Upcoming SlideShare
×

# Reachability Analysis via Net Structure

1,091 views

Published on

AWPN 2010

Published in: Education
0 Likes
Statistics
Notes
• Full Name
Comment goes here.

Are you sure you want to Yes No
• Be the first to comment

• Be the first to like this

Views
Total views
1,091
On SlideShare
0
From Embeds
0
Number of Embeds
485
Actions
Shares
0
3
0
Likes
0
Embeds 0
No embeds

No notes for slide

### Reachability Analysis via Net Structure

1. 1. Reachability Analysis via Net Structure HARRO WIMMEL, KARSTEN WOLF Universität Rostock, Institut für Informatik 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 1 / 13
2. 2. Overview Basic Deﬁnitions Reachability Problem State Equation & Constraints Solving the Reachability Problem using CEGAR The Search Space Example Looking for Constraints Finding Partial Solutions The Algorithm Experimental Results 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 2 / 13
3. 3. Basic Deﬁnitions Reachability Problem Petri nets should be well-known. • (N, m, m ) is a reachability problem; answer “yes” if m[σ N m for some ﬁring sequence σ ∈ T∗ • N = (S, T, F) Petri net, m, m ∈ NS markings • m = m + Cx is the state equation • C incidence matrix, x ∈ NT transition vector (solution) • from m[σ m follows m = m + C℘(σ), i.e. the Parikh image ℘(σ) solves the state equation • necessary condition for reachability • ℘(σ) = x is T-invariant if Cx = 0, i.e. m[σ m 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 3 / 13
4. 4. Basic Deﬁnitions Reachability Problem Petri nets should be well-known. • (N, m, m ) is a reachability problem; answer “yes” if m[σ N m for some ﬁring sequence σ ∈ T∗ • N = (S, T, F) Petri net, m, m ∈ NS markings • m = m + Cx is the state equation • C incidence matrix, x ∈ NT transition vector (solution) • from m[σ m follows m = m + C℘(σ), i.e. the Parikh image ℘(σ) solves the state equation • necessary condition for reachability • ℘(σ) = x is T-invariant if Cx = 0, i.e. m[σ m 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 3 / 13
5. 5. Basic Deﬁnitions Reachability Problem Petri nets should be well-known. • (N, m, m ) is a reachability problem; answer “yes” if m[σ N m for some ﬁring sequence σ ∈ T∗ • N = (S, T, F) Petri net, m, m ∈ NS markings • m = m + Cx is the state equation • C incidence matrix, x ∈ NT transition vector (solution) • from m[σ m follows m = m + C℘(σ), i.e. the Parikh image ℘(σ) solves the state equation • necessary condition for reachability • ℘(σ) = x is T-invariant if Cx = 0, i.e. m[σ m 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 3 / 13
6. 6. Basic Deﬁnitions State Equation & Constraints • The solution space of the state equation m = m + Cx is semilinear • ∃ ﬁnite B, P ⊆ NT : m = m + Cx ⇐⇒ x = b + i ni pi for some b ∈ B, pi ∈ P, ni ∈ N • IP solver, e.g. lp_solve, yields “minimal” solution • Discrimination of solutions by adding constraints (CEGAR) • “jump”: t < n with t ∈ T, n ∈ N • ”increment”: k i=1 ni ti ≥ n with ti ∈ T, ni , n ∈ N • jumps for other minimal solutions, increments for addition of T-invariants 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 4 / 13
7. 7. Basic Deﬁnitions State Equation & Constraints • The solution space of the state equation m = m + Cx is semilinear • ∃ ﬁnite B, P ⊆ NT : m = m + Cx ⇐⇒ x = b + i ni pi for some b ∈ B, pi ∈ P, ni ∈ N • IP solver, e.g. lp_solve, yields “minimal” solution • Discrimination of solutions by adding constraints (CEGAR) • “jump”: t < n with t ∈ T, n ∈ N • ”increment”: k i=1 ni ti ≥ n with ti ∈ T, ni , n ∈ N • jumps for other minimal solutions, increments for addition of T-invariants 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 4 / 13
8. 8. Basic Deﬁnitions State Equation & Constraints • The solution space of the state equation m = m + Cx is semilinear • ∃ ﬁnite B, P ⊆ NT : m = m + Cx ⇐⇒ x = b + i ni pi for some b ∈ B, pi ∈ P, ni ∈ N • IP solver, e.g. lp_solve, yields “minimal” solution • Discrimination of solutions by adding constraints (CEGAR) • “jump”: t < n with t ∈ T, n ∈ N • ”increment”: k i=1 ni ti ≥ n with ti ∈ T, ni , n ∈ N • jumps for other minimal solutions, increments for addition of T-invariants 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 4 / 13
9. 9. The Search Space b 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 5 / 13
10. 10. An Example s a1 b1 x1 y1 c1 b2 z y2 c2 b3 x2a2 f Final marking: s + 3f State Equation’s Solutions: 3a1 +3a2 +3 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
11. 11. An Example s a1 b1 x1 y1 c1 b2 z y2 c2 b3 x2a2 f 3× 3× 3× Final marking: s + 3f State Equation’s Solutions: 3a1 +3a2 +3 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
12. 12. An Example s a1 b1 x1 y1 c1 b2 z y2 c2 b3 x2a2 f 3× 3× 3× Final marking: s + 3f State Equation’s Solutions: 3a1 +3a2 +3 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
13. 13. An Example s a1 b1 x1 y1 c1 b2 z y2 c2 b3 x2a2 f Final marking: s + 3f State Equation’s Solutions: 3a1 +3a2 +3 Constraints: b2 ≥ 1 (oder a1 < 3) 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
14. 14. An Example s a1 b1 x1 y1 c1 b2 z y2 c2 b3 x2a2 f 2× 2× 3× 1× 1× 1× Final marking: s + 3f State Equation’s Solutions: 3a1 +3a2 +3 2a1 +2a2 +b1 +b2 +b3 +3 Constraints: b2 ≥ 1 (oder a1 < 3) 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
15. 15. An Example s a1 b1 x1 y1 c1 b2 z y2 c2 b3 x2a2 f Final marking: s + 3f State Equation’s Solutions: 3a1 +3a2 +3 2a1 +2a2 +b1 +b2 +b3 +3 Constraints: b2 ≥ 1 (oder a1 < 3), c1 ≥ 1 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
16. 16. An Example s a1 b1 x1 y1 c1 b2 z y2 c2 b3 x2a2 f 2× 2× 3× 1× 1× 1× 1× 1× Final marking: s + 3f State Equation’s Solutions: 3a1 +3a2 +3 2a1 +2a2 +b1 +b2 +b3 +3 2a1+2a2+b1+b2+b3+c1+c2+3 Constraints: b2 ≥ 1 (oder a1 < 3), c1 ≥ 1 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
17. 17. An Example s a1 b1 x1 y1 c1 b2 z y2 c2 b3 x2a2 f Final marking: s + 3f State Equation’s Solutions: 3a1 +3a2 +3 2a1 +2a2 +b1 +b2 +b3 +3 2a1+2a2+b1+b2+b3+c1+c2+3 Constraints: b2 ≥ 1 (oder a1 < 3), c1 ≥ 1, b2 ≥ 2 (oder a1 < 2) 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
18. 18. An Example s a1 b1 x1 y1 c1 b2 z y2 c2 b3 x2a2 f 1× 1× 3× 2× 2× 2× 1× 1× Final marking: s + 3f State Equation’s Solutions: 3a1 +3a2 +3 2a1 +2a2 +b1 +b2 +b3 +3 2a1+2a2+b1+b2+b3+c1+c2+3 a1+a2+2b1+2b2+2b3+c1+c2+3 Constraints: b2 ≥ 1 (oder a1 < 3), c1 ≥ 1, b2 ≥ 2 (oder a1 < 2) 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
19. 19. An Example s a1 b1 x1 y1 c1 b2 z y2 c2 b3 x2a2 f Final marking: s + 3f State Equation’s Solutions: 3a1 +3a2 +3 2a1 +2a2 +b1 +b2 +b3 +3 2a1+2a2+b1+b2+b3+c1+c2+3 a1+a2+2b1+2b2+2b3+c1+c2+3 Constraints: b2 ≥ 1 (oder a1 < 3), c1 ≥ 1, b2 ≥ 2 (oder a1 < 2), b2 ≥ 3 (oder a1 < 1) 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
20. 20. An Example s a1 b1 x1 y1 c1 b2 z y2 c2 b3 x2a2 f3× 3× 3× 3× 1× 1× Final marking: s + 3f State Equation’s Solutions: 3a1 +3a2 +3 2a1 +2a2 +b1 +b2 +b3 +3 2a1+2a2+b1+b2+b3+c1+c2+3 a1+a2+2b1+2b2+2b3+c1+c2+3 3b1 +3b2 +3b3 +c1 +c2 +3 Constraints: b2 ≥ 1 (oder a1 < 3), c1 ≥ 1, b2 ≥ 2 (oder a1 < 2), b2 ≥ 3 (oder a1 < 1) 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
21. 21. Looking for Constraints Building a graph Take a ﬁring sequence σ and a solution x of the state equation m = m +Cx with • ℘(σ) ≤ x, • ∀t ∈ T: x(t) > ℘(σ)(t) =⇒ ¬m[σt We call σ a partial solution. Now build a graph G of: • transitions t with x(t) > ℘(σ)(t) • places s inhibiting the ﬁring of such a t (after σ) • an edge from s to t if s inhibits t • an edge from t to s if t increases token count on s 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 7 / 13
