Reachability Analysis via Net Structure

Reachability Analysis via NetStructureHARRO WIMMEL, KARSTEN WOLF

Universität Rostock, Institut für Informatik

8. Oktober 2010 c© 2010 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK & ELEKTROTECHNIK, INSTITUT FÜR INFORMATIK 1 / 13

Overview

Basic DefinitionsReachability ProblemState Equation & Constraints

Solving the Reachability Problem using CEGARThe Search SpaceExampleLooking for ConstraintsFinding Partial SolutionsThe Algorithm

Experimental Results


Basic DefinitionsReachability Problem

Petri nets should be well-known.

• (N,m,m′) is a reachability problem; answer “yes” if m[σ〉Nm′ for somefiring sequence σ ∈ T ∗

• N = (S ,T ,F ) Petri net, m,m′ ∈ NS markings

• m′ = m + Cx is the state equation

• C incidence matrix, x ∈ NT transition vector (solution)

• from m[σ〉m′ follows m′ = m + C℘(σ), i.e. the Parikh image ℘(σ) solvesthe state equation

• necessary condition for reachability

• ℘(σ) = x is T -invariant if Cx = 0, i.e. m[σ〉m






















Basic DefinitionsState Equation & Constraints

• The solution space of the state equation m′ = m + Cx is semilinear

• ∃ finite B,P ⊆ NT : m′ = m + Cx ⇐⇒ x = b +∑

i nipi for someb ∈ B , pi ∈ P , ni ∈ N

• IP solver, e.g. lp_solve, yields “minimal” solution

• Discrimination of solutions by adding constraints (CEGAR)

• “jump”: t < n with t ∈ T , n ∈ N

• ”increment”:∑k

i=1 ni ti ≥ n with ti ∈ T , ni , n ∈ N

• jumps for other minimal solutions, increments for addition of T-invariants
























The Search Space

b


An Example

s

a1

b1

x1

y1

c1

b2

z

y2

c2

b3

`

x2a2

f

Final marking: s + 3fState Equation’s Solutions:3a1+3a2+3`


An Example

s

a1

b1

x1

y1

c1

b2

z

y2

c2

b3

`

x2a2

f

3× 3×

3×



An Example

s

a1

b1

x1

y1

c1

b2

z

y2

c2

b3

`

x2a2

f

3× 3×

3×



An Example

s

a1

b1

x1

y1

c1

b2

z

y2

c2

b3

`

x2a2

f


Constraints:b2 ≥ 1 (oder a1 < 3)


An Example

s

a1

b1

x1

y1

c1

b2

z

y2

c2

b3

`

x2a2

f

2× 2×

3×

1× 1× 1×

Final marking: s + 3fState Equation’s Solutions:3a1+3a2+3`2a1+2a2+b1+b2+b3+3`

Constraints:b2 ≥ 1 (oder a1 < 3)


An Example

s

a1

b1

x1

y1

c1

b2

z

y2

c2

b3

`

x2a2

f

Final marking: s + 3fState Equation’s Solutions:3a1+3a2+3`2a1+2a2+b1+b2+b3+3`

Constraints:b2 ≥ 1 (oder a1 < 3), c1 ≥ 1


An Example

s

a1

b1

x1

y1

c1

b2

z

y2

c2

b3

`

x2a2

f

2× 2×

3×

1× 1× 1×

1× 1×

Final marking: s + 3fState Equation’s Solutions:3a1+3a2+3`2a1+2a2+b1+b2+b3+3`2a1+2a2+b1+b2+b3+c1+c2+3`

Constraints:b2 ≥ 1 (oder a1 < 3), c1 ≥ 1


An Example

s

a1

b1

x1

y1

c1

b2

z

y2

c2

b3

`

x2a2

f

Final marking: s + 3fState Equation’s Solutions:3a1+3a2+3`2a1+2a2+b1+b2+b3+3`2a1+2a2+b1+b2+b3+c1+c2+3`

Constraints:b2 ≥ 1 (oder a1 < 3), c1 ≥ 1,b2 ≥ 2 (oder a1 < 2)


An Example

s

a1

b1

x1

y1

c1

b2

z

y2

c2

b3

`

x2a2

f

1× 1×

3×

2× 2× 2×

1× 1×

Final marking: s + 3fState Equation’s Solutions:3a1+3a2+3`2a1+2a2+b1+b2+b3+3`2a1+2a2+b1+b2+b3+c1+c2+3à1+a2+2b1+2b2+2b3+c1+c2+3`

Constraints:b2 ≥ 1 (oder a1 < 3), c1 ≥ 1,b2 ≥ 2 (oder a1 < 2)


An Example

s

a1

b1

x1

y1

c1

b2

z

y2

c2

b3

`

x2a2

f

Final marking: s + 3fState Equation’s Solutions:3a1+3a2+3`2a1+2a2+b1+b2+b3+3`2a1+2a2+b1+b2+b3+c1+c2+3à1+a2+2b1+2b2+2b3+c1+c2+3`

Constraints:b2 ≥ 1 (oder a1 < 3), c1 ≥ 1,b2 ≥ 2 (oder a1 < 2),b2 ≥ 3 (oder a1 < 1)


