Automatic Verification of Petri Netsin a CLP framework

Abstract: This thesis presents an approach to automatic verification of Petri Nets. The method is formulated in a CLP framework and the class of systems we consider is characterized syntactically as a special class of Constraint Logic Programs. The state space of the system in question coincides with the least fixpoint of the program. The method presented can therefore equivalently be viewed as a construction of a fixpoint computation scheme, for the programs under consideration. The main motivation is to synthesize invariants for verification.The approach to verify a program consists of two parts:1. Computing a finite representation of the fixpoint as a formula in some given theory.2. Checking that the fixpoint entails the specification, also expressed as a formula in the theory.A CLP program is considered as an inductive definition of a set and the idea is to find the minimal solution by constructing a non-recursive formula defining the same set in a (decidable) theory. In the case of Petri Nets, the method proposed will, when successful, generate a set of linear Diophantine equations whose solutions are exactly the markings reachable in the Petri Net. Actually, the base clause of the recursive program, which specifies the initial marking in the case of Petri Nets, can be parametric. Thus, a generic formula can be computed that characterizes the fixpoint for every instance of the parameters. Using this facility, a kind of liveness property can also be proved.If the theory is decidable, the second phase is automatic. The first phase will fail if the theory is too weak for expressing the fix point. Even if the fixpoint is definable in the theory, the first phase may fail. The programs we study include programs with the expressive power of universal Turing machines. Whether the fixpoint is expressible in a restricted theory is itself undecidable for such programs. Therefore the method is inherently incomplete. We have identified a non-trivial class of Petri Nets for which the method is guaranteed to succeed.The approach to computing a finite representation of the fixpoint is based on the idea of describing a possibly infinite bottom-up fixpoint computation by the language of all possible firing sequences of the recursive clauses of the program. Each element in the fixpoint is generated by some sequence of clause applications. Usually, several sequences may generate the same element so that a sublanguage may be sufficient for generating the fixpoint. This is equivalent to saying that a restricted computation strategy is complete. For a particular class of firing languages, called flat languages, the associated set of reachable elements can be described by a non-recursive formula in the theory used. The task is therefore to find a computation strategy defined by a flat language that is sufficient for generating the fixpoint. We define a number of rewrite rules for expressions defining languages. The computation proceeds by repeatedly rewriting expressions with the objective to reach an expression defining a flat language. The computation is guaranteed to terminate, but it may fail to generate a flat language. This is because each rewriting rule results in a language expression which is smaller according to a well-founded ordering. Either a flat language must eventually be constructed or no rewriting rule can be applied. There may exist a flat language by which the fixpoint can be generated although it may not be possible to construct by the rewriting rules presented in this thesis.Partial correctness is verified by checking the entailment of a property by the fixpoint. Since entailment of the fixpoint by a property may equally well be checked, completeness can also be verified. For checking entailment we apply the proof procedure of Presburger arithmetic introduced by Boudet and Comon.The main contributions of the thesis are:• A method for computing finite representations of a certain class of inductively defined sets.• The identification of a class of Petri Nets, closely related to so called Basic Parallel Processes, for which the method is guaranteed to succeed.• An experimental system that implements the method proposed and a detailed report on the automatic verification of several non-trivial examples taken from the literature.