a modular model checker for reference nets: momoc · introduction momoc is a novel model checking...
TRANSCRIPT
![Page 1: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/1.jpg)
A Modular Model Checker for Reference Nets:MoMoC
Sven Willrodt, Daniel Moldt and Michael Simon17.06.2020
University of HamburgFaculty of Mathematics, Informatics and Natural SciencesDepartment of Informaticshttp://www.informatik.uni-hamburg.de/TGI/
![Page 2: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/2.jpg)
Content
Introduction
Reference Nets
Features
Architecture
Demo
Evaluation
Outlook
1
![Page 3: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/3.jpg)
Introduction
![Page 4: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/4.jpg)
Introduction
MoMoC is a novel Model Checking tool for Reference nets,featuring a modular architecture.
MoMoC pursues two goals:
• Teaching model checking• Extensibility, to form a basis for further research on model
checking of Reference nets
2
![Page 5: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/5.jpg)
Introduction
MoMoC is a novel Model Checking tool for Reference nets,featuring a modular architecture.
MoMoC pursues two goals:
• Teaching model checking• Extensibility, to form a basis for further research on model
checking of Reference nets
2
![Page 6: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/6.jpg)
Introduction
MoMoC is a novel Model Checking tool for Reference nets,featuring a modular architecture.
MoMoC pursues two goals:
• Teaching model checking• Extensibility, to form a basis for further research on model
checking of Reference nets
2
![Page 7: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/7.jpg)
Reference Nets
![Page 8: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/8.jpg)
The Java Reference Net Formalism
• Coloured Petri net (CPN) formalism• Primary formalism of the Renew simulator• Java code inscriptions• Tokens: Java objects or net instances• Interaction: synchronous channels
3
![Page 9: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/9.jpg)
Net Instance Tokens
• nets-within-nets• follows the object-oriented paradigm
net template classnet instance instance/object
net elements internals of a classuplinks of a net methods/interface of a class
invoking an uplink invoking a method
4
![Page 10: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/10.jpg)
Java Reference Net Example
root net instance
netB
5
![Page 11: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/11.jpg)
Java Reference Net Example
root net instance
netB
5
![Page 12: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/12.jpg)
Java Reference Net Example
root net instance netB
5
![Page 13: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/13.jpg)
Java Reference Net Example
root net instance
netB
5
![Page 14: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/14.jpg)
Features
![Page 15: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/15.jpg)
Features
Modular Model Checker (MoMoC)
• Explicit CTL-Model Checking for Reference Nets• Parsing• Result visualization (exploration, colorization, layouting)• Net Instance Quantifier• Simpler net formalisms (P/T nets, CPNs) can be treated as
flat Reference nets
6
![Page 16: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/16.jpg)
Atomic Propositions
• FIREABLE(T)• DEADLOCK
• Marking predicates..
7
![Page 17: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/17.jpg)
Atomic Propositions
• FIREABLE(T)• DEADLOCK• Marking predicates..
7
![Page 18: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/18.jpg)
Net-Instance-Quantifier
Problem: During runtime, net instances are not uniquelyidentifiable by a name that must be entered before runtime.
Proposed solution: Net-Instance-Quantifier
!(Net, p) ≡ Every net instance of the template Net satisfies p.?(Net, p) ≡ There exists a net instance of the template Net
that satisfies p.
Scales independently of the size of the reachability graph, howevernet instances cannot be tracked over multiple states.
8
![Page 19: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/19.jpg)
Net-Instance-Quantifier
Problem: During runtime, net instances are not uniquelyidentifiable by a name that must be entered before runtime.
Proposed solution: Net-Instance-Quantifier
!(Net, p) ≡ Every net instance of the template Net satisfies p.?(Net, p) ≡ There exists a net instance of the template Net
that satisfies p.
Scales independently of the size of the reachability graph, howevernet instances cannot be tracked over multiple states.
8
![Page 20: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/20.jpg)
Net-Instance-Quantifier
Problem: During runtime, net instances are not uniquelyidentifiable by a name that must be entered before runtime.
Proposed solution: Net-Instance-Quantifier
!(Net, p) ≡ Every net instance of the template Net satisfies p.?(Net, p) ≡ There exists a net instance of the template Net
that satisfies p.
Scales independently of the size of the reachability graph, howevernet instances cannot be tracked over multiple states.
8
![Page 21: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/21.jpg)
Net-Instance-Quantifier
Problem: During runtime, net instances are not uniquelyidentifiable by a name that must be entered before runtime.
