Automated Analysis of DP-systems Using Timed-Arc Petri Nets via TAPAAL Tool

. Timed-Arcs Petri nets (TaPN-nets) are a time extension of Petri nets that allows assigning clocks to tokens. System of dynamic points on a metric graph (DP-systems) is another dynamical model that is studied in discrete geometry dynamics and motivated by study of localized Gaussian wave packets scattering on thin structures; as well, DP-systems could be utilized to overapproximate the dynamics of messages scattering in distributed systems. In the latter case, time-temporal properties of DP-systems become a matter of interest. However, there are no tools that enable us to analyse them. In this work, we provide a new approach to automated analysis of DP-systems using the translation of a DP-system into a TaPN-net which is implemented as a TAPAAL plugin. The translation let us use the comprehensive tool support for TaPN-nets (TAPAAL/UPPAAL) to analyze DP-systems dynamical characteristics expressed in TCTL language. We demonstrated how to express some of them and verify time-temporal properties of a DP-system using the suggested approach, and performed experiments to obtain empirical estimates of the tool performance. independent Research interests: analysis methods for discrete event dynamical systems, models for parallel and distributed computation, models for real-time systems, well-structured transition systems.


Introduction
The notion of a Petri nets evolved from a chemistry process model to a model of indefinitely expandable computing system consistent with laws of physics in C.A. Petri works [1]. Nowadays, Petri nets are widely-used to model the behaviour of distributed concurrent computer systems and concurrent processes in biology, chemistry, physics, and other fields [1]. Timed-arc Petri nets (TaPN-nets) are an extension of Petri nets with time semantics: tokens are assigned clocks [2]; an inscription on an incoming arc of a transition define tokens of which age can be consumed by the firing of the transition. Metric graphs are graphs with lengths assigned to edges. A dynamical system consisting of a metric graph and dynamic points moving along the graph edges (DP-system) is a geometrical discrete dynamical system originally motivated by the problem of evolution of wave packets in thin structures. It could be considered as a simplified discrete model of a quantum graph -a metric graph equipped with functions on its edges, a differential operator acting on such functions, and matching conditions on its vertices [3], [4] -with narrow localized wave packets [5], [6]. Quantum graphs occurred as a model or tool in a number of problems in chemistry, physics, engineering, and mathematics since 1930s [7]. It was shown that there exists a correspondence between the statistics of localized solutions on a quantum graph and the dynamics of a DP-system [6]. Points in a DPsystem may represent supports of Gaussian wave packets in a quantum graph and/or the projection of wave propagation on medium geodesics. Both models, Petri nets and DP-systems, embrace realtime dynamics of discrete entities moving within a topological structure defined by a graph. Some results towards the characteristics of the dynamics of DP-systems were recently obtained in [8][9][10][11]. The growth of the number of points moving along edges and its asymptotic are studied for metric trees in [10] and, for some special cases, in [6]. In [11], polynomial approximation for the growth of the number of dynamic points moving along metric graphs is studied, and explicit formulae for the first two terms of the polynomial approximation are given. In [6], stabilization of the number of points in a DP-system is studied and explicit formulae for graphs with edges of the same length and star graphs are given, exploiting a connection with analytic number theory problems. While the mentioned quantitative dynamic statistics of DP-systems are studied, finer temporal properties of DP-systems are not; like, for example, which node v1 or v2 will receive a point first, or whether e1 will have received ten or more points by the time e2 received its first point. In