Identification and elimination of redundant control places in petri net based liveness enforcing...

ORIGINAL ARTICLE

Identification and elimination of redundant control placesin petri net based liveness enforcing supervisors of FMS

Murat Uzam & Zhiwu Li & MengChu Zhou

Received: 3 March 2006 /Accepted: 13 June 2006 / Published online: 25 October 2006# Springer-Verlag London Limited 2006

Abstract In the past two decades, a number of Petri-net-based approaches were proposed for deadlock prevention inflexible manufacturing systems (FMS). An FMS is modeledas a Petri net, and then the controller or the livenessenforcing supervisor (LES) is computed as a Petri net. Alive Petri net (LPN) guarantees deadlock-free operations ofthe modeled FMS. An LES consists of a number of controlplaces (CPs) and their related arcs. To-date most of theattention has been paid to make the underlying Petri netmodels live without questioning whether or not all of thecomputed CPs are necessary. It is often the case that thenumber of CPs determined by these approaches is notminimal. Reducing it in order to reduce the complexity ofthe controlled system is an important issue that was nottackled before. To address this problem, this paper proposesa redundancy test for an LES of an FMS. The proposedapproach takes an LPN model, controlled by n CPs, asinput and in the existence of any redundant CPs it produces

redundant and necessary CPs. The proposed approach isapplicable to any LPN consisting of a Petri net model(PNM), controlled by means of a set of CPs.

Keywords Deadlock . Deadlock prevention .

Flexible manufacturing systems .

Liveness enforcing supervisor .

Petri nets (PN) .

Redundancy test

1 Introduction

A flexible manufacturing system (FMS) consists of suchresources as machines, robots, storage devices, and convey-ors. Raw or intermediate parts are concurrently processedvia pre-established production routes using these resources.Deadlock is a highly undesirable situation in FMS, whereeach job in a job set keeps waiting indefinitely for the otherjobs in the same set to release shared resources. Theefficient handling of deadlocks in an FMS becomes anecessary condition for a system to gain high productivity[1]. It is necessary for an effective FMS control policy toensure that deadlock never occurs. The investigations ondeadlock resolution in FMS were active in the past twodecades [2–33]. For a detailed survey on deadlock controlmethods in FMS the reader is referred to [1]. There aremainly three methods to deal with the problem of deadlocksin FMS [16]: deadlock detection and recovery [4, 5, 8],deadlock avoidance [2, 3, 6, 9–13, 15–19, 22, 23], anddeadlock prevention [2, 7, 14, 16, 19, 20, 22, 24, 26, 28,31–33]. In this paper we are concerned with the deadlockprevention approach, where a suitable design is conductedbefore a system’s control implementation. The goal is to

Int J Adv Manuf Technol (2007) 35:150–168DOI 10.1007/s00170-006-0701-5

M. Uzam (*)Mühendislik-Mimarlık Fakültesi,Elektrik-Elektronik Mühendisliği Bölümü, Kampüs,Niğde Üniversitesi,51200 Niğde, Turkeye-mail: [email protected]

Z. LiSchool of Electro-Mechanical Engineering, Xidian University,No. 2, South Taibai Road,Xi’an 710071, People’s Republic of Chinae-mail: [email protected]

M. ZhouDepartment of Electrical and Computer Engineering,New Jersey Institute of Technology,Newark, NJ 07102, USAe-mail: [email protected]

add to the system a control policy preventing the systemfrom reaching deadlock states. In this case, the computationis carried out off-line in a static way and once the controlpolicy is established and applied, the system can no longerreach undesirable deadlock states.

Several tools have been adopted for deadlock detectionand recovery, avoidance, and prevention: graph-basedtechniques [8, 11, 13], finite state machine based models[15], and Petri net models [2, 3, 6, 7, 9, 16, 17, 19–28, 30–33]. Petri nets have been used widely to describe FMS, dueto their ability to detect good behavioral properties of thesystem such as deadlock-freeness and boundedness [16]. Alive Petri net guarantees deadlock-free operations.

In Petri-net-based deadlock-prevention/liveness enforc-ing approaches, the FMS is modeled as a Petri net, takinginto account the production sequences, and then thecontroller or the liveness enforcing supervisor (LES) iscomputed as a series of control places (CPs), their relatedarcs and initial markings. To-date, the research has focusedon making the underlying Petri net models live withoutquestioning whether or not all of the computed CPs arenecessary. In the context of FMS, the number of good statesin a Petri net model, which can be provided under thedeadlock prevention or liveness-enforcing policies, has beenregarded as a “quality measure” [20]. In terms of thepractical implementation of these policies, this qualitymeasure implies high efficiency, through put, and flexibility.As a general rule it is desirable to obtain the least restrictive,i.e., the most permissive, controller with the least number ofCPs possible. Therefore, it is important to make sure that allcomputed ones are necessary, and otherwise the controllednet may become structurally complex.

The objective of this paper is to propose a redundancytest for an LES of an FMS. The proposed approach takes alive Petri net (LPN) model of an FMS, controlled by nCPs,as input and in the existence of any redundant CPs itproduces redundant and necessary CPs. The proposedapproach is applicable to any LPN that derives from theaddition of CPs to a PNM, prone to deadlock. It is believedthat the proposed test can be included as a subroutine,embedded in the design of all Petri-net-based deadlock-prevention/liveness enforcing policies presented in theliterature. It offers a robust way to remove redundant CPs.The applicability of the proposed redundancy test isdemonstrated by considering a number of LPN currentlyavailable in literature.

The remainder of the paper is organised as follows.Some basic Petri net definitions and concepts, related tothis paper, are briefly reviewed in Section 2. Section 3defines and explains the proposed redundancy test for LESof FMS. A number of FMS deadlock prevention/livenessenforcing examples from the Petri net literature areconsidered to show the applicability of the proposed

redundancy test in Section 4. Finally, some conclusionsare given in Section 5.

2 Basic petri net definitions

Petri nets are used to model the flow of products in anFMS. Petri nets as a mathematical tool have a number ofproperties. When interpreted in the context of modeledFMS, these properties allow one to identify the presence orabsence of the functional properties of the system. Thereader is referred to [34] for the fundamentals of Petri nettheory. In this section, some definitions and concepts whichare related to this paper are briefly reviewed.

A Petri net is a five-tuple, PN = (P, T, F, W, M0) where:P = {p1, p2, ..., pm} is a finite set of places, where m > 0;T = {t1, t2, ..., tn} is a finite set of transitions, where n > 0,with P ∪ T ≠ ∅ and P ∩ T ≠ ∅; F ⊆ ( P × T) ∪ ( T × P ) isthe set of all directed arcs, where P × T →N is the inputfunction that defines the set of directed arcs from P to T,and T × P→ N is the output function that defines the set ofdirected arcs from T to P, where N ={ 0, 1, 2, ...},W: F→ N

is the weight function. M0: P →N is the initial marking. Theset of input (resp., output) transitions of a place p is denotedby •p (resp., p•). Similarly, the set of input (resp., output)places of a transition t is denoted by •t (resp., t•). A Petri netstructure (P, T, F, W) without any specific initial marking isdenoted by N. A Petri net with the given initial marking isdenoted by (N, M0).

A transition t is said to be enabled or firable if each inputplace p ∈ •t is marked with at least w(p, t) tokens, where w(p, t) is the weight of the arc from p to t. A transition mayfire if it is enabled. A firing of an enabled transition tremoves w(p, t) tokens from each input place p ∈ •t, andadds w(t, p) tokens to each output place p ∈ t•, wherew(t, p) is the weight of the arc from t to p. This process isdenoted by M [t >M′. The marking M of a Petri netindicates the number of tokens in each place which is thecurrent state of the modeled system. When a marking M′can be reached from a marking M by executing a firingsequence of transitions σ = t0t1t2...tk, this process is thendenoted by M [σ >M′. The set of all reachable markingsfor a Petri net with initial marking M0 is denoted by R(N,M0) or R in case of no confusion.

A pair of a place p and a transition t is called a self-loopif p is both p ∈ t• and p ∈ •t. A Petri net is said to be pure ifit has no self-loops. A Petri net is said to be ordinary if allof its arc weights are 1’s. A place p is called k-bounded, ifthe number of tokens in it is not greater than k at anyM ∈ R. N is safe if it is 1-bounded. A 1-bounded place p iscalled a safe place. A Petri net N is called k-bounded, orsimply bounded if each p ∈ P is k-bounded. Places arefrequently used to represent buffers for parts, tools, pallets,

Int J Adv Manuf Technol (2007) 35:150–168 151

and AGVs in FMS. Boundedness is used to identify theexistence of overflows in the modeled system. When aplace models an operation, its safeness guarantees that thecontroller will not attempt to initiate an ongoing process. Atransition t is said to be live if for any M ∈ R, there exists asequence of transitions firable from M which contains t.(N, M0) is said to be live if all the transitions are live. (N,M0) contains a deadlock if there is a marking M ∈ R atwhich no transition is enabled. Such a marking is called adead marking. Deadlock situations are as a result ofinappropriate resource allocation policies or exhaustiveuse of some or all resources. Liveness of a Petri net meansthat for each marking M ∈ R reachable from M0, it is finallypossible to fire any transition t, ∀t ∈ T, in the Petri netthrough some firing sequence. This means that a live Petrinet guarantees deadlock-free operation, no matter whatfiring sequence is chosen, i.e., if a Petri net is live, then ithas no deadlock. A Petri net (N, M0) is said to be reversible,if for each marking M ∈ R, M0 is reachable from M. Thus,in a reversible net it is always possible to go back to initialmarking (state) M0. Many systems are required to returnfrom the failure states to the preceding correct states. Thusreversibility property is important in FMS error recovery.This property also guarantees cyclic behavior for allrepetitive FMS. Moreover, if a net contains a deadlock, itis not reversible. A marking M′ is said to be a home state, iffor each marking M ∈ R, M′ is reachable from M.Reversibility is a special case of the home state property,i.e., the home state M′ = M0.

3 Redundancy test for liveness enforcing supervisorsof FMS

In Petri-net-based deadlock-prevention/liveness enforcingapproaches, an FMS is modeled as a Petri net, and then theliveness enforcing supervisor (LES), consisting of a numberof control places (CPs), together with their related arcs andinitial markings, is computed as a Petri net. There may existredundant CPs in a live Petri net (LPN) model, denoted by anet system (N0, M0), controlled by n CPs: CP = {C1, C2, ...,Cn}. In this paper, a CP is called redundant if removing itstill keeps the net live. It should be noted that this definitionis different from that of a redundant place in literature.Removing the latter does not change the net’s reachabilitygraph. Also, redundant CPs are not necessarily unique givena set of CPs used to make a deadlock-prone net live.

Redundancy test algorithm: Redundancy test for LESof FMS.

Input: A live Petri net (LPN) model, denoted by anet system (N0, M0), of an FMS, controlled by n CPs; CP ={C1, C2, ...,Cn};

1) [Define] β0: the number of reachable markings or statesof reachability graph (R0) of (N0, M0)[Defined for Algorithm A] βA: the number of reachablemarkings or states of RA of (NA, MA); n = j +k, where n:the number of CPs of LPN; j: the number ofredundant CPs; k: the number of necessary CPs;[Defined for Algorithm B] βB: the number of reachablemarkings or states of RB of (NB, MB); n = l +m, wheren: the number of CPs of LPN; l: the number ofredundant CPs; m: the number of necessary CPs;

2) Apply Algorithm A to (N0, M0) and the resultant netsystem is denoted as (NA, MA).

3) Apply Algorithm B to (N0, M0) and the resultant netsystem is denoted as (NB, MB).

Output: If ( j>0) [for Algorithm A]then Output A = an LPN, denoted by a net system

(NA, MA), controlled by k necessary CPs; there are jredundant CPs;

if βA = β0 then the controlled behavior of (NA, MA) is thesame as (N0, M0)

if βA > β0 then the controlled behavior of (NA, MA) ismore permissive than (N0, M0)

else there is no redundant CPs obtained due toAlgorithm A and therefore

for Algorithm A: Output = Input;If (l>0) [for Algorithm B]then Output B = an LPN, denoted by a net system

(NB, MB), controlled by m necessary CPs; there arel redundant CPs;

if βB = β0 then the controlled behavior of (NB, MB) is thesame as (N0, M0)

if βB > β0 then the controlled behavior of (NB, MB) ismore permissive than (N0, M0)

else there is no redundant CPs obtained due toAlgorithm B and therefore

for Algorithm B: Output = Input;end Redundancy Test AlgorithmAlgorithm A: Front-to-Back (FTB) redundancy test for

LES of FMS.Input: A live Petri net (LPN) model, denoted by a

net system (N0, M0), of an FMS, controlled by n CPs; CP ={C1, C2, ...,Cn};

1) [Initialize] NA := N0; MA := M0; i =1; j= 0; k=0;2) Remove Ci from (NA, MA). Denote the resultant net

system by (Ni, Mi).3) Check the liveness property of (Ni, Mi), compute

the reachability graph (Ri) of (Ni, Mi) and define βAi,i.e., the number of reachable markings of Ri;

If (Ni, Mi) is NOT LIVEthen put Ci back into (Ni, Mi); k=k + 1; which means

that Ci is necessary to keep the PN model live,else [i.e., If (Ni, Mi) is LIVE], j= j + 1; which means

152 Int J Adv Manuf Technol (2007) 35:150–168

that Ci is redundant,if βAi = β0 then the controlled behavior of (Ni, Mi) is

the same as (N0, M0)if βAi > β0 then the controlled behavior of (Ni, Mi) is

more permissive than (N0, M0)endif

4) NA: = Ni; MA: = Mi

5) i = i +1.6) If i ≤ n then go to step 2.

Output: If (j>0)then Output = an LPN, denoted by a net system (NA, MA),

controlled by k necessaryCPs; there are j redundant CPs;if βA = β0 then the controlled behavior of (NA, MA) is the

same as (N0, M0)if βA > β0 then the controlled behavior of (NA, MA) is

more permissive than (N0, M0)else there is no redundant CPs and therefore Output =

Input;end Algorithm AAlgorithm B: Back-to-Front (BTF) redundancy test for

LES of FMS.Input: A live Petri net model (LPN), denoted by a

net system (N0, M0), of an FMS, controlled by n CPs; CP ={C1, C2, ...,Cn};

1) [Initialize] NB := N0; MB := M0; i =n; l= 0; m=0;2) Remove Ci from (NB, MB). Denote the resultant net

system by (Ni, Mi).3) Check the liveness property of (Ni, Mi), compute

the reachability graph (Ri) of (Ni, Mi) and define βBi,i.e., the number of reachable markings of Ri;

If (Ni, Mi) is NOT LIVEthen put Ci back into (Ni, Mi); m = m + 1; which

means that Ci is necessary to keep the PN model live,else [i.e., If (Ni, Mi) is LIVE], l = l + 1; which means

that Ci is redundant,if βBi = β0 then the controlled behavior of (Ni, Mi) is

the same as (N0, M0)if βBi > β0 then the controlled behavior of (Ni, Mi) is

more permissive than (N0, M0)endif

4) NB := Ni; MB := Mi

5) i = i –1.6) If i ≠ 0 then go to step 2.

Output: If (l>0)then Output = an LPN, denoted by a net system (NB, MB),

controlled by mnecessary CPs; there are l redundant CPs;if βB = β0 then the controlled behavior of (NB, MB) isthe same as (N0, M0)if βB > β0 then the controlled behavior of (NB, MB) is

more permissive than (N0, M0)else there is no redundant CPs and therefore Output =

Input;end Algorithm BThe redundancy test algorithm makes use of both

algorithms A and B. The former tests each CP starting fromnumber 1 to the end, i.e., to n, while the latter tests each CPstarting from number n to 1. Both tests may produce thesame result or it may be possible to obtain differentoutcomes. It depends on the controlled live net system (N0,M0) considered. Of course if there is no redundant CP in anLPN, then the algorithm redundancy test finds no redundantCP. In the existence of one or more redundant CP in an LPN,we may obtain the following results:

1. We may obtain the same set of redundant CPs andnecessary CPs. In this case, the live behavior of the Petrinet model, controlled by the set of necessary CPs, may bethe same as or more permissive than the original controllednet system, obtained with a smaller number of CPs.

2. We may obtain two different sets of redundant CPs andnecessary CPs. The live behavior of the Petri net modelobtained with each set of necessary CPs, may be thesame as or more permissive than the original controllednet system, obtained with a smaller number of CPs.

