Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las...

26
Fundamenta Informaticae XXI (2001) 1001–1026 1001 IOS Press Decidability problems in Petri nets with names and replication Fernando Rosa-Velardo Facultad de Inform´ atica C/Prof. Jos´ e Garc´ ıa Santesmases, s/n 28040 Madrid (Spain) [email protected] David de Frutos-Escrig Facultad de CC. Matem´ aticas Pza. de las Ciencias, s/n 28040 Madrid (Spain) [email protected] Abstract. In this paper we study decidability of several extensions of P/T nets with name creation and/or replication. In particular, we study how to restrict the models of RN systems (P/T nets ex- tended with replication, for which reachability is undecidable) and ν -RN systems (RN extended with name creation, which are Turing-complete, so that coverability is undecidable), in order to obtain de- cidability of reachability and coverability, respectively. We prove that if we forbid synchronizations between the different components in a RN system, then reachability is still decidable. Similarly, if we forbid name communication between the different components in a ν -RN system, or restrict communication so that it is allowed only for a given finite set of names, we obtain decidability of coverability. Finally, we consider a polyadic version of ν -PN (P/T nets extended with name cre- ation), that we call -PN, in which tokens are tuples of names. We prove that -PN are Turing complete, and discuss how the results obtained for ν -RN systems can be translated to them. Keywords: Petri nets, pure names, infinite state systems, decidability, multithreading, security, choreography Address for correspondence: Facultad de Inform´ atica. C\Prof. Jos´ e Garc´ ıa Santesmases, s/n - 28040 Madrid (Spain) This paper is an extended and revised version of [32]. Its authors are partially supported by the Spanish projects DESAFIOS10 TIN2009-14599-C03-01, UCM-BSCH GR58/08/910606 and PROMETIDOS S2009/TIC-1465.

Transcript of Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las...

Page 1: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

Fundamenta Informaticae XXI (2001) 1001–1026 1001

IOS Press

Decidability problems in Petri nets with names and replication �Fernando Rosa-Velardo

Facultad de Informatica

C/Prof. Jose Garcıa Santesmases, s/n

28040 Madrid (Spain)

[email protected]

David de Frutos-Escrig

Facultad de CC. Matematicas

Pza. de las Ciencias, s/n

28040 Madrid (Spain)

[email protected]

Abstract. In this paper we study decidability of several extensions ofP/T nets with name creationand/or replication. In particular, we study how to restrictthe models of RN systems (P/T nets ex-tended with replication, for which reachability is undecidable) andν-RN systems (RN extended withname creation, which are Turing-complete, so that coverability is undecidable), in order to obtain de-cidability of reachability and coverability, respectively. We prove that if we forbid synchronizationsbetween the different components in a RN system, then reachability is still decidable. Similarly,if we forbid name communication between the different components in aν-RN system, or restrictcommunication so that it is allowed only for a given finite setof names, we obtain decidability ofcoverability. Finally, we consider a polyadic version ofν-PN (P/T nets extended with name cre-ation), that we callpν-PN, in which tokens are tuples of names. We prove thatpν-PN are Turingcomplete, and discuss how the results obtained forν-RN systems can be translated to them.

Keywords: Petri nets, pure names, infinite state systems, decidability, multithreading, security,choreography

Address for correspondence: Facultad de Informatica. C\Prof. Jose Garcıa Santesmases, s/n - 28040 Madrid (Spain)�This paper is an extended and revised version of [32]. Its authors are partially supported by the Spanish projects DESAFIOS10TIN2009-14599-C03-01, UCM-BSCH GR58/08/910606 and PROMETIDOS S2009/TIC-1465.

Page 2: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

1002 F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication

1. Introduction and related work

Pure names are identifiers with no relation between them other than equality [15]. They were firstmentioned by Needham, who said that pure names are“nothing but a bit pattern that is an identifier, andis only useful for comparing for identity with other bit patterns” [28]. Names are relevant to mobilityand security, because they can be used to represent channels, keys or computing boundaries [15].

In previous works [29, 31] we have studied a very simple extension of P/T nets, that we calledν-PN.Tokens inν-PN are pure names, that can be created fresh, moved along thenet and used to restrict thefiring of transitions with name matching.

Dynamic process creation is also ubiquitous in computer science, that is, the capacity of softwarecomponents to spawn new processes, like in multithreaded programs, broadcast protocols or dynamicnetworks [6, 12, 4]. In the field of mobility, particularly inthat of mobile agent systems, componentsusually have the capacity to replicate themselves, that is,the capacity of creating a new copy of them-selves, typically initialized with some fixed state. In previous works [31] we also extended P/T netswith a simple primitive that creates new nets. We called thisextension RN systems (where RN standsfor Replicated Nets). In RN systems we also consider an automatic garbage collection mechanism thatremoves any empty net, since once they hold no tokens they become blocked. Therefore, the number ofcomponents in an RN system can not only grow when a new replication is executed, but also decreasewhen a component becomes garbage.

In [22], Kummer proves undecidability of reachability for every object-oriented Petri net formalism.For that purpose, Minimal OO-nets were defined, as a minimal model of nets having objects as tokens,assuming that, at least, each object has a name. Though ourν-PN were thought of in a different context,they essentially correspond to the minimal OO-nets of [22].

The paper [9] studies different boundedness problems for Minimal OO-nets, and present an algorithmto decide them. Boundedness is a much trickier property thancoverability, as already pointed out by theresults about reset nets [10]. On the one hand, coverabilitycan be decided with backward algorithms,like the ones we use in this paper, though for boundedness typically forward algorithms need to beconsidered. Forward and backward reachability analyses behave very differently, and, in particular,forward algorithms are more difficult to obtain. In particular, the algorithm obtained in [9] actuallyreturns the wrong answer in several cases.

Another model based on Petri nets that has names as tokens isData Nets[24]. In Data Nets, tokensare not pure in general, but taken from a linearly-ordered infinite domain. In Data Nets, there is nomechanism for name creation, so that it has to be simulated using the linear order (for instance, simulatingthe creation of a fresh name by taking a value greater than anyof the values that have appeared so far).Thus, in an unordered version of Data Nets there is no way of ensuring that a name is fresh.

Other similar models include Object Nets [33, 34, 35], that follow the so called nets-within-netsparadigm. In Object Nets, tokens can themselves be Petri nets that synchronize with the net in whichit lies. This model is supported by the RENEW tool [23], a toolfor the edition and simulation ofObject Petri Nets. Moreover, the RENEW tool can represent all the models presented in this paper and,therefore, be used to simulate them.

Several papers study the expressive power of Object Nets. The paper [20] considers a two level re-striction of Object Nets, called Elementary Object Nets (EON), and proves undecidability of reachabilityfor them. This result extends those in [19]. Moreover, some subclasses are proved to have decidablereachability. In [21] it is shown that, when the synchronization mechanism is extended so that object

Page 3: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication 1003

tokens can be communicated, then Turing completeness is obtained. However, in all these models pro-cesses (object nets) do not have identities.

Nested Petri Nets [25] also have nets as tokens, that can evolve autonomously, move along the systemnet, synchronize with each other or synchronize with the system net (vertical synchronization steps).Nested nets are more expressive thanν-PN. Indeed, it is possible to simulate everyν-PN by means ofa Nested Petri Net which uses only object-autonomous and horizontal synchronization steps. In NestedPetri Nets, reachability is undecidable, although other problems, like termination, remain decidable [26].

We know that reachability inν-PN is undecidable [22], but they are Well Structured TransitionSystems (WSTS), so that coverability is still decidable [29]. Moreover, in [31] we proved thatν-PNand RN systems are equivalent, in a sense that preserves bothreachability and coverability, so that wealso know that reachability is undecidable for RN systems, but coverability is decidable for them.

Finally, also in [31] we extended P/T nets both with name creation and replication, obtainingν-RNsystems, and proving that, although the two extensions wereequivalent, when we consider both of themtogether we obtain Turing-completeness. In particular, coverability is undecidable.

In this paper we study how both models, RN systems (or equivalently ν-PN) andν-RN can be re-stricted in order to keep decidability of reachability and coverability, respectively. We will prove thatreachability is decidable for the class of RN systems without synchronizations. The proof is done by firstreducing it to reachability in a multiset rewriting system with conditional rewrite rules, where the condi-tions are reachability problems in ordinary P/T nets. This technique is somewhat similar to the model ofRecursive Petri Nets (RPN) [16, 17], in which some transitions (the so calledabstracttransitions) are notatomic. They first remove tokens from preconditions, but do not put them in postconditions until a newcomponent (a child thread created by the abstract transition, initially marked in some fixed way) reachesa final marking, where the set of final markings must be a semi-linearset. However, there are importantdifferences between RPN and these multiset rewriting systems, that do not allow to reduce reachabilityin the latter to reachability in the former.

For the model ofν-RN systems, that encompasses both name creation and replication, we provethat by forbidding name communication between components,while still allowing synchronizations,coverability is decidable. If communication is allowed, but restricted to names in a given finite set,then we also prove decidability of coverability. We show that, with these restrictions,ν-RN are WellStructured Transition Systems (WSTS) [13], for which coverability is decidable.

Several works exist [7, 18] that use Petri nets with name creation. The paper [7] gives a semanticsto an extension of BPEL with instance isolation, while in [18] the problem of transactions in Databasesis studied using Petri nets with names. However, in both papers the Petri nets considered have tuples ofnames as tokens. In order to study the resulting model, in Sect. 6 we will consider polyadicν-PN, anextension ofν-PN in which tokens are tuples of pure names, gettingpν-PN. We show that the expressivepower ofpν-PN is strictly greater than that ofν-PN, reaching Turing completeness even if we restrictsuch tuples to be pairs. The proof is done by simulating anyν-RN system by a polyadic (binary)ν-PN.Moreover, we identify the subclass of polyadicν-PN that can be simulated byν-RN systems withoutcommunications, or with restricted communication, so thatcoverability is also decidable for them.

