Formal Methods in Specification and Synthesis of Petri net ... - LSI

attached explicitly to the places, and implicitly to thetransitions and arcs as well as to the tokens [15]. The setof subnets is partially ordered (Fig. 3, Fig. 4, Fig. 1). Thecoloured hierarchy relation tree (Fig.5) graphicallyrepresents the hierarchy and concurrency relationsamong subnets. The Base Net MP0 is on the root of theFig. 4: First and second order macronettree. It contains the double-macroplaces MP1-MP7,which stand for the hierarchically structured subnets atthe lower level of hierarchy.Each double macroplace corresponds to a compoundoperation, which is itself a discrete sub-processdescribed by the doubled block. The colours [1] and [2]are used for distinguishing particular intended sequentialprocesses, and continuously controlling the placeinvariants (P-subnets) and hierarchy tree during thecomposition or reduction of the net.[1 2][1 2][1 2][1 2][1]t1t4t8P1MP11MP5MP6[1 2]MP5/Q1MP0/Q1 Q1[2][1 2]MP2[2]MP7MP3[1 2]MP6MP4P2 P3 P4 P5 P6 P8 P7 P9[1] [1] [2]Q1/Q2Q1Q2/Q2 Q2/Q2 /Q2 Q2Q2/Q3 Q3 /Q4 Q4 /Q3 Q3 /Q4 c[1][1][1]Fig. 5: Hierarchy treeThe Petri net (Figure 1) is hierarchically encoded bymeans of state variables Qi, i= 1,2,3,4. The symbols Qior /Qi, attached to the particular path, which is directedfrom the root to the leave, form the unique encodingterm for the considered macroplace or place.3. Gentzen Sequent LogicPetri nets can be viewed as a formal model for logicrule-based specification (interpretation structure).Transition rules are usually treated as production rulest1Q1/Q2[1]t4Q1Q2[1]t8[1 2] 1 /Q1MP1MP3[2][2][2][2]MP2MP4[2]Q1/Q2Q1Q2('if-then' non-procedural statements). The principaldesign language used to specify the Logic Controllerbehaviour in extended nested If-Then-Else form in ourdesign environment is Gentzen Sequent Logic [9].While formulae F may be regarded as a formalrepresentation of compound proposition, sequent |- F inour approach represents asserted statement. Sequentsmay also formally describe all general forms ofconditional assertions, for example production rules: F |-G.The Gentzen formal system naturally simulates andrecords human-like reasoning. The synthesis, based onGentzen calculus, is treated as a formal symbolictransformation of the initial set of sequents(specification) into another equivalent set of sequents(implementation) [1,2]. The rules of inference aredirectly based on Gentzen Logic or they are previouslyproven, so the implementations are correct byconstruction.4. Petri net specification in sequent logiclanguageThe Logic Controller is considered as an abstractreasoning system (rule based system) implemented inreconfigurable hardware. The mapping between inputs,outputs and local internal states of the system isdescribed in a formal manner by means of logic rules(represented as sequents) with some temporal operators,especially with operator 'next' @ [1,11,14]. Thecorrectness preserving synthesis, based on Gentzencalculus, is treated as a formal transformation of theinitial set of compound rules (Specification) into anotherset of compound rules (Implementation).As a basic form of Petri net specification in decision ruleformat, the transition-oriented declarative specificationis presented. It describes all possible active events inconcurrent state machine, when local states associated totransition change and the guard (Boolean label) is true.The presented form of description is very closed to wellknownproduction rules, whose are a principal forms ofPetri net description in LOGICIAN [1], CONPAR[8,10], PARIS [12], and PeNCAD [3,15].T1: P1 * X0 |-@P2 *@P4;T2: P2 * X1 |-@P3;T3: P4 * X3 |-@P5;T4: P3 * P5 |-@P6 * @P7;T5: P6 * X5*X6|-@P8;T6: P7 * /X2*/X4|-@P9;T7: P8 * /X5|-@P6;T8: P6 *P9 * /X6|-@P1;The static (level) Moore type outputs depend directly onplace markings:P1 |- Y0; P2 |- Y1; P4 |- Y2;

P7 |- Y3 * Y4; P8 |- Y5; P9 |- Y6.The total discrete state space (Fig. 6), which includes 9global states, should be always consistent with allintended local state changes:|-P1*/P2*/P3*/P4*/P5*/P6*/P7*/P8*/P9,/P1*P2*/P3*P4*/P5*/P6*/P7*/P8*/P9,…,/P1*/P2*/P3*/P4*/P5*/P6*P7*P8*/P9,/P1*/P2*/P3*/P4*/P5*/P6*/P7*P8*P9;y2y3 y4 y5p3*p4M3p7*p8p1p2*p4p3*p4M5t4M6t7 /x5p6*p7t5M7M2t2t3t6M1x1x3x0x5*x6/x2*/x4p6*p9Fig 6: Global states of logic controllerThe dynamic (pulse or registered) output signal can beincluded directly to the decision rule, when it changes itsvalue together with the occurrence of transition. On theother hand, all changes of the place making could be alsoexplicitly included into the sequent, for example:T1:P1*X0|-@P2*@P4*@/P1*/@Y0*@Y1*@Y2;T8: P6 *P9 * /X6|-@P1*@/P6*@/P9*@/Y6*@Y0The transition symbols can be explicitly included intothe formal textual Petri net specification:y0P1 * X0|-T1;T1|- @P2 *@P4;P2 * X1 |-T2;T2|-@P3;P4 * X3 |-T3;T3|- @P5;P3 * P5 |- T4;T4|- @P6 * @P7;P6 * X5*X6|- T5;T5|- @P8;P7 * /X2*/X4 |- T6T6|- @P9;P8 * /X5 |- T7;t1y1 y2t3x3x1p2*p5t2y3 y4t6M4y1y6/x2*/x4 x5*x6 M8t5p8*p9 y5 y6M9/x5 t7t8 /x6T7- @P6;P6 *P9 * /X6 |- T8;T8|- @P1;In some cases, like implementations with D flip-flops inFPGA, the declarative, place oriented specification istaken into account. For example, the sequents whichinclude explicit transition symbols {T1, T2, …, T8}, aftermapping the Petri net into VHDL statements in M.Bolton’s style, give economical implementations inFPGA [8]Preconditions:Next markings:P1 * X0 |- T1;P2 * X1 |- T2;…P6*P9*/X6 |- T8;T8+P1*/T1 |- @P1;T1+P2*/T2 |- @P2;…T8+P9 */T8 |- @P9;In this kind of specification, if the next value of thetemporal variable, for example @P1, cannot be provedin the current marking (global state) as true, it isconsidered that it takes the value false.5. Petri Net and Logic DesignThe direct mapping of a Petri net into FieldProgrammable Logic (FPL) is based on a self-evidentcorrespondence between a place and a clearly definedbit-subset of a state register. The places of the Petri netare assigned to the particular flip-flops in the RegisterBlock. VHDL supports conditional-statement constructs,which can be used to describe Petri net. The proper localstate assignment (encoding) makes it possible to map agiven Interpreted Petri net directly into FPGA or CPLDwithout its transformation into an equivalent global StateMachine.The simplest technique for Petri net place encoding is touse one-to-one mapping of places onto flip-flops in thestyle of a one-hot state assignment. In that case, a nameof the place becomes also a name of the related flip-flop.The flip-flop is set into 1 if and only if the particularplace holds the token. Some of the recent developmentsinvolving modelling and analysis such constructs inVHDL were reported, for example in [2,3,8,10,15].In general, places after encoding are distinguished byconjunctions, which are formed from state variablesfrom the set {Q1, Q2, ... , Qk}. The local states, whichare active simultaneously, have non-orthogonal codes.They are represented by places holding the tokensconcurrently and belonging to the same vertex from theimplicitly or explicitly given reachability graph of Petrinet. The local states, which belong to the different, butsometimes overlapping sequential processes (Pinvariants,SM-components) have orthogonal codes. One

ecommended particular method of place encoding isbased on hierarchical decomposition of the net (Figure 2,Figure 3). The result of an efficient heuristic hierarchicallocal state assignment [Q1, Q2, Q3, Q4] is asfollows:P1 = 0 - - -P1 = /Q1P2 = 1 0 0 *P2= Q1*/Q2*/Q3P3 = 1 0 1 *P3= Q1*/Q2*Q3P4 = 1 0 * 0P4= Q1*/Q2*/Q4P5 = 1 0 * 1P5= Q1*/Q2*Q4P6 = 1 1 0 *P6= Q1*Q2*/Q3P7 = 1 1 * 0P7= Q1*Q2*/Q4P8 = 1 1 1 *P8= Q1*Q2*Q3P9 = 1 1 * 1P9= Q1*Q2*Q4The global state encoding is correct if all vertices of thereachability graph have different codes. The total code ofthe reachability graph vertex would be obtained bymerging the codes of the simultaneously marked places.The code of the particular place or macroplace isrepresented by means of the vector composed from {0, 1,- , *} or it is given as a related Boolean term. Thesymbols 0, 1, - ('don't care') have the usual meanings,but the symbol * in vector denotes 'explicitly don'tknow' (0 or 1, but not 'don't care').For several practical applications it is recommended tomanipulate with Boolean expressions (product terms), inwhich the symbols of places are substituted by encodingconjunctions, for example:T1: /Q1 * X0|-@Q1*@/Q2*@/Q3*@/Q4;T2: Q1*/Q2*/Q3* X1 |-@Q1*@/Q2*@Q3;T3: Q1*/Q2*/Q4* X3 |-@Q1*@/Q2*@Q4;T4: Q1*/Q2*Q3*Q4 |-@Q1*@Q2*@/Q3 *@/Q4;T5: Q1*Q2*/Q3*X5*X6|-@Q1*@Q2*@Q3;T6: Q1*Q2*/Q4*/X2*/X4|-@Q1*@Q2*@Q4;T7: Q1*Q2*Q3*/X5|-@Q1*@Q2*@/Q3;T8: Q1*Q2*/Q3*Q4*/X6|-@Q1;The simplified sequent specification, planned forimplementations based on the state register with JK flipflops,on the right sides does not contain signals, whichconserve their values during the occurrences oftransitions:T1: /Q1 * X0|-@Q1*@/Q2*@/Q3*@/Q4;T2: Q1*/Q2*/Q3* X1 |-@Q3;T3: Q1*/Q2*/Q4* X3 |-@Q4;T4: Q1*/Q2*Q3*Q4 |-@Q2*@/Q3 *@/Q4;T5: Q1*Q2*/Q3*X5*X6|-@Q3;T6: Q1*Q2*/Q4*/X2*/X4|-@Q4;T7: Q1*Q2*Q3*/X5|-@/Q3;T8: Q1*Q2*/Q3*Q4*/X6|-@/Q1;For Field Programmable Logic with JK flip flops,symbols @Qi can be replaced by J_Qi and symbols@/Qi respectively by K_Qi.6. Rapid modelling and synthesis withVHDLA particular form of place-based rules describesseparately the conditions for marking and clearing all theconsidered places. The condition for the new marking ofplace P1 is described as follows:Asserted that if P6 and P9 and not X6 then next P1;|- P6*P9*/X6-> @P1;Place P1 holds the token if it is marked and guard relatedwith its output transition is false:Asserted that if P1 and not X0 then next P1;|- P1*/X0 -> @P1;After the simple formal manipulations two separatedrules can be merged into the one statementAsserted that if P6 and P9 and not X6 or P1 andnot X0 then next P1;|- P6*P9*/X6+ P1*/X0 -> @P1;Taking as an example output Y0, which is active if andonly if the place P1 holds the token, we obtain:Asserted that if P1 then Y1 else not Y1;|-(P1-> Y1)*(/P1-. >/Y1)VHDL supports conditional-statement constructs, whichcan be used to describe Petri net-based Concurrent StateMachine implementations. As an example only a part ofPetri Net specification in VHDL is presented:Architecture reactor_desc of reactor issignal P : std_logic_vector(1 to 9);begin--Marking Places and Firing TransitionsP1: process (clk, reset)beginif reset='1' then P(1)

eginif reset='1' then P(2)