Parallel LTL-X Model Checking of High- Level Petri Nets Based on Unfoldings Claus Schröter* and Victor Khomenko** *University of Stuttgart, Germany **University.

Slides:



Advertisements
Similar presentations
1 Verification by Model Checking. 2 Part 1 : Motivation.
Advertisements

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Vasileios Germanos 1, Stefan Haar 2, Victor Khomenko 1, and Stefan Schwoon 2 1 School of Computing Science, Newcastle University, UK 2 INRIA & LSV (ENS.
Shortest Violation Traces in Model Checking Based on Petri Net Unfoldings and SAT Victor Khomenko University of Newcastle upon Tyne Supported by IST project.
On Specification and Verification of Location- Based Fault Tolerant Mobile Systems Alexei Iliasov, Victor Khomenko, Maciej Koutny and Alexander Romanovsky.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Hardware and Petri nets Symbolic methods for analysis and verification.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Based on: Petri Nets and Industrial Applications: A Tutorial
Applying Petri Net Unfoldings for Verification of Mobile Systems Apostolos Niaouris Joint work with V. Khomenko, M. Koutny MOCA ‘06.
Diagnosability Verification with Parallel LTL-X Model Checking Based on Petri Net Unfoldings Agnes Madalinski 1, and Victor Khomenko 2 1 Faculty of Engineering.
A Novel Method For Fast Model Checking Project Report.
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
Merged Processes of Petri nets Victor Khomenko Joint work with Alex Kondratyev, Maciej Koutny and Walter Vogler.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.
Logic Synthesis for Asynchronous Circuits Based on Petri Net Unfoldings and Incremental SAT Victor Khomenko, Maciej Koutny, and Alex Yakovlev University.
CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.
Hardware and Petri nets Partial order methods for analysis and verification of asynchronous circuits.
On-the-fly Model Checking from Interval Logic Specifications Manuel I. Capel & Miguel J. Hornos Dept. Lenguajes y Sistemas Informáticos Universidad de.
Hierarchical and Recursive State Machines with Context- Dependent Properties Salvatore La Torre, Margherita Napoli, Mimmo Parente and Gennaro Parlato Dipartimento.
Witness and Counterexample Li Tan Oct. 15, 2002.
Visualisation and Resolution of Coding Conflicts in Asynchronous Circuit Design A. Madalinski, V. Khomenko, A. Bystrov and A. Yakovlev University of Newcastle.
Resolution of Encoding Conflicts by Signal Insertion and Concurrency Reduction based on STG Unfoldings V. Khomenko, A. Madalinski and A. Yakovlev University.
Models of Computation for Embedded System Design Alvise Bonivento.
Review of the automata-theoretic approach to model-checking.
Branching Processes of High-Level Petri Nets Victor Khomenko and Maciej Koutny University of Newcastle upon Tyne.
Embedded Systems Laboratory Department of Computer and Information Science Linköping University Sweden Formal Verification and Model Checking Traian Pop.
Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems Maciej Koutny School of Computing Science Newcastle University with:
Witness and Counterexample Li Tan Oct. 15, 2002.
*Department of Computing Science University of Newcastle upon Tyne **Institut für Informatik, Universität Augsburg Canonical Prefixes of Petri Net Unfoldings.
Automata and Formal Lanugages Büchi Automata and Model Checking Ralf Möller based on slides by Chang-Beom Choi Provable Software Lab, KAIST.
Merged processes – a new condensed representation of Petri net behaviour V.Khomenko 1, A.Kondratyev 2, M.Koutny 1 and W.Vogler 3 1 University of Newcastle.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)
Model Checking LTL over (discrete time) Controllable Linear System is Decidable P. Tabuada and G. J. Pappas Michael, Roozbeh Ph.D. Course November 2005.
HELSINKI UNIVERSITY OF TECHNOLOGY *Laboratory for Theoretical Computer Science Helsinki University of Technology **Department of Computing Science University.
LTL – model checking Jonas Kongslund Peter Mechlenborg Christian Plesner Kristian Støvring Sørensen.
Flavio Lerda 1 LTL Model Checking Flavio Lerda. 2 LTL Model Checking LTL –Subset of CTL* of the form: A f where f is a path formula LTL model checking.
Verification technique on SA applications using Incremental Model Checking 컴퓨터학과 신영주.
Regular Model Checking Ahmed Bouajjani,Benget Jonsson, Marcus Nillson and Tayssir Touili Moran Ben Tulila
Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.
Model Checking Lecture 3 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
CY2003 Computer Systems Lecture 7 Petri net. © LJMU, 2004CY2003- Week 72 Overview Petri net –concepts –Petri net representation –Firing a transition –Marks.
CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.
Copyright , Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.
Petri Nets Lecturer: Roohollah Abdipour. Agenda Introduction Petri Net Modelling with Petri Net Analysis of Petri net 2.
1 CSEP590 – Model Checking and Automated Verification Lecture outline for August 6, 2003.
Recognizing safety and liveness Presented by Qian Huang.
Behavioral Comparison of Process Models Based on Canonically Reduced Event Structures Paolo Baldan Marlon Dumas Luciano García Abel Armas.
Constraints Assisted Modeling and Validation Presented in CS294-5 (Spring 2007) Thomas Huining Feng Based on: [1]Constraints Assisted Modeling and Validation.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
/ PSWLAB S PIN Search Optimization from “THE SPIN MODEL CHECKER” by G. Holzmann Presented by Hong,Shin 23 th Nov SPIN Search.
1 Temporal logic. 2 Prop. logic: model and reason about static situations. Example: Are there truth values that can be assigned to x,y simultaneously.
Model Checking Lecture 1. Model checking, narrowly interpreted: Decision procedures for checking if a given Kripke structure is a model for a given formula.
Bounded Model Checking A. Biere, A. Cimatti, E. Clarke, Y. Zhu, Symbolic Model Checking without BDDs, TACAS’99 Presented by Daniel Choi Provable Software.
A SUPPORT TOOL FOR THE REACHABILITY AND OTHER PETRI NETS- RELATED PROBLEMS AND FORMAL DESIGN AND ANALYSIS OF DISCRETE SYSTEMS Department of Computers and.
Model Checking Lecture 2. Model-Checking Problem I |= S System modelSystem property.
CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.
Model Checking Lecture 2 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.
Complexity of Compositional Model Checking of Computation Tree Logic on Simple Structures Krishnendu Chatterjee Pallab Dasgupta P.P. Chakrabarti IWDC 2004,
Structural methods for synthesis of large specifications
Automatic Verification
Translating Linear Temporal Logic into Büchi Automata
Victor Khomenko and Andrey Mokhov
Predictability Verification with Petri Net Unfoldings
Presentation transcript:

Parallel LTL-X Model Checking of High- Level Petri Nets Based on Unfoldings Claus Schröter* and Victor Khomenko** *University of Stuttgart, Germany **University of Newcastle upon Tyne, UK UNIVERSITY OF STUTTGART

Basis for our work Esparza and Heljanko (ICALP 2000, SPIN 2001): A New Unfolding Approach to LTL Model-Checking  Net system is constructed as the product of the original net system and an Büchi automaton accepting   Model-checking problem is reduced to detection of illegal ω-traces and illegal livelocks by exploiting finite complete prefixes

Basis for our work Simplicity of this approach Partial order semantics of Petri nets Alleviates the state space explosion problem  Input are low level Petri nets  Low level Petri nets are not convenient for modelling

Low-level PNs: Can be efficiently verified  Not convenient for modelling High-level descriptions:  Verification is hard Convenient for modelling a good intermediate formalism Coloured PNsColoured PNs Gap

Coloured PNs 1 2 w<u+v vu w {1,2} {1..4}

Coloured PNs 1 2 w<u+v vu w {1,2} {1..4}

Coloured PNs w<u+v vu w {1,2} {1..4} 1

Coloured PNs w<u+v vu w {1,2} {1..4} 2

Expansion 1 2 w<u+v v u w {1,2} {1..4}

Expansion 1 2 w<u+v v u w {1,2} {1..4}

Expansion 1 2 w<u+v v u w {1,2} {1..4}

Expansion 1 2 w<u+v v u w {1,2} {1..4}

Expansion 1 2 w<u+v v u w {1,2} {1..4}

Expansion The expansion faithfully models the original net 1 2 w<u+v v u w {1,2} {1..4}  Blow up in size

Finite complete prefix  Introduced by McMillan in 1992  Relies on the partial order view of concurrent computation  Represents system states implicitly, using an acyclic net  Satisfies two key properties: Completeness: Each reachable marking of the original net is represented by at least one reachable marking in the prefix Finiteness: The prefix is finite and thus can be used as an input to model-checking algorithms

Relationship diagram Coloured PNs unfolding Low-level prefix Coloured prefix unfolding Low-level PNs expansion ?

