In the sequel we will introduce two structural optimisations, namely micro reductions and pre/postset optimisations for connected environment nets.
We then examine optimising the order of formulas in the decision tree clas-sifying the summary nets. Last we discuss optimising the replacement time by parallelising the identification of the appropriate reduction.
5.7.1 Micro Reductions
Micro reductions determine the appropriate summary net for the smallest environment nets by just inspecting the net structure. We implemented two such replacement algorithms for connected environment nets. The summary net for an environment net Σe with just one transition and upto two places is determined by the algorithm in Listing 5.3. Since the environment has just one transition, it either behaves as a producer, a consumer or does not
5.7. Optimisations 147 change the token count on q, in which case we can replace it by a borrower net. If the transitiont is connected toqvia arcs with arc weight greater one, then tcan never be fired in Σsince q is 1-safe (line 7). Σe is a consumer if t can consume a token from q. We have to only check that p is sufficiently marked to allow at least one firing of a consuming transitiont—the contact place q might get marked later on (line 9).
1 l e t q be t he c o n t a c t p l a c e and t be t he t r a n s i t i o n ;
2 l e t p be t he o t h e r p l a c e i f i t e x i s t s ;
3 i n t ∆q := W(t, q)−W(q, t);
4 b o o l e n a b l e d_p := t r u e ;
5 i f (p e x i s t s ) e n a b l e d_p := W(p, t)≤Minit(p);
6 b o o l e n a b l e d := W(q, t)≤Minit(q) ∧ e n a b l e d_p;
7 i f(W(t, q)>1 ∨ W(q, t)>1) bo r r o wer ;
8 e l s e i f (∆q== 1 ∧ e n a b l e d ) pr o ducer ;
9 e l s e i f (∆q== −1 ∧ e n a b l e d_p) consumer ;
10 e l s e bo r r o wer ;
Listing 5.3: Micro reductions for one transition and up to two places.
The summary net for an environment net Σe with just two transitions, contact place q and upto one additional placepand maximal arc weight 1 is determined by the algorithm in Listing 5.4.
We replaceΣe with a borrower ifq is read only byt1 andt2. If|q•|<|•q|
holds, then either both transitions have q as output place and one of them may haveq as input place or only one transition has q as output. We check whether one transition can produce. A transition t1 ∈ •q\q• has a second input place p as input place, since q is 1-safe. If Minit(p) == 1 then t1 can generate a token on q. If t2 may consume the token from p, then Σe is an unreliable producer, else a producer (line 8-9). If Minit(p) == 0 then neither t1 nor t2 can change the token count on q and we can replace Σe by a borrower net.
If|q•|>|•q|holds, then either both transitions have q as input place and one of them may also have q as output place or only one transition has q as input and q has no input transitions. A transition t1 ∈q•\ •q can consume
148 5. Cutvertex Reductions a token from q, if it either has no further or its other input p is marked or can get marked by firing t2. If t1 cannot consume, then because of p being not sufficiently marked. We then check whether t2 can consume. If neither t1 nor t2 are enabled, the token count onqcannot be changed and we replace Σe by a borrower net.
If |•q| = |q•| but not •q = q•, then q has an input transition t1 and an output transition t2. Again p has to be input place of t1, since q is 1-safe in Σ. Line 20 handles the case that t1 has output q and reads p. The placepcan never get marked, since q is 1-safe inΣ. Hence if t2 has ponly as output,qcan never be marked since this would enablet2. We replace such an environment by a dead end. Ifpis initially marked,t1 can produce. Ift2 can also fire, then Σe is a producer-consumer else a producer. Transition t2 can fire, if does not depend on the token count onp. As pwill be unmarked after t1 fired. If p is initially unmarked, then t1 cannot produce (but regenerate).
Ift2 haspas input alsot2 is disabled and Σedoes not change the token count of q. Hence we replace Σe by a borrower. If t2 has no further input place, then Σe is a consumer.
1 l e t q be t he c o n t a c t p l a c e ;
2 l e t p be t he o t h e r p l a c e i f i t e x i s t s ;
3 i f(•q == q•) bo r r o wer ;
4 e l s e i f (|q•| < |•q|) {
5 l e t t1 be t he t r a n s i t i o n i n •q\q•;
6 l e t t2 be t he o t h e r t r a n s i t i o n ;
7 i f(Minit(p)==1) {
8 i f(t2 ∈p• ∧ q6∈t•2) u n r e l i a b l e _ pr o ducer ;
9 e l s e pr o ducer ;
10 } e l s e bo r r o wer ;
11 } e l s e i f (|q•|>|•q|) {
12 l e t t1 be a t r a n s i t i o n i n q•\ •q;
13 l e t t2 be t he o t h e r t r a n s i t i o n ;
14 i f( (|•t1|== 2) ⇒ (Minit(p)>0 ∨ (t2 ∈ •p\p•) ) ) consumer ;
15 e l s e i f(t2 ∈q•\ •q ∧ |•t2|== 1) consumer ;
5.7. Optimisations 149
16 e l s e bo r r o wer ;
17 } e l s e {
18 l e t t1 be t he t r a n s i t i o n i n •q ;
19 l e t t2 be t he t r a n s i t i o n i n q•;
20 i f(p∈(•t1∩t•1) ∧ p∈t•2 ∧ ¬(p∈ •t2) ) deadend ;
21 i f(Minit(p) == 1) {
22 i f(p∈ •t2) pr o ducer ;
23 e l s e producer−consumer ;
24 e l s e {
25 i f(p∈ •t2) bo r r o wer ;
26 e l s e consumer ;
27 }
28 }
Listing 5.4: Micro reductions for two transitions, contact place, upto one additional place and arc weights in {0,1}.
By using micro reductions we can efficiently replace the smallest envir-onment nets and do not have to model check this small nets (upto three times) exploring the full state space. Also we do not risk to explore spurious behaviour when examining the graph structure only.
5.7.2 Pre-/Postset Optimisation
A further means to decrease the costs of determining the appropriate sum-mary net is to inspect the initial marking of the contact place q and its pre-/postsets within the environment. Obviously, if the cutvertex has an empty postset within the environment, the environment net cannot consume a token, and if the cutvertex has an empty preset or if the cutvertex is ini-tially marked, the environment net cannot produce a token. We can be even more precise, if we take reading transitions into account. Letread(q)denote the set of transitions reading q and let qe• a short hand for the postset of q within the environment, qe• = q•∩Te, and analogously •qe = •q∩Te. An environment Σe cannot consume if qe•\read(q) =∅, and Σe cannot produce
150 5. Cutvertex Reductions may_produce := •qe\read(q)6=∅ ∧Minit(q) == 0
may_consume := qe•\read(q)6=∅ environment type prerequisite
producer may_produce
producer-consumer may_consume ∧ may_produce unreliable producer may_produce
dead end may_produce ∧ (qe• 6=∅)
consumer may_consume
Table 5.1: Structural prerequisites for the environment types
if •qe\read(q) =∅. It is easy to see, that an environment that can neither produce nor consume can be replaced by a Borrower net. Tabular 5.1 lists prerequisites for the different environment types. A Producer environment needs to be able to produce, hence there has to be a transition that can put a token onto the contact place q. Similarly, the producing environments Producer-Consumer, Unreliable Producer and Dead End need to be able to place a token onq. The Producer-Consumer also has to be able to consume the token. A Dead End environment has to consume a token from q or at least read q, since otherwise q could not be 1-safe in the original net. Using these criteria, the traversal of the decision tree (cf. Fig. 5.4) to determine the appropriate summary may be considerably shortened.
5.7.3 Order of Formulas
How many states are explored to determine the appropriate summary net, depends also on the order in which the formulas are checked on Σe. For instance if an oracle tells us that the environments are in majority producing, then we start by checking AFG(q,1)first and postpone the check of AG(q,0) (cf. Fig. 5.4). So if we have an environment net and its contact placeq such that |q•| = 0, then we start by checking AFG(q,1). Also |q•| = 0 implies that Σe cannot be a Producer-Consumer environment. If |•q| = 0, then Σe
cannot generate a token on q. So we do not have to check AG(q,0)on Σeq=0
or whether Σeq=1 is 1-safe.