A apresentação está carregando. Por favor, espere

A apresentação está carregando. Por favor, espere

10/02/09 Coloured Petri Nets 1 © Kurt Jensen Department of Computer Science University of Aarhus, Denmark

Apresentações semelhantes


Apresentação em tema: "10/02/09 Coloured Petri Nets 1 © Kurt Jensen Department of Computer Science University of Aarhus, Denmark"— Transcrição da apresentação:

1 10/02/09 Coloured Petri Nets 1 © Kurt Jensen Department of Computer Science University of Aarhus, Denmark kjensen@daimi.au.dk www.daimi.au.dk/~kjensen/ This slide set can be downloaded from: http://www.daimi.au.dk/CPnets/slides/

2 10/02/09 Coloured Petri Nets 2 O que é Rede de Petri Colorida? Linguagem de Modelagem para sistemas onde sincronização, comunicação e compartilhamento de recursos são importantes. Combinação de redes de Petri e linguagem de Progamação. Estruturas de controle, sincronização, comunicação e compartilhamento de recursos são descritas em redes de Petri. Dados e manipulação de dados são descritos em linguagem de programação funcional. Modelos CPN são validados através de simulação e verificado através de espaço de estados. Redes de Petri Coloridas são desenvolvidas na University of Aarhus, Dinamarca 25 anos atrás.

3 10/02/09 Coloured Petri Nets 3 Porque fazer modelos? Fazemos modelos para: Aprender novas coisas sobre um sistema. Checar se o sistema projetado possui as propriedades esperadas. Modelos CPN são dinâmicos: Eles podem ser executados em um computador. Isto possibilita simular e investigar diferentes cenários.

4 10/02/09 Coloured Petri Nets 4 Visão Geral Modelagem Linguagem básica sintaxe semântica Extensões módulos tempo Ferramenta de suporte edição simulação Análise Espaço de Estado completo simetrias

5 10/02/09 Coloured Petri Nets 5 Simple protocol

6 10/02/09 Coloured Petri Nets 6 Simple protocol Lugares

7 10/02/09 Coloured Petri Nets 7 Simple protocol Transições

8 10/02/09 Coloured Petri Nets 8 Simple protocol Place Tipo (colour set)

9 10/02/09 Coloured Petri Nets 9 Simple protocol Marcação Inicial Place

10 10/02/09 Coloured Petri Nets 10 Marcação de Send Send INTxDATA 8 1 ` (1,"Modellin") + 1 ` (2,"g and An") + 1 ` (3,"alysis b") + 1 ` (4,"y Means ") + 1 ` (5,"of Colou") + 1 ` (6,"red Petr") + 1 ` (7,"i Nets##") + 1 ` (8,"########") Número de fichas cores

11 10/02/09 Coloured Petri Nets 11 Simple protocol Inscrições do Arco

12 10/02/09 Coloured Petri Nets 12 Simple protocol

13 10/02/09 Coloured Petri Nets 13 Simple protocol Pacotes a ser enviado

14 10/02/09 Coloured Petri Nets 14 Simple protocol Contador

15 10/02/09 Coloured Petri Nets 15 Simple protocol Contador

16 10/02/09 Coloured Petri Nets 16 Simple protocol Dados recebidos

17 10/02/09 Coloured Petri Nets 17 Simple protocol

18 10/02/09 Coloured Petri Nets 18 Lugar Send A ligação está habilitada. n = 1 p = "Modellin" O pacote não é removido do lugar Send e o contador do lugar NextSend não é alterado. Isto representa que o pacote (1,"Modellin") é enviado para a rede. 11`(1,"Modellin") (1,p) Quando a ligação ocorre uma ficha é adicionada no lugar A.

19 10/02/09 Coloured Petri Nets 19 Simple protocol

20 10/02/09 Coloured Petri Nets 20 A INTxDATA 11`(1,"Modellin") Transmit Packet RP 8 Int_0_10 1 1`8 B INTxDATA (n,p) if Ok(s,r) then 1`(n,p) else empty s Transmit packet Todas ligações habilitadas são: onde r 1..10 n = 1, p = "Modellin" s = 8 r 1..10

21 10/02/09 Coloured Petri Nets 21 Pacotes perdidos A função Ok(s,r) checa se r s. Para r 1..8, Ok(s,r)=true. A ficha é movida de A para B. Isto significa que o pacote é transmitido com sucesso. Para r 9..10, Ok(s,r)=false. Nenhuma ficha é adicionada em B. Isto significa que o pacote é perdido. O simulador CPN faz escolhas aleatórias entre ligações: 80% de chance para transferir com sucesso. if Ok(s,r) then 1`(n,p) else empty

22 10/02/09 Coloured Petri Nets 22 Simple protocol

23 10/02/09 Coloured Petri Nets 23 Pacote Recebido O número do pacote chegando n e o número do pacote esperado k são comparados.

24 10/02/09 Coloured Petri Nets 24 Número do pacote correto Um reconhecimento é enviado. Este contém o número do próximo pacote a receber. O dado no pacote é concatenado ao dado já recebido. O contador NextRec é incrementado em um.

25 10/02/09 Coloured Petri Nets 25 Número do pacote errado Um reconhecimento é enviado. Este contém o número do próximo pacote a receber. O dado no pacote é ignorado. O contador NextRec não é incrementado.

