This paper considers the problem of establishing live resource allocation in workflows with synchronization stages. Establishing live resource allocation in this class of systems is challenging since deciding whether a given level of resource capacities is sufficient to complete a single process is NP-complete. In this paper, we develop two necessary conditions and one sufficient condition that provide quickly computable tests for the existence of process completing sequences. The necessary conditions are based on the sequence of completions of ๐‘› subprocesses that merge together at a synchronization. Although the worst case complexity is O(2๐‘›), we expect the number of subprocesses combined at any synchronization will be sufficiently small so that total computation time remains manageable. The sufficient condition uses a reduction scheme that computes a sufficient capacity level of each resource type to complete and merge all ๐‘› subprocesses. The worst case complexity is O(๐‘›โ‹…๐‘š), where ๐‘š is the number of synchronizations. Finally, the paper develops capacity bounds and polynomial methods for generating feasible resource allocation sequences for merging systems with single unit allocation. This method is based on single step look-ahead for deadly marked siphons and is O(2๐‘›). Throughout the paper, we use a class of Petri nets called Generalized Augmented Marked Graphs to represent our resource allocation systems.

1. Introduction

In recent years, liveness-enforcing supervisory control has been an active area of research for resource allocation systems characterized by processes with highly ordered, linear workflows. This research has been motivated to a large degree by the need to control resource allocation in large, highly automated manufacturing systems, where process workflow is highly sequential and is typically prespecified in a productโ€™s process plan. In brief, a sequential resource allocation system (RAS) consists of a set of resources, each available at a finite level, and a set of processes that progresses through sequences of processing stages, with each stage requiring a predetermined set of the system resources. Furthermore, a process instance is allowed to advance to its next stage only when it has been granted the complete set of required resources and only then will it release the currently held resources that are not required for the following stage.

Because the resource allocation schemes discussed above are embedded in the operation of many technologically advanced systems, a complete understanding of their worst case behaviors is essential when devising operating logic for their control. Indeed, if resource allocation is not properly constrained, the sequential RAS will attain resource allocation states from which additional allocation-deallocation of some subset of resources is not possible. This situation is highly undesirable, because resource allocation stalls, the involved processes and the resources they hold are idle, and outside intervention to resolve and reset the system is required. Liveness enforcing supervision seeks to avoid these situations and maintain completely smooth operation by imposing an appropriate supervisory control policy.

Reveliotis et al. [1] present a taxonomy for sequential RAS based on the structure of the allocation requests associated with various processing stages. This taxonomy includes (i) single-unit (SU) RAS, which admits only linearly ordered process sequences with resource requests corresponding to standard unit vectors, (ii) conjunctive (C) RAS, which admits linearly ordered process flows with arbitrary resource requests, and (iii) disjunctive/conjunctive (D/C) RAS, which allows the process to use alternative workflow sequences. Lower-numbered classes in the taxonomy are specializations of the higher-numbered and therefore present simpler behaviors which are more easily analyzed and controlled. Indeed, many results on RAS liveness and the synthesis of tractable liveness enforcing supervisors (LES) have been developed for the SU-RAS class, see, for example, [2, 3] for seminal papers. Researchers have also addressed the problem in the context of the more general classes of D-RAS, C-RAS, and D/C-RAS, see [4, 5] for early results. An interesting discussion that provides a unifying perspective for many of these results, and also highlights the currently prevailing issues in the area, can be found in [6]. Additional recent reviews are provided in [7, 8].

In [9], Reveliotis et al. extends the taxonomy of [1] to include RAS with process synchronizations, that is, RAS where a process may consist of several subprocesses operating independently until some synchronization stage is attained, at which point subprocesses recombine through merging and splitting and then continue as a new set. We shall refer to this class of RAS as A/D-RAS (assembly/disassembly RAS), since, in the case of manufacturing, this class covers products with both assembly and disassembly in their specified workflow. We notice, however, that synchronization also commonly occurs in project management and business workflow scenarios where finite resources must be allocated to competing tasks, which must eventually merge and spawn successor tasks.

From the perspective of logical analysis and control, a major difference between the A/D-RAS and those addressed in the taxonomy of [1] is that we can no longer quickly be sure that the given level of resource capacities is sufficient to complete even a single process. More specifically, since a single process may consist of several concurrent and independently operating subprocesses, each requesting, using, and holding resources, there is no guarantee that resources are of sufficient capacity to allow these subprocesses to attain required synchronization states. In this paper, we refer to this issue as the โ€œquasi-livenessโ€ problem since, by definition, an underlying Petri net model of the A/D-RAS will be quasi-live if, for every transition of the net (including those representing synchronizations), there exists a sequence of transition firings (resource allocations) that enables that transition. In [9], it is established that the lack of quasi-liveness in the A/D-RAS can be explained by the presence of a particular type of deadly marked siphon in the underlying net dynamics and that testing quasi-liveness, a rather easy task for nets modeling the D/C-RAS, now becomes an NP-complete problem (cf. also [10] for a formal proof on the NP-completeness of the quasi-liveness problem in the considered RAS class). Thus, assessing process quasi-liveness raises important and novel research problems to be addressed for this RAS. For quasi-live processes, an additional issue is identifying sequences of resource allocations that enable the involved process synchronizations. Once such sequences have been identified, standard D/C-RAS deadlock avoidance policies can be implemented to control concurrent allocation of resources across several concurrently operating processes.

We note that in [11], Xie and Jeng also study resource allocation in systems with synchronizations by analyzing a class of ordinary Petri nets called extended resource control nets (ERCN). More specifically, they develop structural characterizations for the ERCN quasi-liveness and liveness that are based on the notion of empty siphons. In other work, Wu et al. [12] model assembly/disassembly processes using resource-oriented Petri nets. Based on the models, a deadlock control policy is proposed and proved to be computationally efficient and less conservative than the existing policies in the literature. Hsieh [13] develops a subclass of Petri net models called nonordinary controlled flexible assembly Petri nets with uncertainties for assembly systems and studies their robustness to resource failure. Hu et al. [14] proposes a class of Petri nets to study automated manufacturing systems with either flexible routes or assembly operations. Using structural analysis, the authors show that liveness of such systems can be attributed to the absence of under-marked siphons.

Our work, on the other hand, places more emphasis on the associated design and control problems, seeking first to find resource levels that guarantee quasi-liveness and then to find resource allocation sequences that enable synchronization transitions. In [15, 16], we model the A/D-RAS using a subclass of Petri nets known as Generalized Augmented Marked Graphs (G-AMG). Based upon the notion of reachability graph, we present an algorithm that determines the quasi-liveness of a process subnet by enumerating all execution sequences that are resource-enabled under the considered resource availability; if the net is quasi-live, there will be at least one sequence that leads to process completion. For a quasi-live process, the reachability graph provides complete information about the resource allocation sequences that can be used. Since the graph is exponential in size, it is generally necessary to select a smaller subset of sequences to use for supervision. Based on the work presented in [15, 16], Choi [17] develops a mixed integer program that selects a small subset of process completing sequences for the development of liveness enforcing supervisors. This defines a manageable set of realizable behaviors the system can exhibit. The subset is selected such that a performance controller, posed as a Markov decision process, has the greatest potential to optimize system performance.

In this paper, we seek to develop more tractable methods of identifying process completing sequences for certain subclasses. More specifically, we define a special case of G-AMG, called G-AMGA, which models a RAS comprising only โ€œassemblyโ€ or merging operations. For RAS modeled by G-AMGAโ€™s, we develop two necessary conditions for quasi-liveness which provide quick tests. We also develop a polynomial net reduction algorithm that can be used to compute resource levels sufficient to assure quasi-liveness. We then turn our attention to the more restricted subclass of G-AMGA, G-AMGASU , in which resource allocation is of the single-unit type. For this class, we develop resource bounds that guarantee polynomial quasi-liveness. We also present a polynomial algorithm for computing resource-feasible sequences when the resource bounds are met.

We organize the remainder of the paper as follows. Section 2 presents and discusses our A/D-RAS model. Section 3 develops the necessary conditions, the sufficient condition, and the net reduction algorithm for generating a process completing sequence for the G-AMGA. Section 4 develops sufficient resource bounds along with a polynomial algorithm for generating process completing sequences in assembly systems with single unit resource allocation, G-AMGASU. Finally, Section 5 provides concluding remarks and discusses future research.

2. The G-AMG Model for the A/D-RAS

References [9, 12] formally define the G-AMG structure for the A/D-RAS. For completeness, the Appendix repeats this definition. Figure 1 provides an example of a G-AMG process net.

Note from Figure 1 that the net has an initial place, ๐‘0, marked with a single token. This represents the uninitiated process. The initial transition, ๐‘ก๐ผ, serves as the order release transition, which initiates production of the five subprocesses. The places of ๐‘ก๐ผโ€ข, call this set ๐‘ƒ๐ผ, hold the released subprocess orders. No resources are allocated to subprocesses in ๐‘ƒ๐ผ, that is, ๐‘ก๐ผ merely releases orders for the subprocesses it does not allocate resources. This is indicated by the zero need vector associate with places in ๐‘ƒ๐ผ.

We use ๐‘ƒ๐‘† to represent the set of places that model processing operations, typically those with nonzero resource need, and ๐‘‡๐‘† to represent those transitions that allocate-deallocate resources. Thus, resource places are only connected to transitions in ๐‘‡๐‘†. Note that the sequential logic underlying the execution of the set of subprocesses is expressed by the induced subnet ๐‘ƒ๐‘†โˆช๐‘‡๐‘†.

Places of ๐‘ƒ๐‘† are labeled with resource need for three resource types. We do this to simplify the figure. In fact, each resource type has its own place (the set of resource places is ๐‘ƒ๐‘…) and is marked with a number of tokens representing its capacity (we will denote the capacity or resource, ๐‘Ÿ๐‘–, as ๐ถ๐‘–). Consider Figure 2, illustrating the connectivity for resource ๐‘Ÿ1. The weight ๐‘Š(๐‘Ÿ1,๐‘ก1)=1 represents the number of units of ๐‘Ÿ1 requested by the subprocess at ๐‘ก1. The needs of a process place ๐‘โˆˆ๐‘ƒ๐‘  with respect to some resource ๐‘Ÿ๐‘–โˆˆ๐‘ƒ๐‘…, are expressed by the value of ๐‘ข๐‘–(๐‘), where ๐‘ข๐‘– is the ๐‘-semiflow introduced by item 5 of Definition A.11.

Note that resource types support the execution of the different requesting subprocesses in a reusable fashion, that is, their utilization does not diminish their capacity.

Firing of ๐‘ก7โˆˆ๐‘‡๐‘†represents the completion of the process. This event deallocates all resources and places a token in the final completion place, ๐‘๐นโˆˆ๐‘ƒ๐น. When this happens, the final transition, ๐‘ก๐น, which signals process completion, is allowed to fire and a new process release is enabled. Only places of ๐‘ƒ๐น provide input to ๐‘ก๐น,๐‘ก๐น is the only input of ๐‘0, and ๐‘0 is the only output of ๐‘ก๐น. Also, ๐‘0 is the only input of ๐‘ก๐ผ, and ๐‘ก๐ผ is the only output of ๐‘0. Finally, ๐‘ก๐ผ is the only input of places in ๐‘ƒ๐ผ, and these places connect to transitions in ๐‘‡๐‘†.

Since the process net (without resource places) is a marked graph, each place in {๐‘0}โˆช๐‘ƒ๐ผโˆช๐‘ƒ๐‘†โˆช๐‘ƒ๐น has exactly one input and one output. This implies that processes can exhibit concurrency and synchronization but not choice. To be well-defined, we require that the process net be strongly connected. Finally, we will say that ๐‘ƒ={๐‘0}โˆช๐‘ƒ๐ผโˆช๐‘ƒ๐‘†โˆช๐‘ƒ๐น, ๐‘‡={๐‘ก๐ผ,๐‘ก๐น}โˆช๐‘‡๐‘†, ๐‘=๐‘ƒโˆช๐‘‡ and ๐‘๐‘…=(๐‘ƒโˆช๐‘ƒ๐‘…)โˆช๐‘‡. To summarize, we have the following notation.๐‘0: Initial process place. The initial marking of ๐‘0 specifies the maximum number of concurrently โ€ƒexecuting processes.๐‘ƒ๐ผ: Places that hold subprocesses ready to begin processing. ๐‘ƒ๐‘†: Places where processing occurs. These typically have associated resource needs. ๐‘ƒ๐น: Places holding the completed process. ๐‘ƒ๐‘…: The set of resource places. ๐‘ƒ:{๐‘0}โˆช๐‘ƒ๐ผโˆช๐‘ƒ๐‘†โˆช๐‘ƒ๐น, all places except resource places. ๐‘ก๐ผ: The โ€œorder releaseโ€ transition. ๐‘‡๐‘†: Transitions that allocate-deallocate resources and that synchronize, merge, or split subprocesses.๐‘ก๐น: The โ€œprocess completionโ€ transition. ๐‘‡:{๐‘ก๐ผ,๐‘ก๐น}โˆช๐‘‡๐‘† the set of transitions. ๐‘Š(๐‘Ÿ,๐‘ก): The number of units of resource ๐‘Ÿ requested at transition ๐‘ก. ๐‘:๐‘ƒโˆช๐‘‡, the process net without resources. ๐‘๐‘…:(๐‘ƒโˆช๐‘ƒ๐‘…)โˆช๐‘‡, the process net with resources.

As previously stated, the Appendix (Definition A.11) provides the formal definition.

As mentioned in the introduction, assessing the quasi-liveness of the G-AMG is NP-complete [10]. Thus, determining whether or not a given process has a sequence of transition firings (resource allocations) that enables ๐‘ก๐น requires super-polynomial computation in the general case. Detailed discussions on quasi-liveness and related issues for the general case can be found in [12, 14].

In this paper, we investigate live resource allocation for assembly systems only; that is, we impose that for all ๐‘กโˆˆ๐‘‡๐‘†โŠ†๐‘๐‘…, ๐‘กโ€ขโˆฉ๐‘ƒ๐‘† is a singleton. In Section 3, we develop conditions that provide quickly computable tests on quasi-liveness. In Section 4, we develop polynomial methods for resolving quasi-liveness and generating feasible resource allocation sequences for assembly systems with single unit resource allocation.

3. The G-AMGA Model for the A-RAS

This section develops results for the subclass, referred to as G-AMGA, of A/D-RAS systems restricted to assembly only (A-RAS). In other words, systems in G-AMGAโŠ† G-AMG have subprocess merging but no splitting. For this subclass of systems, ๐‘ is restricted as follows: for all ๐‘กโˆˆ๐‘‡๐‘†, |๐‘กโ€ขโˆฉ๐‘ƒ๐‘†|=1. Thus, a transition (other than ๐‘ก๐ผ) can perform no splitting operation; that is, there is no disassembly. For this subclass, we develop a set of quick tests for quasi-liveness based on necessary conditions and sufficient conditions. The necessary conditions are based on local tests of โ€œplace concurrenceโ€ for each synchronizing transition. If these conditions are not met, then the net is not quasi-live. If these tests do not indicate lack of quasi-liveness, we then perform a polynomial sufficiency test, that, if met, guarantees quasi-liveness and provides resource enabled execution sequences.

3.1. Necessary Conditions for A-RAS

Consider an ๐‘๐‘…. Let ๐‘‡Synch be the set of transitions that synchronize subprocesses, that is, ๐‘‡Synch={๐‘กโˆˆ๐‘‡๐‘†โˆถ|โ€ข๐‘กโˆฉ๐‘ƒ๐‘†|>1}. For example, in Figure 1, ๐‘‡Synch={๐‘ก5,๐‘ก6,๐‘ก7}. We note that for each ๐‘กโˆˆ๐‘‡Synch, all places in โ€ข๐‘กโˆฉ๐‘ƒ๐‘† must be simultaneously marked for synchronization to occur. Further, there must exist sufficient remaining unallocated resources to fire the synchronization once these places are marked. For example, in Figure 1, for ๐‘ก5 to be process enabled, it is necessary that the three subprocesses synchronized at ๐‘ก5 are simultaneously allocated a total of three units of resource type, ๐‘Ÿ2. To resource enable ๐‘ก5, one additional unit of ๐‘Ÿ2 is required. Thus, if the capacity of ๐‘Ÿ2 is less than three, ๐‘ก5 cannot be process enabled, and if the capacity of ๐‘Ÿ2 is less than four, ๐‘ก5 cannot be both process and resource enabled. Thus, as illustrated by this example, if there exists ๐‘กโˆˆ๐‘‡Synch and resource, ๐‘Ÿ๐‘–, such that ๐‘Š(๐‘Ÿ๐‘–โˆ‘,๐‘ก)+๐‘โˆˆโ€ข๐‘กโˆฉ๐‘ƒ๐‘†๐‘ข๐‘–(๐‘)>๐ถ๐‘–, where ๐ถ๐‘– is the capacity of ๐‘Ÿ๐‘–, then ๐‘๐‘… cannot be quasi-live.

This is our first necessary condition that resource capacities must be sufficient to be both process enabled and resource enabled ๐‘กโˆˆ๐‘‡Synch.

Further, note that transitions ๐‘ก5 and ๐‘ก6 must be fired to process-enable ๐‘ก7. Since we fire only one transition at a time, these must be fired in some order. Suppose ๐‘ก6 is fired before ๐‘ก5. Then the subprocess at place ๐‘ก6โ€ขโˆฉ๐‘ƒ๐‘† will be assembled and holding two units of ๐‘Ÿ3 after firing ๐‘ก6. Then to fire ๐‘ก5, subprocesses at โ€ข๐‘ก5โˆฉ๐‘ƒ๐‘† will need to be holding five units of ๐‘Ÿ3. Thus, ๐‘Ÿ3 must have at least seven units of capacity if ๐‘ก6 fires before ๐‘ก5.

On the other hand, if ๐‘ก5 is fired before ๐‘ก6, then the subprocess at place ๐‘ก5โ€ขโˆฉ๐‘ƒ๐‘† will be assembled and holding two units of ๐‘Ÿ3. Then to fire ๐‘ก6, the subprocess at โ€ข๐‘ก6โˆฉ๐‘ƒ๐‘† will need to be holding three units of ๐‘Ÿ3. Thus, ๐‘Ÿ3 must have at least five units of capacity if ๐‘ก5 fires before ๐‘ก6. Clearly, if ๐‘Ÿ3 has capacity four, the net is not quasi-live. If ๐‘Ÿ3 has capacity five or six, ๐‘ก5๐‘ก6 is resource enabled but ๐‘ก6๐‘ก5 is not. If ๐‘Ÿ3 has capacity seven or greater, both sequences are resource enabled.

More generally, suppose ๐‘กโˆˆ๐‘‡Synch has ๐พ subprocess input places, that is,โ€‰โ€‰๐พ=|โ€ข๐‘กโˆฉ๐‘ƒ๐‘†|. Since ๐‘ is a marked graph, each ๐‘โˆˆโ€ข๐‘กโˆฉ๐‘ƒ๐‘† will have only one input transition. Since ๐‘ is assembly only, each ๐‘โˆˆโ€ข๐‘กโˆฉ๐‘ƒ๐‘† will have a unique input transition. Thus, to process enable ๐‘ก, these ๐พ transitions will have to be fired in some order.

Let โ€ข๐‘กโˆฉ๐‘ƒ๐‘† = {๐‘(1),๐‘(2),โ€ฆ,๐‘(๐พ)} and let โ€ขโ€ข๐‘ก={๐‘ก(1),๐‘ก(2),โ€ฆ,๐‘ก(๐พ)}, where โ€ข๐‘(1)={๐‘ก(1)}, โ€ข๐‘(2)={๐‘ก(2)}, and so forth. Firing ๐‘ก(1) marks ๐‘(1), firing ๐‘ก(2) marks ๐‘(2), and so forth. When {๐‘(1),๐‘(2),โ€ฆ,๐‘(๐พ)} are all marked, ๐‘ก is process enabled. With unlimited resources, there are ๐พ! possible firing sequences for {๐‘ก(1),๐‘ก(2),โ€ฆ,๐‘ก(๐พ)} that process-enable ๐‘ก (assuming each is fired only once). However, with finite resource capacities, some (possibly all) of the firing sequences might be infeasible. For example, in Figure 1, if ๐‘Ÿ3 has capacity six, then the firing sequence ๐‘ก6๐‘ก5 is not possible, although ๐‘ก5๐‘ก6 is.

Let ๐œŽ๐‘˜ be the set of partial firing sequences of {๐‘ก(1),๐‘ก(2),โ€ฆ,๐‘ก(๐พ)} of length ๐‘˜โ‰ค๐พ (again assuming that each transition will occur at most once in any sequence of ๐œŽ๐‘˜). Note that ๐œŽโˆˆ๐œŽ๐‘˜ marks ๐‘˜ places of โ€ข๐‘กโˆฉ๐‘ƒ๐‘† and leaves ๐พโˆ’๐‘˜ unmarked. If there exists ๐‘˜<๐พ such that for every marked ๐‘˜-subset of {๐‘(1),๐‘(2),โ€ฆ,๐‘(๐พ)}, all input transitions to the unmarked (๐พโˆ’๐‘˜)-complement are resource disabled, then ๐‘๐‘… cannot be quasi-live.

Putting more formally, let ๐‘†๐‘˜ be a ๐‘˜-subset of {๐‘(1),๐‘(2),โ€ฆ,๐‘(๐พ)}, that is, ๐‘†๐‘˜โŠ†{๐‘(1),๐‘(2),โ€ฆ,๐‘(๐พ)} such that |๐‘†๐‘˜|=๐‘˜. Note that there are ๎€ท|โ€ข๐‘กโˆฉ๐‘ƒ๐‘†|๐‘˜๎€ธ total ๐‘˜-subsets of โ€ข๐‘กโˆฉ๐‘ƒ๐‘†={๐‘(1),๐‘(2),โ€ฆ,๐‘(๐พ)}. If โˆƒ๐‘˜<๐พ such that for all ๐‘†๐‘˜โŠ†โ€ข๐‘กโˆฉ๐‘ƒ๐‘†, for all ๐‘โˆˆ(S๐‘˜)๐‘=(โ€ข๐‘กโˆฉ๐‘ƒ๐‘†)โงต๐‘†๐‘˜, โˆƒ๐‘Ÿ๐‘– such that โˆ‘๐‘โˆˆ๐‘†๐‘˜๐‘ข๐‘–(๐‘)+๐‘Š(๐‘Ÿ๐‘–,โ€ข๐‘)>๐ถ๐‘–, then ๐‘๐‘… cannot be quasi-live.

This is our second necessary condition that resource capacities must be sufficient to fire all the input transitions to subprocess input places of ๐‘กโˆˆ๐‘‡Synch.

Algorithm 1 checks these necessary conditions. The algorithm starts with a For loop that tests every synchronization transition for violations of the two necessary conditions. The first check is for necessary condition 1, where the resources required to process-enable plus the resources required to resource-enable the synchronization are compared to the resource capacities. If a violation is found, then the net cannot be quasi-live, and the algorithm terminates by returning not quasi-live.

For every ๐‘ก โˆˆ ๐‘‡ S y n c h
โ€ƒ//Check for violations of the first necessary condition
โ€ƒFind ๐‘Ÿ ๐‘– such that ๐‘Š ( ๐‘Ÿ ๐‘– โˆ‘ , ๐‘ก ) + ๐‘ โˆˆ โ€ข ๐‘ก โˆฉ ๐‘ƒ ๐‘† ๐‘ข ๐‘– ( ๐‘ ) > ๐ถ ๐‘–
โ€ƒIf successful, return Not Quasi-live
โ€ƒ//Check for violations of the second necessary condition
โ€ƒElse ๐‘˜ = 1
โ€ƒโ€ƒWhile ๐‘˜ < ๐พ = | โ€ข ๐‘ก โˆฉ ๐‘ƒ ๐‘† |
โ€ƒโ€ƒโ€ƒsubset_count = 0
โ€ƒโ€ƒโ€ƒFor each ๐‘† ๐‘˜ โŠ† โ€ข ๐‘ก โˆฉ ๐‘ƒ ๐‘†
โ€ƒโ€ƒโ€ƒโ€ƒplace_count = 0
โ€ƒโ€ƒโ€ƒโ€ƒFor each ๐‘ โˆˆ ( ๐‘† ๐‘˜ ) ๐‘
โ€ƒโ€ƒโ€ƒโ€ƒโ€ƒFind ๐‘Ÿ ๐‘– โˆ‘ ๐‘  ๐‘ก ๐‘ โˆˆ ๐‘† ๐‘˜ ๐‘ข ๐‘– ( ๐‘ ) + ๐‘Š ( ๐‘Ÿ ๐‘– , โ€ข ๐‘ ) > ๐ถ ๐‘–
โ€ƒโ€ƒโ€ƒโ€ƒโ€ƒIf successful, place_count + +
โ€ƒโ€ƒโ€ƒโ€ƒEnd For
โ€ƒโ€ƒโ€ƒโ€ƒIf place_count = | ( ๐‘† ๐‘˜ ) ๐‘ | , subset_counter + +
โ€ƒโ€ƒโ€ƒEnd For
โ€ƒโ€ƒโ€ƒIf subset_count = ( | โ€ข ๐‘ก โˆฉ ๐‘ƒ ๐‘† | ๐‘˜ ) , return Not Quasi-live
โ€ƒโ€ƒโ€ƒ ๐‘˜ + +
โ€ƒโ€ƒEnd While
โ€ƒEnd For
โ€ƒReturn Unknown

If no violation of the first necessary condition is found, then the algorithm initiates a While loop for testing the second condition. The first step is to initialize a subset counter, which, for the given synchronization transition, counts the number of ๐‘˜-subsets of the process input places that violate the second necessary condition. If it found that all ๐‘˜-subsets violate the second necessary condition, that is, subset_count = total number of ๐‘˜-subsets, then the algorithm terminates by returning not quasi-live.

