Reachability Analysis via NetStructureHARRO WIMMEL, KARSTEN WOLF
Universität Rostock, Institut für Informatik
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 1 / 13
Overview
Basic DefinitionsReachability ProblemState Equation & Constraints
Solving the Reachability Problem using CEGARThe Search SpaceExampleLooking for ConstraintsFinding Partial SolutionsThe Algorithm
Experimental Results
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 2 / 13
Basic DefinitionsReachability Problem
Petri nets should be well-known.
• (N,m,m′) is a reachability problem; answer “yes” if m[σ〉Nm′ for somefiring sequence σ ∈ T ∗
• N = (S ,T ,F ) Petri net, m,m′ ∈ NS markings
• m′ = m + Cx is the state equation
• C incidence matrix, x ∈ NT transition vector (solution)
• from m[σ〉m′ follows m′ = m + C℘(σ), i.e. the Parikh image ℘(σ) solvesthe state equation
• necessary condition for reachability
• ℘(σ) = x is T -invariant if Cx = 0, i.e. m[σ〉m
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 3 / 13
Basic DefinitionsReachability Problem
Petri nets should be well-known.
• (N,m,m′) is a reachability problem; answer “yes” if m[σ〉Nm′ for somefiring sequence σ ∈ T ∗
• N = (S ,T ,F ) Petri net, m,m′ ∈ NS markings
• m′ = m + Cx is the state equation
• C incidence matrix, x ∈ NT transition vector (solution)
• from m[σ〉m′ follows m′ = m + C℘(σ), i.e. the Parikh image ℘(σ) solvesthe state equation
• necessary condition for reachability
• ℘(σ) = x is T -invariant if Cx = 0, i.e. m[σ〉m
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 3 / 13
Basic DefinitionsReachability Problem
Petri nets should be well-known.
• (N,m,m′) is a reachability problem; answer “yes” if m[σ〉Nm′ for somefiring sequence σ ∈ T ∗
• N = (S ,T ,F ) Petri net, m,m′ ∈ NS markings
• m′ = m + Cx is the state equation
• C incidence matrix, x ∈ NT transition vector (solution)
• from m[σ〉m′ follows m′ = m + C℘(σ), i.e. the Parikh image ℘(σ) solvesthe state equation
• necessary condition for reachability
• ℘(σ) = x is T -invariant if Cx = 0, i.e. m[σ〉m
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 3 / 13
Basic DefinitionsState Equation & Constraints
• The solution space of the state equation m′ = m + Cx is semilinear
• ∃ finite B,P ⊆ NT : m′ = m + Cx ⇐⇒ x = b +∑
i nipi for someb ∈ B , pi ∈ P , ni ∈ N
• IP solver, e.g. lp_solve, yields “minimal” solution
• Discrimination of solutions by adding constraints (CEGAR)
• “jump”: t < n with t ∈ T , n ∈ N
• ”increment”:∑k
i=1 ni ti ≥ n with ti ∈ T , ni , n ∈ N
• jumps for other minimal solutions, increments for addition of T-invariants
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 4 / 13
Basic DefinitionsState Equation & Constraints
• The solution space of the state equation m′ = m + Cx is semilinear
• ∃ finite B,P ⊆ NT : m′ = m + Cx ⇐⇒ x = b +∑
i nipi for someb ∈ B , pi ∈ P , ni ∈ N
• IP solver, e.g. lp_solve, yields “minimal” solution
• Discrimination of solutions by adding constraints (CEGAR)
• “jump”: t < n with t ∈ T , n ∈ N
• ”increment”:∑k
i=1 ni ti ≥ n with ti ∈ T , ni , n ∈ N
• jumps for other minimal solutions, increments for addition of T-invariants
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 4 / 13
Basic DefinitionsState Equation & Constraints
• The solution space of the state equation m′ = m + Cx is semilinear
• ∃ finite B,P ⊆ NT : m′ = m + Cx ⇐⇒ x = b +∑
i nipi for someb ∈ B , pi ∈ P , ni ∈ N
• IP solver, e.g. lp_solve, yields “minimal” solution
• Discrimination of solutions by adding constraints (CEGAR)
• “jump”: t < n with t ∈ T , n ∈ N
• ”increment”:∑k
i=1 ni ti ≥ n with ti ∈ T , ni , n ∈ N
• jumps for other minimal solutions, increments for addition of T-invariants
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 4 / 13
The Search Space
b
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 5 / 13
An Example
s
a1
b1
x1
y1
c1
b2
z
y2
c2
b3
`
x2a2
f
Final marking: s + 3fState Equation’s Solutions:3a1+3a2+3`
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
An Example
s
a1
b1
x1
y1
c1
b2
z
y2
c2
b3
`
x2a2
f
3× 3×
3×
Final marking: s + 3fState Equation’s Solutions:3a1+3a2+3`
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
An Example
s
a1
b1
x1
y1
c1
b2
z
y2
c2
b3
`
x2a2
f
3× 3×
3×
Final marking: s + 3fState Equation’s Solutions:3a1+3a2+3`
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
An Example
s
a1
b1
x1
y1
c1
b2
z
y2
c2
b3
`
x2a2
f
Final marking: s + 3fState Equation’s Solutions:3a1+3a2+3`
Constraints:b2 ≥ 1 (oder a1 < 3)
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
An Example
s
a1
b1
x1
y1
c1
b2
z
y2
c2
b3
`
x2a2
f
2× 2×
3×
1× 1× 1×
Final marking: s + 3fState Equation’s Solutions:3a1+3a2+3`2a1+2a2+b1+b2+b3+3`
Constraints:b2 ≥ 1 (oder a1 < 3)
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
An Example
s
a1
b1
x1
y1
c1
b2
z
y2
c2
b3
`
x2a2
f
Final marking: s + 3fState Equation’s Solutions:3a1+3a2+3`2a1+2a2+b1+b2+b3+3`
Constraints:b2 ≥ 1 (oder a1 < 3), c1 ≥ 1
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
An Example
s
a1
b1
x1
y1
c1
b2
z
y2
c2
b3
`
x2a2
f
2× 2×
3×
1× 1× 1×
1× 1×
Final marking: s + 3fState Equation’s Solutions:3a1+3a2+3`2a1+2a2+b1+b2+b3+3`2a1+2a2+b1+b2+b3+c1+c2+3`
Constraints:b2 ≥ 1 (oder a1 < 3), c1 ≥ 1
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
An Example
s
a1
b1
x1
y1
c1
b2
z
y2
c2
b3
`
x2a2
f
Final marking: s + 3fState Equation’s Solutions:3a1+3a2+3`2a1+2a2+b1+b2+b3+3`2a1+2a2+b1+b2+b3+c1+c2+3`
Constraints:b2 ≥ 1 (oder a1 < 3), c1 ≥ 1,b2 ≥ 2 (oder a1 < 2)
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
An Example
s
a1
b1
x1
y1
c1
b2
z
y2
c2
b3
`
x2a2
f
1× 1×
3×
2× 2× 2×
1× 1×
Final marking: s + 3fState Equation’s Solutions:3a1+3a2+3`2a1+2a2+b1+b2+b3+3`2a1+2a2+b1+b2+b3+c1+c2+3`a1+a2+2b1+2b2+2b3+c1+c2+3`
Constraints:b2 ≥ 1 (oder a1 < 3), c1 ≥ 1,b2 ≥ 2 (oder a1 < 2)
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
An Example
s
a1
b1
x1
y1
c1
b2
z
y2
c2
b3
`
x2a2
f
Final marking: s + 3fState Equation’s Solutions:3a1+3a2+3`2a1+2a2+b1+b2+b3+3`2a1+2a2+b1+b2+b3+c1+c2+3`a1+a2+2b1+2b2+2b3+c1+c2+3`
Constraints:b2 ≥ 1 (oder a1 < 3), c1 ≥ 1,b2 ≥ 2 (oder a1 < 2),b2 ≥ 3 (oder a1 < 1)
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
An Example
s
a1
b1
x1
y1
c1
b2
z
y2
c2
b3
`
x2a2
f3×
3× 3× 3×
1× 1×
Final marking: s + 3fState Equation’s Solutions:3a1+3a2+3`2a1+2a2+b1+b2+b3+3`2a1+2a2+b1+b2+b3+c1+c2+3`a1+a2+2b1+2b2+2b3+c1+c2+3`3b1+3b2+3b3+c1+c2+3`
Constraints:b2 ≥ 1 (oder a1 < 3), c1 ≥ 1,b2 ≥ 2 (oder a1 < 2),b2 ≥ 3 (oder a1 < 1)
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 6 / 13
Looking for ConstraintsBuilding a graph
Take a firing sequence σ and a solution x of the state equation m′ = m+Cx with
• ℘(σ) ≤ x ,
• ∀t ∈ T : x(t) > ℘(σ)(t) =⇒ ¬m[σt〉
We call σ a partial solution. Now build a graph G of:
• transitions t with x(t) > ℘(σ)(t)
• places s inhibiting the firing of such a t (after σ)
• an edge from s to t if s inhibits t
• an edge from t to s if t increases token count on s
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 7 / 13
Looking for ConstraintsFinding Components
Get all strongly connected components (SCC) of G which have no incoming edges(source SCCs).
Places in such SCCs cannot be marked from “inside” the graph, so tokens mustcome from the outside.
=⇒ Constraint use transitions that can put tokens onto a source SCC (left side ofthe constraint).
How many tokens to produce? (right side of the constraint)
• a complex problem (esp. if x(t)− ℘(σ)(t) > 1 and nets have multiarcs)
• approximation necessary
• repeated increase of the constraints by 1 token is possible
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 8 / 13
Finding Partial Solutions
• Tree of all potential firing sequences for x from m′ = m + Cx
• tree is finite, brute-force search possible
• depth-first-search
• enumerate partial solutions and build constraints
• Optimisations
• stubborn-set method (partial order reduction)
• additional confluence tests for x(t)− ℘(σ)(t) > n
• backtracking at repeated markings on a path
• ineffective constraints (σ′ is partial solution for x + y with σ′ = σ or℘(σ′) = ℘(σ) + y with y a T -invariant)
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 9 / 13
Finding Partial Solutions
• Tree of all potential firing sequences for x from m′ = m + Cx
• tree is finite, brute-force search possible
• depth-first-search
• enumerate partial solutions and build constraints
• Optimisations
• stubborn-set method (partial order reduction)
• additional confluence tests for x(t)− ℘(σ)(t) > n
• backtracking at repeated markings on a path
• ineffective constraints (σ′ is partial solution for x + y with σ′ = σ or℘(σ′) = ℘(σ) + y with y a T -invariant)
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 9 / 13
The Algorithm / Conclusion
• Get solution of the state equation using an IP solver
• Get partial solutions (maximal firing sequences), stop if full solution
• Find constraints for partial solutions
• (Multiple) calls to algorithm with state equation + constraints
Conclusion:
• Positive answer is found (use “jumps” for a complete search), except in caseof insufficient memory; witness path is found
• Negative answer can be found if state equation is infeasible or if backtrackingfor ineffective constraints makes search space finite; diagnosis possible
• Extensions possible, e.g. state inequations
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 10 / 13
Experimental Results
Implementation in a tool named “Sara”.
• Garavel’s challenge (LOTOS specification): 485 places, 776 transitions, testfor dead transitions• (Cygwin/Linux) 26/41 sec. (LoLA: 71/29 sec. + separation by hand)• path length (medium/max) 15/28 (LoLA: 53/6232)
• SAP reference nets (business processes): 590 nets, test for relaxedsoundness• (Cygwin/Linux) 198/110 sec. (LoLA: 24 min. + 17 unsolved)
• Boolean programs: a few nets, coverability test• <1 second (LoLA: 1 problem with memory overflow (>32GB))
• Spezialized nets with increasing edge weights (self-constructed)• Sara loses time exponentially compared to LoLA (always <3 sec.)
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 11 / 13
M. Berkelaar, K. Eikland, P. Notebaert: Lp solve Reference Guide,http://lpsolve.sourceforge.net/5.5/, 2010.
H. Garavel: Efficient Petri Net tool for computing quasi-liveness,http://www.informatik.uni-hamburg.de/cgi-bin/TGI/pnml/getpost?id=2003/07/2709, 2003.
L.M. Kristensen, K. Schmidt, A. Valmari: Question-guided Stubborn Set Methods forState Properties, Formal Methods in System Design 29:3, pp.215–251, Springer,2006.
E. Mayr: An algorithm for the general Petri net reachability problem, SIAM Journal ofComputing 13:3, pp.441–460, 1984.
H. Wimmel: Sara – Structures for Automated Reachability Analysis,http://www.informatik.uni-rostock.de/∼nl/wiki/tools/download,2010.
K. Wolf: LoLA – A low level analyzer, http://www.informatik.uni-rostock.de/∼nl/wiki/tools/lola, 2010.
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 12 / 13
Thanks for Your Attention!
8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 13 / 13
Top Related