**2. A schematic description of time dependent systems**

Petri Nets are an abstract formal model for describing and studying information processing systems that are characterized as being concurrent, asynchronous, distributed, parallel, non-deterministic and/or stochastic [31]. Since its creation the formalism has been extended by practitioners and theoreticians for dealing with complex systems attached to many application fields. One of those important extensions were proposed to deal with timed systems.

Among several proposed extensions to deal with time we detach two basic models: Ranchamdani's *Timed Petri nets* [34] and Merlin *Time Petri nets* [30]. These two temporal Petri net models are included in t-time nets because time inscriptions are always associated to transitions. Other time extensions have been published including some approaches where time is associated to places or even to both places and arcs (see [13] for a survey).

Formally, Petri Nets can defined as:

<sup>2</sup> Some authors also include another possibility where time is associated to the arcs, that is, to a pair (*x*, *y*) where *x*, *y* ∈ *X* = *S* ⊆ *T* where *S* and *T* denotes the set of places and transitions, respectively.

Definition 1. [Petri Net] A Petri net structure is a directed weighted bipartite graph

$$N = (P, T, A, w)$$

where

2 Will-be-set-by-IN-TECH

other processes can use this approach to represent processes in a more realistic way. It is also true tat even with a simple approach a strong representation power can be derived, including the possibility to make some direct performance analysis [29][42]. This is called a time slice or a time interval approach. In general, this augmented nets with time delay (P-time, T-time or

There are also cases where it is necessary to use more than time delays. In such cases the time is among the variables that describes the state (a set of places in Petri Nets). Notice that raising the number of variables that characterize a state would make untreatable the enumeration of a net state space. Therefore, a more direct approach is adopted, where each transition is associated to a time interval *tmin* and *tmax* where the first would stand for the minimal waiting time since the enabling until a firing can occur. Similarly, *tmax* stands for the maximum waiting

If the time used in the model is a real number, then we call that a Time Petri Net. It should be also noticed that if *tmin* = *tmax* the situation is reduced to the previous one where a deterministic time interval is associated to a transition. Thus, Time Petri Net is the more general model which can be used to model real time systems in several work domains, from

In this chapter we focus in the timed systems and its application which are briefly described in section 2. In section 3 we will present a perspective and demand for a framework to model, analysis and simulation of timed (and time) systems mentioning the open discussion about algorithms and approaches to represent the state space. That discussion will be oriented by the recent advances to establish a standard to Petri Nets in general that includes Timed and Time Petri Nets as a extension. Such standard is presented in ISO/IEC 15.909 proposal launched for the first time in 2004. A short presentation of what could be a general formalization to Time

Petri Nets are an abstract formal model for describing and studying information processing systems that are characterized as being concurrent, asynchronous, distributed, parallel, non-deterministic and/or stochastic [31]. Since its creation the formalism has been extended by practitioners and theoreticians for dealing with complex systems attached to many application fields. One of those important extensions were proposed to deal with timed

Among several proposed extensions to deal with time we detach two basic models: Ranchamdani's *Timed Petri nets* [34] and Merlin *Time Petri nets* [30]. These two temporal Petri net models are included in t-time nets because time inscriptions are always associated to transitions. Other time extensions have been published including some approaches where

<sup>2</sup> Some authors also include another possibility where time is associated to the arcs, that is, to a pair (*x*, *y*) where

time is associated to places or even to both places and arcs (see [13] for a survey).

*x*, *y* ∈ *X* = *S* ⊆ *T* where *S* and *T* denotes the set of places and transitions, respectively.

even both) are called Timed Petri Nets2.

time allowed since enabling up to a firing.

systems.

Formally, Petri Nets can defined as:

electronic and mechatronic systems to logistic a business domains.

Petri Nets is done in section 4. Concluding remarks are in section 5.

**2. A schematic description of time dependent systems**

*P* is the finite set of places, *P* � ∅

*T* is the finite set of transitions, *T* � ∅

*A* ⊆ (*P* × *T*) ∪ (*T* × *P*) is the set of arcs from places to transitions and from transitions to places

*w* : *A* → {1, 2, 3, . . .} is the weight function on the arcs.

We will normally represent the set of places by *P* = {*p*1, *p*2,..., *pn*} and the set of transitions *T* = {*t*1, *t*2,..., *tm*} where |*P*| = *n* and |*T*| = *m* are the cardinality of the respective sets. A typical arc is of the form (*pi*, *tj*) or (*tj*, *pi*) according to arc direction, where its weight *w* is a positive integer greater than zero.