Note that the inner For loop determines whether a given ๐‘˜-subset violates the second necessary condition or not. It does this by checking all the places in the (๐พ-๐‘˜)-complement to see if their input transitions are resource enabled. If none is, then none of these places can be marked, and the synchronization cannot be process enabled by first marking the ๐‘˜-subset and then firing the input transitions of the (๐พ-๐‘˜)-complement. If this is true for a ๐‘˜-subset, then that ๐‘˜-subset violates the second condition and the counter, subset_count, is incremented. Again, if we find ๐‘˜<๐พsuch that all ๐‘˜-subsets violate the second necessary condition, that is, subset_count = total number of ๐‘˜-subsets, then the algorithm terminates by returning not quasi-live.

Consider an example assembly system depicted in Figure 3. Assume that โŸจ๐ถ1,๐ถ2,๐ถ2โŸฉ = โŸจ2,4,1โŸฉ. We have both ๐‘ก10 and ๐‘ก12 in ๐‘‡Synch. Checking ๐‘ก10 for the first necessary condition, we have 0+(0+0+1)=1โ‰ค2=๐ถ1for๐‘Ÿ1,2+(1+0+0)=3โ‰ค4=๐ถ2 for ๐‘Ÿ2, and 0+(0+1+0)=1โ‰ค1=๐ถ3for๐‘Ÿ3, resulting in no violation. A similar check finds that ๐‘ก12 does not violate the first necessary condition. We now check ๐‘ก10 for the second necessary condition. For ๐‘†1={๐‘3}, we have (0)+0=0โ‰ค2=๐ถ1 and (0)+1=1โ‰ค2=๐ถ1 for ๐‘Ÿ1, (1)+0=1โ‰ค4=๐ถ2 and (1)+0=1โ‰ค4=๐ถ2 for ๐‘Ÿ2, and (0)+1=1โ‰ค1=๐ถ3 and (0)+0=0โ‰ค1=๐ถ3 for ๐‘Ÿ3. Hence, there is no violation. Similar checks for ๐‘†1={๐‘6} and ๐‘†1={๐‘9} reveal that there is no violation. For ๐‘†2={๐‘3,๐‘6}, we have(0+0)+1=1โ‰ค2=๐ถ1 for ๐‘Ÿ1, (1+0)+0=1โ‰ค4=๐ถ2 for ๐‘Ÿ2, and (0+1)+0=1โ‰ค1=๐ถ3 for ๐‘Ÿ3; as a result, the condition is not violated. Similarly, ๐‘†2={๐‘3,๐‘9} and ๐‘†2={๐‘6,๐‘9} yield no violation. Therefore, ๐‘ก10 does not violate the second necessary condition. Likewise, ๐‘ก12 does not violate the second necessary condition either.

We note that Algorithm 1 enumerates all subsets of the input places for each synchronization transition, and thus, in the strictest sense, this check is of exponential complexity. However, we expect that the number of subprocesses combined at any synchronization will be sufficiently small so that the total computation of Algorithm 1 will be quite small in comparison to the complete enumeration of the reachability graph in [12, 14], and therefore the check is worthwhile.

If no violations of either of the necessary conditions are found, then the quasi-liveness remains unverified that is, we cannot say whether the net is quasi-live or not. In the following section, we will develop a sufficient condition for quasi-liveness and an algorithm, for generating a process completing sequence based on this sufficient condition.

3.2. Sufficient Condition Test for Quasi-Liveness of the A-RAS

This subsection develops a sufficiency test for the G-AMGA model. This test makes use of reductions performed on two types of structures contained in the G-AMGA. In Figure 3, consider the three net segments: {๐‘ก๐ผ,๐‘1,๐‘ก1,๐‘2,๐‘ก2,๐‘3,๐‘ก10}, {๐‘ก๐ผ,๐‘4,๐‘ก4,๐‘5,๐‘ก5,๐‘6,๐‘ก10}, and {๐‘ก๐ผ,๐‘7,๐‘ก7,๐‘8,๐‘ก8,๐‘9,๐‘ก10}. These three represent the sequential processing steps of the three subprocesses marking places {๐‘1,๐‘4,๐‘7}โŠ†๐‘ƒ๐ผ that synchronize at ๐‘ก10. Any interaction between the three subprocesses is strictly limited to resource competition. Otherwise their processing up to ๐‘ก10 is independent, possibly concurrent, depending on resource capacities.

We note the following.(1)The subprocess of ๐‘1 requires a total allocation of โŸจ1,1,0โŸฉin order to reach ๐‘3, where it will release the unit of ๐‘Ÿ1 and will hold the unit of ๐‘Ÿ2.(2)The subprocess of ๐‘4 requires a total allocation of โŸจ0,1,1โŸฉ in order to reach ๐‘6, where it will release the unit of ๐‘Ÿ2 and will hold the unit of ๐‘Ÿ3.(3)The subprocess of ๐‘7 requires a total allocation of โŸจ1,0,1โŸฉin order to reach ๐‘9, where it will release the unit of ๐‘Ÿ3 and will hold the unit of ๐‘Ÿ1.

Thus, if we have sufficient resources to simultaneously allocate โŸจ1,1,0โŸฉ to the first subprocess, โŸจ0,1,1โŸฉto the second, and โŸจ1,0,1โŸฉto the third, then we are sure that the three subprocesses can reach the synchronization stage. Thus, we say that if โŸจ๐ถ1,๐ถ2,๐ถ2โŸฉโ‰ฅโŸจ1,1,0โŸฉ + โŸจ0,1,1โŸฉ + โŸจ1,0,1โŸฉ = โŸจ2,2,2โŸฉ, then resource capacities are sufficient to process-enable the synchronization at ๐‘ก10.

We refer to a structure such as {๐‘ก๐ผ,๐‘1,๐‘ก1,๐‘2,๐‘ก2,๐‘3,๐‘ก10} as a Type-I structure; that is, a Type-I structure is a segment โŸจ๐‘ก๐ผ, ๐‘(1), ๐‘ก(1), ๐‘(2), ๐‘ก(2), โ€ฆ, ๐‘ก(๐‘˜โˆ’1), ๐‘(๐‘˜), ๐‘กโŸฉ of ๐‘, where(1)๐‘(1)โˆˆ๐‘ก๐ผโ€ข,(2){๐‘(1),โ€ฆ,๐‘(๐‘˜)}โŠ†๐‘ƒ(recall,๐‘ƒ={๐‘0}โˆช๐‘ƒ๐ผโˆช๐‘ƒ๐‘†โˆช๐‘ƒ๐น), (3)โ€ข๐‘ก(๐‘—)โˆฉ๐‘ƒ={๐‘(๐‘—)}, (4)๐‘กโˆˆ๐‘‡Synch, (5)๐‘˜>2.

The first condition states that ๐‘(1) is an output place of ๐‘ก๐ผ; the second states that all places are nonresource places; the third states that none of the intermediate transitions are synchronizations; the fourth states that the last transition is a synchronization; and the last states there are at least three places in the structure.

Thus, a Type-I structure of ๐‘ is a path in ๐‘ with at least three places that begins with ๐‘ก๐ผ, ends with a synchronization, and has the property that all intermediate transitions are not synchronizations.

Now, consider the Type-I structure, {๐‘ก๐ผ,๐‘1,๐‘ก1,๐‘2,๐‘ก2,๐‘3,๐‘ก10}, in Figure 3. Suppose we reduce it as follows:(1)delete ๐‘2 and ๐‘ก2 and all corresponding edges;(2)insert edge โŸจ๐‘ก1,๐‘3โŸฉ;(3)set the resource need vector associated with ๐‘3 to the component-wise maximum of the need vectors of all places in the Type-I structure, that is, the component-wise maximum of {โŸจ0,0,0โŸฉ;โŸจ1,0,0โŸฉ;โŸจ0,10โŸฉ} = โŸจ1,1,0โŸฉ.

Applying this reduction to the three Type-I structures in the example yields the resulting net shown in Figure 4. Note that the net now contains no Type-I structure.

More formally, let ๐œŒ1 represent a Type-I reduction on net ๐‘, and let ๐œŒ1(๐‘) be the resulting net. Then ๐œŒ1 applies the following actions to ๐‘.

Resource Bound Update
For each Type-I structure โŸจ๐‘ก๐ผ,๐‘(1),๐‘ก(1),โ€ฆ,๐‘ก(๐‘˜โˆ’1),๐‘(๐‘˜),๐‘กโŸฉ, assign ฮจ๐‘–(๐‘(๐‘˜))=max{๐‘ข๐‘–(๐‘(๐‘—))โˆถ๐‘—=1โ€ฆ๐‘˜}, ๐‘–=1โ€ฆ|๐‘ƒ๐‘…|, and let ฮจ๐‘˜ denote the vectorโŸจฮจ๐‘–(๐‘๐‘˜)โˆถ๐‘–=1โ€ฆ|๐‘ƒ๐‘…|โŸฉ.

Net Reduction
Delete {๐‘(2),๐‘ก(2),โ€ฆ,๐‘(๐‘˜โˆ’1),๐‘ก(๐‘˜โˆ’1)} and the associated arcs. Add arc (๐‘ก(1),๐‘(๐‘˜)).
Note that ฮจ๐‘–(๐‘(๐‘˜)) retains the maximum usage of resource, ๐‘Ÿ๐‘–, along the Type-I structure. Thus, the resource bound associated with the undeleted place, ๐‘(๐‘˜), will be the number of units of each resource required for the subprocess to reach the synchronization transition.
We note that all Type-I structures can be found in number of steps polynomial in places and transitions. We now proceed to our second reduction.
Now consider net segments {โŸจ๐‘ก๐ผ,๐‘1,๐‘ก1,๐‘3,๐‘ก10โŸฉ,โŸจ๐‘ก๐ผ,๐‘4,๐‘ก4,๐‘6,๐‘ก10โŸฉ, โŸจ๐‘ก๐ผ,๐‘7,๐‘ก7,๐‘9,๐‘ก10โŸฉ} of Figure 4. We refer to this structure as a Type-II structure, that is, a set of at least two parallel segments, starting at ๐‘ก๐ผ, with two intermediate places, and ending at ๐‘กโˆˆ๐‘‡Synch.
More formally, a Type-II structure is composed of ๐‘š>1 parallel segments in ๐‘ ending in ๐‘กโˆˆ๐‘‡Synch:1.โŸจ๐‘ก๐ผ,๐‘(11),๐‘ก(11),๐‘(12),๐‘กโŸฉ2.โŸจ๐‘ก๐ผ,๐‘(21),๐‘ก(21),๐‘(22),๐‘กโŸฉ.โ‹ฎโ€ƒโ€ƒโ€ƒโ€ƒโ‹ฎm.โŸจ๐‘ก๐ผ, ๐‘(๐‘š1), ๐‘ก(๐‘š1), ๐‘(๐‘š2), ๐‘กโŸฉsuch that {๐‘(11),โ€ฆ,๐‘(๐‘š1)}โŠ†๐‘ก๐ผโ€ข and ๐‘(๐‘–1)โ‰ ๐‘(๐‘—1)for๐‘–โ‰ ๐‘—.
A Type-II reduction, ๐œŒ2, is similar to the Type-I reduction in that it applies a bound update and then a net reduction. We first illustrate the bound update and reduction and then state it more formally.
To understand the next bound update, consider the nets of Figure 5. Each place in (a) is labeled with resource need. To mark ๐‘3, we require โŸจ121โŸฉ units for resources ๐‘Ÿ1, ๐‘Ÿ2 and ๐‘Ÿ3, thus, in (b), ฮจ3=โŸจ121โŸฉ. Similarly, ฮจ6=โŸจ223โŸฉ and ฮจ9=โŸจ412โŸฉ for places ๐‘6 and ๐‘9, respectively, as shown in (b).
Places in (b) are also labeled with their original resource needs, ๐‘ข3, ๐‘ข6, and ๐‘ข9. Now, for ๐‘3,๐‘6, and ๐‘9, consider ๐›ฟ๐‘–(๐‘๐‘˜)=ฮจ๐‘–(๐‘๐‘˜)โˆ’๐‘ข๐‘–(๐‘๐‘˜). We refer to ๐›ฟ๐‘–(๐‘๐‘˜) as the โ€œreturnโ€ of resource, ๐‘Ÿ๐‘–, by the corresponding subprocess. Letting let ๐›ฟ๐‘˜ denote the vector โŸจ๐›ฟ๐‘–(๐‘๐‘˜): ๐‘–=1โ‹ฏ|๐‘ƒ๐‘…|โŸฉ, we have ๐›ฟ3=โŸจ012โŸฉ, ๐›ฟ6=โŸจ213โŸฉ, and ๐›ฟ9=โŸจ410โŸฉ, as shown in Figure 5(b).
Sort the places {๐‘3,๐‘6,๐‘9} by decreasing return for ๐‘Ÿ1. Then we have ordered set โŸจ๐‘9,๐‘6,๐‘3โŸฉ since 4โ‰ฅ2โ‰ฅ0. In 5(a), if we first mark ๐‘9, then ๐‘6, and finally ๐‘3 according to the firing sequence ๐œŽ=๐‘ก5๐‘ก6๐‘ก3๐‘ก4๐‘ก1๐‘ก2, the following capacity constraints must be met (note that ๐ถ is the resource capacity vector): ฮจ9 = โŸจ412โŸฉโ‰ค๐ถ, ฮจ6 + ๐‘ข9 = โŸจ223โŸฉ+โŸจ002โŸฉ=โŸจ225โŸฉโ‰ค๐ถ, ฮจ3 + ๐‘ข9 + ๐‘ข6=โŸจ121โŸฉ+โŸจ002โŸฉ+โŸจ010โŸฉ=โŸจ133โŸฉโ‰ค๐ถ.
Taking the component-wise max across these constraints yields โŸจ435โŸฉโ‰ค๐ถ. Thus, โŸจ435โŸฉ is necessary and sufficient to execute ๐œŽ=๐‘ก5๐‘ก6๐‘ก3๐‘ก4๐‘ก1๐‘ก2. We will refer to ๐œŽ as a โ€œserializedโ€ firing sequence, since it advances the Type-I subprocesses to the synchronization transition one at a time. In other words, a serialized firing sequence does not allow parallel Type-I subprocesses to process in parallel. We refer to the computed bounds as serialized bounds.
Note that if we sort {๐‘3,๐‘6,๐‘9} in any other way, say โŸจ๐‘6,๐‘3,๐‘9โŸฉ, we get a different serialized firing sequence for marking the places and a different set of resource bounds (in this case, ๐‘ก3๐‘ก4๐‘ก1๐‘ก2๐‘ก5๐‘ก6 and โŸจ533โŸฉ, resp.). The bound for ๐‘Ÿ1 can be no smaller, although the bounds for ๐‘Ÿ2 and ๐‘Ÿ3 might be tighter. This is established by the following lemma.

Lemma 1. Let ๐‘๐‘— and ๐‘๐‘˜ be two places in a Type-II structure, where ๐›ฟ๐‘–(๐‘๐‘—) and ๐›ฟ๐‘–(๐‘๐‘˜) are the returns of resource ๐‘Ÿ๐‘–for ๐‘๐‘— and ๐‘๐‘˜. If ๐›ฟ๐‘–(๐‘๐‘—)โ‰ฅ๐›ฟ๐‘–(๐‘๐‘˜), then max(ฮจ๐‘–(๐‘๐‘˜),ฮจ๐‘–(๐‘๐‘—)+๐‘ข๐‘–(๐‘๐‘˜))โ‰ฅmax(ฮจ๐‘–(๐‘๐‘—),ฮจ๐‘–(๐‘๐‘˜)+๐‘ข๐‘–(๐‘๐‘—)).

Before going to the proof, note (recall) the following:(1)๐‘ข๐‘–(๐‘๐‘—) is the need (number of units held) of ๐‘Ÿ๐‘–at ๐‘๐‘—;(2)ฮจ๐‘–(๐‘๐‘˜) is the maximum need for ๐‘Ÿ๐‘– along the Type-I structure leading to ๐‘๐‘˜;(3) given that the ๐‘—th subprocess has advanced to ๐‘๐‘—, ฮจ๐‘–(๐‘๐‘˜) + ๐‘ข๐‘–(๐‘๐‘—) is a lower bound on the number of units of ๐‘Ÿ๐‘– required to advance the ๐‘˜th subprocess from its place in ๐‘ƒ๐ผ to ๐‘๐‘˜;(4) given that the ๐‘—th and ๐‘˜th subprocesses are both at their initial places in ๐‘ƒ๐ผ, max(ฮจ๐‘–(๐‘๐‘—), ฮจ๐‘–(๐‘๐‘˜) + ๐‘ข๐‘–(๐‘๐‘—)) is a lower bound on the number of units of ๐‘Ÿ๐‘– required to first advance the ๐‘—th subprocess to ๐‘๐‘— and then the ๐‘˜th subprocess to ๐‘๐‘˜.

Proof. By assumption ๐›ฟ๐‘–(๐‘๐‘—)โ‰ฅ๐›ฟ๐‘–(๐‘๐‘˜). Further, ฮจ๐‘–(๐‘๐‘—)โ‰ฅ๐›ฟ๐‘–(๐‘๐‘—), since the jth subprocess cannot return more of ๐‘Ÿ๐‘– than it is allocated.Then,ฮจ๐‘–(๐‘๐‘—)โˆ’๐›ฟ๐‘–(๐‘๐‘˜)โ‰ฅ0;ฮจ๐‘–(๐‘๐‘—)โˆ’ฮจ๐‘–(๐‘๐‘˜)+๐‘ข๐‘–(๐‘๐‘˜)โ‰ฅ0;ฮจ๐‘–(๐‘๐‘—)+๐‘ข๐‘–(๐‘๐‘˜)โ‰ฅฮจ๐‘–(๐‘๐‘˜). โ€ƒโ€ƒThus, max(ฮจ๐‘–(๐‘๐‘˜),ฮจ๐‘–(๐‘๐‘—)+๐‘ข๐‘–(๐‘๐‘˜))=ฮจ๐‘–(๐‘๐‘—)+๐‘ข๐‘–(๐‘๐‘˜).Now, since ๐‘ข๐‘–(๐‘๐‘˜)โ‰ฅ0, we have ฮจ๐‘–(๐‘๐‘—)+๐‘ข๐‘–(๐‘๐‘˜)โ‰ฅฮจ๐‘–(๐‘๐‘—);andฮจ๐‘–(๐‘๐‘—)+๐‘ข๐‘–(๐‘๐‘˜)=ฮจ๐‘–(๐‘๐‘—)+ฮจ๐‘–(๐‘๐‘˜)โˆ’๐›ฟ๐‘–(๐‘๐‘˜);ฮจ๐‘–(๐‘๐‘—)+๐‘ข๐‘–(๐‘๐‘˜)โ‰ฅฮจ๐‘–(๐‘๐‘—)+ฮจ๐‘–(๐‘๐‘˜)โˆ’๐›ฟ๐‘–(๐‘๐‘—);(since๐›ฟ๐‘–(๐‘๐‘—)โ‰ฅ๐›ฟ๐‘–(๐‘๐‘˜))ฮจ๐‘–(๐‘๐‘—)+๐‘ข๐‘–(๐‘๐‘˜)โ‰ฅฮจ๐‘–(๐‘๐‘˜)+๐‘ข๐‘–(๐‘๐‘—).Thus,max(ฮจ๐‘–(๐‘๐‘˜),ฮจ๐‘–(๐‘๐‘—)+๐‘ข๐‘–(๐‘๐‘˜))โ‰ฅmax(ฮจ๐‘–(๐‘๐‘—),ฮจ๐‘–(๐‘๐‘˜)+๐‘ข๐‘–(๐‘๐‘—)).

The point is to show that if we advance the subprocesses serially; that is, one at a time, from their places in ๐‘ƒ๐ผ to their synchronization transition, in order of decreasing return of ๐‘Ÿ๐‘–, then we will minimize the need for ๐‘Ÿ๐‘– in the serial advancement.

We can now formally state the bound update and net reduction. To understand the subscripts, please refer to the definition of a Type-II structure given above. Our approach is to identify a critical resource, ๐‘Ÿ๐‘, perhaps one that is most constraining or most expensive, and compute bounds for Type-II reductions using the returns for ๐‘Ÿ๐‘ as a sorting key in ordering the corresponding subprocesses.

Resource Bound Update for Critical Resource, ๐‘Ÿ๐‘
For a Type-II structureโ€ƒLet ๐›ฟ๐‘–(๐‘(๐‘—2))=ฮจ๐‘–(๐‘(๐‘—2))โˆ’๐‘ข๐‘–(๐‘(๐‘—2)), ๐‘—=1,โ€ฆ,๐‘š, ๐‘–=1,โ€ฆ,|๐‘ƒ๐‘…|โ€ƒSort {๐‘(12)โ‹ฏ๐‘(๐‘š2)} by decreasing ๐›ฟ๐‘(๐‘(๐‘—2))โ€ƒLet ฮ“=โŸจ๐‘1,โ€ฆ,๐‘๐‘šโŸฉ be the sorted setโ€ƒFor ๐‘–=1,โ€ฆ,|๐‘ƒ๐‘…|โ€ƒโ€ƒSet ฮจ๐‘–(๐‘(12)) to max{ฮจ๐‘–(๐‘๐‘กโˆ‘)+๐‘กโˆ’1๐‘—=1๐‘ข๐‘–(๐‘๐‘—)โˆถ๐‘ก=1,โ€ฆ,๐‘š}โ€ƒEnd ForEnd For

Net Reduction
Delete {๐‘(21),๐‘ก(21),๐‘(22);โ€ฆ;๐‘(๐‘š1),๐‘ก(๐‘š1),๐‘(๐‘š2)} and the associated arcs.
Subsequently, let ๐œŒ2(๐‘) denote the net resulting from a Type-II reduction having been applied to ๐‘; that is, in ๐œŒ2(๐‘) all Type-II structures have been reduced. Clearly, all Type-II structures in a net can be found in number of steps polynomial in places and transitions.
Let us now apply a Type-II reduction to the net of Figure 4. Assuming that ๐‘Ÿ1 is the critical resource, we obtain the resulting net depicted in Figure 6 (note that a new Type I structure has emerged).
Lemma 2 guarantees the computed bounds are sufficient for some serialized firing sequence.

Lemma 2. Suppose ๐‘โˆˆG-AMGAwith ๐‘š Type-I structures connecting ๐‘ก๐ผ and ๐‘ก๐‘—โˆˆ๐‘‡Synch, โŸจ๐‘ก๐ผ,๐‘(11),๐‘ก(11)โ€ฆ๐‘(1๐‘˜),๐‘ก๐‘—โŸฉ, โŸจ๐‘ก๐ผ,๐‘(21),๐‘ก(21)โ€ฆ๐‘(2๐‘›),๐‘ก๐‘—โŸฉ, โ€ฆ, and โŸจ๐‘ก๐ผ,๐‘(๐‘š1),๐‘ก(๐‘š1)โ€ฆ๐‘(๐‘š๐‘),๐‘ก๐‘—โŸฉ. Then ฮจ(1๐‘˜)={ฮจโ„Ž(๐‘(1๐‘˜))โˆถโ„Ž=1,โ€ฆ,|๐‘ƒ๐‘…|} in ๐œŒ2๐œŒ1(๐‘) is a sufficient resource level to enable a firing sequence of ๐‘ that marks {๐‘(1๐‘˜),๐‘(2๐‘›),โ€ฆ,๐‘(๐‘š๐‘)}.

Proof. It is clear that ฮจ(1๐‘˜) in ๐œŒ1(๐‘) enables ๐œŽ1=๐‘ก(11)๐‘ก(12)โ€ฆ๐‘ก(1,๐‘˜โˆ’1) in ๐‘, ฮจ(2๐‘›) in ๐œŒ1(๐‘) enables ๐œŽ2=๐‘ก(21)๐‘ก(22)โ€ฆ๐‘ก(2,๐‘›โˆ’1) in ๐‘, and so forth. Now ๐œŒ1(๐‘) will contain Type-II structure {โŸจ๐‘ก๐ผ,๐‘(11),๐‘ก(11),๐‘(1๐‘˜),๐‘ก๐‘—โŸฉ,โŸจ๐‘ก๐ผ,๐‘(21),๐‘ก(21),๐‘(2๐‘›),๐‘ก๐‘—โŸฉ,โ€ฆ,โŸจ๐‘ก๐ผ,๐‘(๐‘š1),๐‘ก(๐‘š1),๐‘(๐‘š๐‘),๐‘ก๐‘—โŸฉ}. Before doing the Type-II reduction, we sort {๐‘(1๐‘˜),๐‘(2๐‘›),โ€ฆ,๐‘(๐‘š๐‘)} based on the return of critical resource, ๐‘Ÿ๐‘ (perhaps arbitrarily chosen), ๐›ฟ๐‘(๐‘)=ฮจ๐‘(๐‘)โˆ’๐‘ข๐‘(๐‘), and let โŸจ๐‘1๐‘2,โ€ฆ,๐‘๐‘šโŸฉ be the sorted set, in order of decreasing return. Then, if the resource capacities satisfy the following constraint set: {ฮจ1โ‰ค๐ถ,ฮจ2+๐‘ข1โ‰ค๐ถ, ฮจ3+๐‘ข1+๐‘ข2 โ‰ค ๐ถ,โ€ฆ,ฮจ๐‘š+๐‘ข1+โ‹ฏ+๐‘ข๐‘šโˆ’1โ‰ค๐ถ} in ๐‘, we can first fire ๐œŽ1 and mark ๐‘1, next fire ๐œŽ2 and mark ๐‘2, and so forth. Thus, by updating ฮจ(1๐‘˜) with the component-wise maximum of {ฮจ1โ‰ค๐ถ, ฮจ2+๐‘ข1โ‰ค๐ถ, ฮจ3+๐‘ข1+๐‘ข2โ‰ค๐ถ,โ€ฆ,ฮจ๐‘š+๐‘ข1+โ‹ฏ+๐‘ข๐‘šโˆ’1โ‰ค๐ถ} before the Type-II reduction, we assure that ฮจ(1๐‘˜)in๐œŒ2๐œŒ1(๐‘) is a sufficient resource level to enable the firing sequence ๐œŽ1๐œŽ2,โ€ฆ,๐œŽ๐‘š in ๐‘.

We will now establish some necessary properties for these reductions. We note that the reductions are defined on ๐‘ and not on ๐‘๐‘…โˆˆG-AMGA. For the sake of brevity, we will use the notation โ€œ๐‘โˆˆG-AMGAimplies ๐œŒ(๐‘)โˆˆG-AMGAโ€ to indicate that a reduction preserves the class defining structure of the process flow. Note that in the strictest sense, if ๐‘๐‘…โˆˆG-AMGA and ๐‘ is the corresponding process subnet, then ๐‘โˆˆG-AMGA, since it represents a valid process flow with no resource requirements.

Lemma 3. ๐‘โˆˆG-AMGA implies ๐œŒ1(๐‘)โˆˆG-AMGA.

Proof. Suppose ๐‘ has no Type-I structure. Then, ๐œŒ1(๐‘)=๐‘๐‘– and hence ๐‘โˆˆG-AMGA. Suppose ๐‘ has a Type-I structure โŒฉ๐‘ก๐ผ,๐‘(1),๐‘ก(1),๐‘(2),โ€ฆ,๐‘ก(๐‘˜โˆ’1),๐‘(๐‘˜),๐‘ก(๐‘˜)โŒช. In ๐œŒ1(๐‘), this structure is transformed to โŸจ๐‘ก๐ผ,๐‘(1),๐‘ก(1),๐‘(๐‘˜),๐‘ก(๐‘˜)โŸฉ. Since {๐‘(1),๐‘ก(1), ๐‘(2),โ€ฆ,๐‘ก(๐‘˜โˆ’1),๐‘(๐‘˜)} are connected to the rest of ๐‘ through ๐‘ก๐ผ and ๐‘ก(๐‘˜) only, the reduction is local and all other places, transitions, and arcs remain intact. Thus ๐‘โˆˆG-AMGA implies ๐œŒ1(๐‘)โˆˆG-AMGA.

Lemma 4. ๐‘โˆˆG-AMGA implies ๐œŒ2(๐‘)โˆˆG-AMGA.

Proof. Suppose N has no Type-II structure. Then, ๐œŒ2(๐‘)=๐‘and thus ๐‘โˆˆG-AMGA. Suppose ๐‘ has a Type-II structure {โŸจ๐‘ก๐ผ,๐‘(11),๐‘ก(11),๐‘(12),๐‘ก๐‘—โŸฉ, โŸจ๐‘ก๐ผ,๐‘(21),๐‘ก(21),๐‘(22),๐‘ก๐‘—โŸฉโ‹ฏโŸจ๐‘ก๐ผ,๐‘(๐‘š1),๐‘ก(๐‘š1),๐‘(๐‘š2),๐‘ก๐‘—โŸฉ}. In ๐œŒ2(๐‘), the m parallel sequences are transformed into the single sequence, โŸจ๐‘ก๐ผ,๐‘(11),๐‘ก(11),๐‘(12),๐‘ก๐‘—โŸฉ. As before, all other places and transitions remain intact, and thus ๐‘โˆˆG-AMGA implies ๐œŒ2(๐‘)โˆˆG-AMGA.

The above two lemmas establish that ๐œŒ๐‘–: G-AMGAโ†’G-AMGA, ๐‘–=1,2. Note that for any ๐‘โˆˆG-AMGA, ๐‘0โˆˆ๐‘ƒ and ๐‘ƒ๐ผโˆช๐‘ƒ๐‘ โˆช๐‘ƒ๐นโ‰ โˆ…, {๐‘ก๐ผ,๐‘ก๐น}โŠ†๐‘‡, {(๐‘0,๐‘ก๐ผ),(๐‘ก๐น,๐‘0)}โŠ†๐‘Š, ๐‘ก๐ผโ€ขโ‰ โˆ…, โ€ข๐‘ก๐นโ‰ โˆ…, and there is a path from ๐‘ก๐ผ to ๐‘ก๐น. Let โ„ต = {{๐‘0,๐‘(1)},{๐‘ก๐ผ,๐‘ก๐น},{(๐‘0,๐‘ก๐ผ),(๐‘ก๐ผ,๐‘(1)),(๐‘(1),๐‘ก๐น), (๐‘ก๐น,๐‘0)},{1,0}}. It is clear that โ„ตโˆˆG-AMGA and that ๐œŒ๐‘– will not affect โ„ต, since โ„ต has no Type-1 or Type-2 structure. We refer to โ„ต as โ€œirreducible.โ€

Lemma 5. If ๐‘โˆˆG-AMGA and ๐‘โ‰ โ„ต, then there exists a Type-I or Type-II structure in ๐‘.

Proof. Suppose that ๐‘ is not irreducible. Then ๐‘‡๐‘†โ‰ โˆ…. Suppose that there exists neither Type-I structure nor Type-II structure. Then, since no Type-I structure exists, every ๐‘ก๐‘ขโˆˆ๐‘‡๐‘† is a synchronization. This implies that |๐‘ก๐ผโ€ข|>1, otherwise there are no subprocesses to synchronize. Since no Type-II structure exists, for every pair (๐‘๐‘—,๐‘๐‘˜)โŠ†๐‘ก๐ผโ€ข, ๐‘๐‘—โ€ขโ‰ ๐‘๐‘˜โ€ข. This implies that for every ๐‘๐‘—โˆˆ๐‘ก๐ผโ€ข,โˆƒ๐‘๐‘ขโˆ‰๐‘ก๐ผโ€ขsuch that ๐‘๐‘— and ๐‘๐‘ข synchronize at ๐‘๐‘—โ€ข. Note that there must be a path from ๐‘ก๐ผ to ๐‘๐‘ข, and the first node of this path, say ๐‘๐‘ฃ, must be in ๐‘ก๐ผโ€ข. Further, the synchronization transition, ๐‘๐‘ฃโ€ข, must fire before ๐‘๐‘ข can be marked. Thus, for every ๐‘๐‘—โˆˆ๐‘ก๐ผโ€ข there exists ๐‘๐‘ฃโˆˆ๐‘ก๐ผโ€ข such that ๐‘๐‘ฃโ€ข must be enabled and fired before ๐‘๐‘—โ€ข can be enabled and fired. Since ๐‘ก๐ผโ€ข is finite, this implies a cyclic dependency among the transitions of ๐‘ก๐ผโ€ขโ€ข, which contradicts the implication of Definition A.11 that every cycle of ๐‘ passes through ๐‘0.

With these results, the following theorems are now straightforward.

Theorem 1. For every ๐‘โˆˆG-AMGA, there is a finite sequence of reductions that maps N to irreducible form. Further, sequence length is ๐‘‚(|๐‘ƒ๐‘†|).

Proof. Suppose ๐‘โˆˆG-AMGA is not in irreducible form. Then, it can be reduced by the following algorithm, which will return the required sequence of reductions:Set ๐œ‚=๐‘,๐œŒ=๐œ€ (empty string)While๐œ‚โ‰ โ„ตโ€ƒ๐œ‚=๐œŒ2(๐œŒ1(๐œ‚))โ€ƒ๐œŒ=๐œŒ2๐œŒ1๐œŒ (concatenation)End WhileReturn ๐œŒNote that if ๐œ‚ is not irreducible, then ๐œŒ2(๐œŒ1(๐œ‚)) has fewer places than ๐œ‚. Since ๐‘ has finite places, the While will terminate in a finite number of steps not larger than |๐‘ƒ๐‘†| since each iteration will eliminate at least one place.

In the following, we will let (๐œŒ2๐œŒ1)๐‘›(๐‘) denote the net that results after the Type-I/Type-II reduction sequence has been applied ๐‘› times.

Theorem 2. For every ๐‘โˆˆG-AMGA, let๐œ‚=(๐œŒ2๐œŒ1)๐‘›(๐‘) and suppose that ๐‘๐‘— has survived at least one update to ฮจ๐‘— without being deleted. Then ฮจ๐‘— is sufficient to enable a firing sequence in ๐‘ that enables ๐‘๐‘—โ€ข.

Proof. Suppose ๐‘๐‘— has been involved in Type-I and Type-II structures over the n reductions and is the surviving place of those reduced structures. By the induction hypothesis, ฮจ๐‘— is sufficient to enable a firing sequence in ๐‘ that enables ๐‘ก๐‘—=๐‘๐‘—โ€ข, say ๐œŽ. Note that in ๐œ‚, โ€ข๐‘๐‘—={๐‘ก๐ผ} and ๐‘๐‘— is in a Type-I structure (assuming ๐‘ก๐‘—โ‰ ๐‘ก๐น), since it is the lone input to ๐‘ก๐‘— and ๐‘ก๐‘—โ€ขโ‰ โˆ…. (To see this, recall that since ๐œŒ2 is performed after ๐œŒ1, ๐œ‚ has no Type-II structures.) Let โŸจ๐‘ก๐ผ,๐‘๐‘—,๐‘ก๐‘—,๐‘(2),๐‘ก(2)โ€ฆ๐‘ก(๐‘˜โˆ’1),๐‘(๐‘˜),๐‘ก(๐‘˜)โŸฉ be this Type-I structure in ๐œ‚. On subsequent Type-I reduction, ฮจโ„Ž(๐‘(๐‘˜))=max{ฮจโ„Ž(๐‘๐‘—),ฮจโ„Ž(๐‘(2)),โ€ฆ,ฮจโ„Ž(๐‘(๐‘˜))}, for โ„Ž=1,โ€ฆ,|๐‘ƒ๐‘…|, then {๐‘(2),โ€ฆ,๐‘๐‘–(๐‘˜โˆ’1)} will be deleted, along with corresponding arcs and arc (๐‘ก๐‘—,๐‘(๐‘˜)) will be added. Thus, ฮจ(๐‘˜) will be sufficient for firing sequence ๐œŽ๐œ=๐œŽ๐‘ก๐‘—๐‘ก(2)โ€ฆ๐‘ก(๐‘˜โˆ’1), which marks ๐‘(๐‘˜).
Now, consider ๐œŒ1(๐œ‚) with a Type-II structure {โŸจ๐‘ก๐ผ,๐‘(11),๐‘ก(11),๐‘(12),๐‘ก๐‘—โŸฉ, โŸจ๐‘ก๐ผ,๐‘(21),๐‘ก(21),๐‘(22),๐‘ก๐‘—โŸฉโ‹ฏโŸจ๐‘ก๐ผ,๐‘(๐‘š1),๐‘ก(๐‘š1),๐‘(๐‘š2),๐‘ก๐‘—โŸฉ}, where ๐œŽ๐œ(1) marks ๐‘(12), ๐œŽ๐œ(2) marks ๐‘(22),โ€ฆ, and ๐œŽ๐œ(๐‘š) marks ๐‘(๐‘š2). Suppose we order {๐‘(12),๐‘(22),โ€ฆ,๐‘(๐‘š2)} by decreasing return, ๐›ฟ๐‘—=ฮจ๐‘—โˆ’๐‘ข๐‘—, and let {๐‘1๐‘2,โ€ฆ,๐‘๐‘š} be the ordered set. Then, if we let ฮจ(12) be the component-wise maximum of {ฮจ1,ฮจ2+๐‘ข1,ฮจ3+๐‘ข1+๐‘ข2,โ€ฆ,ฮจ๐‘š+๐‘ข1+โ‹ฏ+๐‘ข๐‘šโˆ’1}, it is clear that ฮจ(12) is sufficient to enable the firing sequence ๐œŽ๐œ1๐œ2,โ€ฆ,๐œŽ๐œ๐‘š, and thus after the Type-II reduction, ฮจ(12) for ๐‘(12) in ๐œŒ2๐œŒ1(๐œ‚)= (๐œŒ2๐œŒ1)๐‘›+1(๐œ‚) is sufficient to enable firing sequence ๐œŽ๐œ1๐œ2,โ€ฆ,๐œŽ๐œ๐‘š in ๐‘, which enables ๐‘(1)โ€ข.

Algorithm 2 uses Type-I and Type-II reductions to compute resource levels sufficient to guarantee quasi-liveness. The algorithm starts with ๐‘, and for each process place, defines a bounding function, ฮจ, for each resource. This bounding function is initialized to the resource need of the place. The While loop then updates the bounding function and applies reductions until the net is irreducible, at which point the resource bounds are returned.

Input: ๐‘ โˆˆ G - A M G A and critical resource, ๐‘Ÿ ๐‘
Output: Serialized bounds, sequence of place markings.
๐œ‚ = ๐‘ , ๐œ— = โˆ… ( ๐œ— is a last-in-first-out list )
For ๐‘ โˆˆ ๐‘ƒ ๐‘† โˆช ๐‘ƒ ๐ผ โˆช ๐‘ƒ ๐น
โ€ƒ ฮจ โ„Ž ( ๐‘ ) = ๐‘ข โ„Ž ( ๐‘ ) for โ„Ž = 1 , โ€ฆ , | ๐‘ƒ ๐‘… |
While ๐œ‚ โ‰  โ„ต
โ€ƒFor each Type-I structure โŸจ ๐‘ก ๐ผ , ๐‘ ( 1 ) , โ€ฆ , ๐‘ก ( ๐‘› โˆ’ 1 ) , ๐‘ ( ๐‘› ) , ๐‘ก ( ๐‘› ) โŸฉ in ๐œ‚
โ€ƒโ€ƒ ฮจ โ„Ž ( ๐‘ ( ๐‘› ) ) = m a x { ฮจ โ„Ž ( ๐‘ ( 1 ) ) , โ€ฆ , ฮจ โ„Ž ( ๐‘ ( ๐‘› ) ) } , โ„Ž = 1 โ€ฆ | ๐‘ƒ ๐‘… |
End For
๐œ‚ = ๐œŒ 1 ( ๐œ‚ )
For a Type-II structure { โŸจ ๐‘ก ๐ผ , ๐‘ ( 1 1 ) , ๐‘ก ( 1 1 ) , ๐‘ ( 1 2 ) , ๐‘ก ๐‘— โŸฉ , โŸจ ๐‘ก ๐ผ , ๐‘ ( 2 1 ) , ๐‘ก ( 2 1 ) , ๐‘ ( 2 2 ) , ๐‘ก ๐‘— โŸฉ โ‹ฏ โŸจ ๐‘ก ๐ผ , ๐‘ ( ๐‘š 1 ) , ๐‘ก ( ๐‘š 1 ) , ๐‘ ( ๐‘š 2 ) , ๐‘ก ๐‘— โŸฉ } in ๐œ‚
โ€ƒSort { ๐‘ ( 1 2 ) , ๐‘ ( 2 2 ) โ‹ฏ ๐‘ ( ๐‘š 2 ) } by decreasing ๐›ฟ ๐‘ and let โŸจ ๐‘ 1 , โ€ฆ , ๐‘ ๐‘š โŸฉ be the sorted set
โ€ƒInsert โŸจ ๐‘ 1 , โ€ฆ , ๐‘ ๐‘š โŸฉ into ๐œ—
โ€ƒFor โ„Ž = 1 โ€ฆ | ๐‘ƒ ๐‘… |
โ€ƒSet ฮจ โ„Ž ( ๐‘ ( 1 2 ) ) to
โ€ƒโ€ƒmax { ฮจ โ„Ž ( ๐‘ ๐‘ก โˆ‘ ) + ๐‘ก โˆ’ 1 ๐‘— = 1 ๐‘ข ๐‘— โˆถ ๐‘ก = 1 , โ€ฆ , ๐‘š }
โ€ƒโ€ƒEnd For
โ€ƒEnd For
โ€ƒ ๐œ‚ = ๐œŒ 2 ( ๐œ‚ )
End While
Return { โŸจ ฮจ โ„Ž โˆถ โ„Ž = 1 โ€ฆ | ๐‘ƒ ๐‘… | โŸฉ , ๐œ— }

More specifically, in the first For loop, the resource bound of the last place of each Type-I structure is updated with the maximum resource usage along the structure. Thus, the resource bound associated with the last place of each Type-I structure will be the number of units of each resource necessary for the subprocess to reach the synchronization transition. After these updates, the net reduction is applied.

After the Type-I reduction, if the net is not irreducible, at least one Type-II structure will be present. For each Type-II structure, say {โŸจ๐‘ก๐ผ,๐‘(11),๐‘ก(11),๐‘(12),๐‘ก๐‘—โŸฉ, โŸจ๐‘ก๐ผ,๐‘(21),๐‘ก(21),๐‘(22),๐‘ก๐‘—โŸฉโ€ฆ โŸจ๐‘ก๐ผ,๐‘(๐‘š1),๐‘ก(๐‘š1),๐‘(๐‘š2),๐‘ก๐‘—โŸฉ}, the second For loop first updates the resource bounds of the place in the first path, โŸจ๐‘ก๐ผ,๐‘(11),๐‘ก(11),๐‘(12),๐‘ก๐‘—โŸฉ, as illustrated and discussed above, and then deletes the other places. We note that before the bounds are computed for the Type-II reduction, the places in the Type-II structure are sorted. These sorted sets are saved on a last-in-first-out list and returned by the algorithm since they can be used to construct the serialized sequence which corresponds to the computed bounds. Thus, if the serialized bounds computed by Algorithm 2 are met, a serialized sequence can be easily constructed and, in the strictest sense, enumeration of the reachability graph need not occur. However, some additional enumeration and search might be desirable, since the serialized transition firings limit the concurrency of subprocesses.

Consider Figure 6. The resulting net is obtained after Type-I and Type-II reductions have been applied to the example assembly system of Figure 3. A Type-I structure, โŸจ๐‘ก๐ผ,๐‘1,๐‘ก1,๐‘3,๐‘ก10,๐‘10,๐‘ก12โŸฉ, can be further reduced, giving rise to โŸจ๐‘ก๐ผ,๐‘(11),๐‘ก(11),๐‘(12),๐‘ก12โŸฉ with ฮจ(๐‘(12))=โŸจ132โŸฉ, ๐‘ข(๐‘(12))=โŸจ030โŸฉ and ๐›ฟ(๐‘(12))=โŸจ102โŸฉ. We now have a Type-II structure: โŸจ๐‘ก๐ผ,๐‘(11),๐‘ก(11),๐‘(12),๐‘ก12โŸฉ and โŸจ๐‘ก๐ผ,๐‘11,๐‘ก11,๐‘12,๐‘ก12โŸฉ. Assuming that ๐‘Ÿ1 is a critical resource and hence a sorting key, the Type-II structure is reduced to โŸจ๐‘ก๐ผ,๐‘(11),๐‘ก(11),๐‘(12),๐‘ก12โŸฉ with ฮจ(๐‘(12))=โŸจ241โŸฉ. However, if ๐‘Ÿ2 is used as a sorting key and the subprocess โŸจ๐‘ก๐ผ,๐‘11,๐‘ก11,๐‘12,๐‘ก12โŸฉ is executed first, then the Type-II structure is reduced to having ฮจ(๐‘(12))=โŸจ343โŸฉ. If โŸจ๐ถ1,๐ถ2,๐ถ2โŸฉ=โŸจ2,4,1โŸฉ, then the first Type-II reduction guarantees quasi-liveness.

We note that it is possible to compute a looser set of resource bounds that guarantees that any precedence feasible sequence of transition firings is resource enabled by replacing the interior of the third For loop with the following statement:ฮจโ„Ž๎€ท๐‘(1)๎€ธ=๐‘˜๎“๐‘—=1ฮจโ„Ž๎€ท๐‘(๐‘—)๎€ธ||๐‘ƒ,โ„Ž=1โ€ฆ๐‘…||.(1)

This sum guarantees that the maximum resource needs of the corresponding subprocesses can be met simultaneously, and thus every sequence of transition firings will be resource feasible. Clearly, in this case, enumeration is not required.

4. The G-AMGASU Model for the ASU-RAS

This section studies the subclass of systems in G-AMGA where net places have single unit resource need; that is G-AMGASUโŠ†G-AMGA is the subclass of G-AMGA where for all ๐‘โˆˆ๐‘ƒ๐‘†, โˆ‘๐‘šโ„Ž=1๐‘ขโ„Ž(๐‘)โ‰ค1, where ๐‘š=|๐‘ƒ๐‘…| and ๐‘ขโ„Ž being the ๐‘-semiflow in item 5 of Definition A.11 of the Appendix. We refer to this class as the ASU-RAS. For the ASU-RAS, we develop resource capacity bounds for which quasi-liveness is polynomial in the number of places and transitions in the underlying G-AMGASU. We also develop a fast method for finding sequences without developing the reachability graph of the underlying G-AMGASU.

More formally, we impose the following additional constraints on ๐‘Š of G-AMGA.

Definition 6. G-AMGASU is the class of nets obtained by placing the following constraints onG-AMGA:(1)for all ๐‘ก๐‘ขโˆˆ๐‘ƒ๐ผโ€ข,โˆ‘๐‘šโ„Ž=1๐‘Š(๐‘Ÿโ„Ž,๐‘ก๐‘–๐‘ข)=1,(2)for all ๐‘ก๐‘ขโˆˆ๐‘‡๐‘†,โˆ‘๐‘šโ„Ž=1๐‘Š(๐‘Ÿโ„Ž,๐‘ก๐‘ข)โ‰ค1,(3)for all ๐‘ก๐‘ขโˆˆ๐‘‡๐‘†โˆ‘,if๐‘šโ„Ž=1๐‘Š(๐‘Ÿโ„Ž,๐‘ก๐‘–๐‘ข)=1, then ๐‘Š(๐‘ก๐‘ข,๐‘Ÿโ„Žโˆ‘)=๐‘โˆˆโ€ข๐‘ก๐‘†๐‘ขโˆฉ๐‘ƒ๐‘ขโ„Ž(๐‘), for โ„Ž=1,โ€ฆ,๐‘š, (4)for all ๐‘ก๐‘ขโˆˆ๐‘‡๐‘†โงตโ€ข๐‘ƒ๐น, if โˆ‘๐‘šโ„Ž=1๐‘Š(๐‘Ÿโ„Ž,๐‘ก๐‘ข)=0, then๐‘š๎“โ„Ž=1๐‘Š๎€ท๐‘ก๐‘ข,๐‘Ÿโ„Ž๎€ธ=โŽ›โŽœโŽœโŽ๐‘š๎“โ„Ž=1โŽ›โŽœโŽœโŽ๎“๐‘โˆˆโ€ข๐‘ก๐‘†๐‘ขโˆฉ๐‘ƒ๐‘ขโ„ŽโŽžโŽŸโŽŸโŽ โŽžโŽŸโŽŸโŽ ๐‘Š๎€ท๐‘ก(๐‘)โˆ’1,forโ„Ž=1โ€ฆ๐‘š,๐‘ข,๐‘Ÿโ„Ž๎€ธโˆˆโŽงโŽชโŽจโŽชโŽฉโŽงโŽชโŽจโŽชโŽฉโŽ›โŽœโŽœโŽ๎“max0,๐‘โˆˆโ€ข๐‘ก๐‘†๐‘ขโˆฉ๐‘ƒ๐‘ขโ„Ž(โŽžโŽŸโŽŸโŽ โŽซโŽชโŽฌโŽชโŽญ,๎“๐‘)โˆ’1๐‘โˆˆโ€ข๐‘ก๐‘†๐‘ขโˆฉ๐‘ƒ๐‘ขโ„Ž(โŽซโŽชโŽฌโŽชโŽญ.๐‘)(2) The first constraint says that a subprocess must be allocated a resource for its first processing step. The second says that no more than one unit of one resource type may be requested at a transition. The third says that when a unit of resource is allocated at a transition, all resources held by the requesting subprocesses must be returned. Finally, the fourth says that if a transition does not allocate a resource, then the return must be exactly one unit less than the number currently held (except for transitions in โ€ข๐‘ƒ๐น, which release all resources). We have the following lemma.

Lemma 7. For any ๐‘ƒโˆˆ๐‘ƒ๐‘†โงต(๐‘ƒ๐ผโˆช๐‘ƒ๐น), the resource need vector is an ๐‘š dimensional unit vector.

Proof. For ๐‘ƒโˆˆ๐‘ƒ๐‘†โงต(๐‘ƒ๐ผโˆช๐‘ƒ๐น) we consider the following exhaustive cases.Case 1. Suppose ๐‘ขโ„Ž(๐‘)=0 for โ„Ž=1,โ€ฆ,๐‘š. By (1), ๐‘ƒโˆ‰๐‘ƒ๐ผโ€ขโ€ข, but there must be a path, say ๐›พ, from some ๐‘ƒ๐‘ขโˆˆ๐‘ƒ๐ผ๐‘ก๐‘œ๐‘ƒ. The first transition of the path, ๐‘๐‘ขโ€ข, allocates one unit of some resource to the corresponding subprocess. Thus, some transition along ๐›พ must deallocate all resources with no additional allocation. This violates (4).Case 2. Suppose ๐‘ขโ„Ž(๐‘)=๐‘˜>1 for some ๐‘Ÿโ„Ž. Either these ๐‘˜ units of ๐‘Ÿโ„Ž are accumulated through at least ๐‘˜ transitions or they result from insufficient resource release at the firing of a synchronization transition. By (3), when a resource is allocated to a set of requesting subprocesses, all resources held by those subprocesses must be released. Thus, resources cannot be accumulated through consecutive transitions firings. By (4), if no resources are allocated at a transition, the corresponding subprocesses must still return all resources held except one. Thus, ๐‘ขโ„Ž(๐‘)=๐‘˜>1 for some ๐‘Ÿโ„Ž violates both (3) and (4).Case 3. Suppose ๐‘ขโ„Ž(๐‘)=1and๐‘ข๐‘˜(๐‘)=1. By the logic of Case 2, this is impossible.

Now, for ๐‘๐‘…โˆˆG-AMGASU, the reversed subnet, ๐‘๎…ž๐‘…, as defined in Section 3, has splitting (disassembly) but no merging. In the following, we use ๐‘๎…ž๐‘… to develop resource bounds that guarantee quasi-liveness and polynomial sequence enumeration for ๐‘๐‘…. Note that ๐‘ก๐‘ขโˆˆ๐‘‡Synch in ๐‘๐‘… is a disassembly transition in ๐‘๎…ž๐‘…. Let ๐‘‡Split be the set of disassembly transitions in ๐‘๎…ž๐‘…. Note that for ๐‘กโˆˆ๐‘‡Split, |โ€ข๐‘กโˆฉ๐‘ƒSi|=1 and โˆ‘๐‘šโ„Ž=1๐‘ขโ„Ž(โ€ข๐‘กโˆฉ๐‘ƒ๐‘†)=1. If ๐‘ขโ„Ž(โ€ข๐‘กโˆฉ๐‘ƒ๐‘†) = 1, we refer to ๐‘Ÿโ„Ž as the โ€œdisassembly resource.โ€ Let ๐‘‡โ„ŽSplit={๐‘กโˆถ๐‘กโˆˆ๐‘‡Split and ๐‘ขโ„Ž(โ€ข๐‘กโˆฉ๐‘ƒ๐‘†)=1 in ๐‘๎…ž๐‘…}, โ„Ž=1,โ€ฆ,๐‘š. The set, ๐‘‡โ„ŽSplit, collects all the disassembly transitions in ๐‘๎…ž๐‘… that have ๐‘Ÿโ„Ž as the disassembly resource. Since each disassembly utilizes a single resource type, we have ๐‘‡๐‘ขSplitโˆฉ๐‘‡๐‘ฃSplit=โˆ… when ๐‘ขโ‰ ๐‘ฃ.

For ๐‘กโˆˆ๐‘‡๐‘†,letฮ“(๐‘ก) be the set of transitions in ๐‘‡๐‘† reachable from ๐‘ก in paths of ๐‘๎…ž๐‘… not containing ๐‘0. Note that for ๐‘กโˆˆ๐‘‡๐‘†,ฮ“(๐‘ก) identifies reachable transitions that occur later in the disassembly process. Let ๐ฟ๐‘‡โ„ŽSplit= {๐‘กโˆถ๐‘กโˆˆ๐‘‡โ„ŽSplitand๐‘‡โ„ŽSplitโˆฉฮ“(๐‘ก)=โˆ…} and note that ๐ฟ๐‘‡โ„ŽSplit represents the set of disassembly transitions that use ๐‘Ÿโ„Ž as the disassembly resource but have no reachable transition (without including ๐‘0) that does the same. That is, these are disassembly transitions, which use ๐‘Ÿโ„Ž, that occur latest in the disassembly process. The following lemma guarantees that the total token count in the set of disassembly operation places requiring ๐‘Ÿโ„Ž is no greater than |๐ฟ๐‘‡โ„ŽSplit|.

Lemma 8. Given an ๐‘๎…ž๐‘…, if ๐‘€0(๐‘0)=1 and ๐‘€0(๐‘)=0, for all ๐‘โˆˆ๐‘ƒ๐‘†โˆช๐‘ƒ๐ผโˆช๐‘ƒ๐น, then for every marking ๐‘€๐‘— such that ๐‘€0[โŸฉ๐‘€๐‘—,๐‘€๐‘—(โ€ข๐‘‡โ„ŽSplitโˆฉ๐‘ƒ๐‘†)โ‰ค|๐ฟ๐‘‡โ„ŽSplit|.

Proof. Let ๐‘๎…ž be initially marked as given above. Note that ๐‘๎…ž๐‘– is a strongly connected marked graph with every circuit containing the place ๐‘0 initially marked with exactly one token. For ๐‘ก๐‘—โˆˆ|๐ฟ๐‘‡โ„ŽSplit|, there exists a path, from ๐‘ก๐น to ๐‘ก๐‘—, say ๐œ๐‘—. Note that there exists a circuit passing through ๐‘ก๐‘—, say ๐›พ๐‘—, such that ๐œ๐‘— is a subpath of ๐›พ๐‘—. For any other ๐‘ก๐‘˜โˆˆ|๐ฟ๐‘‡โ„ŽSplit|, ๐‘ก๐‘— and ๐‘ก๐‘˜ are mutually unreachable except through paths including ๐‘0. As a result, ๐‘ก๐‘— and ๐‘ก๐‘˜ are not in a common circuit. This implies ๐ฟ๐‘‡โ„ŽSplit circuits passing through elements of ๐ฟ๐‘‡โ„ŽSplit. Further note that for ๐‘ก๐‘ขโˆˆ๐‘‡โ„ŽSplitโงต๐ฟ๐‘‡โ„ŽSplit, โˆƒ๐‘ก๐‘ฃโˆˆ๐ฟ๐‘‡โ„ŽSplit such that ๐‘ก๐‘ฃโˆˆฮ“(๐‘ก๐‘ข); this implies that ๐‘ก๐‘ข and ๐‘ก๐‘ฃ belong to a common circuit. Thus, the number of circuits in which resource ๐‘Ÿโ„Ž is used as a disassembly resource is precisely ๐ฟ๐‘‡โ„ŽSplit. By the fundamental property of marked graphs, ๐‘€๐‘—(โ€ข๐‘‡โ„ŽSplitโˆฉ๐‘ƒ๐‘†)โ‰ค|๐ฟ๐‘‡โ„ŽSplit|.

Note that |๐ฟ๐‘‡โ„ŽSplit| can be quickly and easily computed for each resource and will play an important role in developing an enumeration policy for ๐‘๎…ž๐‘…. Now consider the following lemma.

Lemma 9. Given an ๐‘๎…ž๐‘…, suppose ๐‘€0(๐‘0)=1, ๐‘€0(๐‘)=0, for all ๐‘โˆˆ๐‘ƒ๐‘†โˆช๐‘ƒ๐ผโˆช๐‘ƒ๐น, and that ๐‘€0[โŸฉ๐‘€๐‘˜. Define induced marking ๐‘€โˆ—๐‘˜ as follows: ๐‘€โˆ—๐‘˜=โŽงโŽชโŽจโŽชโŽฉ0โˆ€๐‘โˆˆโ€ข๐‘‡Splitโˆฉ๐‘ƒ๐‘†1๐‘0๐‘€๐‘˜(๐‘)otherwise.(3) If marking ๐‘€โˆ—๐‘˜ is free of deadly marked siphons, then ๐‘€๐‘˜ is free of deadly marked siphons.

Proof. We prove this result by contradiction. Let ๐‘ ๎…ž be a deadly marked siphon in ๐‘€๐‘˜. Then, there will exist another siphon ๐‘ โŠ†๐‘ ๎…ž which is deadly marked in ๐‘€๐‘˜ and minimal. The structure of ๐‘๎…ž๐‘… implies that the minimal siphons containing place ๐‘0 are the circuits of the marked graph, ๐‘๎…ž. This observation, when combined with the presumed structure for the initial marking ๐‘€0, implies that, for any marking ๐‘€๐‘˜โˆˆ๐‘…(๐‘๎…ž๐‘…,๐‘€0), ๐‘0โˆ‰๐‘ . But, the construction of ๐‘€โˆ—๐‘˜ implies that ๐‘  does not increase its token content, and, therefore, it constitutes a deadly marked siphon for ๐‘€โˆ—๐‘˜. The last conclusion contradicts the working assumption and concludes the proof.

The importance of the marking ๐‘€โˆ—๐‘˜ is that its corresponding subprocesses are each strictly SU-RAS for at least one step. That is, any token in ๐‘€โˆ—๐‘˜ is holding one unit of resource and requesting one unit of resource. When the requested unit is allocated, the held unit is released, and the token advances to its next place. The lemma guarantees that if there is no deadlock among the subprocesses of ๐‘€โˆ—๐‘˜ (assuming the reduced resource capacity levels of ๐‘€โˆ—๐‘˜), then there is no deadly marked siphon in ๐‘€๐‘˜. We will use this fact along with resource bounds to be computed from the results of Lemma 9 to develop a single step look-ahead enumeration policy for ๐‘๎…ž๐‘… that is polynomial in net size. The policy is as follows.

Enumeration Policy ฮฆ
Let ๐œŽ๐‘— be a firing sequence for ๐‘๎…ž๐‘… such that ๐‘€0[๐œŽ๐‘—โŸฉ๐‘€๐‘— and suppose ๐‘ก๐‘ข is enabled at ๐‘€๐‘— such that ๐‘€๐‘—[๐‘ก๐‘ขโŸฉ๐‘€๐‘˜. Admit the extension ๐œŽ๐‘—๐‘ก๐‘ข only if the marking ๐‘€โˆ—๐‘˜ is free of deadly marked siphons.
We note that detecting whether or not a marking has a deadly marked siphon is polynomial in the size of the net and is thus very fast. However, allowing markings only if they are free of deadly marked siphons does not guarantee policy correctness since we may admit markings from which deadly marked siphons are unavoidable. For our purposes, we will define policy correctness as follows.

Definition 10. An enumeration policy is โ€œcorrectโ€ if for any marking, ๐‘€๐‘—, admitted under the policy, there exists a sequence of transition firings, ๐œŽ๐‘—โ‰ ๐œ€, such that(1)๐‘€๐‘—[๐œŽ๐‘—โŸฉ๐‘€0,(2) for any prefix of ๐œŽ๐‘—, say ๐œ๐‘˜, where ๐‘€๐‘—[๐œ๐‘˜โŸฉ๐‘€๐‘˜, ๐‘€๐‘˜ is admitted under the policy.We, now, are in the position to prove the following.

Theorem 3. For ๐‘ก๐‘—โˆˆ๐‘‡โ„ŽSplit and โ„Ž=1,โ€ฆ,๐‘š, let ๐‘ˆโ„Ž๐‘—=๎“๐‘โˆˆ๐‘ก๐‘—โ€ข๐‘†โˆฉ๐‘ƒ๐‘ขโ„Ž(๐‘ˆ๐‘),โ„Žmax๎‚†๐‘ˆ=maxโ„Ž๐‘—โˆถ๐‘ก๐‘—โˆˆ๐‘‡โ„ŽSplit๎‚‡,๐ตโ„Ž=|||LTโ„ŽSplit|||+๐‘ˆโ„Žmax+2.(4) If for โ„Ž=1,โ€ฆ,๐‘š, ๐ถโ„Žโ‰ฅ๐ตโ„Ž, then ฮฆ is correct.

Proof. Suppose that a marking, ๐‘€๐‘˜, is accepted by ฮฆ. Then ๐‘€โˆ—๐‘˜ contains no deadly marked siphon and thus ๐‘€๐‘˜ contains no deadly marked siphon. Note that in ๐‘€โˆ—๐‘˜, the capacity of every resource is at least ๐‘ˆโ„Žmax+ 2, โ„Ž=1โ€ฆ๐‘š. Let ฮ  be the set of subprocesses in ๐‘€๐‘˜ where ฮ =ฮ ๐‘๐ทโˆชฮ ๐ท,ฮ ๐‘๐ทโˆฉฮ ๐ท=โˆ…. ฮ ๐ท is the set of subprocesses at disassembly operations, that is, tokens marking โ€ข๐‘‡Splitโˆฉ๐‘ƒ๐‘†, and ฮ ๐‘๐ท is the set of subprocesses not at disassembly.

Case 1. Suppose that ฮ ๐‘๐ทโ‰ โˆ… in ๐‘€๐‘˜. Since there is no deadly marked siphon in ๐‘€โˆ—๐‘˜, there is no subset of ฮ ๐‘๐ท deadlocked in ๐‘€โˆ—๐‘˜. Thus, โˆƒ๐œ‹๐‘ขโˆˆฮ ๐‘๐ท and enabled ๐‘ก๐‘ฃโˆ‰๐‘‡Split such that firing ๐‘ก๐‘ฃ allocates a unit of resource ๐‘Ÿโ„Ž to ๐œ‹๐‘ข and causes ๐œ‹๐‘ข to release a unit of resource ๐‘Ÿ๐‘.
Now suppose that ๐‘€๐‘˜[๐‘ก๐‘ฃโŸฉ๐‘€๐‘” and that ๐‘€๐‘” contains a deadly marked siphon. Thus, ๐‘€โˆ—๐‘” contains a deadly marked siphon, which implies a deadlock among processes of ฮ ๐‘๐ท in ๐‘€โˆ—๐‘”. Because of the resource bounds, each deadlocked subprocess of ๐‘€โˆ—๐‘” is blocked by at least two other deadlocked subprocesses of ๐‘€โˆ—๐‘”.
To summarize, we have the following: (1) ๐‘€โˆ—๐‘˜ has no deadlock among ฮ ๐‘๐ท, (2) ๐‘€โˆ—๐‘˜[๐‘ก๐‘ฃโŸฉ๐‘€โˆ—๐‘”, (3) ๐‘ก๐‘ฃ allocates a single unit of ๐‘Ÿโ„Ž to ๐œ‹๐‘ข and releases a single unit of ๐‘Ÿ๐‘, (4) ๐‘€โˆ—๐‘” has a deadlock among ฮ ๐‘๐ท, and (5) every deadlocked subprocess of ๐‘€โˆ—๐‘” is blocked by at least two other deadlocked subprocesses of ๐‘€โˆ—๐‘”.
It is clear that allocating ๐‘Ÿโ„Ž to ๐œ‹๐‘ข causes the deadlock, implying that ๐‘Ÿโ„Ž is a resource involved in the deadlock. Thus, in ๐‘€โˆ—๐‘”, at least two units of ๐‘Ÿโ„Ž are allocated to subprocesses in ฮ ๐‘๐ท, and in fact, there must be another subprocess ๐œ‹๐‘Žโˆˆฮ ๐‘๐ท requesting ๐‘Ÿโ„Ž at ๐‘ก๐‘Žโˆ‰๐‘‡Splitin both ๐‘€โˆ—๐‘˜ and ๐‘€โˆ—๐‘”. Allocating ๐‘Ÿโ„Ž to ๐œ‹๐‘Ž rather than ๐œ‹๐‘ข, that is, ๐‘€๐‘˜[๐‘ก๐‘ŽโŸฉ๐‘€๐‘ cannot result in deadlock among processes of ฮ ๐‘๐ท. Hence neither ๐‘€โˆ—๐‘ nor ๐‘€๐‘ contains a deadly marked siphon.

Case 2. Suppose that ฮ ๐‘๐ท=โˆ… and ฮ ๐ทโ‰ โˆ… in ๐‘€๐‘˜. There exist only subprocesses at disassembly operations. Thus, each resource has at least ๐‘ˆโ„Žmax+2 free units, โ„Ž=1โ€ฆ๐‘š. Sufficient resources are available to fire any transition of ๐‘‡Split. Suppose ๐‘กโˆˆ๐‘‡Split is enabled in ๐‘€๐‘˜ and that ๐‘€๐‘˜[๐‘กโŸฉ๐‘€๐‘”.๐‘€โˆ—๐‘” contains no deadly marked siphon. To see this, note that if ๐‘€๐‘” has ฮ ๐‘๐ท=โˆ…, then each resource continues to exhibit at least ๐‘ˆโ„Žmax+ 2 free units, โ„Ž=1โ€ฆ๐‘š. If ๐‘€๐‘” has ฮ ๐‘๐ทโ‰ โˆ…, then each resource, ๐‘Ÿโ„Ž, โ„Ž=1โ€ฆ๐‘š, has at least 2 units of free capacity.

Thus, Enumeration Policy ฮฆ guarantees resource-enabled sequences of transition firings that complete the disassembly process, ๐‘๎…ž๐‘…. We are now ready to present Algorithm 3. It starts with ๐‘๎…ž๐‘… in the initial marking and generates a firing sequence that completes the disassembly by using single step look-ahead for deadly marked siphons. The most computationally intensive step is the siphon check, which can be done in polynomial time, no worse than ๐‘‚(|๐‘ƒ๐‘†|+|๐‘‡๐‘†|). By Theorem 3, the loop will require no more than |๐‘‡๐‘†| iterations, since every iteration will identify an admissible transition, and thus the algorithm is ๐‘‚(|๐‘‡๐‘†|2). By returning the reversed sequence, we get the resource enabled assembly sequence for the assembly net, ๐‘๐‘…. We note that the termination request computations of Algorithm 1 can easily be implemented in Algorithm 3.

Input: ( ๐‘ ๎…ž ๐‘… , ๐‘€ 0 )
Output: ๐œŽ ๐‘— โ‰  ๐œ€ such that ๐‘€ 0 [ ๐œŽ ๐‘— โŸฉ ๐‘€ 0
Set ๐œŽ ๐‘— = ๐‘ก ๐น , and fire ๐‘ก ๐น
Set ๐‘€ ๐‘— = ๐‘€ 0 [ ๐‘ก ๐น โŸฉ
โ€ƒFind ๐‘ก โˆˆ ๐ธ ๐‘ก ( ๐‘€ ๐‘— ) s t ๐‘€ ๐‘— [ ๐‘ก โŸฉ ๐‘€ ๐‘˜ , ๐‘€ โˆ— ๐‘˜ contains no deadly marked
โ€ƒโ€ƒ ๐œŽ ๐‘— = ๐œŽ ๐‘— ๐‘ก
โ€ƒโ€ƒIf ๐‘€ ๐‘˜ = ๐‘€ 0 , return reverse ( ๐œŽ j )
โ€ƒโ€ƒElse ๐‘€ ๐‘— = ๐‘€ ๐‘˜
End Loop

As an aside, we note that the converse of Lemma 9 is not true; that is, a deadly marked siphon in ๐‘€โˆ—๐‘˜ does not imply a deadly marked siphon in ๐‘€๐‘˜. In fact, it is easy to illustrate markings which are โ€œsafeโ€ in the sense that the firing sequence can be extended to reach ๐‘€0 but for which the induced marking exhibits a deadly marked siphon and is rejected. Thus, the Enumeration Policy ฮฆ is suboptimal in the sense that it rejects some transition firings that lead to โ€œsafeโ€ markings. Further, even when the capacity bounds of Theorem 3 are in place, ๐‘๎…ž๐‘… can exhibit markings with no deadly marked siphon but from which every sequence of transition firings leads to a marking with a deadly marked siphon. Thus, a policy that does single step look-ahead on the unaltered markings of ๐‘๎…ž๐‘… is not correct. Finally, we note that since Theorem 3 applies to disassembly systems, when the specified bounds are in place, quasi-liveness is guaranteed and sequence enumeration is polynomial for the class of disassembly nets G-AMGDSU.

5. Conclusion

In this paper, we developed models and algorithms for a class of Petri nets that support resource allocation in systems with synchronization and splitting operations. Our focus was on establishing quasi-liveness and enumerating process completing sequences. This is challenging since, for this class of systems, the quasi-liveness problem is NP-complete. Our tenet is that once quasi-liveness is established and a process completing sequence is generated, previously published liveness enforcing supervisors can be used to control the operation of these systems. For the general case, we proposed a breadth-first search algorithm that generates the reachability tree and computes minimal termination requests for each marking. We discussed the complexity of this approach as well as the need for selecting a smaller set of sequences for use in supervision. We then developed two special subclasses that for systems with assembly only, and for each class established that polynomial sequence enumeration is possible if the resource capacities meet certain bounds. The first subclass was assembly with conjunctive resource allocation. For this class, we developed a net reduction algorithm that reduces the net to a minimal form and, in so doing, computes a resource sufficiency bound for โ€œserializedโ€ firing sequences. The second special case was that of assembly with single unit resource allocation. For this class, we developed resource bounds and an enumeration policy that guarantees a process completing sequence in polynomial time. In current and future work, we are addressing liveness enforcing supervision for assembly/disassembly systems with unreliable resources, particularly those subject to degradation.


Definition A.11. A G-AMG is a Petri net, ๐‘=(๐‘ƒ,๐‘‡,๐‘Š,๐‘€0) such that(1)๐‘ƒ=๐‘ƒ๐‘†โˆช๐‘ƒ๐ผโˆช๐‘ƒ๐นโˆช๐‘ƒ0โˆช๐‘ƒ๐‘…, where๐‘ƒ๐‘†โˆฉ๐‘ƒ๐ผโˆฉ๐‘ƒ๐นโˆฉ๐‘ƒ0โˆฉ๐‘ƒ๐‘…=โˆ…;(2)๐‘‡=๐‘‡๐‘†โˆช๐‘‡๐ผโˆช๐‘‡๐น, where ๐‘‡๐‘†โˆฉ๐‘‡๐ผโˆฉ๐‘‡๐น=โˆ…;(3)๐‘Šโˆถ(๐‘ƒร—๐‘‡)โˆช(๐‘‡ร—๐‘ƒ)๐‘+โ†’ satisfies the following:(a)(๐‘ƒร—๐‘‡)โˆช(๐‘‡ร—๐‘ƒ)โ†’{0,1} such that ({๐‘0}ร—(๐‘‡๐‘†โˆช{๐‘ก๐ผ,๐‘ก๐น})) โ†’ {1} for (๐‘0,๐‘ก๐ผ), and