See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/272023499

Deadlock detection in Petri nets: One trace for one deadlock?

Conference Paper · June 2014

DOI: 10.1109/HSI.2014.6860480

CITATIONS READS

10 534

2 authors:

Andrei Karatkevich Iwona Grobelna

AGH University of Science and Technology in Kraków University of Zielona Góra
48 PUBLICATIONS   246 CITATIONS    28 PUBLICATIONS   186 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Cyber-physical systems - specification and its formal verification View project

Formal analysis of Petri nets View project

All content following this page was uploaded by Iwona Grobelna on 15 April 2015.

The user has requested enhancement of the downloaded file.

 Deadlock detection in Petri nets:
one trace for one deadlock?
Andrei Karatkevich, Iwona Grobelna
Institute of Computer Science and Electronics
University of Zielona Góra
Zielona Góra, Poland
e-mail: a.karatkevich@iie.uz.zgora.pl, i.grobelna@iie.uz.zgora.pl
Abstract—Formal verification of specifications of digital devices,
such as logical controllers, is an important part of the design
process. Deadlock detection is one of the fundamental tasks of formal
verification. There exist classical methods of deadlock detection in
the concurrent discrete systems, which allow obtaining paths to every
reachable deadlock without complete state space exploration. In the
paper a method is proposed allowing further reduction of the size of
explored state space during deadlock detection. The method is
presented for the Petri nets.
Keywords—Petri nets; formal verifiaction; deadlock detection
I. INTRODUCTION
A large number of parallel and distributed discrete devices
and systems, such as logical control systems and systems
belonging to such areas as concurrent programming and
workflow management, can be efficiently modeled by the
Petri nets [1-3,15-17]. Formal analysis of concurrent systems
is practically important and much more complicated than
analysis of purely sequential systems, because of possibility of
different interactions between concurrent branches.
Various properties of Petri nets and hence properties of the
modeled systems can be formally checked. Formal verification
methods, including equivalence checking, model checking and
theorem proving, allow verifying user-defined
requirements [4]. It is possible to verify behavioral and
structural properties of a Petri net describing a logic controller
using i.e. a rule-based logical model suitable both for
verification with model checking technique and logical
synthesis [5].
One of the important tasks of formal analysis of parallel
systems is the deadlock detection, i.e. checking whether
a system can attain a state in which no further changes are
possible. Some of such systems (e.g. part of control systems)
are intended to act cyclically and must not have “dead” states
at all; some others must have one or more reachable terminal
states. In both cases it is essential to be able to check whether
and which deadlocks are reachable. Practically it is also
important to obtain a sequence of states leading from the
initial state to a deadlock.
There are numerous publications presenting methods of
deadlock detection in Petri nets (see for example [6,7,10]).
The known methods allow to detect the reachable deadlocks in
Private author’s copy and version
the Petri nets avoiding exploration of the whole state spaces of
the analyzed systems. However, even in the reduced
reachability graphs there often exist several paths leading to
the same deadlock. In this paper a method is proposed which
allows in some cases to get rid of additional paths leading to
the detected deadlocks.
The remainder of the paper is structured as follows.
Section 2 provides some information on Petri nets and
deadlock detection. Section 3 introduces and describes the
proposed method. Section 4 presents an example of deadlock
detection using the discussed method. Finally, section 5
contains the conclusion.
II. PRELIMINARIES
A. Petri Nets
Petri nets [1,2] are a general usage mathematical model
introduced in the early sixties of the last century. They
describe relations between conditions and events. Currently,
they are used in many domains of science, i.e. in computer
science, electronics, biology, biochemistry, medicine,
environment protection, and also in various industry domains,
such as planning and controlling of production flow, design
and implementation of logic controllers, system software
synthesis [2,3,8,9,15,16]. Graphic representation of Petri nets
is more clear and understandable for non-engineers than
a source code. Using basic elements it is possible to specify
such aspects of a behavior as concurrency, choice,
synchronization or resources sharing [2,15].
Definition 1. A Petri net can be formally defined [1] as an
ordered triple PN = (P, T, F), where:
 P is a nonempty set of places;
 T is a nonempty set of transitions;
 F is a nonempty set of arcs: from a place to a transition
or from a transition to a place.
A marking of a net defines the state of the Petri net (the
state of the system). A marking is defined as a function
M: P{0, 1, 2,…}. It can be considered as a number of tokens
situated in the net places. A place containing a token is
a marked place. Number of tokens in a place p for marking M
is denoted as M(p). Initial marking is denoted as M0.
 A marking can be changed by transition firing. A
transition t is enabled and can fire (be executed) if every input
place of it (a place from which an arc leads to t) contains a
token. Transition firing removes one token from each input
place and adds one token to each output place of it (a place to
which an arc leads from t). If there is an upper limit for
number of tokens in the net in every reachable marking, the
net is bounded, otherwise it is unbounded. A net that in every
reachable marking no place contains more than one token is
called safe; otherwise the net is unsafe.
Definition 2. A deadlock is a marking such that no transition
can be fired [16].
An exemplary Petri net with deadlock [16] is shown in Fig. 1.
Firing of transition t1 moves token from place p1 into place p2
where no transitions can be executed anymore and a deadlock
state is achieved. Choosing transition t2 instead of transition t1
would cause the token to move from place p1 into p3, then
from p3 into p4, then again into p3 (a loop) and the marking
would everlastingly evolve.
Fig. 1. A Petri net with deadlock [16]
B. Deadlock detection by means of state space exploration.
There exist various methods of Petri net analysis; however
deadlock detection – if it is needed to obtain a firing sequence
leading to a deadlock – requires a state space exploration.
Complete state space exploration, when possible, provides
complete answers for many analysis questions, also for
deadlock detection. But such exploration is possible only for
relatively small nets because of the so-called state explosion
problem [7]: exponential dependency of the number of
reachable states (markings) of the system from the system
size1.
That is the reason why a strong attempt has been made to
reduce number of markings explored for analysis and, among
others, for deadlock detection. A basic notion used in the
approaches of reduced state space exploration is the notion of
independent transitions, which for Petri nets can be defined as
follows:
1
That is true for the bounded systems; reachability graph of an
unbounded system is infinite.
Private author’s copy and version
Definition 3. Transitions t1 and t2 are independent if they
can neither disable nor enable each other [10]2.
Another important notion in this respect is the notion of
a Mazurkiewicz trace.
Definition 4. A trace is a set of firing sequences which can
be obtained from each other by successively permuting
adjacent independent transitions [11].
The methods of reduced state space exploration, such as
the stubborn set method [6], its generalization – the persistent
set approach [10] and the concurrent simulation
methods [12,13], tend to represent each trace by just one
sequence: one of its linearizations (persistent set approach) or
a sequence of steps being the sets of concurrent transitions
(concurrent simulation approach). That allows in many cases
to reduce remarkably the number of explored markings.
Nevertheless, it is possible that there are several traces leading
to the same deadlock. In such case even the methods of
reduced state space exploration will generate the reachability
graphs which are redundant for the deadlock detection.
Fig. 2. A Petri net
Fig. 2 shows a Petri net with 5 reachable deadlocks: with
marked places (p11, p21, p22), (p19, p21, p22),
(p18, p21, p22), (p8, p19, p21), and (p8, p21, p23). Let us
denote them as D1, D2, D3, D4 and D5, correspondingly. The
complete state space of the net contains 297 markings. Its
reduced reachability graph, constructed using the stubborn set
method, contains 27 markings; it is shown in Fig. 3. There are
4, 8, 4, 8, and 4 traces, correspondingly, leading from the
initial marking to the deadlocks. That’s the reason why the
same number of different paths lead in the reduced
reachability graph to the deadlocks.
2
For more general systems the condition of commutativity of
enabled independent transitions is added, which is always
satisfied for the Petri nets.
C. Deadlock-preserving reduction
One of the main techniques of Petri net analysis is
reduction [1,3,14]. There is a wide range of reduction
methods, depending on the properties to be checked. When the
reduction is considered in the context of deadlock detection,
the property which is preserved is usually the deadlock-
freeness. It is not enough for detection of all reachable
deadlocks. For such detection the reduction rules should be
used which never remove the places which can be deadlocked.
Fig. 3. Reduced reachability graph of the Petri net from Fig. 1 (the stubborn
set method). Deadlocks are shown as the rectangles.
The well-known and simple reduction rules are presented
in [1]. It is easy to see that those of them which are shown in
Fig. 4 preserve the potentially deadlocked places and hence
the reachable deadlocks.
Another possibility of reduction exists when a net contains
the SM-subnets – the purely sequential subnets [8,17-19]. In
some cases such subnets can be replaced by single places with
preserving of the net properties,. In some other cases the
internal places of such subnets can be removed [20].
However, the reduction allows obtaining the deadlocks,
