On Hybrid Synthesis for Hierarchical Structured Petri Nets by Liu, Hong et al.
On Hybrid Synthesis for Hierarchical Structured Petri Nets Hong Liu Jun-Cheol Park Raymond E. MillerDepartment of Computer ScienceUniversity of Maryland, College Park, MD 20742flhong, jcpark, millerg@cs.umd.eduApril 23, 1996AbstractWe propose a hybrid method for synthesis of hierarchical structured Petri nets. In a top-down manner, we decompose a system into a set of subsystems at each level of abstraction, eachof these is specied as a blackbox Petri net that has multiple inputs and outputs. We stipulatethat each subsystem satises the following I/O constraints: (1) At any instance of time, atmost one of the inputs can be activated; and (2) If one input is activated, then the subsystemmust consume the input and produce exactly one output within a nite length of time. Wegive a stepwise renement procedure which starts from the initial high-level abstraction of thesystem and expands an internal place of a blackbox Petri net into a more detailed subnet ateach step. By enforcing the I/O constraints of each subsystem in each intermediate abstraction,our renement maintains the sequencing of transitions prescribed by the initial abstraction ofthe system. Next, for the bottom-up synthesis, we present interconnection rules for sequential,parallel, and loop structures and prove that each rule maintains the I/O constraints. Thus, byincorporating these interconnection rules into our renement formulation, our approach can beregarded as a hybrid Petri net synthesis technique that employs both top-down and bottom-upmethods. The major advantage of the method is that the modeling details can be introducedincrementally and naturally, while the important logical properties of the resulting Petri net areguaranteed.This research was supported by NASA Grant No. NAG 5-2648.1
1 IntroductionPetri nets have been proposed for modeling and analyzing concurrent systems [3, 4, 6]. But, mostsystems that arise from practical applications are very complex and practically unmanageable.For this reason, modular construction methods provide a mechanism to manage the complexitiesof a large system that can be built out of well understood smaller subsystems. One way to dothis is through Petri net synthesis based on some prescribed construction rules which preservecertain logical properties as the construction progresses. Petri nets can be constructed in eithera top-down or a bottom-up manner. Top-down synthesis [7, 8, 10] usually begins with an initialmodel of the system. Then, by expanding places or transitions, renement is done in a stepwisemanner to incorporate a more detailed description of the system into the model. In the bottom-upapproaches [1, 2, 5, 9], a system is treated as the composition of independent subsystems whichsatisfy certain properties. Each subsystem is modeled separately while ignoring interactions withother subsystems. These subsystems are then combined through common places and/or transitionsinto a larger subsystem at each synthesis step. The reader may refer to [11] for a detailed summarywith synthesis examples for such methods.In this paper, a (sub)system at the current abstraction level is viewed as a blackbox withmultiple inputs and outputs that transforms input data into output data. For this purpose the setof places of a net is divided into input places, output places, and internal places. The internal placesand the transitions are hidden from the outside. The only requirements for a net with multipleinputs and outputs are the following I/O constraints: (1) At any instance of time, at most one ofthe inputs can be activated; and (2) If one input is activated, then the subsystem must consume theinput and produce exactly one output within a nite length of time. Another implicit assumptioninvolves the initial state of a subsystem or module in which an input satisfying condition (1) isapplied. We call this condition (0): A subsystem is said to be in its quiescent state i no inputs areactivated, no outputs are produced, and no internal actions are enabled. The inputs to a subsystemcan be activated only when the subsystem is in its quiescent state. What we assume, then, is thatthe subsystem is in a quiescent state initially. Then an input is applied. This causes some internalactions in the subsystem which produces an output and a return of the subsystem to a quiescentstate.We propose a hierarchical structuring technique for hybrid synthesis of Petri nets which modelsubsystems with the above system behavior. The synthesis process is divided into two major phases: (1) the top-down phase where designers decompose a system by using stepwise renement of aninternal place at each step to introduce more detail until the desired level is reached, and (2) thebottom-up phase where the appropriate interconnection among the decomposed subnets is added2
to the net at each decomposition step. Starting from the initial high-level abstraction of the system,we show how stepwise renement can be made so that the I/O constraints are enforced in a lowerlevel abstraction of the system. Using this approach, each intermediate abstraction maintains thesequencing of transitions with respect to(w.r.t for short) the initial high-level description. For thebottom-up synthesis, we propose a set of interconnection rules for the subsystems so that the I/Oconstraints can be guaranteed when they are interconnected into a Petri net to represent sequence,fork-join, and loop structures. As a result, our hybrid approach preserves logical properties suchas deadlock freedom, liveness, and boundedness while making it possible to represent several usefulstructures among the subnets.The paper is organized as follows. Section 2 briey describes Petri net models, including somebasic denitions and notation. Section 3 formalizes the stepwise renement process and providesproperties of the Petri net for a given level of abstraction of the system. In section 4, we show howincremental analysis can be performed and why logical properties are preserved during the stepwiserenement process. In section 5, we present a set of interconnection rules with which we canmaintain the I/O constraints. In section 6, we present our hybrid procedure for Petri net synthesis.In section 7, we give an automated manufacturing system to demonstrate the applicability of oursynthesis method. Section 8 gives a conclusion and future direction. The proofs of most lemmasand theorems in section 4 are given in the appendix.2 The Petri Net ModelWe give the basic denitions and notation to be used throughout the paper. The reader may referto [6] for a complete treatment of the subject.A Petri net structure is a 3-tuple N = (P; T; F ), where P is a nite set of places, T is a niteset of transitions, and F  (P  T ) [ (T  P ) is a set of arcs (ow relations). Throughout thepaper, we assume that N is ordinary, i.e., the weight associated with each arc is one. The numberof places (transitions) in N is denoted as jP j (jT j). When N is given and F is known, we alsodenote N = (P; T ). As a convention, we use p for a place and t for a transition. We denotet = fpj(p; t) 2 Fg as the set of input places of transition t and t = fpj(t; p) 2 Fg as the set ofoutput places of transition t. Let t = t [ t.Let T  be the reexive, transitive closure of T under concatenation. Given  2 T , denote jjas the length of sequence . When  is empty,  =  and jj = 0. Given T 0  T , we use #T 0 forthe projection of  onto T 0.A marking M for N is a jP j-tuple which is an assignment of non-negative integers to places inP . Given p 2 P andM ,M(p) denotes the value assigned to p in M , meaning the number of tokens3
in place p in marking M . There is a special marking called the initial marking of N , denoted asM0, indicating the initial assignment of tokens in each place. A Petri net N with the given initialmarking is denoted as PN = (N;M0). Given P 0  P , we also use M(P 0) to denote the sub-vectorwhere each of its elements is the token count for a place in P 0.A Petri net can be drawn as a directed graph in which a place is represented by a circle, atransition by a bar, and a token in a place as a bullet  in the corresponding circle.Given a marking M , a transition t is enabled in M i M(p) 6= 0 for each p 2 t. t is red inM i it is enabled in M and M is transformed into M 0 such that (i) 8 p 2 t :M 0(p) = M(p)  1,(ii) 8 p 2 t : M 0(p) = M(p) + 1, and (iii) 8 p 62 t : M 0(p) = M(p). In this case, M 0 isdirectly reachable from M via t, denoted as M [t >M 0. M 0 is directly reachable from M , denotedas M [ >M 0, i M [t >M 0 for some t 2 T . Given  2 T , M 0 is reachable from M via , denotedas M [ >M 0, i (i) M 0 = M when jj = 0, or (ii)  = t1t2 : : : tk; k > 0 and there exists asequence M 0[t1 >M 1[t2 >   M k 1[tk >M k such that M 0 = M and M k = M 0. In this case, is called a ring sequence from M to M 0. M 0 is reachable from M , denoted as M [> M 0, i9  2 T  : M [ >M 0. When M = M0, M 0 is reachable and is said to be a reachable marking in(N;M0), and  is called a ring sequence ofM . The set of reachable markings in (N;M0) is denotedas RM(N;M0). The corresponding reachability graph is denoted as RG(N;M0). In the following,we will use a reachable marking M and the node labeled as M in RG(N;M0) interchangeably.Given a Petri net PN = (N;M0), PN is bounded i RG(N;M0) is nite, i.e., 9K  0 suchthat 8M 2 RG(N;M0) 8 p 2 P : M(p)  K. In this case, we also say PN is K-bounded. PN issafe i it is 1-bounded. PN is live (or M0 is a live marking) i 8M 2 RM(N;M0) 8 t 2 T 9M 0 2RM(N;M0) :M [> M 0 and t is enabled in M 0. A reachable marking M is a deadlock marking ino transitions are enabled in M .3 Modeling Systems via Petri NetsIn this section, we discuss a top-down decomposition approach where the behavior of a subsystem isregarded as a black box with certain inputs and outputs. The notions of abstraction and renementare formalized. Then we show how Petri nets can be used to model the system at each abstractionlevel.3.1 System DecompositionA system can be modeled from top-down: the system is decomposed into subsystems; then eachsubsystem is further decomposed into sub-subsystems, etc. Depending on the complexity of thesystem under study and the level of detail desired for the analysis, this process may continue for4














Figure 1: A Hierarchical Decomposition of a System and its Structure TreeThe set of leaf nodes in ST , denoted as LN , represents the level of abstraction at which we viewthe system under study. Hence, LN is called an abstraction of the system. Each J 2 LN stands fora subsystem at the current level of abstraction. We start modeling the system at a relatively highlevel of abstraction, i.e., the system consists of only a few subsystems. Then we specify the set ofproperties the overall system is supposed to have as the specication of the system's behavior. Theset of properties includes deadlock freedom, liveness, observational equivalence, and nite duration.The initial structure tree is denoted as ST 0. The corresponding set of leaf nodes is called the initialabstraction of the system, denoted as LN 0. From now on, we will be working with abstractionsonly. It should be clear, however, when we refer to an abstraction LN , we mean that it is the setof leaf nodes w.r.t some structure tree for the system under study.Given two abstractions LN and LN 0, LN 0 is called a one-step renement of LN , denoted asLN  LN 0, i LN 0 = (LN n fJg) [ fJ1; J2; : : : ; Jkg; k  2, where fJ1; J2; : : : ; Jkg is the set ofcomponent subsystems of J via one step decomposition. In other words, let ST and ST 0 be thecorresponding structure trees of LN and LN 0, respectively. ST is expanded into ST 0 by appending5
to a leaf node J in ST with k  2 new leaf nodes J1; J2; : : : ; Jk. Denote  as the reexive,transitive closure of . LN 0 is a renement of LN i LN  LN 0. When LN = LN 0, wesimply say LN 0 is a renement. Denote RF as the set of abstractions that are renements, i.e.,RF = fLN jLN 0  LNg. In the rest of the paper, we will be working with abstractions inRF only. Unless otherwise specied, when we refer to an abstraction LN , we mean that it is arenement of the initial abstraction LN 0.Note that the high level of sequencing that exists among the leaf nodes in LN 0 is an essentialpart of the system specication that we are interested in. As renements are made, we desire, insome sense, to maintain this basic sequencing as specied in LN 0, even though more details unfoldand considerable parallelism may arise in a lower level of abstraction represented as LN .Given an abstraction LN , a subsystem J in LN is specied as a black box withm  1 inputs andn  1 outputs, as depicted in Figure 2. We stipulate that J satises the following I/O conditions:A1: At any instance of time, at most one of the m inputs can be activated.A2: At any instance of time, at most one of the n outputs can be produced.A3: Given an input, J must produce exactly one of the n outputs within a nite length of time.Since we assume the quiescent state of J as the prerequisite before an input satisfying A1 is applied,we say that J satises the I/O conditions A1 through A3 if A1 implies A2 and A3.
n   outputs
m    inputs
Subsystem  J
-  -  -






























1  2Figure 2: Subsystem I/O Interface and Blackbox Petri Net Model3.2 Petri Nets for AbstractionsWe model the system behavior w.r.t abstraction LN by a Petri net N = (P; T ) as follows. Each sub-system J 2 LN is modeled as a subnet BNJ = (BPJ ; BTJ) of N , called the blackbox Petri net of J .See Figure 2. Suppose J has m inputs and n outputs, the corresponding BNJ consists of ve parts:6
(1) m input places BP inJ = fp1in; p2in; : : : ; pming, (2) m input transitions BT inJ = ft1in; t2in; : : : ; tming, (3)one internal place pintJ , (4) n output transitions BT outJ = ft1out; t2out; : : : ; tnoutg, and (5) n output placesBP outJ = fp1out; p2out; : : : ; pnoutg. Hence BPJ = BP inJ [ fpintJ g [BP outJ and BTJ = BT inJ [ BT outJ . Theinteractions among subsystems in LN are modeled by interconnecting the blackbox Petri nets ofthe subsystems via additional places and transitions in N , denoted as XP and XT , respectively.As a result, for Petri net N , we have P = (SJ2LN BPJ)[XP and T = (SJ2LN BTJ)[XT . WhenJ is known and no confusion arises, we drop J from the above notations.Specically, the Petri net for LN 0 is denoted as N 0 = (P 0; T 0), called the initial Petri net ofthe system under study. A marking in N 0 is denoted as M0. The initial marking of N 0 is denotedas M00.Note that since we are modeling a subsystem as a Petri net, the phrase \at any instance oftime" in A1{A2 becomes \in each reachable marking", while the phrase \within a nite length oftime" in A3 becomes \within a nite number of steps" (from the current marking).Given an abstraction LN , let N be the corresponding Petri net. We conduct reachabilityanalysis for N based on some initial marking M0. Denote RG(N;M0) as the resulting reachabilitygraph. We check that the following conditions hold for RG(N;M0):B1: RG(N;M0) is nite.B2: M0(pint) = 0 for each BN in N .B3: For each reachable marking M , for each blackbox Petri net BN in N with m inputsand n outputs, the following two conditions hold: (1) 8 i 2 [1::m] : M(piin)  1. (2) If9 i 2 [1::m] :M(piin) = 1, then 8 j 2 [1::m]; j 6= i :M(pjin) = 0.In the analysis of N , by enforcing B2{B3, we make sure that the precondition A1 is satised foreach subsystem J 2 LN . By construction of BN , it is straightforward that conditions A2{A3 holdfor J at abstraction level LN provided that B2{B3 hold in RG(N;M0).In the rest of this section, we study the properties of RG(N;M0). Unless otherwise specied,we assume that RG(N;M0) satises conditions B1{B3 in the rest of this paper.Lemma 3.1 SupposeM1[ >M2 in RG(N;M0). The following statements are true: (1) If j#BT j =0, then M2(pint) = M1(pint). (2) Suppose  = tiin0, where j0#BT j = 0. Then each transition in 0is independent of tiin. (3) If j#BToutj = 0, then j#BTinj  1. (4) If j#BToutj = 0, then j#BTinj = 0 iM2(pint) =M1(pint).Lemma 3.2 Suppose M2 is reachable from M1 via  in RG(N;M0), where M1(pint) = 0. Letk = j#BToutj. Then k  j#BTinj  k + 1. Furthermore, M2 is reachable from M1 in RG(N;M0) via = 01   kk+1 such that the following four conditions hold: (1) j0#BT j = 0. (2) 8 l 2 [1::k] :l = 0lxlyl, where xl is the l-th transition from BT in in , yl is the l-th transition from BT out in ,7
and j0l#BT j = 0. (3) jk+1#BToutj = 0. (4) #(T nBT ) = #(T nBT ).An execution sequence  from M1 to M2 is called a canonical execution sequence w.r.t BN iit satises conditions (1){(4) in Lemma 3.2. When M1 = M0, it is called a canonical executionsequence for reachable marking M2 w.r.t BN . Since M0(pint) = 0, any execution sequence for areachable marking M can be rewritten into its canonical form w.r.t BN . As a result, we have thefollowing theorem:Theorem 3.1 Let M be a marking in RG(N;M0). The following statements are true for eachJ 2 LN :(1) M is reachable in RG(N;M0) via a canonical execution sequence w.r.t BNJ .(2) For each execution sequence  of M , j#BToutJ j  j#BTinJ j  j#BToutJ j+ 1.(3) M(pintJ ) = 0 i there is an execution sequence  for M such that j#BTinJ j = j#BToutJ j.(4) M(pintJ ) = 1 i there is an execution sequence  for M such that j#BTinJ j = j#BToutJ j+ 1.(5) M(pintJ )  1.(6) 8 p2BP outJ :M(p)  1. If 9 p2BP outJ :M(p) = 1, then 8 p02BP outJ ; p0 6= p :M(p0) = 0.In fact, we can prove the following more general result.Lemma 3.3 Suppose M1[ >M2 in RG(N;M0). Then the following statements are true:(1) Assume M1(pint) = 0. M2(pint) = 0 i j#BTinj = j#BToutj.(2) Assume M1(pint) = 0. M2(pint) = 1 i j#BTinj = j#BToutj+ 1.(3) M2(pint) =M1(pint) i j#BTinj = j#BToutj.4 Incremental Analysis of Petri NetsGiven two abstractions LN and LN 0. Let N = (P; T ) and N 0 = (P 0; T 0) be the Petri nets ofN and N 0, respectively. Suppose LN  LN 0 by decomposing J 2 LN into k  2 componentsJ1; J2; : : : ; Jk. Assume that J has m inputs and n outputs, and Jl; l 2 [1::k], has ml input and nloutput. Let BN be the blackbox Petri net for J , and BNJl be the blackbox Petri net for JJl . Weshow how N 0 can be constructed from N so that the properties that hold for N will be preservedin N 0. The construction of N 0 from N takes two steps. We rst construct a detailed Petri net forJ , then we expand N into N 0 by replacing pint of BN in N with the detailed Petri net for J .4.1 Petri Net ExpansionThe detailed Petri net for J is called the whitebox Petri net for J , denoted as WNJ = (WPJ ;WTJ).Specically, WNJ consists of three parts: (1)m input places, denoted asWP inJ = fq1in; q2in; : : : ; qming.8
(2) An internal Petri net INJ = (IPJ; ITJ) constructed by interconnecting the blackbox Petri netsBNJ1 ; BNJ2; : : : ; BNJk via some additional places and transitions. (3) n output places, denotedas WP outJ = fq1out; q2out; : : : ; qnoutg. Denote EPJ and ETJ as the set of additional places and the setof additional transitions in INJ , respectively. For INJ, we have IPJ = (Skl=1BPJl) [ EPJ andITJ = (Skl=1BTJl)[ETJ . For WNJ , we have WPJ = WP inJ [IPJ [WP outJ and WTJ = ITJ . WhenJ is known and no confusion arises, we drop J from the above notations.Given the whitebox Petri net WN of J , a quiescent marking IQ of IN is an assigment oftokens to IP such that no transition in IT is enabled in IQ. Given a quiescent marking IQ,the null marking of WN , denoted as WM 00 [IQ] is an assignment of tokens to WP such that8p 2 WP in [ WP out: WM 00 (p) = 0 and WM 00 [IQ](IP ) = IQ, and the i-th initial marking ofWN w.r.t IQ, denoted as WM i0[IQ]; i 2 [1::m], is an assignment of tokens to WP satisfying thefollowing three conditions: (1) 8 l 2 [1::m] : WM i0[IQ](qlin) = 1 if l = i; WM i0 [IQ](qlin) = 0otherwise. (2) WM i0[IQ](IP ) = IQ. (3) 8 l 2 [1::n] : WM i0[IQ](qlout) = 0. A j-th exit marking ofWN w.r.t IQ, denoted as WM jext[IQ], is an assignment of tokens to WP satisfying the followingthree conditions: (1) 8 l 2 [1::m] : WM jext[IQ](qlin) = 0. (2) 8 l 2 [1::n] : WM jext[IQ](qlout) = 1 ifl = j; WM jext[IQ](qlout) = 0 otherwise. (3) WM jext[IQ](IP ) = IQ0, where IQ0 is also a quiescentstate of IN . Note that there might be more than one exit marking satisfying condition (1){(3),each of which has a dierent IQ0.Let S be a nonempty set of quiescent markings of IN . S is closed i 8 IQ 2 S : 8 i 2 [1::m] :8 j 2 [1::n] : 9 IQ0 2 S : WM i0[IQ][> WM jext[IQ0]. A quiescent marking IQ is closed i it belongsto some closed quiescent marking set.Gniven a closed quiescent marking IQ of IN , the analysis for WN takes m phases. In the i-thphase, we construct the reachability graph RG(WN;WM i0) based on the i-th initial marking WM i0w.r.t IQ. (In the rest of this section, we omit IQ from the notation when no confusion arises, forthe sake of brevity.) We check that the following properties hold in RG(WN;WM i0):W1: 8 j 2 [1::n]: there exists at least one reachable j-th exit marking of WN , and for each exitmarking WM jext, WM jext(IP ) is also a closed quiescent marking of IN .W2: RG(WN;WM i0) is nite and there is no reachable marking that is not an exit markingand has no outgoing transitions in RG(WN;WM i0).W3: Each reachable marking WM in RG(WN;WM i0) satises the following two conditionsfor each BNJl ; l 2 [1::k], in WM : (1) 8 i 2 [1::ml] : WM(piinl)  1. (2) if 9 i 2 [1::ml] :WM(piinl) = 1, then 8 j 2 [1::ml]; j 6= i :WM(pjinl) = 0.By denition, we have WM i0(pintJl ) = 0 for each l 2 [1::k]. By W2, RG(WN;WM i0) is nite.W3 ensures that A1 is preserved in each subsystem BNJl. Therefore, RG(WN;WM i0) also satisesproperties B1{B3. As a result, properties in Theorem 3.1 also hold for RG(WN;WM i0). For ease9