26 10/02/09 Coloured Petri Nets 26 Simple protocol

27 10/02/09 Coloured Petri Nets 27 Transmite reconhecimento Esta transição é similar a Transmit Packet. A marcação de RA determina o sucesso do envio.

28 10/02/09 Coloured Petri Nets 28 Simple protocol

29 10/02/09 Coloured Petri Nets 29 Recebe reconhecimento Quando um reconhecimento chega para o Sender este é usado para atualizar o contador NextSend. Neste caso o valor do contador se torna 2, e Sender enviará o pacote número 2.

30 10/02/09 Coloured Petri Nets 30 Estado intermediário O NextSend é atualizado e Sender iniciará envio do pacote no. 6. Receiver aguarda pacote no. 6. Sender ainda envia pacote no. 5. Pacote no. 6 está chegando no reconhecimento.

31 10/02/09 Coloured Petri Nets 31 CPN tem uma definição formal A existênca de uma definição formal é importante: Base para simulação, i.e., execução da CPN. Base para verificação formal (e.g., espaço de estados). Não é necessário um usuário conhecer a definição formal das CPN: Sintaxe é checada pelo editor CPN. Semântica é garantida pelo simulaor CPN e as ferramentas de verificação CPN.

32 10/02/09 Coloured Petri Nets 32 Rede de Petri Alto-Nível O relacionamento entre CPN e redes de Petri lugar/transição é análogo ao relacionamento entre linguagem de programação de alto-nível e linguagem de máquina. Na teoria, os dois níveis tem exatamente o mesmo poder computacional. na pratica, linguagens de alto-nível têm muito mais poder de modelagem – porque eles têm melhores estruturas, e.g., tipos e módulos. Muitos outros tipos de redes de Petri de alto-nível existem. No entanto, redes de Petri coloridas são as mais utilizadas – em particular para trabalhos práticos.

33 10/02/09 Coloured Petri Nets 33 Visão Geral Modelagem Linguagem básica sintaxe semântica Extensões módulos tempo Ferramenta de suporte edição simulação Análise Espaço de Estado completo simetrias

34 10/02/09 Coloured Petri Nets 34 CPN são usadas para sistemas grandes Um modelo CPN consiste de vários módulos. Também chamados subredes ou páginas. Interfaces e semânticas bem-definidas. Uma aplicação industrial típica em CPN possui: 10-200 módulos. 50-1000 lugares e transições. 10-200 tipos. Aplicações Industriais deste tamanho podem ser totalmente impossível sem: Tipos de dados e valores de fichas. Módulos. Ferramenta de suporte.

35 10/02/09 Coloured Petri Nets 35 Módulos

36 10/02/09 Coloured Petri Nets 36 Três diferentes módulos Sender Receiver Network In Out In Out Lugares Porta são usados para mudar fichas entre módulos.

37 10/02/09 Coloured Petri Nets 37 Visão Abstrata HS Sender NetworkReceiver Protocolo Transições de Substituição referem-se aos módulos. Lugares Socket são relacionados aos plugares porta.

38 10/02/09 Coloured Petri Nets 38 Módulos podem ser reusados HS SenderNetwork Receiver Protocolo HS Receiver

39 10/02/09 Coloured Petri Nets 39 Protocolo com vários receivers Sender Receiver Network In Out In Out In

40 10/02/09 Coloured Petri Nets 40 Pacotes Transmitidos Pacotes são enviados para os dois receivers. Alguns dos pacotes podem ser perdidos.

41 10/02/09 Coloured Petri Nets 41 Reconhecimento transmitido

42 10/02/09 Coloured Petri Nets 42 Reconhecimento recebido O sender recebe o menor inteiro.

43 10/02/09 Coloured Petri Nets 43 Descrições Hierárquicas Nós usamos módulos para descrições de estruturas grandes e complexas. Módulos nos possibilita ocultar detalhes que não queremos considerar em um certo nível de abstração. Módulos possuem interfaces bem-definidas, consistem de lugares socket e porta, através do qual os módulos trocam fichas com outros. Módulos podem ser reusados.

44 10/02/09 Coloured Petri Nets 44 Outra solução Múltiplos receivers podem também ser modelados adicionando um novo componente à cor da ficha. Mudanças similares devem ser feitas para a transmição do pacote e transmição do reconhecimento.

45 10/02/09 Coloured Petri Nets 45 Análise de Tempo CPN podem considerar o conceito de tempo. Isto significa que a mesma linguagem de modelagem pode ser usada para investigar: Corretude lógica. Funcionalidade desejada, sem deadlocks, etc. Desempenho. Quão rápido é o sistema e quantos recursos são usados.