Proposed solution: Net-Instance-Quantifier
!(Net, p) ≡ Every net instance of the template Net satisfies p.?(Net, p) ≡ There exists a net instance of the template Net
that satisfies p.
Scales independently of the size of the reachability graph, howevernet instances cannot be tracked over multiple states.
8
![Page 22: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/22.jpg)
Parsing
Uses ANTLR as a framework for parsing.
Parsing features of MoMoC:
• Parsing of different notations• Normalization• Reduction• Encoding
9
![Page 23: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/23.jpg)
Result Visualization
Goal: Comprehensive results that help teaching (CTL) ModelChecking
• States of the RG can be explored• RG can interactively be colorized with results of subroutines
10
![Page 24: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/24.jpg)
Result Visualization
Goal: Comprehensive results that help teaching (CTL) ModelChecking
• States of the RG can be explored• RG can interactively be colorized with results of subroutines
10
![Page 25: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/25.jpg)
Architecture
![Page 26: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/26.jpg)
Modules
Goal: An extensible architecture that allows quick prototyping.
Query is handled by an interaction of three types ofinterchangeable modules.
• Binding Core - Finds bindings and calculates successivemarkings, thus defines the semantics
• Storage Manager - Stores the reachability graph and findscycles in the graph
• Procedure - Contains logic and steps to process a query
11
![Page 27: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/27.jpg)
Modules
Goal: An extensible architecture that allows quick prototyping.Query is handled by an interaction of three types ofinterchangeable modules.
• Binding Core - Finds bindings and calculates successivemarkings, thus defines the semantics
• Storage Manager - Stores the reachability graph and findscycles in the graph
• Procedure - Contains logic and steps to process a query
11
![Page 28: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/28.jpg)
Modules
Goal: An extensible architecture that allows quick prototyping.Query is handled by an interaction of three types ofinterchangeable modules.
• Binding Core - Finds bindings and calculates successivemarkings, thus defines the semantics
• Storage Manager - Stores the reachability graph and findscycles in the graph
• Procedure - Contains logic and steps to process a query
11
![Page 29: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/29.jpg)
Modules
Goal: An extensible architecture that allows quick prototyping.Query is handled by an interaction of three types ofinterchangeable modules.
• Binding Core - Finds bindings and calculates successivemarkings, thus defines the semantics
• Storage Manager - Stores the reachability graph and findscycles in the graph
• Procedure - Contains logic and steps to process a query
11
![Page 30: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/30.jpg)
Module Interaction
12
![Page 31: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/31.jpg)
Demo
![Page 32: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/32.jpg)
EG(!(Buffer ,m(stored) = 0) ∧ AF?(Receiver ,m(received) = 1))
13
![Page 33: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/33.jpg)
EG(!(Buffer ,m(stored) = 0) ∧ AF?(Receiver ,m(received) = 1)) 13
![Page 34: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/34.jpg)
14
![Page 35: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/35.jpg)
14
![Page 36: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/36.jpg)
14
![Page 37: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/37.jpg)
14
![Page 38: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/38.jpg)
14
![Page 39: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/39.jpg)
14
![Page 40: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/40.jpg)
14
![Page 41: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/41.jpg)
14
![Page 42: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/42.jpg)
14
![Page 43: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/43.jpg)
Evaluation
![Page 44: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/44.jpg)
Evaluation
• Teaching-size problems (<10k states) are unproblematic withaverage computing power
• Colorization is helpful
15
![Page 45: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/45.jpg)
Conclusion
• CTL Model-Checking of Reference nets• Modular architecture• Net Instance Quantifier• Result visualization
16
![Page 46: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/46.jpg)
Outlook
![Page 47: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/47.jpg)
Outlook
Teaching-oriented goals:
• LTL-Model Checking• Coverability graph• Visualization of large RGs→ Interactive trace visualization
Efficiency-oriented goals:
• Code-specific improvements• Transfer of known techniques to Reference nets• Techniques that exploit the structural information contained
in Reference nets
17
![Page 48: A Modular Model Checker for Reference Nets: MoMoC · Introduction MoMoC is a novel Model Checking tool for Reference nets, featuring a modular architecture. MoMoC pursues two goals:](https://reader033.vdocuments.net/reader033/viewer/2022052103/603e32b7bacb203a146fe486/html5/thumbnails/48.jpg)
Outlook
Teaching-oriented goals:
• LTL-Model Checking• Coverability graph• Visualization of large RGs→ Interactive trace visualization
Efficiency-oriented goals:
• Code-specific improvements• Transfer of known techniques to Reference nets• Techniques that exploit the structural information contained
in Reference nets
17