this work, we provide a translation of a DP-system into a TaPN-net [12], which allows reducing the analysis of temporal properties of DP-system to analysis of TaPN-net and conduct it using the effective widely-used TAPAAL tool [13], which is under active development (two golds, a silver, and a bronze medal in MCC '20 [14]). Temporal properties of Petri nets, such as liveness, boundedness, and reversibility, and their complexities have been extensively studied (see comprehensive review [15]); and, many of them are in PSPACE or, worse, in EXPSPACE complexity classes. The study and development of Petri nets analysis methods is still active; for example, the long-standing question on whether reachability and coverability problems have the same complexity has been recently resolved in [16] showing that reachability is not even elementary, thus, impacting complexity of many problems in other fields, such as formal languages, logic, linear algebra, etc. However, for some restricted Petri net subclasses, many important properties, which are undecidable in general case, are decidable or even have polynomial time complexity. There is a lot of ways to introduce time constraints in Petri nets [17][18]. Unfortunately, it was shown that almost any of semantical extensions makes Petri nets Turing-complete and, by Rice-Uspensky theorem, many of general behavioural problems immediately become undecidable. The widely known time extensions of Petri nets -Time Petri nets [19] and Timed (Duration) Petri nets [20] are Turing-complete as they admit urgency and allow to model unbounded counters. Time extensions of Petri nets, as well as other real-time models, are under active study as, for many realworld software/hardware systems, time related aspects like performance, time-outs, delays, and latency are crucial for correct functioning [21][22][23]. A time semantics with restricted urgency was recently suggested for TaPN-nets in [24]; the suggested semantics allows urgent transitions to consume tokens only from the bounded places of a Petri net, and this restriction makes some behavioural problems decidable for TaPN-nets. In [25], author suggested an approach to use timing specifications to improve the behavioural properties of an untimed P/T-net with an example of making live and unbounded untimed P/T-net live and bounded by cutting off token generators using time-based constraints. TaPN-nets attract our attention as they feature dynamics that makes it possible to model DP-systems. In [26], timed-arc Petri nets were consistently combined with 'nets-within-nets' hierarchical structure and sound time semantics was provided; also, the decidability of behavioural coverabilityrelated properties using the notion of well-structured transition systems was established. For recent review of results on TAPN-nets and their verification, we refer to [27]. Moreover, TaPN-nets have comprehensive tool support via TAPAAL and UPPAAL software. Tool UPPAAL makes it possible to model and verify networks of timed automata. TAPAAL is a tool for modelling, simulation, and verification of TaPN-nets; it can utilize UPPAAL as a verification engine. While a lot of results on temporal properties of timed and untimed versions of Petri nets were obtained, quantitative statistics of the behaviour of Petri nets and their extensions are studied to much lesser extent. The translation of TaPN-nets into DP-systems can be used to overapproximate the number of different age-values in the TAPN-net. This translation is a part of the tool implemented within the frame of this works -it extracts a metric graph in GraphML format from a TaPN-net allowing one to use existing software for metric graphs to overapproximate the stabilization time or growth rate of the number of clocks in the TaPN-net. In Section 2, basic notions and notations are given. Section 3 covers the translation between DPsystems and TaPN-nets and implementation details. In Section 4, we demonstrate how to verify time-temporal properties of a DP-system using the suggested approach; results of performance experiments are provided. Section 5 concludes the paper with some discussion.

