Behaviour-Preserving

Transition Insertions in

Unfolding Prefixes

Victor Khomenko

University of Newcastle upon Tyne

2

Motivation

• Some design methods based on Petri nets repeatedly execute the following steps: Analyze the original PN spec Modify the PN by behaviour-preserving

transition insertion

3

Example: VME Bus Controller

lds-d- ldtack- ldtack+

dsr- dtack+ d+

dtack- dsr+ lds+

DeviceVME Bus

Controller

lds

ldtack

d

Data Transceiver

Bus

dsrdtack

4

Example: Encoding Conflict

dtack- dsr+

dtack- dsr+

dtack- dsr+

00100

ldtack- ldtack- ldtack-

0000010000

lds- lds- lds-

01100 01000 11000

lds+

ldtack+

d+

dtack+dsr-d-

01110 01010 11010

01111 11111 11011

11010

10010

M’’ M’

5

State Graphs:

Relatively easy theory Many efficient algorithms

Not visual State space explosion problem

State Graphs vs. Unfoldings

6

State Graphs vs. UnfoldingsUnfoldings:

Alleviate the state space explosion problem More visual than state graphs Proven efficient for model checking

Quite complicated theory Not sufficiently investigated Relatively few algorithms

7

Example: Encoding Conflict

lds-

d-

ldtack-

ldtack+ dsr- dtack+d+

dtack-

dsr+ lds+ lds+

dsr+e1 e2 e3 e4 e5 e6 e7

e9 e11

e12

e10e8

Code(conf’)=10110 Code(conf’’)=10110

8

Example: Resolving the conflict

lds-d- ldtack- ldtack+

dsr- dtack+ d+

dtack- dsr+ lds+csc+

csc-

9

Example: Resolving the conflict

dtack- dsr+

dtack- dsr+

dtack- dsr+

001000

ldtack- ldtack- ldtack-

000000 100000

lds- lds- lds-

011000 010000 110000

lds+

ldtack+

d+

dtack+dsr-

d-

011100 010100 110100

011111 111111 110111

110101

100101

011110

csc+

csc-

100001

M’’ M’

10

Example: Resulting Circuit

Device

d

Data TransceiverBus

dsr

dtacklds

ldtack

csc

11

Motivation: validity

• Need to check the validity of the transformation safeness bisimulation

• The validity should be checked before the transformation is performed, i.e. on the original prefix (to avoid backtracking)

12

Motivation: avoid re-unfolding

• Perform the transformation directly on the prefix to avoid re-unfolding Re-unfolding is time-consuming Good for visualization (re-unfolding can

dramatically change the look of the prefix)

Can transfer information (e.g. encoding conflicts) between the iterations of the algorithm

13

Example: Re-unfolding

14

Sequential pre-insertion

Preserves safeness Preserves traces Can introduce deadlocks: need to check

that the new transition never ‘steals’ tokens from any other enabled transition simple state property can be checked on the original prefix

15

Sequential post-insertion

Preserves safeness Yields a bisimular PN Nothing to check!

16

Concurrent insertion

Can introduce unsafeness Can introduce deadlocks

17

Place insertion: token

If the place insertion is valid and t’ or t’’ is not dead then p contains token iff there is a t’’-labelled event in the prefix which does not have t’-labelled predecessor

p

t’ t’’

18

Place insertion: validity

• Tokens(C)=n + #t’C – #t’’C

• The transformation is valid if:

for all instances e of t’ and t’’ of the prefix, Tokens([e]){0,1}, and

for all cut-offs e with a corresponding configuration C, Tokens([e])=Tokens(C)

• If a valid transformation is rejected by this criterion then t’ and t’’ are not live

p

t’ t’’n

19

Pre-insertion in the prefix

Naïve splitting can yield an incomplete prefix!

20

Pre-insertion in the prefix

Naïve splitting can yield an object which is not a branching process!

21

Pre-insertion in the prefix

• Find all possible extensions of the prefix by the new transition

• Amend the instances of the split transitions

• Amend the cut-off corresponding configurations

22

Post-insertion in the prefix

Naïve splitting can yield an incomplete prefix!

23

Post-insertion in the prefixDefinition: a configuration is extendible if in the modified prefix it can be extended by an instance of the new transition

• If there is a cut-off event e with a corresponding configuration C such that [e] is extendible and C is not extendible then terminate unsuccessfully

• Amend the instances of the split transition• Amend the cut-off corresponding

configurations

24

Place insertion in the prefix

• Assumption: the place insertion has passed the validity check

• If n = 1 then create a new (causally minimal) instance cmin of p

• For each instance e of t′ (including cut-offs), create a new instance of p and connect it to e

• For each instance e of t′′ (including cut-offs): connect e to cmin if e has no t′-labelled predecessor and to the instance of p in the postset of the (unique) maximal t′-labelled predecessor of e otherwise

p

t’ t’’n

25

Concurrent insertion in the prefix

• Perform the corresponding place insertion

• Perform the sequential pre-insertion

• This two steps can easily be combined

p

t’ t’’n

26

Equivalent insertions

Equivalence is easy to check Fewer transformations to consider Can convert to ‘canonical form’, e.g. pre-

insertions – good for unfolding No need to check validity – post-

insertions are always valid

27

Commutative insertions

Definition: two transition insertions commute if they can be performed in any order concurrent insertions commute with any

other insertions pre-insertions commute with post-

insertions two pre/post-insertions commute iff they

split different transitions or the sets of split off places do not overlap

A valid insertion remains valid if another valid commutative insertion is applied first, i.e. the validity needs to be checked only once

28

Summary

• Rigorous validity criteria developed can be checked on the original prefix – no

backtracking

• Algorithms for performing transformations directly on the prefix avoids re-unfolding, good for performance

and visualization proofs of correctness

• Optimisation equivalent transformations commutative transformations

29

Thank you!Any questions?