The redundancy test algorithm is easy to use, veryeffective and straight forward. Its complexity is, however,exponential with respect to the net size since it requiresgenerating the reachability graph. At the worst cases,algorithm A and algorithm B, i.e., BTF and FTB redundancytests respectively, also exhibit the same exponential com-plexity. When dealing with a particular case, their perfor-mance may vary significantly. The redundancy test algorithmis applicable to any LPN consisting of a PNM, prone todeadlock, of an FMS, controlled by means of a set of CPs. Ithas been applied to a number of LPN currently availablewithin the Petri net based deadlock prevention/livenessenforcing literature with success, as can be seen fromSection 4. The liveness property can be checked and thereachability analysis can be carried out by currently availablePetri net analysis tools. In this work, INA [35] is used.

4 Examples

In this section firstly we consider a simple illustrativeexample to show all the details of the proposed method.Then, we consider a number of FMS deadlock preventionexamples, each of which belongs to a special class of Petrinets, from the Petri net literature to show the applicabilityof the redundancy test proposed in this paper.


4.1 Illustrative example

As the first example, let us consider the FMS shown inFig. 1 with two machines M1 and M2, each of which canprocess only one part at a time and one robot, which canhold one part at a time. Parts enter the FMS throughinput/output buffers I/O1 and I/O2. We consider twoparts: P1 and P2. Initially, it is assumed that there are noparts in the system. The production sequences are:

P1:M1 Y Robot Y M2P2:M1 @ Robot @ M2

Figure 2 shows the Petri net model (PNM) of the FMSfor these production sequences. In this model there areeleven places, P = {p1-11} and eight transitions, T = {t1-t8}.Places p2, p5, and p8 represent the operation of M1, Robotand M2 respectively for the 1st production sequence of P1.The number of tokens in p1, i.e., M(p1) = 3, represents thenumber of concurrent activities that can take place for P1.Similarly, places p10, p7, and p4 represent the operation ofM2, Robot, and M1 respectively for the 2nd productionsequence of P2. The number of tokens in p11, i.e., M(p11) = 3,represents the number of concurrent activities that can takeplace for P2. Places p3, p6, and p9 denote the sharedresources M1, Robot, and M2 respectively. In order to havecorrect system behavior, it is desirable that each productionsequence can finish.

The uncontrolled PNM shown in Fig. 2 is prone todeadlock and therefore it is necessary to deploy somecontrol mechanisms to prevent deadlocks in it. It can beverified that there are 20 states of the uncontrolled PNM. Inaddition the live and optimally controlled PNM should beable to reach 15 good states. The reachability graph (RG) ofthe PNM is shown in Fig. 3 and the states of the RG areprovided in Table 1. The LES, consisting of five CPs,shown in Table 2, is computed for preventing deadlockswithin the PNM. When we add the LES, i.e., the five CPsshown in Table 2, to the PNM, shown in Fig. 2, we obtain alive Petri net (LPN) model of the FMS as shown in Fig. 4.It can be verified that the LPN shown in Fig. 4 is live with11 good states.

Let us now apply the proposed redundancy test to thisproblem:

Redundancy Test Algorithm: Redundancy test for anLES of an FMS.

Input: A live Petri net model, LPN= (N0, M0) shown inFig. 4, controlled by n=5CPs; CP={C1,C2, ...,C5};

1) β0:=11.2) Apply Algorithm A to (N0, M0) and denote the

resultant net system as (NA, MA)1) [Initialize] NA := N0 ; MA := M0; i= 1; j = 0; k =0;2) (N1, M1)= C1 is removed from (NA, MA).3) (N1, M1) is live, βA1 =11, j = j + 1=1; whichmeans that C1 is redundant:βA1 = β0 = 11, therefore the controlled behavior of(N1, M1) is the same as (N0, M0)4) NA:= N1; MA:= M1

5) i = i + 1 =26) i = 2 ≤ n, i.e. 5, therefore go to step 2—– 2nd iteration of the FTB test————–2) (N2, M2) = C2 is removed from NA, MA).3) (N2, M2) is live, βA2 = 11, j = j + 1= 2; whichmeans that C2 is redundant:βA2 = β0 = 11, therefore the controlled behavior of(N2, M2) is the same as (N0, M0)

4) NA:= N2; MA:= M2

5) i = i + 1 =3

Fig. 1 An example FMS

Fig. 2 Petri net model (PNM) of the FMS for the two productionsequences


6) i = 3 ≤ n, i.e. 5, therefore go to step 2—– 3rd iteration of the FTB test————–2) (N3, M3) = C3 is removed from (NA, MA).3) (N3, M3) is live, βA3 = 11, j = j + 1= 3;which means that C3 is also redundant:βA3 = β0 = 11, therefore the controlled behavior of(N3, M3) is the same as (N0, M0)

4) NA:= N3; MA:= M3

5) i = i + 1 =46) i = 4 ≤ n, i.e. 5, therefore go to step 2—– 4th iteration of the FTB test————–2) (N4, M4) = C4 is removed from (NA, MA).3) (N4, M4) is not live, βA4= 14 C4, is put back into(N4, M4),

Table 1 States of the RG, shown in Fig. 3

p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11

s0: 3 0 1 0 0 1 0 0 1 0 3s1: 2 1 0 0 0 1 0 0 1 0 3s2: 3 0 1 0 0 1 0 0 0 1 2s3: 2 0 1 0 1 0 0 0 1 0 3s4: 2 1 0 0 0 1 0 0 0 1 2s5: 3 0 1 0 0 0 1 0 1 0 2s6: 1 1 0 0 1 0 0 0 1 0 3s7: 2 0 1 0 0 1 0 1 0 0 3s8: 2 0 1 0 1 0 0 0 0 1 2s9: 2 1 0 0 0 0 1 0 1 0 2s10: 3 0 1 0 0 0 1 0 0 1 1s11: 3 0 0 1 0 1 0 0 1 0 2s12: 1 1 0 0 0 1 0 1 0 0 3s13: 1 1 0 0 1 0 0 0 0 1 2s14: 2 1 0 0 0 0 1 0 0 1 1s15: 3 0 0 1 0 1 0 0 0 1 1s16: 1 0 1 0 1 0 0 1 0 0 3s17: 3 0 0 1 0 0 1 0 1 0 1s18: 0 1 0 0 1 0 0 1 0 0 3s19: 3 0 0 1 0 0 1 0 0 1 0

Fig. 3 The reachability graph(RG) of the PNM, shown inFig. 2


k = k + 1= 1; which means that C4 is necessary to keepthe PNM live,4) NA:= N4; MA := M4

5) i = i + 1 =56) i = 5 ≤n, i.e. 5, therefore go to step 2—– 5th iteration of the FTB test————–2) (N5, M5) = C5 is removed from (NA, MA).3) (N5, M5) is not live, βA5 =14, C5 is put back into (N5,M5),k = k + 1= 2; which means C5 is also necessary to keepthe PNM live,4) NA:= N5; MA := M5

5) i = i + 1 =66) i = 6 > n, i.e. 5, therefore carry onOutput: [for Algorithm A] j =3>0 therefore Output =

an LPN, denoted by a net system (NA, MA), controlled byk = 2 necessary CPs, namely C4 and C5; there are j = 3redundant CPs, namely C1, C2 and C3;

βA = β0 =11, therefore the controlled behavior of (NA,MA) is the same as (N0, M0)

3) Apply Algorithm B to (N0, M0) and denote theresultant net system as(NB, MB)1) [Initialize] NB := N0; MB := M0; i =5; l = 0; m = 0;2) (N5, M5) = C5 is removed from (NB, MB).3) (N5, M5) is live, βB5 =13, l = l + =1; which meansthat C5 is redundant:βB5=13 > β0 = 11, therefore the controlled behavior of(N5, M5) is more permissive than (N0, M0)4) NB := N5; MB := M5

5) i = i – 1 =46) i ≠0 therefore go to step 2—– 2nd iteration of the BTF test————–2) (N4, M4) = C4 is removed from (NB, MB).3) (N4, M4) is live, βB4 = 15, l = l + 1=2; which meansthat C4 is also redundant:βB4=15 > βB5=13 > β0 = 11, therefore the controlledbehavior of(N4, M4)is more permissive than (N5, M5) and (N0,M0)4) NB := N4; MB := M4

5) i = i – 1 =36) i ≠0 therefore go to step 2—– 3rd iteration of the BTF test————–2) (N3, M3) = C3 is removed from (NB, MB).3) (N3, M3) is not live, βB3 =16, C3 is put back into (N3,M3); m =m + 1 = 1;which means that C3 is necessary to keep the PNM live,

Fig. 4 A live Petri net (LPN)model (N0, M0) of the FMS,obtained by including the fiveCPs shown in Table 2 within thePNM

Table 2 Five CPs computed for the uncontrolled PNM, shown inFig. 2

C •Ci Ci• μ0(Ci)

1 t2, t6 t1, t5 12 t3, t6 t2, t5 13 t2, t7 t1, t6 14 t3, t6 t1, t5 15 t2, t7 t1, t5 1


4) NB := N3; MB := M3

5) i = i – 1 =26) i ≠0 therefore go to step 2—– 4th iteration of the BTF test————–2) (N2, M2) = C2 is removed from (NB, MB).3) (N2, M2) is not live, βB2 =16, C2 is put back into (N2,

M2); m =m + 1 = 2;which means that C2 is necessary to keep the PNM live,4) NB := N2; MB := M2

5) i = i – 1 =16) i ≠0 therefore go to step 2—– 5th iteration of the BTF test————–

Fig. 5 An LPN, (NA, MA)obtained from the FTB redun-dancy test

Fig. 6 An LPN, (NB, MB)obtained from the BTF redun-dancy test


2) (N1, M1) = C1 is removed from (NB, MB).3) (N1, M1) is not live, βB1 =16, C1 is put back into (N1,M1); m=m + 1 = 3;which means that C1 is necessary to keep the PNM live,4) NB := N1; MB := M1

5) i = i − 1 = 06) i =0 therefore carry onOutput: [for Algorithm B] l=2>0 therefore Output =

an LPN, denoted by a net system (NB,MB), controlled by m =3 necessary CPs, namely C1, C2 and C3; there are l = 2redundant CPs, namely C4 and C5;

βB = 15 > β0 =11, therefore the controlled behavior of(NB, MB)

is more permissive than (N0, M0)

Output:[for Algorithm A] j=3>0 therefore Output = an LPN,

denoted by a net system (NA, MA), controlled by k = 2necessary CPs, namely C4 and C5; there are j = 3 redundantCPs, namely C1, C2 and C3; βA = β0 =11, therefore thecontrolled behavior of (NA, MA) is the same as (N0, M0).Graphically, (NA, MA) is shown in Fig. 5.

[for Algorithm B] l=2>0 therefore Output = an LPN,denoted by a net system (NB, MB), controlled by m = 3necessary CPs, namely C1, C2 and C3; there are l = 2redundant CPs, namely C4 and C5; βB = 15 > β0 =11,therefore the controlled behavior of (NB, MB) is morepermissive than (N0, M0). Graphically, (NB, MB) is shown inFig. 6.

end Redundancy Test Algorithm

The above performed FTB redundancy test is summa-rized in Table 3, in which the first column is the iterationnumber, the first entry of which is the input and the lastentry of which is the output of the conducted FTBredundancy test. As there are five CPs to be processedthere are five iterations. The second column shows theuncontrolled net, i.e., PNM, considered. The 3rd and 4thcolumns are the kept CPs and the considered CP,respectively. The 5th column is the result of the livenessproperty carried out for the partially controlled net consist-ing of the uncontrolled PNM and the kept CPs. The 6thcolumn shows the number of states and arcs exist within thereachability graph of the partially controlled net. The lastcolumn answers the question based on the liveness analysisresult whether or not the considered CP is redundant. Notethat in this paper the computations shown in the 5th and 6thcolumns are carried out by using a freely available Petri nettool [35]. As explained in Section 3, after the removal ofconsidered CP if the controlled net is live with the same ormore reachable states then we can conclude that theconsidered CP is redundant and it has no control actionover the controlled model. Similarly, the BTF redundancytest conducted is summarized in Table 4.

When we compare the two redundancy tests it is obviousthat we have come up with two different live behaviors. Inthe FTB redundancy test, the controlled model, i.e., (NA, MA)shown in Fig. 5, is obtained with two necessary CPs, namelyC4 and C5, and can reach 11 good states, the same as the(N0, M0), while in the BTF redundancy test, the controlled

Table 3 FTB redundancy test carried out for the 5 CPs shown in Table 2

i net kept CPs consideredCP

Is the controllednet LIVE?

NRG

(states,arcs)Is the consideredCP redundant?

IN PNM shown inFig. 2.

C1-5 – YES (11,16) –1 C2-5 C1 YES (11,16) YES2 C3-5 C2 YES (11,16) YES3 C4, C5 C3 YES (11,16) YES4 C5 C4 NO (14,21) NO5 C4 C5 NO (14,21) NOOUT C4, C5 – YES (11,16) –

Table 4 BTF redundancy test carried out for the 5 CPs shown in Table 2



NRG


IN PNM shown inFig. 2.

C1-5 – YES (11,16) –5 C1-4 C5 YES (13,20) YES4 C1-3 C4 YES (15,24) YES3 C1, C2 C3 NO (16,25) NO2 C1, C3 C2 NO (16,25) NO1 C2, C3 C1 NO (16,26) NOOUT C1, C2, C3 – YES (15,24) –


model, i.e., (NB, MB) shown in Fig. 6, is obtained with threenecessary CPs, namely C1, C2 and C3, and can reach all 15good states.

4.2 S3PR nets

Production Petri nets (PPN) are used to model a set ofsequential processes sharing common resources [3, 6, 9]. Ateach operation, only one resource is used and there is noalternative resource routing. Upon the completion of theactivity or operation the resource is released only after thenext required resource is granted. Systems of simplesequential processes with resources (S3PR) [7], is ageneralization of PPN as choices are allowed in theproduction sequences. Deadlock prevention policies wereproposed in [7, 21, 27, 28] for this type of FMS (S3PR).Consider an FMS in Fig. 7a, taken from [7]. It consists ofthree robots (R1-3; each one can hold a product at a time)and four machines (M1-4; each one can process twoproducts at a time). There are three loading buffers (calledI1-3) and three unloading buffers (called O1-3) to load andunload FMS. R1 (R2; R3 resp.) is responsible for thefollowing I1, M1, M3, O3 (I2, O2, M1, M2, M3, M4; I3,O1, M2, M4 resp.). There are three raw product types,namely P1, P2 and P3, to be processed. For these rawproduct types the production cycles are as shown in Fig. 7b.According to the production cycles, a raw product P1 istaken from I1 by R1 and put either in M1 or M3. Afterbeing processed by M1 (resp. M3) it is then moved fromM1 (resp. M3) to M2 (resp. M4) by R2. Finally, after beingprocessed by M2 (resp. M4) it is then moved from M2(resp. M4) to O1 by R3. A raw product P2 is taken from I2and put in M2 by R2. After being processed by M2 it is

then moved from M2 to O2 by R2. A raw product P3 istaken from I3 and put in M4 by R3. After being processedby M4 it is then moved from M4 to M3 by R2. Finally,after being processed by M3 it is then moved from M3 toO3 by R1.

Figure 8 shows the S3PR model of the system [7].Initially, it is assumed that there are no parts in the system. Inthe S3PR model there are 26 places, P = {p1–13, p20–25,p30–32, p40–43} and 20 transitions, T = {t1–10, t12–15,t18–23}. Places p2–6 represent the operations of R1, M1,R2, M2 and R3, respectively for the “production sequence1” of the part type P1. Similarly, places p2, p7–9 and p6represent the operations of R1, M3, R2, M4 and R3,respectively for the “production sequence 2” of the part typeP1. For production sequence of the part type P2, placesp11–13 represent the operations of R2, M2 and R2,respectively. For production sequence of the part type P3,places p21–25 represent the operation of R3, M4, R2,M3, and R1 respectively. The number of tokens in placesp1, i.e., μ1 = 11, p10, i.e., μ10 = 3, and p20, i.e., μ20 = 7,represents the number of concurrent activities that can takeplace for part types P1, P2, and P3 respectively. Place p40denotes the resource M1. Places p30–32 and p41–43 denotethe shared resources R1–3, and M2–4 respectively. Initialmarkings of places p30–32, are all one as robots can holdone part. Initial markings of places p40–43 are all two asmachines can process two parts at a time.

