Time Petri Nets: Miriam Zia School of Computer Science Mcgill University

Time Petri Nets
Miriam Zia
School of Computer Science
McGill University
Timing Specifications
Why is time introduced in Petri nets?
To model interaction between
activities taking into account their start
and end times.
Miriam Zia [email protected] Modeling and Simulation-based design: Time Petri Nets
Time Associated with
Tokens
Each token is associated with a time-stamp
that indicates when the token is available
to fire a transition.
Time Associated with Arcs
Each arc is associated with a traveling
delay t.
Tokens are available for firing only when
they reach the transition.
Time Associated with Places
Timed Place Petri Nets (TPPN)
Each place p is associated with a delay attribute, say
t.
Tokens generated in p only become available to fire a
transition after the delay t has elapsed.
Time Associated with
Transitions
Timed Transition Petri Net (TTPN)
Each transition represents an activity.
Transition Enabling: start of activity.
Transition Firing: end of activity.
Two basic PN-based models were developed for
handling time.
Ramchandanis Timed PN [Ram74]
A firing duration t is associated with
each transition of a PN.
Firing rule:
Transitions are fired as soon as they
are enabled.
Transitions take time t to fire.
Used mainly for performance
evaluation.
Merlins Time PN [Mer74] (1/2)
More general than Timed PN.
TPN used to investigate recoverability
problems in computer systems and in
communications protocols.
Two real numbers a,b are associated with
each transition of a PN, with
0 > a > b > .
a: time that must elapse between the
ENABLING and the FIRING of a transition.
b: maximum time during which transition can
be enabled without being fired.
Merlins Time PN [Mer74] (2/2)
Assume t1 has
been enabled at
time r:
t1 cannot fire
before time r+a.
t1 must fire before
or at time r+b.
Times a and b for transition t1 are relative
to the moment at which transition t1 is
enabled.
An Enumerative Approach for
Analyzing Time Petri Nets (1/2)
Research conducted at the LAAS of CNRS,
Toulouse, France.
Motivation: Specifying and proving
correctness of time-dependent systems.
Research:
Propose for TPN a technique for modeling
the behaviour and analyzing the properties
of timed systems.
Similar to the reachability analysis for PN.
Develop a software tool for analyzing TPN.
TIme petri Net Analyzer (TINA)
An Enumerative Approach for
Analyzing Time Petri Nets (2/2)
Two main papers:
1. An Enumerative Approach for
Analyzing Time Petri Nets (1983)
[BM83].
2. Modeling and Verification of Time
Dependent Systems Using Time
Petri Nets (1991) [BD91].
Outline of Paper Presentation
1. Time Petri nets.
States in a TPN.
Enabledness and firability condition of a set of
transitions.
Firing rule between states.
Behaviour of TPN.
2. Method for analyzing TPN.
State classes.
Firing rule between state classes.
Reachability tree.
3. Some properties of Time Petri Nets.
4. TINA : TIme petri Net Analyzer.
Time Petri Net is a Tuple (1/2)
P: finite nonempty set of places;
T: finite nonempty set of transitions ti can be viewed as an ordered
set {t1, t2, , t
i
, , };
B: backward incidence function
B: T x P N(where N is the set of nonnegative integers);
F: forward incidence function
F: T x P N;
M
0
: initial marking function
M
0
: P N;
TPN = P,T,B,F,M
0
,SIM
Time Petri Net is a Tuple (2/2)
SIM: static interval mapping
SIM: T Q* x (Q* U ) (where N is the set of positive rational
numbers)
A static interval is associated with transitions:
SIM(t
i
) = (d
i
s
,
i
s
)
d
i
s
,
i
s
are rationals such that:
0 > d
i
s
>
i
s
>
(d
i
s
,
i
s
) is called the static firing interval of transition t
i
.
Left bound d
i
s
is the static Earliest Firing Time (static EFT) for t
i
.
Right bound
i
s
is the static Latest Firing Time (static LFT) for t
i
.
TPN = P,T,B,F,M0,SIM
A Couple of Comments
Times d
i
s
and
i
s
are relative to the moment at
which t
i
is enabled.
If a pair (d
i
s
,
i
s
) is not defined for t
i
, it has the
