A Method of Sample Models of Program Construction in Terms of Petri Nets

In the article a method of automated construction of Petri nets simulating the behaviour of imperative programs is considered from the formal point of view. Petri net samples with certain characteristics are necessary in programming new algorithms for program analysis; in particular, they can be used for developing or optimizing algorithms of Petri nets compositions and decompositions, building the reachability tree, checking invariants and so on. The generation process consists of two stages. At the first stage, construction templates for a resulting net and parameters for construction are described. With the help of these parameters it is possible to regulate the final size and the absolute or relative amount of certain structures in the resulting net. At the second stage, iterative process of automated net construction is used for Petri net generation of any size, limited only by an available computer memory. In the first section of the article the minimum necessary definitions are given and a new version of Petri nets composition operation by places is introduced. Commutative and associative properties of introduced binary operation allow to synchronize any number of Petri nets in arbitrary order. Then construction template is defined as a marked Petri net with input and output interfaces and rules for templates composition using this interfaces. A number of construction templates can be united in a collection, for which the evolution rules are defined. The completeness property of a collection guarantees that the collection evolution results in a Petri net that simulates the imperative program behavior. The article provides a version of the construction templates complete collection and an example of Petri net simulating sequential imperative program construction. The article is published in the author’s wording.


Introduction
Automatics and machinery in the modern world more and more relies on software.In many areas of human activity software errors may cost human lives.For example, in 2000 an erroneous calculation of the radiation dose led to several deaths [4].However, among the variety of existing programs only very few have been formally verified, proving their correctness.This situation caused by the necessity of the human intellect to describe the programs examined in terms suitable to analysis.Petri nets are one of the few formal languages allowing to automate the process of software systems behavior models construction.In some cases, Petri nets are extremely suitable for modeling due to the distributed nature of the systems described, such as the development of multimedia streams scenarios [11].In other cases, Petri nets analysis tools meet the stated objectives, like in the development of the process managing web services [9].Software engineering and Petri nets crossed several times in the past resulting in interesting ideas in both areas [6].Certain steps have been done by the authors of this article towards imperative programs modeling [7,17,18].Nevertheless, there is a serious concern that the advantages of Petri nets as a formalism for distributed systems description with a clear graphical presentation will be lost, when describing the programs of actual complexity.At first, nets with more than a thousand of elements can not be represented on the screen or on the printed page in a readable form.At second, more significantly, nets analysis algorithms, for example, reachability tree construction algorithm, are to be adapted for Petri nets with a large number of elements.The classic reachability tree construction algorithm [1] for the nets greater than of 10 5 places and transitions requires more than 10Gb of memory that can be considered is a threshold for personal computers.In the international competition "Model Checking Contest @ Petri Net" for the comparison of Petri nets analysis tools a set of predefined models is used, and in 2015 the largest, by the number of places and transitions, model had about 34 thousand elements [20].This number of elements corresponds to the Petri nets modeling imperative programs of less than 10 thousand lines of code, while the larger software systems can have hundreds of thousands of lines.For the adaptation of the algorithms dealing with Petri nets and their quality investigation there is a demand for the nets with a predefined number of elements and with known properties.The authors concluded that automatic generation of such nets is an important issue.
Material in the article is presented in the next way.The first section provides the minimum of the necessary definitions and a simple Petri nets composition operation by places is introduced.The second section describes the notion of the construction template and defines the rules of Petri nets automatic generation.The third section provides a complete set of construction templates and an example of generation of Petri net simulating behaviour of imperative program.Finally, conclusions on the applicability the method proposed are drawn.

Simple Petri net composition by places
Let A = {a 1 , a 2 , ..., a k } is a set.Multiset on set A is a function µ : A → {0, 1, 2, . . .}, that assigns a non-negative integer to each element of the set A. Multiset is conveniently written as a formal sum n 1 a 1 + n 2 a 2 + ... + n k a k or Σn i a i , where n i = µ(a i ) is the number of occurrences of the a i ∈ A in the multiset.Normally, when recording the sum, its zero elements n i = 0 are omitted.The arithmetical sum and difference of multisets µ 1 and µ 2 are defined, respectively, as Comparing multisets µ 1 and µ 2 it is right to write: If n i = 0 for all i, then this multiset will be denoted as 0. We will also write that a ∈ µ, if ∃n > 0 : (a, n) ∈ µ.The set of all finite multisets on the set A will be denoted as M(A).
Let's define a sequence s on the set A as a function N 0 → A ∪ ∅, associating with a positive integer one element of the set A or the empty set element ∅, if the number is greater than the size of the sequence |s|.The sequence is written as (a i ) n i=0 or shorter (a i ).Sequence element a i is written as the function value of integer argument s(i).The set of all finite sequences in the set A is written as (A).Let's also define a linearly ordered subset B of the set A with a linear order relation Linearly ordered subset is written as The set of all finite linearly ordered subsets of the set A is written as Multisets • t and t • are called input and output multisets of transition t ∈ T accordingly.

Definition 2. Formal union of Petri nets. Let us given two Petri nets
Petri nets defined in such a way quite rarely used for modeling real systems, because as the number of places and transitions increases so raises the complexity of model perception as a whole.To simplify modeling of complex systems the compositional approach to build whole model from the simpler models of its subsystems is widely used in practice.The most widely used is a nets composition by transitions [3,14], but there are variations of nets composition operations by places [10], and also by places and transitions [15].We introduce the operation of Petri nets composition by places using the scheme proposed in articles [2,5].In our case, the goal is to minimize the algorithmic complexity of the operation implementation.The name "simple point of access" is used to distinguish this access point from the ones introduced in the articles [2,5].Further in the text instead of the full name "simple access point by places" abbreviation "simple access point" may be used or even just "access point".

Definition 4. Merge of Petri net simple access points. Let us given Petri net
1 ⟩ and two its simple access points and there is a mapping surjection between a source and a finite set of places Less formally merge of Petri nets simple access points by places performs "joining" of places, used by the access points, on the principle "one access point place merge another access point place with the same sequence number".Transitions of the original net do not change, and the arcs are restored from the original net, connecting transitions with the mapping of the original incident places.Using a list representation of places, transitions and arcs sets, software implementation of the access points merge operation can be performed along with copying elements from original to destination nets in no more than O(N ) CPU operations where N is the number of elements in the original net.The mapping between the source and a finite set of places allows also to convert other simple access points by places not involved in the merge operation.

Definition 5. Let us given Petri net
ι 2 , resulting from the simple access poing merge of the net Σ 1 .Then simple access point ι = ⟨id ι , ϱ ι ⟩ by places of net Σ is the convertion of access point In practice, two Petri nets merge operation is more frequently used, which is defined as follows.

and two their simple access points by places
Then Petri nets Σ 1 and Σ 2 merge operation by simple access points ι 1 and ι 2 forms new net Software implementation of the binary Petri nets merge operation can be performed, similarly to unary, in no more than O(N 1 + N 2 ) CPU operations, where N 1 and N 2 are numbers of elements of the original nets.Taking into account the above-described conversion of simple access points by places, let's assume that source net access points are applicable to the net resulting from merging.Then merge operations properties can be written that follow directly from the definitions: 1. Unary operation commutativity indicates that the result of merging the access point does not depend on the access points order.

Binary operation commutativity
allows not to worry about the order of nets in the operation.

Unary operation associativity
allows to perform a number of merge operations over one net in any order.

Binary operation associativity
allows to merge several Petri nets in random order.

Construction templates in terms of Petri nets
With the use of simple access points by places to Petri nets and composition operations, introduced in the previous section, we formulate object-oriented approach to the automatic generation of Petri nets.This approach based on the concept of the construction template.An imperative construction template is a marked Petri net, having part of the places assigned for merging with "superior" nets as the input interface, and another part of the places -to merge with the "subordinate" nets as the output interface.Let's formalize construction templates merge operation, "superior" nets are built with the help of.

Definition 8. Formal union of PN-templates. Let us given two imperative construction templates
Operation of PN-templates formal union makes new template by simple union of the sets and markings of the initial templates.To change the structure of the template the merge operation of simple access points is used.

Merge of a PN-template simple access points operation (in unary form) is denoted as
More common used, and usefull for us, binary form of templates merge operation is defined by consecutive application of the two above operations.

Definition 10. PN-templates merge operation by simple access points. Let us given two construction templates
Now it is possible to formulate the necessary requirements to imperative construction templates in order to build program simulations in terms of Petri nets.

All simple access point in the input interfaces has a pair in the output interfaces,
and vice versa: Practically, a templates collection -is a system in which the result of the start template merging with any of the others gives a new start template.

Definition 12. PN-templates collection evolution. PN-templates collection
It should be noted that the software implementation of templates collection evolution can be made, using a list representation of Petri net elements sets, in no more than O(N ) CPU operations, where N -the number of elements in the final net.To do this, at each step of the evolution, instead of creating new start template, all changes should be done in current one.Then, in each of the binary merges from O(N 1 +N 2 ) CPU operations only O(N 2 ) operations, related to copying second net elements and "gluing" places, remain.
Finally, with regard to the program behaviour simulations building, it is possible to formulate the final requirements to PN-templates set.

There is sufficient number of terminator templates:
With a complete collection of templates as defined in 13, it is possible, using a merge by access points operation 10, to build the resulting template of any predefined size.It is easy to verify that, using start template, each merge operation will result in a new start template that does not have an input interface.Available building templates and access point pairs in interfaces allow to continue build procedure.And merging start template with terminator templates reduces the amount of access points in output interface at the start template until it becames the resulting template.

