Jean-François Pradat-Peyre

On Liveness and Controlled Siphons in Petri Nets

Structure theory of Petri nets investigates the relationship between the behavior and the structure of the net. Contrary to linear algebraic techniques, graph based techniques fully exploit the properties of the flow relation of the net (pre and post sets). Liveness of a Petri net is closely related to the validation of certain predicates on siphons. In this paper, we study thoroughly the connections between siphons structures and liveness. We define the controlled-siphon property that generalizes the well-known Commoners property, since it involves both traps and invariants notions. We precise some structural conditions under which siphons cannot be controlled implying the structural non-liveness. These conditions based on local synchronization patterns cannot be captured by linear algebraic techniques. We establish a graph-theoretical characterization of the non-liveness under the controlled-siphon property. Finally, we prove that the controlled-siphon property is a necessary and sufficient liveness condition for simple nets and asymmetric choice nets. All these results are illustrated by significant examples taken from literature.

Syntactical colored petri nets reductions

In this paper, we develop a syntactical version of elaborated reductions for high-level Petri nets. These reductions simplify the model by merging some sequential transitions into an atomic one. Their conditions combine local structural ones (e.g. related to the actions of a thread) and global algebraic ones (e.g. related to the threads synchronization). We show that these conditions are performed in a syntactical way, when a syntax of the color mappings is given. We show also how our method outperforms previous ones on a recent case study with regard both to the reduction ratio and the automatization of their application.

Memory efficient state space storage in explicit software model checking

The limited amount of memory is the major bottleneck in model checking tools based on an explicit states enumeration. In this context, techniques allowing an efficient representation of the states are precious. We present in this paper a novel approach which enables to store the state space in a compact way. Though it belongs to the family of explicit storage methods, we qualify it as semi-explicit since all states are not explicitly represented in the state space. Our experiments report a memory reduction ratio up to 95% with only a tripling of the computing time in the worst case.

Quasar: a new tool for concurrent Ada programs analysis

Concurrency introduces a high degree of combinatory which may be the source of subtle mistakes. We present a new tool, Quasar, which is based on ASIS and which uses fully the concept of patterns. The analysis of a concurrent Ada program by our tool proceeds in four steps: automatic extraction of the concurrent part of the program; translation of the simplified program into a formal model using predefined patterns that are combined by substitution and merging constructors; analysis of the model both by structural techniques and model-checking techniques; reporting deadlock or starvation results. We demonstrate the usefulness of Quasar by analyzing several variations of a non trivial concurrent program.

Automatic Verification of Concurrent Ada Programs

The behavior of concurrent Ada programs is very difficult to understand because of the complexity introduced by multi-tasking. This complexity makes classical test techniques unusable and correctness can only be obtained with the help of formal methods. In this paper we present a work based on colored Petri nets formalism that automates the verification of concurrent Ada program properties. The Petri net is automatically produced by a translation step and the verification is automatically performed on the net with classical related techniques. A prototype has been developed and first results obtained allow us to think that we will be able in a near future to analyze realistic Ada programs.

Efficient state-based analysis by introducing bags in Petri nets color domains

The use of high-level nets, such as coloured Petri nets, is very convenient for modelling complex controllable system in order to have a compact, readable and structured specification. However, when coming to the analysis phase, using too elaboratc types becomes a burden.

Pre-and post-gglomerations for LTL model checking

One of the most efficient analysis technique is to reduce an original model into a simpler one such that the reduced model has the same properties than the original one. G. Berthelot defined in this thesis some reductions of Petri nets that are based on local structural conditions and that simplify significantly the net. However, the author focused only on the preservation of classical properties (such that liveness, boundedness, ...) that are not necessarily the most useful in practice. In this paper, we prove that two of these structural reductions (the pre and post transitions agglomerations) preserve also a large set of properties expressed in linear-time temporal logics under simple conditions.

Chameneos, a concurrency game for Java, Ada and others

Summary form only given. We present a peer-to-peer cooperation paradigm and several implementations. The paradigm is expressed as a game. The implementations are done in three different languages largely available today (Ada, Java and C with the Posix standard). This allows comparing their programming style and their ability to provide secure programs. Java and Ada are high level languages which allow concurrent programming. Both use the concept of monitor, but their implementation choices make them differ greatly. Posix offers low level system API for concurrent programming. First we present the application contexts in which this concurrency paradigm may be useful, and we summarize the concurrent programming structures of Java, Ada and Posix and finally the coloured Petri nets formalism. The possible colour mutation of chameneos are described. Their concurrent behaviour is specified and analyzed. This leads to the three announced implementations. From this case study, we deduce the strong and weak points of each approach and an appraisal of the concurrent parts of the languages. We end with some possible extensions.

Verification in concurrent programming with Petri nets structural techniques

The paper deals with verification of flow control in concurrent programs. We use the Ada language model as reference. After translation of Ada programs into Petri nets (named Ada nets for Ada programs), we show how one can fully exploit the relationship between the behavior of the concurrent program and the structure of the corresponding Petri net. Using the siphon structure, we specify some structural conditions for behavioral properties such as deadlock freeness and liveness that correct concurrent programs must satisfy. These conditions can be proved or disproved using efficient algorithms. We also provide a formal justification of guidelines (such as client/server paradigm) that programmers observe traditionally in order to build correct concurrent programs. Several examples are presented to show the effectiveness of using a structure theory of Petri nets for static analysis of concurrent programs.

Comparing Java, C# and Ada monitors queuing policies: a case study and its Ada refinement

Learning concurrency paradigms is necessary but it is not sufficient since the choice of run-time semantics may introduce subtle programming errors. It is the aim of this paper to exemplify the importance of process queuing and awaking policies resulting from possible choices of the monitor concept implementation.The first part of the paper compares the behaviour of concurrent processes sharing a unique waiting queue for condition synchronization when implemented in Java or in Ada. A particular solution of the dining philosophers paradigm will be used to show how the difference in the monitor semantics may lead or not to deadlock. This comparison provides insight for deriving a correct Java implementation. The second part of the paper shows how the implementation can be refined when using Ada entry families and requeue with requeue once restriction. The result is elegant, safe and fair, and deterministic. This paper ends with quantitative comparisons of concurrency complexity and of concurrency effectiveness.We conclude that Java and C# multithreading need defensive concurrent programming while Ada allows more latitude for developing correct concurrent programs.