Based on the search command in Listing 7, Figure 11 shows the resulting state graph. All the states are calculated by all possible rewrite rules of Def. 3 and Def. 5. Finally, theshow search graphcommand returns a text-based result of such states search as in Listing 7.
1 s e a r c h i n i t i a l =>! net ( P : P l a c e s , T : T r a n s i t i o n s , P r e : P r e , P o s t : P o s t ,
3 Any:Markings )
R u l e s : R u l e MaxID:Int S t e p S i z e : I n t
5 a i d P : I D P o o l .
show s e a r c h graph .
Listing 6:Maude search commands for a Maude net
Thesearchcommand output is exemplarily presented in Listing 7. At first,No solution.
signifies that no final state, such as deadlocks, is found. The next line gives a general overview of the states found or the required time. Afterwards, the output is grouped by all states, such as state 0, and followed by the related outgoing arcs, as for examplearc 0 ===> state 1.
s e a r c h in NET : i n i t i a l =>! net ( P : P l a c e s , T : T r a n s i t i o n s , P r e : P r e , P o s t : P o s t , Any:Markings ) R u l e s : R u l e MaxID:Int 2 S t e p S i z e : I n t a i d P : I D P o o l .
4 No s o l u t i o n .
s t a t e s : 12 r e w r i t e s : 161 in 1ms cpu ( 0 ms r e a l ) ( 1 6 1 0 0 0 r e w r i t e s / second )
6 s t a t e 0 , C o n f i g u r a t i o n : net ( p l a c e s{p ( ” P ” | 2 | w) , p ( ” P ” | 3 | w) } , t r a n s i t i o n s{t ( ” T” | 4 ) : t ( ” T” | 5 )} , pre{( t ( ” T” | 4 ) −−> p ( ” P ” | 3 | w) ) , t ( ” T” | 5 ) −−> p ( ” P ” | 3 | w) }, p o s t {( t ( ” T” | 4 ) −−> p ( ” P ” | 2 | w) ) , t ( ” T” | 5 )
−−> p ( ” P ” | 2 | w) }, marking{p ( ” P ” | 3 | w) ; p ( ” P ” | 3
| w)}) r u l e ( l ( net ( p l a c e s{p ( ” P ” | 16 | w) , p ( ” P ” | 19 | w) }, t r a n s i t i o n s {t ( ” T” | 2 3 )} , pre{t ( ” T” | 2 3 ) −−> p ( ” P
” | 16 | w) } , p o s t{t ( ” T” | 2 3 ) −−> p ( ” P ” | 19 | w) } , marking{ p ( ” P ” | 19 | w) ; p ( ” P ” | 19 | w) }) ) , r ( net ( p l a c e s{p ( ” P ” | 16 | w) , p ( ” P ” | 19 | w)} , t r a n s i t i o n s{t ( ” T” | 2 5 )} , pre{t ( ” T” | 2 5 ) −−> p ( ” P ” | 19 | w)} , p o s t {t ( ” T” | 2 5 ) −−> p ( ” P ” | 16 | w)} , marking{p ( ” P ” | 19 |
w) ; p ( ” P ” | 19 | w) }) ) ) 25 10 a i d
{2 5 , ( 2 6 , ( 2 7 , ( 2 8 , ( 2 9 , ( 3 0 , ( 3 1 , ( 3 2 , ( 3 3 , ( 3 4 , ( 3 5 ) ) ) ) ) ) ) ) ) )} a r c 0 ===> s t a t e 1 (c r l net ( P : P l a c e s , t r a n s i t i o n s {
T : T r a n s i t i o n s : T R e s t : T r a n s i t i o n s} , pre{ MTupleRest1:MappingTuple , T : T r a n s i t i o n s −−>
P r e V a l u e : P l a c e s} , p o s t{MTupleRest2:MappingTuple ,
T : T r a n s i t i o n s −−> P o s t V a l u e : P l a c e s}, marking{M:Markings
; P r e V a l u e : P l a c e s }) R u l e s : R u l e MaxID:Int S t e p S i z e : I n t a i d : I D P o o l => net ( P : P l a c e s , t r a n s i t i o n s{ T : T r a n s i t i o n s :
T R e s t : T r a n s i t i o n s }, pre{MTupleRest1:MappingTuple ,
3 Model Checker for Reconfigurable Petri Net
T : T r a n s i t i o n s −−> P r e V a l u e : P l a c e s} , p o s t{ MTupleRest2:MappingTuple , T : T r a n s i t i o n s −−>
P o s t V a l u e : P l a c e s} , c a l c ( ( ( M:Markings ; P r e V a l u e : P l a c e s ) minus P r e V a l u e : P l a c e s ) p l u s P o s t V a l u e : P l a c e s ) )
R u l e s : R u l e MaxID:Int S t e p S i z e : I n t a i d : I D P o o l i f c a l c ( ( M:Markings ; P r e V a l u e : P l a c e s ) p l u s P o s t V a l u e : P l a c e s )
<=? P o s t V a l u e : P l a c e s = t r u e [ l a b e l f i r e ] . ) 8 . . .
Listing 7:Example output for the search commands in Listing 7
Ruler2in Figure 10 is used as an example to show a deadlock. Its differences withr1has other arc directions so that it is possible that a rule application ends in a deadlock. Such deadlocks are visible as sinks in Figure 12 as state without outgoing arcs.
P
T ⊆
P
L
P
T T
P
K
P
⊇ T
P
R
Figure 10:Example ruler2which changes the arc direction, can result in a deadlock
state 0 : P3,P3 state 1 : P2,P3
T,4:P,3->P,2T,5:P,3->P,2 state 2 : P2,P2T,4:P,3->P,2T,5:P,3->P,2 state 3 : P2,P2
R1-PNML: d{T[T,4:P,3->P,2]} -> a{T[T,4:P,2->P,3]} state 4 : P2,P2
R1-PNML: d{T[T,5:P,3->P,2]} -> a{T[T,5:P,2->P,3]}
state 5 : P2,P3
T,4:P,2->P,3 state 6 : P2,P2
R1-PNML: d{T[T,5:P,3->P,2]} -> a{T[T,5:P,2->P,3]} R1-PNML: d{T[T,4:P,3->P,2]} -> a{T[T,4:P,2->P,3]} state 7 : P2,P3 T,5:P,2->P,3
T,5:P,3->P,2 state 8 : P3,P3
T,4:P,2->P,3
state 9 : P2,P3
T,4:P,2->P,3T,5:P,2->P,3 T,4:P,3->P,2
state 10 : P3,P3 T,5:P,2->P,3 R1-PNML: d{T[T,4:P,2->P,3]} -> a{T[T,4:P,3->P,2]} T,5:P,3->P,2 state 11 : P3,P3T,4:P,2->P,3T,5:P,2->P,3
R1-PNML: d{T[T,5:P,2->P,3]} -> a{T[T,5:P,3->P,2]} T,4:P,3->P,2
R1-PNML: d{T[T,5:P,2->P,3]} -> a{T[T,5:P,3->P,2]}R1-PNML: d{T[T,4:P,2->P,3]} -> a{T[T,4:P,3->P,2]}
Figure 11:Abstract reachablility graph (ARG) forN1andr1
3 Model Checker for Reconfigurable Petri Net
state 0 : P3,P3 state 3 : P3,P3
R2-PNML: d{T[T,5:P,3->P,2]} -> a{T[T,5:P,2->P,3]} state 2 : P3,P3
R2-PNML: d{T[T,4:P,3->P,2]} -> a{T[T,4:P,2->P,3]} state 1 : P2,P3
T,4:P,3->P,2T,5:P,3->P,2 state6
R2-PNML: d{T[T,4:P,3->P,2]} -> a{T[T,4:P,2->P,3]} state 7 : P2,P3 T,4:P,3->P,2R2-PNML: d{T[T,5:P,3->P,2]} -> a{T[T,5:P,2->P,3]} state 5 : P2,P3
T,5:P,3->P,2 state4
T,4:P,3->P,2T,5:P,3->P,2
T,4:P,2->P,3 state 8 : P2,P2
T,5:P,3->P,2
T,5:P,2->P,3 state 9 : P2,P2
T,4:P,3->P,2 R2-PNML: d{T[T,4:P,2->P,3]} -> a{T[T,4:P,3->P,2]}
T,4:P,2->P,3 R2-PNML: d{T[T,5:P,2->P,3]} -> a{T[T,5:P,3->P,2]}
T,5:P,2->P,3
Figure 12:Abstract reachablility graph (ARG) forN1andr2with deadlock statesstate 4and6
This chapter introduce the Maude net of [3] formally. The following labelled transition systems are defined in combination with Maude term replacement rules so that their labels are given for reconfigurable Petri nets (in Def. 15) as well as for a Maude net (in Def. 16). Further, both transition systems are used as a basis for the definition and proof of bisimulation in the following chapter 5.
