Petri Net — Unfolding Semantics U N N p 4 p 4 p 2 p 6 p 1 p 5 t 1 t 1 t 2 t 5 t 4 p 2 p 1 p 3 p 7 p 5 t 3 t 6 Copy initial marking Repeat: Find transition t and conditions X s.t.: X is coverable h ( X ) = • t Add copy of t , with preset X , and copy of t • Until no such t and X can be found C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 7 / 38
Petri Net — Unfolding Semantics U N N p 4 p 4 p 2 p 6 p 1 p 5 t 1 t 4 t 1 t 2 t 5 t 4 p 2 p 1 p 3 p 7 p 5 t 3 t 6 Copy initial marking Repeat: Find transition t and conditions X s.t.: X is coverable h ( X ) = • t Add copy of t , with preset X , and copy of t • Until no such t and X can be found C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 7 / 38
Petri Net — Unfolding Semantics U N N p 4 p 4 p 2 p 6 p 1 p 5 t 1 t 4 t 1 t 2 t 5 t 4 p 2 p 6 p 1 p 3 p 7 p 5 t 3 t 6 Copy initial marking Repeat: Find transition t and conditions X s.t.: X is coverable h ( X ) = • t Add copy of t , with preset X , and copy of t • Until no such t and X can be found C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 7 / 38
Petri Net — Unfolding Semantics U N N p 4 p 4 p 2 p 6 p 1 p 5 t 1 t 4 t 1 t 2 t 5 t 4 p 2 p 6 p 1 p 3 p 7 p 5 t 2 t 3 t 6 Copy initial marking Repeat: Find transition t and conditions X s.t.: X is coverable h ( X ) = • t Add copy of t , with preset X , and copy of t • Until no such t and X can be found C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 7 / 38
Petri Net — Unfolding Semantics U N N p 4 p 4 p 2 p 6 p 1 p 5 t 1 t 4 t 1 t 2 t 5 t 4 p 2 p 6 p 1 p 3 p 7 p 5 t 2 t 3 t 6 p 3 Copy initial marking Repeat: Find transition t and conditions X s.t.: X is coverable h ( X ) = • t Add copy of t , with preset X , and copy of t • Until no such t and X can be found C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 7 / 38
Petri Net — Unfolding Semantics U N N p 4 p 4 p 2 p 6 p 1 p 5 t 1 t 4 t 1 t 2 t 5 t 4 p 2 p 6 p 1 p 3 p 7 p 5 t 2 t 5 t 3 t 6 p 3 p 7 Copy initial marking Repeat: Find transition t and conditions X s.t.: X is coverable h ( X ) = • t Add copy of t , with preset X , and copy of t • Until no such t and X can be found C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 7 / 38
Petri Net — Unfolding Semantics U N N p 4 p 4 p 2 p 6 p 1 p 5 t 1 t 4 t 1 t 2 t 5 t 4 p 2 p 6 p 1 p 3 p 7 p 5 t 2 t 5 t 3 t 6 p 3 p 7 Copy initial marking t 3 Repeat: p 4 Find transition t and conditions X s.t.: p 1 X is coverable h ( X ) = • t Add copy of t , with preset X , and copy of t • Until no such t and X can be found C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 7 / 38
Petri Net — Unfolding Semantics U N N p 4 p 4 p 2 p 6 p 1 p 5 t 1 t 4 t 1 t 2 t 5 t 4 p 2 p 6 p 1 p 3 p 7 p 5 t 2 t 5 t 3 t 6 p 3 p 7 Copy initial marking t 3 Repeat: p 4 Find transition t and conditions X s.t.: p 1 X is coverable h ( X ) = • t t 5 Add copy of t , with preset X , and copy of t • Until no such t and X can be found p 7 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 7 / 38
Petri Net — Unfolding Semantics U N N p 4 p 4 p 2 p 6 p 1 p 5 t 1 t 4 t 1 t 2 t 5 t 4 p 2 p 6 p 1 p 3 p 7 p 5 t 2 t 5 t 3 t 6 p 3 p 7 Copy initial marking t 3 Repeat: p 4 Find transition t and conditions X s.t.: p 1 X is coverable h ( X ) = • t t 5 Add copy of t , with preset X , and copy of t • . . . . . . Until no such t and X can be found . . . p 7 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 7 / 38
Verification with Unfoldings: Finite, Complete Prefixes U N is the result of unfolding ‘as much as possible’ Finite unfolding prefix P N results if you stop construction C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 8 / 38
Verification with Unfoldings: Finite, Complete Prefixes U N is the result of unfolding ‘as much as possible’ Finite unfolding prefix P N results if you stop construction If N has finitely many reachable markings. . . C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 8 / 38
