3 Covering Open Net Nodes

3.1 Deciding the Coverage of Open Net Nodes

!cc_n !cc_y

!req_c

!req_c

!req_c

!cc_n ?r_low !cc_y ?r_high

?acc

?r_low ?rej

?r_high

!cc_n

!cc_y

?acc ?r_low ?rej

?r_high

!cc_n

!cc_y

?rej ?r_high

?acc ?rej

?r_low ?r_high ?r_low ?acc ?acc

?rej

q₁₅: final q₁: !req_c

q₀: !cc_yB!cc_nB!req_c

q₆: (?rejB?r_high) A(?acc B?r_low) A(?acc B?r_high)

q₅: !cc_yB!cc_n q₇: !cc_yB!cc_n

q₄: (?rejB?r_high) A(?acc B?r_low) A(?rejB?r_low)

q₈: ?r_low q₉: ?acc A?rej q₁₀: ?r_highA?r_low q₁₁: ?acc q₁₂: ?rej q₁₃: ?r_high q₁₄: ?acc A?rej q₂: (!cc_yB!cc_nB?r_high) A(!cc_yB!cc_nB?r_low) q₃: !req_c

Fig. 2.The operating guidelineOGNc for the credit approval processNc depicted in Fig. 1(a). For better readability, we add a leading “!” (“?”) to a literalxin the graphics of anOGN ifxis an output (input) place of a strategyM forN.

Definition 8 (Cover a place/transition). Let N = (P, T , F, I, O, m0, Ω) be a deadlock-free open net with empty interface (I=O=∅), and letX ⊆P∪T, p∈P, and t ∈T. N covers X iff for all p∈ X∩P (for all t ∈X∩T) there exists a run ofN that includes a marking mwith m(p)≥1 (at-step).

Notice that ifN covers two nodes, there is not necessarily a run in which both nodes are covered. In the example, transitionst₁–t₄,t₆, andt₈–t₁₀are covered inM₁⊕N_c and transitionst₁ –t₃,t₅,t₇, and t₉– t₁₁ are covered inM₂⊕N_c.

The following definition canonically extends strategies to strategies that cover a setX of open net nodes.

Definition 9 (CoverX-strategy).Let M be a strategy for an open netN, and letX ⊆PN ∪TN. M is a CoverX-strategy for N iffX is covered in M ⊕N. With StratCover_X(N)we denote the set of all CoverX-strategies for N.

ForN_c letX ={acc}be given. That means, we are interested whether a credit approval is possible. Then,M₁ andM₂ are Cover_X-strategies forN_c. Let X = {t₅,t₆}, that is, we are interested whether it is possible that a credit request has to be examined by an employee if the customer is not fixed in his credit control decision. ThenM1 is aCoverX-strategy forNc, butM2 is not (because transitionst5,t6 cannot be enabled inM2⊕N).

By definition, everyCoverX-strategy forN is also a strategy forN. Obviously, covering open net nodes restricts the set of strategies forN. Thus, we conclude StratCover_X(N)⊆Strat(N).

In the remainder of this section, we will define some notions and prove some properties of operating guidelines. Based on these properties, we can prove a criterion to decide whether an open netM is aCoverX-strategy forN. We start with the definition of the most permissive strategy forN. This strategy has the least restrictions of all strategies. Thus, the state space of its inner corresponds exactly to the transition system of the underlying automaton ofOG_N.

Definition 10 (Most permissive strategy).LetOGN = (Q, C, δ, q0, Φ). The most permissive strategy for N is the open net MPN = (P, T , F, I, O, m0, Ω) whose behavior corresponds exactly to the transition system(Q, C, δ, q0)with

– P =Q∪C,

– T ={t_q1,c,q2 |(q₁, c, q₂)∈δ, withq₁, q₂∈Q, c∈C}, – F ={(q₁, t_q1,c,q2),(t_q1,c,q2, q₂)|(q₁, c, q₂)∈δ} ∪

(c, t_q1,c,q2),if c∈I;

(t_q1,c,q2, c),if c∈O., – I=ON,

– O=IN, – m0=q0, and

– Ω={q|c is inΦ(q) withc=final}.

The resulting open netMP is a state machine. Figure 3 illustrates the construc- tion of the most permissive strategy MPNc of the operating guideline OGNc

depicted in Fig. 2. As the whole open net would be too big, we depict only the first few nodes.

pq0

pq1

tq0,cc_n,q1

p_q2 tq0,req_c,q2

pq3

tq0,cc_y,q3

tq1,req_c,q4 tq3,req_c,q6

pq4 pq6

req_c cc_y cc_n

Fig. 3.The initial part of the most permissive strategyMPN_c forNc which has been constructed according to Def. 10

By the help of the following corollary, we prove that the most permissive strategyMP forN is indeed a strategy for N.

Corollary 1. The most permissive strategy MP for N is a strategy forN. For the proof of this corollary, we rely on a fact about operating guidelines as constructed in [8]. As we cannot repeat the whole approach of [8], we just state this fact without proof.

Proposition 1 ([8]). For every operating guideline OGN = (Q, C, δ, q0, Φ)(of some serviceN) and allq∈Q, the formulaΦ(q)

1. uses only literalsc where there is someq ∈Qwith (q, c, q)∈δ, and 2. is satisfied for the assignment assigning trueto all literals in Φ(q).

Proof (of Corollary 1). LetOGN = (Q, C, δ, q0, Φ). We construct open netMP as described in Def. 10. Letmq0 be the initial marking ofMP. By induction, it can be shown that, for allq∈Q,mq is reached by Def. 6, with (mq, q)∈ρ.

As there is a transition for each (q, c, q) ∈ δ, we can derive from Prop. 1 that all annotations evaluate totrue whenMP is evaluated according to Def. 6.

