Abstract formula. Net formula

Similar documents
Verification component

UNIVERSITÄT HILDESHEIM

The Model-Checking Kit

The Reference Component of PEP

Proc. XVIII Conf. Latinoamericana de Informatica, PANEL'92, pages , August Timed automata have been proposed in [1, 8] to model nite-s

SAMOS: an Active Object{Oriented Database System. Stella Gatziu, Klaus R. Dittrich. Database Technology Research Group

High-level Modeling with THORNs. Oldenburger Forschungs- und Entwicklungsinstitut fur. Informatik-Werkzeuge- und Systeme (Offis)

Autolink. A Tool for the Automatic and Semi-Automatic Test Generation

A Boolean Expression. Reachability Analysis or Bisimulation. Equation Solver. Boolean. equations.

Synchronization Expressions: Characterization Results and. Implementation. Kai Salomaa y Sheng Yu y. Abstract

FIFO buffers is hot tie sauce

MOCHA: Modularity in Model Checking??? Computing Science Research Center, Bell Laboratories.

IGR Report A System for Parallel Model Checking

Moby/plc { Graphical Development of. University of Oldenburg { Department of Computer Science. P.O.Box 2503, D Oldenburg, Germany

Siegfried Loer and Ahmed Serhrouchni. Abstract. SPIN is a tool to simulate and validate Protocols. PROMELA, its

Natural Semantics [14] within the Centaur system [6], and the Typol formalism [8] which provides us with executable specications. The outcome of such

location 1 location 2

WoPeD Workflow Petri Net Designer

Fiona A Tool to Analyze Interacting Open Nets

A NEW UNFOLDING APPROACH TO LTL MODEL CHECKING

Liveness and Fairness Properties in Multi-Agent Systems

Managing test suites for services

Rance Cleaveland The Concurrency Factory is an integrated toolset for specication, simulation,

diasem_r(1) unfold_l(3) N12 N13 unfold_l(3) N14 unfold_l(1) N16 N10 N17

INF672 Protocol Safety and Verification. Karthik Bhargavan Xavier Rival Thomas Clausen

A Note on Fairness in I/O Automata. Judi Romijn and Frits Vaandrager CWI. Abstract

Centre for Parallel Computing, University of Westminster, London, W1M 8JS

Solve the Data Flow Problem

COMP 763. Eugene Syriani. Ph.D. Student in the Modelling, Simulation and Design Lab School of Computer Science. McGill University

The Compositional C++ Language. Denition. Abstract. This document gives a concise denition of the syntax and semantics

Requirements Stage Design(Architecture)

DRAFT for FINAL VERSION. Accepted for CACSD'97, Gent, Belgium, April 1997 IMPLEMENTATION ASPECTS OF THE PLC STANDARD IEC

Formal Modeling of BPEL Workflows Including Fault and Compensation Handling

SIMULATING SDL USING SITE

A taxonomy of race. D. P. Helmbold, C. E. McDowell. September 28, University of California, Santa Cruz. Santa Cruz, CA

Enhancing Integrated Layer Processing using Common Case. Anticipation and Data Dependence Analysis. Extended Abstract

The underlying idea for the proposed proof procedure is to transform a formula into a Shannon graph and compile this graph into Horn clauses When run

Hierarchical modelling and verification based on Petri net components with multiple import interfaces

Co-Simulation of Hybrid SDL and VHDL Specifications

Abstract. Design methods can be ambiguous due to dierentinterpretations of symbols or concepts.

The Maude LTL Model Checker and Its Implementation

Dynamic Logic David Harel, The Weizmann Institute Dexter Kozen, Cornell University Jerzy Tiuryn, University of Warsaw The MIT Press, Cambridge, Massac

Transport protocols are of practical. login, le transfer, and remote procedure. calls. will operate on and therefore are generally

SCR*: A Toolset for Specifying and. Analyzing Software Requirements? Constance Heitmeyer, James Kirby, Bruce Labaw and Ramesh Bharadwaj

Parallelizing Compilers for Object. Oriented Languages. M. Sudholt

TEMPORAL AND SPATIAL SEMANTIC MODELS FOR MULTIMEDIA PRESENTATIONS ABSTRACT

Incremental design of statechart specications

Available online at ScienceDirect. Procedia Computer Science 56 (2015 )

A Unifying Framework Supporting the Analysis and Development of Safe Regression Test Selection Techniques

Promela and SPIN. Mads Dam Dept. Microelectronics and Information Technology Royal Institute of Technology, KTH. Promela and SPIN

Static Safety Analysis of UML Action Semantics for Critical Systems Development

Institut für Informatik D Augsburg

AGG: A Graph Transformation Environment for Modeling and Validation of Software

A Modelling and Analysis Environment for LARES

[PR97c] B. Paech, B. Rumpe. State Based Service Description. In: FMOODS'97: Formal Methods for Open Object-based Distributed Systems. ed.

Bernhard Beckert and Joachim Posegga. \term_expansion((define C as A with B), (C=>A:-B,!)). A=?B :- [A,B]=>*[D,C], D==C."

UNIVERSITÄT PADERBORN. ComponentTools

EL6483: Basic Concepts of Embedded System ModelingSpring and Hardware-In-The-Loo

A Formal Model for Web-Service Composition

1. true / false By a compiler we mean a program that translates to code that will run natively on some machine.

Technische Universitat Munchen. Institut fur Informatik. D Munchen.

instruction fetch memory interface signal unit priority manager instruction decode stack register sets address PC2 PC3 PC4 instructions extern signals

KeyNote: Trust Management for Public-Key. 180 Park Avenue. Florham Park, NJ USA.

A Hierarchical Approach to Workload. M. Calzarossa 1, G. Haring 2, G. Kotsis 2,A.Merlo 1,D.Tessera 1

Improving the Quality of Test Suites for Conformance. Tests by Using Message Sequence Charts. Abstract

Tag der mundlichen Prufung: Dekan/Dekanin: Gutachter:

KAT and PHL in Coq. 1 Introduction. 2 Revision of KAT and PHL concepts. David Pereira 1 and Nelma Moreira 1

Model Checking Revision: Model Checking for Infinite Systems Revision: Traffic Light Controller (TLC) Revision: 1.12

Composability Test of BOM based models using Petri Nets

Course Modelling of Concurrent Systems Summer Semester 2016 University of Duisburg-Essen

ccopyright by Aamod Arvind Sane 1998

Equations for Asynchronous Message Passing

INPUT SYSTEM MODEL ANALYSIS OUTPUT

Binary Decision Diagrams and Symbolic Model Checking

Buffer_1 Machine_1 Buffer_2 Machine_2. Arrival. Served

Universitat Karlsruhe. Am Fasanengarten 5, Karsruhe, Germany. WWW:

Application Programm 1

Distributed Systems Programming (F21DS1) Formal Verification

source constructs created by the operation. he complexity of these computations contributes to the complexity of the entire language translator specic

Towards a Reference Framework. Gianpaolo Cugola and Carlo Ghezzi. [cugola, P.za Leonardo da Vinci 32.

Desynchronisation Technique using Petri nets

Modeling, Testing and Executing Reo Connectors with the. Reo, Eclipse Coordination Tools

FUNCTION BLOCKS USING NET CONDITION/EVENT SYSTEMS. Vyatkin, V., Hanisch, H.-M.

Specifications and Modeling

Henning Koch. Dept. of Computer Science. University of Darmstadt. Alexanderstr. 10. D Darmstadt. Germany. Keywords:

Conditional Branching is not Necessary for Universal Computation in von Neumann Computers Raul Rojas (University of Halle Department of Mathematics an

to automatically generate parallel code for many applications that periodically update shared data structures using commuting operations and/or manipu

Embedded Systems 7 BF - ES - 1 -

[BGH+97] R. Breu, R. Grosu, F. Huber, B. Rumpe, W. Schwerin. Towards a Precise Semantics for Object-Oriented Modeling Techniques. In: Object-Oriented

Program Design in PVS. Eindhoven University of Technology. Abstract. Hoare triples (precondition, program, postcondition) have

Leveraging DTrace for runtime verification

For our sample application we have realized a wrapper WWWSEARCH which is able to retrieve HTML-pages from a web server and extract pieces of informati

To be or not programmable Dimitri Papadimitriou, Bernard Sales Alcatel-Lucent April 2013 COPYRIGHT 2011 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

when a process of the form if be then p else q is executed and also when an output action is performed. 1. Unnecessary substitution: Let p = c!25 c?x:

Generic tools for verifying concurrent systems

I.M.A.G. Campus GRENOBLE cedex FRANCE. The ISO specication language Lotos is a Formal Description Technique for concurrent

2 Egon Borger, Wolfram Schulte: Initialization Problems for Java 1 class A implements I{ } 2 3 interface I { static boolean dummy = Main.sideeffect =

Reactive Types. Jean-Pierre Talpin. Campus de Beaulieu, Rennes, France.

LabVIEW Based Embedded Design [First Report]

Analyzing Robustness of UML State Machines

Transcription:

{ PEP { More than a Petri Net Tool ABSTRACT Bernd Grahlmann and Eike Best The PEP system (Programming Environment based on Petri Nets) supports the most important tasks of a good net tool, including HL and LL net editing and comfortable simulation facilities. In addition, these features are embedded in sophisticated programming and verication components. The programming component allows the user to design concurrent algorithms in an easy-to-use imperative language, and the PEP system then generates Petri nets from such programs. The PEP tool's comprehensive verication components allow a large range of properties of parallel systems to be checked eciently on either programs or their corresponding nets. This includes user-dened properties specied by temporal logic formulae as well as specic properties for which dedicated algorithms are available. PEP has been implemented on Solaris 2.4, Sun OS 4.1.3 and Linux. Ftp-able versions are available. KEYWORDS: B(PN) 2, Model checking, Parallel nite automata, PEP, Petri nets, Process algebra, Temporal logic, Tool. PFA C Code B(PN) 2 Abstract formula PBC M-Net Prefix Petri box Net formula 1 Introduction FIGURE 1. Objects used by the PEP system. In PEP 1 [5] two of today's most widely accepted theoretical approaches for the description of parallel systems, viz., Petri nets and process algebras, are combined to model, simulate, analyse and verify parallel systems. The integration of these two approaches, using a common, exible parallel programming language called B(PN) 2 (Basic Petri Net Programming Notation), is one of the main characteristics of PEP. Institut fur Informatik, Universitat Hildesheim, Marienburger Platz 22, D-31141 Hildesheim, fbernd,e.bestg@informatik.uni-hildesheim.de 1 The PEP project is nanced by the DFG (German Research Foundation). The presentation of this paper has also been supported by the HCM Cooperation Network EXPRESS

112 Bernd Grahlmann and Eike Best This paper briey describes the motivation and rationale behind the PEP tool [5]. Its structure and the interdependencies of its dierent components are explained. The dierent types of objects used by the PEP system are described. The eciency of the model checking algorithms is demonstrated. An overview over future work and pointers to relevant literature are given. 2 Modelling parallel systems with PEP Users can choose primarily between four types of objects in order to model parallel systems (see gure 1): 1. They can express parallel algorithms in B(PN) 2 [6], which is an imperative / predicative programming language whose atomic actions may contain predicates involving the prevalues and the postvalues of variables. Basic command connectives of B(PN) 2 are: sequential composition, nondeterministic choice, parallel composition, and iteration. Programs are structured into blocks consisting of a declaration part and an instruction part. Processes can share common memory or use channel communication or both. The implementation of a procedure concept [13] and abstract data types extend B(PN) 2 to a complete programming language. B(PN) 2 is called Basic Petri Net Programming Notation because it has a compositional semantics in terms of low-level (LL) Petri nets called boxes [1]. 2. Terms of a process algebra called PBC (Petri Box Calculus), which is an extension / modication of CCS [7], can be used. In PEP, PBC terms can either be derived automatically from a B(PN) 2 program or be designed independently. 3. a) PEP allows to design and edit arbitrary labelled P/T-nets. Boxes are a special case which may arise out of a translation from B(PN) 2 programs. b) Further, PEP allows to design and edit high-level (HL) nets, called M-nets [4], on which an alternative net semantics of B(PN) 2 programs is based [3]. 4. Parallel nite automata (PFA) with B(PN) 2 actions as edge annotations can be edited and compiled into B(PN) 2 programs [10]. It is up to the user with which kind of object (s)he would like to start the modelling phase. As shown in gure 1, a B(PN) 2 program can be compiled into a Petri box in two dierent ways: using either PBC or a HL net as an intermediate step. The translations produce equivalent LL nets. Further, the following objects are used in the PEP system: 1. In order to allow the user to (model) check a custom designed system property, PEP allows the denition of a set of temporal logic formulae in propositional logic on place names, augmented with 2 for

