Computer Aided Verification of Lamport's Fast Mutual Exclusion Algorithm - Using Coloured Petri Nets and Occurrence Graphs with Symmetries

In this paper, we present a new computer tool for verification of distributed systems. As an example, we establish the correctness of Lamport's Fast Mutual Exclusion Algorithm. The tool implements the method of occurrence graphs with symmetries (OS-graphs) for Coloured Petri Nets(CP-nets). The basic idea in the approach is to exploit the symmetries inherent in many distributed systems to construct a condensed state space. We demonstrate a signigicant increase in the number of states which can be analysed. The paper is to a large extent self-contained and does not assume any prior knowledge of CP-nets (or any other kinds of Petri Nets) or OS-graphs. CP-nets and OS-graphs are not our invention. Our contribution is development of the tool and verification of the example.Index Terms: Modelling and Analysis of Distributed Systems, Formal Verification, Coloured Petri Nets, High-Level Petri Nets, Occurrence Graphs, State Spaces, Symmetries, Mutual Exclusion

Compositional modelling using Petri nets with the analysis power of stochastic hybrid processes

A general stochastic hybrid process (GSHP) is a mathematical formalism that covers most of the requirements posed by the modelling of complex operations, such as time dependencies, multi-dimensional continuous as well as discrete processes, discontinuities, randomness and model uncertainties. In addition, it is possible to study GSHP by using stochastic analysis methodologies, thereby empowering it with powerful mathematical properties. This guarantees unambiguous simulation possibility of the model and allows speeding up this simulation while keeping the model properties intact. However, using GSHP to construct a model of a complex operation is not easy. To support the modelling and the subsequent verification both by mathematical and by multiple operational domain experts, a supporting graphical modelling formalism is desired. Petri nets have shown to be useful for developing models of various complex applications. Typical Petri net features are concurrency and synchronisation mechanism, hierarchical and modular construction, and natural expression of causal dependencies, in combination with graphical and analytical representations.\ud \ud The aim of this thesis is to combine the strengths of Petri net modelling formalisms and those of GSHP. First, dynamically coloured Petri nets (DCPN) are developed, and proof of equivalence is provided with piecewise deterministic Markov processes, which is a particular class of GSHP. Next, DCPN are extended to stochastically and dynamically coloured Petri nets (SDCPN), and proof of equivalence is provided with GSHP. Subsequently, SDCPN are extended to SDCPN with interconnection mapping types (SDCPNimt) and proof of equivalence is provided with both SDCPN and GSHP. It is shown with illustrative air transport examples that these three classes of Petri net are very effective when it comes to the compositional modelling of operations consisting of many distributed components that behave and interact in a dynamic way with many uncertainties. With the equivalence relations between these formalisms, the properties and strengths of the various approaches are combined. The many applications of the approach developed in this thesis, executed at NLR and beyond, show that both the approach and its combined strengths are acknowledged and supported by practice

Formal modelling and analysis of safety-critical Interactive systems using Coloured Petri Nets

To gain confidence in safety-critical interactive systems, formal modelling and analysis plays a vital role. Generally, existing techniques focus either on modelling the user interface or on modelling the functionality of a system. Although there are many benefits to using the individual models for different purposes, it requires a lot of work to do the coupling of functional behaviour with interactive elements for analysis. Therefore, further investigation into the modelling and analysis techniques was required that models all the parts (user interface, interaction and functional) into a single model. This research aims to apply formal methods for modelling and specifying the user interface, interaction and functional aspects of a safety-critical system in a single model using Coloured Petri Nets (CPN), then investigating the model to ensure that the system behaves as expected. The approach developed in this thesis has its starting point in several existing, accepted formal specification techniques. From this existing basis, we create a Coloured Petri Net model of a system which has the required features of existing formalisms, taking into account all three aspects (user interface, interaction and functional), hence our investigation of the combination of formalisms to achieve their combined strength. There are several reasons for using Coloured Petri Nets. Coloured Petri Nets provide a graphical representation and hierarchical structuring mechanism, and a state space verification technique, which allows querying the state space to investigate behaviours of a system. There are several tools that support Coloured Petri Nets including the CPN Tool which helps in building CPN models and allows simulation and analysis using state spaces. In this thesis, the findings of our investigation into modelling and analysis of safety-critical interactive systems are presented. We describe the technique developed to model and analyze an interactive system using Coloured Petri Nets. The technique is illustrated using a simplified infusion pump example. Then we present a case study of the Niki T34 Infusion Pump to show that we have retained all the expressiveness that we need of existing formalisms. Lastly, we present a small example of a nuclear reactor control system to show that now we can use the Coloured Petri Nets alone to model and analyze the user interface, interaction and functionality of safety-critical interactive systems and also to show that the scope of this technique is not limited to just the medical domain

Performance Analysis of Dataflow Architectures Using Timed Coloured Petri Nets

We present an approach to model dataflow architectures at a high level of abstraction using timed coloured Petri nets. We specifically examine the value of Petri nets for evaluating the performance of such architectures. For this purpose we assess the value of Petri nets both as a modelling technique for dataflow architectures and as an analysis tool that yields valuable performance data for such architectures through the execution of Petri net models. Because our aim is to use the models for performance analysis, we focus on representing the timing and communication behaviour of the architecture rather than the functionality. A modular approach is used to model architectures. We identify five basic hardware building blocks from which Petri net models of dataflow architectures can be constructed. In defining the building blocks we will identify strengths and weaknesses of Petri nets for modelling dataflow architectures. A technique called folding is applied to build generic models of dataflow architectures. A timed coloured Petri net model of the Prophid dataflow architecture, which is being developed at Philips Research Laboratories, is presented. This model has been designed in the tool ExSpect. The performance of the Prophid architecture has been analysed by simulation with this model

Experiences in modelling feature interactions with Coloured Petri Nets

A modern mobile phone supports many features: voice and data calls, text messaging, personal information management like phonebooks and calendars, WAP browsing, games, alarm clock, etc. All these features are packaged into a handset with a small display and a special purpose keypad. The limited user interface and the seamless intertwining of logically separate features cause many interactions between the software components in the UI of mobile phones. In this paper, we present an overview of our approach to modelling feature interactions in Nokia's mobile phones with explicit behavioral models of features. We use Coloured Petri Nets as the modeling language and the tool Design/CPN that provides a graphical, interactive user interface for constructing and simulating Coloured Petri Nets. We describe at a general level how we have created a graphical user interface for controlling and observing the simulations of models through an on-screen mock-up of a mobile phone. Then, we discuss the concrete results we have achieved by using our approach

Guidelines for modelling reactive systems with coloured Petri nets

This paper focus on the modelling of reactive systems, more particularly, control systems. A set of guidelines is proposed in order to build models that support analysis, simulation and prototyping. The guidelines are split in two parts; the analysis of a problem is addressed first, followed by the design with Coloured Petri Nets (CPNs). A smart library example is used as case study. The models developed under this approach turn out to be modular, parameterisable, configurable and executable.FC

Modelling and verification of ambient systems using petri nets

PhD ThesisThe expeditious development of technology in the past decades re- sulted in the introduction of concurrent systems that incorporate both ubiquitous and pervasive computing, the ambient systems. These sys- tems are named after their ability to be completely embedded in the environment in which they operate and interact with the users, in a silent and non distracting way, facilitating the completion of their tasks. Hence, there is a growing need to introduce and develop formal tech- niques for computational models capable of faithfully modelling the behaviour of these systems. One way of capturing the intricate be- haviours of the ambient systems is to use Petri nets, which are a modelling language that is used for the representation and analysis of concurrent systems. Within the domain of rigorous system design, veri cation of systems e ectively checks and guarantees the correctness of the examined mod- els with respect to the speci cation. This work investigates the modelling and the analysis of ambient sys- tems using Petri nets. To examine the modelling of these systems, their taxonomy into Ambient Guidance Systems and Ambient Infor- mation Systems is carried out and a case study is used for the mod- elling of each category. To model ambient systems, the step-modelling approach and a vari- ant class of Coloured Petri Nets, the Ambient Petri Nets (APNs), are introduced. Step modelling approach focuses on the interaction be- tween the system and the user and Ambient Petri Nets is a class of nets with colour-sensitive inhibitor arcs that is used especially for the structural and behavioural representation of ambient systems. For the modelling of general ambient systems, the compositionality of the Ambient Petri Nets is used. To verify the correctness of the produced Ambient Petri Nets models, the introduction of the Transformed Ambient Petri Nets class that has no colour-sensitive inhibitor arcs is required since Charlie and generally most of the existing veri cation tools do not support the analysis of inhibitor nets. To address this problem, a construction is de ned to translate the Ambient Petri Nets into Transformed Ambient Petri Nets. Afterwards, the Step Transition Systems are used to prove the behavioural equivalence of the nets that are associated through the construction. Subsequently, the Transformed Ambient Petri Nets models of the cho- sen case studies are veri ed against model checking and qualitative properties. For the rst category, Computation Tree Logic (CTL) is used to check the models against important properties of the ambient systems that are related to their features and their general function- ing. Finally, qualitative properties consider fundamental structural and behavioural properties of Petri nets that provide useful outcome about the systems under consideration

Modelling and analysis of parallel information systems.

This thesis presents an investigation of modelling and analysis of parallel information systems. The research was motivated by the recent developments in networks and powerful, low-cost, desk top multiprocessors. An integrated approach for the construction of parallel information systems was developed which focussed on modelling, verification and simulation of such systems. The thesis demonstrates how Petri nets can be used for the modelling and analysis of entity life histories and parallel information systems, place transition nets for the modelling and analysis of entity life histories and coloured Petri nets for the modelling and analysis of complex parallel information systems. These tools were integrated into a comprehensive framework which allowed for the modelling and analysis of complex parallel information systems and the framework was tested using a comprehensive case study. The thesis concludes that Petri nets are an ideal tool for the modelling and analysis of complex parallel systems. Verification is possible with deadlocks and similar properties being easily identified. Further the transformation rules proved to be beneficial to the process of moving from one model to another. Finally simulation of parallel behaviour was possible because the underlying models captured the notion of parallelism

Extension of Petri Nets by Aspects to Apply the Model Driven Architecture Approach

Within MDA models are usually created in the UML. However, one may prefer to\ud use different notations such as Petri-nets, for example, for modelling concurrency\ud and synchronization properties of systems. This paper claims that techniques that\ud are adopted within the context of MDA can also be beneficial in modelling systems\ud by using notations other than the UML. Petri-Nets are widely used for modelling\ud of business and application logic of information systems with web services. For\ud certain kinds of applications, therefore, Petri Nets can be more suitable for building\ud Computation Independent, Platform Independent and Platform Specific Models\ud (CIM, PIM and PSM). Unfortunately, the well-known problems with separation of\ud concerns in Petri Nets and keeping track of changes may hinder achieving the aim of\ud MDA: building reusable, portable and interoperable models. In this paper we define\ud Aspect Petri Nets as a structure of several Petri Nets and quantification rules for\ud weaving of those Petri Nets. Aspect Petri Nets are suitable for application of MDA;\ud they support traceability of changes and reusability, portability and interoperability\ud of models. We illustrate advantages of modelling in Aspect Petri Nets for MDA\ud application and describe necessary tool support