Finding Stubborn Sets of Coloured Petri Nets Without Unfolding
Theorem 4 The size of the equivalent PT-net PTN is a lower bound on the worst- worst-case time complexity of any algorithm that computes non-trivial stubborn sets (if they
exist) according to Def. 22, in all markings encountered during the SS state space construction of a CP-net CPN.
Proof. The argument preceeding the theorem demonstrated the existence of a CP-net and a markingµâ with two possible stubborn sets: either the stubborn set consists of the binding elements ODslßKj:¨QÝ[ñî^©=R where î&xòá plus some disabled binding elements, or the stubborn set contains all enabled binding elements. The latter is the trivial stubborn set, so the stubborn set construction algorithm should find the former set. But, depending on the history of the CP-net, á may be just any subset of f . Since ]f;]W[4 , the algorithm has to deliver at least bits to be able to unambiguously specify its answer. To do that it needsó5OD7R time. However, the CP-net is of constant size (or of sizeô O=õö¹÷Ê7R , if you want to charge the bits that are needed to specify ).
Since the size of the equivalent PT-net obtained by unfolding the CP-net in Fig. 11.1 is
ô(OD7R , constructing a non-trivial stubborn set requires at least time proportional to the
unfolding.
We are left with proving that any such algorithm for SS state space construction has to consider the markings µ·â for all possible choices of áñØf . It suffices to prove thatµâ is contained in the SS state space when choosing the stubborn sets with the fewest possible enabled binding elements, since choosing larger stubborn sets will only add markings to the SS state space. BecauseODsMtj:¨Q![î^©=R andODs¹j:¨Q>[î^©=R are
Receive all
Figure 11.2: CPN model of the data base system
in conflict for everyîËxGf it is relatively straightforward to check that every SS state space of the CP-net relying on Def. 22 contains the markingsµ â for alláØf . Î
It is worth observing that in the above construction it already takes bits to de-scribeµ·â , so the cost of unfolding is not a major factor of the total cost of state space construction for the CP-net in Fig. 11.1. Even so, the example demonstrates that the construction of non-trivial stubborn sets sometimes requires analysis at the level of unfolding.
11.4 Process-Partitioned CP-nets
In this section we explain our new method for computing stubborn sets of CP-nets.
The method is first explained in an informal way and then followed by the formal definitions. Before that, we introduce an example system used to clarify the definitions.
11.4.1 The Data Base Example System
The distributed data base system from [66], depicted in Fig. 11.2, is used as a running example throughout this and subsequent sections.
The CP-net describes the communication between a set of data base managers maintaining consistent copies of a data base in a distributed system. The states of the managers are modelled by the three placesWaiting(for acknowledgements),Inactive, andPerforming(an update requested by another manager). The managers are modelled by the colour set DBM [ù¹ú<tj«««¬jú
where is the number of managers. The messages in the system are modelled by the colour set MES. A message is a pair consisting of a sender and a receiver. In Fig. 11.2, the names DBM, E, andMES in italics positioned next to the places denote the colour sets of places. o denotes the colour set consisting of a single element¥ .
11.4. PROCESS-PARTITIONED CP-NETS 139 The actions of the managers are modelled by the four transitions. Update and Send Messages (SM)models a manager updating its copy of the data base and send-ing a message to every other manager, so that it can perform the same update on its copy.Receive a Message (RM)models a manager receiving a request for updating its copy of the data base, andSend an Acknowledgement (SA)models the sending of an acknowledgement message after a requested update has been performed. Receive all Acknowledgementsmodels the manager receiving the acknowledgements sent back by the other managers. To maintain consistency between the copies of the data base, the placePassiveensures mutual exclusion for updating the data base. Initially, all managers are onInactive and all messages are onUnused. This is shown by the ini-tial markingsMESandDBMpositioned next to the placesUnusedandInactive. The initial marking of placePassiveis the multi-set±tTU¥ . The initial markings of initially empty places are omitted in the figure.