of reference, we list them as a theorem below:Theorem 4.1 For each i 2 [1::m], let WM i be a marking in RG(WN;WM i0). The followingstatements are true for each BNJl; l 2 [1::k]:(1) WM i is reachable in RG(WN;WM i0) via a canonical ring sequence w.r.t BNJl .(2) For each ring sequence  of WM i, j#BToutJl j  j#BTinJl j  j#BToutJl j+ 1.(3) WM i(pintJl ) = 0 i there is a ring sequence  for WM i such that j#BTinJl j = j#BToutJl j.(4) WM i(pintJl ) = 1 i there is a ring sequence  for WM i such that j#BTinJl j = j#BToutJl j+ 1.(5) WM i(pintJl )  1.(6) 8 p 2 BP outJl : WM i(p)  1. If 9 p 2 BP outJl : WM i(p) = 1, then 8 p0 2 BP outJl ; p0 6= p :WM i(p0) = 0.We remark that the setting of IQ for IN in WN is not as simple as just setting all the placesin IN to have zero tokens. Rather, it depends on the interconnections of the k blackbox Petri netsin IN , where the real test is to check that whether IQ is a closed quiescent marking of IN . Notethat IQ being a closed quiescent marking of IN implies that WM jext(IP ) is also a closed quiescentmarking of IN for each exit marking WM jext in RG(WN;WM i0). Note also that there might exista cycle in RG(WN;WM i0). To preserve A3 in WN , we also need to assume that the system willnot stay in a cycle indenitely.Once WN is built and analyzed, we plug in WN for pint of BN in N to construct N 0 via thefollowing steps:Step 1: Initially, set N 0 as N .Step 2: Delete pint and all its input and output transitions from N 0.Step 3: For each input place qiin; i 2 [1::m], of WN , direct an edge from tiin to qiin.Step 4: For each output place qiout; i 2 [1::n], of WN , direct an edge from qiout to tiout.Step 5: Output N 0. End of procedure.Figure 3 shows the portion of N 0 resulting from substituting WN for pint in BN of Figure 2.By construction, we have P 0 = (P n fpintg)[WP and T 0 = T [WT in N 0. The initial markingof N 0, denoted asM 00, is an assignment of tokens to P 0 such that (1)M 00(P nfpintg) =M0(P nfpintg),(2) 8 i 2 [1::m] :M 00(qiin) = 0, (3)M 00(IP ) is a closed quiescent marking in IN , and (4) 8 j 2 [1::n] :M 00(qjout) = 0. Hence 8 J 0 2 LN 0 :M 00(pintJ0 ) = 0. Hence no transition of WT is enabled in M 00. Thereachability graph for N 0 and M 00 is denoted as RG(N 0;M 00).N 0 is called the one-step renement of N (via the expansion of J in N), denoted as N  N 0.N 00 is a renement of N i N  N 00. The set of Petri nets that are renements of N0 is denotedas PN, i.e., PN = fN jN0  Ng. As for abstractions, we are only interested in Petri nets that10





























t 1out t out
2 t out
n




J 2J J1 k-  -  -
Internal  Petri  Net    
Figure 3: One-Step Decomposition of J and its corresponding Petri Net Expansionare renements of N0. From now on, when we refer to a Petri net N , we mean N 2 PN, unlessotherwise specied.In the following subsection, we are going to study the set of properties in RG(N;M0) that arepreserved in RG(N 0;M 00). Unless otherwise specied, we assume RG(WN;WM i0) satises W1{W3for each i 2 [1::m] and WM i0(IP ) is a closed quiescent marking of IN .4.2 Property PreservationLemma 4.1 SupposeM 01[ >M 02 in RG(N 0;M 00) and j#(BT [WT )j=0. ThenM 02(WP ) =M 01(WP ).If 9M1 2 RG(N;M0) :M1(P nfpintg) =M 01(P nfpintg), then 9M2 2 RG(N;M0) : M1[ >M2 suchthat M2(P nfpintg)=M 02(P nfpintg) and M2(pint)=M1(pint).Lemma 4.2 Suppose M 01[ >M 02 in RG(N 0, M 00) such that j#BTout j = 0. If 9M1 2 RG(N;M0) :M1(P nfpintg) =M 01(P nfpintg), then 9M2 2 RG(N;M0) such thatM1[#T >M2 andM2(P nfpintg) =M 02(P nfpintg). Hence j#BTinj  1.Lemma 4.3 Suppose M 01[ >M 02 in RG(N 0;M 00) such that the following conditions hold: (a)M 01(WP ) = WM 00 . (b) 9M1 2 RG(N;M0) : M1(P nfpintg) = M 01(P nfpintg). (c)  = tiin0tjout,where tiin 2 BT in, tjout 2 BT out, and j0#BToutj = 0. Then the following statements are true: (1)11
j0#BTinj = 0. (2)M 01[tiintjout >M 02 in RG(N 0;M 00), where  = 0#WT is a ring sequence from WM i0to WM jext and  = 0 n  = 0#(T 0 n (BT [WT )). (3) M 02(WP ) = WM 00 . (4) 9M2 2 RG(N;M0) suchthat M1[#T >M2, M2(P nfpintg) =M1(P nfpintg), and M2(pint) =M1(pint).We show that each ring sequence in RG(N 0;M 00) has a corresponding canonical sequence similarto the one in Lemma 3.2.Lemma 4.4 Suppose M 02 is reachable from M 01 via  in RG(N 0;M 00) such that M 01(WP ) = WM 00 .Suppose also that 9M1 2 RG(N;M0) such that M1(P nfpintg) = M 01(P nfpintg). Let k = j#BToutj.Then k  j#BTinj  k + 1. Furthermore, M 02 is reachable from M 01 in RG(N 0;M 00) via  =01   kk+1 such that the following four conditions are satised: (1) j0#(BT [WT )j = 0. (2)8 l 2 [1::k] : l = xllyl0l, where (a) xl is the l-th transition from BT in in , denoted as xl = tiin; i 2[1::m]; (b) yl is the l-th transition from BT out in , denoted as yl = tjout; j 2 [1::n]; (c) l is a ringsequence from WM i0 to WM jext in RG(WN;M i0); and (d) j0l#(T 0 n (BT [WT ))j = 0. (3) k+1#BTout = .(4) #(T 0 n(BT [WT )) = #(T 0 n(BT [WT )).Lemma 4.5 Suppose M 01[ >M 02 in RG(N 0;M 00), where M 01(WP ) = WM 00 . Then M 02(WP ) =WM 00 i j#BTinj = j#BToutj.A ring sequence  from M 01 to M 02 in RG(N 0;M 00) is called a canonical ring sequence w.r.tWN i M 01(WP ) = WM 00 and conditions (1){(4) in Lemma 4.4 hold for . When M 01 = M 00, is called a canonical ring sequence for reachable marking M 02. Since M 00(WP ) = WM 00 , theabove Lemma 4.4 and Lemma 4.5 hold for any ring sequence for any reachable marking M 0 inRG(N 0;M 00). As a result, we have the following theorem:Theorem 4.2 Let M 0 be a marking in RG(N 0;M 00). The following statements are true:(1) M 0 is reachable in RG(N 0;M 00) via a canonical ring sequence w.r.t WN .(2) j#BToutj  j#BTinj  j#BToutj+ 1 for each ring sequence  of M 0.(3) M 0(P nfpintg) = WM 00 i there is a ring sequence  of M 0 such that j0#BTinj = j0#BToutjWe rst show that RG(N 0;M 00) does not introduce any \extra" ring sequences whose projec-tions onto T are not in RG(N;M0).Lemma 4.6 SupposeM 01[0 >M 02 in RG(N 0;M 00), whereM 01(WP ) = WM 00 . If 9M1 2 RG(N;M0)such that M1(P nfpintg) = M 01(P nfpintg) and M1(pint) = 0, then 9M2 2 RG(N;M0) : M1[ >M2such that M2(P nfpintg) =M 02(P nfpintg) and  = 0#T .Next, we show RG(N 0;M 00) preserves all the ring sequences in RG(N;M0).12
Lemma 4.7 Suppose M1[ >M2 in RG(N;M0), where M1(pint) = 0. If 9M 012RG(N 0;M 00) suchthat M 01(P nfpintg) =M1(P nfpintg) and M 01(WP ) = WM 00 , then 9M 022RG(N 0;M 00) :M 01[0 >M 02such that M 02(P nfpintg) =M2(P nfpintg) and 0#T = .Notice that M0(P nfpintg) = M 00(P nfpintg), M0(pint) = 0, and M 00(IP ) = IM0. Denote ES =fj9M 2 RG(N;M0) : M0[ >Mg, ES0 = f0j9M 0 2 RG(N 0;M 00) : M 00[0 >M 0g, and ES0#T =f0#T j0 2 ES0g. By Lemma 4.6 and Lemma 4.7, we obtain the most important result of therenement process : the Sequence Preservation Theorem.Theorem 4.3 (Sequence Preservation) Suppose M is reachable in RG(N;M0) via , then thereis an M 0 reachable via 0 in RG(N 0;M 00) such that M 0(P nfpintg) = M(P nfpintg) and 0#T = .Conversely, suppose M 0 is reachable via 0 in RG(N 0;M 00), then there is an M reachable via  inRG(N;M0) such that M(P nfpintg) =M 0(P nfpintg) and  = 0#T . As a result, ES = ES0#T .By this powerful theorem, we can show that RG(N 0;M 00) maintains the set of properties inRG(N;M0) as stated in the following theorem:Theorem 4.4 Given Petri nets N  N 0. Let RG(N;M0) and RG(N 0;M 00) be the correspondingreachability graphs of N and N 0, respectively. The following statements are true: Deadlock: RG(N;M0) is deadlock free i RG(N 0;M 00) is deadlock free. Liveness: A transition t 2 T is live in RG(N;M0) i it is live in RG(N 0;M 00). Input Constraint: RG(N 0;M 00) satises B3. Boundedness: RG(N 0;M 00) is bounded i RG(N;M0) is bounded.Since RG(N;M0) satises B1{B3, by denition ofM 00, RG(N 0;M 00) satises B2. From the abovetheorem, we know that B2{B3 are also true for RG(N 0;M 00). As a result, RG(N 0;M 00) maintainsconditions B1{B3 of RG(N;M0) after the renement of N into N 0. Therefore, Theorem 3.1 is alsotrue for RG(N 0;M 00).Theorem 4.5 Let M be a marking in RG(N 0;M 00). The following statements are true for eachJ 0 2 LN 0:(1) M 0 is reachable in RG(N 0;M 00) via a canonical ring sequence w.r.t BNJ0 .(2) For each ring sequence  of M 0, j#BToutJ0 j  j#BTinJ0 j  j#BToutJ0 j+ 1.(3) M 0(pintJ0 ) = 0 i there is a ring sequence  for M 0 such that j#BTinJ0 j = j#BToutJ0 j.(4) M 0(pintJ0 ) = 1 i there is a ring sequence  for M 0 such that j#BTinJ0 j = j#BToutJ0 j+ 1.(5) M 0(pintJ0 )  1.(6) 8 p2BP outJ0 :M(p)  1. If 9 p2BP outJ0 :M 0(p)=1, then 8 p02BP outJ0 ; p0 6= p :M(p0)=0.13
Recall that N 0 is the initial Petri net for the system under study and M00 is the initial markingof N 0. Assume RG(N 0;M00) satises B1{B3. Based on the results established so far, by inductionon the number of renement steps, we are able to show that 8N 2 PN : RG(N;M0) preserves theset of properties of RG(N 0;M00) as stated by the following theorem.Theorem 4.6 8N : N 0  N , the following statements are true: Firing Sequence: ES0 = ES#T0. Deadlock: RG(N;M0) is deadlock free i RG(N 0;M00) is deadlock free. Liveness: A transition t 2 T0 is live in RG(N;M0) i it is live in RG(N 0;M00). Input Constraint: RG(N;M0) satises B3. Boundedness: RG(N;M0) is bounded i RG(N 0;M00) is bounded.Therefore, RG(N;M0) also satises conditions B1{B3. As a result, Theorem 4.5 also hold forRG(N;M0).Theorem 4.7 8N : N 0  N , let M be a marking in RG(N 0;M 00). The following statements aretrue for each J 2 LN :(1) M is reachable in RG(N;M0) via a canonical ring sequence w.r.t BNJ .(2) For each ring sequence  of M , j#BToutJ j  j#BTinJ j  j#BToutJ j+ 1.(3) M(pintJ ) = 0 i there is a ring sequence  for M such that j#BTinJ j = j#BToutJ j.(4) M(pintJ ) = 1 i there is a ring sequence  for M such that j#BTinJ j = j#BToutJ j+ 1.(5) M(pintJ )  1.(6) 8 p2BP outJ :M(p)  1. If 9 p2BP outJ :M 0(p)=1, then 8 p02BP outJ ; p0 6= p :M(p0)=0.5 Interconnection RulesWe discuss a set of interconnection rules with which we can provide substantial parallelism whilemaintaining the I/O constraints A1 through A3. These are for sequential, parallel, and loopstructures. For each structure, we provide or specify the inputs and outputs of the interconnectedsystem and a procedure to connect the subsystems. Note that each structure is also a subsystemitself in the sense that it has multiple inputs and outputs and can be used as a building block whenwe construct a larger structure.Denition 5.1 Given an interconnected system J = fJ1; : : : ; Jkg; k  1, each input or output ofJm 2 J is said to be either bounded w.r.t J i it is connected to some input or output of Jn 2 J orfree w.r.t J i it is not bounded w.r.t J , i.e., it is not connected to any input or output of J . Notethat each place in a Petri net Ni can be classied as either bounded or free with respect to N , since14


































- - -Figure 5: A Concatenation using a C-applicable pair and a Sequential StructureNow, we give a sequential construction procedure based on C-applicable pairs:Sequential(J1; : : : ; Jk) :1. (Input) Let the input places of N be P in1 S([ki=2PXini ).2. For each i; 1  i < k, do the following: Devise a set of transitions Ti;i+1 such that there exists a C-applicable pair (fi; gi) withrespect to (P outi nPXouti ; P ini+1nPXini+1 ). Generate arcs from P outi nPXouti to Ti;i+1 and from Ti;i+1 to P ini+1nPXini+1 according to(fi; gi).3. (Output) Let the output places of N be P outk S([k 1i=1 PXouti ).Denition 5.3 A set of places P 0 = fp1; : : : ; png; P 0  P , is singly-activated in a reachable markingM in N = (P; T ) i there exists a place pi 2 P 0 such that M(pi) = 1 and M(pj) = 0 for allpj 6= pi; pj 2 P 0 .Lemma 5.1 Let J = Ji  Ji+1, where the bounded output places of Ni are associated with thebounded input places of Ni+1 by a transition set T and a C-applicable pair (f; g). If the boundedoutput places ofNi, Q = fq1; : : : ; qng, is singly-activated in a reachable markingM in N = NiNi+1,then there exists one and only one enabled transition t in T , and furthermore, by ring t, thebounded input places of Ni+1, P = fp1; : : : ; pmg, becomes a singly-activated set of places in M 0 ,where M [t > M 0 . 16
Proof. Let t = f(qi), where M(qi) = 1. Note that f(qi) should be dened by (i). Then, by ourconstruction, there is an arc from qi to t and no arc goes to t from other than qi in Q by (ii). Sinceqi is the only input place to the transition t and M(qi) = 1, t is the only enabled transition in T inM . By ring t, we have the marking M 0 , i.e., M [t > M 0 . Now, by (iii), we can guarantee that Pis singly-activated in M 0 .Theorem 5.1 Any sequential structure J = J1  : : :  Jk resulting from the procedure Sequentialpreserves A1 through A3 provided that each of the subsystems J1; : : : ; Jk satises A1 through A3.Proof. It suces to show that two subsystems Ji and Ji+1 are interconnected into J = Ji  Ji+1by Sequential(Ji ; Ji+1) while preserving the properties A1 through A3. Then the theorem easilyfollows from the induction on k. By our construction, the inputs and the outputs of J would beP ini [PXini+1 and PXouti [P outi+1, respectively. Assume that at most one of the input places P ini [PXini+1can be activated at any instance of time. We deal with A2 rst. Suppose PXini+1 and PXouti areempty, then J preserves the property since Ji+1 satises A2 under the assumption that Ji+1 guar-antees A1, which is clear from Lemma 5.1. If PXouti is nonempty, then either (i) at most one of theP outi+1 places is produced by the same argument as above or (ii) at most one of the PXouti places isproduced. By A2 of Ji, it is clear that (i) and (ii) are exhaustive and mutually exclusive. SupposePXini+1 is nonempty. Then, by A1 of J and Lemma 5.1, A1 of Ji+1 is preserved. Thus A2 of Ji+1establish A2 of J . For A3, we know that J should produce an output within at most jij+ ji+1j+1steps, where jkj; k = i; i+ 1 is the maximum number of steps required for Nk to reach a markingin which one and only one output of Nk is produced from an initial marking in which one of theinputs of Nk is activated.5.2 Parallel StructureAssume there are k  2 subsystems Ji, modeled by Ni = (Pi; Ti) , 1  i  k, with mi inputs and nioutputs, respectively. We interconnect these subsystems in parallel such that Ji's can be executedconcurrently. Denote the interconnected system J = J1kJ2k : : :kJk and a Petri net modeling thesystem N = (P; T ), where P = (Ski=1 Pi)SXP and T = (Ski=1 Ti)SXT . It should be clear thata parallel structure can be regarded as a set of subsystems whose inputs and outputs are all free.Therefore we only have to provide selectors for inputs and outputs to enforce A1, A2, and A3 ofthe interconnected system.We give a parallel construction procedure with which we can preserve A1 through A3.Parallel(J1 ; : : : ; Jk) : 17
1. (Input/Output) Generate input places Q = fq1; : : : ; qmig ofN . Also, generate correspondingtransitions T in = ft1in; : : : ; tmiin g and arcs A = f(qi; tiin)j1  i  Qki=1mig connecting Qto T in. Generate output places Q0 = fq01; : : : ; q0nig of N . Also, generate correspondingtransitions T out = ft1out; : : : ; tniout g and arcs A0 = f(tiout; q0i)j1  i  Qki=1 nig connecting T outto Q0 .2. Let (pi;1in ; : : : ; pi;miin ) and (pi;1out; : : : ; pi;niout ) be the input places and the output places of Ji, 1 i  k, respectively. Let X = f(p1;x(1)in ; : : : ; pk;x(k)in )j1  x(i)  m(i); 1  i  kg and Y =f(p1;y(1)out ; : : : ; pk;y(k)out )j1  y(i)  n(i); 1  i  kg be their input and output combinations,respectively. Devise a bijection f : T in ! X . For each tiin 2 T in, generate k arcs (tiin; p1;in ); (tiin; p2;in ); : : : ; (tiin; pk;in ) ,where f(tiin) =(p1;in ; p2;in ; : : : ; pk;in ). Devise a bijection g : Y ! T out. For each tiout 2 T out, generate k arcs (p1;out; tiout); (p2;out; tiout); : : : ; (pk;out; tiout) ,where g((p1;out,p2;out; : : : ; pk;out)) = tiout.
-   -   - -   -   -
N N N1 2 k
-   -   - -   -   -
-   -   -
Inputs
Outputs
- - - - - -
- - - - - -Figure 6: Parallel StructureTheorem 5.2 Any parallel construction J = J1k : : :kJk resulting from the procedure Parallelpreserves A1 through A3 provided that each of the subsystems J1; : : : ; Jk satises A1 through A3.18
Proof. Suppose two input places of N are activated at a certain marking of N . Then, by ourconstruction step 2, there exists at least one subnet, say Ni, which has more than one activatedthread by ring the two transitions associated with the two input places of N . For A2, J preservesit by our construction of g and the assumption that J1;    ; Jk satisfy A2. For A3, we know that Jshould produce an output within Pki=1 jij+2 steps, where jij; 1  i  k, is the maximum numberof steps required for Ni to reach a marking in which one and only one output of Ni is producedfrom an initial marking in which one of the inputs of Ni is activated.5.3 Loop StructureAssume there are k  2 subsystems Ji, modeled by Ni = (Pi; Ti) , 1  i  k, with mi inputsand ni outputs, respectively. We interconnect these subsystems to generate a loop which simulatesthe repeated executions of the subsystem(s). Denote the interconnected system J = (J1  J2 : : :  Jk) and a Petri net modeling the system N = (P; T ), where P = (Ski=1 Pi)SXP andT = (Ski=1 Ti)SXT .Denition 5.4 Given a set of subsystems J = fJ1; : : : ; Jkg; k  1, and a subsystem Ji in J , Ji issaid to be an exit w.r.t J i some outputs of Ji are free w.r.t J . Note that a Petri net Ni is an exitw.r.t N i there are some free output places in Pi w.r.t N , since we are modeling a subsystem asa Petri net.Since an innite looping does not make sense, we assume that a loop has the following propertyto enforce a nite number of repetitions of it.Proposition 5.1 A loop structure J is said to have the fairness property i it has at least oneexit Ji such that after a nite number of transition rings, Ji produces a free output w.r.t. J .We give a loop construction procedure with which we can preserve A1 through A3. The con-struction is based on the sequential construction in section 5.1.Loop(J1 ; : : : ; Jk) :1. (Input) Generate input places Q = fq1; : : : ; qjP in1 S([ki=2PXini )jg of N . Also, generate cor-responding transitions T in = ft1in; : : : ; tjP in1 S([ki=2PXini )jin g and arcs A = f(qi; tiin)j1  i jP in1 S([ki=2PXini )jg connecting Q to T in. To trigger the execution of N initially, we need thearcs Atrigger connecting T in to the places P in1 S([ki=2PXini ) in one-to-one manner.2. Call Sequential(J1; : : : ; Jk). 19
-  -  -














-  -  -
-  -  -- -
:
- - 
Figure 7: Loop Structure3. Generate arcs connecting some of the outputs of J1  : : :  Jk to N1 as follow: Let the output places of the sequential structure J1  : : :  Jk resulting from the step 2be P outseq . Choose a set of places P back  P outseq . Note that the places in P back , if any, willbe connected to the input places of J1. if P back is empty, then goto step 4. Devise a set of transitions Tk;1 such that there exists a C-applicable pair (fk; gk) withrespect to (P back ; P in1 ). Generate arcs from P back to Tk;1 and from Tk;1 to P in1 according to (fk ; gk).4. (Output) Let the output places of N be P outseq nP back.Theorem 5.3 Assume that Proposition 5.1 holds. Then any loop construction J = (J1  J2 : : :  Jk) resulting from the procedure Loop preserves A1 through A3 provided that each of thesubsystems J1; : : : ; Jk satises A1 through A3.Proof. By our construction, the inputs J would be Q = fq1; : : : ; qjP in1 S([ki=2PXini )jg. Assume thatat most one of the input places can be activated at any instance of time. Then, by the arcs Atrigger ,there are at most one activated place in P in1 S([ki=2PXini ) at any instance of time. Suppose thesystem produces a certain output in a reachable marking of N . Then the output must be from acertain exit, say, Nx. Since the procedure Loop is based on the procedure Sequential, no concurrent20









































p10: availability of R1





p16: M1, M3, and R1 working









p24: M1 machining a raw material
p25: availability of M1
p26: R1 unloading M1
p27: M3 machining an intermediate A-part
p28: availability of M3




















p31: R1 and R2 assembling A part and B part
p32: R1 and R2 moving the final product to the
        output area
assembly
(d) After the expansion of Box1 in (c) (e) After the expansion of Box0 in (b)














(a) Initial Abstraction (loop)       (b) 2nd Step(sequence)                     (c) 3rd Step(parallel structure)
p0 : start p4: finish
p1: availability of raw material
p2: processing(to be refined)
p3: checking raw material
t3 : delivery of raw material
if there is enough to make
part A and part B
t4: complement of t3
Figure 9: Modeling Process23
p33: M2 machining a raw material
p34: availability of M2
p35: R2 unloading M2 and transferring
        intermediate B-part
p36: M4 machining an intermediate B-part
p37
p38: R2 unloading M4 and moving the part
        to assembly





















Figure 10: The Final Petri net Model of the System
24
Design Automation Conference, pp. 305-311, June 1978.[2] B. H. Krogh and C. L. Beck Synthesis of Place/Transition nets for Simulation and Control ofManufacturing Systems Proc. IFIP Symp. Large Scale Systems, pp. 661-666, August 1986.[3] D. Y. Chao, M. C. Zhou and D. T. Wang Extending the Knitting Techniques to Petri netSynthesis of Automated Manufacturing Systems The Computer Journal, vol. 37, no. 1, pp.67-76, 1994.[4] T. Murata Petri nets: Properties, Analysis, and Applications Proc. IEEE, vol. 77, pp. 541-579,April 1989.[5] I. Koh and F. DiCesare Modular Transformation Methods for Generalized Petri nets and theirApplications in Manufacturing Automation IEEE Trans. Sys.,Man,Cybern., vol. 21, pp. 963-973, 1991.[6] J. L. Peterson Petri nets Computing Surveys, vol. 9, no. 3, pp. 223-252, September 1977.[7] R. Valette Analysis of Petri net by Stepwise Renement J. Comput. Syst. Sci., vol. 18, pp.35-46, 1979.[8] I. Suzuki and T. Murata A Method for Stepwise Renement and Abstraction of Petri nets J.Comput. Syst. Sci., vol. 27, pp. 51-76, 1983.[9] M. C. Zhou and F. DiCesare Parallel and Sequential Mutual Exclusions for Petri net Modelingof Manufacturing Systems with Shared Resources IEEE Trans. Robotics Automat., vol. 7, pp.515-527, 1991.[10] M. C. Zhou and F. DiCesare A Hybrid Methodology for Synthesis of Petri nets for Manufac-turing Systems IEEE Trans. Robotics Automat., vol. 8, pp. 350-361, 1992.[11] M. D. Jeng and F. DiCesare A Review of Synthesis Techniques for Petri nets with Applicationsto Automated Manufacturing Systems IEEE Trans. Sys.,Man,Cybern., vol. 23, pp. 301-312,1993.[12] D. J. Hei, R. S. Hornstein, H. Liu, F. J. LoPinto and R. E. Miller "Faster, Better, Cheaper"Mission Operations Employing a Reusable Object Methodology Proc. 9th AIAA/Utah StateUniv. Conference on Small Satellites, September 1995.25