Verification with Unfoldings: Finite, Complete Prefixes U N is the result of unfolding ‘as much as possible’ Finite unfolding prefix P N results if you stop construction Definition Prefix P N is marking-complete if: for all marking m reachable in N , there is marking ˜ m reachable in P N such that h ( ˜ m ) = m . If N has finitely many reachable markings. . . C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 8 / 38
Verification with Unfoldings: Finite, Complete Prefixes U N is the result of unfolding ‘as much as possible’ Finite unfolding prefix P N results if you stop construction Definition Prefix P N is marking-complete if: for all marking m reachable in N , there is marking ˜ m reachable in P N such that h ( ˜ m ) = m . If N has finitely many reachable markings. . . Some finite and marking-complete P N exists P N : symbolic representation of reachability graph Reachability of N is: PSPACE-complete in N NP-complete in P N Linear in reachability graph C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 8 / 38
Unfoldings Cope with Concurrency p 1 p 3 p 5 t 2 t 1 t 4 t 3 t 6 t 5 p 2 p 4 p 6 2 3 reachable markings C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 9 / 38
Unfoldings Cope with Concurrency p 1 p 3 p 5 t 2 t 1 t 4 t 3 t 6 t 5 p 2 p 4 p 6 { p 2 , p 4 , p 5 } { p 2 , p 4 , p 6 } t 5 , t 6 t 3 , t 4 t 3 , t 4 2 3 reachable markings { p 2 , p 3 , p 5 } { p 2 , p 3 , p 6 } t 5 , t 6 t 1 , t 2 t 1 , t 2 And 2 n if n processes t 5 , t 6 { p 1 , p 4 , p 5 } { p 1 , p 4 , p 6 } t 1 , t 2 t 1 , t 2 t 3 , t 4 t 3 , t 4 { p 1 , p 3 , p 5 } { p 1 , p 3 , p 6 } t 5 , t 6 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 9 / 38
Unfoldings Cope with Concurrency p 1 p 3 p 5 c 1 / p 1 c 3 / p 3 c 5 / p 5 e 1 / t 1 e 2 / t 3 e 2 / t 5 t 2 t 1 t 4 t 3 t 6 t 5 p 2 p 4 p 6 c 2 / p 2 c 4 / p 4 c 6 / p 6 { p 2 , p 4 , p 5 } { p 2 , p 4 , p 6 } t 5 , t 6 t 3 , t 4 t 3 , t 4 2 3 reachable markings { p 2 , p 3 , p 5 } { p 2 , p 3 , p 6 } t 5 , t 6 t 1 , t 2 t 1 , t 2 And 2 n if n processes t 5 , t 6 { p 1 , p 4 , p 5 } { p 1 , p 4 , p 6 } Unfolding is of linear size t 1 , t 2 t 1 , t 2 t 3 , t 4 t 3 , t 4 { p 1 , p 3 , p 5 } { p 1 , p 3 , p 6 } t 5 , t 6 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 9 / 38
System Property to verify Modelling Formalization System model State-space exploration Kripke structure K Specification φ Check whether K | = φ Counterexample / Correct C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 10 / 38
Model Checking with Net Unfoldings Concurrent system Property to verify Modelling Formalization Petri Net Unfolding construction Complete prefix Reachability / LTL Unfolding analysis Counterexample / Correct C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 10 / 38
Model Checking with Net Unfoldings Unfolding construction Initially proposed by Ken McMillan [McMillan 92] Size of the prefix reduced [Esparza, R¨ omer, Vogler 96] Canonical prefixes [Khomenko, Koutny, Vogler 02] Comprehensive account [Esparza, Heljanko 08] Unfolding analysis Reachability and deadlock [McMillan 92], [Melzer, R¨ omer 97], [Heljanko 99], [Khomenko,Koutny 00] LTL-X [Esparza, Heljanko 01] C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 10 / 38
Improving Unfolding-based Verification: Outline Concurrent read access Sequences of choices Unfolding construction for nets with Integration with merged processes read arcs SAT-based reachability analysis SAT-based reachability analysis Characterization of mp-configurations Reduction of size: adequate orders Experimental evaluation Experimental evaluation C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 11 / 38
