LTL Model Checking with Neco Łukasz Fronc 1 Alexandre Duret-Lutz 2 e d’ ´ IBISC, Universit´ Evry/Paris-Saclay fronc@ibisc.univ-evry.fr LRDE, EPITA, Kremlin-Bicˆ etre, France adl@lrde.epita.fr ATVA’13, 2013-10-16 http://code.google.com/p/neco-net-compiler/ 1 / 9
What is Neco? A Petri net compiler transforms Petri nets into libraries ◮ works with high-level Petri nets colored PN annotated by Python ◮ based on SNAKES, a Python library for Petri nets F. Pommereau. Quickly prototyping Petri nets tools with SNAKES. Petri net newsletter , October 2008 2 / 9
What is Neco? A Petri net compiler transforms Petri nets into libraries ◮ works with high-level Petri nets colored PN annotated by Python ◮ based on SNAKES, a Python library for Petri nets ◮ produces optimized code... ◮ ...for explicit model-checking ◮ expressivity compromise With a set of command-line tools: ◮ neco-compile PN compiler ◮ neco-explore minimal exploration tool Ł. Fronc and F. Pommereau. Building Petri nets tools around Neco compiler. PNSE’13 2 / 9
What is Neco? A Petri net compiler transforms Petri nets into libraries ◮ works with high-level Petri nets colored PN annotated by Python ◮ based on SNAKES, a Python library for Petri nets ◮ produces optimized code... ◮ ...for explicit model-checking ◮ expressivity compromise With a set of command-line tools: ◮ neco-compile PN compiler ◮ neco-explore minimal exploration tool ◮ neco-check new! LTL-adapter compiler new! ◮ neco-spot LTL model-checker 2 / 9
Neco’s Workflow neco-compile model produce info produce marking - Python marking structure - ABCD compile neco-compile - PNML* info produce exploration exploration exploration neco-explore (cython net.so net.so net.so structures functions functions functions functions + g++) produce com- compilation pilation trace trace state space - set of states - reachability graph neco-check extract com- compilation atomic pilation trace trace atomic atomic propositions propositions propositions compile produce neco-check check (cython functions + g++) main check function LTL formula decompose id-atom map counterexample checker.so neco-spot if it exists spot formula 3 / 9
Neco’s Workflow neco-compile model produce info produce marking - Python marking structure - ABCD compile - PNML* info produce exploration exploration exploration neco-explore (cython net.so net.so net.so structures functions functions functions functions + g++) produce com- compilation pilation trace trace state space - set of states - reachability graph neco-check extract com- compilation atomic pilation trace trace atomic atomic propositions propositions propositions compile produce neco-check check (cython functions + g++) main check function LTL formula decompose id-atom map counterexample checker.so neco-spot if it exists spot formula 4 / 9
Neco’s Workflow neco-compile model produce info produce marking - Python marking structure - ABCD compile - PNML* info produce exploration exploration exploration neco-explore (cython net.so net.so structures functions functions functions functions + g++) produce com- compilation pilation trace trace state space - set of states - reachability graph neco-check extract com- compilation atomic pilation trace trace atomic atomic propositions propositions propositions compile produce check (cython functions + g++) main check function LTL formula decompose id-atom map counterexample checker.so neco-spot if it exists spot formula 5 / 9
Spot as a library for explicit model-checking High-level On-the-fly generation model M of state-space automaton A M On-the-fly synchronized product L ( A M ⊗ A ¬ ϕ ) = Emptiness check L ( A M ⊗ A ¬ ϕ ) ? L ( A M ) ∩ L ( A ¬ ϕ ) = ∅ Negated M | = ϕ property or coun- LTL LTL automaton A ¬ ϕ terexample translation property ϕ 6 / 9
Spot as a library for explicit model-checking neco-spot High-level On-the-fly generation model M of state-space automaton A M Spot On-the-fly synchronized product L ( A M ⊗ A ¬ ϕ ) = Emptiness check L ( A M ⊗ A ¬ ϕ ) ? L ( A M ) ∩ L ( A ¬ ϕ ) = ∅ Negated M | = ϕ property or coun- LTL LTL automaton A ¬ ϕ terexample translation property ϕ 6 / 9
neco-spot ◮ A wrapper of net.so and checker.so that presents the reachability graph as a subclass of spot::kripke : ◮ get init state() initial state ◮ succ iter(s) iterator over the successors of state s ◮ state condition(s) value of atomic propositions for s This interface supports on-the-fly exploration. ◮ Translate the formula into a generalized B¨ uchi automaton: ◮ spot::translator::run(f) includes many optimizations ◮ Synchronize reachability graph and formula automaton: ◮ spot::tgba product(model, prop) on-the-fly ◮ Check the product for emptiness: ◮ spot::emptiness check::check() ◮ Optionally compute a counterexample: ◮ spot::emptiness check result::accepting run() 7 / 9
Demo b 1 e c 1 s sr 1 b 1 x c 1 e c 1 x sh 1 se b 2 e c 1 r ss 1 b 2 x 8 / 9
Demo b 1 e c 1 s sr 1 b 1 x c 1 e c 1 x sh 1 se b 2 e c 1 r ss 1 b 2 x 8 / 9
Demo b 1 e c 1 s sr 1 b 1 x c 1 e c 1 x sh 1 se b 2 e c 1 r ss 1 b 2 x 8 / 9
Demo b 1 e c 1 s sr 1 b 1 x c 1 e c 1 x sh 1 se b 2 e c 1 r ss 1 b 2 x 8 / 9
Demo b 1 e c 1 s sr 1 b 1 x c 1 e c 1 x sh 1 se b 2 e c 1 r ss 1 b 2 x 8 / 9
Demo b 1 e b 3 e c 1 s sr 1 sr 2 c 2 s b 1 x b 3 x c 1 e c 1 x c 2 x c 2 e sh 1 se sh 2 b 2 e b 4 e c 1 r ss 1 ss 1 ss 2 c 2 r b 2 x b 4 x 8 / 9
Demo b 1 e b 3 e c 1 s sr 1 sr 2 c 2 s b 1 x b 3 x c 1 e c 1 x c 2 x c 2 e sh 1 se sh 2 b 2 e b 4 e c 1 r ss 1 ss 1 ss 2 c 2 r b 2 x b 4 x Running a model-checking task $ neco-compile --module cs.py -lcython $ neco-check --formula ’G ((marking(c1e)=[dot] and X marking(c1x)=[dot]) -> X F(marking(c1e)=[dot]))’ $ neco-spot neco_formula 8 / 9
Availability Neco and Spot are free software. Documentation and installation instructions can be found at ◮ http://code.google.com/p/neco-net-compiler/ and ◮ http://spot.lip6.fr/ 9 / 9
Recommend
More recommend
![Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model](https://c.sambuz.com/809780/bounded-model-checking-s.jpg)
