Presentation is loading. Please wait.

Presentation is loading. Please wait.

Parallel LTL-X Model Checking of High- Level Petri Nets Based on Unfoldings Claus Schröter* and Victor Khomenko** *University of Stuttgart, Germany **University.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Parallel LTL-X Model Checking of High- Level Petri Nets Based on Unfoldings Claus Schröter* and Victor Khomenko** *University of Stuttgart, Germany **University."— Presentation transcript:

1 Parallel LTL-X Model Checking of High- Level Petri Nets Based on Unfoldings Claus Schröter* and Victor Khomenko** *University of Stuttgart, Germany **University of Newcastle upon Tyne, UK UNIVERSITY OF STUTTGART

2 Basis for our work Esparza and Heljanko (ICALP 2000, SPIN 2001): A New Unfolding Approach to LTL Model-Checking  Net system is constructed as the product of the original net system and an Büchi automaton accepting   Model-checking problem is reduced to detection of illegal ω-traces and illegal livelocks by exploiting finite complete prefixes

3 Basis for our work Simplicity of this approach Partial order semantics of Petri nets Alleviates the state space explosion problem  Input are low level Petri nets  Low level Petri nets are not convenient for modelling

4 Low-level PNs: Can be efficiently verified  Not convenient for modelling High-level descriptions:  Verification is hard Convenient for modelling a good intermediate formalism Coloured PNsColoured PNs Gap

5 Coloured PNs 1 2 w<u+v vu w {1,2} {1..4}

6 Coloured PNs 1 2 w<u+v vu w {1,2} {1..4}

7 Coloured PNs w<u+v vu w {1,2} {1..4} 1

8 Coloured PNs w<u+v vu w {1,2} {1..4} 2

9 Expansion 1 2 w<u+v v u w {1,2} {1..4}

10 Expansion 1 2 w<u+v v u w {1,2} {1..4}

11 Expansion 1 2 w<u+v v u w {1,2} {1..4}

12 Expansion 1 2 w<u+v v u w {1,2} {1..4}

13 Expansion 1 2 w<u+v v u w {1,2} {1..4}

14 Expansion The expansion faithfully models the original net 1 2 w<u+v v u w {1,2} {1..4}  Blow up in size

15 Finite complete prefix  Introduced by McMillan in 1992  Relies on the partial order view of concurrent computation  Represents system states implicitly, using an acyclic net  Satisfies two key properties: Completeness: Each reachable marking of the original net is represented by at least one reachable marking in the prefix Finiteness: The prefix is finite and thus can be used as an input to model-checking algorithms

16 Relationship diagram Coloured PNs unfolding Low-level prefix Coloured prefix unfolding Low-level PNs expansion ?

17 Relationship diagram Coloured PNs unfolding Low-level prefix Coloured prefix unfolding Low-level PNs expansion ~ Khomenko and Koutny proved isomorphism (TACAS’03)

18 Relationship diagram 1 2 w<u+v v u w {1,2} {1..4} 1 2 u=1 v=2 w=1 12 u=1 v=2 w=2

19 Example: Buffer of capacity 2 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb

20 Example: Buffer of capacity 2 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb

21 Example: Buffer of capacity 2 0 1 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb

22 Example: Buffer of capacity 2 0 1 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb

23 Example: Buffer of capacity 2 0 1 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb

24 Example: Buffer of capacity 2 0 1 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb

25 Example: Buffer of capacity 2 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb

26 Example: Buffer of capacity 2 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb Property: φ = ◊□(p 2 ≠0) q0q0 q1q1  (p 2 ≠0) true u0u0 u1u1 I0I0  (p 2 ≠0) q 0 :{  } q 1 :{  } Büchi automaton A  φ

27 Synchronisation  Standard technique: Synchronisation on all transitions  Synchronisation sequentialises the system  Not suitable for unfolding based verification  Solution: Synchronisation just on those transitions which ‘touch’ the atomic propositions of the formula Concurrency can be exploited

28 Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1

29 Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 p2p2 p2p2

30 Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } S:{  } p2p2 p2p2

31 Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } S:{  } p2p2 p2p2

32 Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } S:{  } p2p2 p2p2

33 Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } S:{  } p2p2 p2p2

34 Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } S:{  } p2p2 p2p2

35 Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } S:{  } p2p2 p2p2

36 Illegal ω-traces  Infinite transition sequence that touches q 1 infinitely often violates φ  To detect such runs we introduce a set I off all transitions putting a token into an accepting Büchi place  An infinite transition sequence of the synchronised net which is fireable from the initial marking and contains infinitely many occurrences of I-transitions violates φ (illegal ω-trace)

37 Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } L0L0 S:{  } p2p2 p2p2

38 Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } L0L0 L1L1 S:{  } p2p2 p2p2

39 Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } L0L0 L1L1 L2L2 S:{  } p2p2 p2p2 p2p2  (p 2 ≠0)

40 Synchronisation 01 t1t1 t2t2 t3t3 p 1 :{0,1}p 3 :{0,1} p 2 :{0,1}p 4 :{0,1} a aa a a a bb u0u0 q 0 :{  } I0I0  (p 2 ≠0) q 1 :{  } u1u1 B:{  } L0L0 L1L1 L2L2 S:{  } p2p2 p2p2 p2p2  (p 2 ≠0)

41 q0q0 S p10p10 p31p31 p31p31 p10p10 S q0q0 q0q0 B u0u0 t3t3 p41p41 I0I0 Prefix

42 q0q0 S p10p10 p31p31 p31p31 p10p10 S q0q0 q0q0 B u0u0 t3t3 p41p41 I0I0

43 q0q0 S p10p10 p31p31 p31p31 p10p10 S q0q0 q0q0 B u0u0 t3t3 p41p41 I0I0

44 q0q0 S p10p10 p31p31 p31p31 p10p10 S q0q0 q0q0 B u0u0 t3t3 p41p41 I0I0

45 q0q0 S p10p10 p31p31 p31p31 p10p10 S q0q0 q0q0 B u0u0 t3t3 p41p41 I0I0

46 Experimental Results NetFormulaUnfSmdlSpinPunf Abp□(p→◊q)0.190.010.08 Bds□(p→◊q)1990.718.47 Dpd(7) ◊□  (p  q  r) 5072.147.25 Furnace(3)◊□p10571.0026.90 GasNq(4)◊□p2400.148.46 Rw(12)□(p→◊q)27700.4447.67 Ftp◊□p>120003.99836

47 More Results NetFormulaUnfSmdlSpinPunf Over(5)◊□p66.010.440.12 Cyclic(12)□(p→◊q)0.3811.250.08 Ring(9)◊□p2.131.640.13 Dp(12) ◊□  (p  q  r) 13.051170.36 Ph(12) ◊□  (p  q  r) 0.040.610.02 Com(15,0) □(p→  ◊q) ----3.110.02 Par(5,10) □(p→  ◊q) ----3.600.02

48 More Results NetSpinPunf Cyclic(15) Cyclic(16) Cyclic(17) 168 478 1601 0.08 0.07 0.10 Ring(12) Ring(13) Ring(14) 75.38 274 1267 0.30 0.50 0.85 Dp(13) Dp(14) 559 2123 0.53 0.75 NetSpinPunf Com(20,0) Com(21,0) Com(22,0) 232 686 2279 0.02 0.03 0.02 Ph(15) Ph(18) Ph(21) 16.69 1570 mem 0.01 0.02 Par(6,10) Par(7,10) 161 mem 0.02 0.04

49 Results for Parallel Mode NetSpinPunf(1)Punf(2) Com(20,3) Com(22,3) Com(25,3) mem 8.58 11.51 17.29 6.01 8.51 12.84 Par(20,100) Par(20,150) mem 8.60 31.98 4.84 18.28 Buf(20) Buf(25) ---- 22.70 142.72 16.95 89.40

50 Conclusions  Efficient parallel LTL-X model-checker for high level Petri nets  Based on partial order techniques (unfoldings)  Alleviates the state space explosion problem  Experimental results showed a good performance of our checker for several examples

Download ppt "Parallel LTL-X Model Checking of High- Level Petri Nets Based on Unfoldings Claus Schröter* and Victor Khomenko** *University of Stuttgart, Germany **University."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.

Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Vasileios Germanos 1, Stefan Haar 2, Victor Khomenko 1, and Stefan Schwoon 2 1 School of Computing Science, Newcastle University, UK 2 INRIA & LSV (ENS.

Vasileios Germanos 1, Stefan Haar 2, Victor Khomenko 1, and Stefan Schwoon 2 1 School of Computing Science, Newcastle University, UK 2 INRIA & LSV (ENS.
Shortest Violation Traces in Model Checking Based on Petri Net Unfoldings and SAT Victor Khomenko University of Newcastle upon Tyne Supported by IST project.

Shortest Violation Traces in Model Checking Based on Petri Net Unfoldings and SAT Victor Khomenko University of Newcastle upon Tyne Supported by IST project.
On Specification and Verification of Location- Based Fault Tolerant Mobile Systems Alexei Iliasov, Victor Khomenko, Maciej Koutny and Alexander Romanovsky.

On Specification and Verification of Location- Based Fault Tolerant Mobile Systems Alexei Iliasov, Victor Khomenko, Maciej Koutny and Alexander Romanovsky.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Hardware and Petri nets Symbolic methods for analysis and verification.

Hardware and Petri nets Symbolic methods for analysis and verification.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Based on: Petri Nets and Industrial Applications: A Tutorial

Based on: Petri Nets and Industrial Applications: A Tutorial
Applying Petri Net Unfoldings for Verification of Mobile Systems Apostolos Niaouris Joint work with V. Khomenko, M. Koutny MOCA ‘06.

Applying Petri Net Unfoldings for Verification of Mobile Systems Apostolos Niaouris Joint work with V. Khomenko, M. Koutny MOCA ‘06.
Diagnosability Verification with Parallel LTL-X Model Checking Based on Petri Net Unfoldings Agnes Madalinski 1, and Victor Khomenko 2 1 Faculty of Engineering.

Diagnosability Verification with Parallel LTL-X Model Checking Based on Petri Net Unfoldings Agnes Madalinski 1, and Victor Khomenko 2 1 Faculty of Engineering.
A Novel Method For Fast Model Checking Project Report.

A Novel Method For Fast Model Checking Project Report.
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
Merged Processes of Petri nets Victor Khomenko Joint work with Alex Kondratyev, Maciej Koutny and Walter Vogler.

Merged Processes of Petri nets Victor Khomenko Joint work with Alex Kondratyev, Maciej Koutny and Walter Vogler.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.
Logic Synthesis for Asynchronous Circuits Based on Petri Net Unfoldings and Incremental SAT Victor Khomenko, Maciej Koutny, and Alex Yakovlev University.

Logic Synthesis for Asynchronous Circuits Based on Petri Net Unfoldings and Incremental SAT Victor Khomenko, Maciej Koutny, and Alex Yakovlev University.

Similar presentations

Ads by Google