22. 22. Looking for Constraints Finding Components Get all strongly connected components (SCC) of G which have no incoming edges (source SCCs). Places in such SCCs cannot be marked from “inside” the graph, so tokens must come from the outside. =⇒ Constraint use transitions that can put tokens onto a source SCC (left side of the constraint). How many tokens to produce? (right side of the constraint) • a complex problem (esp. if x(t) − ℘(σ)(t) > 1 and nets have multiarcs) • approximation necessary • repeated increase of the constraints by 1 token is possible 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 8 / 13
23. 23. Finding Partial Solutions • Tree of all potential ﬁring sequences for x from m = m + Cx • tree is ﬁnite, brute-force search possible • depth-ﬁrst-search • enumerate partial solutions and build constraints • Optimisations • stubborn-set method (partial order reduction) • additional conﬂuence tests for x(t) − ℘(σ)(t) > n • backtracking at repeated markings on a path • ineffective constraints (σ is partial solution for x + y with σ = σ or ℘(σ ) = ℘(σ) + y with y a T-invariant) 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 9 / 13
24. 24. Finding Partial Solutions • Tree of all potential ﬁring sequences for x from m = m + Cx • tree is ﬁnite, brute-force search possible • depth-ﬁrst-search • enumerate partial solutions and build constraints • Optimisations • stubborn-set method (partial order reduction) • additional conﬂuence tests for x(t) − ℘(σ)(t) > n • backtracking at repeated markings on a path • ineffective constraints (σ is partial solution for x + y with σ = σ or ℘(σ ) = ℘(σ) + y with y a T-invariant) 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 9 / 13
25. 25. The Algorithm / Conclusion • Get solution of the state equation using an IP solver • Get partial solutions (maximal ﬁring sequences), stop if full solution • Find constraints for partial solutions • (Multiple) calls to algorithm with state equation + constraints Conclusion: • Positive answer is found (use “jumps” for a complete search), except in case of insufﬁcient memory; witness path is found • Negative answer can be found if state equation is infeasible or if backtracking for ineffective constraints makes search space ﬁnite; diagnosis possible • Extensions possible, e.g. state inequations 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 10 / 13
26. 26. Experimental Results Implementation in a tool named “Sara”. • Garavel’s challenge (LOTOS speciﬁcation): 485 places, 776 transitions, test for dead transitions • (Cygwin/Linux) 26/41 sec. (LoLA: 71/29 sec. + separation by hand) • path length (medium/max) 15/28 (LoLA: 53/6232) • SAP reference nets (business processes): 590 nets, test for relaxed soundness • (Cygwin/Linux) 198/110 sec. (LoLA: 24 min. + 17 unsolved) • Boolean programs: a few nets, coverability test • <1 second (LoLA: 1 problem with memory overﬂow (>32GB)) • Spezialized nets with increasing edge weights (self-constructed) • Sara loses time exponentially compared to LoLA (always <3 sec.) 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 11 / 13
27. 27. M. Berkelaar, K. Eikland, P. Notebaert: Lp solve Reference Guide, http://lpsolve.sourceforge.net/5.5/, 2010. H. Garavel: Efﬁcient Petri Net tool for computing quasi-liveness, http://www.informatik.uni-hamburg.de/cgi-bin/TGI/pnml/getpost ?id=2003/07/2709, 2003. L.M. Kristensen, K. Schmidt, A. Valmari: Question-guided Stubborn Set Methods for State Properties, Formal Methods in System Design 29:3, pp.215–251, Springer, 2006. E. Mayr: An algorithm for the general Petri net reachability problem, SIAM Journal of Computing 13:3, pp.441–460, 1984. H. Wimmel: Sara – Structures for Automated Reachability Analysis, http://www.informatik.uni-rostock.de/∼nl/wiki/tools/download, 2010. K. Wolf: LoLA – A low level analyzer, http://www.informatik.uni- rostock.de/∼nl/wiki/tools/lola, 2010. 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 12 / 13
28. 28. Thanks for Your Attention! 8. Oktober 2010 c 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 13 / 13