Deadlock Prevention Policy with Behavioral Optimality or Suboptimality Achieved by the Redundancy Identification of Constraints and the Rearrangement of Monitors

This work develops an iterative deadlock prevention method for a special class of Petri nets that can well model a variety of flexible manufacturing systems. A deadlock detection technique, called mixed integer programming (MIP), is used to find a strict minimal siphon (SMS) in a plant model without a complete enumeration of siphons. The policy consists of two phases. At the first phase, SMSs are obtained by MIP technique iteratively and monitors are added to the complementary sets of the SMSs. For the possible existence of new siphons generated after the first phase, we add monitors with their output arcs first pointed to source transitions at the second phase to avoid new siphons generating and then rearrange the output arcs step by step on condition that liveness is preserved. In addition, an algorithm is proposed to remove the redundant constraints of the MIP problem in this paper. The policy improves the behavioral permissiveness of the resulting net and greatly enhances the structural simplicity of the supervisor. Theoretical analysis and experimental results verify the effectiveness of the proposed method.


Introduction
Deadlocks [1] always appear in the operations of a flexible manufacturing system (FMS).Hence, deciding how to reduce the impact of deadlocks is a very tricky problem that we have to cope with.Digraphs, automata, and Petri nets are three major mathematical tools to deal with deadlock problems in resource allocation systems.
This paper focuses our attention on deadlock prevention problems.A Petri net based deadlock prevention approach utilizes an off-line computational mechanism to impose constraints on a system to prevent the system from reaching deadlock states.Monitors (control places) and their related arcs are used to achieve such purposes and collectively called a supervisor of the plant model.
The theory of regions, as a technique to design supervisors for a Petri net, is adopted in [13,20,21].Generally, the theory can lead to an optimal supervisor [22][23][24][25][26][27][28] if it exists.However, the theory is based on a reachability graph, which may cause state explosion with a net size increasing.
McMillan and Probst propose the concept of unfolding nets in [29] to describe the behavior of an FMS.A prefix of an unfolding net is adequate to completely describe the properties of a net, which is a concise but efficient method compared with the theory of regions.However, deciding how to find a complete and simple prefix is still worth consideration.
Siphons are special sets of places of a Petri net, by controlling which one can effectively prevent deadlocks.Ezpeleta et al. [12] propose a policy by enumerating siphons and impose constraints for the siphons to solve deadlock prevention problems.However, it is a time-consuming task with nets scale expansion [30].In addition, behavioral permissiveness and structural complexity are tough issues that we have to face.Li and Zhou [14] propose elementary siphon theory, where enumerated siphons are divided into two parts: elementary and dependent.Monitors are only needed for the elementary siphons as long as the dependent siphons are controllable, which greatly reduces the structural complexity.Moreover, the computational complexity is reduced and the behavioral permissiveness is enhanced in the subsequent research [15,[31][32][33][34][35][36][37][38].
Huang et al. [39] propose a two-stage deadlock prevention policy for System of Simple Sequential Processes with Resources (S 3 PR), a class of Petri nets that was proposed in [12].The policy explores SMS based on the MIP technique, developed by Chu and Xie [40] for structurally bounded nets.For S 3 PR, at the first stage, by the MIP technique, maximal unmarked siphon is obtained first if there exist deadlocks.SMS can be derived from the maximal unmarked siphon and a corresponding constraint, imposed on the complementary set of the SMSs to prevent it from being unmarked, is obtained enforcing the constraint to the MIP problem to check the liveness of the plant net under the constraint.If there still exists a maximal unmarked siphon, repeat the above process till the plant net is live under the derived constraints.Thus, we can obtain one or more constraints and add corresponding monitors (including their related arcs) to the complementary sets of the SMSs.Hence, the resulting net obtained after the first stage is a net consisting of the plant net and the corresponding monitors.Control-induced siphons (composed by operation places, resource places, and the monitors) can possibly be generated due to the addition of the monitors.The second stage, similar to the first one, is still an iterative process in finding siphons and the difference is that the monitors of this stage are added with their output arcs pointed to source transitions, which makes the controlinduced siphons controlled and no problematic siphons were generated.The policy can usually lead to a more permissive supervisor than that proposed in [12].
