M-nets: A survey

(1)

HAL Id: hal-00870484

https://hal.archives-ouvertes.fr/hal-00870484

Submitted on 8 Oct 2019

HAL

is a multi-disciplinary open access archive for the deposit and dissemination of sci- entific research documents, whether they are pub- lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers.

L’archive ouverte pluridisciplinaire

HAL, est

destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

Hanna Klaudel, Franck Pommereau

To cite this version:

Hanna Klaudel, Franck Pommereau. M-nets: A survey. Acta Informatica, Springer Verlag, 2008, 45

(7-8), pp.537–564. �10.1007/s00236-008-0077-0�. �hal-00870484�

(2)

Hanna Klaudel · ^Frank ^Pommereau

M-nets: a survey.

thedateofreeiptandaeptaneshouldbeinsertedlater

Abstrat This papersurveysthe researh relatedto themodel of M-nets

sineitwasintroduedin1995.M-netsarehigh-levellabelledPetrinetswhih

an be omposed, like proess algebra terms, using various operators. We

presenttheoremodel,severalofitsextensionsandthemainappliations.

Keywords High-levelPetrinets,ompositions,ationrenement,synhro-

nisation.

1Introdution

The model of Petri nets [68℄ is based on onepts oming from automata

theory,linearalgebraandgraphtheory.Besidesthegeneraladvantagesofa

formalmodelandtheveriationmethodsbasedonlinearalgebra,Petrinets

areadditionallyattrativesinetheyhaveasimplegraphialrepresentation.

Thisharateristisisimportantalreadyinthedesignproessshowinghowa

onurrentsystemisbuiltanddistributedin spae.Itgivesalearimageof

onurreny,sequentialityandonit,bothontheonretevisualleveland

onthegraph-theoretilevel.Inpartiular,suhanexpliitrepresentationof

onurrenyissuitablewhenstudyingnonsequential(trueonurreny or

partialorder)semantisofonurrentsystems.

Ontheotherhand,themodulardesign oflargesystemsallowstoredue

and manage their omplexity. This is possible either in a bottom-up way

byomposingsmaller subsystems,orgoing top-downby reningparts of a

rough model by more detailed systemdesriptions. In both ases, systems

H.Klaudel

IBISC, Université d'Evry, 523 plae des Terrasses, 91000 Evry, Frane, E-mail:

klaudelibis.univ-evry.fr

F.Pommereau

LACL,Univ.ParisEst,61av.dugénéraldeGaulle,94010Créteil,Frane,E-mail:

pommereauuniv-paris12.fr

(3)

are onstruted from building bloks and a semantis should support the

modular onstrution of systems. Modularity has been a somewhat weak

point of Petri nettheory: aPetrinet is dened asa whole,and notin the

rst instane obtained by omposing subnets. This is totally dierent in

proessalgebraswheresystemsaredesribedbyproessterms,whihareby

denition builtfromsubterms. Thesemantis ofaproesstermis obtained

fromthesemantisofitssubtermsandisompositionalbynature.However,

the standard proess algebras redue onurreny to interleaving arguing

thatinterleavingissimplerthantrueonurrenyandjustasexpressive.On

the other hand, interleaving based models are less suitable for atop-down

design, sine they desribe systems using ations that are assumed to be

instantaneousandindivisible.

BothPetrinetsandproessalgebrasapproaheshaveinreasinglyinu-

ened eah other, and onsiderable eort has been made to ombine their

respetivemerits.ThePetriBox Calulus (PBC) [4,5℄,whih evolvedlater

tothePetriNetAlgebra(PNA)[6℄,oersaverygeneralsolutiontoombine

proess algebrasand Petri nets.However, in pratial situations, the stan-

dard low-level Petrinet model on whih PBC is based leads to hugenets

whiharewelldenedmathematiallybutdiulttograspintuitively.Asa

onsequene,theappreiatedfeatureofPetrinetsofrepresentinggraphially

systempropertiessuhasonurreny,sequentiality,onits,et.,vanishes

beauseofthesizeofPetrinetsneessarytodesribetheonsideredsystem.

To address this problem, high-level Petri net models have been proposed,

suh asprediate/transition nets [42℄,oloured Petri nets [47℄,oralgebrai

nets [76℄.

Inpartiular,theCalulusof Modular MultilabelledNets (M-nets)[8,51℄

wasintroduedin orderto ombinetheompositionalityofproessalgebras

andtheexpliitrepresentationofonurrenyofPetrinetsinaommonhigh-

levelframework.Indeed, M-netsare onsideredastheolouredounterpart

ofthePBC.Atually,M-nets andPBCarerelatedthroughanoperationof

unfolding whihtakesanM-netN ând^yieldsânêquivalent^low-level^netNℓ^.

Nân^be^seenâsânabbreviationofNℓ^,ândNℓâs^the^semantisôfN^.^M-nets

supportvariousompositionoperations(parallel,sequene,hoie,iteration,

synhronisation,restrition,et.),whihareessentiallythesameasinPBC.

Indeed, it was one of the main aims in the design of the M-net model to

ensurethattheunfoldingofaomposednetoinideswiththeomposition

oftheunfoldingsof itsparts.ThePBCandM-nets areimplementedinthe

PEPtool[41℄whihallowstoedit,simulateandverifysystemsusingmodel-

heking.Moreover,the SNAKES toolkit[73℄,a toolspeially dediated

toworkwithvariantsof M-netsandPBC,allowstoquiklyimplementnew

operations for those models, thus providing a framework to prototypeand

experimentwithnewvariants.

ThispapersurveystheresearhrelatedtoM-nets sinetheywereintro-

dued.ThenextsetiondenesthePetrinetaspetsofthemodel,inluding

therenement(meta-)operationwhihallowstosubstituteM-nettransitions

byarbitraryM-nets.The low-levelnetmodelis alsointroduedin order to

state the onsisteny betweenhigh and low levels. Setion 3 presents sev-

(4)

exhange information between dierent abstration levels of a system; re-

ursion whih is like a repetitive renement; and buered ommuniation

providingasimpleshemetosharedatabetweendierentpartsofanM-net.

Setion4showshowanalgebraofM-netsisbuiltusingtheirannotations(for

synhronousandasynhronousommuniation)and therenement(forthe

ontrolowoperations).Theintroduedoperationsareonsistentwiththose

existinginPBC.Setion5reviewsseveralappliationsorfurtherextensions

oftheM-netsalgebra.ThisinludesadenitionofanM-netsemantisofthe

parallel speiationlanguageB(PN) 2

andseveral otherextensions likethe

introdution of objet oriented paradigms, the modelling of mobility, pre-

emption (suspend/resume and abort of subsystems) or timing onstraints.

Finally,setion 6presentsaasestudy using M-netsto model and verify a

timedrailroadrossingsystem.

2The model of M-nets

2.1Basidenitionsandnotations

We start with the denition of multisetswhih are widely used in the fol-

lowing. Let E ^beâ ^set.Â ^multiset ôver E îs â^funtion µ : E → Nwhih assoiatestoeahelementofE îts^numberôfôurrenesⁱⁿµ^.Â^multisetµ

isniteifso istheset{x∈E|µ(x)6= 0}^.^Sometimes,^we^will^use^for^multi-

setsanextendedsetnotation;forinstane, {x, y, y}^will^denote^the^multiset µ^suh^that µ(x) = 1^,µ(y) = 2^and µ(z) = 0 ^for^allz∈E\ {x, y}^.^We^will

denote by ∅ ^the êmpty ^multiset. ^We âlso întrodue ^the ^following^notations

forµ^,µ1 ândµ2^multisetsôverE ândn∈N:

the symbols +^, −^, ^and ∗ ^denote, respetively, the sum, the dierene of multisets and the multipliation of amultiset by a natural number;

formally, for x ⁱⁿ E^: (µ1 +µ2)(x) =^df µ1(x) +µ2(x)^, (µ1 −µ2)(x) =^df max(0, µ1(x)−µ2(x))^and(n∗µ)(x)=^df n∗µ(x)^;

wewrite x∈µîfµ(x)>0^,ândµ1⊆µ2 îf∀x∈E:µ1(x)≤µ2(x)^;

wedenotebymult(E)^the^setôfâll^the^multisetsôverE^,ând^bymultf(E)

thesetof thenitemultisetsoverE^.

A(low-level)Petrinet isadiretedbipartitegraphwhosenodesareplaes

ortransitions.Theplaes maybemarked,i.e., mayarrytokens.Theinput

ars ofatransitiontôme^from^the^setôf^pre-plaes ôftând^theôutputârs

oft^go^to^itspost-plaes.Atransitionisativatedifitspre-plaesaremarked bysuientlymanytokens.It maythenbered in whihasesometokens

are removed from eah pre-plae and some other produed in eah post-

plae. Thears areweighted,i.e., annotatedbyanaturalnumber(where 0

orrespondstotheabseneofthear)indiatingthenumberoftokenswhih

aretransportedthroughthearduringtheringofatransition.Plaesand

transitionsmayalsoarrylabels.Formally:

Denition1 A (low-level) labelled Petrinet N ^is^a^quadruple (S, T, W, λ)

where:

Sîsâ^setôf^plaesândT îsâ^setôftransitions,withS∩T =∅^;

(5)

W : (S×T)∪(T×S)→Nistheweightfuntion onars;

λ^is^the^labelling^funtion^onS∪T^.

AmarkingofN ^is^a^funtion M :S →Nwhihassoiatestoeahplae thenumberoftokensitarries.

Foraplaeoratransitionx∈S∪T^,^we^dene^•x=^df {y∈S∪T |W(y, x)>

0} ând x^• =^df {y ∈S∪T | W(x, y)> 0}^. ^The^marking ôfâ ^plae ^denes â

loal state,in suh away thatthe globalstateof thenet isrepresentedby

thesetofallsuhloalstates.Thedynamibehaviourofsuhanetisgiven

bythetransition rule:

Denition2 LetN = (S, T, W, λ)^beâ^labelled^Petri ^netândM îts^mark-

ing. Atransition t ∈T îsâtivated ât M ⁱ ∀s∈S :M(s)≥W(s, t)^.^The

ring oft ^produes^the^visible^ationλ(t)^and^gives^rise^to^the^new^marking M^′ ^dened ^by∀s∈S:M^′(s)=^dfM(s)−W(s, t) +W(t, s)^.

Thetransition rule illustrates the property of loality of nets: only the

part

•t∪t^• ôf ^the ^global ^state îs învolved ⁱⁿ ^the ^ring ôf ^the ^transition t^.

Inonurrentsystems,the ations(representedbytheourrenesof tran-

sitions)mayappear onurrently,i.e., independentlyof eah other.If these

ourrenesaredesribed byanarbitraryinterleavingof ations,theneah

sequene ofindependent ationsis asequene ofourrenesof the system

and the orresponding semantis is alled a sequential or an interleaving

semantis. If the ourrene of a nite multiset of ations is allowed, then

theorrespondingsemantisisasteporaonurrent semantis[3,9,43,44℄.

If the ourrenes of ations are partially ordered, then the orresponding

semantisisapartialorder ortrue onurreny semantis[66,79,81℄.

The model based onlow-levelnets is partiularlyinterestingbeauseit

is supported by various implemented tools (see [69,80℄ for a presentation

ofmanytools) andmaybeanalyzedusingmethodsdevotedtosuhnetsor

usingeientalgorithmsofmodelheking.However,thesenetsarenotoften

used diretly beause the speiations of real size systems are in general

toolarge tobeunderstandable.Thedesigners oftenpreferto usehigh-level

versionsofPetrinetswhihprovideabetterabstration andwhihmaybe

automatiallyunfolded tolow-levelnetsbeforebeinganalysed.

Figure 1representstwoequivalent nets(in thesense that theydesribe

the same behaviours),the net on the left is high-level and the net on the

rightisitsunfolding (so,itis alow-levelnet).

Theannotationsusedforthehigh-levelnetshavethefollowingmeanings:

the plaes are typed, i.e., haveassoiated sets of values (s ^has ^the^type {•}^,s^′ ^has^the^type{1,2,3}^ands^′′^has^the^type{2,3}^);

the tokens are values respeting the types of the plaes (s^′ ^arries ^the

token2ands^′′^arries^the^token^3);

thearsareannotatedwithvalues orvariables;thesopeforthevariables

isboundto atransitionanditsadjaentars(so,thevariablesarounda

transitionhaveonlyaloal meaningandmaybeonsistentlyrenamed);

the transitionsmayarryBooleanexpressionsalled guards playingthe

(6)

{•} s

x6=y t

2 {1,2,3}

s^′

3 {2,3}

s^′′

•

x y

s•

tσ1 tσ2 tσ3 tσ4

s^′₁

•

s^′₂ s^′₃ s^′′₂

• s^′′₃

Fig.1 Ahigh-levelnet(ontheleft)anditsunfolding(ontheright)whoselabelling

hasbeenomitted.Theσi^'sâre^the^modesôftⁱⁿ^the^high-level^net,^theîndexesôf

thes^′_i^'sând^thes^′′_j^'sôrrespond^to^the^valuesⁱⁿ^the^typesôfs^′ ânds^′′^.

theguardtrue(this is theasefor thetransition t ^taking, ^for înstane, x = 2 ând y = 3^, ^but ^not ^for x = y = 2^). ^The ^guard îs ôften ûsed

in order to ompute valuesduring aring. Here,sine x^and y ^are ^free

variables(not bound onan inputar),the transitionatually omputes

non-deterministiallyanumberin{1,2,3}^forxândânotherôneⁱⁿ{2,3}

fory^,^hoosing^them^distint^(beause^of^the^guard).

Thetransitionruleinahigh-levelnetismoreompliatedthanthatused

atthelow-level:inordertoreatransitiont^it^is^neessary^to^take^tokensⁱⁿ

thepre-plaesoft^,^toâssoiate^them^to^the^variablesâroundtând^toênsure

thattheguardevaluatestotrue.Moreover,onlyvaluesallowedbythetypes

of plaes may be produed. The mappings, alled bindings, assoiating a

valueto eah variable exist independently ofthemarkingof thenet andof

theguardof t^. ^(However,^we^shall ônlyônsider ^the ^variablesînvolved ⁱⁿ t

when showing a binding intended to be used for t^.) ^F^or t ⁱⁿ ^gure ^1, ^the

bindingsare oftheform (x7→i, y 7→j)^where iând j âreârbitrary ^values.

A bindingis alled amode ifit allowsto evaluatetheguardto trueandif

the valueorresponding to eah variable appearing in an annotationof an

arbelongsto thetypeoftheadjaentplae.So, themodesof tⁱⁿ ^gure¹

are σ1

= (xdf 7→1, y 7→ 2)^, σ2

= (xdf 7→ 1, y 7→ 3)^, σ3

= (xdf 7→ 2, y 7→ 3) ^and σ4

= (xdf 7→3, y7→2)^,^but^notσ^′₁= (x^df 7→1, y7→1) ^norσ₂^′ = (x^df 7→2, y7→2)

beausetheydonotrespettheguardoft^,^and^neitherσ₃^′ = (x^df 7→0, y7→2)

beauseitdoesnotrespetthetypeofs^′^.

