR treatment volume ratio治疗体积比UDS unscheduled DNA synthesis程序外DNA合成UICC International Union Against Cancer国际抗癌联盟VEGF vascular endothelial growth factor血管内皮生长因子WBH whole body huperthermia全身加温5 放射肿瘤学（放射治疗学）5.1 放射肿瘤学 radiation oncology原先称放射治疗学,专门研究肿瘤放射治疗的分支学科。

conformal使用步骤
Conformal的使用步骤主要包括以下几步：
数据准备：使用Conformal方法前，需要准备好数据集。

这包括数据的收集、清洗和预处理等步骤，确保数据集具有一定的样本量和特征能够反映问题和目标。

数据划分：将数据集划分为训练集和测试集两部分，通常按照70%的比例划分。

训练集用于训练模型，测试集用于验证模型的性能。

创建patch文件：在验证了所有非等价点都是由功能更改引起的之后，使用Conformal为每个非等价模块创建一个patch文件。

patch文件定义了一个patch模块并包含将改变设计功能的更改。

应用patch并写出ECO网表：在分析所有ECO模块后使用patch文件创建ECO网表，然后写出尚未映射或优化的网表。

优化补丁：这一步有点类似综合。

ECO网表进行等价性检查：一致性检查必不可少。

可以使用ANALYZE ECO命令为每个非等价模块创建patch文件。