The rest of the paper is structured as follows. Sect. 2 introduces notations and some basic concepts.Sect. 3 definesν-RN systems, RN systems, andpν-PN. In Sect. 4 we prove decidability of reachabilityfor RN systems without synchronizations. Sect. 5 proves decidability of coverability for the class ofν-RN systems without communications or with restricted communications. In Sect. 6 we prove Turingcompleteness ofpν-PN. Finally, Sect. 7 presents our conclusions and some directions for future work.

Page 4: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

1004 F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication

2. Preliminaries

Given an arbitrary setA, we will denote byMSpAq the set of multisets ofA, that is, the set of mappingsm : A Ñ N. We denote bysupppmq the support ofm, that is, the setta P A | mpaq ¡ 0u. A multisetmis finite if supppmq is a finite set, in which case we denote by|m| � °

aPsupppmqmpaq the cardinality ofm.

All the multisets that appear in this paper are finite. Given two multisetsm1,m2 PMSpAq we denote bym1�m2 the multiset defined bypm1�m2qpaq � m1paq�m2paq. We will write m1 � m2 if m1paq ¤m2paq for everya P A. In this case, we can definem2�m1, given bypm2�m1qpaq � m2paq�m1paq.We will denote by

°the extended multiset sum operator and byH P MSpAq the multisetHpaq � 0,

for everya P A. We lift any f : A Ñ B to f : MSpAq Ñ MSpBq definingfpmq P MSpBq byfpmqpbq � °

fpaq�b

mpaq, wheneverm P MSpAq. We identify each set with the multiset defined by its

characteristic function, and we will use set notation to specify multisets, as standard, thus taking intoaccount the possible presence of repeated elements.

A quasi order inA is a reflexive and transitive binary relation onA. A partial order is an antisym-metric quasi order. Every quasi order¤ defined inA induces a quasi order� in MSpAq, given byta1, . . . , anu � tb1, . . . , bmu if there is someh : t1, . . . , nu Ñ t1, . . . ,mu injective such thatai ¤ bhpiqfor all i P t1, . . . , nu. We writes   s1 if s ¤ s1 ands1 � s (analogously, we write� for �). A quasiorder¤ is a well-quasi order (wqo) if for every infinite sequences0, s1, . . . there arei andj, with i   j,such thatsi ¤ sj. Equivalently, it is a wqo if every infinite sequence has a non-decreasing subsequence.It is a well known fact that the multiset order� induced by a wqo¤ is also a wqo.

A family of quasi orderspAi,¤iqni�1induces a quasi order¤ in the setA1 � . . . � An, given bypa1, . . . , anq ¤ pb1, . . . , bnq wheneverai ¤i bi, for all i P t1, . . . , nu. If all the quasi orders¤i are wqo

then so is¤. Given a setA, we denote bySeqpAq the set of tuples (finite sequences) of elements inA,that is,SeqpAq � �

i¡0 Ai. We can also extend anyf : A Ñ B to f : SeqpAq Ñ SeqpBq by takingfppa1, . . . , anqq � pfpa1q, . . . , fpanqq. We will sometimes use set notation for tuples, so that we willwrite, for instance,a P pa, bq.

A transition system is a pairpS,Ñq, whereS is a (possibly infinite) set of states andÑ� S�S. Wedenote byÑ� the reflexive and transitive closure ofÑ. The reachability problem in a transition systemconsists in deciding for two given statess0 andsf whethers0 Ñ� sf . For any transition systempS,Ñqendowed with a quasi order¤ we can define the coverability problem, that consists in deciding, giventwo statess0 andsf , whether there is a a states reachable froms0 such thatsf ¤ s.

A Well Structured Transition System (WSTS) is a tuplepS,Ñ,¤q, wherepS,Ñq is a transitionsystem,¤ is a decidable wqo compatible1 withÑ (meaning thats11 ¥ s1 Ñ s2 implies that there iss12 ¥s2 with s11 Ñ� s12), and so that for everys we can compute (a finite representation of) the setts1 | s1 Ñs2 ¥ su. We will refer to these properties as monotonicity ofÑ with respect to¤, and computability ofthe set of predecessors, respectively. For WSTS the coverability problem is decidable [2, 13].

In the paper we assert several times that a modelM1 simulates another modelM. By that we mean

that for every systemN in M there isN 1 � F pN q in M1, whereF is a computable function, such that

the transition systems generated by the semantics ofN andN 1 are isomorphic. Therefore, reachabilityin N andN 1 become equivalent. Moreover, the isomorphisms preserve the orders considered in each ofthe models, so that coverability in both models is also equivalent.

1Different compatibility conditions are discussed in [13].

Page 5: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication 1005

3. Name creation and Replication

In [31] we definedν-PN and RN systems as extensions of P/T nets, and thenν-RN systems as anextension ofν-PN with replication or, equivalently, as an extension of RNsystems with name creation.2

Here, we plan to consider also a polyadic version ofν-PN. This is why we prefer to start by definingpν-RN systems, the most general model, that subsumes all of them, and then obtainν-RN systems,pν-PN,ν-PN, and RN systems by restrictingpν-RN systems in the adequate ways.

Polyadicν-RN systems (pν-RN systems for short) are a natural extension ofν-RN systems. Aconfiguration of apν-RN system is given by a multiset of the components that compose the system.Each of this components is a colored Petri net, where tokens are tuples of pure names (instead of a singlepure name, as it was the case forν-RN systems), taken from a setId . In order to handle names, we needmatching variables, taken from a setVar . Moreover, we add a primitive capable of creating fresh names,formalized by means of a special variableν P Var . We will manage names by attaching those variablesas labels in the arcs.

In aν-RN system transitions fire synchronously. For that purpose, we will consider a setS of servicenames, and a functionarity : S Ñ N, and we take the set of synchronizing labelsSync � tspiq |s P S, 1 ¤ i ¤ aritypsqu. We will denote byT the set of tuples of names of arbitrary length, that is,T � SeqpIdq. The tokens of apν-RN system are taken fromT . We will useϕ, ϕ1, ϕ1 to range overtokens.

Definition 3.1. A pν-RN system is a tupleN � pP, T, F, λq, whereP andT are finite disjoint sets ofplaces and transitions, respectively, andF : pP � T q Y pT � P q Ñ SeqpVar q is a partial function.Components ofN are represented by mappingsM : P Ñ MSpT q. The set of possible components ofN will be denoted byComp, and we haveλ : T Ñ Sync � Comp.

The domain of the partial functionF defines the set of arcs ofN . An arc pp, tq is called a prearc,and an arcpt, pq is called a postarc. Ifpp, tq is a prearc, thenF pp, tq is a tuple of variables, that is usedto specify what tokens can be taken from preconditions. Analogously, for a postarcpt, pq, F pt, pq sayswhat tokens are put in postconditions. We writepreptq � tx P Var | x P F pp, tq for somep P P u,postptq � tx P Var | x P F pt, pq for somep P P u andVarptq � preptq Y postptq to denote the setof variables in labels of arcs that are adjacent tot. The functionλ labels transitions for two differentpurposes. On the one hand, it defines how a transitiont must synchronize (first part ofλptq) as we willsee in detail in a moment. On the other hand, it indicates which new components are created by theirfiring.

We denote just byH the empty component, that without tokens, and byInitN , or simplyInit whenthere is no confusion, the set of (non-empty) components that appear as labels of transitions, that is,InitN � tM | λptq � pℓ,Mq for somet P T andℓ P Sync with M � Hu.Definition 3.2. A marking ofN is a multiset of components ofN .

Markings ofpν-RN systems are multisets of components. We will useM, M1, M1,... to range overmarkings. We identify a component by its current marking, and talk about componentM . Therefore,for a componentM and a markingM, MpMq is the number of copies equal toM (includingM itself)appearing inM. We defineIdpMq � ta P Id | a P ϕ for someϕ P Mppq, for somep P P u � Id , the

2Actually, we used the termsν-APN and g-RN instead, though we prefer to use here these simplified acronyms.

Page 6: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

1006 F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replicationpa, bqp

q

k

a k

t1

t2

px, yq ν

x yÑ pa, bqp

q

c

a b

t1

t2

px, yq ν

x y

pb, aqp

q

k

a k

t1

t2

px, yq ν

x y

Figure 1. A simplepν-RN system and the firing of its only tuple of compatible transitions,t � pt1, t2q, assumingλpt1q � psp1q, Mq, λpt2q � psp2q,Hq, with aritypsq � 2, Mppq � tpb, aqu andMpqq � tauset of all the names appearing in some token in some place, according to componentM . Analogously,IdpMq � �MPM IdpMq.

A synchronous firing can happen whenevern compatible transitions (having labelssp1q, . . . , spnqfor somes P S with arity n) are enabled. In that case they can all be fired simultaneously, followingthe ordinary token game. Moreover, the firing of each transition t will produce a new component, asindicated by the second part of the labelλptq. For a tuple of transitionst � pt1, . . . , tnq we writepreptq � �n

i�1 preptiq, postptq � �ni�1 postptiq andVarptq � preptq Y postptq.

Definition 3.3. The transitions in a tuple of transitionst � pt1, . . . , tnq are said to be compatible if thereis s P S with aritypsq � n such that:

- λptiq � pspiq,Miq for all i P t1, . . . , nu, and

- post ptqztνu � preptq.We will write NCptq to denote the multisettM1, . . . ,Mnu.

Therefore, every variable appearing in some postarcpti, pq (except the special variableν) must nec-essarily appear in some prearcpp, tjq. NCptq is the multiset of components created by the firing of thetuple t. Transitions are fired with respect to a mode, that chooses which components are involved in thefiring and which tokens are taken from preconditions.

Definition 3.4. A modeσ of a tuple of compatible transitionst is a pairpσ1, σ2q, whereσ1 : t Ñ N andσ2 : Varptq Ñ Id .

The mappingσ1 will choose which components are involved in the firing oft. More precisely, givena markingM � tM1, . . . ,Mnu, each transitiont such thatσ1ptq � i is fired byMi. Notice that thedefinition of σ1 depends on an arbitrary enumeration of the multiset of componentsM; for the solepurpose of enumerating components in a multiset, we can fix any order between components, as thelexicographic order. The mappingσ2 is responsible for the flow of tokens, instantiating every variablex with some valueσ2pxq. In the following definition, by abuse of notation, we taketσ2pF pt, pqqu � H(resp.tσ2pF pp, tqqu � H) wheneverF pt, pq (resp.F pp, tq) is not defined.

Definition 3.5. Given apν-RN systemN , M � tM1, . . . ,Mnu a marking ofN andt a tuple of com-patible transitions, we sayt is enabled in modeσ � pσ1, σ2q if:

- For all t P t, σ1ptq P t1, . . . , nu,- if ν P Varptq, thenσ2pνq R IdpMq Y IdpInitN q, and

- for everyi P t1, . . . , nu andp P P ,°t P t

σ1ptq � i

tσ2pF pp, tqqu � Mippq.

Page 7: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication 1007pa, bq k

a

b c l

px, yq x

y ν

Ñ k a

a

c d

(d fresh)

px, yq x

y ν

Figure 2. A simplepν-PNpa, cq px, bqapa, xq px, bq ù a b

apa, cq pa, cqy zpy, xq px, zqFigure 3. Labelling arcs by constants

For eachi P t1, . . . , nu, let us denote byM 1i the component given by

M 1ippq � Mippq �

t P t

σ1ptq � i

tσ2pF pp, tqqu �t P t

σ1ptq � i

tσ2pF pt, pqqu �p P P

Then, the reached marking after the firing oft in modeσ isM1 � tM 11, . . . ,M

1nu �NCptq.

We require thatν is always instantiated to a fresh name that is not in the current marking, includingthe tokens in the newly added components. Though we have not forbidden the occurrence ofν in anyprearc, if it did appear there then the corresponding transition would never be enabled. Accordingly, werule out such situation assuming in the future thatν R preptq, for every transitiont.3

Notice thatM 1i coincides withMi whenever there is not with σ1ptq � i. We will write M

tpσqÝÑM1if M1 is reached fromM whent is fired with modeσ. Analogously as for P/T nets, we also have the

relations tÝÑ andÑ�. Fig. 1 depicts a simplepν-RN system with a single component. This componenthas two compatible and enabled transitions, so that they cansynchronize. The reached marking after thesynchronous firing of this pair has two components, the one wealready had (after evolving) and a newlycreated one. Notice that after that firing the system is blocked, because we can not instantiatex uniformlyanymore to fire the transitions (it should be instantiated tob, according tot1, and toa, according tot2).

Wlog., we assume that every transition has a precondition, so that every firing needs the presenceof a token.4 Therefore, empty components can not fire any transition, so that they can be considered asgarbage. An innocuous extension of Def. 3.1 is to consider not only variables, but also constant identifiersas part of the tuples that label arcs. For instance, if a pairpa, xq labels a prearc then only tokens of theform pa, cq for somec can be consumed. This extension is innocuous because these constants can beeasily simulated by variables by introducing and extra place for each, as shown in Fig. 3. In particular, ifthe constant used is the “distinguished” identifier P Id , we can use ordinary black tokens as part of outnets. In that case, we will not attach the constant label to the arc, as done for instance in Fig. 10.

We identify markings up to�, the least congruence such thatM � M � tHu. From now on wewill implicitly identify markings up to�. Moreover, we refine� in order to capture the intuition thatthe names inId are pure, we work moduloα-conversion, thus allowing consistent renaming of names inmarkings.

Definition 3.6. Let N be apν-RN system andM1 � tM1, . . . ,Mnu andM2 � tM 11, . . . ,M 1

mu two

3We could have actually ruled outν P preptq from the beginning, but this would only unnecessarily complicate our definitions.4For any autonomous transitiont, we could add a place that is pre and postcondition oft.

Page 8: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

1008 F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication t1

t2

p

q1

q2

t1

t2

p

q1

q2

� t1

t2

p

q1

q2

t1

t2

p

q1

q2

Ñ t1

t2

p

q1

q2

t1

t2

p

q1

q2

Figure 4. RN system withλpt1q � psp1q,Hq, λpt2q � psp2q,Hq, aritypsq � 2, and with initial markingM � ttp, pu, tp, puu and two possible firings

markings ofN . We defineM1 �α M2 if there are two injectionsh : t1, . . . , nu Ñ t1, . . . ,mu andι : IdpM1q Ñ IdpM2q such that for everyi P t1, . . . , nu, ιpMippqq � M 1

hpiqppq, for all p.

Functionh has the role of mapping components ofM1 to components ofM2, while ι maps namesin M1 to names inM2. We denote by�α the relation�α X α� and identify markings up to�α (thatrefines�, that is,M1 �M2 impliesM1 �α M2).

We have definedpν-RN systems, that encompass name creation (with managementof tuples ofnames) and replication. This model is an extension ofν-RN systems, in which no tuples of names wereconsidered, so that tokens were plain names.

Definition 3.7. A pν-PNN � pP, T, F, λq with initial markingM0 is apν-RN system satisfying:

- λptq � pℓ,Hq with aritypℓq � 1, for all t P T , and

- M0 � tM0u, for some componentM0.

That is,pν-PN arepν-RN systems in which all transitions are non-synchronizing(that is, they canfire without needing to synchronize with others), the initial marking has one single component, andno new components can ever be created5 (technically, we always create empty components, which aregarbage). Under those conditions,λ plays no role whatsoever, so that we may safely omit it. Fig. 2depicts a simplepν-PN and the firing of its only transition. Moreover, given a transitiont, in an enabledmodeσ � pσ1, σ2q, σ1 necessarily mapst to the only component in the current marking. Therefore,modes can be simply seen as mappingsσ : Varptq Ñ Id .

RN systems are also easily obtained by restrictingpν-RN systems, forbiding the use of names.

Definition 3.8. A pν-RN systemN � pP, T, F, λq with initial markingM0 is a RN system if there is P Id andε P Varztνu such that:

- For all t P T , if λptq � pℓ,Mq thenMppq PMSpt uq for all p P P ,

- For allp P P andt P T , if F pp, tq is defined thenF pp, tq � ε (analogously forpt, pq), and

- M0ppq PMSpt uq for all p P P .

5Actually, if we demand only that no new components are created, but they can synchronize, then we can build an equivalentnet satisfying all the conditions in Def. 3.7. See [31].

Page 9: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication 1009 tp, quaut

p

q

Ñ tp, quaut

p

q

tp, quaut

p

q

Figure 5. RN system firing a replication transition

RN systems arepν-RN systems in which all components use a single token , which is managed bya single variableε. In this case, given a transitiont, if σ � pσ1, σ2q is enabled in some markingMthen necessarilyVarptq � tεu andσ2pεq � , so that modes can be simply considered as mappingsσ : t Ñ N, and components become isomorphic to multisets of places. Moreover, the order�α, thatwe will simply write as� (since no non trivial renaming can be done) is the multiset order induced byinclusion of components. Fig. 4 depicts a simple RN systems and the firing of its only pair of compatibletransitions, with two different modes.

Finally, we callν-RN systems the subclass ofpν-RN systems in which tokens are single pure names,that is, such thatF pp, tq P Var whenever it is defined (and analogously forpt, pq), andMppq PMSpIdqfor every component inInitN or in the initial marking. Aν-PN is aν-RN system that is also apν-PN.Therefore,ν-PN like the ones considered in [31, 29] arepν-PN in which every arc is labelled by a singlevariable, that is, a tuple of length 1. Forν-PN, components have names as tokens. Then, we can seemarkings ofν-PN as mappingsM : IdpMq ÑMSpP q, so thatMpaq is the multiset of places in whichthe tokena can be found. Analogously, we can do the same thing for components ofν-RN systems.

The reader is referred to [31] for further details on the study of these classes of nets. We provedthere thatν-PN and RN systems are equivalent, because they simulate each other in the strong sense wementioned in Sect. 2, so that the (un)decidability results for ν-PN can be transferred to RN systems, andvice versa. Thus, we obtained that bothν-PN and RN systems have undecidable reachability, but bothhave decidable boundedness (whether the set of reachable markings is finite or not) and coverability.Moreover,ν-RN systems are Turing complete, and in particular, coverability is also undecidable forthem (consequently, also forpν-RN systems).

4. Decidability of reachability for RN systems without synchronizations

In this section we consider RN systems that can not synchronize, that is, such that every transitiontsatisfiesλptq � ps,Mq with aritypsq � 1, so that the synchronization labels do not play any role.Therefore, for RN systems without synchronizations, we will write λptq � M .

We prove that RN systems without synchronizations have decidable reachability. First let us intro-duce some notations that we will use throughout this section. They deal with the behavior of a componentwhen considering it in isolation, that is, without considering it as part of a system. We will sayt is arepli-

cating transitionif it creates a new component, that is, wheneverλptq � H. We will write MMÝÑ M 1

to denote the fact thatM 1 can be reached fromM by firing asequenceof transitions whose set of repli-

cating transitions produces the new components inM. Analogously, we will also writeM M¥ÝÑ M 1,whenM 1 can be reached fromM by at least producing the new components inM. Since reachabilityand coverability are decidable for ordinary P/T nets [11], we immediately obtain the following results.

Lemma 4.1. GivenM1, M2 andM, it is decidable whetherM1

MÝÑ M2 and whetherM1

M¥ÝÑ M2.

Proof:DecidingM1

MÝÑ M2 amounts to deciding whetherM2 is reachable fromM1 having fired some tran-

Page 10: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

1010 F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication

sitions (the ones labelled with components inM) a certain number of times. As it is standard, we add

a postconditionpM to each transitiont with λptq � M P Init . Then,M1

MÝÑ M2 if and only ifM1 ÝÑ� M2 �M , whereMppM q �MpMq.

In order to decide,M1

M¥ÝÑ M2 we also add the placespM together with a new placeok, and we usethe standard technique of reducing coverability to reachability, but only applied to the placespM . We

add a transition6 with tpM | M PMu as precondition andok as postcondition. ThenM1

M¥ÝÑ M2 if andonly if the submarkingM2 � toku (without considering the placespM ) is reachable. [\

This section is devoted to proving that givenM0 andMf , markings of a RN systemN withoutsynchronizations, we can decide whetherM0 � Mf . Let us denote byRpM0,Mf q or justR whenthere is no confusion, the set of components appearing in theinitial or final marking, and those that couldbe created by the replicating transitions,RpM0,Mf q � supppM0q Y supppMf q Y InitN .

