P ETRI N ET P ROPERTIES - O VERVIEW : 2. M ORE E XPENSIVE S TRUCTURAL - - PowerPoint PPT Presentation

dependability engineering & Petri nets Juli2000 D:\home\mh\docs\lv\pn\slides\pn_analysis.sld 1 / 20

BrandenburgTechnical University at Cottbus, Computer Science Institute

PETRI NET ANALYSIS TECHNIQUES

MONIKA HEINER mh@informatik.tu-cottbus.de http://www.informatik.tu-cottbus.de

Petri net analysis techniques Juli2000 mh@informatik.tu-cottbus.de 2 / 20

QUALITATIVE

PROPERTIES:

STRUCTURAL PROPERTIES ❑ especially valuable: local(ly decidable) structural properties; ❑ certain combinations of structural properties allow conclusions to behavioural properties; BEHAVIOURAL PROPERTIES ❑ general semantic properties boundedness liveness reversibility ❑ special semantic properties safety properties progress properties

Petri net analysis techniques Juli2000 mh@informatik.tu-cottbus.de 3 / 20

PETRI NET PROPERTIES - OVERVIEW:

• 1. SIMPLE STRUCTURAL PROPERTIES

ORD

• rdinary (1-multiplicity of all arcs)

HOM homogeneous (all output arcs of a given place have the same multiplicity) NBM non-blocking multiplicity (for each place applies: MIN multiplicity of input arcs >= MAX multiplicity of output arcs) PUR pure (no side conditions) CSV conservative (any firing preserves token amount) SCF static conflict free CON connected SC strongly connected Ft0 there is a transition without pre-place tF0 there is a transition without post-place Fp0 there is a place without pre-transition pF0 there is a place without post-transition MG marked graph (synchronization graph) SM state machine FC free choice net EFC extended free choice net ES extended simple net

Petri net analysis techniques Juli2000 mh@informatik.tu-cottbus.de 4 / 20

• 2. MORE EXPENSIVE STRUCTURAL PROPERTIES

DTP deadlock trap property SMC state machine coverable (covered with SM components) SMD state machine decomposable (covered with SCSM components) SMA state machine allocatable CPI covered with place invariants CTI covered with transition invariants SB structurally bounded

• 3. BEHAVIOURAL PROPERTIES

B bounded REV reversible (the initial state m0 can be reached again from all reachable states: home state) DSt dead states (a state where no transition is enabled) BSt bad states (a state where a fact is enabled) DTr dead transitions (at the initial state) DCF dynamically conflict free L live LV live, excepted transitions dead at the initial marking (live, excepted implicit facts) L&S live & safe (1-bounded)

Petri net analysis techniques Juli2000 mh@informatik.tu-cottbus.de 5 / 20

BEHAVIOURAL NET PROPERTIES:

MARKABILITY of places LIVENESS of transitions REACHABILITY of states zero times firing (m0-dead) finite times firing (dead, non-live) infinite times (probably) firing (live) dead states bad states (facts) user-specified states reproducibility reversibility (m0 - home state) infinite times (definitely) firing NET INVARIANTS transition invariants place invariants markable (place liveness) k-bounded (safe) general semantic properties special semantic properties temporal relationship of logic formulae (livelock free)

Petri net analysis techniques Juli2000 mh@informatik.tu-cottbus.de 6 / 20

SOFTWARE-ORIENTED INTERPRETATION

OF NET PROPERTIES:

❑ Dead code: statements which will never be executed; pn: the corresponding transition never fires (dead at the initial marking); rg: transition does not appear at any edge; ❑ Total deadlock: system state from which there is no exit; pn: dead marking; rg: final nodes (sheets); ❑ Partial deadlock: not all parts of the system are available for all times; pn: there are no dead markings, but dead transition(s); rg: not all final strongly connected components contain all transitions; ❑ Well-structuredness: all parts of the system may be executed for ever; pn: the net ist live; rg: all final strongly connected components contain all transitions;

Petri net analysis techniques Juli2000 mh@informatik.tu-cottbus.de 7 / 20

SOFTWARE-ORIENTED INTERPRETATION

OF NET PROPERTIES (CONT.):

❑ Livelock: parts of the system may be blocked for ever (due to the scheduler‘s strategy or something else not contai- ned in the model); pn: live, but not livelock-free; rg: not all circles contain all transitions; ❑ Fault tolerance and self-synchronization: after a failure or from any abnormal state, the soft- ware will return to normal execution (recovery from failure) within finite time; pn: reproducibility / reversibility; rg: from any state, the home state (initial state) is reachable again;

Petri net analysis techniques Juli2000 mh@informatik.tu-cottbus.de 8 / 20

QUALITATIVE ANALYSIS METHODS:

REACHABILITY ANALYSIS (complete) reachability graph reduced state spaces coverability graph symmetry stubborn sets NET REDUCTION STRUCTURAL PROPERTIES LINEAR PROGRAMMING place / transition invariants state equation static dynamic analysis analysis trap equation compressed state spaces OBDDs, ONDDS Kronecker products branching process (model checking) sleep sets

Petri net analysis techniques Juli2000 mh@informatik.tu-cottbus.de 9 / 20

STATE EXPLOSION:

pn2 pn1 p21 p22 p12 p11

n system components => system states (markings) 2n

5000 10000 15000 20000 25000 30000 35000 40000 45000 50000 10000 20000 30000 40000 50000 60000 70000 80000 90000 100000 "ina.5.dat" "ina.5.dat" "ina.10.dat" "ina.10.dat" "ina.20.dat" "ina.20.dat"

GENERAL BEHAVIOUR: EXAMPLE:

Petri net analysis techniques Juli2000 mh@informatik.tu-cottbus.de 10 / 20

NET CLASSES:

allowed not allowed State Machines Marked Graphs FC nets EFC nets ES nets

Petri net analysis techniques Juli2000 mh@informatik.tu-cottbus.de 11 / 20

RELATIONSHIP OF NET CLASSES:

ES EFC FC MG SM

Petri net analysis techniques Juli2000 mh@informatik.tu-cottbus.de 12 / 20

DEADLOCK-TRAP-PROPERTY (DTP)

Deadlock D FD ⊆ DF Trap Q QF ⊆ FQ

D

Q ein leerer Deadlock kann nie wieder markiert werden ein markierter Trap wird nie wieder sauber; DTP: Jeder Deadlock hat eine bei m0 (ausreichend) markierte Falle.

DEADLOCK

TRAP

Petri net analysis techniques Juli2000 mh@informatik.tu-cottbus.de 13 / 20

STRUCTURAL PROPERTIES:

❑ MG &SC & ’each elementary circle contains at least one token’ ⇔ L & B ❑ MG & SC & ’each elementary circle contains exactly one token’ ⇔ L & S ❑ SM & SC & ’at least one token’ ⇔ L & B ❑ SM & SC & ’exactly one token’ ⇔ L & S ❑ EFC & DTP ( & HOM & NBM ) ⇔ L ❑ ES & DTP ( & HOM & NBM ) ⇒ L ❑ DTP ( & HOM & NBM) ⇒ not DSt ❑ ORD & SC & SMA ⇒ structural L

Petri net analysis techniques Juli2000 mh@informatik.tu-cottbus.de 14 / 20

BINARY DESICION DIAGRAMS, EXAMPLE 1:

x1 x2 x3 f 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 x1 x2 x3 x3 1 x2 x3 1 x3 1 x1 x2 x3 1 x2 x3 1 x3 x2 x1

f x1 x2 x3 , , ( ) x1 x2 ∨ ( ) x3 ∧ =

DESISION TREE OBDD ROBDD DESICION TABLE

Petri net analysis techniques Juli2000 mh@informatik.tu-cottbus.de 15 / 20

BINARY DESICION DIAGRAMS, EXAMPLE 2:

b1 b1 b1 b1 a3 a3 a3 a3 a2 a2 a1 b2 b2 b3 1 a1 a2 a3 b1 b2 b3 1 1

f a1 b1 a2 b2 a3 b3 , , , , , ( ) a1 b1 a2 b2 a3 b3 ∧ ∨ ∧ ∨ ∧ =

BDD representations

• f a single function

for two different variable orderings:

Petri net analysis techniques Juli2000 mh@informatik.tu-cottbus.de 16 / 20

COMPARISON RG - PREFIX:

y2 x2 y1 x1 y2 x1 y2 x2 y1 x2 y1 x1 y1 y2 x2 x1 a c d b c a 4 3 2 1 c d b a z y x z y x z y x z y x x y z z y x a c b a 3 2 1 c b a c a c a 1 2 c a

PREFIX RG PN

Petri net analysis techniques Juli2000 mh@informatik.tu-cottbus.de 17 / 20

CONCURRENT AUTOMATON,

REDUCTION PRINCIPLE:

c f t b e s r d a t s r d c b a ...,a,... ...,b,... ...,c,... ...,d,... ...,d,... ...,a,... { r; s; t } a,b,c d,b,c a,e,c d,e,c a,b,f a,e,f d,b,f d,e,f r s t s r t s t r t r s d,e,f a,b,c { r | s | t }

Petri net reachability graph concurrent automaton

Petri net analysis techniques Juli2000 mh@informatik.tu-cottbus.de 18 / 20

CONCURRENT AUTOMATON:

❑ combination of reachability graph & finite prefix ❑ maintaining the reachability graph’s analysis power

• >

deadlocks, liveness, livelock, home states ❑ separation of conflict <-> concurrency

• >

data basis for evaluation

• f partial order properties

❑ condensation of pure sequences and concurrencies

• >

larger state spaces manageable ❑ restricted to 1-bounded nets

• >

extension to k-bounded nets ?

Petri net analysis techniques Juli2000 mh@informatik.tu-cottbus.de 19 / 20

REFERENCES

[Bryant 92] BRYANT, E. R.: Symbolic Boolean Manipulation with Ordered Binary-Decision Diagrams; ACM Computing Survey, 24(1992)3, 293-318. [Clarke 86] CLARKE, E. M.; EMERSON, E. A.; SISTLA, A. P.: Automatic Verification

• f

Finite-State Concurrent Systems Using Temporal Logic Specifications; ACM Trans. on Programming Languages and Systems 8(86)2, pp. 244-263. [Desel 95] DESEL, J.; ESPARZA, J.: Free Choice Petri Nets; Cambridge univ. press 1995. [Emerson 90] EMERSON, E. A.: Temporal and Modal Logic; in: J. v. Leeuwen, ed.: Handbook of Theoretical Computer Science, Vol. B;Elsivier, Amsterdam 1990, 995-1072. [Engelfriet 91] ENGELFRIET, J.: Branching Processes of Petri Nets;

• Acta. Inf. 25(1991), 575-591.

[Esparza 94] ESPARZA, J.: Model Checking Using Net Unfoldings; Science of Computer Programming, 23(1994), 151-195. [Gerth 95] GERTH, R., PELED, D., VARDI, M. Y., WOLPER, P.: Simple On-the-fly Automatic Verification of Linear Temporal Logic;

• Proc. of the 15th International Symposium on Protocol Specification, Testing and Verification

(PSTV'95), Warsaw 1995, 3-18. [Godefroid 96] GODEFROID, P.: Partial-Order Methods for the Verification of concurrent Systems; LNCS 1032, 1996. [Lautenbach 95] LAUTENBACH, K.; RIDDER, H. A.: Completion of the S-invariance Technique by Means of Fixed Point Algorithms; Fachbericht Informatik 10/95, Univ. Koblenz-Landau, 1995. [McMillan 92] MACMILLAN, K. L.: Using Unfoldings to Avoid the State Explosion Problem in the Verification of Asynchronous Circuits;

• Proc. of the 4th Workshop on Computer Aided Verification, Montreal 1992, 164-174.

[Melzer 96] MELZER, S.; ESPARZA, J.: Checking System Properties via Integer Programming; ESOP ’96, Linköping, LNCS 1058, pp. 250-264.

Petri net analysis techniques Juli2000 mh@informatik.tu-cottbus.de 20 / 20

[Starke 90] STARKE, P. H.: Analysis of Petri Net Models (in German); B.G.Teubner 1990. [Valmari 92] VALMARI, A.: A Stubborn Attack on State Explosion; Formal Methods in System Design 1(1992)4, 297-322. [Valmari 92] VALMARI, A.: Alleviating State Explosion during Verification of Behavioral Equivalence;

• Univ. of Helsinki, Department of Computer Science, Report A-1992-4, Helsinki 1992.

[Varpaaniemi 95] VARPAANIEMI, K.; HALME, J.; HIEKKANEN, K.; PYSSYSALO, T.: PROD Reference Manual; Helsinki Univ. of Technology, Digital Systems Laboratory, Series B: Techn. Report No. 13, August 1995, ftp://saturn.hut.fi/pub/reports. [Wimmel 97] WIMMEL, G.: A BDD-based Model Checker for the PEP Tool;

• Univ. of Newcastle, Dep. of CS, Major Individual Project, May 1997.