S-invariant

Methods for the specification andverification of business processesMPB (6 cfu, 295AA)Roberto Brunihttp://www.di.unipi.it/~bruni10 - Invariants1sabato 9 aprile 2011

ObjectWe introduce two relevant kinds of **invariant**s forPetri nets2sabato 9 aprile 2011

Puzzle time: tiling achessboard with dominoes31 dominoes64-2 = 62cellssabato 9 aprile 20113

Puzzle time: tiling achessboard with dominoes31 dominoes64-2 = 62cellssabato 9 aprile 20114

Puzzle time: tiling achessboard with dominoes31 dominoes64-2 = 62cellssabato 9 aprile 20115

InvariantAn **invariant** of a dynamic system is an assertionthat holds at every reachable stateExamples:liveness of a transition tdeadlock freedomboundedness6sabato 9 aprile 2011

Why **invariant**s?Can be calculated efficiently(polynomial time for a basis)Independent of initial markingHowever, the main reason is didactical!You only truly understand a model if you thinkabout it in terms of **invariant**s!7sabato 9 aprile 2011

Structural **invariant**sIn the case of Petri nets, it is possible to computecertain vectors of rational numbers (*)(directly from the structure of the net)(independently from the initial marking)which induces nice **invariant**s, calledS-**invariant**T-**invariant**(*) it is not necessary to consider real-valued solutions, because incidence matrices only have integer entriessabato 9 aprile 20118

S-**invariant**s9sabato 9 aprile 2011

S-**invariant**(aka place-**invariant**)Definition: An S-**invariant** of a net N=(P,T,F) is arational-valued solution x of the equationx · N = 010sabato 9 aprile 2011

Fundamental propertyof S-**invariant**sProposition: Let I be an **invariant** of N.For any M ∈ [ M 0 〉 we have I · M = I · M 0σSince M ∈ [ M 0 〉, there is σ s.t. M 0 −→ MBy the marking equation: M = M 0 + N · ⃗σTherefore: I · M = I · (M 0 + N · ⃗σ )= I · M 0 + I · N · ⃗σ= I · M 0 + 0 · ⃗σ11= I · M 0sabato 9 aprile 2011

Place-**invariant**,intuitivelyA place-**invariant** assigns a weight to each placesuch that the weighted token sum remainsconstant during any computation12sabato 9 aprile 2011

Traffic-lights example1red + 1red' - 1mutex = 1g+r'r+m+r'r+g'1mutex + 1green + 1green' + 1yellow + 1yellow' = 11red' + 1green' + 1yellow' = 1 +-+sabato 9 aprile 2011y+r'r+y'1red + 1green + 1yellow = 113

Alternative definitionof S-**invariant**Proposition:A mapping I : P → Q is an S-**invariant** of N iff for any t ∈ T :∑p∈•tI(p) = ∑ p∈t•I(p)14sabato 9 aprile 2011

ExerciseProve the proposition about the alternativecharacterization of S-**invariant**s15sabato 9 aprile 2011

Consequence ofalternative definitionVery useful in proving S-invariance!The check is possible without constructingthe incidence matrix16sabato 9 aprile 2011

ExercisesWhich of the following are S-**invariant**s?[ 1 0 1 ][ 0 1 1 ][ 1 1 1 ]∀t ∈ T,∑p∈•tI(p) ? = ∑ p∈t•17I(p)[ 1 1 2 ][ 1 2 1 ]sabato 9 aprile 2011

ExercisesWhich of the following are S-**invariant**s?m w c ][ 1 1 -1 ][ 1 0 1 ][ 0 1 1 ][ 1 1 1 ][ 1 -1 0 ][ 1 1 2 ][ 1 2 2 ]∑∀t ∈ T,18p∈•tI(p) ? = ∑ p∈t•I(p)sabato 9 aprile 2011

ExercisesDo S-**invariant**s depend on the initial marking?Can the two nets below have different S-**invariant**s?sabato 9 aprile 201119