Consequently,MP matches withOG_N and henceMP is a strategy forN.

The next definition establishes a connection between markings of an open netN and the inner of a strategyM ∈Strat(N). IfinnerM is in a marking m, then K(m) (the knowledge that innerM has aboutN) is the set of markings of N thatN might be in whileinnerM is in markingm.

Definition 11 (Knowledge). Let M be a strategy for an open net N. Let MarkM^∗ and MarkN denote the set of all reachable markings of innerM and N, respectively. Let further mM denote a marking of M and mM^∗ denote its restriction to places in innerM. The knowledge K:MarkM^∗ → P(MarkN)that innerMP has about the possible markings of N in marking mM^∗ is defined by K(mM^∗) ={mN |(mM ⊕mN)is reachable from (m0M⊕m0N)}.

For the most permissive strategyMPN_cforNc(see Fig. 3), we have the following knowledge values:

K([p_q0]) ={[p₀]}, K([p_q1]) ={[p₀,cc n]},

K([p_q2]) ={[p₀,req c],[p₁],[p₂,r high],[p₃,r low]}, K([p_q3]) ={[p₀,cc y]},

K([p_q4]) ={[p₀,cc n,req c],[p₁,cc n],[p₂,cc n,r high],[p₃,cc n,r low], [p₄,r high],[p₅,r low],[p₇,r high,rej],[p₇,r low,acc],[p₇,r low,rej]} The simulation relationρused in Def. 6 actually establishes a relation between the knowledge values of the involved states. As the following proposition states, (m, q)∈ ρimplies that K(m)⊇K(m_q) wherem_q is the marking in the most permissive partner that correpsonds to stateqof an operating guideline.

Proposition 2 ([5]).LetM be a strategy forN and MP be the most permissive strategy forN. Letmq denote the marking in innerMP that corresponds to state q ∈ Q in OGN (i.e. (mq, q) ∈ ρMP). Let m be reachable in innerM. Then K(m) =

q:(m,q)∈ρK(mq).

The matching relationρ relates a marking m of innerM to a (possible) set of statesqofOG_N. Therefore, the knowledge thatinner_M has about the possible markings of N in m is equivalent to the union of the knowledge values of all markingsm_q ofinner_MP with (m_q, q)∈ρ_MP.

The notion of knowledge can be applied to the operating guidelineOG_N of N. As every marking m_q in inner_MP corresponds to a state q of OG_N, the knowledgeOG_N has aboutN inqis equivalent to the knowledgeinner_MP has aboutN in mq.

Definition 12 (Knowledge in OG). For an open net N let MP be the most permissive strategy forN andOG_N = (Q, C, δ, q₀, Φ). Let Mark_N denote the set of markings of N andm_q be a marking of inner_MP. The knowledge K :Q → P(Mark_N) that OG_N has about the possible markings of N in state q ∈ Q is defined by K(q) =K(m_q).

The following theorem presents a way to decide, on the basis of an operating guideline, whether a strategyM forN is also a Cover_X-strategy forN.

Theorem 1 (Place/Transition coverability). Let M be a strategy for open net N. A place p∈PN (a transition t∈ TN) is covered in M ⊕N iff there is a stateq∈Q of OGN, a marking mM in innerM, and a marking mN ∈K(q) with(mM, q)∈ρ, andmN(p)≥1(t is enabled inmN).

Proof. We present the proof for the case of a covered transition only. The case of a covered place is analogous.

(⇒) LetN,OGN, andM ∈Strat(N) be given and let transitiontbe covered inM⊕N. Then, according to Def. 8, there is a runm0_M⊕N

t₁

−→ . . .−→^tn mM⊕N

−t

→ m_M⊕N inM⊕N,m_M⊕N(p)≥1. LetmM andmN be the restrictions of marking

mM⊕N to places ininnerM and N, respectively. As t is a transition of N,t is enabled inmN as well. By Def. 11, we have mN ∈K(mM). By Proposition 2, there must be a stateqinOGN wheremN ∈K(q) and hence the implication of this theorem holds.

(⇐) Let N be an open net andOGN = (Q, C, δ, q0, Φ). LetM be a strategy forN. SinceM is a strategy forN, there is a matching relationρof states in Q and markings ininner_M. Letm_M,q, andm_N be as assumed. Thus, (m_M, q)∈ρ, m_N ∈K(q), andtis enabled inm_N. From Proposition 2 followsm_N ∈K(m_M).

Consequently, there is a run in M ⊕N that reachesmM ⊕mN which can be extended by an occurrence oftsince activation oftinmN implies activation oft inmM⊕mN. Since every run inM⊕N is deadlock-free (follows fromM being a strategy forN), we can conclude that the considered run is deadlock-free, too.

So there exists a deadlock-free run inM⊕N where tis covered and hence the

replication of this theorem holds.

The value of Theorem 1 is that it gives us a criterion to check whether an open net node is covered or not. A placepofN is covered by a strategy forN if there is a state q in OGN and the knowledge inq contains a marking of N where p is marked. A transitiont ofN is covered by a strategy for N if there is a state qand the knowledge in qcontains a markingmof N wheret is enabled. That way, it is easily possible to annotate each state q of OGN with all places and transitions which are covered in q. This can be done during the calculation of the operating guideline.

As an example, based on the knowledge values K([p_q0]) – K([p_q4]) we pre- sented above we can derive the following sets of nodes ofNc that are covered in statesq₀– q₄ ofOG_Nc:

q₀:{p₀} q₁:{p₀,cc n}

q₂:{p₀−p₃,req c,r high,r low,t1−t3} q₃:{p₀,cc y}

q₄:{p₀−p₅,p₇,cc n,cc y,req c,r high,r low,acc,rej,t₁−t₄,t₆,t₈−t₁₀}