Find the length of a longest free special k-path Ï s.t.: the last transition of Ï is an action transition the undesirable property is true in the last state and false in all ...
Specification and Model Checking of Temporal Properties in Time Petri Nets and Timed Automata WOJCIECH PENCZEK ICS PAS, Warsaw, Poland joint work with
´ Agata Połrola University of Lodz, Poland
Many thanks to members of the Verics group: M. Szreter, B. Wozna, A.Zbrzezny ATPN’04, Invited talk, Bologna, June 2004 – p.1/47
Outline Time Petri nets (TPNs) Timed automata (TA) (Timed) temporal logics: CTL∗ , CTL, TCTL Verification methods for TPNs: state class approaches From TPNs to TA Verification methods for TA: partitioning and SAT-based approaches Experimental results for verifying TPNs directly and TPNs via TA ATPN’04, Invited talk, Bologna, June 2004 – p.2/47
Some history
Timed extensions of Petri nets: Timed Petri nets [Ramchandani’74] Time Petri nets [Merlin, Farber’76]
Timed extensions of automata theory: Timed automata [Alur,Dill’90] Hybrid automata [Alur, Courcoubetis, Henzinger, Ho’93; Nicollin, Olivero, Sifakis, Yovine’93] ATPN’04, Invited talk, Bologna, June 2004 – p.3/47
Time Petri nets - an example
p1
t1
p3
p5
t3
[1,2]
t2 [0,3]
p7
[0,0]
[1,2]
p2
t4
t5 p4
p6
[1,2]
p8
ATPN’04, Invited talk, Bologna, June 2004 – p.4/47
Time Petri nets - definition A time Petri net (TPN): N = (P, T, F R, Ef t, Lf t, m0 ), where P = {p1 , . . . , pnP } - a finite set of places, T = {t1 , . . . , tnT } - a finite set of transitions, F R ⊆ (P × T ) ∪ (T × P ) - the flow relation, Ef t : T → IN, Lf t : T → IN ∪ {∞} - the earliest and the latest firing time of the transitions; Ef t(t) ≤ Lf t(t), m0 ⊆ P - the initial marking of N .
ATPN’04, Invited talk, Bologna, June 2004 – p.5/47
TPNs - some definitions
•t = {p ∈ P | (p, t) ∈ F R} - a preset of t ∈ T , t• = {p ∈ P | (t, p) ∈ F R} - a postset of t ∈ T , a marking of N - any subset m ⊆ P , a transition t ∈ T is enabled at m (m[ti for short) if •t ⊆ m and t • ∩(m \ •t) = ∅, en(m) = {t ∈ T | m[ti}.
ATPN’04, Invited talk, Bologna, June 2004 – p.6/47
Concrete states of TPNs: clock approach A concrete state of a net - a pair σ = (m, clock), where m - a marking, clock - values of clocks. σ 0 = (m0 , (0, . . . , 0)) - an initial state
ATPN’04, Invited talk, Bologna, June 2004 – p.7/47
Concrete states of TPNs: clock approach A concrete state of a net - a pair σ = (m, clock), where m - a marking, clock - values of clocks. σ 0 = (m0 , (0, . . . , 0)) - an initial state Clocks can be associated with: transitions, places, or processes of a distributed net.
ATPN’04, Invited talk, Bologna, June 2004 – p.7/47
Concrete states of TPNs: clock approach A concrete state of a net - a pair σ = (m, clock), where m - a marking, clock - values of clocks. σ 0 = (m0 , (0, . . . , 0)) - an initial state Clocks can be associated with: transitions, places, or processes of a distributed net. Concrete states change because of: t
firing of a transition (σ →c σ 0 , t ∈ T ), passing some time which does not disable any enabled τ transition (σ →c σ 0 ).
ATPN’04, Invited talk, Bologna, June 2004 – p.7/47
Concrete states of TPNs: clock approach A concrete state of a net - a pair σ = (m, clock), where m - a marking, clock - values of clocks. σ 0 = (m0 , (0, . . . , 0)) - an initial state Clocks can be associated with: transitions, places, or processes of a distributed net. Concrete states change because of: t
firing of a transition (σ →c σ 0 , t ∈ T ), passing some time which does not disable any enabled τ transition (σ →c σ 0 ). t
0
τ∗
t
τ∗
Discrete transition relation: σ →d σ iff σ →c →c →c σ 0 , t ∈ T ATPN’04, Invited talk, Bologna, June 2004 – p.7/47
Concrete states of TPNs: firing interval approach
A concrete state of a net - a pair σ F = (m, f ), where m - a marking, and f - firing interval function assigning to each t ∈ en(m) the timing interval in which t can fire. (σ 0 )F = (m0 , f0 ) - an initial state, where f0 (t) = [Ef t(t), Lf t(t)] for all t ∈ en(m0 )
ATPN’04, Invited talk, Bologna, June 2004 – p.8/47
Concrete states of TPNs: firing interval approach
A concrete state of a net - a pair σ F = (m, f ), where m - a marking, and f - firing interval function assigning to each t ∈ en(m) the timing interval in which t can fire. (σ 0 )F = (m0 , f0 ) - an initial state, where f0 (t) = [Ef t(t), Lf t(t)] for all t ∈ en(m0 ) Concrete states change because of: t
firing of a transition (σ F →d σ 0F , t ∈ T ).
ATPN’04, Invited talk, Bologna, June 2004 – p.8/47
Concrete models for TPNs Σ - a set of all the concrete states of N P V = {℘p | p ∈ P } - a set of propositional variables Vc : Σ → P V - a valuation function s.t. Vc ((m, ·)) = {℘p | p ∈ m} Mc (N ) = ((Σ, σ 0 , →), Vc ), where → ∈ {→c , →d } - a concrete model of N (usually infinite)
ATPN’04, Invited talk, Bologna, June 2004 – p.9/47
0 �
1
detailed zones x1 0 1 �
� �
�
�
�
�
�
�
�
�
�
�
�
�
�
�
� �
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
� �
�
�
�
�
�
�
�
�
�
�
�
� �
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
��
�
�
�
��
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
� �
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
��
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
��
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
� �
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
��
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
��
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
��
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
��
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
��
�
�
�
�
�
�
�
�
�
�
�
x2
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
1 �
�
� �
�
�
�
�
�
�
�
�
�
�
� �
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
� �
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
x2
�
Zones
X = {x1 , . . . , xn } - a set of variables (clocks).
Zone - each convex polyhedron in IRn which can be described by a finite set of inequalities of the form xi ∼ c or xi − xj ∼ c, where ∼∈ {≤, , ≥} and c ∈ IN.
Z(n) - the set of all the zones in IRn
1
x1
non-detailed zones ATPN’04, Invited talk, Bologna, June 2004 – p.10/47
Timed automata - an example
x= 300
exit x
