Dynamic Slicing of Time Petri Net Based on MTL Property

The time Petri net (TPN) is a powerful tool for modeling, simulating, and verifying real-time systems. Unfortunately, the state spaces of the time Petri net grow exponentially due to the complexity of real-time systems. The enormous size of the state spaces could also cause state explosion problems in model checking. This paper proposes an alternative dynamic slicing algorithm written as a metric temporal logic (MTL) formula to reduce the size of the time Petri net model by considering specific criteria. Our algorithm proposes an alternative dependency graph representing the global firing time interval of the transition to remove the transitions that are never fired and do not affect the state space. The dynamic slicing algorithm involves the initial marking and the properties of the target metric temporal logic formula. Unlike the unsliced time Petri net, the result preserves all necessary execution paths for the model checking of a particular metric temporal logic formula. Therefore, model checking can generate sufficient state space to conduct verification equivalent to the unsliced time Petri net but may take less time, including if the unsliced time Petri net causes state space explosion.


I. INTRODUCTION
The time Petri net (TPN) is a mathematical model commonly used to represent and capture a real-time system's behavior, especially its concurrent, asynchronous, distributed, parallel, and nondeterministic operations. The TPN can implement all possible execution paths in a real-time system through recursive paths using the given initial marking and specific time constraints. The corresponding state space of the realtime system can be computed or generated using the TPN model to demonstrate the abstraction of its behavior. However, as the system becomes more complex, the size of its state space grows exponentially, which causes a state space explosion problem, a common obstacle in the model checking process. To address this situation, state space reductions based on various techniques are commonly exploited to reduce the number of redundant states visited during runtime state exploration. Moreover, the state space of a TPN is based on the markings of all its places and the time interval constraints of the firing sequences of its transitions, making it even more complex. Therefore, a state class graph (SCG) [1] is alternatively used to abstract the specific state space of a TPN, and an SCG is efficiently generated based on its reachability properties [2,3].
Various studies have applied on-the-fly reduction to reduce the state space of a TPN by constructing a minimal state space on demand [4] and by limiting the state exploration in the on-the-fly mode based on the properties of timed computation tree logic (TCTL) [5,6] or linear temporal logic (LTL) [7]. Partial order reduction has also been applied to construct the state space, but only in the same independent state as executing different firing sequences [8][9][10][11]. In [12], a stubborn set method for TPNs that concerns only the transitions and the firing constraints of the reachable firing rules was proposed. The stubborn sets are the transition sets that are not affected or reached by those outside the stubborn sets. A symmetry reduction method for TPNs to alleviate the combinatorial explosion problem by abstracting only one out of two equivalent states in the state class graph was also proposed in [13].
Furthermore, structural analysis of the formal model using pruning algorithms could also be conducted beforehand to further limit the unnecessary or unreachable structure of a TPN with regard to the target criterion.
Several TPN structural reduction methods have been proposed. For example, sets of heuristic reduction rules to reduce the size of a TPN were proposed in [14][15][16].
In [16,17], a TPN model was modularized into TPN subnets that preserve the original liveness and safety properties.
Model slicing is another structural reduction method used to minimize the size of an original model. Fortunately, the resulting TPN slice performs equivalently to the original TPN with respect to the target criteria in the verification process. This model slicing method is classified as either static or dynamic slicing. Static slicing considers only the slicing criteria while dynamic slicing considers the initial markings, the so-called initial state, and the target criteria. Model slicing is additionally used in software verification to reduce the formal model in the preprocessing phase [18].
In [19], a static slicing algorithm for slicing a formal model written in the Rebeca language based on the Rebeca dependency graph (RDG) was proposed, and the resulting slice preserved the deadlock property. Then, in [20], an algorithm considering the LTLx property was constructed to slice the original model. A behavior tree dependence graph (BTDG) was used to construct slices for any target criterion related to the LTLx property.
The asynchronous system model written in the Promela program was also sliced before being verified in [21,22]. In [23][24][25], slicing algorithms for timed automata were proposed. Several Petri net slicing algorithms to alleviate the state space explosion that occurs during model checking under limited conditions have been proposed. For example, two slicing algorithms were used to reduce a Petri net model that maintained the safety property in [26] and the CTL −x * property in [27]. Moreover, a place-invariant-based (PI-based) algorithm to slice Petri nets and preserve the place-invariant property was proposed in [28]. Furthermore, [29] proposed dynamic slicing algorithms for Petri nets by computing the backward and forward slices while considering an initial marking, and these algorithms were further improved using a structural dependency graph (SDG) in [30].
Nevertheless, the firing rules of Petri nets consider only the markings and ignore the firing time constraints while a TPN is more concerned with the relative firing time of each transition. This paper proposes an alternative structural analysis technique to slice the unnecessary structure of a model for a specific criterion. We intend to eliminate the irrelevant TPN elements to the criteria written in the metric temporal logic (MTL) properties and leave any other elements. Thus, the slicing algorithm preserves the target MTL properties of a TPN. We focus on the dynamic slicing approach in which both the initial marking and target criteria are considered and provide the traceability of the paths of fired tokens. We propose a new dependency graph called a firing dependency graph (FDG) representing all the dependencies within the global firing time interval of the transitions. First, we provide an algorithm to construct the firing dependency graph from the TPN model. Second, our dynamic slicing algorithm for a TPN to slice the TPN model based on the target criteria within the properties of the MTL is also proposed.
The remainder of this paper is organized as follows. Section II briefly introduces the time Petri net and the metric temporal logic. Section III illustrates the slicing TPN algorithm to reduce the TPN model based on these criteria. The case study is presented in Section IV, and Section V presents our conclusions.

II. PRELIMINARY
Verifying and analyzing real-time systems has two elements: the semantic models to describe the properties of a system and the specification of systems. This paper used the TPN model and MTL to represent the semantic model and the specification of the system, respectively. Therefore, this section introduces TPN and MTL concepts."

A. TIME PETRI NET
The time Petri net is a bipartite directed graph with two nodes: places and transitions. A circle depicts a place, and a bar represents a transition associated with the deterministic firing time. A directed arc connects place and transition. In addition, each circle may contain one or more dots, called tokens. Definition 1 formally defines the time Petri net.

Definition 1. (Time Petri net). A time Petri net is a 6-tuple
• P is a finite nonempty set of places.
• T is a finite nonempty set of transitions, ∩ = ∅.
• ∶ ( × ) → ℕ is the backward incidence function or input function that defines the weight of each directed input arc from the places to transitions, where ℕ is the set of nonnegative integers.
• : ( × ) → ℕ is the forward incidence function or output function that defines the weight of each directed output arc from the transitions to the places.
• m0 is the initial marking that defines the tokens in each TPN place. Function m0 (p) denotes the marking of place ∈ .
• ∶ → ℚ * × (ℚ * ∪ {∞}) is the static firing interval function that defines the earliest and latest static firing times of each transition, where ℚ * is the set of positive rational numbers. For a transition t, st(t) = [est(t), lst(t)], where est(t) and lst(t) are the earliest and latest static firing times of transition t, respectively, satisfying est(t) ≤ lst(t).
The following standard notation denotes the input and output places. If ( , ) > 0, then  denotes the input place set of transition t. Similarly,  represents the input transition set of place p.
Furthermore, if ( , ) > 0, then  denotes the output place set of transition t and  represents the output transition set of place p.
Alternatively, the incidence matrices containing the connections from places to transitions and vice versa represent a particular TPN character. In practice, the input and output flow matrices construct the incidence matrices. The input flow matrix contains the input flows from places to transitions, and the output flow matrix contains the output flows from transitions to places.

B. METRIC TEMPORAL LOGIC
Metric temporal logic (MTL) is used to describe the properties of a real-time system. MTL formulae extend linear temporal logic (LTL) with adds time intervals bounds to the temporal operators.
A dynamic slice of a model reduces the size of the model and focuses on its particular use. However, most slice methods run the model and construct the state space from the initial marking, which involves high costs.
The firing interval in a TPN is relative to the time at which the transition is enabled, and it cannot directly provide information about the firing sequences of any two transitions and where  ≠  . Considering the TPN shown in Figure 1, transitions 4 and 5 can fire after the transition is enabled at times [3,5] and [2,4], respectively, but these values cannot inform the firing sequence. Although the state class can provide any firing sequence, none of the values can provide the exact time at which the TPN is executed from the initial marking up to the transition to fire.
The next section proposes a directed graph that provides information about the firing sequence and the global firing time interval. By "global," we mean the accumulated time interval from the initial marking until the transition fire. This graph is called a firing dependency graph, and it can represent the behavior of a TPN and estimate the possible global time of a transition to fire. Our algorithm uses it to consider removing TPN elements that may not affect the given criterion.

III. METHODOLOGY
This section proposes a dynamic slicing algorithm for TPNs based on the firing dependency graph. This algorithm can reduce the size of the TPN model based on the MTL properties by eliminating the place and transition sets that are irrelevant to the MTL properties. The process in Figure 2 shows how to slice a TPN based on the MTL properties. First, an FDG is constructed from the TPN model. Subsection III-A describes the firing dependency graph and how it is created. Second, the slicing criterion is extracted based on the MTL properties. Third, the firing node that cannot be reached from the initial marking within the criterion is sliced from the FDG. Finally, the sliced FDG transforms into a sliced TPN based on the MTL properties. Subsection III-B describes our algorithm for how to slice a time Petri net.

A. FIRING DEPENDENCY GRAPH
A firing dependency graph (FDG) is a dependency graph representing the dependencies of the firing transition within a TPN model. Definition 2 defines a firing dependency graph. • FT is a finite set of firing nodes. For a firing node, is firing transition , ∈ .
• ⊆ × is a finite set of edges. For an edge, = ( , ) ∈ , ≠ means that transition is always enabled after transition is fired. Therefore, a firing node is said to be a predecessor node of firing node whereas a firing node is said to be a successor node of firing node , denotes the set of predecessor nodes of firing node , and  denotes the set of successor nodes of firing node .
• 0 is the set of initial firing nodes. Firing node is said to be an initial firing node if ∈ ( 0 ) Furthermore, when considering the firing conditions of a transition, we assume that transition was enabled at time and that transition fired at time + θ if and only if the following conditions hold: (1) According to the enabling rules, is enabled at time . (2) Relative firing time θ is between ( ) and of all enabled transitions at marking [31]. Then, the global firing time of firing node is defined as where gt(ft) is the global firing time interval in which the TPN runs from the initial node to current node ft; gt_en(ft) is the global enabled time at which the TPN runs from the initial marking up until the time at which transition ft is enabled; and rt(ft) is the relative firing time of transition , defined as Cases 1 and 2 are defined as follows: case 1. If is the conflict transition and ∈ ( ), where CF(t) is the set of conflicting transitions with transition t; case 2. Otherwise. According to (1), we divide the firing nodes into four groups: (1) The initial firing node where the initial marking 0 enables the transition. (2) The synchronized firing node where the transition is synchronized. (3) The merged firing node where the transitions of  are merged. (4) The general firing node with only one predecessor node. The global firing time is calculated as follows: Cases 1 to 4 are, respectively: case 1. If ∈ 0 ; case 2. If is synchronized transition and ∈  ; case 3. If ∈  and are the merge transition; case 4. Otherwise.
Algorithm 1 illustrates how to construct the from = ( , , , , 0 , ). The incident matrix represents the TPN and FDG in this study. According to Algorithm 1, Line 1 creates all the firing nodes of the . Then, Lines 2 to 4 construct all the edges of the by multiplying an input flow matrix by an output flow matrix. Next, Line 5 creates all initial firing nodes. Finally, Lines 6 to 13 calculate the global firing time of each firing node from the initial firing nodes. In addition, regarding the time complexity, Algorithm 1 is a breadth-first traversal algorithm. Therefore, the boundary of the time complexity is the number of elements in the original time Petri net. Therefore, the time complexity of Algorithm 1 is O(|T| 2 |P|), where |T| is the number of transitions and |P| is the number of places in the unsliced time Petri net. Initial firing nodes 0 = { 1 , 6 }. According to (3), we calculate the global firing time of each firing node from the initial firing nodes such that: ( 1 ) = ( 1 ) = [3,6].  Firing node 7 is a synchronized firing node. According to (3),  7 = { 4 , 5 }. Then, We can generate a firing-dependency graph following this step, as shown in Figure 3. The FDG can represent the TPN's behavior and the global firing time of each transition, which is the possible accumulated time interval from the initial marking until the transition fired, as will be shown in Theorem 1. To facilitate our description, we illustrate the firing schedule that leads the TPN from the initial 0 to by firing 0 1 … using 0 1 … .

Theorem 1:
Let be a firing node from 0 . Then, is the global firing time of .
Proof: From the precondition, we know that there must be a firing schedule starting with 0 and ending with , that is, . We apply mathematical induction to exponent i.
For the basic step (i = 0), 0 is the initial firing node. We have ∀ ∈ ( 0 ), the global enabled time of = [0,0]. Therefore, is the exact relative firing time and global firing time of . Therefore, this assumption is true for i = 0.
For the inductive step, we assume that the assertion holds for all positive integers k. Furthermore, we assume that is the global firing time of , which is a firing transition at . Under this assumption, we must show that +1 is the global firing time of +1 , a firing transition at +1 . We now apply this to three different cases of +1 . Case 1.
+1 is a general firing node that has only one predecessor node.
According to (1), According to (1), The proof shows that if the sequence 0 1 … −1 is fired, then the current time must be in , and any time τ in must be able to fit into the firing sequence 0 1 … −1 and end at time τ and . Therefore, gives the exact global time at which transition fires.

Corollary 1:
Let and be the two firing nodes of an . If occurs before , then always fires before f fires.
Proof: In Allens' Interval Algebra [32], if is before , then ( ) < ( ) < ( ) < ( ) . ( ) is the latest global firing time of , and ( ) is the earliest global firing time of ; therefore, must fire before or at the same time as ( ), and cannot fire before time ( ) . Therefore, always fires before fires.  Figure 3. Suppose that we have a time constraint that determines the transitions in which 1 , 2 , 3 and 6 must fire within five time units from the initial marking. We then know that the constraint is satisfied. Figure 3. We found that 8 can be reached from 3 via many firing sequences. The time interval proceeds via each firing sequence within [10,21] - [5,11] = [5,10].

Example 3: Consider the shown in
Corollaries 1 and 2 can be used for the timeless analysis of whether a transition can fire with time constraints. Corollary 1 is used to find the reachable firing node within the timing constraint. Corollary 2 is used to establish a quantitative timing relationship between any two reachable transitions.
The following section proposes a way to reduce the size of an FDG based on the time criterion to reduce the size of a TPN model.

B. SLICING OF THE TIME PETRI NET MODEL
Based on the FDG, we can derive a sliced net under any firing node criterion. The algorithm starts with the transition criterion, according to which the successor node of the criterion of the place travels the FDG. Then, we derive a reachable firing node within the global firing time of the transition criterion. Thus, a subgraph of the FDG represents the behavior of a sliced TPN under the initial marking, and its firing nodes represent the transitions of a sliced TPN. Algorithm 2 describes our slicing TPN as slicing a TPN based on an FDG. According to Algorithm 2, Lines 1 to 2 construct the firing dependency graph (FDG) from the TPN model computed according to Algorithm 1. Then, Lines 3 to 4 extract the slicing firing node criterion ( ) from the MTL formula by deriving the criterion from all propositions of the MTL. Next, Lines 5 to 27 slice the based on . Lines 5 to 10 create the initial firing nodes that run into , Lines 11 to 19 remove the firing nodes that cannot run into , Lines 20 to 23 remove the firing nodes that always fire after fires, and Lines 24 to 27 add the firing nodes that are elements of the conflict transition set in ′ . The final graph contains all the firing nodes representing the transition set of the sliced TPN. Finally, Lines 28 to 33 construct the sliced TPN from the sliced FDG as follows: Line 28 initializes the transitions (T') in the firing node of the sliced FDG; Line 29 initializes the input places ( ′ ) of the transitions in both ′ and ; and Line 30 initializes the backward incidence function ( ′ ) of , the places and transitions of which are in both ′ and .
Similarly, Line 31 initializes the forward incidence function ( ′ ) of , the places and transitions of which are in both ′ and . Line 32 initializes the static firing interval ( ′ ). In , ′ is the static firing interval of the transitions in both ′ and . Finally, Line 33 initializes the initial marking ( 0 ′ ) of , the places of which are in both ′ and . As for the time complexity of the algorithm, Algorithm 2 constructs a firing dependency graph and slicing . In addition, when considering the slicing , this algorithm is a breadth-first traversal algorithm. Hence, the boundary of the time complexity is the number of elements in the unsliced . The number of firing nodes and the number of edges of equal the number of transitions and the number of forward incidence functions of , respectively. Therefore, the time complexity related to slicing the algorithm is (| | + | |) , where | | is the number of transitions and | | is the number of forward incidence functions in the unsliced . Furthermore, the time complexity of constructing a firing dependency graph is (| | 2 | |). Consequently, the time complexity of Algorithm 2 is (| | 2 | | + | | + | |) , where | | is the number of transitions, | | is the number of places, and | | is the number of forward incidence functions in the unsliced time Petri net.
Example 4: Consider the model, as shown in Figure  1, where the place criterion is 7. We can construct , as shown in Figure 4; and ′ , as shown in Figure 5.

IV. CASE STUDY
This section presents an experiment to verify the timing properties of a tactic anti-air command and control (C2) system derived from [33]. The C2 system consists of one C2 center, two subcenters, two air radar groups, and two firing units.
As for the operations of the system, first, each air radar group senses air targets to fuse the data at the data processor and then sends messages to the corresponding subcenter.
Second, after each subcenter receives the message from its radar group, it conducts its commands and sends them to the C2 center. Third, when the messages arrive at the C2 center from two subcenters, situational assessment is performed at the two intelligence seats, and a scheme is worked on at the decision-making seat before sending the results to the two subcenters. Fourth, the subcenter fuses the message with the related data and then sends the results to the firing units upon receiving the command from the C2 center. Finally, when the firing unit receives an assignment from its subcenter, it conducts the assessment and feeds the results back to its corresponding subcenter. Table I shows the duration of each operation. The TPN model represents the structure and behavior of this system, as shown in Figure 6; and Tables I and  II provide transition and place descriptions, respectively.   I  THE TRANSITION DESCRIPTION  Transition  Description  Timing Interval  t101 Dispatch intelligence messages to two staff seats [1,2] t102, t103 Two staff seats conduct a situational assessment [3,5] t104 The top commander seat conducts information fusion and combat planning [5,6] t13, t16, t31, t61 The connectors among the C2 centers and subcenter 1 (subcenter 2) [0,0] t201, t202, t203, t501, t502, t503 The radar senses [30,30] t204, t504 The processor fuses data [2,4] t205, t505 The processor codes the fused data [1,2] t23, t56 The connectors among the air radar group 1 and subcenter 1 [0,0] t301, t601 Subcenter 1 (subcenter 2) conducts target discrimination, identification, and tracking [2,3]  Ready for situation assessment p103, p104 Ready for fusion and combat planning p201, p202, p203, p501, p502, p503 Radar ready to sense air targets p204, p205, p206, p504, p505, p506 Radar data for fusion p207, p507 Fused radar data p301, p601 Waiting for the evaluation of a threat p302, p302(1), p602, p602 (1) Intelligence seat available p303, p603 Waiting for a fire assignment p401, p701 Ready to send a fire command p402, p702 Waiting for damage assessment C2C.R1, C2C.R2 C2 center receives a message from subcenter 1 (subcenter 2) C2C.S1, C2C.S2 C2 center ready to send the command to subcenter 1 (subcenter 2) FU1.R, FU2.R Firing unit 1 (firing unit 2) receives the command from subcenter 1 (subcenter 2) FU1.S, FU2.S Firing unit 1 (firing unit 2) is ready to send the result of the damage assessment to subcenter 1 (subcenter 2) RG1.MSG, RG2.MSG Radar group 1 (radar group 2) is ready to send the target message to subcenter 1 (subcenter 2) SC1.RI, SC2.RI, SC1.RI (1), SC2.RI (1) Subcenter 1 (subcenter 2) receives the damage assessment result from firing unit 1 (firing unit 2) SC1.RM, SC2.RM Subcenter 1 (subcenter 2) receives the command from the C2 center SC1.SM, SC2.SM Subcenter 1 (subcenter 2) is ready to send the command to firing unit 1 (firing unit 2) SYS.F1, SYS.F2 A combat command is sent to firing unit 1 (firing unit 2) SYS.R1, SYS.R2 A message arrives from air radar group 1 (air radar group 2) Furthermore, the two systems considered for the slicing criterion in this example are as follows: Property 1: Each air radar group sends the target information to its subcenter, which takes 40 time units. The MTL representation of this can be expressed as follows: ))) Property 2: The C2 center groups the messages from all subcenters and sends back results. The entire processing time must be less than or equal to 22 time units. The MTL is expressed as follows: In the experiment, we slice the time Petri net based on two properties according to Algorithm 2. Additionally, we compared the structural model, state space class, and the results of the MTL satisfaction check between the sliced and unsliced TPNs. The comparison of the structural model focuses on the total number of places, the number of transitions, and the number of arcs that link these places and transitions. Alternatively, comparing the state-space class focuses on the number of states and the number of edges that connect those states. In this study, the model checker used to construct the structure and state space models is the time Petri net analyzer (TINA) toolbox, dependent on the LTL properties. As for the MTL satisfaction check results, we split the MTL properties into two categories: the LTL and timing properties of the C2 system. Then, we verify the LTL properties using the TINA model checker and analyze the timing properties according to corollary two.
As for the experimentation, applying Algorithm 2 to slice the TPN based on two properties gives the following FDG:  Figure 7 shows the sliced TPN based on property 1, and Table III presents the number of places and transitions of unsliced and sliced TPNs. Finally, considering MTL satisfaction, the result for the LTL property is true, as shown in Table IV. Furthermore, when considering the timing property, the time interval in which the transition criterion can be reached from the initial marking is [33,36], so the timing property is satisfied. Therefore, property 1 of the system was satisfied.
Similarly, slicing the TPN based on property 2 yields the following results: the slicing criterion is {C2C.R1, C2C.R2, C2C.S1, C2C.S2}; therefore, the transition criterion is {t31, t61, t104}. The time delay from {C2C.R1, C2C.R2} to {C2C.S1, C2C.S2} was 22 time units. All firing nodes always fire after the transition criterion is removed. Figure 8 shows the slicing of the TPN based on property 2. As a result, the TPN model size is summarized in Table III. As for the satisfaction of the MTL, the LTL property is satisfied, as shown in Table IV [9,13], so the timing property is satisfied. Therefore, the system property was satisfied.
In addition, we combine two properties to obtain the overall system property. The slicing criterion is {RG1.MSG, RG2.MSG, C2C.R1, C2C.R2, C2C.S1, C2C.S2}, so the transition criterion is {t205, t505, t31, t61, t104}. The time delay from the initial marking to RG1.MSG and RG2.MSG is 40 time units, and from {C2C.R1, C2C.R2} to {C2C.S1, C2C.S2} was 22 time units. Our slicing algorithm can remove all firing nodes that always fire after the transition criterion, which is the same as the sliced of the TPN based on property 2, as shown in Figure 8. When considering the satisfaction of the MTL, the LTL property is satisfied, as shown in Table IV. Because the timing properties 1 and 2 are satisfied. Therefore, the system property was satisfied.  Table III shows the number of places and transitions of unsliced and sliced TPNs. When comparing the sizes of the sliced and unsliced TPN models, the sliced TPN is smaller than the unsliced TPN.  Table IV shows the results of state space analysis by the TINA model checker. In terms of the number of states, the state space size of the sliced TPN is smaller than that of the unsliced TPN; furthermore, the sliced TPN still preserved all properties of the LTL satisfaction results of the unsliced TPN, and the sliced TPN consumed less CPU time. Suppose that the slicing criterion is the output place set of all transitions that fired in the same order. We then slice the TPN based on each slicing criterion and obtain a plot for the number of states of the sliced TPN, as shown in Figure 9.  According to the study findings, our slicing algorithm may reduce the size of the TPN for a software system with target MTL properties preserved as the unsliced TPN decreases the state space size. However, the sliced TPN that concerns the target properties can vary with the MTL properties. Moreover, the order of the transitions fired can considerably influence any reductions. The early order of the transitions fired is attached to the criterion and allows for greater reductions while the last order of the transitions fired may not reduce the size of the sliced TPN.
Additionally, our slicing algorithm is based on a firing dependency graph that represents the overall behavior of a TPN, and it can be possible to compute the global firing time of the criteria. Therefore, our slicing algorithm may slice a TPN where several MTL formulas do not recompute the FDG.

V. CONCLUSION
This paper proposes an alternative dynamic TPN slicing algorithm based on a firing dependency graph, representing the global firing time interval of transitions, to reduce the TPN elements irrelevant to the MTL properties' criterion. Furthermore, the sliced TPN that was obtained only ensured that it had fewer enabled transitions than the unsliced TPN and preserved all the properties of the unsliced TPN.
Our slicing algorithm does not replace traditional model checking. However, we propose an alternative to verify the TPN model to possibly reduce the size of a TPN; and then the sliced TPN, which performs equivalently to the unsliced TPN, is the input of the traditional model checking. Although our algorithm had a cost to reduce the model, it might be helpful for model checking to generate state space. For example, suppose that massive real-time systems with the target MTL formula might cause state space explosion resulting in the inability to conduct model checking. Perhaps we can remove a sufficient number of the transitions that do not affect the state space to prevent state space explosion, and then the model check can be verified.
As the slicing algorithm considers only the propositions of MTL properties, some state space classes may not be reachable from their initial states. Therefore, it is recommended that further research with time constraints of the MTL properties to account for the sliced TPN be conducted. Furthermore, the approach may be applicable to a high-level Petri net, and thus more complex systems with data and variables can be verified.