26 September 2003U. Buy -- SEES 2003 Sidestepping verification complexity with supervisory control Ugo Buy Department of Computer Science Houshang Darabi.

Slides:

Advertisements

Similar presentations

On 1-soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and Lü Jian Department of Computer Science Nanjing University

Advertisements

Techniques to analyze workflows (design-time)

Knowledge Based Synthesis of Control for Distributed Systems Doron Peled.

Jorge Muñoz-Gama Josep Carmona

Introduction to Petri Nets Hugo Andrés López

1 Analysis of workflows : Verification, validation, and performance analysis. Wil van der Aalst Eindhoven University of Technology Faculty of Technology.

Based on: Petri Nets and Industrial Applications: A Tutorial

Timed Automata.

Supervisory Control of Hybrid Systems Written by X. D. Koutsoukos et al. Presented by Wu, Jian 04/16/2002.

National Yunlin University of Science & Technology Graduate School of Industrial Engineering & Management A Petri net Approach for Dynamic Control Reconfiguration.

A Novel Method For Fast Model Checking Project Report.

Chapter 3 Petri nets Learning objectives : Introduce Petri nets

Merged Processes of Petri nets Victor Khomenko Joint work with Alex Kondratyev, Maciej Koutny and Walter Vogler.

1 A class of Generalized Stochastic Petri Nets for the performance Evaluation of Mulitprocessor Systems By M. Almone, G. Conte Presented by Yinglei Song.

IE 469 Manufacturing Systems

Behavioral Comparison of Process Models Based on Canonically Reduced Event Structures Abel Armas-Cervantes Paolo Baldan Marlon Dumas Luciano García-Bañuelos.

On Iterative Liveness-enforcement for a Class of Generalized Petri Nets YiFan Hou, Ding Liu, MengChu Zhou CASE 2012 Aug , 2012.

An Introduction to Markov Decision Processes Sarah Hickmott

Synthesis of Embedded Software Using Free-Choice Petri Nets.

10. Petri Nets Prof. O. Nierstrasz. Roadmap  Definition: —places, transitions, inputs, outputs —firing enabled transitions  Modelling: —concurrency.

Petri Nets Overview 1 Definition of Petri Net C = ( P, T, I, O) Places P = { p 1, p 2, p 3, …, p n } Transitions T = { t 1, t 2, t 3, …, t n } Input.

CS447/ECE453/SE465 Prof. Alencar University of Waterloo 1 CS447/ECE453/SE465 Software Testing Tutorial Winter 2008 Based on the tutorials by Prof. Kontogiannis,

Banker’s Algorithm Implementation in CPN Tools Michal Žarnay Department of Transportation Networks University of Žilina, Slovakia.

Formal Verification of Safety Properties in Timed Circuits Marco A. Peña (Univ. Politècnica de Catalunya) Jordi Cortadella (Univ. Politècnica de Catalunya)

CP — Concurrent Programming 12. Petri Nets Prof. O. Nierstrasz Wintersemester 2005 / 2006.

A Schedulability-Preserving Transformation of BDF to Petri Nets Cong Liu EECS 290n Class Project December 10, 2004.

Models of Computation for Embedded System Design Alvise Bonivento.

1 Petri Nets Marco Sgroi EE249 - Fall 2001 Most slides borrowed from Luciano Lavagno’s lecture ee249 (1998)

*Department of Computing Science University of Newcastle upon Tyne **Institut für Informatik, Universität Augsburg Canonical Prefixes of Petri Net Unfoldings.

VLSI DSP 2008Y.T. Hwang3-1 Chapter 3 Algorithm Representation & Iteration Bound.

Merged processes – a new condensed representation of Petri net behaviour V.Khomenko 1, A.Kondratyev 2, M.Koutny 1 and W.Vogler 3 1 University of Newcastle.

Petri Nets An Overview IE 680 Presentation April 30, 2007 Renata Kopach- Konrad.

Decidability of Minimal Supports of S-invariants and the Computation of their Supported S- invariants of Petri Nets Faming Lu Shandong university of Science.

Jorge Muñoz-Gama Universitat Politècnica de Catalunya (Barcelona, Spain) Algorithms for Process Conformance and Process Refinement.

Introduction to Graph “theory” Why do we care about graph theory in testing and quality analysis? –The “flow” (both control and data) of a design, within.

CY2003 Computer Systems Lecture 7 Petri net. © LJMU, 2004CY2003- Week 72 Overview Petri net –concepts –Petri net representation –Firing a transition –Marks.

Jana Flochová and René K. Boel Faculty of Informatics and Information Technology Slovak university of Technology, Bratislava, Slovakia EESA Department,

1 Distributed Fault Detection for untimed and for timed Petri nets René Boel, SYSTeMS Group, Ghent University with thanks to: G. Jiroveanu, G. Stremersch,

1 Formal Synthesis and Control of Soft Embedded Real-Time Systems Pao-Ann Hsiung National Chung Cheng University Dept. of Computer Science and Information.