An Example

s

a1

b1

x1

y1

c1

b2

z

y2

c2

b3

`

x2a2

f3×

3× 3× 3×

1× 1×

Final marking: s + 3fState Equation’s Solutions:3a1+3a2+3`2a1+2a2+b1+b2+b3+3`2a1+2a2+b1+b2+b3+c1+c2+3à1+a2+2b1+2b2+2b3+c1+c2+3`3b1+3b2+3b3+c1+c2+3`

Constraints:b2 ≥ 1 (oder a1 < 3), c1 ≥ 1,b2 ≥ 2 (oder a1 < 2),b2 ≥ 3 (oder a1 < 1)


Looking for ConstraintsBuilding a graph

Take a firing sequence σ and a solution x of the state equation m′ = m+Cx with

• ℘(σ) ≤ x ,

• ∀t ∈ T : x(t) > ℘(σ)(t) =⇒ ¬m[σt〉

We call σ a partial solution. Now build a graph G of:

• transitions t with x(t) > ℘(σ)(t)

• places s inhibiting the firing of such a t (after σ)

• an edge from s to t if s inhibits t

• an edge from t to s if t increases token count on s


Looking for ConstraintsFinding Components

Get all strongly connected components (SCC) of G which have no incoming edges(source SCCs).

Places in such SCCs cannot be marked from “inside” the graph, so tokens mustcome from the outside.

=⇒ Constraint use transitions that can put tokens onto a source SCC (left side ofthe constraint).

How many tokens to produce? (right side of the constraint)

• a complex problem (esp. if x(t)− ℘(σ)(t) > 1 and nets have multiarcs)

• approximation necessary

• repeated increase of the constraints by 1 token is possible


Finding Partial Solutions

• Tree of all potential firing sequences for x from m′ = m + Cx

• tree is finite, brute-force search possible

• depth-first-search

• enumerate partial solutions and build constraints

• Optimisations

• stubborn-set method (partial order reduction)

• additional confluence tests for x(t)− ℘(σ)(t) > n

• backtracking at repeated markings on a path

• ineffective constraints (σ′ is partial solution for x + y with σ′ = σ or℘(σ′) = ℘(σ) + y with y a T -invariant)


Finding Partial Solutions

• Tree of all potential firing sequences for x from m′ = m + Cx

• tree is finite, brute-force search possible

• depth-first-search

• enumerate partial solutions and build constraints

• Optimisations

• stubborn-set method (partial order reduction)

• additional confluence tests for x(t)− ℘(σ)(t) > n

• backtracking at repeated markings on a path

• ineffective constraints (σ′ is partial solution for x + y with σ′ = σ or℘(σ′) = ℘(σ) + y with y a T -invariant)


The Algorithm / Conclusion

• Get solution of the state equation using an IP solver

• Get partial solutions (maximal firing sequences), stop if full solution

• Find constraints for partial solutions

• (Multiple) calls to algorithm with state equation + constraints

Conclusion:

• Positive answer is found (use “jumps” for a complete search), except in caseof insufficient memory; witness path is found

• Negative answer can be found if state equation is infeasible or if backtrackingfor ineffective constraints makes search space finite; diagnosis possible

• Extensions possible, e.g. state inequations


Experimental Results

Implementation in a tool named “Sara”.

• Garavel’s challenge (LOTOS specification): 485 places, 776 transitions, testfor dead transitions• (Cygwin/Linux) 26/41 sec. (LoLA: 71/29 sec. + separation by hand)• path length (medium/max) 15/28 (LoLA: 53/6232)

• SAP reference nets (business processes): 590 nets, test for relaxedsoundness• (Cygwin/Linux) 198/110 sec. (LoLA: 24 min. + 17 unsolved)

• Boolean programs: a few nets, coverability test• <1 second (LoLA: 1 problem with memory overflow (>32GB))

• Spezialized nets with increasing edge weights (self-constructed)• Sara loses time exponentially compared to LoLA (always <3 sec.)


M. Berkelaar, K. Eikland, P. Notebaert: Lp solve Reference Guide,http://lpsolve.sourceforge.net/5.5/, 2010.

H. Garavel: Efficient Petri Net tool for computing quasi-liveness,http://www.informatik.uni-hamburg.de/cgi-bin/TGI/pnml/getpost?id=2003/07/2709, 2003.

L.M. Kristensen, K. Schmidt, A. Valmari: Question-guided Stubborn Set Methods forState Properties, Formal Methods in System Design 29:3, pp.215–251, Springer,2006.

E. Mayr: An algorithm for the general Petri net reachability problem, SIAM Journal ofComputing 13:3, pp.441–460, 1984.

H. Wimmel: Sara – Structures for Automated Reachability Analysis,http://www.informatik.uni-rostock.de/∼nl/wiki/tools/download,2010.

K. Wolf: LoLA – A low level analyzer, http://www.informatik.uni-rostock.de/∼nl/wiki/tools/lola, 2010.


Thanks for Your Attention!


Education

Reachability Analysis via Net Structure