Petri Nets - Ptolemy ProjectPetri Nets (PNs) • Model introduced by C.A. Petri in 1962 – Ph.D....
Transcript of Petri Nets - Ptolemy ProjectPetri Nets (PNs) • Model introduced by C.A. Petri in 1962 – Ph.D....
EE249: Design of Embedded System (corrections) ASV/LL
1
1
Petri Netsee249 Fall 2000
Marco Sgroi
Most slides borrowed from Luciano Lavagno’s lecture ee249 (1998)
2
Models Of Computationfor reactive systems
• Main MOCs:– Communicating Finite State Machines– Dataflow Process Networks– Discrete Event– Codesign Finite State Machines– Petri Nets
• Main languages:– StateCharts– Esterel– Dataflow networks
EE249: Design of Embedded System (corrections) ASV/LL
2
3
Outline
• Petri nets– Introduction– Examples– Properties– Analysis techniques– Scheduling
4
Petri Nets (PNs)• Model introduced by C.A. Petri in 1962
– Ph.D. Thesis: “Communication with Automata”
• Applications: distributed computing, manufacturing, control, communication networks, transportation…
• PNs describe explicitly and graphically:– sequencing/causality– conflict/non-deterministic choice– concurrency
• Asynchronous model (partial ordering)• Main drawback: no hierarchy
EE249: Design of Embedded System (corrections) ASV/LL
3
5
Petri Net Graph• Bipartite weighted directed graph:
– Places: circles– Transitions: bars or boxes– Arcs: arrows labeled with weights
• Tokens: black dots
t1p1
p2
t2
p4
t3
p3
2
3
6
Petri Net• A PN (N,M0) is a Petri Net Graph N
– places: represent distributed state by holding tokens• marking (state) M is an n-vector (m1,m2,m3… ), where mi is the non-
negative number of tokens in place pi.• initial marking (M0) is initial state
– transitions: represent actions/events• enabled transition: enough tokens in predecessors• firing transition: modifies marking
• … and an initial marking M0. t1p1
p2 t2
p4
t3p3
2
3Places/Transition: conditions/events
EE249: Design of Embedded System (corrections) ASV/LL
4
7
Transition firing rule• A marking is changed according to the following rules:
– A transition is enabled if there are enough tokens in each input place
– An enabled transition may or may not fire– The firing of a transition modifies marking by consuming
tokens from the input places and producing tokens in the output places
2 2
3
2 2
3
8
Concurrency, causality, choice
t1
t2
t3 t4
t5
t6
EE249: Design of Embedded System (corrections) ASV/LL
5
9
Concurrency, causality, choice
Concurrency
t1
t2
t3 t4
t5
t6
10
Concurrency, causality, choice
Causality, sequencing
t1
t2
t3 t4
t5
t6
EE249: Design of Embedded System (corrections) ASV/LL
6
11
Concurrency, causality, choice
Choice,conflict
t1
t2
t3 t4
t5
t6
12
Concurrency, causality, choice
Choice,conflict
t1
t2
t3 t4
t5
t6
EE249: Design of Embedded System (corrections) ASV/LL
7
13
Confusion• t1 and t2 are concurrent but their firing order is not
irrelevant for conflict resolution (not local choice)• From (1,1,0,0,0):
– solving a conflict (t1,t2) (0,0,0,0,1),(0,0,1,1,0)– not solving a conflict (t2,t1) (0,0,1,1,0)
t1
t2
t3p1 p3
p2 p4
p5
14
Communication Protocol
P1
Send msg
Receive Ack
Send Ack
Receive msg
P2
EE249: Design of Embedded System (corrections) ASV/LL
8
15
Communication Protocol
P1
Send msg
Receive Ack
Send Ack
Receive msg
P2
16
Communication Protocol
P1
Send msg
Receive Ack
Send Ack
Receive msg
P2
EE249: Design of Embedded System (corrections) ASV/LL
9
17
Communication Protocol
P1
Send msg
Receive Ack
Send Ack
Receive msg
P2
18
Communication Protocol
P1
Send msg
Receive Ack
Send Ack
Receive msg
P2
EE249: Design of Embedded System (corrections) ASV/LL
10
19
Communication Protocol
P1
Send msg
Receive Ack
Send Ack
