On Concurrent Realization of Reactive Systems and Their Morphisms

On Concurrent Realization of Reactive Systemsand Their Morphisms?Marek A. Bednarczyk and Andrzej M. BorzyszkowskiInstitute of Computer Science, Gda�nsk Branch, Polish Acad. of Sc.Abrahama 18, 81-825 Sopot, Poland http://www.ipipan.gda.plAbstract. The paper introduces the notion of concurrent realization ofreactive systems. A framework is also presented in which labelled safePetri nets as concurrent realizations of concrete asynchronous systemsare constructed. The construction is uniform in the sense that it extendsto a realization of arbitrary commuting diagrams. We discuss applicabil-ity of the framework to construct maximally concurrent realizations ofreactive systems.1 IntroductionThe intuitive idea of reactive system admits various formalizations. This paperaccepts it as a starting point that the most abstract among them is the oneprovided by the notion of transition system. Another formalization, and the onethat o�ers most intuitive description of concurrent behavior, is provided by thenotion of Petri net. And indeed, given a Petri net as a model of a reactive systemone automatically is also given a transition system model in the form of the casegraph of the net. Each Petri net can thus be seen as a concurrent realization ofits case graph. So, a fundamental problem of Petri net theory is the following.Given a transition system S, �nd a Petri net N such that its case graphCg(N) is, essentially, equal to S.The �rst satisfactory answer to the problem was o�ered by Ehrenfeucht andRozenberg, cf. [14]. They characterized a class of transition systems which canbe seen as case graphs of a subclass of nets called elementary nets. Moreover,they provided a construction which for any transition system from this class syn-thesizes a required net. Our paper, together with several other papers includedin this volume, see [2, 12], attempts to achieve further uni�cation of the Petri nettheory, by extending the boundaries of synthesis to larger classes of transitionsystems and nets.The fundamental problem can be seen as an instance of a general task ofrelating di�erent classes of models. A fruitful, and well-established method ofsolving this type of problems is provided by category theory, cf. [16]. Firstly, oneshould, for each class of models, come up with a suitable notion of morphism, and? Partially supported by State Committee for Scienti�c Research grant 8 T11C 037 16.

thereby turn the class into a category. Then, the aim is to establish a functorialtranslation of objects and morphisms from one category to the other, and back.It is desirable that the functors obtained in this way are adjoint. This would, forinstance, provide means of transportation of categorical constructions betweenthe classes. Ideally, one of the classes turns out to be more abstract than theother. This, formally, takes the form of the adjunction being a (co-)re ection.Existence of a (co-)re ection boils down to the observation that translating anabstract object to the less abstract category, and back, gives, essentially, thesame abstract object again. To put it formally, the object thus obtained shouldbe isomorphic to the original | the property often imposed in mathematicallysatisfactory formalizations of the fundamental problem of Petri net theory.The line of research described above was initiated in the 80s, and led byWinskel. As a result many models of distributed and concurrent computationswere inter-related. In fact it was Winskel who �rst established a core ection inthe form required by the fundamental problem. But his solution worked onlyfor unfoldings of concurrent behaviors on both sides, i.e., a core ection wasestablished between prime event structures and occurrence nets.In this paper we address the problem of �nding a (maximally) concurrentrealization of a reactive system within a categorical framework. Until now, allcategorically motivated realization procedures looked for an adjunction betweena category of abstract behaviors and a category of Petri nets, see [20, 11, 30,2]. As a result, in order to guarantee universality of the construction, the Petrinets constructed by the adjunctions tended to be huge, literally saturated withplaces. In practical applications this price for the universality seems too high.Thus, in order to work with smaller nets, the original regional construction [14]was rami�ed. The idea was to construct nets of the desired kind, and with asmall or minimal number of places, see [1, 9, 10]. To our knowledge, none ofthese constructions has been shown to have a categorical underpinning.Several novel ideas are put forward in this paper.First, a notion of concurrent realization of a reactive system is proposed. Theidea is that the concurrency present in a Petri net taken as a realization shouldimplement concurrency encoded in, or admissible for the given reactive system.Second, concurrent realizations of a given behavior are sought in the cate-gory of labelled Petri nets. Originally, see [14], the problem of synthesis was to�nd a Petri net the transitions of which would be the actions of the synthesizedtransition system. This is a severe restriction | even simple classes of nets, likesafe nets, when equipped with labellings can model behaviors which are beyondthe scope of unlabelled synthesis presented in [1, 11, 20, 30]. Note, though, thatwith labelling allowed one could end up with a trivial solution: each step be-ing synthesized as a separate transition. Thus, it is the demand that the Petrinets taken as realizations, should also implement the concurrency present in theabstract behaviors that makes the problem non-trivial.Third, we show that thus generalized synthesis problem can be solved uni-formly for a large class of concurrent behaviors represented by concrete asyn-chronous systems. In [19] Morin characterized concrete asynchronous systems as2

products of the usual sequential transition systems in a suitable category. Ouridea is to utilize this characterization, and conduct synthesis of sequential sys-tems only. Then, to obtain a realization of a concrete asynchronous system it isenough take the product of the sequential nets realizing its sequential componen-t. The justi�cation comes from a result that states that the notion of realizationis consistent with products in both categories.As a by-product, we o�er a discussion of general morphisms of Petri nets,see [5]. The class, introduced independently and much earlier by Vogler in hisstudies of processes of nets ([26]), deserves to be known as much as the classes ofmorphisms introduced and studied by Winskel ([28]), and Nielsen et al. ([20]).General morphisms, we argue, are indispensable in the context of categoricalsynthesis of small nets.The paper is organized as follows.Sect. 2 explains why should we care about morphisms at all. Then, Sect. 3discusses categories of Petri nets, and their morphisms in particular. Here, weexplain in what sense the morphisms introduced by Vogler are general, and whatdoes it mean that a labelled Petri net realizes a reactive system. Sect. 4 recallsthe aforementioned work [19] of Morin on asynchronous systems decomposableas products of sequential ones. We also show how one can build realizations ofconcrete asynchronous systems and their morphisms. Finally, Sect. 5 providessome examples and indicates how one can go about �nding concrete behaviorsof reactive systems, and discusses our plans for further research in this area.Acknowledgments. We would like to acknowledge stimulating discussions withPhilippe Darondeau, Wies law Paw lowski, Rafa l Somla and Andrzej Tarlecki.Remarks of the anonymous referees helped us improve the presentation.2 Why Should We Care about Morphisms2.1 Reactive Systems, Their Categories and PropertiesA transition system S is a triple S = hS;A; T i where S and A are sets, whileT � S�A�S. Thus, a reactive system represented by a transition system S, hasstates|the elements of S. It is capable to react to some external actions|thecollection of all potential actions of S is A, also called the alphabet of S. Finally,at each state the system is capable to accept/perform one of its actions andthereby change its state|this is captured by the transition relation T .Let S be a transition system. Only �nite transition systems are consideredin this paper, therefore S and A are �nite sets.We let p, q, etc., to range over states, while a, b and so on range over actions.Usually, we write p a�! q whenever hp; a; qi 2 T , and call it a a-step in S. Then,notation p a�!, p a=�! and p �! q is used to indicate that either p a�! q holdsin S for some q, or for none, or for some a, respectively. Various sub- and/orsuper-scripts decorating transition systems are carried over to the components.3

For instance, A02 denotes the alphabet of S02, and so on. This convention appliesin the sequel to all structures and their components.S is deterministic whenever p a�! q and p a�! r implies q = r. In the paperwe consider only deterministic transition systems.Transition systems are often considered together with a designated initialstate s 2 S. The set RS of reachable states of such a pointed or initializedtransition system hS; si = hS; s; A; T i is then inductively de�ned as the least setsuch that s 2 RS, and q 2 RS whenever p 2 RS and p �! q in S. A transitionsystem S is reachable whenever all its states are reachable, that is S = RS.Given transition systems S1 and S2 their morphism f is a pair f = h�; �iwhere � : S1 ! S2 is a total function, while � : A1 * A2 is a partial function,which together preserve the transition relation of S1 in the following sense.p a�! q and �a+ implies �(p) �a�! �(q)p a�! q and �a* implies �(p) = �(q)Notation �a+, resp., �a*, above indicates that �a is de�ned, resp., unde�ned.When S1 and S2 are initialized, f also preserves the initial states, i.e., �(s1) = s2.This yields a category TS of transition systems, when composition of mor-phisms is de�ned componentwise and with pairs of identity functions as theidentity morphisms. All transition systems considered in the sequel are assumedto be initialized. Subclasses of deterministic, reachable, and deterministic-and-reachable transition systems de�ne important subcategories: dTS, rTS anddrTS, respectively. There is also an evident functor Re : TS ! rTS that,given S, produces its reachable subsystem Re(S) = hRS; s; A; T \(RS�A�RS)i.It cuts down to subcategories with deterministic systems.Intuitively, a morphism f : S! S0 explains how the dynamic activity in S issimulated in S0. The dynamic behavior of transition systems is often character-ized by means of properties expressible in a modal logic. Then, the existence ofa morphism like f , with f = h�; �i, is a proof that the following hold.{ Modulo �, the liveness properties valid in S also hold in S0, i.e., what ispossible for S, is also possible for S0.{ Modulo �, the safety properties valid in S0, are also valid in S. Thus, S cannotdo what is forbidden for S0, i.e., all inevitable properties of S0 hold in S.To substantiate the above claims let us consider a simple modal language.2.2 A Simple Language of Modal PropertiesThe set ML32(A) of formulae of the language, ranged over by ' and , isde�ned by the following grammar.' ::= true j false j ' ^ j ' _ j 3' j 2' j accepta j refuseaThe construction of ML32(A) is parameterized with the choice of alphabet Aof actions in the sense that each action a in A induces atomic formulae acceptaand refusea. 4

Each transition system S can be treated as a Kripke frame on which modalformulae can be interpreted, see [22]. The formal interpretation of ML32(A) ispresented in Table 1.s j= true always s j= ' ^ i� s j= ' and s j= s j= false never s j= ' _ i� s j= ' or s j= s j= accepta i� s a�! s j= refusea i� s a=�!s j= 3' i� s ��! t and t j= ' for some ts j= 2' i� s ��! t implies t j= ' for all tWhere s ��! t means s=s0 a1�! : : : an�! sn=t for a possibly empty sequence of actions.Table 1: The interpretation of ML32(A)Let ML3(A) be the subset of ML32(A) obtained by removing all formulaewhich contain a sub-formula of the form 2' or refusea. Similarly, ML2(A) isobtained by removing formulae containing 3' or accepta.Formulae in ML3(A) are existential in nature. If a system satis�es a formulaaccepta then it is capable of performing action a. Similarly, if the system satis�es3' then during its evolution it may reach a state in which ' will be satis�ed.Conversely, formulae in ML2(A) are universal in nature. If the system satis�esformula 2' it will always preserve ' during its evolution. If it satis�es refuseathen there is no way in which it can perform action a.Consequently, formulae in ML3(A) and ML2(A) are identi�ed as livenessand safety properties, respectively.Now, each partial function � : A * A0 induces a translation, also denoted �,of formulae in ML32(A) to formulae in ML32(A0) given in Table 2. Clearly, thetranslation cuts down to translations between liveness, resp., safety formulae.� true = true � false = false�(' ^ ) = �' ^ � �(' _ ) = �' _ � �(3') = 3�' �(2') = 2�'�(accepta) = (accept�a if �a+true if �a* �(refusea) = ( refuse�a if �a+false if �a*Table 2: Lifting a partial function on actions to translation on formulaeWith the machinery introduced above it is now possible to formally capturethe intuitive explanation of the role of morphisms of transition systems withrespect to the modal/temporal properties enjoyed by their sources and targets.5

To strengthen the results let us introduce a class of special morphisms thatgeneralizes Park's idea of bisimulation between transition systems.Morphism f : S ! S0 is a zig-zag whenever � is a bijection, and �(p) a0�! rin S0 implies the existence of q and a such that �q = r, �a = a0 and p a�! q inS.Proposition 1. Let h�; �i : S! S0. Then, the following hold.s j= ' implies �s j= �' for ' 2ML3(A)s j= ' whenever �s j= �' for ' 2ML2(A)s j= ' i� �s j= �' for ' 2ML32(A); provided f a zig-zagThe proof of the above is elementary, and in fact the result is stated here as aninstance of a large family of similar results which can be found in the literaturefor each possible modal or temporal logic of properties of reactive systems, seefor instance [22, Thm. 11.3].The above proposition can be applied either to show that a given system Senjoys a liveness property, or that it satis�es a safety property. In the formercase, one can try to �nd a morphism f : T ! S from a simple `test' systemT that satis�es, modulo the translation, the required liveness property. In thelatter case, one would look for a morphism f : S! T to a `test' system satisfying,modulo the translation again, the interesting safety property.In the sequel we turn to the problem of the concurrent realization of reactivesystems. The above discussion, and Prop. 1 in particular, should justify ourinterest in the question of realization of morphisms as well.3 Concurrent Realizations of Reactive SystemsIn this section the notion of asynchronous system is recalled, and put forwardas a formalization of the idea of concurrent behavior of reactive systems. Wealso recall the notion of labelled safe Petri net, to be used as the concurrentrealizations. Then, a formal de�nition of the idea of a labelled Petri net realizingconcurrent behavior of a reactive system represented as an asynchronous systemis proposed. We discuss how di�cult it is to e�ciently synthesize concurren-t behaviors of reactive systems as labelled Petri nets, and to synthesize theirmorphisms at the same time.3.1 Asynchronous SystemsAsynchronous systems were introduced in 1986, independently by Shields andone of the authors, see [24, 3]. The idea was to generalize the notion of transitionsystem so that concurrency gets re ected in the model.An asynchronous system A is a pair A = hS; ki where S is a deterministictransition system, and k � A�A is an irre exive and symmetric binary relationof independence de�ned on the alphabet of S. The transition system underlying6

the asynchronous system should satisfy the following swap property with respectto the independence relation.p a�! q b�! r and a k b implies p b�! s a�! r for some s 2 S: (1)The swap property is intended to capture an idea that can be traced back toMazurkiewicz, [17], that often concurrent execution of actions can be faithfullyrepresented by independence of the actions. This, rather restrictive view, doesnot work well for all categories of concurrent devices. It does work, though, foran important class of safe Petri nets. As a result, Mazurkiewicz traces qualify ascomputations of asynchronous systems, cf. [3].In the sequel only initialized asynchronous systems are considered, i.e., weassume that the underlying transition system of each asynchronous system isinitialized. Given asynchronous systems A and A0 their morphism f : A ! A0 isa morphism of the underlying initialized transition systems such that � preservesindependence in the following sense.�a+ ^ �b+ ^ a k b implies �a k0 �b (2)Asynchronous systems with morphisms de�ned above form a category AS.Intuitively, the larger the independence relation, the more concurrent is thesystem. Consequently, asynchronous systems with empty independence relationmay well be called sequential systems. Note that condition (2) is trivially satis�edby morphisms with a sequential system as the source. Therefore, the full subcat-egory of sequential systems is isomorphic to the category dTS of deterministictransition systems. We identify them in the sequel.Clearly, a restriction of the independence relation of an asynchronous systempreserves the validity of the swap condition. Thus, there is an evident forgetfulfunctor that maps an asynchronous system to its underlying transition system. Itis not di�cult to verify that, under the identi�cation, dTS becomes a core ectivesubcategory of AS.3.2 (Labelled) Petri NetsMost of the material presented here and in the following sections is standard,cf. [23]. It is presented to make the paper self-contained and to �x the notation.Let ! denote the set of natural numbers. Given a �nite set X , a multiset onX is a function M : X ! !. In this paper only multisets over �nite sets areconsidered. The set of all multisets on X is denoted �X . Relation M 0 � M ,sum M + M 0, and di�erence M �M 0, are de�ned argumentwise, the latter isde�ned only under proviso M 0 �M . Subsets of X , qua characteristic functions,are identi�ed with multisets in �X . Thus, elements of X , as singleton subsetsof X , also live in �X , empty set ; is the empty multiset, �nally, intersection \and union [ of sets are conservatively extended to multisets as argumentwiseminimum and maximum, respectively.A multirelation � : B r! B0 is a multiset on B � B0. By abuse of notation,a multirelation � is identi�ed with a unique function � : �B ! �B0 de�ned7

by (�M)b0 = �b2B�hb; b0i �Mb. As functions, multirelations are monotone andadditive, i.e., satisfy �(M+M 0) = �M+�M 0 and �; = ;. In fact, every additivefunction comes this way. The transpose of � is a multirelation �T : B0 r! Bde�ned by �Tb0b = �bb0.A �nite Petri net N is a structure N = hB;E; F i where B and E are �nitedisjoint sets of places and events, respectively, while F : �(B �E [ E �B) is a ow multirelation. A Petri net N is marked if, additionally, it is equipped witha marking M 2 �B called the initial marking of N.We let e range over E, b range over B, M range over �B and range over �E.Notation b�e for F hb; ei and e�b for F he; bi is often used. Also, taking the view ofa multirelation as an additive function, we use �e and e� to denote the multisetsof preconditions and postconditions of e, respectively. These, by additivity, arede�ned for arbitrary 2 �E.Firing relation [ i on �B � �E � �B is de�ned by: M [ iM 0 i� � �Mand M 0 = M � � + �. We write M [ i, and say is enabled at M , if � �M .The case graph of a Petri net N is a transition system Cg(N) = h�B;E; T i,where M e�!M 0 in Cg(N) i� M [eiM 0. Thus, in the case graph all informationabout the concurrent execution of events in N is neglected. The case graphof a marked Petri net is de�ned as Cg(N; M) = Re(Cg(N); M). Thus, only thereachable markings are considered as states. Let us recall that the set of reachablemarkings, denoted by M, is the least set of markings such that M 2 M andM2 2M whenever M1 2M and M1 [eiM2 for some e.A marked Petri net N is safe if M is a set, and e 2 E, M reachable andM [ i imply that �e, e�, M and are sets. A state machine is a safe Petri net inwhich all these sets are singletons.A labelled Petri net is a structure L = hN; A; `i where N is a Petri net, theunderlying Petri net of L, A is a set of actions, ranged over by a, and ` : E ! Ais a labelling function. If N is marked then L is a marked labelled Petri net.The case graph Cg(L) of a labelled net L is a transition system h�B;A; T iwhere T is the least relation on �B � A � �B that satis�es: M [eiM 0 impliesM `e�!M 0. If L is marked, then Cg(L; M) = Re(Cg(L); M).3.3 Morphisms of (Labelled) Petri NetsThe notion of a morphism used in this paper was introduced by Vogler alreadyin 1991, see [26]. His idea was to extend the notion of a process of safe netsto arbitrary P/T-nets. For that purpose it turned out that a new notion, moregeneral than the the one earlier introduced by Winskel, is useful.Unaware of this research we have rediscovered and studied the same notionin [5]. Our goal was to �nd a simple functorial realization of a sequential systemas a labelled state machine, see Proposition 7. It turns out that this task cannotbe achieved with the simpler notion of morphism introduced by Winskel.8

De�nition 1. Let N and N0 be Petri nets. A general morphism f : N ! N0 isa pair f = h�; �i where � : E * E0 is a partial function and � : �B ! �B0 is amultirelation which together ful�ll the following conditions.1. �(�e) � �(�e).2. �(e�) = �(�e)� �(�e) + (�e)�.If the nets are marked then, additionally, f should preserve the initial marking.3. �M = M 0.In the de�nition above, the partial function � is lifted to a multirelation. Then,in particular, �e = ; whenever � is unde�ned on e. If this is the case, condition 2simpli�es to �(e�) = �(�e).The terminology general morphism is justi�ed by Proposition 3 which showsthat this class of morphisms is in a sense optimal. First, though, let us verifythat what we obtain is a category, denoted PN in the sequel.Proposition 2. Petri nets and general morphisms form a category.Proof. Obviously, the pair of identity functions (qua partial function and mul-tirelation, respectively) form a morphism of Petri nets.Conditions 1 and 2 can be checked by easy calculations. For marked nets,the composition of multirelations ful�lls also condition 3. 2Conditions 1 and 2 of De�nition 1 together guarantee that general morphismsmap steps in the source net into steps in the target net.Lemma 1. Let h�; �i : N ! N0 be a morphism in PN. Then M1 [eiM2 in Nimplies �M1 [�ei�M2 in N0.Proof. Let M1 [eiM2 in N, i.e., �e �M1 and M2 = M1 � �e+ e�. Then, �(�e) ��M1 and �M2 = �M1 � �(�e) + �(e�). By conditions 1 and 2 of De�nition 1,�(�e) � �M1 and �M2 = �M1 � �(�e) + (�e)�, i.e., �M1 [�ei�M2. 2Interestingly, the converse to Lemma 1 also holds.Proposition 3. Let N, N0 be Petri nets, while � : �B ! �B0 and � : E * E0satisfy the conclusion of Lemma 1. Then, h�; �i : N! N0 in PN.Proof. Clearly, �e [ei e� in N. Thus, �(�e) [�ei�(e�) by the conclusion of Lemma 1.Now, conditions 1 and 2 follow by the de�nition of �ring relation. 2Another way of reading Lemma 1 is that the general morphisms of Petri netsgive rise to morphisms between the corresponding case graphs.Proposition 4. The case graph construction is a functor Cg : PN! TS.Proof. Immediate, by Lemma 1. 29

