On Improving Parallel Rebuilding of R-TNCESs

Mohamed Ramdani

1,2,3,4

, Laid Kahloul

and Mohamed Khalgui

1,2 a

School of Electrical and Information Engineering, Jinan University, China

LISI Laboratory, National Institute of Applied Sciences and Technology, University of Carthage, Tunis 1080, Tunisia

LINFI Laboratory, Computer Science Department, Biskra University, Algeria

University of Tunis El Manar, Tunis, Tunisia

Keywords:

Reconﬁgurable Discrete-Event System, Reconﬁgurable Timed Net Condition-Event System, Computation

Tree Logic, Paralle Model Rebuilding.

Abstract:

This study presents an improved parallel rebuilding of reconﬁgurable timed net condition-event systems (R-

TNCESs) modeling reconﬁgurable discrete-event systems (RDESs). Computation tree logic (CTL) model

repair is one of the existing approaches that extends formal veriﬁcation using model checking, by an autom-

atized debugging phase and updating directly the model to cope with the desired behavior. Our proposition

aims to generalize simple rebuilding with one CTL-based function property to parallel rebuilding which allows

both veriﬁcation and modiﬁcation of a model according to a set of non veriﬁed functional properties simul-

taneously. A couple of transformation algorithms are proposed to conserve the coherency of the model and a

property classiﬁcation method is proposed to frame the parallel execution order. To demonstrate the paper’s

contribution, a FESTO MPS platform is used as a case study.

1 INTRODUCTION

Reconﬁgurable discrete event/control systems

(RDECSs) are auto-control systems which work

in an asynchronous and a non-deterministic way

due to events occurrence. RDECSs are compatible

with a variety of conditions (concurrency, control,

communication, etc.) which can be in several systems

(manufacturing systems (Gu et al., 2018), real time

systems (Ben Aissa et al., 2019), and intelligent

control systems (Khalgui and Mosbahi, 2010), etc.).

Reconﬁguration concerns changes in the structure,

functionality, and/or control algorithms to cope with

external changes and user requirements (Zhang et al.,

2015).

In spite of RDECSs’s complexity, model-checking

is the formal technique most used for its automatic

veriﬁcation. This efﬁcient technique checks the sat-

isfaction of a functional property speciﬁcation, which

is speciﬁed by a temporal logic (Baier et al., 2008)

(computation tree logic) against a behavior formal

model (Petri nets). Many formalisms are proposed

and improved to cope with reconﬁgurability such

as reconﬁgurable time net condition/event systems

(R-TNCES) (Zhang et al., 2013) and reconﬁgurable

https://orcid.org/0000-0001-6311-3588

Petri nets (Padberg and Kahloul, 2018). Several

studies have worked on model checking improve-

ment to be more efﬁcient at errors debugging and in

their auto-correction. Ding and Zhang in (Ding and

Zhang, 2007) have proposed a method named com-

putation tree logic CTL update that modiﬁes the sys-

tem model in order to satisfy a given formula, based

on ﬁve basic operations and minimal change criteria.

Martinez and Lopez have proposed another method

named CTL repair for different classes of Petri nets

such in: (Mart

ınez-Araiza and L

opez-Mellado, 2014),

(Mart

ınez-Araiza and L

opez-Mellado, 2015), and

(Martinez-Araiza and L

opez-Mellado, 2016). Car-

rillo and Rosenblueth have introduced the protection

concept to CTL update (Carrillo and Rosenblueth,

2014). Both the layer-by-layer veriﬁcation proposed

in (Zhang et al., 2013) and the formal veriﬁcation pro-

posed in (Haﬁdi et al., 2018) ignore the debugging

phase treatments to automatize the correction of a

model which does not satisfy a property formula. The

convergence of this lack with the system complex-

ity and the high number of properties to be checked

makes R-TNCESs veriﬁcation a hard task.

In the current paper, we assigned a parallel re-

building to the analysis technique of an R-TNCES.

