A Calculus of Petri Net Components Semantics for Petri nets with hierarchy N.Sidorova, M. Voorhoeve,...

A Calculus of Petri Net Components

Semantics for Petri nets with hierarchy

N.Sidorova, M. Voorhoeve, J.v.d.Woude (TUE)

Dedication

Gordon PlotkinA Structural Approach to Operational Semantics

Aarhus Univ Tech Report DAIMI FN-19

plm. 650 citations (citeseer.nj.nec.com)

tech. report world record?

Contents

• Introductionnets with hierarchy

• Challengefrom hierarchy to components

• Solutionstates as events, nets as terms,bisimilarity, Structured Operational Semantics

• Example

• Conclusions

Introduction

• Research motivated by CPN and ExSpect: Petri Nets with hierarchy.

• Correctness (e.g. verification) issues handicapped by semantics problems.

• What is a hierarchical net?.

Hierarchical Petri netsHierarchical Petri nets

transition place subnet

fire

enabled

unfold

produce

token

Hierarchical Petri netsHierarchical Petri nets

disabled

unfold

Hierarchical Petri netsHierarchical Petri nets

enabled disabled

fire

consume

consume

produce

fire

Hierarchical Petri netsHierarchical Petri nets

consume

produce

produce

Hierarchical Petri netsHierarchical Petri nets

fire

enabled

enabled

Challenge

• From hierarchy to components• Interface (external) vs. realization (internal)• Compositional semantics• Equivalence of hierarchical nets and their

unfoldings• Respecting state/event duality of nets

1-server queue component

enter

external free

busy

leave

start finish

internal

environment of a componentcannot access internal parts

Compositionality

• Semantics of component determines its behavior in any context

• Semantics maps component to mathematical object

• Semantics defined only on interface

Example

subnets with context

C.N

C.M

Different components

N

M

Xsemanticssame math. object

semantics

different objects

Y

Z

Process Algebra

• Components are terms

• Terms define transition systems by SOS (structured operational semantics) production rules

• Bisimilarity equivalence allows rewriting of terms (calculus)

Transition systems (TS)

Directed graphNodes (states)

Labeled arcs (events)

a bc

c d

e

d

f

SOS production rules

terms TS a.b+c

a

b

b

c

X X’

X+Y X’aX X’

premise

conclusion

Bisimilarity

a a

b b b b

c cd

d

a

b b

c

d

relationbetweenstateswith

samefuture

behavior

Component semantics:Equivalence classes of TS modulo bisimilarity

Temporal predicates, e.g.:S |- A B State S satisfies A and not B

S |- aC In S an a-step can occurto a state satisfying C

S |- a:a T S is a deadlock state

Bisimilar states = satisfying same predicates

Calculus of terms

x+y = y+x

(x+y)+z = x+(y+z)

x+x = x

proven by constructing bisimulations

Roadmap net components

• Net component is term describing its subcomponents and the way they’re connected

• Graphical representation (colored) net

• Rewrite rules, e.g. unfolding or consistent relabeling of subcomponent

Net Component Semantics

3 event types:- external consumption- firing- external productionexternal prod/cons added to cons/prod due to firing!

X c, f, p

X'

In X, consuming c, firing f and producing p results in X'

addition of events:simultaneous occurrence

X X0, 0, 0

empty event always possible

busyenter

free

leave

start finish

X X 0, s, 0

Y

Y0, f, 0

Z

Z l, 0, e

X

Z l, s, e

Y

busyenter

free

leave

start finish

Y

busyenter

free

leave

start finish

ZX Z

Z e, s, 0

?

not:

0, s+f, 0

enter leave

start finish

X

X |- 2e,0,0 (0,s,0 T):In X , removal of twoe-tokens will cause a state where s cannot fire.

At the same time, a token can be removed from e and s can fire in X.

X |- e,s,0 T

X |- 0,s,0 (l,0,0 T):After firing s in X , nol-token is available.

In X, s then f can fire, after which both e and l contain at least 1 token.

X |- 0,s,0 (0,f,0 (e+l,0,0 T))

Component predicates

Formal DefinitionComponent: Algebraic term

built from constants & operators

Term X defines TS: SOS rulesStructured Operational Semantics

X X'c, f, p

c,p: bag(B); f: bag(A)

A: actions, B: place labels

SOS rules (constants/merge)

Transition Ta

a in A

Ta 0, k.a, 0

Ta

k in Nat

Marked place Pb,k

b in B, k in Nat

Pb,k l.b, 0, m.b

Pb,m+k-l

l k, m in Nat

merge:X

c+d, f+g, p+q

X', Y d, g, q

Y'

X ||Y X' ||Y'

c, f, p

SOS rules (connect)Consumption t

t in A bag.Bt in bag.A bag.Bt.0 = 0, t.[a] = [t.a],

t(x+y)=t.x+t.y

t (X)

X t.f+c, f, p

X '

t (X')c, f, p

Production s

s in A bag.Bs in bag.A bag.B

s (X)

X c, f, p+s.f

X '

s (X')c, f, p

firing + consumption/production = connected firing

ExampleNet:

a p b

Term:X = s(t(Pa,1||Tp||Pb,0))

s = {(p,b)}, t = {(p,a)}

SOS derivation:

Pa,1a, 0, 0

Pa,0 , Tp0, p, 0

Tp , Pb,00, 0, b

Pb,1

Pa,1||Tp||Pb,0a, p, b Pa,0||Tp||Pb,1

t(Pa,1||Tp||Pb,0) 0, p, b t(Pa,1||Tp||Pb,0)

s(t(Pa,1||Tp||Pb,0)) 0, p, 0 s(t(Pa,0||Tp||Pb,1))

Hiding

a p b

C

a

p

b

D

Hidden actions invisible Hidden places inaccessible

C |- 0,0,0 (b,0,0 T)

C |- a,0,3b T

C b,0,0 T D |- 0,p,0 T

D 0,0,2a T

SOS rules (hiding)

L (X)

X c, f, p

X '

L (X ')c, fL, p

L A, hidden actions

M (X)

X c, f, p X ' , cM=c, pM=p

M (X')c, f, p

Similar for hiddenplace labels M

If xbag(A), then xL defined by0L = 0, [a]L = 0 if aA

[a]L = [a] if aA(x+y)L = xL + yL

Component structure

Net:Internal/externalplaces/transitionswith connections

p

a

b

q

Term:hiding (partially)of connected mergeof places/transitions

Z = Tp || Tq || Pa,1 || Pb,1

X = {(a,q),(b,p)}(Y)Y = {(q,b),(p,a)}(Z)

N = q(b(X))

Problem Solution

• Net component:representable as both graph and term

• TS of term defined by SOS rules

• Compositionality realized by bisimulation equivalence

• Both state-based and event-based approaches are supported

Extensions

Relabeling with loss of informationFusion/liberation of external place labelsMore actions per transitionSynchronization/encapsulation of external actionsRewrite rules flat net normal form

Colored nets: tokens and actions with valuesStandard language for functions and relationsASCII format of operators

Example

Purch: Purchase of supplies

The inventory interface signals a shortage (place needed).A database query (action sqry) reveals the supplier of theneeded item, which is ordered (action order).After some time, the order is delivered (action delivery)and the information is transferred (via place rdy) forpayment to the Finance deptThe orders waiting for delivery are kept in an internalplace wo.

needed[i:It,n:Nat]

wo:[s:Sup,i:It,n:Nat]

rdy[s:Sup,i:It,n:Nat]

order[s:Sup,i:It,n:Nat]

delivery[s:Sup,i:It,n:Nat]

sqry[s:Sup,i:It]

Net Model

Purch

Tentative script

Purch :=extern place needed[i:It,n:Nat],

rdy[s:Sup,i:It,n:Nat] action sqry[s:Sup,i:It],

order[s:Sup,i:It,n:Nat], delivery[s:Sup,i:It,n:Nat]

intern place wo[s:Sup,i:It,n:Nat]with sync order(s,i,n) and sqry(s,i) consume order(s,i,n) from needed(i,n) produce order(s,i,n) to wo(s,i,n) consume delivery(s,i,n) from wo(s,i,n) produce delivery(s,i,n) to rdy(s,i,n)

Component connections

neededrdy

ord

delivery

sqry Purch

need sqry

Inv

recv

topay

DB

Fin

pay

topay : place label

delivery: action

: action synchronization: production/consumption: place fusion

ProdFact

order

Script

ProdFact :=extern action ord[s:Sup,i:It,n:Nat] = Purch.order,

recv[s:Sup,i:It,n:Nat] = Inv.recv, pay[s:Sup,m:Money] = Fin.pay

intern Purch (needed, rdy, sqry, order, delivery), DB (sqry, ... ), Inv (recv, need , ... ), Fin (topay, pay, ...)with sync recv(s,i,n) and Purch.delivery(s,i,n) sync Purch.sqry(s,i) and DB.sqry(s,i) produce Inv.need(i,n) to Purch.needed(i,n) fuse Purch.rdy(s,i,n) to Fin.topay(s,i,n)

Conclusions

• Semantics for net components• Temporal predicates for requirements• Verification possible• Good practice rules (pragmatics) can be

added• Foundation of component-based

modeling

Research issues

• Stronger semantics e.g. allowing transition refinement

• Language and toolsspecification, modeling, verification

• Relation to CPN/ExSpect

• Teaching

• ....