Introduction Examples Properties Analysis techniques
Transcript of Introduction Examples Properties Analysis techniques
1EE249Fall04
Outline
• Petri nets– Introduction
– Examples
– Properties
– Analysis techniques
2EE249Fall04
Petri Nets (PNs)
• Model introduced by C.A. Petri in 1962– Ph.D. Thesis: “Communication with Automata”
• Applications: distributed computing, manufacturing, control, communication networks, transportation…
• PNs describe explicitly and graphically:– sequencing/causality
– conflict/non-deterministic choice
– concurrency
• Basic PN model– Asynchronous model (partial ordering)
– Main drawback: no hierarchy
3EE249Fall04
Example: Synchronization at single track rail segment
• „Preconditions“
4EE249Fall04
Playing the „token game“
5EE249Fall04
Conflict for resource „track“
6EE249Fall04
Petri Net Graph
• Bipartite weighted directed graph:– Places: circles– Transitions: bars or boxes– Arcs: arrows labeled with weights
• Tokens: black dots
t1p1
p2t2
p4
t3
p3
2
3
7EE249Fall04
Petri Net• A PN (N,M0) is a Petri Net Graph N
– places: represent distributed state by holding tokens
– marking (state) M is an n-vector (m1,m2,m3…), where mi is the non-negative number of tokens in place pi.
– initial marking (M0) is initial state
– transitions: represent actions/events
– enabled transition: enough tokens in predecessors
– firing transition: modifies marking
• …and an initial marking M0.t1p1
p2t2
p4
t3p3
2
3Places/Transitions: conditions/events
8EE249Fall04
Transition firing rule• A marking is changed according to the following rules:
– A transition is enabled if there are enough tokens in each input place
– An enabled transition may or may not fire
– The firing of a transition modifies marking by consuming tokens from the input places and producing tokens in the output places
2 2
3
2 2
3
9EE249Fall04
Concurrency, causality, choice
t1
t2
t3 t4
t5
t6
10EE249Fall04
Concurrency, causality, choice
Concurrency
t1
t2
t3 t4
t5
t6
11EE249Fall04
Concurrency, causality, choice
Causality, sequencing
t1
t2
t3 t4
t5
t6
12EE249Fall04
Concurrency, causality, choice
Choice,conflict
t1
t2
t3 t4
t5
t6
13EE249Fall04
Concurrency, causality, choice
Choice,conflict
t1
t2
t3 t4
t5
t6
14EE249Fall04
Communication Protocol
P1
Send msg
Receive Ack
Send Ack
Receive msg
P2
15EE249Fall04
Communication Protocol
P1
Send msg
Receive Ack
Send Ack
Receive msg
P2
16EE249Fall04
Communication Protocol
P1
Send msg
Receive Ack
Send Ack
Receive msg
P2
17EE249Fall04
Communication Protocol
P1
Send msg
Receive Ack
Send Ack
Receive msg
P2
18EE249Fall04
Communication Protocol
P1
Send msg
Receive Ack
Send Ack
Receive msg
P2
19EE249Fall04
Communication Protocol
P1
Send msg
Receive Ack
Send Ack
Receive msg
P2
20EE249Fall04
Producer-Consumer Problem
Produce
Consume
Buffer
21EE249Fall04
Producer-Consumer Problem
Produce
Consume
Buffer
22EE249Fall04
Producer-Consumer Problem
Produce
Consume
Buffer
23EE249Fall04
Producer-Consumer Problem
Produce
Consume
Buffer
24EE249Fall04
Producer-Consumer Problem
Produce
Consume
Buffer
25EE249Fall04
Producer-Consumer Problem
Produce
Consume
Buffer
26EE249Fall04
Producer-Consumer Problem
Produce
Consume
Buffer
27EE249Fall04
Producer-Consumer Problem
Produce
Consume
Buffer
28EE249Fall04
Producer-Consumer Problem
Produce
Consume
Buffer
29EE249Fall04
Producer-Consumer Problem
Produce
Consume
Buffer
30EE249Fall04
Producer-Consumer Problem
Produce
Consume
Buffer
31EE249Fall04
Producer-Consumer Problem
Produce
Consume
Buffer
32EE249Fall04
Producer-Consumer Problem
Produce
Consume
Buffer
33EE249Fall04
Producer-Consumer Problem
Produce
Consume
Buffer
34EE249Fall04
Producer-Consumer with priority
Consumer B can consume only if buffer A is empty
Inhibitor arcs
A
B
35EE249Fall04
PN properties
• Behavioral: depend on the initial marking (most interesting)– Reachability
– Boundedness
– Schedulability
– Liveness
– Conservation
• Structural: do not depend on the initial marking (often too restrictive)– Consistency
– Structural boundedness
36EE249Fall04
Reachability
• Marking M is reachable from marking M0 if there exists a sequence of firings σ = M0 t1 M1 t2 M2… M that transforms M0 to M.
• The reachability problem is decidable.
t1p1
p2t2
p4
t3p3
Μ0 = (1,0,1,0)M = (1,1,0,0)
Μ0 = (1,0,1,0)t3
M1 = (1,0,0,1)t2
M = (1,1,0,0)
37EE249Fall04
• Liveness: from any marking any transition can become fireable– Liveness implies deadlock freedom, not viceversa
Liveness
Not live
38EE249Fall04
• Liveness: from any marking any transition can become fireable– Liveness implies deadlock freedom, not viceversa
Liveness
Not live
39EE249Fall04
• Liveness: from any marking any transition can become fireable– Liveness implies deadlock freedom, not viceversa
Liveness
Deadlock-free
40EE249Fall04
• Liveness: from any marking any transition can become fireable– Liveness implies deadlock freedom, not viceversa
Liveness
Deadlock-free
41EE249Fall04
• Boundedness: the number of tokens in any place cannot grow indefinitely
– (1-bounded also called safe)
– Application: places represent buffers and registers (check there is no overflow)
Boundedness
Unbounded
42EE249Fall04
• Boundedness: the number of tokens in any place cannot grow indefinitely
– (1-bounded also called safe)
– Application: places represent buffers and registers (check there is no overflow)
Boundedness
Unbounded
43EE249Fall04
• Boundedness: the number of tokens in any place cannot grow indefinitely
– (1-bounded also called safe)
– Application: places represent buffers and registers (check there is no overflow)
Boundedness
Unbounded
44EE249Fall04
• Boundedness: the number of tokens in any place cannot grow indefinitely
– (1-bounded also called safe)
– Application: places represent buffers and registers (check there is no overflow)
Boundedness
Unbounded
45EE249Fall04
• Boundedness: the number of tokens in any place cannot grow indefinitely
– (1-bounded also called safe)
– Application: places represent buffers and registers (check there is no overflow)
Boundedness
Unbounded
46EE249Fall04
Conservation
• Conservation: the total number of tokens in the net is constant
Not conservative
47EE249Fall04
Conservation
• Conservation: the total number of tokens in the net is constant
Not conservative
48EE249Fall04
Conservation
• Conservation: the total number of tokens in the net is constant
Conservative
2
2
49EE249Fall04
Analysis techniques
• Structural analysis techniques– Incidence matrix
– T- and S- Invariants
• State Space Analysis techniques– Coverability Tree
– Reachability Graph
50EE249Fall04
Incidence Matrix
• Necessary condition for marking M to be reachable from initial marking M0:
there exists firing vector v s.t.:
M = M0 + A v
p1 p2 p3t1t2
t3A=A=
--11 00 0011 11 --1100 --11 11
t1 t2 t3p1p2p3
51EE249Fall04
State equations
p1 p2 p3t1
t3
A=A=--11 00 0011 11 --1100 --11 11
• E.g. reachability of M = |0 0 1|T from M0 = |1 0 0|T
but also v2 = | 1 1 2 |T or any vk = | 1 (k) (k+1) |T
t2
110000
++--11 00 0011 11 --1100 --11 11
000011
==110011
vv1 1 ==110011
52EE249Fall04
Necessary Condition only
2 2
Firing vector: (1,2,2)
t1
t2
t3
Deadlock!!
53EE249Fall04
State equations and invariants
• Solutions of Ax = 0 (in M = M0 + Ax, M = M0)
T-invariants– sequences of transitions that (if fireable) bring back to original marking
– periodic schedule in SDF
– e.g. x =| 0 1 1 |T
p1 p2 p3t1
t3
A=A=--11 00 0011 11 --1100 --11 11
t2
54EE249Fall04
Application of T-invariants
• Scheduling– Cyclic schedules: need to return to the initial state
i *k2 +
*k1
Schedule: i *k2 *k1 + oT-invariant: (1,1,1,1,1)
o
55EE249Fall04
State equations and invariants
• Solutions of yA = 0
S-invariants– sets of places whose weighted total token count does not change after
the firing of any transition (y M = y M’)
– e.g. y =| 1 1 1 |T
p1 p2 p3t1
t3
AATT==--11 11 0000 11 --1100 --11 11
t2
56EE249Fall04
Application of S-invariants
• Structural Boundedness: bounded for any finite initial marking M0
• Existence of a positive S-invariant is CS for structural boundedness– initial marking is finite
– weighted token count does not change
57EE249Fall04
Summary of algebraic methods
• Extremely efficient (polynomial in the size of the net)
• Generally provide only necessary or sufficient information
• Excellent for ruling out some deadlocks or otherwise dangerous conditions
• Can be used to infer structural boundedness
58EE249Fall04
Coverability Tree
• Build a (finite) tree representation of the markings
Karp-Miller algorithm• Label initial marking M0 as the root of the tree and tag it as new
• While new markings exist do:– select a new marking M
– if M is identical to a marking on the path from the root to M, then tag M as old and go to another new marking
– if no transitions are enabled at M, tag M dead-end
– while there exist enabled transitions at M do:– obtain the marking M’ that results from firing t at M
– on the path from the root to M if there exists a marking M’’ such that M’(p)>=M’’(p) for each place p and M’ is different from M’’, then replace M’(p) by ω for each p such that M’(p) >M’’(p)
– introduce M’ as a node, draw an arc with label t from M to M’ and tag M’ as new.
59EE249Fall04
Coverability Tree
• Boundedness is decidable with coverability tree
p1 p2 p3
p4
t1t2
t3
1000
60EE249Fall04
Coverability Tree
• Boundedness is decidable with coverability tree
p1 p2 p3
p4
t1t2
t3
1000
0100t1
61EE249Fall04
Coverability Tree
• Boundedness is decidable
with coverability tree
p1 p2 p3
p4
t1t2
t3
1000
0100
0011
t1
t3
62EE249Fall04
Coverability Tree
• Boundedness is decidable
with coverability tree
p1 p2 p3
p4
t1t2
t3
1000
0100
0011
t1
t3
0101t2
63EE249Fall04
Coverability Tree
• Boundedness is decidable
with coverability tree
p1 p2 p3
p4
t1t2
t3
1000
0100
0011
t1
t3
t2010ω
64EE249Fall04
Coverability Tree
• Is (1) reachable from (0)?
t1 p1 t2
t1 p1 t22 2
65EE249Fall04
Coverability Tree
• Is (1) reachable from (0)?
t1 p1 t2
t1
0t1
ω
p1 t22 2
(0) (1) (2)…
66EE249Fall04
Coverability Tree
• Is (1) reachable from (0)?
t1 p1 t2
t1
0t1
ω
0t1
ω
p1 t22 2
(0) (1) (2)…
(0) (2) (0)…
67EE249Fall04
Coverability Tree
• Cannot solve the reachability problem
t1 p1 t2
t1
0t1
ω
0t1
ω
p1 t22 2
(0) (1) (2)…
(0) (2) (0)…
• Is (1) reachable from (0)?
68EE249Fall04
Reachability graph
p1 p2 p3t1t2
t3
100
• For bounded nets the Coverability Tree is called Reachability Tree since it contains all possible reachable markings
69EE249Fall04
Reachability graph
p1 p2 p3t1t2
t3
100
010t1
• For bounded nets the Coverability Tree is called Reachability Tree since it contains all possible reachable markings
70EE249Fall04
Reachability graph
p1 p2 p3t1t2
t3
100
010
001
t1
t3
• For bounded nets the Coverability Tree is called Reachability Tree since it contains all possible reachable markings
71EE249Fall04
Reachability graph
p1 p2 p3t1t2
t3
100
010
001
t1
t3t2
• For bounded nets the Coverability Tree is called Reachability Tree since it contains all possible reachable markings
72EE249Fall04
Subclasses of Petri nets
• Reachability analysis is too expensive
• State equations give only partial information
• Some properties are preserved by reduction rulese.g. for liveness and safeness
• Even reduction rules only work in some cases
• Must restrict class in order to prove stronger results
73EE249Fall04
Marked Graphs
• Every place has at most 1 predecessor and 1 successor transition
• Models only causality and concurrency (no conflict)
NO
YES
74EE249Fall04
State Machines
• Every transition has at most 1 predecessor and 1 successor place
• Models only causality and conflict– (no concurrency, no synchronization of parallel activities)
YES NO
75EE249Fall04
Free-Choice Petri Nets (FCPN)
Free-Choice (FC)
Extended Free-Choice Confusion (not-Free-Choice)
t1
t2
Free-Choice: the outcome of a choice depends on the value of a token (abstracted non-deterministically) rather than on its arrival time.
every transition after choice has exactly 1 predecessor place
76EE249Fall04
Free-Choice nets
• Introduced by Hack (‘72)• Extensively studied by Best (‘86) and Desel and Esparza (‘95)• Can express concurrency, causality and choice without confusion• Very strong structural theory
– necessary and sufficient conditions for liveness and safeness, based on decomposition
– exploits duality between MG and SM
77EE249Fall04
MG (& SM) decomposition
• An Allocation is a control function that chooses which transition fires among several conflicting ones ( A: P T).