The purpose of our proposition is to deal with the

Ramdani, M., Kahloul, L. and Khalgui, M.

On Improving Parallel Rebuilding of R-TNCESs.

DOI: 10.5220/0007977903150322

In Proceedings of the 14th International Conference on Software Technologies (ICSOFT 2019), pages 315-322

ISBN: 978-989-758-379-7

315

big number of faulty properties with a parallel strat-

egy to make a gain in the both rebuilding and val-

idation time as well as to reduce the complexity of

debugging process which relieves the design efforts.

We deal with the auto-correction of R-TNCESs by

proposing a new approach that includes veriﬁcation

and model updating according to several CTL for-

mulas simultaneously (parallel rebuilding). The pro-

posed methodology stands on the R-TNCES rebuild-

ing approach (Ramdani. et al., 2019). In order to

avoid unnecessary calculation, R-TNCES rebuilding

will be improved by pretreatment and classiﬁcation of

properties that assure the best parallelization of auto-

correction. In order to conﬁrm results, SESA model

checker is used (Starke and Roch, 2002). Indeed,

SESA is a software to analyze TNCESs and to com-

pute the exact reachable set of states. To validate the

proposed methodology, we use academic case study

FESTO MPS (Zhang et al., 2013) which is a lab-scale

station. Experimentations on FESTO MPS show the

applicability and performance of our proposition to

check and rebuild properties of broadcasting and syn-

chronizations simultaneously.

The paper is organized as follows. Section 2

presents preliminary concepts. Section 3 gives the

R-TNCES rebuilding methodology. Improved paral-

lel rebuilding is presented in Section 4. An academic

case study is presented to show the virtue of the pro-

posed approach and its algorithms in Section 5. Fi-

nally, Section 6 concludes this work and describes our

perspectives.

2 BACKGROUND

In this section, we present a brief description of R-

TNCESs and Ding’s CTL update approach.

2.1 Reconﬁgurable Time Net

Condition-Event Systems

R-TNCES is a control component based formalism

proposed in (Zhang et al., 2013) to specify and

verify reconﬁgurable discrete event control systems

(RDECSs). A control component (CC) is a logi-

cal software unit that represents data ﬂows and sen-

sors/actuators actions (algorithms, data extraction or

activation) (Khalgui and Hanisch, 2011). An R-

TNCES is a structure RTN = (B,R) composed of two

modules, where B = (Con f

,... ,Con f

) is the be-

havior module formed by n conﬁgurations (Con f

each one is a TNCES, possibly redundant and R =

,... , r

) is a set of reconﬁguration functions which

represent the control module (n,m ∈ N). Formally, B

is a tuple given by

B = (P,T,F,W,CN,EN, DC,V,Z

) (1)

where, P (resp, T) is a superset of places (resp. transi-

tions), F is a superset of arcs, W : (P×T )∪(T ×P) →

{0,1} maps a weight to a ﬂow arc, CN (resp. EN)

is a superset of condition signals (resp, event sig-

nals), DC is a superset of clocks on output arcs, V :

T → {AND,OR} maps an event processing mode for

every transition, and Z

= (M

), where M

is the

initial marking, and D

is the initial clock position.

2.2 Computation Tree Logic Model

Repair

”Computation tree logic model update” is a formal

approach for automatic veriﬁcation and modiﬁcation

of system models based on minimal change criteria

over Kripke structure models. This approach was

developed in (Ding and Zhang, 2007). To repair

software errors, CTL update is deployed to gener-

ate admissible models that represent the correct de-

sign (Zhang and Ding, 2008). The model updater

functions modify the models using ﬁve primitives

(PU1,..., PU5) which are described in their simplest

forms as: (i) PU 1 for adding a relation, (ii) PU2 for

removing a relation, (iii) PU3 for changing one state

label of one state, (iv) PU4 for adding a state, and

(v) PU5 for removing a state and its associated rela-

tions. The semantics of the above primitives and of

the minimal changes principle are detailed in (Zhang

and Ding, 2008).

