PN modelling

Software EngineeringCOMP 201Lecturer: Sebastian CoopeAshton Building, Room G.18E-mail: coopes@liverpool.ac.uk

COMP 201 web-page:http://www.csc.liv.ac.uk/~coopes/comp201

Lecture 9, 10 Modelling Based on Petri Nets

1High-Level Petri NetsThe classical Petri net was invented by Carl Adam Petri in 1962.A lot of research has been conducted (>10,000 publications).Until 1985 it was mainly used by theoreticians.Since the 80s their practical use has increased because of the introduction of high-level Petri nets and the availability of many tools. High-level Petri nets are Petri nets extended withcolour (for the modelling of attributes)time (for performance analysis)hierarchy (for the structuring of models, DFD's)2COMP201 - Software Engineering2Why do we need Petri Nets?Petri Nets can be used to rigorously define a system (reducing ambiguity, making the operations of a system clear, allowing us to prove properties of a system etc.)They are often used for distributed systems (with several subsystems acting independently) and for systems with resource sharing.Since there may be more than one transition in the Petri Net active at the same time (and we do not know which will fire first), they are non-deterministic.3COMP201 - Software Engineering3The Classical Petri Net ModelA Petri net is a network composed of places ( ) and transitions ( ).t2p1p2p3p4t3t1Connections are directed and between a place and a transition, or a transition and a place (e.g. Between p1 and t1 or t1 and p2 above).Tokens ( ) are the dynamic objects.

4COMP201 - Software Engineering4The Classical Petri Net ModelAnother (equivalent) notation is to use a solid bar for the transitions:t2p1p2p3p4t3t1We may use either notation since they are equivalent, sometimes one makes the diagram easier to read than the other..The state of a Petri net is determined by the distribution of tokens over the places (we could represent the above state as (1,2,1,1) for (p1,p2,p3,p4))

5COMP201 - Software Engineering5Transition t1 has three input places (p1, p2 and p3) and two output places (p3 and p4).Place p3 is both an input and an output place of t1.p1p2p3p4t16COMP201 - Software EngineeringTransitions with Multiple Inputs and Outputs6Enabling ConditionTransitions are the active components and places and tokens are passive components.A transition is enabled if each of the input places contains tokens.t1t2Transition t1 is not enabled, transition t2 is enabled.

7COMP201 - Software Engineering7FiringAn enabled transition may fire.Firing corresponds to consuming tokens from the input places and producing tokens for the output places.t2t2Firing is atomic (only one transition fires at a time, even if more than one is enabled)

8COMP201 - Software Engineering8An Example Petri Net9COMP201 - Software Engineering9Example: Life-Cycle of a Personbachelorchildmarriedpubertymarriagedivorcedeathdead

10COMP201 - Software Engineering10Creating/Consuming Tokens11COMP201 - Software EngineeringA transition without any input can fire at any time and produces tokens in the connected places:After firing 3 times..T1T1T1T1P1P1P1P111Creating/Consuming Tokens12COMP201 - Software EngineeringA transition without any output must be enabled to fire and deletes (or consumes) the incoming token(s):After firing 3 times..T1T1T1T1P1P1P1P112Non-Determinism in Petri NetsTwo transitions fight for the same token: conflict.Even if there are two tokens, there is still a conflict.The next transition to fire (t1 or t2) is arbitrary (non-deterministic).t1t213COMP201 - Software Engineering13ModellingStates of a process can be modelled by tokens in places and state transitions leading from one state to another are modelled by transitions.

Tokens can represent resources (humans, goods, machines), information, conditions or states of objects.Places represent buffers, channels, geographical locations, conditions or states.Transitions represent events, transformations or transportations.14COMP201 - Software Engineering14Modelling a Traffic Light15COMP201 - Software Engineering15Modelling Two Traffic Lights16COMP201 - Software Engineering Imagine that we are designing a traffic light system for a crossroads junction (i.e. with two sets of (simplified) lights). An informal specification of a traffic light junction:

A single traffic light turns from Red to Green to Amber and then back to Red (well ignore red and amber for now). There are two sets of lights. When one of the traffic lights is Amber or Green, the other must be Red.

As a first step, we may decide to model the system as a Petri net. This allows us to make sure the specification is rigorously defined and reduces potential ambiguities later. We can also prove properties about the model if we wish.

16Example: Traffic Lightrgredambergreenyrgy17COMP201 - Software Engineering17Two Traffic Lightsrg1red1amber1green1yr1gy1rg2red2amber 2green2yr2gy218COMP201 - Software Engineering18Two Safe Traffic Lightsrg1red1amber1green1yr1gy1rg2red2amber 2green2yr2gy2safe19COMP201 - Software Engineering19Two Safe and Fair Traffic Lightsrg1red1yellow1green1yr1gy1rg2red2yellow2green2yr2gy2safe2safe120COMP201 - Software Engineering20Exercise1) Can you prove that the Petri net from the previous slide will never allow two red lights to be shown simultaneously?21COMP201 - Software Engineering21ExerciseCOMP201 - Software Engineering22Arcs in Petri NetsThe number of arcs between two objects specifies the number of tokens to be produced/consumed (we can alternatively represent this by writing a number next to a single arc).This can be used to model (dis)assembly processes.blackredbbrrbr23COMP201 - Software Engineering23Some DefinitionsCurrent state (also called current marking) - The configuration of tokens over the places.Reachable state - A state reachable form the current state by firing a sequence of enabled transitions.Deadlock state - A state where no transition is enabled.

blackredbbrrbr24COMP201 - Software Engineering24Some DefinitionsIf we write the places in some fixed order (red, black say), then we can use a tuple: (n,m) to denote the number of tokens in each corresponding place (n tokens in red and m tokens in black).The example below is thus in state (3,2). After firing transition rr, it will move to state (1,3) etc..

blackredbbrrbr25COMP201 - Software Engineering257 reachable states, 1 deadlock state.blackredbbrrbr(3,2)(1,3)(3,1)(1,2)(3,0)(1,1)(1,0)rrrrrrbrbrbb\brbb\brbb\br26COMP201 - Software Engineering26Exercise: Readers and WritersHow many states are reachable?Are there any deadlock states?How to model the situation with 2 writers and 3 readers?How to model a "bounded mailbox" (buffer size =4)?restmail_boxreceive_mailtype_mailreadyrestbeginsend_mailread_mail27COMP201 - Software Engineering27ExerciseCOMP201 - Software Engineering2828The Four Seasons29COMP201 - Software EngineeringLet us try to model the four seasons of the year together with their properties by a Petri net.We would like to denote the current season {spring, summer, autumn, winter}, the temperature {hot, cold} and the light level {bright, dark}.As a first step, let us model the seasons (with a token to represent that it is currently autumn).29The Four Seasons30COMP201 - Software Engineering0SummerAutumnWinterSpring30The Four Seasons31COMP201 - Software Engineering0SummerAutumnWinterSpringHotColdDarkBright31High-Level Petri NetsIn practice, classical Petri nets have some modelling problems: The Petri net becomes too large and too complex.It takes too much time to model a given situation.It is not possible to handle time and data.

Therefore, we use high-level Petri nets, i.e. Petri nets extended with:colourtimehierarchy32COMP201 - Software Engineering32To explain the three extensions we use the following example of a hairdresser's salon:startwaitingfinishbusyfreeclient waitinghairdresser ready to beginNote how easy it is to model the situation with multiple hairdressers..33COMP201 - Software EngineeringExample - High-Level Petri Netsfinished33The Extension with ColourA token often represents an object having all kinds of attributes.Therefore, each token has a value (colour) with refers to specific features of the object modelled by the token.startwaitingfinishbusyfreename: Harryage: 28experience: 2name: Sallyage: 28hairtype: BL34COMP201 - Software Engineeringfinished34Each transition has an (in)formal specification which specifies:the number of tokens to be produced,the values of these tokens,and (optionally) a precondition.The complexity is divided over the network and the values of tokens.This results in a compact, manageable and natural process description.35COMP201 - Software EngineeringThe Extension with Colour35Examplesc := a+babc+b := -abnegaif a> 0then b:= aelse c:=afiabcselecta >=0 | b := absqrtaExercise:calculate |a+b| using these buiding blocks36COMP201 - Software Engineering36The Extension with TimeTo analyse performance, we must model durations, delays, etc.A timed Petri net associates a pair tmin and tmax with each transition (there are other possible definitions for timed Petri net, but we shall only consider this one).startwaitingfinishbusyfreeTmin = 0Tmax = 337COMP201 - Software EngineeringTmin = 5Tmax = 10finished37The Extension with TimeThe values tmin and tmax, tell us the minimum and maximum time that a transition will take to fire once enabled.This allows us to model performance properties of the system, although the analysis of such systems may be more difficult.startwaitingfinishbusyfreeTmin = 0Tmax = 338COMP201 - Software EngineeringTmin = 5Tmax = 10finished38The Extension with TimeQuestion: What is the minimum/maximum time for all three people to have their hair cut in this system? (Harder) Question: What about with n clients and m hairdressers? Is there a general formula for the required time?startwaitingfinishbusyfreefinishedTmin = 0Tmax = 339COMP201 - Software EngineeringTmin = 5Tmax = 1039ExerciseCOMP201 - Software Engineering4040The Extension with HierarchyA hierarchy is a mechanism to structure complex Petri nets comparable to Data Flow Diagrams.A subnet is a net composed out of places, transitions and other subnets.This allows us to model a system at different levels of abstraction and can reduce the complexity of the model.We shall see an example of this on the next slide..41COMP201 - Software Engineering41The Extension with Hierarchywaitingreadyh1h2h3startfinishbusyfree42COMP201 - Software EngineeringHere we expand subnet h3..42Exercise: Remove Hierarchywaitingreadyh1h2h3startfinishbusyfreebeginendpendingbeginendpending43COMP201 - Software Engineering43Another ExampleRecall the following example of an informal specification from a critical system [1] :The message must be triplicated. The three copies must be forwarded through three different physical channels. The receiver accepts the message on the basis of a two-out-of-three voting policy.Questions: Can you identify any ambiguities in this specification?How could we model this system with a Petri net?44[1] - C. Ghezzi, M. Jazayeri, D. Mandrioli, Fundamentals of Software Engineering, Prentice Hall, Second Edition, page 196 - 19844Message TriplicationCOMP201 - Software Engineering45P1P2P3Original MessageTvoting1Tvoting2Tvoting3Message CopiesTmin = c1Tmax = k1Tmin = c2Tmax = k2Tvoting1: P1 = P2Tvoting2: P1 = P3Tvoting3: P2 = P3Tmin = c3Tmax = k345Message Triplication (2)COMP201 - Software Engineering46P1P2P3Original MessageTvotingMessage CopiesTmin = c1Tmax = k1Tmin = c2Tmax = k2Tvoting: (P1 = P2) or (P2 = P3) or (P1 = P3) else ERROR Tmin = c3Tmax = k346A Final Note on Petri NetsWe can see from the previous example that the ambiguity (or impreciseness) in the informal specification for the message triplication protocol is clearly highlighted by the more formal Petri net model.We can also perform some analysis on the model itself, for example to see if certain bad states ever occur or if deadlock/livelock is possible in the model.Finally we can represent timing constraints (to encode even more constraints on the system) and use hierarchical models to show different levels of abstration.

4747A Final Note on Petri NetsImagine modelling the elevator system of a skyscraper which contains three elevators and twenty floors. What would be some of the advantages of using a Petri net model for this?We can ensure if someone at a floor pushes the lift button (up or down), the elevator will eventually come.We can attempt to model the timing constraints of the system (Timed Petri net).We can also use hierarchies to simplify the system.Finally we could try to optimize the model in some way if its performance is not optimal.Etc..4848Lecture Key PointsPetri nets have Arcs, Places and Transitions.Petri nets are non-deterministic and thus may be used to model discrete distributed systems.They have a well defined semantics and many variations and extensions of Petri nets exist.The state or marking of a net is an assignment of tokens to places.For those interested, the book Fundamentals of Software Engineering (Prentice Hall) by C. Ghezzi, M. Jazayeri and D. Mandrioli has an extensive example of using Petri nets for an elevator system.

COMP201 - Software Engineering4949