Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

# Reachability Analysis via Net Structure

## on Nov 03, 2010

• 866 views

AWPN 2010

AWPN 2010

### Views

Total Views
866
Views on SlideShare
493
Embed Views
373

Likes
0
1
0

### 7 Embeds373

 http://www.informatik.uni-rostock.de 362 http://wwwteo.informatik.uni-rostock.de 4 http://www.slideshare.net 2 http://esla.informatik.uni-rostock.de 2 http://webcache.googleusercontent.com 1 https://www.informatik.uni-rostock.de 1 http://ikaria.informatik.uni-rostock.de 1
More...

### Report content

• Comment goes here.
Are you sure you want to

## Reachability Analysis via Net StructurePresentation Transcript

• Reachability Analysis via Net Structure H ARRO W IMMEL , K ARSTEN W OLF Universität Rostock, Institut für Informatik 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 1 / 13
• Overview Basic Deﬁnitions Reachability Problem State Equation & Constraints Solving the Reachability Problem using CEGAR The Search Space Example Looking for Constraints Finding Partial Solutions The Algorithm Experimental Results 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 2 / 13
• Basic Deﬁnitions Reachability Problem Petri nets should be well-known. • (N, m, m ) is a reachability problem; answer “yes” if m[σ Nm for some ﬁring sequence σ ∈ T ∗ • N = (S, T , F ) Petri net, m, m ∈ NS markings • m = m + Cx is the state equation • C incidence matrix, x ∈ NT transition vector (solution) • from m[σ m follows m = m + C ℘(σ), i.e. the Parikh image ℘(σ) solves the state equation • necessary condition for reachability • ℘(σ) = x is T -invariant if Cx = 0, i.e. m[σ m 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 3 / 13
• Basic Deﬁnitions Reachability Problem Petri nets should be well-known. • (N, m, m ) is a reachability problem; answer “yes” if m[σ Nm for some ﬁring sequence σ ∈ T ∗ • N = (S, T , F ) Petri net, m, m ∈ NS markings • m = m + Cx is the state equation • C incidence matrix, x ∈ NT transition vector (solution) • from m[σ m follows m = m + C ℘(σ), i.e. the Parikh image ℘(σ) solves the state equation • necessary condition for reachability • ℘(σ) = x is T -invariant if Cx = 0, i.e. m[σ m 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 3 / 13
• Basic Deﬁnitions Reachability Problem Petri nets should be well-known. • (N, m, m ) is a reachability problem; answer “yes” if m[σ Nm for some ﬁring sequence σ ∈ T ∗ • N = (S, T , F ) Petri net, m, m ∈ NS markings • m = m + Cx is the state equation • C incidence matrix, x ∈ NT transition vector (solution) • from m[σ m follows m = m + C ℘(σ), i.e. the Parikh image ℘(σ) solves the state equation • necessary condition for reachability • ℘(σ) = x is T -invariant if Cx = 0, i.e. m[σ m 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 3 / 13
• Basic Deﬁnitions State Equation & Constraints • The solution space of the state equation m = m + Cx is semilinear • ∃ ﬁnite B, P ⊆ NT : m = m + Cx ⇐⇒ x = b + i ni pi for some b ∈ B, pi ∈ P, ni ∈ N • IP solver, e.g. lp_solve, yields “minimal” solution • Discrimination of solutions by adding constraints (CEGAR) • “jump”: t < n with t ∈ T , n ∈ N k • ”increment”: i =1 ni ti ≥ n with ti ∈ T , ni , n ∈ N • jumps for other minimal solutions, increments for addition of T-invariants 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 4 / 13
• Basic Deﬁnitions State Equation & Constraints • The solution space of the state equation m = m + Cx is semilinear • ∃ ﬁnite B, P ⊆ NT : m = m + Cx ⇐⇒ x = b + i ni pi for some b ∈ B, pi ∈ P, ni ∈ N • IP solver, e.g. lp_solve, yields “minimal” solution • Discrimination of solutions by adding constraints (CEGAR) • “jump”: t < n with t ∈ T , n ∈ N k • ”increment”: i =1 ni ti ≥ n with ti ∈ T , ni , n ∈ N • jumps for other minimal solutions, increments for addition of T-invariants 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 4 / 13
