- Text
- Reachability,
- Nets,
- Transitions,
- Markings,
- Petri,
- Marking,
- Hierarchical,
- Analysis,
- Regions,
- Transition,
- Graph

Hierarchical Reachability Graph Generation for Petri Nets

306 BUCHHOLZ AND KEMPERThe Kronecker representation requires overall 195 transitions to represent the completereachability graph with 622 transitions. Of course, this comparison does not consider overheadof storing different matrices in the Kronecker representation. However, the overheaddepends on the number of transitions in ∪ST i and on the number of LNs. Both quantities arenegligible compared to the number of markings if we consider large nets. The hierarchicallygenerated reachability set RS h includes 270 markings, which means that 16 markings areunreachable. We consider this point in the subsequent section.7. **Hierarchical** analysisA Kronecker representation has advantages **for** analysis algorithms. In this section wedescribe how to recognize RS(PN) in a Kronecker representation by a search algorithm,Depth-First-Search (DFS) or Breadth-First-Search (BFS). This serves two purposes: a)knowledge of the exact RS(PN) is important **for** state-based analysis and b) many statebasedanalysis algorithms are search algorithms as well, e.g., model-checking algorithms**for** computational tree logic (CTL) in [20] are search algorithms and require knowledge ofRS(PN). **Reachability** analysis **for** Kronecker representations profits from the fact that thenumbering of markings in RS H (PN s ) is a perfect hash function **for** markings in RS(PN).This was first exploited **for** the efficient reachability analysis of SGSPNs, a class of generalizedstochastic PNs consisting of components synchronized via transitions, in the work ofKemper [32]. We can use a similar approach here, but do not necessarily rely on it; see, **for**example, [11, 18, 19] **for** alternatives. For a marking M x of the HN, let n(x) = ∏ Ji=1 n i(x i )be the number of markings in RS h . Let r[x] be a Boolean vector of length n(x) that isused to store results of the reachability analysis. Thus r[x H ](x L ) = 1 indicates that marking(x H , x L ) ∈ RS(PN), and r[x H ](x L ) = 0 indicates after termination that (x H , x L ) ∉ RS(PN).Formally, we use here one Boolean vector per HN marking, but it is obviously possible tostore all these vectors consecutively in a single Boolean vector of appropriate length. Inaddition to the vectors r[x] and the different matrices introduced in the previous section,reachability analysis also requires a set U to store unexplored markings, similar to the setU used in generate RS in Section 2. However, in the current setting, U only has to storeinteger pairs instead of complete marking vectors.Let (x 0H , x 0L ) be the number of the initial marking; then r[x 0H ](x 0L ) is initialized with 1,and all remaining vector components are zero. Additionally, U is initialized with (x 0H , x 0L ).Then the following algorithm is used to determine reachable markings.generate structured RS (PN)while (U ≠ ∅) doremove (x H , x L ) from U;**for** j = 1toJdo**for** all y j with Q jl (x j , y j ) = 1 doy L = x L + (y j − x j ) · l j (x H )if r[x H ](y L ) = 0 thenr[x H ](y L ) = 1;U = U ∪ (x H , y L );// compute successor in subnet j

HIERARCHICAL REACHABILITY GRAPH GENERATION FOR PETRI NETS 307end**for** all y H with Q H (x H , y H ) ≠ ∅ do**for** all t ∈ Q H (x H , y H ) doy L = x L ;**for** all j with t ∈ T j doif y j L with Q j [jt xH , y j Hy L = y L + ( y j L − x j L)· l j (y H );elsey L =−1 and break;if y L ≥ 0 thenif r[x H ](y L ) = 0 thenr[x H ](y L ) = 1;U = U ∪ (x H , y L );// compute successor in subnet HN](xjL , y j L)= 1 exists then (*)Note that the order in which elements are inserted and removed from U makes thisalgorithm per**for**m DFS or BFS. In the step indicated by (∗), the algorithm exploits the factthat firing of transition t always yields a unique successor marking. There**for**e, each rowof a matrix Q i t can include at most one element. The approach can be easily extended **for**PNs in which different successor markings are possible. This situation occurs in stochasticnets in which probabilistic output bags **for** transitions are allowed. Since the algorithmcomputes all successor markings of reachable markings, it is straight**for**ward to prove thatgenerate structured RS generates RS(PN) and terminates when RS(PN) isfinite, as is thecase here, since RS H (PN s ) is assumed to be finite.The remaining point is the comparison of generate structured RS (from Section 2) andgenerate RS. As be**for**e, we assume that the reachability set contains n markings, and thaton the average, d transitions are possible in each marking. The theoretical time complexityof generate RS is O(nd log 2 n) if insert and member functions on RS use log 2 n operations.The complexity of generate structured RS is in O(nd), since the Boolean vectors allowus to test in O(1) whether a marking has been reached be**for**e. Additionally, the constantsbehind the asymptotic complexity are much lower **for** generate structured RS. The reason isthat all operations are per**for**med with simple integer operations, while several operations ofgenerate RS are time-consuming. For example, if a new marking M is found in generate RS,a data structure to hold M has to be allocated and inserted into the data structure storingthe already generated markings. Since this data structure is usually a tree, pointers haveto be modified. In generate structured RS the same operation only requires the setting ofa bit in vector r. Thus, we can usually expect an improvement of run times of about twoorders of magnitude **for** large reachability sets. However, to apply generate structured RS,PN has to be decomposed, and then the reachability sets and matrices **for** the subnets haveto be generated. The complexity of both problems is, **for** large nets, much lower than thatof reachability analysis. This can also be seen in the example presented below.In addition to time complexity, we must also compare space complexity. Of course, thedifference in memory requirements depends on the concrete example. However, if the nethas been decomposed into LNs with roughly identically sized reachability sets, and the sizesof RS H (PN s ) and RS(PN) do not differ too much (i.e., not by several orders of magnitude),

- Page 1 and 2: Formal Methods in System Design, 21
- Page 3 and 4: HIERARCHICAL REACHABILITY GRAPH GEN
- Page 5 and 6: HIERARCHICAL REACHABILITY GRAPH GEN
- Page 7 and 8: HIERARCHICAL REACHABILITY GRAPH GEN
- Page 9 and 10: HIERARCHICAL REACHABILITY GRAPH GEN
- Page 11 and 12: HIERARCHICAL REACHABILITY GRAPH GEN
- Page 13 and 14: HIERARCHICAL REACHABILITY GRAPH GEN
- Page 15 and 16: HIERARCHICAL REACHABILITY GRAPH GEN
- Page 17 and 18: HIERARCHICAL REACHABILITY GRAPH GEN
- Page 19 and 20: HIERARCHICAL REACHABILITY GRAPH GEN
- Page 21 and 22: HIERARCHICAL REACHABILITY GRAPH GEN
- Page 23 and 24: HIERARCHICAL REACHABILITY GRAPH GEN
- Page 25: HIERARCHICAL REACHABILITY GRAPH GEN
- Page 29 and 30: HIERARCHICAL REACHABILITY GRAPH GEN
- Page 31 and 32: HIERARCHICAL REACHABILITY GRAPH GEN
- Page 33 and 34: HIERARCHICAL REACHABILITY GRAPH GEN
- Page 35: HIERARCHICAL REACHABILITY GRAPH GEN