Specification models and their analysis Petri Nets

Similar documents
DES. 4. Petri Nets. Introduction. Different Classes of Petri Net. Petri net properties. Analysis of Petri net models

The State Explosion Problem

Analysis and Optimization of Discrete Event Systems using Petri Nets

Stochastic Petri Net. Ben, Yue (Cindy) 2013/05/08

7. Queueing Systems. 8. Petri nets vs. State Automata

Time(d) Petri Net. Serge Haddad. Petri Nets 2016, June 20th LSV ENS Cachan, Université Paris-Saclay & CNRS & INRIA

A Review of Petri Net Modeling of Dynamical Systems

Petri Nets (for Planners)

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

Time and Timed Petri Nets

Stochastic Petri Nets. Jonatan Lindén. Modelling SPN GSPN. Performance measures. Almost none of the theory. December 8, 2010

Composition of product-form Generalized Stochastic Petri Nets: a modular approach

Time Petri Nets. Miriam Zia School of Computer Science McGill University

Reliability of Technical Systems. Advanced Methods for Systems Modelling and Simulation I : Petri Nets

Communication in Petri nets

Petri nets. s 1 s 2. s 3 s 4. directed arcs.

Embedded Systems 6 REVIEW. Place/transition nets. defaults: K = ω W = 1

A Symbolic Approach to the Analysis of Multi-Formalism Markov Reward Models

Applications of Petri Nets

Linear Time Analysis of Properties of Conflict-Free and General Petri nets

Negotiation Games. Javier Esparza and Philipp Hoffmann. Fakultät für Informatik, Technische Universität München, Germany

Georg Frey ANALYSIS OF PETRI NET BASED CONTROL ALGORITHMS

SPECIFICATION MODELS. Chapter 3. Overview. Introducing Hierarchy. StateCharts

Proxel-Based Simulation of Stochastic Petri Nets Containing Immediate Transitions

Biological Pathways Representation by Petri Nets and extension

Industrial Automation (Automação de Processos Industriais)

Discrete Event Systems Exam

ADVANCED ROBOTICS. PLAN REPRESENTATION Generalized Stochastic Petri nets and Markov Decision Processes

Simulation of Spiking Neural P Systems using Pnet Lab

An Holistic State Equation for Timed Petri Nets

Compositional Analysis of Timed-arc Resource Workflows with Communication

Free-Choice Petri Nets without Frozen Tokens, and Bipolar Synchronization Systems. Joachim Wehler

c 2011 Nisha Somnath

A Polynomial-Time Algorithm for Checking Consistency of Free-Choice Signal Transition Graphs

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

Complete Process Semantics for Inhibitor Nets Technical Report

Elementary Siphons of Petri Nets and Deadlock Control in FMS

The study reported in this monograph is sponsored by the TNO Institute for Production and Logistics (IPL) as part of the TASTE project.

Timed Automata VINO 2011

1. sort of tokens (e.g. indistinguishable (black), coloured, structured,...),

Decentralized Control of Discrete Event Systems with Bounded or Unbounded Delay Communication

As Soon As Probable. O. Maler, J.-F. Kempf, M. Bozga. March 15, VERIMAG Grenoble, France

A Structure Causality Relation for Liveness Characterisation in Petri Nets

MODEL CHECKING - PART I - OF CONCURRENT SYSTEMS. Petrinetz model. system properties. Problem system. model properties

Undecidability of Coverability and Boundedness for Timed-Arc Petri Nets with Invariants

MODELING AND SIMULATION BY HYBRID PETRI NETS. systems, communication systems, etc). Continuous Petri nets (in which the markings are real

Semantic Equivalences and the. Verification of Infinite-State Systems 1 c 2004 Richard Mayr

From Stochastic Processes to Stochastic Petri Nets

Efficient Symbolic Analysis of Bounded Petri Nets Using Interval Decision Diagrams

ONE NOVEL COMPUTATIONALLY IMPROVED OPTIMAL CONTROL POLICY FOR DEADLOCK PROBLEMS OF FLEXIBLE MANUFACTURING SYSTEMS USING PETRI NETS

A REACHABLE THROUGHPUT UPPER BOUND FOR LIVE AND SAFE FREE CHOICE NETS VIA T-INVARIANTS

Limiting Behavior of Markov Chains with Eager Attractors

Petri Nets and Model Checking. Natasa Gkolfi. University of Oslo. March 31, 2017

Petri nets analysis using incidence matrix method inside ATOM 3

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

Decision, Computation and Language

Introduction to Stochastic Petri Nets

STRUCTURED SOLUTION OF STOCHASTIC DSSP SYSTEMS

A Deadlock Prevention Policy for Flexible Manufacturing Systems Using Siphons

Recent results on Timed Systems

Model Checking: An Introduction

Foundations of Informatics: a Bridging Course

2. Stochastic Time Petri Nets

Chapter 4: Computation tree logic

Outline. Complexity Theory. Example. Sketch of a log-space TM for palindromes. Log-space computations. Example VU , SS 2018

Let us first give some intuitive idea about a state of a system and state transitions before describing finite automata.

(x 1 +x 2 )(x 1 x 2 )+(x 2 +x 3 )(x 2 x 3 )+(x 3 +x 1 )(x 3 x 1 ).

6 Solving Queueing Models

Theory of Computing Tamás Herendi

Computation Tree Logic (CTL) & Basic Model Checking Algorithms

SFM-11:CONNECT Summer School, Bertinoro, June 2011

Petri Nets (for Planners) ICAPS Petri Nets (for Planners) Outline of the Tutorial. Introduction & Motivation

fakultät für informatik informatik 12 technische universität dortmund Petri nets Peter Marwedel Informatik 12 TU Dortmund Germany

Formal Specification and Verification of Task Time Constraints for Real-Time Systems

CS590U Access Control: Theory and Practice. Lecture 6 (January 27) The Harrison-Ruzzo-Ullman Model

MPRI 1-22 Introduction to Verification January 4, TD 6: Petri Nets

Markings in Perpetual Free-Choice Nets Are Fully Characterized by Their Enabled Transitions

Introduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either

Automata-based Verification - III

Information Systems Business Process Modelling I: Models

Sanjit A. Seshia EECS, UC Berkeley

Designing parsimonious scheduling policies for complex resource allocation systems through concurrency theory

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

NONBLOCKING CONTROL OF PETRI NETS USING UNFOLDING. Alessandro Giua Xiaolan Xie

Stochastic Games with Time The value Min strategies Max strategies Determinacy Finite-state games Cont.-time Markov chains

Business Processes Modelling MPB (6 cfu, 295AA)

Abstractions and Decision Procedures for Effective Software Model Checking

A Brief Introduction to Model Checking

2.1 general items of cellular automata (1)definition of cellular automata. Cellular automata

Flat counter automata almost everywhere!

Soundness of Workflow Nets with an Unbounded Resource is Decidable

Formal Verification Techniques. Riccardo Sisto, Politecnico di Torino

Limits of Computability

CS 301. Lecture 18 Decidable languages. Stephen Checkoway. April 2, 2018

Learning Automata Based Adaptive Petri Net and Its Application to Priority Assignment in Queuing Systems with Unknown Parameters

Notes for Math 450 Stochastic Petri nets and reactions

The L Machines are very high-level, in two senses:

Varieties of Stochastic Calculi

Complexity of domain-independent planning. José Luis Ambite

Performance Evaluation. Transient analysis of non-markovian models using stochastic state classes

Transcription:

Specification models and their analysis Petri Nets Kai Lampka December 10, 2010 1 30

Part I Petri Nets Basics

Petri Nets Introduction A Petri Net (PN) is a weighted(?), bipartite(?) digraph(?) invented by Carl Adam Petri in his PhD-thesis Kommunikation mit Automaten (1962). Many flavors of Petri nets are in use; we start with a simple kind. Example: insertcoin idle wait lock_door wash Circles P := {wait, wash,...} (set of places) Boxes T := {insertcoin, lock door,...} (set of transitions) Arcs C := {..., (lock door, wash),...} (set of edges) Weights W := here constant 1 for each arc finished Initial marking M 0 := { m 0 (wait) := 0, m 0 (wash) := 0, m 0 (idle) := 1}. 3 30