The uncontrolled S3PR model shown in Fig. 8 is proneto deadlock and therefore it is necessary to deploy somecontrol mechanisms to prevent deadlocks in it. It can beverified that there are 26750 states of the uncontrolled S3PRmodel. In addition the live and optimally controlled S3PRmodel should be able to reach 21581 good states.

Fig. 7 (a) An FMS layout, and(b) Production cycles for FMS


We will consider three different solutions for thisproblem from the Petri net based deadlock preventionliterature. The first solution is from [7].

In [7] the LES, consisting of 18 CPs, shown in Table 5,is computed for preventing deadlocks within the S3PRmodel. It can be verified that the controlled S3PR model islive with 6287 good states.

When we apply both front-to-back (FTB) and the back-to-front (BTF) redundancy tests to the S3PR modelcontrolled with 18 CPs, we can see that there are two setsof necessary CPs obtained with two different live behav-iors. Let us now consider these redundancy tests in detail.

Firstly, consider BTF redundancy test; the details of theBTF redundancy test carried out for the S3PR modelcontrolled with the 18 CPs of [7] are given in Table 6. Itcan be seen from Table 6 that the removal of C5-6, C8–15,and C17–18 does not affect the liveness of the controlledS3PR model. After removing these 12 CPs the controlledS3PR model is still live with the same number of goodstates. This means that they are all redundant. As can beseen from the last row of Table 6, the controlled S3PRmodel, consisting of the uncontrolled S3PR model and sixnecessary CPs, namely C1–4, C7, and C16, is live with6287 reachable states. This live behavior is the same as thatof S3PR model controlled with all 18 CPs.

Secondly, consider FTB redundancy test; the details ofthe FTB redundancy test carried out for the controlledS3PRmodel obtained with the 18 CPs of [7] are given inTable 7. It can be seen from Table 7 that after the exclusionof C3, C5-6, C8-15, and C17-18 the controlled S3PR modelis still live. This means that they are all redundant. Afterexcluding them we obtain five necessary CPs, namelyC1-2, C4, C7, and C16. As can be seen from the last row ofTable 7, the S3PR model controlled with them is live with6331 reachable states.

When we compare the two redundancy tests it is obviousthat we have come up with two different live behaviors. In theBTF redundancy test, the controlled model is obtained withsix necessary CPs and can reach 6287 good states, the sameas the original answer, while in the FTB redundancy test, thecontrolled model is obtained with five necessary CPs and canreach 6331 good states - 44 more good states are reachable.

The second solution is from [30], where the LES,consisting of 16 CPs, shown in Table 8, is computed,based on the approach proposed in [21], for preventing

Fig. 8 The S3PR model of theFMS taken from [7]

Table 5 18 CPs, computed in [7] for the uncontrolled S3PR model


1 t2, t10, t19 t1, t18 22 t2, t8, t21 t1, t18 23 t3, t8, t22 t1, t18 54 t4, t7, t14 t1, t12 25 t4, t8, t14, t21 t1, t12, t18 46 t4, t8, t14, t22 t1, t12, t18 77 t2, t9, t20 t1, t18 28 t2, t9, t21 t1, t18 49 t2, t9, t22 t1, t18 710 t4, t9, t14, t20 t1, t12, t18 411 t4, t9, t14, t21 t1, t12, t18 612 t4, t9, t14, t22 t1, t12, t18 913 t2, t10, t20 t1, t18 314 t2, t10, t21 t1, t18 515 t2, t10, t22 t1, t18 816 t5, t10, t14, t20 t1, t12, t18 517 t5, t10, t14, t21 t1, t12, t18 718 t5, t10, t14, t22 t1, t12, t18 10


deadlocks within the S3PR model, shown in Fig. 8. It canbe verified that the controlled S3PR model is live with12656 good states.

When we apply both FTB and BTF redundancy tests tothe controlled S3PR model, obtained with the 16 CPs of[30] we obtain live controlled model with the same set of

necessary CPs. Therefore, here we consider only the detailsof the FTB redundancy test, given in Table 9. It can be seenfrom Table 9 that the removal of C2-3, and C5-11 does notaffect the liveness of the controlled S3PR model. Afterremoving these 9 CPs, the controlled S3PR model is stilllive with the same number of good states. This means that

Table 6 BTF redundancy test carried out for the 18 CPs computed in [7]

i net kept CPs considered CP Is the controllednet LIVE?

NRG (states,arcs) Is the consideredCP redundant?

IN S3PR C1 -18 – YES (6287,20849) –18 S3PR C1 -17 C18 YES (6287,20849) YES17 S3PR C1 -16 C17 YES (6287,20849) YES16 S3PR C1 -15 C16 NO (6665,22085) NO15 S3PR C1 -14, C16 C15 YES (6287,20849) YES14 S3PR C1 -13, C16 C14 YES (6287,20849) YES13 S3PR C1 -12, C16 C13 YES (6287,20849) YES12 S3PR C1 -11, C16 C12 YES (6287,20849) YES11 S3PR C1 -10, C16 C11 YES (6287,20849) YES10 S3PR C1 -9, C16 C10 YES (6287,20849) YES9 S3PR C1 -8, C16 C9 YES (6287,20849) YES8 S3PR C1 -7, C16 C8 YES (6287,20849) YES7 S3PR C1 -6, C16 C7 NO (6456,21318) NO6 S3PR C1 -5, C7, C16 C6 YES (6287,20849) YES5 S3PR C1 -4, C7, C16 C5 YES (6287,20849) YES4 S3PR C1-3, C7, C16 C4 NO (9220,31040) NO3 S3PR C1-2, C4, C7, C16 C3 NO (6331,20980) NO2 S3PR C1, C3-4, C7, C16 C2 NO (6903,22734) NO1 S3PR C2 -4, C7, C16 C1 NO (7383,24788) NOOUT S3PR C1-4, C7, C16 – YES (6287,20849) –

Table 7 FTB redundancy test carried out for the 18 CPs computed in [7]



NRG


IN S3PR C1-18 – YES (6287,20849) –1 S3PR C2-18 C1 NO (7191,24148) NO2 S3PR C1, C3-18 C2 NO (6811,22493) NO3 S3PR C1-2, C4-18 C3 YES (6331,20980) YES4 S3PR C1-2, C5-18 C4 NO (8547,28826) NO5 S3PR C1-2, C4, C6-18 C5 YES (6331,20980) YES6 S3PR C1-2, C4, C7-18 C6 YES (6331,20980) YES7 S3PR C1-2, C4, C8-18 C7 NO (6476,21395) NO8 S3PR C1-2, C4, C7, C9-18 C8 YES (6331,20980) YES9 S3PR C1-2, C4, C7, C10-18 C9 YES (6331,20980) YES10 S3PR C1-2, C4, C7, C11-18 C10 YES (6331,20980) YES11 S3PR C1-2, C4, C7, C12-18 C11 YES (6331,20980) YES12 S3PR C1-2, C4, C7, C13-18 C12 YES (6331,20980) YES13 S3PR C1-2, C4, C7, C14-18 C13 YES (6331,20980) YES14 S3PR C1-2, C4, C7, C15-18 C14 YES (6331,20980) YES15 S3PR C1-2, C4, C7, C16-18 C15 YES (6331,20980) YES16 S3PR C1-2, C4, C7, C17, C18 C16 NO (6728,22281) NO17 S3PR C1-2, C4, C7, C16, C18 C17 YES (6331,20980) YES18 S3PR C1-2, C4, C7, C16 C18 YES (6331,20980) YESOUT S3PR C1-2, C4, C7, C16 – YES (6331,20980) –


they are all redundant. As can be seen from the last row ofTable 9, the S3PR model, controlled by the seven necessaryCPs, namely C1, C4, and C12–16, is live with 12656reachable good states.

The last solution is from [32, 33], where 19 CPs, shownin Table 10, are computed for preventing deadlocks withinthe S3PR model, shown in Fig. 8. It can be verified that thecontrolled S3PR model consisting of the uncontrolled S3PRmodel and the 19 CPs shown in Table 10 is live with 21562good states. This is an almost optimal solution for thisparticular example.

When we apply both FTB and BTF redundancy tests tothe S3PR model controlled with the 19 CPs of [32, 33] weobtain live controlled model with the same set of necessaryCPs. Therefore, here we consider only the details of theFTB redundancy test, given in Table 11. It can be seen fromTable 11 that the removal of C10 and C12 does not affectthe liveness of the controlled S3PR model. After excludingthese two CPs, the controlled S3PR model is still live withthe same number of good states. This means that they areredundant. As can be seen from the last row of Table 11,the S3PR model, controlled with the 17 necessary CPs,namely C1–9, C11, and C13–19, is live with 21562reachable good states.

4.3 S4PR nets

S4PR nets are a class of Petri nets and are used to modelFMS. An S4PR is a generalized connected self-loop freePetri net and is composed of a set of state machines (oneper type of part to be processed in the system) which use amulti-set of resources at each processing step [20]. Figure 9shows an S4PR model of an FMS, taken from [20]. Initially,it is assumed that there are no parts in the system. In theS4PR model there are 16 places, P = {p1–11, p21–23, p31,p32} and fourteen transitions, T = {t1–14}. Places p1–5represent the operation of resources R1, R1, R1, R2, andR3 respectively for the part type 1. Similarly, places p6–11represent the operation of resources R3, R2, R1, R2, R1and R1 respectively for the part type 2. The number oftokens in places p31, i.e., μ31 = 25, and p32, i.e., μ32 = 25,

Table 8 16 CPs computed in [30] for the uncontrolled S3PR model


1 t5, t10, t14, t20 t3, t8, t12, t18 52 t3, t10, t22 t1, t18 83 t4, t9, t14, t20 t3, t8, t12, t19 44 t3, t8, t22 t1, t20 55 t3, t9, t22 t1, t19 76 t10, t21 t7, t18 57 t10, t20 t8, t18 38 t4, t8, t14, t21 t3, t7, t12, t20 49 t4, t8, t14, t22 t1, t12, t20 710 t9, t21 t7, t19 411 t4, t9, t14, t21 t3, t7, t12, t19 612 t9, t20 t8, t19 213 t8, t21 t7, t20 214 t4, t14 t3, t12 215 t10, t19 t9, t18 216 t2, t5, 2t10, 2t20 2t1, 2t18 7

Table 9 FTB redundancy test carried out for the 16 CPs computed in [30]



NRG


IN S3PR C1-16 – YES (12656,43772) –1 S3PR C2-16 C1 NO (12668,43806) NO2 S3PR C1, C3-16 C2 YES (12656,43772) YES3 S3PR C1, C4-16 C3 YES (12656,43772) YES4 S3PR C1, C5-16 C4 NO (12694,43856) NO5 S3PR C1, C4, C6-16 C5 YES (12656,43772) YES6 S3PR C1, C4, C7-16 C6 YES (12656,43772) YES7 S3PR C1, C4, C8-16 C7 YES (12656,43772) YES8 S3PR C1, C4, C9-16 C8 YES (12656,43772) YES9 S3PR C1, C4, C10-16 C9 YES (12656,43772) YES10 S3PR C1, C4, C11-16 C10 YES (12656,43772) YES11 S3PR C1, C4, C12-16 C11 YES (12656,43772) YES12 S3PR C1, C4, C13-16 C12 NO (12720,43956) NO13 S3PR C1, C4, C12, C14-16 C13 NO (12746,43973) NO14 S3PR C1, C4, C12-13, C15-16 C14 NO (13671,46855) NO15 S3PR C1, C4, C12-14, C16 C15 NO* (12736,44040) NO16 S3PR C1, C4, C12-14, C15 C16 NO (22177,78898) NOOUT S3PR C1, C4, C12-16 – YES (12656,43772) –

*The net has no dead reachable states. This means that the system is in livelock


represents the number of concurrent activities that can takeplace for two part types, respectively. Places p21–23 denotethe shared resources R1–3 respectively. Initial markings ofplaces p21–23 are 5, 21, and 3 respectively as there are 5

R1-type resources, 21 R2-type resources, and 3 R3-typeresources.

The uncontrolled S4PR model shown in Fig. 9 is proneto deadlock and has 54869 states of which 51506 ones aregood. In [20] five CPs, shown in Table 12, are computedfor preventing deadlocks in it. It can be verified that theS4PR model, controlled by these 5 CPs is live with 51386good states. When we apply our redundancy tests to theS4PR model controlled by 5 CPs, we can see that the C4 isredundant. As a result, the S4PR model, controlled by thenecessary CPs, namely C1-3 and C5, is live with the same51386 reachable states.

In [33] eight CPs, shown in Table 13, are computed forpreventing deadlocks for the same S4PR model. It can beverified that the S4PR model controlled by these eight CPs islive with 48752 good states. When we apply our redundancytests to the S4PR model controlled by these eight CPs, wecan see that C6 is redundant. As a result, the S4PR modelcontrolled by the necessary seven CPs, namely C1-5, andC7-8, is live with the same 48752 reachable states.

4.4 S2LSPR nets

S2LSPR (system of simple linear sequential processes withresources) [19], are a class of Petri nets used to modelsequential resource allocation systems in which competitionof the concurrently executing processes for the limitedsystem resources takes place. Figure 10 shows an S2LSPR

Table 11 FTB redundancy test carried out for the 19 CPs, computed in [32, 33]



NRG


IN S3PR C1-19 – YES (21562,76827) –1 S3PR C2-19 C1 NO (22285,79166) NO2 S3PR C1, C3-19 C2 NO (22257,78869) NO3 S3PR C1-2, C4-19 C3 NO (21877,77793) NO4 S3PR C1-3, C5-19 C4 NO (21955,78022) NO5 S3PR C1-4, C6-19 C5 NO* (21742,77487) NO6 S3PR C1-5, C7-19 C6 NO (22052,78681) NO7 S3PR C1-6, C8-19 C7 NO (21597,76909) NO8 S3PR C1-7, C9-19 C8 NO (21759,77376) NO9 S3PR C1-8, C10-19 C9 NO (21650,77134) NO10 S3PR C1-9, C11-19 C10 YES (21562,76827) YES11 S3PR C1-9, C12-19 C11 NO (21726,77289) NO12 S3PR C1-9, C11, C13-19 C12 YES (21562,76827) YES13 S3PR C1-9, C11, C14-19 C13 NO (21574,76867) NO14 S3PR C1-9, C11, C13, C15-19 C14 NO (21703,77276) NO15 S3PR C1-9, C11, C13-14, C16-19 C15 NO (21573,76861) NO16 S3PR C1-9, C11, C13-15, C17-19 C16 NO (21685,77188) NO17 S3PR C1-9, C11, C13-16, C18-19 C17 NO (21587,76890) NO18 S3PR C1-9, C11, C13-17, C19 C18 NO (21564,76831) NO19 S3PR C1-9, C11, C13-18 C19 NO (21563,76829) NOOUT S3PR C1-9, C11, C13-19 – YES (21562,76827) –

*The net has no dead reachable states. This means that the system is in livelock.

Table 10 19 CPs computed in [32, 33] for the uncontrolled S3PRmodel

Ci•Ci Ci

• μ0(Ci)

1 t14 t12 22 t4, t14 t3, t13 23 t8, t21 t7, t20 24 t9, t20 t8, t19 25 t8, t20 t7, t19 36 t10, t19 t9, t18 27 t9, t20 t7, t18 48 t10, t20 t8, t18 39 t8, t10, t20 t7, t9, t18 410 t5, t14, t20 t4, t12, t18 511 t3, t8, t22 t1, t20 512 t5, t14, t20 t3, t13, t18 513 t5, t8, t14, t20 t4, t7, t12, t18 614 t5, t10, t14, t20 t4, t9, t12, t18 515 t5, t8, t14, t20 t3, t7, t13, t18 616 t5, t10, t14, t20 t3, t9, t13, t18 517 t5, t8, t10, t20, t22 t1, t9, t18, t21 918 t3, t5, t8, t10, t21 t1, t4, t9, t18 919 t3, t5, t9, t20, t22 t1, t4, t18, t21 9


model of an FMS, taken from [19]. There are two part typesto be processed. Initially, it is assumed that there are noparts in the system. In the S2LSPR model there are elevenplaces, P = {p10, p11–13, p20, p21–23, p31–33} and eighttransitions, T = {t10–13, t20–23}. Places p11–13 representthe operation of resources R1-3 respectively for the 1st parttype. Similarly, places p21–23 represent the operation ofresources R3, R2, and R1 respectively for the 2nd part type.The number of tokens in places p10, i.e., μ10 = 4, and p20,i.e., μ20 = 4, represents the number of concurrent activitiesthat can take place for the two part types, respectively.Places p31–33 denote the shared resources R1-3 respec-tively. Initial markings of places p31–33 are 1, 2, and 1respectively as there are 1 R1-type resource, 2 R2-typeresources, and 1 R3-type resource.

The uncontrolled S2LSPR model shown in Fig. 10 isprone to deadlock and has 47 states of which 42 ones aregood. In [19] three CPs, shown in Table 14, are computed

for preventing deadlocks in it. It can be verified that theS2LSPR model controlled by these 3 CPs, is live with 32good states. When we apply our redundancy tests to theS2LSPR model controlled by these three CPs, we can seethat both C1 and C3 are redundant. As a result, the S2LSPRmodel controlled by necessary CP, namely C2, is live withthe same 32 reachable states.

In [31] four CPs, shown in Table 15, are computed forpreventing deadlocks for the same S2LSPR model. It can beverified that the S2LSPR model, controlled by these fourCPs, is live with 42 good states (i.e., it is an optimalsolution). When we apply our redundancy tests to theS2LSPR model, controlled by these four CPs, we can seethat C3 is redundant. As a result, the S2LSPR modelcontrolled by necessary CPs, namely C1-2 and C4, is livewith the same 42 reachable states.

Fig. 9 S4PR model of an FMStaken from [20]

Table 12 5 CPs computed in [20] for the S4PR model

Ci•Ci Ci

• μ0(Ci)

1 2t2 2t1 32 5t4, 3t9, 4t11 2t1, 3t2, 3t8, t10 233 2t4, 3t5, 3t9, 4t11 2t1, 3t2, t7, 2t8, t10 264 3t5, t8 3t4, t7 235 6t5, 3t8 2t1, 3t2, t4, 3t7 49

Table 13 8 CPs computed in [33] for the S4PR model

Ci•Ci Ci

• μ0(Ci)

1 t2 t1 12 t3, t9, t11 t2, t8 53 t4, t9, t11 t3, t8 54 t3, t5, t8, t11 t2, t4, t7, t10 85 t3, t5, t9, t11 t2, t4, t7 96 t5, t9, t10 t3, t7 97 t5, t8, t11 t3, t7, t10 88 t5, t9, t11 t3, t7 9


4.5 S3PGR2 nets

S3PGR2 (System of simple sequential processes withgeneral resource requirements) net structure [22], is aweighted generalization of ES3PR net proposed in [14].S3PGR2 nets are a class of Petri nets obtained byinterconnecting the state machines modeling the varioussystem job types, through resource places, modeling theavailability of the various resource types. Figure 11 showsan S3PGR2 model of an FMS, taken from [22]. There aretwo part types to be processed. Initially, it is assumed thatthere are no parts in the system. In the S3PGR2 model thereare 14 places, P = {p10, p11–15, p20, p21–24, p31–33}and 13 transitions, T = {t1–13}. Places p11–15 representthe operation of resources R1, R1, R3, R1, and R2respectively for the 1st part type. Similarly, places p21–24represent the operation of resources R2, R2, R1, and R3respectively for the 2nd part type. The number of tokens inplaces p10, i.e., μ10 = 3, and p20, i.e., μ20 = 3, represents thenumber of concurrent activities that can take place for twopart types, respectively. Places p31–33 denote the sharedresources R1-3 respectively. Initial markings of places p31–

33 are 4, 4, and 2 respectively as there are 4 R1-typeresources, 4 R2-type resources, and 2 R3-type resources.

The uncontrolled S3PGR2 model shown in Fig. 11 isprone to deadlock and has 363 states of which 323 ones aregood. In [22] three CPs, shown in Table 16, are computedfor preventing deadlocks in it. It can be verified that theS3PGR2 model, controlled by these 3 CPs, is live with 85good states. When we apply our redundancy tests to theS3PGR2 model, controlled by these 3 CPs, we can see thatC3 is redundant. As a result, the S3PGR2 model controlledby two necessary CPs, namely C1 and C2, is live with thesame 85 reachable states.

In [31] three CPs, shown in Table 17, are computed forpreventing deadlocks for the same S3PGR2 model. It can beverified that the S3PGR2 model, controlled by these threeCPs, is live with 246 good states. When we apply ourredundancy tests to the S3PGR2 model, controlled by thesethree CPs, we can see that C1 is redundant. As a result, theS3PGR2 model, controlled by two necessary CPs, namelyC2 and C3, is live with 257 reachable states. Surprisingly,when the redundant CP is removed we obtain better system

Fig. 10 S2LSPR model takenfrom [19]

Table 14 3 CPs computed in [19] for the S2LSPR model

Ci•Ci Ci

• μ0(Ci)

1 t11, t23 t10, t22 12 t12, t22 t10, t20 23 t13, t21 t12, t20 1

Table 15 4 CPs computed in [31] for the S2LSPR model

Ci•Ci Ci

• μ0(Ci)

1 t11, t22 t10, t21 22 t12, t21 t11, t20 23 t11, t21 t10, t20 34 t12, t22 t10, t20 3


performance, i.e., 257 reachable states implying 11 moregood reachable states than the original one in [31].

4.6 S3PMR nets

S3PMR (Systems of simple sequential processes withmultiple resources) net structure [31], is a class of Petrinets allowing the use of multiple resources at a singleoperation. S3PMR nets are a subclass of S3PGR2 nets asdefined in [22]. A siphon-based deadlock preventionalgorithm for S3PMR nets has been proposed in [31].Figure 12 shows an S3PMR model of an FMS, taken from[31]. There are two part types to be processed. Initially, it isassumed that there are no parts in the system. In the S3PMRmodel there are 16 places, P = {p1–16} and 13 transitions,T = {t1–13}. Places p2–7 represent the operation ofresources R1, R2&R4, R2&R4, R2&R3, R2&R3 and R3respectively for the 1st part type. Similarly, places p9–12represent the operation of resources R3, R2&R3, R2, andR1 respectively for the 2nd part type. The number of tokensin places p1, i.e., μ1 = 5, and p8, i.e., μ8 = 5, represents thenumber of concurrent activities that can take place for twopart types respectively. Places p13–16 denote the sharedresources R1-4 respectively. Initial markings of placesp13–16 are 1, 1, 2, and 1 respectively as there are 1R1-type resource, 1 R2-type resource, 2 R3-type resources,and 1 R4-type resource.

The uncontrolled S3PMR model shown in Fig. 12 is proneto deadlock and has 77 states of which 64 ones are good. In

[31] five CPs, shown in Table 18, are computed forpreventing deadlocks in it. It can be verified that theS3PMR model, controlled by these 5 CPs, is live with 64good states (optimal solution). When we apply our redun-dancy tests to the S3PMR model, controlled by these fiveCPs, we can see that there are two sets of necessary CPsobtained by applying both FTB and BTF tests. In the FTBtest, C3 and C4 are found redundant, while C1-2 and C5 arenecessary. In the BTF test, C4 and C5 are found redundant,while C1-3 are necessary. As a result, in both cases theS3PMR model controlled by either of the necessary set ofCPs, is live with the same 64 reachable states.

5 Conclusions

This paper presents a robust method to identify andeliminate redundant control places that may exist in theliveness enforcing supervisor (LES) of an FMS. Theproposed approach takes a live Petri net model (LPN) ofan FMS, controlled by an LES consisting of n controlplaces (CPs) together with their related arcs and initialmarkings, as input and in the existence of any redundantCP it produces redundant and necessary CPs. In theexistence of two alternative sets of CPs, the proposedredundancy test provides two sets of redundant andnecessary CPs from which the more permissive one or theone with the least number of CPs can be chosen. Theproposed approach is applicable to any LPN consisting of a

Fig. 11 S3PGR2 model takenfrom [22]

Table 16 3 CPs computed in [22] for the S3PGR2 model

Ci•Ci Ci

• μ0(Ci)

1 3t3, t5, 4t6, t12 4t1, t10 42 t7, 3t10, 2t11, t13 t1, 3t8 43 t5, t13 t3, t11 2

Table 17 3 CPs computed in [31] for the S3PGR2 model

Ci•Ci Ci

• μ0(Ci)

1 2t3, 2t5, 4t6, 3t10, 2t11, t13 4t1, 3t8 92 2t10, 2t11 2t8 33 3t3, 3t6 3t1 3


PNM, prone to deadlock, of an FMS, controlled by meansof a set of CPs.The applicability of the proposed redun-dancy test is demonstrated by considering a number of LPNcurrently available within the Petri net based deadlockprevention/liveness enforcing literature. The proposedredundancy test represents a ‘must’ for the Petri-net-baseddeadlock-prevention/liveness enforcing approaches, whereboth the plant, i.e., FMS, and the controller or the livenessenforcing supervisor LES are represented as a Petri net.

Acknowledgements The authors would like to thank the AE and theanonymous referees whose comments and suggestions greatly helpedus improve the presentation and quality of the paper.The work is in part supported by the National Nature ScienceFoundation of China under Grant No 60474018 and 60228004, andthe Scientific Research Foundation for the Returned Overseas ChineseScholars, State Education Ministry of China, under Grant No 2004-527.

References

1. Fanti MP, Zhou MC (2004) Deadlock control methods inautomated manufacturing systems. IEEE Trans Syst Man CybernPart A 34(1):5–22

2. Visvanadham N, Nahari Y, Johnson TL (1990) Deadlockprevention and deadlock avoidance in flexible manufacturingsystems using Petri net models. IEEE Trans Robot Automat6(6):713–723

3. Banaszak ZA, Krogh BH (1990) Deadlock avoidance in flexiblemanufacturing systems with concurrently competing processflows. IEEE Trans Robot Autom 6(6):724–734

4. Tat LY, Gwo-Ji S (1993) Resolving deadlocks in flexiblemanufacturing cells. J Manuf Syst 12(4):291–307

5. Wysk RA, Neng-Shu Y, Sanjay J (1994) Resolution of deadlocksin flexible manufacturing systems: avoidance and recoveryapproaches. J Manuf Syst 13(2):128–136

6. Hsieh FS, Chang SC (1994) Dispatching-driven deadlock avoid-ance controller synthesis for flexible manufacturing systems.IEEE Trans Robot Automat 10(2):196–209

7. Ezpeleta J, Colom JM, Martinez J (1995) A Petri net baseddeadlock prevention policy for flexible manufacturing systems.IEEE Trans Robot Automat 11(2):173–184

8. Cho H, Kumaran TK, WyskR (1995) Graph-theoretic deadlockdetection and resolution for flexible manufacturing systems. IEEETrans Robot Automat 11(3):413–421

9. Xing K, Hu B, Chen H (1995) Deadlock avoidance policy forflexible manufacturing systems. In: Zhou MC (ed) Petri Nets inFlexible and Agile Automation. Kluwer, Boston, MA, pp 239–263

10. Xing K, Hu B, Chen H (1996) Deadlock avoidance policy forPetri-net modelling of flexible manufacturing systems with sharedresources. IEEE Trans Automat Contr 41(2):289–295

11. Fanti MP, Maione B, Mascolo S, Turchiano B (1997) Event-basedfeedback control for deadlock avoidance in flexible productionsystems. IEEE Trans Robot Automat 13(3):347–363

12. Lawley M, Reveliotis S, Ferreira P (1997) Design guidelines fordeadlock handling strategies in flexible manufacturing systems.Int J Flex Manuf Syst 9(7):5–29

13. Yim D, Kim J, Woo H (1997) Avoidance of deadlocks in flexiblemanufacturing systems using a capacity designated directed graph.Int J Product Res 35(9):2459–2475

14. Tricas F, Garcia-Valles F, Colom JM, Ezpelata J (1998) Astructural approach to the problem of deadlock prevention in

Table 18 5 CPs computed in [31] for the S3PMR model

Ci•C(pre) C•(post) μ0(Ci)

1 t3, t6, t12 t2, t5, t13 22 t2, t5, t10 t1, t12 13 2t2, 2t5, t10 2t1, t13 34 t2, t5, t11, t12 t1, 2t13 45 t2, t5, t12 t1, t13 2

Fig. 12 S3PMR model takenfrom [31]


processes with resources. In: Proc WODES’98, Italy, pp 273–278,26–28 August 1998

15. Lawley M, Reveliotis S, Ferreira P (1998) A correct and scalabledeadlock avoidance policy for flexible manufacturing systems.IEEE Trans Robot Automat 14:796–809

16. Abdallah IB, ElMaraghy HA (1998) Deadlock prevention andavoidance in FMS: a petri net based approach. Int J Adv ManufTech 14(10):704–715

17. Ferrarini L, Maroni M (1998) Deadlock avoidance control formanufacturing systems with multiple capacity resources. Int J AdvManuf Tech 14(10):729–736

18. Lawley M (1999) Deadlock avoidance for production systemswith flexible routing. IEEE Trans Robot Automat 15(3):497–509

19. Park J, Reveliotis SA (2000) Algebraic synthesis of efficientdeadlock avoidance policies for sequential resource allocationsystems. IEEE Trans Robot Automat 16(2):190–195

20. Tricas F, Garcia-Valles F, Colom JM, Ezpeleta J (2000) Aniterative method for deadlock prevention in FMS. In: StremerschG (ed) Discrete event systems: analysis and control. Kluwer,Dordrecht, pp 139–148

21. Huang Y, Jeng MD, Xie X, Chung S (2001) Deadlock preventionbased on Petri nets and siphons. Int J Prod Res 39(2):283–305

22. Park J, Reveliotis SA (2001) Deadlock avoidance in sequentialresource allocation systems with multiple resource acquisitionsand flexible routings. IEEE Trans Automat Contr 46(10):1572–1583

23. Ezpeleta J, Tricas F, Garcia-Valles F, Colom JM (2002) Abanker’s solution for deadlock avoidance in FMS with flexiblerouting and multi resource states. IEEE Trans Robot Autom 18(4):621–625

24. Uzam M (2002) An optimal deadlock prevention policy forflexible manufacturing systems using Petri net models withresources and the theory of regions. Int J Adv Manuf Tech19(3):192–208

25. Iordache MV, Moody JO, Antsaklis PJ (2002) Synthesis ofdeadlock prevention supervisors using Petri nets. IEEE TransRobot Automat 18(1):59–68

26. Uzam M (2004) The use of Petri net reduction approach for anoptimal deadlock prevention policy for flexible manufacturingsystems. Int J Adv Manuf Tech 23(3–4):204–219

27. Li Z, Zhou MC (2004) Elementary siphons of petri nets and theirapplication to deadlock prevention in flexible manufacturingsystems. IEEE Trans Robot Syst Man Cybern Part A: Syst Hum34(1):38–51

28. Li Z, Zhou MC (2004) An effective FMS deadlock preventionpolicy based on elementary siphons. In: Proc of 2004 IEEE IntConf Robot Automat pp 3143–3148, New Orleans, LA, May2004

29. Jeng MD, Xie X, Chung S-L (2004) ERCN* merged nets formodeling degraded behavior and parallel processes in semicon-ductor manufacturing systems. IEEE Trans Syst Man Cybern34(1):102–112

30. Li Z, Uzam M, Zhou MC (2004) Comments on “deadlockprevention policy based on Petri nets and siphons”. Int J Prod Res42(24):5253–5254

31. Huang YS, Jeng MD, Xie X, Chung DH (in press) Siphon-baseddeadlock prevention policy for flexible manufacturing systems.IEEE Trans Syst Man Cybern Part-A

32. Uzam M, Zhou MC (in press) An iterative synthesis approach toPetri net based deadlock prevention policy for flexible manufactur-ing systems. IEEE Trans Syst Man Cybern Part-A

33. Uzam M, Zhou MC (2006) An improved iterative synthesisapproach for liveness enforcing supervisors of flexible manufac-turing systems. Int J Prod Res 44(10):1987–2030

34. Murata T (1989) Petri nets: properties, analysis and application.Proc IEEE 44:541–579

35. INA (31.07.2003) Integrated Net Analyzer, a software tool foranalysis of Petri nets, Version 2.2. http://www.informatik.hu-berlin.de/~starke/ina.html


http://www.informatik.hu-berlin.de/<starke/ina.html

http://www.informatik.hu-berlin.de/<starke/ina.html

Identification and elimination of redundant control places in petri net based liveness enforcing...

Documents

Transcript of Identification and elimination of redundant control places in petri net based liveness enforcing...