Victor Khomenko and Andrey Mokhov An Algorithm for Direct Construction of Complete Merged Processes Victor Khomenko and Andrey Mokhov

Rationale Merged processes (MPs) – a condense representation of the set of reachable states very compact – good to cope with the state space explosion in model checking amenable to efficient model checking similar to unfoldings, but much smaller (copes not only with concurrency, but also with sequences of choices) The only known algorithm for constructing MPs was based on merging nodes in the unfoldings hence cancels all the advantages of MPs Contribution: an algorithm that avoids the intermediate construction of the unfolding

MPs: occurrence depth 1 1 1 3 2 1 2 1 Merged Process: Fuse conditions with the same label and occurrence-depth Delete duplicate events

Example: a Petri net 1 3 2 4

Example: unfolding 3 1 4 3 2 4 Step 1: Fuse conditions of the nodes with the same label and occurrence-depth

Example: MP 3 1 4 2 3 4 Step 2: Delete event replicas

Examples m m MPs of these nets coincide with the original nets, even though unfoldings are exponential!

Properties of MPs Canonicity, Finiteness, Marking-Completeness – follow from the corresponding properties of unfoldings Theoretical upper bounds on size Experimental results: MPs are usually much smaller than unfoldings

Theoretical upper bounds on size Trivial bound: Merge(Pref) is never larger than Pref, hence never larger than the reachability graph too pessimistic in practice MPs of acyclic PN coincide with the original PNs with the dead nodes removed unfoldings can be exponential MPs of live and safe free-choice PNs [with minor restrictions] are polynomial in the size of the original PNs

Experimental results: PN/Unf/MP size

Experimental results: PN/MP size

Experimental results: summary Corbett’s benchmarks were used MPs are often by orders of magnitude smaller than unfolding prefixes In many cases MPs are just slightly larger than the original PNs In some cases MPs are smaller than the original PNs due to removal of dead nodes

Model checking Model checking algorithms developed for unfoldings can be lifted to MPs Reduces to SAT: ME & ACYCLIC & NG & VIOL Still need efficient encoding of ACYCLIC

Unravelling algorithm μ := the MP comprised of the initial conditions sz := 0 // current configuration size repeat sz++ pe := possible extensions of μ // SAT cand := {e∈pe | e has a local conf of size sz in μ} // SAT // filter out potential cut-offs slice := {e∈cand | ￢MaybeCutOff(μ⊕cand, e, sz)} // 2QBF μ := μ⊕slice until slice = ∅ ∧ ￢∃e∈pe: e has a local conf of size >sz in μ⊕pe // SAT

Computing the possible extensions Reduces to model checking (and so to SAT): Find a configuration C enabling a new instance of t

Cut-off criterion // Check if each local conf of e of size sz in μ contains a cut-off MaybeCutOff(μ, e, sz) ≡ // 2QBF ∀ local conf C of e in μ such that |C|=sz: ∃ f∈C: ∃ conf C’ in μ: Mark([f]C)=Mark(C’) ∧ [f]CC’ Problem: cannot definitely declare e a cut-off, as it can acquire new configurations as the MP grows Solution: if configurations are checked in the size order then can detect events that are definitely not cut-offs All configurations (not only the local ones) are allowed as cut-off correspondents The adequate order  must refine the size order

Termination criterion Not trivial! Check that no possible extension e has a local configuration of size >sz Reduces to model checking (and so to SAT): Find a configuration C enabling e such that |C|>sz

Age of reductions μ := the MP comprised of the initial mp-conditions sz := 0 // current configuration size repeat sz++ pe := possible extensions of μ // SAT cand := {e∈pe | e has a local conf of size sz in μ} // SAT // filter out potential cut-offs slice := {e∈cand | ￢MaybeCutOff(μ⊕cand, e, sz)} // 2QBF μ := μ⊕slice until slice = ∅ ∧ ￢∃e∈pe: e has a local conf of size >sz in μ⊕pe // SAT

Experimental results A prototype tool was developed Showed the feasibility of the approach Loses to unfoldings Much headroom for improving the tool Back to the future – improvements since the paper: Significant speedups in the tool Total adequate order Comparable with unfoldings Still much headroom for improving the tool

Future work Potential improvements: Improving the SAT encoding of the ACYCLIC constraint Home-brewed 2QBF solver – definitely needs improving Using incremental SAT wherever possible Improving the top-level structure of the unravelling algorithm?