46 10/02/09 Coloured Petri Nets 46 Como adicionar tempo Tempo é adicionado em modelos de redes de Petri de várias formas – tipicamente especificando atrasos em lugares ou transições. Time stamp determina quando a ficha pode ser usada, i.e., consumida por uma transição. Atrasos podem ser fixados. Determinados por uma distribuição arbitraria. Valor do dado (token colour) Ficha Modelo CPN Valor do tempo (time stamp)

47 10/02/09 Coloured Petri Nets 47 A CPN temporizada para o protocolo Atraso fixo Variável delay Atraso da retransmi ssão

48 10/02/09 Coloured Petri Nets 48 Áreas de Aplicações Protocolos and Redes Intelligent Networks at Deutsche Telekom IEEE 802.6 Configuration Control at Telstra Research Labs Allocation Policies in the Fieldbus Protocol in Japan ISDN Services at Telstra Research Laboratories Protocol for an Audio/Video System at Bang & Olufsen TCP Protocols at Hewlett-Packard Local Area Network at University of Las Palmas UPC Algorithms in ATM Networks at University of Aarhus BRI Protocol in ISDN Networks Network Management System at RC International A/S Interprocess Communication in Pool IDA at King's College Software Mobile Phones at Nokia Bank Transactions & Interconnect Fabric at Hewlett-Packard Mutual Exclusion Algorithm at University of Aarhus Distributed Program Execution at University of Aarhus Internet Cache at the Hungarian Academy of Science Electronic Funds Transfer in the US Document Storage System at Bull AG ADA Program at Draper Laboratories

49 10/02/09 Coloured Petri Nets 49 Controle de Sistemas Security and Access Control Systems at Dalcotech A/S Mechatronic Systems in Cars at Peugeot-Citroën in France European Train Control System in Germany Flowmeter System at Danfoss Traffic Signals in Brazil Chemical Production in Germany Model Train System at University of Kiel Hardware Superscalar Processor Architectures at Univ. of Newcastle VLSI Chip in the US Arbiter Cascade at Meta Software Corp. Sistemas militares Military Communications Gateway in Australia Influence Nets for the US Air Force Missile Simulator in Australia Naval Command and Control System in Canada Outros Sistemas Bank Courier Network at Shawmut National Coop. Nuclear Waste Management Programme in the US

50 10/02/09 Coloured Petri Nets 50 Visão Geral Modelagem Linguagem básica sintaxe semântica Extensões módulos tempo Ferramenta de suporte edição simulação Análise Espaço de Estado completo simetrias

51 10/02/09 Coloured Petri Nets 51 Ferramentas computacionais Design/CPN foi desenvolvida nos anos 80e início dos anos 90. Até recentemente, este foi o pacote de redes de Petri mais usado. Usado por 1000 diferentes organizações em mais de 60 países – incluindo 200 empresas. CPN Tools é a próxima geração de ferramentas de suporte para redes de Petri Coloridas. Este tem substituído Design/CPN com 4000 licenças em 120 países. Desenvolvimento iniciado em 1999 com um total de 25 homens-ano Desenvolvimento continua com uma expectativa de esforço de 3-4 homens-ano.

52 10/02/09 Coloured Petri Nets 52 A funcionalidade das duas ferramentas é a mesma: Edicão e syntax check de CPN. Simulação Interativa e automática. Construção e análise de espaço de estados. Comunicação com outras ferramentas. Simulation based performance analysis. Animação Gráfica do resultado das simulações. CPN Tools e Design/CPN

53 10/02/09 Coloured Petri Nets 53

54 10/02/09 Coloured Petri Nets 54 Standard ML Tipos, expressões de arco e guardas são especificadas em Standard ML, que é uma linguagem fortemente tipada, funcional e desenvolvida por Robin Milner. Tipos de dados podem ser: Atômicos (inteiros, strings, booleanos). Estruturados (produts, records, unions, lists, e subsets). Funções e operações podem ser definidas. Standard ML é bem conhecida, bem testada e muito geral. Muitos livros são disponíveis.

55 10/02/09 Coloured Petri Nets 55 Support for hierarchical models We want to move the selected part to a new module. This is done by a single operation. Database

56 10/02/09 Coloured Petri Nets 56 Abstract view Substitution transition Sockets (interface) Name of new module Database

57 10/02/09 Coloured Petri Nets 57 Detailed view Ports (interface) Interfaces and detailed relationship between the two modules are automatically determined by the CPN editor. New Name of new module

58 10/02/09 Coloured Petri Nets 58 Simulation of CP-nets When a syntactical correct CPN diagram has been constructed, the CPN tool generates the necessary code to perform simulations. Calculates whether the individual transitions and bindings are enabled. Calculates the effect of occurring transitions and bindings. The syntax check and code generation are incremental. Hence it is fast to make small changes to the CPN diagram. We distinguish between two kinds of simulations: In an interactive simulation the user is in control,but most of the work is done by the system. In an automatic simulation the system does all the work.

59 10/02/09 Coloured Petri Nets 59 Interactive simulation Simulation results are shown directly on the CP-net. Transitions are chosen by the user or the simulator. User can observe all details and set breakpoints.

60 10/02/09 Coloured Petri Nets 60 Automatic simulation The user does not intend to follow the simulation: Simulation can be very fast - several thousand steps per second. User specifies some stop criteria, which determine the duration of the simulation. When the simulation stops the graphics of the CP-net is updated. Then the user can inspect all details of the graphics, e.g., the enabling and the marking. Automatic simulations can be mixed with interactive simulations. To find out what happens during an automatic simulation the user has a number of choices.

61 10/02/09 Coloured Petri Nets 61 Simulation report 1SendPack@(1:Top#1){n=1,p="Modellin"} 2TranPack@(1:Top#1){n=1,p="Modellin",r=6,s=8} 3SendPack@(1:Top#1){n=1,p="Modellin"} 4TranPack@(1:Top#1){n=1,p="Modellin",r=3,s=8} 5 RecPack@(1:Top#1) {k=1,n=1,p="Modellin",str= 6SendPack@(1:Top#1){n=1,p="Modellin"} Transition Module Binding

62 10/02/09 Coloured Petri Nets 62 Message sequence chart SenderNetworkReceiver Ack Lost: 2 SendPack: (1,"Modellin") TranPack: (1,"Modellin") RecPack: (1,"Modellin") SendAck: 2 SendPack: (1,"Modellin") TranPack: (1,"Modellin") SendPack: (1,"Modellin")

63 10/02/09 Coloured Petri Nets 63 Business charts

64 10/02/09 Coloured Petri Nets 64 Automatic code generation CPN models are often used to specify and validate new software. It is also possible to implement the software by automatic code generation. This method has been applied to develop a system for access control to buildings. The source code for the final implementation was generated automatically from the CPN specification - by extracting parts of the Standard ML code used by the CPN simulator. The approach is only adequate for systems that are not time critical and systems that are produced in small numbers.

65 10/02/09 Coloured Petri Nets 65 Overview of talk Modelling Basic language syntax semantics Extensions modules time Tool support editing simulation Analysis State spaces full symmetries equivalence classes sweep-line Place invariants check of invariants use of invariants

66 10/02/09 Coloured Petri Nets 66 1 2 5 3 4 7 6 8 State spaces A state space is a directed graph with: A node for each reachable marking (i.e., state). An arc for each occurring binding element. Deadlock Cycle transition + binding

67 10/02/09 Coloured Petri Nets 67 State space tool State spaces are often very large. The CPN state space tool allows the user to: Generate state spaces. Analyse state spaces to obtain information about the behaviour of the modelled system. Generation is totally automatic while analysis is automatic or semi-automatic (based on queries from the user).

68 10/02/09 Coloured Petri Nets 68 State space report Generation of the state space report takes often only a few seconds. The report contains a lot of useful information about the behaviour of the CP-net. The report is excellent for locating errors or to increase our confidence in the correctness of the system.

69 10/02/09 Coloured Petri Nets 69 To obtain a finite state space, we: Only have 4 packets. Limit the number of tokens on A, B, C, and D. Binary choice between success and failure. State space for protocol

70 10/02/09 Coloured Petri Nets 70 State space report for protocol Occurrence Graph Statistics Nodes:428 Arcs:1130 Secs:0 Status:Full Scc Graph Statistics Nodes:182 Arcs:673 Secs:0

71 10/02/09 Coloured Petri Nets 71 Integer bounds A, B, C, D, Limit: 0-2 NextSend, NextRec, Received: 1 Send: 4 Integer bounds tell the maximal and minimal number of tokens on the individual places.

72 10/02/09 Coloured Petri Nets 72 Integer bounds 0-2 1 1 1 4

73 10/02/09 Coloured Petri Nets 73 Upper multi-set bounds A, B:2`(1,"Modellin") + 2`(2,"g and An") + 2`(3,"alysis##") + 2`(4,"########") C, D:2`2 + 2`3 + 2`4 + 2`5 Limit:2`e NextSend, NextRec:1`1 + 1`2 + 1`3 + 1`4 + 1`5 Received:1`"" + 1`" Modellin" + 1`"Modelling and An" + 1`"Modelling and Analysis##" Send:1`(1,"Modellin") + 1`(2,"g and An") + 1`(3,"alysis##") + 1`(4,"########")

74 10/02/09 Coloured Petri Nets 74 Home Properties Home Markings: [235] Liveness Properties Dead Markings: [235] Live Transitions: None Home and liveness properties Marking no. 235 is the desired final marking where all packets have been received in correct order. 235 NextSend = 5 NextRec = 5 Received = "Modelling and Analysis##"

75 10/02/09 Coloured Petri Nets 75 Investigation of dead marking Marking 235 is the only dead marking. This implies that the protocol is partially correct (if execution stops it stops in the desired final marking). Marking 235 is a home marking. This implies that we always have a chance to finish correctly (it is impossible to reach a state from which we cannot reach the desired final marking).

76 10/02/09 Coloured Petri Nets 76 Fairness properties Send Packet: Impartial Transmit Packet: Impartial Receive Packet: No Fairness Transmit Acknow: No Fairness Receive Acknow: No Fairness Fairness properties tell how often the individual transitions occur.

77 10/02/09 Coloured Petri Nets 77 Investigation of shortest path We want to find one of the shortest paths from the initial marking to the dead marking. Length(path); > 20 : int val path = NodesInPath(1,235); Query > val path = [1,2,3,4,6,8,10,15,20,27,50, 64,80,102,133,164,179,192, 201,215,235] : Node list Answer

78 10/02/09 Coloured Petri Nets 78 Drawing of shortest path DisplayNodePath [1,2,3,4,6,8]; We want to investigate the beginning of the calculated shortest path. > () : unit

79 10/02/09 Coloured Petri Nets 79 Draw more complex subgraph

80 10/02/09 Coloured Petri Nets 80 Non-standard queries Can the NextSend counter be decreased?