3 REBUILDING PROBLEM FOR

R-TNCESs MODELS

Given R-TNCES M = (B, R) representing a system

model and φ a CTL formula in existential normal

form ENF representing a functional property such that

(M,Z

) 2 φ. Rebuilding problem is the construction

of a new model M

by applying minimal changes to M

such that (M

)  φ. M

must satisfy speciﬁcation

and conserve good requirements.

Automatic rebuilding of behavior module can be

summarized in six step methodology as follows.

- Step 1: Transform behavior module B to Kripke

structure SK.

- Step 2: Transform formula φ to adapt the same

value in the Kripke structure.

- Step 3: If SK  φ, then the model is well speciﬁed,

otherwise, go to the next step.

ICSOFT 2019 - 14th International Conference on Software Technologies

316

- Step 4: Modify SK according to CTL model up-

date approach (Zhang and Ding, 2008); (action to

be supervised by the designer).

- Step 5: Re-check the satisfaction SK  φ. If

SK  φ, then the model is well modiﬁed, other-

wise, inconsistency in the speciﬁcation (formula,

model, or the both).

- Step 6: Rebuild B using primitives that are equiv-

alent (see Table 1) to those executed in the 4

step. Table 1 represents the equivalence between

the primitives of CTL update and R-TNCES re-

building.

R-TNCES rebuilding operation is well described

and detailed in (Ramdani. et al., 2019).

In this work, we assume that the control part R

and the modular entities (CCs) are not faulty and rep-

resent the desired behavior. Therefore, we focus on

the behavior module response when a reconﬁguration

is requested or an error is occurred. In such con-

text, rebuilding operation (RO) consists of checking

the synchronization faults between transitions in dif-

ferent CCs (the broadcasting correctness).

Table 1: Equivalence between Ding primitives and R-

TNCES rebuilding modiﬁcations (Ramdani. et al., 2019).

CTL-

update

primitives

R-TNCES rebuilding

modiﬁcations

Modiﬁcation

instructions

PU1 Add event signal Cr(ev(t,t

))

PU2 Delete event signal De(ev(t,t

))

PU3 Add/Delete condition

signal

Cr(cn(p,t))/

De(cn(p,t))

PU4 Add control compo-

nent

Cr(CC))

PU5 Delete control compo-

nent

De(CC))

4 IMPROVED PARALLEL

REBUILDING

We propose in this section a parallel rebuilding for

automatizing the correction of an R-TNCES accord-

ing to a high number of faulty properties simultane-

ously. With the proposed approach, we can deal the

deﬁciency of other works on automatizing the debug-

ging of reconﬁgurable system model at its veriﬁca-

tion. The gain of our contribution resides in two ma-

jor points. On one hand, an ordinary rebuilding of an

R-TNCES with one CTL formula expands the classi-

cal CTL update to be dealing with reconﬁgurable sys-

tem models. On the other hand, the parallel rebuild-

ing of an R-TNCES makes the rebuilding more efﬁ-

cient to deal with the big number of properties in com-

plex system models. Using the proposed method, we

can minimize the validation time of a system model

and we can also control the complexity of the debug-

ging phase in a complicated system. We improve the

R-TNCES rebuilding by adding a pre-processing of

properties which identiﬁes functional dependencies,

precedence order and classiﬁes them to extract the op-

timal order of the rebuilding process. The global pro-

cess of parallel rebuilding reposes on four sub phases:

(i) Abstraction: is the transformation of R-TNCES

model (resp. CTL formula) to Kripke structure (resp.

reduction of the granularity). (ii) Classiﬁcation: is

the detection of relationships among properties. It de-

ﬁnes dominance, equivalence and composition among

those properties. (iii) Rebuilding order is the con-

struction of a tree that deﬁnes the order of rebuilding

and the parallelization strategy. (iv) Parallelization: is

the assignment of properties to the parallel environ-

ment. Figure 1 resumes the global process of parallel

rebuilding.

Unverified

Properties (CTL)

System model

(R-TNCES)

Abstraction

Relationships

among properties

Rebuilding order

Parallelization

Classification

Figure 1: Parallel Rebuilding of R-TNCES.

4.1 Abstraction and Properties

Classiﬁcation

Abstraction subprocess reposes on two different and

independent operations that assure the transformation

of both model and formula. The ﬁrst operation is the

computation of a new Kripke structure model from

behavior module B. The second one, is the granularity

reduction of a CTL formula to adapt it for the Kripke

structure veriﬁcation.

In properties classiﬁcation, we classify properties

according to the precedence order and relationships

among them. At the ﬁrst step of this sub-process, we

divide set of unveriﬁed properties

∑

Φ into two differ-

ent sets according to their functional purpose, which

are deﬁned as follows:

• Universal Properties: A set of properties that are

expressed to check a functional property in the

whole system (all conﬁgurations).

On Improving Parallel Rebuilding of R-TNCESs

317

• Local Properties: A set of properties that are ex-

pressed to check a special functional property in

one and only one execution in the system (just one

conﬁguration).

To avoid redoing the rebuilding operation, we

must ensure the precedence order among properties.

In this context, we can deﬁne the relations between

two properties φ

and φ

as:

Dominance: We say φ

dominates φ

iff φ

is univer-

sal and φ

is local, or the state formula of φ

becomes

in front at the same conﬁguration. In the general case,

we denote the dominance by ’=⇒’.

The classiﬁcation of CTL properties, according to

their semantic relationships (Ramdani et al., 2018),

consists of extracting possible relationships among

properties for guiding an efﬁcient veriﬁcation. The

process starts by sorting properties according to lo-

cal/global criteria. Then, each kind of properties will

be arranged separately according to precedence order.

Finally, we perform an analysis of dominance among

properties to accomplish the global order of proper-

ties. Figure 2 resumes the analysis procedure of prop-

erties in the classiﬁcation sub-process.

Unverified properties

Sorting

Universal

properties

Local

properties

Precedence treatment

Relationships order

Universal order

Local order

Global classification

Figure 2: Properties classiﬁcation sub-process.

4.2 Rebuilding Order and

Parallelization

After classiﬁcation and extraction of possible rela-

tionships between properties, the rebuilding order and

its assignment in a parallel environment achieves the

whole process. Let

∑

i,i=1...n

be the set of traces in

a given Kripke structure Sk and let m be the number

of properties in

∑

Φ. To get an optimal paralleliza-

tion and avoid unnecessary calculation, we deﬁne a

matrix that resumes the properties appearance in the

set of traces, i.e., for each state formula of each prop-

erty, we localize which paths appear. Formally, the

appearance matrix AM[n,m] = [0/1] is given by

∀π

∈

∑

i,i=1...n

,∀φ

∈

∑

Φ,∃ψ

∈ π

: AM[i, j] = [1].

(2)

where, ψ

is state formula from φ

. Using this matrix,

the properties will be ordered descendingly according

to the number of paths where they had participated in.

The execution tree ET is a graph, where each node

denotes a task. The node content indicates the prop-

erty to be checked. An arrow from one node to an-

other indicates that the second node - the one at the

end of the arrow - can only be executed when the ﬁrst

one has ﬁnished its execution. Nodes at the same level

can be executed in parallel. Formally an execution

tree ET is given by

ET = (N,T ) (3)

where, N is a set of nodes of execution, and T is a set

of transitions between nodes.

Using a hybrid scan between the matrix and the re-

lationship among properties (supervised by designer),

we build a tree of precedence and independence, ap-

plying the following steps.

• Step 1: From appearance matrix, we extract a

descending order of properties according to the

number of appearances in paths.

