On interleaving in {P {P,A}-Tim ime P e Pet etri i net ets s - PowerPoint PPT Presentation

On interleaving in {P {P,A}-Tim ime P e Pet etri i net ets s with stron rong semantics Hanifa Boucheneb (1) , Kamel Barkaoui (2) (1) Laboratoire VeriForm , École Polytechnique de Montréal (Canada) (2) Laboratoire CEDRIC,. CNAM (France) 21-24 September, Infinity’10, Singapore 1

Outline Reachability analysis of timed models  Interleaving in {P,A,T}-TPN  SCG and CSCG  Conclusion  21-24 September, Infinity’10, Singapore 2

Reachability analysis of timed models Abstraction A finite/ infinite Model set of states = an abstract state checki king Reachabilty properties I nfinite transition system Counter-example Property Property not satisfied satisfied  Abstraction  a finite representation which preserves properties of interest.  Challenge:  More coarser abstraction preserving properties of interest.  Computed with minor resources (time and space). 21-24 September, Infinity’10, Singapore 3

Reachability analysis of timed models Linear properties State space abstractions in the literature preserving linear properties:  State Class Graph (SCG),  Contracted State Class Graph (CSCG),  Zone graphs.  may differ in:  Characterization of states (interval states or clock states),  Agglomeration criteria of states,  Size  Three levels of abstraction

Reachability analysis of timed models Three levels of abstraction: 1 . Tim e abstraction θ t t s’ 1 s 1 s 2 s 1 s 2 OR θ t t s’ 1 s’ 1 s 1 s 2 s 1 s 2 2 . States reachable by the sam e firing sequence independently of their firing tim es are grouped in the sam e node. t3 t3 t2 t2 t2 t2 t1 t1 t1 t1 t3 t1 t1 t1 t2 t2 t1 t2 t2 t1 3 . The grouped states are then considered m odulo som e relation of equivalence  Abstract states ( state classes, state zones) 5 21-24 September, Infinity’10, Singapore

Reachability analysis of timed models  Finite reachability graphs for bounded {P,A,T}-TPN and timed automata  Reachability problem is decidable.  State explosion problem: Abstract states reached by different interleavings of the same set of transitions are in general not equal.  Abstraction by inclusion 5 ⊆ 6 4 t3 4 t3 2 t2 t2 5 2 t1 1 t1 1 t1 6 t1 3 t2 6 3 t2 6 21-24 September, Infinity’10, Singapore

Reachability analysis of timed models  Abstraction by convex-union 5 ∪ 6 is convex? 4 4 t3 t3 t2 2 2 t2 5 t1 t1 1 5 1 3 3 t1 t1 6 6 t2 t2  Convex-union abstractions are much more compact than inclusion abstractions  Test of convexity  very expensive operation: Smallest-enclosing-DBM (5,6) – 5 ⊆ 6 7 21-24 September, Infinity’10, Singapore

Reachability analysis of timed models  Approach of Maler et al. (2006): CCS-like composition of timed automata - compute abstract states in breadth-first manner, - group abstract states reached by different interleavings of the same set of transitions .  The union of abstract states reached by different interleavings of the same set of transitions is convex  Test of convexity is not needed t1 1 1 t1 t1 t3 t3 t2 t2 2 3 4 2 3 4 t2 t1 t3 t2 t3 t2 t1 t3 t2 t1 t3 5 6 7 8 9 10 5 10 6 7 8 9 t1 t2 t2 t3 t3 t1 t3 t2 t1 12 11 14 11 12 13 14 15 16 13 16 15 21-24 September, Infinity’10, Singapore 8 16 abstract states 12 abstract states

Interleaving in {P,A,T}-TPN P-TPN A-TPN T-TPN  Availability intervals of tokens  Implicit / explicit firing intervals  Firing intervals of transitions  Strong or weak time semantics  A transition cannot fire outside its firing interval  Strong time semantics  cannot loose its firability by time progression  Weak time semantics  may loose its firability by time progression  9 21-24 September, Infinity’10, Singapore

