**3. Towards a unified PN system framework**

8 Will-be-set-by-IN-TECH

The first condition is the usual one for Petri nets and the second results from the necessity of firing transitions according to their firing interval. According to the second condition, a transition *tf* , enabled by a marking *M* at absolute time *τ*, could be fired at the firing time *λ* iff *λ* is not smaller than the EFT of *tf* and not greater than the smallest of the LFT's of all the

Each firable transition will have its own time interval in which it can be fired. That time depends of its EFT and of the time elapsed since it became last enabled, and of the time in which the rest of the the enabled transitions will reach its LFTs, also according to the time

The state class marking is shared by all states in the class and the firing domain is defined as the union of the firing domains of all the states in the class. The domain *D* is a conjunction

The domain of *D* is therefore convex and has a unique canonical form defined by:

�

) <sup>∧</sup>

In [12] was proposed an implementation for the firing rule, which directly computes the canonical form of each reachable state class in *O*(*n*2). The firing sequences beginning at some

where the intervals [*ln*, *un*] for each *tn* are respectively the minimum and maximum time in

Once the state space is built, different verifications can be done, including model-checking techniques which determine if some temporal formulas are true or false over the state space.

In the special case where EFT and LFT has the same value, the behavior of the TPN reproduce the one of timed Petri Nets. Note that in paths over the graph which is built using the timed Petri net firing rule, the elapsed time in state transitions is fixed while in the TPN it is a time interval. In timed Petri nets states are clock states while in TPN they are interval states or state

The Timed Automaton (TA) with guards [3] is an automaton to which is adjoined a set of continuous variables whose dynamical evolution is time-driven. This formalism has been

(*t*∈*enb*(*M*))

), *SupD*(*t*), and *SupD*(−*t*) are respectively the supremum of *t* − *t*

*<sup>t</sup>*2,[*li*+2,*ui*<sup>+</sup>2] −→ *si*<sup>+</sup><sup>2</sup> ...*si*<sup>+</sup>*n*−<sup>1</sup>

� ≺ *c*), (*t* ≺ *c*) or (−*t* ≺ *c*), where *c* ∈ **R** ∪ {∞, −∞},

*t* ≤ *SupD*(*t*) ∧ −*t* ≤ *SupD*(−*t*)

*tj*,[*li*<sup>+</sup>*n*,*ui*<sup>+</sup>*n*]

� , *t*, and

−→ *si*<sup>+</sup>*<sup>n</sup>* (2)

transitions enabled by marking *M*.

*M* is a marking;

≺∈ {=, ≤, ≥} and *t*, *t*

where *SupD*(*t* − *t*

−*t* in the domain of *D*.

state *si* has the form:

which the transition can fire.

 (*t*,*t*�)∈*enb*(*M*)<sup>2</sup>

elapsed since each one became last enabled.

*D* is the firing domain of the class.

� ∈ *T*.

*t* − *t*

of atomic constraints of the form (*t* − *t*

�

*ω* = *si*

classes that contain infinite clock states.

Definition 13. [State Class] A state class is a pair *C* = (*M*, *D*) where:

� ≤ *SupD*(*t* − *t*

*<sup>t</sup>*1,[*li*+1,*ui*<sup>+</sup>1] −→ *si*<sup>+</sup><sup>1</sup>

There are severals tools that use such approach [8, 17, 20, 21, 44].

In spite of the great theoretical importance and applicability of Time (or Timed) Petri Nets the PN theory was develop since the early 60's in different directions, always seeking for a way to face combinatorial explosion or to approximate to Fuzzy Logic or object-oriented systems. Several extensions were developed to fit practical applications or to attend the need to treat a new class of distributed systems, such as real-time systems. The new century started with a good amount of work published in this area but also with some confusion about concepts and representations. On the other hand, the raising complexity of distributed systems demanded a unified approach that could handle from abstract models down to the split of these general schemas in programs addressed to specific devices. In fact, integrated and flexible systems depend on that capacity.

A ISO/IEC project were launched in the beginning of this century to provide a standard to Petri Nets: the ISO/IEC 15909. Briefly, this project consists of three phases, where the first one defined P/T nets and High Level Nets in a complementary view, that is, taken P/T nets as a reduced set of the High Level Nets (HLPNs) when we reduce the color set to only one type. That is equivalent to unfold the net. Therefore, the proposed standard provides a comprehensive documentation of the terminology, the semantical model and graphic notations for High-level Petri nets. It also describes different conformance levels. Technically, the part 1 of the standard provides mathematical definitions of High-level Petri Nets, called semantic model, and a graphical form, known as High-level Petri Net Graphs (HLPNGs), as well as its mapping to the semantic model [23, 24].

