Checking Properties with Language Intersection

A possible application of our product construction is for model checking TPN, in much the same way some observer-based verification techniques rely on the product of a system with an observer.

The idea is to express a property as the language of an observer, $O$, then check the property on the system $N$ by looking at the behavior of $N \times O$. The product of two nets can be computed with Twina using option -I.

A major advantage of this approach is that there is no risk to disrupt the system under observation, which is not always easy to prove with other methods. We give an example of observer in Fig. 1.

An observer for the delay property.

In this net, sequences of events $a$ and $b$ may occur in any order and at any date. On the other hand, the only way to fire $t_5$ is to “find” two successive occurrences of $a$ and $b$ with a delay (strictly) bigger than 2. Hence we can check if such behavior is possible in a system, $N$, by checking whether transition $t_5$ can fire in $N \times O$.

For instance, we can use this observer on the net with the following command.

$ twina -I -aut

We find two states where transition $t_5$ could fire in the observer (that is transition {t5.2} in the result); one synchronized with transitions $t_3$ of the net, the other with $t_2$. If we change the timing constraints in the observer, we still find examples with the constraint $[5, \infty[$ but none with $]5, \infty[$. Hence we know that the maximal possible duration between event $a$ and $b$ in model basileTAC is exactly 5.

Examples used in this post

A basic examples of observer , also in graphical format observer.ndr (for display and editing with nd).

An example from [Basile2015]: .