Improving Unfolding-based Verification: Outline Concurrent read access Sequences of choices Unfolding construction for nets with Integration with merged processes read arcs SAT-based reachability analysis SAT-based reachability analysis Characterization of mp-configurations Reduction of size: adequate orders Experimental evaluation Experimental evaluation Fault diagnosis (for conventional Petri nets) Generalization to partially-ordered observations Integration of fairness assumptions C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 11 / 38
Improving Unfolding-based Verification: Outline Concurrent read access Sequences of choices Unfolding construction for nets with Integration with merged processes read arcs SAT-based reachability analysis SAT-based reachability analysis Characterization of mp-configurations Reduction of size: adequate orders Experimental evaluation Experimental evaluation Fault diagnosis (for conventional Petri nets) Generalization to partially-ordered observations Integration of fairness assumptions C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 11 / 38
Concurrent Read Access and Unfoldings Thread 1 Thread 2 l1: while (a) l3: while (a) l2: work; l4: work; l 1 l 3 a w ′ s ′ s w l 2 l 4 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 12 / 38
Concurrent Read Access and Unfoldings Thread 1 Thread 2 l1: while (a) l3: while (a) l2: work; l4: work; l 1 l 3 a w ′ s ′ s w l 2 l 4 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 12 / 38
Concurrent Read Access and Unfoldings Thread 1 Thread 2 l1: while (a) l3: while (a) l2: work; l4: work; l 1 l 3 a w ′ w a a w ′ w a a l 2 l 2 l 4 l 4 s ′ s ′ s s l 1 l 1 l 3 l 3 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 12 / 38
Concurrent Read Access and Unfoldings Thread 1 Thread 2 l1: while (a) l3: while (a) l2: work; l4: work; l 1 l 3 a w ′ s ′ s w l 2 l 4 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 12 / 38
Concurrent Read Access and Unfoldings Thread 1 Thread 2 l1: while (a) l3: while (a) l2: work; l4: work; l 1 l 3 a w ′ s ′ s w l 2 l 4 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 12 / 38
Concurrent Read Access and Unfoldings Thread 1 Thread 2 l1: while (a) l3: while (a) l2: work; l4: work; l 1 l 3 a w ′ w l 2 l 4 s s ′ l 1 l 3 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 12 / 38
Contextual Nets (c-nets) Contextual nets: Petri nets + read arcs p p t 1 t 2 t 1 t 2 t t Transitions (and places) have context: t 1 = { p } , p = { t 1 , t 2 } Assumptions: interleaving semantics and finite-state contextual net [Montanari, Rossi 95] C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 13 / 38
Contextual Unfoldings Contextual unfoldings can be more compact but have richer structure t 3 t 4 t 1 t 3 t 5 t 1 t 2 t 4 t 6 t 2 t 6 . . . . . . t 5 . . . e ′ occurs ⇒ e occurs before Causality: e < e ′ iff [Baldan, Corradini, Montanari 98] [Vogler, Semenov, Yakovlev 98] C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 14 / 38
Contextual Unfoldings Contextual unfoldings can be more compact but have richer structure t 3 t 4 t 1 t 3 t 5 t 1 t 2 t 4 t 6 t 2 t 6 . . . . . . t 5 . . . e ′ occurs ⇒ e occurs before Causality: e < e ′ iff e and e ′ occur ⇒ e occurs before Asymmetric conflict: e ր e ′ iff Configuration: set of events, causally-closed and ր -acyclic [Baldan, Corradini, Montanari 98] [Vogler, Semenov, Yakovlev 98] C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 14 / 38
Constructing Ordinary Unfoldings U N N p 4 p 4 p 2 p 6 p 1 p 5 t 1 t 4 t 1 t 2 t 5 t 4 p 2 p 6 p 1 p 3 p 7 p 5 t 2 t 5 t 3 t 6 p 3 p 7 Copy initial marking t 3 t 6 Repeat: p 4 p 4 Find transition t and conditions X s.t.: p 1 p 5 X is coverable h ( X ) = • t t 1 t 4 t 2 t 5 Add copy of t , with preset X , and copy of p 2 p 6 t • p 3 p 7 Until no such t and X can be found . . . . . . . . . . . . C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 15 / 38
