A Synthesis Method for Designing Shared-Resource Systems by Cheung, King Sing
Computing and Informatics, Vol. 24, 2005, 629–653
A SYNTHESIS METHOD FOR DESIGNING
SHARED-RESOURCE SYSTEMS
King Sing Cheung
SCE, Hong Kong Baptist University
Kowloon Tong, Hong Kong
e-mail: cheungks@hkbu.edu.hk
Manuscript received 18 November 2004; revised 14 November 2005
Communicated by José C. Cunha
Abstract. In system synthesis, one needs to derive from a given set of processes
a system design which reflects exactly the functionalities of the processes and is
free from erroneous situations such as deadlock and capacity overflow. This is
especially important for shared-resource systems, in which errors are easily induced
because of the sharing of common resources among different competing processes.
In this paper, a synthesis method is proposed for designing shared-resource systems.
It begins with specifying the given processes as augmented marked graphs. These
augmented marked graphs are then synthesized through the fusion of common places
which represents the shared resources. The net so obtained serves to represent the
integrated system which reflects exactly the functionalities of the processes in the
sense that the event sequences as well as the pre-conditions and post-conditions of
each event occurrence are preserved. Based on the known properties of augmented
marked graphs, the system properties such as liveness, boundedness and reversibility
can be analysed effectively. The method is applied to manufacturing system design.
Promising results are obtained.
Keywords: System synthesis, shared-resource system, Petri net, augmented mar-
ked graph
1 INTRODUCTION
Shared-resource systems generally refer to systems which possess some resources
shared among different asynchronous processes. As the same resources are shared
630 K. S. Cheung
among different competing processes, deadlocks may occur if the system is not care-
fully designed. Typically, a system is designed, basing on the functional requirements
given by end-users as a set of processes. It is essentially required that, not only re-
flecting exactly the functionalities of the given processes, the design should also be
correct in the sense that erroneous situations such as deadlock and capacity overflow
would never occur.
The design process begins with elaborating the given processes as event traces or
sequences. A system design is then derived from these event traces or sequences. In
practice, without a rigorous and systematic method it is difficult to ensure that the
design is correct and consistent, and verification is therefore required. For design
correctness, it is necessary to check if any possible deadlock or capacity overflow
would occur. For design consistency, all processes have to be walked through. The
task is very time-consuming. In this paper, we propose a synthesis method to solve
the problem effectively.
In the literature, there exist methods which derive a system design from a set
of processes or event sequences. Graubmann proposed a method for constructing
an elementary system from event traces, where the states and state transitions are
deduced from the dependency among events [1]. Smith also proposed a method for
constructing a condition-event system from a set of occurrence nets through the
notion of quotient nets [2]. Hiraishi proposed a method for constructing a Petri
net from a set of firing sequences, based on some dependency relation extracted
from the firing sequences [3]. Bordeleau proposed a method that takes a traceable
progression from use cases to object-based state machines [4, 5].
Chao introduced a synthesis method using knitting techniques [6, 7]. The
starting point of Chao’s method is a single process modelled by a set of close-
loop sequentially-connected places and transitions with a marked home place. Pro-
cesses are then appended in accordance with some synthesis rules, so that a live,
bounded and reversible system can be obtained. Jeng proposed a synthesis method
through the fusion of transitions and transition subnets [8, 9]. In Jeng’s method,
a system is obtained through the composition of modules represented by some spe-
cific nets called resource control nets. Interactions among resource control nets
are represented by common transitions or transition subnets. The integrated net
is bounded and conservative. A sufficient condition for structural liveness is de-
rived.
Among the above methods, bottom-up synthesis is generally adopted in creating
a system design from its processes, scenarios or component modules. Petri-net-
based synthesis is the promising one that allows for rigorous analysis on the system
properties. However, in many of these methods there is still a lack of formal and
systematic procedures for deriving an integrated system design which is consistent
with the processes or scenarios. Besides, the liveness, boundedness and reversibility
of the outcoming system cannot be attained unless under some specific conditions
and synthesis rules or procedures.
In this paper, based on augmented marked graphs, a method is proposed for
synthesizing a shared-resource system from a given set of processes. The method
A Synthesis Method for Designing Shared-Resource Systems 631
begins with specifying the processes as augmented marked graphs. These augmented
marked graphs are synthesized through the fusion of common places which represents
the shared resources. The net so obtained serves to represent the integrated system
which reflects exactly the functionalities of the processes. The system properties can
be analysed by making use of the known properties of augmented marked graphs.
It will be shown how the method can be applied to the design of manufacturing
systems which are typically shared-resource systems.
As a sub-class of Petri nets, augmented marked graphs possess a structure which
is desirable for modelling shared resources. However, they have not been studied
extensively. Chu first introduced augmented marked graphs and found some siphon-
based properties pertaining to their liveness and reversibility [10]. We earlier pro-
posed a number of new characterisations for live and reversible augmented marked
graphs, where cycle-based characterisationswere introduced [11, 12]. We now consol-
idate and extend the known properties of augmented marked graphs, develop a for-
mal synthesis method where these properties can be effectively used for analysing
the liveness, boundedness and reversibility of the outcoming system, and apply the
synthesis method to manufacturing system design.
The rest of this paper is briefly structured as follows. Section 2 provides the
preliminaries to be used in this paper. Section 3 introduces augmented marked
graphs and their properties. In Section 4, the proposed synthesis method is described
in details. Section 5 then presents its application to manufacturing system design.
Section 6 concludes the results.
2 PRELIMINARIES
This section provides the preliminaries to be used in this paper for those readers
who are not familiar with Petri nets [13–15].
A place-transition net (PT-net) is a bipartite graph consisting of two sorts of
nodes called places and transitions, such that no arcs connect two nodes of the same
sort. In graphical notation, a place is represented by a circle, a transition by a box,
and an arc by a directed line. A Petri net is a PT-net where tokens are assigned to
its places.
Definition 1. A place-transition net (PT-net) is a 4-tuple N = 〈P, T, F,W 〉, where
P is a set of places, T is a set of transitions, F ⊆ (P ×T )∪ (T ×P ) is a flow relation
and W : F → {1, 2, . . .} is a weight function. N is said to be ordinary if and only if
the range of W is {1}.
An ordinary PT-net is usually written as 〈P, T, F 〉. In the rest of this paper,
unless specified otherwise, all PT-nets are ordinary.
Definition 2. Let N = 〈P, T, F,W 〉 be a PT-net. For x ∈ (P ∪ T ), •x = {y |
(y, x) ∈ F} and x• = {y | (x, y) ∈ F} are called the pre-set and post-set of x,
respectively. For X = {x1, x2, . . . , xn} ⊆ (P ∪ T ),
•X = •x1 ∪
•x2 ∪ . . . ∪
•xn and
X• = x•1 ∪ x
•
2 ∪ . . .∪ x
•
n are called the pre-set and post-set of X, respectively.
632 K. S. Cheung
Definition 3. For a PT-net N = 〈P, T, F,W 〉, a path is a sequence of nodes
〈x1, x2, . . . , xn〉, where (xi, xi+1) ∈ F for i = 1, 2, . . . , n − 1. A path is said to
be elementary if and only if it does not contain the same node more than once.
Definition 4. For a PT-net N = 〈P, T, F,W 〉, a cycle is a sequence of places
〈p1, p2, . . . , pn〉 such that ∃t1, t2, . . . , tn ∈ T : 〈p1, t1, p2, t2, . . . , pn, tn〉 forms an ele-
mentary path and (tn, p1) ∈ F .
For a PT-net where tokens are assigned to its places, the token distribution over
its places is denoted by a marking.
Definition 5. For a PT-net N = 〈P, T, F,W 〉, a marking is a function M : P →
{0, 1, 2, . . .}, where M(p) is the number of tokens in p. (N,M0) represents N with
an initial marking M0.
Definition 6. For a PT-net N = 〈P, T, F,W 〉, a transition t is said to be enabled
at a marking M if and only if ∀p ∈ •t : M(p) ≥ W (p, t). On firing t, M is changed
to M ′ such that ∀p ∈ P : M ′(p) = M(p)−W (p, t)+W (t, p). In notation,M [N, t〉M ′
or M [t〉M ′.
Definition 7. For a PT-net (N,M0), a sequence of transitions σ = 〈t1, t2, . . . , tn〉
is called a firing sequence if and only if M0 [t1〉 . . . [tn〉Mn. In notation, M0[N, σ〉Mn
or M0[σ〉Mn.
Definition 8. For a PT-net (N,M0), a marking M is said to be reachable if and
only if there exists a firing sequence σ such that M0[σ〉M . In notation, M0[N, ∗〉M
or M0[∗〉M . [N,M0〉 or [M0〉 represents the set of all reachable markings of (N,M0).
Liveness, boundedness, safeness and reversibility are well known properties of
Petri nets for describing the robustness of a system. Liveness implies deadlock
freeness. Boundedness and safeness refer to the property that the system is free
from capacity overflow. Reversibility refers to the capability of being reinitialised
from any reachable state.
Definition 9. For a PT-net (N,M0), a transition t is said to be live if and only
if ∀M ∈ [M0〉, ∃M
′ : M [∗〉M ′[t〉. (N,M0) is said to be live if and only if every
transition is live.
Definition 10. For a PT-net (N,M0), a place p is said to be k-bounded if and only
if ∀M ∈ [M0〉 : M(p) ≤ k, where k is a positive integer. (N,M0) is said to be
bounded if and only if every place is k-bounded, and safe if and only if every place
is 1-bounded.
Definition 11. A PT-net (N,M0) is said to be reversible if and only if ∀M ∈ [M0〉 :
M [∗〉M0.
Figure 1 shows a PT-net (N,M0), where every transition is live and every place
is 1-bounded. (N,M0) is live, bounded, safe and reversible.



























