well structured transition systems and extended petri
play

Well-Structured Transition Systems and Extended Petri Nets An - PowerPoint PPT Presentation

Well-Structured Transition Systems and Extended Petri Nets An Introduction Jean-Franois Raskin ULB AVACS Spring School - Oldenburg - March 2010 Friday 19 March 2010 Plan of the talk Parametric systems - Parametric verification


  1. Predicate transformer for TS • Predicate transformers: • Post(c)= { c’ | c ⟹ c’ } • As usual, for S ⊆ C, we write Post(S) for ∪ c ∈ S Post(c). • Post 1 =Post and Post i =Post ◦ Post i-1 and Post * = ∪ i ≥ 0 Post i . • Reach(T)=Post * (c 0 ). • Pre(c)= { c’ | c’ ⟹ c } • As usual, for S ⊆ C, we write Pre(S) for ∪ c ∈ S Pre(c). • Pre 1 =Pre and Pre i =Pre ◦ Pre i-1 and Pre * = ∪ i ≥ 0 Pre i . Friday 19 March 2010

  2. Petri nets and Extended Petri nets Friday 19 March 2010

  3. Exemple of PN p 1 t 1 p 2 Petri nets are an important and traditional model for modeling t 2 concurrent systems. p 3 p 4 t 3 Friday 19 March 2010

  4. Exemple of PN m 0 =(1,1,0,1) t 1 t 2 ... p 1 m 1 =(1,2,0,1) t 1 t 1 t 2 p 2 m 1 =(1,3,0,1) m 1 =(1,1,1,0) t 2 t 2 t 3 p 3 p 4 m 1 =(1,2,1,0) m 1 =(1,2,0,1) t 3 t 3 ... m 1 =(1,3,0,1) Friday 19 March 2010

  5. Exemple of PN m 0 =(1,1,0,1) t 1 t 2 ... p 1 m 1 =(1,2,0,1) t 1 t 1 t 2 p 2 m 1 =(1,3,0,1) m 1 =(1,1,1,0) t 2 t 2 t 3 p 3 p 4 m 1 =(1,2,1,0) m 1 =(1,2,0,1) t 3 t 3 ... m 1 =(1,3,0,1) Friday 19 March 2010

  6. Exemple of PN m 0 =(1,1,0,1) t 1 t 2 ... p 1 m 1 =(1,2,0,1) t 1 t 1 t 2 p 2 m 1 =(1,3,0,1) m 1 =(1,1,1,0) t 2 t 2 t 3 p 3 p 4 m 1 =(1,2,1,0) m 1 =(1,2,0,1) t 3 t 3 ... m 1 =(1,3,0,1) Friday 19 March 2010

  7. Exemple of PN m 0 =(1,1,0,1) t 1 t 2 ... p 1 m 1 =(1,2,0,1) t 1 t 1 t 2 p 2 m 1 =(1,3,0,1) m 1 =(1,1,1,0) t 2 t 2 t 3 p 3 p 4 m 1 =(1,2,1,0) m 1 =(1,2,0,1) t 3 t 3 ... m 1 =(1,3,0,1) Friday 19 March 2010

  8. Extended Petri Nets • A extended Petri net N=(P,T,m 0 ) where : • P={p 1 ,p 2 ,...,p n } is a finite set of places; • T={t 1 ,t 2 ,...,t m } is a finite set of transitions, each of which is of the form (I,O,s,d,b) where : ★ I : P → ℕ are multi-sets of input places, I(p) represents the number of occurences of p in I. ★ O : P → ℕ are multi-sets of output places. ★ s,d ∈ P ∪ { ⟘ } are the source and destination places of a special arc and b ∈ ℕ ∪ {+ ∞ } is the bound associated to the special arc. • We partition T into T r ∪ T e where T r contains regular transitions where s=d= ⟘ and b=0, and T e contains extended transitions where s,d ∈ P and b ≠ 0. Friday 19 March 2010

  9. Extended Petri Nets ➡ A Petri net (PN) is a EPN where T e = ∅ . ➡ A Petri net with transfer arcs (PN+T) is such that for all t=(I,O,s,d,b) ∈ Te, b=+ ∞ . ➡ A Petri net with non-blocking arcs (PN+NBA) is such that for all t=(I,O,s,d,b) ∈ T e , b=1. ➡ Extended Petri nets are useful to model synchronization mechanisms in counting abstractions such as non-blocking synchronization, broadcast, etc. Friday 19 March 2010

  10. Example of PN+NBA p 1 p 2 t 1 s d a Friday 19 March 2010

  11. Example of PN+NBA Non-blocking arcs p 1 p 2 PN + NBA t 1 At most one token gets s d moved from the source a to the destination Friday 19 March 2010

  12. Example of PN+NBA Non-blocking arcs p 1 p 2 PN + NBA t 1 At most one token gets s d moved from the source a to the destination Friday 19 March 2010

  13. Example of PN+NBA Non-blocking arcs p 1 p 2 PN + NBA t 1 At most one token gets s d moved from the source a to the destination Friday 19 March 2010

  14. Example of PN+NBA Non-blocking arcs p 1 p 2 PN + NBA t 1 At most one token gets s d moved from the source a to the destination Friday 19 March 2010

  15. Example of PN+NBA Non-blocking arcs p 1 p 2 PN + NBA t 1 At most one token gets s d moved from the source a to the destination Friday 19 March 2010

  16. Example of PN+NBA Non-blocking arcs p 1 p 2 PN + NBA t 1 At most one token gets s d moved from the source a to the destination Friday 19 March 2010

  17. Example of PN+NBA Non-blocking arcs p 1 p 2 PN + NBA t 1 At most one token gets s d moved from the source a to the destination Friday 19 March 2010

  18. Example of PN+NBA p 1 p 2 t 1 s d a Friday 19 March 2010

  19. Example of PN+NBA p 1 p 2 t 1 s d a t 1 can be fired in this marking Friday 19 March 2010

  20. Example of PN+NBA p 1 p 2 t 1 s d a t 1 can be fired in this marking Firing t 1 removes one token in p 1 , one token in s, add one token to p 2 and one token to d. Friday 19 March 2010

  21. Example of PN+NBA p 1 p 2 t 1 s d a t 1 can be fired in this marking Friday 19 March 2010

  22. Example of PN+NBA p 1 p 2 t 1 s d a t 1 can be fired in this marking Firing t 1 removes one token in p 1 , add one token to p 2 . Friday 19 March 2010

  23. Example of PN+T Friday 19 March 2010

  24. Example of PN+T p 1 p 2 Transfer arcs t 1 PN + T s d All the tokens are moved from the source a to the destination Friday 19 March 2010

  25. Example of PN+T p 1 p 2 Transfer arcs t 1 PN + T s d All the tokens are moved from the source a to the destination Friday 19 March 2010

  26. Example of PN+T p 1 p 2 Transfer arcs t 1 PN + T s d All the tokens are moved from the source a to the destination Friday 19 March 2010

  27. Example of PN+T p 1 p 2 Transfer arcs t 1 PN + T s d All the tokens are moved from the source a to the destination Friday 19 March 2010

  28. Example of PN+T p 1 p 2 t 1 s d a t 1 can be fired in this marking Friday 19 March 2010

  29. Example of PN+T p 1 p 2 t 1 s d a t 1 can be fired in this marking When firing t 1 , one token is removed from p1 and added to p 2 , and all the tokens in s are transfered to d. Friday 19 March 2010

  30. Semantics of PN • Let N=(P,T,m0) be a Petri net. • Its semantics is given by the following transition system Tr(N)=(C,c 0 , ⟹ ) where: • C={ m | m : P → ℕ } • c 0 =m 0 • for all m 1 ,m 2 ∈ C , m 1 ⟹ m 2 iff there exists t=(I,O) ∈ T: • I ≤ m 1 and • m 2 =m 1 -I+O. Friday 19 March 2010

  31. Semantics of Extended Petri nets • Let N=(P,T,m 0 ) be an extended Petri net. • Its semantics is given by the following transition system Tr(N)=(C,c 0 , ⟹ ) where: C={ m | m : P → ℕ }, c 0 =m 0 , and: • for all m,m’ ∈ C , m ⟹ m ’ iff there exists t=(I,O,s,d,b) ∈ T and I ≤ m, and m’ is computed as follows: let m 1 =m-I • Compute m 2 as follows: if s=d= ⟘ then m 2 =m 1 otherwise m 2 agrees with m 1 on all places but s and d where: • m 2 (s)=max(0,m 1 (s)-b) • m 2 (d)=min(m 1 (d)+m 1 (s),m 1 (d)+b) • Finally m’=m 2 +O Friday 19 March 2010

  32. EPN are WSTS • Let N=(P,T,m 0 ) be an extended Petri net. Its transition system Tr(N)=(C,c 0 , ⟹ ) is a WSTS (C,c 0 , ⟹ , ≼ ), where: • ≼ is the extension of ≤ ⊆ ℕ × ℕ to tuples in ℕ |P| , it is a WQO. • and ⟹ is monotonic w.r.t. ≼ . p 1 p 2 t 1 s d a Friday 19 March 2010

  33. EPN are WSTS • Let N=(P,T,m 0 ) be an extended Petri net. Its transition system Tr(N)=(C,c 0 , ⟹ ) is a WSTS (C,c 0 , ⟹ , ≼ ), where: • ≼ is the extension of ≤ ⊆ ℕ × ℕ to tuples in ℕ |P| , it is a WQO. • and ⟹ is monotonic w.r.t. ≼ . p 1 p 2 t 1 s d a m 1 =(2,0,3,0) Friday 19 March 2010

  34. EPN are WSTS • Let N=(P,T,m 0 ) be an extended Petri net. Its transition system Tr(N)=(C,c 0 , ⟹ ) is a WSTS (C,c 0 , ⟹ , ≼ ), where: • ≼ is the extension of ≤ ⊆ ℕ × ℕ to tuples in ℕ |P| , it is a WQO. • and ⟹ is monotonic w.r.t. ≼ . p 1 p 2 t 1 s d a m 1 =(2,0,3,0) m 2 =(1,1,2,1) Friday 19 March 2010

  35. EPN are WSTS • Let N=(P,T,m 0 ) be an extended Petri net. Its transition system Tr(N)=(C,c 0 , ⟹ ) is a WSTS (C,c 0 , ⟹ , ≼ ), where: • ≼ is the extension of ≤ ⊆ ℕ × ℕ to tuples in ℕ |P| , it is a WQO. • and ⟹ is monotonic w.r.t. ≼ . p 1 p 2 m 3 =(3,0,4,0) t 1 s d ≼ a m 1 =(2,0,3,0) m 2 =(1,1,2,1) Friday 19 March 2010

  36. EPN are WSTS • Let N=(P,T,m 0 ) be an extended Petri net. Its transition system Tr(N)=(C,c 0 , ⟹ ) is a WSTS (C,c 0 , ⟹ , ≼ ), where: • ≼ is the extension of ≤ ⊆ ℕ × ℕ to tuples in ℕ |P| , it is a WQO. • and ⟹ is monotonic w.r.t. ≼ . p 1 p 2 m 3 =(3,0,4,0) m 4 =(2,1,3,1) t 1 s d ≼ ≼ a m 1 =(2,0,3,0) m 2 =(1,1,2,1) Friday 19 March 2010

  37. Properties of extended Petri nets • The reachability problem asks given a net N=(P,T,m 0 ) and a marking m, if m ∈ Post * (m 0 ). • The coverability problem asks given a net N=(P,T,m 0 ) and a marking m, if there exists a marking m’ ≽ m such that m’ ∈ Post * (m 0 ). • The non-terminating computation problem asks given a net N=(P,T,m 0 ) if there exists an infinite computation in N starting from m 0 . • The place boundedness problem asks given a net N=(P,T,m 0 ) and a place p ∈ P if there exists a bound n ∈ ℕ such that for all m ∈ Reach(m 0 ), we have that m(p) ≤ n. Friday 19 March 2010

  38. Reachability is undecidable for EPN Theorem . The reachability problem for PN+NBA (and for PN+T) is undecidable. Friday 19 March 2010

  39. Reachability is undecidable for EPN Theorem . The reachability problem for PN+NBA (and for PN+T) is undecidable. Proof sketch. Given a 2CM machine M, we can construction a PN+NBA N and two markings m 0 ,m 1 such that m 1 is reachable from m 0 in N iff the machine M halts. We associate to each counter and each control state of the 2CM a place of the net. We have an additional place p check . Initially, the place associated to the initial control state contains one token, all the other places (incluing p check and the two counters) are empty. Friday 19 March 2010

  40. Reachability is undecidable for EPN Theorem . The reachability problem for PN+NBA (and for PN+T) is undecidable. Simulation of the instructions of a 2CM. Friday 19 March 2010

  41. Reachability is undecidable for EPN Theorem . The reachability problem for PN+NBA (and for PN+T) is undecidable. L 1 : c 1 :=c 1 +1; goto L 2 . c 1 L 1 L 2 Friday 19 March 2010

  42. Reachability is undecidable for EPN Theorem . The reachability problem for PN+NBA (and for PN+T) is undecidable. L 1 : if c 1 ≠ 0 then c 1 :=c 1 -1; goto L 2 else goto L 3 . p check c 1 L 3 L 1 L 2 Friday 19 March 2010

  43. Reachability is undecidable for EPN Theorem . The reachability problem for PN+NBA (and for PN+T) is undecidable. c 1 L Halt c 2 With this additional gadget, it is clear that the machine M halts iff the marking “one token in halt and all other places empty” is reachable for the initial marking. Friday 19 March 2010

  44. Reachability is undecidable for EPN Theorem . The reachability problem for PN+NBA (and for PN+T) is undecidable. c 1 L Halt Note that reachability is decidable for PN ! c 2 With this additional gadget, it is clear that the machine M halts iff the marking “one token in halt and all other places empty” is reachable for the initial marking. Friday 19 March 2010

  45. Place boundedness Theorem . The place boundedness problems for PN+NBA and PN+T are undecidable. Friday 19 March 2010

  46. Place boundedness Theorem . The place boundedness problems for PN+NBA and PN+T are undecidable. To prove that we need a non-trivial extension of the proof idea in the previous undecidability result. Friday 19 March 2010

  47. Three algorithmic techniques for WSTS Friday 19 March 2010

  48. Technique 1: set saturation Friday 19 March 2010

  49. Backward algorithm for coverability • The coverability problem asks given a net N=(P,T,m 0 ) and a marking m, if there exists a marking m’ ≽ m such that m’ ∈ Post * (m 0 ). Friday 19 March 2010

  50. Backward algorithm for coverability • The coverability problem asks given a net N=(P,T,m 0 ) and a marking m, if there exists a marking m’ ≽ m such that m’ ∈ Post * (m 0 ). {m’|m’ ≽ m} ... ? ... m 2 m 1 m 0 m Friday 19 March 2010

  51. Backward algorithm for coverability • The coverability problem asks given a net N=(P,T,m 0 ) and a marking m, if there exists a marking m’ ≽ m such that m’ ∈ Post * (m 0 ). Friday 19 March 2010

  52. Backward algorithm for coverability • The coverability problem asks given a net N=(P,T,m 0 ) and a marking m, if there exists a marking m’ ≽ m such that m’ ∈ Post * (m 0 ). {m’|m’ ≽ m} m Friday 19 March 2010

  53. Backward algorithm for coverability • The coverability problem asks given a net N=(P,T,m 0 ) and a marking m, if there exists a marking m’ ≽ m such that m’ ∈ Post * (m 0 ). {m’|m’ ≽ m} m Pre( ↑ m) Friday 19 March 2010

  54. Backward algorithm for coverability • The coverability problem asks given a net N=(P,T,m 0 ) and a marking m, if there exists a marking m’ ≽ m such that m’ ∈ Post * (m 0 ). {m’|m’ ≽ m} Pre( ↑ m) m Pre( ↑ m) Pre(Pre(( ↑ m)) Friday 19 March 2010

  55. Backward algorithm for coverability • The coverability problem asks given a net N=(P,T,m 0 ) and a marking m, if there exists a marking m’ ≽ m such that m’ ∈ Post * (m 0 ). {m’|m’ ≽ m} Pre( ↑ m) ... m Pre( ↑ m) Pre(Pre(( ↑ m)) Pre * ( ↑ m)) Friday 19 March 2010

  56. Backward algorithm for coverability • The coverability problem asks given a net N=(P,T,m 0 ) and a marking m, if there exists a marking m’ ≽ m such that m’ ∈ Post * (m 0 ). {m’|m’ ≽ m} Pre( ↑ m) ... m 0 ∈ ? m Pre( ↑ m) Pre(Pre(( ↑ m)) Pre * ( ↑ m)) Friday 19 March 2010

  57. Pre and upward-closed sets in WSTS • Lemma . Let T=(C,c 0 , ⟹ , ≤ ) be a WSTS and U be an ≤ - upward closed set of configurations in T. Pre(U) is ≤ -upward closed. Proof. Let c 1 ∈ Pre(U) and let us consider any c 2 such that c 1 ≤ c 2 . We know that there exists c 3 ∈ U and c 1 ⟹ c 3 . By monotonicity, there exists c 4 such that c 3 ≤ c 4 and c 2 ⟹ c 4 . As U is upward closed, we have that c 4 ∈ U and so c 2 ∈ Pre(U). Friday 19 March 2010

  58. Pre and upward-closed sets in WSTS • Lemma . Let T=(C,c 0 , ⟹ , ≤ ) be a WSTS and U be an ≤ - upward closed set of configurations in T. Pre(U) is ≤ -upward closed. Proof. Let c 1 ∈ Pre(U) and let us consider any c 2 such that c 1 ≤ c 2 . We know that there exists c 3 ∈ U and c 1 ⟹ c 3 . By monotonicity, there exists c 4 such that c 3 ≤ c 4 and c 2 ⟹ c 4 . As U is upward closed, we have that c 4 ∈ U and so c 2 ∈ Pre(U). c 2 ≤ c 1 c 3 Friday 19 March 2010

  59. Pre and upward-closed sets in WSTS • Lemma . Let T=(C,c 0 , ⟹ , ≤ ) be a WSTS and U be an ≤ - upward closed set of configurations in T. Pre(U) is ≤ -upward closed. Proof. Let c 1 ∈ Pre(U) and let us consider any c 2 such that c 1 ≤ c 2 . We know that there exists c 3 ∈ U and c 1 ⟹ c 3 . By monotonicity, there exists c 4 such that c 3 ≤ c 4 and c 2 ⟹ c 4 . As U is upward closed, we have that c 4 ∈ U and so c 2 ∈ Pre(U). c 2 c 4 ≤ ≤ c 1 c 3 Friday 19 March 2010

  60. Effective WSTS • PreUp(c) is the set of all configurations whose one-step successors by ⟹ are larger or equal to c i.e.: PreUp(c)={ c’ | ∃ c’’ : c’ ⟹ c’’ and c ≤ c’’ }=Pre( ↑ c) • A WSTS T=(C,c0, ⟹ , ≤ ) is effective (EWSTS) if: • given any pair of configurations c 1 and c 2 in C, one can decide if c 1 ⟹ c 2 or not. • given any pair of configurations c 1 and c 2 in C, one can decide if c 1 ≤ c 2 or not. • given any configuration c ∈ C, one can effectively compute UGen(PreUp(c)). • If the set of successors Post(c) of a configuration c is finite and effectively computable, we say that the WSTS is forward effective (FEWSTS for short). Friday 19 March 2010