Preliminaries
By N, Q , R, we denote the sets of natural, non-negative rational, and real numbers, respectively.
The set of open and closed intervals over Q ∪ {∞} is denoted by I (Q ). For a set , a bag (multiset) over is a mapping ∶ → N. The set of all bags over is denoted by N . We denote addition and subtraction of two bags by + and −, the number of all elements in taking into account the multiplicity by | |, and comparisons of bags by =, <, >, ≤, ≥. We start by giving the definition of a metric graph [3]. • the relation ( ') = ( ) − ( ) holds between the coordinates on mutually reversed arcs.

Definition 1 (Metric graph). A graph is said to be a metric graph, if
• for arc , the length ( ) of its support edge is equal to ( ).
A state of a DP-system on a metric graph is a set of points located on the arcs of . When time starts to flow, each point moves along its arc direction from 0 to ( ) with the same velocity; its position is denoted by ( ). If reaches a vertex , new points are issued to all the outgoing arcs of (intuitively, this corresponds to wave packet scattering). New points generation may result in more than one point on some arcs. Each produced point ' starts moving along corresponding . When more than one points reach a vertex simultaneously at t, on each outgoing arc, only one point is produced, as if only one point has reached the vertex at ; i.e., points met on a vertex fuse, and each coordinate of an arc can carry only one dynamic point. However, points do not collide anywhere on edges except vertices, i.e., if two points met on an edge, they both continue their movement towards their own directions. In fig. 1, the initial set of points consists of two points in vertices and . The point in produces a new point on edge { , }, The point in produces points on edges leading to vertices , , , , . After a time unit, there are no points in and (coloured gray), but there are points (coloured black) moving from and to their adjacent vertices.  [6], i.e., ∀ ≥ ( ) ∶ ( ) = ( ( )). Henceforth, when stabilization time is discussed, discrete time instants when points collapse at vertices are excluded from consideration as, strictly, at these instants the number of points can decrease. A place/transition net (PT-net) is a Petri net with indistinguishable tokens. Definition 2 (Place/transition nets). A PT-net is a tuple < , , , >, where • and are disjoint finite sets of places, respectively, transitions; For an element ∈ ∪ , an arc < , > is called an input arc, and arc < , > -an output arc. A preset • and a postset • are subsets of ∪ such that • = { | < , > ∈ } and • = { | < , > ∈ }. A marking of is a function : → N. A pair < , > of a PT-net and a marking is called a marked net. Let = < , , , > be a PT-net. A transition ∈ is enabled in a marking iff ∀ ∈ • ⇒ ( ) ≥ < , >. An enabled transition can fire yielding a new marking ′( ) = ( ) − < , > + < , > for each ∈ (denoted → ′ ).
The marking = < , , > of a TaPN-net consists of a marking of ( ), a time marking ∶ ( ) → Q that assigns clocks to tokens, and an urgency marking

Automated translation of DP-systems into TaPN-nets
In the context of communication networks and computer systems, we may consider a distributed system of communicating reactive sensor-nodes (or other computational devices). One of the nodes is a server that initiates communication by sending control messages (signals) while other sensornodes react on such signals. On the assumption that the processing speed of nodes is much higher than the speed of signal propagation, when a node receives one or more signals from its neighbour nodes, it responds instantly by sending signals to some of its neighbours. In an extreme case, each node sends signals to all of its neighbours upon each message arrival. This extreme behaviour corresponds to the dynamics of a DP-system enabling us to use metric graphs to overapproximate messages scattering in networks. In the latter case, time-temporal properties of DP-systems become a matter of interest [28]. However, up to the knowledge of authors, there are no tools that enable us to conduct analysis of such natural time-temporal properties as: • Is it possible that more than N signals come to node X in K seconds; • Is it possible that in the next K minutes two messages come with the difference of their time moments less that ε milliseconds; • For the system initial phase of duration N, if a point comes to node X at time T, then no points comes to node Y within K seconds from T; In this section, we provide an algorithm for the translation of DP-systems in TaPN-nets. Tool TAPAAL supports verification of specifications in timed computation tree logic (TCTL) language, which allows expressing time and temporal properties of process dynamics [29] [30]. In the next section, we demonstrate how to express these properties in TCTL-properties of converted TaPNnets. To simulate DP-systems with models of Petri nets with real-time semantics, we need to represent points moving along edges using clocks in a Petri net. The advance of a point along an edge in a metric graph is modelled with the progress of the corresponding clock in a Petri net. The number of points on a metric graph is not fixed and may grow (infinitely when edge lengths are incommensurable); therefore, it is not possible to model DP-system using clocks in time or timed Petri nets [19], [20] as these models have finite structurally-determined number of clocks. In TaPNnets, clocks are assigned to tokens [12], and the number of clocks can grow along with the number of tokens in the net. We start with the description of DP-system to TaPN-net translation procedure, and, later, cover some design and technical details on the implementation of the translation. We denote the set of points on the edge by ( ). For a lead < , >, one of and is marked with infinity. Note that, as movement of a point along an edge corresponds to a continuous process, we model edges of DP-system with TaPN-net places; and, as arrival of a point at a vertex corresponds to a discrete event, we model vertices of DP-system with TaPN-net transitions.

Algorithm for translation from a DP-system to a TAPN-net procedure
Step 1. For each edge connecting vertices and in , we create places and in ; Step 2. For each lead < , > in with marked with infinity, an arc from vertex to a distinct infinity-vertex is introduced in . We need to handle points moving away from vertex separately. to ′ with multiplicity 2, urgency 0, and zero time interval, and arc from ′ back to . An example of such conversion is illustrated in fig. 2. As each undirected edge in D corresponds to two opposite arcs, the number of places in NTA on the right is twice as the number of vertices in D on the left. Transitions corresponds to the event of a point reaching a vertex; auxiliary transitions are introduced to clean redundant tokens from edge-places in NTA to handle events when multiple point came to a vertex simultaneously.

Algorithm for translation from timed-arc Petri nets to metric graphs
To use the results on the asympotics and estimates on growth and stabilization time of the number of dynamic points in DP-system [6] to overapproximate TaPN-net the number of different token age-values, we implement the translation of a restricted class of TaPN-nets into DP-systems. Let NTA be an input TaPN-net and D be the resulting DP-system. The next procedure converts the TaPN-net to a DP-system. The DP-system D generates point each time NTA produces a new token with timer. 1) For each transition in , create vertex in D; 2) For each transition , place , and transition , such that there is an arc from to and an arc from to a) create an edge connecting vertices and (which correspond to transitions and , respectively) with a length equal to the time interval on the arc from to ; this procedure may introduce multiple edges or self-loops, thus, an intermediate graph may be not a metric graph; we provide a resolving strategy after the procedure; b) for each token in p, put a point on beginning of edge from vi to vj, i.e., at vertex vi; 3) For each place p, which has only inbound arcs or only outbound arcs a) for each adjacent transition , create a lead from corresponding vertex ; b) if has only outbound arcs, then for each token in , for each adjacent transition , put a point on the lead incident to corresponding vertex vi moving towards vi and located on the distance equal to the point-interval on arc < , >. 162 To resolve multiple edges and self-loops introduced during the translation, we break one of edges e into two edges by introduce a new vertex; lengths of these new edges are equal to the half ( ). For self loops, we need to introduce two vertices, and they breaks edge into three parts with lengths equal to a third of ( ). This step, firstly, breaks the loop with one edge, and, secondly, breaks multiple edges; the result of such step for a loop transition is illustrated in fig. 3.

Implementation details
The translation is implemented in tool mg-to-tapn as a TAPAAL extension; the tool uses TAPAAL internal representation for storing and analysis of TaPN-nets. A JSON-based file format for processing DP-systems was developed and its support was implemented. The file format is an extension of JSON Graph Format [31]. To allow visualization of DP-systems, a support for GraphML-based format compatible with yEd Graph Editor [32] was implemented.
As mg-to-tapn is an extension of TAPAAL, the following functions can be utilized both through command line interface or graphical user interface of TAPAAL.
• Translate DP-system in JSON format to TaPN-net in TAPAAL representation; • Translate TaPN-net in TAPAAL representation to DP-system in JSON format; • Translate TaPN-net in TAPAAL representation to DP-system in GraphML-based yEdcompatible format.

Checking TCTL properties of DP-system and experimental results
In this section, we demonstrate how to check DP-system time-temporal properties of a metric graph using the implemented translation and provide results of performance experiments.

Checking time-temporal properties of a metric graph
Tool TAPAAL does not directly support the whole class of TCTL properties; therefore, for timetemporal properties, we need to combine supported verification engines with additional auxiliary net fragments to capture such properties. We demonstrate how to encode the following propertiesusing this technique. i. Is it possible that more than signals come to node in seconds. Firstly, we need to capture the property that more than signals come to node . Arrival of a signal to from along arc < , > corresponds to a firing of transition in TaPN (see naming strategy in section 3). We add a place ′ , which will be used as a counter for the number of signals-tokens that came to . Then, we connect each to ′ with an arc; each firing of will produce a token in ′ . We call such a place counter for . In addition, we need to determine a time point when seconds has passed. We introduce a new place and put a token in . We add urgent transition and connect and with an arc specified by time interval [ , ]. So, place becomes empty when seconds has passed. We call such a net fragment consisting of place with a token, transition , and arc < , > specified by [ , ] as timer for .
Finally, we can express the property as whether there is a reachable state when ′ has K or more tokens, and has exactly one token. This property is purely temporal while time features are captured using time specifications in timer for K. In CTL, the property is expressed as (( ( ′ ) ≥ ) & ( ( ) = 1)). ii. Is it possible that in the next minutes two messages come with the difference of their time moments less that milliseconds. To check the property, we add timer for construction, counter for , and transition ′. We add arc < ′ , ′ > labelled with [ , ]. To make , urgent, we use age invariant : ≤ ε on ′ . If there are two or more tokens in ′ , , then those tokens come to node with time difference less than . The corresponding CTL property is (( ′ ≥ 2) & ( = 1)).
iii. For the system initial phase of duration , if a point comes to node at time , then no points comes to node within seconds from . We add counter for , counter for , and timer for . We add transition ′ , arc < ′ , ′ >labelled with [ , ], age invariant : ≤ ′ on ′ making ′ urgent, urgent transition ′ , and arc < ′ , ′ >. If a token is in ′ for seconds, then ′ fires consuming it; if a token came to ′ , it leaves the system via ′ immediately. The property become violated if ′ and ′ hold tokens simultaneously, as it corresponds to a state where a token, which timer value is less than K, is in , and a token came to . The resulting CTL property is ¬(( ′ ≥ 1) & ( ′ ≥ 1) & ( = 1)).

Experimental results
We conducted experiments on metric graphs of different topology: star graph, complete graph, cycle graph, and «key» graph (linear graph joined with a cycle of 3 elements on the end). The metric graphs were converted to TaPN-nets in TAPAAL format. The first and third property, encoded as suggested in the previous section, were checked for the converted metric graphs; verification time and memory consumed were measured. The results for the first property are given in Table 1. For this experiment, we checked the first property for the initial fragment of 1000 time units. Time and consumed memory were measured; if the amount of consumed memory was negligible, the value is not provided. The results for metric graph K30 were not obtained as more than a thousand nodes in the resulting TaPN-net exceeded some internal restrictions of TAPAAL. The low verification time for a cycle metric graph is stipulated by the low node degrees in the graph thus leading to a smaller number of transitions in the converted TaPN-net. The results for the third property are given in Table 2. For this experiment, we checked the second property with K = 20 and N = 1000. We see almost the same picture with the exception of that for key metric graphs the memory restrictions come in play earlier. The experiments were performed on a personal computer with 2 GHz Quad-Core Intel Core i5 processor and 16 GB of memory (3733 MHz LPDDR4X) running under macOS 11.0.1 operating system.

Conclusion
In this paper, we developed an approach that enable us to analyze TCTL-properties of DP-systems based on the implementation of the translation between DP-systems and TaPN-nets. We demonstrated how to conduct analysis of TCTL properties of DP-systems by adding an auxiliary net 164 fragment. For several time-temporal properties of metric graphs, we showed how to express the properties in TAPAAL using an auxiliary subnet and TAPAAL TCTL queries. The automated translation allows using the well-known efficient tool TAPAAL to carry out simulation and verification (analysis of TCTL properties) of DP-system dynamics and interpreting results for DP-systems on a given restricted subclass of TaPN-nets. The experiments showed that for scarce mid-sized graphs analysis could be done quite effectively.
As these experiments were conducted for the first time, to get more straightforward results, we neither used any optimizations nor tried to encode properties in a more compressed manner. Therefore, we expect that optimizations could considerably improve performance on the benchmark tests as complete and star graphs possess much symmetry.
To improve the precision of the overapproximation of a TaPN-net with a DP-system, the already known counting functions and asymptotics for undirected metric graphs shall be extended to directed metric graphs. This direction is being under current research.