Relationship diagram Coloured PNs unfolding Low-level prefix Coloured prefix unfolding Low-level PNs expansion ~ Khomenko and Koutny proved isomorphism (TACAS’03)

Relationship diagram 1 2 w<u+v v u w {1,2} {1..4} 1 2 u=1 v=2 w=1 12 u=1 v=2 w=2

Example: Buffer of capacity 2 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb

Example: Buffer of capacity 2 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb

Example: Buffer of capacity t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb

Example: Buffer of capacity t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb

Example: Buffer of capacity t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb

Example: Buffer of capacity t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb

Example: Buffer of capacity 2 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb

Example: Buffer of capacity 2 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb Property: φ = ◊□(p 2 ≠0) q0q0 q1q1  (p 2 ≠0) true u0u0 u1u1 I0I0  (p 2 ≠0) q 0 :{  } q 1 :{  } Büchi automaton A  φ

Synchronisation  Standard technique: Synchronisation on all transitions  Synchronisation sequentialises the system  Not suitable for unfolding based verification  Solution: Synchronisation just on those transitions which ‘touch’ the atomic propositions of the formula Concurrency can be exploited

Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1

Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 p2p2 p2p2

Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } S:{  } p2p2 p2p2

Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } S:{  } p2p2 p2p2

Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } S:{  } p2p2 p2p2

Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } S:{  } p2p2 p2p2

Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } S:{  } p2p2 p2p2

Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } S:{  } p2p2 p2p2

Illegal ω-traces  Infinite transition sequence that touches q 1 infinitely often violates φ  To detect such runs we introduce a set I off all transitions putting a token into an accepting Büchi place  An infinite transition sequence of the synchronised net which is fireable from the initial marking and contains infinitely many occurrences of I-transitions violates φ (illegal ω-trace)

Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } L0L0 S:{  } p2p2 p2p2

Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } L0L0 L1L1 S:{  } p2p2 p2p2

Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } L0L0 L1L1 L2L2 S:{  } p2p2 p2p2 p2p2  (p 2 ≠0)

Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } L0L0 L1L1 L2L2 S:{  } p2p2 p2p2 p2p2  (p 2 ≠0)

q0q0 S p10p10 p31p31 p31p31 p10p10 S q0q0 q0q0 B u0u0 t3t3 p41p41 I0I0 Prefix

q0q0 S p10p10 p31p31 p31p31 p10p10 S q0q0 q0q0 B u0u0 t3t3 p41p41 I0I0

q0q0 S p10p10 p31p31 p31p31 p10p10 S q0q0 q0q0 B u0u0 t3t3 p41p41 I0I0

q0q0 S p10p10 p31p31 p31p31 p10p10 S q0q0 q0q0 B u0u0 t3t3 p41p41 I0I0

q0q0 S p10p10 p31p31 p31p31 p10p10 S q0q0 q0q0 B u0u0 t3t3 p41p41 I0I0

Experimental Results NetFormulaUnfSmdlSpinPunf Abp□(p→◊q) Bds□(p→◊q) Dpd(7) ◊□  (p  q  r) Furnace(3)◊□p GasNq(4)◊□p Rw(12)□(p→◊q) Ftp◊□p>

More Results NetFormulaUnfSmdlSpinPunf Over(5)◊□p Cyclic(12)□(p→◊q) Ring(9)◊□p Dp(12) ◊□  (p  q  r) Ph(12) ◊□  (p  q  r) Com(15,0) □(p→  ◊q) Par(5,10) □(p→  ◊q)

More Results NetSpinPunf Cyclic(15) Cyclic(16) Cyclic(17) Ring(12) Ring(13) Ring(14) Dp(13) Dp(14) NetSpinPunf Com(20,0) Com(21,0) Com(22,0) Ph(15) Ph(18) Ph(21) mem Par(6,10) Par(7,10) 161 mem

Results for Parallel Mode NetSpinPunf(1)Punf(2) Com(20,3) Com(22,3) Com(25,3) mem Par(20,100) Par(20,150) mem Buf(20) Buf(25)

Conclusions  Efficient parallel LTL-X model-checker for high level Petri nets  Based on partial order techniques (unfoldings)  Alleviates the state space explosion problem  Experimental results showed a good performance of our checker for several examples

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.