Modeling by Petri Nets

Petri nets (PN) are a well established mechanism for system modeling. They are a mathematically defined formal model, and can be subjected to a large variety of systems. PN based models have been widely used due to their ease of understanding, declarative, logic based and modular modeling principles, and finally because they can be represented graphically. Since Petri nets began to be exploited in the 1960s, many different types of models have been introduced and used. The most popular models are presented in this paper by their definitions and by specific models. Their main advantages are shown and the differences between them are mentioned. Petri net based models have been used in our research on digital design methodology: the design of a processor or control system architecture with special properties, e.g. fault-tolerant or fault-secure, hardware-software co-design, computer networks architecture, etc. This has led to the development of PN models in some Petri net design tools (Design/CPN, [1], JARP, [2], CPN Tools, [3]), and analysis and simulation of the model using these tools. After this high-level design has been developed and validated it becomes possible, through automatic translation to a VHDL description, to employ an FPGA implementation that will enable a custom device to be rapidly prototyped and tested (ASIC implementation is also possible). An FPGA version of a digital circuit is likely to be slower than the equivalent ASIC version, due to the regularly structured FPGA wiring channels compared to the ASIC custom logic. However, the easier custom design changes, the possibility of easy FPGA reconfiguration, and relatively easy manipulation make FPGAs very good final implementation bases for experiments. Most models used in the hardware design process are equivalent to the Finite State Machine (FSM), [4], [5], [6], [7]. It is said that the resulting hardware must be deterministic, but we have found real models that are not equivalent to an FSM and their real behavior was tested on the final FPGA design kit platform [8]. Therefore we have concentrated on those models with really concurrent actions, with various types of dependencies (mutual exclusion, parallel, scheduled), and have studied their hardware implementation.


Introduction and motivation
Petri nets (PN) are a well established mechanism for system modeling.They are a mathematically defined formal model, and can be subjected to a large variety of systems.PN based models have been widely used due to their ease of understanding, declarative, logic based and modular modeling principles, and finally because they can be represented graphically.Since Petri nets began to be exploited in the 1960s, many different types of models have been introduced and used.The most popular models are presented in this paper by their definitions and by specific models.Their main advantages are shown and the differences between them are mentioned.
Petri net based models have been used in our research on digital design methodology: the design of a processor or control system architecture with special properties, e.g.fault-tolerant or fault-secure, hardware-software co-design, computer networks architecture, etc.This has led to the development of PN models in some Petri net design tools (Design/CPN, [1], JARP, [2], CPN Tools, [3]), and analysis and simulation of the model using these tools.After this high-level design has been developed and validated it becomes possible, through automatic translation to a VHDL description, to employ an FPGA implementation that will enable a custom device to be rapidly prototyped and tested (ASIC implementation is also possible).An FPGA version of a digital circuit is likely to be slower than the equivalent ASIC version, due to the regularly structured FPGA wiring channels compared to the ASIC custom logic.However, the easier custom design changes, the possibility of easy FPGA reconfiguration, and relatively easy manipulation make FPGAs very good final implementation bases for experiments.
Most models used in the hardware design process are equivalent to the Finite State Machine (FSM), [4], [5], [6], [7].It is said that the resulting hardware must be deterministic, but we have found real models that are not equivalent to an FSM and their real behavior was tested on the final FPGA design kit platform [8].Therefore we have concentrated on those models with really concurrent actions, with various types of dependencies (mutual exclusion, parallel, scheduled), and have studied their hardware implementation.Petri nets are a good platform and tool in the "multiple-level" design process, see Fig. 1.They can serve as a specification language on all levels of specifications, and as a formal verification tool throughout these specification and architectural description levels.The first problem to be solved during the design process is the construction of a good model, which will enable the specification and further handling and verification of the different levels of this design.Therefore this paper presents such model constructions on the basis of a number of simple examples.

Petri net definitions and examples
Petri nets can be introduced in many ways, according to their numerous features and various applications.This text will focus on basic principles and modeling of actions.In this section, a formal definition of place/transition nets and coloured Petri nets is given.They have been presented in many books and publications, the definitions presented here being taken from [9].Many attempts have been made to define the principles of basic types of Petri nets.The way chosen here involves a brief introduction to the basic principles and to the hierarchical construction of the most complicated and widely used Petri net based models used in professional software tools.
The essential features of Petri nets are the principles of duality, locality, concurrency, graphical and algebraic representation.These notions will be presented on a simple model of a handshake used by printers communicating with a control unit that transmits data according to the handshake scheme.The control unit uses the control signal STROBE to signal "data valid" to the target units -printers, receivers.The printers signal "data is printing" to the control unit by ACK signals.After the falling edge of a STROBE signal, all printers must react by the falling edges of ACK signals to obtain the next portion of data (e.g., a byte).Our Petri net will model cooperation between only two printers A, and B, with one control unit C, see Fig. 2.
Following essential conditions and actions have been identified: Separating or identifying passive elements (such as conditions) from active elements (such as actions) is a very important step in the design of systems.This duality is strongly supported by Petri nets.Whether an object is seen as active or passive may depend on the context or the point of view of the system.But it is always necessary to construct a correct Petri net model according to Definitions 1 -5.Basically, the edges must connect only places with transitions, or vice-versa (Petri nets are a bipartite graph).The following principles belong to the essential features of Petri nets that express locality and concurrency: l The principle of duality for Petri nets: there are two disjoint sets of elements: P-elements (places) and T-elements (transitions).Entities of the real world, interpreted as passive elements, are represented by P-elements (conditions, places, resources, waiting pools, channels etc.) Entities of the real world, interpreted as active elements, are represented by T-elements (events, transitions, actions, executions of statements, transmissions of messages etc.).Additionally, there may be inscriptions such as names, tokens, expressions, guards.
l The principle of algebraic representation for Petri nets: For each graphical representation there is an algebraic representation containing equivalent information.It contains the set of places, transitions and arcs, and additional information such as inscriptions.
In contrast to concurrency, there is the notion of conflict.Some transitions can fire independently (e.g.t4 and t6 in Fig. 2, only tokens must be inside the input places), but there can be Petri nets that model mutual exclusion, see Fig. ´( for the set of arcs.If P and T are finite, the net is said to be finite. The state of the net is represented by tokens in places.The tokens distributions in places are called markings.The holding of a condition (which is represented by a place) is represented by a token in the corresponding place.In our example, in the initial state control system C is prepared to send data (a token in place p1), printers A and B are ready to print (token s in places p4 and p9), see Fig. 3.A state change or marking change can be performed by firing a transition.A transition "may occur" or "is activated" or "is enabled" or "can fire" if all its input places are marked by a token.Transition firing (the occurrence of a transition) means that all tokens are removed from the input places and are added to the output places.The transitions can fire concurrently (simultaneously -independently, e.g.t3 and t5 in Fig. 4, or in conflict, see Fig. 5).
The arc in the sense of Definition 1 can be only simpleonly one token can be transmitted (removed or added) from or to places by transition firings.Place/transition nets are nets in the sense of Definition 1, together with a definition of arc weights.This can be seen as an abstraction obtained from more powerful coloured Petri nets by removing the individuality of the tokens, see below.The example derived from the Petri net from Fig. 2    In this definition B is taken as the set Bag(A), where A is the union of all colour sets from C. The difference operator in C = Post -Pre is a formal one here, i.e. the difference is not computed as a value.A marking is a vector m such that m[p] Î Bag(cd(p)) for each p Î P. The reachability set, firing sequence, net system and occurrence have the same meaning as for P/T nets.
The example for constructing Coloured Petri nets (CPN) is discussed in several following examples and figures derived from our original model of parallel printers.Arc-constant CPN in Fig. 7 is simply derived from the initial example, with the same meaning of all places and transitions.Places p4 and p9 (and p5 and p10) originally used for distinguishing two printers are connected ("folded") to one place here named p4&p9 (p5&p10).For a transition t, it is necessary to indicate which of the individual tokens should be removed (with respect to its input places).This is done by the inscriptions on the corresponding arcs in Fig. 7. Transition t3 can fire if there is an object A in place p4&p9 (and an indistinguishable token in the place p3).When it fires, token A is removed from place p4&p9 and is added to place p5&p10, and an (indistinguishable) token is added to p6.Places p4&p9 and p5&p10 have the colour domain printers = {A, B} denoting printer A and printer B. The control process is modeled by token s (STROBE).Colour domains are represented by lower case italics near the place symbols in Fig. 7. Places p3, p6, p7, p8, p11 and p12 are assumed to hold an indistinguishable token and therefore have the colour domain token = { •}, which is assumed to hold by default.The net from Fig. 2 (ordinary or black-and-white PN) and the net from Fig. 7 (coloured PN) contain the same information and have similar behavior.Only two places are "safe".This CPN is called arc--constant, since the inscriptions on the arcs are constants and not variables.
The next step will be to simplify the graph structure of ac-CPN.We will represent the messages "STROBE signal sent to printer A" (stA) and "STROBE signal sent to printer B" (stB), ACK signal sent from printer A (ackA) and ACK signal sent from printer B (ackB).We can connect places p3 and p8, p6 and p11, p7 and p12, in Fig. 8  The firing rule for ac-CPN is sketched in Fig. 9.
In a coloured Petri net the incidence matrices cannot be defined over B = Bag(A) as for arc-constant CPNs.The different modes or bindings of a transition have to be represented.These are called colours, and are denoted by cd(t).Therefore the colour domain mapping cd is extended from P to P T U .In the entries of the incidence matrices for each transition colour, a multiset has to be specified.This is formalized by a mapping from cd(t) into the bags of colour sets over cd(p) for each (p, t) Î P×T.
Our example expressed by CPN is shown in Fig. 11.The number of places and transitions corresponds to the P/T net in Fig. 6, but the expression power is greater.For each transition a finite set of variables is defined which is strictly local to this transition.These variables have types or colour domains which are usually the colours of the places connected to the transition.In Fig. 11 the set of variables of transition t3 is {x, y}.The types of x and y are dom(x) = printers and dom(y) = ack, respectively.An assignment of values to variables is called a binding.Not all possible bindings can be allowed for a correctly behaving net.The appropriate restriction is defined by a predicate at the transition, which is called a guard.Now the occurrence (firing) rule is as follows, see Fig. 10, where all places have the colour set cd(p) = objects = {a, b, c}, and the colour domain of all variables is also objects: 1. Select a binding such that the guard holds (associate with each variable a value of its colour), Fig.

Experiments with hardware implementation
We performed several experiments with direct implementation of the Petri nets model in hardware (FPGA).The results were presented in [14], [15] and [16].These models are briefly described here.They were constructed in software tools (Design/CPN or JARP editor) and from these tools their unified description in PNML language [11], [12], was directly transformed into the FPGA bitstream.
We have modeled 5 philosophers, who are dining together, Fig. 12.The philosophers each have two forks next to them, both of which they need in order to eat.As there are only five forks it is not possible for all 5 philosophers to be eating at the same time.The Petri net shown here models a philosopher who takes both forks simultaneously, thus preventing the situation where some philosophers may have only one fork but are not able to pick up the second fork as their neighbors have already done so.The token in the fork place (places P1, P2, …, P5) means that this fork is free.The token in the eat place (places P6, P7, …, P10) means that this philosopher is eating.
We also performed experiments with a "producer-consumer" system, Fig. 13.Our FPGA implementation used 59 CLB blocks, 47 flip-flops with maximum working fre-quency 24.4 MHz.The maximum input capacity parameter for places (the size of the counter) was set to the value 3. The average buffer occupation during 120 cycles (transition firings) was 1.43, [13], [14].
Our real application experiment modeled a railway with one common critical part -a rail, see Fig. 14.The PN model, Fig. 15, has the initial marking where tokens are in places "1T" and "3T" (two trains are on rails 1 and 3, respectively), "4F" (a critical rail is free) and "2F" (rail 2 is free).This model has eight places, two places T (train) and F (free) for each rail: a token in the first place means that the train is in this rail (T-places), and the second means that this rail is free (F-places).This was described and simulated in the Design/CPN system and then it was implemented in the real FPGA design kit (ProMoX, [15]).

Conclusions
This paper deals with the practical use of Petri nets and modeling by Petri nets.Different levels and types, practical and concrete styles of modeling are presented on the basis of a simple and clear example.The practical results obtained for  specific FPGA implementations have been published and can be found in [14], [15], [16].The specific Petri net models are shown here.The example presented here in which parallel printers are served by a controlling process, was chosen due its practical presentation and practical iterative construction during the teaching process at the Department of Computer Science and Engineering (DSCE) of the Czech Technical University in Prague.
Future work will involve optimizing the direct implementation of Petri nets with respect to space, time, power and reliability.

Fig. 1 :
Fig. 1: Design methodology block diagram with dark parts corresponding to possible use of Petri nets

Fig. 2 :
Fig. 2: The Petri net model of two printers working in parallel

Fig. 4 :
Fig. 3.: Initial state of the Petri net from Fig. 2 is shown in Fig. 6.Here more (two) printers are expressed only by two tokens in one place p4.The condition "all printers are ready" expressed by two tokens in place p4 and fulfilled by multiply edge from place p4 to transition t3.Definition 2: A place/transition net (P/T net) is defined as a tuple N PT PT =< > , , , Pre Post where -P is a finite set (the set of places of N PT ), -T is a finite set (the set of transitions of N PT ), disjoint from P, and -Pre, Post Î N |P|×|T| are matrices (the backward and forward incidence matrices of N PT).C = Pre -Post is called the incidence matrix of NPT  .The set of these arcs isThis interpretation leads to the alternative definition, which is closer to the graphical representation.Definition 3: A place/transition net (P/T net) is defined as a tuple N PT =<P, T, F, W>, where -(P, T, F) is a net (see Definition 5.1) with finite sets P and T, and-W : F ® N \ {0} is a function (weight function).N PT together with an initial marking (m 0 ) is called a P/T net system S =< N PT , m 0 > or S =<P, T, F, W, m 0 >.For a net system S =< N PT , m 0 > the set T* is the sequence of transitions and w Î T* and t Î T, is the reachability set. of occurrence-transition sequences (or a firing-sequence set) of S. It is sometimes convenient to define the set Occ(S) of occurrence sequences to be the set of all sequences of the form

Fig. 5 :Fig. 6 :
Fig. 5: Mutual exclusion of places p5 and p10, transition t3 and t5 in conflict, a) initial state where t3 and t5 are both enabled, b) the state after t3 firing, where t5 is not enabled

10b. 2 .
Temporarily replace variables by associated constants, Fig. 10c.3. Apply the firing rule from ac-CPN from Fig. 9 as shown in Fig. 10d (remove all appropriate tokens from input and add to output places according the arc inscriptions).The firing rule should be understood as a single step from Fig. 10a to d.If the binding x = a, y = b, z = c is selected, then colour sets: control = {s} printers = {A, B} ack = {ackA, ackB} strobe = {stA, stB} constants: s, A, B, ackA, ackB, stA, stB

Fig. 14 :
Fig. 14: Railway semaphore model The tokens in Figs.2-5are not distinguished from each other.The tokens representing printers A and B are distinguished by their places p4 and p9.A more compact and more natural way is to represent them in one place p4&p9 by individual tokens A and B. Distinguishable tokens are said to be coloured.Colours can be thought of as data types.
-P is a finite set (the set of places of N aC ), -T is a finite set (the set of transitions of N Î ´.C = Pre -Post is called incidence matrix of N aC .