Definition 2. [Marked Petri Net] A marked Petri net is a five-tuple (*P*, *T*, *A*, *w*, *M*) where (*P*, *<sup>T</sup>*, *<sup>A</sup>*, *<sup>w</sup>*) is a Petri Net and *<sup>M</sup>* is a marking, defined as a mapping *<sup>M</sup>* : *<sup>P</sup>* <sup>→</sup> **<sup>N</sup>**<sup>+</sup>

Thus, a marking is a row vector with |*P*| elements. Figure 1 shows a possible marking for a simple Petri Net.

**Figure 1.** A marked Petri net and it respective marking vector M

The relational functions *Pre*, *Pos* : *P* × *T* → **N** are defined to obtain the number of tokens in places *pi*, *pj* which are preconditions or postconditions of a transition *t* ∈ *T*, that is, there exists arcs (*pi*, *t*),(*pj*, *t*) ∈ *A* for the *Pre* function or (*t*, *pi*),(*t*, *pj*) ∈ *A* for the *Pos* function. In Fig. 1 for instance we have *Pre*(*b*1, *a*3) = 1 and *Pos*(*b*3, *a*3) = 3.

Using Petri nets to model systems imply in associate net elements (places or transitions) to some components and actions of the modeled system, turning out in what is called "labeled" or "interpreted" nets. The evolution of marking in a labeled Petri nets describes the dynamic behavior of the modeled system.

We restrict the definition of Labeled Petri Net to associate labels only to events or actions similarly to the formalism of automata.

This formalism is sufficient to represent a great amount of dynamic discrete systems, based only in partial order sequence of transitions. However, "untimed"<sup>3</sup> Petri nets are not powerful enough to deal with performance evaluations, safety determination, or behavioral properties

Ramchandani's timed Petri nets were derived from Petri nets by associating a firing finite duration to each transition in the net. Timed Petri nets and related equivalent models have

*N* = (*P*, *T*, *A*, *w*, *M*0, *f*)

*<sup>f</sup>* : *<sup>T</sup>* <sup>→</sup> **<sup>R</sup>**<sup>+</sup> is a firing time function that assigns a positive real number to each transition

Therefore, the firing rule has to be modified in order to consider time elapses in the transition firing. If an enabled transition *tj* ∈ *enb*(*M*) then it will fire after *f*(*tj*) times units since it became enabled. The system state is not only determined by the net marking but also by a

Definition 7. [Clock State] The clock state is a pair (*M*, *V*), where *M* is a marking and *V* is a

For a clock state (*M*, *V*) and *t* ∈ *enb*(*M*), *V*(*t*) is the value of the clock associated with a

Definition 8. [New Enabled Transition] A transition *t* ∈ *T* is said new enabled, after firing

was not enabled at *M* or, if it was enabled at M, it is the former fired transition *tf* . Formally:

) the set of transitions new enabled at marking *M*�

The reachability graph of a timed Pedri net can be computed using the definition of firable

Definition 9. [Firable Transition] A transition *tf* ∈ *T* can fire in a marking *M* yielding a

)|*t* = *tf* ∨ ∃*p*, (*M*�

transition, that is, those transitions that can be fired in a certain marking.

<sup>3</sup> A Petri Net where there is no event depending directly or parametrically of the time

, if it is enabled at marking *M*� and it

Timed Petri Nets 363

.

(*p*) − *Pos*(*p*, *tf*)) ≤ *Pre*(*p*, *t*)}

transition *t*. The initial clock state is *s*<sup>0</sup> = (*M*0, *V*0) where *V*0(*t*) = *f*(*t*), ∀*t* ∈ *enb*(*M*0).

in systems where time appears as a quantifiable and continuous parameter.

been used mainly to performance evaluation [7].

(*P*, *T*, *A*, *w*, *M*0) is a marked Petri net

timer attached to every enabled transition in the net.

transition *tf* at marking *M* which leads to marking *M*�

) = {*t* ∈ *enb*(*M*�

clock valuation function, *<sup>V</sup>* : *enb*(*M*) <sup>→</sup> **<sup>R</sup>**<sup>+</sup>

*new*(*M*�

We denote as *new*(*M*�

*tf* ∈ *enb*(*M*)

*VM*(*tf*) ≤ *VM*(*ti*) ∀*ti* ∈ *enb*(*M*)

marking *M*� if:

where

on the net

Definition 6. [Timed Petri Net] A timed Petri net is a six-tuple

Definition 3. [Labeled Petri Net] A labeled Petri net is a seven-tuple

$$N = (P\_\prime T\_\prime A\_\prime w\_\prime E\_\prime l\_\prime M\_0)\_\prime$$

where

(*P*, *T*, *A*, *w*) is a Petri net structure *E* ⊆ **P**(*T*) , *E* �= ∅ *l* : *T* → *E* is the transition labeling function *<sup>M</sup>*<sup>0</sup> : *<sup>P</sup>* <sup>→</sup> **<sup>N</sup>**<sup>+</sup> is the initial state of the net