Receive msg
P2
20
Producer-Consumer Problem
Produce
Consume
Buffer
EE249: Design of Embedded System (corrections) ASV/LL
11
21
Producer-Consumer Problem
Produce
Consume
Buffer
22
Producer-Consumer Problem
Produce
Consume
Buffer
EE249: Design of Embedded System (corrections) ASV/LL
12
23
Producer-Consumer Problem
Produce
Consume
Buffer
24
Producer-Consumer Problem
Produce
Consume
Buffer
EE249: Design of Embedded System (corrections) ASV/LL
13
25
Producer-Consumer Problem
Produce
Consume
Buffer
26
Producer-Consumer Problem
Produce
Consume
Buffer
EE249: Design of Embedded System (corrections) ASV/LL
14
27
Producer-Consumer Problem
Produce
Consume
Buffer
28
Producer-Consumer Problem
Produce
Consume
Buffer
EE249: Design of Embedded System (corrections) ASV/LL
15
29
Producer-Consumer Problem
Produce
Consume
Buffer
30
Producer-Consumer Problem
Produce
Consume
Buffer
EE249: Design of Embedded System (corrections) ASV/LL
16
31
Producer-Consumer Problem
Produce
Consume
Buffer
32
Producer-Consumer Problem
Produce
Consume
Buffer
EE249: Design of Embedded System (corrections) ASV/LL
17
33
Producer-Consumer Problem
Produce
Consume
Buffer
34
Producer-Consumer Problem
Produce
Consume
Buffer
EE249: Design of Embedded System (corrections) ASV/LL
18
35
Producer-Consumer with priority
Consumer B can consume only if buffer A is empty
Inhibitor arcs
A
B
36
PN properties
• Behavioral: depend on the initial marking (most interesting)– Reachability– Boundedness– Schedulability– Liveness– Conservation
• Structural: do not depend on the initial marking (often too restrictive)– Consistency– Structural boundedness
EE249: Design of Embedded System (corrections) ASV/LL
19
37
Reachability
• Marking M is reachable from marking M0 if there exists a sequence of firings σ= M0 t1 M1 t2 M2… M that transforms M0 to M.
• The reachability problem is decidable.
t1p1
p2t2
p4
t3p3
Μ 0 = (1,0,1,0)M = (1,1,0,0)
Μ 0 = (1,0,1,0)t3
M1 = (1,0,0,1)t2
M = (1,1,0,0)
38
• Liveness: from any marking any transition can become fireable– Liveness implies deadlock freedom, not viceversa
Liveness
Not live
EE249: Design of Embedded System (corrections) ASV/LL
20
39
• Liveness: from any marking any transition can become fireable– Liveness implies deadlock freedom, not viceversa
Liveness
Not live
40
• Liveness: from any marking any transition can become fireable– Liveness implies deadlock freedom, not viceversa
Liveness
Deadlock-free
EE249: Design of Embedded System (corrections) ASV/LL
21
41
• Liveness: from any marking any transition can become fireable– Liveness implies deadlock freedom, not viceversa
Liveness
Deadlock-free
42
• Boundedness: the number of tokens in any place cannot grow indefinitely– (1-bounded also called safe)– Application: places represent buffers and registers (check
there is no overflow)
Boundedness
Unbounded
EE249: Design of Embedded System (corrections) ASV/LL
22
43
• Boundedness: the number of tokens in any place cannot grow indefinitely– (1-bounded also called safe)– Application: places represent buffers and registers (check
there is no overflow)
Boundedness
Unbounded
44
• Boundedness: the number of tokens in any place cannot grow indefinitely– (1-bounded also called safe)– Application: places represent buffers and registers (check
there is no overflow)
Boundedness
Unbounded
EE249: Design of Embedded System (corrections) ASV/LL
23
45
• Boundedness: the number of tokens in any place cannot grow indefinitely– (1-bounded also called safe)– Application: places represent buffers and registers (check
there is no overflow)
Boundedness
Unbounded
46
• Boundedness: the number of tokens in any place cannot grow indefinitely– (1-bounded also called safe)– Application: places represent buffers and registers (check
there is no overflow)
Boundedness
Unbounded
EE249: Design of Embedded System (corrections) ASV/LL
24
47
Conservation
• Conservation: the total number of tokens in the net is constant
Not conservative
48
Conservation
• Conservation: the total number of tokens in the net is constant
Not conservative
EE249: Design of Embedded System (corrections) ASV/LL
25
49
Conservation
• Conservation: the total number of tokens in the net is constant
Conservative
2
2
50
Analysis techniques
• Structural analysis techniques– Incidence matrix– T- and S- Invariants
• State Space Analysis techniques– Coverability Tree– Reachability Graph
EE249: Design of Embedded System (corrections) ASV/LL
26
51
Incidence Matrix
• Necessary condition for marking M to be reachable from initial marking M0:there exists firing vector v s.t.:
M = M0 + A v
p1 p2 p3t1t2
t3A=A=
--11 00 0011 11 --1100 --11 11
t1 t2 t3p1p2p3
52
State equations
p1 p2 p3t1
t3
A=A=--11 00 0011 11 --1100 --11 11
• E.g. reachability of M =|0 0 1|T from M0 = |1 0 0|T
but also vbut also v2 2 = | 1 1 2 |= | 1 1 2 |TT or anyor any vvkk = | 1 (k) (k+1) |= | 1 (k) (k+1) |TT
t2
110000
++--11 00 0011 11 --1100 --11 11
000011
==110011
vv1 1 ==110011
EE249: Design of Embedded System (corrections) ASV/LL
27
53
Necessary Condition only
2 2
Firing vector: (1,2,2)
t1
t2
t3
Deadlock!!
54
State equations and invariants
• Solutions of Ax = 0 (in M = M0 + Ax, M = M0)T-invariants– sequences of transitions that (if fireable) bring back to original marking – periodic schedule in SDF– e.g. x =| 0 1 1 |T
p1 p2 p3t1
t3
A=A=--11 00 0011 11 --1100 --11 11
t2
EE249: Design of Embedded System (corrections) ASV/LL
28
55
Application of T-invariants
• Scheduling– Cyclic schedules: need to return to the initial state
i *k2 +
*k1
Schedule: i *k2 *k1 + oT-invariant: (1,1,1,1,1)
o
56
State equations and invariants
• Solutions of yA = 0S-invariants– sets of places whose weighted total token count does not
change after the firing of any transition (y M = y M’)– e.g. y =| 1 1 1 |T
p1 p2 p3t1
t3
AATT==--11 11 0000 11 --1100 --11 11
t2
EE249: Design of Embedded System (corrections) ASV/LL
29
57
Application of S-invariants
• Structural Boundedness: bounded for any finite initial marking M0
• Existence of a positive S-invariant is CS for structural boundedness – initial marking is finite– weighted token count does not change
58
Summary of algebraic methods
• Extremely efficient (polynomial in the size of the net)
• Generally provide only necessary or sufficientinformation
• Excellent for ruling out some deadlocks or otherwise dangerous conditions
• Can be used to infer structural boundedness
EE249: Design of Embedded System (corrections) ASV/LL
30
59
Coverability Tree• Build a (finite) tree representation of the markings
Karp-Miller algorithm• Label initial marking M0 as the root of the tree and tag it as new• While new markings exist do:
– select a new marking M– if M is identical to a marking on the path from the root to M, then tag M as
old and go to another new marking– if no transitions are enabled at M, tag M dead-end– while there exist enabled transitions at M do:
• obtain the marking M’ that results from firing t at M• on the path from the root to M if there exists a marking M’’ such that
M’(p)>=M’’(p) for each place p and M’ is different from M’’, then replace M’(p) by ω for each p such that M’(p) >M’’(p)
• introduce M’ as a node, draw an arc with label t from M to M’ and tag M’ as new.
60
Coverability Tree• Boundedness is decidable
with coverability tree
p1 p2 p3
p4
t1t2
t3
1000
EE249: Design of Embedded System (corrections) ASV/LL
31
61
Coverability Tree• Boundedness is decidable
with coverability tree
p1 p2 p3
p4
t1t2
t3
1000
0100t1
62
Coverability Tree• Boundedness is decidable
with coverability tree
p1 p2 p3
p4
t1t2
t3
1000
0100
0011
t1
t3
EE249: Design of Embedded System (corrections) ASV/LL
32
63
Coverability Tree• Boundedness is decidable
with coverability tree
p1 p2 p3
p4
t1t2
t3
1000
0100
0011
t1
t3
0101t2
64
Coverability Tree• Boundedness is decidable
with coverability tree
Cannot solve the reachability and liveness problems
p1 p2 p3
p4
t1t2
t3
1000
0100
0011
t1
t3
t2010ω
EE249: Design of Embedded System (corrections) ASV/LL
33
65
Coverability Tree• Boundedness is decidable
with coverability tree
Cannot solve the reachability and liveness problems
p1 p2 p3
p4
t1t2
t3
1000
0100
0011
t1
t3
t2010ω
66
Reachability graph
p1 p2 p3t1t2
t3
100
• For bounded nets the Coverability Tree is called Reachability Tree since it contains all possible reachable markings
EE249: Design of Embedded System (corrections) ASV/LL
34
67
Reachability graph
p1 p2 p3t1t2
t3
100
010t1
• For bounded nets the Coverability Tree is called Reachability Tree since it contains all possible reachable markings
68
Reachability graph
p1 p2 p3t1t2
t3
100
010
001
t1
t3
• For bounded nets the Coverability Tree is called Reachability Tree since it contains all possible reachable markings
EE249: Design of Embedded System (corrections) ASV/LL
35
69
Reachability graph
p1 p2 p3t1t2
t3
100
010
001
t1
t3t2
• For bounded nets the Coverability Tree is called Reachability Tree since it contains all possible reachable markings
70
Subclasses of Petri nets• Reachability analysis is too expensive• State equations give only partial information • Some properties are preserved by reduction rules
e.g. for liveness and safeness
• Even reduction rules only work in some cases• Must restrict class in order to prove stronger results
EE249: Design of Embedded System (corrections) ASV/LL
36
71
Subclasses of Petri nets: SMs• State machine: every transition has at most 1
predecessor and 1 successor• Models only causality and conflict
– (no concurrency, no synchronization of parallel activities)
72
Subclasses of Petri nets: MGs• Marked Graph: every place has at most 1 predecessor
and 1 successor• Models only causality and concurrency (no conflict)
• Same as underlying graph of SDF
EE249: Design of Embedded System (corrections) ASV/LL
37
73
Subclasses of Petri nets: FC nets
• Free-Choice net: every transition after choice has exactly 1 predecessor
74
Free-Choice Petri Nets (FCPN)
Free-Choice (FC)
Extended Free-Choice Confusion (not-Free-Choice)
t1
t2
Free-Choice: the outcome of a choice depends on the value of a token (abstracted non-deterministically) rather than on its arrival time.
Easy to analyze
EE249: Design of Embedded System (corrections) ASV/LL
38
75
Free-Choice nets
• Introduced by Hack (‘72)• Extensively studied by Best (‘86) and Desel and
Esparza (‘95)• Can express concurrency, causality and choice without
confusion• Very strong structural theory
– necessary and sufficient conditions for liveness and safeness, based on decomposition
– concurrency, causality and choice relations are mutually exclusive
– exploits duality between MG and SM
76
MG (& SM) decomposition• An Allocation is a control function that chooses which
transition fires among several conflicting ones ( A: P T).• Eliminate the subnet that would be inactive if we were to use
the allocation...
• Reduction Algorithm– Delete all unallocated transitions– Delete all places that have all input transitions already
deleted– Delete all transitions that have at least one input place
already deleted• Obtain a Reduction (one for each allocation) that is a conflict
free subnet
EE249: Design of Embedded System (corrections) ASV/LL
39
77
• Choose one successor for each conflicting place:
MG reduction and cover
78
• Choose one successor for each conflicting place:
MG reduction and cover
EE249: Design of Embedded System (corrections) ASV/LL
40
79
• Choose one successor for each conflicting place:
MG reduction and cover
80
• Choose one successor for each conflicting place:
MG reduction and cover
EE249: Design of Embedded System (corrections) ASV/LL
41
81
• Choose one successor for each conflicting place:
MG reduction and cover
82
MG reductions• The set of all reductions yields a cover of MG
components (T-invariants)
EE249: Design of Embedded System (corrections) ASV/LL
42
83
MG reductions• The set of all reductions yields a cover of MG
components (T-invariants)
84
SM reduction and cover
• Choose one predecessor for each transition:
EE249: Design of Embedded System (corrections) ASV/LL
43
85
SM reduction and cover
• Choose one predecessor for each transition:
86
SM reduction and cover
• Choose one predecessor for each transition:
• The set of all reductions yields a cover of SM components (S-invariants)
EE249: Design of Embedded System (corrections) ASV/LL
44
87
Hack’s theorem (‘72)
• Let N be a Free-Choice PN:– N has a live and safe initial marking (well-formed)
if and only if• every MG reduction is strongly connected and not empty, and
the set of all reductions covers the net• every SM reduction is strongly connected and not empty, and
the set of all reductions covers the net
88
Hack’s theorem
• Example of non-live (but safe) FCN
EE249: Design of Embedded System (corrections) ASV/LL
45
89
Hack’s theorem
• Example of non-live (but safe) FCN
90
Hack’s theorem
• Example of non-live (but safe) FCN
EE249: Design of Embedded System (corrections) ASV/LL
46
91
Hack’s theorem
• Example of non-live (but safe) FCN
92
Hack’s theorem
• Example of non-live (but safe) FCN
EE249: Design of Embedded System (corrections) ASV/LL
47
93
Hack’s theorem
• Example of non-live (but safe) FCN
94
Hack’s theorem
• Example of non-live (but safe) FCN
EE249: Design of Embedded System (corrections) ASV/LL
48
95
Hack’s theorem
• Example of non-live (but safe) FCN
96
Hack’s theorem
• Example of non-live (but safe) FCN
EE249: Design of Embedded System (corrections) ASV/LL
49
97
Hack’s theorem
• Example of non-live (but safe) FCN
98
Hack’s theorem
• Example of non-live (but safe) FCN
EE249: Design of Embedded System (corrections) ASV/LL
50
99
Hack’s theorem
• Example of non-live (but safe) FCN
100
Hack’s theorem
• Example of non-live (but safe) FCN
EE249: Design of Embedded System (corrections) ASV/LL
51
101
Hack’s theorem
• Example of non-live (but safe) FCN
102
Hack’s theorem
• Example of non-live (but safe) FCN
EE249: Design of Embedded System (corrections) ASV/LL
52
103
Hack’s theorem
• Example of non-live (but safe) FCN
Not live
104
Other results for LSFC nets
• Let t1 and t2 be two transitions of a live and safe Free-Choice net. Then t1 and t2 are:– sequential if
there exists a simple cycle to which both belong
– concurrent if they are not ordered, and there exists an MG component to which both belong
– conflicting otherwise
EE249: Design of Embedded System (corrections) ASV/LL
53
105
Summary of LSFC nets
• Largest class for which structural theory really helps
• Structural component analysis may be expensive (exponential number of MG and SM components in
the worst case)
• But… – number of MG components is generally small– FC restriction simplifies characterization of
behavior
106
Petri Net extensions• Add interpretation to tokens and transitions
– Colored nets (tokens have value)
• Add time– Time/timed Petri Nets (deterministic delay)
• type (duration, delay)• where (place, transition)
– Stochastic PNs (probabilistic delay)– Generalized Stochastic PNs (timed and immediate
transitions)
• Add hierarchy– Place Charts Nets
EE249: Design of Embedded System (corrections) ASV/LL
54
107
Summary of Petri Nets
• Graphical formalism• Distributed state (including buffering)• Concurrency, sequencing and choice made
explicit• Structural and behavioral properties• Analysis techniques based on
– linear algebra (only sufficient)– structural analysis (necessary and sufficient only for
FC)