A framework for simulation and symbolic state space analysis of non-markovian models

Transcription

1 A framework for simulation and symbolic state space analysis of non-markovian models Laura Carnevali, Lorenzo Ridi, Enrico Vicario SW Technologies Lab (STLab) - Dip. Sistemi e Informatica (DSI) - Univ. Firenze (UniFI) {laura.carnevali, lorenzo.ridi, enrico.vicario}@unifi.it SafeComp11 - Napoli - September 21, 2011 this is about a SW framework that supports the construction of tools that support the application of formal methods that support the development of safe systems encompassing multiple formalisms and solution techniques and open to extension and reuse 1 / 15

2 Time Petri Nets (TPNs) concurrent non-deterministic (possibly bounded) timers implicit precedences induced by the timings of concurrent events compare with Timed Automata with location invariants p 0 [0,0] t0 p 1 p 2 p 3 [0,10] t 1 [5,15] t 2 [12,22] t 3 verification of properties on the set of feasible behaviors event sequencing (e.g., mutual exclusion, deadlock, order) event timing (e.g., min-max Execution Time, deadlines) underlying math: Difference Bounds Matrix (DBM) zones [TSE01] E.Vicario,"Static analysis and dynamic steering of time-dependent systems", IEEE Trans. on SW Eng., / 15

3 preemptive Time Petri Nets (ptpns) 1/2 represent suspended clocks ( τ = 1 or τ = 0) Preemptive Repeat Different (PRD) and Preemptive Resume (PRs) a.k.a. enabling memory and age policies i.e. real time systems running under preemptive scheduling compare with StopWatch Automata and with PNs with hyper-arcs [3, 3] t 1 p 1 [5, 10] [prio = 1] {cpu} t sampling of τ 4 sampling of τ 2 suspension of τ τ 4 2 resumption of τ4 τ 4 0 t 2 progressing t 4 [0, 0] [5, 10] t 2 disabled [prio = 2] {cpu} t 4 progressing t 3 p 4 t 4 t 2 disabled progressing t 4 suspended underlying math: tightest DBM over-approximation with simplex-based clean-up of false behavior time [TSE04] G.Bucci, A.Fedeli, L.Sassoli, and E.Vicario, "Timed state space analysis of real-time preemptive systems", IEEE Trans.on SW Eng / 15

4 preemptive Time Petri Nets (ptpns) 2/2 cast into a V-Model life-cycle preliminary and detailed design + implementation automated code generation, measurement based Execution Time evaluation, formal verification, real time test automation experimented at Selex-Galileo in Florence (MIL-STD-498 and RTCA-DO/178B) SDP Planning and Budget SD1 System Requirements Analysis SD9 Transition to Utilization System Level User Requirements System/Subsystem Analysis and Design SD2 System Design SD8 System Integration System Level System Architecture System Integration and Testing SSDD SW Requirements Analysis IRS SRS Technical Requirements SD7-SW SW Integration Unit Level SD4-SW Preliminary Software Design SW Component Level SW Design Software Architecture Test in Simulated Environment SD5-SW Detailed Software Design SW Module Level SDD SW Coding Software Design SD6-SW SW Implementation [TSE11] L. Carnevali, L. Ridi, and E. Vicario, "Putting preemptive Time Petri Nets to work in a V-Model SW life cycle", IEEE Trans. on SW Eng., accepted for publication 4 / 15

5 stochastic Time Petri Nets (stpns) a class of non-markovian Stochastic Petri Nets multiple concurrent GEN transitions with possibly bounded support the underlying stochastic process may become Markov Regenerative (MRGP) or Generalized Semi-Markov (GSMP) t 1 t 2 [EFT t1, LFT t1 ] = [0, 4] w t1 = 3 f t1 (x) x [EFT t2, LFT t2 ] = [1, 6] w t2 = 1 f t2 (x) x underlying math: stochastic state classes (i.e. symbolic derivation of probability density functions over DBM zones) [QEST11] [QEST10] [TSE09b] [TSE09a] A.Horvath, L.Ridi, E.Vicario, "Probabilistic model checking of non-markovian models with concurrent generally distributed timers", QEST A.Horvath, L.Ridi, E.Vicario, "Transient analysis of generalised semi-markov processes using transient stochastic state classes", QEST E.Vicario, L.Sassoli, L.Carnevali, "Using Stochastic State Classes in Quantitative Evaluation of Dense-Time Reactive Systems", IEEE Trans.SW Eng L.Carnevali, L.Grassi, E.Vicario, "State-density functions over DBM domains in the analysis of non-markovian models", IEEE Trans.SW Eng / 15

6 stochastic preemptive Time Petri Nets (sptpns) stochastic Time Petri Nets with clock suspension aiming at application in soft-real time systems τ = 1 CTMC SMP MRGP GSMP PRD τ {0, 1}... PRS Linear Hybrid underlying math: approximation on stochastic state classes [VT11] L. Carnevali, J. Giuntini, and E. Vicario, "A symbolic approach to quantitative analysis of preemptive real-time systems with non-markovian temporal parameters", ValueTools / 15

7 the overall picture a number of modeling formalisms and solution techniques non-deterministic vs probabilitic cooperative vs preemptive non-deterministic models add probs TPNs add preemption approximation of supports ptpns add probs stochastic models stpns add preemption approximation of supports approximation of densities sptpns... and more could come continuous time vs discrete time mixed probabilistic and non-deterministic... 7 / 15

8 the Oris Tool a tool implementing all the theory developed along the years available at manages correctness verification and quantitative evaluation of timed concurrent systems specified as Petri Net models, i.e., TPNs, ptpns, stpns, sptpns... with growing effort in keeping it all together refactoring/porting to full Java implementation based on a well engineered framework, with hinges enabling adaptation and evolution 8 / 15

9 Sirio: functional responsibilities base libraries: representation of model syntax Petri Net Library Symbolic Calculus Library Sample Generator Library open to extensions for modeling formalisms tools: implementation of model semantics and analysis methods Simulator Tool Analyzer Tool open to extensions for solutions techniques Analyzer Simulator Tools Petri NetLib Symbolic Calculus Lib SampleGeneratorLib Baselibraries 9 / 15

10 Petri Net Library supports representation of TPNs, ptpns, stpns, and sptpns the type of a Petri Net model is implicitly determined by the features associated with its structural components the implementation of new Petri Net models amounts to the implementation of new features for its components PetriNet Place Transition PreconditionArc PostconditionArc PlaceFeature TransitionFeature PreconditionFeature PostconditionFeature StochasticTransitionFeature TimeTransitionFeature PreemptiveTransitionFeature 10 / 15

11 Symbolic Calculus Library supports definition and manipulation of expolynomial functions over polyhedral and Difference Bounds Matrix (DBM) domains Function Domain Expression Expolynomial PolyhedralDomain DBMDomain Expmonomial AtomicTerm MonomialTerm ExponentialTerm 11 / 15

12 Sample Generator Library implements generation of samples from expolynomial distributions using different methods depending on the form of the distribution, e.g., symbolic/numeric inversion, Metropolis-Hastings algorithm Sampler AcceptanceRejection SymbolicInversion NumericInversion MetropolisHastings 12 / 15

13 Simulator Tool implements the semantics of TPNs, ptpns, stpn, and sptpns supports evaluation of transient and steady state rewards, both in Discrete Time (DT) and in Continuous Time (CT) uses composition instead of inheritance to decouple the reward interface from its implementation in DT/CT the definition of new reward measures amounts to the definition of a class that extends BasicReward and (possibly) the addition of methods to RewardTime Sequencer SequencerObserver PetriNet Marking Reward RewardTime BasicReward RewardObserver DiscreteRewardTime ContinuousRewardTime TransientMarkingProbability SteadyStateMarkingProbability RewardEvaluator 13 / 15

14 Simulator Tool implements the semantics of TPNs, ptpns, stpn, and sptpns supports evaluation of transient and steady state rewards, both in Discrete Time (DT) and in Continuous Time (CT) uses composition instead of inheritance to decouple the reward interface from its implementation in DT/CT the definition of new reward measures amounts to the definition of a class that extends BasicReward and (possibly) the addition of methods to RewardTime RewardEvaluator 1 Reward 1 RewardEvaluator 2 RewardEvaluator 3 Reward 2 Sequencer 1 Thread 1 RewardEvaluator 4 Reward 3 Sequencer 2 Thread 2 13 / 15

15 Analyzer Tool implements the theory of stochastic state classes uses composition instead of inheritance to customize the behavior of a general enumeration algorithm the implementation of new techniques of analysis amounts to the definition of delegate components for the Analyzer class Analyzer + analyze(petrinet p, Marking m) SuccessorEvaluator + computesuccessor() EnumerationPolicy + add() + remove() InitialClassBuilder + computeinitialclass() SSCSuccessorEvaluator LIFOPolicy InitialSSCBuilder MarkingEvaluator + computenextmarking() 14 / 15

16 conclusions a Java framework for verification and evaluation of timed concurrent systems specified as Petri Net models Analyzer Simulator Tools Petri NetLib Symbolic Calculus Lib SampleGeneratorLib Baselibraries implementing verification and evaluation of non-deterministic and Stochastic (possibly non-markovian) Petri Nets exploited in the Oris tool open to extension to other formalisms and available for integration in any other tools 15 / 15