pair (0, ) classic PN transition
In [BM91]: TPNs considered are such that none
of their transitions may become enabled more
than once simultaneously by any marking M:
for any enable transition t
i
( p)(M(p) < 2B(t
i
,p))
there is at least 1 place which prevents t
i
from
being firable twice.
E
States in a TPN Are a Pair (1/2)
S = (M,I) consisting of:
A marking M.
A Firing Interval vector I
Associates with each transition enabled
by M the time interval in which the
transition is allowed to fire.
States in a TPN Are a Pair (2/2)
S0 = (M0,I0), with
M0: p1(1),p2(2)
I0: {(4,9)}
S1 = (M1,I1), with
M1: p3(1),p4(1),p5(1)
I1: {(0,2),(1,3),(0,2),(0,3)}
S2 = (M2,I2), with
M2: p2(1),p3(1),p5(1)
I2:{(1,3),(0,2),(0,3)}
if transition t2 fires
Enabledness Condition of a
Set of Transitions
Transition t
i
becomes enabled at time
r in state S = (M,I) in the usual PN
sense:
M(p) < B(t
i
,p) for all p in the incident
set I(t
i
)
Firability Condition of a Set
of Transitions
Formally expressed by 2 conditions:
Condition 1: t
i
is enabled by marking
M at time r (absolute enabling time).
Condition 2: the relative firing time 0
(relative to r) is not smaller than the
EFT of t
i
and not greater than the
smallest of the LFTs of all the
transitions enabled by M:
EFT of t
i
> 0 > min{LFT of t
k
} (where k ranges
over the set transitions enabled by M).
Firing Rule Between States (1/2)
State S = (M,I) can be reached by firing t
i
at
relative time 0 from state S=(M,I).
S is computed in 2 steps:
M is computed, for all places p, as:
(for all p)M(p) = M(p) B(t
i
,p) + F(t
i
,p)
I is computed in 3 steps:
Remove from I those intervals disabled when t
i
is fired.
Shift by 0 towards the origin of times all intervals of I
that remained enabled; time is always nonnegative: I =
(max(0,EFTk - 0), LFTk - 0)
Introduce in I the static intervals of the new transitions
enabled.
Firing Rule Between States (2/2)
S0 = (M0,I0), with
M0: p1(1),p2(2)
I0: {(4,9)}
t1 fires at 0
1
S1 = (M1,I1), with
M1: p3(1),p4(1),p5(1)
I1: {(0,2),(1,3),(0,2),(0,3)}
If t2 fires at 0
2
S2 = (M2,I2), with
M2: p2(1),p3(1),p5(1)
I2:{(max(0,1 - 0
2
),3 - 0
2
),
(0, 2 - 0
2
),
(0, 3 - 0
2
)}
Behaviour of a TPN (1/2)
transition t
i
is firable from state S at time 0
and its firing leads to state S
A firing schedule will be a sequence of pairs
(transition t, relative time 0):
(ti,01)(t2,02) (tn,0n)
This schedule is feasible from a state S iff
there exist states S1, S2, , Sn such that:
Behaviour of a TPN (2/2)
The firing rule permits one to compute states and a
reachability relation among them.
The set of states that are reachable from the initial
state, through a firing sequence o, characterize the
behaviour of the TPN.
Much like with reachable markings in PN.
Problem: firing sequences can be defined but
enumerating this set of states is not possible.
Why? Because there are infinite time values which can
be selected to fire a transition from a given marking.
State Classes of a TPN (1/2)
Recap:
A state is a set of all possible firing
intervals, defined as the product
set of the firing intervals of the
transitions enabled by M.
Now we consider the following:
The set of all states reached from
the initial state by firing all
feasible firing values
corresponding to the same firing
sequence o.
This set will be called the state
class associated with the firing
sequence o.
Class C = (M,D), associated with a firing sequence o
from the initial state, consisting of
A marking M of the class: all states in the class have the
same marking.
A firing domain D of the class
Finitely represents the infinite number of firing domains of
states possible from a marking M by firing schedules with
firing sequence o.
D may be expressed as the solution set of some system of
linear inequalities:
D = {t | At < b}
where A a matrix, b is a vector of constants, and variable ti
corresponds to the i
th
transition enabled by M.
Note: t is an ordered set, and t(i) will refer to the i
th
enabled transition.
Enabledness of Transitions
from Classes
Assuming t(i) is the i
th
transition
enabled by marking M, t(i) becomes
enabled if:
M(p) < B(t(i), p) for all p in the incident
set I(t(i))
Firability of Transitions from
Classes
Transition t(i) is firable from class C =
(M,D) iff:
Condition 1: t(i) is enabled by marking M.
Condition 2: the firing interval related to
transition t(i) must satisfy the following
augmented system of inequalities:
A t < b
t(i) > t(j) for all j, j =i (where t(j) also denotes the firing
interval related to the j
th
component of
vector t)
C0 = (M0,D0), with
M0: p1(1),p2(2)
D0: Solution set of
4 > 0
1
> 9
t1 fires at 0
1
C1 = (M1,D1), with
M1: p3(1),p4(1),p5(1)
D1: Solution set of
0 > 0
2
> 2
1 > 0
3
> 3
0 > 0
4
> 2
0 > 0
5
> 3
Simple case: When firing t1, no
transition already enabled
remained enabled after the firing.
A complex case occurs when some transitions remain enabled.
t2 can fire from time 0=0 to 0= 0
max
, e.g.: t2 can fire at any 0
2
in the interval 0 > 0
2
> 2
Firing t2 is possible if the following system has a solution:
0 > 0
2
> 2 (1)
1 > 0
3
> 3 (2)
0 > 0
4
> 2 (3)
0 > 0
5
> 3 (4)
0
2
> 0
3
(5)
0
2
> 0
4
(6)
0
2
> 0
5
(7)
Computation of all possible firing times for transitions can be handled by an adequate
change of variables:
0
2F
denotes the relative time at which t2 is fired.
After the firing of t2, transitions t3, t4, t5 remain enabled while a time 0
2F
has elapsed.
Their new time values 0
3
, 0
4
, 0
5
can be defined by 0
i
= 0
i
+ 0
2F
Firing t2 is possible if the following system has a solution:
1 > 0
3
+ 0
2F
> 3 (8)
0 > 0
4
+ 0
2F
> 2 (9)
0 > 0
5
+ 0
2F
> 3 (10)
or
1 - 0
2F
> 0
3
> 3 - 0
2F
(11)
0 - 0
2F
> 0
4
> 2 - 0
2F
(12)
0 - 0
2F
> 0
5
> 3 - 0
2F
(13)
with
0 > 0
2F
> 2 (14)
(8), (9) and (10) can be rewritten:
1 - 0
3
> 0
2F
> 3 - 0
3
(15)
0 - 0
4
> 0
2F
> 2 - 0
4
(16)
0 - 0
5
> 0
2F
> 3 - 0
5
(17)
Eliminating 0
2F
gives:
0 > 0
3
> 3 from (11) and (14)
0 > 0
4
> 2 from (12) and (14)
0 > 0
5
> 3 from (13) and (14)
0
3
-0
4
> 3 from (15), (16) and (17)
0
3
- 0
5
> 3 from (15) , (16) and (17)
0
4
- 0
3
> 1 from (15) , (16) and (17)
0
4
- 0
5
> 2 from (15) , (16) and (17)
0
5
- 0
3
> 2 from (15) , (16) and (17)
0
5
- 0
4
> 3 from (15) , (16) and (17)
The state class reached after firing t2 is:
C2 = (M2,D2), with:
M2: p2(1),p3(1),p5(1) and D2: solution set to the inequalities defined above.
Firing Rule Between State
Classes
Class C = (M,D) can be reached by firing t(f) from
class C = (M,D).
C is computed in 2 steps:
M is computed, for all places p, as:
(for all p)M(p) = M(p) B(t
i
,p) + F(t
i
,p)
D is computed in 3 steps:
Add to the system A t < b the firability condition for t(f),
leading to the augmented system:
A t < b ; t(f) > t(j) for all j, j = f
Make the change of variable: t(j) = t(f) + t(j) and
eliminate from the system the variable t(f).
Remove from the system obtained above all variables
corresponding to transitions disabled when t(f) is fired.
Augment the system with new variables associated with
each new transition enabled. These variables belong to
their static firing interval.
Formal Definition of D
The firing domains D of state classes
for a T-Safe TPN can be expressed
as solution sets of systems of
inequalities of the following form:
d
i
> t(i) >
i
for all i
t(j) t(k) > y
jk
for all j,k k=j
Reachability Tree (1/2)
Using the firing rule, a tree of classes can
be built.
The root is the initial class C, and there is an
arc labelled ti from C to C if ti is firable from
class C, and if its firing leads to C.
Each class will have a finite number of
successors, at most one for each transition
enabled by the marking of the class.
Any sequence of transitions firable in the
TPN will be a path in this tree.
Reachability Tree (2/2)
A finite graph will be associated to the TPN
when the tree of classes will have a
bounded number of distinct nodes.
The graph is obtained by grouping equal
classes of the tree into the same class.
Two classes are defined to be equal if their
markings are equal and their firing domains are
