Table Of Content

ω -Petri nets G. Geeraerts1 A. Heußner2 M. Praveen3 J.-F. Raskin1 3 1 0 1Universite´LibredeBruxelles(ULB),Belgium 2 2Otto-FriedrichUniversita¨tBamberg,Germany n 3LaboratoireSpe´cificationetVe´rification,ENSCachan,France a J 8 Abstract 2 We introduce ω-Petri nets (ωPN), an extension of plain Petri nets with ω- ] labeled input and output arcs, that is well-suited to analyse parametric concur- O rentsystemswithdynamicthreadcreation.Mosttechniques(suchastheKarpand L MillertreeortheRackofftechnique)thathavebeenproposedinthesettingofplain . PetrinetsdonotapplydirectlytoωPNbecauseωPNdefinetransitionsystemsthat s haveinfinitebranching. Thismotivatesathoroughanalysisofthecomputational c [ aspectsofωPN.Weshow thatanωPNcanbeturnedintoanplainPetrinetthat allowstorecoverthereachabilitysetof the ωPN,butthatdoesnot preserveter- 1 mination.Thisyieldscomplexityboundsforthereachability,(place)boundedness v andcoverabilityproblemsonωPN.Weprovideapracticalalgorithmtocompute 2 acoverabilitysetoftheωPNandtodecideterminationbyadaptingtheclassical 7 5 KarpandMillertreeconstruction. WealsoadapttheRackofftechniquetoωPN, 6 toobtain theexact complexity of theterminationproblem. Finally, weconsider . the extension of ωPN withreset and transferarcs, and show how thisextension 1 impactsthedecidabilityandcomplexityoftheaforementionedproblems. 0 3 1 1 Introduction : v i X In this paper, we introduce ω-Petrinets (ωPN), an extensionof plain Petri nets (PN) that allows input and output arcs to be labeled by the symbol ω, instead of a natu- r a ral number. An ω-labeled input arc consumes, non-deterministically, any numberof tokensinitsinputplacewhileanω-labeledoutputarcproducesnon-deterministically anynumberoftokensinitsoutputplace.WeclaimthatωPNareparticularlywellsuited formodelingparametricconcurrentsystems (see forinstanceourrecentworkon the GrandCentralDispatchtechnology[12]),andtoperformparametricverification[14] onthosesystems,asweillustratenowbymeansoftheexampleinFig1. Theexample presentaskeletonofadistributedprogram,inwhichamainfunctionforksP parallel threads(whereP isaparameteroftheprogram),eachexecutingtheone taskfunc- tion. Many distributed programsfollow this abstract skeleton that allows to perform calculationsinparallel,andbeingabletomodelpreciselysuchconcurrentbehaviorsis animportantissue. Inparticular,wewouldlikethatthemodelcapturesthefactthatP is a parameter, so thatwe can, forinstance, checkthatthe executionof the program 1 p p p 1 one_task(int k) { (a) 1 (b) 1 (c) 1 2 // some work... fork K fork • fork • 3 } ω 4 main() { p p p 5 for i := 1 to P step 1 2 2 2 6 fork(one_task(i)) 7 } one task one task one task Figure1:Anexampleofaparametricsystemwiththreepossiblemodels always terminates (assuming each individual execution of one task does), for all possiblevaluesofP. Clearly,thePetrinet(a)inFig.1doesnotcapturetheparametric natureoftheexample,asplacep containsafixednumberK oftokens. ThePN(b), 1 ontheotherhandcapturesthefactthattheprogramcan forkanunboundednumber ofthreads,butdoesnotpreservetermination: (post)ω isaninfiniteexecutionofPN (b), while the programme terminates (assuming each one task thread terminates) forallvaluesofP,becausetheforloopinline5executesexactlyP times. Finally, observethattheωPN(c)hasthedesiredproperties:firingtransitionforkcreatesnon- deterministically an unbounded albeitfinite numberof tokens in p (to modelall the 2 possibleexecutionsoftheforloopinline5), andallpossibleexecutionsofthisωPN terminate,becausethenumberoftokensproducedin p remainsfiniteandnofurther 2 tokencreationinp isallowedafterthefiringoftheforktransition. 2 WhileclosetoPetrinets,ωPNaresufficientlydifferentthatathoroughandcareful studyoftheircomputationalpropertiesisrequired.Thisisthemaincontributionofthe paper.AfirstexampleofdiscrepancyisthatthesemanticsofωPNisaninfinitetransi- tionsystemwhichisinfinitelybranching. ThisisnotthecaseforplainPN:theirtran- sitionsystemscanbeinfinitebuttheyarefinitelybranching. Asaconsequence,some oftheclassicaltechniquesfortheanalysisofPetrinetscannotbeapplied.Considerfor example the finite unfolding of the transition system [10] that stops the development ofabranchofthereachabilitytreewheneveranodewithasmallerancestorisfound. Thistreeisfinite(andeffectivelyconstructible)foranyplainPetrinetandanyinitial markingbecausethesetofmarkingsNk iswell-quasiordered,andfinitebranchingof plainPetrinetsallowsfortheuseofKo¨nig’slemma1. However,thistechniquecannot beappliedtoωPN,astheyareinfinitelybranching.SuchpeculiaritiesofωPNmotivate ourstudyofthreedifferenttoolsforanalysingthem. First,weconsider,inSection3, a variantof the Karp and Miller tree [15] that applies to ωPN. In orderto cope with theinfinitebranchingofthesemanticsofωPN,weneedtointroduceintheKarpand Miller tree ω’s that are notthe resultof accelerationsbut the resultof ω-outputarcs. OurvariantoftheKarpandMillerconstructionisrecursive,thisallowsustotamethe technicalityoftheproof,andasaconsequence,ourproofwhenappliedtoplainPetri nets, provides a simplification of the original proof by Karp and Miller. Second, in Section4, weshowhowtoconstruct,froman ωPN,aplainPetrinetthatpreserveits reachabilityset. Thisreductionallowsto provethatmanyboundsonthe algorithmic 1Infact,thisconstructionisapplicabletoanywell-structuredtransitionsystemwhichisfinitelybranching andallowstodecidetheterminationproblemforexample. 2 Table 1: Complexityresults on ωPN (with the section numberswhere the results are proved). ωIPN+R (ωOPN+R) and ωIPN+T (ωOPN+T) denote resp. Petri nets with reset(R)andtransfer(T)arcswithωoninput(output)arcsonly. Problem ωPN ωPN+T ωPN+R Reachability Decidable and EX- Undecidable(6) PSPACE-hard(4) Undecidable(6) Place-boundedness Boundedness EXPSPACE-c(4) Decidable(6) Coverability DecidableandAckerman-hard(6) Problem ωPN ωOPN+T,ωOPN+R ωIPN+T,ωIPN+R Termination EXPSPACE-c(5) Undecidable(6) Decidable and Ackerman-hard(6) complexityof(plain)PN problemsapplyto ωPN too. However,it doesnotpreserve termination. Thus,westudy,inSection5, asathirdcontribution,anextensionofthe self-coveringpath techniqueduetoRackoff[19]. Thistechniqueallowsto providea directproofofEXPSPACEupperboundsforseveralclassicaldecisionproblems,andin particular,thisallowstoproveEXPSPACEcompletenessoftheterminationproblem. Finally, in Section 6, as a additional contribution, and to get a complete picture, weconsiderextensionsofωPNwithresetandtransferarcs[7]. Forthoseextensions, the decidability results for reset and transfer nets (without ω arcs) also apply to our extensionwiththe notableexceptionof theterminationproblemthatbecomes,aswe showhere,undecidable.ThesummaryofourresultsaregiveninTable1. Relatedworks ωPN arewell-structuredtransitionsystems[10]. The set saturation technique[1]andsosymbolicbackwardanalysiscanbeappliedtothemwhilethefinite treeunfoldingisnotapplicablebecauseoftheinfinitebranchingpropertyofωPN.For thesamereason,ωPNarenotwell-structurednets[11]. In[3],Bradziletal. extendstheRackofftechniquetoVASSgameswithω output arcs. While this extension of the Rackoff technique is technically close to ours, we cannotdirectlyusetheirresultstosolvetheterminationproblemofωPN. Severalworks(see forinstance [4, 5] rely onPetri netsto modelparametricsys- temsandperformparametrisedverification. However,inalltheseworks,thedynamic creation of threads uses the same pattern as in Fig. 1 (b), and does not preserve ter- mination. ωPNallowtomodelmorefaithfullythedynamiccreationofanunbounded numberof threads, and are thus better suited to model new programmingparadigms (such as those use in GCD [12]) that have been recently proposed to better support multi-coreplatforms. Remark: duetolackofspace,mostproofscanbefoundintheappendix. 3 2 ω-Petri nets Letus define the syntax andsemantics of ourPetri netextension, called ω Petri nets (ωPNforshort).Letωbeasymbolthatdenotes‘anypositiveintegervalue’.Weextend thearithmeticandthe≤orderingonZtoZ∪{ω}asfollows: ω+ω = ω−ω = ω; andforall c ∈ Z: c+ω = ω +c = ω −c = ω; c−ω = c; and c ≤ ω. The fact that c−ω = c might sound surprising but will be justified later when we introduce ωPN. Anω-multiset(orsimplymultiset)ofelementsfromS isafunctionm : S 7→ N∪{ω}.WedenotemultisetsmofS ={s ,s ,...,s }byextensionusingthesyntax 1 2 n {m(s )⊗s ,m(s )⊗s ,...,m(s )⊗s }(whenm(s) = 1,we write sinsteadof 1 1 2 2 n n m(s)⊗s,andweomitelementsm(s)⊗swhenm(s)= 0). Giventwomultisetsm 1 andm ,andanintegervaluecweletm +m bethemultisets.t. (m +m )(p) = 2 1 2 1 2 m (p)+m (p);m −m bethemultisets.t. (m −m )(p)=m (p)−m (p);and 1 2 1 2 1 2 1 2 c·m bethemultisets.t. (c·m )(p)=c×m (p)forallp∈P. 1 1 1 Syntax Syntactically, ωPN extend plain Petri nets [18, 20] by allowing (input and output)arcstobelabeledbyω. Intuitively,ifatransitionthasωasoutput(resp.input) effect on place p, the firing of t non-deterministically creates (consumes) a positive numberoftokensinp. Definition1 APetrinetwithω-arcs(ωPN)isatupleN =hP,Tiwhere: P isafinite setof places;T afinitesetof transitions. Eachtransitionisapairt=(I,O),where: I : P → N∪{ω}andO : P → N∪{ω},giverespectivelytheinput(output)effect I(p)(O(p))oftonplacep. Byabuseofnotation,wedenotebyI(t)(resp.O(t))thefunctionss.t.t=(I(t),O(t)). Whenconvenient,wesometimesregardI(t)orO(t)asω-multisetsofplaces. When- ever there is p s.t. O(t)(p) = ω (resp. I(t)(p) = ω), we say that t is an ω-output- transition (ω-input-transition). A transition t is an ω-transition iff it is an ω-output- transition or an ω-input-transition. Otherwise, t is a plain transition. Remark that a (plain) Petri net is an ωPN with plain transitions only. Moreover, when an ωPN containsnoω-output-transitions(resp. no ω-inputtransitions),wesaythatitisan ω- input-PN(ω-output-PN),orωIPN(ωOPN)forshort.Foralltransitionst,wedenoteby effect(t)thefunctionO(t)−I(t). Remarkthateffect(t)(p)couldbeωforsomep(in particularwhenO(t)(p)=I(t)(p)=ω). Intuitively,effect(t)(p)=ωmodelsthefact thatfiring t canincrease the markingof p byan arbitrarynumberof tokens. Finally, observethat O(t)(p) = c 6= ω and I(t)(p) = ω implies effect(t)(p) = c−ω = c. This models the fact that firing t can at most increase the marking of p by c tokens. Thus,intuitively,the valueeffect(t)(p)modelsthemaximalpossibleeffectoft onp. Weextendthedefinitionofeffect tosequencesoftransitionsσ =t t ···t byletting 1 2 n effect(σ)= n effect(t ). i=1 i A marking is a function P 7→ N. An ω-marking is a function P 7→ N ∪ {ω}, P i.e. an ω-multiseton P. Remarkthat any markingis an ω-marking,and that, forall transitions t = (I,O), I and O are both ω-markings. We denote by 0 the marking s.t. 0(p) = 0forall p ∈ P. Forall ω-markingsm, weletω(m)bethesetofplaces {p | m(p) = ω}, and let nbω(m) = |ω(m)|. We define the concretisation of m 4 p p p 1 t 2 t 3 1 2 ω 2 • t t 3 4 Figure 2: An example ωPN N . The ωPN N′ is obtained by removingtransition t 1 1 4 (red). as the set of all markingsthat coincide with m on all places p 6∈ ω(m), and take an arbitrary value in any place from ω(m). Formally: γ(m) = {m′ | ∀p 6∈ ω(m) : m′(p) = m(p)}. We furtherdefine a family of orderingson ω-markingsas follows. For any P′ ⊆ P, we let m1 (cid:22)P′ m2 iff (i) for all p ∈ P′: m1(p) ≤ m2(p), and (ii) for all p ∈ P \ P′: m (p) = m (p). We abbreviate (cid:22) by (cid:22) (where P is 1 2 P thesetofplacesoftheωPN).Itiswell-knownthat(cid:22)isawell-quasiordering(wqo), that is, we can extract, from any infinite sequence m ,m ,...,m ,... of markings, 1 2 i an infinite subsequence m ,m ,...,m ,... s.t. m (cid:22) m for all i ≥ 1. For all 1 2 i i i+1 ω-markingsm,welet↓(m)bethedownward-closureofm,definedas↓(m) = {m′ | m′isamarkingandm′ (cid:22) m}. We extend↓tosetsofω-markings: ↓(S) = ∪ ↓ m∈S (m). A setD ofmarkingsis downward-closed iff ↓(D) = D. Itis well-knownthat (possiblyinfinite)downward-closedsets of markingscan alwaysbe representedby a finitesetofω-markings,becausethesetofω-markingsformsan adequatedomainof limits[13]: foralldownward-closedsetsDofmarkings,thereexistsafinitesetM of ω-markingss.t. ↓(M) = D. Weassociate,toeachωPN,anintialmarkingm . From 0 nowon,weconsidermostlyinitialisedωPNhP,T,m i. 0 Example1 An example of an ωPN (actually anωOPN) N = hP,T,m i is shown 1 0 in Fig. 2. In this example, P = {p ,p ,p }, T = {t ,t ,t ,t }, m (p ) = 1 and 1 2 3 1 2 3 4 0 1 m (p ) = m (p ) = 0. t is the onlyω-transition,with O(t )(p ) = ω. ThisωPN 0 2 0 3 1 1 2 willserveasarunningexamplethroughoutthesection. Semantics Let m be an ω-marking. A transition t = (I,O) is firable from m iff: m(p) (cid:23) I(p) for all p s.t. I(p) 6= ω. We consider two kinds of possible effects for t. The first is the concrete semantics and applies only when m is a marking. In thiscase,firingtyieldsanewmarkingm′ s.t. forallp ∈ P: m′(p) = m(p)−i+o where: i = I(t)(p) ifI(t)(p) 6= ω, i ∈ {0,...,m(p)} ifI(t)(p) = ω, o = O(t)(p) if O(t)(p) 6= ω and o ≥ 0 if O(t)(p) = ω. This is denoted by m −→t m′. Thus, intuitively, I(t)(p) = ω (resp. O(t)(p) = ω) means that t consumes (produces) an arbitrarynumberoftokensinpwhenfired. Remarkthat,intheconcretesemantics,ω- transitionsarenon-deterministic: whentisanω-transitionsthatisfirablein m,there are infinitelymanym′ s.t. m −→t m′. Thelattersemanticsisthe ω-semantics. Inthis case, firing t = (I,O) yields the (unique) ω-marking m′ = m − I + O (denoted m−→t m′). Remarkthatm−→t m′iffm−→t m′whenmandm′aremarkings. ω ω 5 We extendthe→and→ relationstofiniteorinfinitesequencesoftransitionsin ω σ theusualway. Alsowewritem−→iffσisfirablefromm. Moreprecisely,forafinite σ sequenceoftransitionsσ = t ···t ,wewritem −→ifftherearem ,...,m s.t. for 1 n 1 n all1 ≤ i ≤ n: m −t→i m . Foraninfinitesequenceoftransitionsσ = t ···t ···, i−1 i 1 j wewritem −→σ ifftherearem ,...,m ,...s.t. foralli≥1: m −t→i m . 0 1 j i−1 i Given an ωPN N = hP,T,m i, an execution of N is eithera finite sequence of 0 the form m ,t ,m ,t ,...,t ,m s.t. m −t→1 m −t→2 ··· −t→n m , or an infinite 0 1 1 2 n n 0 1 n sequenceoftheformm ,t ,m ,t ,...,t ,m ,...s.t. forallj ≥ 1: m −t→j m . 0 1 1 2 j j j−1 j σ WedenotebyReach(N)thesetofmarkings{m|∃σs.t. m −→m}thatarereachable 0 fromm inN. Finally,afinitesetofω-markingsCS isacoverabilityset ofN (with 0 initial marking m ) iff ↓(CS) =↓(Reach(N)). That is, any coverabilityset CS is a 0 finiterepresentationofthedownward-closureofN’sreachablemarkings. Example2 The sequence t tK is firable for all K ≥ 0 in N (Fig. 2). Indeed, for 1 2 1 each K ≥ 0, one possible execution correspondingto t tK is given by h1,0,0i −t→1 1 2 h0,3K,0i−t→2 h0,3K−1,2i−t→2 h0,3K−2,4i−t→2 ···−t→2 h0,2K,2Ki.Remarkthat thereareotherpossibleexecutionscorrespondingtothesamesequenceoftransitions, becausethenumberoftokenscreatedbyt inp ischosennon-deterministically.Also, 1 2 t t tω is an infinite firable sequence of transitions. Finally, observe that the set of 1 2 4 reachable markings in N is Reach(N) = {h1,0,0i}∪{h0,i,2×ji | i,j ∈ N}. 1 ThesetofωmarkingsCS = {h1,0,0i,h0,ω,ωi}isacoverabilitysetofN. Notethat ↓(CS))Reach(N): forinstance,h0,1,1i∈↓(CS),buth0,1,1iisnotreachable. LetusnowobservetwopropertiesofthesemanticsofωPN,thatwillbeusefulfor theproofsofSection3. Thefirstsaysthat,whenfiringasequenceoftransitionsσthat have non ω-labeledarcs on to and from some place p, the effect of σ on p is as in a plainPN: Lemma1 Let m and m′ be two markings and let σ = t ···t be a sequence of 1 n transitions of an ωPN s.t. m −→σ m′. Let p be a place s.t. for all 1 ≤ i ≤ n: O(t )(p)6=ω 6=I(t )(p). Then,m′(p)=m(p)+effect(σ)(p). i i Thelatterpropertysaysthatthesetofmarkingsthatarereachablebyagivensequence of transitions σ is upward-closedw.r.t. (cid:22)P′, where P′ is the set of places where the effectofσisω. Lemma2 Letm , m andm bethreemarkings,andletσ beasequenceoftransi- 1 2 3 tionss.t. (i)m1 −→σ m2, (ii)m3 (cid:23)P′ m2 withP′ = {p | effect(σ)(p) = ω}. Then, σ m −→m holdstoo. 1 3 Problems Weconsiderthefollowingproblems.LetN =(P,T,m )beanωPN: 0 1. Thereachabilityproblemasks,givenamarkingm,whetherm∈Reach(N). 2. Theplaceboundednessproblemasks,givenaplacepofN,whetherthereexists K ∈Ns.t. forallm∈Reach(N): m(p)≤K. Iftheanswerispositive,wesay thatpisbounded(fromm ). 0 6 3. TheboundednessproblemaskswhetherallplacesofN arebounded(fromm ). 0 4. Thecoveringproblemasks,givenamarkingmofN,whetherthereexistsm′ ∈ Reach(N)s.t. m′ (cid:23)m. 5. TheterminationproblemaskswhetherallexecutionsofN arefinite. RemarkthatacoverabilitysetoftheωPNissufficienttosolveboundedness,place boundednessandcovering,asinthecaseofPetrinets.IfCS isacoverabilitysetofN, then: (i)pisboundediffm(p)6= ωforallm ∈ CS;(ii)N isboundediffm(p) 6= ω forall p and forall m ∈ CS; and(iii), N can coverm iffthere exists m′ ∈ CS s.t. m (cid:22) m′. AsintheplainPetrinetscase, asufficientandnecessaryconditionofnon- terminationistheexistenceofa selfcoveringexecution. Aselfcoveringexecutionof anωPNN =hP,T,m iisafiniteexecutionoftheformm −t→1 m ···−t→k m −t−k−+→1 0 0 1 k ···−t→n m withm (cid:23)m : n n k Lemma3 AnωPNterminatesiffitadmitsnoself-coveringexecution. Example3 ConsideragaintheωPNN inFig.2. RecallfromExample2that,forall 1 K ≥ 0, t tK isfirableandallowstoreachh0,2K,2Ki. Allthesemarkingsarethus 1 2 reachable. These sequences of transitions also show that p and p are unbounded 2 3 (hence,N isunboundedtoo),whilep isbounded. Markingh0,1,1iisnotreachable 1 1 butcoverable,whileh2,0,0iisneitherreachablenorcoverable. Finally,N doesnot 1 terminate(becauset t tω isfirable),while N′ does. Inparticular,inN′, t canfire 1 2 4 1 1 3 onlyafinitenumberoftime,becauset willalwayscreateafinite(albeitunbounded) 1 numberoftokensinp . ThisanimportantdifferencebetweenωPNandplainPN:no 2 unboundedPNsterminates,whilethereareunboundedωPNthatterminate,e.g.N′. 1 3 A Karp and Miller procedure for ωPN Inthissection,wepresentsanextensionoftheclassicalKarp&Millerprocedure[15], adapted to ωPN. We show that the finite tree built by this algorithm (coined the KM tree),allows,asinthecaseofPNs,todecideboundedness,placeboundednes,cover- abilityandterminationonωPN. Before describing the algorithm, we discuss intuitively the KM trees of the ωPN N andN′ givenin Fig. 2. Theirrespective KM trees(forthe initialmarking m = 1 1 0 h1,0,0i) are T and T′, respectivelythe tree in Fig. 3 and its black subtree (i.e., ex- 1 1 cluding n ). As can be observed, the nodes and edges of a KM tree are labeled by 7 ω-markingsandtransitionsrespectively. Therelationship betweena KMtree andthe executions of the corresponding ωPN can be formalised using the notion of stutter- ing path. Intuitively, a stuttering path is a sequence of nodes n ,n ,...,n s.t. for 1 2 k all i ≥ 2: either n is a son of n , or n is an ancestor of n that has the same i i−1 i i−1 label as n . For instance, π = n ,n ,n ,n ,n ,n ,n ,n ,n ,n is a stuttering i−1 1 2 4 2 3 6 3 5 3 5 path in T′. Then, we claim (i) that every execution of the ωPN is simulated by a 1 stuttering path in its KM tree, and that (ii) every stuttering path in the KM tree cor- responds to a family of executions of the ωPN, where an arbitrary numberof tokens 7 n 1 h1,0,0i t 1 n 2 h0,ω,0i t t 2 3 n n 3 4 h0,ω,ωi h0,ω,0i t t 2 4 t 3 n n n 5 6 7 h0,ω,ωi h0,ω,ωi h0,ω,ωi Figure3:TheKMtreesT (wholetree)andT′(blacksubtree)ofresp. N andN′. 1 1 1 1 canbeproducedintheplacesmarkedbyωintheKMtree. Forinstance,theexecution m ,t ,h0,42,0i,t ,h0,41,0i,t ,h0,40,2i,t ,h0,39,2i,t ,h0,38,4i,t ,h0,37,6i,of 0 1 3 2 3 2 2 N′ is witnessed in T′ by the stuttering path π given above – observe that the se- 1 1 quence of edge labels in π’s equalsthe sequence of transitions of the execution, and that all markingsalong the executionare covered by the labels of the corresponding nodes in π: m ∈ γ(n ), h0,42,0i ∈ γ(n ), and so forth. On the other hand, the 0 1 2 stuttering path n ,n ,n of N summarisesall the (infinitely many) possible execu- 1 2 3 1 tions obtained by firing a sequence of the form t tn. Indeed, for all k ≥ 1, ℓ ≥ 0: 1 2 m ,t ,h0,k + ℓ,0i,t ,h0,k + ℓ − 1,2i,t ,...,t ,h0,k,2 × ℓi is an execution of 0 1 2 2 2 N , so,anarbitrarynumberoftokenscanbeobtainedinboth p andp byfiringse- 1 2 3 quencesoftheformt tn.Finally,observethataself-coveringexecutionofN ,suchas 1 2 1 m ,t ,h0,1,0i,t ,h0,0,2i,t ,h0,0,2icanbedetectedinT ,byconsideringthepath 0 1 2 4 1 n ,n ,n ,n ,andnotingthatthelabelof(n ,n )ist witheffect(t )(cid:23)0. 1 2 3 7 3 7 4 4 TheBuild-KMalgorithm LetusnowshowhowtobuildalgorithmicallytheKM of an ωPN. Recall that, in the case of plain PNs, the Karp& Miller tree [15] can be regardedasafiniteover-approximationofthe(potentiallyinfinite)reachabilitytreeof thePN.Thus,theKarp&Milleralgorithmworksbyunfoldingthetransitionrelationof thePN,andaddstwoingredientstoguaranteethatthetreeisfinite. First,anodenthat hasanancestorn′ with thesame labelis notdeveloped (ithasnochildren). Second, when a noden with label m has an ancestor n′ with label m′ ≺ m, an acceleration functionis applied to producea marking m s.t. m (p) = ω if m(p) > m′(p) and ω ω m (p) = m(p) otherwise. This acceleration is sound wrt to coverability since the ω sequenceoftransitionthathasproducedthebranch(n,n′)canbeiteratedanarbitrary numberoftimes,thusproducingarbitrarylargenumbersoftokensintheplacesmarked byω inm . Remarkthatthesetwoconstructionsarenotsufficienttoensuretermina- ω tionofthealgorithminthecase ofωPN, asωPN arenotfinitelybranching(firingan ω-output-transition can produce infinitely many different successors). To cope with 8 thisdifficulty,oursolutionunfoldstheω-semantics→ insteadoftheconcreteseman- ω tics→. Thishasanimportantconsequence:whereasthepresenceofanodelabeledby mwithm(p)=ωintheKMtreeofaPNN impliesthatN doesnotterminate,thisis nottrueanymoreinthecaseofωPN.Forinstance,allnodesbutn inT′ (Fig.3)are 1 1 markedbyω,yetthecorrespondingωPNN′ (Fig.2)doesterminate. 1 OurversionoftheKarp&MillertreeadaptedtoωPNisgiveninFig.4. Itbuildsa treeT = hN,E,λ,µ,n iwhere: N isasetofnodes;E ⊆ N ×N isasetofedges; 0 λ : N 7→ (N∪{ω})P isafunctionthatlabelsnodesbyω-markings2;µ : E 7→ T is alabelingfunctionthatlabelsarcsbytransitions; and n ∈ N istherootofthetree. 0 Foreachedgee,weleteffect(e) = effect(µ(e)). LetE+ andE∗ berespectivelythe transitiveandthetransitivereflexiveclosureofE. Astutteringpathisafinitesequence n ,n ,...,n s.t. forall1 ≤ i ≤ ℓ: either (n ,n ) ∈ E or (n ,n ) ∈ E+ and 0 1 ℓ i−1 i i i−1 λ(n )=λ(n ). Astutteringpathn ,n ,...,n isa(plain)pathiff(n ,n )∈E i i−1 0 1 ℓ i−1 i forall1 ≤ i ≤ ℓ. Giventwonodesnandn′ s.t. (n,n′) ∈ E∗,wedenotebyn n′ the(uniquepath)fromnton′. Givenastutteringpathπ = n ,n ,...,n ,wedenote 0 1 ℓ by µ(π) the sequence µ(n ,n )µ(n ,n )···µ(n ,n ) assuming µ(n ,n ) = ε 0 1 1 2 ℓ−1 ℓ i i+1 when(n ,n )6∈E;andbyeffect(π)= ℓ effect(n ,n ),lettingeffect(n ,n )= i i+1 i=1 i−1 i i−1 i 0when(n ,n )6∈E. i i+1 P Build-KM follows the intuition given above. At all times, it maintains a fron- tier U of tree nodes that are candidate for development (initially, U = {n }, with 0 λ(n )=m ).Then,Build-KMiterativelypicksupanodenfromU(seeline4),and 0 0 developsit(line6onwards)if n hasnoancestorn′ with thesamelabel(line5). De- velopinganodenamountstocomputingallthemarkingms.t. λ(n)→ m(line17), ω performingaccelerations(line19)ifneedbe,andinsertingtheresultingchildreninthe tree. RemarkthatBuild-KMisrecursive(seeline9): everytimeamarkingmwith an extra ω is created, it performsa recursivecall to Build-KM(N,m), usingm as initialmarking3. Therestofthesectionisdevotedtoprovingthatthisalgorithmiscorrect. Westart by establishing termination, then soundness (every stuttering path in the tree corre- spondstoanexecutionoftheωOPN)andfinallycompleteness(everyexecutionofthe ωOPNcorrespondstoastutteringpathinthetree). Tothisend,werelyonthefollow- ing notions. Symmetrically to self-covering executions we define the notion of self- covering(stuttering)pathinatree: a(stuttering)pathπ isself-coveringiffπ = π π 1 2 witheffect(π )≥0. Aself-coveringstutteringpathπ =π π isω-maximaliffforall 2 1 2 nodesn,n′alongπ : nbω(n)=nbω(n′). 2 Termination LetusshowthatBuild-KMalwaysterminates.Firstobservethatthe depth of recursivecalls is at most by |P|+1, as the numberof places marked by ω alonga branchdoesnotdecrease, andsince we performa recursivecallonlywhena placegetsmarkedbyωandwasnotbefore.Moreover,thebranchingdegreeofthetree isboundedbythenumber|T|oftransitions. Thus,byKo¨nig’slemma,aninfinitetree wouldcontainaninfinitebranch. Weruleoutthispossibilitybyaclassicalwqoargu- 2WeextendλtosetofnodesSintheusualway:λ(S)={λ(n)|n∈S}. 3Althoughthisdiffersfromclassicalpresentations oftheKarp&Millertechnique, wehaveretainedit becauseitsimplifiestheproofsofcorrectness. 9 Input anωOPNN =hP,Tiandanω-markingm 0 Output theKMofN,startingfromm 0 Build-KM(N,m ): 0 1 T := hN,E,λ,µ,n0i where N ={n0} with λ(n0)=m0 2 U := {n0} 3 while U 6=∅: 4 select and remove n from U 5 if ∄n st (n,n)∈E+ and λ(n)=λ(n): 6 forall t in T s.t. ∀p∈P: I(t)(p)6=ω implies λ(n)(p)≥I(t)(p): 7 m′ := Post(N,λ(n), t) 8 if nbω(m′)>nbω(λ(n)): 9 T′ := Build-KM(N,m′) 10 add all edge and nodes of T′ to T 11 let n′ be the root of T′ 12 else 13 n′ := new node with λ(n′)=m′ 14 U := U ∪ {n′} 15 E := E∪(n,n′) s.t. µ(n,n′)=t. 16 return T Post(N,n,t): 17 m′ := λ(n)−I(t)+O(t) 18 if ∃n: n,n)∈E+∧λ(n)≺λ(n) : m′(p) ifeffect(n n·t)(p)≤0 19 mw(p):(cid:0)= (cid:1) (ω otherwise 20 return mw 21 else: 22 return m′ Figure4:ThealgorithmtobuildtheKMofanωPN. ment: if there were an infinite branchin the tree computedby Build-KM(N,m ), 0 then there would be two nodes n along the branch n (where n is an ancestor of 1 2 1 n )s.t. λ(n ) (cid:22) λ(n )andeffect(n n ) (cid:23) 0. Sincethedepthofrecursivecalls 2 1 2 1 2 is bounded, we can assume, wlog, that n and n have been built during the same 1 2 recursivecall,henceλ(n ) ≺ λ(n )isnotpossible,becausethiswouldtriggeranac- 1 2 celeration,createanextraω andstartanewrecursivecall. Thus, λ(n ) = λ(n ),but 1 2 inthiscasethealgorithmstopsdevelopingthebranch(line5). Seetheappendixfora fullproof. Proposition1 For all ωPN N and for all marking m , Build-KM(N,m ) termi- 0 0 nates. Then,followingtheintuitionthatwehavesketchedatthebeginningofthesection, we show that KM is sound (Lemma 4) and complete (Lemma 6). Note that we first establishtheseresultsassumingthattheωPNN givenasparameterisanωOPN,then 10

ebook img

ω-Petri nets PDF

0.38 MB·
by  Gilles Geeraerts
#additional_collections #journals #arxiv
Save to my drive
Quick download
Download
Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview ω-Petri nets

ω -Petri nets G. Geeraerts1 A. Heußner2 M. Praveen3 J.-F. Raskin1 3 1 0 1Universite´LibredeBruxelles(ULB),Belgium 2 2Otto-FriedrichUniversita¨tBamberg,Germany n 3LaboratoireSpe´cificationetVe´rification,ENSCachan,France a J 8 Abstract 2 We introduce ω-Petri nets (ωPN), an extension of plain Petri nets with ω- ] labeled input and output arcs, that is well-suited to analyse parametric concur- O rentsystemswithdynamicthreadcreation.Mosttechniques(suchastheKarpand L MillertreeortheRackofftechnique)thathavebeenproposedinthesettingofplain . PetrinetsdonotapplydirectlytoωPNbecauseωPNdefinetransitionsystemsthat s haveinfinitebranching. Thismotivatesathoroughanalysisofthecomputational c [ aspectsofωPN.Weshow thatanωPNcanbeturnedintoanplainPetrinetthat allowstorecoverthereachabilitysetof the ωPN,butthatdoesnot preserveter- 1 mination.Thisyieldscomplexityboundsforthereachability,(place)boundedness v andcoverabilityproblemsonωPN.Weprovideapracticalalgorithmtocompute 2 acoverabilitysetoftheωPNandtodecideterminationbyadaptingtheclassical 7 5 KarpandMillertreeconstruction. WealsoadapttheRackofftechniquetoωPN, 6 toobtain theexact complexity of theterminationproblem. Finally, weconsider . the extension of ωPN withreset and transferarcs, and show how thisextension 1 impactsthedecidabilityandcomplexityoftheaforementionedproblems. 0 3 1 1 Introduction : v i X In this paper, we introduce ω-Petrinets (ωPN), an extensionof plain Petri nets (PN) that allows input and output arcs to be labeled by the symbol ω, instead of a natu- r a ral number. An ω-labeled input arc consumes, non-deterministically, any numberof tokensinitsinputplacewhileanω-labeledoutputarcproducesnon-deterministically anynumberoftokensinitsoutputplace.WeclaimthatωPNareparticularlywellsuited formodelingparametricconcurrentsystems (see forinstanceourrecentworkon the GrandCentralDispatchtechnology[12]),andtoperformparametricverification[14] onthosesystems,asweillustratenowbymeansoftheexampleinFig1. Theexample presentaskeletonofadistributedprogram,inwhichamainfunctionforksP parallel threads(whereP isaparameteroftheprogram),eachexecutingtheone taskfunc- tion. Many distributed programsfollow this abstract skeleton that allows to perform calculationsinparallel,andbeingabletomodelpreciselysuchconcurrentbehaviorsis animportantissue. Inparticular,wewouldlikethatthemodelcapturesthefactthatP is a parameter, so thatwe can, forinstance, checkthatthe executionof the program 1 p p p 1 one_task(int k) { (a) 1 (b) 1 (c) 1 2 // some work... fork K fork • fork • 3 } ω 4 main() { p p p 5 for i := 1 to P step 1 2 2 2 6 fork(one_task(i)) 7 } one task one task one task Figure1:Anexampleofaparametricsystemwiththreepossiblemodels always terminates (assuming each individual execution of one task does), for all possiblevaluesofP. Clearly,thePetrinet(a)inFig.1doesnotcapturetheparametric natureoftheexample,asplacep containsafixednumberK oftokens. ThePN(b), 1 ontheotherhandcapturesthefactthattheprogramcan forkanunboundednumber ofthreads,butdoesnotpreservetermination: (post)ω isaninfiniteexecutionofPN (b), while the programme terminates (assuming each one task thread terminates) forallvaluesofP,becausetheforloopinline5executesexactlyP times. Finally, observethattheωPN(c)hasthedesiredproperties:firingtransitionforkcreatesnon- deterministically an unbounded albeitfinite numberof tokens in p (to modelall the 2 possibleexecutionsoftheforloopinline5), andallpossibleexecutionsofthisωPN terminate,becausethenumberoftokensproducedin p remainsfiniteandnofurther 2 tokencreationinp isallowedafterthefiringoftheforktransition. 2 WhileclosetoPetrinets,ωPNaresufficientlydifferentthatathoroughandcareful studyoftheircomputationalpropertiesisrequired.Thisisthemaincontributionofthe paper.AfirstexampleofdiscrepancyisthatthesemanticsofωPNisaninfinitetransi- tionsystemwhichisinfinitelybranching. ThisisnotthecaseforplainPN:theirtran- sitionsystemscanbeinfinitebuttheyarefinitelybranching. Asaconsequence,some oftheclassicaltechniquesfortheanalysisofPetrinetscannotbeapplied.Considerfor example the finite unfolding of the transition system [10] that stops the development ofabranchofthereachabilitytreewheneveranodewithasmallerancestorisfound. Thistreeisfinite(andeffectivelyconstructible)foranyplainPetrinetandanyinitial markingbecausethesetofmarkingsNk iswell-quasiordered,andfinitebranchingof plainPetrinetsallowsfortheuseofKo¨nig’slemma1. However,thistechniquecannot beappliedtoωPN,astheyareinfinitelybranching.SuchpeculiaritiesofωPNmotivate ourstudyofthreedifferenttoolsforanalysingthem. First,weconsider,inSection3, a variantof the Karp and Miller tree [15] that applies to ωPN. In orderto cope with theinfinitebranchingofthesemanticsofωPN,weneedtointroduceintheKarpand Miller tree ω’s that are notthe resultof accelerationsbut the resultof ω-outputarcs. OurvariantoftheKarpandMillerconstructionisrecursive,thisallowsustotamethe technicalityoftheproof,andasaconsequence,ourproofwhenappliedtoplainPetri nets, provides a simplification of the original proof by Karp and Miller. Second, in Section4, weshowhowtoconstruct,froman ωPN,aplainPetrinetthatpreserveits reachabilityset. Thisreductionallowsto provethatmanyboundsonthe algorithmic 1Infact,thisconstructionisapplicabletoanywell-structuredtransitionsystemwhichisfinitelybranching andallowstodecidetheterminationproblemforexample. 2 Table 1: Complexityresults on ωPN (with the section numberswhere the results are proved). ωIPN+R (ωOPN+R) and ωIPN+T (ωOPN+T) denote resp. Petri nets with reset(R)andtransfer(T)arcswithωoninput(output)arcsonly. Problem ωPN ωPN+T ωPN+R Reachability Decidable and EX- Undecidable(6) PSPACE-hard(4) Undecidable(6) Place-boundedness Boundedness EXPSPACE-c(4) Decidable(6) Coverability DecidableandAckerman-hard(6) Problem ωPN ωOPN+T,ωOPN+R ωIPN+T,ωIPN+R Termination EXPSPACE-c(5) Undecidable(6) Decidable and Ackerman-hard(6) complexityof(plain)PN problemsapplyto ωPN too. However,it doesnotpreserve termination. Thus,westudy,inSection5, asathirdcontribution,anextensionofthe self-coveringpath techniqueduetoRackoff[19]. Thistechniqueallowsto providea directproofofEXPSPACEupperboundsforseveralclassicaldecisionproblems,andin particular,thisallowstoproveEXPSPACEcompletenessoftheterminationproblem. Finally, in Section 6, as a additional contribution, and to get a complete picture, weconsiderextensionsofωPNwithresetandtransferarcs[7]. Forthoseextensions, the decidability results for reset and transfer nets (without ω arcs) also apply to our extensionwiththe notableexceptionof theterminationproblemthatbecomes,aswe showhere,undecidable.ThesummaryofourresultsaregiveninTable1. Relatedworks ωPN