• Step 2: From the relationships set of properties,

we extract the dominance among properties.

• Step 3: Using Algorithm 1, we coordinate prop-

erties order and dominance relationships among

them to generate the execution tree ET . In or-

der to respect the model coherency, each dominant

property will be rebuild separately.

Algorithm 1: Execution Tree Generation: gen-

erates a node for each independent property and for

each couple of properties (dominant, dominated), the

algorithm creates a couple of nodes (father, son) in the

Algorithm 1: Execution tree generation.

Input:

∑

Φ+ Relationships classiﬁcation;

Output: ET ;

Create Node(Idl, );

for i=1 to i=n do

if (φ

is not dominated) then

Create Node(Idl, φ

);

end

else

int temp = 0;

for ( j = 1; j 6 n; i + +) do

if (φ

domines φ

) then

temp ← j;

end

Create Node(φ

, φ

);

end

Return (ET );

ICSOFT 2019 - 14th International Conference on Software Technologies

318

execution tree (all nodes have the same precedence

will have just one father.).

Given a parallel environment PE which is com-

posed of a set of n execution units EU (cores). EUs

preform parallel rebuilding calculation respecting the

mutual exclusion. ET ’s nodes will be assigned level

by level in the PE, i.e., in each level, each node is as-

signed to one EU from left to right with the respect of

the availability of the PE. Formally, PE is given by

PE = (EU, ET, cond) (4)

where, EU is a set of execution units in a parallel ma-

chine, ET is a the execution tree, and cond : EU →

(True,False) is the condition of execution in the par-

allel environment, initially declared False.

By the proposed parallel rebuilding of R-TNCES,

automatic analyses techniques as model checking can

be more efﬁcient to verify a complex model of recon-

ﬁgurable systems. Parallel rebuilding makes debug-

ging a practical process to converge a reconﬁgurable

system model to meet several functional properties si-

multaneously and with a simple way.

5 EXPERIMENTATIONS

5.1 Case Study

In order to validate and demonstrate the gain of the

proposed approach, we use FESTO modular produc-

tion system (MPS) (Zhang et al., 2013), which is a

lab-scale production line simulating different func-

tions of a manufacturing system. FESTO is composed

of 12 physical processes, organized into four opera-

tional conﬁgurations. Each physical process is mod-

eled by one control component (CC) and each con-

ﬁguration Con f

has one control chain (C

chain

). The

control chains are well described in (Ramdani. et al.,

2019). Figure 3(a) depicts a faulty model of behav-

ior module of MPS modeled by an R-TNCES. To as-

sure the production quality of a good product, once

the workpiece is rejected by unit quality test (qual-

ity test unit checks: color, material, and height of

workpieces), this workpiece can not be drilled in next

steps. In particular, we need to ensure that each con-

ﬁguration is safe and can proceed normally (liveness

of model). Each control chain must produce one prod-

uct. To check those behaviors, we use CTL formulas

written in the ENF form presented in Table 2. All

formulas are proven to be False, we apply a paral-

lel rebuilding on the behavior module to get a new

correct one that respects the functional properties ex-

pressed, previously. First, we need to compute Kripke

structure SK from the above behavior module. The

Table 2: CTL based Functional properties.

CTL formula Normalization in the

ENF form

=AF(p

→ AF p

) φ

=EG(p

∧ EGp

)

=AF(p

→ AF p

) φ

=EG(p

∧ EGp

)

=AF(p

→ AF p

) φ

=EG(p

∧ EGp

)

=AF(p

→ AF p

) φ

=EG(p

∧ EGp

)

=AG(p

→ AF¬p

) φ

=¬EF(p

∧ EGp

)

result is shown in Figure 3(b). Second, formulas pre-

sented in Table 2 are abstracted to be expressed on

SK. Those formulas become: φ

= EG(cc

∧EGcc

= EG(cc

∧EGcc

), φ

= EG(cc

∧EGcc

), φ

EG(cc

∧ EGcc

), and φ

= ¬EF(cc

∧ EGcc

According to the functional purpose, φ

is universal

and the rest of properties are local. According to

the precedence order, we preform the following clas-

siﬁcation of dominance relationships among proper-

ties: φ

=⇒ φ

, φ

=⇒ φ

, φ

=⇒ φ

, φ

=⇒ φ

, and

=⇒ φ

Using

∑

i,i=1...6

presented in Figure 4(a) and un-

veriﬁed set of properties

∑

Φ, we build appearance

matrix AM presented in Figure 4(b).

