The fundamental closed-form solution of control-related states of kth order S3PR system with left-side non-sharing resource places of Petri nets

Due to the state explosion problem, it has been unimaginable to enumerate reachable states for Petri nets. Chao broke the barrier earlier by developing the very first closed-form solution of the number of reachable and other states for marked graphs and the kth order system. Instead of using first-met bad marking, we propose ‘the moment to launch resource allocation’ (MLR) as a partial deadlock avoidance policy for a large, real-time dynamic resource allocation system. Presently, we can use the future deadlock ratio of the current state as the indicator of MLR due to which the ratio can be obtained real-time by a closed-form formula. This paper progresses the application of an MLR concept one step further on Gen-Left kth order systems (one non-sharing resource place in any position of the left-side process), which is also the most fundamental asymmetric net structure, by the construction of the system's closed-form solution of the control-related states (reachable, forbidden, live and deadlock states) with a formula depending on the parameters of k and the location of the non-sharing resource. Here, we kick off a new era of real-time, dynamic resource allocation decisions by constructing a generalisation formula of kth order systems (Gen-Left) with r^* on the left side but at arbitrary locations.     

A deadlock prevention approach for flexible manufacturing systems without complete siphon enumeration of their Petri net models

Siphons are very important in the analysis and control of deadlocks in a Petri net. However, it is quite time-consuming or even impossible to get the complete siphon enumeration of a Petri net. This paper focuses on the deadlock prevention problems in flexible manufacturing systems that are modeled with S⁴PR, a general class of Petri nets. The analysis of S⁴PR leads us to characterize deadlock situations in terms of insufficiently marked siphons. The method proposed in this paper is an iterative approach. At each iteration, a non-max-marked siphon is computed by solving a mixed integer linear programming problem. Then the siphon is max-marked through a P-invariant by adding a monitor place. This process is carried out until no non-max-marked siphon can be found in the net. As a result all the siphons in the net are max-controlled. Then the net becomes live. Without computing all the siphons, a monitor-based liveness-enforcing Petri net supervisor can be found with more permissive behavior. A number of flexible manufacturing examples are used to demonstrate the proposed methods.     

应用控制变迁的柔性制造系统死锁控制策略

不同于目前许多文献中基于添加控制库所的死锁预防策略,本文提出了控制变迁方程(CTE)的概念和相应的基于添加控制变迁(CT)的死锁控制策略(DCP).通过分析存在死锁的原网(N0, M0)的可达图(RG),该DCP求解出所有死锁标识(DM).基于CTE,构造出所需的控制变迁.然后,对每个DM添加相应的CT,进而消除了原网(N_0, M_0)中的死锁标识,得到了活性受控网系统(N~?, M~?).通过理论分析和相关算例的应用,该DCP的正确性和有效性得到了验证.此外,该DCP获取的活性受控网系统(N~?, M~?)可达数目与原网(N_0, M_0)是相同的,即最大可达数(MRN).     

Synthesis of deadlock prevention policy using Petri nets reachability graph technique

This paper proposes a subclass of generalized stochastic Petri net (GSPN) model, called TS³PR, which is modified the systems of simple sequential processes with resources (S³PR) with timed information. Based on the subclass of GSPN, a new deadlock prevention policy is developed by using reachability graph technique. The foundation of the new control policy is to manipulate all the dead states of the system nets. This study is able to change dead states into vanishing ones by additional immediate transitions. A live TS³PR model can then be obtained. It is worthwhile to notice that this study is different from adding additional control place policies in previous literature. Experimental results, indicate that our new control policy is with maximally permissive markings than conventional place‐control ones. As a result, we can infer that our proposed control policy seems to be used in Petri nets deadlocked systems. To our knowledge, this is the first work that employs the additional transitions to obtain the deadlock prevention policy. Copyright © 2010 John Wiley and Sons Asia Pte Ltd and Chinese Automatic Control Society     

A practical algorithm for static analysis of parallel programs

One approach to analyzing the behavior of a concurrent program requires determining the reachable program states. A program state consists of a set of task states, the values of shared variables used for synchronization, and local variables that derive the values directly from synchronization operations. However, the number of reachable states rises exponentially with the number of tasks and becomes intractable for many concurrent programs. A variation of this approach merges a set of related states into a single virtual state. Using this approach, the analysis of concurrent programs becomes feasible as the number of virtual states is often orders of magnitude less than the number of reachable states. This paper presents a method for determining the virtual states that describe the reachable program states, and the reduction in the number of states is analyzed. The algorithms given have been implemented in a static program analyzer for multitasking Fortran, and the results obtained are discussed.     

Reverse reachability analysis: A new technique for deadlock detection on communicating finite state machines

The communicating finite state machines can exchange messages over bounded FIFO channels. In this paper, a new technique, called reverse reachability analysis, is proposed to detect deadlocks on the communication between the communicating finite state machines. The technique is based on finding reverse reachable paths starting from possible deadlock states. If a reverse reachable path can reach the initial global state, then deadlock occurs. Otherwise the communication is deadlock-free. The effectiveness of the technique has been verified by some real protocols such as a specification of X.25 call establishment/clear protocol and Bartlet's alternating bit protocol.     

Studying the separability relation between finite state machines

Several authors have studied the relationships between non‐deterministic finite state machines (FSMs). These relationships can be used, for example, for deriving conformance tests from specifications represented by FSMs. In this paper, the separability relation between FSMs is studied. In particular, an algorithm is presented that derives a shortest separating sequence of two non‐deterministic FSMs. Given FSMs S with n states and T with m states, it is shown that the upper bound on the length of a shortest separating sequence is 2^mn−1. Moreover, the upper bound is shown to be reachable. However, according to the conducted experiments, on average, the length of a shortest separating sequence of FSMs S and T states is less than mn and the existence of a separating sequence significantly depends on the number of non‐deterministic transitions in these FSMs. The proposed algorithm can also be used for deriving a separating sequence of two different states of a single FSM or for deriving a separating sequence of three or more FSMs. Copyright © 2007 John Wiley & Sons, Ltd.     

Design of liveness‐enforcing supervisors via transforming plant petri net models of FMS

This paper focuses on the deadlock prevention problems in a class of Petri nets, systems of simple sequential process with resources, S³PR for short. By structure analysis, we propose an approach that can transform a plant net model into a weighted S³PR (WS³PR) that is behaviorally equivalent to the plant model. The WS³PR is made to be live by properly reconfiguring its weight distribution such that its all strict minimal siphons are self‐max'‐controlled. The resulting WS³PR can serve as a liveness‐enforcing Petri net supervisor for the plant model after removing some idle and operation places. A live controlled system can be accordingly obtained by synchronizing a plant model and the places whose weights are regulated. This research shows that a small number of monitors is obtained, leading to more permissive behavior of the controlled system. Examples are used to demonstrate the proposed concepts and methods. Copyright © 2010 John Wiley and Sons Asia Pte Ltd and Chinese Automatic Control Society     

利用规划命题关系图构建目标议程和宏动作

对智能规划中的常用工具——放松式规划图(relaxed planning graph,简称RPG)的图论性质进行了深入研究.将RPG中的命题层抽取出来,得到一个不包含任何动作的命题关系图(proposition relation graph,简称PRG),发现PRG仍具有RPG的主要规划性质.初步研究结果包括以下4个方面:初始命题集(initial proposition set,简称IPS)的闭出邻集(close out-neighborhoods,简称CON)是放松式规划可达命题集(relaxed reachable proposition set,简称R-RPS);初始状态命题到目标状态命题的最大距离是规划解长度的合理估计;无圈序指出了对应命题被实现的顺序要求;出度或入度为1的结点收缩对应规划中构造的宏动作.上述结果中,前两者说明PRG保留RPG的主要规划性质,后两者可用于建立目标议程或宏动作提取等领域.还提出与上述结论相关的3种算法:从RPG中得到PRG的算法(复杂性为O(mn2),其中,n为RPG的命题数,m为RPG的动作数);约简无圈序算法(复杂性为O(n+m),其中,n为PRG的结点数,m为PRG的边数);宏动作建议算法(复杂性为O(n2),n为PRG的结点数).     

SAT-Solving the Coverability Problem for Petri Nets

Net unfoldings have attracted great attention as a powerful technique for combating state space explosion in model checking, and have been applied to verification of finite state systems including 1-safe (finite) Petri nets and synchronous products of finite transition systems. Given that net unfoldings represent the state space in a distributed, implicit manner the verification algorithm is necessarily a two step process: generation of the unfolding and reasoning about it. In his seminal work McMillan (K.L. McMillan, Symbolic Model Checking. Kluwer Academic Publishers, 1993) showed that deadlock detection on unfoldings of 1-safe Petri nets is NP-complete. Since the deadlock problem on Petri nets is PSPACE-hard it is generally accepted that the two step process will yield savings (in time and space) provided the unfoldings are small.In this paper we show how unfoldings can be extended to the context of infinite-state systems. More precisely, we show how unfoldings can be constructed to represent sets of backward reachable states of unbounded Petri nets in a symbolic fashion. Furthermore, based on unfoldings, we show how to solve the coverability problem for unbounded Petri nets using a SAT-solver. Our experiments show that the use of unfoldings, in spite of the two-step process for solving coverability, has better time and space characteristics compared to a traditional reachability based implementation that considers all interleavings for solving the coverability problem.     

Tree regular model checking: A simulation-based approach

Regular model checking is the name of a family of techniques for analyzing infinite-state systems in which states are represented by words, sets of states by finite automata, and transitions by finite-state transducers. In this framework, the central problem is to compute the transitive closure of a transducer. Such a representation allows to compute the set of reachable states of the system and to detect loops between states. A main obstacle of this approach is that there exists many systems for which the reachable set of states is not regular. Recently, regular model checking has been extended to systems with tree-like architectures. In this paper, we provide a procedure, based on a new implementable acceleration technique, for computing the transitive closure of a tree transducer. The procedure consists of incrementally adding new transitions while merging states, which are related according to a pre-defined equivalence relation. The equivalence is induced by a downward and an upward simulation relation, which can be efficiently computed. Our technique can also be used to compute the set of reachable states without computing the transitive closure. We have implemented and applied our technique to various protocols.     

基于Petri网的数据库系统并发控制活性分析

从数据库系统在时刻t的状态N出发,构造出相应的Petri网模型,进而构造出其可达标识图。通过分析可达标识图,可判断系统是否为死锁状态。若不是死锁状态,系统是否可能出现死锁,什么情况下系统肯定不会出现死锁。最后,给出了数据库系统中事务并发操作的死锁检测方法与避免措施。     

基于Petri网的并发系统活性分析

本文从数据库系统在时刻t的状态N出发，构造出相应的Petri网模型，进而构造出其可达标识图．通过分析可达标识图，可判断系统是否为死锁状态．若不是死锁状态，系统是否可能出现死锁，什么情况下系统肯定不会出现死锁．最后，给出了数据库系统中事务并发操作的死锁检测方法与避免措施．     

A deadlock prevention approach for a class of timed Petri nets using elementary siphons

To solve the problem of deadlock prevention for timed Petri nets, an effective deadlock prevention policy based on elementary siphons is proposed in this paper. Without enumerating reachable markings, deadlock prevention is achieved by adding monitors for elementary siphons, increasing control depth variables when necessary, and removing implicit, liveness‐restricted and redundant control places. The final supervisor is live. First, a timed Petri net is stretched into a stretched Petri net (SPN). Unchanging the system performance, each transition in the SPN has a unit delay time. Then the siphon‐control‐based approach is applied. Monitors computed according to the marking constraints are added to the SPN model to ensure all strict minimal siphons in the net invariant‐controlled. A liveness‐enforcing supervisor with simple structure can be obtained by reverting the SPN into a TdPN. Copyright © 2010 John Wiley and Sons Asia Pte Ltd and Chinese Automatic Control Society     

An Application of Independent, Increasing, Free-Choice Petri Nets to the Synthesis of Policies that Enforce Liveness in Arbitrary Petri Nets

The class of Independent, Increasing, Free-Choice Petri nets (II-FCPNs) was introduced in (Sreenivas, 1997c), where it is shown that any II-FCPN can be made live via supervision using a readily available policy. In a live Petri net (PN). Petri Net Theory and Modeling of systems. Prentice-Hall, Englewood Cliffs, NJ, Reisig (1985). Petri Nets. Springer, Berlin), it is possible to fire any transition from every reachable marking, although not necessarily immediately. In this paper we identify a class of PNs, where every transition is controllable, that are not necessarily II-FCPNs, that can be made live via supervision using a readily available policy constructed from the policy that enforces liveness in an II-FCPN.     

On commutativity based Edge Lean search

The problem of state space search is fundamental to many areas of computer science, such as, e.g., AI and formal methods. Often, the state space to be searched is huge, so optimizing the search is an important issue. In this paper, we consider the problem of visiting all states in the setting where transitions between states are generated by actions, and the (reachable) states are not known in advance. Some of the actions may commute, i.e., they result in the same state for every order in which they are taken. We show how to use commutativity to achieve full coverage of the states, while traversing a relatively small number of edges.     

Optimal Petri-Net-Based Polynomial-Complexity Deadlock-Avoidance Policies for Automated Manufacturing Systems

Even for a simple automated manufacturing system (AMS), such as a general single-unit resource allocation system, the computation of an optimal or maximally permissive deadlock-avoidance policy (DAP) is NP-hard. Based on its Petri-net model, this paper addresses the deadlock-avoidance problem in AMSs, which can be modeled by systems of simple sequential processes with resources. First, deadlock is characterized as a perfect resource-transition circuit that is saturated at a reachable state. Second, for AMSs that do not have one-unit resources shared by two or more perfect resource-transition circuits that do not contain each other, it is proved that there are only two kinds of reachable states: safe states and deadlock. An algorithm for determining the safety of a new state resulting from a safe one is then presented, which has polynomial complexity. Hence, the optimal DAP with polynomial complexity can be obtained by a one-step look-ahead method, and the deadlock-avoidance problem is polynomially solved with Petri nets for the first time. Finally, by reducing a Petri-net model and applying the design of optimal DAP to the reduced one, a suboptimal DAP for a general AMS is synthesized, and its computation is of polynomial complexity.      

Symbolic computation of strongly connected components and fair cycles using saturation

The computation of strongly connected components (SCCs) in discrete-state models is a critical step in formal verification of LTL and fair CTL properties, but the potentially huge number of reachable states and SCCs constitutes a formidable challenge. We consider the problem of computing the set of states in SCCs or terminal SCCs in an asynchronous system. We employ the idea of saturation, which has shown clear advantages in symbolic state-space exploration (Ciardo et al. in Softw Tools Technol Transf 8(1):4–25, 2006; Zhao and Ciardo in Proceedings of 7th international symposium on automated technology for verification and analysis, pp 368–381, 2009), to improve two previously proposed approaches. We use saturation to speed up state exploration when computing each SCC in the Xie-Beerel algorithm, and we compute the transitive closure of the transition relation using a novel algorithm based on saturation. Furthermore, we show that the techniques we developed are also applicable to the computation of fair cycles. Experimental results indicate that the improved algorithms using saturation achieve a substantial speedup over previous BFS algorithms. In particular, with the new transitive closure computation algorithm, up to 10¹⁵⁰ SCCs can be explored within a few seconds.     

Hierarchical reachability graph of bounded Petri nets forconcurrent-software analysis

Petri nets have been proposed as a promising tool for modeling and analyzing concurrent-software systems such as Ada programs and communication protocol software. Among analysis techniques available for Petri nets, the most general approach is to generate all possible states (markings) of the system in a form of a so-called reachability graph. However, this conventional reachability graph approach is inefficient or intractable, even for a bounded Petri net, due to state explosion in many practical applications. To cope with this problem, this paper proposes a method for constructing a hierarchically organized state space called the hierarchical reachability graph (HRG). Using the HRG, we obtain necessary and sufficient conditions for reachability and deadlock, as well as algorithms to test whether a given state or marking is reachable from the initial state and whether there is a deadlock state (a state with no successor states)     

Using Forward Reachability Analysis for Verification of Lossy Channel Systems

We consider symbolic on-the-fly verification methods for systems of finite-state machines that communicate by exchanging messages via unbounded and lossy FIFO queues. We propose a novel representation formalism, called simple regular expressions (SREs), for representing sets of states of protocols with lossy FIFO channels. We show that the class of languages representable by SREs is exactly the class of downward closed languages that arise in the analysis of such protocols. We give methods for computing (i) inclusion between SREs, (ii) an SRE representing the set of states reachable by executing a single transition in a system, and (iii) an SRE representing the set of states reachable by an arbitrary number of executions of a control loop. All these operations are rather simple and can be carried out in polynomial time.With these techniques, one can straightforwardly construct an algorithm which explores the set of reachable states of a protocol, in order to check various safety properties. We also show how one can perform model-checking of LTL properties, using a standard automata-theoretic construction. It should be noted that all these methods are by necessity incomplete, even for the class of protocols with lossy channels.To illustrate the applicability of our methods, we have developed a tool prototype and used the tool for automatic verification of (a parameterized version of) the Bounded Retransmission Protocol.