Thus, Proposition 3 says that PN is the largest category of Petri nets withmorphisms given as pairs f = h�; �i such that the case graph construction mapsf to a morphism of transition systems.The de�nition of morphisms of labelled Petri nets is obtained by addingadditional component to cope with the labels.De�nition 2. A general morphism f : L! L0 of labelled Petri nets is a triplef = h�; �; �i where h�; �i is a general morphism of the underlying nets, and� : A * A0 is a partial function such that the following strong equality holds.4. `;� = �; `0.It is immediate to verify that labelled Petri nets with their morphisms con-stitute a category, denoted `PN in the sequel. The following generalization ofProposition 4 also holds.Proposition 5. The case graph construction on labelled nets, extended withCg(h�; �; �i) = h�; �i gives a functor Cg : `PN! TS. 23.4 Comparison with Winskel's De�nitionIt seems that Reisig was the �rst to view Petri nets as 2-sorted algebras. The sortof places lives in the category of multisets, with multirelations (additive func-tions) as morphisms. The sort of events lives in the category of partial functions.Operations are: pre- and post-conditions and, for marked nets, initial marking.In [28, 29] Winskel proposed that morphisms of nets should be (presentationsof) homomorphisms of such algebras. Consequently, a pair h�; �i as in De�ni-tion 1 is a Winskel morphism if it satis�es the following condition.{ �(�e) = �(�e) and (�e)� = �(e�).Morphisms of marked nets preserve the initial marking as well: �M = M 0.It has been shown in [28] that Winskel morphisms satisfy Lemma 1. In fact,the following is immediate.Proposition 6. Every Winskel morphism is a general morphism. 2�e1e2N2e� eNeFig. 1: General, non-Winskel morphism10

The converse does not hold. To see this consider Fig. 1. It depicts a generalmorphism of marked Petri nets, let us call it h�; �i, which is not a Winskelmorphism since ; = �(�e1) < �(�e1). In fact, it is easy to see that there is noWinskel morphism f such that Cg(f) = Cg(h�; �i).Another, more complex example, is presented on Fig. 2. It demonstratesthat the need to use general, non-Winskel morphisms does not depend on thepartiality of the event part of morphisms. The morphism on Fig. 2 explains howthe sequential execution of e1's and e2's in N+ can be simulated by a parallelexecution of e1 and e2 in Nk. The multirelation component � of the morphisms isa relation. Clearly, the initial marking is preserved. The singleton initial markingof net N+ is shared as the precondition of both e01 and e002 . In the target net Nk,the images of e01 and e002 do not have a common precondition. Thus, for examplethe inequality �(�e01) < �(�e01) is strict. In fact, all inequalities are strict in thiscase. Again, there is no such Winskel morphism from N+ to Nk.e02 e01e001 �e002N+� e1�b e2NkFig. 2: General morphism from N+ to Nk3.5 Properties of Case Graph FunctorSince nets are to serve as realizations of reactive systems, the latter represent-ed as transition systems, it is important to explain what it means that a netN realizes a transition system S. The answer put forward by Ehrenfeucht andRozenberg in their seminal paper was that S should be, up to inessential renam-ing of components, equal to the case graph of N. Formally, we demand equalityup to an isomorphism of transition systems, notation Cg(N) ' S.Thus, the problem of �nding a realization of a reactive system could be castas the problem of �nding a construction Sn which, given a transition systems S,synthesizes a net Sn(S) such that Cg(Sn(S)) ' S. Ideally, Sn : TS! PN wouldbe a functor inverse to Cg. To see how hard is the task to �nd such a functor letus consider two properties that Cg could enjoy to make the task easier.First, the case graph functor is not faithful. That is, given two Petri netsN1 and N2, and a morphism f : Cg(N1) ! Cg(N2) between their case graphs,there can be many general Petri net morphisms h�; �i : N1 ! N2 such that11

f = Cg(h�; �i). To see an example consider a somewhat more saturated versionNk+ of N+ and the morphism from Nk+ to Nk, all described on Fig. 3.��

e02 e01e001 �e002Nk+� e1� e2NkFig. 3: General morphism from Nk+ to NkThere is a morphism from Nk+ to N+ which simply erases from the sourceall places that are not present in the target. This morphism is mapped to anisomorphism of the corresponding case graphs. Composing it with the morphismpresented on Fig. 2 yields another morphism from Nk+ to Nk. Although di�erent,both morphisms are glued by the case graph functor.Since Cg is not faithful it follows that each inverse construction de�ned alreadyon transition systems would have to choose one of possibly many morphisms.But the case graph functor is not full either, i.e., there are nets N1 and N2,and a morphism of their case graphs f : Cg(N1) ! Cg(N2) such that there is nomorphism h�; �i : N1 ! N2 so that f = Cg(h�; �i). A counterexample follows.Hence, the initial choice of the nets realizing a transition system has to be wise.In the example on Fig. 4 both Petri nets have isomorphic case graphs. Yet, nomorphism from N0+ to N+ realizes the isomorphism between their case graphs.� e02 �e01 e002 �e001N0+

�e01 e002e02 e001b1 b2 N+Fig. 4: Two realizations of Cg(N+)12

Indeed, assume there is a morphism h�; �i : N0+ ! N+ which maps e02 in N0+to e02 in N+. Then this morphism relates the only postcondition of e02 in N0+ toplace b2 as the only postcondition of e02 in N+ as the following argument shows.Condition 2 of De�nition 1 implies �(�e02) + b2 = �(e02�) + b1. So �(e02�)b2 > 0follows from b1 6= b2. The postcondition constituting e02� in N0+ belongs to theinitial marking. Thus, it may only be related to a place in the initial marking ofN+, and we arrive at a contradiction.Incidently, the isomorphism in the opposite direction from Cg(N+) to Cg(N0+)can be realized, cf. Sect. 4.4, but not as a Winskel morphism.3.6 Labelled Petri Nets as Concurrent Realizations of ReactiveSystemsWe have started this section by arguing that to talk about the concurrent real-ization of reactive systems one has to be able to express concurrency in the un-derlying formal model. Subsequently, asynchronous systems have been suggestedas a suitable extension of transition systems. With accord to the discussion inSect. 3.5 we insist that a net N realizing given asynchronous system A = hS; kishould have its case graph isomorphic to the transition system underlying theasynchronous system, i.e., Cg(N) ' S. However, in most applications one is nei-ther interested in all markings of a Petri net, nor in all states of a transitionsystem. Most of the time people use initialized transition systems and markedPetri nets. Consequently, we restrict the requirement to the sets of reachablemarkings and states, respectively. In fact, this requirement has already beenbuilt into the de�nition of the case graph of a marked Petri net.Now, concurrency is represented on both sides. In a Petri net it even comesin two forms. Two events are structurally concurrent if their pre- and post-conditions are disjoint, while dynamic concurrency is the ability to execute amultiset of events at a reachable marking. Concurrency in an asynchronous sys-tem is the ability to perform two or more independent actions one after another,and so in any order. Thus, in order for a net to be a concurrent realization ofan asynchronous system it should be the case that the concurrency representedon both sides agree. The following de�nition intends to capture the above ideasand is central to further developments.De�nition 3. A labelled marked net L = hN; M ; A; ì is called a realizationof a reachable asynchronous system A = hS; ki, where S = hS; s; A; T i, if thefollowing hold.1. Cg(L) = hM; M; A; [ ii equals S up to an isomorphism that is identity onlabels.2. M 2M and M [e1+e2i imply è1 k è2;3. è1 k è2 implies (�e1 [ e�1) \ (�e2 [ e�2) = ;.A morphisms h�; �; �i : L ! L0 is a realization of a morphisms f : A ! A0 ofasynchronous systems if Cg(h�; �; �i) equals (up to the isomorphism) f .13

The �rst condition above generalizes the usually accepted requirement thatthe sequential case graph of a Petri net realization of a transition system shouldbe isomorphic with this transition system, and that the alphabet of the transitionsystem should play the role of the set of events in the net.Condition 3(2) says that the dynamic concurrency present in the realizationis always justi�ed in the speci�cation.Finally, condition 3(3) ensures that all events labelled as potentially concur-rent in the speci�cation are structurally concurrent in the realization.Without condition 3(3) the problem would admit a trivial solution. This is thecase when one considers sequential systems. One can, for instance, disambiguatedi�erent occurrences of the same action by means of a labeling. Suppose that,together with the labeling, an elementary transition system is obtained in thisway. Then one can apply the construction based on regions, cf. [20], and carrythe labeling over to thus synthesized elementary net. The result would be alabelled safe Petri net saturated with places, and with reachable markings asthe distinguished family.Here, thanks to general morphisms of [26, 5], a simpler realization functorfrom sequential systems to labelled safe Petri nets is put forward. In practicalapplications, see [8], it is better to work with Petri nets which are as small aspossible. Thus, many synthesis techniques have been proposed which aim atminimizing the number of places in the synthesized net, cf. [1, 9, 10]. None ofthese techniques, though, have been shown to be functorial, even for sequentialsystems. Our proposal is based on simple kind of sequential nets known as statemachines.Formally, we de�ne functor Sm returning a state machine for every transitionsystem. Thus, by convention, we can consider Sm to be de�ned on all sequential(asynchronous) systems.De�nition 4. Let S = hS; s; A; T i be a transition system. Then Sm(S) is alabelled Petri net hS; T; F; s; A; `i where �(p a�! q) = p, (p a�! q)� = q and`(p a�! q) = a.Let h�; �i : S! S0 be a morphism of transition systems. Then the morphismof labelled Petri nets is de�ned as Sm(h�; �i) = h�; �; �i : Sm(S) ! Sm(S0)Here � : T * T 0 ful�lls �(p a�! q) = �p �a�! �q if �a is de�ned and unde�nedotherwise.Proposition 7. Sm is a realization functor for sequential asynchronous sys-tems.Proof. Obviously, Cg(Sm(hS; ;i)) = S and Cg(Sm(h�; �i)) = h�; �i. 2The functoriality of the construction hinges on the use of general morphisms. Infact, general morphisms were introduced precisely to achieve this functoriality.If a morphism between transition systems is total on actions, i.e., synchronousin Winskel's terminology, then this morphism, qua a Petri net morphism, is aWinskel morphism. 14

Since [14], which has introduced the idea of region, the problem of synthesisof nets from transition systems has received a lot of attention. Here, [1] serves asa recent account on the developments in theoretical net synthesis based on thetheory of regions. Yet, to our knowledge, all theoretical approaches to synthesishave always sought to reconstruct the actions of a transition system as theevents of the synthesized net. As a result, the theoretical synthesis has limitedapplicability, i.e., not all transition systems can be synthesized. For instance thetransition system S with transitions s a�! p1 b�! p2 and s b�! q1 a�! q2, andwith p2 6= q2, is not synthesizable within this framework.This is in marked contrast to more practical approaches, see [8{10], whichstrive always to provide a solution, even at a price of resorting to heuristics. Oneof the techniques used in tools like Petrify ([8]), when the theoretical synthesisfails, is action splitting in the elaborated transition system. Then, the processof theoretical synthesis can be applied to the modi�ed transition system withbetter chances of success. Action splitting is nothing else than introduction ofan implicit labelling of events. From this perspective, introduction of the la-belling into the de�nition of concurrent realization can be seen as a step towardsreconciliation of the theoretical approach with the practical needs.Our notion of concurrent realization is very general. In particular, it admit-s arbitrary labelled marked Petri nets as potential concurrent realizations ofasynchronous systems. In fact, without too much work the notion can be gen-eralized even further to allow classes of concurrent behaviors more general thanasynchronous systems, see e.g., [11, 25].On the other hand, the addition of labelling makes even a small class of safenets very expressive. The category of safe Petri nets is attractive to work withsince it admits many constructions, cf. [6, 28, 30]. Therefore, in the next sectionsof the paper we develop a theory in which labelled safe Petri nets serve as thepool in which concurrent realizations are sought.4 Concurrent Realizations of Concrete AsynchronousSystemsIn this section the notion of a concrete asynchronous system is recalled, andsome recent re�nements and results are presented. Then, we show that arbitrary�nite diagrams in the full subcategory of concrete asynchronous systems admitsystematic realization in the category of safe labelled Petri nets.4.1 Concrete Asynchronous SystemsRecently, see [19], Morin has provided a characterization of those asynchronoussystems which are isomorphic to the mixed products of sequential systems com-puted in a subcategory of reachable asynchronous systems.It all starts with a choice of suitable morphisms. Recall that in Def. 3(1) weinsisted that the morphism does not rename the actions. This property character-izes the notion of morphism used by Morin. Formally speaking, morphisms used15

in [19] do not constitute a subclass of morphisms studied in [3, 30], as recalled inSect. 3.1, since their state part is often partial, de�ned on the reachable statesonly. The following modi�cation recti�es this minor di�erence, but it should bekept in mind when we recall Morin's results. The terminology used follows [4].A morphism f : S ! S0 of transition systems is rigid whenever A � A0 and� : A * A0 is the partial identity transposed to this inclusion, i.e., �a = a i�a 2 A0, and unde�ned otherwise. A morphism of asynchronous systems is rigidi� it is a rigid morphism of the underlying transition systems.One can easily verify that the class of rigid morphisms includes identities, andis closed under composition. Hence, asynchronous systems with rigid morphismsform a subcategory ASr of AS.Note that transition systems S and S0 are rigid isomorphic, notation S r' S0,i� both share the same alphabet and if there exist a bijection between theirstates which preserves and re ects the transition relation. In the sequel we oftenconsider rigid isomorphisms up to reachable parts , notation S r� S0, de�ned byRe(S) r' Re(S0). Thus, Def. 3(1) could now be restated as Cg(L) r' S.Asynchronous systems A and A0 are rigid isomorphic, notation A r' A0, i�S r' S0 and both share the same independence. Similar characterization appliesto A r� A0 de�ned by Re(A) r' Re(A0).In [19] Morin has shown that the category of asynchronous systems with rigidmorphisms admits products, called mixed for historical reasons, cf. [13].The mixed product of a family (A)i2I of asynchronous systems, denotedQri2I Ai, is an asynchronous system hQi2I Si; (si)i2I ;Si2I Ai; T; ki, where{ (pi)i2I a�! (qi)i2I i� either a 2 Ai and pi a�! qi or a =2 Ai and pi = qi,{ a k b i� a ki b whenever fa; bg � Ai.Thus, an a-step in the product comes about by a synchronous execution of a-steps in all components with a in their alphabets, while the other componentsremain idle.The reader should note that when all the components of a product are se-quential the independence in the product is rather special. Namely, two actionsare independent in the product i� they never occur in the same component.The kth projection �k : Qri2I Ai ! Ak consists of the kth projection onstates, and the partial function transpose to the inclusion Ak � Si2I Ai. Now,we can quote the following result proved in [19, Lemma 1.3].Proposition 8. Mixed products with their projections are categorical productsin the category of asynchronous systems with rigid morphisms. 2An asynchronous system A is concrete if there exists a family of sequentialasynchronous systems (Ai)i2I such that A r� Qri2I Ai.As an example consider two sequential asynchronous systems, one with tran-sitions p a�! q and p b�! q0 and the other one with transitions r c�! r0 a�! r00.Their mixed product contains unreachable states, see Fig. 5{6. Both, this prod-uct and its reachable part, are considered concrete.16

Now, let A be a set and k an independence relation on A. We let Q = Q(A; k)be the family of all cliques of dependent actions, Q = f� � A j (��) � ,g.The subfamily of maximal cliques is denoted by X.Let A = hS; s; A; T; ki be an asynchronous system. Given � � A, one de�nesan equivalence relation on S, also denoted by �, as the least equivalence relationsuch that the following holds.{ p a�! q and a =2 � implies p � q.{ p � r and p a�! q and r a�! s implies q � s.The construction above allows to consider quotients of asynchronous systems.Let � 2 Q(A; k). Then, a �-quotient of an asynchronous system A =hS; s; A; T; ki, is the quotient sequential system ��(A) = hS=�; [s]�; �; T�; ;i,where T� is the least relation such that p a�! q, a 2 �, implies [p]� a�! [q]�.Above, and in the sequel, [s]� stands for the class of states �-equivalent tos. Each quotient ��(A) comes with a rigid quotient morphism [ ] : A ! ��(A)given on states by s 7! [s]�. The assumption � 2 Q(A; k) is necessary andsu�cient to ensure that the morphism preserves independence relation, cf. (2).Morin has shown, cf. [19, Lemma 2.2], that (the reachable part of) a mixedproduct of sequential systems is isomorphic to (the reachable part of) the mixedproduct of its quotients.Lemma 2. Put A = Qri2I Ai, and let Ai denote the alphabet of Ai, for i 2 I.Then A r� Qri2I �Ai(A). 2Let M � Q be a family of cliques of the dependence relation , of an asyn-chronous system A. Consider the following properties.state-state M -separation p 6= q implies (9� 2 M ) [p]� 6= [q]� (3)state-action M -separation p a=�! implies (9� 2 M ; a 2 �) [p]� a=�! (4)M fully captures k a , b implies (9� 2 M ) fa; bg � � (5)Now, the two M -separation axioms (3) and (4) provide a simple criterion fordeciding when a reachable asynchronous system is concrete, cf. [19, Thm. 2.3].Theorem 1 (Morin). A reachable asynchronous system A is concrete i� thereexists a family M � Q such that axioms (3) and (4) are satis�ed. 2Moreover, given M � Q such that reachable A satis�es both M -separation ax-ioms, it follows that A r' Re �Qr�2M ��(A)�. If M 0 � Q is another family ofcliques such that (8� 2 M ) (9�0 2 M 0 ) � � �0, then A satis�es M 0 -separationaxioms as well. Hence, in the quest for a family that ensures separation axiomsit is enough to consider M such that X � M , e.g., M = X or M = Q.4.2 Concrete Asynchronous Systems RevisitedLet k be an independence relation on a set A. Assume that there is a constructionthat assigns to the family Q = Q(A; k) of all cliques a subfamily M � Q whichalso covers A, i.e., SM = A. 17

Then, given an asynchronous system A with actions A and independence k,we associate with it a family FM (A) = f��(A) j � 2 M g of quotients.The family of the corresponding quotient morphisms gives a cone in thecategory of asynchronous systems with rigid morphisms. Thus, from the generalnonsense it follows that there exists a unique rigid �MA : A !Qr FM (A).Note that the products in full subcategories of reachable asynchronous sys-tems are computed as reachable parts of the products in AS, resp., ASr. Then,if A = Re(A) is reachable we obtain �MA : A ! Re(Qr FM (A)) by taking appro-priate corestriction on the state component.Here comes an elementary characterization of �MA.Lemma 3. �MA : A ! Re(Qr FM (A)) is a rigid morphism �MA = h�; �i where(�s) = ([s]�)�2M and � = idA.Moreover, � re ects the independence whenever M satis�es (5).Proof. Consider h�; �i as de�ned. � can indeed be taken as the identity becauseof SM = A. Given a transition p a�! q in A, either a 2 �, then [p]� a�! [q]�,or a =2 �, then [p]� = [q]�. This is precisely the de�nition of an a-transition inthe product.Two independent actions cannot belong to the same clique, hence they areindependent in the product too. The converse holds when M fully captures theindependence relation, (5). 2Now, Theorem 1 can be reconstructed.Proposition 9. Let A be a reachable asynchronous system. Then, the followingare equivalent.1. A is concrete.2. There exists a family M � Q, A = SM , such that �MA : A ! Re(Qr FM (A))is a rigid isomorphism.3. There exists a family M � Q, A = SM , such that A ful�lls both M -separation axioms (3) and (4), and axiom (5) too.Moreover, each Re(Qr FM (A)) satis�es M -separation axioms.Proof. Suppose A r' Re(Qri2I Ai) for some family of sequential systems. De�neM = fAi j i 2 I g. Clearly, M � Q and A = SM . To see that �MA is an iso-morphism let us show that every projection from A onto Ak factorizes throughthe equivalence relation de�ned by clique Ak . In the base case (si)i2I is Ak-equivalent to (s0i)i2I due to the existence of an a-transition, with a =2 Ak, fromthe former vector to the latter. But then sk = s0k. This equality is preservedin the inductive case. The above gives morphisms from �Ak(A) to Ak , and weeasily check that, together, they give rise to an inverse to �MA.The converse implication follows by de�nition.The state-state separation axiom is equivalent to �MA being a 1-1 mapping.The image of A under �MA consists of tuples ([s]�)�2M , s 2 S. The initial statein the product is of this shape. To see that all reachable states in the product18

