Transition Cover-Based Design of Petri Net Controllers ... - IEEE Xplore

196

IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS: SYSTEMS, VOL. 44, NO. 2, FEBRUARY 2014

Transition Cover-Based Design of Petri Net Controllers for Automated Manufacturing Systems Huixia Liu, Keyi Xing, Member, IEEE, MengChu Zhou, Fellow, IEEE, Libin Han, and Feng Wang

Abstract—In automated manufacturing systems (AMSs), deadlock problems must be well solved. Many deadlock control policies, which are based on siphons or Resource-Transition Circuits (RTCs) of Petri net models of AMSs, have been proposed. To obtain a live Petri net controller of small size, this paper proposes for the first time the concept of transition covers in Petri net models. A transition cover is a set of Maximal Perfect RTCs (MPCs), and the transition set of its MPCs can cover the set of transitions of all MPCs. By adding a control place with the proper control variable to each MPC in an effective transition cover to make sure that it is not saturated, it is proved that deadlocks can be prevented, whereas the control variables can be obtained by linear integer programming. Since the number of MPCs in an effective transition cover is less than twice that of transition vertices, the obtained controller is of small size. The effectiveness of a transition cover is checked, and ineffective transition covers can be transformed into effective ones. Some examples are used to illustrate the proposed methods and show the advantage over the previous ones. Index Terms—Automated manufacturing systems (AMSs), deadlock control, discrete event system, linear integer programming (LIP), Petri nets, siphons.

I. I NTRODUCTION

T

HIS PAPER addresses a deadlock control problem in automated manufacturing systems (AMSs). An AMS consists of a set of finite resources such as machines, buffers, and robots. Different types of parts enter the system at discrete times and are concurrently processed. All parts processed in the system compete for these finite resources; thus, problems such as blocking, conflict, and deadlocks may occur. In particular, deadlock states imply a global or local stoppage of the system, which leads to catastrophic results in an AMS [2]–[6], [8]– [16], [18]–[27], [30]–[32]. Therefore, to effectively operate an AMS and to make the best use of its system resources [29], it is necessary to develop an efficient deadlock control policy to guarantee that deadlocks never occur in it. Manuscript received January 21, 2012; revised June 19, 2012 and August 17, 2012; accepted November 9, 2012. Date of publication March 7, 2013; date of current version January 13, 2014. This work was supported in part by the National Nature Science Foundation of China under Grant 60774083 and Grant 50975224 and National Basic Research Program of China under Grant 2011CB302804. This paper was recommended by Associate Editor M. K. Tiwari. H. Liu, K. Xing, L. Han, and F. Wang are with the State Key Laboratory for Manufacturing Systems Engineering and the Systems Engineering Institute, Xi’an Jiaotong University, Xi’an 710049, China (e-mail: liu.hui.xia@ stu.xjtu.edu.cn; [email protected]; [email protected]; fwang@ sei.xjtu.edu.cn). M. Zhou is with the Ministry of Education Key Laboratory of Embedded System and Service Computing, Tongji University, Shanghai 200092, China, and also with the Department of Electrical and Computer Engineering, New Jersey Institute of Technology, Newark, NJ 07102 USA (e-mail: zhou@ njit.edu). Digital Object Identifier 10.1109/TSMC.2013.2238923

It is well known that Petri nets are a powerful tool for modeling and analyzing discrete event systems, particularly AMSs [10], [17], [30]–[32]. Researchers use Petri nets as a formalism to describe AMSs and develop appropriate deadlock resolution methods [2]–[4], [8]–[16], [18]–[27]. Generally, methods derived from a Petri net formalism for dealing with deadlocks are classified into three categories, namely, deadlock detection and recovery [11], [12], deadlock avoidance [12], [18], [20]–[27], and deadlock prevention [2]–[4], [8], [9], [11], [13]–[16], [19], [26], [27]. The first one uses a monitoring mechanism for detecting the deadlock occurrence and a resolution procedure for appropriately preempting some deadlocked resources. Avoidance methods are online control policies that use feedback information on the current resource allocation status and future process resource requirements, to keep the system away from deadlock states. The last one is usually achieved by establishing a static resource allocation policy such that the system can never enter a deadlock state. This paper focuses on deadlock prevention methods. A number of such methods characterize deadlocks in terms of siphons or resource-transition circuits (RTCs). Deadlocks can be prevented by avoiding empty siphons or saturated RTCs in Petri nets. Xing et al. [26] modeled a production system by using production Petri net (PPN) and defined a set of transitions in deadlocks as a set of transitions that cannot fire any more because they are not enabled by resource places. To guarantee that all the transitions of the PPN are not in deadlocks, they defined a Petri net structure related to siphons that must not be empty. When all the resource capacities are more than one, the proposed policy is maximally permissive because it cannot incur restricted deadlocks. Ezpeleta et al. [4] described an AMS using a particular class of Petri nets, which is called systems of simple sequential processes with resources (S3 PRs). It is shown that a marked S3 PR net is live if and only if, for each reachable marking from the initial markings, each minimal siphon has at least one token. To prevent each minimal siphon from being empty, they added a control place and related arcs to it, which guarantees the liveness of the controlled system. Chu and Xie [3] exploited the potential of siphons for the analysis of ordinary Petri nets and proposed a mathematical programming approach and a mixed-integer programming approach for checking general Petri nets and structurally bounded Petri nets, respectively, without the complete siphon enumeration of a plant model. The proposed methods in [3] are applied to Petri net modeling of AMSs and provide deadlock prevention and detection methods. The prevention algorithm is presented in detail in [8], where the AMS is modeled by an S3 PR net. The method is an iterative approach consisting of two main stages.

2168-2216 © 2013 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

LIU et al.: TRANSITION COVER-BASED DESIGN OF PETRI NET CONTROLLERS

The first stage, which is known as siphon control, adds, for each unmarked minimal siphon, a control place to the original net with its output arcs to the sink transitions of the minimal siphon. The second stage, which is known as augmented siphon control, is to add a control place to the modified net with its output arcs to the source transitions of the resultant net if the resource places are removed. The second stage assures that there are no new unmarked siphons generated when adding the control places of the first stage. To simplify the structure of the controlled Petri nets, Li and Zhou [13] presented the concept of elementary siphons, whose number is linear with the larger of place and transition counts and, thus, much less than that of all strict minimal siphons (SMSs). They then developed a deadlock prevention algorithm by adding a control place only to each elementary siphon. Xing et al. [27] presented the concept of RTCs and used it to characterize deadlock states in AMSs modeled by S3 PRs. An RTC is a circuit that only contains resource places and transitions in S3 PRs. Wu [21] and Wu and Zhou [22] proposed production process circuits in the resource-oriented Petri nets (ROPNs), which are also a special class of circuits that play an important role for the liveness of ROPNs. They are important structural characterization of deadlock in different Petri net models. For a marked S3 PR without center resources, Xing et al. [27] derive an optimal Petri-net-based polynomial complexity deadlock avoidance policy. For a marked S3 PR with center resources, by reducing it and applying the design of an optimal deadlock avoidance policy to the reduced one, a suboptimal deadlock avoidance policy is synthesized, and its computation is of polynomial complexity. Enlightened by the work in [13] and [27], in this paper, we propose a new deadlock prevention policy for S3 PRs based on RTCs. We introduce, for the first time, the concept of transition covers. A transition cover is a subset of maximal perfect RTCs (MPCs), and its transition set can cover the set of transitions of all MPCs in S3 PRs. The number of MPCs in a transition cover is much less than that of all MPCs and polynomially grows with respect to the size of the original net. By designing a control place with a proper control variable to each MPC in an effective transition cover, we can design live Petri net controllers for S3 PRs, whereas the control variables can be determined by solving a linear integer programming (LIP) problem. A transition cover for S3 PRs can be obtained by a proposed algorithm with polynomial complexity. However, such obtained transition covers may not be effective. An example in this paper has shown that such an ineffective transition cover corresponds to a set of elementary siphons, and based on it, a live Petri net controller may not exist. To obtain an effective one, a transformation algorithm is presented by which ineffective ones can be transformed into effective ones. The rest of this paper is organized as follows: Section II reviews basic definitions and properties of Petri nets, S3 PRs, and RTCs. Section III introduces the definitions of transition covers and deadlock controllers. In Section IV, the concept of an effective transition cover is introduced, and an LIP problem is defined for determining the values of control variables. An algorithm for computing a transition cover and a transformation

197

algorithm are presented. A deadlock prevention method based on transition covers is finally proposed in Section IV. Three examples are used to illustrate the proposed method in Section V. Finally, Section VI concludes this paper. II. P RELIMINARIES This section presents Petri nets, S3 PRs, and MPCs. The reader is referred to [1], [4], [7], [17], and [27]–[32] for more details. A. Basic Definitions of Petri Nets and Graphs A Petri net is a 3-tuple N = (P, T, F ), where P and T are finite, nonempty, and disjoint sets. P is a set of places, and T is a set of transitions. F ⊆ (P × T ) ∪ (T × P ) is a set of directed arcs. Given a Petri net N = (P, T, F ) and a vertex x ∈ P ∪ T , the preset of x is defined as • x = {y ∈ P ∪ T |(y, x) ∈ F }, and the postset of x is defined as x• = {y ∈ P ∪ T |(x, y) ∈ F }. The notation can be extended to a set. For example, let X ⊆ P ∪ T , then • X = ∪x∈X • x and X • = ∪x∈X x• . A state machine is a Petri net in which each transition has exactly one input place and one output place, i.e., ∀t ∈ T , |t• | = |• t| = 1. A marking or a state of N is a mapping M : P → Z+ , where + Z is the nonnegative integer set. Given a place p ∈ P and a marking M , M (p) denotes the number of tokens in p at M , and we use Σp∈P M (p)p to denote vector M . Let S ⊆ P be a set of places, the sum of tokens in all places of S at M is denoted by M (S), i.e., M (S) = Σp∈S M (p). A Petri net N with an initial marking M0 is called a marked Petri net or a net for simplicity, which is denoted by (N, M0 ). A transition t ∈ T is enabled at a marking M , which is denoted by M [t >, if ∀p ∈ • t, M (p) > 0. An enabled transition t at M can be fired, resulting in a new marking M , which is denoted by M [t > M , where M (p) = M (p) − 1, ∀p ∈ • t \ t• ; M (p) = M (p) + 1, ∀p ∈ t• \ • t; and otherwise, M (p) = M (p), ∀p ∈ P − {• t \ t• , t• \ • t}. A sequence of transitions α = t1 t2 . . . tk , ti ∈ T , i ∈ Nk = {1, 2, . . . , k}, is feasible from a marking M , if there exists Mi [ti > Mi+1 , i ∈ Nk , where M1 = M , and Mi is called a reachable marking from M . Let R(N, M0 ) denote the set of all reachable markings of N from M0 . A transition t is live if ∀M ∈ R(N, M0 ), ∃M ∈ R(N, M ) such that M [t > holds. It is dead under M if there is no reachable marking from M that enables t. A net is live if every transition is live. Let P1 ⊆ P and T1 ⊆ T . The subnet generated by P1 and T1 , which is denoted by N [P1 , T1 ], is a Petri net N [P1 , T1 ] = (P1 , T1 , F1 ), where F1 = F ∩ ((P1 × T1 ) ∪ (T1 × P1 )). The composition of two Petri nets Ni = (Pi , Ti , Fi ), i ∈ {1, 2}, via the same elements, which is denoted by N1 ⊗N2 , is a Petri net N1 ⊗N2 = (P, T, F ), where P = P1 ∪ P2 , T = T1 ∪ T2 , and F = F1 ∪ F2 . Two marked Petri nets (Ni , Mi0 ) = (Pi , Ti , Fi , Mi0 ), i ∈ {1, 2}, are compatible if ∀p ∈ P1 ∩ P2 , M10 (p) = M20 (p). The composition of two compatible marked Petri nets (N1 , M10 ) and (N2 , M20 ) is a marked Petri net (N1 , M10 )⊗(N2 , M20 ) = (P, T, F, M0 ), where (P, T, F ) = N1 ⊗N2 ; M0 (p) = Mi0 (p) if p ∈ Pi , i ∈ {1, 2}.

198


A digraph G(V, A) consists of a set V of vertices and a set A of arcs, in which A can be regarded as a set of ordered pairs of vertices, i.e., A ⊆ V ×V . We consider only graphs without selfloops and multiple arcs in this paper. We write (x, y) = e ∈ A and call x the initial vertex and y the terminal vertex of e, respectively. We refer to both x and y as the endpoints of the arc e. A chain in G(V, A) is a sequence of vertices α = x0 x1 x2 . . . xq such that either ek = (xk−1 , xk ) ∈ A or ek = (xk , xk−1 ) ∈ A. q is its length. It is closed if its initial and terminal vertices coincide. It is simple (elementary) if it does not contain the same arcs (vertices) twice or more. A cycle is a closed simple chain. A walk is a chain α = x0 x1 x2 . . . xq such that ek = (xk−1 , xk ). A path is a simple walk. A circuit is a closed walk. A circuit of length 2 is called a double edge. Let c1 = x1 x2 . . . xn and c2 = y1 y2 . . . ym be two chains and xn = y1 . Then, c = x1 x2 . . . xn y2 . . . ym is, again, a chain, which is called as the union of c1 and c2 , which is denoted by c = c1 ∪ c2 . If G(V, A) is a digraph, then G0 (V, A0 ) denotes the underlying undirected graph that is obtained by ignoring the direction of the arcs and identifying double edges. A directed graph G(V, A) is strongly connected if for all x, y ∈ V , there is a path from x to y and a path from y to x. Let α be a simple chain in G(V, A). Then, we define the arc-indexed vector C (with coordinates C(e), e ∈ A) by C(e) = +1 if e = ek = (xk−1 , xk ) ∈ α, C(e) = −1 if e = ek = (xk , xk−1 ) ∈ α, and C(e) = 0 if e ∈ / α. The cycle space ϑ of G(V, A) is the subspace of R|A| that is generated by the vectors associated with cycles of G(V, A), where R is the real number set. A circuit basis is a basis of the cycle space ϑ of G(V, A) exclusively consisting of elementary circuits. By [1], a strongly connected digraph G(V, A) has a circuit basis. A minimal circuit basis is a circuit basis with a minimal length. According to [7], the dimension of the cycle space ϑ is d = |A| − |V | + c(G0 ), where c(G0 ) denotes the number of connected components of G0 (V, A0 ). An algorithm for computing a minimal circuit basis in G(V, A) is outlined in [7], and its time complexity is, at most, O(d|A|2 |V |). B. S3 PRs S3 PRs are first developed in [4] for modeling AMSs with flexible routes and defined in a recursive way. Definition 1 [4]: A simple sequential process (S2 P) is a Petri net N = (P ∪ P0 , T, F ), where (1.1) P = ∅, p ∈ P is called an operation place, P0 = {p}, P ∩ P0 = ∅, and p0 is called a process idle place; (1.2) N is a strongly connected state machine; and (1.3) every circuit of N contains p0 . Definition 2 [4]: A simple sequential process with resources (S2 PR) is a Petri net N = (P ∪ P0 ∪ PR , T, F ), where (2.1) the subset generated by P ∪ P0 and T is an S2 P; (2.2) PR = ∅ and (P ∪ P0 ) ∩ PR = ∅, where r ∈ PR is called a resource place; (2.3) ∀p ∈ P , ∀t ∈ • p, and ∀t ∈ p• , • t ∩ PR = t• ∩ PR = {r}, which is denoted by R(p) = r; (2.4) the following two statements are true: a) ∀r ∈ PR , •• r ∩ P = r•• ∩ P = ∅ and b) ∀r ∈ PR , • r ∩ r• = ∅; and (2.5) •• (p0 ) ∩ PR = (p0 )•• ∩ PR = ∅, where {p0 } = P0 .

The notation R(p) can be extended to a set. For example, let E ⊆ P , then R(E) = ∪p∈E R(p). H(r) = {p ∈ P |R(p) = r} is called as the holder set of r. Definition 3 [4]: A system of S2 PR, which is called an 3 S PR for short, is recursively defined as follows. (3.1) An S2 PR is an S3 PR. (3.2) Let Ni = (Pi ∪ P0i ∪ PRi , Ti , Fi ), i ∈ {1, 2}, be two S3 PRs, such that (P1 ∪ P01 ) ∩ (P2 ∪ P02 ) = ∅, PR1 ∩ PR2 = ∅, and T1 ∩ T2 = ∅. The net N = N1 ⊗ N2 = (P ∪ P0 ∪ PR , T, F ) resulting from the composition of N1 and N2 via PR1 ∩ PR2 is also an S3 PR. Let N be an S3 PR. Its acceptable initial marking M0 must satisfy that 1) M0 (p0 ) ≥ 1, ∀p0 ∈ P0 ; 2) M0 (p) = 0, ∀p ∈ P ; and 3) M0 (r) ≥ 1, ∀r ∈ PR , where M0 (r) is the capacity of resource r. Let (N, M0 ) = (P ∪ P0 ∪ PR , T, F, M ) be a marked S3 PR and a transition t ∈ T ; let (o) t and t(o) denote the input and output operations or the process idle places of t, respectively; and let (r) t and t(r) denote the input and output resource places of t, respectively. The notation can be extended to a set. For example, let Y ⊂ T , then (o) Y = ∪t∈Y (o) t and Y (o) = ∪t∈Y t(o) . For a given marking M ∈ R(N, M0 ), t is process enabled at M if M ((o) t) > 0, and t is resource enabled at M if M ((r) t) > 0. Only transitions that are process and resource enabled at the same time can be fired. The finiteness of the resource capacities and the initial marking of places in P0 imply that the set of distinct reachable markings is finite. Let N = (P ∪ P0 ∪ PR , T, F ) be an S3 PR and x and y be two nodes in P ∪ T . If there exists a path in N from x to y with a length greater than 1, which does not contain any place in P0 ∪ PR , we say that x is previous to y in N . This fact is denoted by x < y. The fact that x is not previous to y in N is denoted by x < y. Let Z ⊆ (P ∪ T ) be a set of nodes of N . Then, we say that x is previous to Z in N if and only if there exists a node z ∈ Z such that x < z, denoted by x < Z. The fact that x is not previous to Z in N is denoted by x < Z. C. MPCs An S3 PR N = (P ∪ P0 ∪ PR , T, F ) is a digraph in which the vertex set consists of the set of places P ∪ P0 ∪ PR and the set of transitions T . Let θ be a circuit in N . θ is called an RTC if it contains only resource places and transitions. Let [θ] and [θ] denote the sets of all resource places and all transitions in θ, respectively. It is clear that an RTC θ does not contain any operation places and is uniquely determined by its resource set [θ] and transition set [θ]. Hence, θ can be denoted by θ = [θ], [θ]. The notations [θ] and [θ] can be extended to a set of RTCs. For example, let ℵ be a set of RTCs, then [ℵ] = ∪θ∈ℵ [θ] and [ℵ] = ∪θ∈ℵ [θ]. Let Ψ(R) denote the set of all RTCs with resource set R = [θ], and θ1 , θ2 ∈ Ψ(R). Then, θ1 ∪ θ2 ∈ Ψ(R) and Ψ(R) contain a unique maximal RTC with resource set R. Any RTC with resource set R is a subcircuit of the maximal RTC with resource set R. An RTC θ is perfect if ((o) [θ])• = [θ]. Let Ω(R) denote the set of all perfect RTCs (PRTCs) with resource set R = [θ], and θ1 , θ2 ∈ Ω(R). Then, θ1 ∪ θ2 ∈ Ω(R). Therefore, Ω(R) contains a unique MPC, which is denoted by δ(R). Any PRTC


with resource set R is a subcircuit of δ(R). If Ω(R) = ∅, then δ(R) = ∅. Let Θ denote the set of all MPCs in an S3 PR N throughout this paper. Let θ be an RTC in N . Then, [θ], [θ]• ∩ • [θ] is strongly connected and is a maximal RTC with resource set [θ]. For simplicity, let γ(θ) denote [θ], [θ]• ∩ • [θ]. If γ(θ) is perfect, then γ(θ) is the MPC with resource set [θ], that is, δ([θ]) = γ(θ); if γ(θ) is not perfect, let V = {t ∈ [γ(θ)]|((o) t)• ⊂ [γ(θ)]}. Delete all transitions in V and their related arcs from γ(θ) and obtain θ . If θ is strongly connected, then it is the MPC with resource set [θ], i.e., δ([θ]) = θ ; otherwise, δ([θ]) = ∅. An MPC θ is said to be saturated under a marking M iff M ((o) [θ]) = M0 ([θ]). Proposition 1 [27]: A marked S3 PR (N, M0 ) is live if and only if no MPC of N is saturated at any reachable marking of (N, M0 ). Let θ be an MPC and t be a transition in a marked S3 PR (N, M0 ). t is called an output transition of θ iff its firing decreases tokens in (o) [θ]. RTCs are only related to the transitions and resource places. If a transition is in an RTC, then it must have input and output resource places. Hence, a transition without input or output resource places cannot be in any RTC. Any transition in an RTC is in PR• ∩ • PR . Hence, to find MPCs, we only need to consider the subnet of N , as defined next. Definition 4 [28]: Let N = (P ∪ P0 ∪ PR , T, F ) be an S3 PR. The resource-transition net of N , which is denoted by NR , is a subnet generated by PR and PR• ∩ • PR . That is, NR = N [PR , PR• ∩ • PR ]. III. T RANSITION C OVER AND C ONTROLLER A. Transition Cover Definition 5: Let N be an S3 PR and Θ be the set of MPCs in N , Γ ⊆ Θ, and θ ∈ Θ. Γ is a transition cover of θ or Γ covers θ if [θ] ⊆ [Γ]. Γ is minimal if no proper subset of Γ is a transition cover of θ. Γ is said to be a transition cover of N if ∀θ ∈ Θ, [θ] ⊆ [Γ]. Trivially, Θ is a transition cover of N . Example 1: Consider a marked S3 PR (N, M0 ) shown in Fig. 1. Θ = {θ1 , θ2 , θ3 }, where θ1 = r1 t23 r2 t12 r1 , θ2 = r2 t22 r3 t13 r2 , and θ3 = r1 t23 r2 t22 r3 t13 r2 t12 r1 . Let Γ1 = {θ1 , θ2 } and Γ2 = {θ3 }. Since [θ1 ] ∪ [θ2 ] = {t12 , t23 } ∪ {t13 , t22 } = {t12 , t13 , t22 , t23 } = [θ3 ] = [Θ], Γ1 and Γ2 are two transition covers of N and minimal ones of θ3 . B. Controller Design Based on Transition Cover In the following discussion, let (N, M0 ) = (P ∪ P0 ∪ PR , T, F, M ) be a marked S3 PR, θ ∈ Θ, and Γ ⊆ Θ. Let I(θ) denote the set of transitions to be previous to (o) [θ] in P0• ; O(θ) denote the set of output transitions of θ that are not previous to (o) [θ]; and Z(θ) denote the set of transitions that are not previous to (o) [θ], but there exist other transitions having the same input operation places to be

199

Fig. 1. Marked S3 PR (N, M0 ).

previous to (o) [θ]. That is, I(θ) = {t|t ∈ P0• and t < (o) [θ]}, O(θ) = {t|t is an output transition of θ, but t < (o) [θ]}, and Z(θ) = {t|t < (o) [θ], and ∃t1 ∈ ((o) t)• , t1 < (o) [θ]}. Definition 6: A Petri net controller for θ is defined as follows: (Cθ , Mθ ) = ({pθ }, Tθ , Fθ , Mθ ) where pθ is a control place corresponding to θ; and its initial marking is Mθ (pθ ) = M0 ([θ]) − ξθ , where ξθ ∈ [1, M0 ([θ]) − 1] is an integer, which is called a control variable. Tθ = I(θ) ∪ O(θ) ∪ Z(θ), and Fθ = {(pθ , t)|t ∈ I(θ)} ∪ {(t, pθ )|t ∈ O(θ) ∪ Z(θ)}. The determination procedure of control variables for deadlock prevention will be given in the next section. Definition 7: A Petri net controller for (N, M0 ) with respect to Γ is defined as follows: (CΓ , MΓ ) = ⊗θ∈Γ (Cθ , Mθ ) = (PΓ , TΓ , FΓ , MΓ ) where PΓ = {pθ |θ ∈ Γ} is a set of control places, TΓ = ∪θ∈Γ Tθ , FΓ = ∪θ∈Γ Fθ , MΓ (pθ ) = Mθ (pθ ), and (Cθ , Mθ ) = ({pθ }, Tθ , Fθ , Mθ ) is the Petri net controller for θ in Definition 6. Let (CNΓ , MΓ0 ) denote the controlled Petri net with respect to Γ, that is, (N, M0 ) controlled by (CΓ , MΓ ). Then (CNΓ , MΓ0 ) = (N, M0 ) ⊗ (CΓ , MΓ ) = (P ∪ P0 ∪ PR ∪ PΓ , T, F ∪ FΓ , MΓ0 ) where MΓ0 (p) = M0 (p), ∀p ∈ P ∪ P0 ∪ PR , and MΓ0 (p) = MΓ (p), ∀p ∈ PΓ . Lemma 1: Let (CNΓ , MΓ0 ) be the controlled Petri net with respect to Γ. Then, ∀θ ∈ Γ, θ is not saturated at any reachable marking of (CNΓ , MΓ0 ). Proof: Let M be a reachable marking of (CNΓ , MΓ0 ). Then, by Definition 6, we have M ((o) [θ]) ≤ M0 ([θ]) − ξθ ≤ M0 ([θ]) − 1. That is, θ is not saturated at M . In (CNΓ , MΓ0 ), let (c) t and t(c) denote the input and output control places of t, respectively. Then, • t = (o) t∪ (r) t∪ (c) t and t• = t(o) ∪t(r) ∪t(c) . Let M ∈ R(CNΓ , MΓ0 ), t is said to be control enabled at M if ∀p ∈ (c) t, M (p) ≥ 1. Only transitions that are process, resource, and control-enabled can fire at M .

200


Fig. 2. Controlled Petri net of (N, M0 ) shown in Fig. 1.

Fig. 3.

Let D(CNΓ , M ) denote the set of process-enabled but dead transitions at M . Example 2: Reconsider the marked S3 PR (N, M0 ) shown in Fig. 1. From Example 1, Θ = {θ1 , θ2 , θ3 }. Let (Cθ1 , Mθ1 ) = ({pθ1 }, Tθ1 , Fθ1 , Mθ1 ) and (Cθ2 ,Mθ2 ) = ({pθ2 },Tθ2 ,Fθ2 ,Mθ2 ) be the Petri net controllers for θ1 and θ2 , respectively. By Definition 6, Mθ1 (pθ1 ) = M0 ([θ1 ]) − ξθ1 = 2 − ξθ1 . By 1 ≤ ξθ1 ≤ M0 ([θ1 ])−1 = 1, we have that ξθ1 = 1 and Mθ1 (pθ1 ) = 1. I(θ1 ) = {t11 , t21 }, O(θ1 ) = {t12 , t23 }, and Z(θ1 ) = ∅. Tθ1 = I(θ1 ) ∪ O(θ1 ) ∪ Z(θ1 ) = {t11 , t12 , t21 , t23 }. Fθ1 = {(pθ1 , t11 ), (pθ1 , t21 ), (t12 , pθ1 ), (t23 , pθ1 )}. Similarly, Mθ2 (pθ2 ) = M0 ([θ2 ]) − ξθ2 = 2 − ξθ2 , where 1 ≤ ξθ2 ≤ 1, or ξθ2 = 1. In addition, Mθ2 (pθ2 ) = 1, I(θ2 ) = {t11 , t21 }, O(θ2 ) = {t13 , t22 }, Z(θ2 ) = ∅, Tθ2 = I(θ2 ) ∪ O(θ2 ) ∪ Z(θ2 ) = {t11 , t13 , t21 , t22 }, and Fθ2 = {(pθ2 , t11 ), (pθ2 , t21 ), (t13 , pθ2 ), (t22 , pθ2 )}. Then, the Petri net controller (CΓ1 , MΓ1 ) with respect to Γ1 = {θ1 , θ2 } by Definition 7 is

is uniquely determined by the elements of transition covers, whereas its initial marking is dependent on control variables. Here are two questions for designing a Petri net controller based on a transition cover. One is, for a given transition cover, whether or not a solution for control variables ξθ exists such that the controlled system is live, and when it exists, how to determine them. The other is for what kind of transition covers the Petri net controller has a desired permissive and simple structure. In the next section, we discuss those questions.

(CΓ1 , MΓ1 ) = (Cθ1 , Mθ1 ) ⊗ (Cθ2 , Mθ2 ) = (PΓ1 , TΓ1 , FΓ1 , MΓ1 ) where PΓ1 = {pθ1 , pθ2 }, TΓ1 = {t11 , t12 , t13 , t21 , t22 , t23 }, FΓ1 = {(pθ1 , t11 ), (pθ1 , t21 ), (t12 , pθ1 ), (t23 , pθ1 ), (pθ2 , t11 ), (pθ2 , t21 ), (t13 , pθ2 ), (t22 , pθ2 )}, and MΓ1(pθ1) = MΓ1(pθ2) = 1. The controlled Petri net (N, M0 ) ⊗ (CΓ1 , MΓ1 ) is shown in Fig. 2, and it is easy to check that it is live. Let (Cθ3 , Mθ3 ) = ({pθ3 }, Tθ3 , Fθ3 , Mθ3 ) be the Petri net controller for θ3 . By Definition 6, we have Mθ3 (pθ3 ) = M0 ([θ3 ]) − ξθ3 = 3 − ξθ3 , where ξθ3 is with 1 ≤ ξθ3 ≤ 2. I(θ3 ) = {t11 , t21 }, O(θ3 ) = {t13 , t23 }, and Z(θ3 ) = ∅. Tθ3 = I(θ3 ) ∪ O(θ3 ) ∪ Z(θ3 ) = {t11 , t13 , t21 , t23 }. Fθ3 = {(pθ3 , t11 ), (pθ3 , t21 ), (t13 , pθ3 ), (t23 , pθ3 )}. Then, (Cθ3 , Mθ3 ) is the Petri net controller with respect to Γ2 = {θ3 }. In (Cθ3 , Mθ3 ), 1 ≤ ξθ3 ≤ 2. It can be checked that if ξθ3 = 2, then the controlled Petri net (N, M0 ) ⊗ (Cθ3 , Mθ3 ) is live and shown in Fig. 3. If ξθ3 = 1, (N, M0 ) ⊗ (Cθ3 , Mθ3 ) is not live because M = 4p10 + 4p20 + p12 + p21 + r1 is a reachable marking of (N, M0 ) ⊗ (Cθ3 , Mθ3 ); t13 and t22 are processenabled but dead at M . From the definition of a Petri net controller with respect to a transition cover, we know that the controller structure

Controlled Petri net of (N, M0 ) shown in Fig. 1.

IV. T RANSITION -C OVER -BASED P ETRI N ET C ONTROLLER FOR S3 PR Here, the determination of control variables is first discussed. A transition cover is then computed. Finally, a method is presented for computing an effective transition cover for which a Petri net controller exists. A. Determination of Control Variables for Deadlock Control By Lemma 1, the Petri net controller (CΓ , MΓ ) with ξα = 1, ∀α ∈ Γ, can prevent each α ∈ Γ from being saturated at any reachable marking M ∈ R(CNΓ , MΓ0 ), but cannot necessarily prevent all MPCs in Θ \ Γ from being so. Then, to prevent deadlocks in (CNΓ , MΓ0 ), the control variables must be properly chosen. In what follows, we will establish the conditions under which every MPC in Θ \ Γ is not saturated in (CNΓ , MΓ0 ). We first give some notations used throughout this paper. Let Γ ⊆ Θ, α ∈ Γ, and Δα denote the set of operation places that are previous to [α], i.e., Δα = {p ∈ P |p < [α]}. Let Aα = Δα \ (o) [α] and AΓ = ∪α∈Γ Aα . Lemma 2: Let Γ be a minimal transition cover of θ ∈ Θ \ Γ and M ∈ R(CNΓ , MΓ0 ); θ cannot be saturated at M if ∀α ∈ Γ, 1 ≤ ξα ≤ M0 ([α]) − 1

(1)

Σα∈Γ ξα ≥ Σα∈Γ [M0 ([α]) − M (Aα )] − M0 ([θ]) + 1.