  61. General backward for solving coverability in EWSTS • Let T=(C,c0, ⟹ , ≤ ) be EWSTS. Let U ⊆ C be an upward closed set and UGen(U) a finite generator for U. • Consider now the sequence: E 0 =UGen(U) E i =UGen(PreUp(E i-1 ) ∪ ↑ E i-1 )), for i ≥ 0. • First, note that all elements of this sequence are computable as T is an EWSTS. • Second, ↑ E i is the set of configurations of T that can reach a configuration in U in i steps or less. • Third, there exists a position k ≥ 0 such that for all l ≥ k, ↑ E l = ↑ E k . • This sequence is thus a effective algorithm to decide coverability in EWSTS. Friday 19 March 2010

  62. Termination Assume that this is not the case. Then, as the sequence ↑ E i is increasing for ⊆ , there must exist a sequence of elements e 1 e 2 ... e n ... such that for all i<j, ¬(e i ≤ e j ). But this is in contradiction with the fact that (S, ≤ ) is a well-quasi ordered set ! Friday 19 March 2010

  63. General backward for solving coverability in EWSTS • Let T=(C,c0, ⟹ , ≤ ) be EWSTS. Let U ⊆ C be an upward closed set and UGen(U) a finite generator for U. • Consider now the sequence: E 0 =UGen(U) E i =UGen(PreUp(E i-1 ) ∪ ↑ E i-1 )), for i ≥ 0. • First, note that all elements of this sequence are computable as T is an EWSTS. • Second, ↑ E i is the set of configurations of T that can reach a configuration in U in i steps or less. • Third, there exists a position k ≥ 0 such that for all l ≥ k, ↑ E l = ↑ E k . • This sequence is thus a effective algorithm to decide coverability in EWSTS. Friday 19 March 2010

  64. Decidability of coverability for EWSTS Theorem . The coverability problem is decidable for EWSTS. Friday 19 March 2010

  65. Backward algorithm for coverability • The coverability problem asks given a net N=(P,T,m 0 ) and a marking m, if there exists a marking m’ ≽ m such that m’ ∈ Post * (m 0 ). m Friday 19 March 2010

  66. Backward algorithm for coverability • The coverability problem asks given a net N=(P,T,m 0 ) and a marking m, if there exists a marking m’ ≽ m such that m’ ∈ Post * (m 0 ). m 1 m m 2 Pre( ↑ m) Friday 19 March 2010

  67. Backward algorithm for coverability • The coverability problem asks given a net N=(P,T,m 0 ) and a marking m, if there exists a marking m’ ≽ m such that m’ ∈ Post * (m 0 ). Pre 2 ( ↑ m) m 1 m m 4 m 2 m 3 Friday 19 March 2010

  68. Backward algorithm for coverability • The coverability problem asks given a net N=(P,T,m 0 ) and a marking m, if there exists a marking m’ ≽ m such that m’ ∈ Post * (m 0 ). Pre 2 ( ↑ m) m 1 m m 4 m 3 Friday 19 March 2010

  69. Backward algorithm for coverability • The coverability problem asks given a net N=(P,T,m 0 ) and a marking m, if there exists a marking m’ ≽ m such that m’ ∈ Post * (m 0 ). m 1 m Pre 3 ( ↑ m) m 6 m 4 m 5 m 3 Friday 19 March 2010

  70. Backward algorithm for coverability • The coverability problem asks given a net N=(P,T,m 0 ) and a marking m, if there exists a marking m’ ≽ m such that m’ ∈ Post * (m 0 ). m 1 m ... m 6 m 4 m 5 m 3 Friday 19 March 2010

Recommend


More recommend