Labeled Petri Nets has been proved to be an efficient tool for the modeling, analysis and control of Discrete Event System (DES). Petri Nets is a good option to model these DES systems for wide set of applications, from manufacturing, traffic, batch chemical processes, to computer, communications, database and software systems [27]. From now on we shall refer to "labeled Petri nets" simply as "Petri nets".

The state transition mechanism in Petri nets is provided by moving tokens through the net and hence changing to a new state. When a transition is enabled, we say that it can fire or that it can occur.

Definition 4. [Enabled Transition] A transition *tj* ∈ *T* in a Petri net is said to be enabled if

$$\forall p \in P\_\prime \quad M(p) \ge \operatorname{Pre}(p, t\_{\vec{\rangle}})$$

In other words, a transition *tj* in the Petri net is enabled when the number of tokens in *p* is greater then or equal to the weight of the arc connecting *p* to *tj* , for all places *p* that are input to transition *tj*.

The set of all enabled transition at some marking *M* is defined as *enb*(*M*). In Fig. 1 only transitions *a*2, *a*4 and *a*5 are enabled, then *enb*(*M*) = {*a*2, *a*4, *a*5}.

Definition 5. [State Transition] A Petri net evolves from a marking M to a marking M' through the firing of a transition *tf* ∈ *T* only if *tf* ∈ *enb*(*M*). The new marking M' can be obtained by

$$\forall p \in P | (p, t\_f) \lor (t\_f, p) \in A, M'(p) = M(p) - Pre(p, t\_f) + Pos(p, t\_f)$$

The reachable markings in a Petri net can be computed using an algebraic equation. Two incidence matrices must be defined (*A*<sup>−</sup> for incoming arcs, and *A*<sup>+</sup> for outgoing arcs) and a firing vector *u* which is a (unimodular) row vector containing "1" in the corresponding position of the firing transition and "0" in all other positions.

The new marking can be obtained using the state equation:

$$M' = M + \mu(A^+ - A^-) \tag{1}$$

This formalism is sufficient to represent a great amount of dynamic discrete systems, based only in partial order sequence of transitions. However, "untimed"<sup>3</sup> Petri nets are not powerful enough to deal with performance evaluations, safety determination, or behavioral properties in systems where time appears as a quantifiable and continuous parameter.

Ramchandani's timed Petri nets were derived from Petri nets by associating a firing finite duration to each transition in the net. Timed Petri nets and related equivalent models have been used mainly to performance evaluation [7].

Definition 6. [Timed Petri Net] A timed Petri net is a six-tuple

$$N = (P\_{\prime}T\_{\prime}A\_{\prime}w\_{\prime}M\_{0\prime}f)^{\prime}$$

where

4 Will-be-set-by-IN-TECH

We restrict the definition of Labeled Petri Net to associate labels only to events or actions

*N* = (*P*, *T*, *A*, *w*, *E*, *l*, *M*0)

Labeled Petri Nets has been proved to be an efficient tool for the modeling, analysis and control of Discrete Event System (DES). Petri Nets is a good option to model these DES systems for wide set of applications, from manufacturing, traffic, batch chemical processes, to computer, communications, database and software systems [27]. From now on we shall

The state transition mechanism in Petri nets is provided by moving tokens through the net and hence changing to a new state. When a transition is enabled, we say that it can fire or that

∀*p* ∈ *P*, *M*(*p*) ≥ *Pre*(*p*, *tj*)

In other words, a transition *tj* in the Petri net is enabled when the number of tokens in *p* is greater then or equal to the weight of the arc connecting *p* to *tj* , for all places *p* that are input

The set of all enabled transition at some marking *M* is defined as *enb*(*M*). In Fig. 1 only

Definition 5. [State Transition] A Petri net evolves from a marking M to a marking M' through the firing of a transition *tf* ∈ *T* only if *tf* ∈ *enb*(*M*). The new marking M' can be obtained by

The reachable markings in a Petri net can be computed using an algebraic equation. Two incidence matrices must be defined (*A*<sup>−</sup> for incoming arcs, and *A*<sup>+</sup> for outgoing arcs) and a firing vector *u* which is a (unimodular) row vector containing "1" in the corresponding

(*p*) = *M*(*p*) − *Pre*(*p*, *tf*) + *Pos*(*p*, *tf*)

*<sup>M</sup>*� <sup>=</sup> *<sup>M</sup>* <sup>+</sup> *<sup>u</sup>*(*A*<sup>+</sup> <sup>−</sup> *<sup>A</sup>*−) (1)

transitions *a*2, *a*4 and *a*5 are enabled, then *enb*(*M*) = {*a*2, *a*4, *a*5}.

∀*p* ∈ *P*|(*p*, *tf*) ∨ (*tf* , *p*) ∈ *A*, *M*�

position of the firing transition and "0" in all other positions. The new marking can be obtained using the state equation:

Definition 4. [Enabled Transition] A transition *tj* ∈ *T* in a Petri net is said to be enabled if

Definition 3. [Labeled Petri Net] A labeled Petri net is a seven-tuple

similarly to the formalism of automata.

(*P*, *T*, *A*, *w*) is a Petri net structure

*l* : *T* → *E* is the transition labeling function *<sup>M</sup>*<sup>0</sup> : *<sup>P</sup>* <sup>→</sup> **<sup>N</sup>**<sup>+</sup> is the initial state of the net

refer to "labeled Petri nets" simply as "Petri nets".

*E* ⊆ **P**(*T*) , *E* �= ∅

where

it can occur.

to transition *tj*.

(*P*, *T*, *A*, *w*, *M*0) is a marked Petri net

*<sup>f</sup>* : *<sup>T</sup>* <sup>→</sup> **<sup>R</sup>**<sup>+</sup> is a firing time function that assigns a positive real number to each transition on the net

Therefore, the firing rule has to be modified in order to consider time elapses in the transition firing. If an enabled transition *tj* ∈ *enb*(*M*) then it will fire after *f*(*tj*) times units since it became enabled. The system state is not only determined by the net marking but also by a timer attached to every enabled transition in the net.

Definition 7. [Clock State] The clock state is a pair (*M*, *V*), where *M* is a marking and *V* is a clock valuation function, *<sup>V</sup>* : *enb*(*M*) <sup>→</sup> **<sup>R</sup>**<sup>+</sup>

For a clock state (*M*, *V*) and *t* ∈ *enb*(*M*), *V*(*t*) is the value of the clock associated with a transition *t*. The initial clock state is *s*<sup>0</sup> = (*M*0, *V*0) where *V*0(*t*) = *f*(*t*), ∀*t* ∈ *enb*(*M*0).

Definition 8. [New Enabled Transition] A transition *t* ∈ *T* is said new enabled, after firing transition *tf* at marking *M* which leads to marking *M*� , if it is enabled at marking *M*� and it was not enabled at *M* or, if it was enabled at M, it is the former fired transition *tf* . Formally:

$$new(M') = \{ t \in emb(M') | t = t\_f \lor \exists p, \ (M'(p) - Pos(p, t\_f)) \le Pre(p, t) \}$$

We denote as *new*(*M*� ) the set of transitions new enabled at marking *M*� .

The reachability graph of a timed Pedri net can be computed using the definition of firable transition, that is, those transitions that can be fired in a certain marking.

Definition 9. [Firable Transition] A transition *tf* ∈ *T* can fire in a marking *M* yielding a marking *M*� if:

$$\begin{aligned} t\_f &\in emb(M) \\ V\_M(t\_f) &\le V\_M(t\_i) \; \forall t\_i \in emb(M) \end{aligned}$$

<sup>3</sup> A Petri Net where there is no event depending directly or parametrically of the time

We denote as Υ(*M*) the set of transitions firable at a marking *M*. Assuming that the firing of transition *tf* leads to a new marking *M*� , we denote it as (*M*, *VM*) *<sup>τ</sup>* −→ (*M*� , *VM*�) where *τ* = *VM*(*tf*) is the time elapsed in state transition, M' is computed using equation 1 and *VM*� is computed as follows:

Time Petri nets then can model systems in which events has non-deterministic durations. State transitions in that kind of systems may occur not in an exact time but in some time interval.

*N* = (*P*, *T*, *A*, *w*, *M*0, *I*)

*<sup>I</sup>* : *<sup>T</sup>* → {**R**+, **<sup>R</sup>**<sup>+</sup> ∪ {∞}} associates with each transition t an interval [<sup>↓</sup> *<sup>I</sup>*(*t*), <sup>↑</sup> *<sup>I</sup>*(*t*)] called its static firing interval. The bounds of the time interval are also known as EFT

The enabling condition remains the same as in the timed Petri Net but the firing rule must be redefined. The possibility to fire in a time interval rather than an exact time lead to the existence of infinite clock states. Then, even for bounded Petri nets the state space will be infinite, turning intractable any analysis technique based on that model formalism. To overcome this problem, Berthomieu and Menasche [7] proposed a new definition for state.

Real-time systems are examples of this kind of system.

(*P*, *T*, *A*, *w*, *M*0) is a marked Petri net

and LFT respectively.

*M* is a marking

(*M*, *V*) ∈ (*M*�

(*M*� , *θ*� )"

in state (*M*, *θ*), it is firable at time *τ* + *λ* iff:

*tf* ∈ *enb*(*M*) : *tf* is enabled at (*M*, *θ*). ∀*ti* ∈ *enb*(*M*), ↓ *tf* ≤ *λ* ≤ *min*(↑ *ti*)

where

Definition 10. [Time Petri Net] A time Petri net is a six-tuple

Definition 11. [Interval State] A state in a TPN is a pair (*M*, *θ*) where

*<sup>θ</sup>* is a firing interval function *<sup>θ</sup>* : *enb*(*M*) → {**R**+, **<sup>R</sup>**<sup>+</sup> ∪ {∞}}.

infinite clock states into one interval state satisfying the condition:

, *θ*) iff (*M* = *M*�

The firing interval associated with transition *t* ∈ *enb*(*M*) is *θ*(*t*)=[↓ *θ*(*t*), ↑ *θ*(*t*)].

build system state space based on the state class approach [6, 9, 11, 17, 22, 44].

We denote as <sup>Υ</sup>(*s*) the set of transitions firable at state *<sup>s</sup>* = (*M*, *<sup>θ</sup>*) and as (*M*, *<sup>θ</sup>*) *tf* ,*<sup>λ</sup>*

Using that approach, a bounded TPN yields a finite number of states [6]. Note that each Interval state contains infinite clock states, then the new state definition allow us to group

An enumerative analysis technique was introduced in [7] based in what is called "state classes". An algorithm for enumeration of these state classes was proposed for bounded TPNs and then used to the analysis of system. Since then, many algorithm has been proposed to

Definition 12. [Firable Transition] Assuming that transition *tf* ∈ *T* becomes enabled at time *τ*

the behavior "transition *tf* is firable from state (*M*, *θ*) at time *λ* and its firing leads to state

) ∧ ∀*t* ∈ *enb*(*M*), ↓ *θ*(*t*) ≤ *f*(*t*) − *V*(*t*) ≤↑ *θ*(*t*)

−→ (*M*�

, *θ*� )

Timed Petri Nets 365

$$V\_{M'} = \begin{cases} \displaystyle f(t) & \text{se } t \in new(M');\\ V\_M(t) - \tau & \text{se } t \in emb(M') \text{ } new(M'); \end{cases}$$

The reachability tree can be built including all feasible firing sequences of the timed Petri net. Notice that in *M*<sup>0</sup> all transition are new enabled, *enb*(*M*0) = *new*(*M*0). However, finite reachability trees can be built only for bounded Petri nets (see bounded property in [31], and an equivalent result for Time Petri in [6]).

Paths or runs in a reachability tree are sequences of state transitions in a timed Petri net. Then, the time elapsed in some path can be computed as the summation of all the elapsed times in the firing schedule. If a path *ω* = *s*<sup>0</sup> *<sup>τ</sup>*<sup>1</sup> −→ *<sup>s</sup>*<sup>1</sup> *<sup>τ</sup>*<sup>2</sup> −→ *<sup>s</sup>*<sup>2</sup> *<sup>τ</sup>*<sup>3</sup> −→ *<sup>s</sup>*<sup>3</sup> exists, then the time elapsed between states *s*<sup>0</sup> and *s*<sup>3</sup> is *τ* = *τ*<sup>1</sup> + *τ*<sup>2</sup> + *τ*3.

The reachabitity tree approach has been successfully used in communication protocols validation and in performance analyses [38, 45]. Moreover, these tests require known computation times for the tasks (often referred by WCET as "Worst Case Execution Time") or process durations. Besides the difficulty to measure or estimate such times, taking into consideration a deterministic time (even in the longest path) does not lead necessarily to the worst case [36].

More realistic analysis can be done on communication protocols using Merlin approach, since some network time durations or even software routines cannot be completed always in the same time [6, 30].

