Verification with LoLA: 1 Basics
0 likes•425 views
LoLA is an open source tool for verifying properties of Petri nets through explicit state space generation. It features many state space reduction techniques and can verify standard properties like boundedness, reachability, and LTL/CTL formulas. LoLA was created to generate experimental results tables and explore basic design decisions like having no GUI and generating a dedicated state space for each property. It has been under development since 1998 and is aimed at helping users verify realistic models efficiently.
![Basic notions: net
• Net: [P,T,F,W,m0]
• P,T finite, nonempty, disjoint
• F ⊆(P x T) ∪ (T x P)
• W: F →N+
• m0: P →N
• Firing
• t activated in m: (p,t) ∈ F m(p) ≥ W(p,t)
• firing; m [t> m’: m’(p) = m(p) - W(p,t) + W(t,p)
• State space:
• states: reachable markings
• edges: m[t>m’](https://image.slidesharecdn.com/tutorial1-110622051911-phpapp01/85/Verification-with-LoLA-1-Basics-13-320.jpg)
Verification with LoLA: 1 Basics
- 1. Verification with LoLA Niels Lohmann and Karsten Wolf The Blue Angel Germany, 1930 Run Lola Run Germany,1998
- 2. What is LoLA? • Explicit state space generation • Place/Transition nets • Focus on standard properties • Many reduction techniques, unique features • Stream based interface • Open source
- 3. Where does it come from? • INA - Integrated Net Analyzer by Peter Starke • grown for long time • state space and structural techniques • several net classes • suboptimal design decisions • MODULA 2 • Papers needed tables with absolute run times
- 4. Purpose • Generate competitive “experimental results” tables • Explore impact of basic design decisions • ... Ship as tool
- 5. Milestones • 1998: 1st release • 1998-2005: State space reduction techniques • 2000: Presentation at Petri Nets • 2005-: Case studies, integration • 2007: Invited talk at Petri Nets • since 2008: Implementation of software development processes
- 6. Basic Design Decisions • No GUI • Realistic nets are generated, not painted • GUI blocks portability • Many GUIs available, simple connection possible • Do not want user interaction during verification
- 7. Basic Design Decisions • One property, one state space • as opposed to query languages on state spaces • One property, one dedicated reduction • Benefit from on-the-fly verification • Generation faster than loading
- 8. Basic Design Decisions • Configuration at compile time • property class, search strategy, reductions • #define instead of if() • repeated runs in same configuration
- 9. Featured Properties • Boundedness (place) • Reversibility • Boundedness • Home states • Reachability (marking) • LTL properties F φ, GF φ, FG φ (predicate) • Reachability (predicate) • CTL (formula) • Deadlocks • Death (transition) • Liveness (predicate)
- 10. Featured Reductions • Stubborn Sets • Reduction based on S/T invariants • unique: dedicated techniques for standard properties • unique. • Symmetries • Coverability graphs • unique: automated • unique: combination with other reductions determination of symmetries in low level net • Sweep-Line • unique: automated calculation of a progress measure
- 11. Goal of Tutorial • Can LoLA help you? • Where (and why) does it perform well? • How to (optimally) use it, to integrate it
- 12. Outline • Introduction • Input Language • Motivation, • State Space background, Techniques history • Using LoLA • Preview and outline • Case Studies • Basic notions • Integrating LoLA • First demo • Implementation
- 13. Basic notions: net • Net: [P,T,F,W,m0] • P,T finite, nonempty, disjoint • F ⊆(P x T) ∪ (T x P) • W: F →N+ • m0: P →N • Firing • t activated in m: (p,t) ∈ F m(p) ≥ W(p,t) • firing; m [t> m’: m’(p) = m(p) - W(p,t) + W(t,p) • State space: • states: reachable markings • edges: m[t>m’
- 14. Basic notions: properties • Place p is ... • bounded iff there is a k such that, for all reachable m, m(p) < k • Transition t is ... • dead iff it is not activated in any reachable marking • State predicate φ (p <>≤≥=≠ k, φ∧φ, φ∨φ,¬φ) is ... • reachable iff some reachable marking satisfies v • live iff, from every reachable marking, a marking is reachable that satisfies φ • Net ... • is bounded iff all places are • is reversible iff the initial marking is reachable from all reachable marking • has home states iff some marking is reachable from all reachable markings • is deadlock-free iff every reachable marking activates at least one transition
- 15. Basic notions: Temporal Logic • LTL: infinite path (starting in m0) satisfies ... • F φ : is satisfied at least once • GF φ: φ is satisfied in infinitely many markings • FG φ: φ is satisfied forever from some marking on • CTL: marking m satisfies ... • AX (EX) φ: φ holds in all (some) immediate successor marking • AF (EF) φ: every (some) path from m contains a marking satisfying φ • AG (EG) φ: on every (some) path from m, φ holds in all markings • A(E) φ U ψ: on every (some) path starting in m, there is a marking that satisfies ψ such that all preceding markings satisfy φ
- 16. Basic notions: State Space • Strongly connected component (scc) • max set of mutually reachable states • partitions state space • form acyclic graph, maximal elements: terminal scc (tscc) • Properties vs scc: • reversible: net has one scc • home states: net has one tscc • live: satisfiable in all tscc
- 17. Basic notions: Search • Depth first • can be extended easily for detecting cycles and scc • tends to yield long paths • Breadth first • difficult to detect cycles and scc • yields shortest path