but not the firing sequences leading to them. That is
a drawback of the reduction methods, because obtaining such
sequences is usually important for verification.
Private author’s copy and version
Fig. 4. Deadlock-preserving reduction rules: a) fusion of series places,
b) fusion of series transitions, c) fusion of parallel places, d) fusion of parallel
transitions, e) elimination of self-loop transitions
III. REDUCING NUMBER OF TRACES
A. Main idea of the proposed method
A novel method is proposed combining the state space
exploration and reduction approach by means of assigning to
the transitions of the reduced net the firing sequences, which
would allow to “unfold” a firing sequence for the original net
from a firing sequence of the reduced net.
Let us assign to every transition of the original net a firing
sequence consisting of the same transition. Then, every step of
reduction affecting the transitions will be accompanied with
obtaining of the proper firing sequences for the new or
modified transitions of the net (except of elimination of self-
loop transitions, because such transitions and corresponding
firing sequences have no means for the deadlock detection).
For example, if fusion of series transitions is applied, the
sequence corresponding to the new transition will be a
concatenation of the sequences corresponding to the replaced
transitions (see Fig. 7b). Next, the reachability graph (full or
reduced) of the reduced net can be constructed, and for every
path leading to a deadlock in this graph a firing sequence for
the original net can be restored. As it is shown below, some of
traces leading to the deadlocks can be avoided in such a way.
For example, fusion of parallel transitions allows considering
firing sequence assigned to only one of the parallel transitions;
sequences associated to other transitions can be ignored,
because all of them lead to the same result (Fig. 7c).
B. Reduction of the SM-subnets
In [17] there is a claim that every SM-subnet – obtained by
removing from the net all transitions with more than one input
places and more than one output places – can be replaced by a
macroplace. In [20] it is shown that such replacement not
always preserves important properties of the net, such as
deadlock-freeness.
Let the places of an SM-subnet being the output places for
the transitions not belonging to the SM-subnet be called its
inputs; let the places being the input places for the transitions
not belonging to the SM-subnet be its outputs (sets of inputs
and outputs of an SM-subnets can intersect); let the places of
the SM-subnet being neither its inputs nor outputs be its
internal places. Then, as it is shown in [20], an SM-subnet can
be replaced by single place if it has only one output, every
internal place is reachable from at least one input and from
every internal place the output is reachable, and then the most
important behavioral properties of the net are preserved
(example of such reduction is shown in Fig. 5).
Fig. 5. An example of reducing of an SM-subnet; the subnet is replaced by
single place
When an SM-subnet does not satisfy the mentioned
condition, it still can be reduced, but in a different way: all its
internal places can be removed, and the internal transitions
replaced by the transitions connecting every input with every
output reachable from it. Such reduction was described in
[20]3. It preserves liveness, safeness, boundedness and the
reachable deadlocks. Example of the reduction is shown in
Fig. 6.
Fig. 6. An example of reducing of an SM-subnet; the internal places of the
subnet are removed
3
Here we suppose that the SM-subnets we consider do not
contain the places which are unreachable from the inputs or
from which no output is unreachable.
Private author’s copy and version
For given SM-subnet, the outputs reachable from every
input can be obtained by the graph search (DFS or BFS)
starting at the input. Such search can be stopped when (and if)
all the outputs are achieved, and in such case it is possible that
not all the internal places will be visited. For every couple
“input-output”, when the output is reachable from the input,
such search provides a single path. However, this path is, in
general case, not the only possible one. It means that some
paths (and some traces) can be avoided during the deadlock
detection. As it was stated above, for every input and every
output reachable from it, a transition will be introduced;
a firing sequence corresponding to such transition can be
obtained by the graph search mentioned above.
C. Description of the Algorithm
The proposed method of the deadlock detection consists of
the following steps:
1. Mark every transition t of the given net with the
firing sequence consisting of the only transition t.
2. Reduce the net applying the reduction rules shown in
Figures 4-6.
If a rule from Fig. 4 is applied, firing sequences
associated with the transitions should be modified as
it is shown in Fig. 7.
If the rule shown in Fig. 6 is applied, then a firing
sequence being a concatenation of the firing
sequences corresponding to the transitions on a path
from an input to an output of the SM-subnet should
be associated to the transition leading from the input
to the output (as it is shown in Fig. 6).
