Concurrency Theory: Lecture 3, 9 January 2018 ---------------------------------------------- Confusion - Was a conflict resolved? Occurrence of an independent transition creates/removes a conflict. Conflict(t,M) = { t' | M--t--> and M--t'--> and t,t' in conflict} Confusion occurs when M --t'-->M' and for some t independent of t', Conflict(t,M) =/= Conflict(t,M'). - Conflict set can either grow or shrink - Two fundamental types of confusion, symmetric and asymmetric - Confusion reflects interaction between concurrency and conflict (choice) and is one of the reasons why analysis of concurrent systems is harder than sequential systems Free choice nets - Avoid confusion by restricting net structure - If Pre(t) and Pre(t') intersect, then Pre(t) = Pre(t'). - Can derive stronger decidability/algorithmic results for free choice nets: empirical evidence that lack of confusion simplifies analysis. Deadlock and liveness - M is deadlocked (or "dead") if no t is enabled at M. - t is dead at M if t is not enabled in Reach(M) - t is live at M if it is not dead at any marking in Reach(M) For all M' in Reach(M), there exists M" in Reach(M') such that M" --t--> - A net is live at M if all transitions are live at M Many early results in Petri net theory focus on characterizations of live and safe initial markings for nets Reachability Is M in Reach(Min)? - Decidable, but proof is hard: no bound on size of intermediate markings in path from Min to M - Linear algebraic approach: vector addition systems: - For a finite net with n places, a marking is a vector (m1,m2,..,mn) - Each transtion is a change vector (delta1,delta2,..,deltam) - Effect of t at M is given by M+t. Effect of a sequence only depends on the number of occurrences of each type of transition. _ Represent a net by an initial vector Min and change vectors {t1,t2,...,tk}. Reachability of M implies there exist j1,j2,...,jk such that M = Min + j1*t1 + j2*t2 + ... + jk*tk - This is sufficient by not necessary: a solution may exist but the ji's may not yield a feasible firing sequence --- intermediate marking may drop below 0 for some place - Nevertheless, original proof of decidability of reachability heavily uses linear algebra. More recent proofs try to find alternative "simpler" arguments. Algorithmic complexity of reachability remains open (but is known to be hard). Coverability - Compare markings component-wise: M <= M' if M(p) <= M'(p) for all p in P - M' covers M if M' >= M - Coverability question: Given M, does there exist M' in Reach(Min) such that M' covers M? - Why is this useful? Firing rule for nets is monotonic with respect to markings. If M--t--> and M' >= M, then M'--t--> as well. In fact, a stronger statement holds: If M--t-->M1 and M' >= M, then M'--t-->M1' and M1' >= M1. (Aside: this property can be generalized to define what are called well structured transition systems) - "Bad" markings are typically characterized in terms of the transitions they enable (e.g. in mutual exclusion, both access to critical section is simultaneously enabled in both processes). If M is bad and M' >= M, M' is also bad. - If we find M' in Reach(Min) that covers a bad marking M, we have an unsafe behaviour (though M may not be precisely reachable). If no such M' is exists, it also implies M itself is unreachable, so the behaviour is safe. omega-markings and coverability tree - Generalize markings to allow components to have omega (infinite number) of tokens. - omega > n for any finite integer n - firing rule is amended so that omega+1 = omega-1 = omega - Build a tree of reachable markings starting with Min as root - To each marking M, add as its children the new markings reachable in one step by firing a transition at M - If the new node M' has M'(p) > M"(p) for some ancestor M", set M'(p) = omega - If the new node M' = M" for some ancestor M", mark M' and do not expand the tree further below M' Claim: The coverability tree of a net is always finite Proof: The tree is finitely branching. An infinite tree must have an infinite branch. This branch must contain an infinite set of incomparable markings. By Dickson's Lemma, this is impossible. ----------------------------------------------------------------------