Time and Timed Petri Nets

Similar documents
Time(d) Petri Net. Serge Haddad. Petri Nets 2016, June 20th LSV ENS Cachan, Université Paris-Saclay & CNRS & INRIA

Timed Petri Nets and Timed Automata: On the Discriminating Power of Zeno Sequences

Weak Time Petri Nets strike back!

Weak Time Petri Nets strike back!

Time Petri Nets. Miriam Zia School of Computer Science McGill University

TCTL model-checking of Time Petri Nets

Comparison of Different Semantics for Time Petri Nets

Weak Time Petri Nets strike back!

Recent results on Timed Systems

Parametric model-checking of time Petri nets with stopwatches using the state-class graph

State Space Computation and Analysis of Time Petri Nets

From Stochastic Processes to Stochastic Petri Nets

Timed Automata VINO 2011

Models for Efficient Timed Verification

Minimal Cost Reachability/Coverability in Priced Timed Petri Nets

A Canonical Contraction for Safe Petri Nets

Serge Haddad Mathieu Sassolas. Verification on Interrupt Timed Automata. Research Report LSV-09-16

NONBLOCKING CONTROL OF PETRI NETS USING UNFOLDING. Alessandro Giua Xiaolan Xie

Robustness of Time Petri Nets under architectural constraints

The Verification of Real Time Systems using the TINA Tool

Undecidability of Coverability and Boundedness for Timed-Arc Petri Nets with Invariants

The State Explosion Problem

Stochastic Petri Net

Verification of Polynomial Interrupt Timed Automata

Complexity Issues in Automated Addition of Time-Bounded Liveness Properties 1

Undecidability Results for Timed Automata with Silent Transitions

Communication in Petri nets

Introduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either

An Efficient Method for Computing Exact State Space of Petri Nets With Stopwatches

Zone-Based Reachability Analysis of Dense-Timed Pushdown Automata

Controller Synthesis for MTL Specifications

A Translation Based Method for the Timed Analysis of Scheduling Extended Time Petri Nets

NEW COLOURED REDUCTIONS FOR SOFTWARE VALIDATION. Sami Evangelista Serge Haddad Jean-François Pradat-Peyre

Simulation of Spiking Neural P Systems using Pnet Lab

An Holistic State Equation for Timed Petri Nets

Timed Automata. Chapter Clocks and clock constraints Clock variables and clock constraints

Timed Automata. Semantics, Algorithms and Tools. Zhou Huaiyang

HYPENS Manual. Fausto Sessego, Alessandro Giua, Carla Seatzu. February 7, 2008

Specification models and their analysis Petri Nets

Complexity Issues in Automated Addition of Time-Bounded Liveness Properties 1

Petri Nets (for Planners)

Specification and Model Checking of Temporal Properties in Time Petri Nets and Timed Automata

Dense-Timed Pushdown Automata

Complexity Analysis of Continuous Petri Nets

An Efficient Translation of Timed-Arc Petri Nets to Networks of Timed Automata

Chapter 4: Computation tree logic

Analysis and Optimization of Discrete Event Systems using Petri Nets

Petri nets. s 1 s 2. s 3 s 4. directed arcs.

MODEL CHECKING TIMED SAFETY INSTRUMENTED SYSTEMS

Modeling Synchronous Systems in BIP

Petri Net Modeling of Irrigation Canal Networks

Formal Specification and Verification of Task Time Constraints for Real-Time Systems

DES. 4. Petri Nets. Introduction. Different Classes of Petri Net. Petri net properties. Analysis of Petri net models

Temporal & Modal Logic. Acronyms. Contents. Temporal Logic Overview Classification PLTL Syntax Semantics Identities. Concurrency Model Checking

1. sort of tokens (e.g. indistinguishable (black), coloured, structured,...),

Symbolic Unfolding of Parametric Stopwatch Petri Nets

MPRI 1-22 Introduction to Verification January 4, TD 6: Petri Nets

Desynchronisation Technique using Petri Nets

Formal Verification of Real-time Systems with Preemptive Scheduling

Timed Automata: Semantics, Algorithms and Tools

An Introduction to Hybrid Systems Modeling

MODELING AND SIMULATION BY HYBRID PETRI NETS. systems, communication systems, etc). Continuous Petri nets (in which the markings are real

Decidability Results for Probabilistic Hybrid Automata

Diagnosis of Labeled Time Petri Nets Using Time Interval Splitting

Lecture 11: Timed Automata

Analysing Signal-Net Systems

T Reactive Systems: Temporal Logic LTL

Stochastic Petri Net. Ben, Yue (Cindy) 2013/05/08

Real-Time Systems. Lecture 10: Timed Automata Dr. Bernd Westphal. Albert-Ludwigs-Universität Freiburg, Germany main

Time Supervision of Concurrent Systems using Symbolic Unfoldings of Time Petri Nets

7. Queueing Systems. 8. Petri nets vs. State Automata

Soundness of Workflow Nets with an Unbounded Resource is Decidable

Properties of Distributed Timed-Arc Petri Nets

The algorithmic analysis of hybrid system

Model Checking Real-Time Systems

A Deadlock Prevention Policy for Flexible Manufacturing Systems Using Siphons

Formal Semantics for Grafcet Controlled Systems 1 Introduction 2 Grafcet

Automatic Generation of Polynomial Invariants for System Verification

Proxel-Based Simulation of Stochastic Petri Nets Containing Immediate Transitions

Liveness in L/U-Parametric Timed Automata

Outline. Time Petri Net State Space Reduction Using Dynamic Programming and Time Paths. Petri Net. Petri Net. Time Petri Net.

Realizability of Schedules by Stochastic Time Petri Nets with Blocking Semantics (regular paper)

Trace Diagnostics using Temporal Implicants

Lecture 16: Computation Tree Logic (CTL)

Models of Concurrency

Laboratoire Spécification & Vérification. Language Preservation Problems in Parametric Timed Automata. Étienne André and Nicolas Markey

Verification of Liveness Properties on Closed Timed-Arc Petri Nets

Verification of Real-Time Specification Patterns on Time Transition Systems

Probabilistic Time Petri Nets

Model-checking Real-time Systems with Roméo

DISTINGUING NON-DETERMINISTIC TIMED FINITE STATE MACHINES

Worst-case Analysis of Concurrent Systems with Duration Interval Petri Nets

Temporal Logic. Stavros Tripakis University of California, Berkeley. We have designed a system. We want to check that it is correct.

Automata-Theoretic Model Checking of Reactive Systems

Partial Order Reductions for Timed Systems

2. Stochastic Time Petri Nets

Model Checking Restricted Sets of Timed Paths

Linear Time Analysis of Properties of Conflict-Free and General Petri nets

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

Algorithms and Data Structures for Efficient Timing Analysis of Asynchronous Real-time Systems

Transcription:

Time and Timed Petri Nets Serge Haddad LSV ENS Cachan & CNRS & INRIA haddad@lsv.ens-cachan.fr DISC 11, June 9th 2011 1 Time and Petri Nets 2 Timed Models 3 Expressiveness 4 Analysis 1/36

Outline 1 Time and Petri Nets Timed Models Expressiveness Analysis 2/36

Time in Discrete Event Systems Intuitively A timed execution of a discrete event system (DES) is a finite or infinite sequence of events: e 1, e 2,... interleaved with (possibly null) delays. (generated by some operational model) More formally A timed execution of a DES is defined by two finite or infinite sequences: The sequence of states S0, S 1, S 2,... such that S 0 is the initial state and S i is the state of the system after the occurrence of e i. The sequence of delays T0, T 1, T 2,... such that T 0 is the time elapsed before the occurrence of e 0 and T i is the time elapsed between the occurrences of e i and e i+1. 3/36

Time in Discrete Event Systems Intuitively A timed execution of a discrete event system (DES) is a finite or infinite sequence of events: e 1, e 2,... interleaved with (possibly null) delays. (generated by some operational model) More formally A timed execution of a DES is defined by two finite or infinite sequences: The sequence of states S0, S 1, S 2,... such that S 0 is the initial state and S i is the state of the system after the occurrence of e i. The sequence of delays T0, T 1, T 2,... such that T 0 is the time elapsed before the occurrence of e 0 and T i is the time elapsed between the occurrences of e i and e i+1. 3/36