Interleaving in {P,A,T}-TPN What about expressiveness? More expressive model Some models are incomparable 10 21-24 September, Infinity’10, Singapore

Interleaving in P-TPN P-TPN model p [a,b]  A token created in p, at date θ , is (unless it is consumed):  unavailable in [ θ , θ +a [  State = (M, Deadp, Ip) available in [ a+ θ , b+ θ ]  dead token in ] b+ θ , ∞ [  A transition t is firable if all its required tokens are available.  Its firing takes no time.  21-24 September, Infinity’10, Singapore 11

Interleaving in P-TPN Semantics cannot over-pass State s = (M, Deadp, Ip) intervals of non dead (M,Deadp,Ip) --- d  (M,Deadp,Ip`) iff tokens  ∀ p ∈ M-Deadp, d ≤ ↑ Ip(p) and Ip’(p)=[Max(0, ↓ Ip(p)-d), ↑ Ip(p) – d] All tokens of t have (M,Deadp,Ip) --- t  (M’,Deadp,Ip’) iff (p1+ p2, ∅ ,  reached their I(p1) = [1,3], Pre(t) ⊆ M - Deadp, ∀ p ∈ Pre(t), ↓ Ip(p) =0 s0 intervals I(p2)=[2,4]) M’= (M – Pre(t)) ∪ Post(t), 2 1 ∀ p’ ∈ M’-Deadp, Ip’(p’)= Ip(p’) if p’ ∉ Post(t), (p1+ p2, ∅ , and Ip’(p’) = Isp(p’) otherwise. I(p1)=[0,1], (p1+ p2, ∅ , I(p2) = [0,2]) s1 … s2 I(p1) = [0,2], (M,Deadp,Ip) --- Err  (M, Deadp’,Ip`) iff  I(p2)=[1,3]) t1 No friable transition and no time progression t2 t1 from (M,Deadp,Ip) s3 Deadp’ = Deadp ∪ {p’ ∈ M-Deadp | ↑ Ip(p’)=0 }, s4 s5 (p2+ p3, ∅ , ∀ p’ ∈ M-Deadp’, (p1+ p4, ∅ , timelock state (p2+ p3, ∅ , I(p2) = [1,3], Ip’(p’)= Ip(p’). I(p1) = [0,1], I(p3)=[1,1]) I(p2) = [0,2], I(p4)=[2,2]) I(p3)=[1,1]) 21-24 September, Infinity’10, Singapore

Interleaving in P-TPN SCG (p1+ p2, ∅ , I(p1) = [1,3], I(p2)=[2,4]) s0 … 1 ≤ 3 ∧ 1 ≤ 4 2 ≤ 3 ∧ 2 ≤ 4 2 1 (p1+ p2, ∅ , (p1+ p2, ∅ , s1 s2 I(p1)=[0,1], I(p2) = [0,2]) I(p1) = [0,2], I(p2)=[1,3]) t1 t2 t1 s3 (p2+ p3, ∅ , (p1+ p4, ∅ , s5 I(p2) = [1,3], I(p3)=[1,1]) s4 I(p1) = [0,1], I(p4)=[2,2]) (p2+ p3, ∅ , I(p2) = [0,2], I(p3)=[1,1]) State class { states reached by the same firing sequence } = (M, Deadp, φ ) 21-24 September, Infinity’10, Singapore 13

Interleaving in P-TPN SCG State class = (M, Deadp, φ ) = { states reached by the same firing sequence }  (M, Deadp, φ ) –t-> (M’,Deadp’, φ ’) iff  φ ∧ /\ pf ∈ Pre(t), pi ∈ M-Deadp pf – pi ≤ 0 is consistent  M’ = (M – Pre(t)) ∪ Post(t), Deadp’= Deadp,  φ ’ ?  φ ’ = φ ∧ /\ pf ∈ Pre(t), pi ∈ M-Deadp pf – pi ≤ 0  Rename each pf s.t. pf ∈ Pre(t) in t  Add /\ pn ∈ Post(t), ↓ Isp(pn) ≤ pn – t ≤ ↑ Isp(pn)  Replace each pi by pi + t and eliminate pi.  SCG is finite for all bounded P-TPNs and preserves linear properties  14 21-24 September, Infinity’10, Singapore