Merlin defined Time Petri Nets (TPN) as nets with a time interval associated to each transition. Assuming that a time interval [*a*, *<sup>b</sup>*] (*a*, *<sup>b</sup>* <sup>∈</sup> **<sup>R</sup>**+) is associated with a transition *ti*, and that such transition has been enabled at a marking *Mi* and is being continuously enabled since then in all successive markings *Mi*+1,..., *Mi*<sup>+</sup>*k*, we define:


Times *a* and *b* for transition *ti* are relative to the moment in which transition *ti* became last enabled. If transition *ti* became enabled at time *τ*, and remains continuously enabled at *τ* + *a* then it can be fired. After time *τ* + *a*, transition *ti* can remains continuously enabled without fire until *τ* + *b*, in which it must be fired. Note that transitions with time intervals [0, ∞] correspond to the classical "untimed" (no deterministic) Petri net behavior.

The firing semantic described here is called "strong semantic". There also exists a called "weak semantic" in which transitions must not necessarily be fired at its LFT, and after that time it can no longer be fired [35]. In this chapter we will used the strong semantic.

Time Petri nets then can model systems in which events has non-deterministic durations. State transitions in that kind of systems may occur not in an exact time but in some time interval. Real-time systems are examples of this kind of system.

Definition 10. [Time Petri Net] A time Petri net is a six-tuple

$$N = (P\_{\prime} \, T\_{\prime} \, A\_{\prime} \, w\_{\prime} \, M\_{0\prime} \, I)^{\prime}$$

where

6 Will-be-set-by-IN-TECH

We denote as Υ(*M*) the set of transitions firable at a marking *M*. Assuming that the firing

*τ* = *VM*(*tf*) is the time elapsed in state transition, M' is computed using equation 1 and *VM*�

*<sup>f</sup>*(*t*) se *<sup>t</sup>* <sup>∈</sup> *new*(*M*�

*VM*(*t*) − *τ* se *t* ∈ *enb*(*M*�

The reachability tree can be built including all feasible firing sequences of the timed Petri net. Notice that in *M*<sup>0</sup> all transition are new enabled, *enb*(*M*0) = *new*(*M*0). However, finite reachability trees can be built only for bounded Petri nets (see bounded property in [31], and

Paths or runs in a reachability tree are sequences of state transitions in a timed Petri net. Then, the time elapsed in some path can be computed as the summation of all the elapsed times

The reachabitity tree approach has been successfully used in communication protocols validation and in performance analyses [38, 45]. Moreover, these tests require known computation times for the tasks (often referred by WCET as "Worst Case Execution Time") or process durations. Besides the difficulty to measure or estimate such times, taking into consideration a deterministic time (even in the longest path) does not lead necessarily to the

More realistic analysis can be done on communication protocols using Merlin approach, since some network time durations or even software routines cannot be completed always in the

Merlin defined Time Petri Nets (TPN) as nets with a time interval associated to each transition. Assuming that a time interval [*a*, *<sup>b</sup>*] (*a*, *<sup>b</sup>* <sup>∈</sup> **<sup>R</sup>**+) is associated with a transition *ti*, and that such transition has been enabled at a marking *Mi* and is being continuously enabled since then in

**-** a (0 ≤ *a*), as the minimal time that transition *ti* must remain continuously enabled, until it

**-** b (0 ≤ *b* ≤ ∞), as the maximum time that transition can remain continuously enabled

Times *a* and *b* for transition *ti* are relative to the moment in which transition *ti* became last enabled. If transition *ti* became enabled at time *τ*, and remains continuously enabled at *τ* + *a* then it can be fired. After time *τ* + *a*, transition *ti* can remains continuously enabled without fire until *τ* + *b*, in which it must be fired. Note that transitions with time intervals [0, ∞]

The firing semantic described here is called "strong semantic". There also exists a called "weak semantic" in which transitions must not necessarily be fired at its LFT, and after that time it

*<sup>τ</sup>*<sup>2</sup> −→ *<sup>s</sup>*<sup>2</sup>

*<sup>τ</sup>*<sup>1</sup> −→ *<sup>s</sup>*<sup>1</sup>

, we denote it as (*M*, *VM*) *<sup>τ</sup>* −→ (*M*�

) \ *new*(*M*�

)

*<sup>τ</sup>*<sup>3</sup> −→ *<sup>s</sup>*<sup>3</sup> exists, then the time elapsed

);

, *VM*�) where

of transition *tf* leads to a new marking *M*�

an equivalent result for Time Petri in [6]).

in the firing schedule. If a path *ω* = *s*<sup>0</sup>

between states *s*<sup>0</sup> and *s*<sup>3</sup> is *τ* = *τ*<sup>1</sup> + *τ*<sup>2</sup> + *τ*3.

all successive markings *Mi*+1,..., *Mi*<sup>+</sup>*k*, we define:

can fire. This time is also known as Early Firing Time (EFT)

without fire. This time is also known as Latest Firing Time (LFT)

correspond to the classical "untimed" (no deterministic) Petri net behavior.

can no longer be fired [35]. In this chapter we will used the strong semantic.

*VM*� =

is computed as follows:

worst case [36].

same time [6, 30].

(*P*, *T*, *A*, *w*, *M*0) is a marked Petri net

*<sup>I</sup>* : *<sup>T</sup>* → {**R**+, **<sup>R</sup>**<sup>+</sup> ∪ {∞}} associates with each transition t an interval [<sup>↓</sup> *<sup>I</sup>*(*t*), <sup>↑</sup> *<sup>I</sup>*(*t*)] called its static firing interval. The bounds of the time interval are also known as EFT and LFT respectively.

The enabling condition remains the same as in the timed Petri Net but the firing rule must be redefined. The possibility to fire in a time interval rather than an exact time lead to the existence of infinite clock states. Then, even for bounded Petri nets the state space will be infinite, turning intractable any analysis technique based on that model formalism. To overcome this problem, Berthomieu and Menasche [7] proposed a new definition for state.

Definition 11. [Interval State] A state in a TPN is a pair (*M*, *θ*) where

*M* is a marking

*<sup>θ</sup>* is a firing interval function *<sup>θ</sup>* : *enb*(*M*) → {**R**+, **<sup>R</sup>**<sup>+</sup> ∪ {∞}}.

The firing interval associated with transition *t* ∈ *enb*(*M*) is *θ*(*t*)=[↓ *θ*(*t*), ↑ *θ*(*t*)].

Using that approach, a bounded TPN yields a finite number of states [6]. Note that each Interval state contains infinite clock states, then the new state definition allow us to group infinite clock states into one interval state satisfying the condition:

$$(M, V) \in (M', \theta) \text{ iff } (M = M') \land \forall t \in \text{en} \\ b(M), \downarrow \theta(t) \le f(t) - V(t) \le \uparrow \theta(t)$$

An enumerative analysis technique was introduced in [7] based in what is called "state classes". An algorithm for enumeration of these state classes was proposed for bounded TPNs and then used to the analysis of system. Since then, many algorithm has been proposed to build system state space based on the state class approach [6, 9, 11, 17, 22, 44].

Definition 12. [Firable Transition] Assuming that transition *tf* ∈ *T* becomes enabled at time *τ* in state (*M*, *θ*), it is firable at time *τ* + *λ* iff:

$$\begin{aligned} t\_f \in emb(M) &: t\_f \text{ is enabled at } (M, \theta). \\ \forall t\_i \in emb(M), &\downarrow t\_f \le \lambda \le \min(\uparrow t\_i) \end{aligned}$$

We denote as <sup>Υ</sup>(*s*) the set of transitions firable at state *<sup>s</sup>* = (*M*, *<sup>θ</sup>*) and as (*M*, *<sup>θ</sup>*) *tf* ,*<sup>λ</sup>* −→ (*M*� , *θ*� ) the behavior "transition *tf* is firable from state (*M*, *θ*) at time *λ* and its firing leads to state (*M*� , *θ*� )"

The first condition is the usual one for Petri nets and the second results from the necessity of firing transitions according to their firing interval. According to the second condition, a transition *tf* , enabled by a marking *M* at absolute time *τ*, could be fired at the firing time *λ* iff *λ* is not smaller than the EFT of *tf* and not greater than the smallest of the LFT's of all the transitions enabled by marking *M*.

used to modeling and to a formal verification of real-time systems with success. Some tools as KRONOS [16] and UPPAAL [28] are available for such purposes. The state space yielded using Timed Automaton with guards is quite similar of that of TPN regarding the differences

Timed Petri Nets 367

In spite of the great theoretical importance and applicability of Time (or Timed) Petri Nets the PN theory was develop since the early 60's in different directions, always seeking for a way to face combinatorial explosion or to approximate to Fuzzy Logic or object-oriented systems. Several extensions were developed to fit practical applications or to attend the need to treat a new class of distributed systems, such as real-time systems. The new century started with a good amount of work published in this area but also with some confusion about concepts and representations. On the other hand, the raising complexity of distributed systems demanded a unified approach that could handle from abstract models down to the split of these general schemas in programs addressed to specific devices. In fact, integrated and flexible systems

A ISO/IEC project were launched in the beginning of this century to provide a standard to Petri Nets: the ISO/IEC 15909. Briefly, this project consists of three phases, where the first one defined P/T nets and High Level Nets in a complementary view, that is, taken P/T nets as a reduced set of the High Level Nets (HLPNs) when we reduce the color set to only one type. That is equivalent to unfold the net. Therefore, the proposed standard provides a comprehensive documentation of the terminology, the semantical model and graphic notations for High-level Petri nets. It also describes different conformance levels. Technically, the part 1 of the standard provides mathematical definitions of High-level Petri Nets, called semantic model, and a graphical form, known as High-level Petri Net Graphs

Similarly to other situations where advances in technology and engineering demands a standardization, the introduction of a Petri Net standard also put in check the capacity of exchanging models among different modeling environments and tools. Thus, a Petri Net Markup Language (PNML) was introduced as an interchange format for the Petri nets defined in part 1 of the standard [25]. That composes the Part 2 of the standard and was published in February 2011, after a great amount of discussion, defining a transfer format to support the exchange of High-level Petri Nets among different tool environments [24]. The standard defined also a transfer syntax for High-level Petri Net Graphs and its subclasses defined in the first part of the standard, capturing the essence of all kinds of colored, high-level and classic

Part 3 is of the standard is devoted to Petri nets extensions, including hierarchies, time and stochastic nets, and is still being discussed, with a estimated time to be launched in 2013. The main requirement is that extensions be built upon developments over the core model, providing a structured and sound description. That also would allow user defined extensions based on built-in extensions and would reduce the profusion of nets attached to application

on their constructions.

depend on that capacity.

Petri nets.

**3. Towards a unified PN system framework**

(HLPNGs), as well as its mapping to the semantic model [23, 24].

domains. At least two main advantages would come out from that:

Each firable transition will have its own time interval in which it can be fired. That time depends of its EFT and of the time elapsed since it became last enabled, and of the time in which the rest of the the enabled transitions will reach its LFTs, also according to the time elapsed since each one became last enabled.

Definition 13. [State Class] A state class is a pair *C* = (*M*, *D*) where:


The state class marking is shared by all states in the class and the firing domain is defined as the union of the firing domains of all the states in the class. The domain *D* is a conjunction of atomic constraints of the form (*t* − *t* � ≺ *c*), (*t* ≺ *c*) or (−*t* ≺ *c*), where *c* ∈ **R** ∪ {∞, −∞}, ≺∈ {=, ≤, ≥} and *t*, *t* � ∈ *T*.

The domain of *D* is therefore convex and has a unique canonical form defined by:

$$\bigwedge\_{(t,t')\in emb(M)^2} t - t' \le \operatorname{Supp}\_D(t - t') \land \bigwedge\_{(t\in emb(M))} t \le \operatorname{Supp}\_D(t) \land -t \le \operatorname{Supp}\_D(-t)$$

where *SupD*(*t* − *t* � ), *SupD*(*t*), and *SupD*(−*t*) are respectively the supremum of *t* − *t* � , *t*, and −*t* in the domain of *D*.

In [12] was proposed an implementation for the firing rule, which directly computes the canonical form of each reachable state class in *O*(*n*2). The firing sequences beginning at some state *si* has the form:

$$
\omega = s\_{\mathbf{i}} \stackrel{t\_1[l\_{l+1}\mu\_{l+1}]}{\longrightarrow} s\_{\mathbf{i}+1} \stackrel{t\_2[l\_{l+2}\mu\_{l+2}]}{\longrightarrow} s\_{\mathbf{i}+2} \dots s\_{\mathbf{i}+n-1} \stackrel{t\_{\mathbf{i}}[l\_{l+n}\mu\_{l+n}]}{\longrightarrow} s\_{\mathbf{i}+n} \tag{2}
$$

where the intervals [*ln*, *un*] for each *tn* are respectively the minimum and maximum time in which the transition can fire.

Once the state space is built, different verifications can be done, including model-checking techniques which determine if some temporal formulas are true or false over the state space. There are severals tools that use such approach [8, 17, 20, 21, 44].

In the special case where EFT and LFT has the same value, the behavior of the TPN reproduce the one of timed Petri Nets. Note that in paths over the graph which is built using the timed Petri net firing rule, the elapsed time in state transitions is fixed while in the TPN it is a time interval. In timed Petri nets states are clock states while in TPN they are interval states or state classes that contain infinite clock states.

The Timed Automaton (TA) with guards [3] is an automaton to which is adjoined a set of continuous variables whose dynamical evolution is time-driven. This formalism has been used to modeling and to a formal verification of real-time systems with success. Some tools as KRONOS [16] and UPPAAL [28] are available for such purposes. The state space yielded using Timed Automaton with guards is quite similar of that of TPN regarding the differences on their constructions.
