Hierarchical Reachability Graph Generation for Petri Nets
282 BUCHHOLZ AND KEMPERapproaches to increasing the size of RGs that can be handled have been published. Weroughly distinguish three groups: (a) exact approaches for full RGs, (b) approaches forreduced RGs that are exact for certain properties, and (c) other approaches, which donot necessarily compute exact results or prove only necessary or sufficient conditions forproperties.1.1. Approaches for full RGsSuch approaches have two means at hand to face state-space explosion: They employ morehardware resources and/or use sophisticated data structures to represent large RGs.For the former approach, powerful parallel or distributed computer architectures are employedto increase the available computing power and memory with obvious consequencesfor the size of RGs that can be managed. For example, implementations on various parallelarchitectures are described in [1, 14], and workstation clusters are used for RG generationin [34, 38]. These approaches describe RG exploration for generalized stochastic Petri nets(GSPNs). However, they apply for RG exploration of PNs as well. The general problemof parallel/distributed state-space generation is that an exponentially growing problem isattacked by increasing the available resources at most linearly. Additionally, the problemof an efficient parallelization of RG generation arises. Efficient realization of the RG generationalgorithm in a distributed way is non-trivial, since the different distributed tasks aredependent and require synchronization that introduces additional overhead. In particular,the speedup that can be reached by a parallel implementation is model-dependent; thismakes the realization of an efficient, general-purpose, parallel RG generation even harder.An orthogonal approach is to develop specialized data structures for large RSs and RGs. Arecent technique from the area of hardware verification is known as ordered binary decisiondiagrams (OBDDs). They can be applied if state descriptions can be efficiently encoded asBoolean functions. This is the case for 1-bounded Petri nets . If applied to k-boundedPetri nets, either markings require a binary encoding or OBDDs need to be generalized tohandle natural variables. Development of both approaches has begun; however, for bothapproaches it is still unclear how the additional complexity relates to the efficiency gain ofOBDDs. The key idea of OBDDs is that a state is encoded in a path of a binary tree andthat isomorphic subtrees only need a single representation. Hence, the binary tree is foldedinto a uniquely determined directed acyclic graph. OBDDs have been used successfully onmodels with extremely large RSs , but their efficiency is not, in general, guaranteed,and even for suitable models efficiency relies on the order of variables that is required forthe path encoding of a state.Another data structure for handling large RGs follows from a divide and conquer approachthat considers Petri nets as a set of component nets composed via synchronizationof transitions (like a rendez-vous communication). Reference  introduces an approachfor colored PNs (CPNs) that generates RGs of components in parallel by taking only localtransitions into account. Additionally, a synchronization graph describing synchronizedtransitions is defined. Interleaving the firing of local and synchronized transitions makesit possible to generate the complete RG or to prove properties holding on the completeRG. In [23, 32], a similar approach combines adjacency matrices of component RGs via
HIERARCHICAL REACHABILITY GRAPH GENERATION FOR PETRI NETS 283Kronecker operations to achieve a space-efficient representation of the overall RG. In thisconstruction, RS is a subset of the cross-product of component reachability sets. If RSs andthe RGs of the components are known, RS and RG of the PN are completely characterized.In , an approach for hierarchical RG generation is proposed for hierarchically structuredCPNs. Much like the previous approach, this approach describes the RG by composingadjacency matrices of component RGs via Kronecker operations. The disadvatage of thesemethods for efficient RG generation is that the component structure has to be defined by themodeler, and all methods are very sensitive to the component structure. In this paper we willimprove this situation and describe an algorithm to deduce a hierarchical net description fora formerly unstructured Petri net. The resulting hierarchical net corresponds to a two-levelhierarchical Kronecker structure of the associated RG.1.2. Approaches for a reduced RGAn alternative way to handle large RGs is to reduce their size without losing relevantinformation. This idea can be exploited at two different levels.First, it is possible to simplify the net by reducing the number of places and transitions.The corresponding approaches are called reduction rules, and where described for uncoloredPNs in  and subsequently for CPNs in . Reduction rules are defined with respect tothe properties of interest. Thus, it is necessary first to define properties, and then to introducereduction rules that preserve these properties. This approach yields a set of predefined rulesfor a set of predefined properties, as in [3, 25]. The main drawback of reduction rules isthat their applicability is restricted to relatively specific structures. Consequently, the gainobtained by reduction rules is relatively small for most nets, and reduction rules can usuallybe used only as an a priori step that does not solve the problem of large RGs.The second approach to reducing the size of RGs is to perform the reduction at the levelof reachable markings. Such an approach requires a compositional state-space generationsuch that generation and reduction can be interleaved. Different techniques exploiting thisidea exist. The usual way is to define the complete PN as a collection of interacting components.Usually, component RGs are much smaller than the complete RG. Thus, RGsfor the components are generated efficiently and are reduced according to some reductionrules that preserve relevant properties. Subsequently, reduced component state spaces arecomposed. In , complete component RGs are first generated and then combined andreduced such that important properties like deadlocks or boundedness are preserved. In ,a compositional analysis method for place-bordered subnets is presented. It is also based onthe interleaving of composition and behavior-preserving reduction. Usually the reductionstep is based on an equivalence definition at the state transition level. Various equivalencerelations that have been defined in the context of process algebras can often also be used foranalyzing Petri nets that were generated by composition of components. In , a softwaretool is introduced that uses a process algebra description and incorporates several differentequivalences. For an overview of equivalence notions in the context of Petri nets, we refer to. The general problem of equivalence-based reductions is that the selection of a suitableequivalence has to reflect the properties of interest, and a compositional structure must beknown.