Diagnosability Verification with Parallel LTL-X Model Checking Based

on Petri Net Unfoldings

Agnes Madalinski1, and Victor Khomenko2

1Faculty of Engineering Science, University Austral de Chile2School of Computing Science, Newcastle University, UK

2

Outline

Concept of fault diagnosis and diagnosability

Diagnosability verification with LTL-X model checking

Experimental result

Conclusions and future work

3

Concept of fault diagnosis

system

diagnosis

observations

faults

detection, localisation

and identification of faults

diagnosis: task of explaining abnormal behaviours of a system given observations about its behaviourdiagnosability: the possibility of detecting faults by monitoring the visible behaviour of the system

actions(repair, reconfigure)

4

Diagnosability

diagnosis

observations

fault occurred?

o1, o2, o3, o4 ,o5

A system is diagnosable if an occurrence of a fault can be detected with certainty in a bounded time.

system

5

Diagnosability

aaXcdacYddeaaZcc…

For a system with finite state space:absence of two infinite traces having the same observable traces one having a fault and the other not having one

XYZ…

ccaXdYfadeaaaZee…

6

System model

O = {a}

U = {u, f}F = {f}

labelled Petri net N = (P,T→,M0,O,U,ℓ) O set of observable transition labels

U set of unobservable transition labels ℓ : T → O U F U set of fault transition labels

7

Fault tracking

f’

fp

fp

fault tracking net Nft for state based LTL-X model

checking

8

Verifier

sync. product of two replicas of Nft on observable

transitions

a trace in verifier represents a pair of traces of Nft with

the same projection on observable transitions

9

Expressing non-diagnosability in LTL-X

diag = ◊pf1 ∧ □pf

2

eventually pf1 is marked (fault occures in

Nft1)

pf2 always stays marked (no fault in Nft2)

Büchi automaton accepting diag

10

Simplifying the verifier

diag = ◊pf1 ∧ □pf

2

f2 must never fire

enforced by removing the transitions f2 and f’2

11

Simplifying the verifier

diag = ◊pf1 ∧ □pf

2

12

Unfolding Approach to LTL-X Model-Checking

Net system is constructed as composition of verifier and the Büchi automaton accepting diag

Efficient Petri net unfolding based LTL-X model checking Relies on the partial order view of concurrent

computation Represents states implicitly, using an acyclic net Esparza and Heljanko (ICALP 2000, SPIN 2001) Parallel LTL-X model-checker for high level Petri nets

by Schröter and Khomenko (CAV 2004), implemented in PUNF tool

13

Tools used for experiments

PComp: to compute the verifier

PUNF: parallel LTL-X model checker

Available at:

http://homepages.cs.ncl.ac.uk/victor.khomenko/tools/tools.html

14

Experiments: assorted benchmarks

diagnosable

15

Experiments: scalable pipelines (non-diag.)

16

Experiments: scalable pipelines (diag.)

17

Experiments: parallel mode

16,777,216 upper bound on the number of states of the verifier

18

Conclusions

Experimental results show that the method works quite well, especially on highly concurrent systems

A good level of parallelisation has been achieved

However the benchmarks are rather artificial

Larger and more practical benchmarks are needed

Proposed approach can be trivialy generalised to high-level Petri nets