1 / 32

Reachability analysis*

Reachability analysis*. dr. András Pataricza dr. Tamás Bartha BUTE DMIS translated by Zoltán Micskei. * Also see the Murata paper. Reachability analysis. Reachability problem Dynamic properties Representing state space Simplifying reachability problem. Reachability.

quynh
Download Presentation

Reachability analysis*

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Reachability analysis* dr. András Pataricza dr. Tamás Bartha BUTE DMIS translated by Zoltán Micskei * Also see the Murata paper

  2. Reachability analysis • Reachability problem • Dynamic properties • Representing state space • Simplifying reachability problem

  3. Reachability • Analyzing the dynamic behavior • Marking: state • Firing: state transition • Firing sequence: trajectory in the state space, moving from M0 to Mn state • Mn is reachable from M0 iff there exists a firing sequence from M0 to Mn:

  4. Reachability analysis In the N Petri net from the M0 starting state • Reachable states • State-based analysis • Possible firing sequences • State-transition (event) based analysis

  5. Reachability problem • Reachability problem in Petri nets • Is Mn state reachable from any M0 initial state: • Sub marking reachability problem • finding *, where M’nis any marking whose restriction to a given subset of places agrees with that of a given marking Mn. *N can be omitted to shorten the formula

  6. Preliminary: Decidability* • Decidable refers to the existence of an effective method • An effective method (also called a decision procedure) for a class of problems is a method for which each step in the method may be described as a mechanical operation and which, if followed rigorously, and as far as may be necessary, is bound to: • always give some answer rather than ever give no answer; • always give the right answer and never give a wrong answer; • always be completed in a finite number of steps, rather than in an infinite number; • work for all instances of problems of the class. * Wikipedia

  7. Solving the reachability problem • The reachability problem is decidable • But it’s space-complexity is exponential in general • The equality problem is undecidable • There is no algorithm for determining if for any two Petri nets • But it is decidable and exponential in time for 1-bounded (safe) Petri nets

  8. Dynamic properties

  9. Dynamic properties • Properties connected to reachability • Dependon the initial marking • (cf. structural property: independent from the initial marking) • Dynamic properties: • Boundedness • Liveness • Deadlock-free • Reversibility • Home state • Coverability • Persistence • Fairness • Bounded-fair • Globally fair

  10. Boundedness • k-bounded (bounded) • In any states reachable M0 in any places the number of tokens does not exceed k • Safe Petri net: 1-bounded • Good for resource and job processing modeling • Is it guaranteed, that the jobs will be processed

  11. Liveness • Deadlock-free • In every state at least one transition can be fired • Liveness: can the transition be fired once/more than once/infinity often? • L0-live (dead) if t can never be fired in any firing sequence in L(M0). • L1-live (potentially firable) if t can be fired at least once in some firing sequence in L(M0). • L2-live if, given any positive integer k, t can be fired at least k times in some firing sequence in L(M0). • L3-live if t appears infinitely often in some firing sequence in L(M0). • L4-live or live if t is L3-Iive for every marking M in R(M0). • Simple consequence: from L4 to L1 the liveness properties imply each other

  12. Liveness: example t3 t1 t2 t0

  13. Liveness: example • t3 transition : L3-live t3 t1 t2 t0

  14. Liveness: example • t1 transition : L1-live • t3 transition : L3-live t3 t1 t2 t0

  15. Liveness: example • t1 transition : L1-live • t2 transition : L2-live • t3 transition : L3-live t3 t1 t2 t0

  16. Liveness: example • t0 transition: L0-live (dead) • t1 transition : L1-live • t2 transition : L2-live • t3 transition : L3-live t3 t1 t2 t0

  17. Liveness cont’d • A (P, T, Mo) Petri net is Lx-live • if all tT transition are Lx-live • A (P, T, Mo) Petri net is live • if L4-live, i.e. all tT transition is L4-live • It is deadlock-free in every state trajectory • Every transition can be fired again in the future • Deadlock-free  liveness • Proving liveness is costly in general • In special cases it is simple (e.g. invariants) • Assumes an ideal system

  18. Cyclic properties • Reversibility: • The initial state can be reached from each marking • Often models cyclic behavior • Home state: • MN is a home state, if it is reachable from each M in R(M0) • Often models cyclic behavior with initialization

  19. Cyclic properties cont’d • Coverability: • Will a marking be reached, which covers marking M • M’ marking covers M marking if • M’M means: • If M is the minimal marking that enables t transition, then • t is not L1-live iff M is not coverable • M is coverable →t is L1-live

  20. Dynamic properties: interaction • Persistency: • APetri net (N, MO)is said to be persistent if, for any two enabled transitions, the firing of one transition will not disable the other. • An enabled transition will be enabled until its firing! • Useful for determining: • Do the parallel behaviors affect each other?

  21. Dynamic properties: interaction cont’d • Fairness: • Two distinct definition of fairness • Bounded fairness (B-fairness) • Two transitions t1 and t2are said to be in a bounded-fair relation if the maximum number of times that either one can fire while the other is not firing is bounded. • Globally fair: • Afiring sequenceis said to be unconditionally (globally) fair if it is finite or every transition in the net appears infinitely often in it. • Used for determining: • Do the parallel processes hold up each other? • Will all the process be finished?

  22. Representing state space

  23. Reachability graph • State graph starting from the initial state M0 • Nodes: states  labeled with marking • Arcs: state transition  labeled with firing • For a given node the number of outgoing arcs are at most the number of the enabled transitions in the state represented by the node • Fewer, if the net has priorities • Node with no outgoing arcs represent deadlock • If net is not bounded  infinite number of states • Boundedness  finite state space • Breadth first search from the initial state • Depth first search is not good in a net with infinite state space

  24. Coverability tree • There is no correlation between the size/complexity of a Petri net and the size of its state space • Need a representation to handle infinite state space • Coverability tree: also for infinite state space • Similar to reachability graph: nodes represent states, arc represent firings • Critical part: growing of tokens without limits in a place • Use a special symbol for representing infinity:  • If a marking covers an already visited marking in the trajectory, then let  flag the marking of the places, where the number of tokens increased.

  25. Generating coverability tree Ltoprocess { M0 } While Ltoprocess Choose the nextM Ltoprocess state ifM was present in the trajectory from the root to the current state then mark M as „old” elseif there is no enabled transition in M then mark M as „dead-end”

  26. Generating coverability tree cont’d else // (there is at least one enabled transition in M) for alltT: enabled(t, M) Compute the M’ next state after M: if there is an M’’ in the path from M0 to M, which is covered by M’, i.e. then M” is a covered state, in the node representing M’ replace the marking of the covered places with : else M’ is a new state:Ltoprocess Ltoprocess M’ add an arc from M to M’ labeled with t // return to the start of while loop

  27. Example: PN and its coverability tree “dead-end” “old” state “old” state

  28. Example: PN and its coverability graph

  29. Analyzing the coverability tree Some properties can be determined from the tree: • Petri net is bounded  R(N, M0) reachability graph is finite • Petri is safe  Only 0 and 1 in the labels of the nodes in the coverability tree • A t transition is dead  There is no arc with label t in the coverability tree

  30. Simplifying the reachability problem • Hierarchical modeling: • Merging subnets into one single node • Non-determinism of PNs  model abstraction • Limiting the state space in a coarse-grained model • Detailed analysis in a refined model • Compositional verification

  31. Simplifying the reachability problem cont’d • Exploiting symmetries: • Analyze the similar subnets only once • Typical applications • Multi processor system, Multitasking, Internet, Client-server • Colored Petri Nets • Well-formed colored Petri nets (WFN)

More Related