PEP { More than a Petri Net Tool 113 `always' and 3 for `possibly at some future point'. Abstract formulae referring to points in the control ow, actions or variable bindings of a B(PN) 2 program are handled by an automatic transformation. 2. During verication it may become necessary to calculate the nite prex of a branching process [8] of an existing LL net. This prex contains information for model checking [9, 12] a net. 3. A C code generator can produce executable code [14]. In a modelling cycle several dierent objects are normally created. Typically a B(PN) 2 program is written, the corresponding HL net and the LL Petri box are compiled automatically, the prex is calculated and interesting properties are expressed by formulae. All objects that relate to a single modelling cycle are collected into a machine object called project. A project which is the basic entity handled by the PEP system may also contain analysis and verication results or user dened documentation. 3 Structure of the PEP prototype The PEP system consists of ve dierent classes of components. 1. s for B(PN) 2 programs, PBC terms, Petri boxes (LL nets), M- nets (HL nets), formulae, PFA, C code and project documentation. 2. s as follows: B(PN) 2 ) PBC, PBC ) (LL) Petri box, Petri box ) prex, B(PN) 2 ) (HL) M-net, (HL) M-net ) (LL) Petri box, B(PN) 2 ) C code and PFA ) B(PN) 2. 3. s for HL and LL boxes. The simulation of a B(PN) 2 program can be triggered by the simulation of a net, based on references either between actions of the B(PN) 2 program and transitions of the corresponding nets or between points in the control ow of the different processes and places of the nets. 4. Some standard algorithms (checking the free choice / T-system properties, liveness, deadlock-freeness, reachability and reversibility) are part of the PEP prototype. 5. Three model checking algorithms have been implemented, MC-0 for T-systems [17] and MC-1 and MC-2 [9, 12] for safe Petri nets. They can determine whether a Petri net satises a property given in terms of a temporal logic formula. The transparency, and thus the full functionality, of the verication component, is obtained by a formula translator which transforms an abstract formula (such as `if a program terminates', `if at some point a variable has a certain value' or `if a transition is live') into a formula referring to a corresponding Petri net. This oers a comfortable interface to the model checkers. The components are controlled by a project manager which represents the central part of PEP (see Figure 2).

114 Bernd Grahlmann and Eike Best Project Manager M-Net PFA Unfolder Formula Petri box PBC B(PN) 2 Prefix builder Model checker T-System Model checkers 1-safe Dedicated Algorithms C Code FIGURE 2. Interplay between PEP system components. The arrows represent input/output relations between components. 4 Eciency of the verication component During the work with the PEP system, dierent case studies have demonstrated that the tool is capable of handling comprehensive examples. As realistic examples a protocol for telephone networks [11] and a pilot behaviour model [15] can be mentioned. The verication of faulty protocols showed that typical human errors made during the modelling phase can be detected eciently [11]. Considering a protocol with much more than 1.000.000 states and more than 250.000 states (stubborn set reduced) the calculation of the nite prex of the branching process was done in less than 1 hour, the verication of 4 interesting properties took 1 minute and the deadlock detection was done in 1 second. W. Ruckdeschel and R. Onken [15] state `... the PEP model checker is used to investigate large fusions of subnets characterized by `exploding' reachability graphs. Some subsystems which could not be analysed via reachability graph were successfully unfolded by PEP...' 5 Future work Our experiences have prompted us to consider the following future aims: 1. A model checker for HL Petri boxes should be developed and implemented, in such a way that the unfolding into LL Petri boxes { often yielding too big nets for realistic problems { can be avoided if desired.

PEP { More than a Petri Net Tool 115 2. The language B(PN) 2 should be augmented by the addition of abstract data types and by the full extension of the procedure concept. This improves the power to model complex parallel systems easily. 3. The possibilities of the INA system [16] (in particular, its state graph checker and its theorem data base) will be integrated. 4. `SDL', `VHDL' and `OCCAM' are considered suitable for extending the interfaces of the tool. 6 References [1] E. Best, R. Devillers and J. G. Hall. The Box Calculus: a New Causal Algebra with Multi-Label Communication. Advances in Petri Nets 92, LNCS Vol. 609, 21{69. Springer, 1992. [2] E. Best and H. Fleischhack, editors. PEP: Programming Environment Based on Petri Nets. Hildesheimer Informatik-Berichte 14/95. 1995. [3] E. Best, H. Fleischhack, W. Fraczak, R. P. Hopkins, H. Klaudel, and E. Pelz. An M-Net Semantics of B(PN) 2. Proc. of STRICT, 85{100, Workshops in Computing. Springer, 1995. [4] E. Best, H. Fleischhack, W. Fraczak, R. P. Hopkins, H. Klaudel, and E. Pelz. A Class of Composable High Level Petri Nets. Proc. of ATPN'95, Torino, LNCS Vol. 935, 103{118. Springer, 1995. [5] E. Best and B. Grahlmann. PEP: Documentation and User Guide. Universitat Hildesheim. ftp.informatik.uni-hildesheim.de /pub/projekte/pep/... or http://www.informatik.uni-hildesheim.de/~pep/homepage.html 1995. [6] E. Best and R. P. Hopkins. B(PN) 2 { a Basic Petri Net Programming Notation. Proc. of PARLE, LNCS Vol. 694, 379{390. Springer, 1993. [7] E. Best and M. Koutny. A Rened View of the Box Calculus. Proc. of ATPN'95, Torino, LNCS Vol. 935, 103{118. Springer, 1995. [8] J. Esparza, S. Romer, and W. Vogler. An Improvement of McMillan's Unfolding Algorithm. Proc. of TACAS'96, 1996. [9] J. Esparza. Model Checking Using Net Unfoldings, 151{195. Number 23 in Science of Computer Programming. Elsevier, 1994. [10] B. Grahlmann, M. Moeller, and U. Anhalt. A New Interface for the PEP Tool { Parallel Finite Automata. Proc. of 2. Workshop Algorithmen und Werkzeuge fur Petrinetze, AIS 22, 21{26. FB Informatik Universitat Oldenburg, 1995. [11] B. Grahlmann. Verifying Telecommunication Protocols with PEP. Proc. of RE- LECTRONIC'95, Budapest, 251{256, 1995. [12] B. Graves. Ein Modelchecker fur eine Linear-Time-Logik. Diplomarbeit, Universitat Hildesheim, 1995. [13] L. Jenner. A Low-Level Net Semantics for B(PN) 2 with Procedures. In [2]. [14] S. Melzer. Design and Implementation of a C-Code Generator for B(PN) 2. In [2]. [15] W. Ruckdeschel and R. Onken. Petri Net Modelling, Analysis and Realtime- Simulation of Pilot Behaviour. Proc. of ATPN'95, 1995. [16] P. H. Starke. INA: Integrated Net Analyzer. Handbuch, 1992. [17] T. Thielke. Implementierung eines ezienten Modelchecking-Algorithmus. Petri- Netze im Einsatz fur Entwurf und Entwicklung von Informationssystemen, 127{ 139. Springer, 1993.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback