Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems

Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems Maciej KoutnySchool of Computing ScienceNewcastle University with: R.Devillers, V.Khomenko, H.Klaudel, A.Niaouris UFO'07, Siedlce, Poland 2007

Outline • Motivation • Coloured Petri nets • Expansion and unfolding • Relationship diagram • Experimental results • Application: mobile systems • π-calculus to Petri nets • Implementation issues • Experimental results • Further work

ColouredPNs: a good intermediate formalism Gap Motivation Low-level PNs: • Can be efficiently verified • Not convenient for modelling High-level descriptions: • Convenient for modelling • Verification is hard

{1,2} {1,2} 1 2 u v w<u+v w {1..4} Coloured PNs

{1,2} {1,2} 1 2   u v w<u+v w {1..4} Expansion • The expansion faithfully models the original net • Blow up in size

{1,2} {1,2} 1 2 u v 1 2 w<u+v w u=1 v=2 w=1 u=1 v=2 w=2 {1..4} 1 2 Unfolding

2 3 {0..100} {0..100} v0 u%v v u=3, v=2 m n u v 2 1 u 0 u=2, v=1 u 1 0 {0..100} u=1 1 Example: computing GCD

expansion Low-level PNs unfolding unfolding Low-level prefix Coloured prefix Relationship diagram Coloured PNs ?

expansion Low-level PNs unfolding unfolding Low-level prefix Coloured prefix Relationship diagram Coloured PNs ~

{1,2} {1,2} 1 2   u v w<u+v w {1..4} 1 2 u=1 v=2 w=1 u=1 v=2 w=2 1 2 Relationship diagram

expansion Low-level PNs Relationship diagram Coloured PNs unfolding unfolding Prefix

Benefits • Avoiding an exponential blow up when building the expansion • Definitions are similar to those for LL unfoldings, no new proofs • All results and verification techniques for LL unfoldings are still applicable • Model checking algorithms • Canonicity, completeness, finiteness

Benefits • Existing unfolding algorithms for LL PNs can easily be adapted • Usability of the total adequate order proposed in • All the heuristics improving the efficiency can be employed (e.g. concurrency relation and preset trees) • Parallel unfolding algorithm

{0..100} {0..100} v0 u%v v m n u v u 0 u {0..100} Extensions: infinite place types

2 3 N N v0 u%v v u=3, v=2 m n u v 2 1 u 0 u=2, v=1 u 1 0 N u=1 1 Extensions: infinite place types

2 3 {1..3} {0..2} v0 u%v v u=3, v=2 m n u v 2 1 u 0 u=2, v=1 u 1 0 {1} u=1 1 Extensions: infinite place types

expansion Low-level PNs Refined expansion Coloured PNs unfolding unfolding Prefix

Experimental results • Tremendous improvements for colour-intensive PNs (e.g. GCD) • Negligible slow-down (<0.5%) for control-intensive PNs (e.g. Lamport’s mutual exclusion algorithm)

Application: mobility • One of the main features of many crucial modern distributed computing systems • Formal analysis and verification using process algebras like π-calculus • Our aim: to alleviate the state space explosion problem during reachability analysis of mobile systems • Using/adapting model checking algorithms based on unfoldings

Syntax (finite) Basic elements are channel (names) like a, b, c, ... ab input prefix ab output prefix τ internal prefix pref.P first execute pref then P P+Q execute P or Q P | Q execute P and Q in parallel (νc) P restrict c within P A ├ P A is the set of all “known” channels _

Operational semantics Operational semantics defined using SOS rules such as: ¬b є A ______________________________________ A ├ ac.P A {b} ├ {b/c} P One can then consider LTSs generated by π-terms, the associated behavioural properties, etc. ab ∩

p-nets High level Petri nets where tokens can, e.g., be channels a u transition is enabled if there is a suitable binding for u and v v v τ b read arcs (non-directed) only for testing

p-nets High level nets where tokens can be, e.g., channels a u transition is enabled if there is a suitable binding for u and v for instance u=a v=b v v τ b

p-nets High level nets where tokens can be, e.g., channels a u transition is enabled if there is a suitable binding for u and v for instance u=a v=b which leads to v v τ b b

Holder places and read arcs Blue part (holder places) is related to channels a u u u v v v v τ snd b rcv Black part is related to control flow

Tag-place Used to maintain information about Known, New and Restricted channels V.v.K a u _ e.N U.u.K a.a.K UV Δ.R v V.N Δ v.R

Tag-place Used to maintain information about Known, New and Restricted channels suitable bindingu=U=av=ΔV=e V.v.K a u _ e.N U.u.K a.a.K UV Δ.R v V.N Δ v.R

Tag-place Used to maintain information about Known, New and Restricted channels suitable bindingu=U=av=ΔV=e V.v.K a u _ e.Δ.K U.u.K a.a.K UV v V.N Δ v.R _ generates ae and then LTS can be defined

p-nets p-nets can be composed to mirror the operators in the process algebra:prefixing parallel composition choice communication

Model checking π-calculus Pi-calculus expression Safe High-level PN (p-nets) Automatic translation

Example 1 V.v.K U.u.K v.v.K d.d.K u u U.u.K b UV Uv b.b.K e.N v.N v Uv v u V.v.K _ UV U.u.K v d _ {b,d} ├ ba.ad

Example 1 V.v.K U.u.K v.v.K d.d.K u u U.u.K b UV Uv b.b.K e.N v.N v Uv v u V.v.K bindingu=U=bv=e _ UV U.u.K v d

Example 1 V.v.K U.u.K v.v.K d.d.K u u U.u.K b UV Uv b.b.K e.e.K v.N v Uv v e u V.v.K bindingu=U=bv=egenerates be _ UV U.u.K v d

Example 1 V.v.K U.u.K v.v.K d.d.K u u U.u.K b UV Uv b.b.K e.e.K v.N v Uv v e u V.v.K _ UV U.u.K v d

Example 1 V.v.K U.u.K v.v.K d.d.K u u U.u.K b UV Uv b.b.K e.e.K v.N v Uv v e u V.v.K bindingu=U=ev=V=d _ UV U.u.K v d

Example 1 V.v.K U.u.K v.v.K d.d.K u u U.u.K b UV Uv b.b.K e.e.K v.N v Uv v e u V.v.K bindingu=U=ev=V=dgenerates ed _ UV U.u.K v _ d

Example 2 V.v.K a a.a.K u _ U.u.K b.b.K UV Δ.R v f.N V.N v.R Δ u V.v.K _ UV U.u.K v b _ _ {a,b} ├ (νc)ac.cb

Example 2 V.v.K a a.a.K u _ U.u.K b.b.K UV Δ.R v f.N V.N v.R Δ u V.v.K _ bindingu=U=aV=fv= Δ UV U.u.K v b

Example 2 V.v.K a a.a.K u _ U.u.K b.b.K UV f.Δ.K v V.N v.R Δ u V.v.K _ bindingu=U=aV=fv= Δgenerates af UV U.u.K v b _

Example 2 V.v.K a a.a.K u _ U.u.K b.b.K UV f.Δ.K v V.N v.R Δ u V.v.K _ UV U.u.K v b

Example 2 V.v.K a a.a.K u _ U.u.K b.b.K UV f.Δ.K v V.N v.R Δ u bindingU=f u=ΔV=v=b V.v.K _ UV U.u.K v b

Example 2 V.v.K a a.a.K u _ U.u.K b.b.K UV f.Δ.K v V.N v.R Δ u bindingU=f u=ΔV=v=b generates fb V.v.K _ UV U.u.K v _ b

Example 3 a u τ v v V.v.K Δ a.a.K u v _ _ Δ.R V.v.K U.u.K e.e.K UV UV U.u.K d.d.K v f.N u v.R d e V.N _ _ _ {a,e,d} ├ (νc)(ac.ec | ab.bd)

Example 3 a u τ v v V.v.K Δ a.a.K u v _ _ Δ.R V.v.K U.u.K e.e.K UV UV U.u.K d.d.K v f.N u v.R d e V.N

Example 3 a u τ v v V.v.K Δ Δ a.a.K u v _ _ Δ.R V.v.K U.u.K e.e.K UV UV U.u.K d.d.K v f.N u v.R d e V.N

Example 3 a u τ v v V.v.K Δ Δ a.a.K u v _ _ V.v.K U.u.K e.e.K UV UV U.u.K d.d.K v f.Δ.K u v.R d e V.N

Model checking π-calculus pi-calculus expression Safe High-level PN (p-nets) PUNF MPSat Property Checking PN unfolding

Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems

Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems

Presentation Transcript

Petri Nets

Petri nets Classical Petri nets: The basic model

Coloured Petri Nets Modelling and Validation of Concurrent Systems

Petri Nets

Petri Nets

Petri Nets

Petri Nets

Petri Nets

Petri Nets

Parallel LTL-X Model Checking of High-Level Petri Nets Based on Unfoldings

Petri Nets

Action Planning for Directed Model Checking of Petri Nets

Petri Nets:

Branching Processes of High-Level Petri Nets

Petri Nets

Petri Nets

Petri Nets

Petri nets

Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems