#### Abstract

The loss of conflicting information in a Petri net (PN), usually called confusions, leads to incomplete and faulty system behavior. Confusions, as an unfortunate phenomenon in discrete event systems modeled with Petri nets, are caused by the frequent interlacement of conflicting and concurrent transitions. In this paper, confusions are defined and investigated in bounded generalized PNs. A reasonable control strategy for conflicts and confusions in a PN is formulated by proposing elementary conflict resolution sequences (ECRSs) and a class of local synchronized Petri nets (LSPNs). Two control algorithms are reported to control the appeared confusions by generating a series of external events. Finally, an example of confusion analysis and control in an automated manufacturing system is presented.

#### 1. Introduction

Fault detection and avoidance through external control are important problems in discrete event systems [1–5]. A fault with the loss of conflicting information in a system should be avoided and controlled, which may lead to incomplete decision-making processes and confused implementation. The features of a fault are called confusions that occur frequently in a system with shared resources when the system is modeled by Petri nets. Petri nets (PNs) are an effective tool to model and analyze discrete event systems. Conflicts in a PN are tied to the competition for limited resources between two or more events, which usually is considered as the information interfaces between the DESs and the human decisions, for example, a switch controlled by humans or a static conflict resolution policy designed by humans [6, 7]. However, not all conflicts can be used for decision-making since frequent interlacements of concurrent and conflicting transitions may lead to the information loss of conflicts. In other words, confusions generate difficulties for resolution of conflicts. It is awkward to determine whether there are conflicts with integrated decision-making information from the reachability graph of a net if it contains confusions.

We illustrate the significance of this study on confusions by an example shown in Figure 1. The function of a system is concerned with “Recovery” and “Update.” In Figure 1(a), a confusion arises from the interlacement between two concurrent events “Fault alarm” and “Update” and two conflicting events “Recovery” and “Update.” It leads to the fact that “Recovery” cannot fire although it is expected to fire when “Fault alarm” is enabled, which is caused by the concurrent behavior between “Fault alarm” and “Update.” If the behavior is always sequentially involved, that is, “Update,” “Fault alarm,” the conflict between “Update” and “Recovery” may never happen and the “Recovery” is missing. Furthermore, the information of the conflict containing “Recovery” is missing. Figure 1(b) illustrates another confusion in the system. The interlacement between the two concurrent events “Update” and “Ignore” and two conflicting events “Update” and “Recovery” also leads to the loss of “Recovery” since “Recovery” cannot fire when the system concurrently fires “Ignore” and “Update.” Obviously, a system with confusions can cause ambiguous behavior and difficulties in system analysis. Solving the problem of confusion diagnosis means that each detected confusion should be controlled by a reasonable strategy. Hence, this study focuses on detection and control of confusions in PNs.

**(a)**

**(b)**

Confusion problems in PNs are first investigated in [8, 9]. Several PN applications in a number of areas such as workflow nets (WF-nets) [10–13], unfolding nets [14, 15], safe marked ordinary nets [16–19], generalized (unsafe) nets [17], and generalized stochastic Petri nets (GSPNs) [20, 21] involve confusions. In this section, a brief survey of the existing studies on confusions is presented.

van der Aalst et al. take into account the existence of confusions in WF-nets and show the defects of WF-nets with confusions [10–12]. First, the existence of confusions in a WF-net leads to a nondeterministic workflow process such that its correctness cannot be ensured. A WF-net is said to be correct if it satisfies the two properties “soundness” and being “well-structured,” which is reported by van der Aalst [12]. Every reachable marking of a WF-net can terminate properly if it is sound. A WF-net that is well-structured has a number of nice properties. For example, the soundness of a WF-net can be verified in polynomial time and a sound well-structured WF-net is safe. However, the correctness depends on the existence of confusions in a WF-net. If an acyclic WF-net (no directed cycle in the structure of a WF-net) contains a confusion, it is certainly not sound and well-structured. If a WF-net with cycles contains a confusion, it may not be sound and well-structured. Hence, we cannot determine the correctness of a WF-net if it contains confusions.

The study on occurrence nets lies in that the behavior of PNs can be interpreted by branching unfolding semantics [15]. In PNs, the behavior such as sequences, concurrency, conflicts, trails, choices, and alternatives can be described and analyzed by decomposing an occurrence net into substructures given by the node relations associated with the behavior. However, confusions cannot be described by the existing branching semantics. Hence, Smith and Haar consider the independence of events in occurrence nets and the indirect influences among concurrent events in [14, 15]. Furthermore, interference structural conflict clusters are developed in [15] in order to describe confusions, which belong to a kind of the substructures of occurrence nets. In the work of Smith and Haar, confusion detection and control problems are not considered.

The work of Bolton [16, 17] involves the detection of confusions in both safe and unsafe nets. Truly concurrent semantics and interleaving semantics for concurrent systems are discussed, which are useful to formalize and illustrate confusions. The main difference between the two kinds of semantics is that the synchronized firing of transitions and the nondeterministic choice among the possible orders of their firing can be distinguished by using truly concurrent semantics and not the interleaving semantics.

For example, if two transitions and are in a PN concurrently fire, three transition firing sequences are possible, which are denoted by , , and , respectively. The physical interpretation of in a real system is that the two events (represented by transitions and ) fire simultaneously. In this case, the firing of and is said to be synchronized. On the other hand, firing transition sequences and means that and fire sequentially. In [17], the definition of confusions in safe PNs is extended to unsafe generalized PNs, which depends on the inclusion relations of transition sets of conflicts at two markings. However, confusions in generalized PNs cannot be completely described by the definition in [17] since the transition sets of conflicts may remain unchanged although a confusion occurs in a generalized PN.

The approaches for confusion detection in [17] are based on trace theory. Furthermore, Communicating Sequential Process (CSP) model-checker is used to detect confusions. The WF-net of a business procedure is constructed to depict the logical relations among business tasks and to detect potential faults in the procedure. Confusions may occur when the implementation of the WF-net contains the operations of both conflict and concurrency. If a WF-net contains a confusion, its procedure may not be completed or the procedure performing a desired work cannot be constructed. In [13], confusion detection algorithms based on the integer linear programming (ILP) are reported. ILP methods are available owing to the Wf-net features represented in [12]. This work also obtains a conclusion; that is, if an acyclic WF-system contains a confusion, it is certainly not well-structured.

ILP methods presented in [13] nether work in safe marked ordinary nets since WF-nets are a subclass of safe marked ordinary nets. In [18], a confusion detection method is developed to capture confusion subnets in a safe marked ordinary net. Furthermore, a PN system must avoid any improper firing order of concurrent transitions by a control method such that the system can be immune to detect confusions. Two confusion online control algorithms are proposed to generate a set of control policies, which can completely avoid the occurrences of confusions [18].

Confusion avoidance in a safe marked ordinary net can be considered as a problem to forbid the firing of transitions according to a control specification. The work [19] extends generalized mutual exclusion constraints (GMECs) [22, 23] and proposes a class of constraints with respect to places and enabling degrees ( constraints). constraints can be used to design confusion avoidance supervisors by a linear algebra method. However, constraints are unavailable in generalized PNs.

Confusions in GSPNs are discussed in [20, 21]. The marking graph of a GSPN is not a stochastic process if the GSPN contains confusions, which implies that continuous-time Markov chains (CTMCs) cannot be used to analyze confused GSPNs. Generally, a classical analytical approach for GSPNs is to assume that the subnets of immediate transitions are confusion-free in order that the analysis can proceed. However, the assumption does not intrinsically solve the problem of confusions since they really exist in GSPNs.

In the literature, confusion analysis in generalized PNs is considered in [17] only. Conflict-increasing and conflict-decreasing confusions are defined in unsafe PNs, which are classified according to the change of transition sets of conflicts. However, the definition of confusions in [17] is incomplete and cannot describe all confusions in generalized PNs. On the other hand, the confusion detection method in [18] is also available in generalized PNs owing to the same confusion structures in a safe or a generalized PN. However, the confusion control policies presented in [18] cannot be appropriately enforced since conflict resolution in a generalized PN is related to transition enabling degrees that is not appearing in safe marked ordinary PNs.

This study extends the work on confusions in [17, 18] by introducing the concept of information content of conflicts. The behavior of a confusion can be clearly observed by comparing the proposed information content of its conflicts in the confusion subnet.

Confusions should be prevented by a control method after captured confusions in a PN. This paper proposes a confusion control strategy in generalized PNs, which is based on external event control in synchronized PNs (synchronized PNs are proposed in [24] and developed in [25–27]) and based on the proposed elementary conflict resolution sequences (ECRSs). A class of synchronized PNs with the control information that is called allowable enabling degrees is introduced, in which external events are featured with desired enabling degrees of transitions and can perform a variety of dependency relations of their execution times. Any external event can be converted into a feedback control structure taking the form of PNs. The control policy refers to a group of static rules imposing restrictions on the enabling degrees and priorities of concurrent transitions in confusions. The control methods in this paper are considered for pure and bounded PNs only.

This paper is organized as follows. Section 2 introduces PNs, conflicts, concurrency, information content, and confusions in generalized PNs. Section 3 deals with the control problems of confusions. A class of synchronized PNs with allowable enabling degrees and ECRSs is proposed. Conclusions and future work are presented in Section 4.

#### 2. Basics of PNs and Confusions

Section 2.1 provides the basics of Petri nets involved in the paper. More details can be found in [28]. Section 2.2 introduces conflicts [2] and formalizes concurrency and confusions in generalized PNs.

##### 2.1. Basics of PNs

*Definition 1. *A generalized PN is a four-tuple , where and are finite, nonempty, and disjoint sets. is the set of places and is the set of transitions. is called a flow relation of the net, represented by arcs with arrows from places to transitions or from transitions to places. is a mapping that assigns a weight to an arc: if , and otherwise, where and is a set of nonnegative integers. A net is self-loop-free (pure) if , .

The structure of a self-loop-free PN can be represented by its incidence matrix , that is, a integer matrix with . can be divided into two parts and according to the token flow by defining , where with and with are called input and output matrices, respectively.

*Definition 2. *A marking of is a mapping from to . denotes the number of tokens contained in place . is marked at marking if . is called a net system or marked net and is called an initial marking of .

Multisets or formal sum notations are usually used to denote markings and vectors. As a result, a marking can be denoted by . For example, a marking that has five tokens in place and three tokens in place in a net with four places , , , and is denoted by instead of .

*Definition 3. *Let be a node in a net . The preset of is defined as , while the postset of is defined as . Let be a set of nodes with . We have , and .

*Definition 4. *A transition is enabled at marking if, , , which is denoted as . If is enabled, it can fire. Its firing yields another marking such that, , , which is denoted by . Marking is said to be reachable from if there exists a transition sequence and markings , and such that . This is denoted by . The set of markings reachable from in defines the reachability set of , denoted as . A transition is live at if, , , holds.

Let be a net and let be a finite sequence of transitions. The Parikh vector of is : which maps in to the number of occurrences of in . Let be a transition sequence of a net () with . Its Parikh vector is .

*Definition 5. *A generalized PN is bounded if , , , , where .

A net which is bounded implies that its reachability set has a finite number of elements. This paper deals with pure and bounded PNs.

##### 2.2. Basic Definitions of Conflicts, Concurrency, and Confusions

*Definition 6. *A structural conflict in a net is a pair , where is called the structural conflicting place and is the set of output transitions of with . The elements in are called structural conflicting transitions.

*Definition 7. *An effective conflict in a marked net , denoted by , is associated with a structural conflict and a marking such that, , is true, and , where is the set of enabled transitions in at marking with .

Figures 2(a) and 2(b) show a structural conflict and an effective conflict that is associated with the structural conflict , respectively. Their transition sets can be represented as and .

**(a)**

**(b)**

*Definition 8. *The enabling degree of a transition in a pure net at a reachable marking , denoted by , is an integer such that A transition is said to be -enabled, denoted by , if has enabling degree . Note that if is 0-enabled, it means that is disabled.

The enabling degree of a transition at marking can be considered as the possible maximal number of the firing times of the transition at marking . Let be a reachable marking of a PN and denote the vector of enabling degrees of all transitions at . For example, let , , and be the transitions in a PN () with . If they are 2-, 0-, and 3-enabled at the initial marking , respectively, we have .

*Definition 9. *A general conflict in a marked net , denoted by , is associated with a structural conflict and a marking such that, , is true, and , where is the set of enabled transitions in at marking with and is the enabling degree of transition at marking .

Figure 3 illustrates a general conflict that is associated with the structural conflict at marking . According to Definition 8, we have , , and . In other words, transitions , , and are 2-, 3-, and 3-enabled, respectively. Hence, we haveThe number of tokens in does not suffice to fire all the output transitions of according to their enabling degrees. An effective conflict in is also a general conflict according to Definitions 7 and 9. However the reverse is not true. For example, the general conflict shown in Figure 3 is not effective sinceIn this paper, general conflicts are considered in confusions.

Let be a transition set in a net system () and let be a reachable marking. Notation is used to denote the number of enabled transitions in at marking . A transition sequence is said to be a resolution sequence of the general conflict at marking if each transition in becomes disabled after firing the sequence , that is, , where the marking is called the output marking of by firing .

A structural conflict in a net system can produce multiple general conflicts owing to different reachable markings. For a structural conflict , the information content of the general conflict , denoted by , associated with at marking is defined as follows:whereand, , is the enabling degree of transition at marking .

The general conflicts associated with a structural conflict can be compared by their information content at markings, which reflects the number of resolution sequences for the general conflicts. Note that can lead to zero information content; that is, , which implies that at marking does not produce any general conflict. A general conflict associated with the structural conflict in a PN () is said to have integrated decision-making information if there does not exist another general conflict associated with in () such that .

Let denote a transition sequence in which the transition consecutively fires times and denotes a synchronized transition sequence in which transitions , and fire synchronously; that is, the transitions fire simultaneously. Figures 4(a) and 4(b) show two general conflicts and with the same structure at markings and , respectively. For the former, that is, , we haveFurthermore, four feasible resolution sequences , , , and can be observed. Similarly, for the latter, that is, , we haveThe implies that the general conflict has more resolution sequences than , which are , , , , , , , , and . Suppose that and are only two general conflicts associated with in a PN. Then, the general conflict has integrated decision-making information since .

**(a)**

**(b)**

General conflicts provide information for decision-making in generalized PNs. Confusions can cause the information loss. The proposed control strategy of confusions is based on general conflicts and the control objective is to ensure the integrity of decision-making information of the general conflicts.

*Definition 10. *(1) Transitions and are said to be concurrent at marking in a marked net () if , , and .

(2) Let be a transition set. It is called a set of concurrent transitions at marking if, , , transitions and are concurrent at marking .

(3) The concurrent degree of a set of concurrent transitions, denoted by , is defined as .

(4) Let be a set of concurrent transitions in a marked net () with . It is said to be -max-concurrent in () if there does not exist a set of concurrent transitions with in () such that . A transition in is said to be -max-concurrent if is -max-concurrent in ().

(5) Let be the set of concurrent transition sets in (). In other words, , is a set of concurrent transitions in (). is said to be -max-concurrent if , is -max-concurrent in ().

The net shown in Figure 5 contains totally seven sets of concurrent transitions at marking ; that is, , , , , , , and . According to Definition 10, and with are 3-max-concurrent since there does not exist a set of concurrent transitions from to , whose cardinality is greater than three. Let and be two sets of concurrent transition sets. Then is 3-max-concurrent and is not 3-max-concurrent since there exist two sets and , whose concurrent degrees are less than three.

It is denoted by that a transition consecutively fires times at marking , where and is the reachable marking from by firing .

Let be a subset of concurrent transitions in net at marking . Let be the reachable marking from by firing all transitions in according to their enabling degrees. The fact is denoted by . Note that the firing orders of the transitions in are nondeterministic since is a subset of concurrent transitions. For example, if and two transitions and are 1- and 2-enabled, respectively, at marking fire, their possible firing sequences, according to enabling degrees, are , , , and , where are sequential firing sequences; that is, transitions fire consecutively, and is a synchronized firing sequence; that is, transitions fire simultaneously. Correspondingly, implies , , , and , where is the reachable marking from by firing any of the four possible firing sequences of concurrent transitions in .

A subnet (structure) of a PN is a four-tuple , where , , , and, , . Let and be positive integers with . Given a marked net with place set and its subnet with place set , we denote by the projection of a marking on .

is called the submarking of in , which is denoted by . It is said to be valid if , . It is invalid if, , . Figure 6(a) represents a net system with four places and four transitions at marking . A subnet of with two places and and two transitions and is shown in Figure 6(b) at the valid submarking .

**(a)**

**(b)**

For at another marking with , the submarking for is obtained, which is invalid since any element in is zero.

*Definition 11. *A confusion, denoted by , is a marked subnet in a net system such that(1)there exists a structural conflict with and ;(2)there exists a nonempty set that is composed of all 2-max-concurrent transition sets at the submarking in ;(3), and such that and , where and are information content of general conflicts associated with at submarkings and , respectively;(4)there exist two reachable markings and in such that and are valid.A confusion is said to be a conflict-increasing confusion (CIC), denoted as , if . It is said to be a conflict-decreasing confusion (CDC), denoted as , if .

Definition 11 defines confusions as a class of marked subnets in a net system and classifies them into CICs and CDCs. Condition (1) in Definition 11 imposes a requirement on marked subnets. If a marked subnet is a confusion, it necessarily contains a structural conflict. Condition (2) in Definition 11 limits the size of a marked subnet by restricting that all sets of concurrent transitions in are 2-max-concurrent at submarking . The concurrent degree in this condition means that there does not exist a set of concurrent transitions, which contains more than two transitions.

Condition (3) in Definition 11 gives the behavior characteristics of confusions. For any set of max-concurrent transitions in a confusion, the change of information content of general conflicts is caused by the firing of a transition that is not a structural conflicting transition. Condition (4) in Definition 11 ensures that the behavior described in condition (3) can actually occur in the original net system. If condition (4) is not satisfied, confusions cannot occur in the original net system although it may contain the structures of confusions. Confusions are classified into CICs and CDCs according to the change of information content in Definition 11.

*Example 1. *Figure 7(a) shows a CIC , where is derived from the existing structural conflict in , is an initial submarking, is the set of 2-max-concurrent transitions sets, and .

Figure 7(b) shows the partial reachability graph of the CIC, which is generated by concurrently firing transitions and only. In Figure 7(b), any submarking is considered with the information content of the general conflict . The confusion is conflict-increasing since transition can fire twice or four times, which can produce an increment of the information content. We cannot determine whether the general conflicts associated with occur from the initial submarking to the submarking according to the concurrent firing of transitions and .

As depicted in Figure 7(b), three general conflicts occur at submarkings , , and due to , , and , respectively. However, the other submarkings in Figure 7(b) do not produce any general conflict. On the other hand, the general conflict at is expected to occur since it has the maximal information content in Figure 7(b). The submarking can be reached by only one path, that is, , which implies that the transition sequence fires. However, transitions and in Figure 7(a) are concurrent, which implies that the firing orders of and are nondeterministic. The nondeterminism causes that the transition sequence is not guaranteed to be fired. In this case, we can say that the information loss of the general conflict occurs if a transition sequence fires, which does not pass through the submarking .

**(a)**

**(b)**

*Example 2. *Figure 8(a) shows a CIC , where , , , , and . According to condition (3) in Definition 11, both sets and of 2-max-concurrent transitions need to be considered. If transitions and in concurrently fire, the partial reachability graph shown in Figure 8(b) is obtained. By observing the reachability graph, the general conflict at submarking has the maximal information content . The information loss of the general conflict occurs if the transition sequence or fires.

The partial reachability graph shown in Figure 8(c) is obtained by analyzing the concurrent firing of transitions and in . The same general conflict with the maximal information content is obtained in Figure 8(c). There exists only one path in Figure 8(c), which reaches the submarking . However, more paths exist in Figure 8(c) than Figure 8(b) from the initial submarking to the submarking such that the information loss of the general conflict occurs. In other words, does not occur if a path in Figure 8(c) does not pass through the submarking from to .

**(a)**

**(b)**

**(c)**

*Example 3. *Figure 9(a) shows a CDC that consists of two structural conflicts and . Only one structural conflict in the confusion is considered due to symmetry. In this example, the structural conflict is focused; that is, the CDC is analyzed. From Figure 9(a), we have , , , and .

Figure 9(b) depicts the partial reachability graph of the CDC, which can be obtained by concurrently firing transitions and . The maximal information content of general conflicts associated with the structural conflict can be found at the initial submarking ; that is, . Hence, the decisions on conflicting transitions and should be made for the general conflict . However, a transition can concurrently fire such that the information content is reduced from to . Consequently, the information loss of occurs.

On the other hand, firing also reduces the information content, which is not concerned with the information loss since is a structural conflict transition for decisions. The submarking with is reached after firing at , which is also prone to the information loss of the general conflict by firing .

**(a)**

**(b)**

*Example 4. *Figure 10(a) depicts a CDC with two structural conflicts and . Similarly, we consider in the confusion only, where , , , , and . In this case, the partial reachability graph shown in Figure 10(b) (resp., Figure 10(c)) is obtained by concurrently firing two transitions and (resp., and ). The confusion is prone to the information loss of the general conflict since firing transition reduces the information content from to and does not have a structural conflict transition in .

**(a)**

**(b)**

**(c)**

Confusion control in a generalized PN means that a reasonable strategy should be constructed to ensure the appearance of the general conflicts with maximal information content and if an output marking of a general conflict is preassigned, the control policy can guarantee the marking to be reachable.

#### 3. Control of Conflicts and Confusions Using Synchronized PNs

Confusions may occur in a PN since a class of special structures in the PN is closely related to the appearances of confusions and the improper firing orders of concurrent transitions exist in its subnets at some markings. The information content of general conflicts becomes nondeterministic if a confusion occurs. A PN system must avoid any improper firing order of concurrent transitions such that the system can be immune to the information loss of general conflicts.

Seeking a control mechanism carried out off-line to prevent the appearance of confusions is expected. In this section, we achieve this purpose by using synchronized PNs. Synchronized PNs are established to reinforce the firing conditions of each transition by introducing a reasonable external event. In PNs, a transition can fire if it is enabled. However, when it will be fired is unknown. In contrast, in a synchronized PN, a transition fires if it is enabled and the associated external event is satisfied.

External events usually have practical meanings. For example, a synchronized PN in which external events are associated with time or probability is called a -timed PN or a stochastic PN, which is introduced by Ramchandani [29], and Florin and Natkin [30], respectively. The synchronized firing of transitions is allowed in a synchronized PN with external events. In other words, two enabled transitions can fire simultaneously by the control of their external events.

In this section, a transition firing mechanism is developed, which applies external events to each transition with control information that is called allowable enabling degrees. They are featured with desired enabling degrees of transitions and can perform a variety of external event dependency relations by assigning their dependency orders. The dependency relations of two external events can be described as the fact that the execution times of an external event depend on that of another external event. Then, an approach to confusion control is proposed, which refers to a group of static rules imposing restrictions on the enabling degrees and the dependency relations of external events controlling concurrent transitions in confusions. A major advantage is that any assigned external event can be converted into a feedback structure taking the form of PNs such that confusions can be controlled in system design stages.

Let be a nonnegative integer. It is said to be an allowable enabling degree of a transition if is -enabled and .

*Definition 12. *A synchronized PN with allowable enabling degrees is a three-tuple , where is a PN, , is the allowable enabling degree of , with being a set of external events, and is a function from the transition set of to . () is called a synchronized net system, where is an initial marking.

In a synchronized net system , if a transition is controlled by an external event with and is enabled at , it does not become fireable unless the enabling degree of is greater than or equal to the assigned allowable enabling degree . If obtains a proper enabling degree at , then it can immediately fire times.

A given external event can control more than one transition such that they can synchronously fire according to their allowable enabling degrees. Let and be two transitions in a synchronized PN with . Suppose that and are controlled by an external event that can impose different allowable enabling degrees and to and , respectively. Transitions and are said to be synchronized with if two functions and exist. If and are assigned and and are 2- and 4-enabled at marking , respectively, they can synchronously fire twice and thrice, respectively. Consequently, the transition sequence fires.

Let and be two external events in with . The fact that the execution times of rely on that of is denoted by . In this case, we can say that the external events and satisfy the dependency relation . For instance, let transitions and be controlled by an external event with the functions and and let transition be controlled by another external event with the function , implying that , , and . Let , , and be their enabling degrees at marking , respectively. Then, they are fireable since, , is true. Suppose that the external events satisfy the dependency relation . Then, the transition sequence can fire times if the sequence had fired times, where .

Let be a synchronized net with external events, where . The transition set of can be partitioned into subsets , , , and according to the control of the external events. In other words, an external event controls all the transitions in the subset , where . at a marking satisfies the following transition firing rules:(1)Event dependency relations are not given for external events: a transition is fireable and immediately fires times at the marking if, , and are true.(2)Event dependency relations are given for external events; for example, : a transition is fireable and immediately fires times at the marking if, , and are true and , such that and, , fires times at the marking .In the rules, is the enabling degree of the transition at marking , is the allowable enabling degree of the transition controlled by external events, and is an integer. Any synchronized transition (a transition controlled by an external event) in synchronized PNs is presumed as an immediate transition [26]. The transition firing rules are illustrated in Examples 5 and 6, respectively.

Figures 11(a) and 11(b) show a PN () and its reachability graph with 10 markings, respectively. Two synchronized PNs () and () with are illustrated in Figures 11(c) and 11(e), respectively. Their evolutions are depicted as reachability graphs and shown in Figures 11(d) and 11(f), respectively. The restrictions generated by the control of external events can be observed by comparing their reachability graphs. As shown in the examples, a node in the reachability graph of a synchronized PN contains the following information:(1)The marking .(2)The vector of enabling degrees at marking .(3)A list of allowable enabling degrees for transitions, which is shown on the right side of in a reachability graph.The weight on an arc is denoted by the form that illustrates the marking change due to the firing of transition sequence by the control of external event .

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

*Example 5. *Figure 11(c) shows a synchronized PN () that has the same structure and the initial marking of (), where and are synchronized with and both and are controlled by with the allowable enabling degrees . They can synchronously fire if and are satisfied at a reachable marking . Otherwise they cannot fire. Transition is controlled by event with . Figure 11(d) depicts the reachability graph of (), where the initial marking . At this marking, the vector of enabling degrees of , , and is .

According to , we have , , and . The synchronized transitions and can fire. The marking can be obtained from the initial marking by firing the transition sequence . Then, the vector of enabling degree is updated to at . When marking and vector are considered, we have , , and . However, transition is not allowed to fire owing to the control of the external event . It can fire if its synchronized transition is also fireable. On the other hand, transition is not synchronized with other transitions. Hence, it can fire. After the transition sequence fires, marking and vector are obtained. The transition sequence can immediately fire since the allowable enabling degrees of and are satisfied at marking . Finally, the state returns to the initial marking .

*Example 6. *Figure 11(e) depicts a synchronized net system (), where transitions , , and are controlled by , , and with , respectively. If the dependency relations are set for the external events and with , the reachability graph shown in Figure 11(f) is obtained. By considering the initial marking , we obtain the vector . The three transitions , , and are fireable since their allowable enabling degrees are satisfied. In this case, and can fire if has fired, which is ensured by the assigned event dependency relation. Hence, and cannot fire at until fires once. Marking is reached by firing from the initial marking . Then, the transition sequence fires once and the state returns to the initial marking .

The control of external events generates restrictions on the reachability set of ; that is, . On the other hand, the set of feasible transition firing sequences of is also included in that of [26].

To illustrate the feasibility of the control of external events in synchronized PNs, we provide formal definitions and illustrations by converting the control into feedback control structures taking the form of PNs.

Let be the set of the transitions controlled by an external event with in a synchronized PN and, , let be the allowable enabling degree of the transition . The feedback control structure of can be constructed according to the following steps:(1)Let and be transitions and let , , and be places. Define , , and, , .(2)Transition performs reading operation that can read the token information of the preset places of the controlled transitions according to their allowable enabling degrees. If the tokens in the preset places satisfy the firing rules of the controlled transitions according to their allowable enabling degrees, the transition fires and outputs a token to the place . The construction of this step can be formally defined as follows: define the arc with . , , define arcs , , and , where , , and .(3)Then, transition restores the tokens in the preset places of the controlled transitions and outputs control tokens to the places such that the tokens in them can control the firing of the controlled transitions. The construction of this step can be formally defined as follows: define the arc with . , , define arcs , , and with , , and .

The constructed feedback control structures of external events are illustrated with examples. First, in a synchronized net system, an external event can perform control on the allowable enabling degree of a transition. For example, transition in Figure 12(a) is considered, which has two input places and . An external event with () is designated to control and the allowable enabling degree is used to control that the transition cannot fire unless its enabling degree is greater than or equal to two. The feedback structure shown in Figure 12(b) achieves the control purposes.

In Figure 12(b), two tokens in place imply . Transition performs reading operations for the enabling degree of at a marking. If the enabling degree of is greater than or equal to two, transition fires. Then, transition outputs control tokens such that fires twice.

Second, synchronized firing of transitions can be performed by external events. Transitions and shown in Figure 12(c) are controlled by an external event with () and (). If both enabling degrees of and satisfy their allowable enabling degrees, they become fireable and fire; otherwise none of them is allowed to fire.

Figure 12(d) depicts the feedback control structure that achieves the same control purposes of for transitions and . Both enabling degrees of and are detected by transition . Furthermore, transition outputs control tokens for the two transitions simultaneously after fires.

Suppose that and in Figure 12(c) have common preset places. For example, the two places and in Figure 12(c) are merged into the place shown in Figure 12(e). The PN construction of Figure 12(e) can be obtained by merging , , and their arcs in Figure 12(d), which is shown in Figure 12(f).

Let and be subsets of the transition set in a synchronized PN with and let and be two external events, where the transitions in (resp., ) are controlled by the event (resp., ). If and satisfy the event dependency relation . The corresponding feedback control structure can be constructed according to the following steps:(1)Let and be two transitions, and let be three places, where, , .(2)Transition fires if the control of the external event is executed. The execution times of are stored into the place by firing . The tokens in control the execution times of another external event such that the execution times of rely on . The construction of this step is formally defined as follows: define arcs , , , , , and , where , , , , , and . , define the arcs and , where .

As shown in Figure 12(g), the execution times of the event rely on that of ; that is, . By considering Figure 12(h), the dependency relation can be achieved by adding two transitions and , three places , and their arcs.

##### 3.1. Control of General Conflicts in Synchronized PNs

The resolution control of a general conflict is to choose a transition sequence such that the general conflict can be resolved according to the selected sequence to reach an expected marking.

The resolution control is illustrated by an example. shown in Figure 13(a) is a general conflict at marking . Figure 13(b) depicts in the corresponding synchronized net of with and . The resolution control of means to make decision on firing times of transitions and . In other words, the values of and are determined such that a resolution sequence of fires. Figures 13(c) and 13(d) show two feasible control policies.

**(a)**

**(b)**

**(c)**

**(d)**

If functions and are employed, the general conflict will fire resolution sequence in a net system (). If and are applied, the resolution sequence is ensured to fire in ().

In a general conflict, some resolution sequences can lead to the same output marking, which have different transition firing orders. In these resolution sequences, the synchronized one is unique, which is used to resolve the general conflict in synchronized PNs. For example, , , , and are four resolution sequences of the general conflict shown in Figure 13(a). Firing any of them leads to the same output marking. In this example, is used to resolve the general conflict in the synchronized PN.

A strategy to find all synchronized resolution sequences for a general conflict is proposed. Let be the set of transitions that are controlled by the external event at marking . Let and be two vectors. Notation means for every , and means for every , and for at least one , .

*Definition 13. *The sequence is said to be an elementary conflict resolution sequence (ECRS) with an external event in if it meets the following four conditions:(1)All the transitions in belong to .(2)All the transitions in belong to .(3), where with is the output incidence matrix and is the Parikh vector of .(4)There is no sequence such that .

An ECRS of a general conflict in a net corresponds to a synchronized resolution sequence. Conditions (1) and (2) in Definition 13 guarantee that the fundamental elements (transitions) in an ECRS are controlled by at marking and the transitions are in the set of general conflicting transitions. Condition (3) in Definition 13 ensures that the conflicting transitions in according to the ECRS are feasible (the tokens in places meet the firing condition of their output transitions in ). Finally, according to condition (4) in Definition 13, is ensured as a resolution sequence of the general conflict . In other words, all conflicting transitions become disabled if fires. Algorithm 14 is proposed to generate all ECRSs of a synchronized PN at a marking.

Algorithm 14 is illustrated through an example shown in Figure 14 in which the weight of each arc equals one for the sake of simplicity since the weights do not affect the function of Algorithm 14. Actually, a weight means a coefficient in the computation of enabling degrees. A synchronized PN is shown in Figure 14(a), where . Transitions from to are controlled by an external event outputting the functions from to , respectively. Transition is controlled by another external event with . The values of allowable enabling degrees of conflicting transitions can be obtained according to the firing times of the transitions in every ECRS.

*Algorithm 14 (generation of all ECRSs of a synchronized PN ). * Input is as follows: and . is an external event and employed in at marking . Output is as follows: all ECRSs: Step 1: delete all transitions not belonging to and their input and output arcs according to condition (1) in Definition 13. Step 2: according to condition (2) in Definition 13, delete all the transitions not belonging to and their input and output arcs. Step 3: delete all the arcs from transitions to places since an ECRS is related to the output matrix only according to condition (3) in Definition 13. the reduction leads to a new synchronized PN . All the transitions in are conflicting transitions. Step 4: construct the reachability graph of . Then, each deadlock marking implies an ECRS. is the generalized PN with . Step 5: output the ECRSs.

First, the input of Algorithm 14 is and the external event . After Step 1 in Algorithm 14, a subnet of is obtained as shown in Figure 14(b), where transition and its corresponding arcs in are removed since is not controlled by . Then, transitions , , and their corresponding arcs are removed by Step in Algorithm 14 since they are not conflicting transitions, which is depicted in Figure 14(c). The subnet of can be found as shown in Figure 14(d) according to Step 3 in Algorithm 14.

The generalized PN with contains a general conflict . Its reachability graph is shown in Figure 14(e). There are three deadlock markings that correspond to three different ECRSs , , and , respectively. Each ECRS can deduce the values of , , , and on external event . For example, is an ECRS of , which means that can be resolved by firing transitions once, and twice simultaneously. Hence, , , , and are obtained. The external event with the four allowable enabling degrees can perform control such that the transitions in fire according to the ECRS at marking .

The validity of Algorithm 14 is clear since the reachability graph of the PN that is composed of a general conflict only contains all feasible paths from an initial marking to all dead markings.

##### 3.2. Control of Confusions Using External Events

As stated in Section 2, a confusion is prone to the information loss of general conflicts owing to nondeterministic firing orders of concurrent transitions. In a CIC, a general conflict with maximal information content is implied in the evolution of markings. The marking at which the general conflict occurs is expected. It should be ensured that the firing of a transition sequence can reach the marking . Also, the transition firing sequences that lead to the information loss of the general conflict should be avoided.

If a general conflict with maximal information content in a confusion occurs, all the ECRSs are needed and can be obtained. Furthermore, an ECRS is selected as a decision to generate the allowable enabling degrees of transitions. The general conflict can always be resolved according to the selected ECRS by the control of external events. Here we assume that confusions have been found at a marking and we aim to control them. Algorithm 15 is proposed to control a given CIC.

*Algorithm 15 (general conflict control in CIC ). * Input is as follows: . Output is as follows: output , , and the dependency relation between and // is the set of transitions in . is a function mapping from to . is a set of external events with : Step 1: find the set of the structural conflicting transitions in . Let . , design a function . , design a function . Step 2: , . is the enabling degree of at the submarking . Step 3: design the dependency relation . Step 4: obtain the submarking by firing all transitions in at according to their enabling degrees. Step 5: find all ECRSs of by Algorithm 14 with the inputs and . Step 6: choose an ECRS. For any transition in , obtain the allowable enabling degree by the ECRS. Step 7: output , , and .

When the general conflict of a CIC is identified at making, its control can be enforced by adding external events according to some of the established rules. Algorithm 15 presents the rules. In Step 1 of Algorithm 15, the transition set of a CIC is partitioned into two parts and . According to Definition 11, a CIC occurs if the transitions in fire before those in . Hence, Algorithm 15 designs a dependency relation by Step 3 in Algorithm 15 between the event controlling the transitions in and the event controlling the transitions in such that, , , fires