Consider any sequence of transitions reachingMf from M0. Every component that appears in anymarking of that trace evolves on its own, because there are nosynchronizations. When the final markingis reached, any of those components either has evolved to theempty component (possibly creating ontheir way other components) or to some of the components in the final marking (again, possibly creatingother components). This is the part of the full behavior of components that we need to control: whetherthey can evolve to the empty marking, or whether they can evolve to some component in the final markingand, in each of both cases, what components it creates.

Therefore, in order to carry out this analysis, we do not needto work over the reachability graphgenerated by the RN system, but it is enough to consider that of the following transition system.

Definition 4.1. Let N � pP, T, F, λq be a RN system without synchronizations, andM0 andMf betwo markings ofN . Let us define the transition systemlpNq � pS, ÞÑq, given by:

- S �MSpRpM0,Mf qq{�,

- ÞÑ is the least relation compatible with multiset addition such that

MMÝÑ M 1tMu ÞÑ tM 1u �M

By compatibility with multiset addition, we mean that wheneverM1 ÞÑM2 then for every multisetM we also haveM�M1 ÞÑM�M2. Each stepM ÞÑM1 represents part of the life of a componentM in M, that either disappears ifM 1 � H, or evolves to a component inR. The behavior ofN that weare interested in is reflected inlpNq, as asserted by the following

Proposition 4.1. For anyM1 andM2 in S, M1 Ñ� M2 in N �M1 ÞÑ� M2 in lpNq.Proof:We prove thatM1 Ñ� M2 impliesM1 ÞÑ� M2 (the converse implication is trivial by definition ofÞÑ). The proof is by induction on the number of created components in the trace. If no component

6We are now assuming that arcs have weights to keep the ideas clear. Weights could have actually been considered, withoutaffecting any of the results presented.

Page 11: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication 1011HM0

2

1 2

11

M12

12

M01

22

111 112

MH122 222

1111 1112 1122 1222 2222

Figure 6. Computation of all minimalMH when|Init| � 2.

is created, thenM1 � tM1, . . . ,Mnu, M2 � tM 11, . . . ,M

1nu and Mi

HÝÑ M 1i for i � 1, . . . , n.

Then, for all i, we can derivetMiu ÞÑ tM 1iu, and because it is compatible with multiset inclusion,tM1, . . . ,Mnu ÞÑ� tM 1

1, . . . ,M1nu.

Let us now suppose that some component is created in the trace. In that case, there is some componentthat is created last, by some other componentM . This component was either in the initial marking orit was created by some other component, so in any caseM P R. Let M be the multiset of all thecomponents created byM . Since no more components are created after those inM, M evolves to some

M1 � Mf , and everyM P M satisfiesMHÝÑ M 1 for someM 1 P supppM2q or for M 1 � H. Then,

we can derive thattMu ÞÑ tM 1u and, as in the base case,M ÞÑ� M1.Now we have to distinguish between two cases: the one in whichM evolves to the empty marking,

MMÝÑH (so thattMu ÞÑM ÞÑ� M1), and the one in which it evolves to some component in the final

marking,M MÝÑ Mf (so thattMu ÞÑ M � tMf u ÞÑ� M1 � tMf u). In the first case, we can reorderthe trace so that

M1 �M2 �M

1 � tMu �M2

The induction hypothesis tells us thatM1 ÞÑ� M2 � M1 � tMu ÞÑ� M2 � M1 � M1 � M2.Analogously, we obtainM1 ÞÑ� M2 in the second case. [\

From now on, we will study the reachability problem for the transition systemslpNq. The mainproblem when we try to devise an algorithm to decide reachability in RN systems is that caused by thosecomponents that may evolve to the empty marking, possibly bycreating other components that couldalso eventually disappear. In order to handle this difficulty, we will define the following order, that takesinto account those markings.

Definition 4.2. We writeM1 �H M2 wheneverM2 �M1 �M andM ÞÑ� H.

That is,M1 �H M2 if M1 �M2 andM2 �M1 ÞÑ� H. In the first place, the defined relation isreflexive, transitive and anti-symmetric, so that it is a partial order. Moreover, givenM1 andM2, thereis a procedure to effectively determine whetherM1 �H M2. In order to see it, we need the followingauxiliary results.

Lemma 4.2. GivenM , the set of all minimalM (with respect to multiset inclusion) such thatMMÝÑH

is computable.

Proof:Actually, we prove the more general result of computing all minimal M greater than a givenM such

Page 12: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

1012 F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication

thatM MÝÑH, so that we obtain the result by taking the particular case inwhichM � H. If M �Ñ� H(as marking of a P/T net) then there is no suchM, and the set we are computing is empty. Let us supposethatM Ñ� H. We proceed by induction onn, the number of components inInit . If n � 0 then it is the

case thatMHÝÑH, so that the only marking to consider is the empty one (which is minimal).

Let us now consider the inductive case, that is,Init � tM1, . . . ,Mnu for somen ¡ 0. We know

thatM Ñ� H, so that we know that there is at least oneMH such thatMMHÝÑ H. Then, we can do a

breadth-first search in the lattice of markings (see Fig. 6) to compute one minimalMH greater thanM

such thatMMHÝÑH.

Now we need to compute the rest of the minimal markings, though we do not need to search amongthose greater thanMH (with respect to multiset inclusion) because we know that any solution greaterthanMH would not be minimal. Let us denote byki the number of times that the componentMi P R

appears inMH, that is,ki � MHpMiq. For eachi P t1, . . . , nu and allj P t0, . . . , ki � 1u let Mji be

the marking in which thei-th componentMi of Init appearsj times, and thel-th componentMl appearskl times, for alll � i, that is

Mji pMlq � # j if l � i,

kl if l � i

Now for eachi andj, let us see that we only need to look for all minimalM1 greater thanMji and

whose number of componentsMi does not increase. Indeed, leti andj such thatj   ki � 1 andMsuch thatMj

i �M with MpMiq � j � 1. SinceMji � M, MpMlq ¥M

ji pMlq � kl � M

j�1

i pMlq,andMpMiq � j � 1 � M

j�1

i pMiq. Then we have thatMj�1

i � M. Similarly, we can see that forj � ki � 1, anyM greater thanMj

i such thatMpMiq � j � 1 satisfies thatMH �M.Then, for everyMj

i we can “block” the firing of the replicating transitions thatcreateMi, and applythe induction hypothesis to compute the setMin

ji of all minimal markings greater thanMj

i that complywith the thesis. Now we can compute the set we are looking for as tMHu Y�Min

ji . [\

In Fig. 6 we can see an example of the reasoning followed in theproof of the previous result, in therestricted case in which|Init| � 2. In it, the first four levels of the lattice of all multisets with elementsin Init is depicted, denoting by1 the componentM1 and by2 the componentM2, so that we write, forinstance,1122 to represent the multisettM1,M1,M2,M2u. In Fig. 6 it is assumed that the first marking

that we find when we search the lattice for a markingMH such thatMMHÝÑH is122. In that case, we do

not need to keep searching among those markings greater than122, those inside the dashed line. In orderto keep searching among the markings that are not greater than MH the proof of the above result buildsM0

1, M0

2andM1

2, which correspond to the markings inside boxes in the picture. As we can see, now

it is enough to keep searching by following the arrows. For instance, the marking1112 is greater thanM0

2if we allow 2 to be created, but is also greater thanM1

2, without allowing creation of component2.

Moreover, any marking greater thanM12

that creates component2 is also greater thanMH.Next, two simple lemmas that we will need to prove that the order�H is decidable.

Lemma 4.3. M ÞÑ� H if and only if for all M P supppMq, tMu ÞÑ� H.

Lemma 4.4. If M �M1 andM1 ÞÑ� H thenM ÞÑ� H.

Page 13: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication 1013

Proof:If M �ÞÑ� H then, by the previous lemma there isM PM such thattMu �ÞÑ� H. SinceM �M1 thenM PM1, so that again by the previous result,M1 �ÞÑ� H. [\

The following result, that will allow us to conclude that thedefined order is decidable, is a weak formof the decidability result we are looking for.

Proposition 4.2. Given a markingM, it is decidable whetherM ÞÑ� H.

Proof:By Lemma 4.3, it is enough to decide whethertMu ÞÑ� H for a given componentM . We proceed byinduction on the number of components inInit . If there are no components thenM can not replicate,and it is enough to decide whetherM Ñ� H, which is decidable. Let us see the inductive case.

If M �Ñ� H then clearlytMu �ÞÑ� H. Otherwise, by Lemma 4.2 we can consider all minimalM

such thatM MÝÑ H. We have to decide whether at least one of thoseM satisfiesM Ñ� H. Noticethat, thanks to Lemma 4.4, it is enough to consider minimal markings (the empty marking can be reachedif and only if it can be reached from the minimal ones). Noticealso that, because we are beginning thetrace inM , it is enough to consider traces that do not create markingM , so that we can removeM fromInit . Therefore, we can apply the induction hypothesis and we canconclude. [\Corollary 4.1. �H is a decidable partial order.

Though Proposition 4.2 is only a step away from the result we are looking for, that is decidabilityof general reachability, it does not seem immediate to generalize the previous result to the general one.essentially because we do not have a result analogous to Lemma 4.4 in the general case. But we canadapt the widely used technique of WSTS [13] for our purposes. In general, the technique is usedto prove decidability of the so called control reachability[2], that in our setting amounts to coverability.However, the coverability problem induced by�H is just reachability. Indeed, there exists some markingM1 such thatM �H M1 is reachable if and only ifM is reachable: indeed, if suchM1 is reachable,since it satisfiesM1 � M �M with M � H, then it also satisfiesM1 � M; conversely, it isenough to takeM1 �M.

