d ependability
play

D EPENDABILITY motivation E NGINEERING time-dependent Petri - PowerPoint PPT Presentation

Jan 12, 2024 •574 likes •789 views

dependability engineering with time-dependent Petri nets WS 2018 dependability engineering with time-dependent Petri nets WS 2018 CONTENTS D EPENDABILITY motivation E NGINEERING time-dependent Petri nets WITH overview influence of

  1. dependability engineering with time-dependent Petri nets WS 2018 dependability engineering with time-dependent Petri nets WS 2018 CONTENTS D EPENDABILITY ❑ motivation E NGINEERING ❑ time-dependent Petri nets WITH overview influence of time on qualitative properties TIME - DEPENDENT zero test P ETRI N ETS ❑ worst-case evaluation with duration interval nets counter example structural compression of well-formed net parts non-well-formed, but 1-bounded, acyclic, ... general procedure (“ THE PROBLEM IS CHOICE ”) ❑ safety analysis with interval nets unreachability of explicit error states example - concurrent pushers Y:\Documents\teaching\course-pn\pn_skript_fm\nl10_time.sld.fm 12 - 1 / 41 monika.heiner@b-tu.de 12 - 2 / 41

  2. dependability engineering with time-dependent Petri nets WS 2018 dependability engineering with time-dependent Petri nets WS 2018 WHICH KIND OF MODEL C LASSES TIME MODEL ? (1) P ETRI NETS ❑ atomic sequential program parts -> transitions PLACE / TRANSITION context checking by -> time assigned to transitions P ETRI NET Petri net theory ( COLOURED P N ) ❑ as simple as possible verification by -> timed nets [Ramchandani 74] temporal logics -> duration nets (D nets, DPN) TIME - DEPENDENT P N ❑ duration nets -> constant times assigned to transitions TIME P ETRI NET worst-case -> token reservation evaluation -> firing consumes time performance STOCHASTIC prediction <a> <a> <a> P ETRI NET begin of end of <b> <b> <b> reliability firing, firing prediction after a or b time units CONTINUOUS P ETRI NET ODEs monika.heiner@b-tu.de 12 - 3 / 41 monika.heiner@b-tu.de 12 - 4 / 41

  3. dependability engineering with time-dependent Petri nets WS 2018 dependability engineering with time-dependent Petri nets WS 2018 HOW TO ANALYSE IMMEDIATE DURATION NETS ? TRANSITIONS ❑ ❑ zero (insignificant) time consumption time is running -> change of the fire rule ❑ (-> ZENONESS ) pn tpn time deadlocks t may fire -> t must fire <0> <1> single step -> maximal step p1 p3 t3 t2 ❑ special case: duration of all transitions = 1 time unit [Starke 95] t1 p2 -> reachability graph construction <0> under the maximal step firing rule ❑ ❑ else: transformation into special case time deadlock = state from which -> no transient state is reachable <3> -> or: no state is reachable free where the system clock is able to advance <1> <1> ❑ <1> infinitely many firings in zero times d > 2 free ❑ inconsistent time constraints ! d-2 ❑ How to avoid time deadlocks? <1> <1> -> invariants ? d-2 <1> sandglass -> OPEN PROBLEM ! monika.heiner@b-tu.de 12 - 5 / 41 monika.heiner@b-tu.de 12 - 6 / 41

  4. dependability engineering with time-dependent Petri nets WS 2018 dependability engineering with time-dependent Petri nets WS 2018 THE INFLUENCE OF TIME EXAMPLE 1 EXAMPLE 1 ( SYSTEM DEADLOCK ), SYSTEM DEADLOCK , P ETRI NET MAX STEP RG = RG ( DPN ) a1, b4, A different initial marking ! P1_downA, P2_upB b1 P1_downA a1 P2_downB a2, b5, B a2 b2 P1_downB, P2_repeat B P2_downA P1_downB a3, b1 a3 b3 P2_repeat P1_repeat A P1_upB P2_upA P1_upB a4, b1, B a4 b4 b5 P1_upA, P2_downB a5 P2_upB P1_upA a5, b2, A P1_repeat, P2_downA INA ORD HOM NBM PUR CSV SCF CON SC Ft0 tF0 Fp0 pF0 MG SM FC EFC ES Y Y Y Y N N Y Y N N N N N N N N Y a1, b3 DTP SMC SMD SMA CPI CTI B SB REV DSt BSt DTr DCF L LV L&S P2_upA N Y Y N Y Y Y Y N Y ? N N N N N DSt (pn) -> not DSt (tpn) monika.heiner@b-tu.de 12 - 7 / 41 monika.heiner@b-tu.de 12 - 8 / 41

  5. dependability engineering with time-dependent Petri nets WS 2018 dependability engineering with time-dependent Petri nets WS 2018 EXAMPLE 1 THE INFLUENCE OF TIME , SYSTEM DEADLOCK , EXAMPLE 2 REACHABILITY GRAPH INIT STATE producer service 1 17 16 14 10 1 s1 p1 P2_downA P2_downB P2_upA P2_upB P2_repeat P1_downA P1_downA P1_downA P1_ downA m1 S_wait_m1 2 18 15 11 2 DEAD STATE P2_downB P2_upB P2_repeat P_signal_m1 S_wait_m2 P1_downB P1_ downB p2 s2 12 3 3 P2_repeat m2 P1_upB P1_upB S_repeat P_signal_m2 19 4 13 4 P2_downB P2_repeat c1 P1_ P1_upA P1_upA upA C_wait_m2 5 6 7 8 9 5 P2_downB P2_downA P2_upA P2_upB P2_repeat consumer P1_repeat P1_repeat P1_repeat P1_ P1_repeat repeat 1 17 16 14 10 1 P2_downA P2_upB P2_upA P2_repeat not BND (pn) -> BND (tpn) RG (pn) RG (tpn) not DTr (pn) -> DTr (tpn) 19 nodes, 6 nodes, 32 arcs 6 arcs monika.heiner@b-tu.de 12 - 9 / 41 monika.heiner@b-tu.de 12 - 10 / 41

  6. dependability engineering with time-dependent Petri nets WS 2018 dependability engineering with time-dependent Petri nets WS 2018 EXAMPLE 2, EXAMPLE 2, COVERABILITY GRAPH MAX STEP RG = RG ( TPN ) p1, s1, c1 C_wait_m2 S_repeat P_signal_m1 p1, s1, c1, oo, oo P_signal_m2 S_wait_m1 p2, s1, c1, m1 C_wait_m2 S_wait_m2 P_signal_m1 P_signal_m1 p2, s1, c1, oo, oo p1, s2, c1, oo, oo P_signal_m2 S_repeat S_wait_m1 P_signal_m2 C_wait_m2 S_wait_m1 C_wait_m2 S_wait_m2 P_signal_m1 p1, s2, c1, m2 TSCC p2, s2, c1, oo, oo S_repeat C_wait_m2 ❑ BND, -> cycle time(p) = 2 -> cycle time (s) = 2 -> cycle time (c) = 1 ❑ not BND, simultaneously unbounded in m1 and m2 ❑ not LIVE ❑ -> TSCC does not contain S_wait_m2 LIVE -> S_wait_m2 is m 0 -dead monika.heiner@b-tu.de 12 - 11 / 41 monika.heiner@b-tu.de 12 - 12 / 41

  7. dependability engineering with time-dependent Petri nets WS 2018 dependability engineering with time-dependent Petri nets WS 2018 EXAMPLES , THE INFLUENCE OF TIME ON QUALITATIVE PROPERTIES SUMMARY TIME - INSENSITIVE RESULTS ❑ example 1 ❑ BND (pn) -> BND (tpn) ok -> DSt (pn) -> not DSt (tpn) ❑ not DSt (pn) -> not DSt (tpn) ok ❑ example 2 ❑ DTr m0 (pn) -> DTr m0 (tpn) ok -> not BND (pn) -> BND (tpn) -> not DTr (pn) -> DTr (tpn) TIME - SENSITIVE RESULTS ❑ generally ❑ not BND (pn) -> BND (tpn) ok T → T IME PN TPN ❑ DSt (pn) -> not DSt (tpn) ok prop(pn) prop(tpn) ❑ live (pn) -> not live (tpn) ko ? ⊇ RG (pn) RG (tpn) ❑ REV (pn) -> not REV (TPN) ko ? ❑ not REV (pn) -> REV (tpn) ok ❑ BUT, SUMMARY for Petri net based system validation, we are only interested in the conclusions EF -properties: prop (pn) -> prop (tpn) ❑ ?? prop(pn) prop(tpn) AG EF-properties: prop (pn) <- prop (tpn) ❑ monika.heiner@b-tu.de 12 - 13 / 41 monika.heiner@b-tu.de 12 - 14 / 41

  8. dependability engineering with time-dependent Petri nets WS 2018 dependability engineering with time-dependent Petri nets WS 2018 PROBE EFFECT TIME - INVARIANT NET STRUCTURES ❑ ❑ observation - time-invariant == time independently live the system exhibits in test mode other (less) behaviour than in standard operation mode ❑ D nets [Starke 90] -> homogeneous ES nets ❑ cause - sw test means (debugger) affect the timing behaviour not allowed allowed ❑ result - masking of certain types of system behaviour / bugs -> DSt (pn) -> not DSt (tpn) -> live (pn) -> not live (tpn) ❑ generalization ? -> not BND (pn) -> BND (tpn) -> behavioural ES nets ? -> not REV (pn) -> REV (tpn) ❑ troublemaker - confusing combination of ❑ consequence - channel and control flow conflicts systematic & exhaustive testing of concurrent systems is generally impossible m1 m2 ❑ wayout - qualitative models considering any timing behaviour t1 t2 t3 -> “The problem is choice !” monika.heiner@b-tu.de 12 - 15 / 41 monika.heiner@b-tu.de 12 - 16 / 41

  9. dependability engineering with time-dependent Petri nets WS 2018 dependability engineering with time-dependent Petri nets WS 2018 CONFUSION ❑ concurrency and conflict overlap -> t1 t2 t3 A RE THERE -> t1 # t2 and t2 # t3, but t1 concurrent to t3 TIME - INVARIANT ❑ case 1 : t1 < t3 SOFTWARE STRUCTURES ? -> conflict t2 # t3 disappears, firing of t3 does not involve a conflict decision ❑ case 2 : t3 < t1 -> conflict t2 # t3 exists, firing of t3 involves a conflict decision ❑ the interleaving sequences of concurrency may encounter different amount of decisions ❑ an observer outside of the system does not know whether a decision took place or not monika.heiner@b-tu.de 12 - 17 / 41 monika.heiner@b-tu.de 12 - 18 / 41

  10. dependability engineering with time-dependent Petri nets WS 2018 dependability engineering with time-dependent Petri nets WS 2018 INFLUENCE OF INFLUENCE OF COMMUNICATION PATTERNS COMMUNICATION PATTERNS ON NET STRUCTURE CLASSES ON CONFLICT STRUCTURES direct / indirect / addressing semi-direct-by- semi-direct-by- waiting\ sender receiver direct / indirect / \addressing semi-direct-by- semi-direct-by- waiting determininistic EFC ES sender receive non-deterministic ES ICP channel & control deterministic flow conflicts appear only no separately ❑ simplified view dynamic -> provided, pre- and postprocesses channel do not access the same communication object conflicts confusing from different control points combination of non-deterministic channel & control known to be time-independently live [Starke 90] flow conflicts i.e. a live net remains live possible under any constant delay timing. monika.heiner@b-tu.de 12 - 19 / 41 monika.heiner@b-tu.de 12 - 20 / 41

Recommend

More recommend