branching processes of high level petri nets and model checking of mobile systems
Download
Skip this Video
Download Presentation
Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems

Loading in 2 Seconds...

play fullscreen
1 / 59

Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems - PowerPoint PPT Presentation


  • 123 Views
  • Uploaded on

Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems. Maciej Koutny School of Computing Science Newcastle University with: R.Devillers, V.Khomenko, H.Klaudel, A.Niaouris UFO'07 , Siedlce, Poland 2007. Outline. Motivation Coloured Petri nets

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems' - asher-ellison


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
branching processes of high level petri nets and model checking of mobile systems

Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems

Maciej KoutnySchool of Computing ScienceNewcastle University

with: R.Devillers, V.Khomenko, H.Klaudel, A.Niaouris

UFO'07, Siedlce, Poland 2007

outline
Outline
  • Motivation
  • Coloured Petri nets
  • Expansion and unfolding
  • Relationship diagram
  • Experimental results
  • Application: mobile systems
  • π-calculus to Petri nets
  • Implementation issues
  • Experimental results
  • Further work
motivation
ColouredPNs:

a good intermediate formalism

Gap

Motivation

Low-level PNs:

  • Can be efficiently verified
  • Not convenient for modelling

High-level descriptions:

  • Convenient for modelling
  • Verification is hard
coloured pns
{1,2}

{1,2}

1

2

u

v

w

w

{1..4}

Coloured PNs
expansion
{1,2}

{1,2}

1

2

u

v

w

w

{1..4}

Expansion
  • The expansion faithfully models the original net
  • Blow up in size
unfolding
{1,2}

{1,2}

1

2

u

v

1

2

w

w

u=1

v=2

w=1

u=1

v=2

w=2

{1..4}

1

2

Unfolding
example computing gcd
2

3

{0..100}

{0..100}

v0

u%v

v

u=3, v=2

m

n

u

v

2

1

u

0

u=2, v=1

u

1

0

{0..100}

u=1

1

Example: computing GCD
relationship diagram
expansion

Low-level PNs

unfolding

unfolding

Low-level prefix

Coloured prefix

Relationship diagram

Coloured PNs

?

relationship diagram1
expansion

Low-level PNs

unfolding

unfolding

Low-level prefix

Coloured prefix

Relationship diagram

Coloured PNs

~

relationship diagram2
{1,2}

{1,2}

1

2

u

v

w

w

{1..4}

1

2

u=1

v=2

w=1

u=1

v=2

w=2

1

2

Relationship diagram
relationship diagram3
expansion

Low-level PNs

Relationship diagram

Coloured PNs

unfolding

unfolding

Prefix

benefits
Benefits
  • Avoiding an exponential blow up when building the expansion
  • Definitions are similar to those for LL unfoldings, no new proofs
  • All results and verification techniques for LL unfoldings are still applicable
    • Model checking algorithms
    • Canonicity, completeness, finiteness
benefits1
Benefits
  • Existing unfolding algorithms for LL PNs can easily be adapted
    • Usability of the total adequate order proposed in
    • All the heuristics improving the efficiency can be employed (e.g. concurrency relation and preset trees)
    • Parallel unfolding algorithm
extensions infinite place types
{0..100}

{0..100}

v0

u%v

v

m

n

u

v

u

0

u

{0..100}

Extensions: infinite place types
extensions infinite place types1
2

3

N

N

v0

u%v

v

u=3, v=2

m

n

u

v

2

1

u

0

u=2, v=1

u

1

0

N

u=1

1

Extensions: infinite place types
extensions infinite place types2
2

3

{1..3}

{0..2}

v0

u%v

v

u=3, v=2

m

n

u

v

2

1

u

0

u=2, v=1

u

1

0

{1}

u=1

1

Extensions: infinite place types
refined expansion
expansion

Low-level PNs

Refined expansion

Coloured PNs

unfolding

unfolding

Prefix

experimental results
Experimental results
  • Tremendous improvements for colour-intensive PNs (e.g. GCD)
  • Negligible slow-down (<0.5%) for control-intensive PNs (e.g. Lamport’s mutual exclusion algorithm)
application mobility
Application: mobility
  • One of the main features of many crucial modern distributed computing systems
  • Formal analysis and verification using process algebras like π-calculus
  • Our aim: to alleviate the state space explosion problem during reachability analysis of mobile systems
  • Using/adapting model checking algorithms based on unfoldings
syntax finite
Syntax (finite)

Basic elements are channel (names) like a, b, c, ...

ab input prefix

ab output prefix

τ internal prefix

pref.P first execute pref then P

P+Q execute P or Q

P | Q execute P and Q in parallel

(νc) P restrict c within P

A ├ P A is the set of all “known” channels

_

operational semantics
Operational semantics

Operational semantics defined using SOS rules such as:

¬b є A

______________________________________

A ├ ac.P A {b} ├ {b/c} P

One can then consider LTSs generated by π-terms, the associated behavioural properties, etc.

ab

p nets
p-nets

High level Petri nets where tokens can, e.g., be channels

a

u

transition is enabled if there is a suitable binding for u and v

v

v

τ

b

read arcs

(non-directed)

only for testing

p nets1
p-nets

High level nets where tokens can be, e.g., channels

a

u

transition is enabled if there is a suitable binding for u and v

for instance

u=a

v=b

v

v

τ

b

p nets2
p-nets

High level nets where tokens can be, e.g., channels

a

u

transition is enabled if there is a suitable binding for u and v

for instance

u=a

v=b

which leads to

v

v

τ

b

b

holder places and read arcs
Holder places and read arcs

Blue part (holder places) is related to channels

a

u

u

u

v

v

v

v

τ

snd

b

rcv

Black part is related to control flow

tag place
Tag-place

Used to maintain information about Known, New and Restricted channels

V.v.K

a

u

_

e.N

U.u.K

a.a.K

UV

Δ.R

v

V.N

Δ

v.R

tag place1
Tag-place

Used to maintain information about Known, New and Restricted channels

suitable bindingu=U=av=ΔV=e

V.v.K

a

u

_

e.N

U.u.K

a.a.K

UV

Δ.R

v

V.N

Δ

v.R

tag place2
Tag-place

Used to maintain information about Known, New and Restricted channels

suitable bindingu=U=av=ΔV=e

V.v.K

a

u

_

e.Δ.K

U.u.K

a.a.K

UV

v

V.N

Δ

v.R

_

generates ae

and then LTS can be defined

p nets3
p-nets

p-nets can be composed to mirror the operators in the process algebra:prefixing

parallel composition choice communication

model checking calculus
Model checking π-calculus

Pi-calculus

expression

Safe

High-level PN

(p-nets)

