Unifying the syntax and semantics of modular extensions of Petri nets

Reference

Unifying the syntax and semantics of modular extensions of Petri nets

MARECHAL MARIN, Alexis Ayar

Abstract

Petri nets are a modeling formalism that allows to describe concurrent systems with an intuitive and at the same time formal notation. When trying to represent real world-sized systems, the most simple versions of Petri nets tend to be extremely complex. To overcome this problem, a mandatory principle is modularity. Modular variants of Petri nets allow to create complex models by combining smaller entities. This facilitates the modeling and verification of large systems by applying a divide and conquer approach and promoting reuse.

Modularity includes a wide range of notions such as encapsulation, hierarchy and instantiation. Over the years, Petri nets have been extended to include these mechanisms in many different ways. The heterogeneity of such extensions and their definitions makes it difficult to reason about their common features at a general level. This thesis proposes an approach to standardize the syntax and semantics of modular Petri nets formalisms, with the objective of gathering even the most complex modular features from the literature. The central component of this approach is a new Petri nets formalism, [...]

MARECHAL MARIN, Alexis Ayar. Unifying the syntax and semantics of modular extensions of Petri nets. Thèse de doctorat : Univ. Genève, 2013, no. Sc. 4576

URN : urn:nbn:ch:unige-293909

DOI : 10.13097/archive-ouverte/unige:29390

Available at:

http://archive-ouverte.unige.ch/unige:29390

Disclaimer: layout of this document may differ from the published version.

1 / 1

Département d’Informatique Professeur D. Buchs

Unifying the syntax and semantics of modular extensions of Petri nets

THÈSE

présentée à la Faculté des sciences de l’Université de Genève pour obtenir le grade de

Docteur ès sciences, mention informatique

par

Alexis Ayar Marechal Marin de

France et Bolivie

Thèse No 4576

Genève

Atelier d’impression ReproMail 2013

First and foremost, I would like to express my gratitude towards my thesis supervisor, Prof. Didier Buchs. Working with Didier is a real pleasure, both in the academic and in the human sense. His precision and his ability to generalize any idea and find connections with other subjects are astounding. He has the amazing ability to supervise closely without interfering, he allowed me a great flexibility, both in the research and in the teaching fields. I am grateful for his friendship, for his patience and his availability. Most of all, I am grateful for everything I got to learn from him.

I would like to thank Profs. Fabrice Kordon, Franck Pommereau and Giovanna di Marzo for accepting to evaluate my thesis. I’m honored for your interest in my work.

I would also like to thank the members of the SMV group with whom I shared these 5 years, Steve, Alban, Matteo, Edmundo, and Luis. Steve shared with me his rigor and successfully fought against my bad programming practices. I learned more about software engineering by working with him than I could learn from any course.

Alban always looked at the big picture while I was lost in small details, and I really enjoyed his refined sense of humor. Matteo always impressed me with his general knowledge and his methodological abilities, specially when writing scientific papers, and he had the kindness to share them with me. Edmundo patiently endured endless and instructive discussions on many subjects. Luis reassured me when I was beginning my thesis and felt lost in my new environment. I am truly proud of having belonged to this fine group of people.

Thanks to all those who shared their friendship with me through these years. I specially thank Erwin and Zally, who gave me their support and their friendship with- out limitations. Thanks also to my bolivian and french families, from whom I always received a lot of affection.

I’d like to thank my mom and my sister, whose infinite love never left me during these 10+years abroad. They have an incredible ability to transmit their love through the distance and, thanks to them, I never felt far from home. I am not only grateful to you, but I am also extremely proud of both of you. I always say that Amira, my sister, was my very first and at the same time my best student. I love both of you.

Finally, a PhD is often a hard time for any relationship. It requires a lot of patience, and a lot of love. I am extremely lucky to have found in Daniela the most wonderful girlfriend, who shared infinite amounts of both with me through these years. I love you, and I cannot wait to see what lies ahead for both of us.

As Sartre said, "les autres sont, au fond, ce qu’il y a de plus important en nous- mêmes, pour notre propre connaissance de nous-mêmes."¹. If I can count with the love and/or support of so many wonderful people, I am probably doing something right. Thanks to all of you.

1free translation: "other people are basically the most important means we have in ourselves for our own knowledge of ourselves"

Les réseaux de Petri sont un langage de modélisation pour les systèmes concurrents et distribués. Ils allient une notation graphique intuitive avec une définition mathé- matique très précise qui permet une vérification automatique des propriétés de ces modèles. Au fil des années, la version originale des réseaux de Petri a été enrichie pour intégrer diverses notions telles que les probabilités et le temps, ce qui a produit de nombreuses variantes hétéroclites. Récemment, la communauté scientifique des ré- seaux de Petri a entrepris des efforts d’unification de ces diverses variantes, effort qui a pris la forme de la norme ISO/IEC 15909 pour les réseaux de Petri. La première étape de cette norme concernait les variantes les plus basiques, la deuxième la création d’un format d’échange pour les outils de réseaux de Petri nommé PNML et la troisième, qui est en cours de développement, concerne les extensions des versions proposées dans la première étape.

Une des principales extensions considérées est lamodularité, c’est-à-dire la capa- cité de définir des modèles de taille importante comme des assemblages d’entités de taille réduite. La modularité améliore l’étape de conception des modèles, en facilitant leur création et la maintenance. Elle a aussi un impact lors de la vérification des mo- dèles en appliquant des stratégies de type "diviser pour régner". Dans la mesure où les systèmes ayant besoin de vérification automatique sont toujours très complexes, la modularité est un concept indispensable pour une application des réseaux de Petri à des systèmes de taille réelle.

Les variantes des réseaux de Petri existent en grande quantité et sont très dif- férentes les unes des autres, autant au niveau des concepts qui sont introduits dans chaque variante que de la présentation et la définition de ces concepts. Ceci reste vrai même lorsque l’on se restreint aux formalismes modulaires. La modularité a en ef- fet été intégrée aux réseaux de Petri en introduisant des notions très variées telles que l’encapsulation, la hiérarchie, l’instantiation, l’héritage, etc. Dans cette thèse nous pro- posons une approche pour unifier ces différents variantes modulaires, autant au niveau syntaxique (en s’inspirant dePNML) que sémantique. L’élément central de cette ap- proche est un nouveau formalisme modulaire de haut niveau, nomméthe Llamas Lan- guage for Advanced Modular Algebraic Systems(LLAMAS). Ce formalisme a pour ambition d’être assez expressif pour pouvoir représenter la sémantique de tous les for- malismes modulaires existants. Ainsi, le but est que, pour chaque formalisme existant, il soit possible de définir une traduction de ce formalisme vers LLAMAS. Avec ces traductions, il serait possible de créer une approche de définition unifié pour les futurs formalismes de réseaux de Petri modulaires. Cette universalité est visée même s’il est impossible de connaître toutes les variantes modulaires des réseaux de Petri. Pour atteindre cet objectif, notre formalisme introduit des concepts qui dépassent l’expres- sivité usuelle des réseaux de Petri, en généralisant des concepts courants du domaine tels que les arcs inhibiteurs.

Le but, la motivation et l’état de l’art de la thèse sont énoncés dans l’introduction, au chapitre1. La première étape pour créer une unification des formalismes modulaire est une étude de l’état de l’art de ces formalismes. Nous présentons un tel état de l’art dans le chapitre 2. Faire un état de l’art exhaustif serait impossible, nous avons

formalisme, qui peuvent très bien être considérés indépendamment les uns des autres.

De cette façon, il est possible à de futurs travaux de considérer seulement une sous- partie des concepts définis dansLLAMAS.

Le premier de ces blocs est le noyau central deLLAMAS, que nous avons appelé Universal Composition Mechanism (UCM). Ce mécanisme de compositions permet de synchroniser les évènements des différents modules par le biais de cinq opérateurs, dont trois ont été directement repris du formalismeCO-OPN/2et deux sont des géné- ralisations de notions répandues dans le domaine des réseaux de Petri. Le deuxième bloc est une implémentation du paradigmeNets Within Nets(NWN), qui permet aux réseaux de Petri d’avoir de l’instantiation dynamique (c’est-à-dire de créer de nou- veaux modules pendant l’exécution du système) ou encore de modifier leur struc- ture pendant leur exécution. Le troisième bloc englobe les deux précédents avec des concepts de haut niveau classiques dans les formalismes modulaires, telles que l’en- capsulation et la hiérarchie, ce qui fait dethe Llamas Language for Advanced Modular Algebraic Systems (LLAMAS)un langage orienté composants.

Dans le chapitre 6 nous explorons des exemples d’application de LLAMAS, en introduisant des traductions non triviales depuis trois formalismes importants de la littérature. Le but principal de ce chapitre est de montrer que l’expressivité de notre UCMest suffisante pour gérer des formalismes très complexes dont la définition est très différente de la nôtre. Le chapitre 7 présente un prototype d’implémentation de LLAMAS. Ce prototype permet de créer des modèlesLLAMASet, pour les modèles de taille réduite, de calculer leur comportement. Ce prototype n’a pas pour ambition d’être un outil complet, il illustre simplement la faisabilité du langage. Finalement, la conclusion au chapitre 8 refait le point sur les contributions de la thèse et décrit plusieurs perspectives de travail.

Petri nets are a modeling formalism that allows to describe concurrent systems with an intuitive and at the same time formal notation. When trying to represent real world- sized systems, the most simple versions of Petri nets tend to be extremely complex.

To overcome this problem, a mandatory principle is modularity. Modular variants of Petri nets allow to create complex models by combining smaller entities. This facilitates the modeling and verification of large systems by applying a divide and conquer approach and promoting reuse. Modularity includes a wide range of notions such as encapsulation, hierarchy and instantiation. Over the years, Petri nets have been extended to include these mechanisms in many different ways. The heterogeneity of such extensions and their definitions makes it difficult to reason about their common features at a general level.

This thesis proposes an approach to standardize the syntax and semantics of mod- ular Petri nets formalisms, with the objective of gathering even the most complex modular features from the literature. The central component of this approach is a new Petri nets formalism, called the Llamas Language for Advanced Modular Algebraic Systems(LLAMAS). The main objective ofLLAMASis to be expressive enough to represent most if not all the modular Petri nets formalisms in the literature. By this, we mean that it should be possible to create a translation from every modular variant of Petri nets to LLAMASthat preserves its transition relation. This thesis introduces LLAMAS both in a light informal way and with a detailed formalization. We thor- oughly describe its main features, and we give some examples of formalisms that can be translated, chosen among the most representative modular formalisms in the literature.

Our approach has two positive outcomes. First, the definition of new formalisms is facilitated, by providing common ground for the definition of their semantics. Second, it is possible to reason at a general level on the most advanced verification techniques, such as the recent advances in the domain of decision diagrams.

1.1.3 Syntactic vs Semantic Definitions, Formalization . . . 7

1.2 State of the art . . . 8

1.2.1 The ISO/IEC 15909 standard . . . 8

1.2.2 Modular PNML. . . 10

1.2.3 Huerzeler’s generic component-oriented formalism . . . 11

1.2.4 Hierarchical CP-nets . . . 13

1.2.5 Reisig’s composition mechanism. . . 14

1.2.6 Process algebras . . . 14

1.2.7 The need of a new modular formalism to unify the semantics of modular Petri nets . . . 15

1.3 Contributions . . . 16

1.4 Limits of this Thesis . . . 17

1.5 Organisation of this thesis. . . 18

2 A survey of modular formalisms 19 2.1 Classification of the modular formalisms . . . 19

2.1.1 Synopsis . . . 20

2.1.2 P/T PN or HLPN . . . 22

2.1.3 Module structure . . . 22

2.1.4 Communication/composition . . . 25

2.2 Description of the modular formalisms . . . 27

2.2.1 Modular PT and CP-nets . . . 27

2.2.2 Place bordered subnets . . . 29

2.2.3 Reentrant nets. . . 29

2.2.4 Refinements . . . 30

2.2.5 Composition of nets based on the semantics of CSP . . . 31

2.2.6 Interface nets . . . 32

2.2.7 BIP . . . 34

2.2.8 CLOWN . . . 35 vii

2.2.10 Hierarchical CP-nets . . . 37

2.2.11 CP-nets with channels . . . 42

2.2.12 Hierarchical High Level Petri nets . . . 44

2.2.13 Modular PNML. . . 45

2.2.14 Reference nets . . . 46

2.2.15 M-nets . . . 47

2.2.16 Communicative objects and cooperative nets . . . 52

2.2.17 Object colored Petri nets (OCP-Nets) . . . 54

2.2.18 Object Petri nets . . . 55

2.2.19 CO-OPN/2 . . . 56

2.3 A generic metamodel for modular extensions of Petri nets. . . 58

3 The LLAMAS formalism - Informal presentation 61 3.1 The Universal Composition Mechanism (UCM) . . . 61

3.1.1 Bindings . . . 62

3.1.2 Active vs passive events . . . 63

3.1.3 Composition operators . . . 64

3.1.4 Parametric events . . . 65

3.1.5 Recursion . . . 66

3.1.6 Graphical and textual notation - the case against labels . . . . 66

3.1.7 Partial semantics of the UCM . . . 67

3.2 The LLAMAS language - an example . . . 69

3.2.1 Internal behavior of a module - Petri net . . . 69

3.2.2 Compositions . . . 69

3.2.3 Interface - basic LLAMAS module . . . 70

3.2.4 Hierarchy and static instantiation. . . 72

3.2.5 Dynamic instantiation - the nets within nets mechanism. . . . 74

4 The LLAMAS formalism - Formal definitions 77 4.1 Examples, reloaded . . . 77

4.2 Data types . . . 78

4.2.1 Syntax . . . 78

4.2.2 Semantics . . . 85

4.2.3 Dynamic references . . . 87

4.3 The LLAMAS language - syntax . . . 91

4.3.1 Petri nets . . . 91

4.3.2 Encapsulation : interface . . . 96

4.3.3 Hierarchy and static instantiation. . . 97

4.3.4 LLAMAS class . . . 100

4.3.5 The Universal Composition Mechanism . . . 102

4.3.6 LLAMAS specification . . . 109

4.4 The LLAMAS language - semantics . . . 111

4.4.1 A note on the inference rules . . . 112

4.4.2 LLAMAS system . . . 112

5 Discussion 141

5.1 General concepts of the language . . . 141

5.1.1 The UCM, a powerful composition mechanism . . . 142

5.1.2 An implementation of the nets within nets paradigm . . . 145

5.1.3 A component-based formalism . . . 148

5.2 Technical aspects . . . 153

5.2.1 Algebraic properties of the composition operators . . . 153

5.2.2 Observers: a generalization of existing arcs . . . 154

5.2.3 The negation: a necessary evil . . . 156

5.2.4 Universality and minimality of the language . . . 157

5.2.5 Infinite recursion . . . 158

5.2.6 Class parameters . . . 158

5.2.7 Garbage collection . . . 159

5.2.8 Independent hierarchy . . . 160

5.2.9 Observation of local events . . . 161

6 Case studies 163 6.1 CO-OPN/2 . . . 163

6.1.1 The interface of modules . . . 163

6.1.2 Compositions . . . 164

6.1.3 Complex compositions . . . 165

6.1.4 Invisible events and stabilization . . . 166

6.1.5 Other features from CO-OPN/2 . . . 167

6.2 Modular PNML . . . 167

6.2.1 Handling Modular PNML in LLAMAS . . . 168

6.2.2 Modular PNML does not handle the Hierarchical CP-nets . . 170

6.3 M-nets . . . 171

6.3.1 The hierarchical transitions in Petri box - the Schrödinger’s composition. . . 171

6.3.2 Synchronous compositions . . . 180

6.3.3 Fusion of place buffers . . . 185

7.1 The LLAMAS tool . . . 191

7.1.1 Presentation. . . 191

7.1.2 Creating LLAMAS models . . . 192

7.1.3 Generating the Prolog code. . . 193

7.1.4 Using Java to communicate with the Prolog sources . . . 194

7.2 Specific features of the implementation . . . 196

7.2.1 Rewriting semantics for the ADTs . . . 196

7.2.2 Anonymous compositions . . . 197

7.2.3 Additional composition operators . . . 198

7.2.4 Optimizations . . . 198

7.2.5 Handling free variables and the problematicnotoperator. . . 199

7.3 AlPiNA . . . 201

7.3.1 The tool . . . 201

7.3.2 ΣDecision Diagrams: encoding algebraic terms . . . 202

7.3.3 ΣDecision Diagrams: encoding Petri nets transitions . . . 204

7.4 Verification perspectives for the LLAMAS tool . . . 205

8 Conclusion and perspectives 207 8.1 Main contributions . . . 207

8.2 Future improvements and research perspectives . . . 209

A Proofs 211 A.1 Associativity and commutativity of the operatormerge . . . 211

A.2 Associativity and commutativity of the operatorany . . . 212

A.3 Associativity of the operatorsequence . . . 212 A.4 Distributivity of the operatoranywith respect to the other operators . 214

B Acronyms 215

C Code for theClockclass in the LLAMAS tool 217

2.2 Result of the merge of the nets in Fig. 2.1 . . . 28

2.3 Example of the composition of two net components taken from [Val94] 29 2.4 Example of the composition of two reentrant nets taken from [Che91] 30 2.5 A refinement of a netA. . . 31

2.6 Three nets with all the transitions sharing a label. . . 32

2.7 The result of the merge of the nets in Fig. 2.6 . . . 32

2.8 A simplified version of the composition in the interface nets, taken from [Rei09] . . . 33

2.9 Two examples of interface nets . . . 33

2.10 Two results of the composition of the nets in Fig. 2.9 . . . 34

2.11 A composition example in BIP taken from [BBS06] . . . 35

2.12 An example of CLOWN class taken from [BDC93] . . . 36

2.13 Example of colored puzzle nets and their composition taken from [CF10] 37 2.14 A super page with a substitution transition, and the corresponding sub- page taken from [HJS91] . . . 39

2.15 The result of the composition of the two pages in Fig. 2.14 . . . 39

2.16 A super page with a substitution place, and the corresponding subpage taken from [HJS91] . . . 40

2.17 The result of the composition of the two pages in Fig. 2.16 . . . 40

2.18 Example of a recursive invocation transition taken from [HJS91] . . . 41

2.19 Example of a fusion set taken from [HJS91] . . . 42

2.20 Application of the fusion set of Fig. 2.19 to two instances, globally and locally. . . 42

2.21 Example of CP-nets with channels inspired by [CH94] . . . 43

2.22 The equivalent flat HLPN of the nets in Fig. 2.21 . . . 43

2.23 An example of HHPN taken from [Buc94] . . . 44

2.24 A module in Modular PNML taken from [KP09] . . . 45

2.25 A composition in Modular PNML using static instantiation, taken from [KP09] . . . 46

xi

2.27 An example of a reference net . . . 47

2.28 A second example of reference nets . . . 47

2.29 A simple example of a hierarchical transition in Petri box . . . 49

2.30 An example of synchronization and restriction in the M-nets . . . 51

2.31 An example of hierarchical transitions with buffer places in the M-nets 52 2.32 An example of communicative objects taken from [SB94] . . . 53

2.33 An example of synchronized object colored Petri nets from [MM01] . 54 2.34 An example of two OPNs taken from [Lak01] . . . 56

2.35 An OPN composing the two nets from Fig. 2.34 . . . 56

2.36 A simple example of a CO-OPN/2 call, using the syntax from [BBG01] 57 2.37 PNMLCore, the central metamodel of PNML, taken from [HKK⁺09] . 58 2.38 A generic metamodel for Modular Extensions of Petri nets . . . 59

3.1 A simple example of two compositions. . . 63

3.2 The Labelled Transition System of Fig. 3.1 . . . 63

3.3 An example of theanyandsequenceoperators. . . 65

3.4 Example of parametric events. . . 66

3.5 Example of transactional recursion. . . 66

3.6 The behavior of the compositionc12. . . 66

3.7 A partial translation from the UCM to flat Petri nets. . . 69

3.8 Petri net example. . . 69

3.9 Compositions example. . . 70

3.10 A basic example of module interface. . . 71

3.11 The LLAMAS moduleBCounter. . . 72

3.12 A hierarchical LLAMAS module representing a clock. . . 73

3.13 A nets within nets example. . . 75

4.1 Copy of Fig. 3.11, containing the LLAMAS moduleBCounter. . . 78

4.2 Copy of Fig. 3.12, containing the LLAMAS moduleClock. . . 78

4.3 Interface compatibility. . . 100

4.4 Composition participants:c1calls one of every kind of participant. . . 104

4.5 Interface delegates example:s1andr1. . . 108

4.6 Two events meant to be composed with the^sequenceoperator. . . 128

5.1 A simplified view of the structure of LLAMAS . . . 142

5.2 The structure of the UCM. . . 143

5.3 The structure of the compositions in the UCM . . . 143

5.4 Variables scope. . . 144

5.5 The NWN concepts implemented in LLAMAS . . . 146

5.6 A nets within nets example (already shown in Fig. 3.13). . . 147

5.7 A component-based formalism . . . 149

5.8 An example of inhibitor and read arcs, and the LLAMAS equivalent. . 155

5.9 An example of priorities simulated in the UCM. . . 156

5.10 Example of transactional recursion. . . 158

5.11 A small example of parametric module. . . 159

6.11 The LLAMAS equivalent ofN1 in Fig. 2.29 . . . 176

6.12 The LLAMAS equivalent ofN2 in Fig. 2.29, to be considered as the leftmost submodule in Fig. 6.11 . . . 177

6.13 The LLAMAS equivalent ofN3 in Fig. 2.29, to be considered as the rightmost submodule in Fig. 6.11 . . . 178

6.14 An example of synchronization and restriction in the M-nets . . . 180

6.15 The translation of the M-netN from Fig. 6.14 . . . 181

6.16 The translation of the M-netN sy Afrom Fig. 6.14 . . . 182

6.17 The translation of the M-net (N sy A)rs Afrom Fig. 6.14 . . . 183

6.18 An example of hierarchical transitions with buffer places in the M-nets 186 6.19 The translation of the M-netN⁰ from Fig. 6.18 . . . 187

6.20 The translation of the M-netN from Fig. 6.18 . . . 188

6.21 Renaming labels. . . 189

7.1 The LLAMAS logo (author: Daniela Ríos). . . 192

7.2 The interface of the LLAMAS tool . . . 193

7.3 The prolog files resulting from the user-defined sources . . . 194

7.4 The initial state of the simplifiedClockmodel . . . 195

7.5 The transition relation of the simplifiedClockmodel . . . 196

7.6 Free variable example . . . 199

7.7 The logo of AlPiNA. . . 201

7.8 AlPiNA’s architecture . . . 202

7.9 The GUI of AlPiNA. . . 203

7.10 AΣDD that encodes nine terms. . . 204

4.2 List of symbols defined in the syntactic definition of LLAMAS . . . . 139 4.3 List of symbols defined in the definition of the semantics of LLAMAS 140

xv

Back in 1962, Carl Adam Petri presented his Phd. dissertation, called Kommu- nikation mit Automaten[Pet62]. In this thesis, Petri presented a formalism that would later become his namesake: the Petri nets. This formalism allows the modeling of dy- namic discrete concurrent non-deterministic systems, following the mindset of state- transition systems: a dynamic system is represented by a set of states that the system can take, and a set of events that define the passing from one state to another. Some characteristics of Petri nets with relation to other modeling languages are¹:

Non-determinism Like most automata-based formalisms, from each state of a Petri net there may be multiple events that could be executed, and the choice between these events is not determined solely by the current state.

Concurrency Petri nets allow to explicitly model concurrent systems, where multi- ple computations can be executed simultaneously, either independently or with interactions between them.

Locality Each state is represented by a set of elements (formally, markings in a set of places). Thus, it is possible to represent explicitly some events that modify only some local part of the system.

Causality In Petri nets, the causal dependency between the events is explicitly de- fined, and events that have no causal relation are clearly separated in the syntac- tic definition of the system.

Transactionality The events in Petri nets are atomic, they follow an all-or-nothing mindset. Each event may define a set of execution conditions, and if, at some point of the computation, one of these conditions is violated, the whole event is cancelled without any modification of the current state. Moreover, nothing

1This list was partially taken from [Rei85] and [Hos12]

1

can occur during the execution of an event other than the event itself. Note that some definitions (e.g., step semantics) allow to define complex transactional events, i.e., events that combine the behavior of some sub-events. In this case, the transactionality implies that nothing can occur during the execution of a complex event other than its sub-events.

A formal definition Unlike modeling languages such asUnified Modeling Language (UML) [RJB04], Petri nets have a precise mathematical definition, which en- ables to apply rigorous algorithms to verify the system properties. This makes Petri nets fall in the scope of formal methods [CW96].

A graphical notation Unlike low level languages such as process algebras, Petri nets have a clear and intuitive graphical notation that greatly facilitates the modeling activity while keeping the formal structure of the models. The graphical notation may not be applicable if the Petri nets become too large. In this case, modelers can applymodularity, which will be explained below.

Since their beginnings, Petri nets have known a phenomenal success, being applied to a wide variety of domains (see for instance [ZZ94]). This ubiquity was not without consequences on the formalism: the original version was often adapted to fit particular cases and extend its expressivity, adding concepts such as time, probabilities, complex data types and modularity. In the last decade an initiative has risen to tackle the di- versity of the many Petri nets variants, to improve the common understanding of the paradigm and to facilitate the integration of Petri net tools. This initiative took the form of the international ISO/IEC 15909 standard [ISO04]. The first stage of this standard dealt with the basic definitions of Petri nets, including a first extension in the direction of structured data types. The second stage definedthe Petri Net Markup Language (PNML)[HKK⁺09,HKPT10], a markup language meant to allow the com- munication between Petri net tools. Currently, the development of the standard is in its third stage, where extensions of Petri nets are being considered [HKLP12]. This thesis aims to be an independent contribution in this standardization effort, in one specific context: modularity.

Modularity, in its broadest definition, is the ability to define complex systems by assembling smaller (and simpler) entities. Arguably, modularity may be the most important Petri nets extension of all. Indeed, in most real-life applications, modularity is mandatory as a non-modular version of Petri nets would rapidly become intractable, both in terms of the modeling activity and in the verification step. Modularity allows to apply a divide-and-conquer approach to big systems, by tackling individual definitions and problems at a local level. It has been implemented in Petri nets mainly for three reasons:

• To facilitate the modeling activity, by allowing modelers to create small Petri nets representing sub-components of the whole state, and then composing them.

Moreover, modular formalisms may allow to compose models defined in differ- ent formalisms, provided a common ground between them is defined. See for instance [FM95].

ular mechanisms for his initial version of Petri nets, by defining a language similar to process algebras in his thesis [Pet62]. Thus, modularity even predates the introduction of complex data types in the Petri nets world.

Modularity is a broad concept that has been implemented in many different mech- anisms in the Petri nets literature. Sometimes, the different variants of modular for- malisms have important conceptual differences. Moreover, the publications that give the formal definitions of these variants are extremely variable.

This double variability, in concepts and in presentation, makes it difficult to reason about the common features of modular formalisms at a general level. This problem is not specific to the notion of modularity, as revealed by the existence of the ISO/IEC 15909 standard. By creating a completely defined standard formalism, we hope to alleviate both aforementioned problems. First, the definition of new formalisms is facilitated if their semantics are defined by means of translation of a powerful and well known formalism, as it is done in [Ris10] with the CO-OPN/2 formalism. Second, rather than defining new small formalisms to investigate novel verification techniques, as it is done for instance in [Val94], these verification techniques could be investigated in the context of a standard, or subsets of the standard. With this, it would be easier to see if this technique can be applied to other formalisms, if they are themselves related to the standard.

1.1 An approach to standardize modular Petri nets

The wordstandardhas a broad range of possible meanings, often very different. Some examples include excellency ("to have high standards"), normality ("the standard size") or agreement ("a standard language"). In this thesis we adhere to this last meaning: our objective is to build a single language to express the different behav- iors of all the modular extensions of Petri nets. In this section, we will describe this objective in more detail.

1.1.1 Informal Description

Our approach follows the path of the ISO/IEC 15909 standard [ISO04] and PNML [HKK⁺09,ISO11]. PNMLis a markup language that constitutes a syntactic platform (i.e., a metamodel) for the definition of Petri nets variants. It captures the general

syntactic concepts of Petri nets (places, transitions, token, etc.). Existing and new formalisms can be defined as instances of this metamodel, thus relating themselves with the common syntactic concepts of Petri nets formalisms. To extend this approach to semantic considerations, we propose to create a semantic counterpart to PNML, called semantic platform. Such semantic platform must be a complete formalism, with its own syntax and semantics. To relate the other formalisms with this platform, authors can define semantic transformations from their formalisms to the semantic platform. This approach is illustrated in Fig.1.1.

Semantic platform Metamodel

Modular formalism 1

Modular formalism 2

Modular formalism 3

...

syntactic conformity semantic transformations

Figure 1.1: General approach

The approach defined in this figure is by no means limited to modular extensions, and could be applied to any extension of Petri nets. The only condition is that the semantic platform must be expressive enough to represent the semantics of all the possible formalisms from the same extension. This could be extremely difficult for some domains, such as timed Petri nets. In this thesis, we want to show that, for the specific case of modularity, the approach from Fig.1.1can be realistically imple- mented. To achieve this, we advocate the use of what we callsemantic definitionsto define the semantics of modular formalisms. This notion is defined as a contraposition ofsyntactic definitions. Let us explain this distinction.

Usually, the semantics of Petri nets formalisms are defined as a translation from the formalism to some other formalism, usually the well known Labelled Transition Systems (LTSs). In this case, we say thatLTSsare the semantic platform of the Petri net formalism. When considering modular extensions of Petri nets, many authors rely on the fact that the translation of "flat" (i.e., non-modular) Petri nets have already been defined and are well known in the community. A syntactic definition consists in translating modular models to equivalent flat models, and then relying on the pre- viously defined semantics of these flat models. In other words, a syntactic definition consists in applying an "intra-formalism" transformation, to get rid from the modular aspects of the models, and then an "inter-formalism" transformation to translate from the formalism to the semantic platform. Syntactic definitions are ubiquitous in the do- main of the most basic composition mechanisms, the fusions of places and transitions.

In some cases (e.g., [DKR03]), the translation from modular models to flat models is

platform to complete the definition. To use the same vocabulary as previously, we could say that a semantic definition first uses an inter-formalism transformation, and then an intra-formalism transformation in the semantic platform.

This distinction is illustrated by an example in Fig. 1.2. This figure shows two simple Petri nets and a basic composition, the fusion of the transitions t2 andt3. A syntactic definition follows the path of the light arrows: first, the modular model is translated to a flat version, where the transitionst2andt3have been effectively fused, and then the result is translated to the semantic platform, in this case the LTS. A semantic definition follows the path of the dark arrows: each individual module is translated to the semantic platform separately, and the composition is also translated to some composition in the semantic platform. Of course, in this example, this means that the classicalLTShave been enriched with "fusion" operators. Then, this modular LTSis itself translated to its flat version.

{1,0,1,0}

{0,1,1,0}

{1,0,0,1}

{0,1,0,1}

t1 t2 t3 t4

{1,0}

{1,0}

t1 t23 t4

t1

t23

t1 t4 t4

t1 t2

{1,0}

{1,0}

t4 t3

Modular Formalism

Semantic platform Inter-formalism transformations

Intra-formalism transformations

Figure 1.2: Syntactic vs. semantic definitions of modular formalisms

Most formalisms that use semantic definitions create themselves the composition operators in theLTS. This is a problem, as the resulting definitions become complex,

and it is difficult to analyze the common features of the different definitions. In this thesis, we want to solve this problem, by providing a single semantic platform with its own composition mechanism, expressive enough to handle most if not all the com- positions mechanisms from the modular extensions of Petri nets. One possibility to do this would be to define a very expressive set of composition operators for theLTS.

Another would be to use process algebras, such as Communicating Sequential Pro- cesses (CSP)[Hoa78] andCalculus of Communicating Systems (CCS) [Mil82]. The problem with both solutions is that the semantic platform has a modeling paradigm that is far from the expressivity of Petri nets. Usually, concepts such as true con- currency, or the complex markings of Petri nets defined as multisets, are difficult to represent in low-level semantic platform. An ideal solution would be to use a Petri nets formalism as a semantic platform. By remaining in the mindset of Petri nets, the translations from modular formalisms become easier to define and to understand.

While the best would be to use an existing formalism, we did not find any expressive enough candidate in the Petri nets literature. Because of this, we propose in this thesis proposes a new modular Petri nets formalism, called LLAMAS, with a very expres- sive composition mechanism, largely inspired by Concurrent Object-Oriented Petri Nets (CO-OPN/2)[BBG01], but with other sources of inspiration such as the refer- ence nets [Kum02], theObject Petri Nets (OPNs)as defined by Lakos in [Lak01], the well known Hierarchical CP-nets [HJS91] and Modular PNML [KP09].

1.1.2 Requirements for a semantic standard of modular Petri nets

Our standardization approach includes the definition of a semantic platform to unify the semantics of modular extensions of Petri nets. In this thesis, we aim to create a semantic platform with three main characteristics:

Modularity As mentioned previously, the semantic platform for modular formalisms should be a modular formalism itself, in order to keep the identity of the mod- ules at runtime. Thus, when translating a modular model, the translation of every individual module should also be an individual module. This will be de- fined more formally in the next subsection (Sec.1.1.3).

Petri nets Our objective is to standardize modular Petri nets variants, and thus it makes sense to remain in the domain of Petri nets. Petri nets are well suited to model aspects like concurrency, complex states of discrete systems and local modifications of these states. A translation that leaves the world of Petri nets is bound to suffer from a semantic gap often difficult to handle (e.g., the resulting models would be exponentially larger than the original ones, as it happens when translating Petri nets toLTSs).

Universality The most important objective of this thesis is the ambition to include every modular variant of Petri nets, including the most complex ones. Of- ten, a philosophical discussion can arise about wether a particular variant is still a Petri net or not (i.e., variants without monotonicity like the Object Petri nets [Lak01], or variants where the execution of the individual events can lead

with this formalism and, for each modulem∈MF, letSemF(m) be itsLTS. We can de- fine a composite module as an expressionm=◦_i(m₁, . . . ,mn) wherem₁, . . . ,mn∈ MF

are modules and ◦_i is a composition function◦_i : ℘(MF) → MF. Thus, a module is the composition of modules, that in turn may be compositions of smaller modules, and so on, until reaching the level of leaf modules, i.e., modules that cannot be de- composed anymore. Let us noteLMF ⊆ MF the set of all the leaf modules in F and

CompF = {o₁, . . . ,om} ⊆(℘(MF)→ MF) its set of composition operators.

Let us go back to the two approaches we mentioned at the beginning of this sec- tion. A syntactic definition of the semantics of F consists in defining the semantics of the leaf modules and a function Flatten : CompF ×℘(MF) → LMF. This func- tion takes a composite module and returns an equivalent leaf module. With it, we can define the semantics of composite modules by definingSemF(◦i(m₁, . . . ,mn)) = SemF(Flatten(◦i,m₁, . . . ,mn)). While this approach is commonly applied to usual fu- sions of places and transitions, it is not always well suited to more complex cases.

Indeed, as we mentioned previously, theFlatten function can be extremely complex or sometimes give unwanted results (e.g., infinite nets). Moreover, because the result of this function is a non-modular model, the identity of the different modules is lost at runtime.

On the other hand, a semantic definition is based on an existing formalism SP (Semantic Platform), that has its own composition mechanismsCompSP and seman- tics SemSP. To create a semantic definition of a formalism F, one must provide two functions, a functionT rmod : LMF → MSP to translate the leaf modules and a function T rcomp : CompF → CompSP for the composition operators. Then T rmod

is extended to composite modules by defining inductively T rmod(◦i(m₁, . . . ,mn)) = T rcomp(◦i)(T rmod(m₁), . . . ,T rmod(mn)). Finally, the semantics of F is defined as ∀m ∈ MF, SemF(m) = SemSP(T rmod(m)). A semantic definition has the advantage of pre- serving the modules identity at runtime. Most formalisms that have semantic defini- tions use traditional LTS as a semantic platform SP, but they define their own LTS compositionsCompSP. Moreover, working at the level of theLTSis a low-level oper- ation, far from the modeling expressivity of Petri nets. This paradigm shift can have negative consequences. For instance, LTS are not suited for handling concurrency, and often theLTSresulting from the transformation of Petri nets are extremely large.

To avoid this paradigm shift while keeping the benefits of a semantic definition, we propose to use a single Petri nets formalism as a common semantic platform for Petri nets variants. This would facilitate the understanding of their definitions, and would allow reasoning at a general level on computational techniques. This approach is akin

to virtual machines in the domain of programming languages. Of course, the semantic platform must be expressive enough to handle at least the existing formalisms. By this we mean that it should be possible to create a translation from each modular formalism to the semantic platform that would preserve its semantics. For any existing modular formalismF with a previously defined semanticsOldSemF, we should have:

∃T r :MF → MSPs.t. ∀m∈ MF, OldSemF(m) SemSP(T r(m)) whereis an isomorphism betweenLTS.

1.2 State of the art

When considering the unification of Petri nets variants, the unavoidable reference is the ISO/IEC 15909 standard for High Level Petri nets [ISO04,ISO11]. This standard is the subject of the first part of our state of the art. The rest of this section focuses on the central artifact that we described in our approach: the semantic platform. We review some formalisms from the literature that could potentially fill this role, and we indicate why none of them satisfies the conditions we set up in Sec.1.1.

1.2.1 The ISO / IEC 15909 standard

As mentioned previously, the ISO/IEC 15909 standard for High level Petri nets aims to standardize the different variants of Petri nets from the literature, both in the syntactic and semantic domains. The central artifact for capturing the syntactic aspects of Petri nets variants is PNML [HKK⁺09]. For the semantics aspects, the ISO/IEC 15909 considers a constructive approach, first building the simplest variants of Petri nets and then adding concepts around this building block.

Capturing syntactic aspects of Petri nets variants: PNML

PNML is a markup language defined in the second part of the ISO/IEC 15909 stan- dard [ISO11]. It constitutes an implementation of the concepts defined in the first part of the standard, defined primarily as an XML language, but it also has an implemen- tation in Ecore, inserting itself in the MDA [OMG03] approach. PNMLwas defined to provide Petri net tools with a common language that could be used to share models.

It was used with success in the context of the Model Checking Contest (MCC) that takes place yearly since 2011 [KLB⁺12b,KLB⁺12a].

Fig. 1.3 shows the central metamodel ofPNML, called PNMLCore. It captures the essence of the basic concepts behind Petri net formalisms: places, transitions and arcs. It must be noted that, since its inception,PNMLalready included some modular features, by means of objects calledpages,reference placesandreference transitions.

This underlines both the importance of the concept of modularity that was mentioned previously, and the fact that the current modular aspects considered in PNML are limited to fusions of places and transitions. We will come back on this subject occa- sionally through this thesis.

In this thesis, the standardization of the syntactic aspects of Petri nets variants is very close toPNML. The key difference is thatPNMLis geared towards the exchange

Figure 1.3: PNMLCore, the central metamodel ofPNML, taken from [HKK⁺09]

between Petri nets tools, while we remain purely at the level of theoretical definitions of Petri nets variants. In particular, this means thatPNMLincludes many concepts for the concrete syntax of Petri nets, that are not included in our work. Another important aspect ofPNML is the focus on extensibility, an aspect that was not included in our work, as we remain solely focused to the modular concepts.

Semantic aspects of the standard

The definition process in the ISO/IEC 15909 standard started with a central core and a set of extensions to this core. The central definitions are the subject of the first part of the standard [ISO04], where some basic variants of Petri nets where defined. The third part of the standard considers to add extensions to these basic variants to add advanced concepts such as time, probabilities and priorities. The central notion for these semantic extensions isorthogonality[HKLP12]. This means that each extension should be an isolated block, independent of other extensions, and one should be able to combine multiple extensions together to form advanced variants of Petri nets without generating contradictions. This semantic domain is calledframeworkin [HKLP12]. In that article, two examples of extensions, time and priorities, are defined independently and then combined to form a "prioritized timed Petri nets" variant.

The key difference between our work and the semantic definitions of the standard is that we focus onPetri nets variants, while the ISO/IEC 15909 standard focuses on concepts. For instance, in [HKLP12], the authors add the concept of time to basic Petri nets based on the classicalTime Petri Net (TPN) from [BD91] (which is in fact the

variant proposed by Merlin and Farber in [MF76]), but they do not discuss the relation between the formalism they define and the existing temporal variants of Petri nets.

This is purely a methodological distinction and the central objective is very similar in both cases. While being a minor difference, it reveals the particularity of our work with relation to the standard, i.e., we aim to define a truly universal language, while the ISO/IEC 15909 standard aims to include only a few variants on the beginning and then become more and more inclusive by successively enriching the initial core with supplementary notions.

In the rest of this section we will explore some modular formalisms that were defined with the objective of unifying modular variants of Petri nets. We will start with Modular PNML, which is part of the proposition of the ISO/IEC 15909 standard.

1.2.2 Modular PNML

In [KP09], Kindler and Petrucci gave the formal definition of Modular PNML, a mod- ular formalism that was already introduced in [KW01]. Modular PNML has an im- portant relation withLLAMAS, the formalism defined in this thesis. Indeed, Modular PNML is at the same time the original inspiration and the main competitor of LLA- MAS. Indeed, both formalisms were defined with the same objective: to capture the modular concepts defined in the Petri net literature and to constitute themselves as an interchange platform.

A major feature of Modular PNML, which is not included in LLAMAS, is the definition of a modular structure for data types. The modules in Modular PNML can defined their own data types, and they can share them with their neighbors. This allows a great flexibility in the definition of the modules. For instance, it automatically allows to define generic modules, i.e., modules that can take some data types as a parameter and adapt their behavior according to the data type that was mentioned. This feature is not included inLLAMAS. As mentioned previously, the data types used in Petri nets are out of the scope of our work. Nevertheless, the data types modularity in Modular PNML is defined overAlgebraic Data Types (ADTs), the same kind of data types that were chosen forLLAMAS. Because of this, we consider that, if needed, the data types modularity of Modular PNML could be adapted toLLAMASwithout major difficul- ties. This would complicate enormously the formal definitions of LLAMASwhich, as the careful reader will discover, is already quite complex. Because of this, we de- cided to leave out any modular consideration of the data types. It must be noted that, even thoughADTsare an extremely general data types language, used in the ISO/IEC 15909 standard and both in Modular PNML and LLAMAS, they donotconstitute a standard for the data types used in the literature. In particular, many Petri net tools use expressions in various programming languages (Java for the reference nets in RE- NEW [KWD⁺04], ML for CPN tools [JKW07], Python for SNAKES [Pom08], etc.).

ADTscannot express the full range of expressions defined in all those languages.

The major contribution ofLLAMASover Modular PNML is its expressivity. Mod- ular PNML is only defined for one version of the simplest modular mechanism in the Petri nets world: fusions of places and transitions. We will see in this thesis that

oriented formalism that was defined in David Huerzeler’s phd thesis [Hue04], also published in [BCH02]. This thesis generalizes the composition mechanism of CO- OPN/2into a general modular formalism, where the semantics of individual compo- nents are defined by means of theirLTS. The semantics of the composition of a set of modules is defined by means of compositions of theirLTS. Because of this, a great deal of modular formalisms can be represented in Huerzeler’s formalism, and it is clearly not limited to Petri nets world. Nevertheless, it is explicitly indicated in that thesis that, contrary to our work, that formalism has no pretention of being universal.

There are two features from this formalism that had a direct impact on the defi- nition ofLLAMAS: the interface of the components, and the complex compositions defined with three operators. The components in this formalism defined an interface composed of methods(services offered by the component to their environment) and gates(services required by the component from their environment). We will see that these two notions are directly translated toLLAMAS’ modules, where they are called services andrequests. The distinction of methods and gates was already defined in later versions of CO-OPN/2, such as the one in [Buf97], and it was clearly defined by Huerzeler in his thesis, with a clear semantic definition. The second feature from Huerzeler’s thesis that had a profound impact on our work is the composition mecha- nism. Contrary to the interface of the modules, this mechanism was already defined in the first versions ofCO-OPN/2[Bib97], and even in its predecessor CO-OPN [BG91].

The compositions are declared assynchronous callswhere a gate of a module can call a method of another module, notedc1.g with c2.m, where the componentc1 uses his gate g to call the methodm from the component c2. More importantly, a gate of a module can call acompositionof methods of other modules. For instance, the com- positionc1.g with c2.m||c3.m⁰ indicates that the gategfromc1 callssimultaneously the methods mfrom c2 and m⁰ fromc3. In the context of this composition, the two methods are fused into a single event, similarly to the classical fusion of transitions.

There are in total three composition operators: the parallel (notedk), where the called methods are called simultaneously, the non-deterministic (noted+), where one of the called methods will be chosen non-deterministically to be called, and the sequential (noted..), where the methods are called sequentially. These operators have a direct correspondent inLLAMAS, where they are respectively called^merge,^anyand^sequence. We show an example of this composition mechanism in Fig. 1.4. In that figure, two basic components model each one a simple buffer. These basic components are synchronized in order to model a bigger buffer. The basic components semantics may be defined with Petri nets (not represented in the picture). Each component has a

method putto add a value in the buffer andgetto retrieve a value. If the buffer is full, the put operation may fail. Instead of refusing the operation, the component uses a gate called f ailputto warn the environment of the situation. Note that the component itself does not know how the environment will treat the message send by the gate

f ailput. Similarly, f ailgetdenotes a fail in thegetmethod.

The context represents the big buffer resulting from the composition of the two small ones. When the environment of the context requires a put service, this call is delegated to the put method of the left internal buffer. This buffer may accept the value, ending the execution of put, or execute of the gate f ailput if it is full. This gate is synchronized with the method put of the second buffer. Thus, a refusal of the first buffer will delegate the call to the second buffer. Again, this buffer may accept the value, or execute its own f ailput gate. In the latter, as both buffers have failed to accept the value, the context executes itself its own f ailputgate, warning its own environment of this situation. All these operations are performed synchronously. Of course, the outer-buffer may itself by composed to other buffers to create bigger and bigger buffers.

Note that this example does not show the definition of the semantics of the inner components, the ones that actually store the values of the buffer (called o1 ando2).

In Huerzeler’s formalism, their semantics would be defined by means of LTS and custom-made compositions ofLTS.

Figure 1.4: Two synchronized buffers modeled as components, taken from [BCH02]

Huerzeler’s work focuses on two aspects that are not defined inLLAMAS: substi- tutability and mobility. The main focus of the thesis is the problem of substitutability (also called behavioral inheritance, or generally in the Petri nets world, subtyping).

Substitutability is the problem of determining the conditions that a componentAmust fulfill so that it can replace a component B in some modular construction, without altering the behavior of the whole system.

The second aspect that is not considered in LLAMAS is mobility. Huerzeler’s formalism is hierarchical, which means that components can be embedded inside other components. In this context, the problem of mobility is the fact that some components can be transferred from one components to another. Not only the components move,

Figure 1.5: Component mobility example taken from [BCH02]

We will see later, in Sec. 5.1, a more precise description of the relationship be- tween Huerzeler’s formalism and our work.

1.2.4 Hierarchical CP-nets

In addition to Modular PNML, a clear candidate for the role of the semantic plat- form in the approach we described in Sec. 1.1 is the formalism called Hierarchi- cal Colored Petri nets [HJS91]. This formalism is arguably the most important ex- ample of modular formalism in the domain of Petri nets, as the modular concepts defined in it have inspired many other formalisms (the main example is the tool SNOOPY [HHL⁺12]), and it is supported by maybe the most well known Petri nets tool of all, CPN-tools [JKW07]. Contrary to the previous formalism, but similarly to Modular PNML, the Hierarchical CP-nets are a Petri net formalism, and thus they fall in our standardization scope. As such, they are described in detail in our survey of modular formalisms, in Chapter 2. In short, the modularity of the Hierarchical CP- nets is mainly a particular version of the ubiquitous fusion of places and transitions.

Nevertheless, there are some specific characteristics (such as the duplication of service calls, and dynamic instantiation, which will be described in detail in the survey) that give a great flexibility to the Hierarchical CP-nets. Nevertheless, some of the most complex modular mechanisms from the literature cannot be represented in Modular CP-nets. Some examples are the transition refinements of the M-nets [KP08]), the stabilization fromCO-OPN/2[BBG01] or the transactional recursion of the reference nets [Kum02]. Our formalism,LLAMAS, was specially designed to cope with these and other high-level mechanisms.

1.2.5 Reisig’s composition mechanism

In [Rei09] presented a composition mechanism with a similar objective as our work:

to represent many composition mechanisms from the literature. Contrary to our work, Reisig’s formalism does not aim to be universal, focusing instead on defining a simple and usable mechanism. This is clearly a different approach as our own, as we defined a quite complex formalism in order to cover as many mechanisms as possible.

Again, this formalism is a Petri nets formalism, and as such it is described in some detail in our survey in Chapter 2, with the name of interface nets. Let us simply mention for now that the composition mechanism of this formalism is, once again, a particular version of fusion of places and transitions. An important aspect of this for- malism is the distinction of two sets of interface elements, calledleftandrightports.

The left ports of a module are merged with the right ports of another module, some- times in a non-deterministic way. Given this non-determinism, a non trivial feature of this formalism is the fact that it is associative.