Definition 1.1: (Weigthed) Petri Net A Petri net (PN) P is a 5-tuple (P, T, C, W, M 0), where 1 P := {p 1,..., p m} is a finite, ordered (indexed) set of places and 2 T := {t 1,..., t n} is a finite, ordered (indexed) set of transitions, 3 C (P T ) (T P), is a connection or flow relation, 4 W : C N 0 assigns a weight to each element of C and 5 m 0 : p P N 0 gives the initial marking for place p, i. e., it assigns a number of token to place p. The set of all such initial markings is denoted M 0 (= the initial marking of P). 1 An ordering defined on the places yields that the place markings m 0 (p i ) can be understood as the component of a vector s 0 [i] s.t. we can map the initial marking M 0 to the dedicated vector s 0. Note, s i gives the number of tokens currently contained in place p i. 2 A vector of this kind is denoted in the following as state vector, as it uniquely defines the state of the PN we also simply say state. 4 30

Petri Nets Introduction insertcoin insertcoin insertcoin wait wait wait idle lock_door wash idle lock_door wash idle lock_door wash finished the initial state of the PN s 0 = (m 0 (wait), m 0 (wash), m 0 (idle)) = (0, 0, 1) finished another state of the PN s = (1, 1, 1) finished and another state s = (1, 1, 0) Note: For differing among the different states of a PN we index them accordingly, i. e., we write s k when referring to the k-th state. 5 30

Petri Nets Operational Semantic (Pre - and Post sets) Definition 1.2: Pre - and Post sets 1 Pre set of a transition t T : t := {p (p, t) C} 2 Post set of a transition t T : t = {p (t, p) C} analogously we define pre ( p) and post sets (p ) for each place p P. p 6 2 1 t 43 := { p 2 5 1 t 43 p 1 t 43 := { 6 30

Petri Nets Operational Semantic (Enabling) The operational (or execution) semantic of PN stem from the movement of tokens in the net: Transitions consume tokens from input places (pre set). Transitions add tokens to their output places (post set). One execute one transition at a time according to a disceret event system semantic. Execution of transition is atomic and instantenous (= zero-time). Thus concurrency of transition s execution is resolved by their interleavings (= interleaving semantic). But when can we actually execute transitions? 7 30

Petri Nets Operational Semantic (Enabling) Enabled transition: a transition t T is enabled in a state s, denoted s t, iff the places of its pre set hold sufficiently many tokens s t ( p t : s [p] W(p, t)) Enabling state: a state s is denoted enabling for a transition t iff s t holds. Once a transition is enabled in a state s it can be executed (=fired): When we execute an enabled transition we destroy sufficiently many tokens on the input places and generate the required number of tokens on the output places of t. 8 30

Petri Nets Operational Semantic (Firing) Given a state s of a PN we want to compute its successor state s w. r. t. an enabled transition. To do so we define a transfer or transition function of a transition t as follows: s [i] p i / t t s [i] W(p δ( s, t) := s with s i, t) p i t t [i] := s [i] + W(t, p i ) p i t t s [i] W(p i, t) + W(t, p i ) p i t t if s t then δ( s, t) := s else undefined. With δ we can construct sets of triples ( s, t, s ), where we use the notation s t s. 9 30

Petri Nets Reachability set Moving the tokens around the net by executing enabled transitions is denoted token game; essentially executing δ. Executing transition function δ in a fixed point iteration, starting with state s 0, yields a set of states, denoted as a PN s set of reachable states or reachability set. Definition 1.3: Reachability set of a PN 1 S 0 := { s 0 } 2 S i := S i 1 {δ( s, t) s S i 1, t T where s t} 3 we are intrested in the largest of such sets S 0 S 1... S k which we denote as set of reachable states S of a PN P and w. r. t. s 0. Note: This allows one to construct a (not necessarily finite) LTS for each PN and an initial state s 0. Such an LTS constitutes the semantic model of a PN. 10 30

Petri Nets Reachability graph Definition 1.4: Reachability graph A reachability graph RG(P, s 0 ) of a PN P and its initial state s 0 is a LTS L(S, S 0, Act, E) with S which is the set of reachable states of the PN. S 0 := { s 0 } with s 0 as the initial state of the PN Act which is the set of the transition labels of the PN E S Act S induced by the PN as follows: ( ) ( s S s t) s t δ( s, t) E) 11 30

Petri Nets Token game (Reachability of states) One the basis of the token game we can now pose interesting questions about the properties of a PN and ultimately about the modeled system itself. E.g.: Can we reach a state s.t. each place holds at least N but at most K tokens (under- or overflow of buffers in a chip-design)? Can we reach a state where everything is blocked? Such questions are denoted reachability problems, since they can be solved in principle by checking if a respective state can be derived from the initial state s 0 by executing the transitions of a PN. Example 1.1: Washing maschine 12 30

Petri Nets Reachability question We formalize this as follows: Definition 1.5: Reachability problem/question Given a high-level model which can be mapped to a LTS, e. g. a PN P and an initial (system) state s 0 the reachability question answers the question, if it is possible to reach a dedicated state s b by executing a sequence of transition (t i,..., t j ). Formally we are looking for a sequence of state-to-state transitions in the LTS of the high-level model s.t. the reach state s b. With σ := t i, t j... t k σ one also writes s 0 sb for indicating that s b can be reached by executing transition sequence σ. 13 30

Decidability Recall: A yes/no-question is decidable if and only if there is a computation which after finitely many steps returns with either yes or no. A yes/no-question is semi-deciable if and only if the computation may return after finitely many steps with either a yes or no answer. Is reachability for PN decidable? How would you proceed? 14 30

Petri Nets How-to solve the reachability problem There are several ways to answer this question, we discuss two semi-decision procedures, e. g. the methods are based on necessary (not sufficient!) conditions. Algebraic method Solution of a system of linear equations (works for standard PN only). Absence of solution implies non-reachability of the resp. state. In case of a sloution we do not know anything. Algorithmic method (brute-force method) Generation of the reachability graph and check the states on-the-fly. Termination implies reachability of the searched state. If the reachability graph is not finite the method may not terminate. 15 30

Petri Nets Algebraic approach (state equations) An incidence matrix shows the relationship between two classes of objects, it possesses one row for each element of class x and one column for each element of class y. For a PN the incidence matrix A N P T 0 describes the token-flow w. r. t. place i (row index) and transition j (column index). a ij = W(t j, p i ) W(p i, t j ) (gain of place i when transition j fires) insertcoin wait idle returncoin 2 lock_door wash finished trigger 2 A :=? s 0 :=? Example 1.2: Washing machine 16 30

Petri Nets Algebraic approach (state equations) Let the firing vector u i N T 0 be the indicator for the firing of transition t i, i. e., u i [i] := 1 and u i [j] := 0 for i j. What is the PN semantic of s c + A u i? Example 1.3: Washing machine For a transition sequence σ of length σ one can construct the linear combination of the firing vectors: σ f := k:=1 u σ[k] where σ[k] refers to the k-th transition symbol in the sequence. Question 1.1: What is the PN semantic of s c + A f? 17 30

Petri Nets Algebraic approach (state equations) This allows one to test for the reachability of state s as follows: 1 Solve(A f = s s 0 ) 2 if there is no such solution f N T 0 than there is no sequence of transition firings leading from s 0 to s. 3 Formally: ( f N T 0 : A f = s s 0 ) σ : s 0 σ s Example 1.4: Washing machine Question 1.2: If there is a solution, what do we know, what can be the problem? 18 30

Petri Nets Algorithmic approach (enumerative) 1 Algebraic solution based on state equations: Solution of a system of linear equation is a necessary condition for reachability for standard PN only. Absence of solution implies non-reachability of the resp. state. 2 Algorithmic solution (brute-force method): Generation of the reachability graph and check the states on-the-fly: Termination implies reachability of the searched state. 19 30

Petri Nets Explicit Reachability Set Generation Reachability algorithm (1) S tmp :=, S := (2) put s 0 into S tmp (3) put s 0 into S (4) Call function DFS() Once this algorithm terminates we know that s test is reachable or not reachable. (5) Function DFS() (6) While (S tmp ) (7) take s from S tmp (8) forall t T do (9) s := δ( s, t) (10) If ( s = s test) terminate (11) Else if ( s / S) Example 1.5: Washing machine: DFS/BFS (12) put s into S tmp (13) put s into S (14) Else do_nothing (15) endif (16) od (17) endwhile 20 30

Petri Nets Interleaving semantic a p b q (1,0) (0,1) a (2,0) a b (0,0) a (1,1) b (0,2) b a b a b a b The execution order of transitions is partly uncoordinated. This yields an exponential size of a PN s underlying LTS, i. e., S is exponential w. r. t. the number of concurrently enabled transitions (= state space explosion problem) Example 1.6: Washing machine with 2 tokens in place idle 21 30

Petri Nets Properties to be verified After we have learned how to answer the reachability problem, (where the proposed techniques may fail), we will now deal with other properties to be verified. These properties can be posed as reachability problems. Hence they can be answered by either directly applying the discussed techniques or slightly adapted versions. Excursion: Properties that can be answered as reachability queries, are denoted safety properties. But remember, the here presented techniques may fail, but sometimes we can not do better, depending on the employed high-level formalism, e. g. PN with inhibitor arcs. 22 30

Deadlock-freeness One of the most basic properties related to the reachability is the question about the reachability of deadlocks. Definition 1.6: Deadlock A state s S of a PN P is denoted deadlock iff t T : s t A PN P where no deadlock exists is denoted deadlock-free. A PN P whose reachability graph is non-terminal is deadlock-free (or vice-versa) Example 1.7: Dining philisophers 23 30

K-boundedness Definition 1.7: K-Boundedness 1 A place p j of a PN P with its initial state s 0 is denoted K-bounded iff it never holds more than K j tokens: p j is K j -bounded K j N 0 : s S : s [p j ] K j otherwise p j is denoted as unbounded. 2 A PN is denoted K-bounded if each of its places is K j -bounded, i. e., P is denoted K-bounded p j P : p j is K j -bounded Example: Check a system design for buffer-overflows. In the literature 1-bounded PN are denoted as safe. Question 1.3: Is the dining philisopher PN bounded? 24 30

Reversibility and home states Besides reachability problems, there are properties which ask about the structure of the reachability graph. Definition 1.8: Home state 1 A state s is denoted as home state iff it is reachable from every other state, i. e., s is a home state s S : σ : s σ s. 2 If s 0 is a home state than the PN P is denoted reversible. In fact this is much more complex as a simple reachability query. 1 Algebraic approach: can we exploit this one for home state detection? 2 Algorithmic approach: is much more complicated (cycle detetction). 25 30

Petri Nets Extensions Many flavors of Petri nets are in use, e.g. 1 PN with inhibitor arcs 2 Colored PN 3 PN with timed behaviour 26 30

Petri Nets Extensions PN with inhibitor arcs insertcoin 2 returncoin trigger wait 1 2 idle lock_door wash 2 finished A place p connected to a transition t via an inhibitor arc ( p t) suppresses the transition s execution, i. e., t can only fire iff s [p] < W(p, t) holds. one solely needs to extend the rule for enabledness of t: s t {( p t : s [p] W(p, t)) : ( p t : s [p] < W(p, t))} Note: PN with more than one inhibitor arc posseses Turing-power, i. e., 1 they cannot be transformed into regular weighted PN 2 reachability of a state is not decidable; the methods we looked at are therefore the best one can do. 27 30

Petri Nets Extensions Colored PN insertcoin fakecoin rmv returncoin wait 2 lock_door idle trigger Tokens carry colors Transition are colored, i. e., they only consume and generate tokens of a specific color finished wash 2 Colored PN posses Turing-power: 1 cannot be transformed into regular PN 2 reachability is not decidable. 28 30

Petri Nets Extensions Timed PN (TPN) [0; ) insertcoin 8 wait returncoin [0;0.5] trigger [0.75;1] lock_door idle wash finished [3600,5400] 2 2 Enabled transitions are executed within some time interval [a, b] ( Timed Automata) 29 30

Petri Nets Extensions Generalized Stochastic PN (GSPN) insertcoin rmv; 1 returncoin; 1 trigger In a GSPN we have 2 types of transitions Weighted transition w is executed with some probability: idle wait 2 lock_door; 1 wash finished; λ 2 W(w) Prob w ( s) := t k {t s t} W(t k) Markovian transition m is executed after an exponentially distributed delay time t F delay of m (t) := 1 e λmt ( Continous-time Markov chains) 30 30

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback