Home | Up | Questions? |
In Chapter 4 we presented a number of problems which have been defined for Petri nets. These problems concern various properties of Petri net structure and behavior which, under appropriate circumstances, would be of interest to users of Petri nets.
Two solution techniques were also presented: the reachability tree and matrix equation approaches. These two techniques allow properties of safeness, boundedness, conservation, and coverability to be determined for Petri nets. Also, a necessary condition for reachability was established. However, these analysis techniques are not sufficient to solve several other problems, especially liveness, reachability, and equivalence. In this chapter we explore these problems, either to find solutions to them or at least to learn more about the properties of Petri nets.
A fundamental concept which we use is reducibility [Karp 1972]. Solving a problem involves reducing it to another problem which we already know how to solve. For example, in the previous chapter, the problem of determining if a Petri net is conservative was reduced to solving a set of simultaneous linear equations. The problem of solving sets of simultaneous linear equations has in turn been reduced to a defined sequence of arithmetic operations (addition, subtraction, multiplication, division, and comparisons). Thus, since the simpler arithmetic operations can be computed, conservation can be determined.
Another example concerns the equality problem and subset problem for reachability sets.
Two other considerations are of importance when considering analysis problems and reducibility. First, in trying to find a solution, we must consider the possibility that a problem has no solution technique; it is undecidable. Second, if a solution technique exists, we need to consider its cost: How much time and memory space are needed? For Petri nets to gain widespread general use, analysis problems must be solvable and by algorithms which are not excessively expensive in computer time or space.
Reducibility plays a role in both of these problems. Reducibility between problems is commonly used to show that a problem is decidable or undecidable. Our approach to decidability theory [Davis 1958; Minsky 1967] is based mainly on the work of Turing and on his model of computations, the Turing machine. The importance of the Turing machine is that it is a reasonable representation of a limited computing machine and that it can be shown that no algorithm exists which can solve certain Turing machine problems, especially the halting problem. From this basis, a collection of undecidable problems has been found. The importance of this theory is that it is not possible to produce a computer program which solves these problems. Thus, for practical analysis, these undecidable problems must be avoided, or the analysis questions will be unanswerable.
(An important distinction here is that undecidable problems produce questions which are not simply unanswered but unanswerable. Questions can be unanswered but still answerable; this merely means that no one has yet found an answer but that the answer does exist. A famous example is Fermat's last theorem: Does the equation x^{n} + y^{n} = z^{n} have solutions for n > 2 and nontrivial integer x, y, and z? This question has not been answered, but it is answerable. The answer is either yes or no. One way to answer the question is to produce numbers x, y, z, and n which satisfy the theorem. The other way would be to prove (logically deduce) that no such x, y, z, and n can exist. No one has yet done so.
However, assume that the problem were undecidable. Then it is not possible to decide whether x, y, z, and n exist which solve the equation. This means we could not logically deduce their nonexistence from the axioms of mathematics and that we cannot produce x, y, z, and n which solve the equation. But if we cannot produce x, y, z, and n, then they must not exist. If they did exist, we could set a computer to searching for them, and, eventually, it would find them. But if x, y, z, and n do not exist, then the answer to the question is no, and we have decided it. This contradicts our assumption that the question is undecidable, so the question is decidable.)
Now assume that a problem A is reducible to a problem B: An instance of problem A can be transformed into an instance of problem B. If problem B is decidable, then problem A is decidable, and the algorithm for problem B can be used to solve problem A. An instance of problem A can be solved by transforming it to an instance of problem B and applying the algorithm for problem B to determine the solution. Thus, if problem A is reducible to problem B and problem B is decidable, then problem A is decidable.
The contrapositive is also true: If problem A is reducible to problem B and problem A is undecidable, then problem B is undecidable; for if problem B were decidable, the above procedure is a decision technique for problem A, contradicting its undecidability. These two facts are central to most decidability techniques. To show that a problem is decidable, reduce it to a problem which is known to be decidable; to show that a problem is undecidable, reduce a problem which is known to be undecidable to it.
We shall make good use of this approach to reduce the amount of work we must do. For example, since the equality problem for reachability sets is reducible to the subset problem, we want to develop either (1) a solution procedure for the subset problem or (2) a proof that the equality problem is undecidable. If we can show (1), we have a solution technique for both problems; if we show (2), we know both problems are undecidable.
In some cases, we may be able to do even better. Two problems are equivalent if they are mutually reducible. That is, problem A is equivalent to problem B if problem A is reducible to problem B, and problem B is reducible to problem A. In this case, either both problems are decidable or both are undecidable, and we can work on either one. (Notice that this is not true in general. For example, if we were to show that the subset problem for reachability sets is undecidable, this would tell us nothing about the decidability or undecidability of the equality problem.)
The second consideration for investigating analysis problems is that if a solution technique exists it must be reasonably efficient. This requires that the amount of time and memory space needed by an algorithm to solve an instance of the problem not be excessive. The study of the cost of executing an algorithm is a part of complexity theory. Complexity theory deals with the amount of time and space needed to solve a problem. Obviously the amount of time and space will not be constant but will vary with the size of the problem to be solved. For Petri nets, time and space requirements would probably be a function of the number of places and transitions. Other factors which might influence things would be the number of tokens in the initial marking or the number of inputs and outputs for each transition and place (the number of arcs in the graph).
The time and space needed will vary with the particular instance of the problem to be solved. Therefore, complexity results may be in the form of a best case (lower bound) or worst case (upper bound) for an algorithm. Since it is not known in advance whether an instance will be a best case or worst case, the worst case is generally assumed, and the complexity of an algorithm is the worst case time or space requirements, as a function of the size of the input.
