Process Completing Sequences for Resource Allocation Systems with Synchronization by Chew, Song Foh & Wang, Shengyong
The University of Akron
IdeaExchange@UAkron
Mechanical Engineering Faculty Research Mechanical Engineering Department
2012
Process Completing Sequences for Resource
Allocation Systems with Synchronization
Song Foh Chew
Shengyong Wang
University of Akron, main campus, wangs@uakron.edu
Please take a moment to share how this work helps you through this survey. Your feedback will be
important as we plan further development of our repository.
Follow this and additional works at: http://ideaexchange.uakron.edu/mechanical_ideas
Part of the Mechanical Engineering Commons
This Article is brought to you for free and open access by Mechanical Engineering Department at
IdeaExchange@UAkron, the institutional repository of The University of Akron in Akron, Ohio, USA. It has been
accepted for inclusion in Mechanical Engineering Faculty Research by an authorized administrator of
IdeaExchange@UAkron. For more information, please contact mjon@uakron.edu, uapress@uakron.edu.
Recommended Citation
Chew, Song Foh and Wang, Shengyong, "Process Completing Sequences for Resource Allocation Systems with
Synchronization" (2012). Mechanical Engineering Faculty Research. 77.
http://ideaexchange.uakron.edu/mechanical_ideas/77
Hindawi Publishing Corporation
Journal of Control Science and Engineering
Volume 2012, Article ID 424051, 14 pages
doi:10.1155/2012/424051
Research Article
Process Completing Sequences for Resource Allocation Systems
with Synchronization
Song Foh Chew,1 Shengyong Wang,2 and Mark A. Lawley3
1Department of Mathematics and Statistics, Southern Illinois University, Edwardsville, IL 62026, USA
2Department of Mechanical Engineering, University of Akron, Akron, OH 44325, USA
3School of Biomedical Engineering, Purdue University, West Lafayette, IN 47907, USA
Correspondence should be addressed to Mark A. Lawley, malawley09@yahoo.com
Received 21 January 2012; Accepted 12 April 2012
Academic Editor: Jin-Shyan Lee
Copyright © 2012 Song Foh Chew et al. This is an open access article distributed under the Creative Commons Attribution
License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly
cited.
This paper considers the problem of establishing live resource allocation in workflows with synchronization stages. Establishing
live resource allocation in this class of systems is challenging since deciding whether a given level of resource capacities is sufficient
to complete a single process is NP-complete. In this paper, we develop two necessary conditions and one sufficient condition that
provide quickly computable tests for the existence of process completing sequences. The necessary conditions are based on the
sequence of completions of n subprocesses that merge together at a synchronization. Although the worst case complexity is O(2n),
we expect the number of subprocesses combined at any synchronization will be sufficiently small so that total computation time
remains manageable. The sufficient condition uses a reduction scheme that computes a sufficient capacity level of each resource
type to complete and merge all n subprocesses. The worst case complexity is O(n ·m), wherem is the number of synchronizations.
Finally, the paper develops capacity bounds and polynomial methods for generating feasible resource allocation sequences for
merging systems with single unit allocation. This method is based on single step look-ahead for deadly marked siphons and is
O(2n). Throughout the paper, we use a class of Petri nets called Generalized Augmented Marked Graphs to represent our resource
allocation systems.
1. Introduction
In recent years, liveness-enforcing supervisory control has
been an active area of research for resource allocation sys-
tems characterized by processes with highly ordered, linear
workflows. This research has beenmotivated to a large degree
by the need to control resource allocation in large, highly
automated manufacturing systems, where process workflow
is highly sequential and is typically prespecified in a product’s
process plan. In brief, a sequential resource allocation system
(RAS) consists of a set of resources, each available at a
finite level, and a set of processes that progresses through
sequences of processing stages, with each stage requiring
a predetermined set of the system resources. Furthermore,
a process instance is allowed to advance to its next stage
only when it has been granted the complete set of required
resources and only then will it release the currently held
resources that are not required for the following stage.
Because the resource allocation schemes discussed above
are embedded in the operation of many technologically ad-
vanced systems, a complete understanding of their worst case
behaviors is essential when devising operating logic for their
control. Indeed, if resource allocation is not properly con-
strained, the sequential RAS will attain resource allocation
states from which additional allocation-deallocation of some
subset of resources is not possible. This situation is highly
undesirable, because resource allocation stalls, the involved
processes and the resources they hold are idle, and outside
intervention to resolve and reset the system is required.
Liveness enforcing supervision seeks to avoid these situations
and maintain completely smooth operation by imposing an
appropriate supervisory control policy.
2 Journal of Control Science and Engineering
Reveliotis et al. [1] present a taxonomy for sequential
RAS based on the structure of the allocation requests
associated with various processing stages. This taxonomy
includes (i) single-unit (SU) RAS, which admits only linearly
ordered process sequences with resource requests corre-
sponding to standard unit vectors, (ii) conjunctive (C) RAS,
which admits linearly ordered process flows with arbitrary
resource requests, and (iii) disjunctive/conjunctive (D/C)
RAS, which allows the process to use alternative workflow
sequences. Lower-numbered classes in the taxonomy are
specializations of the higher-numbered and therefore present
simpler behaviors which are more easily analyzed and
controlled. Indeed, many results on RAS liveness and the
synthesis of tractable liveness enforcing supervisors (LES)
have been developed for the SU-RAS class, see, for example,
[2, 3] for seminal papers. Researchers have also addressed
the problem in the context of the more general classes of D-
RAS, C-RAS, and D/C-RAS, see [4, 5] for early results. An
interesting discussion that provides a unifying perspective
for many of these results, and also highlights the currently
prevailing issues in the area, can be found in [6]. Additional
recent reviews are provided in [7, 8].
In [9], Reveliotis et al. extends the taxonomy of [1] to
include RAS with process synchronizations, that is, RAS
where a processmay consist of several subprocesses operating
independently until some synchronization stage is attained,
at which point subprocesses recombine through merging
and splitting and then continue as a new set. We shall
refer to this class of RAS as A/D-RAS (assembly/disassembly
RAS), since, in the case of manufacturing, this class covers
products with both assembly and disassembly in their
specified workflow.We notice, however, that synchronization
also commonly occurs in project management and business
workflow scenarios where finite resources must be allocated
to competing tasks, which must eventually merge and spawn
successor tasks.
From the perspective of logical analysis and control, a
major difference between the A/D-RAS and those addressed
in the taxonomy of [1] is that we can no longer quickly be
sure that the given level of resource capacities is sufficient
to complete even a single process. More specifically, since a
single process may consist of several concurrent and inde-
pendently operating subprocesses, each requesting, using,
and holding resources, there is no guarantee that resources
are of sufficient capacity to allow these subprocesses to
attain required synchronization states. In this paper, we
refer to this issue as the “quasi-liveness” problem since, by
definition, an underlying Petri net model of the A/D-RAS
will be quasi-live if, for every transition of the net (including
those representing synchronizations), there exists a sequence
of transition firings (resource allocations) that enables that
transition. In [9], it is established that the lack of quasi-
liveness in the A/D-RAS can be explained by the presence of
a particular type of deadly marked siphon in the underlying
net dynamics and that testing quasi-liveness, a rather easy
task for nets modeling the D/C-RAS, now becomes an NP-
complete problem (cf. also [10] for a formal proof on the NP-
completeness of the quasi-liveness problem in the considered
RAS class). Thus, assessing process quasi-liveness raises
important and novel research problems to be addressed
for this RAS. For quasi-live processes, an additional issue
is identifying sequences of resource allocations that enable
the involved process synchronizations. Once such sequences
have been identified, standard D/C-RAS deadlock avoidance
policies can be implemented to control concurrent allocation
of resources across several concurrently operating processes.
We note that in [11], Xie and Jeng also study resource
allocation in systems with synchronizations by analyzing a
class of ordinary Petri nets called extended resource control
nets (ERCN). More specifically, they develop structural
characterizations for the ERCN quasi-liveness and liveness
that are based on the notion of empty siphons. In other work,
Wu et al. [12] model assembly/disassembly processes using
resource-oriented Petri nets. Based on themodels, a deadlock
control policy is proposed and proved to be computationally
efficient and less conservative than the existing policies in
the literature. Hsieh [13] develops a subclass of Petri net
models called nonordinary controlled flexible assembly Petri
nets with uncertainties for assembly systems and studies their
robustness to resource failure. Hu et al. [14] proposes a
class of Petri nets to study automated manufacturing systems
with either flexible routes or assembly operations. Using
structural analysis, the authors show that liveness of such
systems can be attributed to the absence of under-marked
siphons.
Our work, on the other hand, places more emphasis
on the associated design and control problems, seeking
first to find resource levels that guarantee quasi-liveness
and then to find resource allocation sequences that enable
synchronization transitions. In [15, 16], we model the A/D-
RAS using a subclass of Petri nets known as Generalized Aug-
mentedMarked Graphs (G-AMG). Based upon the notion of
reachability graph, we present an algorithm that determines
the quasi-liveness of a process subnet by enumerating all
execution sequences that are resource-enabled under the
considered resource availability; if the net is quasi-live, there
will be at least one sequence that leads to process completion.
For a quasi-live process, the reachability graph provides com-
plete information about the resource allocation sequences
that can be used. Since the graph is exponential in size, it
is generally necessary to select a smaller subset of sequences
to use for supervision. Based on the work presented in
[15, 16], Choi [17] develops a mixed integer program that
selects a small subset of process completing sequences for the
development of liveness enforcing supervisors. This defines a
manageable set of realizable behaviors the system can exhibit.
The subset is selected such that a performance controller,
posed as aMarkov decision process, has the greatest potential
to optimize system performance.
In this paper, we seek to develop more tractable methods
of identifying process completing sequences for certain
subclasses. More specifically, we define a special case of G-
AMG, called G-AMGA, which models a RAS comprising
only “assembly” or merging operations. For RAS modeled
by G-AMGA’s, we develop two necessary conditions for
quasi-liveness which provide quick tests. We also develop
a polynomial net reduction algorithm that can be used to
compute resource levels sufficient to assure quasi-liveness.
Journal of Control Science and Engineering 3
We then turn our attention to the more restricted subclass
of G-AMGA, G-AMGASU, in which resource allocation is
of the single-unit type. For this class, we develop resource
bounds that guarantee polynomial quasi-liveness. We also
present a polynomial algorithm for computing resource-
feasible sequences when the resource bounds are met.
We organize the remainder of the paper as follows.
Section 2 presents and discusses our A/D-RAS model.
Section 3 develops the necessary conditions, the sufficient
condition, and the net reduction algorithm for generating
a process completing sequence for the G-AMGA. Section 4
develops sufficient resource bounds along with a polynomial
algorithm for generating process completing sequences in
assembly systems with single unit resource allocation, G-
AMGASU. Finally, Section 5 provides concluding remarks and
discusses future research.
2. The G-AMG Model for the A/D-RAS
References [9, 12] formally define the G-AMG structure for
the A/D-RAS. For completeness, the Appendix repeats this
definition. Figure 1 provides an example of a G-AMGprocess
net.
Note from Figure 1 that the net has an initial place, p0,
marked with a single token. This represents the uninitiated
process. The initial transition, tI , serves as the order release
transition, which initiates production of the five subpro-
cesses. The places of tI•, call this set PI , hold the released
subprocess orders. No resources are allocated to subprocesses
in PI , that is, tI merely releases orders for the subprocesses it
does not allocate resources. This is indicated by the zero need
vector associate with places in PI .
We use PS to represent the set of places that model
processing operations, typically those with nonzero resource
need, and TS to represent those transitions that allocate-
deallocate resources. Thus, resource places are only con-
nected to transitions in TS. Note that the sequential logic
underlying the execution of the set of subprocesses is
expressed by the induced subnet PS ∪ TS.
Places of PS are labeled with resource need for three
resource types. We do this to simplify the figure. In fact, each
resource type has its own place (the set of resource places is
PR) and is marked with a number of tokens representing its
capacity (we will denote the capacity or resource, ri, as Ci).
Consider Figure 2, illustrating the connectivity for resource
r1. The weight W(r1, t1) = 1 represents the number of units
of r1 requested by the subprocess at t1. The needs of a process
place p ∈ Ps with respect to some resource ri ∈ PR, are
expressed by the value of ui(p), where ui is the p-semiflow
introduced by item 5 of Definition A.11.
Note that resource types support the execution of the
different requesting subprocesses in a reusable fashion, that
is, their utilization does not diminish their capacity.
Firing of t7 ∈ TS represents the completion of the pro-
cess. This event deallocates all resources and places a token
in the final completion place, pF ∈ PF . When this happens,
the final transition, tF , which signals process completion, is
allowed to fire and a new process release is enabled. Only
000 000 000 000 000
000
222
122 202 211 333
242
t1 t2
t5
t3
t6
t7
tI
tF
p0
pF
PI
t4
PF
PS
∩
TS
Figure 1: Process net with needs for three resource types.
t5
1
000 000 000 000
222
122 202 211 333
242
000
1 2
2
3
3
t1 t2 t3 t4
r1
t6
Figure 2: Token flow relation for resource 1.
places of PF provide input to tF , tF is the only input of p0,
and p0 is the only output of tF . Also, p0 is the only input of
tI , and tI is the only output of p0. Finally, tI is the only input
of places in PI , and these places connect to transitions in TS.
Since the process net (without resource places) is a
marked graph, each place in {p0} ∪ PI ∪ PS ∪ PF has exactly
one input and one output. This implies that processes can
exhibit concurrency and synchronization but not choice. To
be well-defined, we require that the process net be strongly
connected. Finally, we will say that P = {p0} ∪ PI ∪ PS ∪
PF ,T = {tI , tF} ∪ TS,N = P ∪ T and NR = (P ∪ PR)∪ T . To
summarize, we have the following notation.
p0: Initial process place. The initial marking of p0 speci-
fies the maximum number of concurrently executing
processes.
PI : Places that hold subprocesses ready to begin process-
ing.
PS: Places where processing occurs. These typically have
associated resource needs.
PF : Places holding the completed process.
PR: The set of resource places.
P: {p0}∪ PI ∪ PS ∪ PF , all places except resource places.
tI : The “order release” transition.
TS: Transitions that allocate-deallocate resources and
that synchronize, merge, or split subprocesses.
tF : The “process completion” transition.
T : {tI , tF} ∪ TS the set of transitions.
4 Journal of Control Science and Engineering
W(r, t): The number of units of resource r requested at tran-
sition t.
N : P ∪ T , the process net without resources.
NR: (P ∪ PR)∪ T , the process net with resources.
As previously stated, the Appendix (Definition A.11) pro-
vides the formal definition.
As mentioned in the introduction, assessing the quasi-
liveness of the G-AMG is NP-complete [10]. Thus, deter-
mining whether or not a given process has a sequence
of transition firings (resource allocations) that enables tF
requires super-polynomial computation in the general case.
Detailed discussions on quasi-liveness and related issues for
the general case can be found in [12, 14].
In this paper, we investigate live resource allocation for
assembly systems only; that is, we impose that for all t ∈
TS ⊆ NR, t • ∩PS is a singleton. In Section 3, we develop
conditions that provide quickly computable tests on quasi-
liveness. In Section 4, we develop polynomial methods for
resolving quasi-liveness and generating feasible resource
allocation sequences for assembly systems with single unit
resource allocation.
3. The G-AMGA Model for the A-RAS
This section develops results for the subclass, referred to as
G-AMGA, of A/D-RAS systems restricted to assembly only
(A-RAS). In other words, systems in G-AMGA ⊆ G-AMG
have subprocess merging but no splitting. For this subclass of
systems, N is restricted as follows: for all t ∈ TS, |t • ∩PS| =
1. Thus, a transition (other than tI) can perform no splitting
operation; that is, there is no disassembly. For this subclass,
we develop a set of quick tests for quasi-liveness based on
necessary conditions and sufficient conditions. The necessary
conditions are based on local tests of “place concurrence”
for each synchronizing transition. If these conditions are
not met, then the net is not quasi-live. If these tests do not
indicate lack of quasi-liveness, we then perform a polynomial
sufficiency test, that, if met, guarantees quasi-liveness and
provides resource enabled execution sequences.
3.1. Necessary Conditions for A-RAS. Consider an NR. Let
TSynch be the set of transitions that synchronize subprocesses,
that is, TSynch = {t ∈ TS : | • t ∩ PS| > 1}. For example, in
Figure 1, TSynch = {t5, t6, t7}. We note that for each t ∈ TSynch,
all places in •t ∩ PS must be simultaneously marked for
synchronization to occur. Further, there must exist sufficient
remaining unallocated resources to fire the synchronization
once these places are marked. For example, in Figure 1,
for t5 to be process enabled, it is necessary that the three
subprocesses synchronized at t5 are simultaneously allocated
a total of three units of resource type, r2. To resource enable
t5, one additional unit of r2 is required. Thus, if the capacity
of r2 is less than three, t5 cannot be process enabled, and
if the capacity of r2 is less than four, t5 cannot be both
process and resource enabled. Thus, as illustrated by this
example, if there exists t ∈ TSynch and resource, ri, such that
W(ri, t) +
∑
p∈•t∩PS ui(p) > Ci, where Ci is the capacity of ri,
then NR cannot be quasi-live.
This is our first necessary condition that resource capacities
must be sufficient to be both process enabled and resource
enabled t ∈ TSynch.
Further, note that transitions t5 and t6 must be fired to
process-enable t7. Since we fire only one transition at a time,
these must be fired in some order. Suppose t6 is fired before
t5. Then the subprocess at place t6 • ∩PS will be assembled
and holding two units of r3 after firing t6. Then to fire t5,
subprocesses at •t5 ∩ PS will need to be holding five units of
r3. Thus, r3 must have at least seven units of capacity if t6 fires
before t5.
On the other hand, if t5 is fired before t6, then the
subprocess at place t5 • ∩PS will be assembled and holding
two units of r3. Then to fire t6, the subprocess at •t6∩PS will
need to be holding three units of r3. Thus, r3 must have at
least five units of capacity if t5 fires before t6. Clearly, if r3 has
capacity four, the net is not quasi-live. If r3 has capacity five
or six, t5t6 is resource enabled but t6t5 is not. If r3 has capacity
seven or greater, both sequences are resource enabled.
More generally, suppose t ∈ TSynch has K subprocess
input places, that is, K = | • t ∩ PS|. Since N is a marked
graph, each p ∈ •t ∩ PS will have only one input transition.
Since N is assembly only, each p ∈ •t ∩ PS will have a
unique input transition. Thus, to process enable t, these K
transitions will have to be fired in some order.
Let •t ∩ PS = {p(1), p(2), . . . , p(K)} and let • • t =
{t(1), t(2), . . . , t(K)}, where •p(1) = {t(1)}, •p(2) = {t(2)},
and so forth. Firing t(1) marks p(1), firing t(2) marks p(2),
and so forth. When {p(1), p(2), . . . , p(K)} are all marked, t
is process enabled. With unlimited resources, there are K !
possible firing sequences for {t(1), t(2), . . . , t(K)} that process-
enable t (assuming each is fired only once). However, with
finite resource capacities, some (possibly all) of the firing
sequences might be infeasible. For example, in Figure 1, if r3
has capacity six, then the firing sequence t6t5 is not possible,
although t5t6 is.
Let σk be the set of partial firing sequences of
{t(1), t(2), . . . , t(K)} of length k ≤ K (again assuming that each
transition will occur at most once in any sequence of σk).
Note that σ ∈ σk marks k places of •t ∩ PS and leaves K − k
unmarked. If there exists k < K such that for every marked
k-subset of {p(1), p(2), . . . , p(K)}, all input transitions to the
unmarked (K − k)-complement are resource disabled, then
NR cannot be quasi-live.
Putting more formally, let Sk be a k-subset of {p(1),
p(2), . . . , p(K)}, that is, Sk ⊆ {p(1), p(2), . . . , p(K)} such that
|Sk| = k. Note that there are
( |•t∩PS|
k
)
total k-subsets of
•t ∩ PS ={p(1), p(2), . . . , p(K)}. If ∃k < K such that for all
Sk ⊆ •t∩PS, for all p ∈ (Sk)c = (•t∩PS) \ Sk, ∃ri such that∑
p∈Sk ui(p) + W(ri,•p) > Ci, then NR cannot be quasi-
live.
This is our second necessary condition that resource
capacities must be sufficient to fire all the input transitions to
subprocess input places of t ∈ TSynch.
Algorithm 1 checks these necessary conditions. The algo-
rithm starts with a For loop that tests every synchronization
Journal of Control Science and Engineering 5
For every t ∈ TSynch
//Check for violations of the first necessary condition
Find ri such that W(ri, t) +
∑
p∈•t∩PS ui(p) > Ci
If successful, return Not Quasi-live
//Check for violations of the second necessary condition
Else k = 1
While k < K = | • t ∩ PS|
subset count = 0
For each Sk ⊆ •t ∩ PS
place count = 0
For each p ∈ (Sk)c
Find ri st
∑
p∈Sk ui(p) + W(ri,•p) > Ci
If successful, place count++
End For
If place count = |(Sk)c|, subset counter++
End For
If subset count =
( |•t∩PS|
k
)
, return Not Quasi-live
k + +
End While
End For
Return Unknown
Algorithm 1
transition for violations of the two necessary conditions. The
first check is for necessary condition 1, where the resources
required to process-enable plus the resources required to
resource-enable the synchronization are compared to the
resource capacities. If a violation is found, then the net
cannot be quasi-live, and the algorithm terminates by
returning not quasi-live.
If no violation of the first necessary condition is found,
then the algorithm initiates a While loop for testing the
second condition. The first step is to initialize a subset
counter, which, for the given synchronization transition,
counts the number of k-subsets of the process input places
that violate the second necessary condition. If it found that
all k-subsets violate the second necessary condition, that is,
subset count = total number of k-subsets, then the algorithm
terminates by returning not quasi-live.
Note that the inner For loop determines whether a
given k-subset violates the second necessary condition or
not. It does this by checking all the places in the (K-k)-
complement to see if their input transitions are resource
enabled. If none is, then none of these places can be marked,
and the synchronization cannot be process enabled by first
marking the k-subset and then firing the input transitions
of the (K-k)-complement. If this is true for a k-subset, then
that k-subset violates the second condition and the counter,
subset count, is incremented. Again, if we find k < K such
that all k-subsets violate the second necessary condition,
that is, subset count = total number of k-subsets, then the
algorithm terminates by returning not quasi-live.
Consider an example assembly system depicted in
Figure 3. Assume that 〈C1,C2,C2〉 = 〈2, 4, 1〉. We have both
t10 and t12 in TSynch. Checking t10 for the first necessary
condition, we have 0 + (0 + 0 + 1) = 1 ≤ 2 = C1 for r1, 2 +
(1 + 0 + 0) = 3 ≤ 4 = C2 for r2, and 0 + (0 + 1 + 0) = 1 ≤
1 = C3 for r3, resulting in no violation. A similar check finds
that t12 does not violate the first necessary condition.We now
check t10 for the second necessary condition. For S1 = {p3},
we have (0) + 0 = 0 ≤ 2 = C1 and (0) + 1 = 1 ≤ 2 = C1 for
r1, (1) + 0 = 1 ≤ 4 = C2 and (1) + 0 = 1 ≤ 4 = C2 for r2,
and (0) + 1 = 1 ≤ 1 = C3 and (0) + 0 = 0 ≤ 1 = C3 for r3.
Hence, there is no violation. Similar checks for S1 = {p6} and
S1 = {p9} reveal that there is no violation. For S2 = {p3, p6},
we have (0 + 0) + 1 = 1 ≤ 2 = C1 for r1, (1 + 0) + 0 = 1 ≤
4 = C2 for r2, and (0 + 1) + 0 = 1 ≤ 1 = C3 for r3; as a
result, the condition is not violated. Similarly, S2 = {p3, p9}
and S2 = {p6, p9} yield no violation. Therefore, t10 does not
violate the second necessary condition. Likewise, t12 does not
violate the second necessary condition either.
We note that Algorithm 1 enumerates all subsets of the
input places for each synchronization transition, and thus,
in the strictest sense, this check is of exponential complexity.
However, we expect that the number of subprocesses com-
bined at any synchronization will be sufficiently small so that
the total computation of Algorithm 1 will be quite small in
comparison to the complete enumeration of the reachability
graph in [12, 14], and therefore the check is worthwhile.
If no violations of either of the necessary conditions are
found, then the quasi-liveness remains unverified that is,
we cannot say whether the net is quasi-live or not. In the
following section, we will develop a sufficient condition for
quasi-liveness and an algorithm, for generating a process
completing sequence based on this sufficient condition.
3.2. Sufficient Condition Test for Quasi-Liveness of the
A-RAS. This subsection develops a sufficiency test for
the G-AMGA model. This test makes use of reduc-
tions performed on two types of structures contained
in the G-AMGA. In Figure 3, consider the three net
segments: {tI , p1, t1, p2, t2, p3, t10}, {tI , p4, t4, p5, t5, p6, t10},
and {tI , p7, t7, p8, t8, p9, t10}. These three represent the
sequential processing steps of the three subprocesses marking
places {p1, p4, p7} ⊆ PI that synchronize at t10. Any
interaction between the three subprocesses is strictly limited
to resource competition. Otherwise their processing up to t10
is independent, possibly concurrent, depending on resource
capacities.
We note the following.
(1) The subprocess of p1 requires a total allocation of
〈1, 1, 0〉 in order to reach p3, where it will release the
unit of r1 and will hold the unit of r2.
(2) The subprocess of p4 requires a total allocation of
〈0, 1, 1〉 in order to reach p6, where it will release the
unit of r2 and will hold the unit of r3.
(3) The subprocess of p7 requires a total allocation of
〈1, 0, 1〉 in order to reach p9, where it will release the
unit of r3 and will hold the unit of r1.
Thus, if we have sufficient resources to simultaneously
allocate 〈1, 1, 0〉 to the first subprocess, 〈0, 1, 1〉 to the
second, and 〈1, 0, 1〉 to the third, then we are sure that
the three subprocesses can reach the synchronization stage.
6 Journal of Control Science and Engineering
100 010
010 001
030
000 000
001
211
000
100
000
000
t2 t5
tI
t1
p2
p3
p1 p4
p5
p6
t4
t8
t10
p10
t7
t12
p11
pF
tF
p9
p8
p7
p12
t11
Figure 3: Example assembly system.
Thus, we say that if 〈C1,C2,C2〉 ≥ 〈1, 1, 0〉+〈0, 1, 1〉+〈1, 0, 1〉
= 〈2, 2, 2〉, then resource capacities are sufficient to process-
enable the synchronization at t10.
We refer to a structure such as {tI , p1, t1, p2, t2, p3, t10} as
a Type-I structure; that is, a Type-I structure is a segment 〈tI ,
p(1), t(1), p(2), t(2), . . . , t(k−1), p(k), t〉 of N , where
(1) p(1) ∈ tI•,
(2) {p(1), . . . , p(k)} ⊆ P (recall, P = {p0}∪PI ∪PS∪PF),
(3) •t( j) ∩ P = {p( j)},
(4) t ∈ TSynch,
(5) k > 2.
The first condition states that p(1) is an output place of tI ;
the second states that all places are nonresource places; the
third states that none of the intermediate transitions are
synchronizations; the fourth states that the last transition is
a synchronization; and the last states there are at least three
places in the structure.
Thus, a Type-I structure of N is a path in N with at least
three places that begins with tI , ends with a synchronization,
and has the property that all intermediate transitions are not
synchronizations.
Now, consider the Type-I structure, {tI , p1, t1, p2, t2,
p3, t10}, in Figure 3. Suppose we reduce it as follows:
(1) delete p2 and t2 and all corresponding edges;
(2) insert edge 〈t1, p3〉;
(3) set the resource need vector associated with p3 to the
component-wise maximum of the need vectors of all
places in the Type-I structure, that is, the component-
wise maximum of {〈0, 0, 0〉;〈1, 0, 0〉;〈0, 10〉} = 〈1,
1, 0〉.
Applying this reduction to the three Type-I structures in the
example yields the resulting net shown in Figure 4. Note that
the net now contains no Type-I structure.
More formally, let ρ1 represent a Type-I reduction on net
N , and let ρ1(N) be the resulting net. Then ρ1 applies the
following actions to N .
Resource Bound Update. For each Type-I structure 〈tI , p(1),
t(1), . . . , t(k−1), p(k), t〉, assign Ψi(p(k)) = max{ui(p( j)) : j =
1 . . . k}, i = 1 . . . |PR|, and letΨk denote the vector 〈Ψi(pk) :
i = 1 . . . |PR|〉.
Net Reduction. Delete {p(2), t(2), . . . , p(k−1), t(k−1)} and the
associated arcs. Add arc (t(1), p(k)).
Note that Ψi(p(k)) retains the maximum usage of
resource, ri, along the Type-I structure. Thus, the resource
bound associated with the undeleted place, p(k), will be the
number of units of each resource required for the subprocess
to reach the synchronization transition.
We note that all Type-I structures can be found in
number of steps polynomial in places and transitions. We
now proceed to our second reduction.
Now consider net segments {〈tI , p1, t1, p3, t10〉, 〈tI , p4, t4,
p6, t10〉, 〈tI , p7, t7, p9, t10〉} of Figure 4. We refer to this struc-
ture as a Type-II structure, that is, a set of at least two parallel
segments, starting at tI , with two intermediate places, and
ending at t ∈ TSynch.
More formally, a Type-II structure is composed of m > 1
parallel segments in N ending in t ∈ TSynch:
1. 〈tI , p(11), t(11), p(12), t〉
2. 〈tI , p(21), t(21), p(22), t〉.
...
...
m. 〈tI , p(m1), t(m1), p(m2), t〉
such that {p(11), . . . , p(m1)} ⊆ tI• and p(i1) /= p( j1) for i /= j.
A Type-II reduction, ρ2, is similar to the Type-I reduction
in that it applies a bound update and then a net reduction.
We first illustrate the bound update and reduction and then
state it more formally.
To understand the next bound update, consider the nets
of Figure 5. Each place in (a) is labeled with resource need.
To mark p3, we require 〈121〉 units for resources r1, r2 and
r3, thus, in (b), Ψ3 = 〈121〉. Similarly, Ψ6 = 〈223〉 and Ψ9 =
〈412〉 for places p6 and p9, respectively, as shown in (b).
Places in (b) are also labeled with their original resource
needs, u3, u6, and u9. Now, for p3, p6, and p9, consider
δi(pk) = Ψi(pk) − ui(pk). We refer to δi(pk) as the “return”
of resource, ri, by the corresponding subprocess. Letting let
δk denote the vector 〈δi(pk): i = 1 · · · |PR|〉, we have δ3 =
〈012〉, δ6 = 〈213〉, and δ9 = 〈410〉, as shown in Figure 5(b).
Sort the places {p3, p6, p9} by decreasing return for r1.
Then we have ordered set 〈p9, p6, p3〉 since 4 ≥ 2 ≥ 0. In
5(a), if we first mark p9, then p6, and finally p3 according
to the firing sequence σ = t5t6t3t4t1t2, the following capacity
constraints must be met (note that C is the resource capacity
vector):
Journal of Control Science and Engineering 7
000
030
000
110 011 101
000 000 000
211
tI
t1
p3
p1 p4
p6
t4
t10
p10
t7
t12
p11
tF
p9
p7
p12
t11
pF
Figure 4: Resulting net with Type-I reductions.
Ψ9 = 〈412〉 ≤ C,
Ψ6 + u9 = 〈223〉 + 〈002〉 = 〈225〉 ≤ C,
Ψ3 + u9 + u6 = 〈121〉 + 〈002〉 + 〈010〉 = 〈133〉 ≤ C.
Taking the component-wise max across these constraints
yields 〈435〉 ≤ C. Thus, 〈435〉 is necessary and sufficient to
execute σ = t5t6t3t4t1t2. We will refer to σ as a “serialized”
firing sequence, since it advances the Type-I subprocesses to
the synchronization transition one at a time. In other words,
a serialized firing sequence does not allow parallel Type-I
subprocesses to process in parallel. We refer to the computed
bounds as serialized bounds.
Note that if we sort {p3, p6, p9} in any other way, say
〈p6, p3, p9〉, we get a different serialized firing sequence for
marking the places and a different set of resource bounds (in
this case, t3t4t1t2t5t6 and 〈533〉, resp.). The bound for r1 can
be no smaller, although the bounds for r2 and r3 might be
tighter. This is established by the following lemma.
Lemma 1. Let pj and pk be two places in a Type-II structure,
where δi(pj) and δi(pk) are the returns of resource ri for pj and
pk. If δi(pj) ≥ δi(pk), then max(Ψi(pk),Ψi(pj) + ui(pk)) ≥
max(Ψi(pj),Ψi(pk) + ui(pj)).
Before going to the proof, note (recall) the following:
(1) ui(pj) is the need (number of units held) of ri at pj ;
(2) Ψi(pk) is the maximum need for ri along the Type-I
structure leading to pk;
(3) given that the jth subprocess has advanced to pj ,
Ψi(pk) + ui(pj) is a lower bound on the number of
units of ri required to advance the kth subprocess
from its place in PI to pk;
(4) given that the jth and kth subprocesses are both at
their initial places in PI , max(Ψi(pj),Ψi(pk) + ui(pj))
is a lower bound on the number of units of ri required
to first advance the jth subprocess to pj and then the
kth subprocess to pk.
Proof. By assumption δi(pj) ≥ δi(pk). Further, Ψi(pj) ≥
δi(pj), since the jth subprocess cannot return more of ri than
it is allocated.
Then, Ψi(pj)− δi(pk) ≥ 0;
Ψi(pj)−Ψi(pk) + ui(pk) ≥ 0;
Ψi(pj) + ui(pk) ≥ Ψi(pk).
Thus, max(Ψi(pk), Ψi(pj) + ui(pk)) = Ψi(pj) + ui(pk).
Now, since ui(pk) ≥ 0, we have Ψi(pj) + ui(pk) ≥ Ψi(pj);
and Ψi(pj) + ui(pk) = Ψi(pj) +Ψi(pk)− δi(pk);
Ψi(pj) + ui(pk) ≥ Ψi(pj) +Ψi(pk)− δi(pj);
(since δi(pj) ≥ δi(pk))
Ψi(pj) + ui(pk) ≥ Ψi(pk) + ui(pj).
Thus, max(Ψi(pk),Ψi(pj)+ui(pk)) ≥ max(Ψi(pj),Ψi(pk)+
ui(pj)).
The point is to show that if we advance the subprocesses
serially; that is, one at a time, from their places in PI to their
synchronization transition, in order of decreasing return
of ri, then we will minimize the need for ri in the serial
advancement.
We can now formally state the bound update and net
reduction. To understand the subscripts, please refer to the
definition of a Type-II structure given above. Our approach
is to identify a critical resource, rc, perhaps one that is most
constraining or most expensive, and compute bounds for
Type-II reductions using the returns for rc as a sorting key
in ordering the corresponding subprocesses.
Resource Bound Update for Critical Resource, rc
For a Type-II structure
Let δi(p( j2)) = Ψi(p( j2)) − ui(p( j2)), j = 1, . . . ,m,
i = 1, . . . , |PR|
Sort {p(12) · · · p(m2)} by decreasing δc(p( j2))
Let Γ = 〈p1, . . . , pm〉 be the sorted set
For i = 1, . . . , |PR|
Set Ψi(p(12)) to max{Ψi(pt) +
∑t−1
j=1 ui(p j) : t =
1, . . . ,m}
End For
End For
Net Reduction. Delete {p(21), t(21), p(22); . . . ; p(m1), t(m1), p(m2)}
and the associated arcs.
Subsequently, let ρ2(N) denote the net resulting from
a Type-II reduction having been applied to N ; that is, in
ρ2(N) all Type-II structures have been reduced. Clearly, all
Type-II structures in a net can be found in number of steps
polynomial in places and transitions.
Let us now apply a Type-II reduction to the net of Figure
4. Assuming that r1 is the critical resource, we obtain the
resulting net depicted in Figure 6 (note that a new Type I
structure has emerged).
Lemma 2 guarantees the computed bounds are sufficient
for some serialized firing sequence.