Appendix: Proofs of Lemmas and TheoremsLemma 3.1 Suppose M1[ >M2 in RG(N;M0). The following statements are true:(1) If j#BT j = 0, then M2(pint) =M1(pint).(2) Suppose  = tiin0, where j0#BT j = 0. Then each transition in 0 is independent of tiin.(3) If j#BToutj = 0, then j#BTinj  1.(4) If j#BToutj = 0, then j#BTinj = 0 i M2(pint) =M1(pint).Proof: (1): j#BT j = 0 implies that no transition in  can aect place pint during the execution.Thus M2(pint) =M1(pint).(2): We show it by induction on k = j0j  1. Denote t1 = tiin.Basis: k = 1. Let 0 = t2. Suppose t1 and t2 are not independent, then t1 \ t2 6= ;. There arefour cases to consider: t1 \ t2 6= ;. In this case, we have t1 = t2. This implies that M1(piin) > 1, which violatesproperty B3 of RG(N;M0). t1 \ t2 6= ;. In this case, we have t2 = tkin. If k = i, then M1(piin) > 1; otherwise M1(piin) 6= 0and M1(pkin) 6= 0. Either case violates property B3 of RG(N;M0). t1 \ t2 6= ;. In this case, t2 is also executable in M1. Executing t2 in M1 will result in amarking M2 in which M2(piin) > 1. This will violate property B3 of RG(N;M0). t1 \ t2 6= ;. In this case, we have t2 = tkout, which is impossible since j0#BT j = 0.Therefore, we must have t1 \ t2 = ;, i.e., t1 and t2 are independent.Induction: Suppose (2) is true for k = k0  1. We want to show for k = k0+1. Denote 0 = t200and M1[t1 >M3[t2 >M4[00 >M2. Then from the proof of the base case, we know that t1 and t2are independent, i.e., M1[t2 >M5[t1 >M4. Hence M5[t100 >M2. By induction hypothesis, eachtransition in 0 is independent of t1. Hence (2) also holds for k = k0 + 1.Therefore, (2) holds for all k  1.(3): By contradiction. Without loss of generality, suppose j#BTinj = 2. Denote  = 0tiin1tjin2,where tiin; tjin 2 BT in. Then 8 l 2 [0::2] : jl#BT j = 0. By (2), tiin is independent of any tran-sition in 1. As a result, M2 is also reachable from M1 via 01tiintjin2 in RG(N;M0). DenoteM1[01 >M3[tiin >M4[tjin2 >M2. Then tiin is enabled in M3 and tjin is enabled in M4. On theother hand, since RG(N;M0) satises B3, we haveM3(piin) = 1 and 8 l 2 [1::m]; l 6= i :M3(plin) = 0.No matter i = j or not, we haveM4(pjin) = 0. In other words, tjin is disabled inM4. A contradiction.Therefore, j#BTinj  1. 26
(4): Suppose j#BTinj = 0. Then j#BT j = 0. From (1), we have M2(pint) = M1(pint). On theother hand, suppose j#BTinj 6= 0. Then from (3), we have j#BTinj = 1. Let tiin; i 2 [1::m], be thetransition from BT in in . Then the execution of tiin will add one more token to pint. However, noother transition in  can delete a token from pint. As a result, we must haveM2(pint) =M1(pint)+1,i.e., M2(pint) 6=M1(pint).Lemma 3.2 Suppose M2 is reachable from M1 via  in RG(N;M0), where M1(pint) = 0. Letk = j#BToutj. Then k  j#BTinj  k + 1. Furthermore, M2 is reachable from M1 in RG(N;M0) via = 01   kk+1 such that the following four conditions hold: (1) j0#BT j = 0. (2) 8 l 2 [1::k] :l = 0lxlyl, where xl is the l-th transition from BT in in , yl is the l-th transition from BT out in ,and j0l#BT j = 0. (3) jk+1#BToutj = 0. (4) #(T nBT ) = #(T nBT ).Proof: Since M1(pint) = 0, by the structure of BN , there must be at least k input transitionsof BN in , and for each l 2 [1::k], the l-th input transition of BN must occur before the the l-thoutput transition of BN in . By Lemma 3.1 (3),  can be written as 01   kk+1 such that (1')j0#BT j = 0. (2') 8 l 2 [1::k] : l = xl0lyl, where xl is the l-th transition from BT in in , yl is thel-th transition from BT out in , and j0l#BToutj = 0. (3') jk+1#BToutj = 0. Let l range from [1::k]. ByLemma 3.1 (3), j0l#BT j = 0 and jk+1#BTinj  1. Thus k  j#BTinj  k + 1.Denote M1[0 >M3[1 >M4   Mk+2[k >Mk+3[k+1 >M2, where 8 l 2 [1::k] : Ml+2[l >Ml+3. Let l=0lxlyl, then by Lemma 3.1 (2),Ml+2[l >Ml+3 in RG(N;M0). Let =01   kk+1.Then M1[ >M2 in RG(N;M0). Clearly,  satises conditions (1){(4).Theorem 3.1 Let M be a marking in RG(N;M0). The following statements are true for eachJ 2 LN :(1) M is reachable in RG(N;M0) via a canonical ring sequence w.r.t BNJ .(2) For each ring sequence  of M , j#BToutJ j  j#BTinJ j  j#BToutJ j+ 1.(3) M(pintJ ) = 0 i there is a ring sequence  for M such that j#BTinJ j = j#BToutJ j.(4) M(pintJ ) = 1 i there is a ring sequence  for M such that j#BTinJ j = j#BToutJ j+ 1.(5) M(pintJ )  1.(6) 8 p2BP outJ :M(p)  1. If 9 p2BP outJ :M(p) = 1, then 8 p02BP outJ ; p0 6= p :M(p0) = 0.Proof: Let J be any node in LN . For simplicity, we drop the subscript J from the proof below.Since M0(pint) = 0, (1) and (2) of the theorem are true by Lemma 3.2. We only need to show(3){(6) of theorem hold.We rst show (3) and (4) of the theorem. From the proof of Lemma 3.2, any ring sequence for M can be written as 01   kk+1 such that the following three conditions hold: (1')27
j0#BT j = 0. (2') 8 l 2 [1::k] : l = xl0lyl, where xl is the l-th transition from BT in in , yl is thel-th transition from BT out in , and j0l#BT j = 0. (3') jk+1#BToutj = 0. Denote 0 = 01   k . Thenj0#BTinj = j0#BToutj = k and jk+1#BTinj  1.Denote M0[0 >M1[k+1 >M . From (1) and (4) of Lemma 3.1, it is not dicult to show, byinduction on k, that M1(pint) = M0(pint) = 0. Thus, to show (3) of the theorem, it suces toshow that M(pint) = 0 i jk+1#BTinj = 0. And this is true by (4) of Lemma 3.1. Similarly, sincejk+1#BTinj  1, to show (4) of the theorem, it suces to show that M(pint) = 1 i jk+1#BTinj = 1.And this is obvious. As a result, we have M(pint)  1, i.e., (5) of the theorem also holds. Notethat M0 satises (6). By induction on the length of a ring sequence for M , it is not dicult toshow that (6) holds for M .Lemma 3.3 Suppose M1[ >M2 in RG(N;M0). Then the following statements are true:(1) Assume M1(pint) = 0. M2(pint) = 0 i j#BTinj = j#BToutj.(2) Assume M1(pint) = 0. M2(pint) = 1 i j#BTinj = j#BToutj+ 1.(3) M2(pint) =M1(pint) i j#BTinj = j#BToutj.Proof: We rst show (1) and (2) of the lemma. Suppose M0[ >M1 in RG(N;M0). Thenby Theorem 3.1, we have j#BTinj = j#BToutj. Let  = . Then M2 is reachable from M0 via in RG(N;M0). By Theorem 3.1, M2(pint) = 0 i j#BTinj = j#BToutj. Thus, M2(pint) = 0 ij#BTinj = j#BToutj. Similarly, we can show (2) of the lemma also holds.Now we show (3) of the lemma. From Theorem 3.1, we know thatM1(pint)  1. We have alreadyshown in (1) of the lemma that (3) holds when M1(pint) = 0. For the case of M1(pint) = 1, denote = tjout, where tjout is the rst transition from BT out in . DenoteM0[0 >M1[tjout >M3[ >M2and 00 = 0tjout. Then by (2), we have j0#BTinj = j0#BToutj+ 1. Hence we must have j#BTinj = 0,i.e. j#BT j = 0. As a result, j00#BTinj = j00#BToutj. By (1), we have M3(pint) = 0. From M3, by(2), we know that M2(pint) = 1 i j#BTinj = j#BToutj + 1. Therefore, (3) also holds for the case ofM1(pint) = 1.Lemma 4.1 SupposeM 01[ >M 02 in RG(N 0;M 00) and j#(BT [WT )j=0. ThenM 02(WP ) =M 01(WP ).If 9M1 2 RG(N;M0) :M1(P nfpintg) =M 01(P nfpintg), then 9M2 2 RG(N;M0) : M1[ >M2 suchthat M2(P nfpintg)=M 02(P nfpintg) and M2(pint)=M1(pint).Proof: Since j#(BT [WT )j=0, it is straightforward that M 02(WP ) =M 01(WP ). We show the restof the lemma by induction on k = jj.Basis: k = 0. The rest of the lemma holds trivially.Induction: Suppose the rest of the lemma holds for k = k0  0. We want to show for k = k0+1.28
Denote  = t0. Then 9M3 2 RG(N 0;M 00) :M 01[t >M 03[0 >M 02. Since t 62 BT[WT , the executionof t only aects places in P n fpintg in M 01. As a result, let M3 be the marking of N such thatM3(P nfpintg) = M 03(P nfpintg) and M3(pint) = M1(pint). Then M3 is reachable from M1 via t inRG(N;M0). Note that j0j = k0. By induction hypothesis, 9M2 2 RG(N;M0) : M3[ > 0M2such that M2(P nfpintg) = M 02(P nfpintg) and M2(pint) = M3(pint). Therefore, M1[ >M2 inRG(N;M0). The rest of the lemma holds for k = k0 + 1.Therefore, the rest of the lemma holds for all k  0.Lemma 4.2 Suppose M 01[ >M 02 in RG(N 0, M 00) such that j#BToutj = 0. If 9M1 2 RG(N;M0) :M1(P nfpintg) =M 01(P nfpintg), then 9M2 2 RG(N;M0) such thatM1[#T >M2 andM2(P nfpintg) =M 02(P nfpintg). Hence j#BTinj  1.Proof: We show the lemma by induction on h = jj.Basis: h = 0. The lemma trivially holds.Induction: Suppose the lemma holds for h = h0  0. We want to show for h = h0+1. Denote  =t. Let M 03 be the marking in RG(N 0;M 00) such thatM 01[ >M 03[t >M 02. By induction hypothesis,there is a marking M3 reachable from M1 via 0 = #T in RG(N;M0) such that M3(P nfpintg) =M 03(P nfpintg). Note that t 62 BT out. Let M2 be a marking of N such that M2(P nfpintg) =M 02(P nfpintg). As for M2(pint), depending on t, there are three cases to consider: (i) t 2 T nBT in.t is also enabled in M3. Set M2(pint) =M3(pint). Then M3[t >M2. (ii) t 2 BT in. t is also enabledin M3. Set M2(pint) = M3(pint) + 1. Then M3[t >M2. (iii) t 2 WT . t has no eect on P . SetM2(pint) =M3(pint). Then M2 =M3. In all cases, we can nd a marking M2 in RG(N;M0) that iseither reachable from M3 via t when t 2 T , or M2 = M3 when t 62 T . As a result, M2 is reachablefrom M1 via #T in RG(N;M0). Since j(#T)#BToutj = 0, by Lemma 3.1, we have j(#T)#BTinj  1, i.e.,j#BTinj  1. The lemma holds for h = h0 + 1.Therefore, the lemma holds for all h  0.Lemma 4.3 Suppose M 01[ >M 02 in RG(N 0;M 00) such that the following conditions hold: (a)M 01(WP ) = WM 00 . (b) 9M1 2 RG(N;M0) : M1(P nfpintg) = M 01(P nfpintg). (c)  = tiin0tjout,where tiin 2 BT in, tjout 2 BT out, and j0#BToutj = 0. Then the following statements are true: (1)j0#BTinj = 0. (2)M 01[tiintjout >M 02 in RG(N 0;M 00), where  = 0#WT is a ring sequence from WM i0to WM jext and  = 0 n  = 0#(T 0 n (BT [WT )). (3) M 02(WP ) = WM 00 . (4) 9M2 2 RG(N;M0) suchthat M1[#T >M2, M2(P nfpintg) =M1(P nfpintg), and M2(pint) =M1(pint).Proof: DenoteM 01[tiin >M 03[0 >M 04[tjout >M 02. Let 00 = tiin0. ThenM 01[00 >M 04 in RG(N;M 00).From condition (c), j00#BToutj = 0. By Lemma 4.2, j00#BTinj  1. Hence j0#BTinj = 0, and thus29
j0#BT j = 0. Denote  = 0#WT and  = 0#(T 0 nWT ). Then  = 0 n  and j#(BT [WT )j = 0. Further-more, each transition in  is independent of each transition in . Thus M 03[ >M 04. In addition,tiin is also independent of any transition in . As a result, M 01[tiintiout >M 02.DenoteM 01[ >M 05[tiin >M 06[ >M 07[tjout >M 02. By Lemma 4.1,M 05(WP ) =M 01(WP ) = WM 00 ,and 9M5 2 RG(N;M0) such that M1[#T >M5, M5(P nfpintg) = M 05(P nfpintg), and M5(pint) =M1(pint). As a result, tiin is also enabled in M5. Since RG(N;M0) satises B3, we haveM5(piin) = 1and 8 l 2 [1::n]; l 6= i : M5(plin) = 0. Thus M 05(piin) = 1 and 8 l 2 [1::n]; l 6= i : M 05(plin) = 0.Therefore, M 06(WP ) = WM i0.Note that  = 0#WT and tjout is enabled inM 07. Since RG(WN;WM i0) satisesW1{W3, we musthaveM 07(WP ) = WM jext and  must be a ring sequence fromWM i0 to WM jext in RG(WN;WM i0).As a result, M 02(WP ) = WM 00 .Let M6(P nfpintg) = M 06(P nfpintg) and M6(pint) = M5(pint) + 1. Then M5[tiin >M6. LetM7(P nfpintg) = M 07(P nfpintg) and M7(pint) = M6(pint). Since j#(T 0 n (BT [WT ))j = 0, we haveM7 =M6. Thus tjout is also enabled in M6. Now let M2(P nfpintg) =M 02(P nfpintg) and M2(pint) =M6(pint)   1. Then M6[tjout >M2 and M2(pint) = M1(pint). Hence in RG(N;M0), M1[ >M5[tiin >M6[tjout >M7. Let 00 = tiintjout. Then 00 = #T . Therefore, 9M2 2 RG(N;M0) such thatM1[#T >M2;M2(P nfpintg) =M 02(P nfpintg), and M2(pint) =M1(pint).Lemma 4.4 Suppose M 02 is reachable from M 01 via  in RG(N 0;M 00) such that M 01(WP ) =WM 00 . Suppose also that 9M1 2 RG(N;M0) such that M1(P nfpintg) = M 01(P nfpintg). Letk = j#BToutj. Then k  j#BTinj  k + 1. Furthermore, M 02 is reachable from M 01 in RG(N 0;M 00)via  = 01   kk+1 such that the following four conditions are satised: (1) j0#(BT [WT )j = 0.(2) 8 l 2 [1::k] : l = xllyl0l, where (a) xl is the l-th transition from BT in in , denoted asxl = tiin; i 2 [1::m]; (b) yl is the l-th transition from BT out in , denoted as yl = tjout; j 2 [1::n]; (c)l is a ring sequence from WM i0 to WM jext in RG(WN;M i0); and (d) j0l#(T 0 n (BT [WT ))j = 0. (3)k+1#BTout = . (4) #(T 0 n(BT [WT )) = #(T 0 n(BT [WT )).Proof: We show the lemma by induction on k.Basis: k = 0. Let 0 =  and 1 = . By Lemma 4.2, j#BTinj  1. The lemma holds.Induction: Suppose the lemma holds for k = k0  0. We want to show for k = k0 + 1.Since M 01(WP ) = WM 00 , by construction of N 0 from BN and WN in N , the rst transition fromBT in must appear before any transition from BT out [WP in . Denote  = 0tiin1tjout0, wheretiin; i 2 [1::m], is the rst transition from BT in in  and tjout; j 2 [1::n], is the rst transition fromBT out in . Thus j0#(BT [WT )j = 0 and j1#BToutj = 0.Let M 01[0 >M 03[tiin1tjout >M 04[0 >M 02. By Lemma 4.1, we have M 03(WP ) = M 01(WP ) =WM 00 . Furthermore, 9M3 2 RG(N;M0) such thatM3(P nfpintg) =M 03(P nfpintg). By Lemma 4.3,30
M 04(WP ) = M 03(WP ) = WM 00 . Moreover, M 04 is also reachable from M 03 via 00tiin1tjout such that00 = 1#(T 0 n (BT [WT )), 1 = 1#WT = 1 n 00, and 1 is a ring sequence from WM i0 to WM jext inRG(WN;WM i0). Let 0 = 000 and 00 = 0tiin1tjout. Then 0 = 00#(T 0 n (BT [WT )), M 04 is reachablefrom M 01 via 0tiin1tjout, and M 02 is reachable from M 04 via 0 in RG(N 0;M 00).Note that M 04(WP ) = WM 00 and j0#BToutj = k0. By induction hypothesis, M 02 is also reachablefromM 04 via 0 = 012   kk+1 such that j01#T 0 n (BT [WT ))j = 0, jk+1#BToutj = 0, and 8; l 2 [2::k] : lsatises condition (2) of the lemma. Now, let x1 = tiin, y1 = tjout, 1 = x11y101, and  = 010.Then 1 also satises condition (2) of the lemma. As a result, M 01[ >M 02 in RG(N 0;M 00) and satises conditions (1){(3) of the lemma. Since 0 = 00#(T 0 n (BT [WT )), 0 = 0#(T 0 n (BT [WT )), and = 000,  also satises condition (4) of the lemma. In addition, by induction hypothesis, we havek0  j0#BTinj  k0+ 1. Hence k  j#BTinj  k+1. As a result, the lemma also holds for k = k0+1.Therefore, the lemma holds for all k  0.Lemma 4.5 Suppose M 01[ >M 02 in RG(N 0;M 00), where M 01(WP ) =WM 00 . Then M 02(WP ) =WM 00 i j#BTinj = j#BToutj.Proof: By Lemma 4.4,M2 is also reachable fromM1 via  = 01   kk+1 such that conditions(1){(4) of Lemma 4.4 hold. Note that #BTin = #BTin and #BTout = #BTout. As a result, we onlyneed to show the lemma for the case when  = .Let M 01[0 >M 03[1 > : : : M 0k+2[k >M 0k+3[k+1 >M 02, where 8 l 2 [1::k] : M 0l+2[l >M 0l+3. ByLemma 4.1, we have M 03(WP ) = M 01(WP ). By Lemma 4.3, we have M 0l+2(WP ) = M 0l+3(WP )for each l 2 [1::k]. By induction on k, it is obvious that M 0k+3(WP ) = M 01(WP ) = WM 00 and9Mk+3 2 RG(N;M0) : Mk+3(P nfpintg) = M 0k+3(P nfpintg). Let 0 = 01   k. Then j0#BTinj =j0#BToutj. In addition, we know that jk+1#BTout j = 0. Thus to prove the lemma, it suces to showthat M 02(WP ) = WM 00 i jk+1#BTinj = 0.Suppose jk+1#BTinj = 0. By Lemma 4.1, we have M 02(WP ) = M 01(WP ) = WM 00 . Supposejk+1#BTinj 6= 0. By Lemma 4.2, we have jk+1#BTinj  1. Thus jk+1#BTinj = 1. Denote k+1 = 0tiin1,where tiin; i 2 [1::m], is the only transition from BT in in k+1. Then j0#BT j = j1#BT j = 0. Moreover,since M 0k+3(WP ) = WM 00 , we also have j0#WT j = 0. Let  = 1#WT and 0 = 1 n . Then0 = 1#(T 0 n (BT [WT )). Therefore, any transition in  is independent of any transition in 0 and tiin isindependent of any transition in 0. As a result,M 02 is also reachable fromM 0k+3 via 00tiin. SupposeM 0k+3[00 >M 0k+4[tiin >M 0k+5[ >M 02. Since j(00)#(BT [WT )j = 0, by Lemma 4.1, M 0k+4(WP ) =M 0k+3(WP ) = WM 00 . As a result, we have M 0k+5(WP ) = WM i0. Now that M 02(WP ) = WM 00 andall transitions in  are from WT , there must be a marking WM in RG(WN;WM i0) that is not anexit marking and has no outgoing transitions, contradicting the fact that RG(WN;WM i0) satisesW2. Thus M 02(WP ) 6= WM 00 . Hence M 02(WP ) = WM 00 i jk+1#BTinj = 0. Therefore, the lemma31
holds.Theorem 4.2 Let M 0 be a marking in RG(N 0;M 00). The following statements are true:(1) M 0 is reachable in RG(N 0;M 00) via a canonical ring sequence w.r.t WN .(2) j#BToutj  j#BTinj  j#BToutj+ 1 for each ring sequence  of M 0.(3) M 0(P nfpintg) = WM 00 i there is a ring sequence  of M 0 such that j0#BTinj = j0#BToutjLemma 4.6 SupposeM 01[0 >M 02 in RG(N 0;M 00), whereM 01(WP ) = WM 00 . If 9M1 2 RG(N;M0)such that M1(P nfpintg) = M 01(P nfpintg) and M1(pint) = 0, then 9M2 2 RG(N;M0) : M1[ >M2such that M2(P nfpintg) =M 02(P nfpintg) and  = 0#T .Proof: We show the lemma by induction on h = j0j.Basis: h = 0. The lemma holds trivially.Induction: Suppose the lemma holds for h = h0  0. We want to show for h = h0 + 1. Denote0 = 0t and M 01[0 >M 03[t >M 02. Then j0j = h0. By induction hypothesis, 9M3 2 RG(N;M0) :M1[ >M3 such thatM3(P nfpintg) =M 03(P nfpintg) and  = 0#T . LetM2(P nfpintg) =M 02(P nfpintg).As for M2(pint), there are four cases to consider:(i) t 2 BT in. Then t is also enabled in M3. Set M2(pint) = M3(pint) + 1. Then M3[t >M2in RG(N;M0). Note that in this case, M3(pint) = 0. Otherwise, since M1(pint) = 0, byLemma 3.2, j0#BTinj = j0#BToutj+ 1. Then j0#BTinj = j0#BToutj+ 2, contradicting Lemma 4.4.(ii) t 2 BT out. Then t is also enabled in M3. As a result, we have M3(pint) > 0. By Theo-rem 3.1 (3), we must have M3(pint) = 1. Set M2(pint) = 0.(iii) t 2 WT . Then the execution of t has no eect on any place in P . Set M2(pint) =M3(pint).Then M2 =M3.(iv) t 2 T 0 n (BT [WT ). Then the execution of t has no eect on pint. SetM2(pint) =M3(pint).In all cases, 9M2 2 RG(N;M0) such that M3 = M2 when t 2 WT ; or M3[t >M2 otherwise. Asa result, let  = 0#T , then M1[ >M2 and M2(P nfpintg) = M 02(P nfpintg). The lemma holds forh = h0 + 1.Therefore, the lemma holds for all h  0.Lemma 4.7 Suppose M1[ >M2 in RG(N;M0), where M1(pint)= 0. If 9M 012RG(N 0;M 00) suchthat M 01(P nfpintg) =M1(P nfpintg) and M 01(WP ) = WM 00 , then 9M 022RG(N 0;M 00) :M 01[0 >M 02such that M 02(P nfpintg) =M2(P nfpintg) and 0#T = .32
Proof: We show the lemma by induction on k = j#BToutj.Basis: k = 0. We claim, by induction on h = jj, that 9M 02 2 RG(N 0;M 00) such thatM 01[ >M 02and M 02(P nfpintg) =M2(P nfpintg).Basis: h = 0. The claim holds trivially.Induction: Suppose the claim holds for h = h0  0. We want to show for h = h0+1.Denote  = t and M1[ >M3[t >M2. By induction hypothesis, 9M 03 2 RG(N 0;M 00)such that M 01[ >M 03 and M 03(P nfpintg) = M3(P nfpintg). Thus t is also enabled inM 03. Let M 02(P nfpintg) =M2(P nfpintg). There are two cases to consider: (i) t 2 BT in.Then j#(BT [WT )j = 0. By Lemma 4.1, we have M 03(WP ) = M 01(WP ) = WM 00 . LetM 02(WP ) = WM i0. (ii) t 62 BT in. Then t has no eect on places in WP . LetM 02(WP ) =M 03(WP ). In both cases, M 01[ >M 02 in RG(N 0;M 00). The claim holds for h = h0 + 1.Therefore the claim holds for all h  0.Let 0 = . Then 0 = #T . The lemma holds for k = 0.Induction: Suppose the lemma holds for k = k0  0. We want to show for k = k0 + 1. Fromthe proof of Lemma 3.2,  can be written as 0tiin1tjout, where (a) tiin; i 2 [1::m], is the rsttransition from BT in in , (b) tjout; j 2 [1::n], is the rst transition from BT out in , (c) j0#BTout j =j1#BToutj = 0, and (d) j#BTinj = j#BToutj = k0. Let  = 0tiin1tjout. Denote M1[ >M3[ >M2. Let0 = 01tiintjout. Since tiin is independent of any transition in 1, we also have M1[0 >M3[ >M2in RG(N;M0).Denote M1[0 >M4[1 >M5[tiin >M6[tjout >M3. By the result established in the base case,9M 04 2 RG(N 0;M 00) :M 01[0 >M 04 andM 04(P nfpintg) =M4(P nfpintg). By Lemma 4.5,M 04(WP ) =WM 00 . By Theorem 3.1, M4(pint) = 0. Similarly, we have M5(pint) = 0 and 9M 05 2 RG(N 0;M 00) :M 04[1 >M 05 such that M 05(P nfpintg) =M5(P nfpintg) and M 05(WP ) = WM 00 .Note that tiin being enabled inM5 implies that it is also enabled inM 05. LetM 06 be a marking inN 0such thatM 06(P nfpintg) =M6(P nfpintg) andM 06(WP ) = WM i0. ThenM 05[tiin >M 06 in RG(N 0;M 00).Let M 07 be a marking in N 0 such that M 07(WP ) = WM jext, M 07(P nfpintg) =M 06(P nfpintg), and 2be a ring sequence from WM i0 to WM jext in RG(WN;WM i0). Then M 06[2 >M 07 in RG(N 0;M 00).Let M 03 be a marking in N 0 such that M 03(P nfpintg)=M3(P nfpintg) and M 03(WP ) = WM 00 , thenM 06[tjout >M 03 in RG(N;M 00). Moreover, M5(pint) = 0 implies that M3(pint) = 0. As a result,M 01[01tiin2tjout >M 03 in RG(N 0;M 00). Let 00 = 0tiin12tjout. Since any transition in 1 is indepen-dent of tiin, we also have M 01[00 >M 03 in RG(N 0;M 00). Clearly, 00#T = .Now we have M3 2 RG(N;M0) such that M3[ >M2, M3(pint) = 0, and j#BTinj = j#BToutj =k0. In addition, 9M 03 2 RG(N 0;M 00) such that M 03(P nfpintg) = M3(P nfpintg) and M 03(WP ) =WM 00 . By induction hypothesis, 9M 02 2 RG(N 0;M 00) : M 03[0 >M 02 such that M 02(P nfpintg) =33
M2(P nfpintg) and 0#T = . Let 0 = 000. Then M 01[0 >M 03 in RG(N 0;M 00) and 0#T = . Hencethe lemma holds for k = k0 + 1.Therefore, the lemma holds for all k  0.Theorem 4.4 Given Petri nets N  N 0. Let RG(N;M0) and RG(N 0;M 00) be the correspondingreachability graphs of N and N 0, respectively. The following statements are true: Deadlock: RG(N;M0) is deadlock free i RG(N 0;M 00) is deadlock free. Liveness: A transition t 2 T is live in RG(N;M0) i it is live in RG(N 0;M 00). Input Constraint: RG(N 0;M 00) satises B3. Boundedness: RG(N 0;M 00) is bounded i RG(N;M0) is bounded.Proof: Deadlock: Suppose M is a deadlock marking in RG(N;M0). Let  be a ring sequencefor M . Then no transition in T is enabled in M . In particular, M(pint) = 0. By Theorem 3.1,j#BTinj = j#BToutj. By Theorem 4.3, there is a marking M 0 in RG(N 0;M 00) reachable via 0 suchthat M 0(P nfpintg) = M(P nfpintg) and 0#T = . Thus no transition from T n BT out is enabledin M 0. Moreover, j0#BTinj = j0#BToutj. By Lemma 4.5, M 0(WP ) = WM 00 . Thus no transitionfrom BT out [WT is enabled in M 0 either. Hence, M 0 is a deadlock marking in RG(N 0;M 00). Onthe other hand, suppose M 0 is a deadlock marking in RG(N 0;M 00). Let M be a marking of Nsuch that M(P nfpintg) = M 0(P nfpintg) and M(pint) = 0. By similar argument, we can also showM 2 RG(N;M0).Liveness: Suppose a transition t 2 T is enabled in M 2 RG(N;M0). Let M [t >M1 inRG(N;M0) and  be a ring sequence for M . Then t is a ring sequence for M1. By Theo-rem 4.3, there is a marking M 01 2 RG(N 0;M 00) reachable via 0 such that 0#T = . As a result, tis also enabled in some marking M 0 in RG(N 0;M 00) in the path 0 from M 00 to M 01. On the otherhand, suppose t 2 T is enabled in M 0 2 RG(N 0;M 00). By similar argument, we can also show thatt is enabled in some M 2 RG(N;M0). As a result, a transition t 2 T is enabled in RG(N;M0) iit is enabled in RG(N 0;M 00).Input Constraint: Note that B3 holds for each J 0 2 LN n fJg in RG(N 0;M 00). Otherwise, byTheorem 4.3, B3 will not hold in RG(N;M0). By the same argument, we observe that B3 is alsotrue for places in BP in. Hence it is also true for places in WP in. By Theorem 4.1, it follows B3also holds for places in BP inJ0 for each BNJ0 2 WN . Therefore, B3 is true for RG(N 0;M 00).Boundedness: Note that although we assume B1{B3 hold for RG(N;M0), the proofs of lemmasand theorems in Section 3 does not depend on B1 being true. Suppose RG(N;M0) is bounded. Thenthe token count of each place p 2 (P n fpintg) must be bounded in RG(N 0;M 00) by Theorem 4.3.34
Moreover, B3 being true for places in BP in implies that it is also true for places in WP in . ByTheorem 4.1, each place in WP is also bounded since RG(WN;WM i0) satises W1{W3. Thus,each place in P 0 is bounded in RG(N 0;M 00). Similarly, we can also show that the boundedness ofRG(N 0;M 00) implies the boundedness of RG(N;M0).
35
