Description

A Petri net structure-based deadlock prevention solution for sequential resource allocation systems

All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.

Related Documents

Share

Transcript

A Petri Net Structure–Based Deadlock Prevention Solution forSequential Resource Allocation Systems
F. Tricas, F.Garc´ıa–Vall´es, J.M. Colom, J. Ezpeleta
Departamento de Inform´ atica e Ingenier ´ ıa de Sistemas. University of Zaragoza. Mar ´ ıa de Luna, 1, 50018 Zaragoza, Spain ftricas@unizar.es
Abstract
—A new method for the deadlock prevention problemin concurrent systems where a set of processes share a set of common resources in a conservative way is proposed. It canbe applied to ﬂexible manufacturing systems, modeled with Petrinets. In this paper, we present a set of important results related tothe deadlock prevention problem in
nets. First, a livenesscharacterization is introduced, establishing how deadlocks can bestudied in terms of circular waits. Second, we show how a circularwait situation corresponds to a particular marking related to asiphon of the Petri net model. Finally, this last characterizationis used to obtain an iterative method that successively forbidsdeadlock related states, synthesizing the control necessary toensure a ﬁnal live behavior. The method can be implementedby means of the solutions of a set of integer linear programmingproblems.
Index Terms
—Deadlock prevention, Petri nets.
I. I
NTRODUCTION
From an abstract point of view, the goal of the paper canbe stated as follows:
we are looking for a control to be added to an automated system in such a way that the controlled system becomes able to carry out each production order
. Thepoint of view that we have adopted is the one that looks atthe system as a Resource Allocation System (RAS). Then,we can see the system as composed of two main elements.
Processes
: each part that enters the system is a process. Aprocess will be modeled as a token that moves through thePetri net. There is a set of types of processes: one type pereach type of part to be produced. Each process is composedof a set of states, related to the different operations (eithertransformations or handling) to be carried out over the part thatit models. Each state has associated a (multi-)set of resourcesneeded for the corresponding processing step (including thebuffering capacity to hold the part itself).
Resources
: eachphysical element composing the cell (a machine, a buffer, arobot, a conveyor, a tool, etc) is a resource. Each resource hasa given capacity (the number of parts that, at a given time,the resource is able “to store/to be used by”). In this context,it is well–known that if a deadlock occurs at a given state, acircular–wait exists: a set of processes such that each process,in order to change its state (to advance to the next processingstep), needs some resources which are, at that time, being usedby some other process in the set. In order to deal with thisproblem, usually several approaches have been adopted. Allof them constrain the evolutions of the non–controlled systemin such a way that no circular–wait state can be reached. Butthey establish the control in a slightly different way (even if,in some cases, it is difﬁcult to ﬁnd the border line betweenthem), being the one used here
deadlock prevention
[1], [2],[3], [4], [5].Since solving the problem for any given system is quitecomplicated, different partial models (corresponding to morerestrictive application cases) have been solved. As statedabove, these systems involve both, processes and resources,and usually are deﬁned imposing restrictions either on the classof processes considered or on the way that the resources canbe used by a process at a given state. The main constraintrelated to the processes refers to the availability of differentroutings in the system; another important question is whethera part can choose different paths once it is in the system ornot. The ﬁrst feature is offered in some models, but most of them do not allow on–line decisions, and the path is ﬁxedonce the part selects one of the available routes [6], [7], [8].Only a few studies [1], [2], [3], [9], [10], [11], [12] allow on–line decisions related to the part routing. The main constraintrelated to resources refers to the number and types of resourcesthat are allowed to be used by a process at a given state.In most previous papers only one resource of a unique type(just the buffering capacity of the resource that holds the part)was allowed at each state of each process (the “Single–UnitRAS”, as named in [13]). This constraint was relaxed in [3]and solved for the more general case in [14], [15], [1], [16],[12]. It is worth noting that [4], [17] provide solutions forunrestricted classes of Petri nets, with the only limitation thatthey transform the models to equivalent ordinary Petri nets.Here we concentrate on those sequential RAS with routingﬂexibility and a allowing a multi–set of resources to be used ateach processing step. Moreover, we also allow resources to beacquired/released in free (conservative) way. Let us summarizein a very brief way the approach that we follow here. As inprevious research work [2], [3] we are using Petri nets asformal models, and our approach is based on the structure of the model: we try to get as much information as possible fromthe structure of the Petri net modeling the resource allocationsystem, avoiding in this way the state space explosion problem.In [1] a necessary condition for non–liveness based on siphonsof the Petri net model of
nets is presented, and usedto apply a deadlock prevention control policy. In [15], a morereﬁned condition also based in siphons is given, allowing amore permissive solution for the same problem. Finally, [12]presents a liveness characterization based on the same struc-tural components. In this paper, we present a set of important
27
1
Proceedings of the 2005 IEEEInternational Conference on Robotics and AutomationBarcelona, Spain, April 2005
0-7803-8914-X/05/$20.00 ©2005 IEEE.
Authorized licensed use limited to: Universidad de Zaragoza. Downloaded on December 12, 2008 at 07:07 from IEEE Xplore. Restrictions apply.
results related to the deadlock control problem in
nets.First, the liveness characterization is presented, establishinghow deadlocks can be studied in terms of circular waits.Second, we show how a circular wait situation corresponds toa particular marking related to a siphon of the Petri net model.The liveness characterization we provide is very similar to theone presented in [12]. Finally, this characterization is used toobtain an iterative method that successively forbids deadlock related states, synthesizing the control necessary to ensurea ﬁnal live behavior. Other iterative methods are presentedin [18], [1], [19], [4], [17]. The method introduced here isbased on the solution of a set of integer linear programmingproblems, and it is implemented by means of the additionof some new places which behave as “virtual” resources,imposing some generalized mutual exclusions among someprocess states. Notice that [11], [12] also use mixed integerlinear programming to test for the existence of deadlock problems.The paper is organized as follows: Section II introduces theclass of nets considered; Section III presents a liveness analysisfor this class; Section IV shows the proposed iterative controlpolicy, which in Section V is applied to an example. Finally,in Section VI some conclusions are presented.II. A C
LASS OF
N
ETS FOR
P
RODUCTION
S
YSTEMS
The
class will be presented in a compact way.Check [20], [3] for a constructive, process–oriented approach.
Deﬁnition 1:
Let
be a ﬁnite, non–empty, set of indices.A
is a connected generalized self–loop free Petrinet
where: 1)
is apartition such that: a)
, where for each
, and for each
,
.b)
. c)
,
.2)
where for each
, and foreach
,
. 3) For each
, thesubnet
is a strongly connected state machinesuch that every cycle contains
. 4) For each
thereexists a unique minimal P–Semiﬂow
IN
such that
,
,
, and
℄
. 5)
.In order to complete the modeling of the system dynamics,an initial marking must be provided. Tokens in a reachablemarking can have different meanings: A token in a place
will model an active process (a part being processed)whose state is modeled by means of place
(the part is at thestate represented by this node). Tokens in a place
will model the available buffering capacity of resource
(
buffering capacity
will be used to represent either capacityor availability). Markings need to represent states that havea physical meaning. In this sense, only
acceptable initialmarkings
, as deﬁned in the following, will be considered. If thesystem is well deﬁned, and its initial marking is “correct”, allthe markings that are reachable from it will represent possiblestates of the system, and will have a physical meaning.
Deﬁnition 2:
Let
be a
.Then,
with
deﬁned as follows is a
with anacceptable initial marking. 1)
℄
; 2)
℄
; 3)
℄
℄
.Let us remark the following facts: The initial marking of
(condition (1)) represents the maximal number of parts of thetype modeled with this net that are allowed to be concurrentlyprocessed in the system. This initial marking can be chosenin such a manner that
becomes implicit [21], and then, themodeling of open systems is possible (parts in the system arelimited only by resources). No process is active at the initialstate (condition (2)). The buffering capacity of each resourceis such that each processing step can be executed when theisolated execution of one process is considered (condition (3)).These properties guarantee that when an acceptable initialmarking is considered, a part can be processed in isolation,i.e. the system is well–deﬁned.For a given resource,
, and based on the minimal P–Semiﬂow
, the
holders of resource
is deﬁned as the setof process places using this resource.
Deﬁnition 3:
Let
be a
.Let
. The set of
holders of r
is the support of theminimal P–Semiﬂow
without place
:
.This deﬁnition can be extended in the natural way to setsof resources Why the name “holder”? Let us consider thenet in Figure 1 and the resource place
. For it,
; considering
, each time a token enters place
, one token“disappears” from
(maintaining the invariant relation), i.e.,an active process in
is “holding” one capacity unit of the physical resource represented by place
(if it advancesto
, one more token is consumed).In a
Petri net each transition has a unique inputprocess state place (whose weight is equal to one) andzero or more input resource places. Extending the deﬁni-tions presented in [8] for SU–RAS, and given a marking,
1
, a transition
is said to be
–process– enabled
(or,
process–enabled
at
) if, and only if
, and
℄
. That is, the transition is enabled bythe corresponding process place (an active process is ready toﬁre, or a process is ready to be activated). A transition is
– resource–enabled
(or,
resource–enabled
at
) if, and only if
℄
℄
. That is, no resource placeis preventing the ﬁring of
. Notice that a transition is enabledat marking
if it is
–resource–enabled and
–process–enabled.III. L
IVENESS
A
NALYSIS OF
M
ODELS
We are going to present a set of liveness characterizationsfor
nets. The ﬁrst one (Theorem 4) does not usesiphons, but concentrates on states where circular wait situa-tions appear. The second one (Theorem 5), obtained from theﬁrst one, characterizes deadlock problems in terms of siphonsand some related markings. Finally, the last one (Theorem 7)is also based on siphons, but establishes in a more clear
1
denotes the reachability set of the net, and
denotes the potential reachability set, obtained as the set of solutions of thestate net equation. Check [22] for a good overview on Petri nets.
27
2
Authorized licensed use limited to: Universidad de Zaragoza. Downloaded on December 12, 2008 at 07:07 from IEEE Xplore. Restrictions apply.
way how deadlocked processes can be located around siphoncomponents. All the proposed characterizations are equivalentto the one proposed in [23]. The main advantage of the oneproposed in Theorem 7 is that it induces an efﬁcient way of preventing deadlocks in
nets as it will be shown.
Theorem 4 ([20]):
Let
be a marked
. Thesystem is non–live if and only if there exists a marking
such that the set of
–process–enabledtransitions is non–empty and each one of these transitions is
–resource–disabled.In the example of Figure 1, at marking
,
is the only
–process–enabledtransition, which is disabled by
. Therefore, the system isnon–live.A marking
verifying the conditions of Theorem 4 will be called a
deadlocked marking
. The term
bad marking
will also be used. Theorem 4 relates non–liveness tothe existence of a marking where active processes are blocked.Their output transitions need resources that are not available.These needed resources cannot be generated (released by thecorresponding processes) by the system (the transitions aredead) because there exist a set of circular waits betweenthe blocked processes. This concept of circular waits can becaptured by the existence of a siphon (in Petri Net terms)whose resource places are the places preventing the ﬁringof the process–enabled transitions. The following theoremshows that, when a bad marking as in Theorem 4 exists, arelated siphon can be constructed; the reverse is also true. Thisestablishes the bridge between behavior and model structure.
Theorem 5 ([20]):
Let
be a marked
. Thenet is non–live if, and only if, there exists a marking
, and a siphon
such that
℄
andthe ﬁring of each
–process–enabled transition is preventedby a set of resource places belonging to