Dynamic software reconfiguration using control supervisors Ugo Buy 13 June 2005.

Control and Deadlock Recovery of Timed Petri Nets Using Observers Alessandro Giua DIEE – Department of Electrical and Electronic Engineering University.

1 Outline:  Optimization of Timed Systems  TA-Modeling of Scheduling Tasks  Transformation of TA into Mixed-Integer Programs  Tree Search for TA using.

Petri Nets Lecturer: Roohollah Abdipour. Agenda Introduction Petri Net Modelling with Petri Net Analysis of Petri net 2.

Modelling by Petri nets

Ch5: Software Specification. 1 Petri Nets  Introduced by C. Adams Petri in  Widely used in the modeling and analysis of computer systems.  Basic.

School of Computer Science, The University of Adelaide© The University of Adelaide, Control Data Flow Graphs An experiment using Design/CPN Sue Tyerman.

Behavioral Comparison of Process Models Based on Canonically Reduced Event Structures Paolo Baldan Marlon Dumas Luciano García Abel Armas.

CSCI1600: Embedded and Real Time Software Lecture 11: Modeling IV: Concurrency Steven Reiss, Fall 2015.

CAP 4800/CAP 5805: Computer Simulation Concepts

1 Petri Nets Ina Koch and Monika Heiner. 2 Petri Nets(1962) Carl Adam Petri.

September 28, 2000 Improved Simultaneous Data Reconciliation, Bias Detection and Identification Using Mixed Integer Optimization Methods Presented by:

Model Checking Lecture 1. Model checking, narrowly interpreted: Decision procedures for checking if a given Kripke structure is a model for a given formula.

Review n System dynamics : A sequence of state transition n model : A set of rules for state transition System S X Y Discrete event system FSM (Automata)

High Performance Embedded Computing © 2007 Elsevier Lecture 4: Models of Computation Embedded Computing Systems Mikko Lipasti, adapted from M. Schulte.

Petri-Nets and Other Models

Diagnostic Information for Control-Flow Analysis of Workflow Graphs (aka Free-Choice Workflow Nets) Cédric Favre(1,2), Hagen Völzer(1), Peter Müller(2)

Technology of information systems Lecture 5 Process management.

Specification mining for asynchronous controllers Javier de San Pedro† Thomas Bourgeat ‡ Jordi Cortadella† † Universitat Politecnica de Catalunya ‡ Massachusetts.

Polynomial analysis algorithms for free-choice workflow nets

Clockless Computing COMP

CAP 4800/CAP 5805: Computer Simulation Concepts

CAP 4800/CAP 5805: Computer Simulation Concepts

Relative-timing based verification of timed circuits and systems

An Adaptive Middleware for Supporting Time-Critical Event Response

Introduction to Petri Nets (PNs)

COT 5611 Operating Systems Design Principles Spring 2012

CAP 4800/CAP 5805: Computer Simulation Concepts

Petri Net :Abstract formal model of information flow Major use:

Major Design Strategies

Major Design Strategies

Presentation transcript:

26 September 2003U. Buy -- SEES 2003 Sidestepping verification complexity with supervisory control Ugo Buy Department of Computer Science Houshang Darabi Department of Mechanical and Industrial Engineering University of Illinois at Chicago

26 September 2003U. Buy -- SEES Outline Background P-invariant-based mutex enforcement Net unfolding Assessment

26 September 2003U. Buy -- SEES Acknowledgements Panos Antsaklis, Michael Lemmon, Univ. of Notre Dame Starthis Corporation, Rosemont, Illinois NIST/ATP program Graduate students Bharat Sundararaman and Vikram Venepally

26 September 2003U. Buy -- SEES Background Supervisory control methods for discrete event systems (DES) —Enforcing concurrency and real-time properties of embedded systems —Model DES with Finite Automata (FA) or Petri nets —Add controller that enforces desired properties to system model Supervisory control vs. verification —Potential benefits of supervisory control —Likely obstacles to widespread applicability

26 September 2003U. Buy -- SEES Definitions Discrete Event System (DES) is characterized by: 1.Discrete state set 2.Event-driven state transitions Supervisory controller of a DES: —Given controlled system (a DES) and correctness property, —supervisor restricts DES behaviors in such a way that combined system will satisfy the property Observable and controllable events

26 September 2003U. Buy -- SEES Why Supervisory Control? Some SC methods for DES are much more tractable than verification algorithms Promising methods: 1.P-invariant-based supervisors (mutex properties) 2.Unfolding of Petri nets (deadlock, RT deadlines) Caveat: —System must be sufficiently observable, controllable to permit supervisor definition

26 September 2003U. Buy -- SEES Why Petri nets? 1.Support tractable supervisory control algorithms P-invariants and net unfoldings Automata-based supervisors usually intractable 2.Widely used in some embedded applications Sequential Function Charts (SFCs) widely used in manufacturing applications —Part of IEC standard —Supported by Matlab, RSLogix 5000

