Abstract

Brute-force model-checking consists in exhaustive exploration of the state-space of a Petri net, and meets the dreaded state-space explosion problem. In contrast, this paper shows how to solve model-checking problems using a combination of techniques that stay in complexity proportional to the size of the net structure rather than to the state-space size. We combine an SMT based over-approximation to prove that some behaviors are unfeasible, an under-approximation using memory-less sampling of runs to find witness traces or counter-examples, and a set of structural reduction rules that can simplify both the system and the property. This approach was able to win by a clear margin the model-checking contest 2020 for reachability queries as well as deadlock detection, thus demonstrating the practical effectiveness and general applicability of the system of rules presented in this paper.

Highlights

  • Given a Petri net and an assertion on markings of places of the net, we consider the problem of proving that the assertion is an invariant that holds in all reachable markings

  • We introduce a combination of three solution strategies: 1. we try to prove the invariant holds using a system of Satisfiability Modulo Theory (SMT) constraints to symbolically over-approximate reachable states 2. we try to disprove the invariant by using a memory-less exploration that can randomly or with guidance encounter counter-example states under-approximate the behavior, and 3. we use structural reduction rules that preserve the properties

  • SMT solvers are a modern technology that offer the benefits of both Integer Linear Programming (ILP) solvers and SAT solvers for more flexibility in the expression of constraints

Read more

Summary

Introduction

Given a Petri net and an assertion on markings of places of the net, we consider the problem of proving that the assertion is an invariant that holds in all reachable markings. We try to prove the invariant holds using a system of SMT constraints to symbolically over-approximate reachable states 2. [2]) and SAT solvers for more flexibility in the expression of constraints We use this SMT based over-approximation of reachable markings to detect unfeasible behavior. If it can find a reachable marking that does not satisfy the target assertion, the invariant is disproved We combine these solutions with a set of structural reduction rules, that can simplify the net by examining its structure, and provide a smaller net where parts of the behavior are removed or accelerated over while preserving properties of interest. Reducing the size of the net considerably helps both the SMT based solutions because there are less variables and constraints and the pseudo-random sampling as it is more likely to find counter-examples if the state space is small.

Petri net syntax and semantics
Properties of interest
Proving with SMT constraints
Approximating with SMT
Incremental constraints
Generalized flows
Trap constraints
State equation
Causality constraints
Structural reduction rules
Elementary transition rules
Elementary place rules
Agglomeration rules
Graph-based reduction rules
SMT-backed behavioral reduction rules
Implementation
Experimental validation
Conclusion
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call