Deriving Petri Nets from finite transition systems by Cortadella J et al.
IEEE TRANSACTIONS ON COMPUTERS,  VOL.  47,  NO.  8,  AUGUST  1998 859
Deriving Petri Nets
from Finite Transition Systems
Jordi Cortadella, Member, IEEE, Michael Kishinevsky, Senior Member, IEEE,
Luciano Lavagno, Member, IEEE, and Alexandre Yakovlev, Member, IEEE
Abstract—This paper presents a novel method to derive a Petri Net from any specification model that can be mapped into a state-
based representation with arcs labeled with symbols from an alphabet of events (a Transition System, TS). The method is based on
the theory of regions for Elementary Transition Systems (ETS). Previous work has shown that, for any ETS, there exists a Petri Net
with minimum transition count (one transition for each label) with a reachability graph isomorphic to the original Transition System.
Our method extends and implements that theory by using the following three mechanisms that provide a framework for synthesis of
safe Petri Nets from arbitrary TSs. First, the requirement of isomorphism is relaxed to bisimulation of TSs, thus extending the class
of synthesizable TSs to a new class called Excitation-Closed Transition Systems (ECTS). Second, for the first time, we propose a
method of PN synthesis for an arbitrary TS based on mapping a TS event into a set of transition labels in a PN. Third, the notion of
irredundant region set is exploited, to minimize the number of places in the net without affecting its behavior. The synthesis method
can derive different classes of place-irredundant Petri Nets (e.g., pure, free choice, unique choice) from the same TS, depending on
the constraints imposed on the synthesis algorithm. This method has been implemented and applied in different frameworks. The
results obtained from the experiments have demonstrated the wide applicability of the method.
Index Terms—Petri Nets, transition systems, concurrent systems, asynchronous systems, synthesis.
——————————F——————————
1 INTRODUCTION
ETRI nets [48], [41] are a widespread formalism to model
concurrent systems. By labeling transitions with symbols
from a given alphabet, transitions can be interpreted as the
occurrence of events or the execution of tasks in a system.
Labeled Petri Nets have been used in numerous applica-
tions: design and specifications of asynchronous circuits
[53], [12], [34], [32], resource allocation in operating systems
and distributed computation [55], analysis of concurrent
programs [50], performance analysis and timing verifica-
tion [29], [52], and high-level design [23]. Petri Nets are
popular due to their inherent ability to express concurrency,
choice and causality between events in a system, without
explicit enumeration of global states.
Although checking properties of Petri Nets could be dif-
ficult in general, for some subclasses of Petri Nets there are
efficient verification algorithms. In this paper, we will deal
with safe Petri Nets (a place cannot contain more than one
token). Safe nets have high expressive power, in particular
every finite state system can be expressed as a safe labeled
PN. On the other hand, safe nets are also well suited for
verification.
1.1 State-Based vs. Event-Based Models
State-based models, like FSMs [22], [33] and burst-mode
automata [43], are often used for formal specification and veri-
fication of complex systems. Furthermore, the formal seman-
tics of event-based models, like CSP [28] and CCS [37], [38], are
defined in terms of states. The drawback of state-based models
is that they represent causality, concurrency, and conflict rela-
tions between events in terms of state sequences or state con-
figurations (e.g., state diamonds). For more succinct represen-
tation, it is very important to identify the set of causality rela-
tions, concurrent events, and conflict conditions implicit in the
state-based representation because they carry useful informa-
tion for the designer or/and design algorithms.
In this paper, we present a method which, given a finite
state model, called Transition System (TS) in the sequel,
synthesizes a safe, place-irredundant Petri Net with a
reachability graph that is bisimilar to the original TS. By
moving from a TS representation of the system to a PN
model which exhibits the same behavior we simplify the
representation of concurrency and causality of the system.
The synthesis method provides a technique for trans-
forming specifications. Given a model which can be
mapped into a TS, we can derive a PN which is bisimilar to
the initial model of the process. In such a way we can create
a tool which automatically translates CSP, CCS, FSM, Burst-
mode machines, and other models into labeled Petri Nets.
We can also use this tool to transform Petri Nets them-
selves, aiming at optimality under some criterion (place
count, transition count, number of places, PN graph com-
plexity, etc.) or for deriving a net belonging to a given class
(pure, free choice, unique choice, etc.). This opens up an
avenue for building interactive tools where a designer has
0018-9340/98/$10.00 © 1998 IEEE
††††††††††††††††
• J. Cortadella is with the Department of Software, Technical University of
Catalonia, Jordi Girona Salgado s/n, Campus Nord. Modul C6, 08034-
Barcelona, Spain. E-mail: jordic@lsi.upc.es.
• M. Kishinevsky is with Intel Corporation, JFT-104, 2111 NE 25th Ave.,
Hillsboro, OR 97124-5961. E-mail: m.kishine@ichips.intel.com.
• L. Lavagno is with the Dipartimento di Elettronica, Politecnical di Torino,
C. Duca degli Abruzzi 24, 10129 Torino, Italy. E-mail: lavagno@polito.it.
• A. Yakovlev is with the Department of Computing Science, University of
Newcastle upon Tyne, Claremont Tower, Claremont Road, Newcastle upon
Tyne NE1 7RU, U.K. E-mail: Alex.Yakovlev@newcastle.ac.uk.
Manuscript received 12 June 1996; revised 5 Aug. 1997.
For information on obtaining reprints of this article, please send e-mail to:
tc@computer.org, and reference IEEECS Log Number 102029.
P
860 IEEE TRANSACTIONS ON COMPUTERS,  VOL.  47,  NO.  8,  AUGUST  1998
the possibility to play with a PN-like specification, per-
forming equivalent transformations of PNs, and/or trans-
formations of other specifications into PNs under different
design constraints and optimization criteria. Fig. 1 shows
our framework for synthesizing PNs and transforming
specifications.
1.2 Applications of the Method
There are well-known algorithms (see, e.g., [18], [32], [1]) to
extract a finite-state representation of the sequential be-
havior of a synchronous or asynchronous circuit. But, a
really user-friendly interaction can be achieved only by pre-
senting the designer a timing diagram-like PN that repre-
sents the same behavior, with explicit causality. Section 5.1
contains an example of how different synthesis options (like
minimizing transitions, choosing one specific subclass of
PN, and so on) result in different degrees of readability of
the synthesized PN.
In the same vein, FSM-based formal verification systems
([13], [22], [33]) provide information about property check
failures in the form of one specific execution path in a finite
state representation. This may not always be meaningful, as
it may contain redundant information. Explicitly extracting
a set of such paths (in the form of a finite state system) and
presenting a Petri Net-like representation for it would
greatly help the designer in the difficult task of finding out
where the problem really lies.
Apart from interaction with the designer, which is a
major motivation for this work, we also address the issue of
extracting explicit causal relations in order to be able to ap-
ply analysis and synthesis techniques which rely on explicit
causality and concurrency information ([45], [29]). In [14],
[15], we showed that regions, sets of states corresponding to
places in PNs, are tightly connected with properties that
must be preserved across the state encoding process for
asynchronous circuits. Hence, regions and their intersec-
tions can be efficiently used for state signal insertion and,
therefore, for synthesis of digital circuits in general.
Moreover, classical techniques for Petri Net composition
([51]) are based on the creation of a “cross-product” be-
tween transitions with the same label. Suppose that two
PNs N1 and N2, with n and m transitions labeled with the
same name, respectively, are composed. The resulting net
has m ¿ n transitions with the same label, even though some
of these are not really needed (i.e., there exists a smaller PN
representing the same composed behavior). Section 5.1 de-
scribes this application more in detail, with examples.
Reference [50] shows that PNs can be useful for analysis
of concurrent programs. There, a PN is derived from a task
flow-graph for an Ada program. No efficient technique for
deriving a PN is used. We think that our technique for
synthesis of PNs can provide an efficient machinery for the
analysis of concurrent programs.
1.3 Related Work
The concept of regions was introduced in [24] (and devel-
oped in [42], [3], [6], [21], [40]) as a fundamental link be-
tween state-based and event-based specifications. A com-
prehensive review of the theory of regions can be found in
[4]. “State” in safe Petri Nets is distributed among places:
Each state is a set of marked places, and each place is
marked in a set of states that form the corresponding re-
gion. A region in a Transition System is exactly a set of
states, such that transitions coming in and going out of it
“mimic” the PN firing behavior.
These papers provide the formal framework for our
contribution, but suffer from a series of problems:
• Their contribution was mainly category-theoretical,
aimed at obtaining a canonical representation of the PN,
with many places (actually, as many places as could be
added without changing the behavior of the net). On
the other hand, we strive to minimize the number of
places in order to make the final Petri Net easier for the
designer to understand. This problem was also tackled
in [21], aiming at deriving a place-irredundant Petri
Net, but not at minimizing the number of places. Two
open problems are formulated in [21]:
1) if the existence of an optimal net can be character-
ized in terms of the TSs and
2) if there always exists at most one optimal net
which could be considered canonical.
Fig. 1. A framework for synthesizing PNs and transforming specifications.
CORTADELLA ET AL.:  DERIVING PETRI NETS FROM FINITE TRANSITION SYSTEMS 861
Our paper gives a positive answer to the first problem
and a negative answer to the second problem.
• They did not address the problem of merging and
splitting “equivalent” labels, which model the same
event, but must be split in order to yield a valid
or/and efficient Petri Net. We, for the first time, pro-
vide a method for label splitting which seems to satis-
factorily solve the problem.1
• They were limited to elementary TSs, which are quite
restricted, while we can handle the full class of TSs by
means of transition splitting.
• They produce a PN with an RG isomorphic to the TS,
which appears to be too strong a degree of correspon-
dence. Our method extends this result to excitation-
closed TSs (ECTS), which include not only ETSs, but
also all those TSs that have bisimilar ETS.
1.4 Contributions
In this paper, we present an algorithm for generating a
complete set of minimal regions (which are analogous to
prime implicants in Boolean minimization) and, further, for
removing redundant regions (which is similar to generating
a prime irredundant cover in Boolean minimization). We
can either generate all irredundant nets and take the mini-
mum one among them (an exact minimization of places in
PNs) or we can heuristically select a minimal prime and
place-irredundant net if searching for the minimum is too
time consuming.
We use different cost functions for minimization of PNs,
depending on whether the designer requires minimizing
the number of places, transitions, or arcs in the PN graph.
We can also restrict the resulting PN to belong to a specific
subclass (e.g., free-choice) if required by the designer, as
shown in Section 5.
Our technique of global optimization is complementary
to the local optimization and reduction technique that is
based on applying a set of local rules for replacing a more
complex fragment of a PN with a simpler one, while pre-
serving certain semantic, behavioral, or structural proper-
ties [7], [54], [11], [41], [20]. In fact, as discussed in Sec-
tion 4.5, we apply those structural reduction techniques in
order to reduce the complexity of the TS representation
when we derive the TS from a PN with the objective of op-
timizing it.
It is known [3] that, for ETS, the complexity of synthesis
of PNs is polynomial in the size of the TS. However, direct
application of methods from [3] would require explicit
enumeration of states of the TS. To avoid explicit enumera-
tion, we have defined synthesis conditions (called excita-
tion closure conditions) in a form that allows us to use
symbolic techniques based on Reduced Ordered Binary
Decision Diagrams for representing sets of states and
checking synthesis conditions. Thus, many real-life exam-
ples with large TSs become manageable. For nonexcitation
closed TSs, an additional amount of computation is re-
quired for splitting labels and calculating minimal regions
for the TS after splitting. In the worst case of complete
1. See Section 5.1 for an example of how label splitting can be used also to
increase the readability of the synthesized PN, by forcing it to belong to the
subclass known as free-choice.
splitting, there is one label per arc and, hence, the number
of minimal regions is equal to the number of states.
The paper is organized as follows. Section 2 formally in-
troduces Transition Systems, Petri Nets, and regions. Section
3 introduces the new definitions and theoretical results re-
quired by our synthesis algorithm. Section 4 describes the
synthesis algorithms in detail and formally proves their
correctness. It also provides a number of modifications to
the basic method. Section 5 presents applications and some
experimental results. Section 6 concludes the paper. Due to
lack of space, all statements in Sections 3 and 4 (except for
Theorem 3.3 which is fully proven) are only given with only
informal proofs. The details can be found in the technical
report [17], which is the extended version of this paper.
2 MODELS
2.1 Transition Systems
A transition system (TS) is a quadruple [42] TS = (S, E, T, sin),
where S is a nonempty set of states, E is a set of events, T µ S
 E  S is a transition relation, and sin is an initial state. The
elements of T are called the transitions of TS and will be
often denoted by s s
e
   instead of (s, e, s).
A transition system is finite if S and E are finite. In the
sequel, only finite transition systems will be considered. A
TS is called deterministic if for each state s and each label a
there can be at most one state s such that s s
a
  . Otherwise,
a TS is called nondeterministic.
The transitive closure of the transition relation T is called
the reachability relation between states and is denoted by T*.
In other words, state s is reachable from state s if there is a
(possibly empty) sequence of transitions from T: s = (s, e1,
s1), ..., (sk, ek, s). This is denoted by s s 
s
 or simply by
s s 
*
 if the sequence is not important. We also write s
e
 ,
s 
s
, 
e
s , and 
s
s  if there is a state s ¶ S such that s s
e
  ,
s s 
s
,  s s
e
, or  s s
s
, correspondingly. Each state is
reachable from itself, since we allow empty sequences in
the definition.
Two states, s and s, are confluent if there is a state s
which is reachable both from s and s [30]. Note that, ac-
cording to the definition of reachability, s can coincide
with s or s.
Every transition system TS = (S, E, T, sin) is assumed to
satisfy the following axioms:
A.1) No self-loops: "(s, e, s) ¶ T : s ¡ s;
A.2) Every event has an occurrence: "e ¶ E : $(s, e, s) ¶ T;
A.3) Every state is reachable from the initial state:
" ¶ 
*
s S s sin: .
An additional axiom is assumed in [42] (no multiple arcs
between pairs of states):
"(s, e1, s1), (s, e2, s2) ¶ T : [s1 = s2 ˘ e1 = e2].
This axiom is required in [42] so that behavior-preserving
morphisms between TSs can be partially defined. A partial
862 IEEE TRANSACTIONS ON COMPUTERS,  VOL.  47,  NO.  8,  AUGUST  1998
mapping implies that some of the “twin” events which do
not satisfy the above axiom become nonobservational. This
can lead to discrepancies between the behaviors of the
original and mapped TSs. In our framework of applica-
tions, we are only interested in transformations and
equivalences of TSs in which events are totally mapped.
Therefore, the above axiom can be safely omitted (see
Definitions 2.4, 2.5, and 2.6 for further details).
A TS can be represented by an arc-labeled directed
graph. A simple example of a TS without cycles is shown in
Fig. 2a.
2.2 Petri Nets
A Petri Net [48], [41] is a quadruple N = (P, T, F, m0), where
P is a finite set of places, T is a finite set of transitions, F µ
(P  T) < (T  P) is the flow relation, and m0 is the initial
marking. A transition t ¶ T is enabled at marking m1 if all
its input places are marked. An enabled transition t may
fire, producing a new marking m2 with one less token in
each input place and one more token in each output place
(m m
t
1 2 ).
A PN expressing the same behavior as the TS from
Fig. 2a is shown in Fig. 2b.
The sets of input and output places of transition t are
denoted by •t and t•. The sets of input and output transi-
tions of place p are denoted by •p and p•. The set of all
markings of N reachable from the initial marking m0 is
called its Reachability Set.
A labeled PN is a PN with a labeling function l : T  A
which puts into correspondence every transition of the net
with a symbol (called label) from the alphabet A. If no two
transitions have the same label (unique labeling), then each
transition in the net can be uniquely identified by its label.
In such a case, we can use the label as the name of the tran-
sition. The Reachability Graph (RG) of a PN is a transition
system in which the set of states is the Reachability Set, the
events are the transitions of the net and a transition (m1, t,
m2) exists if and only if m m
t
1 2 . (A formal definition of RG
is given in Section 2.5).
One can easily check that the RG in Fig. 2c, derived from
the PN in Fig. 2b, is isomorphic to the TS (Fig. 2a).
A net is called safe if no more than one token can appear
in a place. Safe nets are especially widely used in many ap-
plications, since they have simple verification algorithms
[25] and simple semantics. A net is called a pure net if (p, t)
¶ F implies that (t, p) • F, i.e., for each transition t the fol-
lowing condition is satisfied: t• > •t = fi. A net is called
simple if no two transitions t1 and t2 have the same sets of input
and output places (i.e., "t1, either t2 •t1 ¡ •t2 or t1• ¡ t2•).
2.3 Regions
Let S be a subset of the states of a TS, S µ S. If s • S and
s ¶ S, then we say that transition s s
a
   enters S. If s ¶ S
and s • S, then transition s s
a
   exits S. Otherwise, transi-
tion s s
a
   does not cross S. In particular, if s ¶ S and s ¶ S,
then the transition is said to be internal to S, and if s • S
and s • S, then the transition is external to S.
DEFINITION 2.1. Let TS = (S, E, T, sin) be a TS. Let S µ S be a
subset of states and e ¶ E be an event. The following condi-
tions (in the form of predicates) are defined for S and e:
in
out
enter
exit
e S s e s T s s S
e S s e s T s s S
e S s e s T s S s S
e S s e s T s S s S
, , , : ,
, , , : ,
, , , :
, , , : .
 ¢ $  ¶  ¶ 
 ¢ $  ¶  • 
 ¢ $  ¶ •  `  ¶ 
 ¢ $  ¶ ¶  `  • 
0 5 0 5
0 5 0 5
0 5 0 5
0 5 0 5
The notion of a region is central for the synthesis of PNs.
Intuitively, each region corresponds to a place in the syn-
thesized PN, so that there is a one-to-one correspondence
between states of the region and markings of the PN in
which this place has a token.
DEFINITION 2.2 (region). A set of states r µ S in TS = (S, E, T,
sin) is called a region if the following two conditions are
satisfied for each event e ¶ E:
1)enter(e, r) ˘ Àin(e, r) ` Àout(e, r) ` Àexit(e, r)
2)exit(e, r) ˘ Àin(e, r) ` Àout(e, r) ` Àenter(e, r)
A region is a subset of states with which all transitions
labeled with the same event e have exactly the same “en-
try/exit” relation. This relation will become the predeces-
sor/successor relation in the Petri Net. The event may ei-
ther always be an enter event for the region (Case 1 in the
previous definition), or always be an exit event (Case 2), or
never “cross” the region’s boundaries (each transition la-
beled with e is internal or external to the region if the antece-
                                          