Constructing Ordinary Unfoldings For ordinary Petri nets, Definition Conditions c , c ′ are concurrent, c � c ′ , iff some run marks them both. Proposition Conditions c 1 , . . . , c n are coverable iff c i � c j holds for all i , j ∈ { 1 , . . . , n } Conventional unfolders: Compute and store relation � as the unfolding construction progresses Use it to decide coverability of multiple conditions [Esparza, R¨ omer 99] C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 15 / 38
However, for contextual unfoldings. . . . . . the same approach does not work: c 1 c 2 e 1 c 3 e 2 c 4 e 3 c 5 c 6 c 4 � c 5 and c 4 � c 6 and c 5 � c 6 but { c 4 , c 5 , c 6 } is not coverable Cycle e 1 ր e 2 ր e 3 ր e 1 of asymmetric conflict C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 16 / 38
Annotating Conditions with Histories [R., Schwoon, Baldan 11] In short, the solution proposed: Keeps track of conditions enriched with histories Defines � on these enriched conditions, instead of plain conditions Constructs � as unfolding progresses thanks to a characterization of � C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 17 / 38
Annotating Conditions with Histories [R., Schwoon, Baldan 11] Definition Any configuration H is a history of e if: e ∈ H 1 Any run of the events of H fires e last 2 c 1 c 5 e 1 e 3 c 2 c 6 e 4 e 6 e 2 c 7 c 3 c 8 e 5 c 4 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 17 / 38
Annotating Conditions with Histories [R., Schwoon, Baldan 11] Definition { e 3 , e 4 } ✓ Any configuration H is a history of e if: e ∈ H 1 Any run of the events of H fires e last 2 c 1 c 5 e 1 e 3 c 2 c 6 e 4 e 6 e 2 c 7 c 3 c 8 e 5 c 4 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 17 / 38
Annotating Conditions with Histories [R., Schwoon, Baldan 11] Definition { e 3 , e 4 } ✓ { e 1 , e 3 , e 4 } ✗ (run e 3 e 4 e 1 ) Any configuration H is a history of e if: e ∈ H 1 Any run of the events of H fires e last 2 c 1 c 5 e 1 e 3 c 2 c 6 e 4 e 6 e 2 c 7 c 3 c 8 e 5 c 4 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 17 / 38
Annotating Conditions with Histories [R., Schwoon, Baldan 11] Definition { e 3 , e 4 } ✓ { e 1 , e 3 , e 4 } ✗ (run e 3 e 4 e 1 ) Any configuration H is a history of e if: { e 1 , e 6 , e 3 , e 4 } ✓ ( e 6 ր e 3 ) e ∈ H 1 Any run of the events of H fires e last 2 c 1 c 5 e 1 e 3 c 2 c 6 e 4 e 6 e 2 c 7 c 3 c 8 e 5 c 4 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 17 / 38
Annotating Conditions with Histories [R., Schwoon, Baldan 11] Definition { e 3 , e 4 } ✓ { e 1 , e 3 , e 4 } ✗ (run e 3 e 4 e 1 ) Any configuration H is a history of e if: { e 1 , e 6 , e 3 , e 4 } ✓ ( e 6 ր e 3 ) e ∈ H 1 Any run of the events of H fires e last 2 c 1 c 5 { e 1 } { e 3 } e 1 e 3 { e 3 , e 1 , e 6 } c 2 c 6 { e 3 , e 4 } e 4 { e 1 , e 6 } e 6 { e 3 , e 4 , e 1 , e 2 } e 2 { e 3 , e 1 , e 6 , e 4 } c 7 c 3 c 8 { e 1 , e 6 , e 5 } e 5 c 4 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 17 / 38
Annotating Conditions with Histories [R., Schwoon, Baldan 11] Definition Enriched prefix: label condition c with histories of • c and c Any configuration H is a history of e if: e ∈ H 1 Any run of the events of H fires e last 2 c 1 c 5 { e 1 } { e 3 } e 1 e 3 { e 3 , e 1 , e 6 } c 2 c 6 { e 3 , e 4 } e 4 { e 1 , e 6 } e 6 { e 3 , e 4 , e 1 , e 2 } e 2 { e 3 , e 1 , e 6 , e 4 } c 7 c 3 c 8 { e 1 , e 6 , e 5 } e 5 c 4 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 17 / 38
Annotating Conditions with Histories [R., Schwoon, Baldan 11] Definition Enriched prefix: label condition c with histories of • c and c Any configuration H is a history of e if: e ∈ H 1 Enriched conditions: pairs � c , H � Any run of the events of H fires e last 2 c 1 c 5 { e 1 } { e 3 } e 1 e 3 { e 3 , e 1 , e 6 } c 2 c 6 { e 3 , e 4 } e 4 { e 1 , e 6 } e 6 { e 3 , e 4 , e 1 , e 2 } e 2 { e 3 , e 1 , e 6 , e 4 } c 7 c 3 c 8 { e 1 , e 6 , e 5 } e 5 c 4 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 17 / 38
Annotating Conditions with Histories [R., Schwoon, Baldan 11] Definition Enriched prefix: label condition c with histories of • c and c Any configuration H is a history of e if: e ∈ H 1 Enriched conditions: pairs � c , H � Any run of the events of H fires e last 2 {} c 1 c 5 {} { e 1 , e 6 } { e 1 } { e 3 } e 1 e 3 { e 3 , e 1 , e 6 } { e 1 } { e 3 } c 2 c 6 { e 3 , e 1 , e 6 } { e 3 , e 4 } { e 3 , e 1 , e 2 } e 4 { e 1 , e 6 } e 6 { e 3 , e 4 , e 1 , e 2 } e 2 { e 3 , e 1 , e 6 , e 4 } { e 1 , e 6 } c 7 { e 3 , e 4 } c 3 c 8 { e 3 , e 4 , e 1 , e 2 } { e 1 , e 6 , e 5 } e 5 { e 3 , e 1 , e 6 , e 4 } { e 1 , e 3 , e 2 } { e 1 , e 6 , e 5 } c 4 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 17 / 38
A Concurrency Relation for c-nets [R., Schwoon, Baldan 11] Definition Two enriched conditions ρ = � c , H � and ρ ′ = � c ′ , H ′ � are concurrent, written ρ � ρ ′ , iff: c , c ′ ∈ ( H ∪ H ′ ) • H not in conflict with H ′ and C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 18 / 38
A Concurrency Relation for c-nets [R., Schwoon, Baldan 11] Definition Two enriched conditions ρ = � c , H � and ρ ′ = � c ′ , H ′ � are concurrent, written ρ � ρ ′ , iff: c , c ′ ∈ ( H ∪ H ′ ) • H not in conflict with H ′ and Proposition Conditions c 1 , . . . , c n coverable iff there are histories H 1 , . . . , H n verifying � c i , H i � � � c j , H j � for all i , j ∈ { 1 , . . . , n } . C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 18 / 38
A Concurrency Relation for c-nets [R., Schwoon, Baldan 11] Definition Two enriched conditions ρ = � c , H � and ρ ′ = � c ′ , H ′ � are concurrent, written ρ � ρ ′ , iff: c , c ′ ∈ ( H ∪ H ′ ) • H not in conflict with H ′ and Proposition Conditions c 1 , . . . , c n coverable iff there are histories H 1 , . . . , H n verifying � c i , H i � � � c j , H j � for all i , j ∈ { 1 , . . . , n } . Proposition Let ρ = � c , H � and e be the last enriched condition and event appended to the prefix, let ρ ′ = � c ′ , H ′ � be an arbitrary enriched condition. Then, � � n ρ � ρ ′ ⇐ ⇒ ( c ′ ∈ e • ∧ H = H ′ ) ∨ c ′ / • e ∩ H ′ ⊆ H � ∈ • e ∧ ( ρ i � ρ ′ ) ∧ i =1 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 18 / 38
Challenges and The Cunf Tool [R., Schwoon 13] Contextual unfoldings can be more compact, but Extra bookkeeping work for histories Prefix + histories: asymptotically same size as PR-unfolding Driving questions Is contextual unfolding as efficient? For realistic cases, more compact? How do the various unfolding approaches compare? The unfolder Cunf Asymmetric concurrency + dozen optimizations Robust tool, 7KLOC of C Integrated in Cosyverif environment (soon: TAPAAL and CPROVER) C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 19 / 38
Experimental Results: Unfolding Construction Contextual Ordinary Ratios Net Events t C Events t P t C / t P t C / t R 1866 0.14 12900 0.51 0.27 0.54 bds 1.sync 8044 2.90 14724 3.40 0.85 0.55 byzagr4 1b 50928 34.21 83889 76.74 0.45 0.30 ftp 1.sync 95335 18.34 146606 40.39 0.45 0.42 furnace 4 4754 6.33 67954 2.21 2.86 1.47 key 4.fsa 14490 0.45 15401 0.38 1.18 0.65 rw 1w3r 10722 1.13 10722 1.21 0.93 0.52 q 1.sync 10457 0.91 10457 0.88 1.03 0.92 dpd 7.sync 16856 1.26 16856 2.01 0.63 > 0.01 elevator 4 98361 3.10 98361 3.95 0.78 0.41 rw 12.sync 9241 0.40 9241 0.30 1.33 0.04 rw 2w1r C-net unfolding smaller or equal ordinary unfoldings In general faster than plain encoding Consistently faster than place-replication ( t R ) [R., Schwoon, Baldan 11] [R., Schwoon 13] C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 20 / 38
Model Checking with Net Unfoldings Concurrent system Property to verify Modelling Formalization Petri Net Unfolding construction Net unfolding Reachability/deadlock Unfolding analysis Counterexample / Correct C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 21 / 38
Reachability Analysis with c-net Unfoldings [R., Schwoon 12] Recall For marking-complete prefix P N , deciding reachability of N is NP-complete Reduction to SAT Encodes existence of a configuration Acyclicity constraint for ր is problematic Results Three optimizations to mitigate effects of acyclicity constraint Structural optimizations + logical simplification Tool Cna Experimental evaluation: method is practical and beats established approach on standard benchmark C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 22 / 38
Improving Unfolding-based Verification: Outline Concurrent read access Sequences of choices Unfolding construction for nets with Integration with merged processes read arcs SAT-based reachability analysis SAT-based reachability analysis Characterization of mp-configurations Reduction of size: adequate orders Experimental evaluation Experimental evaluation Fault diagnosis (for conventional Petri nets) Generalization to partially-ordered observations Integration of fairness assumptions C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 23 / 38
Improving Unfolding-based Verification: Outline Concurrent read access Sequences of choices Unfolding construction for nets with Integration with merged processes read arcs SAT-based reachability analysis SAT-based reachability analysis Characterization of mp-configurations Reduction of size: adequate orders Experimental evaluation Experimental evaluation Fault diagnosis (for conventional Petri nets) Generalization to partially-ordered observations Integration of fairness assumptions C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 23 / 38
Unfoldings Suffer from Conflicting Choices p 1 p 1 u 1 t 1 u 1 t 1 p 2 p 2 q 2 p 2 q 2 t 2 u 2 u 2 t 2 u 2 t 2 p 3 p 3 p 3 q 3 p 3 p 3 . q 3 q 3 q 3 . . . . . . . . . . . . . . . . . . . . . . . . . . p n 2 n copies of place p n +1 u n t n q n +1 p n +1 All events reach different markings, no event is a cutoff The prefix is exponential C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 24 / 38
Combining Two Methods We integrate two partial-order representations: Contextual unfoldings: address concurrent read access Merged Processes: address sequences of conflicts [Khomenko et al. 05] C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 25 / 38
Combining Two Methods We integrate two partial-order representations: Contextual unfoldings: address concurrent read access Merged Processes: address sequences of conflicts [Khomenko et al. 05] These methods address orthogonal sources of state explosion: p 1 p 1 u 1 t 1 u 1 t 1 p 2 p 2 q 2 p 2 q 2 t 2 u 2 u 2 t 2 u 2 t 2 p 3 p 3 p 3 q 3 p 3 p 3 . . q 3 q 3 q 3 . . . . . . . . . . . . . . . . . . . . . . . . . p n u n t n q n +1 p n +1 Net = Merged Process (Contextual) Unfolding C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 25 / 38
Combining Two Methods We integrate two partial-order representations: Contextual unfoldings: address concurrent read access Merged Processes: address sequences of conflicts [Khomenko et al. 05] These methods address orthogonal sources of state explosion: p n p 1 . . . t 1 . . . t n t 1 t n p 1 p n p 1 p n t t t t t C-net = Contextual unfolding Merged Process C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 25 / 38
Combining Two Methods We integrate two partial-order representations: Contextual unfoldings: address concurrent read access Merged Processes: address sequences of conflicts [Khomenko et al. 05] Resulting method: Contextual Merged Processes (CMPs) C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 25 / 38