8 Journal of Control Science and Engineering
000 000 000
121 223 411
100 010 002
t2
t5
tI
t1
p2
p3
p1 p4
p5
p6
t4
p9
p8
p7
t3
t j
t6
(a)
tI
p3 p6 p9
p1 p4 p7
t5t1 t3
t j
u3 = 100
ψ3 = 121
δ3 = 021
u6 = 010
ψ6 = 223
δ6 = 213
u9 = 002
ψ9 = 412
δ9 = 410
(b)
Figure 5: Example for Type-II bound update.
tI
p3
p1
p10
t12
p11
tF
p12
t11t1
t10
030
122
000 000
000
211
pF
Figure 6: Resulting net with a Type-II reduction.
Lemma 2. Suppose N ∈ G-AMGA with m Type-I structures
connecting tI and t j ∈ TSynch, 〈tI , p(11), t(11) . . . p(1k), t j〉,
〈tI , p(21), t(21) . . . p(2n), t j〉, . . ., and 〈tI , p(m1), t(m1) . . . p(mp), t j〉.
Then Ψ(1k) = {Ψh(p(1k)) : h = 1, . . . , |PR|} in ρ2ρ1(N) is a
sufficient resource level to enable a firing sequence of N that
marks {p(1k), p(2n), . . . , p(mp)}.
Proof. It is clear that Ψ(1k) in ρ1(N) enables σ1 =
t(11)t(12) . . . t(1,k−1) in N , Ψ(2n) in ρ1(N) enables σ2 =
t(21)t(22) . . . t(2,n−1) in N , and so forth. Now ρ1(N) will
contain Type-II structure {〈tI , p(11), t(11), p(1k), t j〉, 〈tI , p(21),
t(21), p(2n), t j〉, . . . , 〈tI , p(m1), t(m1), p(mp), t j〉}. Before doing
the Type-II reduction, we sort {p(1k), p(2n), . . . , p(mp)}
based on the return of critical resource, rc (perhaps
arbitrarily chosen), δc(p) = Ψc(p) − uc(p), and let
〈p1p2, . . . , pm〉 be the sorted set, in order of decreasing
return. Then, if the resource capacities satisfy the
following constraint set: {Ψ1 ≤ C,Ψ2 + u1 ≤ C, Ψ3+
u1 + u2 ≤ C, . . . ,Ψm + u1 + · · · + um−1 ≤ C} in N ,
we can first fire σ1 and mark p1, next fire σ2 and
mark p2, and so forth. Thus, by updating Ψ(1k) with
the component-wise maximum of {Ψ1 ≤ C, Ψ2 + u1 ≤ C,
Ψ3 + u1 + u2 ≤ C, . . . , Ψm + u1 + · · · + um−1 ≤ C} before
the Type-II reduction, we assure that Ψ(1k) in ρ2ρ1(N) is
a sufficient resource level to enable the firing sequence
σ1σ2, . . . , σm in N .
We will now establish some necessary properties for these
reductions. We note that the reductions are defined on N
and not on NR ∈ G-AMGA. For the sake of brevity, we will
use the notation “N ∈ G-AMGA implies ρ(N) ∈ G-AMGA”
to indicate that a reduction preserves the class defining
structure of the process flow. Note that in the strictest sense,
ifNR ∈ G-AMGA andN is the corresponding process subnet,
then N ∈ G-AMGA, since it represents a valid process flow
with no resource requirements.
Lemma 3. N ∈ G-AMGA implies ρ1(N) ∈ G-AMGA.
Proof. SupposeN has no Type-I structure. Then, ρ1(N) = Ni
and hence N ∈ G-AMGA. Suppose N has a Type-I struc-
ture 〈tI , p(1), t(1), p(2), . . . , t(k−1), p(k), t(k)〉. In ρ1(N), this
structure is transformed to 〈tI , p(1), t(1), p(k), t(k)〉. Since
{p(1), t(1), p(2), . . . , t(k−1), p(k)} are connected to the rest of
N through tI and t(k) only, the reduction is local and all
other places, transitions, and arcs remain intact. Thus N ∈
G-AMGA implies ρ1(N) ∈ G-AMGA.
Lemma 4. N ∈ G-AMGA implies ρ2(N) ∈ G-AMGA.
Journal of Control Science and Engineering 9
Proof. Suppose N has no Type-II structure. Then,
ρ2(N) = N and thus N ∈ G-AMGA. Suppose N has a
Type-II structure {〈tI , p(11), t(11), p(12), t j〉, 〈tI , p(21), t(21),
p(22), t j〉 · · · 〈tI , p(m1), t(m1), p(m2), t j〉}. In ρ2(N), the m
parallel sequences are transformed into the single sequence,
〈tI , p(11), t(11), p(12), t j〉. As before, all other places and
transitions remain intact, and thus N ∈ G-AMGA implies
ρ2(N) ∈ G-AMGA.
The above two lemmas establish that ρi: G-AMGA →
G-AMGA, i = 1, 2. Note that for any N ∈ G-AMGA, p0 ∈ P
and PI ∪ Ps ∪ PF /=∅, {tI , tF} ⊆ T , {(p0, tI), (tF , p0)} ⊆
W , tI • /=∅, •tF /=∅, and there is a path from tI to tF .
Let ℵ = {{p0, p(1)}, {tI , tF}, {(p0, tI), (tI , p(1)), (p(1), tF),
(tF , p0)}, {1, 0}}. It is clear that ℵ ∈ G-AMGA and that ρi
will not affect ℵ, since ℵ has no Type-1 or Type-2 structure.
We refer to ℵ as “irreducible.”
Lemma 5. If N ∈ G-AMGA and N /=ℵ, then there exists a
Type-I or Type-II structure in N .
Proof. Suppose that N is not irreducible. Then TS /=∅.
Suppose that there exists neither Type-I structure nor Type-
II structure. Then, since no Type-I structure exists, every
tu ∈ TS is a synchronization. This implies that |tI • | > 1,
otherwise there are no subprocesses to synchronize. Since
no Type-II structure exists, for every pair (pj , pk) ⊆ tI•,
pj • /= pk•. This implies that for every pj ∈ tI•, ∃ pu /∈
tI• such that pj and pu synchronize at pj•. Note that there
must be a path from tI to pu, and the first node of this
path, say pv, must be in tI•. Further, the synchronization
transition, pv•, must fire before pu can be marked. Thus,
for every pj ∈ tI• there exists pv ∈ tI• such that pv• must
be enabled and fired before pj• can be enabled and fired.
Since tI• is finite, this implies a cyclic dependency among
the transitions of tI • •, which contradicts the implication of
Definition A.11 that every cycle of N passes through p0.
With these results, the following theorems are now
straightforward.
Theorem 1. For everyN ∈ G-AMGA, there is a finite sequence
of reductions that maps N to irreducible form. Further, sequence
length is O(|PS|).
Proof. Suppose N ∈ G-AMGA is not in irreducible form.
Then, it can be reduced by the following algorithm, which
will return the required sequence of reductions:
Set η = N , ρ = ε (empty string)
While η /=ℵ
η = ρ2(ρ1(η))
ρ = ρ2ρ1ρ (concatenation)
End While
Return ρ
Note that if η is not irreducible, then ρ2(ρ1(η)) has fewer
places than η. Since N has finite places, the While will
terminate in a finite number of steps not larger than |PS|
since each iteration will eliminate at least one place.
In the following, we will let (ρ2ρ1)
n(N) denote the net
that results after the Type-I/Type-II reduction sequence has
been applied n times.
Theorem 2. For everyN ∈ G-AMGA, let η = (ρ2ρ1)n(N) and
suppose that pj has survived at least one update to Ψ j without
being deleted. Then Ψ j is sufficient to enable a firing sequence
in N that enables pj•.
Proof. Suppose pj has been involved in Type-I and Type-II
structures over the n reductions and is the surviving place
of those reduced structures. By the induction hypothesis,
Ψ j is sufficient to enable a firing sequence in N that
enables t j = pj•, say σ . Note that in η, •pj = {tI}
and pj is in a Type-I structure (assuming t j /= tF), since
it is the lone input to t j and t j • /=∅. (To see this,
recall that since ρ2 is performed after ρ1, η has no Type-II
structures.) Let 〈tI , pj , t j , p(2), t(2) . . . t(k−1), p(k), t(k)〉 be
this Type-I structure in η. On subsequent Type-I reduction,
Ψh(p(k)) = max{Ψh(pj),Ψh(p(2)), . . . ,Ψh(p(k))}, for h =
1, . . . , |PR|, then {p(2), . . . , pi(k−1)} will be deleted, along
with corresponding arcs and arc (t j , p(k)) will be added.
Thus, Ψ(k) will be sufficient for firing sequence στ =
σtj t(2) . . . t(k−1), which marks p(k).
Now, consider ρ1(η) with a Type-II structure
{〈tI , p(11), t(11), p(12), t j〉, 〈tI , p(21), t(21), p(22), t j〉 · · · 〈tI , p(m1),
t(m1), p(m2), t j〉}, where στ(1) marks p(12), στ(2) marks
p(22),. . ., and στ(m) marks p(m2). Suppose we order
{p(12), p(22), . . . , p(m2)} by decreasing return, δj = Ψ j − uj ,
and let {p1p2, . . . , pm} be the ordered set. Then, if
we let Ψ(12) be the component-wise maximum of
{Ψ1,Ψ2 + u1,Ψ3 + u1 + u2, . . . ,Ψm + u1 + · · · + um−1},
it is clear that Ψ(12) is sufficient to enable the firing sequence
στ1τ2 . . . στm, and thus after the Type-II reduction, Ψ(12) for
p(12) in ρ2ρ1(η) = (ρ2ρ1)
n+1(η) is sufficient to enable firing
sequence στ1τ2, . . . , στm in N , which enables p(1)•.