. Moreover, thesiphon
is such that:
such that
℄
℄
and
℄
;
℄
;This theorem says that each one of these siphons is com-posed of resources with an insufﬁcient marking for one of their input transitions that is process enabled, together withplaces that are holders of these resources and are empty atthis marking. In the example of Figure 1, at marking
, transition
is dead andthe siphon
fulﬁlls conditions statedin the previous theorem:
is preventing the ﬁring of
,which is process–enabled, and all the places in
(
) are empty.A siphon
and a marking
verifyingthe properties of Theorem 5 will be said to be a
bad siphon
and a
–deadlocked marking
, respectively. For a given badsiphon
, in the following the next notation will be used:
℄
℄
. Notice that
is thetotal amount of resource units belonging to
(in fact, to
)used by each active process in
.
Deﬁnition 6:
Let
be a marked
. Let
bea siphon of
. Then,
is the
set of thieves
of
2
.The utility of this set will be understood later; for now, itshould be clear that it represents places of the net that useresources of the siphon and do not belong to it. The followingliveness characterization establishes that when a
is notlive, there exists a deadlocked marking such that all the activeprocesses are “stealing” tokens from the set of resources of anassociated siphon. This alternative characterization is usefulto generate a deadlock prevention solution, allowing us toconcentrate on siphons and their thieves, “forgetting” thoseactive processes that are not related to the siphons, and givingbetter computational results when controlling the system.
Theorem 7 ([20]):
Let
be a marked
. Thenet is non–live if, and only if, there exists a siphon
, anda marking
, such that: 1)
℄
.2)
℄
. 3)
such that
℄
,the ﬁring of each
is prevented by a set of resourceplaces belonging to
.This liveness characterization directly relates bad markingswith system states in which all the active processes stay inthief places of a bad siphon. This will be specially useful whentrying to control the system in order to ensure a live behaviorsince it shows that the potential problems are located aroundsiphons.IV. A
N ITERATIVE CONTROL POLICY
Let us present the proposed control policy, implemented inseveral steps. For this, the characterizations of Theorem 5 andTheorem 7 will be used, together with the net state equation.Let us give some intuition about this using the reachabilitygraph of the
of Figure 1, which is depicted in Figure 3.Reachable states can be classiﬁed into three categories: Theﬁrst one (type 1) contains those markings from which
is reachable. These markings are not involved in deadlock problems (the shadowed states in Figure 3). The second class(type 2) is composed of those markings that are not
–deadlocked for any siphon, and such that
is not reachablefrom them. Finally, the third class (type 3) is composed of those markings that are
–deadlocked for some siphon
(depicted as black boxes in the Figure).Since we are able to relate markings of type 3 with badsiphons, the control policy will be based on the addition of some restrictions related to bad siphons, trying to forbid asfew states as possible, in order to prevent just the detected badmarkings (markings of type 3). Once a given marking has beenforbidden (by means of the addition of an adequate controlplace, which will impose ﬁring restrictions), the resultingsystem still belongs to the
class. Therefore, the methodcan continue looking for a new bad marking, forbidding it, andso on, in a iterative way.
A. Computation of deadlocked markings
The following proposition relates liveness with the exis-tence of a solution for the proposed system of inequalities.
2
We will use sometimes in the following
to show the relation amongthese two sets.
27
3
Authorized licensed use limited to: Universidad de Zaragoza. Downloaded on December 12, 2008 at 07:07 from IEEE Xplore. Restrictions apply.
The systems form a linear representation of a bad markinggiven a known bad siphon as introduced in the statement of Theorem 5.
Proposition 8 ([20]):
Let
be a marked
.The net is non–live if and only if there exist a siphon
anda marking
such that the following set of inequalities has, at least, one solution:
℄
being
℄
℄
℄
℄
℄
℄
℄
℄
℄
(1)Let us make some comments about the variables used in theseinequalities.
℄
denotes the structural bound of
[24].The ﬁrst inequality is the same as in Theorem 5 (there aresome active processes). For each
,
indicateswhether
is
–process–enabled or not. If
is process–enabled,
℄
℄
, so
℄
℄
, and, as