equal.
A method to achieve this is to define the domains
into some canonical form, and then compare
these forms.
This will be called the reachability graph of
the TPN.
Some Properties of TPN (1/2)
The set of markings a TPN can reach from
its initial marking M0 is denoted R(M0).
The reachability problem is whether or not
a given marking belongs to R(M0).
The boundedness problem is whether or
not all markings in R(M0) are bounded:
For all markings in R(M0) and for all places
in P: M(p) > k, for some k in N
Some Properties of TPN (2/2)
A TPN is said T-bounded if there exists a
natural number k s.t. none of its transitions
may be enabled more than k times
simultaneously by any reachable marking.
for all ti in T there exists p in P such that:
M(p) < (k+1)B(ti,p)
When k = 1, the TPN is said to be T-safe.
The reachability and boundedness
problems for TPNs are undecidable.
So, What Do We Have Here?
An approach for analyzing TPNs:
Permits one to check the properties of
systems in the presence of timing
specifications.
Possible Extensions
No necessary or sufficient condition can be
stated for the boundedness property
Must develop strong conditions!
More specific and semantic checks could be
developed
We could stop enumeration early on if the
behaviour is not as expected.
Develop alternative analysis techniques.
TINA
Experimental toolbox for editing and analyzing PNs and TPNs.
tina:
Builds various state space abstractions for PN and TPN:
reachability and coverability graphs (Karp & Miller technique),
and efficiently checks the boundedness property.
Builds a linear state class graph of a TPN (Berthomieu &
Menasche technique).
Takes as input descriptions of PN/TPN in textual or graphical
form.
struct:
computes generator sets for semi-flows and flows.
Determines the invariance and consistence properties.
nd (NetDraw):
PN, TPN and Automata editor.
Allows one to create TPN in graphical or textual form.
Interfaced with the above tools.
TINA is not a Model-Checker
It cant be used to check satisfaction of a
concrete property (except reachability
properties): no design verification
performed.
It can be used as a front-end for a model-
checker.
It provides a reduced state space on which
the properties can be checked more
efficiently than on the original state space.
What Do I Intend to do with
TPN?
References (1)
[BD91] Bernard Berthomieu and Michel Diaz, Modeling and
Verification of Time Dependent Systems Using Time Petri
Nets, IEEE Transactions on Software Engineering, 17(3),
1991.
link: http://ieeexplore.ieee.org/xpl/tocresult.jsp?isNumber=2506&puNumber=32
[BM83] Bernard Berthomieu and Miguel Menasche, An
Enumerative Approach for Analyzing Time Petri Nets, IFIP
Congress 1983, Paris, 1983.
link: http://www.laas.fr/tina/papers.php
[BRV04] B. Berthomieu, P.-O. Ribet and F. Vernadat, The tool
TINA -- Construction of Abstract State Spaces for Petri Nets
and Time Petri Nets, International Journal of Production
Research, Vol. 42, No 4, July 2004.
link: www.laas.fr/~poribet/PUBLICATIONS/ribet_2004_ijpr.ps
References (2)
[Jan01] Mookyung Jang, Introduction to Timed Petri
Net, Data & Knowledge Engineering Lab, Postech
I.E., June 2001.
link: http://home.postech.ac.kr/~mkjang/Resources/TimePetriIntro.pdf
[Mer74] P. Merlin, A Study of the Recoverability of
Computer Systems, Ph.D. Thesis, Department of
Computer Science, University of California, Irvine,
1974.
[Ram74] C. Ramchandani, Analysis of Asynchronous
Concurrent Systems by Timed Petri Nets,
Massachusetts Institute of Technology, Project MAC,
technical Report 120, February 1974.

Time Petri Nets: Miriam Zia School of Computer Science Mcgill University

Uploaded by

Copyright:

Available Formats

Time Petri Nets: Miriam Zia School of Computer Science Mcgill University

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Time Petri Nets: Miriam Zia School of Computer Science Mcgill University

Uploaded by

Copyright:

Available Formats

Time Petri Nets

You might also like