We can not use the technique directly, because the order we have defined is not a wqo. Indeed, ifM

is a component such thatM �Ñ� H then the sequencetMu, tM,Mu, tM,M,Mu, . . . does not satisfythe wqo condition. Actually, we can work with an order similar to �H that is indeed a wqo. We canclassify components inR in those that perpetuate their offspring (that is, thoseM such thattMu �ÞÑ H)and those that do not (that is, thoseM such thattMu ÞÑ H). Let us denote byP � R the set of thosethat can not evolve to the empty marking. Any marking containing n components inP can only evolveto markings with at leastn components. Thus, any marking with more thann � |Mf | components inP can not reachMf . If we denote byPn the set of markings with more thann components inP, thenwe can define7 �1H��H YpPn � Pnq. Intuitively, we are identifying all the markings inPn. Noticethat every successor of a marking inPn is also inPn. By the previous comments, reachability andcoverability induced by�1H also coincide (as happened in the case of�H). We can effectively classifycomponents inR as those inPn and those not inPn. Therefore, and because�H is decidable, so is�1H.Moreover, we can prove the following result.

7Equivalently, we could consider�H over the set obtained after quotiening over the equivalencerelationpPn � Pnq Y id .

Page 14: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

1014 F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication

M

M�M1H M�M2HM�M3HminpprepCptMuqqq

CptMuqprepCptMuqq

Figure 7. Computation ofminpprepCptMuqqqLemma 4.5. �1H is a decidable wqo.

Proof:We have already seen that it is decidable. Let us see that is isalso a wqo. LetpMiqiPN be an infinitesequence of multisets with elements inR. If there arei andj such thatMi,Mj P Pn thenMi �1H Mj ,and we conclude. Otherwise, we can assume that there are no markings inPn, so that for alli, Mi �M1

i �M2i with |M1

i| ¤ n andM2i Ñ� H. Since the settM1 PMSpRq | |M1| ¤ nu is finite, there is

a constant infinite subsequenceI � N in pM1iqiPN, that it, there isM such thatMi � M for all i P I.

Since multiset inclusion inMSpRq is a wqo, the infinite sequencepM2i qiPI contains two elementsM2

i

andM2j with i   j andi, j P I such thatM2

i � M2j , and in particular,M2 � M2

j �M2i � H.

Moreover,Mj �M1 �M2, so thatMi �1H Mj, and we can conclude. [\Lemma 4.6. The relationÞÑ is monotonic with respect to�1H.

Proof:Let M1 �1H M2. If M1 and M2 are in Pn and M1 ÞÑ M1

1, then alsoM1

1is in Pn, so that

M11 �1H M2. Otherwise,M1 �H M2, which impliesM1 is included (as multiset) inM2. SinceÞÑ is compatible with respect to multiset inclusion, we can conclude. [\In order to proof that we can compute the set of predecessors,we need the following lemma.

Lemma 4.7. GivenM , M 1 andM, the set of all minimalMH (with respect to multiset inclusion) such

thatMM�MHÝÑ M 1 andMH Ñ� H is computable.

Proof:The proof is completely analogous to that of Lemma 4.2, by considering only markings of the formM�MH with MH ÞÑ� H, which can be done because reachability of the empty markingis decidableby Prop. 4.2. [\

Now we see how we can compute the predecessor function.

Lemma 4.8. For everyM, the setminpprepCptMuqqq is finite and computable.

Proof:Let us first assume thatM R Pn. For allM1�tMfu �M with Mf P supppMf qYtHu, let us consider

Page 15: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication 1015

all the steps in which some component evolves toMf , creating on its way at least the components inM1,together with some others, that can necessarily evolve to the empty marking.

For all M P R, let us see ifM can be that component. IfM M1¥ÝÑ Mf then, by Lemma 4.7, we

can compute all minimalMH such thatMM1�MHÝÑ Mf andMH Ñ� H. Then we can add to the set

of predecessors the markingM �M1 � tMf u � tMu. Notice that thanks to Lemma 4.4 it is enoughto consider only minimal markingsMH. We have described a finite procedure, yielding finitely manymarkings in the set of predecessors. This finite set could be not minimal, but we can always minimizethis finite set to compute the set we are interested in.

If M P Pn then, considering thatCpMq � Pn, the setminpprepCptMuqqq can be computed asMtogether with all the minimal markings that can evolve toPn. However, notice that since from markingsin Pn we can not reachMf , we will never have to computeminpprepCptMuqqq with M P Pn in thebackwards reachability analysis. [\

Fig. 7 can give you some insight about the proof of the previous result. A markingM induces anupward closed set, the cone in the right handside of Fig. 7. Wewant to compute (a finite representationof) the set of the predecessors of the markings in that cone, that have the formM�MH with MÑ� H.The proof of the previous result factorises (thanks to Lemma4.7) all the ways in which such markingscan be reached, yielding finitely many markingsM1 such thatM1 Ñ M � MH. Therefore, everymarkingM1 �M1H in the left handside cones can reach in one step the cone in theright.

Proposition 4.3. pR{�, ÞÑ,�1Hq is a WSTS.

As a corollary, the coverability notion induced by�1H in lpNq is decidable. Since reachability andcoverability (induced by�1H) are equivalent, and Prop. 4.1 holds, we finally have the result we werelooking for.

Proposition 4.4. Reachability for RN systems without synchronizations is decidable.

We can obtain an analogous result forν-PN thanks to the equivalence between RN systems andν-PN proved in [31]. RN systems can simulateν-PN, in the sense that for everyν-PN N there isa RN systemF pNq such that the transitions systems generated byN andF pNq are isomorphic, andthat isomorphism is monotonic, so that reachability and coverability are both preserved. Moreover,F

itself is an isomorphism. The simulation consists in considering a different component to represent eachdifferent name. When different names can occur in the firing of a transition, the corresponding collectionof components synchronize in the simulation. When all the variables adjacent to a transitiont are thesame (that is,|Varptq| � 1), then only one name is involved in its firing. If we denote byν�-PN thesubclass ofν-PN such that every transitiont satisfies|Varptq| � 1, or |Varptq| � 2 whenν P Varptq, itis straightforward to see thatν�-PN are the counterpart of RN systems without synchronizations.

Proposition 4.5. If N is aν�-PN thenF pNq is a RN system without synchronizations.

Corollary 4.2. Reachability is decidable for the class ofν�-PN.

For each RN system without synchronizations, we have defineda multiset rewriting systemlpNq.This rewrite system can not be represented as a P/T net, though we are rewriting multisets in a monotonic

Page 16: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

1016 F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication

way. The reason is that the rewritings are conditional ones,where the condition is reachability in anordinary Petri net. This reminds of Recursive Petri Nets (RPN) [16, 17]. RPN have a special type oftransitions: abstract transitions. The firing of abstract transitions is not atomic. They remove tokens fromtheir preconditions, but instead of adding tokens to postconditions, they create a new thread, starting in amarking associated to the transition. Tokens are added to postconditions when the child thread finishes,which happens when it reached a final marking, where the set offinal markings is a semi-linear set.

Then, instead of looking for a direct proof of our decidability result above, as we have done, wecould try to simulatelpNq by using an RPN, immediately obtaining the decidability of reachability as acorollary of the analogous result for RPN [17]. To obtain such a simulation, for each rule

MMÝÑ M 1tMu ÞÑM� tM 1u

we could consider creating a child thread starting inM . However, this “simulation” would not be correct.Indeed, we are writing a single rule for all suchM , M 1 andM, althoughM andM 1 are taken from afinite set,M is taken from the infinite setMSpRq. We could use a different transition for every twocomponentsM andM 1, but not for everyM. The technique of considering only minimal such markingswould not be valid in this case, since one needs to account forexactly the set of components generated toobtain a faithful simulation. Therefore, the simulation using RPN (or a similar model) must use a single

transition for everyM such thatM MÝÑ M 1. The most intuitive way that we can think of to achieveit, is to allow child threads to communicate some results to their parent thread. In this way, if the childthread communicates how many times a transition has been fired (that, of course, can be controlled by thenumber of tokens in some special places) we would have a faithful simulation of the application of therewrite rule. However, we suspect that any general model (allowing synchronization) with these featureshas undecidable reachability.

Recently, the paper [5] presented an extension of RPN that, on the one hand, considers global placesthrough which the different threads can communicate, and onthe other hand, introduces the so calledimmediate outputs for abstract transitions. Immediate output places are updated when the transition isfired, unlike the postponed outputs of RPN, which were only updated after the child thread terminates.Reachability for RPN with these two extensions is undecidable [5]. However, RPN extended only withimmediate outputs are enough to simulate RN systems withoutsynchronizations. Indeed, any transitioncan be simulated by an abstract transition with only postponed output places. Moreover, threads onlyterminate when they reach the empty marking, which is semi-linear. Though they are more powerfulthat our RN systems without synchronizations, reachability could still be decidable for them. Then, adecidability proof of reachability would yield an alternative proof of our decidability result in Prop. 4.4.

5. Decidability of coverability for restricted ν-RN systems

In the previous section we have restricted RN systems, for which reachability is undecidable, in order toobtain decidability. Our goal now is to do the same thing forν-RN systems (Petri Nets extended simul-taneously both with names and replication). As we proved in [31], ν-RN systems are Turing completeand, in particular, coverability is undecidable for them.

We could think that we also need to forbid synchronizations in order to keep decidability of cover-ability for ν-RN systems. However, as we prove next, it is enough to restrict communications to obtain

Page 17: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication 1017

k ksp1qsp2ql l

x x

y x Ñ k ksp1qsp2ql k

x x

y x

Figure 8. A simpleν-RN system with communication (assumingaritypsq � 2)

decidability of coverability. A communication between components happens whenever there is a variablelabelling an output arc of a transition, and an input arc of a different compatible transition (see Fig. 8).Moreover, notice that if we forbid all kinds of synchronizations, the obtain model is still an extension ofν-PN, so that reachability would still be undecidable. In a first step, we will forbid all name communi-cations between different components. Therefore, components will still be able to synchronize amongthemselves, as long as no name moves from one component to another.

A markingM of a ν-RN is a multisettM1, . . . ,Mnu of components. Each component can be seenas a marking of aν-PN, that maps each place to a multiset of names. Therefore, it makes sense to writeM �α M 1 for two componentsM andM 1 of a ν-RN. Let us denote by� the multiset order inducedby the order�α, that is,tM1, . . . ,Mnu � tM 1

1, . . . ,M1mu if there is an injectionh : t1, . . . , nu Ñt1, . . . ,mu such thatMi �α M 1

hpiq. For eachi there is an injectionιi such thatιipMiq � M 1hpiq.

Notice that in the case ofM �α M1, the mappingι that renames names must be the same for all thecomponents, while now we are allowing different mappingsιi. In other words,�α considers names tobe global, but for�, names are local to components.

As a consequence, the orders�α and� are different in general. Indeed, for the simple case inwhich the net has a single placep, it is enough to considerM � tM1,M2u andM1 � tM 1

1,M12u

with M1ppq � M2ppq � M 11ppq � tau andM 1

2ppq � tbu. Clearly, they satisfyM1 � M2, but notM1 �α M2 (see Fig. 9). However, we can prove the following relation between them.

Proposition 5.1. LetM � tM1, ...,Mnu andM1 � tM 11, ...,M 1

mu be two markings of aν-RN system.

- If M �α M1 thenM �M1.- If IdpMiq X IdpMjq � H for all i � j andIdpM 1

iq X IdpM 1jq � H for all i � j, thenM �α

M1 �M �M1.Proof:- If M �α M1 then there are two injectionsh : t1, . . . , nu Ñ t1, . . . ,mu andι : Id Ñ Id such thatιpMippqq � M 1

hpiqppq for everyp and for alli P t1, . . . , nu. In particular, by definition of�α, we havethat for eachi, Mi �α M 1

hpiq. By definition of multiset order we can conclude thatM �M1.- Thanks to the previous item, it is enough to prove that ifM �M1 thenM �α M1. By definition of� there is an injectionh : t1, . . . , nu Ñ t1, . . . ,mu such that for alli, Mi �α M 1

hpiq. By definition of�α, for eachi there is an injectionιi : IdpMiq Ñ IdpMhpiqq such thatιipMippqq � M 1hpiqppq for all p.

Since we are assuming that all the components inM have disjoint namespaces (so that the domains oftheιis are disjoint), we can safely defineι : Id Ñ Id by ιpaq � ιipaq whenevera P IdpMiq, which is aninjection (in its domain) because eachιi is injective and the components inM1 have disjoint namespaces.Then we have thatιpMippqq � ιipMippqq � M 1

hpiqppq for all p, and we conclude thatM �α M1. [\On the one hand, we saw that the converse of the first of the previous results is not true in general.

On the other hand, since�α considers names to be global, while� considers them to be local, we caninformally state the second of the previous results as follows: If each component has its own namespace,

Page 18: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

1018 F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication

p pa a ap b p��α

Figure 9. ν-RNs related by� but not by�α

then global and local names are the same thing. Components that can not communicate have its ownnamespace, if this is true at the initial marking. We callν-lRN systems the class of all suchν-RNsystems. Let us define it formally.

Definition 5.1. A ν-RN systemN � pP, T, F, λq with initial markingM0 � tM1, . . . ,Mnu is aν-lRNsystem if for every tuple of compatible transitionst, postptqzpreptq � tνu for all t P t, and for alli � j,IdpMiq X IdpMjq � H.

Unlike in the previous section, where we forbid all synchronizations between components, now weare only forbidding communications between them. This means that components can synchronize, aslong as they are anonymous synchronizations (that is, a component can synchronize with any componentthat is willing to do so, and the result of that synchronization is the same whichever that component was).

Proposition 5.2. Coverability is decidable forν-lRN systems.

Proof:Once again, we prove thatν-lRN systems are WSTS. In the first place, we have to see that�α is a wqo.Since� is a wqo (it is the multiset order induced by a wqo), thanks to the previous result it is enoughto prove that all reachable markings have disjoint namespaces. Since components do not communicatenames, if they initially have disjoint namespaces then theywill always have disjoint namespaces. There-fore, for every reachable marking the orders�α and� are the same, and therefore,�α (which inducescoverability) is a wqo. The proofs of monotonicity and computable predecessors are similar to the anal-ogous ones forν-PN, which can be found in [29]. [\

We could also allow a finite amount of names in a common namespace without affecting the de-cidability result. LetC be the finite set of names allowed in the common namespace. If all the namesappearing in more than one component in the initial marking are taken fromC, and communicationsare (semantically) forced to happen with names inC, then the previous decidability result can be easilyextended to cope with this finite amount of names. For that purpose, we consider onlyC-modes, that is,modesσ such thatσpxq P C wheneverx P ppost ptqztνuqzpreptq. Intuitively, x is a variable that canproduce a communication, and theC-modes are modes for which the name communicated is inC.

Definition 5.2. Given a finite set of namesC, we defineν-RN(C) as the variation ofν-RN systemswhose transition relation is defined considering onlyC-modes.

As a first step, we will prove that anyν-RN(C) is equivalent to someν-RN system, so that thesemantic restriction onν-RN(C) is easily transformed into a syntactic one.

Lemma 5.1. ν-RN systems can simulateν-RN(C) systems.

Proof:Let N � pP, T, F, λq be aν-RN(C) system. For any transitiont, we take8 Xt as the set of variables

8We are considering multisets of labels in arcs, the analogous concept to weights in P/T nets. In fact, we could have allowedthem in our definitions without affecting any of our results.

Page 19: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication 1019ppostptqztνuqzpreptq, which intuitively is the set of variables responsible for the communication ofnames. We will construct theν-RN systemN� so that every synchronization is done by forcing thateach variable inXt is instantiated to a name inC. For that purpose, we introduce a new placeids thatcontains (enough copies of elements in) C. LetN� � pP �, T �, F �, λ�q, where:

- P � � P Y tidsu, T � � tpt, tq | t P t, t compatibleu,- F �pp, pt, tqq � F pp, tq andF �ppt, tq, pq � F pt, pq, for p P P ,

- F �pids, pt, tqq � F �ppt, tq, idsq � Xt,

- λ�ppt, tqq � λptq.If k � maxt|�tPt Xt| | t compatibleu, we extend any markingM to M� � tM� | M P Mu, by

extending any componentM to M� with M�pidsq � °ki�1 C. We only need to read the tokens inids,

so that we could consider that the arcs adjacent toids are read-arcs. Instead, we consume and return thetokens inids, but for that purpose we have to guarantee that there are enough copies of each token inthe setC in placeids. By construction, any firing inN� is of the formu � ppt1, tq, . . . , ptn, tqq with

t � pt1, . . . , tnq, andM1

tpσqÝÑ M2 � M�2

upσqÝÑM�2 . Moreover, any reachable marking inN�, starting

from M�0 is of the formM� for someM, and by construction only names inC can be communicated

between components and matched. [\By the previous lemma, we will considerν-RN systems for which every reachable marking hasC

as the common namespace of all its components. Now let us see that, thanks to this restriction, we canspecify markings within a wqo. In other words, we will map markings of aν-RN(C) system to a domainendowed with a wqo, and so that the order is preserved.

Definition 5.3. Let C � ta1, . . . , amu. LetM be a reachable marking of aν-RN(C) system. For everycomponentM of M we defineM � pMpa1q, . . . ,Mpamq,M |IdpMqzCq. Then, we defineM as themultiset of tuplestM | M PMu.

M is a multiset of tuples. Those tuples have multisets of places in their firstn positions, and amarking in its last position. However, the marking in its last position is local to each component inM,since it does not specify where the names in the common namespaceC are. Let! be the multiset orderinducedpA1, . . . , An,Mq ¤ pA1

1, . . . , A1

n,M 1q iff Ai � A1i for i P t1, . . . , nu andM � M 1. Then we

have the following.

Lemma 5.2. If M andM1 are two reachable markings, thenM �α M1 �M !M1.

Proof:Let M � tM1, . . . ,Mnu andM1 � tM 1

1, . . . ,M 1

n1u,whereM i � pAi1, . . . , Ai

m,M iq and M1l �pBl

1, . . . , Bl

m,M 1lq. If M �α M1 then there areh : t1, . . . , nu Ñ t1, . . . , n1u and ι : IdpMq ÑIdpM1q such thatMipaq � M 1

hpiqpιpaqq for everyi P t1, . . . , nu anda P IdpMq. Moreover,ιpCq �ιpCq andMipaq � M 1

hpiqpaq for all i whenevera � ιpaq. Let us see that for everyi, M i ¤ M1hpiq, which

will allow us to conclude thatM !M1. We have to prove thatAi

j � Bhpiqj andM i �M 1l. Foraj P C,

Page 20: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

1020 F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication

p

η

p

pa

p

pb

p

p η

p

p

end

a

b

a

b

# t6

t7

x

x

x

x

px, νq, νpx, νq, ν x

x

px, yqpx, yq x

y

x

y

xx

x

x

x

x

Figure 10. Apν-PN recognizingL � tw#w | w P ta, bu�uMipajq � A

ji andM 1

hpiqpajq � Bhpiqj , and sinceMipaq � M 1

hpiqpιpaqq we conclude thatAij � B

hpiqj .

Fora R C, M ipaq � Mipaq � M 1hpiqpιpaqq � M 1hpiqpιpaqq andM i �ι M 1hpiq.

Conversely, by hypothesis there areh andιi such thatAij � B

hpiqj andMi �ιi M 1

hpiq. Let us define

ιpaq � a if a P C, andιpaq � ιipaq if a R C anda P IdpM iq. Notice thatι is well defined becauseIdpMiq X IdpMjq � C for all i � j. ThenMipaq � M 1

hpiqpιpaqq and we conclude thatM �α M1. [\By construction, the order! is a wqo (both multiset inclusion and� are wqo, and the product and

the multiset orders of wqos are wqos), and we have the following result.

Proposition 5.3. Coverability is decidable forν-RN(C) systems forC finite.