4.1 Maude net
The main term of a reconfigurable Petri net is called a Maude net. It combines a net and a set of rules as well as metadata such as the highest identifier. The following section introduces the formal definition of theNETmodule that is introduced in [3]. Therefore, this section aims to define theNETmodule using a definition and the implementation of required sorts and operators.
The conversion of Theorem 1 is based on the reconfigurable Petri nets in Def. 5 and a Maude net configurationTConfiguration as a conversion target specified in Def. 14. A Maude net configuration in Def. 14 again includes a net of Def. 12 and a set of rules in Def. 13, and, therefore, specifies all parts of a reconfigurable Petri net.
First, it specifies Def. 12, which is a net including places, transitions,pre- andpost-domains as well as markings through sorts for each term, identity elements and separation operators.
Therefore, a net can be written as shown in Listing 1.
4 Labelled Transition Systems
Definition 12(Maude net and its term sets). A Maude net is provided by a Maude moduleNET (see Listing 18) byinitial = net(P, T, Pre, Post, M), hence the following well-formed conditions hold:
• P = places{ emptyPlace }or
P = places{p1, ..., pn}so that somepi andpj are pairwise disjoint:pi = pj =⇒ i=j
• T = transitions { emptyTransition }or
T = transitions { t1 : ... :tm }so that someti and tj are pairwise disjoint:
ti =tj =⇒ i=j
• Pre = pre { emptyMappingTuple }or
Pre = pre { mappingTuple1, ...,mappingTupleo }with mappingTuplei=(ti−−>emptyPlace)or
mappingTuplei = (ti−−>{pi1, ..., pis}) so that some ti and tj are pairwise disjoint:
ti =tj =⇒ i=jandpiu∈ {p1, ..., pn}
• Post = post { emptyMappingTuple }or
Post = post { mappingTuple1, ...,mappingTupleu }with mappingTuplei=(ti−−>emptyPlace)or
mappingTuplei = (ti−−>{pi1, ..., pis}) so that some ti and tj are pairwise disjoint:
ti =tj =⇒ i=jandpiu∈ {p1, ..., pn}
• M = marking { emptyMarking }or
M = marking { p1, ..., pk }withpi ∈ {p1, ..., pn}
Further, a Maude net rule is defined in Def. 13. It combines the left and right sides of a rule in Rto form a Maude net rule. As a wrapper, the operatorruleis used, which contains thel and theroperators for both sides.landrboth contain a net of Def. 12.
Definition 13(Term sets for rules [3]). After moduleNETgives a Maude net, the sorts Left-HandSide,RightHandSideandRuledescribe term sets of rules (see Listing 16).
Finally, the definition of the Maude net configuration in Def. 14 combines the Maude net term in Def. 12 and a set of rule terms in Def. 13 with metadata such as the highest identifier that is currently used, and a set of free identifiers wrapped in theIDPool.
Definition 14(Maude net configuration and its term sets [3]). A Maude net configuration is given by a Maude moduleNET as in Def. 12. Thereafter, aConfigurationis defined by IDPool,IntandConfiguration(see Listing 15).
With respect to membership equation logic [40, 41], the specification for reconfigurable Petri nets is given byRPN(N) = (Σ, V, E). That specification is given as Maude source code in the following pages through listings forsorts, as in Listing 8 or Listing 11 foroperators. Therefore, a membership equation logic is defined by a triple(Σ, V, E), where a signature Σ = (K, S,Ω)is based onV that contains variables and axioms inE. Additionally,Scontains all sorts that are listed in Listing 8,Kcontains all kinds overSandΩincludes all operators that are listed in Listing 10 and Listing 11.
As the base, the types are declared in Listing 8.Netand all included types such asPlaces, Transitions, etc. for the Def. 12 andRule, RightHandSideand LeftHand-Sidefor the rule definition in Def. 13.
s o r t Net . s o r t P l a c e s .
2 s o r t T r a n s i t i o n s . s o r t Pre .
s o r t Post . s o r t MappingTuple .
4 s o r t Markings . s o r t Omega .
s o r t Rule . s o r t RightHandSide .
6 s o r t LeftHandSide .
Listing 8:Sorts of a reconfigurable Petri net defined in Maude [3]
4 Labelled Transition Systems
As defined in Def. 12, each term set has a separation operator for more than one term. For PlacesandMappingTuple, the ”,“is used. ”+“is defined as a separation operator for Placesterms that describes the firing step, including the marking calculation. Transi-tionsare separated using ”:“andMarkingsusing ”;“.
op p l a c e s{ } : P l a c e s −> P l a c e s .
2 op t r a n s i t i o n s{ } : T r a n s i t i o n s −> T r a n s i t i o n s . op pre{ } : MappingTuple −> Pre .
4 op p o s t{ } : MappingTuple −> Po st . op marking{ } : Markings −> Markings . 6
op , : P l a c e s P l a c e s −> P l a c e s 8 [c t o r a s s o c comm i d : emptyPlace ] .
op + : P l a c e s P l a c e s −> P l a c e s 10 [c t o r a s s o c comm i d : emptyPlace ] .
op : : T r a n s i t i o n s T r a n s i t i o n s −> T r a n s i t i o n s 12 [c t o r a s s o c comm i d : e m p t y T r a n s i t i o n ] .
op , : MappingTuple MappingTuple −> MappingTuple 14 [c t o r a s s o c comm i d : emptyMappingTuple ] .
op ; : Markings Markings −> Markings 16 [c t o r a s s o c comm i d : emptyMarking ] .
Listing 9:Wrapping and grouping operators of a reconfigurable Petri net defined in Maude [3]
If a net does not contain nodes, such as places or transitions, their identity elements can be used. For eachsort, an element in Listing 10 is defined. Hence, it is feasible to write places{emptyPlace}if there is no place.
op emptyPlace : −> P l a c e s .
2 op e m p t y T r a n s i t i o n : −> T r a n s i t i o n s . op emptyMappingTuple : −> MappingTuple . 4 op emptyMarking : −> Markings .
op w : −> Omega .
6 op emptyRule : −> Rule .
Listing 10:Identity elements of a reconfigurable Petri net defined in Maude [3]
The definition of single places, transitions, pre- and post- domains, and rules are shown in Listing 11. A place consists of the sortPlacesand thep(<label>|
<identifier>|<capacity>)operator, where the capacity is either a concrete inte-ger or a ”w“for omega. Transitions are defined with their Transitionssort while the t(<label>|
<identifier>)operator combines a label and an identifier for each transition. Map-pingTuple is used to define thepre- and post-domains for each transition (and Tran-sitions term). It consists of (<transition> −− > <places>), where one
<transition>is mapped to a set of<places>. Finally, Def. 13 that are based on the left-hand and right-hand sides of aruleare given by thelandroperators as well as by ”|“, which is used as a separator.
∗ ∗ ∗ p ( < l a b e l > | < i d > | < c a p a c i t y > ) 2 op p ( | | ) : S t r i n g I n t I n t −> P l a c e s .
op p ( | | ) : S t r i n g I n t Omega −> P l a c e s . 4 ∗ ∗ ∗ t ( < l a b e l > | < i d > )
op t ( | ) : S t r i n g I n t −> T r a n s i t i o n s . 6
∗ ∗ ∗ t → P⊕
8 op ( −−> ) : T r a n s i t i o n s P l a c e s −> MappingTuple . 10 ∗ ∗ ∗ r u l e
op | : Rule Rule −> Rule
12 [c t o r a s s o c comm i d : emptyRule ] . op l : Net −> LeftHandSide . 14 op r : Net −> RightHandSide .
op r u l e : LeftHandSide RightHandSide −> Rule .
Listing 11:Operator definitions of a reconfigurable Petri net defined in Maude [3]
4 Labelled Transition Systems
Listing 12 concatenates the Def. 12 and the implementation above in Listings 8 to 11, and Def.
13 to a Maude net configuration in Def. 14. Additionally, aIDPoolconsists of its identity elementemptyIDSet, the ”,“as separator operator andaid{...}as wrapper for all free identities.
1 s o r t IDPool .
op emptyIDSet : −> I n t .
3 op , ( ) : I n t I n t −> I n t [comm i d : emptyIDSet ] . op a i d{ } : I n t −> IDPool .
5
s o r t C o n f i g u r a t i o n .
7 ∗ ∗ ∗ READING: NET SET<RULE> MAXID STEP SIZE ID
op : Net Rule I n t I n t IDPool −> C o n f i g u r a t i o n . Listing 12:Implementation of the Maude net configuration in Maude [3]