Contextual Merged Processes: Main Idea Definition [R., Schwoon, Khomenko 13] The Contextual Merged Process (CMP) of the unfolding prefix P N is the labelled c-net M N resulting from Merging all conditions with same occurrence depth and label 1 Eliminating duplicated events 2 1 1 1 1 1 1 p 1 1 t 1 t 2 2 2 t 2 3 3 1 3 1 1 1 1 1 1 1 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 26 / 38
CMPs are in General not Acyclic P N M N N p 1 1 1 t 1 t 2 p 4 p 2 p 3 p 5 1 1 1 1 1 1 1 1 t 3 t 4 1 1 2 2 2 2 Problem: CMPs have loops, transitions may fire more than once Prevents direct application of SAT-based analysis methods C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 27 / 38
CMPs are in General not Acyclic P N M N N Problem: CMPs have loops, transitions may fire more than once Prevents direct application of SAT-based analysis methods C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 27 / 38
Acyclic Runs in CMPs [R., Schwoon, Khomenko 13] Proposition If P N is marking-complete then, N ’s state-space is represented by M N ’s ր -acyclic runs Corollary: reachability of N is NP-complete on P N C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 28 / 38
Acyclic Runs in CMPs [R., Schwoon, Khomenko 13] Proposition If P N is marking-complete then, N ’s state-space is represented by M N ’s ր -acyclic runs Corollary: reachability of N is NP-complete on P N Acyclicity of ր prevents both Contextual cycles involving read arcs (from c-net unfoldings) Cycles of causality (from merging) C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 28 / 38
Acyclic Runs in CMPs [R., Schwoon, Khomenko 13] Proposition If P N is marking-complete then, N ’s state-space is represented by M N ’s ր -acyclic runs Corollary: reachability of N is NP-complete on P N Acyclicity of ր prevents both Contextual cycles involving read arcs (from c-net unfoldings) Cycles of causality (from merging) Additional results Reduction to SAT of reachability queries on N Encoding of mp-configurations into SAT (for direct construction) C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 28 / 38
Experiments with CMPs: Corbett Benchmarks Benchmark Unfolding Merged Process Name | T | Plain Contextual Plain Contextual 59 21.73 5.73 1.14 44 Bds 165 3.22 1.64 1.44 127 Brujin 409 46.11 25.57 1.03 303 Byz Ftp 529 85.74 82.51 1.05 455 Knuth 137 2.88 1.59 1.31 112 Dme (8) 392 10.64 10.64 1.04 360 Dme (10) 490 15.53 15.53 1.04 450 Elev (3) 783 6.48 6.48 1.00 346 Elev (4) 1939 11.38 11.38 1.00 841 Key (2) 92 3.92 1.82 2.50 105 Key (3) 133 19.93 4.33 4.13 186 Key (4) 174 113.82 12.54 5.26 290 Mmgt (3) 172 4.01 4.01 1.00 355 Mmgt (4) 232 11.68 11.68 1.00 638 [R., Schwoon, Khomenko 13] C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 29 / 38
CMPs of Dijkstra’s Mutual Exclusion Algorithm b[0] = false; b[1] = false; while (k != 0) { while (k != 1) { if (b[k]) k = 0; if (b[k]) k = 1; } } ... ... /* critical section */ /* critical section */ ... ... [R., Schwoon, Khomenko 13] C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 30 / 38
CMPs of Dijkstra’s Mutual Exclusion Algorithm b[0] = false; b[1] = false; while (k != 0) { while (k != 1) { if (b[k]) k = 0; if (b[k]) k = 1; } } ... ... /* critical section */ /* critical section */ ... ... b 0 := f k = 0? c 0 := f ∀ j � = 0 , c j = t ? b 0 := t ; c 0 := t l 1 , 0 l 4 , 0 l 0 , 0 l 5 , 0 l 6 , 0 b 1 = t k =1 c 0 = t c 1 = f ? k = 0 c 0 = f b 0 = t b 0 = f c 1 = f c 1 = t k = 1 , b k = t ? k = 1? k := 0 c 0 := t l 3 , 0 l 2 , 0 [R., Schwoon, Khomenko 13] C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 30 / 38
CMPs of Dijkstra’s Mutual Exclusion Algorithm Net Unfoldings Merged Processes n | T | Petri Net C-net Petri Net C-net 2 18 54 35 42 31 3 36 371 131 113 64 4 60 2080 406 220 105 5 90 10463 1139 375 155 6 126 49331 3000 589 214 ∝ m 1 . 5 ∝ 5 m ∝ 3 m m ∝ m b 0 := f k = 0? c 0 := f ∀ j � = 0 , c j = t ? b 0 := t ; c 0 := t l 1 , 0 l 4 , 0 l 0 , 0 l 5 , 0 l 6 , 0 b 1 = t k =1 c 0 = t c 1 = f ? k = 0 c 0 = f b 0 = t b 0 = f c 1 = f c 1 = t k = 1 , b k = t ? k = 1? k := 0 c 0 := t l 3 , 0 l 2 , 0 [R., Schwoon, Khomenko 13] C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 30 / 38
Improving Unfolding-based Verification: Outline Concurrent read access Sequences of choices Unfolding construction for nets with Integration with merged processes read arcs SAT-based reachability analysis SAT-based reachability analysis Characterization of mp-configurations Reduction of size: adequate orders Experimental evaluation Experimental evaluation Fault diagnosis (for conventional Petri nets) Generalization to partially-ordered observations Integration of fairness assumptions C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 31 / 38
Improving Unfolding-based Verification: Outline Concurrent read access Sequences of choices Unfolding construction for nets with Integration with merged processes read arcs SAT-based reachability analysis SAT-based reachability analysis Characterization of mp-configurations Reduction of size: adequate orders Experimental evaluation Experimental evaluation Fault diagnosis (for conventional Petri nets) Generalization to partially-ordered observations Integration of fairness assumptions C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 31 / 38
Diagnosis — Classical Approach Partially-observable system S [Sampath, Sengupata, Lafortune, Sinnamohideen, Teneketzis 95] C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 32 / 38
Diagnosis — Classical Approach Partially-observable system S Observation a b g [Sampath, Sengupata, Lafortune, Sinnamohideen, Teneketzis 95] C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 32 / 38
Diagnosis — Classical Approach 1 1 1 a a f 7 7 2 b f a 11 8 3 g b b 12 9 4 g g 10 5 Partially-observable system S Explanations expl ( abg ) Observation a b g [Sampath, Sengupata, Lafortune, Sinnamohideen, Teneketzis 95] C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 32 / 38
Diagnosis — Classical Approach 1 1 1 a a f 7 7 2 b f a 11 8 3 g b b 12 9 4 g g 10 5 Partially-observable system S Explanations expl ( abg ) Observation a b g Diagnosis problems: Any/some run that explains the observation contains a fault? [Sampath, Sengupata, Lafortune, Sinnamohideen, Teneketzis 95] C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 32 / 38
Diagnosis — Classical Approach 1 1 1 a a f 7 7 2 b f a 11 8 3 g b b 12 9 4 g g 10 5 Partially-observable system S Explanations Diagnoser S d expl ( abg ) Observation a b g Diagnosis problems: Any/some run that explains the observation contains a fault? [Sampath, Sengupata, Lafortune, Sinnamohideen, Teneketzis 95] C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 32 / 38
Diagnosis — Unfolding-based Approach t 1 t 3 t 2 t 1 t 3 t 4 t 1 t 6 t 5 t 6 t 3 t 3 t 6 Partially-observable system S Explanations Diagnoser S d Observation: sequential or partially-ordered [Benveniste, Fabre, Haar, Jard 03] C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 33 / 38
Contribution [SSLST95] [BFHJ03] Interleaving explosion ✗ ✓ Partial-order observations ✗ ✓ Unobservable loops ✗ ✗ [SSLST95]: Sampath, Sengupata, Lafortune, Sinnamohideen, Teneketzis 95 [BFHJ03]: Benveniste, Fabre, Haar, Jard 03 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 34 / 38
Contribution [SSLST95] [BFHJ03] [EK12] Interleaving explosion ✗ ✓ ✓ Partial-order observations ✗ ✓ ✗ Unobservable loops ✗ ✗ ✓ [SSLST95]: Sampath, Sengupata, Lafortune, Sinnamohideen, Teneketzis 95 [BFHJ03]: Benveniste, Fabre, Haar, Jard 03 [EK12]: Esparza, Kern 12 C´ esar Rodr´ ıguez (ENS Cachan) Verification Based on Contextual Unfoldings December 12, 2013 34 / 38
Recommend
More recommend