Proof:The previous lemma tells us that the order relating reachable markings is a wqo. Again, the proofs ofmonotonicity and computable predecessors are similar to those forν-PN. [\6. Turing completeness ofpν-PN

It is easy to see that the expressive power ofpν-PN surpasses that ofν-PN. Thepν-PN in Fig. 10 canrecognize the languageL � tw#w | w P ta, bu�u (with # R ta, bu) in the following sense:9 If τ is atransition sequence reaching a marking that coversend andw is the word obtained by:

- Removing fromτ those transitions not labelled in Fig. 10.- Replacing the remaining transitions by its label,

thenw P L. Indeed, after some firings of the transitions labelled bya andb in the left handside of thenet, the placep contains a multiset of pairs of identifierspη, c1q, pc1, c2q, . . . , pck�1, ckq, together with anidentifierck, whereci is the fresh identifier created by thei-th firing. This multiset of pairs can be seenas the codification of the sequencepη, c1, c2, . . . , ckq P Id�. Moreover,pa holds all theci’s used to firethe transition labelled bya, and analogously forpb. This information is later used by the transitions onthe right handside of the net to repeat the (labels of the) sequence of transitions.

9Again, we consider multisets of labels in arcs.

Page 21: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication 1021

The class of languages recognized by WSTS are called Well Structured Languages (WSL) in [14].Sinceν-PN are WSTS, the languages they recognize are in WSL, butL is not. To see it, it is enough toconsider the following pumping lemma proved in [14]:

Lemma 6.1. [14, Lemma 6] LetL be a WSL and letw1, w2, . . . be an infinite sequence of words inLsuch thatwk � Bk �Ek. Then there arei   j stBi � Ej P L.

By applying this lemma, it follows thatL is not a WSL. Indeed, ifpBiq is an increasing sequence ofwords inta, bu� (so thatBi is a strict subword ofBi�1) thenpBi#Biq8i�1

is a sequence of words inL.According to the pumping lemma, there arei   j such thatBi#Bj P L, but this can not happen becauseBi is a strict subword ofBj and# occurs neither inBi nor inBj .

Therefore,L can not be recognized by anyν-PN, and the expressive power ofpν-PN strictly sur-passes that ofν-PN. Actually, we will prove thatpν-PN, even for the case in which only pairs of purenames are considered, are Turing complete. Moreover, we will see that it is enough to consider the casein which tokens are taken from a setId1 � Id2, whereId1 andId2 are disjoint sets of names. Sinceν-RN systems are Turing complete [31], it is enough to prove that everyν-RN system can be simulatedby a polyadicν-PN satisfying the restrictions above mentioned.

We will follow the same ideas used in [31, Prop. 6.1] to simulate RN systems by means ofν-PN.There, we considered a different identifier for each of the different simulated components, so that a tokenin some place of the component identified bya was simulated by a tokena in that place. Now, we willsimulate the occurrence of a tokenb in a place of a component identified bya by a tokenpa, bq in thatplace. Then, we can use matching variables in the arcs to force that the behavior of a component ismimicked by the use of tokens with the same name in its second component.

Proposition 6.1. Polyadicν-PN are Turing-complete.

Proof:Given aν-RN systemN � pP, T, F, λq we consider a different variablext for each transitiont. For thesake of readability, we will consider polyadicν-PN that have multisets of tuples and constants labellingtheir arcs, as we did in the proof of Lemma 5.1. Moreover, without loss of generality, we will assumethat every component inInitN is safe (|Mppq| ¤ 1), and we will consider different specialν variables,ν1, ν2, . . . Several of these variables can label postarcs of the same transition. In that case, they must beinstantiated by pairwise different fresh names. Then we take N� � pP, T �, F �q, where:

- T � � tpt1, . . . , tnq | for all i P t1, . . . , nu, λptiq � spiq, for somes P S with aritypsq � nu,- F �pp, tq � tpF pp, tq, xtq | t P tu,- F �pt, pq � tpF pp, tq, xtq | t P tu�tpMippq, νiq | for all i P t1, . . . , ��t��u, λptiq � pspiq,Miq, Mippq � HuMoreover, given a markingM � tM1, . . . ,Mku we proceed as follows to buildM�. Let us

choosek new and pairwise different identifiersn1, . . . , nk and takeM�ppqpa, niq � Mippqpaq for all

i P t1, . . . , ku. Finally, for a modeσ we takeσ�pxq � # ni if x � xti ,

σpxq otherwise.

Page 22: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

1022 F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication ab

s?

s!

x

x

x

x

p

q1

q2

t1

t2

ac

s?

s!

x

x

x

x

p

q1

q2

t1

t2

ù k pa, n1qpa, n2qpb, n1qpc, n2q pt1, t2qpx, xt1qpx, xt2q px, xt1

qpx, xt2qp

q1

q2

Figure 11. Simulation of aν-RN system by means of apν-PN.

Then, it is always possible to choose all those identifiers sothatM1

tpσqÝÑ M2 � M�1

tpσ�qÝÑ M�2 .

Moreover, any reachable marking inN�, starting from a markingM�0

is of the formM� for someM,and we conclude. [\

Fig. 11 shows aν-RN system and its simulation. The only possible firing is that in which the twodifferent components synchronize with each other (there isno auto-synchronization), taking each a tokena from p, and moving them toq1 andq2, respectively. This behavior is simulated in the right handsideby the consumption of bothpa, n1q andpa, n2q from p, which are transferred toq1 andq2, respectively.

In the previous section we proved that thoughν-RN systems are Turing complete,ν-RN systemswithout communication are not, and have decidable coverability. It is natural to infer from this result asubclass ofpν-PN which is not Turing complete and for which coverability is decidable. Binaryν-PNobtained in the construction in the proof of Prop. 6.1 are such that every arc is labelled with variablesin Var1 � Var2 whereVar1 andVar2 are two disjoint sets of variables. For them, we can perform theconverse simulation.

Proposition 6.2. Binaryν-PN with labels of arcs inVar1�Var2, whereVar1 andVar2 are two disjointsets of variables, can be simulated byν-RN systems.

Proof:The proof follows exactly the same ideas detailed in [31, Prop. 6.2.] to simulateν-PN by means ofRN systems. Intuitively, we can map the second components inpairs of names to replication, whilemaintining the first component. More precisely, letN � pP, T, F q be a binaryν-PN with labels inVar1 � Var2. We assume an arbitrary order in the setVar2, so that we will writepy1, . . . , ymq insteadof ty1, . . . , ymu to point out thatyi   yi�1. Without loss of generality, we may assume that wheneverF pt, pq � px, νq thenx is the constant (if it is not the case, we may splitt into t1 and t2 that arefired consecutively, that mimic the firing oft and satisfy the previous condition). Let us buildN� �pP, T �, F �, λ�q, where:

- T � � tty | ν � y P Varptq XVar2u,- F �pp, tyq � x if F pp, tq � px, yq (analogously forF �pty, pq),- λ�ptyq � pstpiq,Mν

t q, wherepVarptq XVar2qztνu � py1, . . . , ymq andy � yi, and

Mνt ppq � # t u if F pt, pq � p , νq,H otherwise.

Page 23: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication 1023

pν-RN

ν-RN pν-PN

ν-RN without comm. Restricted binaryν-PN

RN ν-PN

RN without sync. ν�-PN

P/T

Turingcomplete

Decidablecoverability

Decidablereachability

Figure 12. Summary of results

Let M be a marking withtb1, . . . , bmu as set of names appearing as second components of its tokens,andσ a mode for a variablet. We defineM� � tM�

1 , . . . ,M�mu, whereM�

i ppqpaq � Mppqpa, biq, andσ� � pσ�1 , σ�2 q by takingσ�1 ptyq � i if σpyq � bi, andσ�2 pxq � σ2pxq wheneverx P Varptq XVar1.

Then, if for anyt with pVar ptq X Var2qztνu � py1, . . . , ymq we write t� � pty1, . . . , tym

q then

M1

tpσqÝÑ M2 � M�1

t�pσ�qÝÑ M�2 . Moreover, any reachable marking inN�, starting from a markingM�

0

is of the formM� for someM , and we conclude. [\According to the previous result, any binaryν-PN with labels inVar1 � Var2 can be simulated by

aν-RN systemF pNq. Notice that if a transition ofN has some input arc labelled withpx, z1q and someoutput arc labelled withpx, z2q, thenF pNq can communicate a value (that to whichx is instantiated)from one component (the one thatz1 represents) to other component (the one thatz2 represents). Butif we forbid such situation, the yieldedν-RN system will be communication-free. Let us define thefollowing subclass of binaryν-PN.

Definition 6.1. A pν-PN is a restricted binaryν-PN if there are two disjoint sets of variablesVar1 andVar2 such that:

- For every prearcpp, tq, F pp, tq P Var1 �Var 2 (analogously for every postarc),

- For all t, if F pp, tq � px, z1q andF pt, qq � px, z2q thenz1 � z2.

If N is a restricted binaryν-PN thenF pNq is aν-RN system without communications, so that weobtain the following result.

Proposition 6.3. Coverability is decidable for restricted binaryν-PN.

Page 24: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

1024 F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication

7. Conclusions and Future Work

In this paper we have established a number of decidability results about extensions of Petri nets with thecapability of managing tuples of pure names, and extensionswith replication primitives. The existingresults can be summarized as shown in Fig. 12. An arrow from A to B means that A is a (syntactical)subclass of B. A double line from A to B means that A and B can simulate each other. We have restrictedthe models of RN systems andν-RN systems presented in [31] to obtain decidability results that do nothold in the unrestricted models. More precisely, reachability, which is undecidable for RN systems, hasbeen proved to be decidable in the subclass of RN systems in which we do not allow synchronizationsbetween the different components that compose a system.

This decidability result is interesting by itself. Moreover, the proof has been carried out by reducingthe problem to reachability in a multiset rewriting system with conditional rules, in which the conditionsare reachability problems in ordinary P/T nets. As we mentioned at the end of Sect. 4, the rewritingsystemslpNq that we have used are quite similar to the model of Recursive Petri Nets (RPN), thusbringing close two apparently quite different models. However, it seems that RPN are not enough tocapture the behavior oflpNq. We have used these rewrite systems only as a technicality for our purposes,but perhaps it would be interesting to study which is the minimal extension (or modification) of RPN thatsuffices to capture the behavior oflpNq, in such a way that reachability remains decidable. As we said,the main point is that child threads should have someresult places, associated to other places in the fatherthread, so that when the former finished, the latter could receive the results obtained by its child. In oursetting, the result places would be places added in an ad hoc way, that count how many times each of thereplicating transitions have been fired.

