Branching processes of high level petri nets and model checking of mobile systems
This presentation is the property of its rightful owner.
Sponsored Links
1 / 59

Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems PowerPoint PPT Presentation


  • 78 Views
  • Uploaded on
  • Presentation posted in: General

Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems. Maciej Koutny School of Computing Science Newcastle University with: R.Devillers, V.Khomenko, H.Klaudel, A.Niaouris UFO'07 , Siedlce, Poland 2007. Outline. Motivation Coloured Petri nets

Download Presentation

Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Branching processes of high level petri nets and model checking of mobile systems

Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems

Maciej KoutnySchool of Computing ScienceNewcastle University

with: R.Devillers, V.Khomenko, H.Klaudel, A.Niaouris

UFO'07, Siedlce, Poland 2007


Outline

Outline

  • Motivation

  • Coloured Petri nets

  • Expansion and unfolding

  • Relationship diagram

  • Experimental results

  • Application: mobile systems

  • π-calculus to Petri nets

  • Implementation issues

  • Experimental results

  • Further work


Motivation

ColouredPNs:

a good intermediate formalism

Gap

Motivation

Low-level PNs:

  • Can be efficiently verified

  • Not convenient for modelling

High-level descriptions:

  • Convenient for modelling

  • Verification is hard


Coloured pns

{1,2}

{1,2}

1

2

u

v

w<u+v

w

{1..4}

Coloured PNs


Expansion

{1,2}

{1,2}

1

2

u

v

w<u+v

w

{1..4}

Expansion

  • The expansion faithfully models the original net

  • Blow up in size


Unfolding

{1,2}

{1,2}

1

2

u

v

1

2

w<u+v

w

u=1

v=2

w=1

u=1

v=2

w=2

{1..4}

1

2

Unfolding


Example computing gcd

2

3

{0..100}

{0..100}

v0

u%v

v

u=3, v=2

m

n

u

v

2

1

u

0

u=2, v=1

u

1

0

{0..100}

u=1

1

Example: computing GCD


Relationship diagram

expansion

Low-level PNs

unfolding

unfolding

Low-level prefix

Coloured prefix

Relationship diagram

Coloured PNs

?


Relationship diagram1

expansion

Low-level PNs

unfolding

unfolding

Low-level prefix

Coloured prefix

Relationship diagram

Coloured PNs

~


Relationship diagram2

{1,2}

{1,2}

1

2

u

v

w<u+v

w

{1..4}

1

2

u=1

v=2

w=1

u=1

v=2

w=2

1

2

Relationship diagram


Relationship diagram3

expansion

Low-level PNs

Relationship diagram

Coloured PNs

unfolding

unfolding

Prefix


Benefits

Benefits

  • Avoiding an exponential blow up when building the expansion

  • Definitions are similar to those for LL unfoldings, no new proofs

  • All results and verification techniques for LL unfoldings are still applicable

    • Model checking algorithms

    • Canonicity, completeness, finiteness


Benefits1

Benefits

  • Existing unfolding algorithms for LL PNs can easily be adapted

    • Usability of the total adequate order proposed in

    • All the heuristics improving the efficiency can be employed (e.g. concurrency relation and preset trees)

    • Parallel unfolding algorithm


Extensions infinite place types

{0..100}

{0..100}

v0

u%v

v

m

n

u

v

u

0

u

{0..100}

Extensions: infinite place types


Extensions infinite place types1

2

3

N

N

v0

u%v

v

u=3, v=2

m

n

u

v

2

1

u

0

u=2, v=1

u

1

0

N

u=1

1

Extensions: infinite place types


Extensions infinite place types2

2

3

{1..3}

{0..2}

v0

u%v

v

u=3, v=2

m

n

u

v

2

1

u

0

u=2, v=1

u

1

0

{1}

u=1

1

Extensions: infinite place types


Refined expansion

expansion

Low-level PNs

Refined expansion

Coloured PNs

unfolding

unfolding

Prefix


Experimental results

Experimental results

  • Tremendous improvements for colour-intensive PNs (e.g. GCD)

  • Negligible slow-down (<0.5%) for control-intensive PNs (e.g. Lamport’s mutual exclusion algorithm)


Application mobility

Application: mobility

  • One of the main features of many crucial modern distributed computing systems

  • Formal analysis and verification using process algebras like π-calculus

  • Our aim: to alleviate the state space explosion problem during reachability analysis of mobile systems

  • Using/adapting model checking algorithms based on unfoldings


Syntax finite

Syntax (finite)

Basic elements are channel (names) like a, b, c, ...

abinput prefix

aboutput prefix

τinternal prefix

pref.Pfirst execute pref then P

P+Qexecute P or Q

P | Q execute P and Q in parallel

(νc) Prestrict c within P

A ├ PA is the set of all “known” channels

_


Operational semantics

Operational semantics

Operational semantics defined using SOS rules such as:

¬b є A

______________________________________

A ├ ac.P A {b} ├ {b/c} P

One can then consider LTSs generated by π-terms, the associated behavioural properties, etc.

ab


P nets

p-nets

High level Petri nets where tokens can, e.g., be channels

a

u

transition is enabled if there is a suitable binding for u and v

v

v

τ

b

read arcs

(non-directed)

only for testing


P nets1

p-nets

High level nets where tokens can be, e.g., channels

a

u

transition is enabled if there is a suitable binding for u and v

for instance

u=a

v=b

v

v

τ

b


P nets2

p-nets

High level nets where tokens can be, e.g., channels

a

u

transition is enabled if there is a suitable binding for u and v

for instance

u=a

v=b

which leads to

v

v

τ

b

b


Holder places and read arcs

Holder places and read arcs

Blue part (holder places) is related to channels

a

u

u

u

v

v

v

v

τ

snd

b

rcv

Black part is related to control flow


Tag place

Tag-place

Used to maintain information about Known, New and Restricted channels

V.v.K

a

u

_

e.N

U.u.K

a.a.K

UV

Δ.R

v

V.N

Δ

v.R


Tag place1

Tag-place

Used to maintain information about Known, New and Restricted channels

suitable bindingu=U=av=ΔV=e

V.v.K

a

u

_

e.N

U.u.K

a.a.K

UV

Δ.R

v

V.N

Δ

v.R


Tag place2

Tag-place

Used to maintain information about Known, New and Restricted channels

suitable bindingu=U=av=ΔV=e

V.v.K

a

u

_

e.Δ.K

U.u.K

a.a.K

UV

v

V.N

Δ

v.R

_

generates ae

and then LTS can be defined


P nets3

p-nets

p-nets can be composed to mirror the operators in the process algebra:prefixing

parallel compositionchoicecommunication


Model checking calculus

Model checking π-calculus

Pi-calculus

expression

Safe

High-level PN

(p-nets)

Automatic translation


Example 1

Example 1

V.v.K

U.u.K

v.v.K

d.d.K

u

u

U.u.K

b

UV

Uv

b.b.K

e.N

v.N

v

Uv

v

u

V.v.K

_

UV

U.u.K

v

d

_

{b,d} ├ ba.ad


Example 11

Example 1

V.v.K

U.u.K

v.v.K

d.d.K

u

u

U.u.K

b

UV

Uv

b.b.K

e.N

v.N

v

Uv

v

u

V.v.K

bindingu=U=bv=e

_

UV

U.u.K

v

d


Example 12

Example 1

V.v.K

U.u.K

v.v.K

d.d.K

u

u

U.u.K

b

UV

Uv

b.b.K

e.e.K

v.N

v

Uv

v

e

u

V.v.K

bindingu=U=bv=egenerates be

_

UV

U.u.K

v

d


Example 13

Example 1

V.v.K

U.u.K

v.v.K

d.d.K

u

u

U.u.K

b

UV

Uv

b.b.K

e.e.K

v.N

v

Uv

v

e

u

V.v.K

_

UV

U.u.K

v

d


Example 14

Example 1

V.v.K

U.u.K

v.v.K

d.d.K

u

u

U.u.K

b

UV

Uv

b.b.K

e.e.K

v.N

v

Uv

v

e

u

V.v.K

bindingu=U=ev=V=d

_

UV

U.u.K

v

d


Example 15

Example 1

V.v.K

U.u.K

v.v.K

d.d.K

u

u

U.u.K

b

UV

Uv

b.b.K

e.e.K

v.N

v

Uv

v

e

u

V.v.K

bindingu=U=ev=V=dgenerates ed

_

UV

U.u.K

v

_

d


Example 2

Example 2

V.v.K

a

a.a.K

u

_

U.u.K

b.b.K

UV

Δ.R

v

f.N

V.N

v.R

Δ

u

V.v.K

_

UV

U.u.K

v

b

_

_

{a,b} ├ (νc)ac.cb


Example 21

Example 2

V.v.K

a

a.a.K

u

_

U.u.K

b.b.K

UV

Δ.R

v

f.N

V.N

v.R

Δ

u

V.v.K

_

bindingu=U=aV=fv= Δ

UV

U.u.K

v

b


Example 22

Example 2

V.v.K

a

a.a.K

u

_

U.u.K

b.b.K

UV

f.Δ.K

v

V.N

v.R

Δ

u

V.v.K

_

bindingu=U=aV=fv= Δgenerates af

UV

U.u.K

v

b

_


Example 23

Example 2

V.v.K

a

a.a.K

u

_

U.u.K

b.b.K

UV

f.Δ.K

v

V.N

v.R

Δ

u

V.v.K

_

UV

U.u.K

v

b


Example 24

Example 2

V.v.K

a

a.a.K

u

_

U.u.K

b.b.K

UV

f.Δ.K

v

V.N

v.R

Δ

u

bindingU=f

u=ΔV=v=b

V.v.K

_

UV

U.u.K

v

b


Example 25

Example 2

V.v.K

a

a.a.K

u

_

U.u.K

b.b.K

UV

f.Δ.K

v

V.N

v.R

Δ

u

bindingU=f

u=ΔV=v=b generates fb

V.v.K

_

UV

U.u.K

v

_

b


Example 3

Example 3

a

u

τ

v

v

V.v.K

Δ

a.a.K

u

v

_

_

Δ.R

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.N

u

v.R

d

e

V.N

_

_

_

{a,e,d} ├ (νc)(ac.ec | ab.bd)


Example 31

Example 3

a

u

τ

v

v

V.v.K

Δ

a.a.K

u

v

_

_

Δ.R

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.N

u

v.R

d

e

V.N


Example 32

Example 3

a

u

τ

v

v

V.v.K

Δ

Δ

a.a.K

u

v

_

_

Δ.R

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.N

u

v.R

d

e

V.N


Example 33

Example 3

a

u

τ

v

v

V.v.K

Δ

Δ

a.a.K

u

v

_

_

Δ.R

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.N

u

v.R

d

e

V.N


Example 34

Example 3

a

u

τ

v

v

V.v.K

Δ

Δ

a.a.K

u

v

_

_

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.Δ.K

u

v.R

d

e

V.N


Example 35

Example 3

a

u

τ

v

v

V.v.K

Δ

Δ

a.a.K

u

v

_

_

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.Δ.K

u

v.R

d

e

V.N


Example 36

Example 3

a

u

τ

v

v

V.v.K

Δ

Δ

a.a.K

u

v

_

_

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.Δ.K

u

v.R

d

e

V.N


Model checking calculus1

Model checking π-calculus

pi-calculus

expression

Safe

High-level PN

(p-nets)

PUNF

MPSat

Property

Checking

PN unfolding


Implementation issues

Implementation issues

  • Infinity of new channels

  • Read arcs

  • Non-safeness

  • Partial-transition expansion

  • Reducing the number of holder places


Example

Example

NESS

a?ness

a

T

ness

h1

h4

h3

h2


Example1

Example

h1!ness | h2!ness | h3!ness | h4!ness

NESS

a

T

ness

h1

h4

ness

ness

ness

h3

h2

ness


Example2

Example

h1?addr1

| h2?addr2

| h3?addr3 | h4?addr4

NESS

a

T

ness

ness

ness

ness

ness

h1

h4

ness

ness

h3

h2

ness

ness


Example3

Example

NESS

a

T

ness

h1

h4

h2

h3

ness

ness

ness

ness


Example4

h!h1. h1!done. STOP

+

h?another1.addr1!h1.addr1!another1.

h1!done.STOP

Example

NESS

a

T

ness

ness

ness

h1

h4

h3

h2

ness

h

ness

h

ness

ness


Experiments

Experiments


Further work

Further work

  • We need efficient extensions of the unfolding approach for read arcs

  • Introduce a restricted form of recursion still allowing one to use model-checking

  • Deal with the state space explosion caused by aspects other than high level of concurrency

  • Further performance comparisons of this model with other model checkers


Branching processes of high level petri nets and model checking of mobile systems

Thank you!


  • Login