However, there exist the following defects in [39].First, the SMS obtained after an iteration is nondeterministic due to the following two reasons.The first is that the solution (corresponds to a maximal unmarked siphon) of the MIP problem is not unique and the second is that we can find different SMSs from the same maximal unmarked siphon via different place selection sequences.Thus, the sequence of the generation of SMSs is uncertain.Sometimes, SMS can be controlled if the subsequent SMSs are controlled.Hence, adding a monitor for the SMS is redundant and makes the control structure complex.
Second, at the second stage in [39], the constraint, mentioned at Step 17 of Algorithm 2 of [39] and used for exploring the condition of liveness in the considered MIP problem, is imposed on the complementary set of new generated SMSs (derived from a control-induced siphon) while the output arcs of the constraint corresponding monitor are pointed to source transitions.It causes the fact that the constraints obtained at the second stage are always more than the necessary monitors.However, the number of added monitors for SMSs is requested consistent with that of the obtained constraints in terms of the policy, which leads to the fact that redundant monitors are generated and the behavioral permissiveness is generally restricted.This work improves [39] in terms of structural complexity and behavioral permissiveness by the following three points.First, for removing the redundant constraints, an algorithm is developed that checks the redundancy of a constraint by deciding whether the liveness is preserved after its removal.This operation markedly reduces the structural complexity.Second, a new type of constraints is constructed to replace the one that emerged at Step 17 of Algorithm 2 in [39] to reduce structural complexity and enhance behavioral permissiveness.The generation of redundant monitors is avoided by imposing the new constraint on the complementary set of newly generated SMSs and the set of its upstream places (defined in Definition 14), which makes the constraint have the same effect with the monitors added at the second stage on preventing the newly generated SMS from being unmarked.Third, for each output arc of the monitors added at the second stage, it is led from the source transition step by step to release more legal states on condition that the liveness is preserved.In summary, the improvements largely enhance the performance of a supervisor for a plant net.
The rest of this paper is organized as follows.Preliminaries used in this paper are presented in the next section.In Section 3, we introduce a deadlock prevention policy that mainly contains two phases: siphon control phase and extended siphon control phase.The specific method is shaped to an algorithm in Section 4. By experimental analysis, the performance of the proposed method is shown in Section 5. Finally, Section 6 concludes this paper.
A marking (also called a state)  is a mapping from  to N. The number of tokens in place  is denoted by ().A place  is marked at a marking  if () > 0. () denotes the sum of tokens of all places in ; that is, () = ∑ ∈ (), where  ⊆ . is marked at  if () > 0.  is unmarked at  if () = 0. (,  0 ) is called a net system and  0 is called an initial marking of .
Let  ∈  ∪  be a node of  = (, , , ).•  = { ∈  ∪  | (, ) ∈ } is called the preset of  and  • = { ∈  ∪  | (, ) ∈ } is called the postset of .Similar notation extended to a set of nodes is as follows: given  ⊆ ∪, A nonempty set  ⊆  is called a siphon if A -vector is a column vector  :  → Z indexed by  and a -vector is a column vector  :  → Z indexed by , where Z is the set of integers.The column vectors where every entry equals 0(1) are denoted by 0(1).[] is a ||×|| integer matrix with [](, ) = (, )−(, ).  is the transposed versions of vector .-vector  is called a -invariant if  ̸ = 0 and   [] = 0  and ‖‖ = { | () ̸ = 0} is the support of . is minimal if its support is not contained in the support of any other and its components are mutually prime.-invariant  is a -semiflow if its every element is nonnegative.

S 3 PR.
In this subsection, we introduce a class of Petri nets, called S 3 PR, first defined in [12], which stands for Systems of Simple Sequential Processes with Resources and can model real-life automated FMSs.
Let Π be the set of SMSs in an S 3 PR.The above theorem indicates that an S 3 PR is live if there is no siphon that can be emptied.

MIP Technique.
Let (, ) be an ordinary net with  = (, , ) and let  be the maximal unmarked siphon at ; that is, ∀ ∉ , () > 0. In the sequel, we introduce a technique, first proposed in [40], to find  in  by exploring the solution of a mixed integer programming (MIP) problem.∀ ∉ , let Since  is a siphon and, ∀ ∉ , () > 0, any  with V  = 1 and any  with   = 1 should be removed from the solution.Furthermore, ∀ ∈  • , V  = 0 implies   = 0 and, ∀ ∈  • ,   = 1 implies the truth of V  = 1.This leads to For a structurally bounded net, we have where SB() = max{() |  =  0 + [],  ≥ 0,  ≥ 0} denotes the structural bound of place .Therefore, the maximal unmarked siphon can be determined by the following MIP problem and there exist siphons unmarked in subject to constraints (1)-( 2) and Although MIP problems are NP-hard, it is shown in [40] that its computational efficiency is relatively insensitive to the initial marking and more efficient than state enumeration methods.
Theorem 7 is used to check S 3 PR (,  0 ) whether liveness is enforced or not.If  MIP ( 0 ) equals the cardinality of the place set of , it implies that (,  0 ) is live.
However, the classical MIP problem to determine a maximal unmarked siphon in [40] only applies to ordinary Petri nets.As for a generalized Petri net, deadlocks may occur due to insufficiently marked siphons.Hence, the new conditions for checking whether there exist a maximal unmarked siphon in a generalized Petri net (,  0 ) with  = (, , , ) are presented in [41], where a new constraint ( 5) is used to replace constraint (2): The maximal unmarked siphon of a generalized Petri net (,  0 ) can be determined by the following MIP problem and there exist unmarked siphons if  MIP gen ( 0 ) < ||: subject to constraints (1) and ( 5) and Theorem 8 (see [41]).Let (,  0 ) be a generalized Petri net with  = (, , , ).
For a generalized Petri net (,  0 ), if  MIP gen ( 0 ) equals the cardinality of the place set of , we can conclude that (,  0 ) is live.

Siphon Control Approach
In general, the presented method mainly contains two phases: siphon control phase and extended siphon control phase.The two phases are similar in finding siphons and the difference between them is the fashion of adding monitors for the siphons.
First, we apply the MIP technique to a plant net to obtain a maximal unmarked siphon (if there exists one), derive a minimal siphon from the maximal one by the minimal siphon extraction algorithm in [42], and check liveness by solving an MIP problem of the plant net after enforcing a constraint imposed on the complementary set of the minimal siphons.Repeat the above process until the plant net is live under a set of constraints.After removing redundant constraints by a proposed algorithm, we add monitors to the complementary sets of the minimal siphons according to the remaining constraints.If in the resulting net there still exists a deadlock, we conduct the next phase.
At the second phase, a newly presented constraint, different from the one claimed at Step 17 of Algorithm 2 in [39], is enforced to the MIP problem of the resulting net of the first phase for preventing the system from reaching deadlock states.After iterations, we obtain a set of constraints and implement the constraints by adding monitors with the output arcs (with weights) pointing to the source transitions to avoid the generation of new problematic siphons.Then the output arcs of the monitors are rearranged to obtain a more permissive supervisor.

Siphon Control Phase.
At this phase, for modeling a maximally permissive supervisor as much as possible, a monitor for an SMS is designed to be imposed on the complementary set of the SMSs.Definition 9 (see [39]).Let  be an SMS in an S 3 PR (,  0 ).A monitor   for  is added to  to prevent  from being unmarked such that (1) where (  , ) and (,   ) denote the weights of related arcs of   and (  ) denotes the initial number of tokens in   .
Theorem 10 (see [43]).The addition of   for  minimally restricts the behavior of a plant net.
Definition 9 shows the fashion of adding a monitor for an SMS at the first phase.In the sequel, we should identify SMSs that need to be controlled.
In this study, the MIP technique is applied to iteratively find SMSs to avoid a complete siphon enumeration.For an S 3 PR (,  0 ), an SMS  can be found in  by the MIP technique if it is not live.A constraint ∑ ∈[] () ≤  0 ()− 1 is enforced to the MIP problem of , which implies that  cannot be unmarked any more in the MIP problem while the constraint minimally restricts the behavior of the plant net, where () is a variable of the MIP problem and denotes the number of tokens in  and  0 () is the number of tokens in  at the initial marking.If  is live under the constraint, we just need to enforce the constraint by adding a corresponding monitor to  and end the first phase.Otherwise, we need to iterate and will obtain a set of constraints in the MIP problem, under which  can never reach deadlock states.
However, if the number of constraints is more than one, there may be the case that not all the constraints are necessary.As mentioned in Introduction, some constraints can be replaced by the combination of other constraints and therefore they are redundant.Here, we propose an algorithm to exclude redundant constraints and the remaining ones are necessary.
Algorithm 1 eliminates redundancy by excluding a constraint each time.If the liveness is preserved after removing the constraint, we can conclude that the constraint is redundant and should be removed.Otherwise, it should be considered as necessary.
A necessary constraint corresponds to an SMS that needs to be controlled.The constraint is achieved by adding a monitor and related arcs to the plant net to prevent the corresponding SMS from being unmarked.Hence, a necessary constraint requires a monitor.
We find that all of the above three constraints are necessary.However, if we change the initial marking of the net in Figure 1(a) to the one shown in Figure 2(a), we may find three constraints in turn: If constraint (8) can be found first, we still require constraints ( 9) and (10) to guarantee liveness, which makes constraint (8) redundant.Consequently, Algorithm 1 becomes an essential tool to deal with this condition.The controlled net is shown in Figure 2(b).
In fact, the condition of Theorem 11 is not always met.Newly added monitors and resource places may coproduce new siphons.Therefore, the second phase is proposed to solve this problem.

Extended Siphon Control Phase.
In this subsection, we still utilize the MIP-based deadlock detection method to find siphons (if there exist ones).In order to avoid the case that the added monitors take part in generating new siphons (i.e., control-induced siphons), the output arcs of monitors (with weighted arcs) added at this phase are pointed to source transitions first.Then the output arcs are rearranged to be far away from the source transitions to release legal states.The following definitions are presented to introduce the fashion of adding a monitor for an SMS at the second phase.Definition 12. Let (,  0 ) be an S 3 PR, let  0 be the idle place of a process, and let   and   be different operation places  in the process.If   can be found in the process path (in accordance with the direction of the arrows of the process flow) from   to  0 (  and  0 are not included),   is called a downstream place of   , denoted as   ≺   , and   is called an upstream place of   , denoted as   ≻   .Take the S 3 PR net (,  0 ) depicted in Figure 1(a) as an example. 4 is a downstream place of  3 , denoted as  4 ≺  3 . 2 is an upstream place of  3 , denoted as  2 ≻  3 .Moreover,  3 and  4 are the downstream places of  2 , denoted as   ( 2 ) = { Definition 15.Let  be an SMS of ( 1 ,  1 ) with  1 = ( 0 ∪   ∪  ∪  , , ∪ 1 ).The complementary set of  is defined as [] = ⋃   ∈ (  ) ⋃ ∈ ()\, where   ∈   and  ∈   .
Definition 17 (see [39]).Let  be an SMS in ( 1 ,  1 ).A monitor   for  is added to  1 to prevent  from being unmarked such that where (  , ) and (,   ) denote the weights of related arcs of   and (  ) denotes the initial number of tokens in   .
If ( 1 ,  1 ) is not live, we can find an SMS  containing monitors added at the first phase.In [39], at the second stage, a constraint ∑ ∈[] () ≤  1 () − 1 is enforced to the MIP problem of  1 to prevent  from being unmarked in the MIP problem, where () is a variable of the MIP problem and denotes the number of tokens in ,  1 () is the number of tokens in  at  1 .By exprimental analysis, it is found that the constraint is imposed on the complementary set of  while the output arcs of monitors are pointed to source transitions to prevent the generation of control-induced siphons, which makes redundant constraints emerged.Hence, in the following, a new type of constraints is proposed to solve the problem.
Based on Definitions 12-16, we propose a new constraint, where () is a variable of the MIP problem and denotes the number of tokens in  and  1 () is the number of tokens in  at  1 .Similar to the first phase, for controlling the derived SMSs in the MIP problem, we can obtain one or a set of such constraints, under which  1 is live.Applying Algorithm 1 to the constraints, we find a set of necessary constraints and each of them corresponds to an SMS that needs to be controlled.
The fashion of adding monitors in Definition 17 restricts the behavioral permissiveness while avoiding the generation of control-induced siphons.Hence, we utilize Algorithm 2 to release legal states.
Algorithm 2 aims to construct a more permissive supervisor, which releases most legal states.For each monitor added by Definition 17, move each of its output arcs that originally points to a source transition step by step away from the source transition.Note that all the movements are implemented on condition that the liveness is preserved and the liveness is checked by the MIP problem for generalized Petri nets.
) is obtained based on the rearrangements of the output arcs of monitors in ( 2 ,  2 ).By Theorem 18, it is found that ( 2 ,  2 ) is live.In addition, each movement of the output arcs is implemented on condition that  MIP gen ( 2 ) (( 2 ,  2 ) denotes the resulting net of each movement) equals the cardinality of the place set of  2 , which implies that there is no unmarked siphon.According to Theorem 8, ( 2 ,  2 ) is live.
For the S 3 PR shown in Figure 3, the number of its maximally permissive states is 891.The first phase leads to 12 monitors, as shown in Table 1.The resulting net is denoted as ( 1 ,  1 ).However, there still exist maximal unmarked siphons rendering deadlocks.Two minimal siphons  13 = { 5 , ), where  = {1, . . ., } and  is the total number of processes.
\ *  is the SMS controlled by Remove   from ( 2 ,  2 ) and obtain ( 1 ,  1 ).Constraints are as follows: It is found that constraint (10) is redundant by applying Algorithm 1.According to constraint (12),   13 with its output arcs pointed to source transitions, as shown in Figure 4(a), is added to  1 by Definition 17.The resulting net  2 is live and it has 870 reachable states.Finally, we find   13 with rearranged output arcs by Algorithm 2, as depicted in Figure 4(b).We denote the resulting net as  2 .It is live and has 878 reachable states that are very close to the number of maximally permissive states.

Deadlock Prevention Algorithm
In this section, the proposed method is shaped to an algorithm to show how to synthesize a liveness-enforcing supervisor and a supporting example is given in Algorithm 3.
The supervisor synthesized by Algorithm 3 preserves the legal states of a plant net to a large extent on a basis of low computational complexity.The MIP-based deadlock detection approach is iteratively used to find unmarked siphons, which avoids a complete siphon enumeration and saves computational time.The first phase is optimal or maximally permissive in the sense that no legal states are excluded since a monitor is added to the complementary set of SMSs.However, it always makes the generation of controlinduced siphons unavoidable while minimally restricting the behavior of a plant net.To accelerate the convergence, the output arcs of the monitors added at the second phase are first pointed to the source transitions of the plant net and subsequently rearranged away from the source transitions to release legal states on condition that the liveness is preserved.It guarantees the liveness as well as largely enhances the behavioral permissiveness.Hence, the policy in Algorithm 3 can synthesize a liveness-enforcing supervisor with low computational complexity.
The Petri net shown in Figure 5 is a well-known model of FMS [12].We can define this Petri net model as an S 3 PR Input: An S 3 PR (,  0 ) with  = (, , ).Output: A liveness-enforcing net (