Let PE denotes a parallel environment with 4 ex-

ecution units EU

,i = 1 . ..4. We generate the execu-

tion tree of the above properties. Figure 5(a) depicts

the generated execution tree by using Algorithm 1 and

Figure 5(b) shows its assignment in PE.

At Level

, only EU

is activated to update SK ac-

cording to φ

, and this operation can be deployed by

deleting output relations from s

using primitive PU2

to remove the relation between s

and s

(resp. be-

tween s

and s

). Then, in the next level, EU

, EU

and EU

are activated to rebuild SK according to φ

, and φ

respectively. Using primitive PU1, EU

will add a relation between s

and s

, EU

will add

a relation between s

and s

, and EU

will add a re-

lation between s

and s

. Finally, at the third level,

is activated to rebuild SK according to φ

(this

property is auto corrected by EU

in the second level).

Figure 7(a) depicts new structure SK

after rebuilding.

To get the new correct behavior module, we regener-

ate the equivalent R-TNCES of SK

, using modiﬁca-

tion instruction. Results are shown in Figure 7(b).

Using SESA model checker (Starke and Roch,

2002), an exact reachability graph of the FESTO

MPS’s behavior model is computed. The obtained

graph is ﬁnite and it contains 57926 reachable states.

We check that the new model satisﬁes the above prop-

erties and its parallel rebuilding is done without sys-

tem degradation. All properties are proven to be True

as shown in Figure 6.

On Improving Parallel Rebuilding of R-TNCESs

319

[1, 3]

[1,

Figure 3: MPS’s behavior module B and its computed SK.

(a) (b)

Figure 4: Properties appearance in the set of traces of Sk.

Idl

(a)

Level

(b)

Figure 5: Execution tree and its affectation.

5.2 Performance Evaluation

Let us assume that we have a big system model to be

rebuilt according to 100 faulty properties, and let us

assume that the average dominance among properties

can be in, 0-25%, 25-50%, 50-75%, and 75-100% re-

spectively. Let us suppose that we have four parallel

execution units, each one can rebuild one property in

a one time unit. A quantitative difference between ex-

ecution time for sequential rebuilding of faulty prop-

erties and parallel rebuilding. The parallel rebuilding

approach avoids unnecessary wait time in execution

(a) (b)

(e) (f)

Figure 6: Screen shots of SESA model-checking results.

by avoiding redundancies and imposing order of rela-

tions among properties. The gain with this approach

is clearly shown in the rebuilding of properties which

have a less dominance relationships among them (i.e.,

Independent properties can be rebuilt parallely with-

out any waiting time). As shown in Figure 8, rebuild-

ing time is proportional to the degree of dominance

relations between properties.

Number of properties to be rebuilt is directly re-

lated to the system size and its number of TNCESs.

Let assume that the correctness of each TNCES must

be checked by three properties (safety, liveness, and

non-deadlock). The average of those properties is

faulty and needs rebuilding. Let us assume a vari-

ety of systems that have 50, 100, 200, 500 and 1000

TNCESs and each case have 75, 150, 300, 750, and

1500 faulty properties respectively with a rate of 25%

dominance among them. A rebuilding of one property

ICSOFT 2019 - 14th International Conference on Software Technologies

320

[1, 3]

[1,

(b)

Figure 7: SK

and the behavior module B of MPS after rebuilding.

25% 50% 75% 100%

100

100100 100 100 100

Faulty propreties

Time units

Parallel rebuilding Sequential rebuilding

Figure 8: Sequential rebuilding VS Parallel rebuilding.

in a system less than 50 TNCESs needs one time unit.

Indeed, for each 50 TNCES additional in the system

size need 10% additional in the execution time.

5.3 Discussion

For reconﬁgurable systems, there is no study dealing

with parallel rebuilding and model correction. How-

ever, our proposed methodology facilitates the pro-

cess of synchronization properties veriﬁcation. Thus,

the classical veriﬁcation of R-TNCES checks these

properties based on the whole model, contrariwise,

the R-TNCESs rebuilding (RO) provides a veriﬁca-

tion of an abstract model (Kripke structure) with for-

mal methods to ensure the correctness. Table 3 de-

scribes a short qualitative comparison between the

50 100 200 500 1000

1,000

2,000

3,000

4,000

TNCESs

Time units

Sequential rebuilding

Parallel rebuilding

Figure 9: Improved performance of Parallel rebuilding.

proposed contribution in our paper and the most re-

cent related works.

6 CONCLUSIONS

This work deals with the parallel auto-correction of

reconﬁgurable systems modeled with R-TNCES for-

malism according to CTL-based functional proper-

ties. In this work, we have presented a parallel re-

building approach for reconﬁgurable timed net con-

dition/event systems (R-TNCESs). Our contribution

reposes on two fundamental techniques: (i) An ab-

straction of R-TNCES model (resp. its CTL-based

functional formulas) to a Kripke structure (resp. to a

simple CTL formulas with the same veriﬁcation value

On Improving Parallel Rebuilding of R-TNCESs

321

Table 3: Qualitative comparison with some related works.

Works Used formalisms Reconﬁguration Model repair Execution

(Ding and Zhang, 2007) Kripke structure No Yes Sequential

(Zhang and Ding, 2008),

(Carrillo and Rosenblueth, 2014). Kripke structure No Yes Sequential

(Mart

ınez-Araiza and L

opez-Mellado, 2014),

(Mart

ınez-Araiza and L

opez-Mellado, 2015), Petri nets No Yes Sequential

(Martinez-Araiza and L

opez-Mellado, 2016).

(Zhang et al., 2013) R-TNCESs Yes No -

(Haﬁdi et al., 2018) R-TNCESs Yes No -

(Ramdani. et al., 2019) R-TNCESs Yes Yes Sequential

Our work R-TNCESs Yes Yes Parallel

expressed on the new Kripke structure). (ii) A tech-

nique to extract the precedence order between proper-

ties and to classify the relations of dominance among

them. This technique helps to build an execution tree

to be executed in a parallel environment. Therewith,

we deﬁne an equivalence between Ding primitives

and R-TNCESs rebuilding modiﬁcation instructions.

At the end, we conﬁrm the obtained results of parallel

R-TNCESs rebuilding operation by an experimental

case study. Contrary to what exists, our approach up-

dates the system model directly and simultaneously,

which results in the gain of design effort and thus re-

duces the veriﬁcation time. Whereas classically, the

designer has to repeat the veriﬁcation debugging cy-

cle for each violated functional property separately.

This work opens several possible perspectives. First,

we plan to apply our approach to real large case stud-

ies. Second, we plan to take into consideration more

details of CTL formulas. Finally, we plan to consider

reconﬁgurable systems with distributed behaviors.

REFERENCES

Baier, C., Katoen, J.-P., and Larsen, K. G. (2008). Princi-

ples of Model Checking. MIT press.

Ben Aissa, Y., Bachir, A., Khalgui, M., Koubaa, A., Li, Z.,

and Qu, T. (2019). On feasibility of multichannel re-

conﬁgurable wireless sensor networks under real-time

and energy constraints. IEEE Transactions on Sys-

tems, Man, and Cybernetics: Systems, pages 1–16.