• Eliminate the subnet that would be inactive if we were to use the allocation...
• Reduction Algorithm– Delete all unallocated transitions
– Delete all places that have all input transitions already deleted
– Delete all transitions that have at least one input place already deleted
• Obtain a Reduction (one for each allocation) that is a conflict free subnet
78EE249Fall04
• Choose one successor for each conflicting place:
MG reduction and cover
79EE249Fall04
• Choose one successor for each conflicting place:
MG reduction and cover
80EE249Fall04
• Choose one successor for each conflicting place:
MG reduction and cover
81EE249Fall04
• Choose one successor for each conflicting place:
MG reduction and cover
82EE249Fall04
• Choose one successor for each conflicting place:
MG reduction and cover
83EE249Fall04
MG reductions
• The set of all reductions yields a cover of MG components (T-invariants)
84EE249Fall04
MG reductions
• The set of all reductions yields a cover of MG components (T-invariants)
85EE249Fall04
MG reductions
• The set of all reductions yields a cover of MG components (T-invariants)
86EE249Fall04
Hack’s theorem (‘72)
• Let N be a Free-Choice PN:– N has a live and safe initial marking (well-formed)
if and only if– every MG reduction is strongly connected and not empty, and
the set of all reductions covers the net
– every SM reduction is strongly connected and not empty, and
the set of all reductions covers the net
87EE249Fall04
Hack’s theorem
• Example of non-live (but safe) FCN
88EE249Fall04
Hack’s theorem
• Example of non-live (but safe) FCN
89EE249Fall04
Hack’s theorem
• Example of non-live (but safe) FCN
90EE249Fall04
Hack’s theorem
• Example of non-live (but safe) FCN
91EE249Fall04
Hack’s theorem
• Example of non-live (but safe) FCN
92EE249Fall04
Hack’s theorem
• Example of non-live (but safe) FCN
93EE249Fall04
Hack’s theorem
• Example of non-live (but safe) FCN
94EE249Fall04
Hack’s theorem
• Example of non-live (but safe) FCN
95EE249Fall04
Hack’s theorem
• Example of non-live (but safe) FCN
96EE249Fall04
Hack’s theorem
• Example of non-live (but safe) FCN
97EE249Fall04
Hack’s theorem
• Example of non-live (but safe) FCN
98EE249Fall04
Hack’s theorem
• Example of non-live (but safe) FCN
99EE249Fall04
Hack’s theorem
• Example of non-live (but safe) FCN
100EE249Fall04
Hack’s theorem
• Example of non-live (but safe) FCN
101EE249Fall04
Hack’s theorem
• Example of non-live (but safe) FCN
102EE249Fall04
Hack’s theorem
• Example of non-live (but safe) FCN
Deadlock
103EE249Fall04
Summary of LSFC nets
• Largest class for which structural theory really helps
• Structural component analysis may be expensive (exponential number of MG and SM components in the worst case)
• But…– number of MG components is generally small
– FC restriction simplifies characterization of behavior
104EE249Fall04
Petri Net extensions
• Add interpretation to tokens and transitions– Colored nets (tokens have value)
• Add time– Time/timed Petri Nets (deterministic delay)
– type (duration, delay)– where (place, transition)
– Stochastic PNs (probabilistic delay)– Generalized Stochastic PNs (timed and immediate transitions)
• Add hierarchy– Place Charts Nets
105EE249Fall04
PNs Summary
• PN Graph: places (buffers), transitions (actions), tokens (data)
• Firing rule: transition enabled if there are enough tokens in each input place
• Properties
– Structural (consistency, structural boundedness…)
– Behavioral (reachability, boundedness, liveness…)
• Analysis techniques
– Structural (only CN or CS): State equations, Invariants
– Behavioral: coverability tree
• Reachability
• Subclasses: Marked Graphs, State Machines, Free-Choice PNs
2
106EE249Fall04
References
• T. Murata Petri Nets: Properties, Analysis and Applications
• http://www.daimi.au.dk/PetriNets/