Merged processes – a new condensed representation of Petri net behaviour V.Khomenko 1, A.Kondratyev 2, M.Koutny 1 and W.Vogler 3 1 University of Newcastle upon Tyne 2 Cadence Berkeley Labs 3 University of Augsburg
2 Petri net unfoldings An acyclic net obtained through unfolding the PN by successive firings of transitions: for each new firing a fresh transition (called an event) is generated for each newly produced token a fresh place (called a condition) is generated The full unfolding can be infinite If the PN has finitely many reachable states then the unfolding eventually starts to repeat itself and can be truncated (by identifying a set of cut-off events) without loss of essential information, yielding a finite prefix
3 T1T1 P3P3 T3T3 P5P5 P2P2 T2T2 P1P1 T5T5 P6P6 T4T4 P4P4 P7P7 P8P8 P9P9 P 11 P 10 P 13 P 14 P 12 T9T9 T7T7 T 10 T6T6 T8T8 Example: Dining Philosophers
4 T1T1 P1P1 P7P7 P8P8 P9P9 T6T6 T1T1 P3P3 T3T3 P5P5 P2P2 T2T2 P1P1 T5T5 P6P6 T4T4 P4P4 P7P7 P8P8 P9P9 P 11 P 10 P 13 P 14 P 12 T9T9 T7T7 T 10 T6T6 T8T8 Example: Dining Philosophers
5 T1T1 P1P1 T2T2 T3T3 P2P2 P3P3 P7P7 P8P8 P9P9 T6T6 T1T1 P3P3 T3T3 P5P5 P2P2 T2T2 P1P1 T5T5 P6P6 T4T4 P4P4 P7P7 P8P8 P9P9 P 11 P 10 P 13 P 14 P 12 T9T9 T7T7 T 10 T6T6 T8T8 Example: Dining Philosophers
6 T1T1 P1P1 T2T2 T3T3 P2P2 P3P3 P7P7 P8P8 P9P9 T6T6 T7T7 P 10 P 11 T8T8 T1T1 P3P3 T3T3 P5P5 P2P2 T2T2 P1P1 T5T5 P6P6 T4T4 P4P4 P7P7 P8P8 P9P9 P 10 P 13 P 14 P 12 T9T9 T7T7 T 10 T6T6 T8T8 Example: Dining Philosophers
7 T1T1 P1P1 T2T2 T3T3 P2P2 P3P3 P4P4 P7P7 P8P8 P9P9 T6T6 T7T7 P 10 P 11 T8T8 T1T1 P3P3 T3T3 P5P5 P2P2 T2T2 P1P1 T5T5 P6P6 T4T4 P4P4 P7P7 P8P8 P9P9 P 10 P 13 P 14 P 12 T9T9 T7T7 T 10 T6T6 T8T8 Example: Dining Philosophers
8 T1T1 P1P1 T2T2 T3T3 P2P2 P3P3 P4P4 P5P5 T4T4 P7P7 P8P8 P9P9 T6T6 T7T7 P 10 P 11 T8T8 T1T1 P3P3 T3T3 P5P5 P2P2 T2T2 P1P1 T5T5 P6P6 T4T4 P4P4 P7P7 P8P8 P9P9 P 10 P 13 P 14 P 12 T9T9 T7T7 T 10 T6T6 T8T8 Example: Dining Philosophers
9 T1T1 P1P1 T2T2 T3T3 P2P2 P3P3 P4P4 P5P5 T4T4 P7P7 P8P8 P9P9 T6T6 T7T7 P 10 P 11 T8T8 P 12 T1T1 P3P3 T3T3 P5P5 P2P2 T2T2 P1P1 T5T5 P6P6 T4T4 P4P4 P7P7 P8P8 P9P9 P 11 P 10 P 13 P 14 P 12 T9T9 T7T7 T 10 T6T6 T8T8 Example: Dining Philosophers
10 T1T1 P1P1 T2T2 T3T3 P2P2 P3P3 P4P4 P5P5 T4T4 P7P7 P8P8 P9P9 T6T6 T7T7 P 10 P 11 T8T8 P 13 P 12 T9T9 T1T1 P3P3 T3T3 P5P5 P2P2 T2T2 P1P1 T5T5 P6P6 T4T4 P4P4 P7P7 P8P8 P9P9 P 11 P 10 P 13 P 14 P 12 T9T9 T7T7 T 10 T6T6 T8T8 Example: Dining Philosophers
11 T1T1 P1P1 T2T2 T3T3 P2P2 P3P3 P4P4 P5P5 T4T4 P6P6 T5T5 P7P7 P8P8 P9P9 T6T6 T7T7 P 10 P 11 T8T8 P 13 P 12 T9T9 T1T1 P3P3 T3T3 P5P5 P2P2 T2T2 P1P1 T5T5 P6P6 T4T4 P4P4 P7P7 P8P8 P9P9 P 11 P 10 P 13 P 14 P 12 T9T9 T7T7 T 10 T6T6 T8T8 Example: Dining Philosophers
12 T1T1 P1P1 T2T2 T3T3 P2P2 P3P3 P4P4 P5P5 T4T4 P6P6 T5T5 P7P7 P8P8 P9P9 T6T6 T7T7 P 10 P 11 T8T8 P 13 P 12 T9T9 P 14 T 10 T1T1 P3P3 T3T3 P5P5 P2P2 T2T2 P1P1 T5T5 P6P6 T4T4 P4P4 P7P7 P8P8 P9P9 P 11 P 10 P 13 P 14 P 12 T9T9 T7T7 T 10 T6T6 T8T8 Example: Dining Philosophers
13 T1T1 P1P1 T2T2 T3T3 P2P2 P3P3 P4P4 P5P5 T4T4 P6P6 T5T5 P7P7 P8P8 P9P9 T6T6 T7T7 P 10 P 11 T8T8 P 13 P 12 T9T9 P 14 T 10 T1T1 P3P3 T3T3 P5P5 P2P2 T2T2 P1P1 T5T5 P6P6 T4T4 P4P4 P7P7 P8P8 P9P9 P 11 P 10 P 13 P 14 P 12 T9T9 T7T7 T 10 T6T6 T8T8 Example: Dining Philosophers
14 T1T1 P1P1 T2T2 T3T3 P2P2 P3P3 P4P4 P5P5 T4T4 P6P6 T5T5 P7P7 P8P8 P9P9 T6T6 T7T7 P 10 P 11 T8T8 P 13 P 12 T9T9 P 14 T 10 T1T1 P3P3 T3T3 P5P5 P2P2 T2T2 P1P1 T5T5 P6P6 T4T4 P4P4 P7P7 P8P8 P9P9 P 11 P 10 P 13 P 14 P 12 T9T9 T7T7 T 10 T6T6 T8T8 Example: Dining Philosophers
15 T1T1 P1P1 T2T2 T3T3 P2P2 P3P3 P4P4 P5P5 T4T4 P6P6 T5T5 P1P1 P7P7 P8P8 P7P7 P8P8 P9P9 T6T6 T7T7 P 10 P 11 T8T8 P 13 P 12 T9T9 P 14 T 10 P9P9 P7P7 P8P8 T1T1 P3P3 T3T3 P5P5 P2P2 T2T2 P1P1 T5T5 P6P6 T4T4 P4P4 P7P7 P8P8 P9P9 P 11 P 10 P 13 P 14 P 12 T9T9 T7T7 T 10 T6T6 T8T8 Example: Dining Philosophers
16 Alleviate the state space explosion problem for highly concurrent systems e.g. for Dining Philosophers the prefix size is linear in the number of philosophers even though the number of states is exponential Efficient model checking algorithms e.g. deadlock checking is PSPACE- complete for safe PNs but only NP- complete for prefixes Do not cope well with other than concurrency sources of state space explosion, e.g. with sequence of choices Do not cope well with non-safe PNs Characteristics of unfoldings
17 Example: sequence of choices No event is cut-off, the prefix is exponential
18 mm Example: non-safe PN Tokens in the same place are distinguished in the unfolding, the prefix is exponential
19 Wanted A data structure coping not only with concurrency but also with other sources of state space explosion
Example: a Petri net
21 Example: unfolding Idea: Fuse some of the nodes with the same label
22 Occurrence-depth Merged Process: Fuse conditions with the same label and occurrence-depth Delete duplicate events
23 Examples Merged processes of these nets coincide with the original nets, even though unfoldings are exponential! mm
24 Experimental results Corbett’s benchmarks were used Merged processes are often by orders of magnitude smaller than unfolding prefixes In many cases they are just slightly larger than the original PNs In some cases they are smaller than the original PNs due to removal of dead places
25 Upper bounds on the size Trivial bound: Merged processes are no larger than unfolding prefixes and hence no larger than the reachability graph too pessimistic in practice Merged processes of acyclic PN coincide with the original PNs with the dead nodes removed unfoldings can be exponential Merged processes of live and safe free-choice PNs [with minor restrictions] are polynomial in the size of the original PNs unfoldings can be exponential
26 Model checking Merged processes are small, but are they of any use? Can model checking algorithms developed for unfoldings be lifted to merged prefixes?
27 Problem: cycles A Petri net
28 Problem: cycles Unfolding Criss-cross fusion results in a cycle!
29 Merged process with a cycle Problem: cycles Still worse, the marking equation (ME) used for unfolding-based verification can have spurious solutions
30 Problem: cycles Borrow a token Fire The borrowed token is returned The current marking is unreachable
31 Solution Add to the marking equation another constraint, ACYCLIC, requiring the run to be acyclic: ME & ACYCLIC
32 Another problem: spurious runs 1 2 Can visit this condition without first visiting the other one! not possible in the unfolding
33 Solution Add another constraint, NG (no-gap), conveying that if a condition with occurrence- depth k>1 is visited then the condition with the same label and occurrence-depth k-1 is also visited: ME & ACYCLIC & NG This is enough to lift unfolding-based model checking algorithms to merged processes! Deadlock checking is NP-complete in the size of merged process – no worse than for unfoldings
34 Experimental results Corbett’s benchmarks were used Model checking is practical – running times are comparable with those of an unfolding-based algorithm Still deteriorates on a couple of benchmarks – but it’s early days of this approach and we keep improving it
35 Open problems / future work Direct characterization of merged processes currently much is done via unfoldings Improve the efficiency of model checking A direct algorithm for building merged processes currently built by fusing nodes in the unfolding prefix significant progress has been made in this direction