A Timed Execution 4/36

Time in Petri Nets What are the events? Atomicity versus non atomicity Beginning and end of transition firings Transition firings What are the delays? Timing requirements for transition firing Duration of transition firing (asap requirement) Delay before firing (requirement between enabling and firing) Appropriate age of tokens (requirement on tokens) 5/36

A Duration-Based Semantic Requires to specify durations Problem: most of the time, states are not reachable markings of the net 6/36

A Delay-Based Semantic Requires to specify transition delays 7/36

A Token-Based Semantic Requires to specify age requirements 8/36

Outline Time and Petri Nets 2 Timed Models Expressiveness Analysis 9/36

Time Petri Net (TPN): Syntax Places: logical part of the state Tokens: current value of the logical part of the state Transitions: events, actions, etc. Labels: observable behaviour Arcs: Pre and Post (logical) conditions of event occurrence Time intervals: temporal conditions of event occurrence 10/36

TPN: Transition Occurrence Logical part The logical part of a state (or configuration) is a marking m, i.e. a number of tokens per place m(p). A transition is enabled if the tokens required by the preconditions are present in the marking. Timed part There is an implicit clock per enabled transition t and its value ν(t) defines the timed part of the state. The clock valuation ν is the timed part of the configuration. An enabled transition t is firable if its clock value lies in its interval [e(t), l(t)]. Notation: (m, ν) t 11/36

TPN: Change of Configuration Time elapsing d Time may elapse with updates of clocks if every clock value does not go beyond the corresponding interval. The marking is unchanged (m, ν) d (m, ν + d) Transition firing t Tokens required by the precondition are consumed and tokens specified by the postcondition are produced. Clocks values of newly enabled transitions are reset leading to valuation ν. Thus (m, ν) t (m P re(t) + P ost(t), ν ) A transition t is newly enabled if 1. t is enabled in m P re(t) + P ost(t) 2. and t is disabled in m P re(t) or t = t 12/36

TPN: an Execution A maximal time elapsing (2p 1 + p 2, (0, 0)) 2 (2p 1 + p 2, (2, 2)) before a transition firing (2p 1 + p 2, (2, 2)) t1 (p 1 + p 2, (0, 0)) followed by a (maximal) time elapsing (p 1 + p 2, (0, 0)) 2 (p 1 + p 2, (2, 2)) before a transition firing (p 1 + p 2, (2, 2)) t1 (p 2, (, 0)) followed by a non maximal time elapsing (p 2, (, 0)) 2.5 (p 2, (, 2.5)) before a transition firing (p 2, (, 2.5)) t2 (0, (, )) 13/36

TPN: an Equivalent Semantic The timed part is defined by a dynamic firing interval [e(t), l(t)] associated with every enabled transition t. Firing of t A transition may fire if it is enabled and e(t) = 0. Intervals of newly enabled transition are reinitialized: [e(t), l(t)] := [e(t), l(t)]. Time elapsing d Time d may elapse if for every enabled transition t, d l(t). Time intervals are accordingly updated [max(0, e(t) d), l(t) d]. 14/36

TPN: Execution Revisited A maximal time elapsing (2p 1 + p 2, ([2, 2], [2, 3])) 2 (2p 1 + p 2, ([0, 0], [0, 1])) before a transition firing (2p 1 + p 2, ([0, 0], [0, 1])) t1 (p 1 + p 2, ([2, 2], [2, 3])) followed by a time elapsing (p 1 + p 2, ([2, 2], [2, 3])) 2 (p 1 + p 2, ([0, 0], [0, 1])) before a transition firing (p 1 + p 2, [0, 0], [0, 1]) t1 (p 2, (, [2, 3])) followed by a non maximal time elapsing (p 2, (, [2, 3])) 2.5 (p 2, (, [0, 0.5])) before a transition firing (p 2, (, [0, 0.5])) t2 (0, (, )) 15/36

Timed Petri Net (TdPN): Syntax Places: both logical and timed part of the state Tokens: have an age Transitions: events, actions, etc. Labels: observable behaviour Arcs: Pre (resp. Post) conditions of event occurrence are multisets of timed intervals corresponding to required (resp. possible) age of consumed (resp. produced) tokens 16/36

TdPN: Transition Occurrence Marking and (simplified) precondition The marking of place p, m(p) is a finite multiset of ages m(p) = a i.τ i with r 0 and a i > 0. 1 i r The precondition of a transition t with input place p, P re(p, t) is an interval. A transition t is firable if for every input place p of t There exists an appropriate token, i.e. some i such that τ i P re(p, t) Observation: the generalization to bags of intervals is intuitive but requires technical machinery. 17/36

TdPN: Change of Configuration Time elapsing d Time may elapse without any restriction. The age of tokens is accordingly updated m d m such that m (p) = 1 i r a i.(τ i + d) when m(p) = 1 i r a i.τ i Transition firing t Tokens selected by the precondition are consumed. Tokens specified by the postcondition are produced with an initial age non deterministically chosen in the corresponding interval. 18/36

TdPN: an Execution A time elapsing 2.(p 1, 0) + (p 2, 0) 2 2.(p 1, 2) + (p 2, 2) before a transition firing 2.(p 1, 2) + (p 2, 2) t1 (p 1, 2) + (p 2, 0.5) (observe that the age of token in p 2 could be different) followed by a time elapsing (p 1, 2) + (p 2, 0.5) 1.8 (p 1, 3.8) + (p 2, 2.3) (observe that the token in p 1 is dead) before a transition firing (p 1, 3.8) + (p 2, 2.3) t2 (p 1, 3.8) 19/36

Outline Time and Petri Nets Timed Models 3 Expressiveness Analysis 20/36

Limit of TPN: a Concurrent System How to model this system? There are two concurrent events e and e which may (but have not to) occur. e may only occur at instants in [0, 1]. e may occur at every instant. 21/36

Limit of TPN: a First Modelling Wrong : e may only occur after time 1 if e occurs. 22/36

Limit of TPN: a Second Modelling Wrong : (p e + p e, (0, 0, 0)) 1 (p e + p e, (1, 1, 1)) t (p e, (, 1, )) and now at time 1 e can no longer occur. 23/36

Limit of TPN: Modelling with TdPN 24/36

Limit of TdPN: an Urgent Requirement How to model this system? There is a single event e which must occur in time interval [0, 1]. 25/36

Limit of TdPN: Two Modellings The TPN modelling is correct. The TdPN modelling is wrong. More generally there is no way to enforce the firing of a transition. 26/36

Outline Time and Petri Nets Timed Models Expressiveness 4 Analysis 27/36

Properties Generic properties Reachability Given some state m can the system reach m? Coverability Given some state m can the system reach some state greater or equal than m? Non Termination Does there exist an infinite firing sequence? Deadlock Does there exist a state from which no transition will fire? Specific properties Temporal Logic CTL, LTL, CTL, etc. Exemple: Is e eventually followed by e in every maximal sequence? Bisimulation Given two systems, are their discrete behaviours distinguishable by an active observer? Timed Temporal Logic TCTL, MTL, MITL, etc. Exemple: Is e eventually followed by e within at most 10 t.u. in every maximal sequence? Timed Bisimulation Given two systems, are their timed behaviours distinguishable by an active observer? 28/36

Overview TPN In TPNs, all relevant properties are undecidable. In bounded TPNs, many generic properties are decidable and temporal model checking is decidable. (by class graph constructions see later) TdPN In TdPNs, some generic properties like coverability are decidable. (see my second talk) In TdPNs, some other generic properties like reachability are undecidable. 29/36

Principle of Class Graph Let T 0 = {t 1,..., t k } the set of transitions enabled at m 0 Let x t be the possible firing delay for t T 0, the constraint for firing delays is: D 0 t T 0 e(t) x t l(t) In order to fire some t, the following system must have a solution. D 0,t D 0 x t x t Let m 0 t T 0\{t } t m 1 and T 1 be the transitions enabled at m 1 with delays x t then: If t is newly enabled, the constraint is Ct e(t) x t l(t) Otherwise the constraints are inherited by Ct x t = x t x t Consequently, the constraints for firing delays after firing of t is D 1 x t1... x tk D 0,t t T 1 C t 30/36