26 September 2003U. Buy -- SEES Petri nets Ordinary Petri net: Bipartite, directed graph N=(P,T,F,m 0 ) With: node sets P and T, arc set F, and initial marking m 0 Supervisory control problem: Given controlled net N and property P, generate subnet S (supervisor) that restricts N behaviors to satisfy P

26 September 2003U. Buy -- SEES Enforcing Mutex Constraints Exploit property of Petri net P-invariants —Place subset such that weighted sum of tokens in subset is constant in all reachable net markings —Computed by finding integer solutions x to invariant equation involving incidence matrix D of Petri net: x·D = 0

26 September 2003U. Buy -- SEES Examples of P-invariants t1t2 t3 t4t5 p2 p1 p3 p4 p5 p6 p7 P-invariants: { p 1, p 4 } { p 2, p 5, p 7 } { p 1, p 2, p 4, p 5, p 7 } … (unit coefficients)

26 September 2003U. Buy -- SEES P-invariant based supervisors Method (Yamalidou et al. 96) 1.Specify mutex properties as linear inequalities on reachable markings of controlled net l 1,1 ·m 1 + l 1,2 ·m 2 + l 1,3 ·m 3 + … <= b 1 l 2,1 ·m 1 + l 2,2 ·m 2 + l 2,3 ·m 3 + … <= b 2 … l k,1 ·m 1 + l k,2 ·m 2 + l k,3 ·m 3 + … <= b k 2.Treat constraints matrix as invariant equation, find Petri net (controller) satisfying P-invariant

26 September 2003U. Buy -- SEES Supervisor synthesis Supervisor net defined by simple matrix multiplication D C = – L ·D —L is matrix of mutex constraints —D is incidence matrix of controlled net Supervisor net will have k places, zero transitions —k is number of mutex constraints Supervisor will be maximally permissive

26 September 2003U. Buy -- SEES Example of supervisor generation The readers and writers example without mutex: Mutex constraints: p 6 + p 9 + p 10 <≤ 1 p 7 + p 9 + p 10 <≤ 1 p 8 + p 9 + p 10 <≤ 1

26 September 2003U. Buy -- SEES Example (cont’d) The readers and writers example with supervisor:

26 September 2003U. Buy -- SEES Advantages of Mutex Supervisors Complexity proportional to D (aka controlled system) and L (constraints) —Overall complexity polynomial for broad class of mutex constraints Supervisors generated are small (no transitions) Maximally permissive supervisors

26 September 2003U. Buy -- SEES Limitations of Mutex Supervisors Cannot guarantee net liveness (e.g., freedom from deadlock) Open issues: —Integration with other supervisors —Priorities on mutex enforcement policy —Empirical evaluation of constraint size

26 September 2003U. Buy -- SEES Unfolding Petri nets Transform net into acyclic net capturing repetitive bevahiors of original net Unfolding appeal: —Capture causal relationship on transition firing —Identify choice points —Identify fundamental execution paths History of net unfolding —McMillan 92, Esparza et al. 02, He and Lemmon 02, Semenov and Yakovlev 96 (time Petri nets)

26 September 2003U. Buy -- SEES Net unfolding: Definitions Node x in net N precedes node y if there is path from x to y in N —Write x<y Node x in conflict with y if N contains paths diverging immediately after a place p and leading to x and y —Write x#y Node x in self-conflict if N contains paths diverging immediately after a place p and leading to x —Write x#x

26 September 2003U. Buy -- SEES Unfolding untimed nets Given net N, unfolding of N is a net U subject such that: 1.Nodes in U are mapped to nodes in N 2.Each place in U has at most one input transition 3.Net U is acyclic 4.No U node is in self conflict 5.Completeness property: Every reachable marking of N is in U

26 September 2003U. Buy -- SEES Example of unfolding The original net: t1t2 t8 t7 t3t4 t5 t6 p2 p1 p3 p4 p5 p6 p7p8 p9

26 September 2003U. Buy -- SEES Example of unfolding t1 t2 t7 t3t4 t5t6 p2p1p3 p4 p5 p6 p7 p9 p2’ p9’ p5’ p9”p9’” t5’t6’ p8p7’p8’ t3’t4’ p1’ p3’p2’’ t8 The unfolded net:

26 September 2003U. Buy -- SEES Applications of unfolding Enforcing freedom from deadlock (He and Lemmon 02) —Deadlocks detected directly in unfolding —Eliminate deadlocks by dynamically disabling transition that causes deadlock Enforcing compliance with real-time deadlines (Buy and Darabi 03) —Latency of transition t: upper bound on the delay between the firing of t and the time when a target transition can be fired

26 September 2003U. Buy -- SEES A New Programming Paradigm? 1.Design/Code concurrent system without paying attention to correctness properties 2.Submit system description and property specification to supervisor generator 3.Generator adds supervisor to original system 4.Allegedly, a very long shot…

26 September 2003U. Buy -- SEES Future work 1.Integration of supervisors for different properties 2.Refine properties enforced 3.System, property specifications