Model Checking Parameterized Timed Systems
Pritha Mahata2005
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
In recent years, there has been much advancement in the area of verification of infinite-state systems. A system can have an infinite state-space due to unbounded data structures such as counters, clocks, stacks, queues, etc. It may also be infinitestate due to parameterization, i.e., the possibility of having an arbitrary number of components in the system. For parameterized systems, we are interested in checking correctness of all the instances in one verification step. In this thesis, we consider systems which contain both sources of infiniteness, namely: (a) real-valued clocks and (b) parameterization. More precisely, we consider two models : (a) the timed Petri net (TPN) model which is an extension of the classical Petri net model; and (b) the timed network (TN) model in which an arbitrary number of timed automata run in parallel. We consider verification of safety properties for timed Petri nets using forward analysis. Since forward analysis is necessarily incomplete, we provide a semi-algorithm augmented with an acceleration technique in order to make it terminate more often on practical examples. Then we consider a number of problems which are generalisations of the corresponding ones for timed automata and Petri nets. For instance, we consider zenoness where we check the existence of an infinite computation with a finite duration. We also consider two variants of the boundedness problem: syntactic boundedness in which both live and dead tokens are considered; semantic boundedness where only live tokens are considered. We show that the former problem is decidable, while the latter is not. Finally, we show undecidability of LTL model checking both for dense and discrete timed Petri nets. Next we consider timed networks. We show undecidability of safety properties in case each component is equipped with two or more clocks. This result contrasts previous decidability result for the case where each component has a single clock. Also, we show that the problem is decidable when clocks range over the discrete time domain. This decidability result holds when the processes have any finite number of clocks. Furthermore, we outline the border between decidability and undecidability of safety for TNs by considering several syntactic and semantic variants.
Related papers
Undecidability of LTL for Timed Petri Nets
2002
We show undecidability of (action based) linear-time temporal logic (LTL) for timed Petri nets. This is to be contrasted with decidability of both the problem of checking safety properties for timed Petri nets, and the problem of checking LTL formulae for (untimed) Petri nets. The undecidability result is shown through a reduction from a similar problem for lossy counter machines [May00].
Decidability of Properties of Timed-Arc Petri Nets
Lecture Notes in Computer Science, 2000
Timed-arc Petri nets (TAPN's) are not Turing powerful, because, in particular, they cannot simulate a counter with zero testing. Thus, we could think that this model does not increase significantly the expressiveness of untimed Petri nets. But this is not true; in a previous paper we have shown that the differences between them are big enough to make the reachability problem undecidable. On the other hand, coverability and boundedness are proved now to be decidable. This fact is a consequence of the close interrelationship between TAPN's and transfer nets, for which similar results have been recently proved. Finally, we see that if dead tokens are defined as those that cannot be used for firing any transition in the future, we can detect these kind of tokens in an effective way.
Using Forward Reachability Analysis for Verification of Timed Petri Nets
Nord. J. Comput., 2007
We consider verification of safety properties for concurrent real-timed systems modelled as timed Petri nets by performing symbolic forward reachability analysis. We introduce a formalism, called region generators, for representing sets of markings of timed Petri nets. Region generators characterize downward closed sets of regions and provide exact abstractions of sets of reachable states with respect to safety properties. We show that the standard operations needed for performing symbolic reachability analysis are computable for region generators. Since forward reachability analysis is necessarily incomplete, we introduce an acceleration technique to make the procedure terminate more often on practical examples. We have implemented a prototype for analyzing timed Petri nets and used it to verify a parameterized version of Fischer's protocol, Lynch and Shavit's mutual exclusion protocol and a producer-consumer protocol. We also used the tool to extract finite-state abstracti...
On non-decidability of reachability for timed-arc Petri nets
Proceedings 8th International Workshop on Petri Nets and Performance Models (Cat. No.PR00331)
Timed-arc Petri nets are not Turing powerful, because, in particular, they cannot simulate a counter with test on zero. Thus, we could think that this model does not extend significatively the expressiveness of untimed Petri nets. But this is not true; in this paper we show that the differences between them are big enough to make the reachability problem undecidable. We also define dead tokens as those that cannot be used for firing any transitions in the future and we present some particular cases where we can identify them on this kind of timed nets.
Dense-Timed Petri Nets: Checking Zenoness, Token liveness and Boundedness
Logical Methods in Computer Science, 2007
We consider Dense-Timed Petri Nets (TPN), an extension of Petri nets in which each token is equipped with a real-valued clock and where the semantics is lazy (i.e., enabled transitions need not fire; time can pass and disable transitions). We consider the following verification problems for TPNs. (i) Zenoness: whether there exists a zeno-computation from a given marking, i.e., an infinite computation which takes only a finite amount of time. We show decidability of zenoness for TPNs, thus solving an open problem from [dFERA00]. Furthermore, the related question if there exist arbitrarily fast computations from a given marking is also decidable. On the other hand, universal zenoness, i.e., the question if all infinite computations from a given marking are zeno, is undecidable. (ii) Token liveness: whether a token is alive in a marking, i.e., whether there is a computation from the marking which eventually consumes the token. We show decidability of the problem by reducing it to the coverability problem, which is decidable for TPNs. (iii) Boundedness: whether the size of the reachable markings is bounded. We consider two versions of the problem; namely semantic boundedness where only live tokens are taken into consideration in the markings, and syntactic boundedness where also dead tokens are considered. We show undecidability of semantic boundedness, while we prove that syntactic boundedness is decidable through an extension of the Karp-Miller algorithm.
Comparing the Expressiveness of Timed Automata and Timed Extensions of Petri Nets
Lecture Notes in Computer Science
Time dependant models have been intensively studied for many reasons, among others because of their applications in software verification and due to the development of embedded platforms where reliability and safety depend to a large extent on the time features. Many of the time dependant models were suggested as real-time extensions of several well-known untimed models. The most studied formalisms include Networks of Timed Automata which extend the model of communicating finite-state machines with a finite number of real-valued clocks, and timed extensions of Petri nets where the added time constructs include e.g. time intervals that are assigned to the transitions (Time Petri Nets) or to the arcs (Timed-Arc Petri Nets). In this paper, we shall semiformally introduce these models, discuss their strengths and weaknesses, and provide an overview of the known results about the relationships among the models.
Parameterized Model-Checking for Timed-Systems with Conjunctive Guards (Extended Version)
ArXiv, 2014
In this work we extend the Emerson and Kahlon's cutoff theorems for process skeletons with conjunctive guards to Parameterized Networks of Timed Automata, i.e. systems obtained by an \emph{apriori} unknown number of Timed Automata instantiated from a finite set $U_1, \dots, U_n$ of Timed Automata templates. In this way we aim at giving a tool to universally verify software systems where an unknown number of software components (i.e. processes) interact with continuous time temporal constraints. It is often the case, indeed, that distributed algorithms show an heterogeneous nature, combining dynamic aspects with real-time aspects. In the paper we will also show how to model check a protocol that uses special variables storing identifiers of the participating processes (i.e. PIDs) in Timed Automata with conjunctive guards. This is non-trivial, since solutions to the parameterized verification problem often relies on the processes to be symmetric, i.e. indistinguishable. On the other side, many popular distributed algorithms make use of PIDs and thus cannot directly apply those solutions.
Parameterized Model-Checking for Timed Systems with Conjunctive Guards
In this work we extend the Emerson and Kahlon's cutoff theorems for process skeletons with conjunctive guards to Parameterized Networks of Timed Automata, i.e. systems obtained by an apriori unknown number of Timed Automata instantiated from a finite set U1, . . . , Un of Timed Automata templates. In this way we aim at giving a tool to universally verify software systems where an unknown number of software components (i.e. processes) interact with continuous time temporal constraints. It is often the case, indeed, that distributed algorithms show an heterogeneous nature, combining dynamic aspects with real-time aspects. In the paper we will also show how to model check a protocol that uses special variables storing identifiers of the participating processes (i.e. PIDs) in Timed Automata with conjunctive guards. This is non-trivial, since solutions to the parameterized verification problem often relies on the processes to be symmetric, i.e. indistinguishable. On the other side, many popular distributed algorithms make use of PIDs and thus cannot directly apply those solutions.
Bounded Parametric Verification for Distributed Time Petri Nets with Discrete-Time Semantics
Fundamenta Informaticae, 2010
Bounded Model Checking (BMC) is an efficient technique applicable to verification of temporal properties of (timed) distributed systems. In this paper we show for the first time how to apply BMC to parametric verification of time Petri nets with discrete-time semantics. The properties are expressed by formulas of the logic PRTECTL -a parametric extension of the existential fragment of Computation Tree Logic (CTL).
Comparison of the Expressiveness of Timed Automata and Time Petri Nets
Lecture Notes in Computer Science, 2005
In this paper we consider the model of Time Petri Nets (TPN) where time is associated with transitions. We also consider Timed Automata (TA) as defined by Alur & Dill, and compare the expressiveness of the two models w.r.t. timed language acceptance and (weak) timed bisimilarity. We first prove that there exists a TA A s.t. there is no TPN (even unbounded) that is (weakly) timed bisimilar to A. We then propose a structural translation from TA to (1-safe) TPNs preserving timed language acceptance. Further on, we prove that the previous (slightly extended) translation also preserves weak timed bisimilarity for a syntactical subclass T Asyn(≤, ≥) of TA. For the theory of TPNs, the consequences are: 1) TA, bounded TPNs and 1-safe TPNs are equally expressive w.r.t. timed language acceptance; 2) TA are strictly more expressive than bounded TPNs w.r.t. timed bisimilarity; 3) The subclass T Asyn(≤, ≥), bounded and 1-safe TPNs "à la Merlin" are equally expressive w.r.t. timed bisimilarity.
Model Checking of Time Petri Nets
Petri Net, Theory and Applications, 2008
This paper considers time Petri nets (TPN model) for model checking. The main challenge in model checking techniques is to construct, with lesser resources (time and space), a much coarser abstraction preserving properties of interest. These properties can be verified using standard model checking techniques. In this paper, we review some techniques, proposed in the literature, to model check untimed and timed properties of the TPN.
Bounded Model Checking Approaches for Verification of Distributed Time Petri Nets⋆
Proc. of the Int. Workshop on Petri Nets and Software Engineering (PNSE’11)
Abstract. We consider two symbolic approaches to bounded model checking (BMC) of distributed time Petri nets (DTPNs). We focus on the properties expressed in Linear Temporal Logic without the neXt-time operator (LTL− X) and the existential fragment of Computation Tree Logic without the neXt-time operator (ECTL− X). We give a translation of BMC to SAT and describe a BDD-based BMC for both LTL− X and ECTL− X. The two translations have been implemented, tested, and compared with each other on two ...
An Automated Framework for Formal Verification of Timed Continuous Petri Nets
IEEE Transactions on Industrial Informatics, 2000
Undecidability of coverability and boundedness for timed-arc Petri nets with invariants
Proc. of MEMICS, 2009
Timed-Arc Petri Nets (TAPN) is a well studied extension of the classical Petri net model where tokens are decorated with real numbers that represent their age. Unlike reachability, which is known to be undecidable for TAPN, boundedness and coverability remain decidable. The model is supported by a recent tool called TAPAAL which, among others, further extends TAPN with invariants on places in order to model urgency. The decidability of boundedness and coverability for this extended model has not yet been considered. We present a reduction from two-counter Minsky machines to TAPN with invariants to show that both the boundedness and coverability problems are undecidable.
Towards optimal CTL* model checking of time petri nets
IFAC Proceedings Volumes, 2004
This paper considers the Time Petri :-.let model (TPN model) and proposes a contraction of its generally infinite state space. This contraction preserves all CT L' properties of the model and produces finite graphs for bounded TPN models. When compared with other approaches «Yoneda et al., 1998) ; (Berthornieu et at., 2003». these graphs are smaller and much faster to compute. This paper shows also how to apply a fast computing bisimulation reduction rule to the obtained graphs so as to achieve or approach the optimal size with minor efforts.
Specification and Model Checking of Temporal Properties in Time Petri Nets and Timed Automata
Lecture Notes in Computer Science, 2004
Q -a set of all the concrete states of A P V -a set of propositional variables
Comparison of Expressiveness for Timed Automata and Time Petri Nets
Combinatorial Optimization and Theoretical Computer Science, 2008
In this paper we consider the model of Time Petri Nets (TPN) "à la Merlin" where a time interval is associated with the firing of a transition, but we extend it with open intervals. We also consider Timed Automata (TA) as defined by Alur & Dill. We investigate some questions related to expressiveness for these models : we study the impact of slight variations of semantics for TPN and we compare the expressive power of TA and TPN, with respect to both time language acceptance and weak time bisimilarity. We prove that TA and bounded TPNs (enlarged with strict constraints) are equivalent w.r.t. timed language equivalence, providing an efficient construction of a TPN equivalent to a TA. We then exhibit a TA A such that no TPN (even unbounded) is weakly bisimilar to A. Because of this last result, it is natural to try and identify the (strict) subclass of TA that is equivalent to TPN w.r.t. weak timed bisimilarity. Thus we give some further results: 1) we characterize the subclass TA − of TA that is equivalent to the original model of TPN as defined by Merlin, i.e. restricted to closed intervals, 2) we show that the associated membership problem for TA − is P SP ACE-complete and 3) we prove that the reachability problem for TA − is also P SP ACE-complete.
TCTL Model Checking of Time Petri Nets
Journal of Logic and Computation, 2009
We consider Time Petri Nets (TPN) for which a firing time interval is associated with each transition. State space abstractions for TPN preserving various classes of properties (LTL, CTL, CTL * ) can be computed, in terms of so called state classes. Some methods were proposed to check quantitative timed properties but are not suitable for effective verification of properties of real-life systems.
A Forward Reachability Algorithm for Bounded Timed-Arc Petri Nets
Electronic Proceedings in Theoretical Computer Science, 2012
Timed-arc Petri nets (TAPN) are a well-known time extension of the Petri net model and several translations to networks of timed automata have been proposed for this model. We present a direct, DBM-based algorithm for forward reachability analysis of bounded TAPNs extended with transport arcs, inhibitor arcs and age invariants. We also give a complete proof of its correctness, including reduction techniques based on symmetries and extrapolation. Finally, we augment the algorithm with a novel state-space reduction technique introducing a monotonic ordering on markings and prove its soundness even in the presence of monotonicity-breaking features like age invariants and inhibitor arcs. We implement the algorithm within the model-checker TAPAAL and the experimental results document an encouraging performance compared to verification approaches that translate TAPN models to UPPAAL timed automata.
Related topics
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.