81 10/02/09 Coloured Petri Nets 81 PredAllArcs (fn a => ((ms_to_col(Mark.NextSend 1 (SourceNode a))) > (ms_to_col(Mark.NextSend 1 (DestNode a)))); Query in Standard ML >[973,951,934,921,920,895,894,845,844,818,817, 428,360,310,271,233] : Arc list Yes! 753,729,663,648,587,573,567,517,499,497,429, 1`4 4 PredAllArcs (fn a => ((ms_to_col(Mark.NextSend 1 (SourceNode a))) > (ms_to_col(Mark.NextSend 1 (DestNode a))));

82 10/02/09 Coloured Petri Nets 82 Counter example > () : unit DisplayArcs [973]; NextSend = 4 NextRec = 5 Received = "Modelling and Analysis##" B = 1`(4,"########") D = 1`3 RecAck = {n=3,k=4} 368385 NextSend = 3 NextRec = 5 Received = "Modelling and Analysis##" B = 1`(4,"########")

83 10/02/09 Coloured Petri Nets 83 Improved protocol max(n,k)

84 10/02/09 Coloured Petri Nets 84 Temporal logic It is also possible to make state space queries by means of a CTL-like temporal logic. States. Transitions. Binding elements.

85 10/02/09 Coloured Petri Nets 85 State spaces - pro/contra State spaces are powerful and easy to use. Construction and analysis can be automated. No need to know the mathematics behind the analysis methods. The main drawback is the state explosion, i.e., the size of the state space. The present version of our tool handles graphs with one million states. For many systems this is not sufficient.

86 10/02/09 Coloured Petri Nets 86 Statistics – full state spaces Intel Pentium III, 1GHz, 1 GB RAM

87 10/02/09 Coloured Petri Nets 87 Condensed state spaces Fortunately,it is sometimes possible to construct much more compact state spaces – without loosing information. This is done by exploiting: Symmetries in the modelled system. Other kinds of equivalent behaviour. Progress measure. Concurrency between events.

88 10/02/09 Coloured Petri Nets 88 Protocol with multiple receivers Sender Receiver Network In Out In Out I/O Out In

89 10/02/09 Coloured Petri Nets 89 State space for three receivers Init Send Packet Transmit Packet Receive Packet CBBBCBBBC_CB_BCC_BB_CCB_BC_C_ __C__ _C The red nodes are equivalent (or symmetrical ). They also have equivalent: direct successors, enabled binding elements. A 0 1 3 2 BBB_BBB_BBB_B_ __B__ _B

90 10/02/09 Coloured Petri Nets 90 Condensed state space for three receivers B Init CC DD DBB D D Send Packet Transmit Packet 0 1 3 2 Receive Packet Transmit Acknowledgment BB 21 nodes instead of 62 nodes 21 nodes instead of 62 nodes CB BBBBB DC C CCBB DBB CCB A

91 10/02/09 Coloured Petri Nets 91 Symmetries A symmetry is a function that maps: markings into equivalent markings, binding elements into equivalent binding elements. A symmetry specification is a set of functions M BE M BE such that: M [ M M ] ( BE) [ BE BE ]. is an algebraic group. Each element of is called a symmetry.

92 10/02/09 Coloured Petri Nets 92 Equivalent markings Two markings M and M* are equivalent iff there exist a symmetry that maps M* into M: M M M* : M = (M*). Two binding elements b and b* are equivalent iff there exist a symmetry that maps b* into b: M BE M* : b = (b*). is an algebraic group. This implies that M and BE are equivalence relations.

93 10/02/09 Coloured Petri Nets 93 Consistency A symmetry specification is consistent iff the following properties are satisfied for all symmetries, all reachable markings M 1, M 2 and all binding elements b: M 1 M 2 (M 1 ) (M 2 ). (M 0 ) = M 0. We demand that equivalent markings must have: equivalent direct successors, equivalent enabled binding elements. b (b)

94 10/02/09 Coloured Petri Nets 94 Protocol with multiple receivers Symmetries are defined as consistent permutations of receiver-IDs: When we model each receiver by a separate module we permute the markings of these modules. When we model all receivers by a single module (adding a new component to the token colours) we permute the colour values in the type: REC = {rec 1, rec 2, rec 3,…}.

95 10/02/09 Coloured Petri Nets 95 Construction of state spaces with symmetries State spaces with symmetries are constructed in the same way as ordinary state spaces, except that: Before adding a new node we check whether the marking is equivalent to the marking of an existing node. Before adding a new arc we check whether the binding element is equivalent to the binding element of an existing arc (from the same source node).

96 10/02/09 Coloured Petri Nets 96 What can we prove from state spaces with symmetries? State spaces with symmetries can be used to investigate the same kinds of behavioural properties as ordinary state spaces, but only modulo equivalence. As an example, this means that: We cannot investigate whether a certain marking is reachable itself. Instead we can investigate whether there is an equivalent marking which is reachable.

97 10/02/09 Coloured Petri Nets 97 Statistics – symmetries 346.3976.9020.385.731.98Ratio 101,24031,11032,96311,280924Sym 35,068,4482,392,458671,94864,6841,832Full Arcs ----- 23.92.00.7Ratio Time n! Sym Full Ratio Sym Full 24 8 mins 191 mins 17.45 9,888 172,581 4 (3 packets) 72012062 1 hour8 mins2 mins3 secs Perms ----- 4 mins2 secs 245.3058.045.331.93 24,1228,3874,195477 Nodes 5,917,145486,76722,371921 6 (2 packets) 5 (2 packets) 32 Limit = Receivers Prototype implementation in 1998.

98 10/02/09 Coloured Petri Nets 98 We can be more general We have defined the equivalence relations for markings and bindings elements from a set of symmetry functions. Instead we may define the equivalence relations directly (i.e. from scratch). An equivalence specification is a pair ( M, BE ) where: M is an equivalence relation on the set of all markings. BE is an equivalence relation on the set of all binding elements.

99 10/02/09 Coloured Petri Nets 99 Consistency An equivalence specification ( M, BE ) is consistent iff for all reachable markings M 1, M 2, M and all binding elements b: M 1 M M 2 M 1 M M* M M b* BE b: M 2 M*. As before, we demand that equivalent markings must have: equivalent direct successors, equivalent enabled binding elements. b b*

100 10/02/09 Coloured Petri Nets 100 State spaces with equivalence classes State spaces with equivalence classes are constructed in the same way as state spaces with symmetries. They can be used to investigate the same kinds of behavioural properties. State spaces with symmetries is a special case of state spaces with equivalence classes.

101 10/02/09 Coloured Petri Nets 101 Intermediate state of protocol Receiver expects packet no. 6. This acknowledg- ment will also be ignored. It is old. max(n,k) Sender is still sending packet no. 5. This packet will be ignored. It is old.

102 10/02/09 Coloured Petri Nets 102 Equivalence relation Two markings M 1 and M 2 are equivalent iff: M 1 (p) = M 2 (p) for p {A,B,C,D} | M 1 (p) OLD | = | M 2 (p) OLD | M 1 (p) NEW = M 2 (p) NEW A marking M(p) where p is one of the network places A,B,C,D is split into two parts: M(p) = M(p) OLD + M(p) NEW Old packets/acksAll remaining packets/acks for p {A,B,C,D} }

103 10/02/09 Coloured Petri Nets 103 max(n,k) Two equivalent states

104 10/02/09 Coloured Petri Nets 104 Statistics – equivalence classes Sun Ultra Sparc 3000, 512 MB in 1997.

105 10/02/09 Coloured Petri Nets 105 Timed protocol 1`5 @ [796] 1`5 @ [803] 1`4 @ [728] 1`5 @ [796] 1`(1,"Modellin") @ [218] 1`(2,"g and An") @ [234] 1`(3,"alysis b") @ [324] 1`(4,"y Means ") @ [741] 1`(5,"of Colou") @ [887] 1`(6,"red Petr") @ [0] 1`(7,"i Nets##") @ [0] 1`(8,"########") @ [0] max(n,k) Creation time 787 0

106 10/02/09 Coloured Petri Nets 106 1`(1,"Modellin") @ [218] 1`(2,"g and An") @ [234] 1`(3,"alysis b") @ [324] 1`(4,"y Means ") @ [741] 1`(5,"of Colou") @ [887] 1`(6,"red Petr") @ [0] 1`(7,"i Nets##") @ [0] 1`(8,"########") @ [0] 1`4 @ [728] 1`5 @ [796] 1`5 @ [803] 1`5 @ [796] max(n,k) Creation time 787 @ [0] @ [100] @ [0] @ [16] @ [0] 0 @ [9] Timed protocol

107 10/02/09 Coloured Petri Nets 107 Simple protocol max(n,k) They can be used as a progress measure. They can be used as a progress measure. The two counters are monotonously increased. The two counters are monotonously increased.

108 10/02/09 Coloured Petri Nets 108 Progress measure PM : STATES A Monotonous (non-decreasing): X Y function all states set with linear or partial order PM(X) PM(Y) Protocol: (NextSend,NextRec) lexicographical ordering.

109 10/02/09 Coloured Petri Nets 109 States sorted by progress measure Progress measure Initial state

110 10/02/09 Coloured Petri Nets 110 Construction of state space Processed Unprocessed All arcs go left-to-right or vertical. All nodes to be processed are in front of the sweep-line. All new nodes are added in front of the sweep-line. We do not need the nodes behind the sweep-line. They can be deleted from memory. sweep-line

111 10/02/09 Coloured Petri Nets 111 We continue the construction The sweep-line moves from left to right. In front of it, we add new nodes. Behind it, we remove nodes. sweep-line

112 10/02/09 Coloured Petri Nets 112 Statistics – sweep-line Intel Pentium III, 1GHz, 1 GB RAM

113 10/02/09 Coloured Petri Nets 113 Statistics – sweep-line 1.71 7 12 ----- 43,124 2.03 4,449 9,025 4 1.95 21 41 ----- 99,355 2.35 8,521 20,016 5 2.19 57 125 ----- 198,150 2.67 14,545 38,885 6 Ratio Sweep Full Ratio Sweep Full Ratio Sweep Full 2.41 359 864 ----- 596,264 3.33 33,985 113,121 8 2.27 152 Secs 345 ----- Arcs 356,965 3.00 22,905 Nodes 68,720 7Packets: Limit = 4 AMD Athlon 1.33GHz, 512 MB RAM

114 10/02/09 Coloured Petri Nets 114 Sweep-line method – pro/contra We can construct larger state spaces, since we do not need to have all states in memory at the same time. In a timed CP-net we can use the global clock as a progress measure – time does not go backwards. Problems: Analysis must be done on the-fly. To deal with reactive systems we need to be able to use non-monotonous progress measures. Counter examples are more difficult to construct, since part of the state space has been deleted from memory.

115 10/02/09 Coloured Petri Nets 115 Overview of talk Modelling Basic language syntax semantics Extensions modules time Tool support editing simulation Analysis State spaces full symmetries equivalence classes sweep-line Place invariants check of invariants use of invariants

116 10/02/09 Coloured Petri Nets 116 Place invariants The basic idea is similar to the use of invariants in program verification. An invariant describes a property which is fulfilled for all reachable states. We first construct a set of place invariants. Then we check whether they are fulfilled. Finally, we use the place invariants to prove behavioural properties of the CP-net.

117 10/02/09 Coloured Petri Nets 117 Logo of Petri net community

118 10/02/09 Coloured Petri Nets 118 Distributed data base Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e

119 10/02/09 Coloured Petri Nets 119 Data base managers Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e DBM = {d(1),d(2),d(3)} 1`d(1) + 1`d(2) + 1`d(3)

120 10/02/09 Coloured Petri Nets 120 Message buffers DBM Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message PerformingInactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e MES = { (s,r) DBM DBM | s r } 1`(d(1),d(2)) + 1`(d(1),d(3)) + 1`(d(2),d(1)) + 1`(d(2),d(3)) + 1`(d(3),d(1)) + 1`(d(3),d(2)) Mes(d(2)) = 1`(d(2),d(1)) + 1`(d(2),d(3))

121 10/02/09 Coloured Petri Nets 121 Mutual exclusion E = { e } 1`e Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged MES Active E Passive E Mes(s) (s,r) Mes(s) ss ss rr r r e ee e e

122 10/02/09 Coloured Petri Nets 122 Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e Distributed data base DBM d(2) d(3) e (3,2) (3,1) (2,3) (2,1) (1,3) (1,2) s = d(3) (d(1),d(2)) d(1)

123 10/02/09 Coloured Petri Nets 123 Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e Distributed data base DBM d(2) d(3) e (2,3) (2,1) (1,3) (1,2)d(1) (3,2)(3,1) s = d(3) r = d(1)

124 10/02/09 Coloured Petri Nets 124 Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e Distributed data base DBM d(1)d(3) e (3,2) (3,1) (2,3) (2,1) (1,3) (1,2) s = d(3) r = d(2) s = d(3) r = d(1) d(2)

125 10/02/09 Coloured Petri Nets 125 Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e Distributed data base DBM d(1)d(2)d(3) e (3,2) (3,1) (2,3) (2,1) (1,3) (1,2) s = d(3) r = d(2)

126 10/02/09 Coloured Petri Nets 126 Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e Distributed data base DBM d(3) e (3,2)(3,1) (2,3) (2,1) (1,3) (1,2) s = d(3) d(2) d(1)

127 10/02/09 Coloured Petri Nets 127 Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e Distributed data base DBM d(2) d(3) e (3,2) (3,1) (2,3) (2,1) (1,3) (1,2)d(1) Initial marking

128 10/02/09 Coloured Petri Nets 128 Data base managers M(Waiting) + M (Inactive) + M(Performing) –s+s–s+s+r–r+r–r Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e = DBM

129 10/02/09 Coloured Petri Nets 129 Message buffers M(Unused) + M(Sent) + M (Received) + M(Acknowl) –Mes(s)+Mes(s) –Mes(s) +Mes(s)–(s,r)+(s,r) = MES DBM Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message PerformingInactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e +(s,r)–(s,r)

130 10/02/09 Coloured Petri Nets 130 Mutual exclusion M(Active) + M (Passive) –e+e –e MES Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged Active E Passive E Mes(s) (s,r) Mes(s) ss ss rr r r e ee e e = E

131 10/02/09 Coloured Petri Nets 131 M(Received) M(Performing) Received messages –r–(s,r)–Rec –Rec( ) + Rec(s,r) = r Weight function MES DBM Waiting DBM MES Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message PerformingInactive DBM Unused MES Sent MES Received MES Acknowledged Active E Passive E Mes(s) (s,r) Mes(s) ss ss rr r r e ee e e +r+(s,r) = Ø Rec( M(Received)) = M(Performing) Different colour sets!

132 10/02/09 Coloured Petri Nets 132 +Mes(s)+s = Used messages MesM(Waiting)) = M(Sent) + M (Received) + M(Acknowledged) –Mes(s) –sMes–(s,r)+(s,r) MES Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged Active E Passive E Mes(s) (s,r) Mes(s) ss ss rr r r e ee e e –(s,r)+(s,r)

133 10/02/09 Coloured Petri Nets 133 Active and waiting Ign(M(Waiting)) = M (Active) Ign(x) = e +e+sIgn = –e–s MES Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged Active E Passive E Mes(s) (s,r) Mes(s) ss ss rr r r e ee e e

134 10/02/09 Coloured Petri Nets 134 Place invariants Waiting+ Inactive + Performing = DBM Unused + Sent +Receive + Acknowledged = MES Active + Passive = E Rec(Received) = Performing Mes(Waiting) = Sent + Received + Acknowledge Ign(Waiting) = Active Place M(Place) Ign(Waiting) + Passive = E More invariants can be obtained by linear combinations:

135 10/02/09 Coloured Petri Nets 135 Construction of invariants Construction of invariants can be manual. This is often straightforward: System specification. Knowledge of system. Automatic calculation of all place invariants is possible, but: Rather complex. Results are difficult to represent in a form which is useful for analysis. Interactive calculation is much more suitable: The user proposes some of the weights. The tool calculates the remaining weights or reports an inconsistency.

