On reachability graphs of Petri nets

Computers and Electrical Engineering 29 (2003) 263–272 www.elsevier.com/locate/compeleceng

On reachability graphs of Petri nets Xinming Ye a, Jiantao Zhou a, Xiaoyu Song

b,*

a

b

College of Computer Science, Inner Mongolia University, Hohhot 010021, China Department of ECE, Portland State University, P.O. Box 751, Portland, OR 97207-0751, USA Received 1 December 2000; accepted 9 April 2001

Abstract Petri net is a powerful tool for system analysis and design. Several techniques have been developed for the analysis of Petri nets, such as reachability trees, matrix equations and reachability graphs. This article presents a novel approach to constructing a reachability graph, and discusses the application of the reachability graph to Petri nets analysis. Ó 2003 Elsevier Science Ltd. All rights reserved. Keywords: Petri net; Reachability tree; Reachability graph; Safeness; Boundedness; Conservation; Liveness; Reachability; Coverability

1. Introduction Petri nets (PNs) are graphical and mathematical modeling tools suitable for the modeling of discrete events systems, asynchronous systems, concurrency, distribution, nondeterminism, conflicts, resource sharing, deadlocks, and mutual exclusions [1,2,4]. PNs are very useful tools for analyzing the modeled system for quantitative properties such as reachability, boundedness, liveness, coverability, fairness, and firing sequences [5]. Among the above properties, liveness is one of the most important. Liveness implies freedom from deadlocks, which may significantly increase the operating cost of the system. Several techniques have been developed for the analysis of PNs, but many problems are still open [4]. Traditionally reachability trees are state space models and powerful tools of PNs for checking many qualitative properties such as safeness and boundedness. However, this technique is most effective when the net is known to be bounded [3]. In other words, using reachability trees

*

Corresponding author. Tel.: +1-503-725-5398; fax: +1-503-725-3807. E-mail address: [email protected] (X. Song).

0045-7906/03/$ - see front matter Ó 2003 Elsevier Science Ltd. All rights reserved. PII: S 0 0 4 5 - 7 9 0 6 ( 0 1 ) 0 0 0 3 4 - 9

264

X. Ye et al. / Computers and Electrical Engineering 29 (2003) 263–272

some properties can be verified for bounded nets, but cannot be analyzed for unbounded nets. In particular, when analyzing unbounded nets for liveness, the technique fails due to the information loss resulting from the introduction of the symbol ‘‘x’’ (potential infinity), for retaining the tree finite [1]. In this paper, a novel representation, called reachability graph, of PNs is proposed to analyze qualitative properties such as liveness. The reachability graph of a PN shows its superior performance than the reachability tree. The rest of the paper is organized as follows. Section 2 introduces the basic concepts of PNs related to the proposed method. Section 3 presents the reachability graphs. Section 4 proposes an algorithm to construct a reachability graph. In Section 4, the analysis of PNs is discussed. Finally, concluding remarks are given in Section 5. 2. Definitions and problems Definition 2.1 (PN). A PN is a five-tuple PNðP ; T ; F ; W ; M0 Þ such that P ¼ fp1 ; p2 ; . . . ; pm g is a finite set of places, T ¼ ft1 ; t2 ; . . . ; tn g is a finite set of transitions, F  ðP  T Þ [ ðT  P Þ is a set of arcs, W is a weight function of arcs: F ! f1; 2; 3; . . .g; M0 : P ! f0; 1; 2; 3; . . .g is initial marking, where P \ T ¼ £, P [ T 6¼ £: In Fig. 1, a PN is shown where p1 , p2 , p3 , p4 are places; t1 , t2 , t3 are transitions, wðt2 ; p2 Þ ¼ 2 is the weight for arc ðt2 ; p2 Þ and the weights of the other arcs not labeled by numbers are 1. Definition 2.2 (Pre-set, post-set).

x ¼ fy j y 2 P [ T and ðy; xÞ 2 F g is pre-set;

x ¼ fy j y 2 P [ T and ðx; yÞ 2 F g is post-set: Definition 2.3 (Firing rule). Let MðpÞ be the number of tokens in place p. For t 2 T , (i) t is enable under the marking M, denoted by M ½ti, if and only if 8p 2 t : MðpÞ P wðp; tÞ, where wðp; tÞ is the weight of the arc from p to t;

Fig. 1. A Petri net.