belong to the image one has to check that given a transition ([s]�)�2M a�! ina product we can �nd a single state s0 such that s0 a�! in A and s � s0 forall �. In view of the state-state separation lemma, s is the only candidate fors a�! . Hence, in the context of state-state separation axiom �MA is onto i� thestate-action separation axiom holds.Finally, if M does not satisfy (5) it can be enlarged to a family of cliques thatfully captures k without violating the M -separation axioms.The last statement of the theorem follows from the previous ones. 2An asynchronous system that does not ful�ll state-state separation axiom hasstates p, q and s, transitions s a�! p b�! q and s b�! q a�! q, with a k b. Thenthe only cliques are singletons, and s and p are both fbg- and fag-equivalent.Consider now an asynchronous system with transitions s a�! p and s b�! q,all states di�erent, and with relation a k b. Again, the only cliques are singletons,and p b=�! while s b�! and s is fbg-equivalent to p, i.e., [p]fbg b�! : The readerwill check that the product of the two quotients of the system has an extra stateallowing for a concurrent execution of a and b.Consider a morphism f = h�; �i : A0 ! A of asynchronous systems.For each � 2 Q let ��(�) = fa0 2 A0 j �a0 2 �g be the strict inverse imageof � via �. Above, by convention, �a0 2 � holds only when �a0 is de�ned.Lemma 4. Let f : A0 ! A be a morphism of asynchronous systems. Given� 2 Q put �0 = ��(�). Then, �0 2 Q 0 . Moreover, p �0 q implies �p � �q.Hence, f� : ��0(A0) ! ��(A), where ��([s]�0) = [�s]� and ��a = �a, is amorphism of (sequential) asynchronous systems.Proof. Let a; b 2 �0 = ��(�), where � 2 Q. Then �a , �b. So, a k0 b isimpossible since morphisms preserve independence. Thus, �0 is a clique.The next claim follows by induction on the derivation of p �0 q. Indeed, inthe base case p �0 q since p a�! q where a =2 ��(�). Now, if �a de�ned, thensurely �a =2 �. Thus, since �p �a�! �q, it follows that �p � �q, as required. Samein case �a unde�ned, since then �p = �q. The inductive step is even easier.The last claim is immediate. 2The following proposition makes use of the lemma and allows to glue themorphisms described there.Proposition 10. Let f : A0 ! A in AS. Let M 0 and M be families of cliqueson A0 and A respectively. Assume � 2 M implies ��(�) 2 M 0 and assume M 0fully captures the independence relation in A0.Then f� : Qr FM0 (A0) ! Qr FM (A) de�ned by �� ([s�0 ]�0)�02M 0 =([�(s��(�))]�)�2M and �� = � is a morphism of asynchronous systems and19

the following diagram commutes.A0�� //�M 0A0 Qr FM0 (A0)��f f�A //�MA Qr FM (A)Proof. First we show that f� is a morphism of transition systems.Indeed, by Lemma 4 both its parts are well de�ned.Now, take a transition in Qr FM0 (A0). Without loss of generality the it hasthe form ([p�0 ]�0 )�0 a�! ([q�0 ]�0)�0 , where for all �0 2 M 0 the states p�0 ,q�0 are such that either p�0 a�! q�0 in A0 where a 2 �0, or p�0 = q�0 anda =2 �0. Now, consider � 2 M and let �0 = ��(�). Assume �a is de�ned. Then�(p�0 ) �a�! �(q�0 ) in A. If �a 2 �, then [�(p�0)]� �a�! [�(q�0 )]� in ��(A),otherwise, [�(p�0 )]� = [�(q�0 )]�. Therefore, ([�(p�0 )]�)� �a�! ([�(q�0 )]�)�. If�a is unde�ned, then �(p�0 ) = �(q�0) for all �0, and hence, �� glues both statesof the transition. Thus, f is a morphism of the underlying transition systems.The diagram in question commutes, by construction of f� .By Lemma 3, the independence in Qr FM0 (A0) is the same as in A0. Surely, �preserves it in A, and this is included in the independence of Qr FM (A). Hence,f� is a morphism of asynchronous systems too. 2Consider F, an arbitrary small commuting diagram in the category of all asyn-chronous systems. It may contain no morphisms, several or even all1 morphismsin AS. Then Proposition 10 provides means to generate, for each asynchronoussystem that appears as an object in diagram F, a family of cliques in a waywhich turns F into a commuting diagram: F� = �f� j f 2 F .Proposition 11. For each object A in F let M = M (A) be a family of cliques onA that fully captures the independence. Then, there exists minimal extensions M Fof each M , such that F� = �f� : Qr FMF(A)! Qr FM0F(A0) j f : A ! A0 2 F becomes a commuting diagram in AS.If, moreover, A is M -separated, then it satis�es M F -separation axioms.Proof. It is easy to verify that the assignment f 7! f� preserves identities.Moreover, it preserves the composition of morphisms whenever each of themsatis�es the assumption of Proposition 10. Thus, the only problem is to ful�llthe assumption by suitably extending each M .M F 's are constructed in stages. First, for each A in F take M 0 = M . Then,given M n put M n+1 = M n [ f��(�0) j f : A ! A0 2 F; �0 2 M 0n g. Finally, putM F = Sn�0 M n .1 To avoid foundational issues we could consider, for instance, only transition systemsin which all states and actions are subsets of a �xed set of large cardinality.20

By construction, �0 2 M 0F implies ��(�0) 2 M F for each f : A ! A0 in F.Finally, from M � M F it follows that if A is M -separated then it satis�esM F -separation axioms. 2Proposition 11 can be applied, for example, to two universal choices of afamily of cliques M for each A in F: M = Q and M = X. The �rst case istrivial in the sense that QF = Q whatever F is. In the second case the outcomedepends on F. If, for instance, we take F = AS, then XF = Q. But for �nite Fthe resulting family XF is usually smaller.In both cases, i.e., for M = X or M = Q, the following is immediate.Corollary 1. If F is a diagram in the full subcategory of concrete asynchronoussystems then Re(F� ) is rigid isomorphic to F. 24.3 Comparison with Elementary Transition SystemsThe theory of concrete asynchronous systems subsumes, in the sense discussedbelow, the theory of elementary transition systems initiated by Ehrenfeucht andRozenberg, see e.g. [14, 20]. The results presented below extend from elemen-tary transition systems to semi-elementary transition systems of [21] and toasynchronous systems are obtained as the case graphs of (unlabelled) safe nets,see [30]. At the same time, as we shall see, there are simple examples of concreteasynchronous systems which fall beyond these classes.A region R in a transition system S = hS; s; A; T i is a set of states, R � S,such that given a transition p a�! q, the value of �(p)��(q), where � stands forthe characteristic function of R, does not depend on p and q, but is a functionof a only. We write R�a if p a�! q implies �(p) � �(q) = 1 and a�R if p a�! qimplies �(p)� �(q) = �1.Deterministic and reachable transition system S is elementary if the followingconditions are satis�ed.{ no loops: p a�! q implies p 6= q,{ no parallel arrows: p a�! q and p b�! q imply a = b,{ no junk: every action can be enabled in some state, p a�!,and, additionally, regional separability axioms of Ehrenfeucht and Rozenberg:{ state-state separation: p 6= q implies p 2 R and q =2 R, for some region R;{ state-action separation: p a=�! implies p =2 R and R�a for some region R.Given a transition system hS; s; A; T i de�ne a relation k � A�A as follows.a k b i� a � p b�! and a�! q b�! for some p; q: (6)In the sequel k de�ned by (6) is called the canonical independence induced by S.The following result justi�es this terminology.Lemma 5. An elementary transition system S together with its canonical inde-pendence relation makes an asynchronous system.21

Proof. To see that k is irre exive suppose to the contrary p a�! q a�! for somea; p; q. Then p 6= q and, further, p 2 R and q =2 R, for some region R. Then wehave both R�a and q, a source of an a-arrow, is not in R|a contradiction.Symmetry of k follows from the swap property. Indeed, suppose p b�! q a�! rand b k a. First we show that p a�! . Indeed, otherwise there would be a regionRsuch that p =2 R and R�a. Then q 2 R, hence b�R. But there exists a state beinga source of both a- and b-arrows. Conditions R�a and b�R cannot be ful�lledsimultaneously, hence p a�! q0 for some q0. In a similar manner one can see thatthere exists r0 such that q0 b�! r0. Now, given any region R and its characteristicfunction �, �(p)� �(q) = �(q0)� �(r0) b-arrows�(p)� �(q0) = �(q)� �(r) a-arrowsand hence �(r) = �(r0). By state-state separation condition, r = r0, which�nishes the proof. 2In fact, only a minor modi�cation of a proof of the above is required toshow that also semi-elementary transition systems coincide with a subclass ofasynchronous systems. The following provides some insight into the relationshipbetween regions in an elementary transition system and quotients of its canonicalasynchronous system.Lemma 6. Let R be a region in an elementary transition system S. De�ne aset of actions � = �R = fa 2 A j a�R _ R�ag. Then � is a clique of dependentactions. Moreover, p � q implies p 2 R, q 2 R.Proof. Let a 2 � and let a k b. Then in the transition system there existfragments like (6). Whichever of a�R or R�a is true, precisely one of the sourcesof b-arrows belongs to R. Hence, neither b�R nor R�b holds, consequently, b 62 �.Now, let p � q and let � denote the characteristic function of R. The proofof �(p) = �(q) goes by induction on the derivation of p � q. The base case isp a�! q for some a =2 �. By de�nition of �, neither a�R nor R�a holds, hence theclaim. For the other case, let r a�! p and s a�! q be two a-arrows with r � s.We have �(p) � �(r) = �(q) � �(s) and �(r) = �(s) by inductive hypotheses.Hence �(p) = �(q), as required. 2Now, the following is immediate.Proposition 12. The canonical asynchronous system induced by an elementarytransition system is concrete.Proof. Let us verify that with M = f�R j R -a regiong the canonical asyn-chronous system satis�es Morin's M -separation axioms (3) and (4).Suppose p 6= q. Then there exists a region which separates p and q. A clique� induced by this region as in Lemma 6 also separates the states.Now, let p a=�!. Take a region R with p =2 R and R�a. Then, the clique �induced by R contains a and separates p and a. Indeed, consider q, with q � p.Then, by Lemma 6, q =2 R. Hence, [p]� a=�!. 222

The converse to Proposition 12 is not true. For instance, each sequentialsystem A, i.e., each asynchronous system with kA = ;, does satisfy Morin'sconditions. This is because the entire alphabet of A is a clique of dependentactions, and it generates the trivial equivalence. Hence, for instance, a sequentialsystem that performs an action a twice in a row and then stops is concrete.Clearly, it is not elementary. In fact, it is neither semi-elementary nor does itsatisfy the separation axiom 3 in [30]. Thus, the realization procedure describedin this paper extends functorial realizability to cases not covered before. In fact,it will become apparent in the next section, it covers cases which cannot berealized by any unlabelled general Petri net.But �rst, let us notice that the arguments presented above can be easilyadopted to safe nets and their case graphs. Indeed, each net N induces structuralindependence kN on events de�ned by: e1 kN e2 i� (�e1 [ e�1) \ (�e2 [ e�2) = ;.Then, AN = hCg(N); kNi is an asynchronous system when N is a safe net, see [3].Proposition 13. Asynchronous system AN induced by a safe net N is concrete.Proof. Each place b of N induces a clique �b = fe 2 E j b�e _ e�bg of structural-ly dependent actions. Moreover, one easily obtains an analogue of Lemma 6:M�bM 0 implies b 2M , b 2M 0. With it, the proof goes as in Prop. 12. 24.4 Labelled Safe Petri Nets and Their ProductsThe importance of categorical products as a fundamental tool to explain synchro-nization is well-known, cf. [28, 29]. Here, we investigate the Petri net counterpartof the mixed product ([13, 19]) in the context of nets with rigid morphism.A rigid morphism of two labelled Petri nets hN; A; ì and hN0; A0; `0i withA0 � A is a general morphism h�; �; �i of nets in which � is the transpose partialfunction induced by the inclusion A0 � A. Equivalently, we can keep � implicit,and consider a morphism h�; �i of the underlying Petri nets which preserves thelabelling in the following sense: for all e 2 E, either �e is de�ned, è 2 A0 and`0(�e) = è or �e is unde�ned and è =2 A0. Clearly, labelled safe Petri nets withrigid morphisms also form a category, denoted `PNr. Note that the case graphfunctor maps rigid morphisms of nets to rigid morphisms of transition systems.The category of labelled (safe) Petri nets with rigid morphisms admits �niteproducts, called mixed or rigid in the sequel. Essentially, it is the old Winskelconstruction, cf. [29], except that the synchronization of events is already in-corporated into the product (due to the choice of rigid morphisms). Also, thepresence of labelling requires some re�nements of the construction.Theorem 2. Let (Li)i2I be a �nite family of labelled Petri nets. Their mixedproduct Qri2I Li = hB;E; F; M ; A; ì is given by:{ B = Ui2I Bi, the disjoint union of places,{ A = Si2I Ai, 23

{ E �Qi2I (Ei [ f?g) is de�ned as follows.e 2 E i� (9 a 2 A) (8 i 2 I) (ei 6= ? ^ `iei = a) _ (ei = ? ^ a =2 Ai)Here ? is a dummy event occurring in none of Ei,{ F hb; ei = Fihb; eii and F he; bi = Fihei; bi, whenever b 2 Bi. Here, by con-vention Fihb;?i = 0 and Fih?; bi = 0, for all i 2 I.{ M = �i2IMi{ ` : E ! A is determined uniquely due to the de�nitions of A and E.The place part of i-th projection is the relation transposed to the inclusion Bi �B. Its event part is a partial function which maps heiii2I to ei when ei 6= ?, andotherwise unde�ned. 2Proof. It is immediate that projections ful�ll the conditions of De�nition 1, andthat they preserve labels. Moreover, they are Winskel morphisms.Suppose a family of Petri net rigid morphisms h�i; �ii : L ! Li, i 2 I isgiven. In particular, (8 i) Ai � A. De�ne h�; �i : L!Qri2I Li as � = �i2I�i and�e = (�iei)i2I , where the i's component equals ? whenever �iei is not de�ned.The requirement that morphisms preserve labelling ensures �e is properly de�nedand the resulting morphism preserve labelling too. The de�nition of � ensurescondition (3) of De�nition 1 is ful�lled. Now �(�e) = �i2I�i(�ei) while �(�e) =�i2I ��iei and similarly for (�e)�. Here summands are assumed to be zero if �ieiis unde�ned. Hence conditions (1) and (2) of De�nition 1 are ful�lled too.It is clear from the construction that h�; �i composed with i-th projectionequals h�i; �ii and that it is the only (rigid) morphism with this property. 2Rigid projections are Winskel morphisms. It can be shown that if a coneconsists of Winskel morphisms only, then so is the mediating morphism. Thus,the constructions specializes to the subcategory with rigid Winskel morphisms.In the rigid product two nets synchronize on shared labels. It may be instruc-tive to consider an example of a rigid product and a canonical morphism.Net N0+ in Fig. 4 is a rigid product of three state machines|the one withlanguage (e01e02)?, another with (e002e001)? and yet another with e01 + e002 . Here, asynchronization does take place. There are morphisms from N+ to N0+ whichyield projections on the level of case graphs, their product is a morphism fromN+ to N0+ yielding identity on case graphs. As we have already mentioned, thereis no morphism in the opposite direction.The case graph functor preserves mixed products.Proposition 14. The case graph of the mixed product of labelled Petri nets is(rigid isomorphic to) the mixed product of their case graphs.Proof. Let Li, i 2 I , be a �nite family of Petri nets, and let L = Qri2I Li. Amapping (Mi)i2I 7! �i2IMi is a bijection between Qi2I �Bi and �(Ui2I Bi).Hence, (Mi)i2I is mapped into M .Let (Mi)i2I a�! (M 0i )i2I in the product of case graphs. It means that ifa 2 Ai then Mi [eiiM 0i for some ei, `iei = a, otherwise Mi = M 0i . If the former24

is the case, M 0i = Mi � �ei + e�i. Hence �i2IMi [ei�i2IM 0i , where e = (ei)i2I ,è = a. Thus, the bijection is actually an isomorphism in TS. 2While the mixed product of labelled Petri nets is a product in the subcategorywith rigid morphisms, it is also true, that a cone of \consistent" non-rigid mor-phisms also gives rise to a not necessarily rigid morphism to the mixed product.Proposition 15. Consider a family of net morphisms h�i; �i; �ii : L! Li, fori 2 I. Assume all �i composed with inclusions {i : Ai � Si2I Ai agree, i.e., thatthere exists a function � : A ! Si2I Ai such that �i = �; {Ti . Then there exists(a unique) morphism h�; �; �i : L! Qri2I Li of labelled Petri nets such that itscompositions with rigid projections to Li gives back the original morphisms.Proof. De�ne � : A ! Si2I Ai as the common relabelling. The construction ofh�; �i given in the proof of Theorem 2 is applicable here too, the assumption ofthe common relabelling makes the de�nition of � correct. Together with � theyform the desired morphism. 24.5 Towards a Functorial Realization of Concrete AsynchronousSystems by Means of Labelled Safe Petri NetsThe notion of realization of a concurrent behavior of a reactive system has beenintroduced in Sect. 3.6, and formalized as a relation between reachable asyn-chronous systems and labelled marked Petri nets. Now, we are ready to showthat this realization relation commutes with rigid products.Theorem 3. Let (Ai)i2I be a �nite family of asynchronous systems and let(Li)i2I be a family of their realizations. Then the mixed product of nets,Qri2I Li,realizes the mixed product of asynchronous systems, Qri2I Ai.Proof. Let Qri2I Li = hB;E; F; M ; A; ì be a mixed product of labelled nets andlet Qri2I Ai = hQi2I Si; ki be a product of asynchronous systems.1. We have already established, see Proposition 14, that Cg(Qri2I Li) is rigidisomorphic to the product of Cg(Li), hence also to Qri2I Si.2. LetM be reachable,M [e+e0i, where e = (ei)i2I , e0 = (e0i)i2I and let è; è0 2Ai for some i 2 I . Then M \ Bi 2 Mi and M \ Bi [ei+e0ii in Ni, henceè = ìei ki ìe0i = è0. The choice of i 2 I does not matter.3. Finally, let b 2 (�e[ e�)\ (�e0[ e0�). There is only one i 2 I such that b 2 Bi,for this i both ei 6= ? and e0i 6= ? and b 2 (�ei [ e�i) \ (�e0i [ e0i�). Thenìei ,i ìe0i, hence è , è0. 2The reader should note that the above result does not presuppose safety ofrealizations. This, in principle, allows to use arbitrary labelled Petri nets. If,however, all nets are safe, then so is their mixed product.Consider a reachable concrete asynchronous systems A, and let M � Q(A; k)be any family of cliques such that M -separation axioms hold for A, and M fullycaptures k. A realization of A by means of a labelled Petri net is obtained byapplying the following parametric procedure.25

Factorize A into the family FM (A) = f��(A) j � 2 M g of sequential systems.Realize each quotient ��(A) in FM (A) as a net L�.Compute Qr�2M L�.The �rst step has been done by Morin, cf. [19] and Sect. 4.2.The last step produces a realization of the mixed product of sequential sys-tems, by Theorem 3.Thus, to fully explain how the procedure works it is enough to present arealization of sequential systems. We have already seen an easy and functorialway to realize sequential systems as labelled state machines, see Prop. 7.Suppose thatR is any such realization functor from the category of sequentialsystems to the category of labelled Petri nets. Is it now possible to extend R asdescribed above so that this realization becomes a functor? More precisely, givena diagram F in AS in which all objects are concrete, one would like to �nd arealization of all the objects and all the morphisms which preserves commutingdiagrams. Indeed, this can be done thanks to Prop. 10{11.Theorem 4. Let F be a commuting diagram in the full subcategory of concreteasynchronous systems. Then there exists a diagram R(F) (of the same shape) inthe category of labelled Petri nets whose objects realize the respective objects ofF and whose morphisms realize the morphisms of F.Proof. For each object A in F let M F be a family of cliques of A build as inProp. 11, and such that it ensures separation axioms and fully captures inde-pendence in A. Consider a family of quotients FMF(A) = f��(A) j � 2 M F g.Realize every member of this family using a realization functor R. De�ne a la-belled net R(A) as Qr fR(��(A)) j � 2 M F g. In this way all objects of F arerealized as labelled Petri nets.Now, let f : A0 ! A 2 F be a morphism of asynchronous systems. Thefamilies of cliques M 0F and M F of A0 and A, respectively, ful�ll the requirementsof Prop. 10. Hence, a family of morphisms f� : ��(�)(A0) ! ��(A), � 2 M Fas de�ned in Lemma 4 is consistent. Applying to f�'s the realization functor wearrive at a family of Petri net morphisms R(f�) : R(��(�)(A0)) ! R(��(A)),� 2 M F . Composed with projections from R(A0) they make a cone of consistentmorphisms in the category of Petri nets. We can now apply Prop. 15 to obtaina morphism R(f) : R(A0)! R(A) which realizes f . 2Corollary 2. There is a realization functor from the category of concrete asyn-chronous systems to the category of labelled Petri nets.Proof. Consider Q as the universal family of cliques and apply the constructionto the functor Sm. 2Fig. 5{7 demonstrate an example of two simple transition systems, theirmixed product, and their realization by means of labelled safe Petri nets. Actu-ally, the example is so simple that the labelling is not really required. Note thatrealizations may introduce indistinguishable places, viz.: postconditions of a.26

�c �a� �a� b�Fig. 5: Two simpletransition systems��

��bbbc c caFig. 6: The product of thesetransition systems

�ca �a bFig. 7: Two state machinesand their product realizingthe transition systems5 Examples, Conclusions and Further WorkLet us assume that a reactive system is given in the form of transition systemS = hS; s; A; T i. We have shown how to �nd a concurrent realization of a reactivesystems when its behavior is represented as a concrete asynchronous systemhS; ki. The di�cult question, though, is how to de�ne a suitable k.Intuitively, the larger the independence relation, the more concurrent real-ization should be obtained. One could formally de�ne a partial order on asyn-chronous systems over the same underlying transition system by saying thathS; k1i is more concurrent than hS; k2i whenever k1 � k2.Now, if S elementary one can, by Prop. 12, derive from its structure thecanonical independence relation which yields a concrete asynchronous system.So, one can ask whether what we obtain in this way is the most concurrentbehavior of S? The answer is negative.Indeed, consider transition system Sabc given by: s a�! p b�! q c�! r. Thisis an elementary transition system, and its canonical independence relation isempty. This is a way of saying that the system does not exhibit any concurrentactivity. However, nothing prevents us from declaring a and c as independent. Infact, hSabc; ki with a k c and a , b , c becomes a concrete asynchronous system!The corresponding two realizations of both systems are depicted on Fig. 8{9.� a b cFig. 8: Sequential realization of Sabc � a � b cFig. 9: \Concurrent" realization of SabcInterestingly, both nets are realizations of both concrete asynchronous systemswhich shows that the notion of realization is quite liberal. Other issues are alsodemonstrated by this simple example.Firstly, the realization procedure that we have described strives to implementactions declared as independent by means of structurally separated transitions.27

Secondly, the choice of decomposition of a behavior into a product of se-quential components a�ects the size of the realization of the system. One of theparameters of the construction of realization presented in Sect. 4 was the choiceof the family of cliques of the dependence relation. Thus, the net on Fig. 8 isdetermined by choosing X = ffa; b; cgg, while the net on Fig. 9 is determined bychoosing M = ffa; bg ; fb; cgg. In this case we could also choose Q which containsall subsets of fa; b; cg, and obtain a huge net, with many copies of indistinguish-able places. This seems to indicate that when the independence is �xed, the mostcompact realizations would be obtained with X.Finally, on a related note, one should not declare two actions as independentunless they form a diamond somewhere.This brings us back to the general question when S is not elementary, andyet one would like to �nd its non-trivial concurrent realization. One could lookat this problem of �nding a maximally concurrent realization of S as a kind of`code optimization problem'. In fact, there is a way to turn a transition systemS into maximally concurrent asynchronous system A = hS;9i where 9 is thelargest symmetric and irre exive relation that satis�es the following.a 9 b i� p a�! q b�! r implies (9 s) p b�! s a�! r (7)Sadly, the above construction is not `functorial' in the sense, that a morphismf : S ! S0 in general does not map 9-independent actions to 90-independentactions. More seriously, hS;9i obtained in this way is not concrete in general.The problem are demonstrated in the next section with a well-known example.5.1 MandalaSuppose there are agents interested in using a resource. Simultaneous usage ofthe resource leads to its corruption. It is therefore imperative that some kindof scheduler is devised to control the access to the resource. The behavior ofan individual agent A from the scheduler perspective could be de�ned as asimple CCS-like process. In the simple case described on Fig. 10 each agentwould behave like A ( r:u:A where r and u stand for request and use phases,respectively. The more elaborate case of Fig. 11 arises when each phase of usingthe resource is split into two: e of entering the critical section, and phase ` ofleaving the critical section and thereby releasing the resource.In the simplest case, in which only two agents are considered, solutions takethe form of mandala, see Fig. 10{11. The solutions are based on assumption2that the scheduler should accept the requests at any time, but the permissionshould be granted on the �rst-come-�rst-served basis. The reactive system onFig. 11 is isomorphic to the ow-graph for mutual exclusion derived by Emersonand Clarke from a branching time temporal speci�cation, see [15, Fig. 11].A quick analysis of transition system S2 reveals that it is not elementary. Firstof all, states s and t reached from the initial state after performing r1r2 and r2r12 This is questionable as it prohibits asynchronous reaction to request signals.28

��

stu1r1 u2r2

u2 r1u1r2Fig. 10: Simple 2-agent scheduler S2

�� r1e1 � `1 r2e2�`2 r1e2�`2 r1

r2 e1 � `1r2Fig. 11: Emerson-Clarke scheduler S3are di�erent, so state-state separation fails. Moreover, the transitions enabledin these two states are di�erent, so state-event separation fails as well. Hence,the system cannot be realized using the regional construction of Ehrenfeucht-Rozenberg. In fact, there is no (unlabelled) net with S2 as its case graph. Theproof is simple: whenever M [e2iM 0 [e1iM1 and M [e1iM 00 [e2iM2 hold in aPetri net, then M1 = M2 follows.The above arguments work also for Emerson-Clarke scheduler S3.The only interesting concrete asynchronous system with S2 as its underlyingtransition system is the sequential one. To see this assume to the contrary that,say, r1 k u2. Then, s and u2 could not be separated, whereas s u2=�!. Indeed, con-sider any � � fr1; u1; u2; r1g with u2 2 � where � is a clique of the dependencerelation. Then r1 =2 �, by assumption, so by the construction of the quotientrelation induced by � it follows that s � t. Thus, [s]� u2�!.A symmetric argument shows that also the other diamond in S2 cannot be�lled with concurrency, i.e., we cannot assume r2 k u1. Similarly, one can showthat r2 , e1 and r1 , e2 in any concrete asynchronous system built on S3.5.2 Realization of the Emerson-Clarke SchedulerWith mandala not much can be done within our framework. That is, the onlyimplementation of mandala is the sequential one. In case of Emerson-Clarkescheduler, see Fig. 11, the situation is better. Namely, there exists maximalconcrete independence relation: r1 k `2 and r2 k `1. The relation admits fourmaximal cliques.The factorization of the resulting concrete asynchronous system into sequen-tial systems is depicted on Fig. 12. The last of the four sequential systems isthe notorious mandala. Taking the labelled state machine associated with eachfactor and computing their product in the category of labelled nets would givea safe net with 14 places and 14 transitions.29

�� e1 `1 e2`2 �� e1 `1r1 e2e2 � �� e2`2 r2e1 e1 �� e1r1 e2r2e2 r1e1r2Fig. 12: The decomposition of the scheduler with r2 , e1 and r1 , e25.3 Zig-zag Morphism and Systematic Re�nement of ConcreteAsynchronous SystemsWe do not know if there exists the biggest concurrent concrete asynchronoussystem over a given transition system. Nevertheless, assume that each transi-tion system S in a diagram F is equipped with a concurrency relation k suchthat hS; ki is a concrete asynchronous system. Then, we could iteratively keeprestricting the independence relations until all f in F become morphisms ofasynchronous systems. The resulting diagram in the full subcategory of concreteasynchronous systems can be then realized as a diagram of labelled safe Petrinets as described in Sect. 4. Thus, the problem would be to �nd a maximallyconcurrent independence such that hS; ki is concrete.Each concrete hS; ki satis�es k � 9 where 9 is the maximal independenceadmissible for S. Moreover, whenever k1 � k2 then the identity morphism on Sbecomes is a morphism from { : hS; k1i ! hS; k2i in AS. This suggests that insearch for a maximal concrete independence one could start with 9 and subse-quently restrict the independence until one arrives at a concrete system. Thisprocess will surely terminate since each sequential system is concrete.The above idea can be generalized by replacing { : hS; k1i ! hS; k2i by moregeneral f : hS1; k1i ! hS2; k2i and continue working with S1. To maintain thesame behavior any such morphism should satisfy certain requirements. For in-stance, modulo �, it should satisfy the same properties as S2.Assume that � is total. We can view S1 as a transition system S over A2de�ned by S = S1, A = A2 and p a�! q in S i� �b = a and p b�! q in S1. Inthe light of Proposition 1, if the morphism h�; idA2i : S ! S2 is a zig-zag, thenS and S2 satisfy the same properties. Hence, if S1 is realized as a labelled net,then extending the labelling of the net with � renders a realization of S2.Let us turn the above requirement into de�nition.De�nition 5. A proto-zig-zag is a morphism f : S ! S0 such that � is total,and if �s b�! q in S0 then there is transition s a�! p in S such that �a = b and�p = q. A proto-zig-zag between asynchronous systems is their morphism whichis a proto-zig-zag of the underlying transition systems.Let A and A0 be asynchronous systems. Then A implements A0 via f , and fis an implementation of A0, whenever f : A ! A0 is a proto-zig-zag morphism.30

Proto-zig-zags are closed under composition, and contain identity morphisms.When the target of a proto-zig-zag is reachable then its components of are sur-jective functions. If A = hS; ki, then the pair of identities forms a proto-zig-zagfrom hS; ;i to A. Thus, the sequential system hS; ;i is an implementation of A.Let f 0 : A0 ! A and f 00 : A00 ! A be two implementations. Then f 0 is betterthan f 00, notation f 00 � f 0 when there exists f : A00 ! A0 such that f 00 = f ; f 0.Surely, any such f is necessarily a proto-zig-zag, too.The idea, now, would be to iterate re�nement steps, by analogy to what wasproposed in [9, 10] and implemented in [8], so that with each re�nement the new,transformed speci�cation is more concrete. Each implementation preserves thebehavior of the target in the source modulo the �-part of the implementation, seeProposition 1. Thus, the realization obtained at the end, with labelling composedwith all �'s parts of the implementations obtained along the way, is a realizationof the original system.Assume that one insists that the states are shared by the implementing andthe implemented asynchronous systems. Then, there are basically two orthogonalways in which an asynchronous system A0 can implement A via f : A0 ! A.{ action splitting: f glues some actions of A0 into a single action of A, inde-pendence in A is re ected in A0;{ concurrency reduction: f does not glue any actions, but the independencerelation in A0 is smaller then the one in A.Then, the less splitting of actions, the smaller loss of independence, the better,i.e., more concurrent, an implementation.Clearly, the implementation by means of the induced sequential system isof the second type. All other implementations can be seen as compositions of asplit implementation followed by a concurrency reducing implementation.5.4 Further ResearchThe framework proposed here subsumes those synthesis procedures which tar-geted subclasses of safe nets, cf. [20, 21]. It remains to be checked if Morin'sseparation axioms also imply those of [30].More importantly, though, would be to relate our framework to other frame-works, especially those underlying tools used in practice.It remains as an interesting challenge if one can push further the frontiers ofuniform realizations. One possibility would be to target non-safe labelled netsand use more liberal abstract models of concurrent behaviors, like in [11, 25].Indeed, by implementations involving splitting of some actions one can obtainfrom Emerson-Clarke scheduler a concrete asynchronous system that ful�lls sep-aration axioms of Droste-Shortt. In fact, there are several maximal, and henceincomparable ways to achieve this goal. For instance one can choose one of thelower diamonds, say [r2; e1], and one of the upper ones, say [r1; `2], and thenintroduce two actions for each of r2, e1, r1 and `2, and adjust the independence31

relation accordingly. The corresponding implementation morphism is an identityon states, glues actions that got split, and preserves the independence relation.Other option is to accept a more liberal notion of concurrent realization. Thiscan be done by removing condition Def. 3(2). Intuitively, there is no sense toprohibit concurrent execution in the realization even when it is not present inthe speci�cation. Indeed, more compact realizations can be obtained this way.And there is yet another option. Our notion of implementation has beenbased on strict morphisms, i.e., morphisms with total action relabelling part. Inthis way the implementation corresponds to the notion of strong bisimulation.We have grounds to believe that by allowing partial relabeling, and therebysilent actions in the implementing systems, one can achieve more concurrentbehavior. In case of the Emerson-Clarke scheduler one can achieve the realizationof maximally concurrent behavior easily, see Fig. 14 (to ease the comprehensionwe copied Fig. 11 for comparison). Many researchers are active in this �eld,see [27] for a recent attempt.�� r1e1 � `1 r2e2�`2 r1e2�`2 r1

r2 e1 � `1r2Fig. 13: Emerson-Clarke scheduler S3from Fig. 11�� r1� `1 r2�`2e2�`2 r1

e1 � `1r2 � 0�r1e2� �r2e1Fig. 14: Emerson-Clarke scheduler withsilent movesIn this paper we have studied the notion of general morphism of Petri nets.General morphisms were shown to be the largest class of morphisms which aretransformed by the case graph construction to morphisms of transition systems.This notion of general Petri net morphism can further be generalized along thelines of [18]. That is, one may consider richer structures on the event part of aPetri net and Petri net morphism. Indeed, De�nition 1 works �ne if one allowsmapping an event in the source net of a morphism to a multiset of events in thetarget net.However, as argued in [18], while it is natural to consider Petri nets withmonoidal structure on events, in general the monoids need not be free. An ex-ample is Milner's synchronization: � + �� = � , where � is a silent move. A goodcandidate could be �nitely presentable monoids, i.e., monoids generated by a�nite number of events and with a �nite number of equalities. Then, a Petri netmorphism should preserve these equalities.32

Another line of generalization is to consider a richer class of morphisms oftransition systems. A simulation between transition systems S = hS; s; A;�! iand S0 = hS0; s0; A0;�! i is a pair consisting of a relation � � S � S0 and apartial function � : A * A0 such that initial states are related, s � s0, andp a�! q in S, �a+, p � p0 implies p0 �a�! q0 in S0 for some q0; q � q0p a�! q in S, �a*, p � p0 implies q � p0Brown and Gurr [7] have de�ned the notion of a simulation of Petri netsin a somewhat restricted way. Their simulation of Petri nets, gives rise to thesimulation of their case graphs, as expected. The general simulation of Petri netswould be a pair h�; �i which ful�ll condition (1) of De�nition 1 and, additionally,conditions2'. �(e�) � �(�e)� �(�e) + (�e)�.3'. �M � M 0.Again, simulations form a category, in fact, the largest one within the framework.The case graph is a functor|a simulation of the case graphs is a pair h��; �i,where M �� M 0 i� �M �M 0. Moreover, Winskel de�nition of products works.However, there is no obvious state machine construction at hand, hence thesynthesis problem for simulations of transition systems requires further research.References1. E. Badouel and P. Darondeau. Theory of regions. In Advances in Petri Nets,vol. 1491 of LNCS , pp. 529{586. Springer, 1998.2. E. Badouel, M. A. Bednarczyk and P. Darondeau. Generalized automataand their net representations. In this volume.3. M. A. Bednarczyk. Categories of Asynchronous Systems. Ph.D. thesis, Univer-sity of Sussex, England, 1988. CST 1-88.4. M. A. Bednarczyk and A. M. Borzyszkowski. Concurrent realizations of re-active systems. In P. R. M. Hofmann, D. Pavlovic, ed., Proc. Category Theory inComputer Science, 8th Conf., Edinburgh, vol. 29 of Electronic Notes in TheoreticalComputer Science, pp. 1{19. Elsevier, 1999.5. M. A. Bednarczyk and A. M. Borzyszkowski. General morphisms of Petrinets; extended abstract. In M. N. Jiri Wiedermann, Peter van Emde Boas, ed.,Proc. Automata, Languages and Programming, 26th Intn'l Coll., Prague, vol. 1644of LNCS , pp. 190{199. Springer, 1999.6. M. A. Bednarczyk, A. M. Borzyszkowski and R. Somla. Finite Completenessof Categories of Petri Nets. Fundamenta Informatic�, vol. 43(1-4): pp. 21-48, 2000.7. C. Brown and D. Gurr. Re�nement and simulation of nets { a categoricalcharacterization. In K. Jensen, ed., Proc. Applications and Theory of Petri Nets,vol. 616 of LNCS , pp. 76{92. Springer, 1992.8. J. Cortadella, M. Kishinevsky, A. Kondratyev, L. Lavagno, andA. Yakovlev. Petrify: a tool for manipulating concurrent speci�cations and syn-thesis of asynchronous controllers. In IEICE Trans. on Information & Systems,vol. E80-D(3), pp. 315{325, 1997. 33

9. J. Cortadella, M. Kishinevsky, L. Lavagno, and A. Yakovlev. SynthesizingPetri nets from state-based models. In Proc. International Conference on ComputerAided Design, pp. 164{171, 1995.10. J. Cortadella, M. Kishinevsky, L. Lavagno, and A. Yakovlev. DerivingPetri nets from �nite transition systems. In IEEE Transactions on Computers,vol. 47(8), pp. 859{882, 1998.11. M. Droste and R. M. Shortt. Petri nets and automata with concurrency re-lation { an adjunction. In M. Droste and Y. Gurevich, eds., Proc. Semantics ofProgramming Languages and Model Theory , pp. 69{87, 1993.12. M. Droste and R. M. Shortt. Continuous Petri nets and transition systems. Inthis volume.13. C. Duboc. Mixed products and asynchronous automata. Theoretical ComputerScience, vol. 48: pp. 183{199, 1986.14. A. Ehrenfeucht and G. Rozenberg. Partial (set) 2-structures, part I and II.Acta Informatica, vol. 27(4): pp. 315{368, 1990.15. E. A. Emerson and E. M. Clarke. Using branching time logic to synthesizesynchronizations skeletons. Science of Computer Programming , vol. 2: pp. 241{266, 1982.16. S. MacLane. Categories for the Working Mathematician. Graduate Text inMathematics. Springer, 1971.17. A. Mazurkiewicz. Concurrent program schemes and their interpretations. DAIMIPB{78, �Arhus University, 1977.18. J. Meseguer and U. Montanari. Petri nets are monoids. Information andComputation, vol. 88: pp. 105{155, 1990.19. R. Morin. Decompositions of asynchronous systems. In Proc. CONCUR'98 ,LNCS , pp. 549{564. Springer, 1998.20. M. Nielsen, G. Rozenberg, and P. S. Thiagarajan. Elementary transitionsystems. Theoretical Computer Science, vol. 96: pp. 3{33, 1992.21. M. Pietkiewicz-Koutny and A. Yakovlev. Non-pure nets and their transitionsystems. TR. no. 528, Department of Computing Science, University of Newcastleupon Tyne, 1995.22. S. Popkorn. First Steps in Modal Logic. Cambridge University Press, 1994.23. W. Reisig. Petri Nets. EATCS Monographs in Theoretical Computer Science,vol. 4, Springer-Verlag, 1985.24. M. W. Shields. Multitraces, hipertraces and partial order semantics. FormalAspects of Computing , vol. 4: pp. 649{672, 1992.25. E. W. Stark. Compositional relational semantics for indeterminate data ow net-works. In Proc. CTCS'89 , vol. 389 of LNCS , pp. 52{74. Springer, 1989.26. W. Vogler. Executions: a new partial-order semantics for Petri nets. TheoreticalComputer Science, vol. 91: pp. 205{238, 1991.27. W. Vogler. Concurrent implementations of asynchronous transition systems. InProc. Application and Theory of Petri Nets 1999, ICATPN'99 , vol. 1630 of LNCS ,pp. 284{303. Springer, 1999.28. G. Winskel. Petri nets, algebras, morphisms and compositionality. Informationand Computation, vol. 72: pp. 197{238, 1987.29. G. Winskel. A category of labelled Petri nets and compositional proof system (ex-tended abstract). In Proc. Third IEEE Symposium on Logic in Computer Science,pp. 142{154. IEEE, The Computer Society, Computer Society Press, 1988.30. G. Winskel and M. Nielsen. Models for concurrency. In S. Abramsky, D. M.Gabbay, and T. S. E. Maibaum, eds., Handbook of Logic in Computer Science;Semantic Modeling , vol. 4, pp. 1{148. Oxford University Press, 1994.34

On Concurrent Realization of Reactive Systems and Their Morphisms

Documents

Transcript of On Concurrent Realization of Reactive Systems and Their Morphisms