Branching processes of high level petri nets and model checking of mobile systems
Download
1 / 59

Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems - PowerPoint PPT Presentation


  • 122 Views
  • Uploaded on

Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems. Maciej Koutny School of Computing Science Newcastle University with: R.Devillers, V.Khomenko, H.Klaudel, A.Niaouris UFO'07 , Siedlce, Poland 2007. Outline. Motivation Coloured Petri nets

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems' - asher-ellison


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Branching processes of high level petri nets and model checking of mobile systems

Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems

Maciej KoutnySchool of Computing ScienceNewcastle University

with: R.Devillers, V.Khomenko, H.Klaudel, A.Niaouris

UFO'07, Siedlce, Poland 2007


Outline
Outline

  • Motivation

  • Coloured Petri nets

  • Expansion and unfolding

  • Relationship diagram

  • Experimental results

  • Application: mobile systems

  • π-calculus to Petri nets

  • Implementation issues

  • Experimental results

  • Further work


Motivation

ColouredPNs:

a good intermediate formalism

Gap

Motivation

Low-level PNs:

  • Can be efficiently verified

  • Not convenient for modelling

High-level descriptions:

  • Convenient for modelling

  • Verification is hard


Coloured pns

{1,2}

{1,2}

1

2

u

v

w<u+v

w

{1..4}

Coloured PNs


Expansion

{1,2}

{1,2}

1

2

u

v

w<u+v

w

{1..4}

Expansion

  • The expansion faithfully models the original net

  • Blow up in size


Unfolding

{1,2}

{1,2}

1

2

u

v

1

2

w<u+v

w

u=1

v=2

w=1

u=1

v=2

w=2

{1..4}

1

2

Unfolding


Example computing gcd

2

3

{0..100}

{0..100}

v0

u%v

v

u=3, v=2

m

n

u

v

2

1

u

0

u=2, v=1

u

1

0

{0..100}

u=1

1

Example: computing GCD


Relationship diagram

expansion

Low-level PNs

unfolding

unfolding

Low-level prefix

Coloured prefix

Relationship diagram

Coloured PNs

?


Relationship diagram1

expansion

Low-level PNs

unfolding

unfolding

Low-level prefix

Coloured prefix

Relationship diagram

Coloured PNs

~


Relationship diagram2

{1,2}

{1,2}

1

2

u

v

w<u+v

w

{1..4}

1

2

u=1

v=2

w=1

u=1

v=2

w=2

1

2

Relationship diagram


Relationship diagram3

expansion

Low-level PNs

Relationship diagram

Coloured PNs

unfolding

unfolding

Prefix


Benefits
Benefits

  • Avoiding an exponential blow up when building the expansion

  • Definitions are similar to those for LL unfoldings, no new proofs

  • All results and verification techniques for LL unfoldings are still applicable

    • Model checking algorithms

    • Canonicity, completeness, finiteness


Benefits1
Benefits

  • Existing unfolding algorithms for LL PNs can easily be adapted

    • Usability of the total adequate order proposed in

    • All the heuristics improving the efficiency can be employed (e.g. concurrency relation and preset trees)

    • Parallel unfolding algorithm


Extensions infinite place types

{0..100}

{0..100}

v0

u%v

v

m

n

u

v

u

0

u

{0..100}

Extensions: infinite place types


Extensions infinite place types1

2

3

N

N

v0

u%v

v

u=3, v=2

m

n

u

v

2

1

u

0

u=2, v=1

u

1

0

N

u=1

1

Extensions: infinite place types


Extensions infinite place types2

2

3

{1..3}

{0..2}

v0

u%v

v

u=3, v=2

m

n

u

v

2

1

u

0

u=2, v=1

u

1

0

{1}

u=1

1

Extensions: infinite place types


Refined expansion

expansion

Low-level PNs

Refined expansion

Coloured PNs

unfolding

unfolding

Prefix


Experimental results
Experimental results

  • Tremendous improvements for colour-intensive PNs (e.g. GCD)

  • Negligible slow-down (<0.5%) for control-intensive PNs (e.g. Lamport’s mutual exclusion algorithm)


Application mobility
Application: mobility

  • One of the main features of many crucial modern distributed computing systems

  • Formal analysis and verification using process algebras like π-calculus

  • Our aim: to alleviate the state space explosion problem during reachability analysis of mobile systems