Complexity analysis is mainly concerned with the underlying problem complexity, and not concerned with a specific detailed implementation of any particular algorithm. Thus, complexity theory ignores constant factors. Complexity for a problem of size n is determined to be of order n^{2} or e^{n} or n log n allowing for smaller terms and constant factors. In particular two general classes of algorithms are important: those with polynomial complexity ( n, n^{2}, n log n, n^{8}, and so on) and those with nonpolynomial complexity (especially exponential, 2^{n}, and factorial, n ! ).
Complexity analysis is generally applied to specific algorithms but can also be applied to general problems. In this case, a lower bound on the complexity of all algorithms to solve a problem is determined. This provides an algorithm-independent complexity result. It also can be useful in showing that a particular algorithm is optimal (within a constant) and when further work may produce a significantly better algorithm to solve a problem. For example, it is well-known that sorting n numbers is of complexity n log n. Thus algorithms with n log n complexity cannot be significantly improved on (in the asymptotic worst case).
Reducibility can be useful in determining complexity. If a problem A can be reduced to a problem B and B has a complexity f_{B} ( n ), then the complexity of A is at most the complexity of B plus the cost of the transformation from A to B (keeping in mind that the size of the problem may also change in the transformation). The complexity of the transformations is generally constant or linear and so is often ignored. Thus, reducing problem A to problem B gives either an upper bound for the complexity of A (if the complexity of B is known) or a lower bound for the complexity of B (if the complexity of A is known). Again by using as an example the equality and subset problems, the amount of work needed to solve the equality problem is no greater than twice the amount of work for the subset problem. Since this is a constant factor, the complexity of the subset problem should be the same as the complexity of the equality problem.
These two properties of Petri net analysis properties -- decidability and complexity -- are of major concern for the use of Petri nets. In this chapter we present some results which have been obtained. One of the techniques used is to reduce one Petri net problem to another.
The reachability problem is one of the most important problems for Petri net analysis. It is also open to a large amount of variation in definition. The following four reachability problems for a Petri net C = (P, T, I, O) with initial marking μ have been posed.
Although these four problems are all different, they are all
equivalent. Certain relationships are immediately obvious.
The zero-reachability problem is reducible to the
reachability problem; we simply set μ′ = 0 for the
reachability problem. Similarly the reachability problem is
reducible to the submarking reachability problem, by setting
the subset P′ = P. The single-place zero-reachability
problem is reducible to the submarking reachability problem
by setting P′ = { p_{i} } and
μ′ = 0 . More difficult to show is that the submarking
reachability problem is reducible to the zero-reachability
problem and that the zero-reachability problem is reducible
to the single-place zero-reachability problem. This entire
set of relationships is shown in Figure 5.1.
First, we show that the submarking reachability problem is reducible to the zero-reachability problem. Assume we are given a Petri net C_{1} = (P_{1}, T_{1}, I_{1}, O_{1} ) with initial marking μ_{1}, a subset of places P′ ⊆ P_{1}, and a marking μ′ . We want to know if there exists μ′′ ∈ R ( C_{1}, μ_{1} ) with μ′ ( p_{i} ) = μ′′ ( p_{i} ) for all p_{i} ∈ P′ . Our approach is to create a new Petri net C_{2} = (P_{2}, T_{2}, I_{2}, O_{2} ) with initial marking μ_{2} such that there exists μ′′ ∈ R ( C_{1}, μ_{1} ) with μ′ ( p_{i} ) = μ′′ ( p_{i} ) for all p_{i} ∈ P′ if and only if 0 ∈ R ( C_{2}, μ_{2} ) .
The construction of C_{2} from C_{1} is quite straightforward. We start with C_{2} the same as C_{1}. To allow any place p_{i} not in P′ to become empty we add a transition t_{i}′ with input { p_{i} } and null output. This transition can fire whenever there is a token in p_{i} to drain off any tokens which may reside here. This allows us to ignore these places, being sure that they can always reach a zero marking.
For places p_{i} in P′, we must assure
that exactly μ′ ( p_{i} ) tokens are in
p_{i}. To assure this we create a new place
p_{i}′ for each p_{i} ∈ P′
with an initial marking of
μ′ ( p_{i} ) tokens and a transition
t_{i}′ with input
{ p_{i}, p_{i}′ } and null output.
If there are exactly μ′ ( p_{i} ) tokens in
p_{i}, then this transition can fire exactly
μ′ ( p_{i} ) times, reducing the markings
of p_{i} and p_{i}′ to zero.
If the number of tokens in p_{i} is not
μ′ ( p_{i} ), then the transition
t_{i}′ can only fire the minimum of the
two markings, and so tokens will be left in either
p_{i} or p_{i}′, preventing
the zero marking from being reached.
Figure 5.2 illustrates the two types of transitions
introduced. Formally we define C_{2} by
P_{2} | = | P_{1} ∪ { p_{i}′ | p_{i} ∈ P′ } |
T_{2} | = | T_{1} ∪ { t_{i}′ | p_{i} ∈ P_{1} } |
I_{2}(t_{j}) | = | I_{1}(t_{j}) for t_{j} ∈ T_{1} |
I_{2}(t_{i}′) | = | { p_{i} } for p_{i} \o′/∈′ P′ |
= | { p_{i}, p_{i}′ } for p_{i} ∈ P′ | |
O_{2}(t_{j}) | = | O_{1}(t_{j}) for t_{j} ∈ T_{1} |
O_{2}(t_{i}′) | = | { } for p_{i} ∈ P_{1} |
μ_{2}(p_{i}) | = | μ_{1}(p_{i}), p_{i} ∈ P_{1} |
μ_{2}(p_{i}′) | = | μ′(p_{i}), p_{i} ∈ P′ |
To show that 0 ∈ R ( C_{2}, μ_{2} ) if and only if there exists a μ′′ ∈ R ( C_{1}, μ_{1} ) with μ′′ ( p_{i} ) = μ′ ( p_{i} ) for p_{i} ∈ P′, assume first that μ′′ exists in R ( C_{1}, μ_{1} ) . Then in C_{2} we can also reach the marking μ′′ in the places p_{i} ∈ P_{1} by firing only those transitions from T_{1}. Now for each p_{i} ∈ P′, we can fire t_{i}′ exactly μ′ ( p_{i} ) times, reducing both p_{i} and p_{i}′ to zero. Then we can fire t_{i}′ for each p_{i} ∉ P′ as many times as necessary to put these to zero, so 0 ∈ R ( C_{2}, μ_{2} ) .
Now assume 0 ∈ R ( C_{2}, μ_{2} ) ; then there
exists a sequence of transition firings σ which
leads from μ_{2} to 0. This sequence will contain
exactly μ′ ( p_{i} ) firings of
t_{i}′ for
p_{i} ∈ P′ (to remove the tokens from
p_{i}′ ) and some number of firings of
t_{i}′ for
p_{i} ∉ P′ .
Note that these transition firings
only remove tokens from C_{1}, and since
δ ( μ′, t_{j} ) is defined whenever
δ ( μ, t_{j} ) is defined for
μ′ ≥ μ (extra tokens never hurt), the
sequence σ with all t_{i}′ firings
removed is also legal and will lead to a marking
μ′′ with exactly
μ′ ( p_{i} ) tokens in p_{i}
for p_{i} ∈ P′ . Thus if 0 ∈ R ( C_{2}, μ_{2} ), then
μ′′ ∈ R ( C_{1}, μ_{1} ) with
μ′′ ( p_{i} ) = μ′ ( p_{i} )
for p_{i} ∈ P′ .
Q.E.D.
Our next task is to show that the zero-reachability problem is reducible to the single-place zero-reachability problem. The proof of this statement again involves a construction. Given a Petri net C_{1} = (P_{1}, T_{1}, I_{1}, O_{1} ) with initial marking μ_{1}, we wish to determine if 0 ∈ R ( C_{1}, μ_{1} ) . We construct, from C_{1}, a new Petri net C_{2} with an additional place s (P_{2} = P_{1} ∪ { s } ) such that there exists a marking μ′ ∈ R ( C_{2}, μ_{2} ) with μ′ ( s ) = 0 if and only if 0 ∈ R ( C_{1}, μ_{1} ) .
The construction of C_{2} defines s so that at all
times the number of tokens in s is equal to the sum of
the number of tokens in the places of C_{1}. Thus if
μ′ ( s ) = 0, then there are zero tokens in all
places of C_{1} and vice versa. We define the initial
marking μ_{2} by
μ_{2}(p_{i}) | = | μ_{1}(p_{i}) for p_{i} ∈ P_{1} | |
μ_{2}(s) | = | Σ | μ′(p_{i}) |
p_{i} ∈ P_{1} |
d_{j} | = | Σ | #(p_{i}, O(t_{j})) − #(p_{i}, I(t_{j})) |
p_{i} ∈ P_{1} |
The early work on Petri nets, and some current work, defined Petri nets in somewhat more restricted ways than the definition in Chapter 2. In particular, the following two restrictions are sometimes enforced.
These subclasses of the general Petri net model have been considered for several reasons. A major reason is that the propagation of Petri net concepts was informal in its earlier theory. The need for multiple arcs or self-loops did not occur in early modeling. Also, it was probably felt that the theory would be easier without these additional complications to the theory. As the theory has developed, however, it has become evident that the more general definitions have not been more difficult to work with. Current work using models with these restrictions is thus either the result of unnecessary timidity on the part of the researcher or the need for quicker exposition leading to simpler definitions.
However, these restrictions add nothing to our ability to analyze Petri nets. Consider the reachability problem for these classes of nets. To show the essential equivalence of these four classes of Petri nets, we prove the following.
We show that general Petri nets can be transformed into restricted Petri nets in such a way as to reduce the reachability problem for general Petri nets to the reachability problem for restricted Petri nets. This then shows that these four reachability problems are equivalent.
To transform a general Petri net into a restricted Petri
net, we use the following basic approach. Every place in
the general Petri net is replaced by a ring of places
in the restricted Petri net. Figure 5.4 shows the general
form of a ring of places. Notice that a collection of
tokens placed in the ring can freely move around the ring to
any position at any time; they can all group into place
p_{i,1} or spread out uniformly to cover all
k_{i} places in the ring. Thus a transition
which needs three tokens from place p_{i} can
pick up one from each of p_{i,1}, p_{i,2},
and p_{i,3} rather than
all three from p_{i}. Similarly a transition
which uses p_{i} both as an input and as an
output (a self-loop) may input from p_{i,1} and
output to p_{i,2}, eliminating the self-loop.
Formally, for a general Petri net
C_{1} = (P_{1}, T_{1}, I_{1}, O_{1} )
with marking μ_{1}, we define a
restricted Petri net
C_{2} = (P_{2}, T_{2}, I_{2}, O_{2} )
with marking μ_{2} as follows. First define, for
each p_{i} ∈ P_{1}, an integer
k_{i} by
k_{i} | = | max | (#(p_{i}, I(t_{j})) + #(p_{i}, O(t_{j}))) |
t_{j} ∈ T_{1} |
P_{2} | = | { p_{ i, h } | p_{i} ∈ P_{1}, 1 ≤ h ≤ k_{i} } |
T_{2} | = | T_{1} ∪ { t_{ i, h } | p_{ i, h } ∈ P_{2} } |
#(p_{ i, h }, I_{2}(t_{j})) | = | 1 if 1 ≤ h ≤ #(p_{i}, I_{1}(t_{j})) |
= | 0 otherwise | |
#(p_{ i, h }, O_{2}(t_{j})) | = | 1 if #(p_{i}, I_{1}(t_{j})) < h ≤ #(p_{i}, I_{1}(t_{j})) + #(p_{i}, O_{1}(t_{j})) |
= | 0 otherwise |
I_{2}(t_{ i, h }) | = | { p_{ i, h } } | ||
O_{2}(t_{ i, h }) | = | { p_{ i, n } | n | = | 1 + (h mod k_{i}) } |
μ_{2}(p_{i,1}) | = | μ_{1}(p_{i}) for p_{i} ∈ P_{1} |
μ_{2}(p_{ i, h }) | = | 0 for h > 1 |
By construction, for any marking μ which is reachable in
C_{1}, there exists a marking μ′ of C_{2} such
that
Σ | μ′(p_{ i, h }) | = | μ(p_{i}) for all p_{i} ∈ P_{1} |
h |
μ′(p_{i,1}) | = | μ(p_{i}) for p_{i} ∈ P_{1} |
μ′(p_{ i, h }) | = | 0 for h > 1 |
Thus, from the point of view of analysis, general Petri nets and these three
restricted classes of the general Petri net -- ordinary Petri
nets, self-loop-free Petri nets, and restricted Petri nets --
are equivalent, each can be transformed into a similar net
of another class, allowing a reachability problem in one to
be reduced to a reachability problem in another. The
constructions in this section are due to Hack [1974a].