If the rule from Fig. 5 is applied, such firing sequence
should be added to the firing sequence associated to
the transition for which the input of the SM-subnet is
an output place (as it is shown in Fig. 5).
3. Perform deadlock detection of the reduced net by
constructing its reduced reachability graph (applying
the stubborn set method).
4. For every firing sequence R, leading from the initial
marking to a deadlock in the reduced net, obtain
a firing sequence  for the original net leading to the
same deadlock, by concatenation of the firing
sequences associated with the transitions belonging
to R.
Fig. 7. Firing sequences correspondung to the transitions before and after
applying the reduction rules presented in Fig. 4: a) fusion of series places,
b) fusion of series transitions, c) fusion of parallel transitions
 IV. EXAMPLE
Applying the steps 1 and 2 of the discussed method to the
net shown in Fig. 2, the following reduced net is obtained
(Fig. 8).
Fig. 8. The net from Fig. 2 after the reduction
Reduced reachability graph of this net (obtained by means
of the stubborn set method; step 3) is shown in Fig. 9. As it is
easy to see, it contains only one trace and only one firing
sequence leading to each of reachable deadlocks (step 4). Only
11 markings have been explored in it.
Fig. 9. Reduced reachability graph of the net from Fig. 8
V. CONCLUDING REMARKS
The proposed method of deadlock detection is oriented on
decreasing of the number of explored markings. In many cases
– namely when the net contains the SM-subnets with multiple
Private author’s copy and version
View publication stats
paths from an input to an output – the method allows reducing
the number of traces necessary to be explored during the
deadlock detection.
Further reduction of the state spaces to be explored for
such detection is a prospective direction for a future research.
REFERENCES
[1] T. Murata, “Petri nets: properties, analysis and applications,”
Proceedings of the IEEE, vol. 77, pp. 541-580, April 1989
[2] R. David and H. Alla, Petri Nets & Grafcet. Tools for modelling discrete
event systems. Prentice Hall, 1992.
[3] M. Silva, “Half a century after Carl Adam Petri's Ph.D. thesis: a
perspective of the field,” Annual reviews in control, vol. 37, pp. 191-
219, 2013
[4] Ch. Baier and J.-P. Katoen, Principles of model checking. The MIT
Press, 2008.
[5] I. Grobelna, “Formal verification of embedded logic controller
specification with computer deduction in temporal logic”, Przegląd
Elektrotechniczny, nr 12a, 2011, pp. 40-43.
[6] A. Valmari, “State of the art report: stubborn sets,” Petri net newsletter,
vol. 46, pp. 6-14, 1994
[7] A. Valmari, “The state explosion problem,” in Lectures on Petri nets I:
basic models, LNCS, vol. 1491, Springer-Verlag, 1998, pp. 429-528.
[8] A. Bukowiec, J. Tkacz, T. Gratkowski, and T. Gidlewicz,
„Implementation of algorithm of Petri nets distributed synthesis into
FPGA”, International Journal of Electronics and Telecommunications,
vol. 59, nr 4, 2013, pp. 317-324.
[9] M. Adamski and M. Chodań, Modeling of the discrete control devices
using SFC, Technical University of Zielona Góra: Zielona Góra, 2000
[Modelowanie układów sterowania dyskretnego z wykorzystaniem sieci
SFC, Wydawnictwo Politechniki Zielonogórskiej, 2000]
[10] P. Godefroid, Partial-order methods for the verification of concurrent
systems: an approach to the state explosion problem, LNCS, vol. 1032,
New York: Springer-Verlag, 1996.
[11] A. Mazurkiewicz, “Trace theory,” in Advances in Petri nets, part II,
Proceedings of an advanced course, LNCS, vol. 255, New York:
Springer-Verlag, 1986, pp. 279-324.
[12] R. Janicki and M. Koutny, “Optimal simulation, nets and reachability
graphs”, in Advances in Petri nets 1991, LNCS, vol. 524, Springer-
Verlag, 1991, pp. 205-226.
[13] A. Karatkevich, “Concurrent simulation of concurrent discrete systems”,
in Proc. of the Xth Intl. Conf. CADSM 2009, Lviv: Publishing House
Vezha&Co, 2009, pp. 218-222.
[14] G. Berthelot, “Checking properties of the nets using transformation”, in
Advances in Petri nets 1985, LNCS, vol. 222, Springer-Verlag, 1986,
pp. 19-40.
[15] C. Girault, R. Valk, “Petri Nets for Systems Engineering. A Guide to
Modeling, Verification, and Applications”, Springer Verlag, 2003.
[16] R. David, H. Alla, “Discrete, Continuous, and Hybrid Petri Nets”,
Springer Verlag, 2010.
[17] Z. Banaszak, J, Kuś and M. Adamski, Petri nets: modelling, control and
synthesis of discrete systems, Higher Technical School in Zielona Góra:
Zielona Góra, 1993 [Sieci Petriego: modelowanie, sterowanie i synteza
systemów dyskretnych, Wydawnictwo Wyższej Szkoły Inżynierskiej,
Zielona Góra, 1993]
[18] M. Adamski and M. Węgrzyn, „Field programmable implementation of
programmable state machine”, in Proc. of the 3rd Intl. Conf. CAD
DD’99, Vol. 1, Minsk: NASB, Inst. of Eng. Cybernetics, 1999, pp. 4-12.
[19] Ł. Stefanowicz, M. Adamski, and R. Wiśniewski, “Application of an
exact transversal hypergraph in selection of SM-components,” in
Technological innovation for the internet of things. Heidelberg -
Dordrecht, Springer, 2013, pp. 250–257.
[20] A. Karatkevich, „Minimized representation of state machine subnets of
Petri nets”, in Proc. of the 7th Intl. Conf. CAD DD 2010, Minsk: UIIP
NASB, 2010, pp. 65-72.