A polynomial-time graph algorithm to decide liveness ... - Springer Link

Download PDF
0 downloads 0 Views 816KB Size Report
Comment
Conservatoire National des Arts et M6fiers. 292 rue Saint-Martin, 75003 Paris - France e.mail: barkaoui@ cnam.cnam.fr. (2) Laboratoke MASI. Universit6 Paris 6.
A Polynomial-time Graph Algorithm to Decide Liveness of some Basic Classes of Bounded Petri Nets Kamel Barkaoui(1) and Michel Minoux(2) (1) Laboratoire CEDRIC Conservatoire National des Arts et M6fiers 292 rue Saint-Martin, 75003 Paris - France e.mail: barkaoui@ cnam.cnam.fr

(2) Laboratoke MASI Universit6 Paris 6 4 place Jussieu,75005 Paris - France

A b s t r a c t . This paper is related to structural analysis of Petri nets where liveness and boundedness issues are addressed through the analysis of the combinatorial properties of the underlying graph. We first recall a number of basic results about liveness and boundedness involving combinatorial substructures (deadlocks and traps). It is then shown that testing whether a bounded Extended Free Choice net or a Non Self-Controlling net is structurally live can be reduced to the search for a strongly connected deadlock which is not a trap. This problem, in turn, is shown to be solvable in polynomial time through a purely combinatorial algorithm making combined use of Tarjan's strong connectivity algorithm and Minoux's LTUR algorithm for solving Horn satisfiability problems. Once structural liveness has been proved, testing liveness for a given initial marking is akeady known to be polynomially solvable.

1 Introduction Petri nets are used as a good modelling tool for the study of complex distributed systems in various areas of Computer Science, of Electrical and Industrial Engineering and other fields. One of their most attractive features is the existence of a variety of analysis techniques which can be grouped into two broad classes. The first class is based upon the reachability graph, i.e, the complete enumeration of the state space. It gives full information, but even when it is finite, its computational cost grows extremely fast with the net size [19].However, one can take advantage of transformations and decomposition methods aimed at reducing the size of the state space representation [5,28]. The second class is based upon structural analysis of the net. Structural analysis attempts to find a relationship between the behavior of the net and its structure. Two different subclasses can be distinguished: Linear algebraic analysis. The net is studied through its associated incidence matrix and the corresponding net state equation. Its results are of particular importance since they are independent of any initial marking. The most useful approach is based on the concept of invariance [15]. Graph theoretical analysis. The behaviour of the net is related to the graph theoretical and combinatorial properties of the underlying graph and subgraphs corresponding to remarkable substructures such as deadlocks and traps [8] among others. This kind of

63 analysis allows one to recognize some structural (topological) properties which are easierto-investigate and necessary or sufficient to deduce good behavioural properties. The present paper is intended as a graph theoretical and algorithmic contribution to structural analysis. It is organized as follows. In Section 2, we recall some basic definitions and results of structural analysis used in the rest of this paper. In Section 3, we give a graph theoretical characterization of strongly connected deadlocks which are not traps, valid for Extended Free Choice (EFC) and Non Self-Controlling (NSC) nets. Section 4 presents a polynomial time graph algorithm to decide liveness for bounded EFC and NSC nets. In the general case of arbitrary nets these problems are known to be expspace hard [17,13].

2

Basic Definitions and Results

We consider in our study P/T systems in the sense of [25], but finite, i.e IPI< to a n d ITI< to, and without capacity constraints.

2.1

Place-Transition Nets

The quintuple N = (P,T, F,W; M 0) is called a place - transition net (P / T net) iff: (1) G = (P, T, F,W) is a weighted directed bipartite graph where P and T are two non empty, disjoint sets of nodes whose elements are respectively called places and transitions. IPl=number of places,ITl=number of transitions.Places are drawn as circles and traalsitions as boxes. F c (PxT)U(TxP) is the set of arcs (representing the flow relation), IFl---m and W: P ...... >IN+= ~ - {0} is the weight function. (2) M 0 : P ....... > ~ ts the initial marking of N. According to standard notation in graph theory [4], I being any subset of nodes in G, we will denote by V+(I) (resp I-" (I)) the subset of nodes which are terminal endpoints (respectively initial endpoints) of arcs originating (respectively terminating) in I.