Thesehigh-levelaspetsareexpressibleinthelow-levelnetsthroughthe

operationofunfolding dened asfollows:

eahhigh-levelplaeisunfoldedto asmanylow-levelplaesasthereare

valuesinitstype(so,s^′ ^gives^rise^to ^the^low-level^plaes s^′1^,s^′2 ^ands^′3^);

themarkingisobtainedin suh awaythat, forinstane, thetoken2in

s^′ ^leads^to^a^(blak)^tokenⁱⁿ^the^plaes^′₂^;

eahhigh-leveltransitionis unfoldedtoasmanylow-leveltransitions as

there aremodesassoiatedtoit(so,t ^generates^the^low-leveltransitions

tσ1 ^to tσ4^);

the arsare obtainedonsistently withthe modes. So,aordingto the

mode σ1 = (x 7→ 1, y 7→ 2)^, tσ1 ^is ^onneted ^to s^′₁^, ^with ^the ^weight ¹

(7)

orrespondingto themultipliityofxⁱⁿ^the^annotation^of^the^high-level

ar,and to s^′′₂^,^with ^the^weight ¹orrespondingto the multipliity ofy

intheannotationofthehigh-levelar.

The unfolding allows to express systems in the high-level domain with

theguaranteethattheyhavearepresentationinthelow-levelone,whihis

neededfortheirautomatedanalysis.(Notie,however,thatallowinginnite

typesforthehigh-levelplaesgivesrisetoinnitelow-levelnets.)

2.2Statianddynamiaspetsof M-nets

Weonsiderthefollowingpairwisedisjointsets:

Val îs ^the^set ôf^values ⁽ⁱⁿ^partiular, Val ôntains^the^blak^token •^,

naturalnumbers,Booleanvalues,et.);

Varîs^the^setôf^variables ⁽Varîsâssumed^largeênough^toâllow^renaming

eahtimeitisneessaryin ordertoavoidnamelashes);

A is the set of high-level ation symbols, provided with a bijetion b^,

alledonjugation, suhthat for allact∈ A:actc 6=act^and actcc =act^.

Eah symbolact∈Ahasanarity ar(act)^and^we^havear(act) =c ar(act)^.

Thetermsact(x1, . . . , xâr(act))ândact(xc 1, . . . , xâr(act))^(wherexi∈Val∪ Var ^for1 ≤i≤ar(act)⁾âre (high-level)ations andtheyaresaidto be

elementary ifalltheirarguments(thexi^'s)^are^values;

A_ℓorrespondstoAinthelow-leveldomain;itisthesetofallelementary ationsonstrutedfromAandVal^.^(Notie^thatA_ℓislosedunder b^.)

Xontainsthehierarhialsymbols,whihwillbeusedtodenoteabstrat ationsusedtolabeltransitionstoberened;

thesymbolse^,iândx^denote^the^status ôf ^plaesûsed^to^label^plaesⁱⁿ

orderto guidenet ompositions; foranet N^, ^we^denote ^byN^e^,Nⁱ ^and N^x^,respetively,thesetofitsentryplaes(labelledbye),internalplaes (labelledbyi) andexit plaes (labelledbyx).

Theboxes are labelled low-level netswith somestrutural onstraints:

1

theentryplaes havenoinputars (symmetrially,the exit plaeshaveno

output ars), there alwaysexists entryand exit plaes and eah transition

hasatleastonepre-plaeandonepost-plae.

Denition3 A box N = (S, T, W, λ)^is ^a^low-level^labelled ^Petri ^net^suh

that:

foreahplaes∈S ^we^haveλ(s)∈ {e,i,x}^;

foreahtransitiont∈T^,^we^haveλ(t)∈multf(A_ℓ)^(iftîsâômmunia-

tion transition)orλ(t)∈X(if t^is^a^hierarhial transition);

N ^isex-restrited:N^e6=∅ 6=N^x^;

N ^isex-oriented:∀t∈T,∀s∈N^e,∀s^′∈N^x:W(t, s) = 0 ∧ W(s^′, t) = 0^;

N ^isT-restrited:∀t∈T,∃s, s^′∈S:W(s, t)>0 ∧ W(t, s^′)>0^.

1

TheseonditionswererequiredinPBC[4℄butrelaxedinPNA[6℄.Wewilluse

(8)

With this denition,in partiular,wearesureto havenon-emptyentry

and exit interfaes (Nê ând N^x⁾ ⁱⁿ êvery^box N^. ^The ommuniation and thehierarhialinterfaes,whihareomposedoftransitions,maybeempty.

Theseinterfaeswillberuialfordeningompositionoperationsonboxes,

seesetion4.Thetransition ruleforboxesisthat oflow-levellabelledPetri

nets.

M-nets are high-levelboxes.Inorder tointroduethem, weneed essen-

tiallytoenrihtheannotationsof low-levelnets.

Denition4 AnM-netisatripleN= (S, T, ι)^,^whereSîs^the^setôf^plaes, T îs^the^setôftransitions(withS∩T =∅⁾ândιîs^theânnotation^funtion

onS∪T ∪(S×T)∪(T×S)^,^suh ^that:

foreah plae s∈ S^, ι(s)^is ^a^pairλ(s).α(s) ^where λ(s)∈ {e,i,x} ^gives

thestatusofs^andα(s)⊆Val^, ^withα(s)6=∅^,^gives^its^type;

foreahtransitiont∈T^,ι(t)^is^a^pairλ(t).γ(t)^, ^where:

eitherλ(t)îsâ^nite ^multisetôf^high-levelâtions,ôrλ(t)∈X; γ(t)îs^the^guardôft^,^whihîsâ^BooleanexpressionsonVar ândVal^.

Wedenote by var(t)^(a ^subsetôf Var⁾^the ^set ôf ^variablesâppearing ⁱⁿ

theannotationsoftândîtsârs;

foreahar(s, t)^,ι(s, t)îsâ^multisetôf^struturedannotationsonVar∪ Val^, representingthevaluesonsumedduring aringoft^;^similarly,^the

valuesprodued during a ring of t ^are represented by the annotation

ι(t, s)^;

N îs ex-restrited, ex^-oriented ând T^-restrited ^(like ^for ^boxes, ûsing ι(x, y) = ∅ ôr ι(x, y) 6= ∅ înstead ôf W(x, y) = 0 ôr W(x, y) > 0 ^re-

spetively).

Thestruturedannotationsare formalised in [37℄ and illustratedin the

following,see for instane gures5 and 6.They inlude,depending onthe

ontext, onstantsand variables, but also moreomplexterms(introdued

lateron,possiblyinludingdistinguishedsymbolsζ ^andϕ⁾^that ^enode,^for

eahmode,dierentsetsofvalues.

In the gures, the hierarhial transitions are represented using double

lines (the hierarhial symbols being the apital letters X^, Y^, ^et.). ^En-

tryplaes aredepited withaninoming double arrow,exit plaes withan

outgoingdouble arrowand internal plaes withno double arrow.Also,the

notations are oftensimplied: an empty ommuniationlabelor anempty

(true) guard are generallyomitted, ars with empty annotationsare never

represented,thesingletonmultisetsarereplaedbytheiruniqueelement,the

plaesare notalwaysnamed,et. Thepurposeofthese simpliationsis to

alleviate thepresentation in order to fous on the aspets serving diretly

theunderstanding.

Wewillformalisenowdierentnotionsallowingustodenetheunfolding

andthetransitionruleofM-nets.Thiswillallowustostatethepropertyof

onsistenyofthebehaviourofanM-netwithrespettothebehaviourofits

unfolding.

A binding of a transition t îs â substitution σ : var(t) → Val^. Îf x îs

anentity(expression,ation,et.)whih depends onthevariablesin var(t)^,

wedenote by σ(x)^theêvaluationôfxûnder σ^.Â ^transitiont ^withâ^guard