p1 p2 p3 p4 
p5 
p6 p7 p8 
p9 p10 p11 
p12 
p13 p14 p15 p16 
t2 t3 t4 
t5 t6 t7 t8 t9 t10 
t11 t12 t13 
t14 
Fig. 1. A live, bounded, safe and reversible PT-net
3 AUGMENTED MARKED GRAPHS
This section describes augmented marked graphs and some major properties of aug-
mented marked graphs reported in the literature.
Definition 12 ([10]). An augmented marked graph (N,M0;R) is a PT-net (N,M0)
with a specific subset of places R, satisfying the following conditions: (a) Every place
in R is marked by M0. (b) The net (N
′,M ′0) obtained from (N,M0;R) by removing
the places in R and their associated arcs is a marked graph. (c) For each r ∈ R,
there exist kr ≥ 1 pairs of transitions Dr = {〈ts1, th1〉, 〈ts2, th2〉, . . . , 〈tskr, thkr〉} such
that r• = {ts1, ts2, . . . , tskr} ⊆ T and
•r = {th1, th2, . . . , thkr} ⊆ T and that, for each
〈tsi, thi〉 ∈ Dr, there exists in N
′ an elementary path ρri connecting tsi to thi. (d) In
(N ′,M ′0), every cycle is marked and no ρri is marked.
Figure 2 shows an augmented marked graph (N,M0;R), where R = {r1, r2},
Dr1 = {〈t1, t10〉, 〈t2, t8〉} and Dr2 = {〈t1, t10〉, 〈t3, t9〉}.
Chu found a number of properties for augmented marked graphs, pertaining to
their liveness and reversibility, based on siphons [10]. We earlier extended Chu’s
results and proposed new characterisations for live and augmented marked graphs,
including a cycle-inclusion property [11, 12]. Huang investigated the composition of
augmented marked graphs [16]. All these properties are summarised as follows.



























p9   p10 
 
t7  
p6 t5 p1  
Fig. 2. An augmented marked graph
Definition 13. For a PT-net (N,M0), a set of places S is called a siphon if and
only if •S ⊆ S•. S is said to be minimal if and only if there does not exist another
siphon S ′ in N such that S ′ ⊂ S. S is said to be empty at a marking M ∈ [M0〉 if
and only if S contains no tokens marked by M .
Definition 14. For a PT-net (N,M0), a set of places Q is called a trap if and only
if Q• ⊆ •Q. Q is said to be maximal if and only if there does not exist another
trap Q′ in N such that Q ⊂ Q′. Q is said to be marked at a marking M ∈ [M0〉 if
and only if Q contains a place marked by M .
Property 1 ([10]). An augmented marked graph is live if and only if it does not
contain any potential deadlock. (Note: According to [10], a potential deadlock is
a siphon which would eventually become empty.)
Property 2 ([10]). An augmented marked graph is reversible if it is live.
Property 3 ([10]). An augmented marked graph (N,M0;R) is live and reversible
if every minimal siphon, which contains at least one place of R, contains a trap
marked by M0.
In our earlier works, we derived new characterisations for live and reversible
augmented marked graphs [11, 12]. In particular, we introduced a cycle-inclusion
property and proposed cycle-based characterisations which are different from the
siphon-based characterisations. With the cycle-inclusion property, the checking of
liveness and reversibility can be based on cycles instead of siphons.
A Synthesis Method for Designing Shared-Resource Systems 635
Property 4 ([11]). An augmented marked graph (N,M0;R) is live and reversible
if and only if no minimal siphons, which contain at least one place in R, eventually
become empty.
For the augmented marked graph (N,M0;R), where R = {r1, r2}, shown in Fig-
ure 2, there are eight minimal siphons which contain r1 or r2 : {r1, p2, p4, p6, p7, p9},
{r1, p2, p4, p6, p7, p10}, {r1, p3, p4, p6, p7, p8}, {r1, p3, p4, p6, p7, p10}, {r2, p2, p5, p5, p8,
p9}, {r2, p2, p5, p6, p8, p10}, {r2, p3, p5, p6, p8, p9} and {r2, p3, p5, p6, p8, p10}. These
minimal siphons would never become empty. According to Property 4, (N,M0;R)
is live and reversible.
Definition 15. Let N = 〈P, T, F,W 〉 be a PT-net. For a set of cycles Y ⊆ ΩN ,
P [Y ] denotes the set of places contained in Y . T [Y ] = •P [Y ] ∩ P [Y ]• denotes the
set of transitions generated by Y .
Definition 16 ([17]). For a PT-net N = 〈P, T, F,W 〉, an elementary path ρ =
〈x1, x2, . . . , xn〉 is said to be conflict-free if and only if, for any transition xi in ρ,
j 6= (i− 1) ⇒ xj /∈
•xi.
Definition 17. For a PT-net N = 〈P, T, F,W 〉, a set of cycle Y ⊆ ΩN is said to be
conflict-free if and only if, for any q, q′ ∈ P [Y ], there exists in Y a conflict-free path
from q to q′.
Figure 3 shows a PT-net N = 〈P, T, F,W 〉. Consider γ1, γ2, γ3 ∈ ΩN [p3], where
γ1 = 〈p3, p2, p7〉, γ2 = 〈p3, p4〉 and γ3 = 〈p3, p1, p6, p10, p8〉. Y1 = {γ1, γ2} is conflict-
free as for any q, q′ ∈ P [Y1], there exists in Y1 a conflict-free path from q to q
′.
Y2 = {γ2, γ3} is not conflict-free. Consider p4, p8 ∈ P [Y2]. p4 is connected to p8 via
only one path ρ = 〈p4, t5, p3, t1, p1, t3, p6, t6, p10, t9, p8〉 in Y2, where ρ is not conflict-
free because p4, p8 ∈
•t5.
Definition 18 ([12]). For a PT-netN = 〈P, T, F,W 〉, a place p is said to satisfy the
cycle-inclusion property if and only if for any Y ⊆ ΩN [p] such that Y is conflict-free,
•p ⊆ T [Y ] ⇒ p• ⊆ T [Y ].
For the PT-net = 〈P, T, F,W 〉 shown in Figure 4, places p3, p4, p5, p6, p7, p8, p9,
p10, p11 and p12 satisfy the cycle-inclusion property. For example, for p8, ΩN [p8] =
{γ81, γ82, γ83, γ84, γ85} where γ81 = 〈p8, p1〉, γ82 = 〈p8, p2, p4〉, γ83 = 〈p8, p2, p9, p1〉,
γ84 = 〈p8, p1, p5, p9, p2, p4〉 and γ85 = 〈p8, p1, p6, p10, p2, p4〉. For any Y8 ⊆ ΩN [p8]
such that Y8 is conflict-free,
•p8 = {t4} ⊆ T [Y8] and p
•
8 = {t7} ⊆ T [Y8]. Hence,
p8 satisfies the cycle-inclusion property. The same property applies to p3, p4, p5, p6,
p7, p9, p10, p11 and p12.
Places p1 and p2 do not satisfy the cycle-inclusion property. For p1, let Y1 =
{γ11, γ12} ⊆ ΩN [p1], where γ11 = 〈p1, p8〉 and γ12 = 〈p1, p8, p2, p9〉. Y1 is conflict-free
and T [Y1] = {t4, t5, t7, t8}. Since
•p1 = {t7, t8} ⊆ T [Y1] and p
•
1 = {t2, t4}6⊂T [Y1], p1
does not satisfy the cycle-inclusion property. For p2, let Y2 = {γ21, γ22} ⊆ ΩN [p2],
where γ21 = 〈p2, p9〉 and γ22 = 〈p2, p9, p1, p8〉. Y2 is conflict-free and T [Y2] =





















Fig. 3. Illustration of Conflict-Free Cycles
t1  
















p11  p12  
Fig. 4. Illustration of Cycle-Inclusion Property
{t4, t5, t7, t8}. Since
•p2 = {t7, t8} ⊆ T [Y2] and p
•
2 = {t1, t5}6⊂T [Y2], p2 does not
satisfy the cycle-inclusion property.
Property 5 ([12]). An augmented marked graph (N,M0;R) is live and reversible
if every place in R satisfies the cycle-inclusion property.
For the augmented marked graph (N,M0;R), where R = {r1, r2}, shown in Fi-
gure 2, both r1 and r2 satisfy the cycle-inclusion property. By Property 5, (N,M0;R)
is live and reversible.
A Synthesis Method for Designing Shared-Resource Systems 637
Property 6. Let (N1,M10;R1) and (N2,M20;R2) be two augmented marked graphs,
where R′1 = {r11, r12, . . . , r1k} ∈ R1 and R
′
2 = {r21, r22, . . . , r2k} ∈ R2 are the com-
mon places that r11 and r21 are to be fused into one single place r1, r12 and r22 into
r2, . . . , r1k and r2k into rk. Then, the resulting net obtained after the fusion is also an




2)∪{r1, r2, . . . , rk}
(obvious).
Property 7 ([16]). Let (N1,M10;R1) and (N2,M20;R2) be two augmented marked
graphs, where {r11, r12, . . . , r1k} ∈ R1 and {r21, r22, . . . , r2k} ∈ R2 are the common
places that r11 and r21 are to be fused into one single place r1, r12 and r22 into
r2, . . . , r1k and r2k into rk. The augmented marked graph (N,M0;R) obtained after
the fusion is bounded if and only if (N1,M10;R1) and (N2,M20;R2) are bounded.
Property 8 ([16]). Let (N1,M10;R1) and (N2,M20;R2) be two augmented marked
graphs, where {r11, r12, . . . , r1k} ∈ R1 and {r21, r22, . . . , r2k} ∈ R2 are the common
places that r11 and r21 are to be fused into one single place r1, r12 and r22 into r2, . . . ,
r1k and r2k into rk. Let (N,M0;R) be the augmented marked graph obtained af-
ter the fusion. (N1,M10;R1) and (N2,M20;R2) are live (respectively, reversible) if
(N,M0;R) is live (respectively, reversible). Equivalently, (N,M0;R) is non-live (re-
spectively, non-reversible) if (N1,M10;R1) or (N2,M20;R2) is non-live (respectively,
non-reversible).
Figure 5 shows two augmented marked graphs (N1,M10;R1) and (N2,M20;R2).
(N2,M20;R2) is live and reversible while (N1,M10;R1) is not. Besides, both (N1,M10;
R1) and (N2,M20;R2) are bounded. Suppose common places r11 ∈ R1 and r21 ∈ R2
are fused into one single place r. Figure 6 shows the augmented marked graph
(N,M0;R) obtained after the fusion. (N,M0;R) is neither live nor reversible. Be-
sides, it is bounded.
4 THE SYNTHESIS METHOD
This section describes a synthesis method for deriving from a given set of processes
a system design for shared-resource systems. Dijkstra’s dining philosopher problem
will be used for illustration.
Typically, in the design of a shared-resource system the system requirements
are given as a set of processes. A process is usually expressed as a sequence of
events where each event occurrence is guarded by a set of pre-conditions and a set
of post-conditions. It portrays an execution scenario for the system to accomplish
a specific functionality. It starts at the system initial idle state with the availability
of necessary resources, and returns to the idle state and releases the resources upon
completion.
Based on a set of processes, a system is designed and implemented. It is essen-
tially required that the system design should be consistent with respect to the given
processes in the sense that the system reflects exactly the functionalities of these
processes. In other words, there should not exist unrealistic processes – the ones




























p11    r21 
t21  
t22  




 p23  p21 
(N1, M10, R1) (N2, M20, R2) 
Fig. 5. Two augmented marked graphs to be fused
which are intended but not reflected in the system design. Also, there should not
exist unintended processes – the ones which are not intended but reflected in the
system design.
We propose a synthesis method to derive a system design from a set of processes
which are assumed to be accurate and complete in the sense that these processes
collectively describe all possible execution scenarios of the system. The method
has two steps, as outlined in Figure 7. In brief, Step 1 is to specify the processes
as augmented marked graphs. Step 2 is to synthesise these augmented marked
graphs into one single integrated net through the fusion of common places which
semantically denote the shared resources. The integrated net so obtained serves to
represent the integrated system.
The synthesis method has the following distinctive features:
(i) Processes are formally specified as augmented marked graphs which possess some
desirable structural characteristics for representing shared resources.
(ii) The integrated system obtained after the synthesis is also an augmented marked
graph. Its liveness, boundedness and reversibility can be effectively analysed,
basing on a number of known properties of augmented marked graphs.
(iii) The integrated system reflects exactly the functionalities of the given processes
in the sense that the event sequences as well as the pre-conditions and post-
conditions of each event occurrence are preserved.
Details of the synthesis method are described as follows. The synthesis method
begins with specifying the given processes as augmented marked graphs. As men-
tioned earlier, the system requirements are given by end-users as processes. These
processes portray the execution scenarios in which specific system functionalities are
A Synthesis Method for Designing Shared-Resource Systems 639
t11  

















 p23  p21 




Step 1 : Specifying the given processes  
              as augmented marked graphs 
augmented 
marked graphs 
a set of 
processes 
 
Step 2 : Synthesising the augmented marked 
              graphs into an integrated system 
Fig. 7. Outline of the synthesis method
640 K. S. Cheung
accomplished. Formally, a process is a collection of partially ordered event occur-
rences, each guarded by a set of pre-conditions and a set of post-conditions. Events
and conditions are the essential elements, and their causal relationships characterise
the processes.
For a process specified as an augmented marked graph (N,M0;R), the location
where an event occurs is represented by a transition and the location of a condition
by a place. For an event to occur, some conditions must be fulfilled in advance
and some afterwards. They correspond to the pre-set and post-set of the transition
representing that event. A process is specified as an augmented marked graph as
follows. For each event occurrence in the process, a transition is created for the
location of occurrence. Input and output places are created for its pre-conditions
and post-conditions. Places for the shared resources are identified to form R. The
initial marking M0 represents the initial idle state. Execution begins at this initial
marking and ends at the same marking.
After specifying the processes as augmented marked graphs, we synthesise these
processes into an integrated system. In principle, a process portrays the partial
system behaviours for a scenario of how a system is executed. These augmented
marked graphs are basically partial system specifications which are to be synthe-
sised altogether to form a complete system specification. Such synthesis process is
aimed to derive a system specification by integrating these partial specifications into
a single coherent whole. Given a set of processes specified as augmented marked
graphs, we synthesise the augmented marked graphs through the fusion of common
places which represent the shared resources.
In a shared-resource system, the same resource may be shared by different pro-
cesses. Hence, among the augmented marked graphs which represent these processes,
there exist common places for the same resources. From the system perspective,
these common places logically refer to the same shared resources, and thus need
to be fused. After fusing the corresponding common places, an integrated net is
obtained. It serves to represent the integrated system. According to Property 6,
the integrated net itself is also an augmented marked graph. Hence, based on the
known properties of augmented marked graphs, the system can be analysed on its
liveness, boundedness and reversibility.
In the following, we use the well-known Dijkstra’s dining philosopher problem to
illustrate the synthesis method. Example 1 shows the dining philosopher problem,
where deadlocks never occur. Example 2 shows the dining philosopher problem
with minor modifications, where deadlocks may occur. In each example, we show
the specification of processes as augmented marked graphs and the synthesis of
these processes into an integrated system, and then analyse the properties of the
integrated system.
Example 1. The Dining Philosopher Problem
Six philosophers (H1, H2, H3, H4, H5 and H6) are sitting around a circular table
for dinner. They are either meditating or eating the food at the centre of the table.
There are six pieces of chopsticks (C1, C2, C3, C4, C5 and C6) shared among them
A Synthesis Method for Designing Shared-Resource Systems 641
for getting the food to eat, as shown in Figure 8. For a philosopher to get the food
to eat, both the chopstick at the right hand side and the chopstick at the left hand
side must be available. The philosopher then grasps both chopsticks simultaneously
and takes the food to eat. Afterwards, the chopsticks are released and returned to
their original positions simultaneously. There are six processes U1, U2, U3, U4, U5
and U6 as follows.
U1: H1 grasps C1 and C2 once both C1 and C2 are available. H1 gets the food to
eat and then returns C1 and C2.
U2: H2 grasps C2 and C3 once both C2 and C3 are available. H2 gets the food to
eat and then returns C2 and C3.
U3: H3 grasps C3 and C4 once both C3 and C4 are available. H3 gets the food to
eat and then returns C3 and C4.
U4: H4 grasps C4 and C5 once both C4 and C5 are available. H4 gets the food to
eat and then returns C4 and C5.
U5: H5 grasps C5 and C6 once both C5 and C6 are available. H5 gets the food to
eat and then returns C5 and C6.
U6: H6 grasps C6 and C1 once both C6 and C1 are available. H6 gets the food to












H2 H5 FOOD 
Fig. 8. The dinning philosopher problem
Figure 9 shows the augmented marked graphs (N1,M10;R1), (N2,M20;R2), (N3,
M30;R3), (N4,M40;R4), (N5,M50;R6) and (N6,M60;R6) which represent U1, U2, U3,
U4, U5 and U6, respectively. Table 1 lists the semantic meaning of the places and
transitions. In particular, r1, r2, r3, r4, r5 and r6 represent the shared resources
C1, C2, C3, C4, C5 and C6, respectively. For example, r2 appears in (N1,M10, R1)
and (N2,M20, R2), semantically meaning that C2 is shared by processes U1 and U2.
Hence, r2 in (N1,M10, R1) and r2 in (N2,M20, R2) are fused. Similar fusion apply
to r1, r3, r4, r5 and r6.




r2 • r1 • 
(N1, M10, R1) (N2, M20, R2) 
(N3, M30, R3) (N4, M40, R4) 





















r1 • r6 • • p61 
Fig. 9. Processes represented by augmented marked graphs (Example 1)
Figure 10 shows the integrated net (N,M0;R) obtained after fusing the corre-
sponding common places. It serves to represent the integrated system which reflects
exactly the functionalities of U1, U2, U3, U4, U5 and U6 in the sense that the event
sequences (firing sequences) as well as the pre-conditions and post-conditions of
each event occurrence are preserved. According to Property 6, (N,M0;R) is struc-
turally an augmented marked graph. For (N,M0;R), every minimal siphon contains
a marked trap, and thus would never become empty. According to Properties 3 or 4,
it is live and reversible. Besides, since (N1,M10;R1), (N2,M20;R2), (N3,M30;R3),
(N4,M40;R4), (N5,M50;R5) and (N6,M60;R6) are all bounded, according to Pro-
perty 7, (N,M0;R) is bounded.
A Synthesis Method for Designing Shared-Resource Systems 643
Semantic meaning for places Semantic meaning for transitions
p11 H1 is meditating. t11 H1 takes the action to grasp C1
and C2.
p12 H1 has got C1 and C2 and takes
the food.
t12 H1 takes the action to return C1
and C2.
p21 H2 is meditating. t21 H1 takes the action to grasp C2
and C3.
p22 H2 has got C2 and C3 and takes
the food.
t22 H1 takes the action to return C2
and C3.
p31 H3 is meditating. t31 H1 takes the action to grasp C3
and C4.
p32 H3 has got C3 and C4 and takes
the food.
t32 H1 takes the action to return C3
and C4.
p41 H4 is meditating. t41 H1 takes the action to grasp C4
and C5.
p42 H4 has got C4 and C5 and takes
the food.
t42 H1 takes the action to return C4
and C5.
p51 H5 is meditating. t51 H1 takes the action to grasp C5
and C6.
p52 H5 has got C5 and C6 and takes
the food.
t52 H1 takes the action to return C5
and C6.
p61 H6 is meditating. t61 H1 takes the action to grasp C6
and C1.
p62 H6 has got C6 and C1 and takes
the food.
t62 H1 takes the action to return C6
and C1.
r1 C1 is available for pick.
r2 C2 is available for pick.
r3 C3 is available for pick.
r4 C4 is available for pick.
r5 C5 is available for pick.
r6 C6 is available for pick.
Table 1. Semantic meaning for places and transitions (Example 1)
Example 2. The Modified Dining Philosopher Problem
The procedure for a philosopher to get the food to eat is now modified. A philosopher
first grasps the chopstick at the right hand side if available, and then grasps the
chopstick at the left hand side if available. Once both chopsticks are grasped, he or
she can take the food to eat. Afterwards, the chopsticks are released and returned
to their original positions simultaneously. Processes U1, U2, U3, U4, U5 and U6 are
now modified as follows.
U1: H1 first grasps C1 once C1 is available. H1 holds C1 and grasps C2 once C2 is
available. H1 gets the food to eat and then returns C1 and C2.

























































Fig. 10. The integrated system (Example 1)
U2: H2 first grasps C2 once C2 is available. H2 holds C2 and grasps C3 once C3 is
available. H2 gets the food to eat and then returns C2 and C3.
U3: H3 first grasps C3 once C3 is available. H3 holds C3 and grasps C4 once C4 is
available. H3 gets the food to eat and then returns C3 and C4.
U4: H4 first grasps C4 once C4 is available. H4 holds C4 and grasps C5 once C5 is
available. H4 gets the food to eat and then returns C4 and C5.
U5: H5 first grasps C5 once C5 is available. H5 holds C5 and grasps C6 once C6 is
available. H5 gets the food to eat and then returns C5 and C6.
U6: H6 first grasps C6 once C6 is available. H6 holds C6 and grasps C1 once C1 is
available. H6 gets the food to eat and then returns C6 and C1.
Figure 11 shows augmented marked graphs (N1,M10;R1), (N2,M20;R2), (N3,
M30;R3), (N4,M40;R4), (N5,M50;R6) and (N6,M60;R6) which represent U1, U2, U3,
U4, U5 and U6, respectively. Table 2 lists the semantic meaning of the places and
transitions. Figure 12 shows the augmented marked graph (N,M0;R) obtained after
fusing the corresponding common places. It serves to represent the integrated sys-
tem. For (N,M0;R), the set of places {r1, p13, r2, p23, r3, p33, r4, p43, r5, p53, r6, p63} is
a siphon (minimal siphon) which would become empty after firing 〈t11, t12, t13, t14, t15,
t16〉. According to Property 1, (N,M0;R) is not live. Deadlocks may occur, for
example, after firing 〈t11, t12, t13, t14, t15, t16〉. Besides, as (N1,M10;R1), (N2,M20;R2),
A Synthesis Method for Designing Shared-Resource Systems 645
(N3,M30;R3), (N4,M40;R4), (N5,M50;R6) and (N6,M60;R6) are all bounded, ac-
cording to Property 7, (N,M0;R) is bounded.
5 APPLICATION TO MANUFACTURING SYSTEM DESIGN
A manufacturing system is typically a shared-resource system where the resources
are so scarce that used to be maximally shared among different processes [18–24]. For
this reason, different processes would compete for the same resources. This would,
however, lead to deadlock if the system is not carefully designed. Thus, deadlock
freeness and liveness are important properties for a manufacturing system. Besides,
as resources are scarce and have finite and limited capacity, the system should be free
from capacity overflow. Another equally important property for a manufacturing
system is the capability of being reinitialised from any reachable state. These robust
properties refer to the liveness, boundedness and reversibility of a system.
In this section, it will be shown how the synthesis method can be applied to the
design of manufacturing systems, where the liveness, boundedness and reversibility
of the outcome system can be analysed effectively.
Given a set of manufacturing processes, we derive a system design as follows.
For each process, we construct an augmented marked graph by identifying the event
occurrences and creating transitions for locations of these event occurrences and
places for locations of the pre-conditions and post-conditions of each event occur-
rence. The shared-resources are represented by common places. These augmented
marked graphs are then synthesised into one single integrated net through the fu-
sion of the corresponding common places. The integrated net is also an augmented
marked graph which serves to represent the integrated system that reflects exactly
the functionalities of the processes. Its liveness, boundedness and reversibility can
be analysed by making use of the known properties of augmented marked graphs.
For illustration, we use the FWS-200 example [24, pp. 121–124].
Example 3. The FWS-200 Flexible Workstation System
The FWS-200 Flexible Workstation System is a manufacturing system for produc-
tion of circuit boards. It consists of two robots R1 and R2, one feeder area and one
PCB area, as shown in Figure 13 [24, pp. 121–124]. The robots repeatedly perform
the activities of picking components from the feeder area, moving in the PCB area
for inserting components, and finishing the product. The feeder area and PCB area
are the shared resources. There are two manufacturing processes U1 and U2, as
follows.
U1: Robot R1 picks components from the feeder area, moves into the PCB area for
inserting. The finished product is then moved out from the PCB area.
U2: Robot R2 picks components from the feeder area, moves into the PCB area for
inserting. The finished product is then moved out from the PCB area.
U1 and U2 are specified as augmented marked graphs (N1,M10;R1) and (N2,
M20;R2), respectively, as shown in Figure 14. Table 3 lists the semantic meaning of
646 K. S. Cheung
p12  
 t12  t11 
p13  
 t13 
r2 • r1 • 
(N1, M10, R1) 
p11 • 
p22  
 t22  t21 
p23  
 t23 
r3 • r2 • 
(N2, M20, R2) 
p21 • 
p32  
 t32  t31 
p33  
 t33 
r4 • r3 • 
(N3, M30, R3) 
p31 • 
p42  
 t42  t41 
p43  
 t43 
r5 • r4 • 
(N4, M40, R4) 
p41 • 
p52  
 t52  t51 
p53  
 t53 
r6 • r5 • 
(N5, M50, R5) 
p51 • 
p62  
 t62  t61 
p63  
 t63 
r1 • r6 • 
(N6, M60, R6) 
p61 • 
Fig. 11. Processes represented by augmented marked graphs (Example 2)
A Synthesis Method for Designing Shared-Resource Systems 647
Semantic meaning for places Semantic meaning for transitions
p11 H1 is meditating. t11 H1 takes the action to grasp C1.
p12 H1 has got C1 and prepares to
pick C2.
t12 H1 takes the action to grasp C2.
p13 H1 has got C1 and C2 and takes
the food.
t13 H1 takes the action to return C1
and C2.
p21 H2 is meditating. t21 H2 takes the action to grasp C2.
p22 H2 has got C2 and prepares to
pick C3.
t22 H2 takes the action to grasp C3.
p23 H2 has got C2 and C3 and takes
the food.
t23 H2 takes the action to return C2
and C3.
p31 H3 is meditating. t31 H3 takes the action to grasp C3.
p32 H3 has got C3 and prepares to
pick C4.
t32 H3 takes the action to grasp C4.
p33 H3 has got C3 and C4 and takes
the food.
t33 H3 takes the action to return C3
and C4.
p41 H4 is meditating. t41 H4 takes the action to grasp C4.
p42 H4 has got C4 and prepares to
pick C5.
t42 H4 takes the action to grasp C5.
p43 H4 has got C4 and C5 and takes
the food.
t43 H4 takes the action to return C4
and C5.
p51 H5 is meditating. t51 H5 takes the action to grasp C5.
p52 H5 has got C5 and prepares to
pick C6.
t52 H5 takes the action to grasp C6.
p53 H5 has got C5 and C6 and takes
the food.
t53 H5 takes the action to return C5
and C6.
p61 H6 is meditating. t61 H6 takes the action to grasp C6.
p62 H6 has got C6 and prepares to
pick C1.
t62 H6 takes the action to grasp C1.
p63 H6 has got C6 and C1 and takes
the food.
t63 H6 takes the action to return C6
and C1.
r1 C1 is available for pick.
r2 C2 is available for pick.
r3 C3 is available for pick.
r4 C4 is available for pick.
r5 C5 is available for pick.
r6 C6 is available for pick.
Table 2. Semantic meaning for places and transitions (Example 2)











































































Fig. 12. The integrated system (Example 2)









Products from R1 
Fig. 13. The FWS-200 flexible workstation system
A Synthesis Method for Designing Shared-Resource Systems 649
the places and transitions. Among (N1,M10;R1) and (N2,M20;R2), there are two




























(N1, M10, R1) (N2, M20, R2) 
Fig. 14. Processes represented by augmented marked graphs (Example 3)
Semantic meaning for places Semantic meaning for transitions
p11 R1 is ready. t11 R1 starts picking components.
p12 Components for R1 are available. t12 R1 finishes picking components
p13 R1 is picking components from
feeder.
and starts inserting components.
p14 R1 is inserting components in
PCB area.
t13 R1 finishes inserting components
and starts moving out the
p21 R2 is ready. finished product.
p22 Components for R2 are available. t21 R2 starts picking components.
p23 R2 is picking components from
feeder.
t22 R2 finishes picking components
and starts inserting components.
p24 R2 is inserting components in
PCB area.
r1 Feeder area is available. t23 R2 finishes inserting components
and starts out the finished prod-
uct.
r2 PCB area is available.
Table 3. Semantic meaning for places and transitions (Example 3)
Figure 15 shows the augmented marked graph (N,M0;R) obtained from (N1,
M10;R1) and (N2,M20;R2) after fusing the corresponding common places. It serves
650 K. S. Cheung
to represent the integrated system, which reflects exactly the functionalities of U1
and U2 in the sense that the event sequences and the pre-condition and post-
condition of event occurrences are preserved. For (N,M0;R), every minimal siphon,
which contains r1 or r2, contains a marked trap. According to Properties 3 and 4,
(N,M0;R) is live and reversible. Besides, as (N1,M10;R1) and (N2,M20;R2) are
