11.4.2 Informal Explanation
For the construction of stubborn sets, we will distinguish one or more subnets of the CP-net which we will call process subnets. The process subnets may be connected to each other by sharing common border places, but are otherwise disjoint. Together the process subnets contain all the transitions and places of the CP-net. A process subnet models the states and actions of one or more processes that run the same program code.
The data base system has only one process subnet.
Each transition in the CP-net belongs to some unique process subnet. We require that each transition has a distinct variable, which, when bound in an occurrence of a binding element of that transition, identifies the process executing the action modelled by the transition. We will call this variable the process variable. In the data base system,SMandRAhave the process variables, whereasRMandSAhave the process variabler. This will allow us to make a disjoint partitioning of the binding elements of a transition according to the following definition.
Definition 23 Letq ¢Kû be the process variable of a transitions4xëk , and let w>x
£7¤<qv¥PODq
¢ û R. Thew -binding-class of t denoteds ¸q ¢ û [èwü is the following set of binding elements:¹ODsj§tRx´oë]¹§ODq
¢¹û
R[èw . Î
The term binding class will be used when the particular choice ofw is not important.
There are three types of places in process subnets: process places, local places and border places.
Process places are used to model the control flow of the processes. In the data base system the placesWaiting, Inactive, andPerforming are process places. Each token residing on such a place is assumed to have a colour which identifies the corresponding process, and is referred to as a process token. When we have a specific process in mind, identified by the colourw , we will talk about thew -process-token.
We assume that in any reachable marking there is exactly one w -process-token present in a given process subnet for a givenw . This corresponds to a process having only one point of control. Therefore, each transition has at least one input and at least one output process place (process place connected to an incoming / outgoing arc). The arc expressions should ensure that an occurrence of a binding element in
thew -binding-class of a transition removes exactly onew -process-token from its input process places, adds exactly onew -process-token to its output process places, and does not affectw T-process-tokens wherew T [w× . Because of this, a process token residing on a process place determines one binding class of each of its output transitions, namely thew -binding-class which can remove the process token. We will therefore talk about the corresponding binding classes of a process token residing on a process place.
For instance, in the initial marking of the data base system, the corresponding binding classes of the ú8 -process token on Inactive are: the ú8 -binding-class ofSM, that is,
_µ ¸F[èú8½Â; and theú< -binding-class ofRM, that is,ýµ ¸ [ú<üÂ.
Local places are used to model state information local to a process. Intuitively, a token residing on such a place can only be removed by a specific process, and a token added by one process cannot be removed by another process. In the data base system the local places in the process subnet are: Unused(which a data base manager uses to store unused messages) andReceived(which a data base manager uses to temporarily store a received message).
The border places connect the process subnets, and model asynchronous com-munication between processes, including comcom-munication between processes in the same process subnet. There are two kinds of border places: shared places and buffer places. A token residing on a shared place may be removed by several processes, whereas a token residing on a buffer place may only be removed by a specific process.
In the data base system, there are two buffer places:SentandAcknowledged, and one shared place:Passive.
11.4.3 Formal Definitions
We now present the formal definitions of the concepts informally introduced in the previous section. First we give the definition of a process subnet of a CP-net. An explanation of the individual parts of the definition is given below.
Definition 24 A process subnet is a tupleO=d e fËjerÇÿþWjeje þ je ajjeXjÊ ap:ú<R , where
1. de(f[O=i5jejlkjm¯jfjd5jn(jo jp8R is a CP-net.
2. erÇÿþ;ØÖe is a set of process places, eØÖe is a set of local places, and
e þ Øe is a set of border places such that:
erÇÿþºe~[èevÇÿþNe þ [íeºe þ [ä andeè[evÇ þÊ{Ne{Ne þ «
3. e Øèe þ is a set of buffer places.
4. Gxi is a common base colour set ofdODqvR for allqËxerÇÿþ+{Ne{Ne . 5. e is a function associating with each transition sxk a process variable
eODsR[;q
¢Kû
xÆu aODstR such that £Ê¤8qv¥PODq
¢Kû
R[ .
6. + ^p8ú [AÊ ap:úPǹÇ
JMÈ is a set of place weights with range such that forqx
erÇÿþ¯{,e~{e ^jÊ ap:úWÇ projects a multi-set over d ODqrR into a multi-set over
the common base colour set (cf. item 4) and maps any multi-set into the empty
11.4. PROCESS-PARTITIONED CP-NETS 141 multi-set on the remaining places in e . The colour Ê ap:úMǹO=wtR is the process identity of the token elementODqvjwtR .
7. In the initial marking there is exactly one token with a given colour in on the process places of the process subnet:
Ç
JÈ
Ê ap8úÇO=µº¶KODqrR=R[ (11.1)
8. The following equations hold for all transitionss~x k and§+xG´ODsR:
Ç
JMÈ
+ ^p8úǹO=oODqvjlstR¨D§t©=R+[
Ç
JÈ
Ê ap:úPÇWO=oODstjlqrR¨D§©=R+[±
T
O=§tODq
¢Kû
R=R (11.2)
Ì
q²xe{¦e Ê ap8úǹO=o ODqrjlstR¨D§t©=R=O=§tODq
¢Kû
R=R[ë]Ê ap:úǹO=oODqvjlsR¨D§©=R] (11.3)
Ì
q²xGe) Ê ap:úǹO=oODstjlqrR¨D§©=R=O=§tODq
¢Kû
R=R[ ]Ê ap:úPǹO=o ODsjlqvR¨D§t©=R] (11.4)
Î
In the definition above, item 1 to item 5 are rather straightforward. Item 6 defines the weights which are used to project out the process identity of tokens on the process, local, and buffer places of the process subnet. In the data base example, the common base colour set used to model the identity of the processes isDBM. The weight on the process placesWaiting,Inactive, andPerformingis the identity function on multi-sets.
On the local placeReceivedit is the projection into the second component. On the local placeUnusedit is the projection into the first component. This is also the weight on the buffer placeAcknowledged, because we required in Equation (11.3) of item 8 that each token in a buffer place has a unique process that may consume it, and that process is identified by the first component. On the buffer placeSentthe weight is the projection into the second component.
Item 7 expresses that a given process has only a single point of control. Notice that the colour set is interpreted as a multi-set in the equation.
Equation (11.2) in item 8 expresses that the occurrence of a binding element of a transition in the subnet removes exactly one token from the input process places of the transition, and adds exactly one token to the output process places of the transi-tion. Furthermore, the colour of the tokens removed and added matches the binding of the process variable of the transition. This equation ensures that in any reachable marking, the process places contain exactly one token of each process identity in . Equation (11.3) in item 8 expresses that a token residing on a local or buffer place of the subnet can only be removed by the occurrence of binding elements belonging tow -binding-classes of transitions in the subnet, wherew is the process identity of the token.
Similarly, Equation (11.4) expresses that tokens added to a local place by the occur-rence of a binding element get the process identity of the process that added them.
Together these imply that tokens in a local place are processed and tokens in a buffer place are consumed by one process only.
We now continue with the definition of corresponding binding classes. By Equa-tion (11.2) in Def. 24, for a token residing on a process place, they are those binding classes that contain binding elements which can potentially remove the token from the process place.
Definition 25 LetO=de(fËjerÇÿþWjeMje þ je ajjeXjÊ ap:ú<R be a process subnet. Let
qËxerÇÿþ . The corresponding binding classes of a token elementODqvjwtR denotedd´ODqvjwtR
ared´ODqrjwR =s ¸q ¢¹û [!Ê ap:úÇO=wtRDÂ~] s~x|5}sODqvR=¹« Î
We now define process partitioning of a CP-net, which divides a CP-net into a number of process subnets and ensures that these subnets are only allowed to share border places and are otherwise disjoint.