1.2.6 Process algebras

Stepping out of the domain of Petri nets, an important family of modeling formalisms that were designed with the purpose of being universal are the process algebras (also called process calculi). Arguably, the most important representatives of this family are the CSP [Hoa78] and CCS [Mil82], along with an extension of CCS called the π-calculus [Mil99]. Similarly to Petri nets, these formalisms allow the formal model- ing of concurrent communicating processes. Process algebras are by nature modular formalisms, as they define algebraic operators to represent the interactions between the various processes modeled. This algebraic nature allows to perform algebraic rea- soning to analyze the modeled interactions.

Process algebras are important in the context of this thesis for two reasons. First, as mentioned previously, they are clearly important candidates to fill the role of a Se- mantic Platform in our standardization approach. We mentioned in Sec.1.1a difficulty in this endeavor: there is a clear gap between the modeling mindset of Petri nets and the one in process algebras, that greatly complexifies any attempt to create a direct translation between both formalisms. The second reason for which process algebras are important to mention is that many concepts initially developed for these algebras had a profound effect in some modular formalisms. Maybe the best example of this is the family of the M-nets, with the Petri net Algebra [BDK01].

In [vdA04], Wil van der Aalst compares Petri nets with the Pi calculus. He cites the following advantages of the Petri nets over the process algebra in the contest of workflow modeling:

• The graphical nature of Petri nets while keeping the formal semantics

• The explicit description of the states, as a contrapositions to the event-based process algebras

• The abundance of analysis techniques

It must be noted that the formalism defined in this thesis,LLAMAS, solves these three problems. As mentioned in [vdA04] itself, theNWNparadigm [Val04], which is implemented inLLAMAS, is a powerful modeling technique to define the dynamic creation and interaction of multiple instances of processes. This solves the first dif- ficulty. The second one is solved in LLAMAS by means of complex compositions, that use multiple composition operators. These operators allow a great flexibility to define the behavior of the compositions. To the best of our knowledge, no formalism allows as much flexibility asLLAMAS, the next candidate beingCO-OPN/2. The fi- nal negative point of Petri nets mentioned in this list is the local nature of the classical Petri nets transitions. Many modular Petri nets formalisms overcome this difficulty by allowing the transitions to be synchronized with other transitions (e.g., the reference nets [Kum02]), andLLAMASis not an exception.

1.2.7 The need of a new modular formalism to unify the semantics of modular Petri nets

In Sec.1.1.2we defined three characteristics that we pursue for a semantic standard of modular extensions of Petri nets : modularity, Petri nets and universality. In this state of the art, we mention five formalisms that aim to unify the semantics of these extensions: Modular PNML, Hurzeler’s component-oriented formalism, the Hierar- chical CP-nets, Reisig’s Interface nets and the process algebras. Table1.1shows how these formalisms fulfill our requirements.

Modularity Petri nets-based universality

Modular PNML " " %

Hurzeler’s formalism " % %

Hierarchical CP-nets " " %

Interface nets " " %

Process algebras " % "

Table 1.1: The need of a new standard of modular Petri nets

The first requirement, modularity, is fulfilled by every formalism in our state of the art. This is another indication that unifying modular formalisms with a modular

formalism is a sensible decision. The second requirement, to be based on Petri nets, is not fulfilled by Hurzeler’s formalism (which is based on LTSs) nor the process algebras, which compose processes rather than Petri nets. In the case of LTSs, it is well known that theLTScorresponding to a Petri net is often exponentially bigger than the Petri net itself, as theLTSare not suited to model the concurrency so well handled by Petri nets. On the other hand, process algebras are very well suited to model concurrency, but the states of the processes are usually modeled as atomic entities, and it is difficult to simulate local modifications of specific parts of these states. Thus, once again, translating Petri nets to process algebras is often a difficult task. The final requirement, universality, is clearly not pursued in the literature. The only languages that could potentially aim to be universal are the process algebras, but all the Petri nets-based languages clearly do aim to include the most complex variants of Petri nets. The formalism proposed in this thesis,LLAMAS, was specifically created with these three objectives in mind.

1.3 Contributions

This thesis aims to participate in the standardization effort that has driven an important part of the research of the Petri nets community in this last decade. Our first contribu- tion in this domain is the description of an approach to standardize thesemantics of Petri nets formalisms, which was described in Sec. 1.1. This approach proposes the creation of very expressive Petri nets formalisms to serve as semantic platforms for the definition of Petri nets variants. To illustrate this approach, rather than covering multiple subjects superficially, we decided to explore in detail a single aspect of Petri nets: modularity. For this, we realized a detailed (and yet, non-exhaustive) survey of many Petri nets formalisms that define modular constructions. A first version of this survey was submitted to the IS0/IEC 15909 committee in 2011, and an updated version in 2013.

The central contribution of this thesis is the creation of a new formalism calledthe Llamas Language for Advanced Modular Algebraic Systems(LLAMAS) to serve as a semantic platform for modular Petri net formalisms. LLAMASincludes a powerful composition mechanism built around operator-based compositions. The LLAMAS formalism is described in detail, including both an informal description and a formal definition, and some reflexions on the main features of the language. To illustrate the semantic expressivity of LLAMAS, we considered non-trivial translations from some important formalisms in the literature, including Modular PNML and the fam- ily of the M-nets. We consider that LLAMAS has the potential to contribute in the standardization effort at three different levels:

• We think that LLAMAShas the potential to become an important reference in the domain of modularity. Clearly, if this becomes true, the work contained in this thesis will represent only the first steps of many future developments, as many research perspectives are left open.

• A less ambitious objective would be to integrate parts ofLLAMASin the stan- dardization effort. We could for instance extract the operators-based composi-

the domain of modularity is leaving out an important part of the research that has been done in this domain. Computer science has covered a great distance since the times of Carl Adam Petri, many concepts and methodologies have been developed (we can cite for exampe object-oriented languages), and their relationship with Petri nets has been thoroughly investigated. This efforts should not be left out when considering the definition of a standard for Petri nets.

1.4 Limits of this Thesis

Our proposition is strictly limited to the definitions of modularity in the Petri nets for- malisms. To limit ourselves to the notion of modularity, we rely on the notion of or- thogonality as in [HKLP12]. By this we mean that we expect other extensions of Petri nets (like time and probabilities) to be compatible with our approach. For instance, we consider that a modular temporal formalism can be defined by combining our modular mechanisms with temporal considerations. In [dMSMBG02], a simplification ofCO- OPN/2(and thus close toLLAMAS) is enriched with temporal considerations, albeit with some difficulty. Please note that this aspect is not explored in this thesis, while it remains an important work perspective.

In particular, we do not consider the problem of the kind of data types used in the formalism. In the formal definition of LLAMAS we used ADTs to define the data types, a general specification language that is already used in the ISO/IEC 15909 standard. To simplify, in the examples of this thesis we will mostly use trivial data types (black tokens, natural numbers).

Moreover, following the scope of the ISO/IEC 15909 standard, this work is limited solely to the world of Petri nets and their extensions. While it would be interesting to study the relationship of our work with other domains, such as the domain of process algebras, the actor model [Agh86], MOCAS [BHB09] or grafcet [Bla94], we leave that subject to a future work.

Another important aspect that is not included in this thesis is the problem of veri- fication inLLAMAS. The language was designed with computational considerations, and we think that an immediate future work is to build a model checker for our lan- guage based on the recent advanced in the domain ofDecision Diagrams (DDs). An- other important work perspective is to analyze the verification techniques that were defined for the individual modular formalisms, and how they could be expressed in LLAMAS.