LTL Model Checking with Neco ukasz Fronc 1 Alexandre Duret-Lutz 2 e - - PowerPoint PPT Presentation

LTL Model Checking with Neco

Łukasz Fronc1 Alexandre Duret-Lutz2

IBISC, Universit´ e d’ ´ Evry/Paris-Saclay fronc@ibisc.univ-evry.fr LRDE, EPITA, Kremlin-Bicˆ etre, France adl@lrde.epita.fr

ATVA’13, 2013-10-16

http://code.google.com/p/neco-net-compiler/

1 / 9

What is Neco?

A Petri net compiler

transforms Petri nets into libraries

◮ works with high-level Petri nets

colored PN annotated by Python

◮ based on SNAKES, a Python library for Petri nets

• F. Pommereau. Quickly prototyping Petri nets tools with SNAKES. Petri net

newsletter, October 2008

2 / 9

What is Neco?

A Petri net compiler

transforms Petri nets into libraries

◮ works with high-level Petri nets

colored PN annotated by Python

◮ based on SNAKES, a Python library for Petri nets

◮ produces optimized code... ◮ ...for explicit model-checking ◮ expressivity compromise

With a set of command-line tools:

◮ neco-compile

PN compiler

◮ neco-explore

minimal exploration tool

Ł. Fronc and F. Pommereau. Building Petri nets tools around Neco compiler. PNSE’13

2 / 9

What is Neco?

A Petri net compiler

transforms Petri nets into libraries

◮ works with high-level Petri nets

colored PN annotated by Python

◮ based on SNAKES, a Python library for Petri nets

◮ produces optimized code... ◮ ...for explicit model-checking ◮ expressivity compromise

With a set of command-line tools:

◮ neco-compile

PN compiler

◮ neco-explore

minimal exploration tool

◮ neco-check

new!

LTL-adapter compiler

◮ neco-spot

new!

LTL model-checker

2 / 9

Neco’s Workflow

model neco-explore neco-spot state space

• set of states
• reachability graph

counterexample if it exists spot formula

• Python
• ABCD
• PNML*

checker.so LTL formula neco-compile info structures produce functions produce marking exploration functions exploration functions exploration functions marking structure compile (cython + g++) produce com- pilation trace produce info compilation trace neco-check extract com- pilation trace decompose id-atom map produce check functions atomic propositions atomic propositions atomic propositions main check function compile (cython + g++) compilation trace net.so net.so

neco-compile neco-check

net.so 3 / 9

Neco’s Workflow

model neco-explore neco-spot state space

• set of states
• reachability graph

counterexample if it exists spot formula

• Python
• ABCD
• PNML*

checker.so LTL formula neco-compile info structures produce functions produce marking exploration functions exploration functions exploration functions marking structure compile (cython + g++) produce com- pilation trace produce info compilation trace neco-check extract com- pilation trace decompose id-atom map produce check functions atomic propositions atomic propositions atomic propositions main check function compile (cython + g++) compilation trace net.so net.so

neco-check

net.so 4 / 9

Neco’s Workflow

model neco-explore neco-spot state space

• set of states
• reachability graph

counterexample if it exists spot formula

• Python
• ABCD
• PNML*

checker.so LTL formula neco-compile info structures produce functions produce marking exploration functions exploration functions exploration functions marking structure compile (cython + g++) produce com- pilation trace produce info compilation trace neco-check extract com- pilation trace decompose id-atom map produce check functions atomic propositions atomic propositions atomic propositions main check function compile (cython + g++) compilation trace net.so net.so 5 / 9

Spot as a library for explicit model-checking

High-level model M On-the-fly generation

• f state-space automaton

AM LTL property ϕ LTL translation Negated property automaton A¬ϕ On-the-fly synchronized product

L (AM ⊗ A¬ϕ) = L (AM) ∩ L (A¬ϕ)

Emptiness check

L (AM ⊗ A¬ϕ) ? = ∅

M |= ϕ

• r coun-

terexample

6 / 9

Spot as a library for explicit model-checking

neco-spot

Spot

High-level model M On-the-fly generation

• f state-space automaton

AM LTL property ϕ LTL translation Negated property automaton A¬ϕ On-the-fly synchronized product

L (AM ⊗ A¬ϕ) = L (AM) ∩ L (A¬ϕ)

Emptiness check

L (AM ⊗ A¬ϕ) ? = ∅

M |= ϕ

• r coun-

terexample

6 / 9

neco-spot

◮ A wrapper of net.so and checker.so that presents the

reachability graph as a subclass of spot::kripke:

◮ get init state()

initial state

◮ succ iter(s)

iterator over the successors of state s

◮ state condition(s)

value of atomic propositions for s

This interface supports on-the-fly exploration.

◮ Translate the formula into a generalized B¨

uchi automaton:

◮ spot::translator::run(f)

includes many optimizations

◮ Synchronize reachability graph and formula automaton:

◮ spot::tgba product(model, prop)

• n-the-fly

◮ Check the product for emptiness:

◮ spot::emptiness check::check()

◮ Optionally compute a counterexample:

◮ spot::emptiness check result::accepting run() 7 / 9

Demo

c1e c1x sh1 se c1s b1e b1x sr1 c1r b2e b2x ss1

8 / 9

Demo

c1e c1x sh1 se c1s b1e b1x sr1 c1r b2e b2x ss1

8 / 9

Demo

c1e c1x sh1 se c1s b1e b1x sr1 c1r b2e b2x ss1

8 / 9

Demo

c1e c1x sh1 se c1s b1e b1x sr1 c1r b2e b2x ss1

8 / 9

Demo

c1e c1x sh1 se c1s b1e b1x sr1 c1r b2e b2x ss1

8 / 9

Demo

c1e c1x sh1 se c1s b1e b1x sr1 c1r b2e b2x ss1 sh2 c2x c2e c2s b3e b3x sr2 c2r b4e b4x ss2 ss1

8 / 9

Demo

c1e c1x sh1 se c1s b1e b1x sr1 c1r b2e b2x ss1 sh2 c2x c2e c2s b3e b3x sr2 c2r b4e b4x ss2 ss1 Running a model-checking task

$ neco-compile --module cs.py -lcython $ neco-check --formula ’G ((marking(c1e)=[dot] and X marking(c1x)=[dot]) -> X F(marking(c1e)=[dot]))’ $ neco-spot neco_formula

8 / 9

Availability

Neco and Spot are free software. Documentation and installation instructions can be found at

◮ http://code.google.com/p/neco-net-compiler/

and

◮ http://spot.lip6.fr/

9 / 9