Interleaving in P-TPN SCG (p1+ p2, ∅ , c0 1 ≤ p1 ≤ 3 ∧ 2 ≤ p2 ≤ 4) t2 1 ≤ p1 ≤ 3 ∧ 2 ≤ p2 ≤ 4 1 ≤ p1 ≤ 3 ∧ 2 ≤ p2 ≤ 4 t1 ∧ p2 ≤ p1 ∧ p2 ≤ p1 (p2+ p3, ∅ , (p1+ p4, ∅ , 0 ≤ p2 ≤ 3 ∧ p3 = 1) c1 c2 0 ≤ p1 ≤ 1 ∧ p4 = 2) t1 t2 (p3+ p4, ∅ , c3 ≠ c4 (p3+ p4, ∅ , 0 ≤ p3 ≤ 1 ∧ p4 = 2) c3 ⊄ c4 c3 c4 p3 = 1 ∧ 1 ≤ p4 ≤ 2) c4 ⊄ c3 c3 ∪ c4 is not convex In the P-TPN SCG, the union of state classes reached by different  interleavings of the same set of transitions is not necessarily convex. 21-24 September, Infinity’10, Singapore 15

Interleaving in P-TPN CSCG  CSCG is the quotient graph of the SCG w.r.t. ≈ : (M, Deadp, φ ) ≈ (M’, Deadp’, φ ’) M= M’, Deadp = Deadp’ and φ ’ and φ ’ have the same triangular constraints (p1+ p2, ∅ ,  ≈ is a bisimulation over the SCG -3 ≤ p1 - p2 ≤ 1) c0 -3 ≤ p1 - p2 ≤ 1 t2 -3 ≤ p1 - p2 ≤ 1 ∧ p2 - p1 ≤ 0 t1 ∧ p2 - p1 ≤ 0 (p2+ p3, ∅ , (p1+ p4, ∅ , -1 ≤ p2 - p3 ≤ 2) c1 c2 -2 ≤ p1 - p4 ≤ -1) t1 t2 (p3+ p4, ∅ , (p3+ p4, ∅ , -2 ≤ p3 - p4 ≤ -1) c3 C4 -1 ≤ p3 -p4 ≤ 0) 21-24 September, Infinity’10, Singapore 16

Interleaving in P-TPN CSCG (p1+ p2, ∅ , -3 ≤ p1 - p2 ≤ 1) c0 -3 ≤ p1 - p2 ≤ 1 t2 -3 ≤ p1 - p2 ≤ 1 ∧ p2 - p1 ≤ 0 t1 ∧ p2 - p1 ≤ 0 (p2+ p3, ∅ , (p1+ p4, ∅ , -1 ≤ p2 - p3 ≤ 2) c1 c2 -2 ≤ p1 - p4 ≤ -1) t1 t2 (p3+ p4, ∅ , (p3+ p4, ∅ , -2 ≤ p3 - p4 ≤ -1) c3 C4 -1 ≤ p3 -p4 ≤ 0) c3 ≠ c4 c3 ⊄ c4 c4 ⊄ c3 Theorem c3 ∪ c4 is convex In the P-TPN CSCG, the union of state classes reached by different interleavings of the same set of transitions is convex. 21-24 September, Infinity’10, Singapore 17

Interleaving in A-TPN A-TPN model (p,t) [a,b]  A token created in p, at date θ , is (unless it is consumed):  unavailable in [ θ , θ +a [ for t  State = (M, Deada, Ia) available in [ a+ θ , b+ θ ] for t  dead token in ] b+ θ , ∞ [ for t  A transition t is firable if all its input arcs are available.  Its firing takes no time.  21-24 September, Infinity’10, Singapore 18