Many of the models described in this paper and in [31] are wellstructured, to that coverabilityis decidable. Since in most of them reachability is undecidable, we need a finer way to compare theexpressive power of these models. In [3] a comparison between well-structured systems is done. Thecomparison criterion is weak trace equivalence, with coverability as accepting condition for traces. Weplan to placeν-PN and the related models that appear in this paper inside the hierarchy obtained in [3].For instance, it seems that Lossy Channel Systems (LCS) [1],that are WSTS, are incomparable toν-PN,becauseν-PN can not have a FIFO-like behavior. More precisely,L1 � tw#w1 | w1 subword ofwu canbe recognized by a LCS (notice that the pumping lemma does notprove anything in the case ofL1), but itdoes not seem possible to recognize it by means of aν-PN. The comparison is achieved by seeing thosesystems as subclasses of MSR(C) [8], which is a model based onmultiset rewriting. Therefore, it wouldalso be interesting to see how the rewrite systemslpNq fit inside the hierarchy.

In the same line, we plan to study how is the expressivity affected when we consider the possibilityof creating fresh components with an initial marking that depends on the marking of the net that createsthat component; or broadcast primitives, that is, the possibility of synchronizing with an undeterminednumber of components. These mechanisms are closely relatedto transfer arcs. That is the reason that weconjecture that coverability is still decidable for them, as happens in [24], but it would be interesting tosee what properties are lost in the gain of expressivity.

We have also restrictedν-RN systems, for which coverability is undecidable, obtaining ν-RN systemswithout communication or with restricted communication, and proved that, in both cases, coverability isdecidable. Moreover, we have seen that binaryν-PN can simulateν-RN systems, so that they are Turing-complete, and we have identified a subclass of binaryν-PN, binary restrictedν-PN, that are equivalentto ν-RN systems without communications, so that coverability is also decidable for them.

Page 25: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication 1025

The paper [27] defines a subclass of theπ-calculus, namely that ofdepth-boundedprocesses, wherethe depth of a process measures the interdependence of namesin processes. The subclass of depth-bounded processes is a WSTS. It would be interesting to see ifthe concept of depth-boundedness in theπ-calculus (different from the depth-boundedness notion defined in [30]) can be transferred topν-PN, toobtain a subclass of them (more expressive than the restricted binariesν-PN) which is a WSTS.

Acknowledgments

The authors would like to thank the anonymous referees for their valuable comments.

References

[1] P. A. Abdulla, and B. Jonsson.Verifying Programs with Unreliable Channels.Information and Computation,127(2):91-101, 1996.

[2] P. A. Abdulla, K. Cerans, B. Jonsson, and Y. Tsay.Algorithmic analysis of programs with well quasi-ordereddomains.Information and Computation 160:109-127. Academic Press Inc., 2000.

[3] P. A. Abdulla, G. Delzanno, and L. Van Begin.Comparing the Expressive Power of Well-Structured TransitionSystems.21st Int. Workshop on Computer Science Logic. Lecture Notesin Computer Science vol. 4646, pp.99-114. Springer, 2007.

[4] A. Bouajjani, M. Muller, and T. Touili. Regular symbolic analysis of dynamic networks of pushdown systems.In Proc. of CONCUR’05,LNCS vol. 3653, pp. 473-487. Springer, 2005.

[5] D. Dahmani, J-M. Ilie, and M. Boukala.Reachability analysis for Recursive Petri Nets with sharedplaces.Int. Workshop on Abstractions for Petri Nets and Other Models of Concurrency, APNOC’09.

[6] G. Delzanno, J.-F. Raskin, and L. Van Begin. Towards the automated verification of multithreaded java pro-grams. In TACAS 2007, LNCS. vol. 2280, pp. 173-187. Springer, 2002.

[7] G. Decker, and M. Weske.Instance Isolation Analysis for Service-Oriented Architectures.In Proceedings ofthe 2008 IEEE International Conference on Services (SCC’08), pp. 249-256. IEE Computer Society, 2008.

[8] G. Delzanno.An overview of MSR(C): A CLP-based Framework for the Symbolic Verification of Parameter-ized Concurrent Systems.11th Int. Workshop on Functional and Logic Programming, WFLP’02. ElectronicNotes in Theoretical Computer Science vol. 76. Elsevier, 2002.

[9] R. Dietze, M. Kudlek, and O. Kummer. Decidability Problems of a Basic Class of Object Nets. FundamentaInformaticae 79(2007) 295-302. IOS Press.

[10] C. Dufourd, A. Finkel, and Ph. Schnoebelen. Reset Nets Between Decidability and Undecidability. 25th Int.Automata, Languages and Programming Colloquium, ICALP’98. LNCS vol. 1443. Springer (1998) 103-115.

[11] J. Esparza and M. Nielsen.Decidability issues for Petri Nets-a survey.Bulletin of EATCS 52:244-262(1994).

[12] J. Esparza, A. Finkel, and R. Mayr. On the verification ofbroadcast protocols. InProc. of LICS’99, pp.352-359. IEEE Computer Society, 1999.

[13] A. Finkel, and P. Schnoebelen.Well-Structured Transition Systems Everywhere!Theoretical Computer Sci-ence 256(1-2):63-92 (2001).

[14] G. Geeraerts, J-F. Raskin, and L. Van Begin. Well-structured languages. Acta Informatica 44(3-4): 249-288(2007)

Page 26: Decidability problems in Petri nets with names and replication€¦ · Matematicas ´ Pza. de las ... Tokens in ν-PN are pure names, that can be created fresh, moved along thenet

1026 F. Rosa, D. de Frutos / Decidability problems in Petri nets with names and replication

[15] A. Gordon.Notes on Nominal Calculi for Security and Mobility.Foundations of Security Analysis and De-sign, FOSAD’00. Lecture Notes in Computer Science vol. 2171, pp. 262-330. Springer, 2001.

[16] S. Haddad, and D. Poitrenaud.Recursive Petri Nets.Acta Informatica 44(7-8):463-508, 2007.

[17] S. Haddad, and D. Poitrenaud.Modelling and Analyzing Systems with Recursive Petri Nets. Proceedings ofthe 5th Workshop on Discrete Event Systems, WODES’00, pp. 449-458. Kluwer Academic Publishers, 2000.

[18] K.M. van Hee, N. Sidorova, M. Voorhoeve, and J.M. van derWer. Generation of Database Transactions withPetri Nets. Fundamenta Informaticae 93(1-3):171-184 (2009)

[19] M. Kohler, and H. Rolke. Properties of Object Petri Nets. 25th Int. Conf. on Petri Nets, ICATPN’04. LNCSvol. 3099, pp. 278-297. Springer, 2004.

[20] M. Kohler. Reachable markings of object Petri nets. Fundamenta Informaticae 79(3-4):401-413 (2007)

[21] M. Kohler, and F. Heitmann. On the expressiveness of communication channels for object nets. FundamentaInformaticae 93(13):205-219 (2009)

[22] O. Kummer.Undecidability in object-oriented Petri nets.Petri Net Newsletter, 59:18-23, 2000.

[23] O. Kummer, F. Wienberg, M. Duvigneau, J. Schumacher, M.Kohler, D. Moldt, H. Rolke, and R. Valk. AnExtensible Editor and Simulation Engine for Petri Nets: Renew. In 25th Int. Conf. on Petri Nets, ICATPN’04.LNCS vol. 3099, pp. 484-493. Springer, 2004.

[24] R. Lazic, T.C. Newcomb, J. Ouaknine, A.W. Roscoe, and J.Worrell. Nets with Tokens Which Carry Data.Fundamenta Informaticae 88(3):251-274. IOS Press, 2008.

[25] I. Lomazova.Nested Petri nets - a formalism for specification and verification of multi-agent distributedsystems.Fundamenta Informaticae 43(1-4):195-214. IOS Press, 2000.

[26] I. Lomazova, and Ph. Schnoebelen.Some Decidability Results for Nested Petri Nets.3rd Int. Andrei ErshovMemorial Conf. on Perspectives of System Informatics, PSI’99. LNCS vol.1755, pp. 208-220. Springer,2000.

[27] R. Meyer.On Boundedness in depth in theπ-Calculus.In IFIP Int. Federation for Information Processing,Volume 273; Fifth IFIP Int. Conference on Theoretical Computer Science, pp 477-489. Springer, 2008.

[28] R.M. Needham.Names.Distributed Systems, pp. 89-101. Addison-Wesley, 1989.

[29] F. Rosa-Velardo, D. de Frutos-Escrig, and O. Marroquın-Alonso.On the expressiveness of Mobile Synchro-nizing Petri Nets.3rd Int. Workshop on Security Issues in Concurrency, SecCo’05. ENTCS 180(1):77-94.Elsevier, 2007.

[30] F. Rosa-Velardo, and D. de Frutos-Escrig. Name Creation vs. Replication in Petri Net Systems. 28th Int. Conf.on Applications and Theory of Petri Nets and other models of concurrency, ATPN’07, LNCS vol. 4546, pp.402-422. Springer, 2007.

[31] F. Rosa-Velardo, and D. de Frutos-Escrig. Name Creation vs. Replication in Petri Net Systems. FundamentaInformaticae 88(3):329-356. Special issue on Selected Papers from ATPN’07. IOS Press, 2008.

[32] F. Rosa-Velardo, and D. de Frutos-Escrig. Decidability results for restricted models of Petri nets with namecreation and replication. 30th Int. Conf. on Applications and Theory of Petri Nets and other models of con-currency, ATPN’09, LNCS vol. 5606, pp. 63-82. Springer, 2009.

[33] R. Valk. Nets in Computer Organisation. Advances in Petri Nets, LNCS vol. 255, pp. 218-233. Springer,1987.

[34] R. Valk. Petri Nets as Dynamical Objects. 16th Int. Conf. on Application and Theory of Petri Nets. Workshopproceedings, 1995.

[35] R. Valk. Petri Nets as Token Objects - An Introduction toElementary Object Nets. 19th Int. Conf. on Appli-cations and Theory of Petri Nets, ICATPN’98, LNCS vol. 1420,pp. 1-25. Springer, 1998.