Parameterized Reachability Trees for Algebraic Petri Nets

Transcription

1 Parameterized Reachability Trees for Algebraic Petri Nets Karsten Schmidt Humboldt Universität zu Berlin, Institut für Informatik Unter den Linden 6, Berlin keywords: nets, analysis of higher level net models Abstract This paper is concerned with parameterized reachability trees, which have been proposed by M. Lindquist for predicate/transition nets. We discuss the application of this concept to algebraic nets. For this purpose a slight modification of several definitions is necessary due to the different net descriptions, transition rules and theoretical backgrounds. That s why we present the whole concept from the bottom for algebraic nets. The work related to this research is supported by the Deutsche Forschungsgemeinschaft within SFB Introduction The main idea of higher level Petri net models is to distinguish the control and data flow of a system from data representations, which usually appear as net inscriptions. This way small and descriptive models can be derived even for complex systems. There are two important classes of formalisms for the analysis of such a model. The first one deals with the translation of the model into a low level net (that is, a place/transition net or a condition/event net). This way all the analysis methods which have been developed for these net classes can be established for higher level nets, too. Unfortunately this approach fails in most cases where the domains of the involved data are infinite, since an equivalent low level representation in this case usually does not exist. Using the second class of formalisms, one deals with a symbolic manipulation of the net inscriptions. This way one tries to avoid the necessity to regard all the infinitely many imaginable values of the data involved in the system. A well known representative of this group is doubtless the invariant method ([Jen81], [Rei91],[Sch94]). Apart from this, symbolic methods can be established for other formalisms as well, even for reachability analysis. In [Lin89] a formalism based on symbolic computations has been presented to derive a reduced representation of the reachability graph for predicate/transition nets. The aim of this paper is to apply this formalism to algebraic Petri nets ([Rei91]). Though the main ideas are completely the same as for predicate/transition nets, one has to pay attention to the differences between the two net classes, which force several modifications of details involved in the calculus. Among other things there are for instance different transition rules (due to the safe interpretation of predicate/transition nets), different formalisms behind the data representations and a different distribution of the data description between transitions and arcs. Therefore some notations and even some of the concepts which have been introduced in [Lin89] have to be modified. For this reason we present the whole story from the bottom for algebraic nets. Parameterized reachability trees are folded representations of the usual reachability graphs, that is, they contain the complete information on the reachability of markings. So the method has much in common with the reduction of reachability graphs due to the equivalent marking method (cf. [Sta91], [HJJ84]), but for parameterized reachability analysis it is not necessary to perform any preprocessing, for instance to compute the net symmetries (cf. [SSt91], [Sch93]). The main idea is rather to fire transitions symbolically, that is, without explicitly fixing the occurrence mode. This firing mode is represented by a symbol a parameter only. The- 1

2 refore the successor marking is an expression which depends on this parameter. For every assignment of a permitted occurrence mode to a corresponding parameter this expression can be evaluated to a reachable marking. But since we do not perform this evaluation during the construction of the graph, we may reduce the combinatorial explosion of the state space. We will present an example which illustrates this reduction. 2 Basic Definitions First we recall some basic concepts from the theory of abstract data types. For details, please refer to [EM85]. Definition 1 (Specifications) A signature Σ = [S, Ω] consists of a set S of sorts and a family Ω = {Ω w,s } w S,s S of operation symbols. For e being the empty word, Ω e,s is the set of constant symbols of sort s. A set of Σ variables is a family X = {X s } s S of variables. The set T Ω,s (X) of (Ω, X) terms of sort s is inductively defined by 1. X s Ω e,s T Ω,s (X) and 2. for ω Ω s1 s n,s and T i T Ω,si (X), ω(t 1,,T n ) T Ω,s (X). The set T Ω,s := T Ω,s ( ) contains the ground terms of sort s, T Ω (X) := s S T Ω,s(X) is the set of Σ terms over X, and T Ω := T Ω ( ) is the set of Σ ground terms. A Σ equation of sort s over X is a pair [L, R] of terms L, R T Ω,s (X). A specification D = [Σ, E] consists of a signature Σ and a set E of Σ equations. Definition 2 (Algebras) A Σ algebra A = [S A, Ω A ] consists of a family S A = {s A } s S of domains and a set Ω A = {ω A ω Ω} of operations, where ω A : s 1A s na s A for ω Ω s1 s n,s. The elements ω A for ω Ω e,s can be identified with elements of s A. An assignment is a family α = {α s } s S of mappings α s : X s s A. An evaluation according to an assignment α is a family of mappings {α # s } s S with α # s : T Ω,s (X) s A which is defined inductively by 1. α # s (x) := α s (x) for x X s, and 2. α # s (ω(t 1,, T n )) := ω A (α # s 1 (T 1 ),, α # s n (T n )) for ω Ω s1 s n,s. For ground terms T T Ω,s we define the value of T in A # A (T) := α # s (T) for an arbitrary assignment α (the value is actually not dependent on α, since ground terms do not contain variables). A Σ equation [L, R] is valid in a Σ algebra A iff for all assignments α, α # (L) = α # (R). For a specification D = [Σ, E] the Σ algebra A is a D algebra ( or a model of D) iff all the equations in E are valid in A. Definition 3 (Substitutions) Let X and Y be two sets of Σ variables. A substitution X is an assignment σ : X T Ω (Y ), (X s T Ω,s (Y )). A ground substitution is a substitution σ : X T Ω. An injective substitution σ : X Y is called renaming. For a term T and a substitution σ the term σ(t) (often written as Tσ) results from simultaneously replacing the variables in T by their corresponding σ values. Definition 4 (Term Equivalence) Two terms T 1 and T 2 are equivalent according to a specification D = [Σ, E] (T 1 E T 2 ) iff for all D algebras A and all assignments α in A, α # A (T 1) = α # A (T 2). E is an equivalence relation on T Ω (X). It is actually a congruence relation, i.e. T 1 E T 2 implies T 1 σ E T 2 σ for arbitrary substitutions σ. With [T] E we denote the equivalence class of the term T according to the relation E. Definition 5 (Initial Algebra) Let D = [Σ, E] be a specification. The initial algebra I of D consists of the domains s I := {[T] E T T Ω,s } and the operations ω I with ω I ([T 1 ] E,, [T n ] E ) := [ω(t 1,, T n )] E. Due to the properties of the relation E the initial algebra is a model of D. Furthermore it satisfies the no junk property (every element of I is represented by a ground term) and the no confusion property (there are no equations valid except those which are implied by E). Though there are several models for a specification and it is very interesting to obtain results which are valid for several models, we will consider exclusively initial algebras in the sequel. Definition 6 (Multisets) For a set M, a multiset over M is a mapping from M into the integer numbers. A multiset is semipositive iff all the values are greater or equal 0. A multiset is finite iff it has finite support. The empty multiset over M, denoted by ϑ M, assigns 0 to every element of M. For an element m M, the multiset m assigns 1 to m and 0 to every other m M. The multisets µ 1 + µ 2 and µ 1 µ 2 are defined by (µ 1 + µ 2 )(m) := µ 1 (m)+µ 2 (m) and (µ 1 µ 2 )(m) := µ 1 (m) µ 2 (m). This way every finite multiset can be represented as 2

3 a formal sum of the m(m M). In such formal sums we usually write m instead of m. A multiset µ 1 is less or equal to µ 2 iff for all m M, µ 1 (m) µ 2 (m). Note, that we do without scalar multiplication of multisets. This will simplify some future considerations. For multisets of terms we have to define an alternative comparison relation, which is closer related to the relation E. Definition 7 (Multiterms) A multiterm is a multiset over a set of terms. A multiterm µ 1 represented by the formal sum µ 1 = T 1 + T m is less or equal to µ 2 = T T n with respect to the set of equations E (µ 1 E µ 2 ) iff [T 1 ] E + + [T m ] E [T 1 ] E + + [T n ] E. Definition 8 (Algebraic Petri Nets) A tuple AN = [D; P, T, F; ψ, ξ, λ; m 0 ] is an algebraic Petri net iff 1. D = [Σ, E] is a specification with Σ = [S, Ω]; 2. [P, T, F] is a net, i.e. P and T are finite and disjoint sets called places and transitions, respectively, and F is a relation F (P T) (T P), the elements of which are called arcs; 3. ψ is a sort assignment ψ : P S; 4. ξ assigns a set of Σ variables ξ(t) to each transition t T; 5. λ is the arc inscription such that for f = [p, t] or f = [t, p] in F, λ(f) is a multiterm over T Ω,ψ(p) (ξ(t)); 6. m 0 is a marking, i.e. it assigns a finite multiterm over T Ω,ψ(p) to every p P. m 0 is called the initial marking. For f / F we define λ(f) := ϑ. With t and t + we denote the P vectors defined by t (p) := λ([p, t]) and t + (p) := λ([t, p]), respectively. It is possible to interpret an algebraic Petri net according to an arbitrary model of the specification D. The result is a colored net. This way all the behavioral aspects of an algebraic net can be traced back to colored nets. Since we will restrict ourselves to the initial algebra only, we can define the transition rule of an algebraic net directly. Definition 9 (Transition Rule) Any ground substitution β of ξ(t) is an occurrence mode of transition t T. A transition t T is enabled in an occurrence mode β at a marking m iff for all p P with [p, t] F, λ([p, t])β E m(p). If t is enabled in β at m, then t may fire yielding the marking m, where for all p P, m (p) = m(p) λ([p, t])β + λ([t, p]β. We write m t,β m in this case. The set of markings reachable from a target marking m, written R AN (m ), is the smallest set of markings, which contains m and if m R AN (m ) and m t,β m for some occurrence mode β, then there is a marking in R AN (m 0 ) which is componentwise equivalent to m with respect to E. For further details according to algebraic Petri nets, please refer to [Rei91]. 3 Parameterized Markings In the introduction we mentioned that parameterized markings are expressions which involve original markings and their change by transition occurrences. These expressions can be written as multiterms of the kind < old marking > t + t +, where the t and t + contain variables which serve as the parameters for the occurrence mode (an example will be presented at the end of the paper). Unfortunately the concept of multisets is not completely sufficient to obtain sound results. Some of these problems will be considered in section 5. For the moment we should accept that we need a more expressive structure than multiterms for the description of parameterized markings. The difference we have to make is to pay attention to the order, in which we insert terms into a multiterm. For this purpose we make a more restrictive use of the concept formal sum and distinguish carefully the formal sums from multiterms. Especially we assume the entries in a formal sum to be in a fixed order which we never change during computations. This way (when we add tokens always at the right end of the sum) we preserve the knowledge about the order in which we have added the terms. We will emphasize this distinction by using the special and signs for formal sums, while we carry on using the + and signs to operate on multiterms. Definition 10 A formal sum is inductively defined by 3

4 1. The empty word is a formal sum; 2. A single term is a formal sum; 3. Given a formal sum L and and a term T, L T and L T are formal sums. Given a formal sum L = [ ]T 1 T 2 T 3 T n we say, that n is the length of L, T i is the term at position i of L, for all the terms T 1,,T i 1 we say that they appear left of T i, while all the terms T i+1,, T n appear right of T i. All the formal sums [ ]T 1 T 2 T j(j n) where every term T i (1 i j) is preceded by the same sign as in L is called prefix of L. All the terms in L which are preceded by the occur negative, the remaining ones positive. Definition 11 Let L be a formal sum and M = T 1 + +T n a semipositive multiterm. If we want to add the terms T 1,,T n to L and the order of the terms in M is of no interest, then we write L M for L T 1 T n and L M for L T 1 T n, respectively. The next definition establishes a connection between multiterms and formal sums. Definition 12 Let L be a formal sum. Then L is the multiterm which is represented by replacing the symbols and appearing in L by + and, respectively. Parameterized markings are P vectors. Every component of this vector will be a formal sum as defined above. The only restriction is that the terms appearing in the component p of course have to respect the sort ψ(p). Definition 13 A parameterized marking is a P vector of formal sums, where the formal sum belonging to a place p consists only of terms which are contained in T Ω,ψ(p) (X). To be able to handle parameterized markings correctly, we have to specify their meaning. For this purpose we consider the set of all those markings, which arise from fixing the parameters. Naturally we consider only those fixings which lead to sound markings, that is semipositive multisets in every component. Unfortunately this restriction is not sufficient to obtain a useful interpretation of parameterized markings in every case. Instead we require, that not only the formal sums in a parameterized marking describe semipositive multiterms, but also all their prefixes. As mentioned above, the reasons for this additional requirement will be taken up in section 5. Definition 14 Let M be a parameterized marking. UNFOLD(M) is the set of all P vectors m for which a ground substitution σ of the variables occurring in M exists such that for all places p it holds m(p) = M(p)σ and all prefixes L of M(p) satisfy Lσ E ϑ. Since especially all the M(p)σ have to be non negative multiterms, UNFOLD(M) is a sound set of markings. Example. Consider the vector M = (a b x c, a b c x, x) where a, b, c are assumed to be constant symbols while x stands for a variable. UNFOLD(M) consists of (a + c, a + c, b) and (b + c, b + c, a), while (a + b, a + b, c) is not in UNFOLD(M), since for x instantiated to c the prefix a b x of the first component of M does not stand for a semipositive multiterm. 4 Operations on Parameterized Markings This section is concerned with operations we will apply to parameterized markings during the construction or interpretation of a parameterized reachability tree. In order to translate the idea of symbolic computation into action, all these operations should be based on syntactical operations, such as unification, and they should work without unfolding a parameterized marking into a set of real markings. At least any complete unfolding should be avoided. Before starting, we present a characterization for UNFOLD(M) which is more suitable for the operations considered in the sequel. Normally, when one wants to instantiate a multiterm in such a way, that the instance becomes semipositive, one looks for terms occurring with negative multiplicity and tries to find corresponding terms with positive multiplicity such that these two terms cancel each other out. Thereby one instantiates the multiterm step by step, since one has to unify the terms before cancelling them out. Trying all possible ways to assign 4

5 negative entries to unifiable positive ones and cancelling them out one finds successively all semipositive instances of the target multiterm. The situation for unfoldings seems to be much more complicated, since not only the multiterm represented by the whole formal sum has to be semipositive, but also all multiterms corresponding to its prefixes. The following theorem states, that in principle the same procedure as explained above can be applied to find the elements of UNFOLD(M), with only one difference, namely that we look for positive counterparts of a negative term T only left of its appearance in a formal sum. Theorem 1 Let M be a parameterized marking. UNFOLD(M) is the set of all those markings m for which there is a ground substitution σ of the variables appearing in M and for all places p it holds 1. there is an injective mapping ϕ p from the negative terms appearing in M(p) to the positive terms appearing in M(p) such that for every term T appearing negative in M(p) it holds 1.1. ϕ p (T) appears left of T and 1.2. Tσ E ϕ p (T)σ, 2. for every place p, M(p)σ E m(p). We skip the quite technical proof. Example. Consider the same vector as in the previous example M = (a b x c, a b c x, x) In the first component we may map x either to a or to b. Mapping x to a we have to instantiate x to a. Therefore we have to map x to a in the second component, too. The third component does not inherit any restrictions, and therefore M[x a] = (b+c, b+c, a) is contained in UNFOLD(M) as well as (a + c, a + c, b) which we obtain by mapping x to b in both the first and second component. In contrary we are not allowed to map x to c in the first component, since c appears right of x. Doing that nevertheless, we would obtain the wrong marking (a + b, a + b, c) With the help of this theorem several operations on parameterized markings can be performed. Emptiness of UNFOLD(M). The first operation on parameterized markings we will need in the sequel is the test whether or not there are markings contained in the unfolding of a target marking M. This test can be derived immediately from theorem 1. Let M be a parameterized marking. It holds UNFOLD(M) = iff there is an (arbitrary!) substitution σ for the variables appearing in M and for all places p there is an injective mapping ϕ p from the terms appearing negative in M(p) to the terms appearing positive in M(p) such that for all negative terms T it holds 1. ϕ p (T) appears left of T and 2. Tσ E ϕ p (T)σ Given a family of mappings ϕ p, the question whether σ exists, corresponds to the question of the existence of solutions for the E unification problem {T? E ϕ p(t) p P, T appearing negative in M(p)}. Therefore, to check UNFOLD(M) = we have to try successively all the possible combinations for the ϕ p and for every such combination we have to solve the above unification problem until either we get a solution of one of the problems or the unification problems for all possible fixings of the ϕ p turn out to be inconsistent. This implementation of the considered problem makes sense only for specifications with a finitary equation theory. Furthermore it requires a unification algorithm, which is able to decide the unifiability of a given unification problem. Currently most of the universal E unification tools do only enumerate the solutions of a given problem. Therefore the use of parameterized reachability analysis depends considerably on the specification, especially on the set of equations. Actually the considered operation might be seen as an unfolding of the parameterized marking. But on one hand we can stop trying all the combinations when the first solution has been found, and on the other hand this solution might be a substitution which contains variables, and therefore a pattern for many elements of the unfolding of the parameterized marking. Thus the test for U N F OLD(M) = is at most a partial unfolding. Markings contained in UNFOLD(M). A marking is contained in the unfolding of a parameterized marking iff it can be instantiated in such a way, that 5

6 1. every negative term can be cancelled out by some positive term and 2. the remaining positive terms are equivalent to the target marking. For this reason a marking m is contained in U N F OLD(M) for a parameterized marking M iff 1. The cardinality of M equals the cardinality of m (that is, the number of positive entries in M minus the number of negative entries in M equals the number of entries in m), and 2. UNFOLD(M m). This way we have traced back the problem to the one discussed above. Inclusion of Unfoldings. For the construction of a reachability tree it is necessary to detect, whether the unfolding of a parameterized marking is included in the unfolding of another one. If it turns out, that the unfolding of a node is covered by another one, then we do not need to compute the successors of a node in the parameterized reachability tree. Currently no syntactical criterion is known, which is both necessary and sufficient for the containment of two unfoldings of parameterized markings. In principle it is enough to have some sufficient conditions for containment. If we do not detect the containment of two unfoldings, we will have more nodes in our graph, (in the worst case infinitely many, where finitely many would be enough), but the redundant nodes have no influence on the reachability problem. That is, the quality of the criteria has a noticeable effect on the feasibility of the method, but not on its correctness. In the sequel we will present a sufficient condition and an efficient necessary condition to exclude nodes from the costly containment test. We hope, that experience with implementations of the parameterized marking method will lead to better and faster criteria. The idea of the sufficient condition is simply based on the well known fact that every marking which we can obtain from an instance of a parameterized marking, we can obtain from the marking itself, too. Theorem 2 Let M and M be two parameterized markings. If there is a substitution σ such that M E Mσ, then it holds UNFOLD(M ) UNFOLD(M). Considering the example application at the end of this paper, we find out, that usually the above condition, applied without additional arguments, is not strong enough to prove containment. Therefore we have to complete this condition with a certain number of rules. Up to now these rules are not sufficiently formalized and that s why we leave this problem to future work. The concluding example will show, how such rules should look like. The necessary condition is based on the observation that all the markings in the unfolding of a parameterized marking have a common property, namely the number of tokens on every place. This number can be obtained by counting the positive and negative entries in the formal sums of a parameterized marking. This way for a lot of parameterized markings the consideration of sufficient conditions may be skipped. 5 Transition Occurrences When we want to build a reachability tree, we have to establish a reachability relation between different parameterized markings. This reachability relation should be based on transition occurrences. Since parameterized markings stand for sets of real markings, the relation to be established should be compatible to the reachability relation for real markings. On the other hand the central idea of parameterized reachability analysis is not to fix the occurrence modes. Therefore the arc inscriptions of a tree we are looking for will be whole transitions. A reasonable reachability relation between parameterized markings will be the following: A parameterized marking M is reachable from another one M via transition t iff UNFOLD(M ) contains exactly those markings m such that a m UNFOLD(M) and an occurrence mode β for t exist with m t,β m. Fortunately this parameterized successor marking of a parameterized marking M with respect to a transition t can be expressed without any problems. Theorem 3 Let M be a parameterized marking and t be a transition. Let τ be a renaming of the variables in ξ(t) such that none of the images of τ appears in any term of M. Then it holds UNFOLD(M t τ t + τ) = {m m β : m UNFOLD(M) m t,β m }. Proof. First we assume, that m and β exist such that m t,β m and will show, that m 6

7 UNFOLD(M t τ t + τ). Since m UNFOLD(M), there exists a substitution σ such that all prefixes of Mσ are semipositive. Consider (M t τ t + τ)σ for the substitution σ which we define as { σ σ(x), x appears in M (x) = β(τ 1 (x)), x appears in τ(ξ(t)) Obviously, all prefixes of M t τ t + τ which are already prefixes of M, yield a semipositive multiterm, due to the choice of σ. All prefixes, which contain additionally terms of t τ are semipositive, since t has concession in β at m and therefore even (M t τ)σ = m t β is semipositive. The terms of t + τ do not cause any restrictions of the semipositivity and therefore all the prefixes of (M t τ t + τ)σ are semipositive. Finally, (M t τ t + τ)σ = Mσ t β + t + β = m and therefore m UNFOLD(M t τ t + τ). For the reverse direction assume, that m UNFOLD(M t τ t + τ). We have to show the existence of a m UNFOLD(M) and a β such that m t,β m. According to the assumption there is a σ such that all the prefixes of (M t τ t + τ)σ are semipositive. Among these prefixes there are especially all the prefixes of Mσ and (M t τ)σ. Therefore we can immediately conclude for σ := σ Variables in M and β := σ τ(ξ(t)) τ 1 : 1. m := Mσ (= Mσ) is contained in UNFOLD(M) 2. t has concession in β at m (since m t β ϑ) 3. m t β + t + β = Mσ t β + t + β = (M t τ t + τ)σ = m. There are some remarks concerning this theorem. First, the renaming τ of the variables in ξ(t) is nothing but the introduction of a new set of parameters for the occurrence mode. Second, as promised in section 3, we have to justify that we use formal sums for parameterized markings rather than multiterms. For this purpose consider the net in figure 1. The marking described in this figure is (a b, a b c, ϑ). t 1 has concession at this marking in the two modes [x a] and [x b]. The parameterized successor marking is (a b x c, a b c x, x). The unfolding of this marking consists of (a +c, a + c, b) p 1 a+b x c t 1 x a+b+c p 2 x p 3 Figure 1: A serious problem to be solved by the unfolding procedure and (b + c, b + c, a), exactly the results of firing t 1 in the two stated modes, respectively. If we would interpret the successor marking as a multiterm without respect to the prefixes, we would obtain a third marking, namely by fixing x to c. The result is (a + b, a + b, c), which is obviously an unreachable marking. The reason for this divergence is, that in the first component a + b x + c we cancel out the x which represents the occurrence mode in which t 1 fires, and the term c which appears at the place as a result of just this firing, that is, after the token x is standing for has to be removed. Therefore the unfolding without respect to the prefixes is too weak to preserve reachability in the unfoldings of successor markings, while the presented definition for the unfolding of a parameterized marking is strong enough for this purpose. Using the correct unfold rule the non reachable marking is excluded successfully, since instantiating x to c would cause the prefix a b x of the first component of the parameterized successor marking to be not semipositive. This prefix belongs to the prefixes of M t τ which are especially responsible for restricting the parameters of the fired transition t to those occurrence modes, in which it has concession. In the proof of theorem 3 we argued with these prefixes. As a third remark to theorem 3 we should compare the parameterized marking method for algebraic nets with the one for predicate/transition nets. One of the most important differences between algebraic nets and predicate/transition nets concerns the transition rules. While in the algebraic net calculus it is allowed to have several tokens of one and the same color on a place, there is at most one token per color allowed on a place of a predicate/transition net in order to establish a closer relation to first order logic. This safety requirement 7

8 causes a safe transition rule. Especially it is forbidden to fire transitions in modes, where one and the same color appears more than once on some arc, or where a token is produced on a place in a color in which there is already one. Another difference between algebraic nets and predicate/transition nets is the appearance of guard formula at transitions of predicate/transition nets. Firing a transition is restricted to those modes which satisfy the guard of the transition. These guards are compensated in algebraic nets with more powerful arc inscriptions. Reading [Lin89] gives the impression, that these two features the safe transition rule and transition guards cause a lot of additional considerations to be performed to cope with these features. In the case of algebraic nets we pay for this simplification with restrictions according to the algebraic specification, due to its behavior with respect to unification. We are not sure, whether this is a disadvantage of the algebraic net case, since in [Lin89] there is no detailed consideration of how to algorithmically involve transition guards into the parameterized marking calculus. The guard free case of predicate/transition nets, which is mainly considered in the formalisms of [Lin89], can be covered without problems by algebraic nets, except for the save transition rule, since the arc inscriptions allowed in predicate/transition nets, namely n tuples of constant symbols and variables, can be specified algebraically within the empty set of equations, which has however a very pleasant behavior with respect to unification. 