Comparison and Discussion
The performance of the proposed policy is shown in Table 3 by calculating the example in Figure 5 compared with the existing methods.The first column represents the policies and the second column shows the number of reachable states.The third and fourth list the numbers of the added monitors and the related arcs, respectively.The fifth exhibits whether a complete siphon enumeration is necessary in a policy.Similarly, the sixth points out the necessity of a complete state enumeration.The seventh indicates the computational complexity.
The performance analysis of the policies is conducted by considering the following three criteria: behavioral permissiveness, computational complexity, and structural complexity.The advantage of the proposed policy can be analyzed in terms of the three criteria.The obtained supervisor by the proposed method of the net in Figure 5 is suboptimal.However, the number of its reachable states is nearly maximally permissive, only a bit smaller than those of the policies in    [45,46] while the computational complexity of these policies is exponential, their supervisors have more monitors and arcs, and they need either a complete siphon enumeration or a complete reachability graph.The proposed policy, compared with the policies in [15,17,32,39], can provide more reachable states.
Among the policies listed in Table 3, we choose four representative ones to compare with the proposed policy in Table 4 through ten examples (obtained by an S 3 PRgenerating program of our work group except examples 7, 8, and 10), where number of RS and number of M denote the numbers of reachable states and the additonal monitors, respectively.The 12th and the last column indicate the maximally permissive behavior and the ratio of the reachable states of supervisors obtained by the proposed policy to the maximally permissive behavior, respectively.By the experimental study, we can find that the supervisor, synthesized by the proposed policy, has less monitors and is more permissive than the existing ones.

Conclusions
The deadlock prevention problem is always a tough and fussy task in FMSs.Behavioral permissiveness, computational complexity, and structural complexity are three criteria for checking the performance of supervisors.This work presents a deadlock prevention method for an S 3 PR.A siphon is a special set of places that can lead a system to a deadlock state.The MIP technique is iteratively used to find maximal unmarked siphons.Due to the high computational efficiency of the MIP method, we can save computation time substantially.At the first phase, in order to find a more permissive supervisor, monitors are added to the complementary sets of the derived minimal siphons.Unfortunately, the added monitors are always involved in the generation of controlinduced siphons.Hence, at the second phase, a new fashion of adding monitors such that the output arcs of the monitors are pointed to source transitions is adopted to avoid generating control-induced siphons.Then the output arcs are moved from the source transitions along the opposite direction to Input: A Petri net (, ) and a set of constraints  = { 1 , . . .,   }.Output: A set of necessary constraints   .(1) begin (2)   fl 0. \ *   denotes a set of necessary constraints * \ (3) while { ̸ = 0} (3.1) Choose a constraint   from ;  fl  \ {  }. (3.2) Enforce  ∪   to the MIP problem of .(3.3) if there exists a maximal unmarked siphon (3.3.1)  fl   ∪ {  }. (4) Output   .(5) end Algorithm 1: Extraction of necessary constraints.

Definition 13 .
Let  be an operation place of an S 3 PR.  () = { |  ≺ } is called the set of downstream places of  and   () = { |  ≻ } is called the set of upstream places of .Definition 14.Let  be an SMS of an S 3 PR, let [] be the complementary set of , and let  be an operation place in [].  ([]) = ⋃ ∈[] { |  ∈   () ∧  ∉ []} is called the set of upstream places of [] and    ([]) =   ([]) ∩    is called the set of upstream places of [] in process , where    denotes the set of operation places in process .

Figure 4 :
Figure 4: Monitor   13 (a) with original output arcs and (b) with rearranged output arcs.

Table 2 :
Monitors added at the first phase.,  10 ,  13 ,  17  3 ,  8 ,  11 ,  15 Monitors   8 and (b)   9 .constraintsarenecessarybyAlgorithm 1 and we add two monitors,   = {   |  ∈ {8, 9}}, as shown in Figure6, to  1 by Definition 17.The resulting net is denoted as ( 2 ,  2 ).( 2 ,  2 ) excludes many legal states although it is live.The number of maximally permissive states of this plant model is 21581 while ( 2 ,  2 ) preserves 19773 ones.Then we apply Algorithm 2 to ( 2 ,  2 ) to rearrange the output arcs of monitors added at the second phase.The two monitors with rearranged output arcs are shown in Figure7.The final net, denoted by ( 2 ,  2 ), is live and it has 20444 reachable states.

Table 3 :
Performance comparison of policies applied to the example in Figure5.

Table 4 :
Performance analysis through ten examples.