Carrillo, M. and Rosenblueth, D. A. (2014). CTL update of

Kripke models through protections. Artiﬁcial Intelli-

gence, 211:51–74.

Ding, Y. and Zhang, Y. (2007). System modiﬁcation case

studies. In Computer Software and Applications Con-

ference, 2007. COMPSAC 2007. 31st Annual Interna-

tional, volume 2, pages 355–360. IEEE.

Gu, C., Li, Z., Wu, N., Khalgui, M., Qu, T., and Al-Ahmari,

A. (2018). Improved multi-step look-ahead control

policies for automated manufacturing systems. IEEE

Access, 6:68824–68838.

Haﬁdi, Y., Kahloul, L., Khalgui, M., Li, Z., Alnowibet, K.,

and Qu, T. (2018). On methodology for the veriﬁca-

tion of reconﬁgurable timed net condition/event sys-

tems. IEEE Transactions on Systems, Man, and Cy-

bernetics: Systems, pages 1–15.

Khalgui, M. and Hanisch, H.-M. (2011). Automatic NCES-

based speciﬁcation and SESA-based veriﬁcation of

feasible control components in benchmark production

systems. International Journal of Modelling, Identiﬁ-

cation and Control, 12(3):223–243.

Khalgui, M. and Mosbahi, O. (2010). Intelligent distributed

control systems. Information and Software Technol-

ogy, 52(12):1259 – 1271.

Mart

ınez-Araiza, U. and L

opez-Mellado, E. (2014). A CTL

model repair method for Petri nets. In World Automa-

tion Congress (WAC), 2014, pages 654–659. IEEE.

Mart

ınez-Araiza, U. and L

opez-Mellado, E. (2015). CTL

model repair for bounded and deadlock free Petri nets.

IFAC-PapersOnLine, 48(7):154–160.

Martinez-Araiza, U. and L

opez-Mellado, E. (2016). CTL

model repair for inter-organizational business pro-

cesses modelled as owfn. IFAC-PapersOnLine,

49(2):6–11.

Padberg, J. and Kahloul, L. (2018). Overview of reconﬁg-

urable Petri nets. In Graph Transformation, Speciﬁca-

tions, and Nets, pages 201–222. Springer.

Ramdani, M., Kahloul, L., and Khalgui, M. (2018). Au-

tomatic properties classiﬁcation approach for guiding

the veriﬁcation of complex reconﬁgurable systems. In

Proceedings of the 13th International Conference on

Software Technologies - Volume 1: ICSOFT,, pages

591–598. INSTICC, SciTePress.

Ramdani., M., Kahloul., L., Khalgui., M., and Haﬁdi., Y.

(2019). R-TNCES rebuilding: A new method of ctl

model update for reconﬁgurable systems. In Proceed-

ings of the 14th International Conference on Eval-

uation of Novel Approaches to Software Engineer-

ing - Volume 1: ENASE,, pages 159–168. INSTICC,

SciTePress.

Starke, P. H. and Roch, S. (2002). Analysing Signal-net

Systems. Professoren des Inst. f

ur Informatik.

Zhang, J., Khalgui, M., Li, Z., Frey, G., Mosbahi, O.,

and Salah, H. B. (2015). Reconﬁgurable coordi-

nation of distributed discrete event control systems.

IEEE Transactions on Control Systems Technology,

23(1):323–330.

Zhang, J., Khalgui, M., Li, Z., Mosbahi, O., and Al-Ahmari,

A. M. (2013). R-TNCES: A novel formalism for re-

conﬁgurable discrete event control systems. IEEE

Transactions on Systems, Man, and Cybernetics: Sys-

tems, 43(4):757–772.

Zhang, Y. and Ding, Y. (2008). CTL model update for sys-

tem modiﬁcations. Journal of artiﬁcial intelligence

research, 31:113–155.

ICSOFT 2019 - 14th International Conference on Software Technologies

322