(a)           (b)              (c)
Fig. 2. An example of Transition System (a), a corresponding PN (b), and its RG (c).
CORTADELLA ET AL.:  DERIVING PETRI NETS FROM FINITE TRANSITION SYSTEMS 863
dents of neither Case 1 nor Case 2 hold). The transition cor-
responding to the event will be successor, predecessor or
unrelated with the corresponding place, respectively.
Let us consider the TS shown in Fig. 2. The set of states
r3 = {s2, s3, s6} is a region, since all transitions labeled with a
and with b enter r3, and all transitions labeled with c exit r3.
On the other hand, {s2, s3} is not a region since transition
s s
b
1 3  enters this set, while another transition also labeled
with b, s s
b
4 6 , does not. Similar violations of the region
conditions exist for two transitions labeled with a. How-
ever, there are no violations for c since both transitions la-
beled with c exit this set of states.
Each TS has two trivial regions: the set of all states, S, and
the empty set. Further on we will always consider only
nontrivial regions. The set of nontrivial regions of TS will
be denoted by RTS. For each state s ¶ S, we define the set of
nontrivial regions containing s, denoted by Rs.
A region r is a preregion of event e if there is a transition
labeled with e which exits r. A region r is a postregion of
event e if there is a transition labeled with e which enters r.
The set of all preregions and postregions of e is denoted
with °e and e°, respectively. By definition, it follows that if
r ¶ °e, then all transitions labeled with e exit r. Similarly, if
r ¶ e°, then all transitions labeled with e enter r. Let r and r
be regions of a TS. A region r is said to be a subregion of r iff
r · r. A region r is a minimal region if there is no other re-
gion r which is a subregion of r.
There are eight nontrivial regions in the TS from Fig. 2:
r1 = {s1, s3, s5}; r2 = {s1, s2, s4}; r3 = {s2, s3, s6}; r4 = {s1, s4, s5}; r5 =
{s1, s2, s3}; r6 = {s4, s5, s6}; r7 = {s2, s4, s6}; r8 = {s3, s5, s6}. All of
these regions are minimal. Preregions and postregions are
defined as follows: °a = {r1, r4}; °b = {r2, r4}; °c = {r3, r5}; a° =
{r3, r7}; b° = {r3, r8}; c° = {r4, r6}.
2.4 Properties of Regions
The following propositions state a few important properties
of regions [6], [42], [17].
PROPERTY 2.1. If r and r are two different regions such that r is
a subregion of r, then r - r is a region.
PROPERTY 2.2. A set of states, r, is a region, if and only if its coset
r S r= -  is a region, where S is a set of all states of the TS.
PROPERTY 2.3 [6], [17]. Every region can be represented as a un-
ion of disjoint minimal regions.
Property 2.1 has been mentioned in [6] for the subclass of
elementary TSs. We generalize it for the complete class of
TSs. Property 2.2 was given in [42]. Property 2.3 is a
stronger refinement of the corresponding property from [6],
which shows that any region can be viewed as a linear
combination of minimal regions.
2.5 Elementary Transition Systems
Some of the results given in this section were formerly pre-
sented for elementary nets [42]. Their extension to Petri Nets
is straightforward and discussed in [17]. In the sequel, we
will reformulate for Petri Nets the major previous results on
elementary nets.
2.5.1 Axioms for Elementary Transition Systems
A transition system TS = (S, E, T, sin) is called elementary [42]
(ETS) if it satisfies, in addition to (A1)-(A3), the following
two axioms about regions:
A.4) State separation property: "s, s ¶ S : [Rs = Rs ˘ s = s];
A.5) Forward closure property:
" ¶ " ¶ µ ˘ ! 
"
$#s S e E e R ss
e
: o
(A4) implies that two different states must belong to dif-
ferent sets of regions. (A5) implies that if state s is included
in all preregions of event e, then e must be enabled in s. It is
easy to see that the TS shown in Fig. 2 is elementary, since
all axioms (A1)-(A5) are satisfied. For example, state s1 is
separated from any other state (axiom (A4)). This state is
included into regions r1, r2, r4, r5 and there is no other state
which is covered by the same set of regions (see Section 2.3
for the list of all regions). To illustrate axiom (A5), let us
consider event a. For two states, s1 and s5, condition
oa Rsµ 1  and 
oa Rsµ 5  holds. Both states can have an exit
arc labeled by event a. Hence, Axiom (A5) is satisfied.
The TS shown in Fig. 3a is a cyclic elementary TS, while
Fig. 3b shows a nonelementary TS. The forward closure
property is violated for events a and b. Let us consider
event a. The only minimal preregion of a is region {s1, s3, s5,
s7}. Therefore 
oa Rsµ 7 , but there is no transition labeled
with a from s7.
DEFINITION 2.3 (Reachability Graph). Let N = (P, E, F, m0) be
a PN. The reachability graph of N is the TS RG(N) =
(SN, EN, TN, m0), where SN µ 2
P, TN µ 2
P  E  2P such
that:
1) SN is the Reachability Set of N, with each state repre-
sented as the set of places marked in the corresponding
marking,2
2. Since we are only considering safe and pure Petri Nets, places can have
at most one token.
        
  (a)    (b)
Fig. 3. Examples of elementary (a) and nonelementary (b) TSs.
864 IEEE TRANSACTIONS ON COMPUTERS,  VOL.  47,  NO.  8,  AUGUST  1998
2) T m e m m m S m mN N
e
=   ¶ `  {( , , )| , } ,
3) EN = {e|e ¶ E ` $(m, e, m) ¶ TN}.
It was shown in [42] that the RG of a PN is always an
elementary TS and vice versa, i.e, if a TS is elementary,
then a PN with a reachability graph isomorphic to the TS
can be constructed. The procedure given by [42] to synthe-
size a PN, N R E F RTS TS TS sin= ( , , , ) , from an ETS, TS = (S, E,
T, sin), is as follows:
Algorithm: saturated PN synthesis
• For each event e ¶ E, generate a transition labeled
with e in the PN;
• For each region ri¶ RTS, generate a place ri;
• Place ri contains a token in the initial marking iff the
corresponding region ri contains the initial state of the
ETS sin;
• The flow relation is as follows: e ¶ ri• iff ri is a prere-
gion of e and e ¶ •ri iff ri is a postregion of e, i.e.,
F r e r R e E r e
e r r R e E r e
TS TS
TS
= ¶ ` ¶ ` ¶
¶ ` ¶ ` ¶
def
,
, .
0 5J L
0 5J L
o
U o
THEOREM 2.1. Let TS = (S, E, T, sin) be an ETS. The reachability
graph of N R E F RTS TS TS sin= ( , , , )  obtained by the algo-
rithm of saturated PN synthesis is isomorphic to TS.
Intuitively, the net has as many places as nontrivial re-
gions. Each preregion (postregion) of an event is a prede-
cessor (successor) place of the corresponding transition. All
places that correspond to regions that cover the initial state
must be marked in the initial marking.
A PN which is synthesized following this procedure is
called a saturated net, since all regions are mapped into the
corresponding places. Any ETS has a unique saturated net;
however, it has a lot of redundancy. As shown in [6], it is
enough to consider only minimal regions. The net constructed
from all minimal regions is also unique and is called a minimal
saturated net. We will go two steps further and will first synthe-
size a place-irredundant PN and, then, a place-minimal PN, still
preserving bisimilarity between its RG and the ETS.
Another important drawback of the procedure de-
scribed in [42] is that axioms (A4) and (A5) do not provide
an efficient algorithm for checking elementarity, since they
require the derivation of all regions of a TS and checking
elementarity conditions for each individual state. Our pro-
cedure is specifically aimed at deriving minimal regions by
using simplified elementarity checks, that admit an effi-
cient implementation.
Finally, the synthesis method presented in [42] produces
a PN with an RG isomorphic to the TS. Our method ex-
tends this result to excitation-closed TSs (ECTS), which
cover not only ETSs, but also all those TSs that have some
bisimilar ETS.
2.6 Split-Morphism, Isomorphism, and Bisimilarity
The following notions will be used for comparing behavior
of TSs and PNs.
DEFINITION 2.4 (Split-morphism). Let TS S E T sin1 1 1 1 1= ( , , , )
and TS S E T sin2 2 2 2 2= ( , , , ) be two TSs. A split-morphism
h from TS1 to TS2 is a pair (hS, hE) of total mappings, hS
being bijective and hE being surjective,
h S S
h E E
S
E
:
:
1 2
1 2


which satisfies
(s, e, s) ¶ T1 ˆ (hS(s), hE(e), hS(s)) ¶ T2.
DEFINITION 2.5 (Isomorphism). A split-morphism h = (hS, hE)
from TS1 to TS2 is an isomorphism if hE is bijective.
Two TSs are said to be isomorphic (split-morphic) if there
exists an isomorphism (split-morphism) between them
(from one to the other).
The concept of split-morphism will be used when an
event is represented by different instances in a TS. Later on,
when deriving Petri Nets, this splitting will result in differ-
ent transitions with the same label.
DEFINITION 2.6 (Bisimulation [2]). Let TS S E T sin1 1 1 1= ( , , , )
and TS S E T sin2 2 2 2= ( , , , ) be two TSs with the same set of
events. A bisimulation between TS1 and TS2 is a binary
relation R between S1 and S2 such that
1.a)for every s1 ¶ S1, there exists s2 ¶ S2 such that s1Rs2.
1.a)for every s2 ¶ S2, there exists s1 ¶ S1 such that s1Rs2.
2.a)for every ( , , )s e s T1 1 1 ¶  and for every s2 ¶ S2 such that
s1Rs2, there exists ( , , )s e s T2 2 2 ¶  such that  s Rs1 2 .
2.b)for every ( , , )s e s T2 2 2 ¶  and for every s1 ¶ S1 such
that s1Rs2, there exists ( , , )s e s T1 1 1 ¶  such that  s Rs1 2 .
Intuitively, Conditions 1a) and 2a) define a simulation of
TS1 by TS2. Two TSs are said to be bisimilar if they can
simulate each other, i.e., there exists a bisimulation between
them.
DEFINITION 2.7 (Auto-bisimulation and bisimilar states [2]).
Let TS = (S, E, T, sin) be a TS. An auto-bisimulation of
TS is a bisimulation between TS and itself. Two states s1, s2
¶ S are bisimilar if s1Rs2 for some auto-bisimulation of TS.
The relation “is bisimilar to” is an equivalence relation
and partitions all TSs into equivalence classes. A TS is said
to be minimal if no other element in its equivalence class has
a set of states with smaller cardinality, in other words:
DEFINITION 2.8 (Minimal TS). A TS is said to be minimal if it
contains no different states, s1 and s2, which are bisimilar.
Fig. 4 illustrates the notions of isomorphism, split-
morphism, and bisimulation between TSs. The split-
morphism of Fig. 4b maps two different instances of an
event (a1 and a2) onto the same event (a).
The work presented in this paper is based on transfor-
mations between split-morphic or bisimilar TSs. These no-
tions of equivalence provide stronger conditions than lan-
guage equivalence in general ([37]). This implies, for exam-
ple, that deadlock and liveness properties will be preserved
for a PN generated from the TS.
CORTADELLA ET AL.:  DERIVING PETRI NETS FROM FINITE TRANSITION SYSTEMS 865
3 EXCITATION CLOSED TRANSITION SYSTEMS
In this section, we define the concept of ECTS based on the
notion of excitation regions, which are the sets of states cor-
responding to the transitions of a PN.
3.1 Excitation Regions and Switching Regions
While regions in a TS are related to places in the corre-
sponding PN, an excitation region [32] (ER) for event a is a
maximal set of states in which transition a is enabled.
Therefore, excitation regions are related to transitions of the
PN. Similarly to ERs, we define switching regions as sets of
states reached immediately after the occurrence of an event.
DEFINITION 3.1 (Excitation and switching regions). A set of
states S is called an excitation region for event a, denoted
by ER(a), if it is a maximal set of states such that for every
state s ¶ S there is a transition s
a
 .
A set of states S is called a switching region for event
a, SR(a), if it is a maximal set of states such that for every
state s ¶ S there is a transition 
a
s .
In the TS from Fig. 2a, ER(a) = {s1, s5} and SR(a) = {s2, s6}.
3.2 Excitation Closure
In this section, we introduce a new class of TSs, excitation-
closed transition systems, and show their relationship with
ETSs. We prove two important theorems which create a
formal foundation for our synthesis framework. These
theorems taken together state that for any excitation-closed
TS there is an ETS that is bisimilar to the original TS.3 The
practical importance of this result will be illustrated further,
by showing an efficient way of checking the excitation clo-
sure condition.
DEFINITION 3.2 (Excitation-closed TS (ECTS)). A transition
system TS = (S, E, T, sin) is called excitation-closed if it
satisfies the following two axioms:
A.4) Excitation closure: For each event a: r ER a
r a
=
¶
( )oI
A.5) Event effectiveness: For each event a: °a ¡ fi.
We now establish a correspondence between ETSs and
ECTSs. For this we introduce the notion of region-based
state equivalence, and define a region-separated TS as a TS
minimized with respect to that equivalence.
DEFINITION 3.3 (Region-based state equivalence). Let TS =
(S, E, T, sin) be an ECTS and let 5 be the binary relation
on S defined as follows:
3. Due to lack of space, the proofs have been omitted. They can be found
in [17].
s s R Rs s1 2 1 25 ˆ =
def
.
Clearly, 5 is an equivalence relation. For each s ¶ S, we
denote by [s] the equivalence class of s. For each S µ S, we
denote by [S] the set of equivalence classes of the states in S.
Given an ECTS and the set of all equivalence classes, [S] =
{p1, ⁄, pk}, with respect to 5, it is possible to construct a
minimized version of the ECTS such that, for each equiva-
lence class of states pj ¶ [S], there will be exactly one corre-
sponding state in the new TS. We will denote the new state
corresponding to pj as s[pj]. Slightly abusing the notation,
the set of states corresponding to all equivalence classes of
S µ S is denoted as [S] and the whole set of the new states
as [S].
DEFINITION 3.4 (Region-separated TS). Let TS = (S, E, T, sin)
be an ECTS. A region-separated TS is defined as follows:
TS5= ([S], E, T5, s[pin]), where [S] is defined above,
(s[p1], e, s[p2]) ¶ T5 ˆ $s1 ¶ p1, s2 ¶ p2 : (s1, e, s2) ¶ T
and sin ¶ pin.
It is easy to show that T5 is well-defined, i.e., if (s[p1], e,
s[p2]), then "s1 ¶ p1 $s2 ¶ p2 : (s1, e, s2) ¶ T and vice versa.
Fig. 5a depicts a nonelementary TS in which two pairs of
states, {s0, s4} and {s1, s5} are region-based equivalent. The
set of all equivalence classes of states is [S] = {p1, p2, p3, p4} =
{{s0, s4}, {s1, s5}, {s2}, {s3}} and pin = p1. The corresponding re-
gion-separated TS is shown in Fig. 5b, where the equivalent
states have been merged. This minimized TS is now an
ETS with a behavior bisimilar to the reachability graph of
the Petri Net shown in Fig. 5c.
The next theorem shows that the region-separated TS is
a (partly) minimized version of a ECTS with respect to
bisimulation.
THEOREM 3.1. Let TS = (S, E, T, sin) be an ECTS. Then, TS and
the corresponding region-separated TS, TS5, are bisimilar.
The proof outline is given in the Appendix.
The following theorem establishes a connection between
ETS and ECTS in both directions.
THEOREM 3.2.
1) If a TS is elementary, then it is excitation-closed.
2) Let TS = (S, E, T, sin) be an ECTS. Then, TS5 is
elementary.
                                
(a)       (b)           (c)
Fig. 4. (a) Isomorphism, (b) Split-morphism, (c) Bisimulation.
866 IEEE TRANSACTIONS ON COMPUTERS,  VOL.  47,  NO.  8,  AUGUST  1998
The proof outline is given in the Appendix. As follows from
Theorem 3.2.1, each ETS is an ECTS. On the other hand,
Theorems 3.1 and 3.2.2, show that, for each ECTS, an ele-
mentary bisimilar TS can be constructed by mapping all
region-equivalent states into one state. This procedure cor-
responds to classical state minimization of finite automata.
However, this relation with classical state minimization is
not straightforward and will be analyzed more in detail in
Section 3.5. For example, Fig. 6a shows a nondeterministic
TS which is excitation closed, but not elementary, since, e.g.,
output states of transitions labeled with a are not separated
by regions. The corresponding TSR is obtained by merging
two pairs of region-equivalent states and is elementary
(Fig. 6b). An important observation can be made. Any ETS
is deterministic [42]. However, a nondeterministic TS can
be an ECTS when it has a bisimilar ETS. Fig. 6 depicts an
example illustrating this fact.
3.3 Minimality
This subsection focuses on minimality of TSs. Recall (Sec-
tion 2.6) that a TS is minimal if all its states are unique in
terms of their posthistory, i.e., no two distinct states of the TS
are bisimilar to each other. Our main goal here is to show the
conditions under which region-based equivalence R of states
coincides with bisimulation-based equivalence R. These con-
ditions are based on the notion of confluence. The following
important properties are related to minimality.
THEOREM 3.3. Let TS = (S, E, T, sin) be an ETS. If TS is not
minimal, then for any pair of bisimilar states, s1, s2 ¶ S, s1
and s2 are not confluent.
The proof of this theorem is given in the Appendix.
Let TS = (S, E, T, sin) be an ECTS, then the following
properties (proven in [17]) hold:
• If TS is minimal, then TS is elementary.
• If TS is minimal, then it is isomorphic to the region-
separated TS, TS5.
• If every pair of bisimilar states of S is confluent, then
TS5 is minimal.
The last property implies that by constructing a region-
separated TS one implicitly minimizes the TS for all con-
fluent states. For example, the region-separated TS in
Fig. 4c on the right is a minimized version of the ECTS from
Fig. 4c on the left. The relationship with state minimization
for nonconfluent states will be discussed in Section 3.5.
Fig. 7d shows an example of an excitation closed TS, which
is not minimal, since states marked with 2 and with fi are
bisimilar. Note that these states are not confluent. After
minimizing the TS, Fig. 7e is obtained, which is not excita-
tion closed. The excitation closure condition is violated for
event f.
3.4 Place-Irredundant Petri Nets
The above theory provides an efficient framework to derive
Petri Nets from transition systems. The main differences
from the work presented in [42] are the following:
• The check for elementarity (that must be done once
for each state) is reduced to a check for excitation clo-
sure (that must be done once for each event; events in
a concurrent model are in general much fewer than
states).
• Excitation closure guarantees the existence of a bisi-
milar ETS with a one-to-one correspondence between
regions. The ETS will be minimal for all those pairs of
bisimilar states that are confluent.
Therefore, given an ECTS, one obtains a PN whose RG
is bisimilar to the ECTS by only calculating the minimal
regions of the ECTS. Furthermore, the method can not only
derive a Petri Net, but also minimize its reachability graph
if all the bisimilar states are confluent.
                  
Minimal regions
Regions containing states
r s s s r s s s
r s s s r s s s
R R r r R r r
R R r r R r r
s s s
s s s
1 0 2 4 3 1 3 5
2 0 3 4 4 1 2 5
1 2 1 4
3 4 2 3
0 4 2
1 5 3
= =
= =
= = =
= = =
, , , ,
, , , ,
, ,
, ,
< A < A
< A < A
< A < A
< A < A
         (a)     (b)         (c)
Fig. 5. (a) Nonelementary ECTS, (b) Bisimilar ETS after merging region-based equivalent states, (c) Petri Net after synthesis of the ETS.
                        
       (a)    (b)
Fig. 6. (a) A nondeterministic ECTS. (b) A bisimilar ETS.
CORTADELLA ET AL.:  DERIVING PETRI NETS FROM FINITE TRANSITION SYSTEMS 867
A minimal saturated net can be redundant. Many places
can still be removed from it while still preserving the bisi-
milarity between its RG and the ETS. By analogy with logic
minimization, a saturated net is like the set of all implicants
for a Boolean function, while a minimal saturated net is like
the set of all prime implicants. Our goal is to provide a
method for constructing an irredundant net with minimal
regions, which is similar to an irredundant cover of prime im-
plicants [9]. Unfortunately, the analogue of Quine and
McCluskey’s result does not hold in this case, i.e., there ex-
ist ECTSs for which any minimum corresponding PN re-
quires using at least one nonminimal region. An example of
such a case is given in Section 3.5.
It was proven in [6] that the RG of a minimal saturated
net is isomorphic to the RG of the saturated net. Here, we
provide a method to build a place-irredundant net from an
ECTS and prove that the RG of the place-irredundant net is
bisimilar to the ECTS. Similar related work for ETSs was
presented in [21].
THEOREM 3.4. Let TS = (S, E, T, sin) be an ETS and let
N R E F RTS TS TS sin= ( , , , )  be the saturated net obtained by
the algorithm “saturated PN synthesis” from Section 2.5.1.
Let I µ RTS be a subset of regions of TS and let I = RTS - I
be such that the excitation closure condition is satisfied
without I:
" ¶ =
¶ - 
e E r ER e
r e I
. 0 5
o
I .
Let NI = (I, E, FI, sI) be a net where s R II sin= -   and
FI = FTS - {(r, e), (e, r)|r ¶ I}.
Then, RG(NI) is bisimilar to TS.
The proof outline of this theorem is given in the Appendix.
The converse of Theorem 3.4 is trivially true, i.e., if I µ
RTS does not satisfy the excitation closure condition for
event e, then RG(NI) is not bisimilar to the TS. Discrepancy
in behavior will occur in any state from r ER e
r e
-
¶
( )oI .
COROLLARY 3.1. There exists a subset I µ RTS such that I contains
only minimal preregions and RG(NI) is bisimilar to TS.
Next, we state a relationship between irredundant sets of
regions and place-irredundant nets.
DEFINITION 3.5. (Place-irredundant net). A labeled Petri Net is
place-irredundant if no place can be removed from it with-
out losing the bisimilarity of the RG.
DEFINITION 3.6 (Irredundant set of regions). Let TS be a Transi-
tion System. A set of regions R is called redundant if there
is a region r ¶ R such that R - {r} still satisfies the excitation
closure condition. Otherwise, R is called irredundant.
THEOREM 3.5. Let NI = (I, E, FI, sI) be a safe pure PN obtained
from an ETS TS, as described by Theorem 3.4. If I is an ir-
redundant set of regions, then NI is place-irredundant.
The proof is trivial.
Fig. 7 shows a minimal saturated PN (Fig. 7a) and its RG
(Fig. 7b). Regions r0, r1, r2, and r3 are enough to guarantee
the excitation closure of the RG and a place-irredundant PN
can be obtained (Fig. 7c) with a bisimilar RG (Fig. 7d). Note
that, in the initial PN region, r4 is a preregion for event d. The
RG in Fig. 7d is a partly minimized version of RG (Fig. 7b),
however, it is not minimal. A minimal RG can be neither
elementary nor excitation closed (Fig. 7e). By removing re-
dundant regions one can perform an implicit partial state
minimization for nonconfluent states. However, complete
minimization of such states can destroy elementarity and
excitation closure.
3.5 Place-Minimal Petri Nets
In this section, we define a link between place-minimal nets
and minimal sets of regions and further establish a relation
between irredundant sets of minimal regions and minimal
sets of regions.
DEFINITION 3.7 (Place-minimal net). A labeled Petri Net is
place-minimal if any other bisimilar PN contains a greater
or equal number of places.
DEFINITION 3.8 (Minimal set of regions). Let TS be a Transi-
tion System. A set of regions R is called minimal if it is ir-
redundant and any other irredundant set of regions con-
tains a greater or equal number of regions.
The relationship between minimal nets and minimal sets
of regions is similar to that between irredundant nets and
irredundant sets of regions. It can be stated as follows:
   (a) (b)          (c)   (d)      (e)
Fig. 7. (a) Minimal saturated PN, (b) RG with each state labeled with the indices of the marked places, (c) place-redundant PN, (d) bisimilar RG,
(e) minimal nonelementary and not excitation closed TS.
868 IEEE TRANSACTIONS ON COMPUTERS,  VOL.  47,  NO.  8,  AUGUST  1998
THEOREM 3.6. Let NI = (I, E, FI, sI) be a safe pure PN obtained
from an ETS TS, as described by Theorem 3.4. If I is a
minimal set of regions, then NI is place-minimal.
The proof is trivial.
As discussed in Section 3.4, a place-irredundant PN can be
always obtained using an irredundant set of minimal regions.
In that respect, minimal regions resemble prime implicants in
Boolean minimization. However, a minimal set of regions does
not necessarily contain minimal regions only. Fig. 8 shows a
transition system (on the left) and a place-irredundant net,
corresponding to the (unique) irredundant set of minimal re-
gions (in the middle). However, a place-minimal safe pure net
(on the right) can be obtained from the place-irredundant net
by merging two minimal regions, which are denoted in the TS
with dotted lines, into one nonminimal region.
The relationship between irredundant sets of minimal
regions and minimal sets of regions is given by the follow-
ing theorem.
DEFINITION 3.9 (Min-expansion of regions). Let R be a set of
regions of a TS. A set of regions R is called a min-
expansion of R if
1) for any region r, r ¶ R, the following conditions hold:
a) if r is a minimal region, then r ¶ R.
b) if r is a nonminimal region and r = r1 < r2 ⁄ < rk,
where r1, ⁄, rk are disjoint minimal regions, then
r • R and r1¶ R, ⁄, rk¶ R.
2) for any region r, r ¶ R, there exists a region r ¶ R
such that
a) if r is a minimal region, then r = r
b) if r is a nonminimal region and r = r1 < r2 ⁄ < rk,
where r1, ⁄, rk are disjoint minimal regions, then
there exists i such that r = ri.
THEOREM 3.7 (Minimal set of regions). Let R be a minimal set
of regions of an ECTS. Then, any min-expansion of R is an
irredundant set of regions.
This theorem shows that a place-minimal net can always
be obtained from one of the irredundant sets of minimal
regions by merging some of the disjoint minimal preregions
into nonminimal preregions.
Based on the equivalences for TSs and PNs presented in
this section, the framework depicted in Fig. 9 and described
in the next section can be devised for the synthesis of PNs.
• Initially, the labels of a TS are split to obtain a split-
morphic ECTS. Next, all minimal preregions that are
predecessors of some event are generated to derive a
minimal saturated PN. This restriction to event
predecessors only is due to our region generation
mechanism and has been shown to be sufficient in
practice to obtain good results using a reasonable
amount of computation time.
• Then, an irredundant subset of preregions is calcu-
lated and a place-irredundant PN obtained.
• Finally, by merging minimal preregions, further
minimization of regions can be obtained. Exploring
all place-irredundant nets can be computationally
very expensive. Hence, we use only a greedy place
merging starting from a place-irredundant net, thus
yielding a quasi-place-minimal PN.
4 PETRI NET SYNTHESIS
The skeleton of the algorithm for synthesis of a PN is given
by the pseudocode of function Petri Net synthesis
shown in Fig. 10.
The input of this algorithm is a TS. The output is a PN
whose RG is bisimilar to the TS. Here, we only give a
rough sketch of the procedures. Further details on the
methods used in the current implementation to represent
and manipulate TSs efficiently are given in Section 4.5.
                           
Fig. 8. ECTS, its place-irredundant and place-minimal net.
Fig. 9. Framework for the synthesis of PNs from TSs.
CORTADELLA ET AL.:  DERIVING PETRI NETS FROM FINITE TRANSITION SYSTEMS 869
The function generate_min_preregions generates all
minimal preregions for one event. The function
find_irredundant_cover produces an irredundant set of
regions. From this set, a place-irredundant net is generated.
This function is discussed in Section 4.2. The function
split_labels performs the splitting of labels if the initial
TS is not an ECTS. This function is discussed in Section 4.3.
The function map_to_PN is the final step for constructing a
PN from the set of regions, which has been described in
Section 2.5.
4.1 Generation of Minimal Preregions
The generation of preregions of an event e is based on the
fact that any preregion must cover the ER(e). Starting from
ER(e), any event with an illegal crossing relation is legalized
by adding new states to a set of states containing ER(e) until
it becomes a region. An exhaustive search through all the
possible legalizations guarantees that all minimal pre-
regions that are predecessors of some event will eventually
be found.
The following lemmas, proven in [17], are the basis for
the generation of preregions.
LEMMA 4.1 (Violation of region conditions). Let TS = (S, E, T,
sin) be a TS. Let r · S be a subset of states such that r is not
a region. Then, there exists an e ¶ E such that at least one
of the following predicates holds:
1)in(e, r) ` [enter(e, r) ´ exit(e, r)]
2)enter(e, r) ` exit(e, r)
3)out(e, r) ` enter(e, r)
4)out(e, r) ` exit(e, r)
LEMMA 4.2 (Essential states to become a region). Let TS = (S,
E, T, sin) be a TS. Let r · S be a set of states such that r is
not a region. Let r µ S be a region such that r · r. Let e ¶ E
be an event that violates some of the conditions for r to be a
region. The following predicates hold:
1)in(e, r) ` [enter(e, r) ´ exit(e, r)] ˘ {s|$s ¶ r :
(s, e, s) ¶ T ´ (s, e, s) ¶ T} µ r
2)enter(e, r) ` exit(e, r) ˘ {s|$s ¶ r : (s, e, s) ¶ T ´
(s, e, s) ¶ T} µ r
3)out(e, r) ` enter(e, r) ˘ [{s|$s ¶ r : (s, e, s) ¶ T} µ
r] ´ [{s|$s • r: (s, e, s) ¶ T} µ r]
4)out(e, r) ` exit(e, r) ˘ [{s|$s ¶ r : (s, e, s) ¶ T} µ
r] ´ [{s|$s • r : (s, e, s) ¶ T} µ r].
Note that the asymmetry between in and out is due to
the fact that we always expand a set of states to become a
region, starting from “minimal” seeds that are excitation
regions.
The pseudocode for the function gener-
ate_min_preregions is shown in Fig. 10.
PROPOSITION 4.1. The function generate_min_preregions
generates all minimal preregions of the ECTS that are
predecessors of some TS event.
The restriction to predecessor regions is not so severe be-
cause our excitation closure condition is based only on
predecessors of a given event. This means that we can find
a PN equivalent to any ECTS by looking only at predeces-
sor regions. We can lose with respect to minimality, but effi-
cient implementation is currently more of concern than ex-
act minimization.
Note also that, for Predicates 3 and 43 of Lemma 4.2, two
expansions are possible. The algorithm generate_min_
preregions expands the set of states in both directions,
thus implicitly generating a binary exploration tree as
shown in Fig. 12. The search tree is, however, reduced in a
few ways:
Fig. 10. Pseudocode for the algorithm to synthesize Petri Nets.
870 IEEE TRANSACTIONS ON COMPUTERS,  VOL.  47,  NO.  8,  AUGUST  1998
• If the same set of states is generated more than once,
only one branch of the tree is explored.
• If a region is generated during the exploration, then
the search along this branch is immediately bounded.
This is sound, since the search tree is monotonic in the
following sense: each parent vertex of the tree is a
subset of the child vertex. Hence, it is not possible to
generate minimal regions along the branches starting
from another minimal region.
• If the target of the procedure is just to produce an ir-
redundant set of regions, then the excitation closure
for a given event is checked on-the-fly and the search
is stopped as soon as it is satisfied. This mechanism
can be used to produce a locally optimal solution
even for very large TSs.
The complexity of region generation is known to be poly-
nomial in the size of the TS [3], which gives an upper
bound on the size of the search tree.
4.2 Irredundant Sets of Regions
Let R be a set of regions such that both the excitation clo-
sure condition and the event effectiveness condition hold
(the set of all minimal preregions of an ECTS satisfies these
two conditions). Note that if R satisfies the event effective-
ness condition, and some regions are removed from R so
that the excitation closure condition still holds, then the
event effectiveness condition remains satisfied. Therefore,
we need to monitor only the excitation closure condition,
while removing redundant regions.
We will illustrate how an irredundant set of places can
be calculated by means of the example of Fig. 11. Table 1
presents all minimal preregions of the TS.
As a preliminary step, essential regions are calculated. A
region r is essential if there exists a state s and an event e
such that r ¶ °e, s • r and, for all r ¶ °e, r ¡ r, we have s ¶ r
(i.e., r is the only region that removes from the intersection
of preregions a state in which e is not enabled). For exam-
ple, for event c, we have
°c = {r0, r1};     ER(c) = {s2, s6} = r0 > r1.
In this case, both r0 and r1 are essential, since none of
them can be removed from °c without violating its excita-
tion closure. Similarly, we can deduce that r2, r4, and r8 are
also essential (r2 and r4 are essential for d and r8 for a, b).
Thus, we have four nonessential regions: r3, r5, r6, and r7.
Next, for each event with nonessential preregions (e and
f in the example), all minimal covers are implicitly gener-
ated. To reduce the complexity of the problem, essential
regions are assumed to be implicitly included in each cover.
For event e, we have two minimal covers: {r6} and {r3, r7}.
For event f, we also have two minimal covers: {r7} and {r5, r6}.
Finding a minimum cost cover can be posed as finding a
minimum cost solution of a Boolean equation describing
the covering conditions [49], [36]. The equation corre-
sponding to the example is as follows:
(r6 + r3 ¿ r7) ¿ (r7 + r5 ¿ r6) = 1.
A cost must be assigned to each region, according to the
objective function to be minimized, which depends on the
application. For example, if we want to minimize the total
number of places and arcs (a heuristic measure of the “sim-
plicity” of the PN), then we can assign to each place p a cost of
|•p| + |p•| + 1
If we want to minimize only the number of places and ob-
tain a place-minimal PN, then the cost of each place is 1.
In our case,
cost(r3) = cost(r5) = 3; cost(r6) = cost(r7) = 4
and two minimum-cost covers exist: {r3, r7} and {r5, r6} (the
former is shown in Fig. 11c). There is another possible solu-
tion ({r6, r7}), but it has nonminimum cost. The existence of
two place-minimal nets for this example gives a negative
answer to a question posed in [21]: whether there always
exists at most one optimal net which could be considered
canonical.
         (a)    (b)            (c)
Fig. 11. (a) Transition system. (b) Minimal saturated net. (c) Place-irredundant net.
TABLE 1
ALL MINIMAL PREREGIONS OF THE TRANSITION SYSTEM DEPICTED IN FIG. 11A
preregion events preregion events preregion events
r0 = {s2, s5, s6} c r1 = {s2, s4, s6} c,e r2 = {s2, s3, s5} d
r3 = {s2, s3, s4} e r4 = {s3, s5, s7} d,f r5 = {s5, s6, s7} f
r6 = {s3, s4, s7} e,f r7 = {s4, s6, s7} e,f r8 = {s1} a,b
CORTADELLA ET AL.:  DERIVING PETRI NETS FROM FINITE TRANSITION SYSTEMS 871
4.3 Label Splitting
The set of minimal preregions of an event a is calculated by
gradually expanding ER(a) to obtain sets of states that do
not violate the “entry-exit” relationship. When the excita-
tion closure is not fulfilled (see Definition 3.2), i.e.,
r ER a
r a¶
¡
o
I 0 5,
some events must be split to make the TS elementary.
The strategy to split events is as follows. During the ex-
pansion of ER(a) toward the preregions of a, several sets of
states are explored. We focus our attention on sets of states
S such that
ER a S r
r a
0 5 µ  ·
¶o
I .
For each of these sets of states, the number of events that
violate the region conditions are calculated. Finally, the set
that has the least number of “bad” events is selected. If sev-
eral sets have the same number of “bad” events, the small-
est one is selected.
The selected set of states is then forced to be a region. In-
formally, this is done by splitting the labels of those events
that do not fulfill the region conditions. This strategy guar-
antees that the new intersection of preregions is closer to
ER(a).
An example is depicted in Figs. 12a and 12b for the pre-
regions of event c. Initially, ER(c) = {s2, s5} is taken for ex-
pansion. Next, two possible legalizations for event b are
considered. Further expansions are applied until all
branches of the search tree find a region. In this case, re-
gions covering states in SR(c) have been also explored (this
type of regions are also valid in case a nonpure PN is
sought, as explained in Section 4.4). The example also illus-
trates how all branches will eventually be pruned, in the
worst case, when covering the whole set of states. Let us
call r the intersection of the regions found in the expansion.
We have
r = {s1, s2, s3, s4, s5, s6, s7} > {s2, s3, s5, s6} = {s2, s3, s5, s6}.
The strategy for label splitting will take all those explored
sets r such that
{s2, s5} µ r · r.
All three states explored before finding regions are good
candidates. However, the set {s2, s5} is the best one by the
fact that only one event violates the crossing conditions and
it makes the intersection of pre-regions smaller (closer to
ER). Thus, event b is split into two new events (b1 and b2)
for {s2, s5} to become a region. The new TS is split-morphic
with respect to the original one and is now an ECTS. The
corresponding PN is shown in Fig. 12d and its RG in
                 
      (a)             (b) (c)
             
(d)            (e)
Fig. 12. (a) TS, (b) expansion tree for preregions of event c, (c) split-morphic ECTS, (d) PN, (e) RG of the PN.
872 IEEE TRANSACTIONS ON COMPUTERS,  VOL.  47,  NO.  8,  AUGUST  1998
Fig. 12e. Note that it contains one state less than the original
TS, due to the implicit minimization for bisimilar confluent
states s4 and s7.
4.4 Modifications of the Basic Synthesis Method
The above synthesis method can be easily adapted to syn-
thesize different classes of PNs, as sketched below.
nonpure nets: For any event e, the algorithm also explores
minimal regions r such that ER(e) < SR(e) µ r. These re-
gions correspond to self-loop places in the PN and can
contribute to fulfill the excitation closure condition.
free-choice nets: A net is said to be free choice if for any
place p such that |p•| > 1, t ¶ p• implies that |•t| = 1.
Informally, when a place is a choice, it must be the only
predecessor of its successor transitions [27]. This prop-
erty can be enforced by splitting labels until all choice
regions become the only preregions of their postevents.
unique-choice nets: A net is said to be unique choice when
all the choice places are free (as in free-choice nets) or
when no pair of successor transitions can be enabled si-
multaneously. As an example, all PNs shown in Fig. 14 are
unique-choice nets. The method to synthesize unique-
choice nets is similar to the one for free-choice nets.
SM-decomposable nets: A state machine (SM) is a subnet
composed of a subset of places of a net and all their
predecessor and successor transitions, with the condition
that any transition of the subnet has only one predeces-
sor place and one successor place [27]. A net is SM-
decomposable if each place of the net belongs to some
state machine. The synthesis of SM-decomposable PNs is
based on the observation that any set of disjoint regions
covering all states of a TS, i.e., a partition of the set of
states into regions, corresponds to an SM in the PN [5].
unsafe nets: Based on the theory presented in [3] and in-
corporating label splitting to extend the method to any
class of TS [31].
Further details on the synthesis of different classes of
PNs can be found in [17].
4.5 Symbolic Representation with Binary Decision
Diagrams
In this section, we briefly explain how sets of states can be
represented by means of Boolean functions and efficiently
manipulated by using Binary Decision Diagrams (BDDs)
[35], [10]. As an example, it will be shown how traversal of
the reachability set of markings can be done symbolically
using BDDs.
Given the set P of places of a PN, a set M of (safe) mark-
ings over P can be represented by its characteristic function,
denoted cM, that is a Boolean function that evaluates to 1
for each marking in M. In particular, the set of reachable
markings of a PN in which a place pi is marked will be de-
noted by ci.
A BDD is a directed acyclic graph with one root and two
leaf nodes (0 and 1). Each nonleaf node is labeled with a
Boolean variable and has two outgoing arcs with labels 0
and 1. A BDD represents a Boolean function as follows:
Each variable assignment has a corresponding path that
goes from the root node to one of the leaf nodes. The label
of the leaf node is the value of the function for that assign-
ment. As an example, the BDD depicted in Fig. 13b repre-
sents the function f v v v v v v( , , )2 3 4 2 3 4= +  corresponding to
                                     
      (a)    (b)
place v0 v1 v2 v3 v4
p0 0 0 - - -
p1 0 1 - - -
p2 1 0 - - -
p3 1 1 - - -
p4 - - 0 0 -
p5 - - 0 1 -
p6 - - 1 0 -
p6, p7 - - - - 0
p8 - - - - 1
(c)
Fig. 13. (a) Petri Net, (b) BDD representing the set of reachable markings, and (c) place encoding.
CORTADELLA ET AL.:  DERIVING PETRI NETS FROM FINITE TRANSITION SYSTEMS 873
the reachability set of the PN in Fig. 13a. The value of the
function for the assignment v2 = v3 = 1 and v4 = 0 is 0. This
assignment corresponds to the path v v2
1
3
1
0  . Note that
the function has 20 minterms and that each of them corre-
sponds to a reachable marking of the function. Here are
some examples of how the markings (represented as sets of
marked places) are encoded:
0 1 0 1 1
1 1 1 0 0
0 0 1 0 1
1 5 8
3 6
, , , , , ,
, , , , ,
, , , ,
2 7 < A
2 7 < A
2 7



p p p
p p
unreachable marking.
We refer the reader to [10] for further details on how to
manipulate Boolean functions efficiently by means of
BDDs. With such a representation, the basic operations on
sets of states (union, intersection, complement) can be
mimicked as Boolean operations on Boolean functions (or,
and, not). Moreover, such functions can have a compact
representation. In [46], some examples are shown in which
graphs with 1018 states can be represented with BDDs hav-
ing 103 nodes by using very naive encodings (one Boolean
variable per place).
Starting from a simple example of a PN specification
shown in Fig. 13a we will explain the following steps.
• Selection of encoding variables for representing
markings of individual places. Instead of the simplest
naive encoding, one variable per place, we use a more
dense encoding based on state machine decomposi-
tion of the original PN.
• Traverse the reachability space of the net starting from
the initial marking until the fixed point is reached.
The traversal is done symbolically, using the BDD
representation of Boolean characteristic functions for
sets of markings and the transition relation of the net.
• As a result of the computation we will get a BDD rep-
resentation of the characteristic function of the reach-
ability set. This function has the encoding variables as
its arguments.
• Given this function we show how different operations
with sets of markings can be performed.
4.5.1 Encoding
The dense encoding used for the markings of the PN of
Fig. 13 is based on the observation that the sets of places P1
= {p0, p1, p2, p3}, P2 = {p4, p5, p6}, and P3 = {p6, p7, p8} define
three state machines, SM1, SM2, and SM3, of the PN [27],
[20] with the following sets of transitions T1 = {t1, t2, t3, t4},
T2 = {t1, t5, t6}, and T3 = {t5, t6, t7}, respectively. This informa-
tion can be structurally obtained by using algebraic meth-
ods [20]. State machines correspond to place-invariants of
the PN and preserve their token count in all reachable
markings. Given the initial marking of the net, at most one
of the places of each state machine will be marked at each
marking. Thus, the following encoding can be proposed:
two Boolean variables (v0 and v1) can be used to encode the
token in M1, two Boolean variables (v2 and v3) for M2. Only
one Boolean variable (v4) is sufficient for M3, since M2 al-
ready uniquely encodes p6 (v2 = 1 ˆ p6 has a token) and
only places p7 and p8 must be distinguished. The table in
Fig. 13c proposes an encoding for the places that leads to
the following characteristics functions for places:
place, p cp place, p cp
p0 v v0 1 p1 v v0 1
p2 v v0 1 p3 v0v1
p4 v v2 3 p5 v v2 3
p6 v v2 3 p7 v v v4 2 3+2 7
p8 v4 – –
Note that, since variable v4 has value 0 both for places p6
and p7 and its characteristic function c p6  depends only on
variables corresponding to the second state machine, SM2,
the characteristic function for p7 is
c cp pv v v v7 64 4 2 3= = +3 8 .
4.5.2 Transition Function and Reachable Markings
The methods used for deriving the transition function and
calculating the reachable markings of a PN are similar to
those used for reachability analysis and equivalence
checking of finite state machines [26].
For calculating the transition function, let us first intro-
duce the characteristic functions for two important sets re-
lated to a transition t ¶ T:
E  enabled
ASM all successors marked
t V t
t V
p t
p
p t
p
i
i
i
i
0 5 0 5 0 5
0 5 0 5 0 5
=
=
¶
¶


`
`
c
c
,
.
Function E(t) (ASM(t)) states that all input (output) places
of transition t contain a token. For example, for transition t1
in Fig. 13a
E t V V v v v vp p1 0 1 2 30 42 7 0 5 0 5= =c c
and
ASM t V V v v v vp p0 5 0 5 0 5= =c c1 5 0 1 2 3 .
Let MN be the set of all possible markings of a PN N. The
transition function of a Petri Net is a function
d N
M MN NT: 2 2 
that transforms, for each transition, t, a set of markings M
into a new set of markings M one-step reachable from M
by firing transition t:
 = = ¶ $ ¶ %&’
()*M M t m M m M m mN N
t
d , : ,0 5 2 1 1 2 .
We illustrate the calculation of the transition function
with an example (for a more detailed explanation of the
algorithms, see [46]). Assume that, in the example of
Fig. 13a, we calculate M = dN(M, t1) given the set of mark-
ings: M = {{p0, p4, p7}, {p0, p4, p8}, {p3, p6}} represented by the
characteristic Boolean function:
874 IEEE TRANSACTIONS ON COMPUTERS,  VOL.  47,  NO.  8,  AUGUST  1998
M
v v v v v v v v v
p p p p p p p p p= + +
= +
c c c c c c c c c
0 4 7 0 4 8 3 5 7
0 1 2 3 0 1 2 3 4.
First, by calculating M E t v v v v¿ =( )1 0 1 2 3 , one selects those
markings from M in which t1 is enabled. After that, we de-
termine all literals that are logically implied by the charac-
teristic functions of input places of transition t1, i.e., places
p0 and p4. The following implications hold: c p v0 0˘ ,
c p v0 1˘ , c p v4 2˘ , and c p v4 3˘ . All implied literals
should be cofactored from function M ¿ E(t).4 The result is
( ( ))M E t
v v v v
¿ ¢
0 1 2 3
1. Informally, this corresponds to re-
4. The cofactor of f(v1, ⁄, vi, ⁄, vn) with respect to literal vi, denoted by
fvi , is f(v1, ⁄, 1, ⁄, vn) and with respect to literal v fi vi
, , is f(v1, ⁄, 0,⁄, vn).
The notion of cofactor can be generalized to a product of literals, e.g.,
f fv v v vi , ( )2 1 2=  [10].
moving predecessor places of t1 from the characteristic
function. The final step is adding successor places of t1 into
the characteristic function, which is done by calculating
conjunction of the previous result with ASM(t1):
M E t ASM t v v v v
v v v v
¿ ¿ =0 52 7 2 7
0 1 2 3
1 0 1 2 3 .
This result is the characteristic function of M, which can be
considered as a Boolean version of the marking equation of
the PN. The existential quantification of t from the above
formula gives the set of markings dN(M) reachable by firing
any one enabled transition from a marking in M.5
In such a way, starting from the initial marking, by itera-
tive application of the transition function we calculate the
characteristic function of the reachability set until the fixed
5. The existential abstraction of f(v1, ⁄, vi, ⁄, vn) with respect to vi is
$ = +v v vi i i
f f f( )  [10].
(a)       (b) (c)            (d)
(e)          (f)               (g)
(h)      (i)      (j)
Fig. 14. Synchronized composition of transition systems and synthesis of minimized and free-choice Petri Nets (for simplicity, 1-input/1-output
places are represented by a transition-transition arc). (a) P1, (b) P2, (c) P1P2, (d) (P1P2)\{a}, (e) P1, (f) P2, (f) P1P2 (minimized), (g) P1P2
(free-choice), (h) (P1P2)\{a} (minmized), (i) (P1P2)\{a} (free choice).
CORTADELLA ET AL.:  DERIVING PETRI NETS FROM FINITE TRANSITION SYSTEMS 875
point in calculation is reached. The resulting function for
the reachability set for the example considered above is
f v v v v v v( , , )2 3 4 2 3 4= + . All calculations are done using a
BDD representation of the corresponding characteristic
Boolean functions.
4.5.3 Minimal Preregions and Excitation Closure
As an example of the type of operations that can be per-
formed with BDDs, we give some further details on the
calculation of minimal preregions and excitation closure.
Given a set of states and a transition function, successor
and predecessor states reachable in one step from the given
set can be obtained by applying the direct and inverse tran-
sition function, respectively. This is the main operation per-
formed in the function expand_states (see Fig. 10) to le-
galize events according to the conditions of Lemma 4.2 and
obtain minimal preregions.
Checking the excitation closure for an event after the set
of minimal preregions has been obtained is now reduced to
calculating their intersection (Boolean AND operation) and
checking its equivalence to the ER of the event.6
5 APPLICATIONS
The methodology presented in this paper has its main ap-
plication in the area of analysis and synthesis of concurrent
systems. Representing a concurrent system with an event-
based model (Petri Net) instead of a state-based model
(transition system) has some clear advantages:
• The relations between events are explicit in the model.
• The representation is usually much more succinct and
does not suffer from the state explosion problem.
6. Checking equivalence is a constant time operation in most BDD pack-
ages.
• Some properties can be verified at the structural level,
without requiring the enumeration of the states of the
system.
PN synthesis, since it starts from a state-based representation
and reconstructs the relations, obviously applies mostly to
the first aspect. Several applications of this reconstruction
have been outlined in Section 1. In this section, we illustrate
the usefulness of the method in two synthesis approaches:
top-down approach: A system is synthesized by composing
specifications of communicating subsystems.
bottom-up approach: A system is analyzed by composing
fragments corresponding to components.
5.1 Top-Down Approach: Petri Net Composition
PN synthesis can be applied to the derivation of specifica-
tions obtained by the composition of processes. The seman-
tics of composition is defined as follows: Let us have two
processes, each with an alphabet that labels its events (the
alphabets may not be disjoint). The composition of the pro-
cesses is another process that models their concurrent be-
havior synchronizing on pairs of events with the same la-
bel. We refer the reader to [37], [57], [51] for a more formal
definition of composition.
The methods known so far to compose PNs are struc-
tural [51], [57], [19], i.e., they derive a new PN by combining
nodes of the original PNs. These methods may, however,
introduce redundancy in the resulting PN because they are
conservative when calculating the pairs of synchronizing
transitions. Moreover, they do not allow one to obtain, e.g.,
a Free-Choice composed PN, even when this is possible.
Fig. 14 depicts an example of how PN synthesis can be
used for the synthesis of concurrent systems by composi-
tion of subsystems. The example obtains a system from two
concurrent processes, P1 and P2, that synchronize through a
TABLE 2
RESULTS ON SYNTHESIS MINIMIZED PNS AND FREE-CHOICE PNS
example initial PN minimized PN minimized FC PN CPU
P T F M P T F M P T F (secs)
alloc-outbound 17 18 36 17 13 14 37 16 16 17 34 0.1
clock 10 10 20 10 8 5 26 10 10 10 20 0.1
dff (*) 20 20 44 20 8 8 29 10 10 14 28 0.7
espinalt 27 25 57 27 19 20 52 26 26 24 54 1.1
fair_arb 13 20 40 13 11 10 31 13 13 20 40 0.2
future 30 28 60 36 18 16 38 36 30 28 60 1.1
gcd-ra (*) 66 58 136 3,240 43 40 110 3,090 64 56 136 27.3
intel_div3 8 8 16 8 8 6 23 8 8 8 16 0.1
intel_edge 28 36 72 28 17 25 111 25 24 32 64 6.5
isend (*) 56 44 116 53 20 19 89 36 39 36 100 8.1
lin_edac93 14 12 28 20 10 8 22 20 14 12 28 0.3
master-read 36 26 72 8,932 33 26 66 8,932 33 26 66 5.7
pe-rcv-ifc 43 38 96 46 20 20 105 36 37 32 87 5.6
pulse 12 12 24 12 7 6 20 12 12 12 24 0.1
rcv-setup 14 15 32 14 10 10 34 11 11 12 26 0.2
vme_read (*) 41 32 84 255 32 27 114 251 38 30 92 9.7
vme_write (*) 49 36 100 821 38 31 139 817 46 34 112 20.8
Total 484 438 1,033 13,552 315 291 1,046 13,349 431 403 987
Reduction 1.00 1.00 1.00 1.00 0.65 0.66 1.01 0.99 0.89 0.92 0.96
arcs/node 1.12 1.73 1.18
   ((*) silent events hidden before synthesis)
876 IEEE TRANSACTIONS ON COMPUTERS,  VOL.  47,  NO.  8,  AUGUST  1998
common event a. By composing TSs and eventually hiding
the nonobservable events of the communication, different
PNs can be derived. Fig. 14 shows specifications for P1 i P2
and (P1 i P2)\{a} (after hiding event a).
For each case, two different PNs are obtained: one by
minimizing the number of transitions of the PN and the
other by forcing the net to be free choice. Each case pursues
different goals. The former attempts to find the most suc-
cinct representation for the system by minimizing the tran-
sition and place count of the PN. The latter attempts to
minimize the flow relation of the PN, i.e., the number of
arcs, in order to find a more readable representation from
the point of view of the designer, at the expense of losing
optimality in the transition and place counts. Note that the
free-choice nets7 of the example have multiple transitions
with the same label, produced by the extra label splitting
required to force the free-choice conditions.
Minimal place and transition counts can be better for ma-
nipulating nets by automatic synthesis tools, whereas more
readable representations, such as free-choice nets, may be
7. In fact, the resulting nets are Marked Graphs, since they contain no
choice places.
better for design frameworks with a high interaction with the
designer. All the PNs shown in the figure have been obtained
automatically by the synthesis tool petrify [16].
This approach allows one to create an efficient link be-
tween high-level languages, such as CSP or CCS, and Petri
Nets. Through the modeling of the language constructs with
basic primitives and the composition of such primitives, a
netlist of communicating subsystems can be obtained [56]. A
Petri Net for the whole system can be derived by composing
the Petri Nets that model the behavior of the basic primitives.
Such an approach has been used in [47] to synthesize asyn-
chronous circuits from CSP-like descriptions.
5.1.1 Efficiency of PN Synthesis
Table 2 describes the results of the application of our algo-
rithms to the minimization of labeled Petri Nets. The exam-
ples (taken from the set of standard benchmarks for asyn-
chronous control circuits [34]) correspond to specifications
of asynchronous circuits that have been produced manually
by system designers. P, T, F, and M are the numbers of
places, transitions, arcs, and markings, respectively.
      
(a)         (b)   (c)
Fig. 15. rcv-setup: (a) Initial Petri Net, (b) Petri Net with minimum transition count, and (c) minimized free-choice PN.
TABLE 3
SYNTHESIS OF PETRI NETS FROM SPEED-INDEPENDENT CIRCUITS
circuit signals states places transitions arcs markings CPU (secs)
unsafe 5 22 17 12 46 22 0.7
a4_tflo1 8 20 17 16 40 20 0.2
a_10_dr2 50 9,408 93 100 336 9,408 1,582.4
a_11_sen 19 85 38 38 93 85 4.6
dags55 19 130 33 38 187 130 54.9
CORTADELLA ET AL.:  DERIVING PETRI NETS FROM FINITE TRANSITION SYSTEMS 877
The table illustrates the trade-off between succinctness
and readability of the PNs. We have used the ratio arcs/node
as a measure of (un)readability. The results show that sig-
nificant reductions in the number of nodes can be obtained
(35 percent less nodes, 1.73 arcs/node on average). If prior-
ity is given to readability (free-choice nets), satisfactory re-
ductions are still achieved (10 percent less nodes, 1.18
arcs/node on average). Note also that the number of
markings is sometimes reduced, since equivalent states can
be merged. Fig. 15 depicts the synthesized PNs for one of
the examples of Table 2.
5.2 Bottom-Up Approach: Analysis of Concurrent
Systems
PN synthesis can also be used for the analysis of systems.
Table 3 describes the results of the application of our algo-
rithms to the synthesis of Petri Nets from TSs obtained
from speed-independent circuits (all examples are de-
scribed in [32]). This can be used to produce a user-readable
description of the functionality of a circuit in the form of a
timing diagram-like labeled Petri Net (a Signal Transition
Graph, STG). Another potential application is to optimize
the input to direct synthesis methods that have been de-
vised for Petri Nets using both synchronous and asynchro-
nous circuit design techniques ([39], [8], [44]).
Fig. 16 illustrates one of the examples shown in Table 3
(a4_tflo1). Initially, a TS is derived by calculating all reach-
able states of the circuit (symbolic techniques can be used
here). A Petri Net capturing the behavior of all gate outputs
can be obtained by synthesis (Fig. 16b). Finally, since the user
is probably only interested in the observable behavior of the
circuit, a projection of the TS onto the observable signals can
be done and a simplified Petri Net can be obtained (Fig. 16c).
The simplified Petri Net can now be used to resynthesize the
circuit and generate different implementations.
5.3 Application to Large Transition Systems
The manipulation of the state space by means of BDDs en-
ables synthesis of Petri Nets with large reachability graphs.
We have chosen one scalable example to illustrate this fact
(see Fig. 17). It is an n stage pipeline with forward synchro-
nization through events bi  bi+1 and backward synchroni-
zation through events ci  ci+1. Fig. 17a depicts a five-stage
pipeline. In general, the Petri Net has 6n places, 4n transi-
tions, and 12n arcs, n being the number of stages.
The minimization of the Petri Net is not trivial (see
Fig. 17b) since, besides the regular structure derived from
the pipeline, it requires some extra places (shadowed in the
figure) for the proper initialization of the firing sequences.
The final Petri Net has 4n + 4 places, 3n transitions, and 10n
+ 8 arcs.
It is worth noting that small BDDs (e.g., 1,117 nodes) can
represent large state spaces (e.g., 2.2  1017 states). From the
total CPU time reported in the table of results, only a small
fraction (about 10 percent) is used to synthesize the final
     
        (a)        (b) (c)
Fig. 16. (a) Speed-independent circuit (initially, A = Q = U1 = 0, B = Q1 = U = Y = Y1 = 1), (b) Petri Net with bisimilar behavior, (c) Petri Net de-
scribing the observable behavior (+ and - indicate rising and falling transitions of the signals).
878 IEEE TRANSACTIONS ON COMPUTERS,  VOL.  47,  NO.  8,  AUGUST  1998
Petri Net. The rest of the running time is used to calculate
the reachability graph and find a good encoding for the
final synthesis step.8 The reported BDD sizes correspond to
the characteristic function of the reachable states after hav-
ing found an efficient encoding.
6 CONCLUSIONS
Petri Nets are an appropriate formalism to describe the be-
havior of systems with concurrency, causality, and conflicts
between events. For this type of systems, the method pre-
sented in this paper allows one to transform different mod-
els (CSP, CCS, FSMs, PNs) into a unique formalism for
which synthesis, analysis, composition, and verification
tools can be built.
Synthesizing Petri Nets from state-based models is a task
of reverse engineering that abstracts the temporal dimension
from a flat description of the sequences of events produced
by the system. The synthesis method discovers the actual
temporal relations among the events. The cooperation
among the notions of ETS, region, and excitation region in the
same method has been crucial to derive efficient algorithms.
One can ask about the real need to generate a flat de-
scription (a TS) from compact models (CSP, CCS, or even
PNs) that can describe temporal relations in a natural way.
An alternative way of doing so would be to obtain PNs by
means of syntax-directed translation from those models. We
have shown some experiments that illustrate the interest in
8. The tool petrify attempts to improve the encoding of the reachability
space after the latter has been calculated. Although this helps making the
forthcoming steps more efficient, it becomes the dominant part of the run-
ning time in some cases.
going through transition systems. The results on synthesis
from an STG into an STG showed how the behavioral de-
scriptions proposed by the designers can be usually made
more compact (some temporal relations are not easy to de-
scribe and designers are often tempted to derive an FSM-
like description). The discussion about PN composition also
showed that previous composition methods can produce
redundant specifications. Much simpler descriptions can be
obtained by first generating a TS, removing internal events
(not relevant to the external behavior of the system), and
deriving a PN.
Generating a TS from a high-level description (such as
CSP) may suffer from the state explosion problem, thus mak-
ing manipulations at the TS level tedious or even impractical.
For this reason, we have chosen to use a symbolic (BDD-
based) representation of the TS. Even though BDDs do not
always guarantee compactness, we have observed that the
regular interleaving of events manifested by highly concurrent
systems is well-captured by symbolic representations.
This work has been mainly motivated by the activities
carried out by the authors in the area of asynchronous cir-
cuits. However, the method for PN synthesis presented here
can be equally applied for optimization of control struc-
tures of parallel programs [50] or manufacturing systems
[58]. The wide applicability of the method opens new pos-
sibilities to create a framework with tools for synthesis,
analysis, and verification in which the designer can freely
choose and mix different specification formalisms.
    
        (a)             (b)
Example States BDD size CPU (secs)
pipe-5 576 106 1
pipe-10 3.9  104 220 5
pipe-20 8.2  107 427 46
pipe-30 1.3  1011 659 184
pipe-40 1.7  1014 893 552
pipe-50 2.2  1017 1,117 1,425
(c)
Fig. 17. (a) Five-stage pipeline, (b) minimized Petri Net, (c) experimental results.
CORTADELLA ET AL.:  DERIVING PETRI NETS FROM FINITE TRANSITION SYSTEMS 879
APPENDIX:
PROOFS OF THE MAIN STATEMENTS
Proof of Theorem 3.1
The following two lemmas proven in [17] are required for
the proof.
LEMMA 6.1. Let TS = (S, E, T, sin) be an ECTS and let s1, s2 ¶ S
be two states such that R Rs s1 2= . Then, for each event e ¶ E,
$  ¶  ¶ ˆ $  ¶  ¶s S s e s T s S s e s T1 1 1 2 2 2: , , : , ,2 7 2 7 .
LEMMA 6.2. Let TS = (S, E, T, sin) be an ECTS and let s1, s2 ¶ S
be two states such that R Rs s1 2= . Then, for each event e ¶ E,
s e s T s e s T R Rs s1 1 2 2 1 2, , , , ¶ `  ¶ ˘ = 2 7 2 7 .
PROOF (sketch). Let R be the following binary relation be-
tween S and [S]:
siRs[pj] ˆ si ¶ pj.
From Definition 2.6 and the construction of TS5, it
follows that R is a bisimulation between TS and TS5:
• (i a, i b) trivially hold, since R is a surjective mapping
from S onto [S].
• (ii a): Assume that (s1, e, s2) ¶ T. Let s1 ¶ p1 and s2 ¶ p2.
Since TS is an ECTS, p1 and p2 are different classes.
s[p1] and s[p2] are the only states related with s1 and
s2, respectively and, by the construction of TS5, (s[p1],
e, s[p2])) ¶ T5.
• (ii b): Assume that (s[p1], e, s[p2]) ¶ T5. Then, for each
s1 ¶ p1, there exists (s1, e, s2) ¶ T such that s2 ¶ p2 (this
is ensured by Lemmas 6.1 and 6.2).            o
Proof of Theorem 3.2
PROOF .
1) It was proven in [17] (Lemma 3.1) that if the state
separation property (A4) is satisfied for a TS, then
the event effectiveness property (A5) holds.
Hence, we need to prove excitation closure (A4).
Due to (A5), "e ¶ E intersection r
r e¶oI is de-
fined since °e ¡ fi. By definition of preregion,
GER e r
r e
( ) µ
¶oI , and, with the help of axiom A2,
" ¶ ¡ fi
¶
e E r
r e
: oI . It remains to show that
r GER e
r e
µ
¶
( )oI . Let e be an arbitrary event and
let state s belong to r
r e¶oI . Then, for any region
r ¶ °e : s ¶ r. Hence, the left part of the implication
of the axiom A5, oe Rsµ , holds. By assumption, the
TS is elementary, hence, the right part of the impli-
cation must hold and, therefore, s
e
 . Hence, s ¶
GER(e). Therefore, s r s
r e
¶ ˘
¶oI  and, conse-
quently, r GER e
r e
µ
¶
( )oI . Thus, the TS is excita-
tion-closed.
2) From the definition of TS5, it follows that, for an
ECTS,
r is a region of TS ˆ [r] is a region of TS5.
Since there is a one-to-one correspondence be-
tween regions of TS and TS5, it immediately fol-
lows that excitation closure and event effectiveness
are preserved in TS5. Hence, (A5) also holds.
Really, the following conditions are true: °e ¡ fi and
" ¶ " ¶ ¶ ˘ ¶
¶
e E s S s r s GER e
r e
: ( )oI . Let us
choose an arbitrary event e ¶ E and a state s ¶ S
and let us assume that oe Rsµ . Then, "r ¶ °e ˘ r ¶
Rs and, hence, "r ¶ °e ˘ s ¶ r. From the latter, we
deduce that s
r e
¶
¶oI . Then, by the excitation
closure condition, we have s ¶ GER(e); hence, s
e
 .
(A4) is directly enforced by the definition of the
set of states of TS5. Therefore, TS5 is elementary.o
Proof of Theorem 3.3
PROOF. Let us actually prove a stronger statement, assum-
ing only that the TS satisfies state separation (A4). As-
sume the opposite, i.e., axiom A4 is satisfied and there
is a pair of bisimilar states s and s’, s ¡ s’, for which
the confluence condition is satisfied.
It follows from axiom A4 that there is a region r
such that r ¶ Rs and r • Rs’. Due to the confluence
condition, the following condition holds: There is a
state s” ¶ S and two sequences of transitions s, s’ ¶ T*
such that s s s s  `  
s s
. Let s” be the first such con-
fluence state, i.e., there is no state s”’ such that s”’¡ s”
and  ¶   `  ¶  

s s s s s s
s s
.
Two cases are possible:
1) s” • r, i.e., r intersects s since one of the transitions
from s before s” exits r. Let e1 be the label of the
first transition s s
e
1 2
1
  that exits r along s (see
Fig. 18), i.e., s1 ¶ r and s2 • r. Since s and s’ are
bisimilar, there must be  s
s
. Then, by the defini-
tion of a region (r), $    ¶  s s s
e
1 2
1 s
 such that  ¶s r1
and  •s r2 . Since s” is chosen to be the first conflu-
ence state,  ¡s s1 1.
Since s’ • r, there must be another transition
  s s
e
3 4
2
, on the s leading from s’ such that  •s r3
and  ¶s r4 . Again, by the definition of a region, for
a similar transition, s s
e
3 4
2
 , labeled with the same
event e2 on the s leading from s the following con-
dition holds: s3 • r and s4 ¶ r. However, then, since
s ¶ r, there should be another transition on the s
880 IEEE TRANSACTIONS ON COMPUTERS,  VOL.  47,  NO.  8,  AUGUST  1998
leading from s, labeled, e.g., with e3, which exits
region r. This transition must occur before s s
e
3 4
2
 ,
and, therefore, before s s
e
1 2
1
 , which contradicts
our assumption that s s
e
1 2
1
  was the first exit tran-
sition for r on s.
2) s” ¶ r, i.e., r does not cross s before s”.
This case is easily reduced to the previous one.
Indeed, since r • Rs’ then the boundaries of r must
cross s’, a sequence leading from s’ to s”. We can
then use coregion r S r= -  (a region complemen-
tary to r). Region r  crosses s’ and must include
state s’ by the definition of complementary region.
Thus, in both cases, we have reached contradiction,
and, therefore, s = s’ must be true. o
Proof of Theorem 3.4
PROOF. Let RG(NI) = (SI, EI, TI, sI). By Theorem 2.1, RG(NTS)
is isomorphic to TS. Therefore, and for the sake of
simplicity in the notation, we will assume TS to be the
RG of NTS with S T ER R RTS TS TSµ µ  2 2 2, , and sin
µ RTS. Since NTS is a saturated net, if r ¶ e°, then
r e¶ o . Hence, for any transition, if some successor
place is marked, there is always some predecessor
place that is not marked. Therefore, the net is contact-
free [42] and, thus, behaves as a PN.
We will also denote by (•e)I and (•e)TS the set of
input places of event e in NI and NTS, respectively.
We will first prove that:
S s s S s s I
E E
T s e s s e s T s s I s s I
I
I
I
=  $ ¶ `  = - 
=
=   $ ¶ `  = -  `  = - 
= B
2 7 2 7= B1 2 1 2 1 1 2 2, , , , .
The proof for the definition of TI immediately implies
those for SI and EI. Thus, we will prove that
s e s T s e s T s s I s s II1 2 1 2 1 1 2 2, , , ,2 7 2 7¶ ˆ   ¶ `  = -  `  = -  .
˘ By induction on the length, n, of the shortest se-
quence that leads to s1 from sin. Initially, we have that
sin ¶ S and sI ¶ SI. Therefore, it holds for n = 0. Assume
that there is a sequence of events s sin 
s
1  of length n.
By the induction hypothesis s sI  
s
1. Since (•e)I = (•e)TS
- I’ and  = - s s I1 1 , we have ( ) ( ) µ ˘ µ e s e sTS I1 1
and, therefore, s s s
e e
1 2 1 ˘   . According to the firing
rules of a PN and  = - s s I2 2 , it follows that
s s s s
e e
1 2 1 2 ˘    . Therefore, the hypothesis also
holds for n + 1.
˜ By induction on the length n of the shortest se-
quence that leads to s1. As above, it holds for n = 0.
Assume that there is a sequence s sI  
s
1 and s sin 
s
1  of
length n. If  s
e
1 , then we have that  = - s s I1 1  and
( )oe sI µ 1 . But, s1 is also a set of preregions of e in TS
such that ( )oe I sTS -  µ 1. Since
=
¶ - 
GER e
r e I
0 5
o
I
s
e
1   in TS and, therefore, it follows that e is enabled
in s1 in N(TS). Again, according to the firing rules of a
PN and the fact that  = - s s I2 2 ,    ˘ s s s s
e e
1 2 1 2
and the hypothesis also holds for n + 1.
Now, the bisimilarity between TS and RG(NI) can
be proved by defining a bisimulation R between S
and SI as follows:
sRs s s I
def
 ˆ  = -  .
The conditions for R to be a bisimulation can be trivi-
ally proved and are left for the reader. o
ACKNOWLEDGMENTS AND SYNTHESIS TOOL
We are grateful to Marta and Maciej Koutny, who directed
us towards the existing literature about regions. The theory
in this paper has been implemented in petrify, a tool for
the synthesis of Petri Nets and asynchronous circuits
(available at http://www.lsi.upc.es/~jordic/petrify). This work has
been supported in part by Acid-WG (ESPRIT 21949) and
CICYT (grant TIC95-0419), by EPSRC (visiting fellowship
grants GR/J72486 and GR/J78334, and research grant
GR/J52327), and MURST (project “VLSI Architectures”).
REFERENCES
[1] R. Alur and D. Dill, “Automata for Modeling Real-Time Systems,”
Automata, Languages, and Programming: 17th Ann. Colloquium, Lec-
ture Notes in Computer Science, vol. 443, pp. 322-335, Warwick
Univ., 16-20 July 1990.
[2] A. Arnold, Finite Transition Systems. Prentice Hall, 1994.
Fig. 18. Illustration to the proof of Property 3.3.
CORTADELLA ET AL.:  DERIVING PETRI NETS FROM FINITE TRANSITION SYSTEMS 881
[3] E. Badouel, L. Bernardinello, and P. Darondeau, “Polynomial
Algorithms for the Synthesis of Bounded Nets,” Lecture Notes in
Computer Science, vol. 915, pp. 364-383, 1995.
[4] E. Badouel and P. Darondeau, “Theory of Regions,” Third Advance
Course on Petri Nets. Springer-Verlag, 1998.
[5] L. Bernardinello, “Synthesis of Net Systems,” Application and The-
ory of Petri Nets, Lecture Notes in Computer Science, vol. 691, pp. 89-
105. Springer-Verlag, 1993
[6] L. Bernardinello, G. De Michelis, K. Petruni, and S. Bigna, “On
Synchronic Structure of Transition Systems,” Proc. Int’l Workshop
Structures in Concurrency Theory (STRICT), pp. 69-84, May 1995.
[7] G. Berthelot, “Transformations and Decompositions of nets,”
Advances in Petri Nets ’86, W. Reisig, W. Brauer, and G. Rozenberg,
eds., Lecture Notes in Computer Science, vol. 254, pp. 359-376.
Springer-Verlag, Feb. 1987.
[8] K. Bilinski and E. Dagless, “High Level Synthesis of Synchronous
Parallel Controllers,” Proc. 17th Int’l Conf. Applications and Theory
of Petri Nets, Lecture Notes in Computer Science, vol. 1,091, pp. 346-
365, Osaka, Japan, June 1996.
[9] R. Bryaton et al., Logic Minimisation Algorithms for VLSI Synthesis.
Hingham, Mass: Kluwer Academic, 1984.
[10] R. Bryant, “Symbolic Boolean Manipulation with Ordered Binary-
Decision Diagrams,” ACM Computing Surveys, vol. 24, no. 3, pp. 293-
318, Sept. 1992.
[11] F. Di Cesare, G. Harhalakis, J.M. Proth, M. Silva, and F.B. Vernadat,
Practice of Petri Nets in Manufacturing. Chapman & Hall, 1993.
[12] T.-A. Chu, “Synthesis of Self-Timed VLSI Circuits from Graph-
Theoretic Specifications,” PhD thesis, Massachusetts Inst. of
Technology, June 1987.
[13] E.M. Clarke, D.E. Long, and K.L. McMillan, “A Language for
Compositional Specification and Verification of Finite State
Hardware Controllers,” Proc. IEEE, vol. 79, no. 9, Sept. 1991.
[14] J. Cortadella, M. Kishinevsky, A. Kondratyev, L. Lavagno, and A.
Yakovlev, “Complete State Encoding Based on the Theory of Re-
gions,” Proc. Int’l Symp. Advanced Research in Asynchronous Circuits
and Systems, pp. 36-47, Mar. 1996.
[15] J. Cortadella, M. Kishinevsky, A. Kondratyev, L. Lavagno, and A.
Yakovlev, “Methodology and Tools for State Encoding in Asyn-
chronous Circuit Synthesis,” Proc. Design Automation Conf., pp. 63-
66, June 1996.
[16] J. Cortadella, M. Kishinevsky, A. Kondratyev, L. Lavagno, and A.
Yakovlev, “Petrify: A Tool for Manipulating Concurrent Specifica-
tions and Synthesis of Asynchronous Controllers,” IEICE Trans.
Information and Systems, vol. E80-D, no. 3, pp. 315-325, Mar. 1997.
[17] J. Cortadella, M. Kishinevsky, L. Lavagno, and A. Yakovlev, “De-
riving Petri Nets from Finite Transition Systems,” Technical Re-
port UPC-DAC-1996-19, Dept. of Computer Architecture, Univer-
sitat Politècnica de Catalunya, June 1996.
ftp://ftp.ac.upc.es/pub/reports/DAC/1996/UPC-DAC-1996-19.ps.Z.
[18] O. Coudert, C. Berthet, and J.C. Madre, “Verification of Sequential
Machines Using Boolean Functional Vectors,” Proc. IFIP Int’l
Workshop Applied Formal Methods for Correct VSLI Design, L. Clae-
sen, ed., pp. 111-128, Leuven, Belgium, Nov. 1989.
[19] G. de Jong and B. Lin, “A Communicating Petri Net Model for the
Design of Concurrent Asynchronous Modules,” Proc. Design
Automation Conf., pp. 49-55, Apr. 1994.
[20] J. Desel and J. Esparza, Free-Choice Petri Nets, Cambridge Tracts in
Theoretical Computer Science, vol. 40. Cambridge Univ. Press, 1995.
[21] J. Desel and W. Reisig, “The Synthesis Problem of Petri Nets,”
Acta Informatica, vol. 33, no. 4, pp. 297-315, 1996.
[22] D.L. Dill, Trace Theory for Automatic Hierarchical Verification of
Speed-Independent Circuits. Cambridge, Mass.: MIT Press, 1988.
[23] D. Drusinsky, “Extended State Diagrams and Reactive Systems,”
Dr. Dobb’s J., pp. 72-80, 106-107, Oct. 1994.
[24] A. Ehrenfeucht and G. Rozenberg, “Partial (Set) 2-Structures,
Parts I II,” Acta Informatica, vol. 27, pp. 315-368, 1990.
[25] J. Esparza and M. Nielsen, “Decidability Issues for Petri Nets,”
Petri Nets Newsletter, vol. 94, pp. 5-23, 1994.
[26] G.D. Hachtel and F. Somenzi, Logic Synthesis and Verification Algo-
rithms. Kluwer Academic, 1996.
[27] M. Hack, “Analysis of Production Schemata by Petri Nets,” Tech-
nical Report TR 94, Project MAC, Massachusetts Inst. of Technol-
ogy, 1972.
[28] C.A.R. Hoare, “Communicating Sequential Processes,” Comm.
ACM, pp. 666-677, Aug. 1978.
[29] H. Hulgaard and S.M. Burns, “Bounded Delay Timing Analysis of
a Class of CSP Programs with Choice,” Proc. Int’l Symp. Advanced
Research in Asynchronous Circuits and Systems, pp. 2-11, Nov. 1994.
[30] R.M. Keller, “A Fundamental Theorem of Asynchronous Parallel
Computation,” Lecture Notes in Computer Science, vol. 24, pp. 103-
112, 1975.
[31] M. Kishinevsky, J. Cortadella, A. Kondratyev, L. Lavagno, and A.
Yakovlev, “Synthesis of General Petri Nets,” Technical Report 57,
IEICE, Japan, May 1996.
[32] M. Kishinevsky, A. Kondratyev, A. Taubin, and V. Varshavsky,
Concurrent Hardware: The Theory and Practice of Self-Timed Design.
London: John Wiley and Sons, 1993.
[33] R.P. Kurshan, “Analysis of Discrete Event Coordination,” Lecture
Notes in Computer Science. Springer-Verlag, 1990.
[34] L. Lavagno and A. Sangiovanni-Vincentelli, Algorithms for Synthe-
sis and Testing of Asynchronous Circuits. Kluwer Academic, 1993.
[35] C.Y. Lee, “Representation of Switching Functions by Vinary Deci-
sion Programs,” Bell System Technical J., vol. 38, pp. 985-999, 1959.
[36] B. Lin and F. Somenzi, “Minimization of Symbolic Relations,”
Proc. IEEE Int’l Conf. Computer-Aided Design, pp. 88-91, Santa
Clara, Calif., Nov. 1990.
[37] R. Milner, “A Calculus of Communication Systems,” Lecture Notes
in Computer Science, vol. 92. Springer-Verlag, 1980.
[38] R. Milner, Communication and Concurrency. Prentice Hall, 1989.
[39] D. Misunas, “Petri Nets and Speed-Independent Design,” Comm.
ACM, pp. 474-481, Aug. 1973.
[40] M. Mukund, “Petri Nets and Step Transition Systems,” Int’l J.
Foundations of Computer Science, vol. 3, no. 4, pp. 443-478, 1992.
[41] T. Murata, “Petri Nets: Properties, Analysis and Applications,”
Proc. IEEE, vol. 77, no. 4, pp. 541-580, Apr. 1989.
[42] M. Nielsen, G. Rozenberg, and P.S. Thiagarajan, “Elementary
Transition Systems,” Theoretical Computer Science, vol. 96, pp. 3-33,
1992.
[43] S.M. Nowick and D.L. Dill, “Automatic Synthesis of Locally-
Clocked Asynchronous State Machines,” Proc. Int’l Conf. Com-
puter-Aided Design, Nov. 1991.
[44] J. Oldfield and R. Dorf, Field-Programmable Gate Arrays: Reconfigu-
rable Logic for Rapid Prototyping and Implementation of Digital Sys-
tems. John Wiley and Sons, 1995.
[45] E. Pastor and J. Cortadella, “Polynomial Algorithms for the Syn-
thesis of Hazard-Free Circuits from Signal Transition Graphs,”
Proc. Int’l Conf. Computer-Aided Design, Nov. 1993.
[46] E. Pastor, O. Roig, J. Cortadella, and R. Badia, “Petri Net Analysis
Using Boolean Manipulation,” Proc. 15th Int’l Conf. Application and
Theory of Petri Nets, Zaragoza, Spain, June 1994.
[47] M. Peña and J. Cortadella, “Combining Process Algebras and
Petri Nets for the Specification and Synthesis of Asynchronous
Circuits,” Proc. Int’l Symp. Advanced Research in Asynchronous Cir-
cuits and Systems, pp. 222-232, Mar. 1996.
[48] C.A. Petri, “Kommunidation mit Automaten,” PhD thesis, Techni-
cal Report Schriften des IIM Nr. 3, Institut für Instrumentalle
Mathematik, Bonn, Germany, 1962.
[49] S.R. Petrick, “A Direct Determination of the Irredundant Forms of
a Boolean Function from the Set of Prime Implicants,” Technical
Report AFCRC-TR-56-110, Air Force Cambridge Research Center,
Cambridge, Mass., Apr. 1956.
[50] M. Pezzé, R.N. Taylor, and M. Young, “Graph Models for Reach-
ability Analysis of Concurrent Programs,” ACM Trans. Software
Eng. and Methodology, vol. 4, no. 2, pp. 171-213, 1995.
[51] I. Reicher and M. Yoeli, “Net-Based Modeling of Communicating
Parallel Processes with Applications to VLSI Design,” Technical
Report 532, Technion, Haifa, Israel, 1988.
[52] T.G. Rokicki, “Representing and Modeling Digital Circuits,” PhD
thesis, Stanford Univ., 1993.
[53] L.Y. Rosenblum and A.V. Yakovlev, “Signal Graphs: From Self-
Timed to Timed Ones,” Proc. Int’l Workshop Timed Petri Nets, To-
rino, Italy, 1985.
[54] M. Silva, Las Redes de Petri en la Automática y la Informática. Ma-
drid, Spain: AC, 1985. (in Spanish)
[55] D.C. Tsichritzis and P.A. Bernstein, Operating Systems. London:
Academic Press, 1974.
[56] K. van Berkel, Handshake Circuits: An Asynchronous Architecture for
VLSI Programming, Int’l Series Parallel Computation, vol. 5. Cam-
bridge Univ. Press, 1993.
[57] G. Winskel, “Petri Nets, Algebras, Morphisms, and Compositionality,”
Information and Computation, vol. 7, pp. 197-238, 1987.
882 IEEE TRANSACTIONS ON COMPUTERS,  VOL.  47,  NO.  8,  AUGUST  1998
[58] M. Zhou, F. DiCesare, and A. Desrochers, “A Hybrid Methodology
for Synthesis of Petri Net Models for Manufacturing Systems,”
IEEE Trans. Robotics and Automation, vol. 8, no. 3, pp. 350-361, June
1992.
Jordi Cortadella received the MS and PhD
degress in computer science from the Technical
University of Catalonia, Barcelona, Spain, in
1985 and 1987, respectively. He is an associate
professor in the Department of Software at the
Technical University of Catalonia. In 1988, he
was a visiting scholar at the University of Califor-
nia, Berkeley. His research interests include
computer-aided design of VLSI systems, with
special emphasis on synthesis and verification of
asynchronous circuits, concurrent systems,
computer arithmetic, and parallel architectures. He has coauthored
more than 80 research papers in technical journals and conferences.
He served on the technical committees of several international confer-
ences in the field of design automation and concurrent systems.
Michael Kishinevsky received the MSc and
PhD degrees in computer science from the
Electrotechnical University of St. Petersburg,
Russia. He was a researcher at the St. Peters-
burg Mathematical Economics Institute Com-
puter Department, Russian Academy of Science
in 1979-1982 and 1987-1989. From 1982 to
1987, he has been with a software company.
From 1988 to 1992, he was a senior researcher
at the R&D Coop TRASSA. In 1992, he joined
the Department of Computer Science, Technical
University of Denmark, as a visiting associate professor. From the end
of 1994 through 1998, he is a professor at the University of Aizu, Ja-
pan. In 1998, he joined the Strategic CAD Lab Intel Corporation,
Hillsboro, Oregon. His current research interests include design of
asynchronous and reactive systems and theory of concurrency. He
coauthored two books on asynchronous design and has published
more than 50 journal and conference papers.
Luciano Lavagno graduated magna cum laude
in electrical engineering from Politecnico di To-
rino (Italy) in 1983. From 1984 to 1988, he was
with CSELT Laboratories (Torino, Italy), where he
was involved in an ESPRIT project that devel-
oped a complete high-level synthesis system. In
1988, he joined the Department of Electrical
Engineering and Computer Science of the Uni-
versity of California at Berkeley, where he
worked on logic synthesis and testing of syn-
chronous and asynchronous circuits. In 1992, he
received his PhD in electrical engineering and computer science from
the University of California at Berkeley. Dr. Lavagno is the author of a
book on asynchronous circuit design, the coauthor of a book on hard-
ware/software co-design of embedded systems, and has published
more than 60 journal and conference papers. In 1991, he received the
Best Paper award at the 28th Design Automation Conference in San
Francisco. He served on the technical committees of several interna-
tional conferences in his field (namely the Design Automation Confer-
ence, the International Conference on Computer Aided Design, the
European Design Automation Conference). He has also been a con-
sultant for various EDA companies, such as Synopsys and Cadence.
He is currently an assistant professor at the Politecnico di Torino, Italy,
and a research scientist at Cadence Berkeley Laboratories. His re-
search interests include the synthesis of asynchronous and low-power
circuits, the concurrent design of mixed hardware and software sys-
tems, and the formal verification of digital systems.
Alexandre Yakovlev holds his MSc and PhD
degrees in computing science from Electrotech-
nical University of St. Petersburg, Russia, where
he has worked in the area of asynchronous and
concurrent systems since 1980, and, in the pe-
riod between 1982 and 1990, held the positions
of assistant and associate professor in the Com-
puting Science department. He first visited New-
castle in 1984-1985 for research in VLSI and
design automation. After returning to Britain in
1990, he worked for one year at the Politechnic
of Wales (now University of Glamorgan). Since 1991, he has been a
lecturer and, quite recently, a reader in computing systems design in
the Department of Computing Science, University of Newcastle upon
Tyne, where he is heading the VLSI design research group. His current
research interests and publications are in the field of modeling and de-
sign of asynchronous, concurrent, real-time, and dependable systems.