ExercisesDefine two (linearly independent) S-**invariant**s foreach of the nets below20sabato 9 aprile 2011

S-**invariant**s and systempropertiessabato 9 aprile 201121

Semi-positiveS-**invariant**sThe S-**invariant** I is semi-positive if I > 0(i.e. I ≥ 0 and I ≠ 0)The support of I is: 〈I〉 = { p | I(p) > 0 }The S-**invariant** I is positive if I ≻ 0(i.e. I(p) > 0 for any place p ∈ P )(i.e. 〈I〉 = P )A (semi-positive) S-**invariant** whose coefficientsare all 0 and 1 is called uniform22sabato 9 aprile 2011

A sufficient conditionfor boundednessTheorem:If (P, T, F, M 0 ) has a positive S-**invariant** then it is boundedLet M ∈ [ M 0 〉 and let I be a positive S-**invariant**.Let p ∈ P . Then I(p)M(p) ≤ I · M = I · M 0Since I is positive, we can divide by I(p):M(p) ≤ (I · M 0 )/I(p)sabato 9 aprile 201123

Consequence ofprevious theoremBy exhibiting a positive S-**invariant** we can provethat the system is bounded for any initial markingsabato 9 aprile 201124

ExampleTo prove that the system is bounded we canjust exhibit a positive S-**invariant**I = [ 1 1 2 ]25sabato 9 aprile 2011

ExercisesFind a positive S-**invariant** for the net below26sabato 9 aprile 2011

A necessary conditionfor livenessTheorem:If (P, T, F, M 0 ) is live then for every semi-positive **invariant** I:Let p ∈〈I〉 and take any t ∈ •p ∪ p•.I · M 0 > 0By liveness, there are M, M ′ ∈ [ M 0 〉 with Mt−→ M ′Then, M(p) > 0 (if t ∈ p•) or M ′ (p) > 0 (if t ∈ •p)If M(p) > 0, then I · M ≥ I(p)M(p) > 0If M ′ (p) > 0, then I · M ′ ≥ I(p)M ′ (p) > 0In any case, I · M 0 = I · M = I · M ′ > 0sabato 9 aprile 201127

Consequence ofprevious theoremIf we find a semi-positive **invariant** such thatI · M 0 =0Then we can conclude that the system is not livesabato 9 aprile 201128

ExampleIt is immediate to check the counter-exampleI = [ 1 0 1 ]0 ] = 0[ 1 0 1 ] 1 = 00 ] = 029sabato 9 aprile 2011

Markings that agree onall S-**invariant**Definition: M and M’ agree on all S-**invariant**s iffor every S-**invariant** I we have I⋅M = I⋅M’Note: by properties of linear algebra, thiscorresponds to require that the equation on yM + N⋅y = M’ has some rational-valued solutionRemark: In general, there exist M and M’ that agreean all S-**invariant**s but such that none of them isreachable from the othersabato 9 aprile 201130

A necessary conditionfor reachabilityReachability is decidable, but EXPSPACE-hardS-**invariant**s provide a preliminary check that can becomputed efficientlyLet (P, T, F, M 0 ) be a system.If there is an S-**invariant** I s.t. I · M ≠ I · M 0 then M ∉ [ M 0 〉If the equation N·x = M −M 0 has no rational-valued solution, then M ∉ [ M 0 〉sabato 9 aprile 201131

S-**invariant**s: recapPositive S-**invariant**Unboundedness=> boundedness=> no positive S-**invariant**Semi-positive S-**invariant** I and liveness => I⋅M0 > 0Semi-positive S-**invariant** I and I⋅M0 = 0=> non-liveS-**invariant** I and M reachableS-**invariant** I and I⋅M ≠ I⋅M0=> I⋅M = I⋅M0=> M not reachable32sabato 9 aprile 2011

ExercisesCan you find a positive S-**invariant**?33sabato 9 aprile 2011

ExercisesProve that the system is not live by exhibiting asuitable S-**invariant**34sabato 9 aprile 2011

T-**invariant**s35sabato 9 aprile 2011

Dual reasoningThe S-**invariant**s of a net N are vectors satisfyingthe equationx · N = 0It seems natural to ask if we can find someinteresting properties also for the vectorssatisfying the equationN · y = 036sabato 9 aprile 2011

T-**invariant**(aka transition-**invariant**)Definition: A T-**invariant** of a net N=(P,T,F) is arational-valued solution y of the equationN · y = 0sabato 9 aprile 201137

Fundamental propertyof T-**invariant**sProposition: Let Mσ−→ M ′ .The Parikh vector ⃗σ is a T-**invariant** iff M ′ = M⇒) By the marking equation lemma M ′ = M + N · ⃗σSince ⃗σ is a T-**invariant** N · ⃗σ = 0, thus M ′ = M.⇐) If M σ−→ M, by the marking equation lemma M = M + N · ⃗σThus N · ⃗σ = M − M = 0 and ⃗σ is a T-**invariant**sabato 9 aprile 201138

ExampleAn easy-to-be-found T-**invariant**m d ][ 1 1 ]39sabato 9 aprile 2011

Transition-**invariant**,intuitivelyA transition-**invariant** assigns a number ofoccurrences to each transition such that anyoccurrence sequence comprising exactly thosetransitions leads to the same marking where it started(independently from the order of execution)sabato 9 aprile 201140

Alternative definitionof T-**invariant**Proposition:A mapping J : T → Q is a T-**invariant** of N iff for any p ∈ P :∑t∈•pJ(t) = ∑ t∈p•J(t)41sabato 9 aprile 2011

ExerciseWhich of the following are T-**invariant**s?t1 t2 t3 t4 t5 ][ 1 0 0 1 1 ][ 1 1 2 1 2 ][ 1 1 2 0 2 ][ 1 1 1 1 2 ][ 0 1 1 0 1 ]∀p ∈ P,∑t∈•pJ(t) ? = ∑ t∈p•J(t)42sabato 9 aprile 2011

T-**invariant**s and systempropertiessabato 9 aprile 201143

Reproduction lemmaLemma: Let (P, T, F, M 0 ) be a bounded system.σIf M 0 −→ for some infinite sequence σ, thenthere is a semi-positive T-**invariant** J such that 〈 J 〉⊆{ t | t ∈ σ }.tAssume σ = t 1 t 2 t 3 ... and M1 t0 −→2 tM1 −→3M2 −→ ...By boundedness: [ M 0 〉 is finite.sabato 9 aprile 2011By the pigeonhole principle, there are 0 ≤ i

Boundedness, livenessand positive T-**invariant**Theorem: If a bounded system is live,then it has a positive T-**invariant**By boundedness: [ M 0 〉 is finite and we let k = |[ M 0 〉|.σBy liveness: M10 −→ M1 with ⃗σ 1 (t) > 0 for any t ∈ TσSimilarly: M21 −→ M2 with ⃗σ 2 (t) > 0 for any t ∈ TσSimilarly: M1 σ0 −→2σM1 −→ M2 ... −→kMksabato 9 aprile 2011By the pigeonhole principle, there are 0 ≤ i 0 for any t ∈ T .45

Consequence ofprevious theoremEvery live and bounded system has:a reachable marking M andan occurrence sequence M −→ σMsuch that all transitions of N occur in σ.sabato 9 aprile 201146

ExercisesCan you prove that a system is live and bounded byexhibiting a positive T-**invariant**?Can you disprove that a system is live and boundedby showing that no positive T-**invariant** can be found?Can you prove that a live system is bounded byexhibiting a positive T-**invariant**?sabato 9 aprile 201147

ExerciseNotation: •S = ⋃ s∈S •sProve that every semi-positive **invariant**satisfies the equation•〈I〉 = 〈I〉•(the result holds for both S-**invariant** and T-**invariant**)sabato 9 aprile 2011(pre-sets of support equal post-sets of support)48