Algorithm 2 uses Type-I and Type-II reductions to com-
pute resource levels sufficient to guarantee quasi-liveness.
The algorithm starts with N , and for each process place,
defines a bounding function, Ψ, for each resource. This
bounding function is initialized to the resource need of the
place. The While loop then updates the bounding function
and applies reductions until the net is irreducible, at which
point the resource bounds are returned.
More specifically, in the first For loop, the resource bound
of the last place of each Type-I structure is updated with
the maximum resource usage along the structure. Thus, the
resource bound associated with the last place of each Type-
I structure will be the number of units of each resource
necessary for the subprocess to reach the synchronization
transition. After these updates, the net reduction is applied.
After the Type-I reduction, if the net is not irre-
ducible, at least one Type-II structure will be present.
For each Type-II structure, say {〈tI , p(11), t(11), p(12), t j〉,
〈tI , p(21), t(21), p(22), t j〉 . . . 〈tI , p(m1), t(m1), p(m2), t j〉}, the sec-
ond For loop first updates the resource bounds of the
place in the first path, 〈tI , p(11), t(11), p(12), t j〉, as illustrated
and discussed above, and then deletes the other places.
10 Journal of Control Science and Engineering
Input: N ∈ G-AMGA and critical resource, rc
Output: Serialized bounds, sequence of place markings.
η = N , ϑ = ∅ (ϑ is a last-in-first-out list)
For p ∈ PS ∪ PI ∪ PF
Ψh(p) = uh(p) for h = 1, . . . , |PR|
While η /=ℵ
For each Type-I structure 〈tI , p(1), . . . , t(n−1), p(n), t(n)〉 in η
Ψh(p(n)) = max{Ψh(p(1)), . . . ,Ψh(p(n))}, h = 1 . . . |PR|
End For
η = ρ1(η)
For a Type-II structure {〈tI , p(11), t(11), p(12), t j〉, 〈tI , p(21), t(21), p(22), t j〉 · · · 〈tI , p(m1), t(m1), p(m2), t j〉} in η
Sort {p(12), p(22) · · · p(m2)} by decreasing δc and let 〈p1, . . . , pm〉 be the sorted set
Insert 〈p1, . . . , pm〉 into ϑ
For h = 1 . . . |PR|
Set Ψh(p(12)) to
max{Ψh(pt) +
∑t−1
j=1 uj : t = 1, . . . ,m}
End For
End For
η = ρ2(η)
End While
Return {〈Ψh : h = 1 . . . |PR|〉, ϑ}
Algorithm 2
We note that before the bounds are computed for the
Type-II reduction, the places in the Type-II structure are
sorted. These sorted sets are saved on a last-in-first-out
list and returned by the algorithm since they can be used
to construct the serialized sequence which corresponds
to the computed bounds. Thus, if the serialized bounds
computed by Algorithm 2 are met, a serialized sequence can
be easily constructed and, in the strictest sense, enumeration
of the reachability graph need not occur. However, some
additional enumeration and search might be desirable, since
the serialized transition firings limit the concurrency of
subprocesses.
Consider Figure 6. The resulting net is obtained after
Type-I and Type-II reductions have been applied to the
example assembly system of Figure 3. A Type-I structure,
〈tI , p1, t1, p3, t10, p10, t12〉, can be further reduced, giving rise
to 〈tI , p(11), t(11), p(12), t12〉 with Ψ(p(12)) = 〈132〉, u(p(12)) =
〈030〉 and δ(p(12)) = 〈102〉. We now have a Type-II structure:
〈tI , p(11), t(11), p(12), t12〉 and 〈tI , p11, t11, p12, t12〉. Assuming
that r1 is a critical resource and hence a sorting key, the
Type-II structure is reduced to 〈tI , p(11), t(11), p(12), t12〉 with
Ψ(p(12)) = 〈241〉. However, if r2 is used as a sorting key
and the subprocess 〈tI , p11, t11, p12, t12〉 is executed first, then
the Type-II structure is reduced to having Ψ(p(12)) = 〈343〉.
If 〈C1,C2,C2〉 = 〈2, 4, 1〉, then the first Type-II reduction
guarantees quasi-liveness.
We note that it is possible to compute a looser set
of resource bounds that guarantees that any precedence
feasible sequence of transition firings is resource enabled by
replacing the interior of the third For loop with the following
statement:
Ψh
(
p(1)
) =
k∑
j=1
Ψh
(
p( j)
)
, h = 1 . . . |PR|. (1)
This sum guarantees that the maximum resource needs
of the corresponding subprocesses can be met simultane-
ously, and thus every sequence of transition firings will be
resource feasible. Clearly, in this case, enumeration is not
required.
4. The G-AMGASU Model for the ASU-RAS
This section studies the subclass of systems in G-AMGA
where net places have single unit resource need; that is
G-AMGASU ⊆ G-AMGA is the subclass of G-AMGA where
for all p ∈ PS,
∑m
h=1 uh(p) ≤ 1, where m = |PR| and uh being
the p-semiflow in item 5 of Definition A.11 of the Appendix.
We refer to this class as the ASU-RAS. For the ASU-RAS, we
develop resource capacity bounds for which quasi-liveness is
polynomial in the number of places and transitions in the
underlying G-AMGASU. We also develop a fast method for
finding sequences without developing the reachability graph
of the underlying G-AMGASU.
More formally, we impose the following additional
constraints on W of G-AMGA.
Definition 6. G-AMGASU is the class of nets obtained by
placing the following constraints on G-AMGA:
(1) for all tu ∈ PI•,
∑m
h=1 W(rh, tiu) = 1,
(2) for all tu ∈ TS,
∑m
h=1 W(rh, tu) ≤ 1,
(3) for all tu ∈ TS, if
∑m
h=1 W(rh, tiu) = 1, then
W(tu, rh) =
∑
p∈•tu∩PS uh(p), for h = 1, . . . ,m,
(4) for all tu ∈ TS \ •PF , if
∑m
h=1 W(rh, tu) = 0, then
Journal of Control Science and Engineering 11
m∑
h=1
W(tu, rh)=
⎛
⎝
m∑
h=1
⎛
⎝ ∑
p∈•tu∩PS
uh
(
p
)
⎞
⎠
⎞
⎠− 1, for h = 1 . . .m,
W(tu, rh) ∈
⎧⎨
⎩max
⎧⎨
⎩0,
⎛
⎝ ∑
p∈•tu∩PS
uh
(
p
)
⎞
⎠− 1
⎫⎬
⎭,
∑
p∈•tu∩PS
uh
(
p
)
⎫⎬
⎭.
(2)
The first constraint says that a subprocess must be allocated a
resource for its first processing step. The second says that no
more than one unit of one resource type may be requested
at a transition. The third says that when a unit of resource is
allocated at a transition, all resources held by the requesting
subprocesses must be returned. Finally, the fourth says that
if a transition does not allocate a resource, then the return
must be exactly one unit less than the number currently held
(except for transitions in •PF , which release all resources).
We have the following lemma.
Lemma 7. For any P ∈ PS \ (PI ∪PF), the resource need vector
is an m dimensional unit vector.
Proof. For P ∈ PS \ (PI ∪ PF) we consider the following
exhaustive cases.
Case 1. Suppose uh(p) = 0 for h = 1, . . . ,m. By (1), P /∈
PI • •, but there must be a path, say γ, from some Pu ∈
PI to P. The first transition of the path, pu•, allocates one
unit of some resource to the corresponding subprocess. Thus,
some transition along γ must deallocate all resources with no
additional allocation. This violates (4).
Case 2. Suppose uh(p) = k > 1 for some rh. Either
these k units of rh are accumulated through at least k
transitions or they result from insufficient resource release
at the firing of a synchronization transition. By (3), when
a resource is allocated to a set of requesting subprocesses,
all resources held by those subprocesses must be released.
Thus, resources cannot be accumulated through consecutive
transitions firings. By (4), if no resources are allocated at a
transition, the corresponding subprocesses must still return
all resources held except one. Thus, uh(p) = k > 1 for some
rh violates both (3) and (4).
Case 3. Suppose uh(p) = 1 and uk(p) = 1. By the logic of
Case 2, this is impossible.
Now, for NR ∈ G-AMGASU, the reversed subnet,
N
′
R, as defined in Section 3, has splitting (disassembly)
but no merging. In the following, we use N
′
R to develop
resource bounds that guarantee quasi-liveness and polyno-
mial sequence enumeration for NR. Note that tu ∈ TSynch
in NR is a disassembly transition in N
′
R. Let TSplit be the set
of disassembly transitions in N
′
R. Note that for t ∈ TSplit,
| • t ∩ PSi| = 1 and
∑m
h=1 uh(•t ∩ PS) = 1. If uh(•t ∩ PS) = 1,
we refer to rh as the “disassembly resource.” Let ThSplit = {t :
t ∈ TSplit and uh(•t ∩ PS) = 1 in N ′R}, h = 1, . . . ,m. The
set, ThSplit, collects all the disassembly transitions in N
′
R that
have rh as the disassembly resource. Since each disassembly
utilizes a single resource type, we have TuSplit ∩ TvSplit = ∅
when u /= v.
For t ∈ TS, let Γ(t) be the set of transitions in TS
reachable from t in paths of N
′
R not containing p0. Note
that for t ∈ TS, Γ(t) identifies reachable transitions that
occur later in the disassembly process. Let LThSplit= {t :
t ∈ ThSplit and ThSplit ∩ Γ(t) = ∅} and note that LThSplit
represents the set of disassembly transitions that use rh as
the disassembly resource but have no reachable transition
(without including p0) that does the same. That is, these
are disassembly transitions, which use rh, that occur latest
in the disassembly process. The following lemma guarantees
that the total token count in the set of disassembly operation
places requiring rh is no greater than |LThSplit|.
Lemma 8. Given an N
′
R, if M0(p0) = 1 and M0(p) =
0, text f or all p ∈ PS ∪ PI ∪ PF , then for every marking Mj
such that M0[ 〉Mj , Mj(•ThSplit ∩ PS) ≤ |LThSplit|.
Proof. Let N
′
be initially marked as given above. Note that
N
′
i is a strongly connected marked graph with every circuit
containing the place p0 initially marked with exactly one
token. For t j ∈ |LThSplit|, there exists a path, from tF to
t j , say τj . Note that there exists a circuit passing through
t j , say γj , such that τj is a subpath of γj . For any other
tk ∈ |LThSplit|, t j and tk are mutually unreachable except
through paths including p0. As a result, t j and tk are not in a
common circuit. This implies LThSplit circuits passing through
elements of LThSplit. Further note that for tu ∈ ThSplit \ LThSplit,
∃tv ∈ LThSplit such that tv ∈ Γ(tu); this implies that tu
and tv belong to a common circuit. Thus, the number of
circuits in which resource rh is used as a disassembly resource
is precisely LThSplit. By the fundamental property of marked
graphs, Mj(•ThSplit ∩ PS) ≤ |LThSplit|.
Note that |LThSplit| can be quickly and easily computed for
each resource and will play an important role in developing
an enumeration policy for N
′
R. Now consider the following
lemma.
Lemma 9. Given an N
′
R, suppose M0(p0) = 1, M0(p) = 0,
for all p ∈ PS ∪ PI ∪ PF , and that M0 [ 〉Mk. Define induced
marking M∗k as follows:
M∗k =
⎧⎪⎪⎪⎪⎨
⎪⎪⎪⎪⎩
0 ∀p ∈ •TSplit ∩ PS
1 p0
Mk
(
p
)
otherwise.
(3)
If markingM∗k is free of deadly marked siphons, thenMk is free
of deadly marked siphons.
Proof. We prove this result by contradiction. Let s
′
be a
deadly marked siphon in Mk. Then, there will exist another
12 Journal of Control Science and Engineering
siphon s ⊆ s′ which is deadly marked in Mk and minimal.
The structure of N
′
R implies that the minimal siphons
containing place p0 are the circuits of the marked graph,
N
′
. This observation, when combined with the presumed
structure for the initial marking M0, implies that, for any
marking Mk ∈ R(N ′R, M0), p0 /∈ s. But, the construction
of M∗k implies that s does not increase its token content,
and, therefore, it constitutes a deadly marked siphon forM∗k .
The last conclusion contradicts the working assumption and
concludes the proof.
The importance of the marking M∗k is that its corre-
sponding subprocesses are each strictly SU-RAS for at least
one step. That is, any token in M∗k is holding one unit of
resource and requesting one unit of resource. When the
requested unit is allocated, the held unit is released, and
the token advances to its next place. The lemma guarantees
that if there is no deadlock among the subprocesses of M∗k
(assuming the reduced resource capacity levels of M∗k ), then
there is no deadly marked siphon inMk. We will use this fact
along with resource bounds to be computed from the results
of Lemma 9 to develop a single step look-ahead enumeration
policy for N
′
R that is polynomial in net size. The policy is as
follows.
Enumeration PolicyΦ. Let σj be a firing sequence forN
′
R such
that M0[σj〉Mj and suppose tu is enabled at Mj such that
Mj[tu〉Mk. Admit the extension σjtu only if the marking M∗k
is free of deadly marked siphons.
We note that detecting whether or not a marking has a
deadly marked siphon is polynomial in the size of the net
and is thus very fast. However, allowing markings only if they
are free of deadly marked siphons does not guarantee policy
correctness since we may admit markings from which deadly
marked siphons are unavoidable. For our purposes, we will
define policy correctness as follows.
Definition 10. An enumeration policy is “correct” if for
any marking, Mj , admitted under the policy, there exists a
sequence of transition firings, σj /= ε, such that
(1) Mj[σj〉M0,
(2) for any prefix of σj , say τk , where Mj[τk〉Mk, Mk is
admitted under the policy.
We, now, are in the position to prove the following.
Theorem 3. For t j ∈ ThSplit and h = 1, . . . ,m, let
Uhj =
∑
p∈t j•∩PS
uh
(
p
)
,
Uhmax = max
{
Uhj : t j ∈ ThSplit
}
,
Bh =
∣∣∣LThSplit
∣∣∣ + Uhmax + 2.
(4)
If for h = 1, . . . ,m, Ch ≥ Bh, then Φ is correct.
Proof. Suppose that a marking, Mk, is accepted by Φ. Then
M∗k contains no deadly marked siphon and thusMk contains
no deadly marked siphon. Note that in M∗k , the capacity of
every resource is at leastUhmax+ 2, h = 1 . . .m. LetΠ be the set
of subprocesses in Mk where Π = ΠND ∪ΠD, ΠND ∩ΠD =
∅. ΠD is the set of subprocesses at disassembly operations,
that is, tokens marking •TSplit ∩ PS, and ΠND is the set of
subprocesses not at disassembly.
Case 1. Suppose that ΠND /=∅ in Mk. Since there is no
deadly marked siphon in M∗k , there is no subset of ΠND
deadlocked inM∗k . Thus, ∃πu ∈ ΠND and enabled tv /∈ TSplit
such that firing tv allocates a unit of resource rh to πu and
causes πu to release a unit of resource rp.
Now suppose that Mk[tv〉Mg and that Mg contains a
deadly marked siphon. Thus, M∗g contains a deadly marked
siphon, which implies a deadlock among processes of ΠND
in M∗g . Because of the resource bounds, each deadlocked
subprocess ofM∗g is blocked by at least two other deadlocked
subprocesses of M∗g .
To summarize, we have the following: (1) M∗k has no
deadlock among ΠND, (2) M∗k [tv〉M∗g , (3) tv allocates a
single unit of rh to πu and releases a single unit of rp, (4)
M∗g has a deadlock among ΠND, and (5) every deadlocked
subprocess ofM∗g is blocked by at least two other deadlocked
subprocesses of M∗g .
It is clear that allocating rh to πu causes the deadlock,
implying that rh is a resource involved in the deadlock. Thus,
in M∗g , at least two units of rh are allocated to subprocesses
in ΠND, and in fact, there must be another subprocess πa ∈
ΠND requesting rh at ta /∈ TSplit in both M∗k and M∗g .
Allocating rh to πa rather than πu, that is, Mk[ta〉Mp cannot
result in deadlock among processes of ΠND. Hence neither
M∗p nor Mp contains a deadly marked siphon.
Case 2. Suppose that ΠND = ∅ and ΠD /=∅ in Mk. There
exist only subprocesses at disassembly operations. Thus, each
resource has at leastUhmax+2 free units, h = 1 . . .m. Sufficient
resources are available to fire any transition of TSplit. Suppose
t ∈ TSplit is enabled in Mk and that Mk [t〉Mg. M∗g contains
no deadly marked siphon. To see this, note that if Mg has
ΠND = ∅, then each resource continues to exhibit at least
Uhmax+ 2 free units, h = 1 . . .m. If Mg has ΠND /=∅, then
each resource, rh, h = 1 . . .m, has at least 2 units of free
capacity.
Thus, Enumeration Policy Φ guarantees resource-
enabled sequences of transition firings that complete the
disassembly process, N
′
R. We are now ready to present
Algorithm 3. It starts with N
′
R in the initial marking and
generates a firing sequence that completes the disassembly
by using single step look-ahead for deadly marked siphons.
The most computationally intensive step is the siphon check,
which can be done in polynomial time, no worse than
O(|PS| + |TS|). By Theorem 3, the loop will require no more
than |TS| iterations, since every iteration will identify an
admissible transition, and thus the algorithm is O(|TS|2). By
returning the reversed sequence, we get the resource enabled
assembly sequence for the assembly net, NR. We note that
the termination request computations of Algorithm 1 can
easily be implemented in Algorithm 3.
Journal of Control Science and Engineering 13
Input: (N ′R,M0)
Output: σj /= ε such that M0[σj〉M0
Set σj = tF , and fire tF
Set Mj =M0[tF〉
Loop
Find t ∈ Et(Mj) st Mj [t〉Mk , M∗k contains no deadly marked
siphon
σj = σj t
If Mk = M0, return reverse (σj)
Else Mj = Mk
End Loop
Algorithm 3
As an aside, we note that the converse of Lemma 9 is
not true; that is, a deadly marked siphon in M∗k does not
imply a deadly marked siphon in Mk. In fact, it is easy to
illustrate markings which are “safe” in the sense that the
firing sequence can be extended to reach M0 but for which
the induced marking exhibits a deadly marked siphon and
is rejected. Thus, the Enumeration Policy Φ is suboptimal
in the sense that it rejects some transition firings that lead
to “safe” markings. Further, even when the capacity bounds
of Theorem 3 are in place, N
′
R can exhibit markings with
no deadly marked siphon but from which every sequence of
transition firings leads to a marking with a deadly marked
siphon. Thus, a policy that does single step look-ahead on
the unaltered markings of N
′
R is not correct. Finally, we note
that since Theorem 3 applies to disassembly systems, when
the specified bounds are in place, quasi-liveness is guaranteed
and sequence enumeration is polynomial for the class of
disassembly nets G-AMGDSU.
5. Conclusion
In this paper, we developed models and algorithms for a
class of Petri nets that support resource allocation in systems
with synchronization and splitting operations. Our focus
was on establishing quasi-liveness and enumerating process
completing sequences. This is challenging since, for this class
of systems, the quasi-liveness problem is NP-complete. Our
tenet is that once quasi-liveness is established and a process
completing sequence is generated, previously published
liveness enforcing supervisors can be used to control the
operation of these systems. For the general case, we proposed
a breadth-first search algorithm that generates the reachabil-
ity tree and computes minimal termination requests for each
marking. We discussed the complexity of this approach as
well as the need for selecting a smaller set of sequences for use
in supervision.We then developed two special subclasses that
for systems with assembly only, and for each class established
that polynomial sequence enumeration is possible if the
resource capacities meet certain bounds. The first subclass
was assembly with conjunctive resource allocation. For this
class, we developed a net reduction algorithm that reduces
the net to a minimal form and, in so doing, computes a
resource sufficiency bound for “serialized” firing sequences.
The second special case was that of assembly with single
unit resource allocation. For this class, we developed resource
bounds and an enumeration policy that guarantees a process
completing sequence in polynomial time. In current and
future work, we are addressing liveness enforcing supervision
for assembly/disassembly systems with unreliable resources,
particularly those subject to degradation.
Appendix
Definition A.11. A G-AMG is a Petri net, N = (P,T ,W ,M0)
such that
(1) P = PS∪PI∪PF∪P0∪PR, where PS∩PI∩PF∩P0∩PR =
∅;
(2) T = TS ∪ TI ∪ TF , where TS ∩ TI ∩ TF = ∅;
(3) W : (P × T)∪ (T × P)Z+ → satisfies the following:
(a) (P × T) ∪ (T × P) → {0, 1} such that ({p0} ×
(TS ∪ {tI , tF})) → {1} for (p0, tI), and {0}
otherwise. Similarly, ((TS ∪ {tI , tF})× {p0}) →
{1} for (tF , p0), and {0} otherwise,
(b) ({tI}×PI) → {1} and ({tI}×(PS∪PF)) → {0}.
Similarly, (PF × {tF}) → {1} while ((PS ∪ PI)
×{tF}) → {0},
(c) (PR×TS)∪ (TS×PR) → Z+ and (PR×(TI∪TF))
∪ ((TI ∪ TF)× PR) → {0};
(4) the net generated by PS∪PI∪PF∪{p0}∪TS∪{tI , tF}
is a strongly connected marked graph such that every
cycle contains {p0i};
(5) for all r ∈ PR, and there exists a minimal integral p-
semiflow, ur , such that ‖ur‖∩PR = {r},‖ur‖∩{P0∪
PI ∪ PF} = ∅, ‖ur‖ ∩ {PS} /=∅, and ur(r) = 1;
(6) N is pure and strongly connected.
M0 : P → Z+ with M0(p) ≥ 1, for all p ∈ P0 ∪ PR and
M0(p) = 0, otherwise.
14 Journal of Control Science and Engineering
References
[1] S. A. Reveliotis, M. A. Lawley, and P. M. Ferreira, “Polynomial-
complexity deadlock avoidance policies for sequential
resource allocation systems,” IEEE Transactions on Automatic
Control, vol. 42, no. 10, pp. 1344–1357, 1997.
[2] Z. A. Banaszak and B. H. Krogh, “Deadlock avoidance in
flexible manufacturing systems with concurrently competing
process flows,” IEEE Transactions on Robotics and Automation,
vol. 6, no. 6, pp. 724–734, 1990.
[3] M. A. Lawley, S. A. Reveliotis, and P. M. Ferreira, “A
correct and scalable deadlock avoidance policy for flexible
manufacturing systems,” IEEE Transactions on Robotics and
Automation, vol. 14, no. 5, pp. 796–809, 1998.
[4] K. Barkaoui, A. Chaoui, and B. Zouari, “Supervisory control
of discrete event systems based on structure theory of Petri
nets,” in Proceedings of the IEEE International Conference on
Systems, Man, and Cybernetics, pp. 3750–3755, October 1997.
[5] W. Sulistyono and M. A. Lawley, “Deadlock avoidance for
manufacturing systems with partially ordered process plans,”
IEEE Transactions on Robotics and Automation, vol. 17, no. 6,
pp. 819–832, 2001.
[6] S. A. Reveliotis, “Liveness Enforcing supervision for sequential
resource allocation systems: state of the art and open issues,” in
Synthesis and Control of Discrete Event Systems, B. Cailaud, X.
Xie, P. Darondeau, and L. Lavagno, Eds., pp. 203–212, Kluwer
Academic Publishers, 2002.
[7] Z. Li, N. Wu, and M. Zhou, “Deadlock control of automated
manufacturing systems based on Petri nets—a literature
review,” IEEE Transactions on Systems, Man, and Cybernetics,
Part C, no. 99, pp. 1–26, 2011.
[8] Z. W. Li, M. C. Zhou, and N. Q. Wu, “A survey and
comparison of Petri net-based deadlock prevention policies
for flexible manufacturing systems,” IEEE Transactions on
Systems, Man and Cybernetics Part C, vol. 38, no. 2, pp. 173–
188, 2008.
[9] S. Reveliotis, “Structural analysis of resource allocation sys-
tems with synchronization constraints,” in Proceedings of the
IEEE International Conference on Robotics and Automation, pp.
1045–1049, September 2003.
[10] E. Roszkowska and R. Wojcik, “Problems of process flow
feasibility in FAS,” in CIM in Process and Manufacturing
Industry, pp. 115–120, Pergamon Press, 1993.
[11] X. Xie and M. Jeng, “ERCN-merged nets and their analysis
using siphons,” IEEE Transactions on Robotics and Automation,
vol. 15, no. 4, pp. 692–703, 1999.
[12] N. Wu, M. C. Zhou, and Z. W. Li, “Resource-oriented Petri
net for deadlock avoidance in flexible assembly systems,” IEEE
Transactions on Systems, Man, and Cybernetics Part A:Systems
and Humans, vol. 38, no. 1, pp. 56–69, 2008.
[13] F. S. Hsieh, “Robustness analysis of non-ordinary Petri nets
for flexible assembly systems,” International Journal of Control,
vol. 83, no. 5, pp. 928–939, 2010.
[14] H. Hu, M. Zhou, Z. Li, and N. Wu, “Deadlock-free control of
ratio-enforced automatedmanufacturing systems with flexible
routes and assembly operations,” in Proceedings of the 6th
Annual IEEE International Conference on Automation Science
and Engineering (CASE ’10), pp. 459–464, August 2010.
[15] S. Chew, M. Lawley, and S. Reveliotis, “Liveness enforcing
supervision for resource allocation with complex workflows,”
in Proceedings of the 9th IEEE Methods and Models in
Automation and Robotics (MMAR ’03), pp. 823–829, 2003.
[16] S. F. Chew,M. A. Lawley, and S. A. Reveliotis, “Liveness enforc-
ing supervision for resource allocation systems with process
synchronizations,” in Proceedings of the 42nd IEEE Conference
on Decision and Control, pp. 3735–3741, December 2003.
[17] J. Y. Choi, “The thinning problem,” Engineering Optimization,
vol. 42, no. 2, 2010.
Submit your manuscripts at
http://www.hindawi.com
VLSI Design
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
 International Journal of
 Rotating
Machinery
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Hindawi Publishing Corporation 
http://www.hindawi.com
 Journal of
Engineering
Volume 2014
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Shock and Vibration
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Mechanical 
Engineering
Advances in
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Civil Engineering
Advances in
Acoustics and Vibration
Advances in
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Electrical and Computer 
Engineering
Journal of
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Distributed 
 Sensor Networks
International Journal of
The Scientific 
World Journal
Hindawi Publishing Corporation 
http://www.hindawi.com Volume 2014
Sensors
Journal of
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Modelling & 
Simulation 
in Engineering
Hindawi Publishing Corporation 
http://www.hindawi.com Volume 2014
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
 Active and Passive  
Electronic Components
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Chemical Engineering
International Journal of
Control Science
and Engineering
Journal of
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
 Antennas and
Propagation
International Journal of
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Navigation and 
 Observation
International Journal of
Advances in
OptoElectronics
Hindawi Publishing Corporation 
http://www.hindawi.com
Volume 2014
Robotics
Journal of
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
