Victor Khomenko

1
Merged Processes of Petri nets

• Victor Khomenko

Joint work with Alex Kondratyev, Maciej Koutny
and Walter Vogler
2
Petri net unfoldings

• An acyclic net obtained through unfolding the PN
  by successive firings of transitions
• for each new firing a fresh transition (called an
  event) is generated
• for each newly produced token a fresh place
  (called a condition) is generated
• The full unfolding can be infinite
• If the PN has finitely many reachable states then
  the unfolding eventually starts to repeat itself
  and can be truncated (by identifying a set of
  cut-off events) without loss of essential
  information, yielding a finite prefix

3
Example Dining Philosophers
4
Characteristics of unfoldings

• Alleviate the state space explosion problem for
  highly concurrent systems
• e.g. for Dining Philosophers the prefix size is
  linear in the number of philosophers even though
  the number of states is exponential
• Efficient model checking algorithms
• e.g. deadlock checking is PSPACE-complete for
  safe PNs but only NP-complete for prefixes
• Do not cope well with other than concurrency
  sources of state space explosion, e.g. with
  sequence of choices
• Do not cope well with non-safe PNs

5
Example sequence of choices
No event is cut-off, the prefix is exponential
6
Example non-safe PN
m
m
Tokens in the same place are distinguished in the
unfolding, the prefix is exponential
7
Wanted A data structure coping not only with
concurrency but also with other sources of state
space explosion
8
Occurrence-depth
1
1
1
3
2
1
2
1

• Merged Process
• Fuse conditions with the same label and
  occurrence-depth
• Delete duplicate events

9
Example a Petri net
1
3
2
4
10
Example unfolding
3
1
4
3
2
4
Step 1 Fuse conditions of the nodes with the
same label and occurrence-depth
11
Example (contd)
3
1
4
2
3
4
Step 2 Delete event replicas
12
Examples
m
m
MPs of these nets coincide with the original
nets, even though unfoldings are exponential!
13
Properties of MPs

• Canonicity
• Finiteness
• Completeness
• Theoretical upper bounds on size
• Experimental results size

14
Canonicity

• Easily follows from the canonicity of unfolding
  prefixes
• Canonical MP Merge(Canonical prefix)

15
Finiteness

• Proposition Merge(Pref) is finite iff Pref is
  finite
• ? trivial, as Merge(Pref) is no larger than the
  prefix
• ? more difficult, as the Merge operation can
  collapse infinitely many nodes into one

16
Finiteness (contd)

• ? follows from the analog of Könings lemma for
  branching processes
• an infinite branching process contains an
  infinite causal chain
• hence there are infinitely many instances of some
  place p along it
• hence the occurrence-depth of instances of p is
  unbounded
• hence there are infinitely many instances of p in
  the merged process

17
Completeness

• Preservation of firings is tricky its hard to
  define cut-offs since an event can have multiple
  local configurations
• Hence consider only marking-completeness (good
  enough for model checking as the firings can be
  retrieved from the original PN)
• Proposition if Pref is marking-complete then
  Merge(Pref) is marking-complete

18
Theoretical upper bounds on size

• Trivial bound Merge(Pref) is never larger than
  Pref, hence never larger than the reachability
  graph
• too pessimistic in practice
• MPs of acyclic PN coincide with the original PNs
  with the dead nodes removed
• unfoldings can be exponential
• MPs of live and safe free-choice PNs with minor
  restrictions are polynomial in the size of the
  original PNs
• unfoldings can be exponential

19
Experimental results size
20
Experimental results PN/MP size
21
Experimental results summary

• Corbetts benchmarks were used
• MPs are often by orders of magnitude smaller than
  unfolding prefixes
• In many cases MPs are just slightly larger than
  the original PNs
• In some cases MPs are smaller than the original
  PNs due to removal of dead nodes

22
Model checking

• MPs are small, but are they of any use in
  practice?
• Can model checking algorithms developed for
  unfoldings be lifted to MPs?
• In what follows, we consider safe PNs only

23
Problem cycles
A Petri net
24
Problem cycles
1
1
2
Unfolding
Criss-cross fusion results in a cycle!
2
1
1
25
Problem cycles
MP with a cycle
Still worse, the marking equation (ME) used for
unfolding-based verification can have spurious
solutions
26
Problem cycles
Fire
Borrow a token
The borrowed token is returned
Fire
The current marking is unreachable
27
Solution

• Add to the marking equation another constraint,
  ACYCLIC, requiring the run to be acyclic
• ME ACYCLIC

28
Example an acyclic run
29
Example a run with a cycle
30
SAT encoding

• Associate a Boolean variable v to each node v of
  MP indicating whether it belongs to the run
• View the run as a digraph induced in the MP by
  the variables whose value is true
• Sort the nodes of the merged process so that the
  number of feedback vertices is (heuristically)
  minimised

31
SAT encoding (contd)
v

• For each feedback vertex
• ignore the vertices on its left
• generate the formula conveying that the sources
  of the feedback arcs are not reachable from this
  feedback vertex
• Formula size O(VfE) can we do better?

32
Another problem spurious runs
2
Can visit this condition without first visiting
the other one! not possible in the unfolding
1
33
Solution

• Add another constraint, NG (no-gap), conveying
  that
• if a condition with occurrence-depth kgt1 is
  visited then the condition with the same label
  and occurrence-depth k-1 is also visited
• the conditions with the same label are visited in
  the order of increase of the occurrence depth
  (can be enforced by ACYCLIC by adding a few arcs)

34
Solution (contd)
35
Model checking

• ME ACYCLIC NG VIOL
• This is enough to lift unfolding-based model
  checking algorithms to merged processes!
• Deadlock checking (and many other
  reachability-like problems) is NP-complete in the
  size of the MP no worse than for unfoldings

36
Experimental results MC time
?
37
Experimental results

• Corbetts benchmarks were used
• Model checking is practical running times are
  comparable with those of an unfolding-based
  algorithm
• Still deteriorates on a couple of benchmarks
  but its early days of this approach and we keep
  improving it

38
Open problems / future work

• Direct characterization of MPs (cf. the
  characterization of unfoldings by occurrence
  nets)
• currently much is done via unfoldings
• Improve the efficiency of model checking
• the SAT encoding of ACYCLIC is the main problem
• A direct algorithm for building MPs
• currently built by fusing nodes in the unfolding
  prefix

39
Algorithm for building MPs

• Idea reduce the problem of finding a possible
• extension to the following problem
• Find a configuration C in the built part of the
  MP such that
• C can be extended by a new event and
• C contains no cut-offs, i.e. for each event e in
  C there is no configuration C in the built part
  of MP such that Mark(eC)Mark(C) and C? eC
• Reducible to QBF with 1(?) alternation
• Reducible to SAT if the adequate order is??