Lorenzo Capra

Reachability Analysis of Time Basic Petri Nets: A Time Coverage Approach

We introduce a technique for reach ability analysis of Time-Basic (TB) Petri nets, a powerful formalism for real time systems where time constraints are expressed as intervals, representing possible transition firing times, whose bounds are functions of markings time description. The technique consists of building a symbolic reach ability graph relying on a sort of time coverage, and overcomes the limitations of the only available analyzer for TB nets, based in turn on a time-bounded inspection of a (possibly infinite) tree-tree. The graph construction algorithm has been automated by a tool-set, briefly described in the paper together with its main functionality and analysis capability. A running example is used throughout the paper to sketch the symbolic graph construction. A use case describing a small real system - that the running example is an excerpt from - has been employed to benchmark the technique and the tool-set. The main outcome of this test are also presented in the paper. Ongoing work, in the perspective of integrating with a model-checking engine, is shortly discussed.

A high level language for structural relations in well-formed nets

Well-formed Nets (WN) structural analysis techniques allow to study interesting system properties without requiring the state space generation. In order to avoid the net unfolding, which would reduce significantly the effectiveness of the analysis, a symbolic calculus allowing to directly work on the WN colour structure is needed. The algorithms for high level Petri nets structural analysis most often require a common subset of operators on symbols annotating the net elements, in particular the arc functions. These operators are the function difference, the function transpose and the function composition. This paper focuses on the first two, it introduces a language to denote structural relations in WN and proves that it is actually closed under the difference and transpose.

MaRDiGraS: Simplified Building of Reachability Graphs on Large Clusters

Dealing with complex systems often needs the building of huge reachability graphs, thus revealing all the challenges associated with big data access and management. It also requires high performance data processing tools that would allow scientists to extract the knowledge from the unprecedented amount of data coming from these analyzed systems. In this paper we present MaRDiGraS, a generic framework aimed at simplifying the construction of very large state transition systems on large clusters and cloud computing platforms. Through a simple programming interface, it can be easily customized to different formalisms, for example Petri Nets, by either adapting legacy tools or implementing brand new distributed reachability graph builders. The outcome of several tests performed on benchmark specifications are presented.

Symbolic State Space Exploration of RT Systems in the Cloud

The growing availability of distributed and cloud computing frameworks makes it possible to face complex computational problems in a more effective and convenient way. A notable example is state-space exploration of discrete-event systems specified in a formal way. The exponential complexity of this task is a major limitation to the usage of consolidated analysis techniques and tools. Several techniques for addressing the state space explosion problem within this context have been studied in the literature. One of these is to use distributed memory and computation to deal with the state space explosion problem. In this paper we study and compare two different approaches, relying on distributed and cloud frameworks, respectively. These approaches were designed and implemented following the same computational schema, a sort of map & fold. They are applied on symbolic state-space exploration of real-time systems specified by (a timed extension of) Petri Nets, by re-adapting a sequential algorithm implemented as a command-line Java tool. The outcome of several tests performed on a benchmarking specification are presented, thus showing the convenience of distributed approaches.

Towards performance analysis with partially symmetrical SWN

Stochastic well formed colored nets (SWN) make it possible to apply performance evaluation techniques on a compact representation of the reachability graph (RG), called the Symbolic RG (SRG). The Extended SRG (ESRG) has been proposed to achieve a higher degree of reduction when applied to partially symmetric SWN models. The price to pay for the more effective state space reduction, is a loss of information on the paths of the graph. Despite this loss, it has been shown that several qualitative properties can be studied on the ESRG. We consider the possibility of using the ESRG for performance evaluation purposes and more specifically, we explore how the ergodicity of the system can be decided on this graph.

A Reflective PN-Based Approach to Dynamic Workflow Change

The design of dynamic workflows needs adequate modeling/specification formalisms and tools to soundly handle possible changes occurring during workflow operation. A common approach is to pollute design with details that do not regard the current workflow behavior, but rather its evolution. That hampers analysis, reuse and maintenance in general. We propose and discuss the adoption of a recent Petri Net based reflective model (based on classical PN) as a support to dynamic workflow design, by addressing a localized problem: how to determine what tasks should be redone and which ones do not when transferring a workflow instance from an old to a new template. Behind there is the idea that keeping functional aspects separated from evolutionary ones, and applying evolution to the (current) workflow template only when necessary, results in a simple reference model on which the ability of formally verifying typical workflow properties is preserved, thus favoring a dependable adaptability.

A quotient graph for asymmetric distributed systems

Most analysis techniques for discrete-event systems rely on building the system state-transition graphs. A known critical issue is represented by the state-space explosion. One way to face this problem is the exploitation of behavioral symmetries. Well-formed coloured Petri nets (WN) (thanks to their particular syntax) allow the automatic building of a quotient graph, called a symbolic reachability graph (SRG), able to exploit the structural symmetries of systems. The SRG reduction power vanishes when the modeled system evolves in an asymmetric way. Some proposals to enhance the SRG have been shown to be effective only when applied to nearly symmetric systems. A quotient graph, still relying on the WN formalism, is semi-formally introduced; it tries to exploit local symmetries, rather diffuse in real systems. The model of an asymmetric distributed algorithm is used as a running example, a preliminary benchmark for the technique being presented.

A GSPN based methodology for the evaluation of concurrent applications in distributed plant automation systems

Abstract This work is part of an investigation aiming at setting up a methodology based on Generalized Stochastic Petri Nets (GSPN) to model and to evaluate concurrent applications regarding their target parallel and distributed architectures. Experimentation concerning real case studies pointed out the need to deepen and to integrate some specific steps of model construction and analysis: (1) the choice of a suitable abstraction level in the modular modelling technique; (2) the adoption of proper parameter assignment criteria; and (3) the congruent definition of a set of quantification indices, covering the basic metrics of parallel computing, suitable to characterize an application in terms of its performance and to support its mapping over a parallel architecture.

A Formal Framework for Specifying and Verifying Microservices Based Process Flows

The microservices architectural style is changing the way in which software is perceived, conceived and designed. Thus, there is a call for techniques and tools supporting the problem of specifying and verifying communication behavior of microservice systems. We present a formal semantics based on Petri nets for microservices based process flows specified using the Conductor orchestration language: a JSON-based domain specific language designed by Netflix, Inc. We give a formal semantics in terms of a translation from Conductor specifications into Time Basic Petri net models, i.e., Petri nets supporting the definition of temporal constraints. The Petri net model can be used for computer aided verification purposes by means of well-known techniques implemented by powerful, off-the-shelf model checking tools.

Coverability Analysis of Time Basic Petri Nets with Non-Urgent Behavior

Time Basic Petri nets are an expressive extension of Petri nets, suitable to model real-time systems. This paper introduces a coverability analysis technique to cope with structurally unbounded Time Basic Petri net models exhibiting non-urgent behavior: i.e., models in which transitions may choose to do not fire and let time pass, even if this could lead to transition disabling. The approach we present exploits the identification of anonymous temporal information, that is the possibility of erasing timestamps associated with specific tokens without compromising the correctness of models temporal evolution. In particular, we extend the classical Karp-Miller coverability algorithm in two ways: first, we adapt the acceleration function to deal with symbolic states and to identify unboundedness due to time anonymous tokens, second, we employ an aggressive pruning strategy to remove included/covered portions of the reachability tree during exploration.