2.2

Incidence Matrix

Given an arbitrary numbering of the elements in P and T, a matrix C: PxT .... >;P indexed by P and T such that C(pi, tj) = W(tj, Pi) - W(pi, tj) is called the incidence matrix of N ( with W(x,y) = 0 if (x,y) ~" F). A column-vector f: P ..... > ~ indexed by P is called a P-vector of N.

2.3

Reachability

A transition t is called enabled under a marking M of N iff V p e F" (t), M(p) > W(p,t). Let a transition t be enabled under a marking M. Then t may be fired, yielding a new marking M ' given by: M'(p) = M(p) - W(p,0 VpE I-" (0; M'(p)=M(p) +W(t,p) Vpe C+(t) and M'(p) = M(p) V p ~ V- (0 UV+(t) 9 This is denoted by M--t-->M ' A sequence of transitions s = t 1 t2...tk is a f'wing sequence of N iff there exists a sequence M0,tl,Ml,t2...,tk,M k such that V i 1_0. It is easy to see that the set of deadlocks (resp traps) is stable under union (U). Also we will use the concepts of a minimal deadlock (a deadlock which does not properly contains any other deadlock), and of maximal trap (a trap which is not properly contained in any other trap).

2.7

Commoner's Property [ 8]

Let N be a P/T net, N satisfies Commoner's property iff the two following conditions hold: (1) every minimal deadlock of N contains a trap, (2) the maximal trap of each minimal deadlock is marked for M0. Condition (1) alone is referred to as Commoner's structural property [221.

2.8

Pseudo-liveness

Let N be P/T net satisfying Commoner's property. Then N is pseudo-live [12]. However for a number of classes of P/T nets, Commoner's property implies also liveness. This is the case for Asymmetric Choice (or simple) nets [8] and Non Self-Controlling nets [ 10], for which we recall the definition below.

2.9

Asymmetric Choice Nets (AC) [8]

N a P/T net is called Asymmetric Choice net (AC) iff V p,p' e P: F+(p)NF+(p')# o implies F+(p)C_ F+(p ') or F+(p')C_ F+(p). If we change "or" by " a n d " in the definition above, we get the definition of Extended Free Choice (EFC) [11] nets which are therefore a subclass of AC nets.

65

2.10

Non-self Controlling Nets (NSC) [10]

N a P/T net is called a Non Self-Controlling net iff Vp~ P such that is no q ~ [-+(p) such that the two following conditions hold:

Ir+(p)l__. 2

there

(1) there is an elementary path of the form (p,q,...tk) for some tk E r + ( p ) , tkt-ti ; (2) there is a circuit containing both p and ti.

2.11

Minimal Deadlock Properties

An efficient characterization of minimal deadlocks and traps in graph theoretical terms is given in [3]. We recall here the following results.

Property 1: Let D be a deadlock of any P/T net: (a) If D is a minimal deadlock, then D is a strongly connected deadlock [11]. (b) If D satisfies the two following conditions: (1) D is strongly connected, (2) Vt~ l-" (D): II-'(t)f)Dl=l, then D is a minimal deadlock ([1] Corollary 1,Chap 2, or [3] Lemma 2- Section 3). For AC and NSC nets it has been shown that having both (1) and (2) is also necessary in [20]; and necessary and sufficient in [1 - Properties 4, 6 - Chap 3].

Property 2: Let N be a bounded AC or NSC net. N satisfies Commoner's property iff any minimal deadlock of N is a trap. Proof: (==>) Since N satisfies Commoner's property, N is live. Suppose there exists a minimal deadlock which is not a trap. Let S be its maximal trap S ~ D ( ~ denotes strict inclusion). Then as consequence of property 1Co), Vt ~ I-+(S), we have II-'(t)lqSl=l so, the column-vector f given by f(p)=l Vpe S and f(p)=0 V p ~ ' S satisfies ft.c>0 (~0) where C is the incidence matrix of N. Algebraic analysis ensures [7] that N cannot be live and bounded, contradiction with hypothesis. ( < ~ ) it holds by definition 9

3

On Deadlock- Trap properties of EFC and NSC Nets

Because Commoner's property is also a necessary liveness condition for EFC and NSC nets [20], the following property is a direct consequence of property 2.