136 10/02/09 Coloured Petri Nets 136 How to use invariants Ordinary programming languages: No one would construct a large program and then expect afterwards to be able to calculate invariants. Instead invariants are constructed together with the program. For CP-nets we should do the same: During the system specification and modelling the designer gets a lot of knowledge about the system. Some of this knowledge can easily be formulated as place invariants. The invariants can be checked and in this way errors can be found. The errors can easily be located.

137 10/02/09 Coloured Petri Nets 137 We use invariants to prove behavioural properties of the system As an example, let us prove that the data base system cannot deadlock. Let a reachable marking be given. We will then prove that at least one transition is enabled. All invariants are fulfilled

138 10/02/09 Coloured Petri Nets 138 Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e M(Waiting) + M (Inactive) + M(Performing) = DBM All data base managers must be: d(i) Let us assume that at least one manager is Performing

139 10/02/09 Coloured Petri Nets 139 Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e d(i) OK Received Rec( M(Received)) = M(Performing) (d(j),d(i)) There is a message buffer at Received with d(i) as receiver

140 10/02/09 Coloured Petri Nets 140 Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e Next let us assume that at least one manager is Waiting d(i) X No tokens on Performing

141 10/02/09 Coloured Petri Nets 141 Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e d(i) Exactly one token on Waiting Ign(Waiting) + Passive = E X

142 10/02/09 Coloured Petri Nets 142 Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e d(i) Ign(Waiting) = Active Exactly one token on Active Active e X

143 10/02/09 Coloured Petri Nets 143 Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e d(i) X M(Waiting) + M (Inactive) + M(Performing) = DBM d(k) d(j) Active e The other data base managers must be Inactive

144 10/02/09 Coloured Petri Nets 144 Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e d(i) X d(k) d(j) Mes(Waiting) = M(Sent) + M (Received) + M(Acknowledged) The message buffers sent by d(i) must be: Received Acknowledged (d(i),d(k)) (d(i),d(j)) OK Rec( M(Received)) = M(Performing) Impossible (d(i),d(j)) Sent OK (d(i),d(j)) Active e

145 10/02/09 Coloured Petri Nets 145 Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e No tokens on Waiting X M(Waiting) + M (Inactive) + M(Performing) = DBM X d(3) All data base managers must be Inactive d(2) d(1)

146 10/02/09 Coloured Petri Nets 146 Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e X X Mes(Waiting) = M(Sent) + M (Received) + M(Acknowledged) No tokens on Sent, Received, and Acknowledged X X X d(3) d(2) d(1)

147 10/02/09 Coloured Petri Nets 147 Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e X X X X X M(Unused) + M(Sent) + M (Received) + M(Acknowl) = MES All message buffers are Unused (3,2) (3,1) (2,3) (2,1) (1,3) (1,2) d(3) d(2) d(1)

148 10/02/09 Coloured Petri Nets 148 Receive all Acknowledg- ments Update and Send Messages Send an Acknowledg- ment Receive a Message Performing DBM Inactive DBM Waiting DBM Unused MES Sent MES Received MES Acknowledged MES Active E Passive E e Mes(s) (s,r) Mes(s) ss ss rr r r e ee e X X X X X (3,2) (3,1) (2,3) (2,1) (1,3) (1,2) Passive Active + Passive = E e One e-token on Passive Ign(Waiting) = Active No tokens on Active X Initial marking OK d(3) d(2) d(1)

149 10/02/09 Coloured Petri Nets 149 We have now investigated all possible reachable markings For each of them we have used the invariants to prove that at least one transition is enabled. Hence, we conclude that the data base system cannot deadlock.

150 10/02/09 Coloured Petri Nets 150 Invariants - pro/contra Invariants can be used to verify large systems. No complexity problems. It is possible to combine invariants from individual modules. Invariants can be used to verify a system without fixing the system parameters such as the number of sites in the data base system. The main drawback is that the user needs some ingenuity to: Construct invariants. This can be supported by computer tools – interactive process. Use invariants. This can also be supported by computer tools – interactive process.

151 10/02/09 Coloured Petri Nets 151 Conclusion One of the reasons for the success of CP-nets is the fact that we simultaneously have worked in all three areas.

152 10/02/09 Coloured Petri Nets 152 More information on CP-nets The following web-pages contain a lot of information about CP-nets and their tools: http://www.daimi.au.dk/CPnets/ Introduction to CP-nets, including a number of detailed examples. Manual for CPN Tools. The tool is free of charge also for commercial companies. A list of more than 50 published papers describing different industrial applications of CP- nets and the CPN tools. Details of a 3-volume CPN text book. New CPN Book will be avilable summer 2007 (together with Lars M. Kristensen).


Carregar ppt "10/02/09 Coloured Petri Nets 1 © Kurt Jensen Department of Computer Science University of Aarhus, Denmark"

Apresentações semelhantes


Anúncios Google