Reachability is an important problem, but not the only remaining problem for Petri nets. Liveness is another problem which has received much attention in the Petri net literature. As pointed out in Section 4.1.4, liveness is related to deadlock. Two liveness problems for a Petri net C = (P, T, I, O) with initial marking μ are of concern here. A Petri net is live if each transition is live. A transition t_{j} is live in a marking μ if for each μ′ ∈ R ( C, μ ) there exists a sequence σ such that t_{j} is enabled in δ ( μ′, σ ) . A transition t_{j} is dead in a marking μ if there is no reachable marking in which it can fire.
The liveness problem is obviously reducible to the single-transition liveness problem. To solve the liveness problem, we simply solve the single-transition liveness problem for each t_{j} ∈ T; if | T | = m, then we must solve m single-transition liveness problems.
The reachability problem can also be reduced to the liveness problem. Since the many variants of the reachability problem are equivalent, we use the single-place zero-reachability problem. If we have any of the other reachability problems, they can be reduced to the single-place zero-reachability problem as shown in Section 5.2. Now, if we wish to determine if place p_{i} can be zero in any reachable marking for a Petri net C_{1} = (P_{1}, T_{1}, I_{1}, O_{1} ) with initial marking μ_{1}, we construct a Petri net C_{2} = (P_{2}, T_{2}, I_{2}, O_{2} ) with initial marking μ_{2}, which is live if and only if the zero marking is not reachable from μ_{1}.
The Petri net C_{2} is constructed from C_{1} by the addition of two places, r_{1} and r_{2}, and three transitions, s_{1}, s_{2}, and s_{3}. We first modify all transitions of T_{1} to include r_{1} as both an input and an output. The initial marking μ_{2} will include a token in r_{1}. The place r_{1} is a “run” place; as long as the token remains in r_{1} the transitions of T_{1} can fire normally. Thus any marking which is reachable in the places of P_{1} in C_{1} is also reachable in C_{2}. Transition s_{1} is defined to have r_{1} as its input and a null output. This allows the token in r_{1} to be removed, disabling all transitions in T_{1} and “freezing” the marking of P_{1}. (Note that all transitions of T_{1} are in conflict and, by construction if not by definition, that no more than one transition can fire at a time.)
The place r_{1} and transition s_{1} allow the
net C_{1} to reach any reachable marking and then for
s_{1} to fire and freeze the net at that marking. Now
we need to see if place p_{i} is zero. We
introduce a new place r_{2} and a transition
s_{2} which has p_{i} as its input and
r_{2} as its output. If p_{i} can ever
become zero, this transition is not live; in fact the entire
net is dead if transition s_{1} fires in that
marking. Hence if p_{i} can be zero, the net
is not live. If p_{i} cannot be zero, then
s_{2} can always fire, putting a token in
r_{2}. In this case we must put a token back in
r_{1} and assure that all transitions in C_{2} are
live. We must be sure that C_{2} is live even if C_{1} is
not live. This is accomplished by a transition s_{3}
which “floods” the net C_{2} with tokens, assuring that
every transition is live if a token is ever put in
r_{2}. Transition s_{3} has r_{2} as
its input and every place of C_{2} (all p_{i}
in C_{1} and r_{1} and r_{2} ) as output.
This construction is illustrated in Figure 5.6.
Now, if a marking μ is reachable in R ( C_{1}, μ_{1} ) with μ ( p_{i} ) = 0, then the net C_{2} can also reach this marking on the place of P_{1} by executing the same sequence of transition firings. Then s_{1} can fire, freezing the C_{1} subset. Since μ ( p_{i} ) = 0, transition s_{2} cannot fire and C_{2} is dead. Thus if p_{i} can become zero, then C_{2} is not live.
Conversely, if C_{2} is not live then, a marking μ must be reachable in which μ ( r_{2} ) = 0 and there is no reachable state in which r_{2} has a token. [If r_{2} has a token, s_{3} is enabled, and s_{3} can be fired repeatedly enough times to enable any (or all) transitions, and so the net is live.] If r_{2} has no token and cannot get any, then the marking of p_{i} must also be zero. Thus if C_{2} is not live, then a marking is reachable in which the marking of p_{i} is zero.
On the basis of this construction, we have the following.
Now we need to show the following.
The proof that the single-transition liveness problem is reducible to the reachability problem rests on testing for the reachability of any of a finite set of maximal t_{j} -dead submarkings. A Petri net is not live for a transition t_{j} if and only if any marking is reachable in which the transition t_{j} is not fireable and cannot become fireable. A marking of this sort is called t_{j} -dead. For any marking μ we can test if it is t_{j} -dead by constructing the reachability tree with μ as the root and testing if transition t_{j} can fire anywhere in the tree. If it cannot then μ is t_{j} -dead. Checking for liveness of t_{j} then requires checking if any t_{j} -dead marking is reachable.
