1 / 59

Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems

This paper explores the utilization of high-level Petri nets in modeling and verifying mobile systems, offering insights into expansion, unfolding, relationship diagrams, and experimental results. It introduces the concept of colored Petri nets as an intermediate formalism, bridging the gap between low-level and high-level descriptions. The benefits include avoiding exponential blow-up in model expansion and adapting existing unfolding algorithms for improved efficiency. The study aims to address state space explosion issues during reachability analysis of mobile systems and applies model checking algorithms based on unfoldings for verification.

kathrynlopez
Download Presentation

Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems Maciej KoutnySchool of Computing ScienceNewcastle University with: R.Devillers, V.Khomenko, H.Klaudel, A.Niaouris UFO'07, Siedlce, Poland 2007

  2. Outline • Motivation • Coloured Petri nets • Expansion and unfolding • Relationship diagram • Experimental results • Application: mobile systems • π-calculus to Petri nets • Implementation issues • Experimental results • Further work

  3. ColouredPNs: a good intermediate formalism Gap Motivation Low-level PNs: • Can be efficiently verified • Not convenient for modelling High-level descriptions: • Convenient for modelling • Verification is hard

  4. {1,2} {1,2} 1 2 u v w<u+v w {1..4} Coloured PNs

  5. {1,2} {1,2} 1 2   u v w<u+v w {1..4} Expansion • The expansion faithfully models the original net • Blow up in size

  6. {1,2} {1,2} 1 2 u v 1 2 w<u+v w u=1 v=2 w=1 u=1 v=2 w=2 {1..4} 1 2 Unfolding

  7. 2 3 {0..100} {0..100} v0 u%v v u=3, v=2 m n u v 2 1 u 0 u=2, v=1 u 1 0 {0..100} u=1 1 Example: computing GCD

  8. expansion Low-level PNs unfolding unfolding Low-level prefix Coloured prefix Relationship diagram Coloured PNs ?

  9. expansion Low-level PNs unfolding unfolding Low-level prefix Coloured prefix Relationship diagram Coloured PNs ~

  10. {1,2} {1,2} 1 2   u v w<u+v w {1..4} 1 2 u=1 v=2 w=1 u=1 v=2 w=2 1 2 Relationship diagram

  11. expansion Low-level PNs Relationship diagram Coloured PNs unfolding unfolding Prefix

  12. Benefits • Avoiding an exponential blow up when building the expansion • Definitions are similar to those for LL unfoldings, no new proofs • All results and verification techniques for LL unfoldings are still applicable • Model checking algorithms • Canonicity, completeness, finiteness

  13. Benefits • Existing unfolding algorithms for LL PNs can easily be adapted • Usability of the total adequate order proposed in • All the heuristics improving the efficiency can be employed (e.g. concurrency relation and preset trees) • Parallel unfolding algorithm

  14. {0..100} {0..100} v0 u%v v m n u v u 0 u {0..100} Extensions: infinite place types

  15. 2 3 N N v0 u%v v u=3, v=2 m n u v 2 1 u 0 u=2, v=1 u 1 0 N u=1 1 Extensions: infinite place types

  16. 2 3 {1..3} {0..2} v0 u%v v u=3, v=2 m n u v 2 1 u 0 u=2, v=1 u 1 0 {1} u=1 1 Extensions: infinite place types

  17. expansion Low-level PNs Refined expansion Coloured PNs unfolding unfolding Prefix

  18. Experimental results • Tremendous improvements for colour-intensive PNs (e.g. GCD) • Negligible slow-down (<0.5%) for control-intensive PNs (e.g. Lamport’s mutual exclusion algorithm)

  19. Application: mobility • One of the main features of many crucial modern distributed computing systems • Formal analysis and verification using process algebras like π-calculus • Our aim: to alleviate the state space explosion problem during reachability analysis of mobile systems • Using/adapting model checking algorithms based on unfoldings

  20. Syntax (finite) Basic elements are channel (names) like a, b, c, ... ab input prefix ab output prefix τ internal prefix pref.P first execute pref then P P+Q execute P or Q P | Q execute P and Q in parallel (νc) P restrict c within P A ├ P A is the set of all “known” channels _

  21. Operational semantics Operational semantics defined using SOS rules such as: ¬b є A ______________________________________ A ├ ac.P A {b} ├ {b/c} P One can then consider LTSs generated by π-terms, the associated behavioural properties, etc. ab ∩

  22. p-nets High level Petri nets where tokens can, e.g., be channels a u transition is enabled if there is a suitable binding for u and v v v τ b read arcs (non-directed) only for testing

  23. p-nets High level nets where tokens can be, e.g., channels a u transition is enabled if there is a suitable binding for u and v for instance u=a v=b v v τ b

  24. p-nets High level nets where tokens can be, e.g., channels a u transition is enabled if there is a suitable binding for u and v for instance u=a v=b which leads to v v τ b b

  25. Holder places and read arcs Blue part (holder places) is related to channels a u u u v v v v τ snd b rcv Black part is related to control flow

  26. Tag-place Used to maintain information about Known, New and Restricted channels V.v.K a u _ e.N U.u.K a.a.K UV Δ.R v V.N Δ v.R

  27. Tag-place Used to maintain information about Known, New and Restricted channels suitable bindingu=U=av=ΔV=e V.v.K a u _ e.N U.u.K a.a.K UV Δ.R v V.N Δ v.R

  28. Tag-place Used to maintain information about Known, New and Restricted channels suitable bindingu=U=av=ΔV=e V.v.K a u _ e.Δ.K U.u.K a.a.K UV v V.N Δ v.R _ generates ae and then LTS can be defined

  29. p-nets p-nets can be composed to mirror the operators in the process algebra:prefixing parallel composition choice communication

  30. Model checking π-calculus Pi-calculus expression Safe High-level PN (p-nets) Automatic translation

  31. Example 1 V.v.K U.u.K v.v.K d.d.K u u U.u.K b UV Uv b.b.K e.N v.N v Uv v u V.v.K _ UV U.u.K v d _ {b,d} ├ ba.ad

  32. Example 1 V.v.K U.u.K v.v.K d.d.K u u U.u.K b UV Uv b.b.K e.N v.N v Uv v u V.v.K bindingu=U=bv=e _ UV U.u.K v d

  33. Example 1 V.v.K U.u.K v.v.K d.d.K u u U.u.K b UV Uv b.b.K e.e.K v.N v Uv v e u V.v.K bindingu=U=bv=egenerates be _ UV U.u.K v d

  34. Example 1 V.v.K U.u.K v.v.K d.d.K u u U.u.K b UV Uv b.b.K e.e.K v.N v Uv v e u V.v.K _ UV U.u.K v d

  35. Example 1 V.v.K U.u.K v.v.K d.d.K u u U.u.K b UV Uv b.b.K e.e.K v.N v Uv v e u V.v.K bindingu=U=ev=V=d _ UV U.u.K v d

  36. Example 1 V.v.K U.u.K v.v.K d.d.K u u U.u.K b UV Uv b.b.K e.e.K v.N v Uv v e u V.v.K bindingu=U=ev=V=dgenerates ed _ UV U.u.K v _ d

  37. Example 2 V.v.K a a.a.K u _ U.u.K b.b.K UV Δ.R v f.N V.N v.R Δ u V.v.K _ UV U.u.K v b _ _ {a,b} ├ (νc)ac.cb

  38. Example 2 V.v.K a a.a.K u _ U.u.K b.b.K UV Δ.R v f.N V.N v.R Δ u V.v.K _ bindingu=U=aV=fv= Δ UV U.u.K v b

  39. Example 2 V.v.K a a.a.K u _ U.u.K b.b.K UV f.Δ.K v V.N v.R Δ u V.v.K _ bindingu=U=aV=fv= Δgenerates af UV U.u.K v b _

  40. Example 2 V.v.K a a.a.K u _ U.u.K b.b.K UV f.Δ.K v V.N v.R Δ u V.v.K _ UV U.u.K v b

  41. Example 2 V.v.K a a.a.K u _ U.u.K b.b.K UV f.Δ.K v V.N v.R Δ u bindingU=f u=ΔV=v=b V.v.K _ UV U.u.K v b

  42. Example 2 V.v.K a a.a.K u _ U.u.K b.b.K UV f.Δ.K v V.N v.R Δ u bindingU=f u=ΔV=v=b generates fb V.v.K _ UV U.u.K v _ b

  43. Example 3 a u τ v v V.v.K Δ a.a.K u v _ _ Δ.R V.v.K U.u.K e.e.K UV UV U.u.K d.d.K v f.N u v.R d e V.N _ _ _ {a,e,d} ├ (νc)(ac.ec | ab.bd)

  44. Example 3 a u τ v v V.v.K Δ a.a.K u v _ _ Δ.R V.v.K U.u.K e.e.K UV UV U.u.K d.d.K v f.N u v.R d e V.N

  45. Example 3 a u τ v v V.v.K Δ Δ a.a.K u v _ _ Δ.R V.v.K U.u.K e.e.K UV UV U.u.K d.d.K v f.N u v.R d e V.N

  46. Example 3 a u τ v v V.v.K Δ Δ a.a.K u v _ _ Δ.R V.v.K U.u.K e.e.K UV UV U.u.K d.d.K v f.N u v.R d e V.N

  47. Example 3 a u τ v v V.v.K Δ Δ a.a.K u v _ _ V.v.K U.u.K e.e.K UV UV U.u.K d.d.K v f.Δ.K u v.R d e V.N

  48. Example 3 a u τ v v V.v.K Δ Δ a.a.K u v _ _ V.v.K U.u.K e.e.K UV UV U.u.K d.d.K v f.Δ.K u v.R d e V.N

  49. Example 3 a u τ v v V.v.K Δ Δ a.a.K u v _ _ V.v.K U.u.K e.e.K UV UV U.u.K d.d.K v f.Δ.K u v.R d e V.N

  50. Model checking π-calculus pi-calculus expression Safe High-level PN (p-nets) PUNF MPSat Property Checking PN unfolding

More Related