, it must be
. Variable
indicates whether
is enabledby
at
. If
is enabled by
at
(
℄
℄
),
℄
℄
and
℄
℄
℄
℄
; therefore,
must be
. If
is notenabled by
(
℄
℄
),
℄
℄
and
℄
℄
℄
℄
; then,
must be
.The existing bad siphons and their related bad markingsneed to be computed in order to control the system. Ournext goal is to reformulate the above system of inequalitiesin order to be able to obtain a bad siphon, together withits related bad markings. The characterization presented inTheorem 5 allows a simple reformulation of these equations.To do that, an algebraic siphon characterization is necessary.In [25], [26] a characterization of this kind is given for traps.It is straightforward to adapt it to the case of siphons. Theresult establishes that each solution of the following set of inequalities:
,is a siphon (its components are those places whose associatedvariable
is
). As it will become clear later, this result isnot adequate in this srcinal form, and it has to be transformedinto an equivalent form using negated logic (this approach issimilar to the one proposed in [26] and also in [27]). A siphonis the set of places whose associated variables in the followingset of inequalities is 0:
. In order to compute a bad siphon,conditions of Proposition 8 can be completed by the additionof the following equations: A set of constraints representingthe siphon,
. A restriction that avoids the whole net as solution:
A set of restrictions relating resource places that are avoidingthe ﬁring of a process–enabled transition and the siphon. Forthis,
,
, as in the previous proposition are used togetherwith the new introduced variables.Let us show how this extension can be used to compute badsiphons and related bad markings.
Proposition 9 ([20]):
Let
be a marked
.The net is non–live if and only if there exist a siphon
and amarking
such that the system of inequalities(2) has a solution with
:
℄
being
℄
℄
℄
℄
℄
℄
℄
℄
℄
(2)The characterization introduced in this proposition is notdirectly applicable to control the system, since a reachablemarking is needed and we do not want to use reachablemarkings (our goal is to avoid the enumeration of the setof reachable markings). Therefore, we are going to proposean alternative approach using the set of potentially reachablemarkings (markings obtained as solutions of the state equa-tion). Remember that we use
to make referenceto the set of solutions of the state equation.
Proposition 10 ([20]):
Let
be a marked
. If the net is non–live, there exists a marking
,with
℄
, and a siphon
such that the followingsystem of inequalities has, at least, one solution with
:
ZZ
(3)This proposition does not provide a complete characteriza-tion (as it was the case in Proposition 9). It only provides anecessary condition for deadlock. The reason is the (possible)existence of spurious solutions: markings that are solutionsof the net state equation but are not reachable. This is nota problem when the objective is to obtain a live system: theonly consequence can be that control places also forbid somemarkings which are not reachable. In this way, a system withmore control than needed can be obtained which will be, in anycase, live. A siphon and the corresponding marking fulﬁllingconditions in Proposition 10 will be called a
potential bad
27
4
Authorized licensed use limited to: Universidad de Zaragoza. Downloaded on December 12, 2008 at 07:07 from IEEE Xplore. Restrictions apply.
siphon
and a
potential
–deadlocked marking
, respectively.However, and for the sake of simplicity, they will be calledbad siphon and
–deadlocked marking. Even some work has been done on efﬁcient techniques for computing minimalsiphons [28], the approach we are going to propose does notneed to obtain all the solutions of the system of Proposition 10.The considered method computes a bad siphon, controls it bymeans of the addition of the adequate place, and then iteratesthis process. The reason for this is clear: the added control willmodify the system behavior and some bad markings associatedto another siphons can be forbidden. We are going to transformthe system of equations into another one that will obtain justone siphon as solution. This raises the question of how todecide which siphon to control. The proposed approach selectsthe siphon with a minimal number of places in the hope thatcontrolling ﬁrst smaller siphons may help to avoid the controlof the bigger ones. The following corollary introduces theproblem.
Corollary 11 ([20]):
Let
be a marked
. If the net is non–live, then there exist a siphon
and a marking
such that the following set of inequalitieshas, at at least, one solution with
:
maximize
s.t.
(4)The solution of this problem is a bad siphon,
, anda
–deadlocked marking,
. No special consideration hasbeen done about the
–deadlocked marking associated to thesiphon, while some restrictions about minimality have beendone for
. Nevertheless, we do not want to avoid only just this
–deadlocked marking but also all the deadlockedmarkings related to the siphon. In consequence, a new problemneeds to be solved: once the siphon is known, which are thedeadlocked markings for it? The approach considered here isto compute some selected ‘representative’ markings that canbe used to avoid all the related
–deadlocked markings. Thiswill be accomplished here in either one of two alternativeways: looking at the maximal number of resources availableat
–deadlocked markings; looking at the minimal number of active processes at
–deadlocked markings. For this, it will beuseful to return to Proposition 8. The equations presented therewere constructed supposing that the siphon was known. Let ususe them in order to construct the associated
–restrictions.The restriction
℄
from Theorem 7 can beadded since the siphon is now known.
Deﬁnition 12:
Let
be a marked
. Let
bea bad siphon. The
set of
–restrictions
is:
ZZ
℄
(5)
Deﬁnition 13:
Let
be a marked
. Let
bea bad siphon,
and
are deﬁned as follows:
maximize
℄
s.t. restrictions
minimize
℄
s.t. restrictions
These two problems are, in some way, equivalent: eitherboth have solution or none of them has solution. They look for deadlocked markings, concentrating on different points of view. That is, while
looks at the number of tokensin
at deadlocked markings,
looks at the numberof active processes in places belonging to
that are“stealing” tokens from
at deadlocked markings. Whenreferring to a particular
problem of the ones presented inDeﬁnition 13,
or
will be used. Whenreferring to any of them
will be used. Once a badsiphon
has been computed, it can be controlled using
or
in order to prevent
–deadlockedmarkings in two different ways: adding one control placeensuring that processes in
are not using more resourcesthan
℄
. If this is the adopted approach (calledthe
–resource approach
), the system will be said to be
–resource–controlled
; alternatively, adding a control placeensuring that there will be no more than
activeprocess in places belonging to
. If this is the adoptedapproach (called the
–process approach
), the system will besaid to be
–process–controlled
. If the adopted method is notspeciﬁed, the resulting system will be said to be
–controlled
.
Deﬁnition 14:
Let
, be a non–live
. Let
bea bad siphon, and
and
as in Deﬁnition 13. Then,the associated
–resource place,
, is deﬁned by means of the addition of the following incidence matrix row and initialmarking:
℄
℄
℄
, and
℄
℄
. The associated
–processplace,
, is deﬁned by means of the addition of the followingincidence matrix row and initial marking:
℄
℄
, and
℄
.To exemplify the previous deﬁnition, let us comeback to the
in Figure 1.
was a bad siphon. According toDeﬁnition 14, two different control places can beadded:
–resource place:
℄
℄
,
℄
, and
–process place
℄
℄
,
℄
. Figure 2 shows this process controlplace (which is named
there).Now, two important properties need to be proved for theadded places. First, we are going to show that the initial mark-ings for
–control places are non–negative (this is needed toensure that the
–controlled net is a well–deﬁned Petri net).As a second step, it will be shown that the added place canbe seen as a new (virtual) resource (this is needed in order toiterate the process). For this second property, two things areneeded:
must verify structure conditions to be a resource,and the (extended) marking must be acceptable in the resulting
(See Deﬁnitions 1 and 2).
Lemma 15 ([20]):
Let
, be a non–live
. Let
be a bad siphon, and
and
as in Deﬁnition 13.Let
,
27
5
Authorized licensed use limited to: Universidad de Zaragoza. Downloaded on December 12, 2008 at 07:07 from IEEE Xplore. Restrictions apply.

Search

Similar documents

Related Search

Structure Based Drug DesignStructure-Based Drug DiscoveryDeadlock PreventionTest to Estimate the Life of Structure Based School-Based Violence PreventionPetri NetStructure-Based Drug Design and Structural BiMindfulness-based Relapse PreventionNumerical solution for system of stiff OrdinaNeeds based English Language Syllabus for stu

We Need Your Support

Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks