catlog/stdlib/analyses/

reachability.rs

//! Reachability analyses of models.

use itertools::Itertools;
use std::collections::HashMap;

use crate::dbl::modal::model::{ModalDblModel, ModalOb};
use crate::one::category::FgCategory;
use crate::zero::QualifiedName;

#[cfg(feature = "serde")]
use serde::{Deserialize, Serialize};
#[cfg(feature = "serde-wasm")]
use tsify::Tsify;

/// Data defining a reachability problem for a Petri net.
#[derive(Clone)]
#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
#[cfg_attr(feature = "serde-wasm", derive(Tsify))]
#[cfg_attr(
    feature = "serde-wasm",
    tsify(into_wasm_abi, from_wasm_abi, hashmap_as_object)
)]
pub struct ReachabilityProblemData {
    /// Map from place IDs to number of initial token of that type.
    pub tokens: HashMap<QualifiedName, i32>,

    /// Map from place IDs to number of forbidden tokens of that type.
    pub forbidden: HashMap<QualifiedName, i32>,
}

/// The "Region Algebra for Petri Nets" algorithm from Ch 31 of
/// ([Clarke et al 2018](crate::refs::HandbookModelChecking)):
/// "Symbolic Model Checking in Non Boolean Domains".
pub fn subreachability(m: &ModalDblModel, data: ReachabilityProblemData) -> bool {
    // Convert model into a pair of matrices
    //--------------------------------------

    // Get a canonical ordering of the objects
    let ob_vec: Vec<_> = m.ob_generators().sorted().collect();
    let ob_inv: HashMap<_, _> = ob_vec.iter().enumerate().map(|(x, y)| (y.clone(), x)).collect();
    let n_p = ob_vec.len();
    if n_p == 0 {
        return true;
    }

    // Get a canonical ordering of the homs
    let hom_vec: Vec<_> = m.mor_generators().sorted().collect();

    let hom_inv: HashMap<_, _> = hom_vec.iter().enumerate().map(|(x, y)| (y.clone(), x)).collect();
    let n_t = hom_vec.len();

    // Populate the I/O matrices from the hom src/tgt data
    let mut i_mat = vec![vec![0; n_t]; n_p];
    let mut o_mat = vec![vec![0; n_t]; n_p];

    for e in m.mor_generators() {
        let e_idx = *hom_inv.get(&e).unwrap();
        if let Some(vs) = m.mor_generator_dom(&e).collect_product(None) {
            for v in vs.iter() {
                if let ModalOb::Generator(u) = v {
                    i_mat[*ob_inv.get(u).unwrap()][e_idx] += 1;
                }
            }
        }

        if let Some(vs) = m.mor_generator_cod(&e).collect_product(None) {
            for v in vs.iter() {
                if let ModalOb::Generator(u) = v {
                    o_mat[*ob_inv.get(u).unwrap()][e_idx] += 1;
                }
            }
        }
    }
    let (i_mat_, o_mat_) = (&i_mat, &o_mat);

    // Parse input data
    //-----------------
    let mut f: Vec<Vec<_>> =
        vec![ob_vec.iter().map(|u| *data.forbidden.get(u).unwrap_or(&0)).collect()];
    let init: Vec<_> = ob_vec.iter().map(|u| *data.tokens.get(u).unwrap_or(&0)).collect();

    // Apply recursive algorithm until fix point
    //------------------------------------------
    loop {
        // For each transition + region (in `f`) pair `(t,v)`, compute the
        // region that accesses `v` via firing `t`.
        let pre: Vec<Vec<_>> = (0..n_t)
            .flat_map(|t| {
                f.iter().map(move |v| {
                    (0..n_p).map(move |p| {
                        std::cmp::max(i_mat_[p][t], v[p] - (o_mat_[p][t] - i_mat_[p][t]))
                    })
                })
            })
            .map(|z| z.collect())
            .collect();

        // Filter `pre` for regions which are not already in `f`.
        let newstuff: Vec<Vec<_>> = pre
            .into_iter()
            .filter(|v| f.iter().all(|old| (0..n_p).any(|p| v[p] < old[p])))
            .unique()
            .collect();

        // We have terminated when there is nothing new generated by `pre`
        if newstuff.is_empty() {
            break;
        }

        // Update f with new stuff and remove extraneous old stuff
        f.retain(|v| newstuff.iter().all(|n| (0..n_p).any(|p| v[p] < n[p])));
        f.extend(newstuff);
    }

    // Check whether input tokening lies within the region which can access
    // the forbidden state, `init`.
    let init_in_forbbiden = f.iter().any(|v| (0..n_p).all(|p| v[p] <= init[p]));
    !init_in_forbbiden
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::dbl::{model::*, theory::*};
    use crate::stdlib::th_sym_monoidal_category;
    use crate::zero::name;
    use std::rc::Rc;

    /// The example petri net has the following structure
    ///                      t1 t2  t3   
    /// let i_mat = vec![vec![0, 1, 0],  p1
    ///                  vec![0, 1, 0],  p2
    ///                  vec![0, 0, 1]]; p3
    ///
    /// let o_mat = vec![vec![1, 0, 0],  p1
    ///                  vec![0, 0, 1],  p2
    ///                  vec![0, 1, 0]]; p3
    ///
    /// (WARNING: the petri net is drawn incorrectly in Handbook of Model Checking)
    ///
    /// Let the forbidden state be (0,0,2).
    ///
    /// The algorithm terminates in four steps:
    /// [(0,0,2)] -> [(0,0,2),(1,1,1)] -> [(0,0,2),(0,1,1),(2,2,0)]
    /// -> [(0,0,2),(0,1,1),(0,2,0)]
    /// So the three ways one can reach the forbidden state are:
    /// 1.) starting in the forbidden state (or any superset)
    /// 2.) having two tokens in p2
    /// 3.) having one token in each p2 and p3
    ///
    /// Consider using algorithm from "Minimal Coverability Tree Construction
    /// Made Complete and Efficient" for a more efficient algorithm which allows
    /// "inf" as a possible specification of an invalid state.
    #[test]
    fn validate_subreachability() {
        // Define a petri net
        let th = Rc::new(th_sym_monoidal_category());
        let (ob_type, op) = (ModalObType::new(name("Object")), name("tensor"));
        let mut model = ModalDblModel::new(th);
        let (p1, p2, p3, t1, t2, t3) =
            (name("p1"), name("p2"), name("p3"), name("t1"), name("t2"), name("t3"));
        model.add_ob(p1.clone(), ob_type.clone());
        model.add_ob(p2.clone(), ob_type.clone());
        model.add_ob(p3.clone(), ob_type.clone());
        let [x, y, z] = [p1.clone(), p2.clone(), p3.clone()].map(ModalOb::from);
        model.add_mor(
            t1,
            ModalOb::App(ModalOb::List(List::Symmetric, vec![]).into(), op.clone()),
            ModalOb::App(ModalOb::List(List::Symmetric, vec![x.clone()]).into(), op.clone()),
            ModalMorType::Zero(ob_type.clone()),
        );
        model.add_mor(
            t2,
            ModalOb::App(
                ModalOb::List(List::Symmetric, vec![x.clone(), y.clone()]).into(),
                op.clone(),
            ),
            ModalOb::App(ModalOb::List(List::Symmetric, vec![z.clone()]).into(), op.clone()),
            ModalMorType::Zero(ob_type.clone()),
        );
        model.add_mor(
            t3,
            ModalOb::App(ModalOb::List(List::Symmetric, vec![z.clone()]).into(), op.clone()),
            ModalOb::App(ModalOb::List(List::Symmetric, vec![y.clone()]).into(), op.clone()),
            ModalMorType::Zero(ob_type),
        );

        // Test starting configurations, see if (0,0,2) is reachable subtokening
        fn test_input(m: &ModalDblModel, x1: i32, x2: i32, x3: i32, expect: bool) {
            let (p1, p2, p3) = (name("p1"), name("p2"), name("p3"));
            let forbidden = HashMap::from_iter([(p1.clone(), 0), (p2.clone(), 0), (p3.clone(), 2)]);

            let data = ReachabilityProblemData {
                tokens: HashMap::from_iter([(p1, x1), (p2, x2), (p3, x3)]),
                forbidden: forbidden.clone(),
            };
            assert_eq!(subreachability(m, data), expect);
        }

        test_input(&model, 0, 0, 2, false);
        test_input(&model, 0, 1, 1, false);
        test_input(&model, 0, 2, 0, false);
        test_input(&model, 1, 0, 1, true);
        test_input(&model, 1, 1, 0, true);
    }
}