3.1

Property 3

Let N be a bounded EFC or NSC net. N is live iff any minimal deadlock of N is a marked trap. This property extends the result given in [6] valid for Bounded Free Choice nets, a subclass of bounded EFC or NSC nets. It follows from property 3 that testing structural liveness of a bounded EFC or NSC net can be carried out by looking for a minimal deadlock which is not a trap. Suppose a procedure can be designed which is guaranteed to fred such a deadlock (as soon as at least one exists) or to prove that no such deadlock exists. Clearly, in the former case the given net cannot be live (property 3) ; while in the latter case we know that every minimal

66 deadlock is also a trap, hence Commoner's structural property is satisfied, which proves structural liveness of the given net. Once structural liveness is established, liveness is deduced after checking that no unmarked deadlock for Mo exist in the net. This check is easily carried out in polynomial time using the basic algorithm given in [23]. The algorithm to be described in section 4 actually relies on theorem 3.3 below which shows that for EFC and NSC nets (bounded or not), instead of having to look for a minimal deadlock which is not a trap, it is enough to look for a strongly connected deadlock which is not a trap.We first state and prove a preliminary result.

3.2

Lemma 1

Let N be an EFC or NSC net, and ~ and p* two given places in N. (i) if N is an EFC net, and if there exists a (directed) path from p* to ~ , then there exists an elementary path ~ fromp* t o ~ satisfying: Vt~ ~ : IF'(t)N~I=I (ii) if N is a NSC net and if there exists an elementary (directed) circuit 12 through p* and ~ , then the subpath ~ from p* to ~ induced by ~t is such that: Vte ~ : I F ' ( 0 N ~ I =1 Proof: (i) Since there exists at least one path from p* to ~ , let ~ be one such path having minimum number of arcs. Obviously ~f is elementary. Suppose now that there exists some transition t 1 on ~ such that F ' ( t l ) O ~ = {Pl,P2}, Pl being the predecessor of tl on ~ . P2 cannot lie between p* and p] on ~ (otherwise a shorter path between p* and ~a would exist). We have therefore the configuration shown on Fig.1. Let t2 be the immediate successor of P2 on 1"[. Since N is an EFC net, and Pl and P2 have a common output transition (tl), it should be true that l-+(pl) =F+(p2). Therefore there exists an arc (pl,t2); this could be used to build a path joining p* to ~ shorter than ~ , and a contradiction is obtained. From this, we conclude that i f N is an EFC net, then Vt~ 1"[ : IF'(t)NTtI=I.

p*

1--I:

pl

p2

~ ~

t2

,"

Fig.1. If F- (tl)lq~ = {pl,p2} and if N is an EFC net, then an arc (pl,t2) should exist (in dotted line) contradicting the fact that ~ has minimum number of arcs. (ii) Let Ix be an elementary (directed) circuit through p* and ~ in N, and let I"[ be the subpath from p* to ~ induced by ~. Suppose that there exists a transition tl on 1"[ such that F ' ( t l ) N ~ = {pl,p2}, Pl being the predecessor Oftl on Tt (see Fig.2).

67

p Jlf"

/

11

tl s

t2

p2

Fig.2. if F ' ( t l ) n ~ ={pl,p2} then a contradiction with the definition of a NSC net is obtained . Let t2 be the immediate successor of P2 on ~ . We observe that we have both: a circuit running through P2 and t2 and: an elementary path of the form: P2,t2 .... ~,...p*...tl where tl e I-+(p2). Since this is a contradiction with the definition of an NSC net, we can conclude that Vte ~ : l F ' ( 0 n ~ l =1

4,

We can now state: 3.3

Theorem

1

Let N be an EFC or NSC net and let D be a strongly connected deadlock of N which is not a trap, then there exists a minimal deadlock D * C D which is not a trap. Moreover the proof is constructive. Proof: Throughout the proof, F-D(~) will denote F ' f ~ ) N F ' ( D ) and FID(~;) will denote F-(r Since we assume that D is strongly connected and not a trap, (F'(D) ~ F+(D) ) then there exists an output shared place p* e D, a transition t* e F+(p *) such that t * ~ F-(D) and a transition t e F+(p *) OF'(D). (i) Since D is strongly connected, the subgraph GD induced by DU F'(D) is strongly connected, and therefore there exists in GD an elementary circuit ~ containing p*. In view of the proof of lemma 3.2, it is always possible to construct ~ such that, for any transition t e S N T : Ir-(t)n fLI -- ]. (if N is an F~C net take an elementary circuit through p*, having no chord; if N is a NSC net take any elementary circuit containing p*). If there exists no place ~ e ~., and transition Ce r"D(~) such that F'D( r = then ~., (the set of its places actually) is a deadlock which is minimal (property l(b)) and the theorem is proved. Suppose now that ,I~ is not a deadlock, i.e that there is a place and a transition Ce r " ( ~ ) such that F"D(r

= o. Since GD is strongly connected,

68 applying lemma 1 it is possible to find an elementary path l"t in G D joining p* to ~ (via r such that: Vt~ l't : IF'(0f'll"t I=1. We now show that appending to i f the nodes and the arcs of a subpath ~' of ~ , we can build an "augmented subgraph" of GD denoted ~=[Po', TO-, FO-] with the following properties: (P1) ~ is strongly connected ; (P2) ~r

To-:lF'D(t)nPO" I=1.

(ii) For that purpose let us visit rc starting from ~a and traversing the arcs of re in the direction opposite to their orientation. Let ~,r162162 the succession of nodes encountered. We stop as soon as a node of re is met such that one of its predecessors in GD belongs to ~.,. Case1: Suppose first that this node is a place, ~ TO" by adding {r

1,r

say. In this case we obtain PO- and

to the nodes of ft., and ~ is the subgraph of GD induced

by PO- and TO-. Clearly, ~ as defined above satisfies (P1) and (P2). Case 2 : Suppose now that the last node visited on re before meeting i f is a transition, r

say. Let us show that necessarily I F ' D ( ~ ) flCl=l.Suppose that F'D(r

{pl,p2} , (see Fig. 3). If N is an EFC net, Pl and P2 have a common output transition (r

therefore one should have [-+(pl) = I-+(p2), hence an arc (pl,t2) must exist ,where

t2 e ~-, is the transition immediately following P2 on I~.,. Thus [-'(t2)fl~., = {Pl,P2} which is a contradiction with the fact that: Vt ~ Zs IF'(0n,~l =1. Now, if N is a NSC net, tl being the transition immediately following Pl on Z~.,, we observe that we have both: a circuit running through Pl ant tl and: an elementary path of the form: pl,tl,...~,...P2,45~, where r ~ F+(pl).This contradicts the definition of a NSC net. Therefore we may conclude that I["'D(tc~)nifl= 1. In this case, PO- and TO- are obtained by adding {r ...'~,45~} to the nodes of ~ and ~ is the subgraph of GD induced by PO- and TO" 9 Clearly ~ satisfies (P1) and (P2). (iii) Observe now that all the arguments of the above reasoning still apply to the more general case where i f is replaced by any strongly connected subgraph ~ of GD containing p* and satisfying (P2). This shows that, as long as ~ does not satisfy the deadlock condition, (i,e as long as there exists some place ~ such that 45 ~ F'(~) and 45~" ~) then can be "augmented" to a new strongly connected subgraph ~' of GD satisfying (P 1) and (I>2). Since GD is finite and satisfies the deadlock condition, after a finite number of augmentations a subgraph Y~ = [ Po- ,TO-, FO-] satisfying the deadlock condition in addition to (P1) and (P2) will necessarily be obtained,

69

~"I

,- .,W" "*

t2

~ 7"-'~p2

U Fig.3..t~

is the first node on the antipath (~a,4;,~al,~1 ..~a~,~..) / I- " D ( ~ ) n ,~r

o

Assuming Ir"D(~)lq$~.,l~, 2 leads to a contradiction in both cases where R is an EFC or a NSC net.

In view of property l(b), this subgraph corresponds to a minimal deadlock which is not a trap (since it contains p*), and the theorem is proved. It should be observed that the above proof is constructive and can easily be converted into an algorithm for finding the desired minimal deadlock D'C_ D. Finding shortest paths (with minimum number of arcs) or elementary circuits are the only basic ingredients necessary to build such an algorithm. A direct consequence of the above, which will be useful to the SLT algorithm of section 4 is: 3.4

Corollary 1

Let N be a bounded EFC or NSC net. N is live iff every strongly connected deadlock D of N is a marked trap. Proof: (==>): Suppose there exists a strongly connected deadlock D which is not a trap, by theorem 3.3, there exists a minimal deadlock which is not a trap, so property 3.1 implies that N cannot be live. ( i.e if D is an unmarked trap). (