StrataGEM: A Generic Petri Net Verification Framework
34
StrataGEM: A Generic Petri Net Verification Framework Edmundo López Bóbeda, Maximilien Colange, Didier Buchs Wednesday, June 25th 2014 - Tunis, Tunisia Petri nets 2014
-
Upload
edmundo-lopez-bobeda -
Category
Software
-
view
381 -
download
0
description
Presentation given at the International Conference on Application and Theory of Petri Nets and Concurrency 2014, in Tunis, Tunisia. You can find the paper manuscript at http://edmundo.lopezbobeda.net/publications .
Transcript of StrataGEM: A Generic Petri Net Verification Framework
StrataGEM: A Generic Petri Net
Verification FrameworkEdmundo López Bóbeda, Maximilien Colange, Didier Buchs
Wednesday, June 25th 2014 - Tunis, Tunisia
Petri nets 2014
Stratagem
Model checker
Photo: FastJack/Flickr" http://www.flickr.com/photos/fastjack/282707058/
Prototyping lab
Goal
Your formalism Your Model checker
Creating your model checker: A Checklist
• Semantics
• Description of the computation
• Optimizations
HowTerms
Strategies Rewrite rules
Semantics A running example
R
Y
G
t3t1
t2
R(suc(0), Y(0, G(0, empty)))
"
"
"
"
Representing a stateR
Y
G
t3t1
t2
Term = State
R(suc(0), Y(0, G(0, empty)))
iArc = R(suc(x), p) ↝ R(x, p)
oArc = G(x, p) ↝ G(suc(x), p)
"
"
Representing arcsR
Y
G
t3t1
t2Rewrite rules
Representing transitionsR
Y
G
t3t1
t2
R(suc(0), Y(0, G(0, empty)))
iArc = R(suc(x), p) ↝ R(x, p)
oArc = G(x, p) ↝ G(suc(x), p)
t1 = ???
"
Strategies in a nutshell
Strategies Rewrite rules
Terms
Strategies in a nutshell
Strategies
Rewrite rules
Basic strategy semantics
• Basic strategy (A list of rewrite rules)
• Application to root term only
• The first applicable rule is applied
• Otherwise, fail
Other useful strategies• Identity[t] = t
• Fail[t], always fails
• (S1 orElse S2)[t] = S1[t] or S2[t], if S1[t] fails
• Conditional application of strategies
• (S1 andThen S2)[t] = S2[S1[t]]
• Sequential composition of strategies
• Subtermk(S)[f(t1, …, tn)] = f(t1, …, S(tk), …, tn)
• Apply strategy to subterm
Representing transitionsR(suc(0), Y(0, G(0, empty)))
iArc = R(suc(x), p) ↝ R(x, p)
oArc = G(x, p) ↝ G(suc(x), p)
t1 = Once(iArc) andThen Once(oArc)
Once(S) = S orElse Subterm2(Once(S)
R
Y
G
t3t1
t2
Creating your model checker: A Checklist
• Semantics
• Description of the computation
• Optimizations
t1 = Once(iArc) andThen Once(oArc)
t2 = … ; t3 = …
CalcSS = ???
"
"
Description of the computation
R
Y
G
t3t1
t2
Strategies extended• Natural extension
• S[{t1, …, tn}] = {S[t1], …, S[tn]}
• Set strategies
• Union(S1, S2)[T] = S1[T] U S2[T], if both succeed
• Fixpoint(S)[T] = μT.S[T]
t1 = Once(iArc) andThen Once(oArc)
t2 = … ; t3 = …
CalcSS = Fixpoint(
Union(
Try(t1), Try(t2), Try(t3), Identity))
Try(S) = S orElse Identity
Description of the computation
R
Y
G
t3t1
t2
Creating your model checker: A Checklist
• Semantics
• Description of the computation
• Optimizations
Decision Diagram Operations
Trans. Trans.
State Space
Verification
Optim 1
Your formalism
Oth
er m
odel
che
cker
s
Decision Diagram Operations
Trans. Trans. Trans.
State Space
Verification
Optim 1
Optim 2
Your formalism
Oth
er m
odel
che
cker
s
Decision Diagram Operations
Trans. Trans. Trans.
State Space
Verification
Optim 1
Optim 2
Your formalism
Oth
er m
odel
che
cker
s
Engine
Decision Diagram Operations
Translation
Stra
tage
mSemantics, State Space,
OptimizationState
SpaceVerification Optim 1 Optim 2
Your formalism
=
Engine
Decision Diagram Operations
Translation
Stra
tage
mSemantics, State Space,
Optimization
Your formalism
Translation
Saturation: for connaisseurs• Well known DD optimization
technique
• Apply local fixpoint in order to reduce peak effect
R
Y
G
t3t1
t2Satn(S) = (Subtermn(Satn(S)) orElse FixPoint(S)) andThen Fixpoint(S)
Saturation: for connaisseursR
Y
G
t3t1
t2
Satn(S) = (Subtermn(Satn(S)) orElse FixPoint(S)) andThen Fixpoint(S)
R(1, Y(0, G(0, empty )))
Creating your model checker: A Checklist
• Semantics
• Description of the computation
• Optimizations
Practical results
• Stratagem has been used to implement:
• Optimizations: Saturation, Clustering, Anonymization, etc.
• Other formalisms: Divine formalism
Practical results• Comparison with PNXDD
• Symbolic model checking
• Similar techniques (topological, decision diagrams)
• Common model database (model checking contest)
• 2nd best tool for state space calculation last year
Practical resultsRa
tio ti
me
PNXD
D/ti
me
Stra
tage
m
0
0.35
0.7
1.05
1.4
Model size (scale parameter)
5 10 20 50 100 200
Erathostenes Railroad Shared Mem
Implementation
• 3700 lines of Scala
• Available for download http://sourceforge.net/projects/stratagem-mc/
• Source code available on Github
• Platform independent
Future work
• Implement CTL verification
• Implement other translations (Algebraic Petri nets)
• Implement other optimization techniques
Thank you! Any questions?
The paper for this presentation can be found at: http://
edmundo.lopezbobeda.net/publications