  • Using/adapting model checking algorithms based on unfoldings


Syntax finite
Syntax (finite)

Basic elements are channel (names) like a, b, c, ...

ab input prefix

ab output prefix

τ internal prefix

pref.P first execute pref then P

P+Q execute P or Q

P | Q execute P and Q in parallel

(νc) P restrict c within P

A ├ P A is the set of all “known” channels

_


Operational semantics
Operational semantics

Operational semantics defined using SOS rules such as:

¬b є A

______________________________________

A ├ ac.P A {b} ├ {b/c} P

One can then consider LTSs generated by π-terms, the associated behavioural properties, etc.

ab


P nets
p-nets

High level Petri nets where tokens can, e.g., be channels

a

u

transition is enabled if there is a suitable binding for u and v

v

v

τ

b

read arcs

(non-directed)

only for testing


P nets1
p-nets

High level nets where tokens can be, e.g., channels

a

u

transition is enabled if there is a suitable binding for u and v

for instance

u=a

v=b

v

v

τ

b


P nets2
p-nets

High level nets where tokens can be, e.g., channels

a

u

transition is enabled if there is a suitable binding for u and v

for instance

u=a

v=b

which leads to

v

v

τ

b

b


Holder places and read arcs
Holder places and read arcs

Blue part (holder places) is related to channels

a

u

u

u

v

v

v

v

τ

snd

b

rcv

Black part is related to control flow


Tag place
Tag-place

Used to maintain information about Known, New and Restricted channels

V.v.K

a

u

_

e.N

U.u.K

a.a.K

UV

Δ.R

v

V.N

Δ

v.R


Tag place1
Tag-place

Used to maintain information about Known, New and Restricted channels

suitable bindingu=U=av=ΔV=e

V.v.K

a

u

_

e.N

U.u.K

a.a.K

UV

Δ.R

v

V.N

Δ

v.R


Tag place2
Tag-place

Used to maintain information about Known, New and Restricted channels

suitable bindingu=U=av=ΔV=e

V.v.K

a

u

_

e.Δ.K

U.u.K

a.a.K

UV

v

V.N

Δ

v.R

_

generates ae

and then LTS can be defined


P nets3
p-nets

p-nets can be composed to mirror the operators in the process algebra:prefixing

parallel composition choice communication


Model checking calculus
Model checking π-calculus

Pi-calculus

expression

Safe

High-level PN

(p-nets)

Automatic translation


Example 1
Example 1

V.v.K

U.u.K

v.v.K

d.d.K

u

u

U.u.K

b

UV

Uv

b.b.K

e.N

v.N

v

Uv

v

u

V.v.K

_

UV

U.u.K

v

d

_

{b,d} ├ ba.ad


Example 11
Example 1

V.v.K

U.u.K

v.v.K

d.d.K

u

u

U.u.K

b

UV

Uv

b.b.K

e.N

v.N

v

Uv

v

u

V.v.K

bindingu=U=bv=e

_

UV

U.u.K

v

d


Example 12
Example 1

V.v.K

U.u.K

v.v.K

d.d.K

u

u

U.u.K

b

UV

Uv

b.b.K

e.e.K

v.N

v

Uv

v

e

u

V.v.K

bindingu=U=bv=egenerates be

_

UV

U.u.K

v

d


Example 13
Example 1

V.v.K

U.u.K

v.v.K

d.d.K

u

u

U.u.K

b

UV

Uv

b.b.K

e.e.K

v.N

v

Uv

v

e

u

V.v.K

_

UV

U.u.K

v

d


Example 14
Example 1

V.v.K

U.u.K

v.v.K

d.d.K

u

u

U.u.K

b

UV

Uv

b.b.K

e.e.K

v.N

v

Uv

v

e

u

V.v.K

bindingu=U=ev=V=d

_

UV

U.u.K

v

d


Example 15
Example 1

V.v.K

U.u.K

v.v.K

d.d.K

u

u

U.u.K

b

UV

Uv

b.b.K

e.e.K

v.N

v

Uv

v

e

u

V.v.K

bindingu=U=ev=V=dgenerates ed

_

UV

U.u.K

v

_

d


Example 2
Example 2

V.v.K

a

a.a.K

u

_

U.u.K

b.b.K

UV

Δ.R

v

f.N

V.N

v.R

Δ

u

V.v.K

_

UV

U.u.K

v

b

_

_

{a,b} ├ (νc)ac.cb


Example 21
Example 2

V.v.K

a

a.a.K

u

_

U.u.K

b.b.K

UV

Δ.R

v

f.N

V.N

v.R

Δ

u

V.v.K

_

bindingu=U=aV=fv= Δ

UV

U.u.K

v

b


Example 22
Example 2

V.v.K

a

a.a.K

u

_

U.u.K

b.b.K

UV

f.Δ.K

v

V.N

v.R

Δ

u

V.v.K

_

bindingu=U=aV=fv= Δgenerates af

UV

U.u.K

v

b

_


Example 23
Example 2

V.v.K

a

a.a.K

u

_

U.u.K

b.b.K

UV

f.Δ.K

v

V.N

v.R

Δ

u

V.v.K

_

UV

U.u.K

v

b


Example 24
Example 2

V.v.K

a

a.a.K

u

_

U.u.K

b.b.K

UV

f.Δ.K

v

V.N

v.R

Δ

u

bindingU=f

u=ΔV=v=b

V.v.K

_

UV

U.u.K

v

b


Example 25
Example 2

V.v.K

a

a.a.K

u

_

U.u.K

b.b.K

UV

f.Δ.K

v

V.N

v.R

Δ

u

bindingU=f

u=ΔV=v=b generates fb

V.v.K

_

UV

U.u.K

v

_

b


Example 3
Example 3

a

u

τ

v

v

V.v.K

Δ

a.a.K

u

v

_

_

Δ.R

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.N

u

v.R

d

e

V.N

_

_

_

{a,e,d} ├ (νc)(ac.ec | ab.bd)


Example 31
Example 3

a

u

τ

v

v

V.v.K

Δ

a.a.K

u

v

_

_

Δ.R

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.N

u

v.R

d

e

V.N


Example 32
Example 3

a

u

τ

v

v

V.v.K

Δ

Δ

a.a.K

u

v

_

_

Δ.R

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.N

u

v.R

d

e

V.N


Example 33
Example 3

a

u

τ

v

v

V.v.K

Δ

Δ

a.a.K

u

v

_

_

Δ.R

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.N

u

v.R

d

e

V.N


Example 34
Example 3

a

u

τ

v

v

V.v.K

Δ

Δ

a.a.K

u

v

_

_

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.Δ.K

u

v.R

d

e

V.N


Example 35
Example 3

a

u

τ

v

v

V.v.K

Δ

Δ

a.a.K

u

v

_

_

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.Δ.K

u

v.R

d

e

V.N


Example 36
Example 3

a

u

τ

v

v

V.v.K

Δ

Δ

a.a.K

u

v

_

_

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.Δ.K

u

v.R

d

e

V.N


Model checking calculus1
Model checking π-calculus

pi-calculus

expression

Safe

High-level PN

(p-nets)

PUNF

MPSat

Property

Checking

PN unfolding


Implementation issues
Implementation issues

  • Infinity of new channels

  • Read arcs

  • Non-safeness

  • Partial-transition expansion

  • Reducing the number of holder places


Example
Example

NESS

a?ness

a

T

ness

h1

h4

h3

h2


Example1
Example

h1!ness | h2!ness | h3!ness | h4!ness

NESS

a

T

ness

h1

h4

ness

ness

ness

h3

h2

ness


Example2
Example

h1?addr1

| h2?addr2

| h3?addr3 | h4?addr4

NESS

a

T

ness

ness

ness

ness

ness

h1

h4

ness

ness

h3

h2

ness

ness


Example3
Example

NESS

a

T

ness

h1

h4

h2

h3

ness

ness

ness

ness


Example4

h!h1. h1!done. STOP

+

h?another1.addr1!h1.addr1!another1.

h1!done.STOP

Example

NESS

a

T

ness

ness

ness

h1

h4

h3

h2

ness

h

ness

h

ness

ness



Further work
Further work

  • We need efficient extensions of the unfolding approach for read arcs

  • Introduce a restricted form of recursion still allowing one to use model-checking

  • Deal with the state space explosion caused by aspects other than high level of concurrency

  • Further performance comparisons of this model with other model checkers



ad