Fig. 15. The integrated system (Example 3)
6 CONCLUSION
Correctness and consistency are essential objectives in system design. The former
requires that the system is free from erroneous situations, such as deadlock and
capacity overflow. The latter requires that the system reflects exactly the function-
alities of the given processes - no unrealistic processes and no unintended processes.
Typically, in a shared-resource system, as the resources are scarce, they used
to be shared among different competing processes. If the system is not carefully
designed, deadlocks originating from the competition of shared resources may oc-
cur. Besides, as resources have finite and limited capacity, the situation of capacity
overflow must be avoided. Hence, design correctness, in terms of liveness, bounded-
ness and reversibility, is an important issue in designing shared-resource systems. In
this paper, after reviewing the properties of augmented marked graphs, we proposed
a synthesis method for deriving a system design from a set of processes, especially
for shared-resource systems.
A Synthesis Method for Designing Shared-Resource Systems 651
The synthesis method has a number of distinctive features. It is based on aug-
mented marked graphs whose structural characteristics are desirable for representing
shared resources. The method begins with specifying a given set of processes as aug-
mented marked graphs. These augmented marked graph are then synthesised into
one single integrated net through the fusion of common places. The integrated net
thus obtained serves to represent the integrated system which reflects exactly the
functionalities of the given processes in the sense that the event sequences as well as
the pre-conditions and post-conditions of each event occurrence are preserved. As
the integrated net is structurally an augmented marked graph, the liveness, boun-
dedness and reversibility of the system can be effectively analysed by making good
use of the desirable properties of augmented marked graphs.
In principle, our method is generally applicable to the design of shared-resource
systems. In this paper, we show a specific application to manufacturing system de-
sign. A manufacturing system is typically a shared-resource system, where resources
used to be maximally shared among different competing processes. In manufactur-
ing system design, a system design is derived from a given set of manufacturing
processes. For a number of concerns pertaining to shared resources and capacity
limits, it is essentially required to check if the system is live, bounded and reversible.
Our synthesis method is applied to manufacturing system design, where the design
correctness can be analysed effectively.
Acknowledgement
I would like to thank the editor and referees for their valuable and constructive
comments on the first draft of this paper. Their comments are very useful for me
to improve the paper in both the quality and presentation.
REFERENCES
[1] Graubmann, P.: The Construction of EN Systems from a Given Trace Beha-
viour. Advances in Petri Nets 1988, Lecture Notes in Computer Science, Vol. 340,
pp. 133–153, Springer-Verlag, 1988.
[2] Smith, E.: On Net Systems Generated by Process Foldings. Advances in Petri Nets
1991, Lecture Notes in Computer Science, Vol. 524, pp. 253–295, Springer-Verlag,
1991.
[3] Hiraishi, K.: Construction of a Class of Safe Petri Nets by Presenting Firing Se-
quences. Application and Theory of Petri Nets 1992, Lecture Notes in Computer
Science, Vol. 616, pp. 244–262, Springer-Verlag, 1992.
[4] Bordeleau, F.—Buhr, R. J.A.: UCM-ROOMModelling: From Use Case Maps to
Communicating State Machines. Proceedings of the IEEE International Symposium
and Workshop on Engineering of Computer-Based Systems, pp. 169–178, IEEE Press,
1997.
652 K. S. Cheung
[5] Bordeleau, F.—Corriveau, J. P.—Selic, B.: A Scenario-Based Approach to
Hierarchical State Machine Design. Proceedings of the IEEE International Sympo-
sium on Object-Oriented Real-Time Distributed Computing, pp. 78-85, IEEE Press,
2000.
[6] Chao, D.Y.—Zhou, M.C.—Wang, D.T.: Extending Knitting Technique to Petri
Net Synthesis of Automated Manufacturing Systems. The Computer Journal, Vol. 37,
1994, No. 1, pp. 67–76.
[7] Chao, D.Y.—Wang, D.T.: Two Theoretical and Practical Aspects of Knitting
Technique: Invariants and a New Class of Petri Net. IEEE Transactions on Systems,
Man and Cybernetics, Vol. 27, 1997, No. 6, pp. 962–977.
[8] Jeng, M.D.—DiCesare, F.: Synthesis Using Resource Control Nets for Modeling
Shared-Resource Systems. IEEE Transactions on Robotics and Automation, Vol. 11,
1995, No. 3, pp. 317–327.
[9] Jeng, M.D.: A Petri Net Synthesis Theory for Modeling Flexible Manufacturing
Systems. IEEE Transactions on Systems, Man and Cybernetics, Vol. 27, 1997, No. 2,
pp. 169–183.
[10] Chu, F.—Xie, X.: Deadlock Analysis of Petri Nets Using Siphons and Mathematical
Programming. IEEE Transactions on Robotics and Automation, Vol. 13, 1997, No. 6,
pp. 793–804.
[11] Cheung, K. S.: New Characterisation for Live and Reversible Augmented Marked
Graph. Information Processing Letters, Vol. 92, 2004, No. 5, pp. 239–243.
[12] Cheung, K. S.—Chow, K.O.: Cycle Inclusion Property of Cycle-Inclusion Pro-
perty of Augmented Marked Graphs. Information Processing Letters, Vol. 94, 2005,
No. 6, pp. 271–276.
[13] Peterson, J. L.: Petri Net Theory and the Modeling of System. Prentice Hall, 1981.
[14] Reisig, W.: Petri Nets: An Introduction. Springer-Verlag.
[15] Murata, T.: Petri Nets: Properties, Analysis and Applications. Proceedings of the
IEEE, Vol. 77, 1989, No. 4., pp. 541–580.
[16] Huang, H. J.—Jiao, L.—Cheung, T.Y.: Property-Preserving Composition of
Augmented Marked Graphs That Shared Common Resources. Proceedings of the
IEEE International Conference on Robotics and Automation, pp. 1446–1451, IEEE
Press, 2003.
[17] Barkaoui, K.—Couvreur, J.M.—Dutheillet, C.: On Liveness in Extended
Non Self-Controlling Nets. Application and Theory of Petri Nets 1995, pp. 25–44,
Springer-Verlag, 1995.
[18] Chryssolouris, G.: Manufacturing Systems: Theory and Practice. Springer-Verlag,
1992.
[19] Dicesare, F.: Practice of Petri Nets in Manufacturing. Chapman and Hall, 1993.
[20] Descrochers, A.A.—Al-Jaar, R.Y.: Applications of Petri Nets in Manufactur-
ing Systems. IEEE Press, 1994.
[21] Proth, J.M.—Xie, X.: Petri Nets: A Tool for Design and Management of Manu-
facturing Systems. Wiley, 1996.
[22] Sohdi, R. S. et. al. (Ed): Advances in Manufacturing Systems: Design, Modeling
and Analysis. Elsevier, 1994.
A Synthesis Method for Designing Shared-Resource Systems 653
[23] Wu, B.: Manufacturing Systems Design and Analysis. Chapman and Hall, 1994.
[24] Zhou, M.C.—Venkatesh, K.: Modeling, Simulation and Control of Flexible Ma-
nufacturing Systems: A Petri Net Approach. World Scientific, 1999.
King Sing Cheung received his B. Sc. and Ph.D. in computer
science from the City University of Hong Kong and his Master
of Public Administration from the University of Hong Kong. He
is a Chartered Engineer and a Chartered Scientist, and holds
professional membership of the British Computer Society, the
Institution of Mathematics and Its Applications, the Institution
of Electrical Engineers and the Institute of Electrical and Elec-
tronic Engineers. He is currently an Information Technology
Manager in the Hong Kong Baptist University. Prior to this, he
was with the Chinese University of Hong Kong and the Open
University of Hong Kong. His research interests include Petri net, formal specification
and verification, object-oriented system design, use-case-driven system design, component-
based software engineering, robotics and automation.