X. Ye et al. / Computers and Electrical Engineering 29 (2003) 263–272

265

(ii) if t is enable under the marking M, then t can be fired, the marking M 0 is obtained from marking M by firing the transition t, denoted by M ½tiM 0 : 8 < MðpÞ þ wðp; tÞ p 2 t  t; M 0 ðpÞ ¼ MðpÞ  wðp; tÞ p 2 t  t ; : MðpÞ otherwise: In terms of the firing rule, enable transitions are fired, dynamic features of a PN can be reflected. Definition 2.4 (Dead marking). A dead marking M 2 M0 ½ i is called a dead marking, if 8t 2 T : M½t P. Under this marking, no transition can be fired. Let M0 ½ i denote the reachable set of markings from M0 : Let M1 and M2 be two markings. Definition 2.5. M1 ¼ M2 if 8p 2 P : M1 ðpÞ ¼ M2 ðpÞ. The number of tokens in any place under the two markings are equal. Definition 2.6. M1 > M2 if 8p 2 P : M1 ðpÞ P M2 ðpÞ and 9q 2 P : M1 ðqÞ > M2 ðqÞ. The number of tokens in some places under marking M1 are bigger than those under marking M2 , and the numbers of tokens in other places under M1 and M2 are equal. Definition 2.7. M1 < M2 if 8p 2 P : M1 ðpÞ 6 M2 ðpÞ and 9q 2 P : M1 ðqÞ < M2 ðqÞ. The number of tokens in some places under marking M1 are smaller than those under marking M2 , and the numbers of tokens in other places under M1 and M2 are equal. In the following, we define some important properties using PNs. Definition 2.8 (Safeness). A place p 2 P of a PN, PNðP ; T ; F ; W ; M0 Þ is safe if 8M 2 M0 ½ i : MðpÞ 6 1. A PN is safe if each place in the net is safe. Definition 2.9 (Boundedness). A place p 2 P of a PN, PNðP ; T ; F ; W ; M0 Þ is k-bounded (k-safe) if 8M 2 M0 ½ i : MðpÞ 6 k. Definition 2.10 (Conservation). P P (i) A PN PNðP ; T ; F ; W ; M0 Þ is strictly conservative if 8M 2 MP 0½ i : 8p2P MðpÞ P ¼ 8p2P M0 ðpÞ: (ii) A PN PNðP ; T ; F ; W ; M0 Þ is conservative if 8M 2 M0 ½ i, i wi Mðpi Þ ¼ i wi M0 ðpi Þ, where W ¼ ðw1 ; w2 ; . . . ; wn Þ, and w1 ; w2 ; . . . ; wn are the weights. Definition 2.11 (Liveness). A PN PNðP ; T ; F ; W ; M0 Þ is live if there is no deadlock in PN. Given a PN PNðP ; T ; F ; W ; M0 Þ and a marking M, the reachability problem is to determine if M 2 M0 ½ i. Given a PN PNðP ; T ; F ; W ; M0 Þ and a marking M, the coverability problem is to determine if there is a reachable marking M 0 2 M0 ½ i such that M 0 P M?

266

X. Ye et al. / Computers and Electrical Engineering 29 (2003) 263–272

Fig. 2. The reachability tree and graph for the example in Fig. 1.

A reachability tree is constructed as follows. Given a PN, from the initial marking M0 , generate ‘‘new’’ markings for the enabled transitions. Following the same principle, from each new marking, more markings can be generated until repeated nodes are encountered along a path from M0 (‘‘old’’) or no transitions are enabled (‘‘dead-end’’). A node in a reachability tree represents a marking, or a set of markings if the net is unbounded, generated from M0 (the root). Each arc represents the firing of a transition, which transforms one marking to another. To retain the tree finite, special symbol x is introduced, which can be viewed as ‘‘infinity’’. It has the properties that for each integer n, x > n, x  n ¼ x, and x P x. The reachability tree of the PN of Fig. 1 is shown in Fig. 2(a). In the reachability tree, a node with an x entry may represent an infinite set of markings when all possible values of x are taken into account. Therefore, for each marking in the set, not necessarily all transitions on the output arcs of the node can be enabled. This is the reason why the reachability tree alone cannot analyze properties like liveness.

3. Reachability graphs A graph G ¼ hV ; Ei consists of a nonempty set of vertices V and a set of edges E. If the edges are ordered pairs ðv; wÞ of vertices, then the graph is said to be directed; v is called the tail and w the head of the arc ðv; wÞ. A directed graph G is finite if V and E are finite. A reachability graph of a PN is a directed graph G ¼ ðV ; EÞ, where v 2 V represents a class of reachable markings; e 2 E represents a directed arc from a class of markings to the other class of markings. An example is shown in Fig. 2(b). A reachability graph is also called occurrence graph or state space. The reachability graph demonstrates a better performance than the reachability tree. Although a PN is finite, the set of its reachable markings is not always finite. For instance, when a PN is not safe or bounded, its number of tokens can be infinite, thus the set of reachable markings being infinite. In a reachability graph, a (likely infinite) class of nodes can be abstracted as a node in order to obtain a finite representation of the reachability graph. Furthermore, the marking abstraction

X. Ye et al. / Computers and Electrical Engineering 29 (2003) 263–272

267

Fig. 3. Another PN and its reachability graph.

process used consistent denotations, i.e. the increasing or decreasing number of tokens in a marking, denoted by weight  n. The obtained reachability graph is unique. Reachability graphs are more accurate than reachability trees. For example, the reachability tree of the PN of Fig. 1 shown in Fig. 2(a) is the same as that of the PN of Fig. 3(a), where the PN is the same as that of Fig. 1 except the weight 2 on the transition from t2 to p2 . The marking ð1; 5; 0; 1Þ is reachable in the PN of Fig. 3(a), but not reachable in that of Fig. 1. The reachability tree cannot distinguish these cases because of the abstraction ‘‘x’’. Instead, the reachability graph retains the appropriate level of abstraction by using the weight on the arcs. In the reachability graph in Fig. 2(b), the node ð1; 2  n; 0; 1Þ implies that ð1; 5; 0; 1Þ is not a reachable marking in the PN in Fig. 1.

4. Construction of reachability graph We present an effective algorithm to construct a reachability graph G of a PN PNðP ; T ; F ; W ; M0 Þ. The basic idea is described as follows. We start with the initial marking M0 . Let M be the current marking and each enable transition t under M be fired. Construct the graph in terms of the resulting marking M 0 . If M 0 equals a certain marking in the reachability graph, then we draw an arc from M to the existing marking. If M 0 is bigger (or smaller) than an existing marking in the reachability graph, the increase (or decrease) of M 0 is determined in terms of the weights of related arcs. The increased (or decreased) numbers of tokens in some places are denoted in the form of weight  n, where n is a natural number. The process is called the marking abstraction process. If M 0 is different from any other existing marking, then M 0 is a new marking, and an arc from M to M 0 is introduced in the graph. When there is no transition enabled, or no new marking can be obtained by firing any enable transition, the procedure terminates. A terminal node is a dead marking node without successors. A duplicate node is a node whose marking is identical to the marking of some existing nodes. Let nodeðMÞ denote the node with the corresponding marking M in a reachability graph. Let createðMÞ represent the action of creating a node with marking M. M1 ! M2 represents marking M2 obtained from marking M1 by firing

268

X. Ye et al. / Computers and Electrical Engineering 29 (2003) 263–272

transition t, denoted by an arc from marking M1 to marking M2 in the reachability graph. Let isdeadðMÞ be a function which gives one if M is a dead marking and zero otherwise. The formal description of the algorithm is given as follows. Algorithm 4.1 (Construction of the reachability graph of a PN). (1) The initial marking M0 ; createðM0 Þ; Mset ¼ £; ðMset is a finite set of markingsÞ (2) Let the current node be nodeðMÞ: for each t 2 ft j M½ti; t 2 T g: fM½tiM 0 ; if ðMset ¼ £Þ // processing initial case then {createðM 0 Þ; nodeðMÞ ! t ! nodeðM 0 Þ; Mset ¼ fM 0 g; g else ffor each Mk 2 Mset : if ðM 0 ¼ Mk Þ // processing duplicated nodes then nodeðMÞ ! t ! nodeðMk Þ; if ðM 0 ¼ M0 Þ then nodeðMÞ ! t ! nodeðM0 Þ; else if ðM 0 > Mk Þ // processing bigger nodes then bigger( ); // Algorithm 4.2 else if ðM 0 < Mk Þ // processing smaller nodes then smaller( ); // Algorithm 4.3 else fcreateðM 0 Þ; // processing new nodes nodeðMÞ ! t ! nodeðM 0 Þ; Mset ¼ Mset [ fM 0 g; g gg Algorithm 4.2. (bigger( )) bigger( ) fMset ¼ Mset  fMk g; if ð t  t Þ then for each M 0 ðpi Þ > Mk ðpi Þ : f dis ¼ wðt; pi Þ  wðpi ; tÞ; (1) Mk ðpi Þ doesnt contain n: if ððM 0 ðpi Þ  Mk ðpi ÞÞ mod dis ¼ 0Þ then fM 0 ðpi Þ ¼ dis  n; Mk ðpi Þ ¼ dis  n; g (2) Mk ðpi Þ contains n: if ððM 0 ðpi Þ  Mk ðpi ÞÞ mod dis ¼ 0Þ

X. Ye et al. / Computers and Electrical Engineering 29 (2003) 263–272

269

then M 0 ðpi Þ ¼ Mk ðpi Þ;

g if ðM 0 ¼ Mk Þ then nodeðMk Þ ! t ! nodeðMk Þ; else fcreateðM 0 Þ; nodeðMÞ ! t ! nodeðM 0 Þ; Mset ¼ Mset [ fM 0 g; g Mset ¼ Mset [ fMk g; g Algorithm 4.3. (smaller( )) smaller( ) fifð t  t Þ then ffor each M 0 ðpi Þ < Mk ðpi Þ : f dis ¼ wðpi ; tÞ  wðt; pi Þ; if Mk ðpi Þ contains n: fif ððMk ðpi Þ  M 0 ðpi ÞÞ mod dis ¼ 0Þ then M 0 ðpi Þ ¼ Mk ðpi Þ; let n ¼ 1: M 00 ðpi Þ ¼ Mk ðpi Þ; if ðM 00 ðpi Þ > disÞ then M 00 ðpi Þ ¼ M 00 ðpi Þ  dis; gg if ðisdeadðM 00 ÞÞ then f createðM 00 Þ; nodeðMÞ ! t ! nodeðM 00 Þ; Mset ¼ ðMset [ fM 00 Þ; g if ððM 00 2 Mset Þ or ðM 00 ¼ M0 ÞÞ then node ðMÞ ! t ! nodeðM 00 Þ; if ðM 0 ¼ Mk Þ then nodeðMk Þ ! t ! nodeðMk Þ; g elsef create ðnodeðM 0 ÞÞ; nodeðMÞ ! t ! nodeðM 0 Þ; Mset ¼ Mset [ fM 0 Þ; g g Consider the construction of the PN in Fig. 4(b) by using the above algorithms. All steps are shown in Table 1. For instance, if the initial marking is ð1; 0; 0Þ, there is only one possible firing

270

X. Ye et al. / Computers and Electrical Engineering 29 (2003) 263–272

Fig. 4. (a) A Petri net without deadlock. (b) A Petri net with deadlock. (c) Their reachability tree.

Table 1 The steps of constructing the PN for Fig. 4(b) Current node ðMÞ

Enable transition Mset ðtÞ

(1, (1, (1, (0, (0, (1, (1, (0, (0,

t1 t1 t2 t3 t4 t1 t2 t3 t4

0, 0, 0, 1, 1, 0, 0, 1, 1,

0) 2) 2n) 2n) 2n) 2n  1) 2n  1) 2n  1) 2n  1)

(1, (1, (1, (1, (1, (1, (1, (1, (1,

0, 0, 0, 0, 0, 0, 0, 0, 0,

Next marking ðM 0 Þ 2) 2n) 2n), 2n), 2n), 2n), 2n), 2n), 2n),

(0, (0, (0, (0, (0, (0, (0,

1, 1, 1, 1, 1, 1, 1,

2n) 2n), 2n), 2n), 2n), 2n), 2n),

(0, (0, (0, (0, (0, (0,

1, 1, 1, 1, 1, 1,

0) 0), 0), 0), 0), 0),

(1, (1, (1, (1, (1,

0, 0, 0, 0, 0,

(1, 0, 2) (1, 0, 4) (0, 1, 2n) (0, 1, 2n) (0, 1, 0) 2n  1) (1, 0, 2n  1) 2n  1) (1, 0, 2n  1) 2n  1), (0, 1, 2n  1) (0, 1, 2n  1) 2n  1), (0, 1, 2n  1) (0, 1, 2n  1) 2n  1), (0, 1, 2n  1) (1, 0, 2n), (1, 0, 0)

transition t1 , the marking obtained is ð1; 0; 2Þ. Moreover, t1 can be fired repeatedly, increasing by two. Thus, it is abstracted as marking ð1; 0; 2nÞ. The reachability graph constructed by the proposed algorithm is unique. As the constructed reachability graph contains all reachable markings, and abstracts a class of markings which have common features as a unique notation. 5. Petri net analysis using reachability graphs 5.1. Safeness and boundedness A PN is safe if all places in the net are safe, i.e. the number of tokens in each place never exceeds one. This can be checked easily since each reachable marking is explicitly retained in the nodes of the reachability graph.

X. Ye et al. / Computers and Electrical Engineering 29 (2003) 263–272

271

The boundedness of a PN can be determined by checking that n ðn ¼ 1; 2; 3; . . .Þ does not exist in any marking on the nodes of the reachability graph. 5.2. Conservation A PN is conservative if its tokens are neither created nor destroyed. If n exists in a reachability graph, then the weight w of each relative arc should be considered. If w equals 0, the PN is conservative, otherwise the PN is not conservative. If there is no n in the reachability graph, then for each reachable marking M, the following equation is considered: w1 Mðp1 Þ þ w2 Mðp2 Þ þ    þ wm Mðpm Þ ¼ K, where K is a constant, K ¼ w1 M0 ðp1 Þ þ w2 M0 ðp2 Þ þ    þ wm M0 ðpm Þ. If the equation stands, the PN is conservative. 5.3. Reachability and coverability The reachability problem is to decide if a given marking M belongs to the set M0 ½ i or not. We examine the nodes in the graph one by one to find the node which includes the marking that equals M or contains M. For instance, in Fig. 2(b), the marking ð1; 6; 0; 1Þ is reachable, since the node ð1; 2  n; 0; 1Þ contains ð1; 6; 0; 1Þ, where n is a natural number. It is easy to see that the marking ð1; 6; 0; 1Þ is reached after the transitions t3 , t2 , t3 , t2 , t3 , from the initial marking. For the coverability problem we want to determine, for a given marking M, if a marking M 0 belongs to the set M½ i or not. Because of the resolution of the reachability problem, the coverability problem can be solved easily. 5.4. Liveness A PN is live if there is no deadlock in it. A marking is a dead marking if a PN is deadlocked. A PN may have a deadlock even if there is a terminal node in its reachability graph. For example, the node ð1; 2  n; 0; 0Þ is a terminal node in Fig. 2(b), so the PN in Fig. 1 may be

Fig. 5. The reachability graphs of Fig. 4(a) and (b).

272

X. Ye et al. / Computers and Electrical Engineering 29 (2003) 263–272

deadlocked. For the example shown in Fig. 4(a), their is no deadlock in the PN, however, there is no terminal node in the reachability graph. We can use reachability graph to solve efficiently the liveness problem In a reachability tree, there are two kinds of nodes without successors: terminal and frontier nodes, while in a reachability graph, their is only one kind of nodes without successors: terminal node. If you find a node has no successor, it is a terminal node, the PN must be deadlocked; otherwise, the PN is live at any time. From a reachability tree, it is impossible to determine if its corresponding PN has deadlocks. For instance, Fig. 4(a) has no deadlock while Fig. 4(b) has a deadlock, but they have the same reachability tree. However, if we consider their corresponding reachability graphs (Fig. 5), it is easy to draw the conclusion.

6. Conclusions We presented an effective approach to constructing the reachability graph of a Petri net (PN). The proposed algorithm can be incorporated into the decomposition analysis methodology in order to facilitate the analysis of large systems and alleviate the state space explosion problem, where the set of reachable markings may increase exponentially with the size of the model and the magnitude of the initial markings. The reachability graph constructed by the proposed algorithm is unique. Further research is directed to the open problems in reachability graph of colored PNs [6,7].

References [1] [2] [3] [4] [5] [6] [7]

Karp R, Miler R. Parallel program schemata. J Comput Syst Sci 1969;3:147–95. Murata T. Petri nets: properties, analysis and applications. Proc IEEE 1989;77:541–80. Mayr EW. An algorithm for the general Petri net reachability problem. SIAM J Comput 1984;13:441–60. Peterson JL. Petri net theory and the modeling of systems. Englewood Cliffs, NJ: Prentice-Hall; 1981. Zurawski R, Zhou MC. Petri nets and industrial applications: a tutorial. IEEE Trans Ind Electron 1994;41:567–83. Yang G. The coverability tree of a Petri net in W I N D O W S . Comput Applicat Res 3 (1996) 19–21. Jensen K. Condensed state space for symmetrical colored Petri nets. Formal methods in system design, vol. 9, 1996, pp. 7–40.