(2)

Proof: By the definition of controller (CΓ , MΓ ), we have that for each α ∈ Γ, M (Δα ) = M ((o) [α]) + M (Aα ) ≤


201

M0 ([α]) − ξα . Thus, for each α ∈ Γ, M ((o) [α]) ≤ M0 ([α]) − ξα − M (Aα ). (o) [θ] ⊆ (o) [Γ] = ∪α∈Γ (o) [α] because Γ is a transition cover of θ. Hence, M ((o) [θ]) ≤ Σα∈Γ M ((o) [α]) ≤ Σα∈Γ [M0 ([α])−ξα −M (Aα )]. By (2), we have Σα∈Γ [M0 ([α]) − ξα − M (Aα )] ≤ M0 ([θ]) − 1 < M0 ([θ]), and M ((o) [θ]) < M0 ([θ]). That is, θ cannot be saturated at M . Corollary 1: Let Γ be a minimal transition cover of θ ∈ Θ \ Γ satisfying (1) and M ∈ R(CNΓ , MΓ0 ). Then, θ cannot be saturated at M if

The value ξα = M0 ([α]) − 1 given in Lemma 4 is the largest satisfying (1). However, to obtain the maximal permissiveness of the controlled system, ξα should be chosen as small as possible. The smaller ξα , the more reachable markings of (CNΓ , MΓ0 ) can reach and, thus, the better its performance. The previous analysis leads to the following LIP problem:

Σα∈Γ ξα ≥ Σα∈Γ M0 ([α]) − M0 ([θ]) − M (AΓ ) + 1. (3)

where Γ is an effective transition cover of (N, M0 ). Lemma 5: LIP1 is solvable. Proof: ∀θ ∈ Θ \ Γ, let Γ(θ) ⊆ Γ be an effective transition cover of θ. Then, by Definition 8, M0 ([θ]) > |Γ(θ)|. By Lemma 4, there exists ξα (θ), α ∈ Γ(θ), such that constraints (1) and (4) hold. Let ξα = max{ξα (θ)|α ∈ Γ(θ), θ ∈ Θ \ Γ}. Then, {ξα |α ∈ Γ} is a solution for LIP1. Theorem 1: Let Γ be an effective transition cover of (N, M0 ). (CΓ , MΓ ) is the Petri net controller for Γ, and its control variables are obtained by solving LIP1. Then

Proof: Since Σα∈Γ M (Aα ) ≥ M (AΓ ), inequality (3) implies (2). Let Γ be a minimal transition cover of θ. Denote Bθ = {p ∈ AΓ ∩ (o) [θ]|R(p) = r and there is no q ∈ H(r) such that q ∈ (o) [θ] \ AΓ } and kθ = M0 (R(Bθ )). If θ is saturated at M ∈ R(CNΓ , MΓ0 ), then M ((o) [θ]) = M0 ([θ]) and M (Bθ ) = M0 (R(Bθ )). Lemma 3: Let Γ be a minimal transition cover of θ ∈ Θ \ Γ satisfying (1). Then, θ cannot be saturated at any M ∈ R(CNΓ , MΓ0 ) if Σα∈Γ ξα ≥ Σα∈Γ M0 ([α]) − M0 ([θ]) − kθ + 1.

(4)

Proof: Let ℘1 = {M1 ∈ R(CNΓ , MΓ0 )|M1 (AΓ ) < kθ } and ℘2 = R(CNΓ , MΓ0 ) \ ℘1 . Let M ∈ R(CNΓ , MΓ0 ). If M ∈ ℘1 , then M (AΓ ) < kθ . Since Bθ ⊆ AΓ , M (Bθ ) ≤ M (AΓ ) < kθ = M0 (R(Bθ )). Here, we can claim that θ is not saturated at M . To see this, assume, on the contrary, that θ is saturated at M . Then, M ((o) [θ]) = M0 ([θ]), and M (Bθ ) = M0 (R(Bθ )). This contradicts M (Bθ ) < M0 (R(Bθ )). If M ∈ ℘2 , then M (AΓ ) ≥ kθ , and hence, Σα∈Γ M0 ([α])− M0 ([θ]) − kθ ≥ Σα∈Γ M0 ([α]) − M0 ([θ]) − M (AΓ ). By (4) and Corollary 1, θ cannot be saturated at M . Hence, θ cannot be saturated at any reachable marking M of (CNΓ , MΓ0 ). Lemma 4: Let Γ be a minimal transition cover of θ ∈ Θ \ Γ. There exists ξα such that both (1) and (4) hold if M0 ([θ]) > |Γ|.

(5)

Proof: Let α ∈ Γ and ξα = M0 ([α]) − 1. Since α has at least two resource places by the property of S3 PRs, M0 ([α]) ≥ 2. By considering ξα ≥ 1, we have that (1) holds. Since M0 ([θ]) > |Γ| and kθ ≥ 0, Σα∈Γ ξα = Σα∈Γ M0 ([α])−|Γ| > Σα∈ΓM0 ([α])−M0 ([θ]) ≥ Σα∈ΓM0 ([α])−M0 ([θ])−kθ . Since ξα is a positive integer, Σα∈Γ ξα ≥ Σα∈Γ M0 ([α]) − M0 ([θ]) − kθ + 1, i.e., (4) holds. Definition 8: Let Γ ⊆ Θ be a minimal transition cover of θ ∈ Θ \ Γ. Γ is called an effective transition cover of θ if Γ satisfies (5). Let Γ ⊆ Θ be a transition cover of N . If ∀θ ∈ Θ \ Γ there exists a subset Γ(θ) ⊆ Γ that is an effective transition cover of θ, then Γ is called an effective transition cover of (N, M0 ).

LIP1 : Min Σα∈Γ ξα s.t. Constraints (1) and (4), ξα ∈ Z+

1) any MPC of N cannot be saturated at any reachable marking of (CNΓ , MΓ0 ); and 2) (CNΓ , MΓ0 ) is live. Proof: 1) Let θ ∈ Θ. If θ ∈ Γ, θ cannot be saturated in (CNΓ , MΓ0 ) by Lemma 1. If θ ∈ Θ \ Γ, then there exists an effective transition cover Γ(θ) ⊆ Γ of θ and M0 ([θ]) > |Γ(θ)| by Definition 8. By Lemma 4, there exists ξα , α ∈ Γ(θ), such that both (1) and (4) hold. Hence, θ cannot be saturated in (CNΓ , MΓ0 ) by Lemma 3. From the preceding analysis, Conclusion 1 is proved. 2) Assume, on the contrary, that (CNΓ , MΓ0 ) is not live. Then, ∃M ∈ R(CNΓ , MΓ0 ), such that D(CNΓ , M ) = ∅. Any transition in D(CNΓ , M ) is process-enabled but not resource or not control-enabled at M . If all transitions in D(CNΓ , M ) are process-enabled but not resource-enabled, let t1 ∈ D(CNΓ , M ). Then, t1 is processenabled but not resource-enabled at M , i.e., M ((o) t1 ) > 0 and M ((r) t1 ) = 0. Let r1 = (r) t1 , then K(r1 ) = {p ∈ P |p ∈ H(r1 ), M (p) > 0} is not empty, M (K(r1 )) = M0 (r1 ), and K(r1 )• ⊆ D(CNΓ , M ). For transition t2 ∈ K(r1 )• , do the same aforementioned analysis as for t1 . Let r2 = (r) t2 , then r1 = r2 , M (r2 ) = 0 and K(r2 ) = {p ∈ P |p ∈ H(r2 ), M (p) > 0} is not empty, M (K(r2 )) = M0 (r2 ), and K(r2 )• ⊆ D(CNΓ , M ). Repeating the aforementioned analysis, a sequence of resources r1 , r2 , . . . is obtained. By the finiteness of the resource set PR , there must exist integers u and k such that ru = ru+k . Let R1 = {ru+i |i = 1, 2, . . . , k} and T1 = {t ∈ T |M ((o) t) > 0, t(r) ∈ R1 }. Then, from the definition of R1 and T1 , T1 satisfies M ((o) T1 ) = M0 (R1 ). Each t ∈ T1 is process-enabled but not resource-enabled at M . Let T2 = / R1 }. If T2 = ∅, repeat the following procedure {t ∈ T1 |(r) t ∈ till T2 = ∅. ∀t0 ∈ T2 , let r = (r) t0 and Y (r) = {t ∈ T |t(r) = r, M ((o) t) > 0}, then M ((o) Y (r)) = M0 (r). Set R1 = R1 ∪ / R1 }. In each {r}, T1 = T1 ∪ Y (r), and T2 = {t ∈ T1 |(r) t ∈

202


repetition of the aforementioned procedure, at least one transition is moved from T2 into T1 . By the finiteness of T , the aforementioned procedure can stop in finite steps, and after it stops, T2 = ∅. Finally, a set of resources R1 and a set of transitions T1 are obtained such that ∀t ∈ T1 , M ((o) t) > 0, M ((r) t) = 0, and (r) t, t(r) ∈ R1 . Since operations in (o) T1 occupy all resources in R1 , M ((o) T1 ) = M0 (R1 ) and R((o) T1 ) = R1 . Let N [P1 , T1 ] denote the subnet of the S3 PR generated by P1 and T1 . If N [P1 , T1 ] is strongly connected, then it is a PRTC with resource set R1 and saturated at M . Otherwise, N [P1 , T1 ] consists of some strongly connected subnets and some directed paths between them. Then, there must exist, at least, a strongly connected subnet, which is denoted by N , such that from N to any other strongly connected subsets, there exist no directed paths. Hence, N is a PRTC with resource set R1 and saturated at M . Since any PRTC with resource set R1 is a subcircuit of the MPC with resource set R1 , there is an MPC with resource set R1 that is saturated at M . However, this contradicts Conclusion 1. Thus, there exists at least one transition t3 ∈ D(CNΓ , M ), such that t3 is process and resource-enabled but not controlenabled. By Definition 6, t3 ∈ P0• . Consequently, ∃pc ∈ (c) t3 , such that M (pc ) = 0, and every transition t4 ∈ • pc is dead at M . By Definition 6, (c) t4 = ∅. Hence, t4 is process-enabled but not resource-enabled at M . Again, similar to the aforementioned analysis, there exists an MPC θ ∈ Θ, such that θ is saturated at M , which is in contradiction with Conclusion 1. Thus, (CNΓ , MΓ0 ) is live. In Example 2, Γ1 = {θ1 , θ2 } is an effective transition cover of θ3 because M0 ([θ3 ]) > |Γ1 |. Thus, it is also an effective transition cover of (N, M0 ) shown in Fig. 1. For θ1 , Δθ1 = {p ∈ P |p < [θ1 ]} = {p11 , p21 , p22 } and Aθ1 = Δθ1 \ (o) [θ1 ] = {p21 }. For θ2 , Δθ2 = {p11 , p12 , p21 } and Aθ2 = {p11 }. Hence, AΓ1 = Aθ1 ∪ Aθ2 = {p11 , p21 }. AΓ1 ∩ (o) [θ3 ] = {p11 , p21 }∩{p11 , p12 , p21 , p22 } = {p11 , p21 }. Since R(p11 ) = / (o) [θ3 ], and p11 ∈ Bθ3 . Simir1 , H(r1 ) = {p11 , p23 }, p23 ∈ larly, we have p21 ∈ Bθ3 . Thus, Bθ3 = {p11 , p21 }, and kθ3 = M0 (R(Bθ3 )) = M0 (r1 )+M0 (r3 ) = 2. To obtain a live Petri net controller for (N, M0 ) with respect to Γ1 , we need to solve the following LIP: LIP2 : Min ξ1 + ξ2 s.t. 1 ≤ ξ1 ≤ M0 ([θ1 ]) − 1 = 1 1 ≤ ξ2 ≤ M0 ([θ2 ]) − 1 = 1 ξ1 + ξ2 ≥ M0 ([θ1 ]) + M0 ([θ2 ]) − M0 ([θ3 ]) − kθ3 + 1 = 0 ξ 1 , ξ2 ∈ Z + . LIP2 has a solution ξ1 = ξ2 = 1. By Theorem 1, the obtained controlled Petri net shown in Fig. 2 is live. For an ineffective transition cover, the corresponding LIP may not have a solution. In this case, we cannot obtain a live Petri net controller by the preceding method. Consider the following example. Example 3: Consider a marked S3 PR (N, M0 ) shown in Fig. 4. Its resource-transition net is shown in Fig. 5. Θ = {θ1 , θ2 ,

Fig. 4.

Marked S3 PR (N, M0 ).

Fig. 5.

Resource-transition net of (N, M0 ) shown in Fig. 4.

θ3 , θ4 }, where θ1 = m1 t42 m2 t32 m1 , θ2 = m2 t52 m3 t22 m2 , θ3 = m1 t62 m3 t12 m1 , and θ4 = m1 t62 m3 t22 m2 t32 m1 t42 m2 t52 m3 t12 m1 . Let Γ = {θ1 , θ2 , θ3 }. Then, Γ is a transition cover of N and a minimal one of θ4 . For Γ and θ4 , M0 ([θ4 ]) = |Γ| = 3 and (5) does not hold. Since no other subsets of Γ can cover θ4 , Γ is an ineffective transition cover of θ4 , and hence, Γ is an ineffective one of (N, M0 ). Since Δθ1 = (o) [θ1 ] = {p32 , p42 }, Aθ1 = ∅. Similarly, Aθ2 = Aθ3 = ∅. Hence, AΓ = Bθ4 = ∅, and kθ4 = 0. The LIP with respect to Γ is as follows: LIP3 : Min ξ1 + ξ2 + ξ3 s.t. 1 ≤ ξ1 ≤ M0 ([θ1 ]) − 1 = 1 1 ≤ ξ2 ≤ M0 ([θ2 ]) − 1 = 1 1 ≤ ξ3 ≤ M0 ([θ3 ]) − 1 = 1 ξ1 + ξ2 + ξ3 ≥ M0 ([θ1 ]) + M0 ([θ2 ]) + M0 ([θ3 ]) − M0 ([θ4 ]) − kθ4 + 1 = 4 ξ1 , ξ2 , ξ3 ∈ Z + .


TABLE I P ETRI N ET C ONTROLLER (CΓ , MΓ ) TO Γ OF (N, M0 ) S HOWN IN F IG. 4

No choice of ξ1 –ξ3 satisfies the preceding restrictions; hence, LIP3 has no solution. Thus, we cannot design a live Petri net controller for the system by solving LIP3. If we only control θ1 –θ3 by designing a Petri net controller given in Definition 7, the control variables must be ξ1 = ξ2 = ξ3 = 1, and the controller (CΓ , MΓ ) of (N, M0 ) is displayed in Table I. It can be checked that the controlled Petri net (CNΓ , MΓ0 ) is not live. The reason is that M = 5p11 + 4p21 + p22 + 4p31 + p32 + 5p41 + 5p51 + 4p61 + p62 is a reachable marking of (CNΓ , MΓ0 ), whereas θ4 is saturated at it. Hence, (CNΓ , MΓ0 ) is not live. From [28], we know that there is a one-to-one correspondence between MPCs and SMSs. From all MPCs, i.e., θ1 −θ4 , we can obtain four corresponding SMSs, namely, S1 = {m1 , m2 , p12 , p22 , p33 , p43 , p53 , p63 }, S2 = {m2 , m3 , p13 , p23 , p33 , p42 , p53 , p62 }, S3 = {m1 , m3 , p13 , p23 , p32 , p43 , p52 , p63 }, and S4 = {m1 , m2 , m3 , p13 , p23 , p33 , p43 , p53 , p63 }. It can be checked that {S1 , S2 , S3 }, corresponding to Γ = {θ1 , θ2 , θ3 }, is a set of elementary siphons; and S4 is strongly dependent on S1 , S2 , and S3 . According to the deadlock prevention method based on elementary siphons proposed in [13], by adding a control place with a proper number of initial tokens for each elementary siphon, one can obtain a live Petri net controller for S3 PRs. For this example, the structures of controllers are the same for Γ = {θ1 , θ2 , θ3 } and for {S1 , S2 , S3 } in [13], whereas our control variables are the control depth variables in [13]. Since the control (depth) variables must be ξ1 = ξ2 = ξ3 = 1, by the method in [13], one should just obtain the Petri net controller as displayed in Table I, whereas this Petri net controller cannot guarantee the liveness of the controlled system. From this example, one can see that the method in [13] for designing a live Petri net controller cannot adapt to any set of elementary siphons; instead, they must be properly chosen, as shown later. B. Computation of Effective Transition Covers In Section IV-A, a method is presented for designing a live Petri net controller for S3 PRs based on an effective transition cover by solving LIP1, where an effective transition cover plays an important role. Here, an algorithm for computing a transition cover, which may be not effective, and a method for transforming an ineffective one to an effective one are presented. 1) Computing Transition Covers: First, we present a property of a minimal circuit basis of a digraph [7]. Lemma 6: Let Θ be the set of all MPCs of N and Ξ be a minimal circuit basis of NR that is the resource-transition net of N . For each t ∈ [Θ], there exists an elementary RTC α ∈ Ξ containing t, and hence, [Θ] ⊆ [Ξ].

203

Proof: ∀t ∈ [Θ], there exists an MPC θ ∈ Θ such that t ∈ [θ] and then an elementary RTC α in NR such that α ⊆ θ and t ∈ [α]. By the definition of minimal circuit basis, there exist some elementary RTCs α1 , α2 , . . . , αn ∈ Ξ such that vector C can be expressed as a linear combination of vectors C1 , C2 , . . . , Cn , where C(Ci ) is the arc-indexed vector of α (αi ), i ∈ Nn = {1, 2, . . . , n}. Let r1 = (r) t and r2 = t(r) . By the definition of the arc-indexed vector, the coordinate C((r1 , t)) = C((t, r2 )) = 1. Then, there exists some αi such that Ci ((r1 , t)) = Ci ((t, r2 )) = 1, that is, r1 tr2 is a part of αi , i.e., αi contains t. Hence, [Θ] ⊆ [Ξ].

Algorithm CTC (Computing a Transition Cover of N ) Input: NR , the resource-transition net of N = (P ∪ P0 ∪ PR , T, F ); Output: Γ, a transition cover of N ; Step 1: Compute a minimal circuit basis of NR , denoted by Ξ, by Algorithm 1 R-Greedy in [7]. Let Γ = ΞX = ∅; Step 2: ∀t ∈ NR , find an elementary RTC in Ξ, denoted by κ[t], which contains t. If κ[t] does not exist, denote κ[t] = ∅; Step 3: (Maximization) For each α ∈ Ξ, if γ(α) = [α], [α]• ∩• [α] is perfect, then add γ(α) into Γ and, from Ξ, delete α and all elementary RTCs with the same resource set [α]. Otherwise, add α into ΞX ; Step 4: (Perfection) For each α ∈ ΞX , do { Set flag = true; Let ℘ be a set of transitions; and set ℘ = ∅; Let ζ = α and TP [ζ] = {t ∈ [γ(ζ)]| ((o) t)• ⊂ [γ(ζ)]}; while TP [ζ] \ ℘ = ∅ do Select t ∈ TP [ζ] \ ℘; if There exists a transition t1 ∈ ((o) t)• \ [γ(ζ)] such that κ(t1 ) = ∅ then Delete α from ΞX ; Exit While(); end if for all t1 ∈ ((o) t)• \ [γ(ζ)] do ζ = ζ ∪ κ(t1 ); end for Add t into ℘; TP [ζ] = {t ∈ [γ(ζ)]|((o) t)• ⊂ [γ(ζ)]}; end while if flag = true then Add γ(ζ) to Γ; end if Step 5: Output Γ;

We explain the correctness of Algorithm CTC as follows. Step 1 finds a minimal circuit basis Ξ of NR by [7]. Let NR0 denote the underlying undirected graph of NR ; c(NR0 ) denote the number of connected components of NR0 ; and a and v denote the number of arcs and vertices of NR , respectively. Then, the number nΞ of elementary RTCs in Ξ is a − v + c(NR0 ) by [7]. Since c(NR0 ) < v, nΞ < a. Let vt be the number of transition vertices in NR . One transition vertex corresponds to two

204


arcs in NR , leading to a = 2vt . Let |T | be the number of transition vertices of N , vt < |T |. Hence, a < 2|T |, and nΞ < 2|T |. By Lemma 6, [Θ] ⊆ [Ξ] in Step 1. Hence, by Steps 3 and 4, ∀t ∈ [Θ], there exists an MPC in Γ that contains t because an MPC in Γ is derived from an elementary RTC in Ξ by maximization and perfection. Thus, we have [Θ] ⊆ [Γ] and conclude that Γ is a transition cover of N . By Steps 3 and 4, the number of MPCs in Γ, which is denoted by |Γ|, is, at most, that of elementary RTCs in Ξ. That is, |Γ| ≤ nΞ . Thus, |Γ| < 2|T |. Second, we present the complexity of Algorithm CTC. By [7], the complexity of Step 1 is O(nΞ a2 v). In Step 3, an elementary RTC α is deleted from Ξ if γ(α) is perfect; otherwise, α is added into ΞX . Hence, when Step 3 is finished, for all α ∈ ΞX , γ(α) is not perfect. The time complexity of Step 3 is O(nΞ ). In Step 4, from each α ∈ ΞX , an MPC γ(ζ) (if it exists) is recursively constructed by merging an elementary RTC κ(t1 ) into α each time, where t1 ∈ ((o) t)• \ [γ(ζ)]. Thus, the time complexity of Step 4 is O(nΞ vt ). Hence, the complexity of Algorithm CTC is O(nΞ a2 v) + O(nΞ ) + O(nΞ vt ). Since nΞ < a and vt < v, the complexity of Algorithm CTC is no more than O(a3 v). Let |R| be the number of resource places in N , v ≤ |T | + |R|. Note that a < 2|T |; thus, the complexity of Algorithm CTC is no more than O(|T |3 (|T | + |R|)). 2) Transforming Ineffective Transition Covers to Effective Ones: The transition cover output by Algorithm CTC may be not effective. Here, an algorithm for transforming ineffective transition covers to effective ones is presented. Let us first explain the transformation idea by an example. Reconsider the Petri net shown in Fig. 4. From Example 3, we know that Θ = {θ1 , θ2 , θ3 , θ4 }, where θ1 = m1 t42 m2 t32 m1 , θ2 = m2 t52 m3 t22 m2 , θ3 = m1 t62 m3 t12 m1 , and θ4 = m1 t62 m3 t22 m2 t32 m1 t42 m2 t52 m3 t12 m1 . Γ = {θ1 , θ2 , θ3 } is transition cover of N and a unique transition cover of θ4 . However, Γ is not an effective transition cover of θ4 because M0 ([θ4 ]) = 3 = |Γ| and M0 ([θ4 ]) > |Γ| does not hold. Note that, in inequality M0 ([θ4 ]) > |Γ|, M0 ([θ4 ]) is constant and cannot be changed. Γ = {θ1 , θ2 , θ3 } is the only minimal transition cover of θ4 . [θi ] ∩ [θ4 ] = ∅, i ∈ N3 = {1, 2, 3}. If replacing θ3 by δ([θ3 ∪ θ4 ]) = θ4 in Γ, we can obtain a new transition cover Γ1 = {θ1 , θ2 , θ4 }. Then, in Γ1 , the minimal transition cover of θ4 is Γ1 (θ4 ) = {θ4 }, and M0 ([θ4 ]) = 3 > |Γ1 (θ4 )| = 1 holds. The minimal transition cover of θ3 is Γ1 (θ3 ) = {θ4 }, and M0 ([θ3 ]) = 2 > |Γ1 (θ3 )| = 1 holds. Now, we can claim that Γ1 is an effective transition cover of (N, M0 ) shown in Fig. 4. The detailed algorithm is as presented here.

Algorithm TIE (Transforming an Ineffective Transition Cover to an Effective One) Input: A transition cover Γ0 of N output by Algorithm CTC. Output: Γ, an effective transition cover of N ; Ω = {Γ(θ)|Γ(θ) is an effective transition cover for θ ∈ Θ \ Γ}. Set Γ = Γ0 ; Φ = Γ0 ; Ω = ∅; while Θ \ Φ = ∅ do Choose θ ∈ Θ \ Φ;

Γ(θ) = {α ∈ Γ|[α] ∩ [θ] = ∅}; Let s = |Γ(θ)|; Sort Γ(θ) = {α0 , α1 , . . . , αs−1 } by size |[αi ] ∩ [θ]| in a descending order; for int i = 0; i + +; i < s do if [θ2 ] ⊆ [Γ(θ) \ {αi }] then Let Γ(θ) = Γ(θ) \ {αi }; end if end for // Find a minimal transition cover Γ(θ) of θ. if M0 ([θ]) > |Γ(θ)| then Φ = Φ ∪ {θ}; Ω = Ω ∪ {Γ(θ)}; Continue; // Γ(θ) is an effective transition cover of θ. else Choose ∈ Γ(θ), and β = δ([ ∪ θ]); Γ = (Γ \ {}) ∪ {β}; for all Γ(ε) ∈ Ω do if ∈ Γ(ε) then Γ(ε) = (Γ(ε) \ {}) ∪ {β}; for all χ ∈ Γ(ε) do If [Γ(ε)] ⊆ [Γ(ε) \ {χ}] then {Γ(ε) = Γ(ε) \ {χ}; end for // ensuring that Γ(ε) is a minimal transition cover of ε. end if end for Φ = Φ ∪ {, θ, β}; Γ() = {β}; Γ(θ) = {β}; Ω = Ω ∪ {Γ(), Γ(θ)}; end if end while Output Γ and Ω; In Algorithm TIE, for each MPC θ ∈ Θ \ Γ, one of its minimal transition covers, i.e., Γ(θ), is found. If for some θ ∈ Θ \ Γ, M0 ([θ]) > |Γ(θ)| does not hold, the transition cover Γ is not effective and is transformed into a new one, i.e., Γ = (Γ \ {}) ∪ {β}, where β = δ([ ∪ θ]) is the MPC with resource set [ ∪ θ]. Since both θ and are MPCs, β = ∅, and θ and are subcircuits of β. Thus, {β} is a minimal transition cover of θ and and added into Ω. According to the new transition cover, i.e., Γ , of N , the already found effective transition cover Γ(ε) for ε (where Γ(ε) is already in Ω) is changed into Γ (ε) = / (Γ(ε) \ {}) ∪ {β} if ∈ Γ(ε) and Γ (ε) = Γ(ε) if ∈ Γ(ε). At the same time, it needs guarantee that Γ (ε) is a minimal transition cover of ε in Γ . We also note that Γ (ε) is an effective transition cover of ε, i.e., M0 ([ε]) > |Γ (ε)| for each ε ∈ Φ = Φ ∪ {, θ, β}. The reason is explained as follows. Since for ε ∈ {, θ, β}, Γ (ε) = {β}, M0 ([ε]) ≥ 2 and |Γ (ε)| = 1, M0 ([ε]) > |Γ (ε)| holds; and for ε ∈ Φ, |Γ (ε)| = |Γ(ε)|, and M0 ([ε]) > |Γ(ε)| = |Γ (ε)| because Γ(ε) is an effective transition cover of ε in Γ. Thus, for each ε ∈ Φ , Γ (ε) is an effective transition cover of in Γ . For each repeat of while(), at least one MPC (θ or θ and β) is added into Φ; hence, while() can repeat, at most, |Θ \ Γ0 | times. When while() finishes, we obtain an effective transition


cover Γ of N , and an effective transition cover, i.e., Γ(ε), for each ε ∈ Θ \ Γ. As a conclusion, we have the following results. Theorem 2: For any transition cover Γ0 of N , Algorithm TIE can correctly output an effective transition cover, i.e., Γ, of N and an effective transition cover, i.e., Γ(ε), for each ε ∈ Θ \ Γ. In addition, note that the number of MPCs in the effective transition cover Γ computed by Algorithm TIE is the same as that of Γ0 computed by Algorithm CTC, i.e., |Γ| < 2|T |. Since the number of MPCs in Θ \ Γ0 exponentially grows with the size of Petri nets, the complexity of Algorithm TIE is exponential. 3) Deadlock Control Method Based on Transition Covers: Based on the preceding discussion, a novel method for designing a deadlock prevention policy for S3 PRs based on a transition cover is presented as follows. Procedure DPP (Designing Deadlock Prevention Policy Based on Transition Covers). Given an S3 PR (N, M0 ), its resource-transition net NR and its MPC set Θ. Step 1: Using Algorithm CTC to compute a transition cover of N , i.e., Γ0 . If Γ0 is not effective, then use Algorithm TIE to convert Γ0 into an effective transition cover Γ of N ; else Γ0 is effective, Γ = Γ0 . Step 2: For Γ, construct Petri net controller (CΓ , MΓ ) for (N, M0 ) as in Definition 7. Its control variables ξα , α ∈ Γ, are determined by solving LIP1 in Step 4. Step 3: For each θ ∈ Θ \ Γ, according to its effective transition cover Γ(θ) output by Algorithm TIE, form the inequality as follows: Σα∈Γ(θ) ξα ≥ Σα∈Γ(θ) M0 ([α]) − M0 ([θ]) − kθ + 1. Step 4: Construct LIP1 as shown in Section IV-A and solve a set of values of ξα . Step 5: Output (CΓ , MΓ ). Theorem 3: The Petri net controller (CΓ , MΓ ) constructed by Procedure DPP is live. Proof: It immediately follows from Theorems 1 and 2. V. E XAMPLES Example 4: It is shown that Γ = {θ1 , θ2 , θ3 } is not an effective transition cover of θ4 in Example 3 and not an effective transition cover of (N, M0 ) shown in Fig. 4. By Algorithm TIE, Γ1 = {θ1 , θ2 , θ4 } is computed to be an effective cover of (N, M0 ) shown in Fig. 4, and {θ4 } is the effective transition cover of θ3 in Γ1 . Add control places pθ1 , pθ2 , and pθ4 to θ1 , θ2 , and θ4 , respectively. Control variables ξ1 , ξ2 , and ξ4 are to be determined as follows. Since {θ4 } is the effective transition cover of θ3 in Γ1 and Aθ4 = Δθ4 \ (o) [θ4 ] = ∅ due to Δθ4 = (o) [θ4 ] = {p12 , p22 , p32 , p42 , p52 , p62 }. Thus, Bθ3 = ∅, and kθ3 = 0. Then, for θ3 , the following constraint can be derived: ξ4 ≥ M0 ([θ4 ])−M0 ([θ3 ])−kθ3 + 1 = 3 − 2 − 0 + 1 = 2.

205

TABLE II PETRI NET CONTROLLER (CΓ1 , MΓ1 ) OF (N, M0 ) SHOWN IN F IG . 4

Fig. 6. Marked S3 PR (N, M0 ).

Fig. 7. Resource-transition net NR .

Hence, the LIP is formed based on Procedure DPP as follows: LIP4 : Min ξ1 + ξ2 + ξ4 s.t. 1 ≤ ξ1 ≤ 1 1 ≤ ξ2 ≤ 1 1 ≤ ξ4 ≤ 2 ξ4 ≥ 2 ξ1 , ξ2 , ξ4 ∈ Z + . Obviously, the unique solution of LIP4 is ξ1 = ξ2 = 1, ξ4 = 2. Thus, the Petri net controller (CΓ1 , MΓ1 ) with respect to Γ1 can be constructed, as shown in Table II. It is easy to check that the obtained Petri net controller is live. Example 5: Consider a marked S3 PR (N, M0 ) shown in Fig. 6. Its resource-transition net is shown in Fig. 7. By Algorithm CTC, we can obtain a transition cover Γ = {θ1 , θ2 } of N , where θ1 = r1 t4 r3 t3 r2 t2 r1 and θ2 = r1 t4 r3 t8 r4 t7 r1 . It is easy to compute that there are three MPCs of N , i.e., Θ = {θ1 , θ2 , θ3 }, where θ3 = r1 t4 r3 t3 r2 t2 r1 t4 r3 t8 r4 t7 r1 . By Algorithm TIE, Γ is an effective transition cover of (N, M0 ) shown in Fig. 6 and the effective transition cover of θ3 .

206


TABLE III PETRI NET CONTROLLER (CΓ , MΓ ) TO Γ OF (N, M0 ) SHOWN IN F IG . 6

TABLE IV PETRI NET CONTROLLER (CΠ , MΠ ) TO Π OF (N, M0 ) SHOWN IN F IG . 6

By Definition 6, add control places pθ1 and pθ2 to θ1 and θ2 , and denote the control variables ξ1 and ξ2 , respectively. ξ1 and ξ2 satisfy 1 ≤ ξ1 ≤ 4 and 1 ≤ ξ2 ≤ 4. For θ3 , its effective transition cover is Γ(θ3 ) = {θ1 , θ2 }. (o) [θ1 ] = {p2 , p3 , p4 }, Δθ1 = {p ∈ P |p