• Basic Deﬁnitions State Equation & Constraints • The solution space of the state equation m = m + Cx is semilinear • ∃ ﬁnite B, P ⊆ NT : m = m + Cx ⇐⇒ x = b + i ni pi for some b ∈ B, pi ∈ P, ni ∈ N • IP solver, e.g. lp_solve, yields “minimal” solution • Discrimination of solutions by adding constraints (CEGAR) • “jump”: t < n with t ∈ T , n ∈ N k • ”increment”: i =1 ni ti ≥ n with ti ∈ T , ni , n ∈ N • jumps for other minimal solutions, increments for addition of T-invariants 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 4 / 13
• The Search Space b 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 5 / 13
• An Example Final marking: s + 3f State Equation’s Solutions: z 3a1 +3a2 +3 c1 c2 b1 y2 b 3 y1 b2 s f a1 x1 a2 x2 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
• An Example Final marking: s + 3f State Equation’s Solutions: z 3a1 +3a2 +3 c1 c2 b1 y2 b 3 y1 b2 s 3× f 3× 3× a1 x1 a2 x2 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
• An Example Final marking: s + 3f State Equation’s Solutions: z 3a1 +3a2 +3 c1 c2 b1 y2 b 3 y1 b2 s 3× f 3× 3× a1 x1 a2 x2 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
• An Example Final marking: s + 3f State Equation’s Solutions: z 3a1 +3a2 +3 c1 c2 b1 y2 b 3 y1 b2 s f Constraints: a1 x1 a2 x2 b2 ≥ 1 (oder a1 < 3) 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
• An Example Final marking: s + 3f State Equation’s Solutions: z 3a1 +3a2 +3 2a1 +2a2 +b1 +b2 +b3 +3 c1 c2 b1 y2 b 3 1× 1× 1× y1 b2 s 3× f 2× 2× Constraints: a1 x1 a2 x2 b2 ≥ 1 (oder a1 < 3) 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
• An Example Final marking: s + 3f State Equation’s Solutions: z 3a1 +3a2 +3 2a1 +2a2 +b1 +b2 +b3 +3 c1 c2 b1 y2 b 3 y1 b2 s f Constraints: a1 x1 a2 x2 b2 ≥ 1 (oder a1 < 3), c1 ≥ 1 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
• An Example Final marking: s + 3f State Equation’s Solutions: z 3a1 +3a2 +3 2a1 +2a2 +b1 +b2 +b3 +3 c1 1× 1× c2 2a1+2a2+b1+b2+b3+c1+c2+3 b1 y2 b 3 1× 1× 1× y1 b2 s 3× f 2× 2× Constraints: a1 x1 a2 x2 b2 ≥ 1 (oder a1 < 3), c1 ≥ 1 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
• An Example Final marking: s + 3f State Equation’s Solutions: z 3a1 +3a2 +3 2a1 +2a2 +b1 +b2 +b3 +3 c1 c2 2a1+2a2+b1+b2+b3+c1+c2+3 b1 y2 b 3 y1 b2 s f Constraints: a1 x1 a2 x2 b2 ≥ 1 (oder a1 < 3), c1 ≥ 1, b2 ≥ 2 (oder a1 < 2) 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
• An Example Final marking: s + 3f State Equation’s Solutions: z 3a1 +3a2 +3 2a1 +2a2 +b1 +b2 +b3 +3 c1 1× 1× c2 2a1+2a2+b1+b2+b3+c1+c2+3 b1 y2 b 3 a1+a2+2b1+2b2+2b3+c1+c2+3 2× 2× 2× y1 b2 s 3× f 1× 1× Constraints: a1 x1 a2 x2 b2 ≥ 1 (oder a1 < 3), c1 ≥ 1, b2 ≥ 2 (oder a1 < 2) 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
• An Example Final marking: s + 3f State Equation’s Solutions: z 3a1 +3a2 +3 2a1 +2a2 +b1 +b2 +b3 +3 c1 c2 2a1+2a2+b1+b2+b3+c1+c2+3 b1 y2 b 3 a1+a2+2b1+2b2+2b3+c1+c2+3 y1 b2 s f Constraints: a1 x1 a2 x2 b2 ≥ 1 (oder a1 < 3), c1 ≥ 1, b2 ≥ 2 (oder a1 < 2), b2 ≥ 3 (oder a1 < 1) 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
• An Example Final marking: s + 3f State Equation’s Solutions: z 3a1 +3a2 +3 2a1 +2a2 +b1 +b2 +b3 +3 c1 1× 1× c2 2a1+2a2+b1+b2+b3+c1+c2+3 b1 y2 b 3 a1+a2+2b1+2b2+2b3+c1+c2+3 3× 3× 3× 3b1 +3b2 +3b3 +c1 +c2 +3 y1 b2 s 3× f Constraints: a1 x1 a2 x2 b2 ≥ 1 (oder a1 < 3), c1 ≥ 1, b2 ≥ 2 (oder a1 < 2), b2 ≥ 3 (oder a1 < 1) 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
• Looking for Constraints Building a graph Take a ﬁring sequence σ and a solution x of the state equation m = m + Cx with • ℘(σ) ≤ x, • ∀t ∈ T : x(t) > ℘(σ)(t) =⇒ ¬m[σt We call σ a partial solution. Now build a graph G of: • transitions t with x(t) > ℘(σ)(t) • places s inhibiting the ﬁring of such a t (after σ) • an edge from s to t if s inhibits t • an edge from t to s if t increases token count on s 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 7 / 13
• Looking for Constraints Finding Components Get all strongly connected components (SCC) of G which have no incoming edges (source SCCs). Places in such SCCs cannot be marked from “inside” the graph, so tokens must come from the outside. =⇒ Constraint use transitions that can put tokens onto a source SCC (left side of the constraint). How many tokens to produce? (right side of the constraint) • a complex problem (esp. if x(t) − ℘(σ)(t) > 1 and nets have multiarcs) • approximation necessary • repeated increase of the constraints by 1 token is possible 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 8 / 13
• Finding Partial Solutions • Tree of all potential ﬁring sequences for x from m = m + Cx • tree is ﬁnite, brute-force search possible • depth-ﬁrst-search • enumerate partial solutions and build constraints • Optimisations • stubborn-set method (partial order reduction) • additional conﬂuence tests for x(t) − ℘(σ)(t) > n • backtracking at repeated markings on a path • ineffective constraints (σ is partial solution for x + y with σ = σ or ℘(σ ) = ℘(σ) + y with y a T -invariant) 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 9 / 13
• Finding Partial Solutions • Tree of all potential ﬁring sequences for x from m = m + Cx • tree is ﬁnite, brute-force search possible • depth-ﬁrst-search • enumerate partial solutions and build constraints • Optimisations • stubborn-set method (partial order reduction) • additional conﬂuence tests for x(t) − ℘(σ)(t) > n • backtracking at repeated markings on a path • ineffective constraints (σ is partial solution for x + y with σ = σ or ℘(σ ) = ℘(σ) + y with y a T -invariant) 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 9 / 13
• The Algorithm / Conclusion • Get solution of the state equation using an IP solver • Get partial solutions (maximal ﬁring sequences), stop if full solution • Find constraints for partial solutions • (Multiple) calls to algorithm with state equation + constraints Conclusion: • Positive answer is found (use “jumps” for a complete search), except in case of insufﬁcient memory; witness path is found • Negative answer can be found if state equation is infeasible or if backtracking for ineffective constraints makes search space ﬁnite; diagnosis possible • Extensions possible, e.g. state inequations 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 10 / 13
• Experimental Results Implementation in a tool named “Sara”. • Garavel’s challenge (LOTOS speciﬁcation): 485 places, 776 transitions, test for dead transitions • (Cygwin/Linux) 26/41 sec. (LoLA: 71/29 sec. + separation by hand) • path length (medium/max) 15/28 (LoLA: 53/6232) • SAP reference nets (business processes): 590 nets, test for relaxed soundness • (Cygwin/Linux) 198/110 sec. (LoLA: 24 min. + 17 unsolved) • Boolean programs: a few nets, coverability test • <1 second (LoLA: 1 problem with memory overﬂow (>32GB)) • Spezialized nets with increasing edge weights (self-constructed) • Sara loses time exponentially compared to LoLA (always <3 sec.) 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 11 / 13
• M. Berkelaar, K. Eikland, P. Notebaert: Lp solve Reference Guide, http://lpsolve.sourceforge.net/5.5/, 2010. H. Garavel: Efﬁcient Petri Net tool for computing quasi-liveness, http://www.informatik.uni-hamburg.de/cgi-bin/TGI/pnml/getpost ?id=2003/07/2709, 2003. L.M. Kristensen, K. Schmidt, A. Valmari: Question-guided Stubborn Set Methods for State Properties, Formal Methods in System Design 29:3, pp.215–251, Springer, 2006. E. Mayr: An algorithm for the general Petri net reachability problem, SIAM Journal of Computing 13:3, pp.441–460, 1984. H. Wimmel: Sara – Structures for Automated Reachability Analysis, http://www.informatik.uni-rostock.de/∼nl/wiki/tools/download, 2010. K. Wolf: LoLA – A low level analyzer, http://www.informatik.uni- rostock.de/∼nl/wiki/tools/lola, 2010. 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 12 / 13
• Thanks for Your Attention! 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 13 / 13