Tutorial Perti Nets Geeraerts

An Introduction to Petri nets
and how to analyse them...

G. Geeraerts
Groupe de Vérification - Département d’Informatique

Université Libre de Bruxelles
1
Introduction
2
Introduction
• Concurrency: property of a “system” in which
many “entities” act at the same time and
interact.
• Often found in many application:
• Computer science (e.g.: parallel computing)
• Workflow
• Manufacturing systems
• ....
3
Introduction
Concurrency
4
Introduction
Concurrency
Work in parallel
4
Introduction
Concurrency
Must wait for the

two other machines
Work in parallel
4
Introduction
Concurrency
Can write or
Can write or read on the DB
read on the DB
5
Introduction
Concurrency
Boss
6
Introduction
Concurrency
Boss
6
Introduction
Concurrency
Boss
Employees: work in parallel

6
Introduction
Concurrency
Boss
gives work

6
Introduction
Concurrency
Boss
gives work

6
Introduction
Concurrency
Boss
gives work

6
Introduction
Concurrency
Boss
receives credit
gives work
for the results

6
Introduction
• Petri nets are a tool to model

concurrent systems and
reason about them.
• Invented in 1962 by C.A.
Petri.
7
The aim of the talk
• Introduce you to Petri nets (and some of
their extensions)
• Explain several analysis methods for PN
• i.e., what can you ‘ask’ about a PN ?
• Give a rough idea of the research in the
verification group at ULB...
• ... and foster new collaborations ?
8
How I use Petri nets2 GEERAERTS, RASKIN, AND VAN BEGIN
p1
•
t7 t1 t8
template <typename T> T Max(T a, p6 p2 p7

T b)
{
}
return a < b ? b : a;
abstraction t5 t2
p3
t6
#include <string>
int main() // fonction main
{
t3
int i = Max(3, 5);
char c = Max('e', 'b'); p5
std::string s = Max(std::string 2 p4 t4
("hello"), std::string("world"));
float f = Max<float>(1, 2.2f);
Figure 1: The Petri net on which the algorithm proposed in [?] may not compute the w
coverability set.
!p1 "
t1
!1, 0, 0, 0, 0" !1, 0, 0, 0, 0"
!p2 "
Analysis method
t5 t6
t2
!0, 0, 0, 1, 2" !0, 1, 0, 0, 0" !0, 0, 0, 1, 2" !0, 1, 0, 0, 0" !0, 1, 0, 0, 1"
!p3 "
of PN
<
t4
!
t3 · t4
!0, 0, 1, 0, 3" !0, 0, 1, 0, ω" !×" !0, 0, 1, 0, ω"
!p3 , p5 " <
(a) Step 1. (b) Step 2. (c) Step 3.
Figure 2: A counter-example to Finkel’s algorithm. Nodes and edges in grey have

9
How you might use PN 2 GEERAERTS, RASKIN, AND VAN BEGIN
p1
•
t7 t1 t8
p6 p2 p7
Your favorite
abstraction t5 t2 t6
application p3
t3
p5
2 p4 t4
Figure 1: The Petri net on which the algorithm proposed in [?] may not compute the w
coverability set.
!p1 "
t1
!1, 0, 0, 0, 0" !1, 0, 0, 0, 0"
!p2 "
Analysis method
t5 t6
t2
!0, 0, 0, 1, 2" !0, 1, 0, 0, 0" !0, 0, 0, 1, 2" !0, 1, 0, 0, 0" !0, 1, 0, 0, 1"
!p3 "
of PN
<
t4
!
t3 · t4
!0, 0, 1, 0, 3" !0, 0, 1, 0, ω" !×" !0, 0, 1, 0, ω"
!p3 , p5 " <
(a) Step 1. (b) Step 2. (c) Step 3.
Figure 2: A counter-example to Finkel’s algorithm. Nodes and edges in grey have

10
Intuitions
11
Ingredients
A Petri net is made up of...
Places = some type of resource
consume and produce

Transitions
resources
= one unity of a
Tokens
certain resource
Tokens ‘live’ in the places
12
Transitions
Output places
Input places
13
Firing a transition
Transitions consume tokens from the input places
and produce tokens in the output places
14
Firing a transition
Transitions consume tokens from the input places
and produce tokens in the output places
Now, the transition

cannot be fired anymore
15
Example 1
Can write or
Can write or read on the DB
read on the DB
The two machines cannot write at the

same time
16
Example 1
read read
idle
idle
write write
The token tells us the state of the process

17
Example 1
read read
idle
idle
write write

18
Example 1
read read
idle
idle
write write

19
Example 1
read read
idle
idle
write write

20
Example 1
read read
idle
idle
write write

21
Example 1
read read
idle
idle
write write
Add a lock to ensure mutual exclusion

22
Example 1
read
idle
idle
write write
23
16 Example 2 CHAPTER 2
mutex M ; t1
Process P {
p1
repeat {
take M ; t3 • t2
critical ; p2
release M ;
} p3
}
Figure 2.1: The SMPN Nµ .
24
16 Example 2 CHAPTER 2
mutex M ; t1
Process P {
p1
repeat {
take M ; t3 • t2
critical ; p2
release M ;
} p3
}
Here, we have applied a counting abstraction
24
Plan of the talk
• Preliminaries
• Tools for the analysis of PN
• reachability tree and reachability graph
• place invariants
• Karp & Miller and the coverability set
• The coverability problem
• More on PN: extensions...
• Conclusion
25
Plan of the talk
• Preliminaries
• Tools for the analysis of PN
Survey Detailed coverage
• reachability tree and reachability graph

• place invariants
• Karp & Miller and the coverability set
• The coverability problem
• More on PN: extensions...
• Conclusion
25
Preliminaries
26
Formal definition
• A Petri net is a tuple 〈P, T〉where:
• P is the (finite) set of places
• T is the (finite) set of transitions. Each
transition t is a tuple 〈I, O〉where:
• I: is a function s.t. t consumes I(p) tokens

in each place p
• O is a function s.t. t produces O(p)
tokens in each place p
27
Example
I(p1)=2 I(p2)=1 I(p3)=0 I(p4)=0 I(p5)=0
O(p1)=0 O(p2)=0 O(p3)=1 O(p4)=3 O(p5)=1
p3
p1
2
t
3
p4
p2
p5
28
Markings
• The distribution of the tokens in the places
is formalised by the notion of marking, which
can be seen:
• either as a function m, s.t. m(p) is the
number of tokens in place p
• or as a vector m=〈m , m ,... m 〉where
1 2 n
mi is the number of tokens in place pi
29
Example
m =〈1,1,1,2,0〉
m = 〈 p1, p2, p3, 2p4〉
m(p1)=1, m(p2)=1, m(p3)=1, m(p4)=2, m(p5)=0
p3
p1
2
t
3
p4
p2
p5
30
Firing a transition
• A transition t = 〈I,O〉can be fired from m
iff for any place p:
m(p) ≥ I(p)
• The firing transforms the marking m into a
marking m’ s.t. for any place p:
m’(p) = m(p) - I(p) + O(p)
• Notation: m→m’
• Notation: Post(m) = {m’ | m→m’}
31
16 Example CHAPTER
t1
p1
t3 • t2
p2
p3

32
16 Example CHAPTER
t1
Post(〈1, 1, 0〉)= p1
{〈2, 1, 0〉,〈0, 0, 1〉} t3 • t2
p2
p3

32
16 Example CHAPTER
t1
Post(〈1, 1, 0〉)= p1
{〈2, 1, 0〉,〈0, 0, 1〉} t3 • t2
p2
p3

32
16 Example CHAPTER
t1
Post(〈1, 1, 0〉)= p1
{〈2, 1, 0〉,〈0, 0, 1〉} t3 • t2
p2
p3

32
16 Example CHAPTER
t1
Post(〈1, 1, 0〉)= p1
{〈2, 1, 0〉,〈0, 0, 1〉} t3 • t2
p2
p3

32
16 Example CHAPTER
t1
Post(〈1, 1, 0〉)= p1
{〈2, 1, 0〉,〈0, 0, 1〉} t3 • t2
p2
p3

32
Initial marking
Reachable markings
• All PN are equipped with an initial marking m
0
• If two markings m and m’ are s.t.:

m→m1→m2→…→m’
Then m’ is reachable from m
• Let N be a PN with initial marking m :
0
Reach(N) = {m reachable from m0}

is the set of reachable markings of N.
33
16 Example CHAPTER
t1
p1
t3 • t2
p2
p3

34
16 Example CHAPTER
Reach(N ) = t1
{!i, 1, 0" | i ∈ N}
∪ p1
{!i, 0, 1" | i ∈ N} •
t3 t2
p2
p3

34
16 Example CHAPTER
Reach(N ) = t1
{!i, 1, 0" | i ∈ N}
∪ p1
{!i, 0, 1" | i ∈ N} •
t3 t2
p2
This set allows us to
prove that the mutual p3
exclusion is indeed
enforced Figure 2.1: The SMPN Nµ .
34
Ordering on markings
• Markings can be compared thanks to 4:
m4m’ iff for any place p: m(p)6m’(p)
mpm’ iff m4m’ and m≠m’
• Examples:
• 〈1, 0, 0〉p〈1, 1, 0〉4〈1, 1, 0〉4〈5, 7, 2〉
• 〈1, 0, 0〉 is not comparable to 〈0, 1, 0〉
35
Questions on PN
• Meaningful questions about PN include:
• Boundedness: is the number of reachable
markings bounded ?
• Place boundedness: is there a bound on
the maximal number of tokens that can be
created in a given place ?
• Semi-liveness: is there a reachable marking
from which a given transition can fire ?
• Coverability
36
Example
read read
idle
idle
write write
Bounded PN All the places are bounded

All the transitions are semi-live
37
16 Example CHAPTER
• Unbounded PN
t1
• p and p are bounded

2 3
p1
• p is unbounded
1 t3 • t2
• All the transitions are p2
semi-live
p3

38
Some tools for the
analysis of PN
39
Reachability tree
and
reachability graph
40
Reachability Tree
• Idea:
• the root is labeled by m0
• for each node labeled by m, create one

child for each marking of Post(m)
41
Reachability Tree
I1
W1
R1
M
W2 R2
I2
42
Reachability Tree
I1
〈M, I1, I2〉
W1
R1
M
W2 R2
I2
42
Reachability Tree
I1
〈M, I1, I2〉
W1 〈I1, W2〉〈M, I1, R2〉

R1 〈W1, I2〉〈M, R1, I2〉
M
W2 R2
I2
42
Reachability Tree
I1
〈M, I1, I2〉
W1 〈I1, W2〉〈M, I1, R2〉

R1 〈W1, I2〉〈M, R1, I2〉
M
W2 R2 〈R1, W2〉
〈M, I1, I2〉
I2
42
Reachability Tree
I1
〈M, I1, I2〉
W1 〈I1, W2〉〈M, I1, R2〉

R1 〈W1, I2〉〈M, R1, I2〉
M
W2 R2 〈R1, W2〉
〈M, I1, I2〉
〈M, I1, R2〉

I2 〈I1, W2〈W
〉 1, I2〉
〈M, R1, I2〉
42
Reachability Tree
I1
〈M, I1, I2〉
W1 〈I1, W2〉〈M, I1, R2〉

R1 〈W1, I2〉〈M, R1, I2〉
M
W2 R2 〈R1, W2〉〈W1, R2〉
〈M, I1, I2〉〈M, I1, I2〉
〈M, I1, R2〉

I2 〈I1, W2〈W
〉 1, I2〉
〈M, R1, I2〉
42
Reachability Tree
I1
〈M, I1, I2〉
W1 〈I1, W2〉〈M, I1, R2〉

R1 〈W1, I2〉〈M, R1, I2〉
M
W2 R2 〈R1, W2〉〈W1, R2〉
〈M, I1, I2〉〈M, I1, I2〉
〈M, I1, R2〉

I2 〈I1, W2〈W
〉 1, I2〉
〈M, R1, I2〉
42
Reachability Tree
I1
〈M, I1, I2〉
W1 〈I1, W2〉〈M, I1, R2〉

R1 〈W1, I2〉〈M, R1, I2〉
M Reachability trees can
W2 R2 〈R1, Wbe
2〉infinite
〈W1, R2〉
〈M, I1, I2〉〈M, I1, I2〉
〈M, I1, R2〉

I2 〈I1, W2〈W
〉 1, I2〉
〈M, R1, I2〉
42
Reachability graph
• Idea: build a node for each reachable

marking and add an edge from m to m’ if
some transition transforms m into m’
• remark: now, if we meet the same marking
twice, we do not create a new node, but
re-use the previously created node.
43
Reachability graph
I1
W1
R1
M
W2 R2
I2
44
Reachability graph
I1
W1
R1
M
〈M, I1, I2〉
W2 R2
I2
44
Reachability graph
I1
W1
R1
M
〈M, I1, I2〉
W2 R2
〈M, R1, I2〉〈M, I1, R2〉
I2
44
Reachability graph
I1
W1
R1
M
〈M, I1, I2〉
W2 R2
〈M, R1, I2〉〈M, I1, R2〉
〈M, R1, R2〉

I2
44
Reachability graph
I1
W1
R1 〈I1, W2〉〈W1, I2〉
M
〈M, I1, I2〉
W2 R2
〈M, R1, I2〉〈M, I1, R2〉
〈M, R1, R2〉

I2
44
Reachability graph
I1
〈R1, W2〉〈W1, R2〉
W1
R1 〈I1, W2〉〈W1, I2〉
M
〈M, I1, I2〉
W2 R2
〈M, R1, I2〉〈M, I1, R2〉
〈M, R1, R2〉

I2
44
Reachability graph
I1
〈R1, W2〉〈W1, R2〉
W1
R1 〈I1, W2〉〈W1, I2〉
M
〈M, I1, I2〉
W2 R2
〈M, R1, I2〉〈M, I1, R2〉
〈M, R1, R2〉

I2
44
Reachability graph
I1
〈R1, W2〉〈W1, R2〉
W1
The reachability graph
R1 〈I1, W2〉〈W1, I2〉
allows us to prove that
M
the mutual exclusion is 〈M, I1, I2〉
Windeed
2
R
enforced 2
〈M, R1, I2〉〈M, I1, R2〉
〈M, R1, R2〉

I2
44
Reachability graph
• The reachability graph of a PN contains all
the necessary information to decide:
• boundedness
• place boundedness
• semi-liveness
• ...
45
Reachability graph
16 CHAPTE
• Unfortunately...
〈p2〉 t1
p1
t3 • t2
p2
p3
Figure 2.1: The SMPN Nµ

46
Reachability graph
16 CHAPTE
〈p2〉 t1
p1
〈p1,p2〉
t3 • t2
p2
p3

46
Reachability graph
16 CHAPTE
〈p2〉 t1
p1
〈p1,p2〉
t3 • t2
〈2p1,p2〉〈p3〉 p2
p3

46
Reachability graph
16 CHAPTE
〈p2〉 t1
p1
〈p1,p2〉
t3 • t2
〈2p1,p2〉〈p3〉 p2
〈3p1,p2〉〈p1,p3〉 p3

46
Reachability graph
16 CHAPTE
〈p2〉 t1
p1
〈p1,p2〉
t3 • t2
〈2p1,p2〉〈p3〉 p2
〈3p1,p2〉〈p1,p3〉 p3

46
Reachability graph
16 CHAPTE
〈p2〉 t1
Reachability graphs can
be infinite
p1
〈p1,p2〉
t3 • t2
〈2p1,p2〉〈p3〉 p2
〈3p1,p2〉〈p1,p3〉 p3

46
The hard stuff...
• The main difficulty in analysing Petri nets is

due to the possibly infinite number of
reachable markings.
• We have to find techniques to deal with
this infinite set.
47
The hard stuff...
• Remark: finite doesn’t mean easy

• The set of reachable markings of a
bounded net can be huge !
• Efficient techniques to deal with bounded
nets have been developped.
• e.g.: net unfoldings
48
Place invariants
49
Place Invariants
read R1 read R2
idle I2
idle
write write
m(R1) + m(R2) + m(I2) =1
50
Place Invariants
read R1 read R2
idle I2
idle
write write
m(R1) + m(R2) + m(I2) =1
51
Place Invariants
read R1 read R2
idle I2
idle
write write
m(R1) + m(R2) + m(I2) = 2
52
Place Invariants
read R1 read R2
idle I2
idle
write write
m(R1) + m(R2) + m(I2) = 0
53
Place Invariants
read R1 read R2
idle I2
The total number of idle
tokens in these places

is not constant
write write
m(R1) + m(R2) + m(I2) = 0
53
Place Invariants
read R1 read
idle
I1 idle
W1 write write
m(R1) + m(W1) + m(I1) = 1
54
Place Invariants
read R1 read
idle
I1 idle
W1 write write
m(R1) + m(W1) + m(I1) = 1
55
Place Invariants
read R1 read
idle
I1 idle
W1 write write
m(R1) + m(W1) + m(I1) = 1
56
Place Invariants
read R1 read
The total number of

idle
is constant
I1 idle
W1 write write
m(R1) + m(W1) + m(I1) = 1
56
Place Invariants
read R1 read
The total number of

idle
is constant
I1 idle
This provides
meaningful information
about the system: a
W1 write write process is either idle,
or reading or writing
m(R1) + m(W1) + m(I1) = 1
56
Place Invariants
p3
p1
2 p2 p4
m(p1) + m(p2) + m(p3) + m(p4) = 1
57
Place Invariants
p3
p1
2 p2 p4
m(p1) + m(p2) + m(p3) + m(p4) = 3
58
Place Invariants
p3
p1
2 p2 p4
m(p1) + m(p2) + m(p3) + m(p4) = 2
59
Place Invariants
p3
p1
2 p2 p4
m(p1) + m(p2) + m(p3) + m(p4) = 1
60
Place Invariants
p3
p1
2 p2 p4
The total number of

m(p
is not 1) + m(p2) + m(p3) + m(p4) = 1
constant
60
Place Invariants
p3
p1
2 p2 p4
The total number of In some sense, tokens

tokens in these places in p1 are heavier than
m(p
is not 1) + m(p2) + m(p3) + m(p
constant 4) =in1 p2
those
60
Place Invariants
p3
p1
Let’s add weights to p4

p2
2
the places !
2
The total number of In some sense, tokens

tokens in these places in p1 are heavier than
m(p
is not 1) + m(p2) + m(p3) + m(p
constant 4) =in1 p2
those
60
Place Invariants
p3
p1
2 p2 p4
3 m(p1) + m(p2) + m(p3) + 2 m(p4) = 3
61
Place Invariants
p3
p1
2 p2 p4
3 m(p1) + m(p2) + m(p3) + 2 m(p4) = 3
62
Place Invariants
p3
p1
2 p2 p4
3 m(p1) + m(p2) + m(p3) + 2 m(p4) = 3
63
Place invariant:
Definition
• Definition: a place-invariant (or p-semiflow)
is a vector i of natural numbers s.t. for any
reachable marking m:
∑ i(p) × m(p) = ∑ i(p) × m0(p)

p∈P p∈P
remark: there exists a trivial invariant i = 〈0, 0, .., 0〉
64
Example: other
invariants
p3
p1
2 p2 p4
m(p1) + m(p3) = 1
2 m(p1) + m(p2) + 2 m(p4) = 2
65
Invariants as over-
approximations
• A place-invariant expresses a constraint on
the reachable markings.
• If m is reachable and i is an invariant, then:
∑ i(p) × m(p) = ∑ i(p) × m0(p)
p∈P p∈P
• The reverse is not true !
66
Example
p3
p1
2 p2 p4
m(p1) + m(p3) = 1
is an invariant
but〈1, 25, 0, 234〉 is not reachable
67
Invariants as over-
approximations
• Theorem: For any Petri net N:
Reach(N)
⊆
{m | m respects some invariant of N}
68
Invariants as over-
approximations
Reach(N)
⊆
This set
overapproximates the
reachable markings
68
Invariants as over-
approximations
Reach(N)
⊆
Place invariants are
This set
thus useful to finitely
overapproximates the
approximate the set of
reachable markings
reachable markings
68
Place invariant and
boundedness
• Theorem: If there exists a place invariant i
and a place p s.t. i(p)>0 then p is bounded.
• Remark: the reverse is not true.
• One can find a bounded net that doesn’t
have a place invariant i with i(p)>0 for
each place.
69
Place invariant
• Question: how do we compute them ?
70
Matrix characterisation
• The negative effect (consumption) of all
the transitions on all the places can be
summarised in one matrix:
 
I1(p1) I2(p1) · · · Ik(p1) neg. eff. on p1
I1(p2) I2(p2) · · · Ik(p2) neg. eff. on p2
W =
−
 .. .. . . . .. 

I1(pn) I2(pn) · · · Ik(pn)
where, for any i: ti =〈Ii,Oi〉

71
Matrix characterisation
• The same can be done with the positive
effects:
 
O1(p1) O2(p1) · · · Ok(p1) pos. eff. on p1
+
O1(p2) O2(p2) · · · Ok(p2)pos. eff. on p
W =
 .. .. . . . .. 
 2
O1(pn) O2(pn) · · · Ok(pn)
where, for any i: ti =〈Ii,Oi〉

72
Incidence Matrix
• The global effect of every transition can be
summarised as a single matrix:
W = W + −W −
W is called the incidence matrix of the net
73
16
Example CHAPT
   
101 010
+   t1
W = 0 0 1 W = 0 1 0
−
010 001
p1
  t3 • t2
1 −1 1 p2
W = 0 −1 1 
0 1 −1 p3
Figure 2.1: The SMPN N

74
16
Example CHAPT
   
101 010
+   t1
W = 0 0 1 W = 0 1 0
−
010 001
p1
  t3 • t2
1 −1 1 p2
W = 0 −1 1 
0 1 −1 p3

74
16
Example CHAPT
   
101 010
+   t1
W = 0 0 1 W = 0 1 0
−
010 001
p1
  t3 • t2
1 −1 1 p2
W = 0 −1 1 
0 1 −1 p3

74
Computing place
invariants
• Intuitively, if i is a place invariant it should
assign weights to the places such that the
positive and negative effects of every
transition are balanced
• Thus, for any transition t =〈I, O〉we
should have:
∑ I(p) × i(p) = ∑ O(p) × i(p)
p∈P p∈P
75
Computing place
invariants
should have:
∑ I(p) × i(p) = ∑ O(p) × i(p)
p∈P p∈P
1 2
2
75
Computing place
invariants
should have:
∑ I(p) × i(p) = ∑ O(p) × i(p)
p∈P p∈P
1 2
2
75
Computing place
invariants
should have:
∑ I(p) × i(p) = ∑ O(p) × i(p)
p∈P p∈P
1 2
2
75
Computing place
invariants
should have:
∑ I(p) × i(p) = ∑ O(p) × i(p)
p∈P p∈P
1 2
2
75
Computing place
invariants
∑ I(p) × i(p) = ∑ O(p) × i(p)
p∈P p∈P
means
! "
∑ O(p) − I(p) × i(p) = 0
p∈P
76
Computing place
invariants
∑ I(p) × i(p) = ∑ O(p) × i(p)
p∈P p∈P
means
! "
∑ O(p) − I(p) × i(p) = 0
p∈P
t =〈I, O〉
76
Computing place
invariants
∑ I(p) × i(p) = ∑ O(p) × i(p)
p∈P p∈P
means
! "
∑ O(p) − I(p) × i(p) = 0
p∈P
 
· · · O(p1) − I(p1) · · ·
· · · O(p2) − I(p2) · · ·
t =〈I, O〉 W =  .. ..

.. 
· · · O(pn) − I(pn) · · ·
76
Computing place
invariants
∑ I(p) × i(p) = ∑ O(p) × i(p)
p∈P p∈P
means
! "
∑ O(p) − I(p) × i(p) = 0
p∈P
 
· · · O(p1) − I(p1) · · ·
· · · O(p2) − I(p2) · · ·
t =〈I, O〉 W =  .. ..

.. 
· · · O(pn) − I(pn) · · ·
76
Computing place
invariants
! "
∑ O(p) − I(p) × i(p) = 0
p∈P
is thus the scalar product of i and the column

of W that corresponds to transition t
77
Computing place
invariants
! "
∑ O(p) − I(p) × i(p) = 0
p∈P

Since this must hold for any t, we obtain:
77
Computing place
invariants
! "
∑ O(p) − I(p) × i(p) = 0
p∈P

Theorem: any solution i to the following system of
equations is a place-invariant:
77
Computing place
invariants
! "
∑ O(p) − I(p) × i(p) = 0
p∈P

Theorem: any solution i to the following system of
equations is a place-invariant:
i ×W = 0
77
Example
CHAPTER 2. PRELIMINARIES
t1  
1 −1 1
p1 W = 0 −1 1 
t3 •
p2
t2
0 1 −1
p3
t2
2 · m(p1 )
t1
p1
78
Example
t1  
1 −1 1
p1 W = 0 −1 1 
t3 •
p2
t2
0 1 −1
p3
!i1N, µi.2, i3" ×W

Figure 2.1: The SMPN =0
t2
2 · m(p1 )
t1
p1
78
Example
t1  
1 −1 1
p1 W = 0 −1 1 
t3 •
p2
t2
0 1 −1
p3
!i1N, µi.2, i3" ×W


 i1 =0
−i1−i2+i3 t= 2 0
 2 · m(p1 )
i1+i2−it 3 = 0
1
p1
78
Example
t1  
1 −1 1
p1 W = 0 −1 1 
t3 •
p2
t2
0 1 −1
p3
!i1N, µi.2, i3" ×W

 
 i1 =0 i1 =0
−i1−i2+i3 t= 2 0 −i2+i3 = 0
 2 · m(p1 ) 
i1+i2−it 3 = 0 +i2−i3 = 0
1
p1
78
Example
t1  
1 −1 1
p1 W = 0 −1 1 
t3 •
p2
t2
0 1
Any vector of the form
−1
〈0, i, i〉
p3
is a place invariant
!i1N, µi.2, i3" ×W
 
 i1 =0 i1 =0
−i1−i2+i3 t= 2 0 −i2+i3 = 0
 2 · m(p1 ) 
i1+i2−it 3 = 0 +i2−i3 = 0
1
p1
78
Proving properties
t1
Let us choose 〈0, 1, 1〉
p1
as place-invariant
t3 • t2
p2
p3
t2
2 · m(p1 )
t1
p1
79
Proving properties
t1
p1
as place-invariant
t3 • t2
p2
This means that p2 and p3 are
p3 bounded !
t2
2 · m(p1 )
t1
p1
79
Proving properties
t1
p1
as place-invariant
t3 • t2
p2
p3 bounded !

For any reachable marking m:
0 m(p1) +1 m(p2) + 1 m(p3) = 0 m0(p1) + 1 m0(p2) + 1 m0(p3)

t2
2 · m(p1 )
t1
m(p2) + m(p3) = 1
p1
79
Proving properties
t1
p1
as place-invariant
t3 • t2
p2
p3 bounded !

For any reachable marking m:
0 m(p1) +1 m(p2) + 1 m(p3) = 0 m0(p1) + 1 m0(p2) + 1 m0(p3)

t2
2 · m(p1 )
t1
m(p2) + m(p3) = 1
p1 Hence, mutual exclusion is enforced !
79
Proving properties
read read
idle
M
idle
W1 W2
write write
i(M) = i(W1) = i(W2) = 1 and i(p) = 0 otherwise

80
Proving properties
read read
idle
M
idle
W1 W2
write write
i(M) = i(W1) = i(W2) = 1 and i(p) = 0 otherwise

Hence, mutual exclusion is enforced !
80
Karp & Miller
and
the coverability set
81
The reachability tree
16
revisited CHAPTE
• Reminder: reachability trees can be infinite
〈0p1,p2〉 t1
〈1p1,p2〉 p1
〈2p1,p2〉〈p3〉 t3 • t2
p2
〈3p1,p2〉〈p1,p3〉
p3
Figure 2.1: The SMPN N 82

16
revisited CHAPTE
〈0p1,p2〉 t1
〈1p1,p2〉 p1
〈2p1,p2〉〈p3〉 t3 • t2
p2
〈3p1,p2〉〈p1,p3〉
p3

16
revisited CHAPTE
〈0p1,p2〉 t1
〈1p1,p2〉 Increasing sequences

of markings appear p1
on
〈2p1,p2〉〈p3〉 unbounded t 3 • t2
places p2
〈3p1,p2〉〈p1,p3〉
p3

revisited
• Let us summarise this infinite sequence
〈0p1,p2〉
〈1p1,p2〉
〈2p1,p2〉
〈3p1,p2〉
83
revisited
〈0p1,p2〉
〈1p1,p2〉
limit
〈2p1,p2〉
〈3p1,p2〉
83
revisited
〈0p1,p2〉
〈1p1,p2〉
limit 〈 ωp1,p2〉
〈2p1,p2〉
〈3p1,p2〉
83
revisited
ω must be regarded as:
〈0p1,p2〉
“any number of tokens”
〈1p1,p2〉
〈2p1,p2〉
〈3p1,p2〉
83
revisited
ω must be regarded as:
〈0p1,p2〉
〈1p1,p2〉
〈2p1,p2〉
〈3p1,p2〉 Main idea of the Karp and
Miller algorithm
83
Karp & Miller
• Propose in 1969 a solution to detect

unbounded places of a Petri net
84
Monotonicity
• Petri nets induce (strongly) monotonic
transition systems:
m3
!
m1 t m2
• In particular:
if
85
Monotonicity
transition systems:
m3 m4
!
m1 t m2
• In particular:
if
85
Monotonicity
transition systems:
m3 t m4
!
m1 t m2
• In particular:
if
85
Monotonicity
transition systems:
m3 t m4
≺
!
!
m1 t m2
• In particular:
if
85
Monotonicity
transition systems:
m3 t m4
≺
!
!
m1 t m2
• In particular:
!i1, i2, i3"
if
85
Monotonicity
transition systems:
m3 t m4
≺
!
!
m1 t m2
• In particular:
!i1, i2, i3" !i"1, i"2, i"3#
if
85
Monotonicity
transition systems:
m3 t m4
≺
!
!
m1 t m2
• In particular:
!i1, i2, i3" !i"1, i"2, i"3#
if
85
Monotonicity
transition systems:
m3 t m4
≺
!
!
m1 t m2
• In particular:
if
!i1, i2, i3"
≺ !i"1, i"2, i"3#
85
Monotonicity
transition systems:
m3 t m4
≺
!
!
m1 t m2
• In particular:
if
!i1, i2, i3"
≺ !i"1, i"2, i"3#
<
85
Monotonicity
transition systems:
m3 t m4
≺
!
!
m1 t m2
• In particular:
if
!i1, i2, i3"
≺ !i"1, i"2, i"3#
then p2 is
unbounded
<
85
Example
〈1, 0, 0, 0〉
86
Example
〈1, 0, 0, 0〉
〈0, 0, 1, 0〉
86
Example
〈1, 0, 0, 0〉
〈0, 0, 1, 0〉
〈0, 0, 0, 1〉
86
Example
〈1, 0, 0, 0〉
〈0, 0, 1, 0〉
〈0, 0, 0, 1〉
〈0, 0, 0, 1〉〈1, 0, 1, 1〉
86
Example
〈1, 0, 0, 0〉
〈0, 0, 1, 0〉
〈0, 0, 0, 1〉
〈0, 0, 0, 1〉〈1, 0, 1, 1〉
86
Example
〈1, 0, 0, 0〉
〈0, 0, 1, 0〉
〈0, 0, 0, 1〉
〈0, 0, 0, 1〉〈1, 0, 1, 1〉
86
Example
〈1, 0, 0, 0〉
〈0, 0, 1, 0〉
〈0, 0, 0, 1〉
〈0, 0, 0, 1〉〈1, 0, 1, 1〉
86
Example
〈1, 0, 0, 0〉
〈0, 0, 1, 0〉
p1, p3 and p4 are
unbounded ! 〈0, 0, 0, 1〉
〈0, 0, 0, 1〉〈1, 0, 1, 1〉
86
Example
〈1, 0, 0, 0〉
〈0, 0, 1, 0〉
p1, p3 and p4 are
unbounded ! 〈0, 0, 0, 1〉
〈 ω, 0, ω, ω〉
〈0, 0, 0, 1〉〈1, 0, 1, 1〉
86
Example
〈1, 0, 0, 0〉 ω must be regarded as:
〈0, 0, 1, 0〉
p1, p3 and p4 are
unbounded ! 〈0, 0, 0, 1〉
〈 ω, 0, ω, ω〉
〈0, 0, 0, 1〉〈1, 0, 1, 1〉
86
E-mail address: gigeerae@ulb.ac.be
Karp & Miller

E-mail address: jraskin@ulb.ac.be
E-mail address: lvbegin@ulb.ac.be

Acceleration
Abstract. blahblah n1
This is how we compute the m1
successors of a node n:
n2
foreach Successor m! of m do m2
m ω ← m! ;
foreach ancestor ni s.t. mi ≺ m! do n
foreach place p s.t. mi (p) < m! (p) do m
mω (p) ← ω;
Add mω as child of n;
Départment d’Informatique – Université Libre de Bruxelles – Belg

87
Karp & Miller


Acceleration
n2
m ω ← m! ;
mω (p) ← ω;
Add mω as child of n; m’

87
Karp & Miller


Acceleration
n2
m ω ← m! ;
mω (p) ← ω;
≺

87
Karp & Miller


Acceleration
n2
m ω ← m! ;
mω (p) ← ω;
≺

87
Karp & Miller


Acceleration
n2
m ω ← m! ;
mω (p) ← ω;
≺

87
Karp & Miller


Acceleration
n2
m ω ← m! ;
mω (p) ← ω;
≺

87
Karp & Miller


Acceleration
n2
m ω ← m! ;
mω (p) ← ω;
≺

87
Karp & Miller


Acceleration
n2
m ω ← m! ;
mω (p) ← ω;
≺

87
Karp & Miller


Acceleration
n2
m ω ← m! ;
mω (p) ← ω;
≺

87
Karp & Miller


Acceleration
n2
m ω ← m! ;
mω (p) ← ω;
≺

87
Karp & Miller


Acceleration
n2
m ω ← m! ;
mω (p) ← ω;

87
Karp & Miller


Acceleration
n2
m ω ← m! ;
mω (p) ← ω;
Add mω as child of n; m
ω

87
Karp & Miller
Stopping a branch
m1
!
m2
This node doesn’t have to be developed
88
Example
16
of K&M tree
CHAPTER
〈0, 1, 0〉
t1
p1
t3 • t2
p2
p3

89
Example
16
of K&M tree
CHAPTER
〈0, 1, 0〉
t1
p1
t3 • t2
p2
p3
t1
(0,1,0) (1,1,0) ≺ (0,1,0)Figure 2.1: The SMPN Nµ.
89
Example
16
of K&M tree
CHAPTER
〈0, 1, 0〉
t1 t1
〈ω,1,0〉
p1
t3 • t2
p2
p3
t1
89
Example
16
of K&M tree
CHAPTER
〈0, 1, 0〉
t1 t1
〈ω,1,0〉
t1
p1
〈ω,1,0〉 t3 • t2
p2
p3
t1
89
Example
16
of K&M tree
CHAPTER
〈0, 1, 0〉
t1 t1
〈ω,1,0〉
t1 t2
p1
〈ω,1,0〉〈ω,0,1〉 t3 • t2
p2
p3
t1
89
Example
16
of K&M tree
CHAPTER
〈0, 1, 0〉
t1 t1
〈ω,1,0〉
t1 t2
p1
〈ω,1,0〉〈ω,0,1〉 t3 • t2
t1 p2
〈ω,0,1〉
p3
t1
89
Example
16
of K&M tree
CHAPTER
〈0, 1, 0〉
t1 t1
〈ω,1,0〉
t1 t2
p1
〈ω,1,0〉〈ω,0,1〉 t3 • t2
t1 t3 p2
〈ω,0,1〉〈ω,1,0〉
p3
t1
89
Properties
• Theorem: the K&M tree is always finite.
• Idea of the proof:
• if the net is not bounded, it is because of
some infinite increasing sequence of
markings.
• such sequences are detected in a finite
amount of time by adding ω in the
unbounded places.
90
Properties
• Theorem: a net is bounded iff there is no
node containing an ω in its K&M tree.
• Theorem: place p is unbounded iff there
exists a node labeled by m in the K&M tree
s.t. m(p) = ω.
• Theorem: transition t is semi-live iff there
exists a node labeled by m in the K&M tree
s.t. t can fire in m.
91
16
Example CHAPTER
〈0, 1, 0〉
t1
t1
〈ω,1,0〉 p1
t1 t2
t3 • t2
〈ω,1,0〉〈ω,0,1〉 p2
t1 t3
p3
〈ω,0,1〉〈ω,1,0〉
92
16
Example CHAPTER
〈0, 1, 0〉
t1
t1
〈ω,1,0〉 p1
t1 t2
t3 • t2
〈ω,1,0〉〈ω,0,1〉 p2
t1 t3
p3
〈ω,0,1〉〈ω,1,0〉
t2 is semi-live Figure 2.1: The SMPN Nµ .
92
16
Example CHAPTER
〈0, 1, 0〉
t1
t1
〈ω,1,0〉 p1
t1 t2
t3 • t2
〈ω,1,0〉〈ω,0,1〉 p2
t1 t3
p3
〈ω,0,1〉〈ω,1,0〉
t2 is semi-live Figure 2.1: The SMPN Nµ .
p2 and p3 are bounded
92
16
Example CHAPTER
〈0, 1, 0〉
t1
t1
〈ω,1,0〉 p1
t1 t2
t3 • t2
〈ω,1,0〉〈ω,0,1〉 p2
t1 t3
p3
〈ω,0,1〉〈ω,1,0〉
t2 is semi-live p1 is2.1:
Figure unbounded
The SMPN Nµ .
p2 and p3 are bounded
92
16
Example CHAPTER
〈0, 1, 0〉
t1
t1
〈ω,1,0〉 p1
t1 t2
t3 • t2
〈ω,1,0〉〈ω,0,1〉 p2
t1 t3
p3
〈ω,0,1〉〈ω,1,0〉
t2 is semi-live p1 is2.1:
Figure unbounded
The SMPN Nµ .
p2 and p3 are bounded The net is unbounded
92
Coverability set
• Question: what is the relationship between:

• the set of reachable markings and
• the set of labels of the nodes of the K&M
tree ?
93
Coverability set
might be
infinite

tree ?
93
Coverability set
might be
infinite

tree ?
always finite
93
Example
94
Example
95
Example
96
Example
97
Example
• Set of reachable markings:
{〈1, 0, 3.i〉,〈0, 1, 3.i〉| i>0 }
• Set of nodes of the K&M tree: 3
{〈1, 0, 0〉〈1, 0, ω〉,〈0, 1, ω〉}
• This set “represents”:
{〈1, 0, i〉,〈0, 1, i〉| i>0 }
98
Example
• Set of reachable markings:
{〈1, 0, 3.i〉,〈0, 1, 3.i〉| i>0 }
• Set of nodes of the K&M tree: 3
{〈1, 0, 0〉〈1, 0, ω〉,〈0, 1, ω〉}
• This set “represents”:
{〈1, 0, i〉,〈0, 1, i〉| i>0 }
Clearly: ≠
98
Example
Reach K&M
{〈1, 0, 3.i〉,〈0, 1, 3.i〉| i>0 } vs {〈1, 0, i〉,〈0, 1, i〉| i>0 }
• Clearly, the K&M set contains more markings

than the set of reachable markings:
⊆
• However, for every marking m in the K&M
set, there exists a reachable marking m’ s.t.:
m’ < m
99
Example
Reach K&M
{〈1, 0, 3.i〉,〈0, 1, 3.i〉| i>0 } vs {〈1, 0, i〉,〈0, 1, i〉| i>0 }
• Clearly, the K&M set contains more markings

than the set of reachable markings:
⊆
• However, for every marking m in the K&M
set, there exists a reachable marking m’ s.t.:
m’ < m
= + {m| there is m’ in with m’ < m}
99
Downward-closure
• Let us assume that any natural number i is s.t.
i<ω
• Let m be a marking (possibly with ω), then its
downward-closure is the set:
↓m = {m’ | m’4m}
• Let S={m , m ,... m } be a set of markings, then:
1 2 k
↓S = ↓m1 ∪ ↓m2 ∪...∪↓mk
100
Examples in 2 dim.
p2 {〈1, 2〉,〈2, 4〉,〈3, 1〉} p2 {〈1, 2〉,〈2, 4〉,〈 ω, 1〉}
4 4
3 3
2 2
1 1
1 2 3 p1 1 2 3 ω p1
101
Examples in 2 dim.
p2 {〈1, 2〉,〈2, 4〉,〈3, 1〉} p2 {〈1, 2〉,〈2, 4〉,〈 ω, 1〉}
4 4
3 3
2 2
1 1
1 2 3 p1 1 2 3 ω p1
101
Examples in 2 dim.
p2 {〈1, 2〉,〈2, 4〉,〈3, 1〉} p2 {〈1, 2〉,〈2, 4〉,〈 ω, 1〉}
4 4
3 3
2 2
1 1
1 2 3 p1 1 2 3 ω p1
101
Examples in 2 dim.
p2 {〈1, 2〉,〈2, 4〉,〈3, 1〉} p2 {〈1, 2〉,〈2, 4〉,〈 ω, 1〉}
4 4
3 3
2 2
1 1
1 2 3 p1 1 2 3 ω p1
101
Examples in 2 dim.
p2 {〈1, 2〉,〈2, 4〉,〈3, 1〉} p2 {〈1, 2〉,〈2, 4〉,〈 ω, 1〉}
4 4
3 3
2 2
1 1
1 2 3 p1 1 2 3 ω p1
101
Examples in 2 dim.
p2 {〈1, 2〉,〈2, 4〉,〈3, 1〉} p2 {〈1, 2〉,〈2, 4〉,〈 ω, 1〉}
4 4
3 3
2 2
1 1
1 2 3 p1 1 2 3 ω p1
101
Examples in 2 dim.
p2 {〈1, 2〉,〈2, 4〉,〈3, 1〉} p2 {〈1, 2〉,〈2, 4〉,〈 ω, 1〉}
4 4
3 3
2 2
1 1
1 2 3 p1 1 2 3 ω p1
101
Examples in 2 dim.
p2 {〈1, 2〉,〈2, 4〉,〈3, 1〉} p2 {〈1, 2〉,〈2, 4〉,〈 ω, 1〉}
4 4
3 3
2 2
1 1
1 2 3 p1 1 2 3 ω p1
101
Examples in 2 dim.
p2 {〈1, 2〉,〈2, 4〉,〈3, 1〉} p2 {〈1, 2〉,〈2, 4〉,〈 ω, 1〉}
4 4
3 3
2 2
1 1
1 2 3 p1 1 2 3 ω p1
101
Properties of the K&M
tree
• The set of all the markings that appear in a
K&M tree is called a coverability set of the
net.
• Notation: Cover(N)
• Theorem: ↓Cover(N) = ↓Reach(N)
• Theorem: Reach(N) ⊆ ↓Cover(N)
• Hence, ↓Cover(N) is a finite over-
approximation of Reach(N)
102
16
Example CHAPTER 2
Reach(N)
= t1
{ 〈i, 1, 0〉,〈i, 0, 1〉| i ≥ 0 }
p1
Cover(N) t3 • t2
= p2
↓{ 〈ω, 1, 0〉,〈ω, 0, 1〉 }
= p3
Reach(N) ∪ { 〈0, 0, 0〉 }
103
On the efficient computation
On theofefficient
the minimal coverability
computation of thesetminimal
for Petricoverability
nets 15
set for Petri n
mpirical evaluation
Table 1.of Empirical
the covering sequence.
evaluation of Experiments on an I NTEL
the covering sequence. X EON 3GH
Experiments onZan. I NTEL X E
conds (× =Timesno result
in seconds
MCS = size transitions;
of the minimal
Vi ∪Oi ∪Fi |,P.i =≥max{|V
1} ; Tot.i ∪O
Advertisement
within (× 20 minutes).
MCScoverability
= no resultP within
= size of the
P. =i total
∪Fi |,number
i ≥ 1}of
= number
setminimal
pairs
; Tot.
of places;PT==number
20 minutes).
; Tp = Bounded or Unbounded
coverability
P. created
numberofofplaces; T =
PN; Max
set ; Tp = Bounded
along the
= total number of whole execution
pairs created
or Unbounde
along the who
xample
P On T theMCS • Tp
Recently,
Namecomputation
efficient
KM
Example
Nodes
POnT the
we
Time
MCS
of
Cov. Seq. KM
have
Max
theTpminimal
efficient P.Nodes
w/o Oracle Cov. Seq.
defined
Tot. P. of
a
Time
coverability
computation
new
Max
Max P.
thesetminimal
CovProc
algorithm
for Petri
w/o Oracle
Tot.
netsP. Time
Time
P. coverability
P. 15Max
set
CovP
P. Tot
for Petri ne
9 12 9 RTP B to compute
91612 0.18 9 B the coverability
47 1647 0.18 0.10 set of
47
47 a Petri
47 0.10
47 0.13 47
11 9 evaluation
mpirical 14 Table B net.
lamport the11 839 evaluation
of Empirical
1. covering 140.18 B of
sequence. 115 115 0.18
83
Experiments
the covering 0.17 115
115
on an I NTEL
sequence. 115
X115
EON 3GH
Experiments 0.17
0.17 115 X E1
. I NTEL
on Zan
14 12 (×
econds 20 =TimesBno result 60912 (×
within
in seconds
peterson 14 20
202.19
minutes).
= no 170P within
B result 170
=609number 0.21
202.19 170
of places;
minutes). 170
170PT= =170 number
number 0.25
ofofplaces;
0.21 170 T =1
16
MCS
V13
14 = 40
i ∪O9 i ∪F
• It minimal
B the
sizetransitions;
ofdekker is7,936
41i |,P.ireadwrite
B=≥max{|V
several
MCS
16 14
1} ;11,139
Tot.
40 order
=258.95
coverability
size
P.9=i529.91
i ∪O ∪F
total
765
ofB theset
iB≥ 1,103
41i |,number 1} of
; of
Tp
minimal
7,936magnitudes
=765
1,103
; 11,139
Tot.
pairs
Bounded
coverability
258.95
1.43
P. created
= 529.91
total number
along
set ;more
1.13 or Unbounded
765
765
1,103
765
Tp =765
1,103
of whole
the pairs
1.03
PN;1.13
BoundedMax
1.75
created
or Unbounde
along
execution
765
the whol
7
13 6 1 manuf. U
efficient13
than K&M 1,103 1,103 1.43 1,103 1,1
13326 0.19 1 U 9 32 101 0.190.18 29 101 47 0.18
0.14 2
xample
16 16 1 kanban U Example
9,839
16KM 1 UCov.593
161221.96 Seq. KM 95.05 Cov.593
w/o1221.96
9,855
9,839 Oracle Seq. w/o
110Oracle
4CovProc
9,855 0.19
95.05 4CovP1
5P 4T MCS 3 Tp Name
U
basicME P5 5T
Nodes 4 MCS 3 Tp
Time
0.10 U Max P. 5Nodes
Tot.5P.5 Time
Time
0.12 Max
0.10 Max P.55 Tot.
Tot. P.
55 Time
P. 0.12 Max P.5 Tot.
Time
0.12
6
149 13
12 16 9 RTP UB >2.40·10
CSM 916
14 12
13 16 ×B
90.18 371
47 3,324
U >2.40·10 16647 14.38
0.18
×
0.10 178
47 3,324
371 248
47 0.34
0.10
47 14.38
0.13 47
178 2
5 5
22
11 20 9 24 14 lamport
UB >6.26·10
FMS 11
2283 9 14
20 24 ×B
0.18 U>4,460115 83
>6.26·10 × 0.18
115 × >4,460
0.17 115 115
477
115 × 0.17
866
115 2.10
×
0.17 115
477 18
6 6
31
14 3612 80 20 peterson
UB >1.02·10
PNCSA 14
31
609 12
36 20 80 ×B
2.19 U>5,896170 609
>1.02·10 × 2.19
170 0.21× >5,896170 13,408
2,617
170 170 0.21
× 113.79
170 × 2,617
0.25 170 13,41
18
16 2114 22040 dekkerUB >1.16·10
multipoll 18 614
16
7,936 40 × B
21 258.95
220 U>7,3967657,936
>1.16·10 6 258.95
× 1.13
765 765 14,113
14,034
× >7,396765 765 1.13
× 365.90
765 × 14,034
1.03 765 14,17
32
13 32 9 25641 readwrite
UB >8.03·10
mesh2x2 32 532
13
11,139 9 529.91
41 × B
256 1,103
U>6,369 11,139
>8.03·10 5 529.91
1,103× 1.43 1,103 12,735
10,483
1,103
× >6,369 1,103
1,103 1.43
× 330.95
1.75 1,103 12,7
× 10,483 1,1
13 6 1 manuf. U 13326 10.19U 9 32 101 0.190.18 29 101 47 0.18
0.14 2
kanban 16 16 1 U 9,839 1221.96 593 9,855 95.05 4 1041
The coverability problem
105
Reachability: a natural
question
• The reachability problem: given a marking m
is it reachable from m0 ?
m0
106
question
m0
106
question
m0
106
question
m0
106
question
m0
106
question
m0
106
question ??
• In the case of Petri nets, asking whether a

given marking is reachable does not always
make sense...
• ... because Petri nets are monotonic
107
Example
p1
p3 nasty
p2
108
Example
p1
p3 nasty
p2
108
Example
Question
is 〈0, 0, 2, 0〉
reachable ?
p1
p3 nasty
p2
108
Example
Better
Question
question
is a marking with
is 〈0, 0, 2, 0〉at
least 2reachable
tokens in? p3
p1 reachable ?
p3 nasty
p2
108
Example
Better
Question
question
Better question
is a marking with
is 〈0, 0, 2, 0〉at
is a marking
least 2reachable
tokens in? p3
p1 m <〈0, 0, 2, 0〉
reachable ?
reachable ?
p3 nasty
p2
108
The coverability
problem
Does there exist a reachable marking which
is larger than some marking b ?
b
m0
109
The coverability
problem
b
m0
109
The coverability
problem
b
m0
109
The coverability
problem
b
m0
109
The coverability
problem
b
m0
109
The coverability
problem
m’
b
m0
109
The coverability
problem
m’
!
b
m0
109
The coverability
problem
b
m0
110
The coverability
problem
b
m0
110
The coverability
problem
b
m0
110
The coverability
problem
b
m0
110
The coverability
problem
b
m0
110
The coverability
problem
Reach(N) b
m0
110
The coverability
problem
Reach(N) b
m0
110
The coverability
problem
{m | m < b}
Reach(N) b
m0
110
The coverability
problem
{m | m < b}
Reach(N) b
m0
110
The coverability
problem
• Two alternative definitions:

• Is there a reachable marking m s.t. m<b ?
• Does Reach(N) ∩ {m | m<b} ≠ ⏀ ?
111
Coverability: a natural
question (indeed)
• Coverability might be regarded as the most

natural reachability question in the
framework of Petri nets
• Besides, coverability is much more easily

solved than reachability
112
16
Safety Properties CHAPTER
t1
p1
t3 • t2
p2
p3
113
16
t1
p1
t3 • t2
p2
p3
A marking m is unsafe when m!

Figure !0,The
2.1: 0, 2, 0" Nµ
SMPN
113
16
t1
p1
No more than one token t3 • t2
at a time in this place !! p2
p3
A marking m is unsafe when m!

Figure !0,The
2.1: 0, 2, 0" Nµ
SMPN
113
First idea
• Use the coverability set !
• Remember: the coverability set over-
approximates the reachable states:
Reach(N) ⊆ ↓Cover(N)
114
First idea
Reach(N)
114
First idea
Reach(N) ↓Cover(N)
114
First idea
U
114
First idea
115
First idea
Reach(N)
115
First idea
115
First idea
U
115
First idea
U
↓Cover(N) ∩ U = ⏀
implies
Reach(N) ∩ U = ⏀
115
What if ?
↓Cover(N) U
• There is m in ↓Cover(N) ∩ U
• Hence, there is m’ < m which is in Reach(N)
• However, any m’ < m is also in U
• Thus, there is m’ both in Reach(N) and U
116
What if ?
↓Cover(N) U
116
What if ?
↓Cover(N) U
116
What if ?
↓Cover(N) U
Reach(N)
116
What if ?
↓Cover(N) U
Reach(N)
117
What if ?
↓Cover(N) U
Reach(N)
Reach(N) ∩ U = ⏀
implies
↓Cover(N) ∩ U = ⏀
117
Coverability set and
coverability problem
118
• Theorem:
Reach(N) ∩ U = ⏀ iff↓Cover(N) ∩ U = ⏀
118
• Theorem:
• Nice,...
118
• Theorem:
• Nice,...
• ...but U and ↓Cover(N) might both be infinite !
118
• Theorem:
• Nice,...
• ...but U and ↓Cover(N) might both be infinite !
• How do we test that ↓Cover(N) ∩ U = ⏀??
118
p2
4
3
2
1
1 2 3 p1
119
p2
c
4
3
2
1 ↓Cover(N)
1 2 3 p1
119
p2 U
c
4
3 b
2
1 ↓Cover(N)
1 2 3 p1
119
c<b
p2 U
c
4
3 b
2
1 ↓Cover(N)
1 2 3 p1
119
c<b
p2 U
c
4
3 b
2
1 ↓Cover(N) All we need to
remember is the
1 2 3 p1 (finite) set of minimal
elements Min(U)
119
c<b
p2 U
c
4
3 b
2
remember is the
elements Min(U)
119
c<b
↓Cover(N) ∩ U ≠ ⏀
p2 U iff
c there is c in Cover(N) and
4 b in Min(U) s.t.
3 b c<b
2
remember is the
elements Min(U)
119
Backward approach
U = {m|m<b}
120
Backward approach
U = {m|m<b}
120
Backward approach
All the markings that can reach U in
one step
U = {m|m<b}
120
Backward approach
U = {m|m<b}
120
Backward approach
U = {m|m<b}
120
Backward approach
U = {m|m<b}
120
Backward approach
In the end, we want to obtain all the
markings that can reach U in any number
of steps
U = {m|m<b}
120
Backward approach
of steps
U = {m|m<b}
∗
Pre (U ) b
120
Backward approach
of steps
U = {m|m<b}
∗
Pre (U ) b
m0
120
Backward approach
of steps
U = {m|m<b}
∗
Pre (U ) b
m0
120
Backward Approach
• Clearly:
m0 is in Pre*(U) iff Reach(N) ∩ U ≠ ⏀
• Question: can we compute Pre*(U) ?
• Yes !
121
Predecessor operator
• Symmetrically to the Post, we define the
predecessor operator:
Pre(m) = {m’ | m is in Post(m’)}
• Let us consider the sequence

U, Pre(U), Pre(Pre(U)), Pre(Pre(Pre(U))),...
• Theorem: After a finite amount of steps, the

sequence stabilises, and we obtain Pre*(U)
122
Advertisement
• Efficient datastuctures to implement this

algorithm have been defined by researchers
of the verification group at ULB.
123
More on Petri nets
124
Marking dependent effects
125
Marking-dependent
effect
• The effect of a transition is not constant
anymore, but depends on the current
marking.
p1 m(p1)+m(p2) p3
2
m(p4)
m(p2)
p2 p4
126
Marking-dependent
effect
• The effect of a transition is not constant
anymore, but depends on the current
marking.
p1 m(p1)+m(p2) p3
2
m(p4)
m(p2)
p2 p4
127
Marking-dependent
effect - resets
• In particular, we can define resets.
p1 1 p3
2
1
m(p2)
p2 p4
reset of p2
128
Marking-dependent
effect - resets
p1 1 p3
2
1
m(p2)
p2 p4
reset of p2
129
Marking-dependent
effect - resets
p1 1 p3
2
1
m(p2)
p2 p4
reset of p2
130
Reset nets
• When we have only classical PN transitions
+ resets:
• Coverability is decidable
• Boundedness is decidable
• Place boundedness is undecidable
• The coverability set is not computable
131
Marking-dependent
effect - transfers
• In particular, we can define transfers.
p1 m(p2) p3
2
1
m(p2)
p2 p4
transfer from p2 to p3
132
Marking-dependent
effect - transfers
• In particular, we can define transfers.
p1 m(p2) p3
2
1
m(p2)
p2 p4
transfer from p2 to p3
133
Usefulness of transfers
• Modelisation of broadcasts :
• A single message is sent to every process
• Each process that receives the message
moves to another state.
p1 p2
1 notifyall 1
m(waiting)
m(waiting)
waiting received
134
Transfer nets
• When we have only classical PN transitions
+ transfers:
• Coverability is decidable
• Boundedness is decidable
• Place boundedness is undecidable
• The coverability set is not computable
135
Marking-dependent
effect - zero-test
• In particular, we can define test for zero.
p1 1 p3
2
1
2m(p2)
p2 p4
enabled only if p2 is empty

136
Marking-dependent
effect - zero-test
p1 1 p3
2
1
2m(p2)
p2 p4

137
Marking-dependent
effect - zero-test
p1 1 p3
2
1
2m(p2)
p2 p4

138
Test for zero
• Once we have test-for-zero everything

becomes undecidable.
139
Coloured Petri nets
140
Coloured Petri nets
• Popular extension of the

basic model.
• Introduced by the
team of Kurt Jensen, in
the ‘80s
• used in many
applications
141
Coloured Petri nets
• Idea: add colours to the tokens

• Allow to distinguish between different
types of tokens
• The colours can model data carried by
the processes
• Transitions are aware of the colours
142
Phone example
• We have a set of customers:
• Each customer is represented by a token.
• Color of the token = Phone number.
• A customer is either inactive or
connected.
connected
inactive
143
Phone example
• A pair of inactive customers can establish a
connection.
• We want to distinguish between sender
and receiver.
connect connected
x x
y y
inactive
(x,y)
The transition Connections are

consumes recorded here as
a sender x and a tokens whose color
receiver y connections is a pair (snd, rcv)
144
Phone example
• A pair of inactive customers can establish a
connection.
• We want to distinguish between sender
and receiver.
connect connected
x x
y y
inactive
(x,y)
The transition Connections are

consumes recorded here as
a sender x and a tokens whose color
receiver y connections is a pair (snd, rcv)
145
Phone example
• The connection can be closed either by the
sender or by the receiver.
x
y
connect connected
x x
y y x
inactive y rcv breaks

(x,y)
(x,y)
146
Phone example
• The connection can be closed either by the
sender or by the receiver.
x
y
connect connected
x x
y y x

(x,y)
(x,y)
147
Phone example
x
y
x
y
snd breaks
connect connected x
y
x x
y y x

(x,y)
(x,y)
(x,y)
connections
148
Coloured Petri nets
• Several analysis methods have been

developped for this model (finite number of
colours)
• e.g.: invariants
• Some results can be achieved when the
colors have good properties
149
Tools
150
Practical Tools: Pep
151
Practical Tools: Pep
• = language to describe PN + a suite of tools
to analyse them:
• simulation
• verification (SPIN, SMV)
• translation from/to different formalisms
• ...
• Everything can be accessed through a single
graphical interface (Tcl/Tk)
http://theoretica.informatik.uni-oldenburg.de/~pep/
152
Practical Tools:
CPNTools
153
Practical Tools:
CPNTools
• Specialised in Coloured Petri nets
• Features similar to Pep:
• modelisation
• simulation
• state space analysis
• ...
http://wiki.daimi.au.dk/cpntools/cpntools.wiki
154
Conclusion
155
To conclude
• Petri nets (and their extensions) are a nice
tool to reason about concurrent systems:
• very popular
• non-trivial decision problems are
decidable
• appealing graphical representation
• tool supported
156
To conclude
• There is still a lot to explore:

• other extensions:
• Time Petri nets
• Timed Petri nets
• Stochastic Petri nets,...
157
To conclude
• Subclasses of Petri nets:
• 1-safe
• marked graphs
• free-choice
• conflict free
• ...
• Some problems are easier to decide on
these subclasses.
158
To conclude
• other problems:
• liveness
• deadlock freedom
• semi-linearity
• non-termination
• ...
159
To conclude
• Very active field of research !

• Several conference and journals entirely
dedicated to Petri nets
• ... just hop in and join us !
http://www.informatik.uni-hamburg.de/TGI/PetriNets/
160
Some references
• On Petri nets:
• Reisig, W., Petri Nets: An introduction. Springer-Verlag, 1985.
• Peterson, JL, Petri nets theory and modeling of systems, Prentice
Hall, 1981
• Girault, C. and Valk, R., Petri Nets for Systems Engineering - A Guide
to Modeling, Verification, and Applications. Springer-Verlag, Berlin,
Heidelberg, New York, 2003.
• Javier Esparza, Mogens Nielsen, Decidability Issues for Petri Nets: a
survey, Bulletin of the EATCS, 52:245--262, February 1994.
• On Petri nets with marking dependent effects:
• Valk, R.: Self-Modifying Nets, a Natural Extension of Petri Nets.
ICALP 1978: 464-476
• G. Ciardo. Petri nets with marking-dependent arc multiplicity:
properties and analysis. In R. Valette, editor, Application and Theory
of Petri Nets 1994, Lecture Notes in Computer Science 815 (Proc.
15th Int. Conf. on Applications and Theory of Petri Nets, Zaragoza,
Spain), pages 179-198. Springer-Verlag, June 1994.
161
Some references
• On the coverability problem:
• Richard M. Karp, Raymond E. Miller: Parallel Program Schemata. J.
Comput. Syst. Sci. 3(2): 147-195 (1969)
• Parosh Aziz Abdulla, Karlis Cerans, Bengt Jonsson, and Tsay Yih-
Kuen. General Decidability Theorems for Infinite-State Systems.
Proc. LICS'96, 11th IEEE Int. Symp. on Logic in Computer Science,
New Brunswick, New Jersey, USA, 1996.
• Finkel, A. and Schnoebelen, P. 2001. Well-structured transition
systems everywhere!. Theor. Comput. Sci. 256, 1-2 (Apr. 2001),
63-92. DOI= http://dx.doi.org/10.1016/S0304-3975(00)00102-X
• Geeraerts, Raskin, Van Begin, Expand, Enlarge and Check: new
algorithms for the coverability problem of WSTS. Journal of Computer
and System Sciences, volume 72(1), pp 180-203, Elsevier, 2005.
• Giorgio Delzanno, Jean-François Raskin, Laurent Van Begin:
Covering sharing trees: a compact data structure for parameterized
verification. STTT 5(2-3): 268-297 (2004).
• Geeraerts, Raskin, Van Begin. On the efficient Computation of the
Minimal Coverability set of Petri nets. In Proceedings ATVA07,
Lecture Notes in Computer Science, volume 4762, pages 98--113,
Springer Verlag.
162
Some references
• On Coloured Petri nets:
• K. Jensen: A Brief Introduction to Coloured Petri Nets. In: E. Brinksma
(ed.): Tools and Algorithms for the Construction and Analysis of
Systems. Proceeding of the TACAS'97 Workshop, Enschede, The
Netherlands 1997, Lecture Notes in Computer Science Vol. 1217,
Springer-Verlag 1997, 203-208.
• K. Jensen: An Introduction to the Theoretical Aspects of Coloured
Petri Nets. In: J.W. de Bakker, W.-P. de Roever, G. Rozenberg (eds.):
A Decade of Concurrency, Lecture Notes in Computer Science vol.
803, Springer-Verlag 1994, 230-272.
• Jensen, K, Rozenberg, G. High-level petri nets : theory and
application, Springer, 1991
163
Some references
• On other extensions of Petri nets:
• M. Ajmone Marsan, G. Balbo, G. Conte, S. Donatelli and G.
Franceschinis Modelling with Generalized Stochastic Petri Nets,
Wiley Series in Parallel Computing, John Wiley and Sons
• F. Bause, P. Kritzinger, Stochastic Petri Nets -- An Introduction to the
Theory (2nd edition), Vieweg Verlag, Germany, 2002.
• J. Wang, Timed Petri Nets, Theory and Application, Kluwer Academic
Publishers 1998, ISBN: 0-7923-8270-6.
• Louchka Popova. On time petri nets. Journal Information Processing
and Cybernetics, EIK, 27(4):227–244, 1991.
• On net unfoldings:
• J. Esparza, S. Römer, and W. Vogler. An improvement of mcmillan's
unfolding algorithm. In Proc. TACAS '96, volume 1055 of Lecture
Notes in Computer Science, pages 87-106. Springer-Verlag, 1997.
• P. A. Abdulla, S. P. Iyer, and A. Nylén. Unfoldings of Unbounded Petri
Nets. In Proc. of CAV '00, volume 1855 of Lecture Notes in Computer
Science, pages 495-507. Springer-Verlag, 2000.
• More at:
• http://www.informatik.uni-hamburg.de/TGI/PetriNets/introductions/
164
Questions ?
165

Tutorial Perti Nets Geeraerts

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Tutorial Perti Nets Geeraerts

Diunggah oleh

Hak Cipta:

Format Tersedia

An Introduction to Petri nets

and how to analyse them...

Groupe de Vérification - Département d’Informatique

Must wait for the

Employees: work in parallel

Employees: work in parallel

Employees: work in parallel

Employees: work in parallel

Employees: work in parallel

• Petri nets are a tool to model

template <typename T> T Max(T a, p6 p2 p7

(a) Step 1. (b) Step 2. (c) Step 3.

Figure 2: A counter-example to Finkel’s algorithm. Nodes and edges in grey have

(a) Step 1. (b) Step 2. (c) Step 3.

Figure 2: A counter-example to Finkel’s algorithm. Nodes and edges in grey have

Places = some type of resource

consume and produce

Now, the transition

The two machines cannot write at the

The token tells us the state of the process

The token tells us the state of the process

The token tells us the state of the process

The token tells us the state of the process

The token tells us the state of the process

Add a lock to ensure mutual exclusion

• reachability tree and reachability graph

• I: is a function s.t. t consumes I(p) tokens

Figure 2.1: The SMPN Nµ .

Figure 2.1: The SMPN Nµ .

Figure 2.1: The SMPN Nµ .

Figure 2.1: The SMPN Nµ .

Figure 2.1: The SMPN Nµ .

Figure 2.1: The SMPN Nµ .

• If two markings m and m’ are s.t.:

Reach(N) = {m reachable from m0}

Figure 2.1: The SMPN Nµ .

Figure 2.1: The SMPN Nµ .

Bounded PN All the places are bounded

• p and p are bounded

Figure 2.1: The SMPN Nµ .

• for each node labeled by m, create one

W1 〈I1, W2〉 〈M, I1, R2〉

W1 〈I1, W2〉 〈M, I1, R2〉

W1 〈I1, W2〉 〈M, I1, R2〉

〈M, I1, R2〉

W1 〈I1, W2〉 〈M, I1, R2〉

〈M, I1, R2〉

W1 〈I1, W2〉 〈M, I1, R2〉

〈M, I1, R2〉

W1 〈I1, W2〉 〈M, I1, R2〉

〈M, I1, R2〉

• Idea: build a node for each reachable

〈M, R1, R2〉

〈M, R1, R2〉

〈M, R1, R2〉

〈M, R1, R2〉

〈M, R1, R2〉

Figure 2.1: The SMPN Nµ

Figure 2.1: The SMPN Nµ

Figure 2.1: The SMPN Nµ

Figure 2.1: The SMPN Nµ

Figure 2.1: The SMPN Nµ

Figure 2.1: The SMPN Nµ

• The main difficulty in analysing Petri nets is

W1 〈I1, W2〉〈M, I1, R2〉

W1 〈I1, W2〉〈M, I1, R2〉

W1 〈I1, W2〉〈M, I1, R2〉

W1 〈I1, W2〉〈M, I1, R2〉

W1 〈I1, W2〉〈M, I1, R2〉

W1 〈I1, W2〉〈M, I1, R2〉