Class Graph: an Illustration D 0 0 x 1 4 5 x 2 6 3 x 3 6 D 0,t1 D 0 x 1 x 2 x 1 x 3 D 1 x 1 x 2 x 3 D 0,t1 x 2 = x 2 x 1 x 3 = x 3 x 1 Elimination of x 2 and x 3 by substitution D 1 x 1 0 x 1 4 5 x 2 + x 1 6 3 x 3 + x 1 6 Elimination of x 1 by upper and lower bounds D 1 x 1 max(0, 5 x 2, 3 x 3) x 1 min(4, 6 x 2, 6 x 3) D 1 1 x 2 6 3 x 3 6 3 x 3 x 2 1 31/36

A class is defined by: Representation of a Class A marking m (with Tm the set of enabled transitions); A set of variables {x0 } {x t } t Tm with x 0 denoting the current time; A matrix C (called a DBM) representing a set of constraints C(x 1,..., x n ) i,j x j x i c ij Properties of DBM There exists a canonical representation for non empty DBM; Canonization and emptyness checking can be done in polynomial time; DBM are effectively closed under: 1. Projection x 1 C(x 1, x 2,..., x n) 2. Relativization x 1 C(x 1, x 2 + x 1,..., x n + x 1) 3. Past d C(x 1 + d, x 2 + d,..., x n + d) 4. Future d C(x 1 d, x 2 d,..., x n d) 5. Reset d C(x, x 2,..., x n) x 1 = 0 32/36

Canonization: Graph Illustration Canonization is done by a shortest path computation Let the constraint be: x 1 x 0 3 2 x 2 x 1 1 x 0 x 2 2 Then the canonized constraint is 1 x 1 x 0 3 1 x 2 x 1 1 4 x 0 x 2 2 33/36

Canonization: the Algorithm Canonization For i, j, k such that i / {j, k} do 1. temp min(c jk, c ji + c ik ) 2. If j k Then c jk temp Else If temp < 0 Then Return(Empty DBM) Correctness of the shortest path algorithm... The algorithm returns Empty DBM iff there is a negative cycle in the graph. Otherwise cij is the length of a shortest path from x i to x j and consequently c ij c ij + c jk for all k. implies correctness of the canonization. If there is a negative cycle in the graph there is no solution of the DBM. (by transitivity one gets x i x i < 0) Otherwise for all i, j there is no solution with xj x i > c ij and a solution with x j x i = c ij (define x i = 0 and x k = c ik for all k i) 34/36

Properties of the Class Graph Finiteness for bounded nets The number of reachable markings is finite. The absolute value of integers occurring in the DBM are bounded by: max(max t T (l(t) l(t) finite), max t T (e(t) l(t) infinite)) Trace and marking representation The untiming of every firing sequence of the TPN is a path of the class graph. For every path of the class graph there is at least one corresponding firing sequence. Thus the reachable markings are exactly those occurring on the class graph. 35/36

Main References On definition and analysis of TPNs B. Berthomieu, M. Menasche, A State enumeration approach for analyzing time Petri nets, 3rd European Workshop on Petri Nets, Varenna, Italy, 1982. B. Berthomieu, M. Diaz, Modeling and verification of time dependent systems using time Petri nets. IEEE Transactions on Software Engineering, 17(3):259-273, 1991. On definition and analysis of TdPNs V. Valero, D. Frutos-Escrig, F. R. F. Cuartero. On non-decidability of reachability for timed-arc Petri nets. In Proc. 8th Int. Work. Petri Nets and Performance Models (PNPM 99), pages 188-196. IEEE Computer Society Press, 1999 P. A. Abdulla, A. Nylén. Timed Petri nets and bqos. In Proc. 22nd International Conference on Application and Theory of Petri Nets (ICATPN 01), volume 2075 of Lecture Notes in Computer Science, pages 53-70. Springer, 2001 36/36

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback