A refinement and abstraction method of the SPZN formal model for intelligent networked vehicles systems

Abstract

Security and reliability are the utmost importance facts in intelligent networked vehicles. Stochastic Petri Net and Z (SPZN) as an excellent formal verification tool for modeling concurrent systems, can effectively handles concurrent operations within a system, establishes relationships among components, and conducts verification and reasoning to ensure the system's safety and reliability in practical applications. However, the application of a system with numerous nodes to Petri Net often leads to the issue of state explosion. To tackle these challenges, a refinement and abstraction method based on SPZN is proposed in this paper. This approach can not only refine and abstract the Stochastic Petri Net but also establish a corresponding relationship with the Z language. In determining the implementation rate of transitions in Stochastic Petri Net, we employ the interval average and weighted average method, which significantly reduces the time and space complexity compared to alternative techniques and is suitable for expert systems at various levels. This reduction facilitates subsequent comprehensive system analysis and module analysis. Furthermore, by analyzing the properties of Markov Chain isomorphism in the case study, recommendations for minimizing system risks in the application of intelligent parking within the intelligent networked vehicle system can be put forward.

1. Introduction

The intelligent networked vehicle system is an innovative vehicle system that combines advanced computer technology and vehicle communication technology [1-5]. Its design goal is to provide everyone with a safer, more efficient and intelligent travel experience through real-time communication with surrounding vehicles, infrastructure and cloud servers. However, promising the correctness and reliability of the intelligent networked vehicle systems has been a challenging task due to their complexity and criticality [6-9].

To address these challenges, researchers often verify system functionality and performance by simulating real-world scenarios and performing virtual simulations using sensor data. Among many methods, formal methods are gradually emerging in the development and verification of intelligent networked vehicle systems. Formal method is a verification method based on mathematics and logic, which is used to formally describe the behavior and properties of the system, and reason and analyze it [10-12]. Formal methods are often widely used in biology [13,14], hardware [15], software [16], industry [17-19] and other fields. In intelligent networked vehicle systems, formal methods can be used to establish precise mathematical models to describe the states, events, and transition rules of the system. These models can be verified with system-level properties through formal verification techniques such as model checking, theorem proving, and symbolic execution [20-22].

Among various formal methods, Petri Net, as a powerful formal tool, can be used to describe the behavior of concurrent systems [23]. It has a clear semantic specification and graphical representation, can accurately describe the concurrent behavior and state transition of the system, and helps us to understand the overall working principle and interaction process of the system. Through the application of Petri Net, researchers and engineers can establish system models, and apply techniques such as model checking, state space analysis, and performance optimization for verification and analysis. In the intelligent networked vehicle system, Petri Net can be used to establish the behavior model of the system, describing the interaction and concurrent operation among vehicles, sensors, communication modules and control algorithms [24-26]. The performance and correctness of the system can be deduced by analyzing the state transition and transition trigger conditions of Petri Net. Compared with machine learning, this method does not require a large amount of data for verification in intelligent networked vehicle systems, and Petri Net are very suitable for concurrent structures in intelligent networked vehicle systems.

However, intelligent networked vehicle system is different from other systems. It has a large number of nodes, and using Petri Net for modeling will cause the problems of excessive model size and state space explosion. Based on this background, this paper proposes a refinement and abstraction method based on Stochastic Petri Net and Z (SPZN), 1)According to the different requirements required at different stages in formal verification, refined or abstract methods for analysis and verification respectively can be chosen. The refinement method can be used to conduct in-depth research on the underlying structure and processes of the system from a microscopic perspective. The use of abstract methods can study the entire system from a macro perspective and effectively avoid the state explosion problem by reducing the complexity of the model. 2) A method to determine the transition implementation rate is provided. Through the method of combining expert system and weighted average, the implementation rate of transition can be effectively determined. This method can be applied to situations where the professional level gap between experts is large and the expert opinions do not overlap. 3) The refining and abstraction methods proposed in this paper are practically applied effectively to reduce model complexity and avoid state explosion. And the transition implementation rate determination method was used to effectively determine the transition implementation rate. Based on the steady-state probability transition trend, measures to improve safety and reliability were proposed.

This paper is structured as follows: Section 2 provides an overview of the relevant foundational knowledge. In Section 3, the SPZN-based refinement and abstraction techniques are comprehensively elaborated. Section 4 describes the nature of the model. Section 5 presents a case study that demonstrates the application of the proposed method. Section 6 offers a discussion and qualitative analysis of the case study results. Finally, Section 7 concludes the paper by giving final remarks, as well as suggestions for future works.

2. Fundamentals

2.1 Intelligent networked vehicles

The intelligent networked vehicle system consists of several key components and subsystems, which are used to realize various functions of the intelligent networked vehicle system such as automatic driving, navigation, and route optimization. At present, the most widely used and most recognized intelligent networked vehicle system structure is the integrated structure of vehicles, roads, people, and clouds. In this structure, connections can be established between vehicles, roads, people, and clouds to realize information exchange, as shown in Fig. 1. This figure clearly describes the information transmission among vehicles, roads, people, and clouds. The integrated structure of vehicles, roads, people and clouds provides people with a safer, more efficient and intelligent travel experience, and also provides more data for the traffic management department, and promotes the development of intelligent transportation.

Fig. 1. Intelligent networked vehicle system architecture.

Fig. 1 simplifies the transmission of some information. In real life, the information flow of the intelligent networked vehicle system is far more complex than the above figure. The information flow between vehicles, roads, people, and clouds in the intelligent networked vehicle system mainly includes the following [27-29]:

(1) Vehicle perception and data collection: Intelligent networked vehicles senses the surrounding environment in real time through on-board sensors and collects vehicle data such as the current status, location, speed, tire pressure, etc.;

(2) Interaction between vehicles (V2V): Intelligent networked vehicles interact through the vehicle-to-vehicle communication network, such as: traffic information sharing, vehicle group coordinated driving, etc.;

(3) Interaction between vehicles and infrastructure (V2I): Intelligent networked vehicles interact with infrastructure to obtain information such as speed limit information, traffic signal status, and road congestion ahead, and transmit the current status and location of vehicles to the infrastructure;

(4) Interaction between vehicles and pedestrians (V2P): Intelligent networked vehicles senses the presence and behavior of pedestrians around the body through on-board sensors, and takes corresponding measures according to different situations, such as: safety warning, braking, emergency avoidance, etc.;

(5) Interaction between the vehicle and the cloud (V2C): Intelligent networked vehicle uploads the collected data to the cloud for storage and processing, and the cloud uses technologies such as big data analysis and machine learning to analyze the vehicle data to realize real-time traffic status monitoring, road condition prediction, traffic optimization and other functions, and send decisions to intelligent networked vehicles according to the prediction results, such as route optimization, traffic accident warning, etc., and the vehicle will perform corresponding operations according to the cloud decision;

(6) Interaction between pedestrians and the cloud: pedestrians can obtain relevant personalized information from the cloud, such as: real-time bus information, weather forecast, walking navigation, etc.;

(7) Interaction between the infrastructure and the cloud: the infrastructure can upload the collected real-time road condition monitoring data and road condition monitoring data for a certain period of time to the cloud for storage and processing, and the cloud can assist in predicting and guiding intelligent networked vehicles based on the data before making relevant decisions, the cloud can also update the infrastructure information according to the current relevant policies, laws and regulations, such as changing the speed limit and traffic limit of the current road section.

The intelligent networked vehicle system is an intricate network composed of vehicles, roads, people and clouds. Among all elements in the system, the intelligent networked vehicles constitute a fundamental component. These vehicles, acting as mobile nodes, can sense real-time traffic and environmental conditions and transmit this information to roadside units and cloud servers. The significance of vehicle sensors in perceiving vehicle surroundings cannot be underestimated. Studies by Al-Turjman[30], Fayyad[31], Wang[32] and other mainstream intelligent networked vehicle companies have shown that most intelligent networked vehicles are equipped with at least ten sensors, such as radar sensors, laser sensors, and video monitors. Fig. 2 showcases the distribution map of the onboard sensors of intelligent networked vehicles. Generally, radar sensors are situated at the vehicle's four corners, while laser sensors are placed at the vehicle's front and back. Moreover, video sensors and GPS (Global Positioning System) receivers are installed on the roof. It is worth mentioning that the allocation of vehicle sensors varies among businesses, scientific researches, and practical applications.

Fig. 2. Distribution of common on-board sensors in intelligent networked vehicles.

The description above demonstrates that the intelligent networked vehicle system is a complex network with numerous concurrent structures and a high degree of randomness. Consequently, the paper utilizes SPZN [33], a formal modeling tool proficient in capturing concurrency and randomness.

2.2 Stochastic Petri Net and Z (SPZN)

A Petri Net is defined as a four-tuple N = (P, T, F, M₀) [34-36].

(1) P = {p₁, p₂, ⋯ , p_n} is a non-empty finite set containing all the place elements in the Petri Net, and usually the place is represented in the Petri Net in the form of a circle;

(2) T = {t₁,t₂, ⋯ , t_m} is a non-empty finite set containing all the transition elements in the Petri Net, and usually the transition is represented in the Petri Net in the form of a rectangle;

(3) F = {P × T} ∪ {T × P} is the set of directed arcs in the Petri Net, connecting the place and the transition, and there is no directed arc between any two places or two transitions;

(4) M₀ = {m₀(p₁), m₀(p₂), ⋯ m₀(p_n)} is the initial marking, which describes the initial marking of the Petri Net.

For the above four-tuple, the following conditions should be satisfied:

P ∩ T = ∅       (1)

P ∪ T ≠ ∅       (2)

Stochastic Petri Net (SPN) [37] is an advanced Petri Net that can effectively model the description of uncertainty systems by adding the transition implementation rate λ to the Petri Net, so it is defined as a five-tuple N = (P, T, F, M₀, λ), Where λ = {𝜆₁, 𝜆₂, ⋯ , 𝜆_m} is the set of transition implementation rates, 𝜆_i is a non-negative real number, and there exists a transition implementation rate 𝜆_i corresponding to each transition t_i. The transition implementation rate is opposed to the transition trigger delay, which is also called the transition service time, and if the transition trigger delay is expressed by T_delay, then the transition implementation rate and the transition trigger delay satisfies the following equation:

T_delay × λ = 1       (3)

The trigger rules of SPN are defined as follows: when there exists a transition t_i to satisfy the trigger condition, then after the time delay of the transition trigger, the token flows from the place p_𝑎 before t_i to the library p_b after t_i. Meanwhile, the reachable marking MM before the trigger also changes with the transition t_i to produce a new reachable marking M′, and the passing rules of token satisfies the following equation:

m′ (p_𝑎) = m(p_𝑎) − Pre(p_𝑎,t_i) + Post(p_𝑎,t_i)       (4)

m′(p_b) = m(p_b) − Pre(p_b,t_i) + Post(p_b,t_i)       (5)

The meaning of Pre(p_𝑎,t_i) is the number of output tokens in the place p_𝑎 required for the trigger of transition t_i, and the meaning of Post(p_b,t_i) is the number of input tokens after the trigger of transition t_i.

SPZN combines Stochastic Petri Net with the Z language to enhance the descriptive power of the model based on Stochastic Petri Net, which is defined as a nine-tuple N = (P, T, F, M₀, λ, Z_P, Z_T, S, C), where

(1) Z_P = {Z_p1, Z_p2, ⋯ , Z_pn} is a set of Z that each place is based on.

(2) Z_T = {Z_t1, Z_t2, ⋯ , Z_tm} is a set of Z that each transition is based on.

(3) S: P → Z_P is a set of the one-to-one map relationship between P and Z_P.

(4) C: T → Z_T is a set of the one-to-one map relationship between T and Z_T.

(5) PN = (P, T, F, M₀) is a Petri Net.

(6) SPN = (P, T, F, M₀, λ) is a Stochastic Petri Net.

(7) PZN = (P, T, F, Z_P, Z_T, S, C) is a Petri Net and Z (PZN),

As shown in the Fig. 3, the correspondence between SPZN-SPN and SPZN-Z in SPZN can be clearly seen. In Z_ti, the assertions are divided into pre-assertion and post-assertion, which correspond to the pre-condition and post-conditions of the transiton t_i, respectively.

Fig. 3. The relationship between SPN and Z in SPZN.

In SPN, it has been proved that its marking graph is isomorphic to Markov Chain (MC), and each marking in SPN corresponds to the state in MC [38]. For a MC that is isomorphic to a SPN, where the MC has l states, we can define a transition matrix Q of l × l order.

When c ≠ d, if ∃t_i ∈ T that makes M_c[t_i > M_d, then

\(\begin{align}q_{c d}=\left.\frac{d\left(1-e^{-\lambda_{i} \tau}\right)}{d \tau}\right|_{\tau=0}=\lambda_{i}\end{align}\)       (6)

else,

q_cd = 0       (7)

When c = d, then

\(\begin{align}q_{c d}=\left.\frac{d\left(e^{-\tau} \sum_{i} \lambda_{i}\right)}{d \tau}\right|_{\tau=0}=-\sum_{i} \lambda_{i}\end{align}\)       (8)

where 𝜆_i is the average implementation rate of transition t_i.

By constructing the reachable marking graph of the SPN, we can obtain that the reachable marking graph and its isomorphic MC have l states. The steady-state probability from marking M₀ to marking M_l−1 is an n-dimensional vector P, then P = (P(M₀), P(M₁) ⋯ P(M_l−1)), where P(M_i) is the steady-state probability of marking M_i. According to the Markov process, there are the following equations. By solving this system of equations we can obtain the steady-state probability P(M_i) for each reachable marking M_i.

\(\begin{align}\left\{\begin{array}{c}P \times Q=0 \\ \sum_{i=0}^{l-1} P\left(M_{i}\right)=1\end{array}\right.\\\end{align}\)       (9)

2.3 Determination of the transition trigger delay

Liu et al. [39] made significant advancements in determining the transition trigger delay. They introduced the use of triangular membership functions and adopted the regional center method to determine the interval for the transition trigger delay. These two methods enable the quantitative representation of expert knowledge and the standardization of different expert opinions.

However, the aforementioned method exhibits a high level of complexity and is deemed unsuitable for intelligent networked vehicle systems that have a substantial number of nodes, and is limited to triangular and symmetric cases for the membership functions. When the trigger delay intervals provided by different experts do not overlap, the above method cannot effectively solve the problem. To address these issues, this study proposes the method of weighted average after the interval average. This approach effectively resolves the aforementioned limitations. Additionally, when different experts possess different specialties, we can evaluate and assign corresponding weights to them. Then, we take the average value of the interval provided by each expert and calculate the final result using the weighted average method.

Assuming that expert u estimates the interval of the trigger delay for transition v as [x, y], calculating the average trigger delay for this transition can be accomplished easily, as shown in (10), TA_u,v is the average trigger delay estimate of expert u for transition v. Subsequently, the average trigger delays of u experts for v transitions can be represented by a matrix, as indicated in (11),

\(\begin{align}T A_{u, v}=\frac{x+y}{2}\end{align}\)       (10)

\(\begin{align}T A=\left(\begin{array}{ccc}T A_{1,1} & \cdots & T A_{1, v} \\ \vdots & \ddots & \vdots \\ T A_{u, 1} & \cdots & T A_{u, v}\end{array}\right)\end{align}\)       (11)

Weight vectors for the u experts are obtained following evaluation, considering their professionalism and reliability, as shown in (12),

F = (f₁, f₂, ⋯, f_u)       (12)

Equation 13 of the weighted average algorithm allows us to readily derive (14), where TA_transition represents the vector of weighted average time delays across all transitions.

\(\begin{align}\bar{x}=\frac{x_{1} f_{1}+x_{2} f_{2}+\cdots+x_{k} f_{k}}{\sum_{1}^{k} f_{i}}\end{align}\)       (13)

\(\begin{align}T A_{\text {transition }}=\frac{F * T A}{\sum_{1}^{u} f_{i}}=\left(\frac{f_{1}}{\sum_{1}^{u} f_{i}}, \frac{f_{2}}{\sum_{1}^{u} f_{i}}, \cdots, \frac{f_{u}}{\sum_{1}^{u} f_{i}}\right)\left(\begin{array}{ccc}T A_{1,1} & \cdots & T A_{1, v} \\ \vdots & \ddots & \vdots \\ T A_{u, 1} & \cdots & T A_{u, v}\end{array}\right)=\left(T A_{1}, T A_{2}, \cdots T A_{v}\right)\end{align}\)       (14)

3. Methodology

In response to the state explosion problem that arises when using Petri Net for formal modeling and analysis in complex systems, this section proposes an abstraction and refining method based on SPZN. On the premise of the safety, boundedness and reachability of the model, according to different stages and different needs, choose an abstract method or a refining method. Using the abstract method, the key elements in each sub-model are extracted and abstracted into a simplified and complete system model, and then the overall function of the system is analyzed according to the model. Using the refining method, each sub-model is refined separately, the details of the workflow in the sub-module are analyzed, and the functions in the sub-model are analyzed and refined. Fig. 4 clearly and completely shows the work flow of the abstract method and the refined method. In this section, we propose five refinement and abstraction methods for SPZN, each of which is reversible.

Fig. 4. Workflow diagram of the refinement and abstraction method based on SPZN.

(1) The abstract method of the place and the refinement method of the transition.

(2) The abstract method of transition and the refinement method of place.

(3) Abstract method and refinement method for multiple places.

(4) Abstract method and refinement method for multiple transitions.

(5) Mixed refinement methods and abstract methods.

As shown in Fig. 5, this figure is the first method, which abstracts a place p_𝑎 and two transitions t_i, t_j into a transition t*. After t_i meets the trigger condition, the token flows into p_𝑎, and t_j triggers after the trigger condition of t_j is met, and the token in p_𝑎 flows out to the subsequent part. The place p_𝑎 has one and only one input arc connected to t_i and one output arc connected to t_j. Suppose the number of input arcs and output arcs of transition t_i is I_ti, O_ti, the number of input arcs and output arcs of transition t_j is I_tj, O_tj, and the number of input arcs and output arcs of transition t* is I_t*, O_t*, then this method satisfies the following equation:

Fig. 5. The abstract method of the place and the refinement method of the transition.

\(\begin{align}\left\{\begin{array}{c}I_{t_{i}}+I_{t_{j}}=I_{t^{*}}+1 \\ O_{t_{i}}+O_{t_{j}}=O_{t^{*}}+1\end{array}\right.\end{align}\)       (15)

While abstracting, the Z language will also change accordingly. After the abstraction, the Z language contains all the content of place and transition before the abstraction. Therefore, there is a set relationship Z_t* = {Z_ti, Z_tj, Z_p𝑎} correspond to this abstraction.

Fig. 6 shows the second method, which abstracts two places p_𝑎, p_b and a transition t_i into one place. After t_i meets the trigger condition, the token in p_𝑎 flows into p_b through t_i. Transition t_i has one and only one input arc connected to p_𝑎 and one output arc connected to p_b. Suppose the number of input arcs and output arcs of place p_𝑎 is I_p𝑎, O_p𝑎, the number of input arcs and output arcs of place p_b is I_pb, O_pb, and the number of input arcs and output arcs of place p* is I_p*, O_p*, then this method also satisfies the following equation:

Fig. 6. The abstract method of the transition and the refinement method of the place.

\(\begin{align}\left\{\begin{array}{c}I_{p_{a}}+I_{p_{b}}=I_{p^{*}}+1 \\ O_{p_{a}}+O_{p_{b}}=O_{p^{*}}+1\end{array}\right.\end{align}\)       (16)

While abstracting, the Z language will also change accordingly. After the abstraction, the Z language contains all the content of place and transition before the abstraction. Therefore, there is a set relationship Z_p* = {Z_p𝑎, Z_pb, Z_ti} correspond to this abstraction.

The third method is shown in Fig. 7. This method abstracts multiple places into one place and satisfies the set relationship Z_p* = {Z_p𝑎, ⋯ , Z_pb}. Assuming that there are c places abstracted into one place, the number of output arcs of transition t_i is O_ti, and the number of input arcs of transition t_j is I_tj. Then in the fourth method, after the abstraction, both the output arc of t_i and the input arc of t_j will reduce by c. The number of output arcs of t_i is O_ti − k, and the number of input arcs of t_j is I_tj − k.

Fig. 7. Abstract method and refinement method for multiple places.

The fourth method is shown in Fig. 8. This method abstracts multiple transitions into one transition, and satisfies the set relationship Z*_t = {Z_ti, ⋯, Z_tj}. Assuming that k transitions are abstracted into one transition, the number of output arcs of place p𝑎 is O_p𝑎, and the number of input arcs of place p_b is I_pb. Then in the fourth method, after abstraction, the output arcs of p_𝑎 and the input arcs of p_b will be reduced by k. The number of output arcs of p_𝑎 is O_p𝑎 − k, and the number of input arcs of p_b is I_pb − k.

Fig. 8. Abstract method and refinement method for multiple transitions.

In the fifth mixed refinement method and abstraction method is shown in Fig. 9, this method abstracts two places and two transitions into one place and one transition, and the corresponding set relationship satisfies: Z*_t = {Z_ti, Z_tj}, Z*_p = {Z_p𝑎, Z_pb}. Suppose the number of input arcs of place p_𝑎 is I_p𝑎 and the number of input arcs of place p_b is I_pb, and the number of input arcs of place p* is I_p*. Place p_𝑎 has one and only one output arc connected to transition t_i, and place p_b has one and only one output arc connected to transition t_j. Both transition t_i and transition t_j have one and only one input arc and output arc, and both output arcs are connected with place p_c. After abstraction, the transition t* has one and only one input arc connected to p*, and one output arc connected to p_c, then this method satisfies the following formula:

Fig. 9. Mixed refinement methods and abstract methods.

I_pa + I_pb = I_p*       (17)

4. Modeling analysis

4.1 Reachability

Reachability is the most basic dynamic property of Petri Net, and other properties need to be defined through reachability.

Definition 1. Let Σ = (P, T, F, M₀) be a Petri Net, if there is ∃t ∈ T that makes M[t > M′, then M′ is called directly reachable from M. If there are transition sequences t₀, t₁, ⋯ , t_k−1 and marking sequences M₀, M₁, ⋯, M_k, such that M₀[t₀ > M₁[t₁ > M₂ ⋯ M_k−1[t_k−1 > M_k, then M_k is called reachable from M₀. The set of all markings reachable from M₀ is denoted as R(M₀),

According to the description of Definition 1, the algorithm for verifying the reachability of Petri Net as shown in Algorithm 1 can be obtained.

Algorithm 1: Algorithm for Verifying the Reachability of Petri Net Σ

4.2 Boundedness and safety

According to the definition of reachability, boundedness and safety are very necessary in Petri Net. When a certain part of the system does not satisfy the safety requirements, relevant solutions should be taken to prevent unsafe conditions. If the system satisfies safety, it means that the probability of the system being unsafe is very small, but it does not mean that the system will always maintain a safe state.

Definition 2. Let Σ = (P, T, F, M₀) be a Petri Net, if ∃B ∈ ℤ⁺ such that ∀M ∈ R(M₀): M(p) ≤ B, then the place pp is called bounded, and the smallest positive integer B that satisfies this condition is called the bound of place p, denoted as B(p),

B(p) = min{B|∀M ∈ R(M₀): M(p) ≤ B}       (18)

when B(p) = 1, the place p is said to be safe.

Definition 3. Let Σ = (P, T, F, M₀) be a Petri Net, if any place is bounded, it is called a bounded Petri Net.

B(Σ) = max{B(p)|p ∈ P}       (19)

we call B(Σ) is the bound of Σ. When B(Σ) = 1, the Petri Net Σ is called be safe.

According to the description of Definition 2 and Definition 3, the algorithm for verifying the boundedness and safety of Petri Net shown in Algorithm 2 can be obtained. Among them, S(p) and S(Σ) respectively represent the safety of place p and Petri Net Σ. If S(p) = 0 or S(Σ) = 0, then the place p or the Petri Net Σ does not satisfy safety. If S(p) = 1 or S(Σ) = 1, then the place p or the Petri Net Σ satisfies safety.

Algorithm 2: Algorithms for Verifying the Boundedness and Safety of Petri Net Σ

5. Case study

In this chapter, considering the extensiveness and complexity of the intelligent networked vehicle system in actual application scenarios, we give a simple application of intelligent networked vehicle in smart parking scenarios, as shown in Fig. 10. In this application scenario, the intelligent networked vehicle and the intelligent parking system communicate with the cloud respectively, and the cloud plans the parking location according to the remaining parking spaces, and communicates with the intelligent networked vehicle and the intelligent parking system to complete smart parking. Fig. 11 clearly describes the process of smart parking.

Fig. 10. Smart parking scene.

Fig. 11. Smart parking application process.

According to the flow chart shown in Fig. 4, we first establish corresponding SPZN-SPN sub-models for different functional modules in the above scenarios. In this scenario, it mainly involves three modules: smart car, cloud and smart parking system. After the sub-models of the above three modules are established, according to the business relationship and workflow among the sub-modules of the system, the connection between the modules is established, as shown in Fig. 12. The meanings of corresponding places and transitions are shown in Table 1 and Table 2.

Fig. 12. The SPZN model established in the smart parking scenario.

Table 1. Meanings of places.

Table 2. Meanings of transition.

After establishing the SPZN-SPN model for each functional module, it is imperative to effectively describe places and transitions using the Z language and establish the connection between SPZN-SPN and SPZN-Z. Due to space constraints, it is not feasible to display all the Z language descriptions of places and transitions. Only part of the Z language descriptions of places and transitions are given below, where p₃, p₄ and t₃ correspond to p₃, p₄ and t₃ in Fig. 13, respectively.

Fig. 13. Z language descriptions of places and transitions.

For the SPZN model established under the smart parking scenario shown in Fig. 12, it is assumed that the initial marking is

M₀ = (1) = [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

which means that there is a token in the place p₁. When transition t₁ is triggered, the token in place p₁ will be transferred to place p₂ through transition t₁. Similarly, we can obtain all sets of reachable markings of the model, and establish the corresponding diagram of reachable markings, as shown in Table 3 and Fig. 14. Correspondingly, we can get the isomorphic Markov Chain.

Table 3. The set of reachable marking R(M₀).

Fig. 14. The reachable marking tree.

It can be seen that the number of intelligent networked vehicle terminal nodes is large, the number of states is increasing exponentially, the complexity of the SPZN model is high, and the reachable marking tree constructed is large, which hinders the analysis and verification of the subsequent model. According to the method of refinement and abstraction based on the SPZN formal model proposed in Section 3 of this paper, each module is abstracted, and essential elements are extracted from each module to form concise and complete system modules, as depicted in Fig. 15. The meanings of places and transitions are shown in Table 4. After abstraction, the set relationship corresponding to Z language is shown in Table 5.

Fig. 15. Use the abstract method to abstract the SPZN model.

Table 4. Meanings of places and transitions.

Table 5. The set relationship corresponding to the Z language.

After abstracting the SPZN model, assuming that the initial marking is (1,0,0,0,0), the corresponding isomorphic MC chain can be easily obtained according to the triggering rules, as shown in Fig. 16. Consequently, we apply the method described in Section 2.3 for determining the transition trigger delay, and integrate the transition trigger delay intervals provided by various experts. Table 6 displays the trigger delay intervals provided by the six experts.

Fig. 16. Markov Chain with reachable marking graph isomorphism.

Table 6. Transition implementation delay interval. (unit: ms)

According to (10), a matrix depicting the average trigger delay for six experts across six transitions can be obtained, as demonstrated in (20), Considering the varying professional levels of these six experts, a weight vector F = (0.23, 0.08, 0.13, 0.2, 0.18, 0.18) is derived after evaluation. Subsequently, utilizing (14), the weighted average time delay vector for the six transitions can be determined, as presented in (21), The implementation rate of each transition can be easily obtained by considering the reciprocal relationship between the transition implementation rate and the transition trigger delay, as illustrated in Table 7.

Table 7. Transition implementation rate.

\(\begin{align}T A^{T}=\left(\begin{array}{cccccc}7.5 & 6 & 6.5 & 7 & 7 & 7.5 \\ 22.5 & 23.5 & 17.5 & 23.5 & 29.5 & 20 \\ 62.5 & 47.5 & 57.5 & 64 & 45 & 55 \\ 11.5 & 10 & 7.5 & 14 & 7.5 & 9 \\ 32.5 & 30.5 & 30 & 31.5 & 33 & 34 \\ 42.5 & 46.5 & 40 & 44.5 & 45.5 & 41.5\end{array}\right)\end{align}\)       (20)

TA_transition = (7.060, 22.940, 56.450, 10.190, 32.175, 43.255)       (21)

The steady-state probability for various markings can be calculated using (9), Table 8 presents the steady-state probabilities for each flag displayed in Fig. 16, considering the transition implementation rates from Table 7.

Table 8. The steady-state probability for each marking.

Based on the algorithms for reachability, boundedness, and safety described in Section 4, we can verify the abstraction process detailed above. Table 9 displays the verification results for both the original SPZN model and the abstracted SPZN model.

Table 9. Verification results of reachability, safety, and boundedness.

It is important to acknowledge that the model can be refined or abstracted as long as the conditions for refinement and abstraction are met. The selection of refined and abstract methods depends on specific usage requirements. In this chapter, only abstract methods within the refinement and abstraction methods are presented. If a more thorough examination of each functional module in the smart parking scenario is desired, it is possible to refine or abstract each sub-model depicted in Fig. 12. However, due to space limitations, this paper does not delve into an in-depth discussion.

6. Results and discussions

In the study by Liu et al. [33], the SPZN model has been proven to have good performance, as shown in Table 10. It can be seen from the case in Section 5 that after refining the established SPZN model, the number of places, transitions, and reachable marking is significantly reduced, relevant data are shown in Table 11 and Fig. 17. When the SPZN model is applied to large and complex systems, the corresponding model size becomes larger and the complexity will increase accordingly. It will become very difficult to verify the model by applying relevant mathematical rules. According to different requirements, we can analyze a large and complex system model by using refined and abstract methods. And according to the definition of the nature of the model and mathematical rules, we can verify that the model is safe and stable before and after refinement and abstraction.

Table 10. Difference between PN, PZN, SPN, and SPZN.

Table 11. The number of places, transitions, and markings before and after abstraction.

Fig. 17. The quantity trends of place, transition, marking and arc after abstraction.

Based on the transition implementation rates determined by the method proposed in this paper as shown in Table 7, we changed all the transition implementation rates one by one, and calculated the corresponding steady-state probabilities, and obtained the result trend as shown in Fig. 18. It should be noted that when changing the implementation rate of a certain transition, other conditions remain unchanged. By changing the transition implementation rate, we have the ability to dynamically analyze the abstracted SPZN. This enables us to observe the correlation between the different modules within the entire intelligent networked vehicle system. To enhance the security and stability of the system, it is recommended to undertake the following measures:

Fig. 18. Dynamic analysis of steady-state probability.

(1) Regular maintenance should be conducted on intelligent connected vehicles to enhance their safety.

(2) The performance of the cloud module should be improved to enhance its data processing capability.

(3) Establishing a more stable and faster data transmission channel can significantly improve the stability and efficiency of data transmission between modules.

(4) It is crucial to maintain the intelligent parking system to ensure real-time performance of data transmission.

7. Conclusions

This paper proposes a method for refinement and abstraction based on SPZN. Leveraging the advantages of randomness and abstraction inherent in SPZN, this method aims to enhance its descriptive and abstract capabilities. Depending on distinct usage scenarios and requirements, the choice between refinement and abstraction methods is provided. The abstraction method effectively addresses the issue of state explosion in Petri Net by offering a macroscopic perspective of the entire large-scale complex system. This macro-level view significantly reduces the number of places, transitions, and markings, thereby facilitating subsequent analysis and verification through formal verification methods. On the other hand, the refinement method enables a detailed analysis of local aspects of SPZN, contributing to a deeper comprehension of the underlying workflow and structure of large-scale systems. It is worth noting that the SPZN model and its refinement and abstraction methods are primarily tailored to a single agent in an intelligent networked vehicle, lacking an in-depth exploration of multiple identical agents.

Additionally, this paper introduces a novel approach for determining transition implementation rates. This approach combines interval averaging with the expert system and employs a weighted average method. Compared to alternative methods, this approach is characterized by its simplicity, making it applicable in situations where there is a significant disparity in professional expertise among experts, and their opinions do not fully overlap. However, the presented method has its limitations. Firstly, expert systems rely on expert knowledge, and the accuracy of these systems is contingent upon the knowledge and rules provided by experts. The subjective nature of the weighted average method introduces variability, and different weight assignments may yield disparate results. Furthermore, expert systems lack adaptability to new changes; when the scene changes, the expert system may struggle to provide accurate solutions.

In conclusion, future work will focus on optimizing the SPZN model, refining its abstraction methods, and exploring the applicability of this approach in diverse scenarios and for various usage requirements. Concurrently, research into collaborative control of intelligent networked vehicles will be a pivotal area of investigation.