Similarly to other situations where advances in technology and engineering demands a standardization, the introduction of a Petri Net standard also put in check the capacity of exchanging models among different modeling environments and tools. Thus, a Petri Net Markup Language (PNML) was introduced as an interchange format for the Petri nets defined in part 1 of the standard [25]. That composes the Part 2 of the standard and was published in February 2011, after a great amount of discussion, defining a transfer format to support the exchange of High-level Petri Nets among different tool environments [24]. The standard defined also a transfer syntax for High-level Petri Net Graphs and its subclasses defined in the first part of the standard, capturing the essence of all kinds of colored, high-level and classic Petri nets.

Part 3 is of the standard is devoted to Petri nets extensions, including hierarchies, time and stochastic nets, and is still being discussed, with a estimated time to be launched in 2013. The main requirement is that extensions be built upon developments over the core model, providing a structured and sound description. That also would allow user defined extensions based on built-in extensions and would reduce the profusion of nets attached to application domains. At least two main advantages would come out from that:


**Figure 2.** Graphic representation GHENeSys graphic elements.

**Figure 3.** Example of hierarchical proper elements or macro-boxes and macro-transitions.

• *L* = *B* ∪ *P*, are sets of places denoted by *Boxes* and *pseudo-boxes*;

• Π : (*B* ∪ *A*) → {0, 1} is a mapping that identifies the macro elements; • *<sup>C</sup>*<sup>0</sup> <sup>=</sup> {(*l*, *<sup>σ</sup>j*)|*<sup>l</sup>* <sup>∈</sup> *<sup>L</sup>*, *<sup>σ</sup><sup>j</sup>* <sup>∈</sup> *<sup>R</sup>*<sup>+</sup> <sup>|</sup>*l*| ≤ *<sup>K</sup>*(*l*)} is the marking of the initial state;

• *<sup>τ</sup>* : (*<sup>B</sup>* <sup>∪</sup> *<sup>A</sup>*) −→ {**R**+, **<sup>R</sup>**<sup>+</sup> ∪ {∞}} is a mapping that associates time intervals to each

Timed Petri Nets 369

As mentioned before the main advantage of GHENeSys is to facilitate the verification of requirements and restrictions in the modeling and design of distributed systems. Therefore the environment should be able to related the elements and verify the interpretation of

• *F* ⊆ (*L* × *A* → *N*) ∪ (*A* × *L* → *N*) is the flux relation;

**3.1. A simple example of verification with GHENeSys**

• *A* is a set of activities;

element of the net

• *<sup>K</sup>* : *<sup>L</sup>* <sup>→</sup> *<sup>N</sup>*<sup>+</sup> is a capacity function;

Thus, it is very important to insert Timed Petri Nets in the proper context of the net standard, and in the context of PN extensions. During the last years a design environment has been built, in parallel with our study of Timed nets and its application to the design of automated and real time systems: the General Hierarchical Enhanced Net System (GHENeSys), where timed Petri Nets were included in a complementary way. That is, the time definition - which could be a proposal to part 3 of the standard - is made associating to each transition (place) a time interval, as proposed by Merlin [30] to model dense time. In the special case of deterministic transition (place) time it suffices to make the interval collapse by making the extremes equal to the same constant. For the case of a deterministic time PN, this imply in modifying Definition 6 to have the mapping *<sup>f</sup>* : *<sup>T</sup>* → {**R**<sup>+</sup> <sup>×</sup> **<sup>R</sup>**<sup>+</sup> ∪ {∞}}.

Besides the time extension, GHENeSys is also a hierarchical, object-oriented net which has also the following extended elements:


The graphic representation of the elements followed the schema shown in the Fig. 2 bellow,

Since our focus in this work is time extensions we illustrate hierarchy with a simple example net shown in the Fig. 3 Notice that hierarchical elements are such that the border is composed of only place or transition elements and has a unique entrance element and a unique output element. Besides, we require that each hierarchical element be simply live, that is, there is at least one live path from the entrance to the output. This is called a proper element in the theory of structured systems.

Definition 14.[GHENeSys] GHENeSys is tuple *G* = (*L*, *A*, *F*, *K*, Π, *C*0, *τ*) where (*L*, *A*, *F*, *K*, Π) represents a net structure, *C*<sup>0</sup> is a set of multisets representing the initial marking, and *τ* is a function that maps time intervals to each element of the net.

**Figure 3.** Example of hierarchical proper elements or macro-boxes and macro-transitions.


10 Will-be-set-by-IN-TECH

• a simple, comprehensive and structured definition of PN which would make it easier the

• a wide range of possible applications will be using the same representation which facilitate

• the expansion of reusability to cases among different work domains, reinforcing the use of

• the extension of the use of Petri Nets beyond the modeling phase of design, including

Thus, it is very important to insert Timed Petri Nets in the proper context of the net standard, and in the context of PN extensions. During the last years a design environment has been built, in parallel with our study of Timed nets and its application to the design of automated and real time systems: the General Hierarchical Enhanced Net System (GHENeSys), where timed Petri Nets were included in a complementary way. That is, the time definition - which could be a proposal to part 3 of the standard - is made associating to each transition (place) a time interval, as proposed by Merlin [30] to model dense time. In the special case of deterministic transition (place) time it suffices to make the interval collapse by making the extremes equal to the same constant. For the case of a deterministic time PN, this imply in modifying Definition

Besides the time extension, GHENeSys is also a hierarchical, object-oriented net which has

• **Gates:** which stands for elements propagating only information and preserving the marking in its original place. It could be an enabling gate, that is, one that send information if is marked or an inhibitor gate, if propagates information when is not marked. Of course GHENeSys does not allow internal gates. Thus gates should have always an original place,

• **Pseudo-boxes:** denotes an observable condition that is not controlled by the modeled system. During the course of the modeling pseudo-boxes could also stand for control information external to the hierarchical components and could be collapsed when components are put together. Thus, pseudo-boxes must be considered in the structure

of the net but should not affect its properties or the rank of the incidence matrix.

The graphic representation of the elements followed the schema shown in the Fig. 2 bellow, Since our focus in this work is time extensions we illustrate hierarchy with a simple example net shown in the Fig. 3 Notice that hierarchical elements are such that the border is composed of only place or transition elements and has a unique entrance element and a unique output element. Besides, we require that each hierarchical element be simply live, that is, there is at least one live path from the entrance to the output. This is called a proper element in the

Definition 14.[GHENeSys] GHENeSys is tuple *G* = (*L*, *A*, *F*, *K*, Π, *C*0, *τ*) where (*L*, *A*, *F*, *K*, Π) represents a net structure, *C*<sup>0</sup> is a set of multisets representing the initial marking, and *τ* is a

modeling and design of distributed systems;

the re-use of modeling inside work domains;

6 to have the mapping *<sup>f</sup>* : *<sup>T</sup>* → {**R**<sup>+</sup> <sup>×</sup> **<sup>R</sup>**<sup>+</sup> ∪ {∞}}.

also the following extended elements:

a special place called pseudo-box.

theory of structured systems.

function that maps time intervals to each element of the net.

requirements analysis and validation.

PNs as a general schema;


#### **3.1. A simple example of verification with GHENeSys**

As mentioned before the main advantage of GHENeSys is to facilitate the verification of requirements and restrictions in the modeling and design of distributed systems. Therefore the environment should be able to related the elements and verify the interpretation of formulas that could involve deterministic time (explicitly or not). In the simple example that follow we show how this verification is performed in the GHENeSys system.

Besides the illustration of the use of deterministic time and the GHENeSys net, the example also shows a method adopted to the modeling with Petri Nets, which is based on eliciting requirements in UML and then (if the target is a dynamic system) transforming the semantic diagrams of UML in classic Petri Nets4. A Petri Net with some extensions is created in the GHENeSys which also allows the insertion of formulas in CTL that can be verified. Figure 4 [5] shows the UML class diagram to this problem. In a cycle time three drives come to the station which has only two independent pumps.

**Figure 5.** Classic model to the gas problem.

using Petri Nets [5, 10, 18, 39, 40].

model such as

can see in the following.

**Figure 6.** Sanpshot of the GHENeSys verifier for property 4.

diagrams. There is a good discussion in the academy about the choice of the diagrams to each class of problem. Some authors prefer to go directly to SysML [4] while others just leave open the question about which diagrams should be used and invest in the analysis of this diagrams

Proceeding with our example let us suppose that we desire to verify some properties of the

Using GHENeSys, formulas 3 and 4 can be evaluated by the Timed Petri Net modeling as we

*getMoney* −→ ∀ � *Pumping* (3) ∀(*getMoney* −→ ∀ � *Pumping*) (4)

Timed Petri Nets 371

**Figure 4.** Class diagram to the problem of gas station.

In the gas station problem three different agents are identified: i) the gas station management who is responsible for charging the users, ii) the pumps that are supposed to serve gasoline to the costumers, and iii) the costumers, that is, drivers who are supposed to pay for a proper amount of gasoline and them help themselves. In this simple event we follow the model proposed in Baresi [5] where three drivers depends of only one cashier to pay for the gas and can use two different pumps to fill their cars. First of all we can guarantee that the proper process is followed and them we could insert a characteristic time in the basic operations. We used GHENeSys to provide the model using a classic P/T net. The resulting model is shown in the Fig. 5. This problem is to simple to use extensions but even in that case it would be possible to simply verify if the payment was done (using a gate) to enable the pump with the proper amount of gas instead or carrying the mark. For this problem it would be no significant difference in the size of the graph or in the resulting model.

