Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems

59
Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems Maciej Koutny School of Computing Science Newcastle University with: R.Devillers, V.Khomenko, H.Klaudel, A.Niaouris UFO'07, Siedlce, Poland 2007

description

Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems. Maciej Koutny School of Computing Science Newcastle University with: R.Devillers, V.Khomenko, H.Klaudel, A.Niaouris UFO'07 , Siedlce, Poland 2007. Outline. Motivation Coloured Petri nets - PowerPoint PPT Presentation

Transcript of Branching Processes of High-Level Petri Nets and Model Checking of Mobile Systems

Page 1: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

Branching Processes of High-Level Petri Nets and

Model Checking of Mobile Systems Maciej Koutny

School of Computing ScienceNewcastle University

with: R.Devillers, V.Khomenko, H.Klaudel, A.Niaouris

UFO'07, Siedlce, Poland 2007

Page 2: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

2

Outline• Motivation

• Coloured Petri nets

• Expansion and unfolding

• Relationship diagram

• Experimental results

• Application: mobile systems

• π-calculus to Petri nets

• Implementation issues

• Experimental results

• Further work

Page 3: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

3

Motivation

Low-level PNs:• Can be efficiently

verified

• Not convenient for modelling

High-level descriptions:

• Convenient for modelling

• Verification is hard

Gap

Coloured PNs:a good intermediate formalism

Page 4: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

4

Coloured PNs

1 2

w<u+v

vu

w

{1,2} {1,2}

{1..4}

Page 5: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

5

Expansion

1 2

w<u+v

vu

w

{1,2} {1,2}

{1..4}

• The expansion faithfully models the original net

• Blow up in size

Page 6: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

6

Unfolding

1 2

w<u+v

vu

w

{1,2} {1,2}

{1..4}

1 2

u=1v=2w=1

1

u=1v=2w=2

2

Page 7: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

7

Example: computing GCD

3 2

2 1

1 0

1

u=3, v=2

u=2, v=1

u=1

v0m n

v

u%v

u

v

0u

u

{0..100}{0..100}

{0..100}

Page 8: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

8

Relationship diagram

Coloured PNs

unfolding

Low-level prefixColoured prefix

unfolding

Low-level PNsexpansion

?

Page 9: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

9

~

Relationship diagram

Coloured PNs

unfolding

Low-level prefixColoured prefix

unfolding

Low-level PNsexpansion

Page 10: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

10

Relationship diagram1 2

w<u+v

vu

w

{1,2} {1,2}

{1..4}

1 2

u=1v=2w=1

1 2

u=1v=2w=2

Page 11: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

11

Relationship diagram

Coloured PNs

unfolding

Prefix

unfolding

Low-level PNsexpansion

Page 12: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

12

Benefits

• Avoiding an exponential blow up when building

the expansion

• Definitions are similar to those for LL

unfoldings, no new proofs

• All results and verification techniques for LL

unfoldings are still applicable

Model checking algorithms

Canonicity, completeness, finiteness

Page 13: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

13

Benefits

• Existing unfolding algorithms for LL PNs can

easily be adapted

Usability of the total adequate order

proposed in

All the heuristics improving the efficiency can

be employed (e.g. concurrency relation and

preset trees)

Parallel unfolding algorithm

Page 14: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

14

Extensions: infinite place types

v0m n

v

u%v

u

v

0u

u

{0..100}{0..100}

{0..100}

Page 15: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

15

Extensions: infinite place types

v0m n

v

u%v

u

v

0u

u

N N

N

3 2

2 1

1 0

1

u=3, v=2

u=2, v=1

u=1

Page 16: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

16

Extensions: infinite place types

v0m n

v

u%v

u

v

0u

u

3 2

2 1

1 0

1

u=3, v=2

u=2, v=1

u=1

{0..2}{1..3}

{1}

Page 17: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

17

Refined expansion

Coloured PNs

unfolding

Prefix

unfolding

Low-level PNsexpansion

Page 18: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

18

Experimental results

• Tremendous improvements for colour-intensive

PNs (e.g. GCD)

• Negligible slow-down (<0.5%) for control-

intensive PNs (e.g. Lamport’s mutual exclusion

algorithm)

Page 19: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

19

Application: mobility • One of the main features of many crucial modern

distributed computing systems

• Formal analysis and verification using process algebras like π-calculus

• Our aim: to alleviate the state space explosion problem during reachability analysis of mobile systems

• Using/adapting model checking algorithms based on unfoldings

Page 20: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

20

Syntax (finite)

Basic elements are channel (names) like a, b, c, ...

ab input prefix

ab output prefix

τ internal prefix

pref.P first execute pref then P

P+Q execute P or Q

P | Q execute P and Q in parallel

(νc) P restrict c within P

A ├ P A is the set of all “known” channels

_

Page 21: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

21

Operational semantics

Operational semantics defined using SOS rules such as:

¬ b є A

______________________________________

A ├ ac.P A {b} ├ {b/c} P

One can then consider LTSs generated by π-terms, the associated behavioural properties, etc.

∩ab

Page 22: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

22

p-nets

High level Petri nets where tokens can, e.g., be channels

τ

u

v v

a

b

transition is enabled if there is a suitable

binding for u and v

read arcs(non-directed)only for testing

Page 23: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

23

p-nets

High level nets where tokens can be, e.g., channels

τ

u

v v

a

b

transition is enabled if there is a suitable

binding for u and v for instance

u=av=b

Page 24: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

24

p-nets

High level nets where tokens can be, e.g., channels

τ

u

v v

a

b

transition is enabled if there is a suitable

binding for u and v for instance

u=av=b

which leads tob

Page 25: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

25

Holder places and read arcs

τ

u u

u

v v v v

a

bsnd rcv

Blue part (holder places) is related to channels

Black part is related to control flow

Page 26: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

26

Tag-place Used to maintain information about Known, New and Restricted channels

Δ

u

v

a

UV_

V.v.K

U.u.K

v.RV.N

e.Na.a.K

Δ.R

Page 27: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

27

Tag-place Used to maintain information about Known, New and Restricted channels

Δ

u

v

a

UV_

V.v.K

U.u.K

v.RV.N

e.Na.a.K

Δ.R

suitable bindingu=U=a

v=ΔV=e

Page 28: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

28

Tag-place Used to maintain information about Known, New and Restricted channels

Δ

u

v

a

UV_

V.v.K

U.u.K

v.RV.N

e.Δ.Ka.a.K

suitable bindingu=U=a

v=ΔV=e

generates aeand then LTS can be defined

_

Page 29: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

29

p-nets

p-nets can be composed to mirror the operators in the process algebra:

prefixingparallel compositionchoicecommunication

Page 30: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

30

Model checking π-calculus

Pi-calculusexpression

SafeHigh-level PN

(p-nets)

Automatic translation

Page 31: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

31

Example 1

d

u

v

UV

V.v.K

U.u.K

v.v.K

v.N

e.Nb.b.K

vv

u u

U.u.KV.v.K

U.u.K d.d.Kb

Uv

{b,d} ├ ba.ad

Uv

UV_

_

Page 32: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

32

Example 1

d

u

v

UV

V.v.K

U.u.K

v.v.K

v.N

e.Nb.b.K

vv

u u

U.u.KV.v.K

U.u.K d.d.Kb

Uv

Uv

UV_ binding

u=U=bv=e

Page 33: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

33

Example 1

d

u

v

UV

V.v.K

U.u.K

v.v.K

v.N

e.e.Kb.b.K

vv

u u

U.u.KV.v.K

U.u.K d.d.Kb

Uv

Uv

UV_ binding

u=U=bv=e

generates be

e

Page 34: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

34

Example 1

d

u

v

UV

V.v.K

U.u.K

v.v.K

v.N

e.e.Kb.b.K

vv

u u

U.u.KV.v.K

U.u.K d.d.Kb

Uv

Uv

UV_

e

Page 35: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

35

Example 1

d

u

v

UV

V.v.K

U.u.K

v.v.K

v.N

e.e.Kb.b.K

vv

u u

U.u.KV.v.K

U.u.K d.d.Kb

Uv

Uv

UV_ binding

u=U=ev=V=d

e

Page 36: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

36

Example 1

d

u

v

UV

V.v.K

U.u.K

v.v.K

v.N

e.e.Kb.b.K

vv

u u

U.u.KV.v.K

U.u.K d.d.Kb

Uv

Uv

UV_ binding

u=U=ev=V=d

generates ed

e

_

Page 37: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

37

Example 2

b

u

v

f.N

b.b.K

v

Δ

Δ.R

a.a.K

UV

a

UV

_

_u

V.Nv.R

U.u.K

V.v.K

{a,b} ├ (νc)ac.cb__

V.v.K

U.u.K

Page 38: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

38

Example 2

b

u

v

f.N

b.b.K

v

Δ

Δ.R

a.a.K

UV

a

UV

_

_u

V.Nv.R

U.u.K

V.v.K

V.v.K

U.u.Kbindingu=U=a

V=f

v= Δ

Page 39: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

39

Example 2

b

u

v

b.b.K

v

Δ

f.Δ.K

a.a.K

UV

a

UV

_

_u

V.Nv.R

U.u.K

V.v.K

V.v.K

U.u.Kbindingu=U=a

V=f

v= Δ generates af

_

Page 40: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

40

Example 2

b

u

v

b.b.K

v

Δ

f.Δ.K

a.a.K

UV

a

UV

_

_u

V.Nv.R

U.u.K

V.v.K

V.v.K

U.u.K

Page 41: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

41

Example 2

b

u

v

b.b.K

v

Δ

f.Δ.K

a.a.K

UV

a

UV

_

_u

V.Nv.R

U.u.K

V.v.K

V.v.K

U.u.K

bindingU=fu=Δ

V=v=b

Page 42: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

42

Example 2

b

u

v

b.b.K

v

Δ

f.Δ.K

a.a.K

UV

a

UV

_

_u

V.Nv.R

U.u.K

V.v.K

V.v.K

U.u.K

bindingU=fu=Δ

V=v=b generates fb

_

Page 43: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

43

Example 3

v

f.N

e.e.Kv

Δ.Ra.a.K

a

u

de

Δ

d.d.KUV UV

τv

vu

u

U.u.K

v.RV.N

V.v.K

V.v.K

U.u.K

__

{a,e,d} ├ (νc)(ac.ec | ab.bd)___

Page 44: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

44

Example 3

v

f.N

e.e.Kv

Δ.Ra.a.K

a

u

de

Δ

d.d.KUV UV

τv

vu

u

U.u.K

v.RV.N

V.v.K

V.v.K

U.u.K

__

Page 45: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

45

Example 3

v

f.N

e.e.Kv

Δ.Ra.a.K

a

u

de

Δ

d.d.KUV UV

τv

vu

u

U.u.K

v.RV.N

V.v.K

V.v.K

U.u.K

__

Δ

Page 46: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

46

Example 3

v

f.N

e.e.Kv

Δ.Ra.a.K

a

u

de

Δ

d.d.KUV UV

τv

vu

u

U.u.K

v.RV.N

V.v.K

V.v.K

U.u.K

__

Δ

Page 47: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

47

Example 3

v

e.e.Kv

f.Δ.K

a.a.K

a

u

de

Δ

d.d.KUV UV

τv

vu

u

U.u.K

v.RV.N

V.v.K

V.v.K

U.u.K

__

Δ

Page 48: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

48

Example 3

v

e.e.Kv

f.Δ.K

a.a.K

a

u

de

Δ

d.d.KUV UV

τv

vu

u

U.u.K

v.RV.N

V.v.K

V.v.K

U.u.K

__

Δ

Page 49: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

49

Example 3

v

e.e.Kv

f.Δ.K

a.a.K

a

u

de

Δ

d.d.KUV UV

τv

vu

u

U.u.K

v.RV.N

V.v.K

V.v.K

U.u.K

__

Δ

Page 50: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

50

Model checking π-calculus

pi-calculusexpression

SafeHigh-level PN

(p-nets)

PN unfoldingPropertyChecking

PUNF

MPSat

Page 51: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

51

Implementation issues• Infinity of new channels

• Read arcs

• Non-safeness

• Partial-transition expansion

• Reducing the number of holder places

Page 52: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

52

Example

Tness

1S

2S3S

4S

NESSa

h1

h2 h3

h4

a?ness

Page 53: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

53

Example

Tness

1S

2S3S

4S

NESSa

h1

h2 h3

h4

h1!ness | h2!ness | h3!ness | h4!ness

ness

nessness

ness

Page 54: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

54

Example

Tness

ness ness

nessness

1S

2S3S

4S

NESSa

h1

h2 h3

h4

h1?addr1 | h2?addr2| h3?addr3 | h4?addr4

nessness

nessness

Page 55: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

55

Example

Tness

ness ness

nessness

1S

2S3S

4S

NESSa

h1h2 h3

h4

Page 56: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

56

Example

T

1S

2S3S

4S

NESSa

h1

h2 h3

h4

h

h

h!h1. h1!done. STOP +h?another1.addr1!h1.addr1!another1.h1!done.STOP

ness ness

ness

ness ness

ness

ness

Page 57: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

57

Experiments

Problem Net Prefix

|B| |E|

Time

Punf MPSat

Time

MWB |P| |T|

Ness(2) 157 200 1413 127 <1 <1 <1

Ness(3) 319 415 5458 366 1 <1 <1

Ness(4) 537 724 24561 1299 6 <1 7

Ness(5) 811 1139 93546 4078 46 <1 -

Ness(6) 1141 1672 281221 10431 411 311 -

Ness(7) 1527 2335 701898 22662 2904 8 -

Page 58: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

58

Further work• We need efficient extensions of the unfolding approach

for read arcs

• Introduce a restricted form of recursion still allowing one to use model-checking

• Deal with the state space explosion caused by aspects other than high level of concurrency

• Further performance comparisons of this model with other model checkers

Page 59: Branching Processes of High-Level Petri Nets and  Model Checking of Mobile Systems

59

Thank you!