Title: V.Khomenko1, A.Kondratyev2, M.Koutny1 and W.Vogler3
1Merged processes a new condensed
representation of Petri net behaviour
- V.Khomenko1, A.Kondratyev2, M.Koutny1 and
W.Vogler3 - 1University of Newcastle upon Tyne
- 2Cadence Berkeley Labs
- 3University of Augsburg
2Petri net unfoldings
- An acyclic net obtained through unfolding the PN
by successive firings of transitions - for each new firing a fresh transition (called an
event) is generated - for each newly produced token a fresh place
(called a condition) is generated - The full unfolding can be infinite
- If the PN has finitely many reachable states then
the unfolding eventually starts to repeat itself
and can be truncated (by identifying a set of
cut-off events) without loss of essential
information, yielding a finite prefix
3Example Dining Philosophers
4Example Dining Philosophers
T1
P1
P7
P8
P9
T6
5Example Dining Philosophers
T2
P2
T1
P1
T3
P3
P7
P8
P9
T6
6Example Dining Philosophers
T2
P2
T1
P1
T3
P3
P7
T7
P8
P10
P9
T8
T6
P11
7Example Dining Philosophers
T2
P2
P4
T1
P1
T3
P3
P7
T7
P8
P10
P9
T8
T6
P11
8Example Dining Philosophers
T2
P2
P4
T1
T4
P1
T3
P5
P3
P7
T7
P8
P10
P9
T8
T6
P11
9Example Dining Philosophers
T2
P2
P4
T1
T4
P1
T3
P5
P3
P7
T7
P12
P8
P10
P9
T8
T6
P11
10Example Dining Philosophers
T2
P2
P4
T1
T4
P1
T3
P5
P3
P7
T7
P12
P8
P10
T9
P9
T8
P13
T6
P11
11Example Dining Philosophers
T2
P2
P4
T1
T4
T5
P6
P1
T3
P5
P3
P7
T7
P12
P8
P10
T9
P9
T8
P13
T6
P11
12Example Dining Philosophers
T2
P2
P4
T1
T4
T5
P6
P1
T3
P5
P3
P7
T7
P12
P8
P10
T9
P14
T10
P9
T8
P13
T6
P11
13Example Dining Philosophers
T2
P2
P4
T1
T4
T5
P6
P1
T3
P5
P3
P7
T7
P12
P8
P10
T9
P14
T10
P9
T8
P13
T6
P11
14Example Dining Philosophers
T2
P2
P4
T1
T4
T5
P6
P1
T3
P5
P3
P7
T7
P12
P8
P10
T9
P14
T10
P9
T8
P13
T6
P11
15Example Dining Philosophers
T2
P2
P4
P7
T1
T4
T5
P6
P1
P1
T3
P5
P8
P3
P7
T7
P12
P8
P10
P7
T9
P14
T10
P9
P9
T8
P13
T6
P8
P11
16Characteristics of unfoldings
- Alleviate the state space explosion problem for
highly concurrent systems - e.g. for Dining Philosophers the prefix size is
linear in the number of philosophers even though
the number of states is exponential - Efficient model checking algorithms
- e.g. deadlock checking is PSPACE-complete for
safe PNs but only NP-complete for prefixes - Do not cope well with other than concurrency
sources of state space explosion, e.g. with
sequence of choices - Do not cope well with non-safe PNs
17Example sequence of choices
No event is cut-off, the prefix is exponential
18Example non-safe PN
m
m
Tokens in the same place are distinguished in the
unfolding, the prefix is exponential
19Wanted A data structure coping not only with
concurrency but also with other sources of state
space explosion
20Example a Petri net
1
3
2
4
21Example unfolding
3
1
4
3
2
4
Idea Fuse some of the nodes with the same label
22Occurrence-depth
1
1
1
3
2
1
2
1
- Merged Process
- Fuse conditions with the same label and
occurrence-depth - Delete duplicate events
23Examples
m
m
Merged processes of these nets coincide with the
original nets, even though unfoldings are
exponential!
24Experimental results
- Corbetts benchmarks were used
- Merged processes are often by orders of magnitude
smaller than unfolding prefixes - In many cases they are just slightly larger than
the original PNs - In some cases they are smaller than the original
PNs due to removal of dead places
25Upper bounds on the size
- Trivial bound Merged processes are no larger
than unfolding prefixes and hence no larger than
the reachability graph - too pessimistic in practice
- Merged processes of acyclic PN coincide with the
original PNs with the dead nodes removed - unfoldings can be exponential
- Merged processes of live and safe free-choice PNs
with minor restrictions are polynomial in the
size of the original PNs - unfoldings can be exponential
26Model checking
- Merged processes are small, but are they of any
use? - Can model checking algorithms developed for
unfoldings be lifted to merged prefixes?
27Problem cycles
A Petri net
28Problem cycles
1
1
2
Unfolding
Criss-cross fusion results in a cycle!
2
1
1
29Problem cycles
Merged process with a cycle
Still worse, the marking equation (ME) used for
unfolding-based verification can have spurious
solutions
30Problem cycles
Fire
Borrow a token
The borrowed token is returned
Fire
The current marking is unreachable
31Solution
- Add to the marking equation another constraint,
ACYCLIC, requiring the run to be acyclic - ME ACYCLIC
32Another problem spurious runs
2
Can visit this condition without first visiting
the other one! not possible in the unfolding
1
33Solution
- Add another constraint, NG (no-gap), conveying
that if a condition with occurrence-depth kgt1 is
visited then the condition with the same label
and occurrence-depth k-1 is also visited - ME ACYCLIC NG
- This is enough to lift unfolding-based model
checking algorithms to merged processes! - Deadlock checking is NP-complete in the size of
merged process no worse than for unfoldings
34Experimental results
- Corbetts benchmarks were used
- Model checking is practical running times are
comparable with those of an unfolding-based
algorithm - Still deteriorates on a couple of benchmarks
but its early days of this approach and we keep
improving it
35Open problems / future work
- Direct characterization of merged processes
- currently much is done via unfoldings
- Improve the efficiency of model checking
- A direct algorithm for building merged processes
- currently built by fusing nodes in the unfolding
prefix - significant progress has been made in this
direction