The important feature here is to follow a modeling approach, which is implied in the steps described so far. Before modeling, requirements should be modeled in UML by semantic

<sup>4</sup> It would also be possible to synthesize a high level net, but this is not in the scope of the present work

**Figure 5.** Classic model to the gas problem.

12 Will-be-set-by-IN-TECH

formulas that could involve deterministic time (explicitly or not). In the simple example that

Besides the illustration of the use of deterministic time and the GHENeSys net, the example also shows a method adopted to the modeling with Petri Nets, which is based on eliciting requirements in UML and then (if the target is a dynamic system) transforming the semantic diagrams of UML in classic Petri Nets4. A Petri Net with some extensions is created in the GHENeSys which also allows the insertion of formulas in CTL that can be verified. Figure 4 [5] shows the UML class diagram to this problem. In a cycle time three drives come to the

In the gas station problem three different agents are identified: i) the gas station management who is responsible for charging the users, ii) the pumps that are supposed to serve gasoline to the costumers, and iii) the costumers, that is, drivers who are supposed to pay for a proper amount of gasoline and them help themselves. In this simple event we follow the model proposed in Baresi [5] where three drivers depends of only one cashier to pay for the gas and can use two different pumps to fill their cars. First of all we can guarantee that the proper process is followed and them we could insert a characteristic time in the basic operations. We used GHENeSys to provide the model using a classic P/T net. The resulting model is shown in the Fig. 5. This problem is to simple to use extensions but even in that case it would be possible to simply verify if the payment was done (using a gate) to enable the pump with the proper amount of gas instead or carrying the mark. For this problem it would be no significant

The important feature here is to follow a modeling approach, which is implied in the steps described so far. Before modeling, requirements should be modeled in UML by semantic

<sup>4</sup> It would also be possible to synthesize a high level net, but this is not in the scope of the present work

follow we show how this verification is performed in the GHENeSys system.

station which has only two independent pumps.

**Figure 4.** Class diagram to the problem of gas station.

difference in the size of the graph or in the resulting model.

diagrams. There is a good discussion in the academy about the choice of the diagrams to each class of problem. Some authors prefer to go directly to SysML [4] while others just leave open the question about which diagrams should be used and invest in the analysis of this diagrams using Petri Nets [5, 10, 18, 39, 40].

Proceeding with our example let us suppose that we desire to verify some properties of the model such as

$$
\forall \text{\textquotedblleft Money} \longrightarrow \forall \diamond \text{Pumping} \tag{3}
$$

$$
\forall \Box (getMoney \longrightarrow \forall \diamond Pumping) \tag{4}
$$

Using GHENeSys, formulas 3 and 4 can be evaluated by the Timed Petri Net modeling as we can see in the following.

**Figure 6.** Sanpshot of the GHENeSys verifier for property 4.

#### 14 Will-be-set-by-IN-TECH 372 Petri Nets – Manufacturing and Computer Science Timed Petri Nets <sup>15</sup>

The introduction of deterministic time (transition) would add more detail about the process, with the characteristic time for processing the payment or to fill a car. An organized queue would fail (even if works quite fine in the model) since this time can be modified depending of the user or to unpredictable events during the payment or during the supply process. However if specific (and deterministic)intervals such as 3 min for the payment and 5 min for the filling of gas are stablished, the system could handle 9 drivers in 25 min with a waiting time of at most 2 min for some drivers.

More convincing examples can be found in business, manufacturing or computer networks. More challenge problems emerged in the spatial applications or satellite control, but what is important is that even deterministic time approach can be used to solve a diversified set of problems. However, it could be stressed that the timed approach should be supported for tools and environments that rely in a sound and complementary approach to Timed Nets including Time Petri Nets. The approach shown here, inserted in the GHENeSys environment is exactly one of this cases. Besides, GHENeSys is an implementation of a unified net, that follows the specifications in ISO/IEC 15909 standard.

In the next section we go further in the discussion of using Petri Nets and specifically Timed Petri Nets to fit requirements that come in the new version of UML, which includes time diagrams and timelines.