In general, however, there may be an infinite number of t_{j} -dead markings and an infinite set of markings in which to find the t_{j} -dead markings. The set of markings which must be checked for reachability is reduced to a finite number by noting two properties. First, if a marking μ is t_{j} -dead, then any marking μ′ ≤ μ is also t_{j} -dead. (Any firing sequence possible from μ′ is also possible from μ, so if μ′ could lead to the firing of t_{j}, so could μ .) Second, the markings of some places will not affect the t_{j} -deadness of a marking, and so the markings of these places are “don't-cares”; they can be arbitrary. Borrowing from the reachability tree construction, we replace these “don't-care” components by ω to indicate that an arbitrarily large number of tokens can be in this place without affecting the t_{j} -deadness of the marking. Now since any μ′ ≤ μ is t_{j} -dead if μ is t_{j} -dead, we need not consider those places p_{i} with μ ( p_{i} ) = ω . This means we use the submarking reachability problem with P′ = { p_{i} | μ ( p_{i} ) ≠ ω } .
As an example, consider the Petri net of Figure 5.7. The
markings (2, 0), (1, 0), (0, 0), (0, 1), (0, 2), (0, 3), …
are t_{j} -dead, but they can be finitely
represented by the set { (0, ω ), (2, 0), (1, 0) } .
Hack [1974c; 1975c] has shown that there exists for a Petri net C a finite set D_{t} of markings (extended to include ω ) such that C is live if and only if no marking in D_{t} is reachable. If a marking of D_{t} contains ω, submarking reachability is implied.
Further, D_{t} can be effectively computed. Since D_{t} is finite, the non- ω -components of the markings have an upper bound b. This bound b is characterized as the smallest number such that for any marking μ with μ ( p_{i} ) ≤ b + 1 for all p_{i}, if μ is t_{j} -dead, then the submarking μ′, with μ′ ( p_{i} ) = μ ( p_{i} ) if μ ( p_{i} ) ≤ b and μ′ ( p_{i} ) = ω if μ ( p_{i} ) = b + 1, is t_{j} -dead. With this characterization of b, we can construct D_{t} as follows.
From these two theorems, we have the following.
More formal proofs of the reducibility of liveness to reachability can be found in [Hack 1974c; Hack 1975c].
In Section 5.4 we have shown that a number of problems in reachability and liveness are equivalent, but no result has been obtained yet on the decidability of these problems. To show decidability, it is necessary to reduce a Petri net problem to a problem with a known solution, or to show undecidability, to reduce a problem which is known to be undecidable to a Petri net problem. The first important result of this kind was by Rabin [Baker 1973b]. Rabin showed that for two Petri nets C_{1} with marking μ_{1} and C_{2} with marking μ_{2} it is undecidable if R ( C_{1}, μ_{1} ) ⊆ R ( C_{2}, μ_{2} ) . Hack [1975a] later strengthened this to show that it is undecidable if R ( C_{1}, μ_{1} ) = R ( C_{2}, μ_{2} ) . The proof of these statements is based on Hilbert's tenth problem. (In 1900, D. Hilbert presented 23 problems to a conference of mathematicians; this was the tenth in his list.)
P(x_{1}, x_{2}, …, x_{n}) | = | 0? |
The equation
P ( x_{1}, x_{2}, …, x_{n} ) = 0
is a Diophantine equation.
In general it will be a sum of terms
P(x_{1}, x_{2}, …, x_{n}) | = | Σ | R_{i}(x_{1}, x_{2}, …, x_{n}) |
i | |||
R_{i}(x_{1}, x_{2}, …, x_{n}) | = | a_{i} ⋅ x_{ s1} ⋅ x_{ s2} ⋅ ⋯ ⋅ x_{ sh} |
In 1970, Matijasevic proved that Hilbert's tenth problem was undecidable [Davis 1973; Davis and Hersh 1973]: There is no general algorithm to determine if an arbitrary Diophantine equation has a root (a set of values for which the polynomial is zero). This forms the basis of the proof that the equality problem for Petri net reachability sets is undecidable. The strategy is to construct for a Diophantine polynomial a Petri net which (in some sense) computes all values of the polynomial.
The proof of the undecidability of the equality problem is
in three parts (Figure 5.8). First, Hilbert's tenth problem is reduced
to the polynomial graph inclusion problem. Then the
polynomial graph inclusion problem is reduced to the
subset problem for Petri net reachability sets.
Finally, the subset problem for Petri net reachability sets
is reduced to the equality problem for Petri net
reachability sets. This shows that Hilbert's tenth
problem, known to be undecidable, is reducible to the
equality problem, which must therefore also be undecidable.
G(P) | = | { (x_{1}, …, x_{n}, y) | y ≤ P(x_{1}, …, x_{n}) with 0 ≤ x_{1}, …, x_{n}, y } |
G(Q_{1}) | = | { (x_{1}, …, x_{n}, y) | y ≤ Q_{1}(x_{1}, …, x_{n}) } |
G(Q_{2} + 1) | = | { (x_{1}, …, x_{n}, y) | y ≤ 1 + Q_{2}(x_{1}, …, x_{n}) } |
Q_{1}(x_{1}, …, x_{n}) < y ≤ 1 + Q_{2}(x_{1}, …, x_{n}) |
Q_{1}(x_{1}, …, x_{n}) < y ≤ 1 + Q_{2}(x_{1}, …, x_{n}) ≤ 1 + Q_{1}(x_{1}, …, x_{n}) |
y | = | 1 + Q_{2}(x_{1}, …, x_{n}) | = | 1 + Q_{1}(x_{1}, …, x_{n}) |
Now we need to show that Petri nets can (in some sense)
compute the value of a polynomial
Q ( x_{1}, x_{2}, …, x_{n} ) .
We have carefully
limited the polynomial Q to having a nonnegative value,
nonnegative coefficients, and nonnegative variables. This
allows us to encode the values of the variables and the
value of the polynomial as the number of tokens in places in
a Petri net. Figure 5.9 shows the general scheme. The
input values x_{1}, …, x_{n}
are encoded by x_{i} tokens
in p_{i} for i = 1, …, n.
Initially a token also resides in the “run” place. The
execution of the net will terminate by placing a token in
the “quit” place. At this time the “output” place will have
y tokens,
where y ≤ Q ( x_{1}, …, x_{n} ) .
This Petri net will weakly compute the value Q ( x_{1}, …, x_{n} ) . Weak computation means that the value computed will not exceed Q ( x_{1}, …, x_{n} ) but may be any (nonnegative) value less than Q ( x_{1}, …, x_{n} ) . Weak computation is necessary for Petri nets because of the permissive nature of transition firings; a Petri net cannot be forced to finish. The definition of a polynomial graph G ( Q ) was made specifically with this in mind.
What we show now is that subnets can be constructed which weakly compute the function of (binary) multiplication. From this, we can construct a composite net which weakly computes the value of each term of a polynomial by successive multiplication subnets. The output of the subnet for each term will be deposited in the output place for the polynomial. Thus the number of tokens in the output place will be the sum of the outputs for each term.
The multiplication subnet is shown in Figure 5.10. This net
will weakly compute the product of the numbers, x and
y, of tokens in its two inputs and place this many
tokens in its output. The operation of the net is quite
simple. To compute the product of x and y,
transition t_{1} first fires, moving one token from
p_{x} to p_{2}. This token enables
transition t_{3}, which can now copy y tokens
from place p_{y}, putting them in p_{3}
and putting y tokens in
p_{ x ⋅ y },
the output place. Now t_{2} can fire,
putting the token in p_{2} back into p_{1}.
This enables t_{4}, which can copy the y tokens
from p_{3} back into p_{y}. This entire
process can be repeated exactly x times, each time
putting y tokens in p_{ x ⋅ y }.
Then the marking of place p_{x} has
been reduced to zero, and the net must stop. The total
number of tokens in place p_{ x ⋅ y }
is then the product of x and y.
The above case is the best case, in the sense that the
number of output tokens is exactly x ⋅ y.
However, the token in p_{2} enables both transitions
t_{3} and t_{2}, and it is possible for
t_{2} to fire before all y tokens have been
copied from p_{y} to p_{3} and been
added to p_{ x ⋅ y }. In this case,
the number of tokens deposited in
p_{ x ⋅ y }
will be less than x ⋅ y. Since
t_{3} can fire no more than y times for each
firing of t_{1} and t_{1} can fire no more
than x times, we can guarantee that the number of
tokens in p_{ x ⋅ y } never exceeds
x ⋅ y, but because of the permissive
nature of transition firings, we cannot guarantee that the
number of tokens in p_{ x ⋅ y } will
actually equal x ⋅ y; it could be less.
Thus, this Petri net weakly computes the product of x
and y. Now to weakly compute a term R_{i} which
is the product a_{i} x_{ s1} x_{ s2}... x_{ sh}
we construct a Petri
net of the form shown in Figure 5.11. Since each subnet
weakly computes the product of two terms, the entire subnet
weakly computes the value of the term R_{i}.
Figure 5.12 then shows how a polynomial
P = R_{1} + R_{2} + ⋯ + R_{k}
can be weakly computed. Each subnet is
of the form of Figure 5.11 and weakly computes the value of
one term. The outputs of the k subnets for each term
have been merged together, giving a total value which is the
sum of each term.
Now some control transitions and places are added to create the specific reachability sets needed. First we need to be able to produce an arbitrary value for each of the variables ( x_{1}, …, x_{n} ) and record that value in the places p_{1}, …, p_{n}. A transition t_{i} is created for each p_{i} with null input and outputs to p_{i} and every place which is an input corresponding to x_{i} in a term R_{j} which uses x_{i}. Thus, in the polynomial x_{1} + x_{1} x_{2} we would have a transition t_{1} with outputs to p_{1} and to the x_{1} inputs of the two terms, x_{1} and x_{1} x_{2}, which use x_{1}; t_{2} would output to p_{2} and to the x_{2} input of the term x_{1} x_{2}.
These transitions can fire an arbitrary number of times, creating any value in p_{1}, …, p_{n}. Thus, for every y ≤ P ( x_{1}, …, x_{n} ) a marking μ is reachable with μ ( p_{1} ) = x_{1}, …, μ ( p_{n} ) = x_{n} and μ ( output ) = y. The value y = P ( x_{1}, …, x_{n} ) can be achieved by first firing t_{1} x_{1} times, putting x_{1} tokens in p_{1}, then firing t_{2} x_{2} times, and so on until t_{n} has fired x_{n} times. The subnet for each term R_{i} of the polynomial can then execute, with the resulting polynomial value put in the output place.
To reduce the polynomial graph inclusion problem to the subset problem for Petri net reachability sets, we perform the following steps. For polynomials A and B, we wish to determine if G ( A ) ⊆ G ( B ) .
To prevent this problem we add two new places q and r to C_{A} (giving C_{A}′ ) and q′ and r′ to C_{B} (giving C_{B}′ ). In C_{A}′, q, and r are not used for any transitions, and initially r is empty and q is marked with one token. In C_{B}′, r′ is a “run” place. It is initially marked, and every transition in C_{B}′ is modified to include r′ as both an input and an output. Thus, as long as the token remains in r′, the net C_{B}′ can function as before. A new transition transfers the enabling token from r′ to q′, disabling all transitions in C_{B}′ and “freezing” the marking. Now we add two new transitions for each internal place in C_{B}′ .
For each internal place p_{i} whose marking is unimportant, one transition has places q′ and p_{i} as inputs and only q′ as an output (allowing the marking in p_{i} to be decreased by one), and another transition has q′ as input and both q′ and p_{i} as outputs (allowing the marking in p_{i} to be increased by one). These transitions allow the marking of each internal place to be made arbitrary by an appropriate sequence of increasing or decreasing firings.
The reachability sets of C_{A}′ and C_{B}′ are
as follows.
For C_{A}′,
p_{1} | ... | p_{n} | output | r | q | internal places |
x_{1} | ... | x_{n} | y ≤ A(x_{1}, …, x_{n}) | 0 | 1 | Some arbitrary marking |
p_{1} | ... | p_{n} | output | r | q | internal places |
x_{1} | ⋯ | x_{n} | y ≤ B(x_{1}, …, x_{n}) | 1 | 0 | Some arbitrary marking |
x_{1} | ⋯ | x_{n} | y ≤ B(x_{1}, …, x_{n}) | 0 | 1 | All arbitrary markings |
This concludes our demonstration of the following.
We now have only to show that the subset problem for Petri net reachability sets is reducible to the equality problem.
Assume that we have two Petri nets A and B and wish to
determine if R ( A, μ_{A} ) ⊆ R ( B, μ_{B} )
(the subset problem). We now show
that two Petri nets D and E can be defined
such that R ( A, μ_{A} ) ⊆ R ( B, μ_{B} )
if and only if
R ( D, μ_{D} ) = R ( E, μ_{E} ) . The basis for this
construction is the fact that
R(A, μ_{A}) ⊆ R(B, μ_{B}) if and only if R(B, μ_{B}) | = | R(A, μ_{A}) ∪ R(B, μ_{B}) |
Both D and E are constructed from a common subnet, C. The
net C encodes the reachability sets of both A and B in such
a way as to produce their union. Figure 5.14 illustrates
the basic construction. The n places
p_{1}, …, p_{n} act as either the
n places of net A or the n places of net B.
Originally they are unmarked. Two new places r_{A}
and r_{B} are added as “run” places for net A and net
B, respectively. All transitions of net A are modified to
include r_{A} as both an input and an output; all
transitions of net B are modified to include r_{B} as
both an input and an output.
Now, one more place, s, is added and two new
transitions, t_{A} and t_{B}. The initial
marking for this entire net (including A and B as subnets
with shared places; places r_{A}, r_{B}, and
s; and transitions t_{A} and t_{B} ) is
one token in s and zero tokens elsewhere. Transition
t_{A} has place s as its input and as output
produces the initial marking for net A plus a token in
r_{A}; transition t_{B} has place s as
its input and produces the initial marking for net B plus a
token in r_{B}. Thus, if t_{A} fires, then
the subnet A has its initial marking, and all of its
transitions can fire as normal since there is a token in
r_{A}. However, subnet B is completely disabled,
since there is no token in r_{B}. If t_{B}
fires first, then the subnet B can operate, and A is
disabled. The set of firing sequences for C is then any
sequence of the form
t_{A}, < any sequence of firings from A> |
t_{B}, < any sequence of firings from B> |
The net D is obtained from C by adding one new transition, q_{B}. Transition q_{B} has place r_{B} as its input and no output. Notice that q_{B} can fire only if transition t_{B} was the first to fire; if transition t_{A} fires first, then r_{B} will be empty, and t_{B} cannot fire.
The net E is constructed from D by adding a new transition, q_{A}. Transition q_{A} has place r_{A} as its input and no output. Transition q_{A} can fire only if t_{A} was the first to fire: Notice that net E is constructed from D, not (directly) from C. So E has both transition q_{A} and transition q_{B}.
Now let us examine the reachability sets of the Petri nets
C, D, and E. The reachability set of C is all markings of
the form
s | r_{A} | r_{B} | p_{1}, …, p_{n} |
1 | 0 | 0 | 0, …, 0(initial marking) |
0 | 1 | 0 | Any μ ∈ R(A, μ_{A}) (if t_{A} fires) |
0 | 0 | 1 | Any μ ∈ R(B, μ_{B}) (if t_{B} fires) |
s | r_{A} | r_{B} | p_{1}, …, p_{n} |
1 | 0 | 0 | 0, …, 0(initial marking) |
0 | 1 | 0 | Any μ ∈ R(A, μ_{A}) (if t_{A} fires) |
0 | 0 | 1 | Any μ ∈ R(B, μ_{B}) (if t_{B} fires) |
0 | 0 | 0 | Any μ ∈ R(B, μ_{B}) (if q_{B} fires) |
s | r_{A} | r_{B} | p_{1}, …, p_{n} |
1 | 0 | 0 | 0, …, 0(initial marking) |
0 | 1 | 0 | Any μ ∈ R(A, μ_{A}) (if t_{A} fires) |
0 | 0 | 1 | Any μ ∈ R(B, μ_{B}) (if t_{B} fires) |
0 | 0 | 0 | Any μ ∈ R(B, μ_{B}) (if q_{B} fires) |
0 | 0 | 0 | Any μ ∈ R(A, μ_{A}) (if q_{A} fires) |
Now, if R ( A, μ_{A} ) ⊆ R ( B, μ_{B} ), the
last class in R ( E, μ_{E} ) [markings of the form (0, 0, 0, μ ) with μ ∈ R ( A, μ_{A} ) ] is included in
the last class of R ( D, μ_{D} ) [markings of the form
(0, 0, 0, μ ) with μ ∈ R ( B, μ_{B} ) ]. Since all
other markings are the same,
R(D, μ_{D}) | = | R(E, μ_{E}) if R(A, μ_{A}) ⊆ R(B, μ_{B}) |
Thus, this construction shows the following.
The undecidability of the subset and equality problems for Petri net reachability sets creates the possibility that the reachability problem itself is also undecidable. However, at the moment, the decidability (or undecidability) of the reachability problem is open. There is currently neither an algorithm to solve the reachability problem nor a proof that such an algorithm cannot exist.
In 1977, a “proof” of the decidability of the reachability problem was presented at the ACM Symposium on Theory of Computing [Sacerdote and Tenney 1977]. However, this “proof” has several serious flaws, and attempts to correct them, to produce a correct proof, have been unsuccessful. Still the prevailing feeling is that the reachability problem is decidable -- it is believed that an algorithm does exists and will be discovered in time.
Assuming that an algorithm to solve the reachability problem does exist, it is likely to be very complex. The obvious question is, If an algorithm to solve the reachability problem exists, how complex must it be? Some bounds on this complexity can be established without reference to any specific algorithm
Lipton [1976] has shown that any algorithm to solve the reachability problem will require at least an exponential ( 2^{ c ⋅ n } ) amount of space for storage and an exponential amount of time. The exponent ( n ) is a measure of the size of the problem and in Lipton's case reflects the number of places and their interconnections to transitions.
Lipton proved that exponential space is necessary by showing that a Petri net can be constructed in which a place acts as a counter of the numbers 0, 1, …, 2^{2n}. Representing this in the reachability problem algorithm would require at least log_{2} (2^{2n} ) = 2^{n} bits. Just as important is that his construction uses at most h ⋅ n places (for some constant h ).
Lipton's proof hinges on the ability to create a net to count to 2^{2n} in only h ⋅ n places. Part of the constraints is a need to test this place for zero. Petri nets, of course, have been designed so that there is no direct way to test for zero. However, a common technique used with Petri nets to allow zero testing is to use two places p and p′ such that μ ( p ) + μ ( p′ ) is a constant. If we know that μ ( p ) + μ ( p′ ) = k, then we can test for μ ( p ) being zero by testing if μ ( p′ ) has k tokens; if μ ( p′ ) has k tokens, then μ ( p ) has zero tokens and vice versa. A place can be tested for nonzero by using it in a self-loop. Note that to maintain this ability we must maintain the constant nature of μ ( p ) + μ ( p′ ) ; that is, the net must be conservative, at least with respect to these two places.
For small numbers k one can test if the marking of a
place is k by having the place be an input to a
transition k times (Figure 5.15). However, these arcs contribute to
the size of the problem, and so we cannot do this in
general. Lipton showed that if the constant sum of two
places ( p_{k}, p_{k}′ ) is
k and k is a product of two smaller integer
factors k = k_{1} ⋅ k_{2} which
are the constant sums of two other pairs of places
( p_{ k1}, p_{ k1}′ and
p_{ k2}, p_{ k2}′ ) and
we can test μ ( p_{ k1} ) = 0 and
μ ( p_{ k2} ) = 0, then we can test if
μ ( p_{k} ) = 0 . This allowed Lipton to build
subnets such as Figure 5.16. These nets are then used to
control multiplication nets, similar to the nets used to
weakly compute the polynomial graph (see Figure 5.10). The
test-for-zero subnet allows the Petri net to compute the
exact product (not a weak product which is merely bounded by
the real product).
These simple nets allow Lipton to build a net, for a given n, which can generate exactly 2^{2n} tokens in a place ( p ) with zero tokens in p′ and the ability to test μ ( p ) for zero. The number of places used is only a constant factor times n. The existence of a Petri net like this shows that the reachability problem requires exponential time and space and hence will be very expensive to solve.
The construction of a Petri net which can count up to 2^{2n} has a very important corollary, too. The Petri net which is constructed is bounded, since the number of tokens in any given place cannot exceed 2^{2n}. This means that any algorithm to determine boundedness of a Petri net must also require exponential time and space. Thus, even simple problems for Petri nets, while decidable, may require large amounts of time and space for solution.
It should be remembered that these are lower bounds on the worst-case behavior of an algorithm. It may be the case that many interesting problems can be decided for most Petri nets relatively efficiently. These complexity results show that even if an algorithm works very well most of the time there exists a Petri net which will take lots of time and space to analyze.
Although these are worst-case complexity results (which means the average case may be much better), they are also lower-bound results. We know that the reachability problem requires exponential space, at least. It may be that reachability is even worse than exponential. Rackoff [1976] has developed an algorithm for determining boundedness in exponential time, so the boundedness problem is known to be of exponential complexity. However, the reachability problem is simply known to be at least exponentially complex (and may not even be decidable).
A recent result by Mayr [1977] showed that the subset and
equality problems for bounded Petri net reachability
sets are of nonprimitive recursive complexity. These
results indicate that some problems for Petri nets, while
decidable, are computationally intractable.
Exercises
P_{2} | = | P_{1} ∪ { p_{j}′ | t_{j} ∈ T_{1} } |
T_{2} | = | T_{1} |
I_{2} | = | I_{1} |
O_{2}(t_{j}) | = | O_{1}(t_{j}) ∪ { p_{j}′ } |
Computability theory is an early part of the theory of computation and developed from the work of Turing, Kleene, Godel, and Church. Davis [1958] and Minsky [1967] offer good explanations of this work. Karp [1972] shows how reducibility can be used for decidability and complexity results.
The reachability problem first arose in [Karp and Miller 1968]; it was reported as a research question in [Nash 1973]. Preliminary results were reported in [Van Leeuwen 1974; Hopcroft and Pansiot 1976], but these do not generalize.
Most of the results in this chapter are due to the work of Hack [1974a; 1974c; 1975a; 1975c]. Hack has been one of the major researchers on decision problems for Petri nets. Other work on decision properties includes [Araki and Kasami 1976; Araki and Kasami 1977; Mayr 1977]. Complexity results have been produced by Lipton [1976], Rackoff [1976], and Jones et al. [1976] among others. Some related work not directly tied to Petri nets is [Cardoza 1975; Cardoza et al. 1976].
#(p_{i}, I(t_{j})) | = | #(p_{i}, O(t_{k})) |
#(p_{i}, O(t_{j})) | = | #(p_{i}, I(t_{k})) |
Home | Comments? |