**4.3. Controller for reachability properties**

The algorithm proposed here for the safety properties, is also adaptable to reachability properties. A reachability controller running in parallel with the system should satisfy the property *AFgoal* meaning that a goal state will certainly be reached, where 'goal' is an atomic proposition specifying the goal states (Figure 8). For reachability properties, the controller should prevent all paths which terminates without reaching a goal state, or contains a loop on none goal states (Figure 8.b). Then, if we define state classes leading to such cases as bad states, a safety controller is able to control this system to satisfy the given reachability property. Thus, the algorithm proposed to safety properties is extensible to reachability properties with some minor modification and is presented in the algorithms 3 and 4. Note that, in this case, the set *goal* stands for the set of markings of goal states.

**Algorithm 3** On-the-fly algorithm for the reachability control of TPN- Part A

```
Function main(TPN N , Markings goal)
  Where N is a TPN and
  goal is a set of goal markings.
  Let Tc be the set of controllable transitions of N and
  α0 the initial state class of N .
  Passed = ∅
  if (explore(α0, �, {α0}) �= ∅) then
     {Controller does not exist}
     return
  end if
  for all ((α, Ω, L I) ∈ Passed) do
     Ctrl[α] = 
                (tc,ts,B I)∈LI
                            {(tc, ts, INT(α, tc − ts) − B I)}
  end for
  return
(∗)
α = (M, F);
Enc (M) = En(M) ∩ Tc ;
En0
  c (M) = Enc (M) ∪ {t0};
Newc(M,t) = New(M,t) ∩ Tc;
New(M0, �) = En(M0); New0(M0, �) = En(M0) ∪ {t0 };
t0 is a fictitious transition whose time variable is fixed at 0.
Dep(α,t, LI) ≡
∃(tc, ts, B I) ∈ LI,tc ∈/ New(M,t) ∧ (ts ∈/ New(M,t)∨
INT(α,tc − t0 ) �⊆ 
                I∈B I
                   (I ⊕ INT(α,ts − t0 )))
```
#### **Algorithm 4** On-the-fly algorithm for the reachability control of TPN-Part B

20 Will-be-set-by-IN-TECH

possible. When the algorithm is being synthesized, different scenarios are considered. During the execution, the controller decides upon the scenario the system is (the current state class).

The algorithm proposed here for the safety properties, is also adaptable to reachability properties. A reachability controller running in parallel with the system should satisfy the property *AFgoal* meaning that a goal state will certainly be reached, where 'goal' is an atomic proposition specifying the goal states (Figure 8). For reachability properties, the controller should prevent all paths which terminates without reaching a goal state, or contains a loop on none goal states (Figure 8.b). Then, if we define state classes leading to such cases as bad states, a safety controller is able to control this system to satisfy the given reachability property. Thus, the algorithm proposed to safety properties is extensible to reachability properties with some minor modification and is presented in the algorithms 3 and 4. Note that, in this case,

**4.3. Controller for reachability properties**

the set *goal* stands for the set of markings of goal states.

**Let** *Tc* **be the set of controllable transitions of** N **and**

**Function** *main*(*TPN* N , *Markings goal*)

**Where** N **is a TPN and** *goal* **is a set of goal markings.**

*Passed* = ∅

**return end if**

**end for return**

*Dep*(*α*,*t*, *LI*) ≡

*INT*(*α*,*tc* − *<sup>t</sup>*<sup>0</sup> ) �⊆

*Enc* (*M*) = *En*(*M*) ∩ *Tc* ;

*<sup>c</sup>* (*M*) = *Enc* (*M*) ∪ {*t*0}; *Newc*(*M*,*t*) = *New*(*M*,*t*) ∩ *Tc*;

(∗) *α* = (*M*, *F*);

*En*<sup>0</sup>

*α*<sup>0</sup> **the initial state class of** N **.**

**if** (*explore*(*α*0, *�*, {*α*0}) �= ∅) **then {Controller does not exist}**

**for all** ((*α*, Ω, *L I*) ∈ *Passed*) **do**

(*tc*,*ts*,*B I*)∈*LI*

*New*(*M*0, *�*) = *En*(*M*0); *New*<sup>0</sup>(*M*0, *�*) = *En*(*M*0) ∪ {*t*<sup>0</sup> }; *t*<sup>0</sup> is a fictitious transition whose time variable is fixed at 0.

∃(*tc*, *ts*, *B I*) ∈ *LI*,*tc* ∈/ *New*(*M*,*t*) ∧ (*ts* ∈/ *New*(*M*,*t*)∨

(*I* ⊕ *INT*(*α*,*ts* − *t*<sup>0</sup> )))

*I*∈*B I*

*Ctrl*[*α*] =

**Algorithm 3** On-the-fly algorithm for the reachability control of TPN- Part A

{(*tc*, *ts*, *INT*(*α*, *tc* − *ts*) − *B I*)}

```
Function Traces explore(Class α, Trans t, Classes C)
if (∃Ω, L I s.t. (α, Ω, L I) ∈ Passed) then
  if (Ω �= ∅ ∧ Dep(α, t, L I)) then
     return {t.ω|ω ∈ Ω}
  end if
  return ∅
end if
if (M ∈ goal) then
  return ∅
end if
if (En(M) = ∅) then
  return {t}
end if
Traces Ω = ∅
for all t� ∈ En(M) s.t succ(α, t�
                                ) �= ∅ do
  if succ(α, t�
              ) ∈ C then
     Ω = Ω ∪ {t�
                  }
  else
     Ω = Ω ∪ explore(succ(α, t�
                                ), t�
                                    , C∪{succ(α, t�
                                                    )})
  end if
end for
if (Ω = ∅) then
  Passed = Passed ∪ {(α, Ω, ∅)}
  return ∅
end if
L I = {(tc, ts, B I)|(tc, ts) ∈ Enc(M) × En0
                                          c (M) ∧
                    B I = 
                          ω∈Ω
                              INT(Fire(α, ω),tc − ts) ⊂ INT(α, tc − ts)}
Passed = Passed ∪ {(α, Ω, L I)}
if (Dep(α, t, L I)) then
  return {t.ω|ω ∈ Ω}
end if
return ∅
```
**Author details**

**6. References**

Parisa Heidari and Hanifa Boucheneb *École Polytechnique de Montréal, Canada*

*Technology Transfer* 8(3): 204 – 15.

*Analysis of Systems (TACAS)*, pp. 442–457.

nets using net unfolding, Vol. 2, pp. 97–100.

University of California, Irvine, United States.

nets, *Journal of Logic and Computation* 6(19): 1509–1540.

Universitet (Sweden).

*theory*, pp. 66–80.

24(9): 1036–1043.

[1] Altisen, K., Bouyer, P., Cachat, T., Cassez, F. & Gardey, G. [2005]. Introduction au contrôle des systèmes temps-réel, *Journal Européen des Systemes Automatises* 39(1-3): 367–380. [2] Behrmann, G., Bouyer, P., Larsen, K. & Pelanek, R. [2006]. Lower and upper bounds in zone-based abstractions of timed automata, *International Journal on Software Tools for*

A Forward On-The-Fly Approach in Controller Synthesis of Time Petri Nets 461

[3] Bengtsson, J. [2002]. *Clocks, DBMs and states in timed systems.*, dissertation, Uppsala

[4] Berthomieu, B. & Diaz, M. [1991]. Modeling and verification of time dependent systems using time Petri nets, *IEEE Transactions on Software Engineering* 17(3): 259–273. [5] Berthomieu, B. & Vernadat, F. [2003]. State class constructions for branching analysis of time Petri nets, *9th International Conference on Tools and Algorithms for the Construction and*

[6] Boucheneb, H., Gardey, G. & Roux, O. H. [2009]. TCTL model checking of time Petri

[7] Boyer, M. & Vernadat, F. [2000]. Language and bisimulation relations between subclasses

[8] Buy, U. & Darabi, H. [2003]. Deadline-enforcing supervisory control for time Petri nets., *IMACS Multiconference on Computational Engineering in Systems Applications (CESA)*. [9] Buy, U., Darabi, H., Lehene, M. & Venepally, V. [2005]. Supervisory control of time Petri

[10] Cassez, F., David, A., Fleury, E., Larsen, K. G. & Lime, D. [2005]. Efficient on-the-fly algorithms for the analysis of timed games, *16th International Conference on concurrency*

[11] Gardey, G., Roux, O. E. & Roux, O. H. [2006a]. Safety control synthesis for time Petri

[12] Gardey, G., Roux, O. & Roux, O. [2006b]. State space computation and analysis of time

[13] Heidari, P. & Boucheneb, H. [2010]. Efficient method for checking the existence of a safety/ reachability controller for time Petri nets, *10th International Conference on*

[14] Merlin, P. M. [1974]. *A study of the recoverability of computing systems*, Ph.d. dissertation,

[15] Merlin, P. M. & Farver, D. [1976]. Recoverability of communications protocols-implication of a theoretical study., *IEEE Trans. on Communications*

[16] Penczek, W. & Polrola, A. [2004]. Specification and model checking of temporal properties in time Petri nets and timed automata, *25th International conference on*

of timed petri nets with strong timing semantic, *Technical report, LAAS* .

nets, *8th International Workshop on Discrete Event Systems*, pp. 22–28.

petri nets, *Theory and Practice of Logic Programming* 6: 301 – 20.

*Application of Concurrency to System Design(ACSD)*, pp. 201–210.

*application and theory of Petri nets*, Vol. 3099 of LNCS, pp. 37–76.

**Figure 8.** Paths satisfying or not a reachability property. Black states should be avoided.
