Engineering

A Petri net structure-based deadlock prevention solution for sequential resource allocation systems

Description
A Petri net structure-based deadlock prevention solution for sequential resource allocation systems
Categories
Published
of 7
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
  A Petri Net Structure–Based Deadlock Prevention Solution forSequential Resource Allocation Systems F. Tricas, F.Garc´ıa–Vall´es, J.M. Colom, J. Ezpeleta  Departamento de Inform´ atica e Ingenier ´ ıa de Sistemas. University of Zaragoza. Mar ´ ıa de Luna, 1, 50018 Zaragoza, Spain ftricas@unizar.es  Abstract —A new method for the deadlock prevention problemin concurrent systems where a set of processes share a set of common resources in a conservative way is proposed. It canbe applied to flexible manufacturing systems, modeled with Petrinets. In this paper, we present a set of important results related tothe deadlock prevention problem in        nets. First, a livenesscharacterization is introduced, establishing how deadlocks can bestudied in terms of circular waits. Second, we show how a circularwait situation corresponds to a particular marking related to asiphon of the Petri net model. Finally, this last characterizationis used to obtain an iterative method that successively forbidsdeadlock related states, synthesizing the control necessary toensure a final live behavior. The method can be implementedby means of the solutions of a set of integer linear programmingproblems.  Index Terms —Deadlock prevention, Petri nets. I. I NTRODUCTION From an abstract point of view, the goal of the paper canbe stated as follows:  we are looking for a control to be added to an automated system in such a way that the controlled system becomes able to carry out each production order  . Thepoint of view that we have adopted is the one that looks atthe system as a Resource Allocation System (RAS). Then,we can see the system as composed of two main elements. Processes : each part that enters the system is a process. Aprocess will be modeled as a token that moves through thePetri net. There is a set of types of processes: one type pereach type of part to be produced. Each process is composedof a set of states, related to the different operations (eithertransformations or handling) to be carried out over the part thatit models. Each state has associated a (multi-)set of resourcesneeded for the corresponding processing step (including thebuffering capacity to hold the part itself).  Resources : eachphysical element composing the cell (a machine, a buffer, arobot, a conveyor, a tool, etc) is a resource. Each resource hasa given capacity (the number of parts that, at a given time,the resource is able “to store/to be used by”). In this context,it is well–known that if a deadlock occurs at a given state, acircular–wait exists: a set of processes such that each process,in order to change its state (to advance to the next processingstep), needs some resources which are, at that time, being usedby some other process in the set. In order to deal with thisproblem, usually several approaches have been adopted. Allof them constrain the evolutions of the non–controlled systemin such a way that no circular–wait state can be reached. Butthey establish the control in a slightly different way (even if,in some cases, it is difficult to find the border line betweenthem), being the one used here  deadlock prevention  [1], [2],[3], [4], [5].Since solving the problem for any given system is quitecomplicated, different partial models (corresponding to morerestrictive application cases) have been solved. As statedabove, these systems involve both, processes and resources,and usually are defined imposing restrictions either on the classof processes considered or on the way that the resources canbe used by a process at a given state. The main constraintrelated to the processes refers to the availability of differentroutings in the system; another important question is whethera part can choose different paths once it is in the system ornot. The first feature is offered in some models, but most of them do not allow on–line decisions, and the path is fixedonce the part selects one of the available routes [6], [7], [8].Only a few studies [1], [2], [3], [9], [10], [11], [12] allow on–line decisions related to the part routing. The main constraintrelated to resources refers to the number and types of resourcesthat are allowed to be used by a process at a given state.In most previous papers only one resource of a unique type(just the buffering capacity of the resource that holds the part)was allowed at each state of each process (the “Single–UnitRAS”, as named in [13]). This constraint was relaxed in [3]and solved for the more general case in [14], [15], [1], [16],[12]. It is worth noting that [4], [17] provide solutions forunrestricted classes of Petri nets, with the only limitation thatthey transform the models to equivalent ordinary Petri nets.Here we concentrate on those sequential RAS with routingflexibility and a allowing a multi–set of resources to be used ateach processing step. Moreover, we also allow resources to beacquired/released in free (conservative) way. Let us summarizein a very brief way the approach that we follow here. As inprevious research work [2], [3] we are using Petri nets asformal models, and our approach is based on the structure of the model: we try to get as much information as possible fromthe structure of the Petri net modeling the resource allocationsystem, avoiding in this way the state space explosion problem.In [1] a necessary condition for non–liveness based on siphonsof the Petri net model of         nets is presented, and usedto apply a deadlock prevention control policy. In [15], a morerefined condition also based in siphons is given, allowing amore permissive solution for the same problem. Finally, [12]presents a liveness characterization based on the same struc-tural components. In this paper, we present a set of important 27 1 Proceedings of the 2005 IEEEInternational Conference on Robotics and AutomationBarcelona, Spain, April 2005 0-7803-8914-X/05/$20.00 ©2005 IEEE. Authorized licensed use limited to: Universidad de Zaragoza. Downloaded on December 12, 2008 at 07:07 from IEEE Xplore. Restrictions apply.  results related to the deadlock control problem in        nets.First, the liveness characterization is presented, establishinghow deadlocks can be studied in terms of circular waits.Second, we show how a circular wait situation corresponds toa particular marking related to a siphon of the Petri net model.The liveness characterization we provide is very similar to theone presented in [12]. Finally, this characterization is used toobtain an iterative method that successively forbids deadlock related states, synthesizing the control necessary to ensurea final live behavior. Other iterative methods are presentedin [18], [1], [19], [4], [17]. The method introduced here isbased on the solution of a set of integer linear programmingproblems, and it is implemented by means of the additionof some new places which behave as “virtual” resources,imposing some generalized mutual exclusions among someprocess states. Notice that [11], [12] also use mixed integerlinear programming to test for the existence of deadlock problems.The paper is organized as follows: Section II introduces theclass of nets considered; Section III presents a liveness analysisfor this class; Section IV shows the proposed iterative controlpolicy, which in Section V is applied to an example. Finally,in Section VI some conclusions are presented.II. A C LASS OF  N ETS FOR  P RODUCTION  S YSTEMS The        class will be presented in a compact way.Check [20], [3] for a constructive, process–oriented approach.  Definition 1:  Let      be a finite, non–empty, set of indices.A        is a connected generalized self–loop free Petrinet              where: 1)                      is apartition such that: a)                       , where for each                   , and for each                 ,                   .b)                            . c)                        ,      .2)                     where for each                   , and foreach                 ,                . 3) For each          , thesubnet                       is a strongly connected state machinesuch that every cycle contains        . 4) For each          thereexists a unique minimal P–Semiflow        IN      such that                     ,                  ,                 , and         ℄  . 5)                                  .In order to complete the modeling of the system dynamics,an initial marking must be provided. Tokens in a reachablemarking can have different meanings: A token in a place          will model an active process (a part being processed)whose state is modeled by means of place     (the part is at thestate represented by this node). Tokens in a place         will model the available buffering capacity of resource   ( buffering capacity  will be used to represent either capacityor availability). Markings need to represent states that havea physical meaning. In this sense, only  acceptable initialmarkings , as defined in the following, will be considered. If thesystem is well defined, and its initial marking is “correct”, allthe markings that are reachable from it will represent possiblestates of the system, and will have a physical meaning.  Definition 2:  Let                              be a        .Then,           with      defined as follows is a        with anacceptable initial marking. 1)                          ℄      ; 2)                      ℄  ; 3)                                ℄            ℄  .Let us remark the following facts: The initial marking of       (condition (1)) represents the maximal number of parts of thetype modeled with this net that are allowed to be concurrentlyprocessed in the system. This initial marking can be chosenin such a manner that       becomes implicit [21], and then, themodeling of open systems is possible (parts in the system arelimited only by resources). No process is active at the initialstate (condition (2)). The buffering capacity of each resourceis such that each processing step can be executed when theisolated execution of one process is considered (condition (3)).These properties guarantee that when an acceptable initialmarking is considered, a part can be processed in isolation,i.e. the system is well–defined.For a given resource,    , and based on the minimal P–Semiflow      , the  holders of resource    is defined as the setof process places using this resource.  Definition 3:  Let                              be a        .Let          . The set of   holders of r   is the support of theminimal P–Semiflow      without place    :                    .This definition can be extended in the natural way to setsof resources Why the name “holder”? Let us consider thenet in Figure 1 and the resource place    . For it,                         ; considering                        , each time a token enters place    , one token“disappears” from    (maintaining the invariant relation), i.e.,an active process in    is “holding” one capacity unit of the physical resource represented by place    (if it advancesto    , one more token is consumed).In a        Petri net each transition has a unique inputprocess state place (whose weight is equal to one) andzero or more input resource places. Extending the defini-tions presented in [8] for SU–RAS, and given a marking,                 1 , a transition    is said to be    –process– enabled   (or,  process–enabled   at    ) if, and only if                 , and               ℄     . That is, the transition is enabled bythe corresponding process place (an active process is ready tofire, or a process is ready to be activated). A transition is    – resource–enabled   (or,  resource–enabled   at    ) if, and only if                             ℄         ℄ . That is, no resource placeis preventing the firing of     . Notice that a transition is enabledat marking    if it is    –resource–enabled and    –process–enabled.III. L IVENESS  A NALYSIS OF        M ODELS We are going to present a set of liveness characterizationsfor        nets. The first one (Theorem 4) does not usesiphons, but concentrates on states where circular wait situa-tions appear. The second one (Theorem 5), obtained from thefirst one, characterizes deadlock problems in terms of siphonsand some related markings. Finally, the last one (Theorem 7)is also based on siphons, but establishes in a more clear 1             denotes the reachability set of the net, and             denotes the potential reachability set, obtained as the set of solutions of thestate net equation. Check [22] for a good overview on Petri nets. 27 2 Authorized licensed use limited to: Universidad de Zaragoza. Downloaded on December 12, 2008 at 07:07 from IEEE Xplore. Restrictions apply.  way how deadlocked processes can be located around siphoncomponents. All the proposed characterizations are equivalentto the one proposed in [23]. The main advantage of the oneproposed in Theorem 7 is that it induces an efficient way of preventing deadlocks in        nets as it will be shown. Theorem 4 ([20]):  Let           be a marked        . Thesystem is non–live if and only if there exists a marking                 such that the set of     –process–enabledtransitions is non–empty and each one of these transitions is   –resource–disabled.In the example of Figure 1, at marking                         ,      is the only      –process–enabledtransition, which is disabled by      . Therefore, the system isnon–live.A marking                  verifying the conditions of Theorem 4 will be called a  deadlocked marking . The term  bad marking  will also be used. Theorem 4 relates non–liveness tothe existence of a marking where active processes are blocked.Their output transitions need resources that are not available.These needed resources cannot be generated (released by thecorresponding processes) by the system (the transitions aredead) because there exist a set of circular waits betweenthe blocked processes. This concept of circular waits can becaptured by the existence of a siphon (in Petri Net terms)whose resource places are the places preventing the firingof the process–enabled transitions. The following theoremshows that, when a bad marking as in Theorem 4 exists, arelated siphon can be constructed; the reverse is also true. Thisestablishes the bridge between behavior and model structure. Theorem 5 ([20]):  Let           be a marked        . Thenet is non–live if, and only if, there exists a marking                 , and a siphon    such that         ℄      andthe firing of each    –process–enabled transition is preventedby a set of resource places belonging to    . Moreover, thesiphon    is such that:                                     such that       ℄         ℄  and               ℄           ;                                    ℄       ;This theorem says that each one of these siphons is com-posed of resources with an insufficient marking for one of their input transitions that is process enabled, together withplaces that are holders of these resources and are empty atthis marking. In the example of Figure 1, at marking                       , transition      is dead andthe siphon                      fulfills conditions statedin the previous theorem:    is preventing the firing of       ,which is process–enabled, and all the places in        (                     ) are empty.A siphon    and a marking                  verifyingthe properties of Theorem 5 will be said to be a  bad siphon and a    –deadlocked marking , respectively. For a given badsiphon    , in the following the next notation will be used:                        ℄                     ℄ . Notice that        is thetotal amount of resource units belonging to    (in fact, to      )used by each active process in     .  Definition 6:  Let           be a marked        . Let    bea siphon of      . Then,                      is the  set of thieves of     2 .The utility of this set will be understood later; for now, itshould be clear that it represents places of the net that useresources of the siphon and do not belong to it. The followingliveness characterization establishes that when a        is notlive, there exists a deadlocked marking such that all the activeprocesses are “stealing” tokens from the set of resources of anassociated siphon. This alternative characterization is usefulto generate a deadlock prevention solution, allowing us toconcentrate on siphons and their thieves, “forgetting” thoseactive processes that are not related to the siphons, and givingbetter computational results when controlling the system. Theorem 7 ([20]):  Let           be a marked        . Thenet is non–live if, and only if, there exists a siphon    , anda marking                    , such that: 1)           ℄      .2)                 ℄   . 3)               such that          ℄      ,the firing of each           is prevented by a set of resourceplaces belonging to    .This liveness characterization directly relates bad markingswith system states in which all the active processes stay inthief places of a bad siphon. This will be specially useful whentrying to control the system in order to ensure a live behaviorsince it shows that the potential problems are located aroundsiphons.IV. A N ITERATIVE CONTROL POLICY Let us present the proposed control policy, implemented inseveral steps. For this, the characterizations of Theorem 5 andTheorem 7 will be used, together with the net state equation.Let us give some intuition about this using the reachabilitygraph of the        of Figure 1, which is depicted in Figure 3.Reachable states can be classified into three categories: Thefirst one (type 1) contains those markings from which     is reachable. These markings are not involved in deadlock problems (the shadowed states in Figure 3). The second class(type 2) is composed of those markings that are not    –deadlocked for any siphon, and such that      is not reachablefrom them. Finally, the third class (type 3) is composed of those markings that are    –deadlocked for some siphon   (depicted as black boxes in the Figure).Since we are able to relate markings of type 3 with badsiphons, the control policy will be based on the addition of some restrictions related to bad siphons, trying to forbid asfew states as possible, in order to prevent just the detected badmarkings (markings of type 3). Once a given marking has beenforbidden (by means of the addition of an adequate controlplace, which will impose firing restrictions), the resultingsystem still belongs to the        class. Therefore, the methodcan continue looking for a new bad marking, forbidding it, andso on, in a iterative way.  A. Computation of deadlocked markings The following proposition relates liveness with the exis-tence of a solution for the proposed system of inequalities. 2 We will use sometimes in the following          to show the relation amongthese two sets. 27 3 Authorized licensed use limited to: Universidad de Zaragoza. Downloaded on December 12, 2008 at 07:07 from IEEE Xplore. Restrictions apply.  The systems form a linear representation of a bad markinggiven a known bad siphon as introduced in the statement of Theorem 5. Proposition 8 ([20]):  Let           be a marked        .The net is non–live if and only if there exist a siphon    anda marking                  such that the following set of inequalities has, at least, one solution:                                               ℄                      being                            ℄                    ℄          ℄                                     ℄         ℄                  ℄        ℄         ℄        ℄                                                                                                                                                                              (1)Let us make some comments about the variables used in theseinequalities.        ℄  denotes the structural bound of      [24].The first inequality is the same as in Theorem 5 (there aresome active processes). For each                ,      indicateswhether    is    –process–enabled or not. If     is process–enabled,        ℄          ℄  , so        ℄          ℄      , and, as               , it must be    . Variable      indicates whether    is enabledby    at    . If     is enabled by    at    (       ℄         ℄  ),       ℄         ℄     and             ℄         ℄              ℄         ℄      ; therefore,      must be    . If     is notenabled by    (       ℄         ℄  ),       ℄         ℄      and         ℄         ℄              ℄         ℄      ; then,     must be    .The existing bad siphons and their related bad markingsneed to be computed in order to control the system. Ournext goal is to reformulate the above system of inequalitiesin order to be able to obtain a bad siphon, together withits related bad markings. The characterization presented inTheorem 5 allows a simple reformulation of these equations.To do that, an algebraic siphon characterization is necessary.In [25], [26] a characterization of this kind is given for traps.It is straightforward to adapt it to the case of siphons. Theresult establishes that each solution of the following set of inequalities:                                                         ,is a siphon (its components are those places whose associatedvariable      is    ). As it will become clear later, this result isnot adequate in this srcinal form, and it has to be transformedinto an equivalent form using negated logic (this approach issimilar to the one proposed in [26] and also in [27]). A siphonis the set of places whose associated variables in the followingset of inequalities is 0:                                                                 . In order to compute a bad siphon,conditions of Proposition 8 can be completed by the additionof the following equations: A set of constraints representingthe siphon,                                                                . A restriction that avoids the whole net as solution:                                 A set of restrictions relating resource places that are avoidingthe firing of a process–enabled transition and the siphon. Forthis,      ,      , as in the previous proposition are used togetherwith the new introduced variables.Let us show how this extension can be used to compute badsiphons and related bad markings. Proposition 9 ([20]):  Let           be a marked        .The net is non–live if and only if there exist a siphon    and amarking                  such that the system of inequalities(2) has a solution with                                :                                                                                                                                                    ℄                      being                            ℄                    ℄          ℄                                     ℄         ℄                       ℄        ℄         ℄        ℄                                                                                                                                                                          (2)The characterization introduced in this proposition is notdirectly applicable to control the system, since a reachablemarking is needed and we do not want to use reachablemarkings (our goal is to avoid the enumeration of the setof reachable markings). Therefore, we are going to proposean alternative approach using the set of potentially reachablemarkings (markings obtained as solutions of the state equa-tion). Remember that we use              to make referenceto the set of solutions of the state equation. Proposition 10 ([20]):  Let           be a marked        . If the net is non–live, there exists a marking                  ,with         ℄      , and a siphon    such that the followingsystem of inequalities has, at least, one solution with                               :                                 ZZ            (3)This proposition does not provide a complete characteriza-tion (as it was the case in Proposition 9). It only provides anecessary condition for deadlock. The reason is the (possible)existence of spurious solutions: markings that are solutionsof the net state equation but are not reachable. This is nota problem when the objective is to obtain a live system: theonly consequence can be that control places also forbid somemarkings which are not reachable. In this way, a system withmore control than needed can be obtained which will be, in anycase, live. A siphon and the corresponding marking fulfillingconditions in Proposition 10 will be called a  potential bad  27 4 Authorized licensed use limited to: Universidad de Zaragoza. Downloaded on December 12, 2008 at 07:07 from IEEE Xplore. Restrictions apply.  siphon  and a  potential    –deadlocked marking , respectively.However, and for the sake of simplicity, they will be calledbad siphon and    –deadlocked marking. Even some work has been done on efficient techniques for computing minimalsiphons [28], the approach we are going to propose does notneed to obtain all the solutions of the system of Proposition 10.The considered method computes a bad siphon, controls it bymeans of the addition of the adequate place, and then iteratesthis process. The reason for this is clear: the added control willmodify the system behavior and some bad markings associatedto another siphons can be forbidden. We are going to transformthe system of equations into another one that will obtain justone siphon as solution. This raises the question of how todecide which siphon to control. The proposed approach selectsthe siphon with a minimal number of places in the hope thatcontrolling first smaller siphons may help to avoid the controlof the bigger ones. The following corollary introduces theproblem. Corollary 11 ([20]):  Let           be a marked        . If the net is non–live, then there exist a siphon    and a marking                 such that the following set of inequalitieshas, at at least, one solution with                                :   maximize                    s.t.      (4)The solution of this problem is a bad siphon,    , anda    –deadlocked marking,    . No special consideration hasbeen done about the    –deadlocked marking associated to thesiphon, while some restrictions about minimality have beendone for    . Nevertheless, we do not want to avoid only just this    –deadlocked marking but also all the deadlockedmarkings related to the siphon. In consequence, a new problemneeds to be solved: once the siphon is known, which are thedeadlocked markings for it? The approach considered here isto compute some selected ‘representative’ markings that canbe used to avoid all the related    –deadlocked markings. Thiswill be accomplished here in either one of two alternativeways: looking at the maximal number of resources availableat    –deadlocked markings; looking at the minimal number of active processes at    –deadlocked markings. For this, it will beuseful to return to Proposition 8. The equations presented therewere constructed supposing that the siphon was known. Let ususe them in order to construct the associated    –restrictions.The restriction               ℄   from Theorem 7 can beadded since the siphon is now known.  Definition 12:  Let           be a marked        . Let    bea bad siphon. The  set of     –restrictions  is:                                     ZZ                     ℄      (5)  Definition 13:  Let           be a marked        . Let    bea bad siphon,       and       are defined as follows:              maximize                  ℄ s.t. restrictions                minimize                   ℄ s.t. restrictions   These two problems are, in some way, equivalent: eitherboth have solution or none of them has solution. They look for deadlocked markings, concentrating on different points of view. That is, while       looks at the number of tokensin      at deadlocked markings,       looks at the numberof active processes in places belonging to        that are“stealing” tokens from    at deadlocked markings. Whenreferring to a particular    problem of the ones presented inDefinition 13,       or       will be used. Whenreferring to any of them      will be used. Once a badsiphon    has been computed, it can be controlled using      or       in order to prevent    –deadlockedmarkings in two different ways: adding one control placeensuring that processes in        are not using more resourcesthan           ℄         . If this is the adopted approach (calledthe    –resource approach ), the system will be said to be    –resource–controlled  ; alternatively, adding a control placeensuring that there will be no more than           activeprocess in places belonging to        . If this is the adoptedapproach (called the    –process approach ), the system will besaid to be    –process–controlled  . If the adopted method is notspecified, the resulting system will be said to be    –controlled  .  Definition 14:  Let           , be a non–live        . Let    bea bad siphon, and       and       as in Definition 13. Then,the associated    –resource place,       , is defined by means of the addition of the following incidence matrix row and initialmarking:                ℄                          ℄         ℄  , and                ℄          ℄            . The associated    –processplace,       , is defined by means of the addition of the followingincidence matrix row and initial marking:                ℄                      ℄ , and                ℄            .To exemplify the previous definition, let us comeback to the        in Figure 1.                     was a bad siphon. According toDefinition 14, two different control places can beadded:      –resource place:                  ℄                     ℄ ,                    ℄   , and      –process place                  ℄                    ℄  ,                    ℄  . Figure 2 shows this process controlplace (which is named    there).Now, two important properties need to be proved for theadded places. First, we are going to show that the initial mark-ings for    –control places are non–negative (this is needed toensure that the    –controlled net is a well–defined Petri net).As a second step, it will be shown that the added place canbe seen as a new (virtual) resource (this is needed in order toiterate the process). For this second property, two things areneeded:       must verify structure conditions to be a resource,and the (extended) marking must be acceptable in the resulting       (See Definitions 1 and 2).  Lemma 15 ([20]):  Let           , be a non–live        . Let   be a bad siphon, and       and       as in Definition 13.Let                   ,                                              27 5 Authorized licensed use limited to: Universidad de Zaragoza. Downloaded on December 12, 2008 at 07:07 from IEEE Xplore. Restrictions apply.
Search
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks