1 / 46

Parallel LTL-X Model Checking of High-Level Petri Nets Based on Unfoldings

UNIVERSITY OF STUTTGART. Parallel LTL-X Model Checking of High-Level Petri Nets Based on Unfoldings. Claus Schröter* and Victor Khomenko** *University of Stuttgart, Germany **University of Newcastle upon Tyne, UK. Basis for our work. Esparza and Heljanko (ICALP 2000, SPIN 2001):

heller
Download Presentation

Parallel LTL-X Model Checking of High-Level Petri Nets Based on Unfoldings

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UNIVERSITY OF STUTTGART Parallel LTL-X Model Checking of High-Level Petri Nets Based on Unfoldings Claus Schröter* and Victor Khomenko** *University of Stuttgart, Germany **University of Newcastle upon Tyne, UK

  2. Basis for our work Esparza and Heljanko (ICALP 2000, SPIN 2001): A New Unfolding Approach to LTL Model-Checking • Net system is constructed as the product of • the original net system and • an Büchi automaton accepting  • Model-checking problem is reduced to detection of • illegal ω-traces and • illegal livelocks • by exploiting finite complete prefixes

  3. Basis for our work • Simplicity of this approach • Partial order semantics of Petri nets • Alleviates the state space explosion problem  Input are low level Petri nets  Low level Petri nets are not convenient for modelling

  4. ColouredPNs a good intermediate formalism High-level descriptions: • Verification is hard  Convenient for modelling Low-level PNs: • Can be efficiently verified • Not convenient for modelling Gap

  5. Coloured PNs {1,2} {1,2} 1 2 u v w<u+v w {1..4}

  6. Coloured PNs {1,2} {1,2} 1 2 u v w<u+v w {1..4}

  7. Coloured PNs {1,2} {1,2} u v w<u+v w {1..4} 1

  8. Coloured PNs {1,2} {1,2} u v w<u+v w {1..4} 2

  9. {1,2} {1,2}  1 2  u v w<u+v w {1..4} Expansion

  10. {1,2} {1,2} 1 2 u v w<u+v w {1..4} Expansion  

  11. {1,2} {1,2} 1 2 u v w<u+v w {1..4} Expansion 

  12. {1,2} {1,2} 1 2 u v w<u+v w {1..4} Expansion  

  13. {1,2} {1,2} 1 2 u v w<u+v w {1..4} Expansion 

  14.  Expansion {1,2} {1,2} 1 2 • The expansion faithfully models the original net u v w<u+v w {1..4}  Blow up in size

  15. Finite complete prefix • Introduced by McMillan in 1992 • Relies on the partial order view of concurrent computation • Represents system states implicitly, using an acyclic net • Satisfies two key properties: • Completeness: Each reachable marking of the original net is represented by at least one reachable marking in the prefix • Finiteness: The prefix is finite and thus can be used as an input to model-checking algorithms

  16. Relationship diagram expansion Low-level PNs Coloured PNs unfolding unfolding ? Low-level prefix Coloured prefix

  17. Relationship diagram expansion Low-level PNs Coloured PNs unfolding unfolding ~ Low-level prefix Coloured prefix Khomenko and Koutny proved isomorphism (TACAS’03)

  18.  1 2 u=1 v=2 w=1 u=1 v=2 w=2 1 2 Relationship diagram {1,2} {1,2} 1 2 u v w<u+v w {1..4}

  19. p1:{0,1} p3:{0,1} 0 1 a a a a t1 t2 t3 a a b b p2:{0,1} p4:{0,1} Example: Buffer of capacity 2

  20. Example: Buffer of capacity 2 p1:{0,1} p3:{0,1} 0 1 a a a a t1 t2 t3 a a b b p2:{0,1} p4:{0,1}

  21. Example: Buffer of capacity 2 p1:{0,1} p3:{0,1} 0 a a a a t1 t2 t3 a a b b 1 p2:{0,1} p4:{0,1}

  22. Example: Buffer of capacity 2 p1:{0,1} p3:{0,1} 0 a a a a t1 t2 t3 a a b b 1 p2:{0,1} p4:{0,1}

  23. Example: Buffer of capacity 2 p1:{0,1} p3:{0,1} 1 0 a a a a t1 t2 t3 a a b b p2:{0,1} p4:{0,1}

  24. Example: Buffer of capacity 2 p1:{0,1} p3:{0,1} 0 a a a a t1 t2 t3 a a b b 1 p2:{0,1} p4:{0,1}

  25. Example: Buffer of capacity 2 p1:{0,1} p3:{0,1} a a a a t1 t2 t3 a a b b 1 0 p2:{0,1} p4:{0,1}

  26. p1:{0,1} p3:{0,1} (p2≠0) 0 1 true a a a a true q0 q1 t1 t2 t3 (p2≠0) a a b b I0 q1:{} q0:{} p2:{0,1} p4:{0,1} u0 u1 Example: Buffer of capacity 2 Property: φ = ◊□(p2≠0) Büchi automaton Aφ

  27. Synchronisation • Standard technique: Synchronisation on all transitions  Synchronisation sequentialises the system  Not suitable for unfolding based verification • Solution: Synchronisation just on those transitions which ‘touch’ the atomic propositions of the formula  Concurrency can be exploited

  28. p1:{0,1} p3:{0,1} 0 1 a a a a t1 t2 t3 a a b b q1:{} q0:{} p2:{0,1} p4:{0,1} u0 u1 I0 (p2≠0) Synchronisation

  29. p1:{0,1} p3:{0,1} 0 1 a a a a t1 t2 t3 a a b b q1:{} q0:{} p2:{0,1} p4:{0,1} u0 u1 I0 (p2≠0) Synchronisation p2 p2

  30. p1:{0,1} p3:{0,1} 0 1 a a a a t1 t2 t3 a a b b q1:{} q0:{} p2:{0,1} p4:{0,1} u0 u1 I0 (p2≠0) Synchronisation S:{} B:{} p2 p2

  31. S:{} p1:{0,1} p3:{0,1} 0 1 a a a a t1 t2 t3 a a b b q1:{} q0:{} p2:{0,1} p4:{0,1} u0 u1 I0 (p2≠0) Synchronisation B:{} p2 p2

  32. S:{} p1:{0,1} p3:{0,1} 0 1 a a a a t1 t2 t3 a a b b q1:{} q0:{} p2:{0,1} p4:{0,1} u0 u1 I0 (p2≠0) Synchronisation B:{} p2 p2

  33. p1:{0,1} p3:{0,1} 0 1 a a a a t1 t2 t3 B:{} a a b b q1:{} q0:{} p2:{0,1} p4:{0,1} u0 u1 I0 (p2≠0) Synchronisation S:{} p2 p2

  34. p1:{0,1} p3:{0,1} 0 1 a a a a t1 t2 t3 B:{} a a b b q1:{} q0:{} p2:{0,1} p4:{0,1} u0 u1 I0 (p2≠0) Synchronisation S:{} p2 p2

  35. S:{} p1:{0,1} p3:{0,1} 0 1 a a a a t1 t2 t3 B:{} a a b b q1:{} q0:{} p2:{0,1} p4:{0,1} u0 u1 I0 (p2≠0) Synchronisation p2 p2

  36. Illegal ω-traces • Infinite transition sequence that touches q1 infinitely often violatesφ • To detect such runs we introduce a set I off all transitions putting a token into an accepting Büchi place • An infinite transition sequence of the synchronised net which is fireable from the initial marking and contains infinitely many occurrences of I-transitions violates φ (illegal ω-trace)

  37. Prefix p10 p31 p31 t3 p41 S q0 I0 S u0 p10 q0 q0 B

  38. Prefix p10 p31 p31 t3 p41 S q0 I0 S u0 p10 q0 q0 B

  39. Prefix p10 p31 p31 t3 p41 S q0 I0 S u0 p10 q0 q0 B

  40. Prefix p10 p31 p31 t3 p41 S q0 I0 S u0 p10 q0 q0 B

  41. Prefix p10 p31 p31 t3 p41 S q0 I0 S u0 p10 q0 q0 B

  42. Experimental Results

  43. More Results

  44. More Results

  45. Results for Parallel Mode

  46. Conclusions • Efficient parallel LTL-X model-checker for high level Petri nets • Based on partial order techniques (unfoldings) • Alleviates the state space explosion problem • Experimental results showed a good performance of our checker for several examples

More Related