6 Parameterized Reachability Trees After having discussed how parameterized markings coincide with transition occurrences, we will put together several parameterized markings to a tree, based on the successor relation induced by transition occurrences. This tree we will call parameterized reachability tree. First, we need a starting point, which should correspond to the initial marking of the considered net. Definition 15 Let AN = [D; P, T, F; ψ, ξ, λ; m 0 ] be an algebraic net. A parameterized initial marking is any parameterized marking, the unfolding of which contains exactly the initial marking m 0 of AN. A parameterized initial marking can be obtained for instance by replacing all the + signs in the formal sum descriptions of the components of m 0 by the sign. This is only a technical act to distinguish consistently between multiterms and term lists. Actually it will be of no importance at all which description is chosen for the initial marking. That s why we will call it the parameterized initial marking in the sequel. If we are interested exclusively in the set of reachable markings, then all we have to construct is a set of parameterized markings such that the union of their unfoldings equals the set of reachable markings. This set of parameterized markings can be computed by starting with a parameterized marking which represents the initial marking and then step by step computing the successor markings due to transition occurrences as stated in theorem 3. This way we obtain in a canonical way a computation tree, the nodes of which are parameterized markings. If we additionally label the arcs between the computed nodes with the corresponding transitions, we can read off those transitions, which do not occur at all in the tree. It will turn out that these transitions are dead at the initial marking. For dealing with reachability it makes no sense to compute the successors of a node, when the computation of its successors is covered by another one. In the case that a set of markings M is a subset of M, the set of all markings reachable from a node in M is included in the set of nodes reachable from a node in M. For this reason it is not necessary to consider the successors of a parameterized marking M, when it is guaranteed, that the successors of a covering parameterized marking M (that is, UNFOLD(M) UNFOLD(M )) will be considered. The following definition formalizes the concept of parameterized reachability trees. Definition 16 A parameterized reachability tree for an algebraic net AN is a directed labelled tree PRT = [N, E], whereby N is a set of parameterized markings, E is a set of edges labelled with transitions and 1. The initial parameterized marking of AN is the root of PRT; 2. If M is a node in N and E is an edge from M to M labelled with t, then M = M t τ t + τ for a renaming τ of ξ(t) such that τ(ξ(t)) does not contain a variable which appears in M; 3. If a parameterized marking M is contained in N then there exists at least one M N with 8

9 UNFOLD(M) UNFOLD(M ) (possibly M itself), such that for all transitions t T with UNFOLD(M t τ) (τ chosen as above) there is an edge from M labelled with t. The second item of this definition determines, that there are no parameterized markings in this tree which do not stand in the successor relation considered in the previous section. Therefore the tree does not contain unreachable markings. The third item of the definition assures, that it contains at least all reachable markings. Nevertheless the the definition offers an ambiguity. If there is a marking M in the tree for which there are M with UNFOLD(M) UNFOLD(M ), then the successors of M may or may not be contained in the graph. We have to permit this ambiguity to be able to involve our containment decision procedure which, as explained earlier, is incomplete. Theorem 4 Let PRT = [N, E] be a parameterized reachability tree for an algebraic net AN = [D; P, T, F; ψ, ξ, λ; m 0 ]. Then for the set R AN (m 0 ) of all markings reachable from m 0 in AN it holds R AN (m 0 ) = M N UNFOLD(M) Proof. Follows immediately from theorem 3. Theorem 5 Let AN = [D; P, T, F; ψ, ξ, λ; m 0 ] be an algebraic net and PRT = [N, E] a parameterized reachability tree for it. Let t be a transition which does not appear as a label of any edge in E. Then t is dead at m 0, Proof. Assume the contrary. Then there would be a marking m reachable from m 0 and an occurrence mode β for t such that m t,β. Due to theorem 4 there is a parameterized marking M N such that m UNFOLD(M). Theorem 3 states, that UNFOLD(M t τ t + τ). According to the third item of definition 16 there is an edge in E labelled with t in contrary to the assumption. 7 Example Figure 2 shows an algebraic net representing a storage maintenance scheme. There are different processes which are allowed to write to a given unit, and such which read from it. While reading can be done concurrently, no process is allowed to read or to write while another one is writing. Furthermore the place KEY assures, that no process is allowed ew N er x x y y y M WRI x SEM REA REA WRI rq N N x PND N x y y y x bw KEY br Figure 2: An algebraic net modelling a concurrent read / exclusive write protocol to start reading, when another process requests a write operation. The parameterized reachability tree for M = a+b and N = a + b + c is depicted in figure 3. 1 br rq 2 3 rq br er bw er rq br er (=1) ew rq er rq (=3) er 7 (=2) (=1) ew (=4) er 14 (=8) (=5) (=3) Figure 3: A parameterized reachability tree for the considered net We have not written the markings to the nodes, since they can be obtained canonically remembering the definition of parameterized reachability trees. For instance, the label of node No. 7 is m 0 br [y z 1 ] br + [y z 1 ] rq [x z 2 ] rq + [x z 2 ] er [y z 3 ] er + [y z 3 ] resulting in Marking No. 7 WRI a b z 2 PND z 2 WRI REA c d e z 1 z 3 REA z 1 z 3 SEM c d e z 1 z 3 KEY 9

10 The remark under the seventh node in figure 3 means, that the unfoldings of markings No. 7 and No. 3 are equal and therefore the successors of node 7 have not been computed. For showing this equivalence, we try to simplify the 7th marking. First we see, that z 3 can be unified with z 1 (due to the sum z 1 z 3 on REA, then the sum on KEY can be removed, furthermore on REA and SEM the terms z 1 z 3 cancel each other out, since z 1 appears nowhere else after this cancellation and that s why the information, that it is one of the constants c, d or e is of no more interest. All these operations did not change the unfolding. Comparing the resulting vector Marking No. 7 WRI a b z 2 PND z 2 WRI REA c d e REA SEM c d e KEY with the third marking Marking No. 3 WRI a b z 4 PND z 4 WRI REA c d e REA SEM c d e KEY we find out, that these vectors differ only in the name of a parameter. Therefore their unfoldings are equal. Similar considerations can be applied to all nodes which we stated to be equivalent to other ones. 8 Conclusions We have seen, that parameterized reachability analysis can be applied to algebraic nets as well as Lindqvist did it for predicate/transition nets. Thereby we found, that the unsafe transition rule and the absence of transition guards lead to a significant simplification of the method. At least with respect to the transition rule this has been predicted by Lindqvist. In the case of algebraic nets, we are able to involve the whole information about the effect of transition occurrences in the parameterized reachability analysis, since all of this information is contained in the arc inscriptions, while in the case of predicate/transition nets it seems to be difficult to handle the information which is coded as transition guards. On the other hand, the method is restricted to specifications which are well formed with respect to the unification problem. But having the theory of abstract data types available, one can clearly distinguish between manageable arc inscriptions and arc inscriptions which are too complex for symbolic computations. This way we may preselect nets where symbolic methods have a chance and those to which we should not apply symbolic methods. All in all, it seems to be worth trying an implementation and getting some experience whether the method is suitable in practice. This implementation has to offer much stronger conditions for the inclusion problem than considered here. References [EM85] H. Ehrig, B. Mahr. Fundamentals of Algebraic Specifications, volume 1 of EATCS Monographs on Theoretical Computer Science 6. Springer, Berlin, [Gen87] H. Genrich. Predicate/Transition Nets, Lecture Notes on Computer Science 254, pages , [HJJ84] Huber, A. Jensen, Jepsen, K. Jensen. Towards Reachability Trees for High level Petri Nets. In Advances in Petri Nets 1984, Lecture Notes on Computer Science 188, pages , [Jen81] K. Jensen. Coloured Petri Nets and the Invariant Method. Theoretical Computer Science, 14: , [Lin89] M. Lindqvist. Parameterized Reachability Trees for Predicate/Transition Nets. Acta Polytechnica Scandinavica, Ma 54, [Rei91] W. Reisig. Petri Nets and Algebraic Specifications. Theoretical Computer Science, 80:1 34, [SSt91] K. Schmidt, P. Starke. An Algorithm to Compute the Symmetries of Petri Nets. Petri Net Newsletter, 40:25 30, [Sch93] K. Schmidt. Symmetries of Petri Nets. Petri Net Newsletter, 43:9 25, [Sch94] K. Schmidt. T Invariants of Algebraic Petri Nets. Informatik Bericht, 31, [Sta91] P.H. Starke. Reachability Analysis of Petri Nets Using Symmetries. J. Syst. Anal. Model. Simul., 8: ,