A generation example of Petri net simulating imperative program
Consider as an example the generation of Petri net simulating the behavior of a simple sequential imperative program.The complete collection Π x = {X 1 ..X 10 } consisting of ten templates is used to build sample net.Let us give drawings of templates and describe each of them in order.The following designations are used in templates representations.Petri net describing the structure of the template is placed in a rectangle.Petri nets are drawn using usual graphical notation in the form of a bipartite directed graph, where places are represented by circles and transitions -by rectangles.Places and transitions are connected by arcs representing input and output incidence functions.At the boundaries of the rectangle, framing template structure, the symbolic images of simple access points by places are drawn in the form of a circles with a sign of the interface it is belonged inside.In this article, all access points of the input interface are placed on the top edge of the rectangle, and all of the output -on the bottom edge.Each place of the access point ordered subset of places is connected by a thin dotted line with the symbol of the access point.Formal descriptions of the template input and output interfaces and its marking are placed inside the rectangle.Figure 1 shows first two templates.The first template X 1 , called the process template, is modelling begin and end of a sequential process.This is the only start template with a nonzero marking in the described collection, it has no input interface.The initial place with the token is the starting point of the program model, where the program begins its work, and the only transition in template simulates start of the process.Template X 2 , called linear section, simulates simple mathematical expression in the imperative program, it differs from start template by absence of marking and presence of input interface.
Next template X 3 is drawn on figure 2 and designed to simulate the behaviour of cycles in the imperative program.First access point of the template input interface is  This template has only one access point of a pair of places in input interface and no access points in output interface, so after the merging with this template the resulting net would have one access point less in output interface.At the right side of the figure there is template X 5 , modelling function call in the imperative program.This template has a single access point in input interface and two access points in the output interface.The first access point of the output interface is designed to form the body of the function, the second access point -to continue the program after the function call.Figure 4 depicts template X 6 that models an imperative programming language branching operator construction.This template has one simple access point in the input interface, consisting of the begin and end places of the template.Three access points in the output interface, each consisting of a pair of places, are designed to simulate the program parts of then branch, else branch, and to continue the program after the branching operator.
The main template of switch (right) and completing as default case (right) Templates X 7 , X 8 , X 9 , X 10 simulate parts of syntax construction switch of imperative programming languages: main template -begin and end of the construction, completing template as default case, templates to continue after break operator and continue without break operator accordingly.This templates are shown of figures 5 and 6.Main template X 7 have one access point of a pair of places in input interface and three access points in output interface, designed to continue switch construction, building body of the first execution case of switch construction and to continue program after switch operator.The access point for the continuation of the switch construction has three places, and other two access points -two.Template X 8 has a single access point of the input interface of three places and no output, so it is the terminator for the switch construction, because after the merge operation of the switch construction with template X 8 addition of new cases will be impossible.Figure 6 shows two options X 9 , X 10 of adding a new case to the switch construction.It is due to the single access point of three places in the input interface, this templates can be merged only with a templates from the set of switch construction template.The output interface of these templates has two access points: first access point of three places is designed for the developing of the switch construction, second access point of two places -for constructing the case control flow.Thus, to simulate the behavior of the program in the switch construction it is necessary to use the main switch template, merge it step by step with the required number of cases templates and finish by merging with completing template.Templates collection Π x described above is a minimal collection for modelling of imperative programs.Let's consider the building process of Petri net simulating imperative program, using this templates collection.For the example of the net building the next templates were used: the process, the switch with three different branches and the stub.Figure 7 shows the diagram of the net construction, with the next used conventions: • Each template is framed by a rectangle and signed by the ordinal character of the English alphabet and template number.English character indicates the order of the templates merge operations that represents the evolution 12 of a templates collection.
• The lines between simple access points by places show what access points are used in merge operation.
• All access points of the input interface are placed on the upper edge of the rectangle, and of the output -at the bottom.Therefore, the order of templates merging coincides with the rules of reading -from top to bottom, left to right.
• For convenience all the places and transitions of construction templates are renamed to coincide with the resultant places and transitions.
Bottom part of the figure shows the result of templates evolution.This net is similar in behavior to the real program, consisting for the most part of a switch operator, which has three branches: the upper branch with break operator, the middle branch without break operator (without break operator the process continues in next branch) and the default branch.

Conclusion
Automatic Petri nets generation is quite often used in the modeling of objects of different application areas, for example, in railway interlocking design [16], large scale biological networks [12], semiconductors manufacturing [8], flexible manufacturing systems [13].

Fig 1 :
Fig 1: Templates of process (left) and linear section (right)

Fig 3 :
Fig 3: Templates of stub (left) and function call (right) constructions

Fig 4 :
Fig 4: Template of branching operator construction

Fig 6 :
Fig 6: Templates of switch -continue after break operator (left), continue without break operator (right)

InFig 7 :
Fig 7: An example of Petri Net construction