Automatic translation

example 1
Example 1

V.v.K

U.u.K

v.v.K

d.d.K

u

u

U.u.K

b

UV

Uv

b.b.K

e.N

v.N

v

Uv

v

u

V.v.K

_

UV

U.u.K

v

d

_

{b,d} ├ ba.ad

example 11
Example 1

V.v.K

U.u.K

v.v.K

d.d.K

u

u

U.u.K

b

UV

Uv

b.b.K

e.N

v.N

v

Uv

v

u

V.v.K

bindingu=U=bv=e

_

UV

U.u.K

v

d

example 12
Example 1

V.v.K

U.u.K

v.v.K

d.d.K

u

u

U.u.K

b

UV

Uv

b.b.K

e.e.K

v.N

v

Uv

v

e

u

V.v.K

bindingu=U=bv=egenerates be

_

UV

U.u.K

v

d

example 13
Example 1

V.v.K

U.u.K

v.v.K

d.d.K

u

u

U.u.K

b

UV

Uv

b.b.K

e.e.K

v.N

v

Uv

v

e

u

V.v.K

_

UV

U.u.K

v

d

example 14
Example 1

V.v.K

U.u.K

v.v.K

d.d.K

u

u

U.u.K

b

UV

Uv

b.b.K

e.e.K

v.N

v

Uv

v

e

u

V.v.K

bindingu=U=ev=V=d

_

UV

U.u.K

v

d

example 15
Example 1

V.v.K

U.u.K

v.v.K

d.d.K

u

u

U.u.K

b

UV

Uv

b.b.K

e.e.K

v.N

v

Uv

v

e

u

V.v.K

bindingu=U=ev=V=dgenerates ed

_

UV

U.u.K

v

_

d

example 2
Example 2

V.v.K

a

a.a.K

u

_

U.u.K

b.b.K

UV

Δ.R

v

f.N

V.N

v.R

Δ

u

V.v.K

_

UV

U.u.K

v

b

_

_

{a,b} ├ (νc)ac.cb

example 21
Example 2

V.v.K

a

a.a.K

u

_

U.u.K

b.b.K

UV

Δ.R

v

f.N

V.N

v.R

Δ

u

V.v.K

_

bindingu=U=aV=fv= Δ

UV

U.u.K

v

b

example 22
Example 2

V.v.K

a

a.a.K

u

_

U.u.K

b.b.K

UV

f.Δ.K

v

V.N

v.R

Δ

u

V.v.K

_

bindingu=U=aV=fv= Δgenerates af

UV

U.u.K

v

b

_

example 23
Example 2

V.v.K

a

a.a.K

u

_

U.u.K

b.b.K

UV

f.Δ.K

v

V.N

v.R

Δ

u

V.v.K

_

UV

U.u.K

v

b

example 24
Example 2

V.v.K

a

a.a.K

u

_

U.u.K

b.b.K

UV

f.Δ.K

v

V.N

v.R

Δ

u

bindingU=f

u=ΔV=v=b

V.v.K

_

UV

U.u.K

v

b

example 25
Example 2

V.v.K

a

a.a.K

u

_

U.u.K

b.b.K

UV

f.Δ.K

v

V.N

v.R

Δ

u

bindingU=f

u=ΔV=v=b generates fb

V.v.K

_

UV

U.u.K

v

_

b

example 3
Example 3

a

u

τ

v

v

V.v.K

Δ

a.a.K

u

v

_

_

Δ.R

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.N

u

v.R

d

e

V.N

_

_

_

{a,e,d} ├ (νc)(ac.ec | ab.bd)

example 31
Example 3

a

u

τ

v

v

V.v.K

Δ

a.a.K

u

v

_

_

Δ.R

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.N

u

v.R

d

e

V.N

example 32
Example 3

a

u

τ

v

v

V.v.K

Δ

Δ

a.a.K

u

v

_

_

Δ.R

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.N

u

v.R

d

e

V.N

example 33
Example 3

a

u

τ

v

v

V.v.K

Δ

Δ

a.a.K

u

v

_

_

Δ.R

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.N

u

v.R

d

e

V.N

example 34
Example 3

a

u

τ

v

v

V.v.K

Δ

Δ

a.a.K

u

v

_

_

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.Δ.K

u

v.R

d

e

V.N

example 35
Example 3

a

u

τ

v

v

V.v.K

Δ

Δ

a.a.K

u

v

_

_

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.Δ.K

u

v.R

d

e

V.N

example 36
Example 3

a

u

τ

v

v

V.v.K

Δ

Δ

a.a.K

u

v

_

_

V.v.K

U.u.K

e.e.K

UV

UV

U.u.K

d.d.K

v

f.Δ.K

u

v.R

d

e

V.N

model checking calculus1
Model checking π-calculus

pi-calculus

expression

Safe

High-level PN

(p-nets)

PUNF

MPSat

Property

Checking

PN unfolding

implementation issues
Implementation issues
  • Infinity of new channels
  • Read arcs
  • Non-safeness
  • Partial-transition expansion
  • Reducing the number of holder places
example
Example

NESS

a?ness

a

T

ness

h1

h4

h3

h2

example1
Example

h1!ness | h2!ness | h3!ness | h4!ness

NESS

a

T

ness

h1

h4

ness

ness

ness

h3

h2

ness

example2
Example

h1?addr1

| h2?addr2

| h3?addr3 | h4?addr4

NESS

a

T

ness

ness

ness

ness

ness

h1

h4

ness

ness

h3

h2

ness

ness

example3
Example

NESS

a

T

ness

h1

h4

h2

h3

ness

ness

ness

ness

example4
h!h1. h1!done. STOP

+

h?another1.addr1!h1.addr1!another1.

h1!done.STOP

Example

NESS

a

T

ness

ness

ness

h1

h4

h3

h2

ness

h

ness

h

ness

ness

further work
Further work
  • We need efficient extensions of the unfolding approach for read arcs
  • Introduce a restricted form of recursion still allowing one to use model-checking
  • Deal with the state space explosion caused by aspects other than high level of concurrency
  • Further performance comparisons of this model with other model checkers
ad