Model Checking of Time Petri Nets

Marwa K. U. Al-Rikaby

Babylon UniversityIT College

Outlines: Introduction. Time Petri nets. Temporal Logics for time Petri nets. TPN state space abstraction. Model checking timed properties of TPN.

Introduction

Why time Petri nets? TPN model is a good compromise

between modeling power and verification complexity of concurrent systems with timed constraints (real time systems).

Introduction

Why time Petri nets? TPN are able to model time constraints

even if the exact delays or durations of events aren't known.

TPN specify time constraints of real time systems by giving worst case boundaries.

Introduction How TPN differ from ordinary PN? A firing interval is associated with each transition

specifying the minimum and maximum times it must be maintained enabled, before its firing.

Firing takes no time, but may lead to another marking.

In real world, events (firings) takes a time to complete, but in Petri nets it is omitted for simplicity.

Introduction Model checking techniques of systems: Applied by:

Representing the behavior of a system as a finite state transition system (state space).

Specifying properties of interest in a temporal logic (LTL, CTL, CTL*, MTL, TCTL).

Exploring the state space to determine whether they hold or not.

With TPN, an extra effort is required to abstract their generally infinite state space.

Outlines: Introduction.

Time Petri nets. Temporal Logics for time Petri nets. TPN state space abstraction. Model checking timed properties of TPN.

Time Petri nets Definition:A TPN is PN with time intervals attached to its transitions, it is a 6 tuple ϰ =(P, T, Pre, Post, m0,Is) where:

P and T are finite sets of places and transitions, P∩T=Ø. Pre and Post are the backward and forward incidence

functions: P×T N. m0 is the initial marking: P N. Is is a static firing interval associated with each transition t,

T Q+ × (Q+ U {∞}). ↓Int is the lower bound. ↑Int is the upper bound.

Time Petri nets Example:

P={ p0,p1,p2,p3}

T={t0,t1}

pre={(1,1),(1,1)}

post={(1,1),(1,1)}

m0={1, 0, 1, 3}

Is={[1,2],[1, ∞]}

ϰ =(P, T, Pre, Post, m0,Is)

Time Petri nets In ordinary PN, a transition t is said to be

enabled if there are enough tokens in its input places.

In TPN, that’s not enough, the time in which the transition has the needed number of tokens must not be less than the lower bound nor exceeds the upper bound of the transition interval.

Time Petri nets

Keep these notations in your mind: En(m) : is the set of all enabled transitions

in a marking m. s and s’: are two different states of TPN in

the state space. θ R+ is a number of time units.

Time Petri nets The semantics of TPNDefines the TPN state as a marking and a

function. Definition based on clocks:

associates with each transition t of the model a clock to measure the time elapsed since t became enabled most recently.

Definition based on intervals:associates a firing interval with each enabled transition.

Time Petri nets Clocks based TPN:

TPN clock state is a pair s=(m,v), where m is a marking and v is a valuation function, v: En(m) R+ .

The initial clock state is: s0=(m0,v0) m0 is the initial marking. v0(t)=0 for all transitions in En(m).

TPN state evolves either by time progression or by firing transitions.

Time Petri nets Clocks based TPN:

When t becomes enabled, its clock initialized to 0 and increases synchronously with time until t is fired or disabled by another transition firing.

t can fire if its clock value is inside its static firing interval Is(t).

If the clock reached ↑Is(t) then t must fire immediately without any delay.

Time Petri nets

Time Petri nets

Time Petri nets Intervals based TPN

The TPN interval state is a couple s=(m,I), where m is a marking and I:En(m) Q+ × (Q+ U {∞}) is an interval function.

The initial interval state is s0=(m0,I0) m0 is the initial marking. I0(t)=is(t) for all t in En(m0).

TPN state evolves either by time progression or by firing transitions.

Time Petri nets Interval based TPN

When a transition t becomes enabled, its firing interval is set to its static firing interval Is(t).

The lower and upper bounds of this interval decrease synchronously with time, until t is fired or disabled by another firing.

t can fire, if the lower bound of its firing interval reaches 0, but must be fired, without any additional delay, if the upper bound of its firing interval reaches 0.

Time Petri nets

Timed Petri nets

Timed Petri nets π(s) is the set of all execution paths starting from

state s. π(s0) is the set of all execution paths in the TPN

since it starts from s0. The TPN state space defines the

branching semantics of the TPN model, where as defines its linear semantics.

Outlines: Introduction. Time Petri nets.

Temporal Logics for time Petri nets.

TPN state space abstraction. Model checking timed properties of TPN.

Temporal logics of TPN Properties of timed systems are usually specified using temporal logics, we introduce:

CTL* (computation tree logic star).TCTL (timed computation tree logic).

Markings are represented as atomic propositions.

Temporal logics of TPN

Temporal logics of TPN TCTL

A time extension of CTL, in which a time interval is associated with each temporal operator.

Defined as:

When interval I is omitted, its value is [0,∞] by default.

Outlines: Introduction. Time Petri nets. Temporal Logics for time Petri nets.

TPN state space abstraction.

Model checking timed properties of TPN.

TPN state space abstractions Aim to construct a finite contraction of the model

state space by removing irrelevant details. Must preserve interested properties (markings,

linear and branching properties), which would be verified using classical model checking techniques later.

The challenge is to construct a much coarser abstraction with less resources (time and space).

TPN state space abstractions

Abstraction process going into:1. Abstract state space.2. Abstract states.3. Abstractions preserving linear

properties.4. Abstractions preserving branching

properties.

TPN state space abstractions

2. Abstract states: Each transition enabled in m is

represented in f by a time variable with the same name, Var(f)=En(m).

All time variables are either clocks (clock abstract state) or delays (interval abstract state).

TPN state space abstractions3. Abstractions preserving linear properties: Have exactly the same firing sequences as their

concrete state space. Three levels of abstractions:

States reachable by time progression may either represented or abstracted.

States reachable by the same firing sequence independently of their firing times are agglomerated in the same node.

The agglomerated states are then considered modulo some relation of equivalence or approximation.

TPN state space abstractions3. Abstractions preserving linear properties:

t

TPN state space abstractions4. Abstractions preserving branching

properties: Can be done on two steps:

Intermediate abstraction: does not necessarily preserve branching

properties. Refinement process: restore the condition AE (the resulting

graph is atomic).

TPN state space abstractions4. Abstractions preserving branching properties:

Step1: Intermediate abstraction:1. group abstract states whenever one of them includes all the others or their union is convex.

2. replace the grouped states set by a new abstract state representing their union.

3. all transitions between these abstract states become loops for their union.

4. ingoing and outgoing transitions of the grouped abstract states become ingoing and outgoing of their union.

5. if one of the grouped abstract states contains the initial abstract state then their union become the initial abstract state.

TPN state space abstractions4. Abstractions preserving branching properties:

Step2: Refinement Process:1. partition a into a set of convex subclasses so as isolate the predecessors of a’ by t in a from those are not.

2. replace a by its partition.

3. each subclass inherets all connections of a according to condition EE.

4. repeat refinement process until condition AE is established.

This step process generates a finite graph iff the intermediate abstraction is finite.

Outlines: Introduction. Time Petri nets. Temporal Logics for time Petri nets. TPN state space abstraction.

Model checking timed properties of TPN.