arewell-structuredtransitionsystems[10]. The set saturation technique[1]andsosymbolicbackwardanalysiscanbeappliedtothemwhilethefinite treeunfoldingisnotapplicablebecauseoftheinfinitebranchingpropertyofωPN.For thesamereason,ωPNarenotwell-structurednets[11]. In[3],Bradziletal. extendstheRackofftechniquetoVASSgameswithω output arcs. While this extension of the Rackoff technique is technically close to ours, we cannotdirectlyusetheirresultstosolvetheterminationproblemofωPN. Severalworks(see forinstance [4, 5] rely onPetri netsto modelparametricsys- temsandperformparametrisedverification. However,inalltheseworks,thedynamic creation of threads uses the same pattern as in Fig. 1 (b), and does not preserve ter- mination. ωPNallowtomodelmorefaithfullythedynamiccreationofanunbounded numberof threads, and are thus better suited to model new programmingparadigms (such as those use in GCD [12]) that have been recently proposed to better support multi-coreplatforms. Remark: duetolackofspace,mostproofscanbefoundintheappendix. 3 2 ω-Petri nets Letus define the syntax andsemantics of ourPetri netextension, called ω Petri nets (ωPNforshort).Letωbeasymbolthatdenotes‘anypositiveintegervalue’.Weextend thearithmeticandthe≤orderingonZtoZ∪{ω}asfollows: ω+ω = ω−ω = ω; andforall c ∈ Z: c+ω = ω +c = ω −c = ω; c−ω = c; and c ≤ ω. The fact that c−ω = c might sound surprising but will be justified later when we introduce ωPN. Anω-multiset(orsimplymultiset)ofelementsfromS isafunctionm : S 7→ N∪{ω}.WedenotemultisetsmofS ={s ,s ,...,s }byextensionusingthesyntax 1 2 n {m(s )⊗s ,m(s )⊗s ,...,m(s )⊗s }(whenm(s) = 1,we write sinsteadof 1 1 2 2 n n m(s)⊗s,andweomitelementsm(s)⊗swhenm(s)= 0). Giventwomultisetsm 1 andm ,andanintegervaluecweletm +m bethemultisets.t. (m +m )(p) = 2 1 2 1 2 m (p)+m (p);m −m bethemultisets.t. (m −m )(p)=m (p)−m (p);and 1 2 1 2 1 2 1 2 c·m bethemultisets.t. (c·m )(p)=c×m (p)forallp∈P. 1 1 1 Syntax Syntactically, ωPN extend plain Petri nets [18, 20] by allowing (input and output)arcstobelabeledbyω. Intuitively,ifatransitionthasωasoutput(resp.input) effect on place p, the firing of t non-deterministically creates (consumes) a positive numberoftokensinp. Definition1 APetrinetwithω-arcs(ωPN)isatupleN =hP,Tiwhere: P isafinite setof places;T afinitesetof transitions. Eachtransitionisapairt=(I,O),where: I : P → N∪{ω}andO : P → N∪{ω},giverespectivelytheinput(output)effect I(p)(O(p))oftonplacep. Byabuseofnotation,wedenotebyI(t)(resp.O(t))thefunctionss.t.t=(I(t),O(t)). Whenconvenient,wesometimesregardI(t)orO(t)asω-multisetsofplaces. When- ever there is p s.t. O(t)(p) = ω (resp. I(t)(p) = ω), we say that t is an ω-output- transition (ω-input-transition). A transition t is an ω-transition iff it is an ω-output- transition or an ω-input-transition. Otherwise, t is a plain transition. Remark that a (plain) Petri net is an ωPN with plain transitions only. Moreover, when an ωPN containsnoω-output-transitions(resp. no ω-inputtransitions),wesaythatitisan ω- input-PN(ω-output-PN),orωIPN(ωOPN)forshort.Foralltransitionst,wedenoteby effect(t)thefunctionO(t)−I(t). Remarkthateffect(t)(p)couldbeωforsomep(in particularwhenO(t)(p)=I(t)(p)=ω). Intuitively,effect(t)(p)=ωmodelsthefact thatfiring t canincrease the markingof p byan arbitrarynumberof tokens. Finally, observethat O(t)(p) = c 6= ω and I(t)(p) = ω implies effect(t)(p) = c−ω = c. This models the fact that firing t can at most increase the marking of p by c tokens. Thus,intuitively,the valueeffect(t)(p)modelsthemaximalpossibleeffectoft onp. Weextendthedefinitionofeffect tosequencesoftransitionsσ =t t ···t byletting 1 2 n effect(σ)= n effect(t ). i=1 i A marking is a function P 7→ N. An ω-marking is a function P 7→ N ∪ {ω}, P i.e. an ω-multiseton P. Remarkthat any markingis an ω-marking,and that, forall transitions t = (I,O), I and O are both ω-markings. We denote by 0 the marking s.t. 0(p) = 0forall p ∈ P. Forall ω-markingsm, weletω(m)bethesetofplaces {p | m(p) = ω}, and let nbω(m) = |ω(m)|. We define the concretisation of m 4 p p p 1 t 2 t 3 1 2 ω 2 • t t 3 4 Figure 2: An example ωPN N . The ωPN N′ is obtained by removingtransition t 1 1 4 (red). as the set of all markingsthat coincide with m on all places p 6∈ ω(m), and take an arbitrary value in any place from ω(m). Formally: γ(m) = {m′ | ∀p 6∈ ω(m) : m′(p) = m(p)}. We furtherdefine a family of orderingson ω-markingsas follows. For any P′ ⊆ P, we let m1 (cid:22)P′ m2 iff (i) for all p ∈ P′: m1(p) ≤ m2(p), and (ii) for all p ∈ P \ P′: m (p) = m (p). We abbreviate (cid:22) by (cid:22) (where P is 1 2 P thesetofplacesoftheωPN).Itiswell-knownthat(cid:22)isawell-quasiordering(wqo), that is, we can extract, from any infinite sequence m ,m ,...,m ,... of markings, 1 2 i an infinite subsequence m ,m ,...,m ,... s.t. m (cid:22) m for all i ≥ 1. For all 1 2 i i i+1 ω-markingsm,welet↓(m)bethedownward-closureofm,definedas↓(m) = {m′ | m′isamarkingandm′ (cid:22) m}. We extend↓tosetsofω-markings: ↓(S) = ∪ ↓ m∈S (m). A setD ofmarkingsis downward-closed iff ↓(D) = D. Itis well-knownthat (possiblyinfinite)downward-closedsets of markingscan alwaysbe representedby a finitesetofω-markings,becausethesetofω-markingsformsan adequatedomainof limits[13]: foralldownward-closedsetsDofmarkings,thereexistsafinitesetM of ω-markingss.t. ↓(M) = D. Weassociate,toeachωPN,anintialmarkingm . From 0 nowon,weconsidermostlyinitialisedωPNhP,T,m i. 0 Example1 An example of an ωPN (actually anωOPN) N = hP,T,m i is shown 1 0 in Fig. 2. In this example, P = {p ,p ,p }, T = {t ,t ,t ,t }, m (p ) = 1 and 1 2 3 1 2 3 4 0 1 m (p ) = m (p ) = 0. t is the onlyω-transition,with O(t )(p ) = ω. ThisωPN 0 2 0 3 1 1 2 willserveasarunningexamplethroughoutthesection. Semantics Let m be an ω-marking. A transition t = (I,O) is firable from m iff: m(p) (cid:23) I(p) for all p s.t. I(p) 6= ω. We consider two kinds of possible effects for t. The first is the concrete semantics and applies only when m is a marking. In thiscase,firingtyieldsanewmarkingm′ s.t. forallp ∈ P: m′(p) = m(p)−i+o where: i = I(t)(p) ifI(t)(p) 6= ω, i ∈ {0,...,m(p)} ifI(t)(p) = ω, o = O(t)(p) if O(t)(p) 6= ω and o ≥ 0 if O(t)(p) = ω. This is denoted by m −→t m′. Thus, intuitively, I(t)(p) = ω (resp. O(t)(p) = ω) means that t consumes (produces) an arbitrarynumberoftokensinpwhenfired. Remarkthat,intheconcretesemantics,ω- transitionsarenon-deterministic: whentisanω-transitionsthatisfirablein m,there are infinitelymanym′ s.t. m −→t m′. Thelattersemanticsisthe ω-semantics. Inthis case, firing t = (I,O) yields the (unique) ω-marking m′ = m − I + O (denoted m−→t m′). Remarkthatm−→t m′iffm−→t m′whenmandm′aremarkings. ω ω 5 We extendthe→and→ relationstofiniteorinfinitesequencesoftransitionsin ω σ theusualway. Alsowewritem−→iffσisfirablefromm. Moreprecisely,forafinite σ sequenceoftransitionsσ = t ···t ,wewritem −→ifftherearem ,...,m s.t. for 1 n 1 n all1 ≤ i ≤ n: m −t→i m . Foraninfinitesequenceoftransitionsσ = t ···t ···, i−1 i 1 j wewritem −→σ ifftherearem ,...,m ,...s.t. foralli≥1: m −t→i m . 0 1 j i−1 i Given an ωPN N = hP,T,m i, an execution of N is eithera finite sequence of 0 the form m ,t ,m ,t ,...,t ,m s.t. m −t→1 m −t→2 ··· −t→n m , or an infinite 0 1 1 2 n n 0 1 n sequenceoftheformm ,t ,m ,t ,...,t ,m ,...s.t. forallj ≥ 1: m −t→j m . 0 1 1 2 j j j−1 j σ WedenotebyReach(N)thesetofmarkings{m|∃σs.t. m −→m}thatarereachable 0 fromm inN. Finally,afinitesetofω-markingsCS isacoverabilityset ofN (with 0 initial marking m ) iff ↓(CS) =↓(Reach(N)). That is, any coverabilityset CS is a 0 finiterepresentationofthedownward-closureofN’sreachablemarkings. Example2 The sequence t tK is firable for all K ≥ 0 in N (Fig. 2). Indeed, for 1 2 1 each K ≥ 0, one possible execution correspondingto t tK is given by h1,0,0i −t→1 1 2 h0,3K,0i−t→2 h0,3K−1,2i−t→2 h0,3K−2,4i−t→2 ···−t→2 h0,2K,2Ki.Remarkthat thereareotherpossibleexecutionscorrespondingtothesamesequenceoftransitions, becausethenumberoftokenscreatedbyt inp ischosennon-deterministically.Also, 1 2 t t tω is an infinite firable sequence of transitions. Finally, observe that the set of 1 2 4 reachable markings in N is Reach(N) = {h1,0,0i}∪{h0,i,2×ji | i,j ∈ N}. 1 ThesetofωmarkingsCS = {h1,0,0i,h0,ω,ωi}isacoverabilitysetofN. Notethat ↓(CS))Reach(N): forinstance,h0,1,1i∈↓(CS),buth0,1,1iisnotreachable. LetusnowobservetwopropertiesofthesemanticsofωPN,thatwillbeusefulfor theproofsofSection3. Thefirstsaysthat,whenfiringasequenceoftransitionsσthat have non ω-labeledarcs on to and from some place p, the effect of σ on p is as in a plainPN: Lemma1 Let m and m′ be two markings and let σ = t ···t be a sequence of 1 n transitions of an ωPN s.t. m −→σ m′. Let p be a place s.t. for all 1 ≤ i ≤ n: O(t )(p)6=ω 6=I(t )(p). Then,m′(p)=m(p)+effect(σ)(p). i i Thelatterpropertysaysthatthesetofmarkingsthatarereachablebyagivensequence of transitions σ is upward-closedw.r.t. (cid:22)P′, where P′ is the set of places where the effectofσisω. Lemma2 Letm , m andm bethreemarkings,andletσ beasequenceoftransi- 1 2 3 tionss.t. (i)m1 −→σ m2, (ii)m3 (cid:23)P′ m2 withP′ = {p | effect(σ)(p) = ω}. Then, σ m −→m holdstoo. 1 3 Problems Weconsiderthefollowingproblems.LetN =(P,T,m )beanωPN: 0 1. Thereachabilityproblemasks,givenamarkingm,whetherm∈Reach(N). 2. Theplaceboundednessproblemasks,givenaplacepofN,whetherthereexists K ∈Ns.t. forallm∈Reach(N): m(p)≤K. Iftheanswerispositive,wesay thatpisbounded(fromm ). 0 6 3. TheboundednessproblemaskswhetherallplacesofN arebounded(fromm ). 0 4. Thecoveringproblemasks,givenamarkingmofN,whetherthereexistsm′ ∈ Reach(N)s.t. m′ (cid:23)m. 5. TheterminationproblemaskswhetherallexecutionsofN arefinite. RemarkthatacoverabilitysetoftheωPNissufficienttosolveboundedness,place boundednessandcovering,asinthecaseofPetrinets.IfCS isacoverabilitysetofN, then: (i)pisboundediffm(p)6= ωforallm ∈ CS;(ii)N isboundediffm(p) 6= ω forall p and forall m ∈ CS; and(iii), N can coverm iffthere exists m′ ∈ CS s.t. m (cid:22) m′. AsintheplainPetrinetscase, asufficientandnecessaryconditionofnon- terminationistheexistenceofa selfcoveringexecution. Aselfcoveringexecutionof anωPNN =hP,T,m iisafiniteexecutionoftheformm −t→1 m ···−t→k m −t−k−+→1 0 0 1 k ···−t→n m withm (cid:23)m : n n k Lemma3 AnωPNterminatesiffitadmitsnoself-coveringexecution. Example3 ConsideragaintheωPNN inFig.2. RecallfromExample2that,forall 1 K ≥ 0, t tK isfirableandallowstoreachh0,2K,2Ki. Allthesemarkingsarethus 1 2 reachable. These sequences of transitions also show that p and p are unbounded 2 3 (hence,N isunboundedtoo),whilep isbounded. Markingh0,1,1iisnotreachable 1 1 butcoverable,whileh2,0,0iisneitherreachablenorcoverable. Finally,N doesnot 1 terminate(becauset t tω isfirable),while N′ does. Inparticular,inN′, t canfire 1 2 4 1 1 3 onlyafinitenumberoftime,becauset willalwayscreateafinite(albeitunbounded) 1 numberoftokensinp . ThisanimportantdifferencebetweenωPNandplainPN:no 2 unboundedPNsterminates,whilethereareunboundedωPNthatterminate,e.g.N′. 1 3 A Karp and Miller procedure for ωPN Inthissection,wepresentsanextensionoftheclassicalKarp&Millerprocedure[15], adapted to ωPN. We show that the finite tree built by this algorithm (coined the KM tree),allows,asinthecaseofPNs,todecideboundedness,placeboundednes,cover- abilityandterminationonωPN. Before describing the algorithm, we discuss intuitively the KM trees of the ωPN N andN′ givenin Fig. 2. Theirrespective KM trees(forthe initialmarking m = 1 1 0 h1,0,0i) are T and T′, respectivelythe tree in Fig. 3 and its black subtree (i.e., ex- 1 1 cluding n ). As can be observed, the nodes and edges of a KM tree are labeled by 7 ω-markingsandtransitionsrespectively. Therelationship betweena KMtree andthe executions of the corresponding ωPN can be formalised using the notion of stutter- ing path. Intuitively, a stuttering path is a sequence of nodes n ,n ,...,n s.t. for 1 2 k all i ≥ 2: either n is a son of n , or n is an ancestor of n that has the same i i−1 i i−1 label as n . For instance, π = n ,n ,n ,n ,n ,n ,n ,n ,n ,n is a stuttering i−1 1 2 4 2 3 6 3 5 3 5 path in T′. Then, we claim (i) that every execution of the ωPN is simulated by a 1 stuttering path in its KM tree, and that (ii) every stuttering path in the KM tree cor- responds to a family of executions of the ωPN, where an arbitrary numberof tokens 7 n 1 h1,0,0i t 1 n 2 h0,ω,0i t t 2 3 n n 3 4 h0,ω,ωi h0,ω,0i t t 2 4 t 3 n n n 5 6 7 h0,ω,ωi h0,ω,ωi h0,ω,ωi Figure3:TheKMtreesT (wholetree)andT′(blacksubtree)ofresp. N andN′. 1 1 1 1 canbeproducedintheplacesmarkedbyωintheKMtree. Forinstance,theexecution m ,t ,h0,42,0i,t ,h0,41,0i,t ,h0,40,2i,t ,h0,39,2i,t ,h0,38,4i,t ,h0,37,6i,of 0 1 3 2 3 2 2 N′ is witnessed in T′ by the stuttering path π given above – observe that the se- 1 1 quence of edge labels in π’s equalsthe sequence of transitions of the execution, and that all markingsalong the executionare covered by the labels of the corresponding nodes in π: m ∈ γ(n ), h0,42,0i ∈ γ(n ), and so forth. On the other hand, the 0 1 2 stuttering path n ,n ,n of N summarisesall the (infinitely many) possible execu- 1 2 3 1 tions obtained by firing a sequence of the form t tn. Indeed, for all k ≥ 1, ℓ ≥ 0: 1 2 m ,t ,h0,k + ℓ,0i,t ,h0,k + ℓ − 1,2i,t ,...,t ,h0,k,2 × ℓi is an execution of 0 1 2 2 2 N , so,anarbitrarynumberoftokenscanbeobtainedinboth p andp byfiringse- 1 2 3 quencesoftheformt tn.Finally,observethataself-coveringexecutionofN ,suchas 1 2 1 m ,t ,h0,1,0i,t ,h0,0,2i,t ,h0,0,2icanbedetectedinT ,byconsideringthepath 0 1 2 4 1 n ,n ,n ,n ,andnotingthatthelabelof(n ,n )ist witheffect(t )(cid:23)0. 1 2 3 7 3 7 4 4 TheBuild-KMalgorithm LetusnowshowhowtobuildalgorithmicallytheKM of an ωPN. Recall that, in the case of plain PNs, the Karp& Miller tree [15] can be regardedasafiniteover-approximationofthe(potentiallyinfinite)reachabilitytreeof thePN.Thus,theKarp&Milleralgorithmworksbyunfoldingthetransitionrelationof thePN,andaddstwoingredientstoguaranteethatthetreeisfinite. First,anodenthat hasanancestorn′ with thesame labelis notdeveloped (ithasnochildren). Second, when a noden with label m has an ancestor n′ with label m′ ≺ m, an acceleration functionis applied to producea marking m s.t. m (p) = ω if m(p) > m′(p) and ω ω m (p) = m(p) otherwise. This acceleration is sound wrt to coverability since the ω sequenceoftransitionthathasproducedthebranch(n,n′)canbeiteratedanarbitrary numberoftimes,thusproducingarbitrarylargenumbersoftokensintheplacesmarked byω inm . Remarkthatthesetwoconstructionsarenotsufficienttoensuretermina- ω tionofthealgorithminthecase ofωPN, asωPN arenotfinitelybranching(firingan ω-output-transition can produce infinitely many different successors). To cope with 8 thisdifficulty,oursolutionunfoldstheω-semantics→ insteadoftheconcreteseman- ω tics→. Thishasanimportantconsequence:whereasthepresenceofanodelabeledby mwithm(p)=ωintheKMtreeofaPNN impliesthatN doesnotterminate,thisis nottrueanymoreinthecaseofωPN.Forinstance,allnodesbutn inT′ (Fig.3)are 1 1 markedbyω,yetthecorrespondingωPNN′ (Fig.2)doesterminate. 1 OurversionoftheKarp&MillertreeadaptedtoωPNisgiveninFig.4. Itbuildsa treeT = hN,E,λ,µ,n iwhere: N isasetofnodes;E ⊆ N ×N isasetofedges; 0 λ : N 7→ (N∪{ω})P isafunctionthatlabelsnodesbyω-markings2;µ : E 7→ T is alabelingfunctionthatlabelsarcsbytransitions; and n ∈ N istherootofthetree. 0 Foreachedgee,weleteffect(e) = effect(µ(e)). LetE+ andE∗ berespectivelythe transitiveandthetransitivereflexiveclosureofE. Astutteringpathisafinitesequence n ,n ,...,n s.t. forall1 ≤ i ≤ ℓ: either (n ,n ) ∈ E or (n ,n ) ∈ E+ and 0 1 ℓ i−1 i i i−1 λ(n )=λ(n ). Astutteringpathn ,n ,...,n isa(plain)pathiff(n ,n )∈E i i−1 0 1 ℓ i−1 i forall1 ≤ i ≤ ℓ. Giventwonodesnandn′ s.t. (n,n′) ∈ E∗,wedenotebyn n′ the(uniquepath)fromnton′. Givenastutteringpathπ = n ,n ,...,n ,wedenote 0 1 ℓ by µ(π) the sequence µ(n ,n )µ(n ,n )···µ(n ,n ) assuming µ(n ,n ) = ε 0 1 1 2 ℓ−1 ℓ i i+1 when(n ,n )6∈E;andbyeffect(π)= ℓ effect(n ,n ),lettingeffect(n ,n )= i i+1 i=1 i−1 i i−1 i 0when(n ,n )6∈E. i i+1 P Build-KM follows the intuition given above. At all times, it maintains a fron- tier U of tree nodes that are candidate for development (initially, U = {n }, with 0 λ(n )=m ).Then,Build-KMiterativelypicksupanodenfromU(seeline4),and 0 0 developsit(line6onwards)if n hasnoancestorn′ with thesamelabel(line5). De- velopinganodenamountstocomputingallthemarkingms.t. λ(n)→ m(line17), ω performingaccelerations(line19)ifneedbe,andinsertingtheresultingchildreninthe tree. RemarkthatBuild-KMisrecursive(seeline9): everytimeamarkingmwith an extra ω is created, it performsa recursivecall to Build-KM(N,m), usingm as initialmarking3. Therestofthesectionisdevotedtoprovingthatthisalgorithmiscorrect. Westart by establishing termination, then soundness (every stuttering path in the tree corre- spondstoanexecutionoftheωOPN)andfinallycompleteness(everyexecutionofthe ωOPNcorrespondstoastutteringpathinthetree). Tothisend,werelyonthefollow- ing notions. Symmetrically to self-covering executions we define the notion of self- covering(stuttering)pathinatree: a(stuttering)pathπ isself-coveringiffπ = π π 1 2 witheffect(π )≥0. Aself-coveringstutteringpathπ =π π isω-maximaliffforall 2 1 2 nodesn,n′alongπ : nbω(n)=nbω(n′). 2 Termination LetusshowthatBuild-KMalwaysterminates.Firstobservethatthe depth of recursivecalls is at most by |P|+1, as the numberof places marked by ω alonga branchdoesnotdecrease, andsince we performa recursivecallonlywhena placegetsmarkedbyωandwasnotbefore.Moreover,thebranchingdegreeofthetree isboundedbythenumber|T|oftransitions. Thus,byKo¨nig’slemma,aninfinitetree wouldcontainaninfinitebranch. Weruleoutthispossibilitybyaclassicalwqoargu- 2WeextendλtosetofnodesSintheusualway:λ(S)={λ(n)|n∈S}. 3Althoughthisdiffersfromclassicalpresentations oftheKarp&Millertechnique, wehaveretainedit becauseitsimplifiestheproofsofcorrectness. 9 Input anωOPNN =hP,Tiandanω-markingm 0 Output theKMofN,startingfromm 0 Build-KM(N,m ): 0 1 T := hN,E,λ,µ,n0i where N ={n0} with λ(n0)=m0 2 U := {n0} 3 while U 6=∅: 4 select and remove n from U 5 if ∄n st (n,n)∈E+ and λ(n)=λ(n): 6 forall t in T s.t. ∀p∈P: I(t)(p)6=ω implies λ(n)(p)≥I(t)(p): 7 m′ := Post(N,λ(n), t) 8 if nbω(m′)>nbω(λ(n)): 9 T′ := Build-KM(N,m′) 10 add all edge and nodes of T′ to T 11 let n′ be the root of T′ 12 else 13 n′ := new node with λ(n′)=m′ 14 U := U ∪ {n′} 15 E := E∪(n,n′) s.t. µ(n,n′)=t. 16 return T Post(N,n,t): 17 m′ := λ(n)−I(t)+O(t) 18 if ∃n: n,n)∈E+∧λ(n)≺λ(n) : m′(p) ifeffect(n n·t)(p)≤0 19 mw(p):(cid:0)= (cid:1) (ω otherwise 20 return mw 21 else: 22 return m′ Figure4:ThealgorithmtobuildtheKMofanωPN. ment: if there were an infinite branchin the tree computedby Build-KM(N,m ), 0 then there would be two nodes n along the branch n (where n is an ancestor of 1 2 1 n )s.t. λ(n ) (cid:22) λ(n )andeffect(n n ) (cid:23) 0. Sincethedepthofrecursivecalls 2 1 2 1 2 is bounded, we can assume, wlog, that n and n have been built during the same 1 2 recursivecall,henceλ(n ) ≺ λ(n )isnotpossible,becausethiswouldtriggeranac- 1 2 celeration,createanextraω andstartanewrecursivecall. Thus, λ(n ) = λ(n ),but 1 2 inthiscasethealgorithmstopsdevelopingthebranch(line5). Seetheappendixfora fullproof. Proposition1 For all ωPN N and for all marking m , Build-KM(N,m ) termi- 0 0 nates. Then,followingtheintuitionthatwehavesketchedatthebeginningofthesection, we show that KM is sound (Lemma 4) and complete (Lemma 6). Note that we first establishtheseresultsassumingthattheωPNN givenasparameterisanωOPN,then 10

See more

The list of books you might like

Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.
DMCA & Copyright: Dear all, most of the website is community built, users are uploading hundred of books everyday, which makes really hard for us to identify copyrighted material, please contact us if you want any material removed.
Copyright @ PDFdrive.to, 2022 | We love our users