=Paper=
{{Paper
|id=Vol-3730/paper03
|storemode=property
|title=Automatic Modularization of Place/Transition Nets
|pdfUrl=https://ceur-ws.org/Vol-3730/paper03.pdf
|volume=Vol-3730
|authors=Julian Gaede,Judith-Henrike Overath,Sophie Wallner
|dblpUrl=https://dblp.org/rec/conf/apn/GaedeOW24
}}
==Automatic Modularization of Place/Transition Nets==
https://ceur-ws.org/Vol-3730/paper03.pdf
Automatic Modularization of Place/Transition Nets
Julian Gaede1 , Judith-Henrike Overath1 and Sophie Wallner1
1
UniversitΓ€t Rostock, 18051 Rostock, Germany ( @uni-rostock.de)
Abstract
Modular Petri nets provide a way to alleviate the state-space explosion problem. However, Petri nets are usually
not described as a modular structure. In order to benefit from the advantages of modular state space analysis,
the Petri net has to be decomposed into modules in advance. In this paper, we discuss various approaches to
automatic modularization. One approach focuses on finding replicated modules in a Petri net, since the state
space for those replications needs to be computed only once during analysis. An implementation based on
the graph isomorphism problem shows the validity of this idea. The effectiveness of state space reduction by
modularization is significantly influenced by the size of the individual modules and the size of the interfaces
between them. If possible, the modules should exhibit internal behavior, i.e. have a certain minimum size and
produce nontrivial strongly connected components in their reachability graphs. The interfaces should be as
small as possible to avoid an overhead of synchronization behavior at the interfaces. To this end, we firstly
present an approach that produces modules with meaningful internal behavior based on T-invariants. Secondly,
we explain two approaches that use hypergraph cuts to minimize the size of interfaces.
Keywords
Petri Nets, Modular State Space, Replication, Modularization,
1. Introduction
A modular Petri net consists of subnets that act independently of each other and are synchronized
via interfaces. Modularization is the concept of transforming a Petri net system into an equivalent
modular Petri net with independent components but common interfaces. Sometimes Petri net system
models describe systems that consist of such components anyway. However, this encapsulation is not
represented by the conventional Petri net system formalism. Modularization offers the possibility to
make this information exploitable for analysis. Another application is the decomposition of models
that would not be expected to have a modular structure. Especially for Petri net systems with identical
structures, modularization provides a suitable solution as it is more robust with respect to small
deviations in contrast to symmetry. Regarding the well-known example of the dining philosophers, the
symmetry is broken as soon as one of the philosophers grabs the forks in the opposite order. Anyway,
such a version of the dining philosophers can be modularized according to our methods.
The idea of decomposing a Petri net system for analysis is not new. One way of forming components
is clustering [1]. However, the clusters do not have to be disjoint and therefore do not act independently
of each other. There is also the approach of forming a compositional state space [2]. Here, the state
spaces of the individual Petri net system components are calculated individually and then a global
state space of the entire Petri net system is derived. Since the partial state spaces must be completely
available for further calculations, the components must be bounded. Modularization does not require
this restriction; components can be unbounded in themselves and only become restricted through their
embedding into a modular Petri net. In this paper, Section 2 first introduces all the necessary concepts
in the domain of modular Petri nets, as the notation differs from the notation of conventional Petri net
systems. Then, we continue exploring the issue of automatic modularization of Petri net systems with a
focus on increasing efficiency in the analysis. A major advantage in the analysis of a modular state
space arises from the fact that the original Petri net system might contain replicated components, for
which it is sufficient to compute the state space once [3]. Therefore, Section 3 concentrates on finding
replications in the Petri net. As a Petri net system is basically a graph, the idea of finding replications
can be reduced to finding isomorphic subgraphs in a graph. An implementation shows the validity of
PNSEβ24, International Workshop on Petri Nets and Software Engineering, 2024
Β© 2024 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
CEUR
ceur-ws.org
Workshop ISSN 1613-0073
Proceedings
53
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
this approach. Section 4 presents further ideas on how to modularize a Petri net system; especially
when no more replications are expected. This is the case, for example, when all replications have
already been found in a Petri net system, but a sufficiently large part of the net is still unmodularized.
Likewise, the ideas can also be applied to modularize replications that have already been found, for
example, if they are still quite large. Here, however, modularization should not simply be done blindly,
but based on the structure of the Petri net system. One approach makes use of transition invariants,
which are considered an important indicator of nontrivial behavior. Thus, a modularization based on
t-invariants is expected to generate modules with meaningful behavior. What impedes the analysis in
the modularized Petri net is the synchronization behavior of the modules among each other. Therefore,
it is a legitimate reason to want to keep this synchronization behavior rare. This can be achieved by
modularizing Petri net system in a way that the interfaces between modules are as small as possible.
For this, (hyper)graph theoretical concepts are consulted.
2. Preliminaries
Definition 1 (Petri net system). A Petri net system is a tuple π = [π, π, πΉ, π, π0 ], where
β’ π is a finite set of places,
β’ π is a finite set of transitions with π β© π = β
,
β’ πΉ β (π Γ π ) βͺ (π Γ π ) is the set of arcs,
β’ π : (π Γ π ) βͺ (π Γ π ) β N is the weight function with π (π₯, π¦) = 0 iff (π₯, π¦) β
/ πΉ and
β’ π0 is the initial marking, where a marking in general is a mapping π : π β N.
We call π βͺ π the nodes of a Petri net system. For a node π₯ β π βͺ π , βπ₯ = {π¦ | (π¦, π₯) β πΉ } the
preset of π₯ and π₯β = {π¦ | (π₯, π¦) β πΉ } the postset of π₯. We call βπ₯ βͺ π₯β the environment for a node
π₯ β π βͺ π . The objective is to generate a modular structure for a given Petri net system, such that
the modular Petri net generated out of the structure is isomorphic to the given system. Therefore, we
introduce concepts for describing a modular structure. We follow the notation established in [3].
Definition 2 (Module). A module is a place/transition Petri net ππ = [ππ , ππ , πΉπ , ππ ] for π β N where
the set ππ is assumed to be partitioned into subsets ππ|πππ‘πππππ of internal transitions and ππ|πππ‘πππ πππ of
interface transitions.
A module describes some part of the full modelβs structure. To exhibit any behavior, a module needs
to be instantiated by adding an initial marking.
Definition 3 (Instance). An instance is a Petri net system [ππ , π0π ] of module ππ for π β N, where
π0π : ππ β N is an initial marking of ππ .
While each instance has some self-contained (or internal behavior), they may synchronize with
other instances via their interface transitions. This synchronization is accomplished by combining
interface transitions of different instances to a fusion transition to force them to fire simultaneously if
all individual preconditions are met. The fusion is guided by fusion vectors.
Definition 4 (Fusion Vector, Support). Let β = {[π1 , π01 ], . . . , [πβ , π0β ]} be a set of instances. A
fusion vector π β (π1|πππ‘πππ πππ βͺ {β₯}) Γ Β· Β· Β· Γ (πβ|πππ‘πππ πππ βͺ {β₯}) is a vector of interface transitions of
the instances or β₯. An instance [ππ , π0π ] participates in π with its interface transition π‘ β ππ|πππ‘πππ πππ
if π [π] = π‘. If π [π] = β₯, the instance does not participate in the fusion. The support π π’ππ(π ) = {π‘ |
π [π] = π‘} of a fusion vector is the (nonempty) set of contained interface transitions.
An instance can participate at most once in a given fusion, but the same interface transition can
appear in multiple fusion vectors.
We are now ready to collect all information needed for the composition of modules.
54
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
Definition 5 (Modular Structure). A modular structure is a tuple β³ = [β, β±], where
β = {[π1 , π01 ], . . . , [πβ , π0β ]} is a set of instances of pairwise disjoint modules and
β± β (π1|πππ‘πππ πππ βͺ {β₯}) Γ Β· Β· Β· Γ (πβ|πππ‘πππ πππ βͺ {β₯}) is a set of fusion vectors.
From this modular structure we can derive a modular Petri net system, where places, internal
transitions, and initial markings are taken from the individual instances. Every fusion vector defines
another transition that inherits all the arcs of the contained interface transitions and establishes
connections across instances. Consequently, interface transitions that do not appear in any fusion set
do not appear in the composition. This can be trivially worked around by adding a fusion vector with
only this transition and β₯ everywhere else.
Definition 6 (Modular Petri Net, Fusion Transition). Let β³ = [β, β±] be a modular structure.
From β³, we can derive a Petri net system π = [π, π, πΉ, π, π0 ], where
βοΈ
β’ π = πβ{1,...,β} ππ ,
βοΈ
β’ π = πβ{1,...,β} ππ|πππ‘πππππ βͺ {π‘π | π β β±}, where π‘π is the fusion transition for π β β±,
βοΈ
β’ πΉ = πβ{1,...,β} (πΉπ β© (ππ Γ ππ|πππ‘πππππ βͺ ππ|πππ‘πππππ Γ ππ )) βͺ
{(π, π‘π ) | π β β±, (π, π [π]) β πΉπ } βͺ {(π‘π , π) | π β β±, (π [π], π) β πΉπ }
β§
β¨ππ (π‘, π) for (π‘, π) β πΉπ and π‘ β ππ|πππ‘πππππ
βͺ
β’ π (π‘, π) = ππ (π‘* , π) for (π‘* , π) β πΉπ and π‘* β π π’ππ(π ),
βͺ
π β β±, π‘ = π‘π , π β {1, . . . , β}
β©
β§
β¨ππ (π, π‘) for (π, π‘) β πΉπ and π‘ β ππ|πππ‘πππππ
βͺ
β’ π (π, π‘) = ππ (π, π‘* ) for (π, π‘* ) β πΉπ and π‘* β π π’ππ(π ),
βͺ
π β β±, π‘ = π‘π , π β {1, . . . , β}
β©
βοΈ
β’ π0 = πβ{1,...,β} π0π
We call π the modular Petri net for β³.
Note that the initial marking of the modular Petri net is well-defined since the domains of all π0π
are pairwise disjoint.
To generate a modular structure from a non-modular Petri net, we only need to find a mapping that
unambiguously assigns an instance to each place, thus we get a place set for every instance. The other
components of the modular structure, from which we can deduce a modular Petri net, can be derived
from this set of places as shown in the following lemma.
Lemma 1 (Deducing a modular structure from a partitioning of places). Let π = [π, π, π, πΉ, π0 ] be
a Petri net. Further, let {π1 , . . . , πβ } be a partitioning of π . For ππ with π β {1, . . . , β}, we generate
instance [ππ , π0π ] with
βοΈ
β’ ππ = πβππ {(βπ βͺ πβ) Γ π}
β’ ((π‘, π), π) β πΉπ , iff (π‘, π) β πΉ ; (π, (π‘, π)) β πΉπ , iff (π, π‘) β πΉ
β’ ππ ((π‘, π), π) = π (π‘, π); ππ (π, (π‘, π)) = π (π, π‘) for a π β ππ
β’ π0π = π0 β© (ππ Γ N)
We append the index π to each transition to distinguish their occurrences in different instances. The
fusion vectors can be constructed by identifying transitions which occur in multiple instances. For
π‘ β π , we identify the modules where π‘ occurs as πππππππ (π‘) = {π | (π‘, π) β ππ }. Then we generate a
fusion vector π for all π‘ where |πππππππ (π‘)| > 1, so that π [π] = (π‘, π) if π β πππππππ (π‘) and β₯ otherwise.
We can distinguish internal and interfaces transitions for the instances as well. Therefore, we declare
(π‘, π) β ππ|πππ‘πππ πππ , iff βπ β β± : (π‘, π) β π and ππ|πππ‘πππππ = ππ β ππ|πππ‘πππ πππ . This results in a set of
instances β = {[π1 , π01 ], . . . , [πβ , π0β ]}.
55
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
[N1,m01] [N2,m02]
p1
p1
(t1,1) (t1,2) p3
(t1,1) (t1,2) p3
p2 t2 p4
p2 (t2,1) (t2,2) p4
(b) The resulting Petri net system after combining
(a) An invalid modular structure where (π‘1 , 2) is the modules π1 and π2 , where the edge be-
not included in π1 despite being connected to tween π1 and (π‘1 , 2) was lost.
π1
Figure 1: An invalid modularization resulting in the loss of structure after combining the modules.
Example 1. Figure 1 illustrates why it is required to include all connected transitions for a given
place into the same module. The place π1 is included in module π1 and connected to (π‘1 , 2), which is
in another module. Since the composition rules for a modular Petri net [3] only concern themselves
with fusion transitions, in this case (π‘2 , 1) and (π‘2 , 2), which are fused into π‘2 in the resulting net. The
connection between π1 and (π‘1 , 2) is not reconstructed, changing the behavior of the modular Petri net
compared to the composition of the modules.
3. Modularization based on Replications
It is desirable to allow a single module to be replicated, or instantiated multiple times with possibly
different initial markings, since this makes sense from a modelling perspective, but also unlocks
additional memory-savings during model checking. To distinguish between those replications, we
extend instances by a unique identifier, and call them replicated instances or short: r-instances.
Definition 7 (R-Instance). An r-instance is a Petri net system [ππ , π, π0π ] of module ππ , where π β N
is an instance identifier and π0π : ππ β N is an initial marking of ππ .
The definitions for the modular structure, fusion vectors and modular Petri net can be easily amended
to accommodate this extension. A fusion vector can contain transitions from multiple r-instances of the
same module, since the module would be copied for each instance when constructing the modular Petri
net.
To identify replicated modules, we represent the net structure of the given Petri net system as a net
graph. The marking of places is irrelevant for this, as replicated modules with different markings can
still lead to a reduction in the local reachability graph compared to the combined size of individual
modules[3].
Definition 8 (Net graph). For a given Petri net π = [π, π, πΉ, π, π0 ], the net graph πΊ = [π, πΈ, π] is a
directed, labeled graph, where
β’ π =π βͺπ
β’ πΈ=πΉ
β’ π(π£) = π if π£ β π
β’ π(π£) = π‘ if π£ β π
β’ π((π£, π£ β² )) = π (π£, π£ β² )
In the way we define a modular structure, the state space of instances of the same module (regardless
the initial marking) can be analyzed based on one common state structure. In general, identical structures
lead to identical behavior, which we do not need to analyze repeatedly. Therefore, it makes sense to
identify identical substructures in the net graph, which we then can declare as instances of one module.
56
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
Given a net graph, the ideal scenario would be to maximize the number of identical structures, i.e.
isomorphic induced subgraphs. Those subgraphs should be larger than a minimum size to avoid the
trivial solution where each vertex is a subgraph. This problem is germane to the Induced Subgraph
Isomorphism problem or the more general Maximum Common Induced Subgraph problem, where
for two given graphs one must determine whether one graph is an induced subgraph of the other resp.
the two graphs have a common induced subgraph with a minimum size. Those problems are known
to be NP-complete, as described in [4]. The problem might as well be associated with the Largest
Subgraph With A Property problem [4], where the task is to find the maximum subgraph with a
given property. Considering the repeated occurrence of a subgraph as a property does not serve as a
standard graph property why this problem can be neglected. From the field of data mining, the challenge
to find identical substructures in graphs is known as the frequent subgraph mining [5]. Expressing
our problem as a frequent induced subgraph mining problem turned out to be unsuitable. Frequent
subgraph mining in general does not consider induced subgraphs, which is mandatory for us [6]. There
are also approaches for induced subgraphs but on the base of multiple graphs [7].
Another related field concerns itself with the identification of overrepresented sub-structures in a
network, so-called motifs. The algorithms from this field can be broadly categorized into motif-centered
and network-centered approaches. A motif-centered procedure requires a motif as part of its input, which
makes it unsuitable for our application. Conversely, a network-centered method starts by enumerating
all subgraphs for a given size and counts their occurrence in the graph[8]. However, the performance
of these approaches tends to scale poorly with the size of the motifs. Since the state space reduction
achieved by the modularization of a Petri net system is heavily impacted by the amount of internal
behavior of its modules [3], it is desirable to identify larger substructures. Therefore, a network-centered
approach isnβt appropriate either to find replicated modules with sufficient internal behavior.
Besides maximizing the number of identical structures we impose additional constraints to a solution.
When considering subgraphs of Petri nets, not every induced subgraph is a valid replication. For every
place we require all connected transitions to be included in the instance of the place. Otherwise, the
edges of an omitted transition to a place cannot be reconstructed in the construction of the modular
Petri net as described in Definition 6.
With the graph theoretical background of the suspected NP-completeness of our problem we devel-
oped an incremental heuristic approach to identify identical substructures in a net graph. The main idea
is to unfold the substructures circularly from selected starting points while preserving isomorphism
between them. Therefore, we present a necessary criterion and multiple heuristic concepts that lead
to a more or less precise starting point selection. The different concepts provide various degrees of
freedom.
3.1. Finding Seed Candidates
First, we need to identify potential candidates that can serve as starting points, or seeds, for detecting
isomorphic substructures. Given the net graph πΊ of a Petri net system π , we only consider place
vertices, i.e. vertices with π(π£) = π as candidates. As described above, a place requires all adjacent
transitions to be in its instance, while a transition does not impose such constraints. Considering the
net graph of a given Petri net system we introduce the signature of a vertex, determining the number
of neighbor vertices for a given edge type.
Definition 9 (Signature). For a vertex π£ β π we define the signature as a mapping π : π β (N Γ N β
N), such that π (π£)(π, π) = |{π£ β² | π(π£, π£ β² ) = π, π(π£ β² , π£) = π}|.
The signature gives an initial impression of the direct neighborhood of a vertex π£, i.e. how many
vertices are connected to π£ via a certain combination of incoming and outgoing edges.
Example 2. In the Petri net system presented in Fig. 1b, the places π1 and π2 would share the signature
π (ππ ) = {(1, 0) β¦β 1, (0, 1) β¦β 1}, while π (π3 ) = {(1, 0) β¦β 1} and π (π4 ) = {(1, 0) β¦β 2}.
57
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
Only place vertices with identical signature can serve as starting points, since all neighboring
transitions have to be included, which would immediately lead to non-isomorphic modules.
To determine the actual seeds using the information provided by the signature, it makes sense to
consider the number of candidates for each signature. It appears that candidates that share an infrequent
signature are more promising seed vertices, since vertices with a rare connectivity structure are more
likely to have same function in the model. However, the fewer candidates share a signature, the harder
it becomes to ensure a spacing between seeds which allows the modules to grow to a sufficiently large
size before colliding with another.
While there exist methods to find a set of vertices in a graph with maximum distance between each
other, it is in many cases sufficient to select vertices with a large enough distance between them. To
define such a distance, one could look towards a specified maximum module size or attempt to exploit
structural properties of the Petri net system. Once a minimum distance ππππ has been found, suitable
seeds can be identified by starting a simultaneous depth-limited BFS from all candidates with a shared
signature. If the BFS from a candidate finishes without encountering another candidateβs nodes within
ππππ /2 steps, this candidate can serve as a seed. Otherwise, a seed can be selected from each set of
conflicting candidates. In the case that there are too few suitable candidates remaining, the requirements
have to be relaxed, either by reducing ππππ or by restarting the selection process with candidates with
another shared signature.
Besides those systematic approaches, a randomized selection can be performed instead. While the
candidates still have to share their signature, it can be beneficial to omit checking the distance between
candidates and instead relying on the expansion algorithm to deal with the colliding modules.
Developing improved heuristics for seed selection is an area of further research, as well as quantifying
their impact on the quality of the resulting modularization.
3.2. Expanding outwards
Regardless the method we determine seeds, we receive a set of π starting points suitable for determining
isomorphic starting points in the Petri net system. To find sufficiently large replicated modules, we
greedily expand the modules outwards from those starting points under a set of guidelines that will be
presented in the following. During the process, each module is represented by a list π
π , which contains
sets of vertices. Those sets will be called shells and contain the nodes which were newly added during
each step.
The outline of this algorithm can be found in Algorithm 1, and will be subsequently defined by
explaining the sub-procedures.
3.2.1. Finding expansion candidates
In each expansion step, we first calculate the maximum possible expansion step of each module and then
successively reduce this step until either all conditions for replicated modules are met or a necessary
reduction fails. Since the modules grow from center outwards, it is sufficient to consider only neighbors
of vertices from the outermost shell of each module, which werenβt already introduced in previous
shells. Additionally, we maintain a set of vertices which are forbidden from being included or explored
due to having caused conflicts in previous steps. Due to the bipartite nature of Petri nets, as well as
the fact that we required each seed vertex π£ππ to be β π , the shells created by this approach alternate
between containing only place or transition vertices, but never a mix of both.
3.2.2. Resolving conflicts between steps
The first reduction of the expansion step is accomplished by detecting conflicts between the steps. In
every odd step, the candidate shells only contain transitions, which are allowed to overlap between
modules. While the transitions remain in the expansion step, we mark them as forbidden to explore
further to prevent complications downstream, such as the conflicting modules attempting to explore
along the same paths in future steps.
58
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
Algorithm 1 Algorithm to find replications
procedure FindReplications(π, {π£1π , ..., π£ππ }, maxsize)
global stop_nodes = β
β Set of nodes not to be explored further
π
1 β β¨{π£1π }β©, ..., π
π β β¨{π£ππ }β© β Each replication consists of a sequence of steps
repeat
step1 , ..., stepπ β CalculateNextSteps(π, β¨π
1 , ..., π
π β©)
step1 , ..., stepπ β ResolveConflicts(β¨π
1 , ..., π
π β©, β¨step1 , ..., stepπ β©)
if not all step sizes are equal then
step1 , ..., stepπ β EqualizeSteps(β¨step1 , ..., stepπ β©)
end if
β¨π1 , . . . , ππβ1 β© β CalculateIsomorphism(β¨π
1 , ..., π
π β©, β¨step1 , ..., stepπ β©)
if any of the previous operations fail then
break
end if
for all π β {1, ..., π} do
Rπ += stepsπ
end for
until modules exceed maxsize
if |π
1 | mod 2 = 0 then β Even radius = Outer shell contains only places
remove last shell from π
1 , ..., π
π
end if
return β¨π
1 , ..., π
π β©, β¨π1 , ..., ππβ1 β©
end procedure
Algorithm 2 Subroutine to find calculate the next expansion step
procedure CalculateNextSteps(π, β¨π
1 , ..., π
π β©)
global stop_nodes
next_step1 , ..., next_stepπ β β
for all π β {1, ..., π} do
last_step β last element of π
π
βοΈ
visited_nodes β π βπ
π π
for all π£ β last_step β stop_nodes do β Collect valid neighbors of nodes in previous
step
next_stepπ β next_stepπ βͺ π£ β βͺ β π£ β visited_nodes β stop_nodes
end for
if next_stepπ = β
then
fail β If a module canβt expand, fail
end if
end for
return β¨next_step1 , ..., next_stepπ β©
end procedure
In every even step, the shells contain only place vertices, which have to be disjoint between modules,
as stated in Lemma 1. The simplest method to handle overlapping places is to mark them as forbidden
and remove them from the expansion step, as seen in Alg. 3. This is a point of concern for improving the
quality of the resulting modularization, since it is likely to introduce small βstripsβ of places which run
between the edges of modules and act as a buffer (see Fig. 2b). The buffer introduces synchronization
points, which can reduce the effectiveness of the state space reduction achieved by the modular approach.
59
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
Algorithm 3 Subroutine to find and resolve conflicts between expansion steps
procedure ResolveConflicts(β¨π
1 , ..., π
π β©, β¨step1 , ..., stepπ β©)
globalβοΈstop_nodes
ππ β π
βπ
π π
, βπ β {1, ..., π} β ππ contains all nodes from previous steps
for all π β {1, ..., π} do
for all π£ β stepπ do
if π£ β (step1 βͺ ... βͺ stepπ ) β stepπ or π£ β (π1 βͺ ... βͺ ππ ) β ππ then
conflicts β conflicts βͺ {π£}
stop_nodes β stop_nodes βͺ {π£}
end if
end for
if |π
π | mod 2 = 0 then β Even number of previous steps =^ current step contains places
stepπ β stepπ β conflicts β Future work: find partner in conflicting modules
end if
end for
return β¨step1 , ..., stepπ β©
end procedure
3.2.3. Equalizing the step sizes
The next reduction of the expansion step concerns itself with the size of the individual shells. Since
the process attempts to maintain isomorphic substructures after each expansion, an equal number of
vertices has to be added to each module in a given step. If the step sizes differ, all candidate shells have
to be reduced to the size of the smallest one. This procedure is show in Alg. 4. When deconstructing a
Petri net system into modules, the inclusion of a place π β π in a module requires the inclusion of all
transitions π‘ β π : (π, π‘) β πΉ βͺ πΉ β1 in the same module. Thus, if the current expansion steps consist
of transitions, but differ in size, it is impossible to remove transitions from a candidate shell, and this
reduction of the steps has to fail.
However, the inverse is not required, which allows us to remove places from candidate shells of
expansion steps with an even number. One method of constructing equally sized subsets of shells with
a higher likelyhood of resulting in an isomorphic graph utilizes an idea similar to the signature π , which
we previously calculated for selecting the seed vertices: Since we are only concerned with the immediate
next expansion step, we calculate a modified signature π β²π (π£)(π, π) = |{π(π£, π£ β² ) = π, π(π£ β² , π£) = π, π£ β² β
πππ ππ ππ‘ππ }|, where πππ ππ ππ‘ππ is the union of all previous expansion steps. This way, π β²π (π£) : (N Γ N β N)
describes the connection structure of a node π£ β πππβπππ to only its neighbors in the module π.
To preserve the isomorphism between modules, nodes π£1 , ..., π£π are only kept in the shells of their
respective module π when they have the same number of incoming and outgoing edges to the previous
shell of the module, so π β²π (π£1 ) = ... = π β²π (π£π ). If there is the same number of vertices π£π with the same
signature π β²π (π£π ), all of these vertices remain in the shell. If this number of vertices differs between
modules, the shell with the smallest number determines how many vertices of the other shells are kept.
The selection heuristic of these vertices is subject to further research.
After each reduction procedure, it is possible that a candidate expansion step is completely empty.
Whether the step was empty from the beginning because all neighbors of the previous shell were
marked as forbidden, were removed because they conflicted with other modules or emptied because
their specialized signature π β² didnβt match any of the other candidates, the algorithm canβt grow the
modules in this step and therefore not in any future steps. In this case, the algorithm fails and returns
the last valid modules.
60
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
Algorithm 4 Subroutine to equalize the size of expansion steps
procedure EqualizeSteps(β¨π
1 , ..., π
π β©, β¨step1 , ..., stepπ β©)
next_step1 , ..., next_stepπ β β
if |π
1 | mod 2 = 1 then β Odd number of previous steps =^ current step contains transitions
fail β Transitions canβt be excluded from expansion
end if
for all π£ β step1 βͺ (οΈ... βͺ stepπ do
signatureπ£ β (π, π) β¦β |{π£ β² | π (π£ β² , π£) = π β§ π (π£, π£ β² ) = π}|
)οΈ
end for βοΈ
signatures = π£βstep βͺ...βͺstep signatureπ£
1 π
for all π : (N Γ N β¦β N) β π πππππ‘π’πππ do
π π β {π£ β stepπ | signatureπ£ = π }, βπ β {1, ..., π}
if |π 1 | = ... = |π π | then
next_stepπ β next_stepπ βͺ π π , βπ β {1, ..., π}
else
next_stepπ β next_stepπ βͺ {choose Min{|π 1 |, ..., |π π |} nodes from π π } β Future
Work
end if
end for
return β¨next_step1 , ..., next_stepπ β©
end procedure
3.2.4. Calculating isomorphisms
The last step after performing the aforementioned reductions is to verify that the calculated expansion
step maintains the isomorphism between the modules. The module graphs are obtained by constructing
the graphs induced from the net graph by all vertices contained in all steps of each module. Due to
Isomorphism being a problem in NP, this part consumes most of the runtime and is subject to several
heuristic approaches to reduce the complexity. Since the isomorphism between the modules is transitive,
it is sufficient to find an isomorphism ππ between each replica π
π and π
1 , and not necessary to check
isomorphism between every pair of modules, which is shown in Alg. 5.
If an isomorphism check fails, the expansion step canβt be performed and the algorithm fails, again
returning the last previously valid modules. Otherwise, the expansion steps are added to their respective
modules in preparation for the next iteration of the loop.
Algorithm 5 Subroutine to check the isomorphism between modules
..., π
π β©, β¨step1 , ..., stepπ β©)
procedure CalculateIsomorphism(β¨π
1 , βοΈ
πΊπ β InducedSubgraph(π, stepπ βͺ π
βπ
π π
)
for all π β {2, ..., π} do
ππβ1 β Isomorphism(πΊ1 , πΊπ )
if ππβ1 = β
then
fail
end if
end for
return β¨π1 , ..., ππβ1 β©
end procedure
61
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
3.2.5. Post-processing and improvements
The result of the aforementioned algorithm contains the identified replications π
1 , ..., π
π , each rep-
resented by a sequence of expansion steps, as well as the isomorphic mappings π1 , ..., ππβ1 , so
that π1 is the mappingβοΈbetween π
1 and π
2 . We can collect all places from a replication repre-
sentation π
π as ππ = π
βπ
π (π
β© π ), where π is the set of places of the input βοΈ Petri net system.
The set of all places not included in the replicated modules is ππ+1 = π β πβ{1,...,π} ππ . Since
{π1 , ..., ππ , ππ+1 } is a partition of π , it induces a modular structure β³β² = [β β² , β± β² ], with the set of
instances β β² = {[π1β² , πβ²01 ], ..., [ππ+1
β² , πβ²0(π+1) ]} according to lemma 1. To combine these replicated
modules into replicated instances of a single module, we define a modular structure β³ = [β, β±] as
follows:
β’ β = {[πππππ , π, π0π ] | π β {1, ..., π}} βͺ {[ππππ π‘ , π + 1, π0(π+1) ]},
where π0π (π) = π(ππβ1 (π)) for π β {1, ..., π} and π0(π+1) (π, π + 1) = π(π).
β’ β± is calculated analogously to Lemma 1 combined with β.
Due to the nature of the expansion, the replicated module πππππ is connected, while the rest module
ππππ π‘ may not be. Therefore, ππππ π‘ can w.l.o.g be split into connected modules, which can further
improve the state space reduction.
The aforementioned algorithm can be improved in different areas by making assumptions about
the isomorphic mappings between the modules. While the seed vertices are selected in a way that
incentivizes them to be mapped onto each other early in the process, it is entirely possible for that to
change after a few successful expansion steps. However, after some number π of steps, we can observe
that the isomorphic mapping only frequently changes for some π outermost shells of the modules, while
the mapping is stable in shells which are closer to the center.
With this assumption, we can reduce the size of the input graphs for the isomorphism problem. The
more successful expansion steps are performed, the larger the graphs, but the more stable the center. Let
πππ be the set of nodes included in the π-th shell of the π-th module, and π be the index of the currently
planned expansion step, with all necessary reductions already performed. Furthermore, let ππ be the
isomorphic mapping from module π to π + 1 after step π β 1. βοΈ
Previously, the graphs πΊπ were induced by the set of vertices 0β€πβ€π πππ . Under the aforementioned
assumption, the size of this set can be reduced by only including vertices from an βinnerβ shell if
theyβre connected to a vertex in an βouterβ shell. When calculating the new βοΈ isomorphic mapping ππβ² , we
β² β² β² π
introduce the additional constraint that ππ (π£) = π£ iff ππ (π£) = π£ β§ π£ β 1β€πβ€πβπ ππ , so inner vertices
are always mapped to other inner vertices without having to include all other inner vertices.
Another application of this assumption can be found during the step size reductions. When a place π
is included in the candidate expansion steps of multiple modules, the simplest resolution is to include
this place in neither module. However, as described before, this reduces the result quality by introducing
strips of places along the module borders. To counteract this behavior, it would be preferable to allocate
the conflict place to a module instead of excluding it entirely. Since the number of vertices has to be
equal across the planned expansion steps, it is necessary to find places that can be included into the
other steps without violating the isomorphism. Under the assumption that the isomorphism tends to be
stable after some steps, the isomorphic mapping from the previous step can be utilized to identify those
places. Further research and experiments are required to validate the effectiveness of this approach by
examining the success rate of such an allocation.
The last area where the previous isomorphic mappings can be used is during the equalization of
the step size. When the expansion steps contain a differing number of places with the same signature,
identically sized subsets of those places have to be identified. The previous isomorphism could be
utilized similarly as during the conflict resolution described before: By extending the modified signature
π β²π to include the isomorphism, we reduce the flexibility of changing the mapping of recently included
vertices, but in turn gain a more sound heuristic that can reduce backtracking or unnecessary failures.
62
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
(b) Modularization of ten dining philosophers (3
(a) Modularization of the 2x2 SquareGrid (2 seeds)
seeds)
Figure 2: Results of the FindReplications procedure
3.2.6. Implementation
The prototype implementation is written in Python for its development flexibility and library support.
It utilizes the widely known networkx library [9] to manage the graph data structures and, more
importantly, check and calculate the isomorphisms between modules using an implementation of the
VF2 algorithm[10]. Our presented algorithm performs the isomorphism checks in a loop, and while
the heuristic described in the previous section can take some strain off of the calculations by reducing
the size of the input graphs, thereβs more performance to be gained. It is likely that a specialized
implementation of the isomorphism check could exploit the iterative nature of its execution to reduce
redundant calculations, which currently have to be performed anew in every call.
The current implementation supports the selection of seed vertices via their signature, as well as
basic strategies for conflict resolution and step size equalization. Because of its impact on the runtime,
the isomorphism calculation accepts several parameters to control the size of the stable area in the
center, which reduces the graph size. Despite lacking the more sophisticated strategies that utilize
isomorphic mappings from previous iterations to allocate conflicting places to modules and improve
the result quality during step size equalization, the implementation finds sufficiently large replicated
modules on several models.
Figure 2a shows the result of the algorithm on the SquareGrid model [11] with the two seed vertices
encircled in the top left and bottom right. After five successful expansion steps, the two modules meet
on the center places of their adjacent grid cells, highlighted by the dashed circle. At this point, the
algorithm canβt expand further due to the missing ability to allocate places between modules, causing
it to terminate. An allocation strategy would be able to resolve this conflict by allowing the top left
module to expand to the right, but not downwards, leaving those places for the bottom right module.
The same kind of results can be observed on larger versions of the model, especially when the expansion
is performed from more than two seed places.
The results of the automatic modularization of another model is shown in Figure 2b. This is a version
of the well-known dining philosophers model with ten philosophers. Vertices in this model only have
one of two different signatures, where one signature is shared only by the ten forks while the other
is common to the remaining 40 places. This makes the forks much more desirable starting points. As
in Figure 2a, modules are in conflict on places between each other, and again those conflicts could
be resolved by the aforementioned method. While it is impossible to make out from the figure alone,
63
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
the philosopher to the right of the top module actually grabs his forks in the opposite order from his
colleagues, which prevents the application of state space reduction methods using symmetries, but
leaves this approach unfazed since the philosophers fully contained in the replications still share the
same behavior.
All in all, the current state of the implementation performs well in terms of result quality, especially
for models which contain highly replicated structures. For models where the desired modules are less
obvious to the naked eye, the prototype often terminates early due to its lacking conflict resolution
abilities. Since the main goal of the prototype was originally to provide a framework for easy-to-
implement validation of modularization ideas, the runtime performance was not a large concern during
early stages of development. However, the described assumptions about the stability of isomorphic
mappings between the centers of modules resulted in significant performance gains, especially for
models with high connectivity, and we expect another boost from utilizing an iteration-optimized
version of the isomorphism checking algorithm.
4. Non-Replicated Modularization
Modularization based on replications improves the analysis of Petri net systems by reducing redundant
state space. In this chapter we will highlight other methods in order to deal with situations where
we cannot expect to find replications. For example, if all replications have already been found in a
given Petri net system, the rest of the network may still be large. In this case, we then could try
to modularize the rest of the network with other methods. Another case would be the reduction of
already found replications. The previously described approach always tries to find the largest possible
replications. The size of the replications is not limited upwards, as long as the propagation does not
collide with other replications. The replications can therefore become rather big. To leverage the
advantage of modularization even further, it is possible to continue modularizing a replica again using
other methods. The additional modularization can then be transferred from the replica to the other
without any additional effort. Although Definition 5 encourages us to distinguish between the concepts
of module and instance, we decline to do so in this section. Since we assume here that we will not find
any replicas, i.e. instances, that belong to the same module, the association to the structure of modules
is not required. From now on we will only use the term instances as components of a modular Petri net.
The goal remains the modularization of a given Petri net system, as described in Definition 6.
With respect to the application cases described above, we do not mind whether the given Petri net
system itself is a just created instance, the remaining Petri net system or a completely new net; in any
case we can build a modular Petri net out the given net. The following approaches aim to generate a
partitioning of the place set of a Petri net, which can then be converted into a modular structure as
described in lemma 1.
4.1. T-Invariants
Decompositional analysis based on the structure of a Petri net system is obvious because of the strong
connection between structure and behavior of Petri net systems. In [12] they advance the analysis
by adding hierarchy through the nested unit Petri nets model. The Problem of dividing a Petri net
system into functional subnets, a net with a denoted set of input and output places, is discussed in
[13]. Invariants for the modularization of Petri net systems have been used before; [14] used place
invariants to abstract a set of places to one place. This abstracted Petri net system tends to be simpler
to analyze. Our approach here is to use transition invariants to generate instances with significant
internal behavior. Transition invariants are a criterion for cyclic, thus non-trivial behavior. A cycle in
the state space responses to a transition invariant of the according Petri net system [15]. Note, that
the existence of a transition invariant is only a necessary criterion for the existence of cyclic behavior;
we may find a transition invariant we can never execute as it is not marked in any reachable marking.
The use of t-invariants has already been used for the decomposition of Petri net systems due to their
importance in the state space. In [1], a Petri net system is clustered on the basis of t-invariants, so that
64
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
resulting clusters correspond to functional units in biological networks. Here, however, the focus was
on the clustering of similar invariants.
Definition 10 (Incidence Matrix). A Petri net system π = [π, π, πΉ, π, π0 ] can be represented as
an incidence matrix πΆ |π |Γ|π | where πππ = π ((π‘π , π π )) β π ((π π , π‘π )) for π β {1, . . . , |π|} and π β
{1, . . . , |π |}.
Definition 11 (Transition Invariants, Support). Let π be a Petri net system and πΆ its incidence matrix.
A transition invariant (t-invariant) βπ β Z|π | is a solution of the homogenous linear system of equations
πΆ Β· βπ = β0. The support π π’ππ(πβ) β π of the transition invariant βπ is the set of transitions whose entry is
not zero in βπ.
Informally, a t-invariant describes a multiset of transitions whose execution will not change the state
of the system. After firing all transitions, the net will be situated in the very same marking as before.
|π |
We only consider non-trivial, non-negative t-invariants. The trivial t-invariant β0 provides no useful
information for us. A negative entry in a t-invariant would represent a reverse firing of a transition
which is not applicable. Despite this restriction, we still can get infinitely many t-invariants. Therefore,
we focus on minimal invariants.
Definition 12 (Minimal Transition Invariants). For a minimal transition invariant βπ β Z|π | , it exists
no other t-invariant βπβ² β Z|π | with π π’ππ(πββ² ) β π π’ππ(πβ) for βπβ² ΜΈ= βπ. Also, the least common divisor of the
entries of βπ is 1.
From now on, if we mention t-invariants, we always refer to minimal non-trivial, non-negative
t-invariants, as we only consider those kinds of t-invariants.
T-invariants serve as the bases for prospective instances of the modular Petri net. Instances should
be disjoint per definition, thus we are only interested in t-invariants that have a disjoint set of support
transitions. The requirement to compute disjoint t-invariants can be easily implemented in an iterative
computation by claiming the weights of already computed support transitions to be zero in future
invariants. Thus, they do not occur in support of further t-invariants. Even for disjoint t-invariants, the
preplaces resp. postplaces of the support transitions may overlap. In accordance with the definition of
instances in a modular structure, the sets of places need to be disjoint as well. To resolve this problem,
we introduce the concept of super-disjointness.
Definition 13 (Super-Disjointness). Let π be a Petri net system and πΆ its incidence matrix. Two
t-invariants βπ, βπβ² β Z|π | are super-disjoint, if
1. they are disjoint, i.e. π π’ππ(πβ) β© π π’ππ(πββ² ) = β
βοΈ
2. the environments of the support transitions are disjoint as well; i.e. β) (βπ‘ βͺ π‘β) β©
π‘βπ π’ππ(π
β² β²
βοΈ
π‘β² βπ π’ππ(πββ² )
(βπ‘ βͺ π‘ β) = β
For a Petri net system, super-disjoint t-invariants can be calculated with a tool for Petri net system
analysis, for example LoLA [16]. Calculating positive t-invariants is closely related to the integer linear
programming problem, which is known to be NP-complete, therefore calculating t-invariants is not
a trivial problem. Due to the restriction of super-disjointness, the calculation of will be executed |π |
times worst case.
We now assume we have generated a set βοΈ of super-disjoint t-invariants {πβ1 , . . . ,βπβ }. From every
β
invariant ππ , we generate a set of places ππ = π‘βπ π’ππ(πβπ ) βπ‘ βͺ π‘β for π β {1, . . . , β}. With reference to
Lemma 1, we can generate a modular structure out of the set of created place sets {π1 , . . . , πβ }.
Example 3 (super-disjoint T-Invariant Modularization). Let π be a Petri net system, as depicted in Fig-
ure 3a We can calculate three super-disjoint t-invariants πβ1 , πβ2 , πβ3 , for which we can identify the support:
π π’ππ(πβ1 ) = {π‘1 , π‘2 , π‘3 }, π π’ππ(πβ2 ) = {π‘4 , π‘5 } and π π’ππ(πβ3 ) = {π‘7 , π‘8 , π‘9 }. As described we generate the
place set of the future instances from the environment of the support transitions. This results in π1 =
65
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
[N1,m01]
(t1,1)
t1
p1
[N2,m02]
p1
p2 (t2,1) (t4,2) p4
p2 t2 t4 p4
(t3,1) p3 p5 (t5,2)
t3 p3 p5 t5 (t6,1) (t6,2)
(t6,3)
t6
p6
(t7,3) (t10,3) (t10,4) p9
p6
t7 t10 p9
p7 (t9,3)
(t11,4)
p7 t9
t11 [N4,m04]
(t8,3) p8
t8 p8
[N3,m03]
(a) The original Petri net System π . (b) A modularized version of π based on t-invariants.
Figure 3: Exemplary representation of the modularization of Petri net system π .
{π1 , π2 , π3 }, π2 = {π4 , π5 } and π3 = {π6 , π7 , π8 }. The only place π9 of the rest net determines another
instance with π4 = {π9 }. According to Lemma 1, we can generate the modular structure. Firstly, we gen-
erate the transition sets corresponding to the four place sets: π1 = {(π‘1 , 1), (π‘2 , 1), (π‘3 , 1), (π‘6 , 1)}, π2 =
{(π‘4 , 2), (π‘5 , 2), (π‘6 , 2)}, π3 = {(π‘6 , 3), (π‘7 , 3), (π‘8 , 3), (π‘9 , 3), (π‘10 , 3)} and π4 = {(π‘10 , 4), (π‘11 , 4)}.
Arcs and Weights and initial markings are defined appropriately. We can deduce that π‘6 of π is
a fusion transition and (π‘6 , π) β ππ|πππ‘πππ πππ for π β {1, 2, 3}. The same applies for π‘10 and (π‘10 , π) for
π β {3, 4}. All other transitions of the instances are internal ones. This leads to two fusion vectors
β± = {[(π‘6 , 1), (π‘6 , 2), (π‘6 , 3)], [(π‘10 , 3), (π‘10 , 4)]}. The modular Petri net generated out of the modular
structure is depicted in Figure 3b.
It is reasonable to assume instances generated on t-invariants do not modularize the Petri net system
completely. Parts of the original Petri net system may remain unaffected by the modularization and
form one instance by itself. That these parts are connected is improbable, therefore the analysis of
this rest-instance would require a lot of synchronization with other instances. This is not consistent
with the concept of individual analysis of the instances, which will accelerate the modular state space
analysis. Furthermore, we assume that t-invariants tend to generate small instances with little internal
behavior. It is therefore convenient to combine partial instances under certain conditions to form a
larger instance. The most obvious approach is to join two instances that share a fusion set. This can be
accomplished by unifying the place sets of the two instances and forming a new instance according
to Lemma 1. This is possible without restriction, since the place sets are disjoint by construction. It is
also possible to combine instances that are close to each other. For this purpose, we can calculate the
shortest path between two instances in pairwise order. The goal is to merge the instances and to include
the nodes on this shortest path into the new instance. In order to realize this, we extract the places that
are located on the shortest path and join them with the union of the place sets of the instances. The
whole set then serves as the basis for a new, larger instance. In this way, residual parts of the Petri net
system, that lie between two instances are to be included in one instance. Doing so creates connected
instances, which tend to have more internal behavior. It also reduces the unmodularized part of the
Petri net system. The instances should not become too large, of course. It is recommended to define a
maximum size for instances as the analysis of (too) large instances can reduce the efficiency increase
achieved by modularization. The exploitation of t-invariants provides a legitimate way to approach the
modularization of a Petri net system. The computational effort seems comparatively lightweight, so
with the proposed extensions we see this method as an extensible enrichment in modularization.
66
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
4.2. Minimal Interfaces
Another legitimate goal for modularization is the generation of the smallest possible interfaces. For
the analysis of the state space of a modular Petri net, internal transitions and interface transitions of
instances are treated differently. For the activation and firing of internal transitions only the state of
the corresponding instance is relevant. The firing behavior of interface transitions depends on the
states of all attached instances. The analysis must therefore include all instances affected. However, the
efficiency increase of the analysis of modular state spaces follows from restricting the analysis to single
instances. It is therefore a valid modularization criterion to keep the number of interface transitions
as low as possible and thus to reduce behavior that affects several instances. For more details on the
analysis of the modular state space and the structures required for it, we reference [3]. This subsection
provides two approaches to generate a modular Petri net system with little interface behavior.
4.2.1. Modularization by Hypergraph Partitioning
In [17], a system described only as an incidence matrix between states and actions is also to be
modularized to speed up the analysis. Here, the data flow between the resulting modules should be
minimized, i.e. the interface actions should be kept as small as possible. Finding minimal data flow
between modules refers to the problem of finding a minimal cut.
The method for this is to partition the matrix using hypergraph partitioning.
Definition 14 (Hypergraph [18]). A hypergraph π» = [π π» , πΈ π» ] is defined as a set of vertices π π» and
a set of hyperedges πΈ π» between the vertices. A hyperedge π β πΈ π» is a subset of vertices: π β π π» .
Thus, a graph is a special instance of a hypergraph, where every hyperedge connect exactly two
vertices.
Definition 15 (Hypergraph Partitioning [18]). Let π» = [π π» , πΈ π» ] be a hypergraph. The set of vertex
sets Ξ = {π1π» , π2π» , . . . , πβπ» } is an l-partition of π», if the following conditions hold:
β’ each set πππ» is a nonempty subset of π π» , i.e. β
= ΜΈ πππ» β π for π β {1, . . . , β}
β’ the sets are pairwise disjoint, i.e. πππ» β© πππ» = β
for π ΜΈ= π β {1, . . . , β}
β’ the union of all sets results in π π» , i.e. πβ{1,...,β} πππ» = π π»
βοΈ
π»
We refer to πΈππ₯π‘πππ = {π β πΈπ» | βπ£π ΜΈ= π£π β πβπππ» ΜΈ= πππ» β π π» : π£π β πππ» β§ π£π β πππ» } as the
external hyperedges.
A hypergraph partitioning divides a hypergraph into a set of disjoint subsets π1π» , π2π» , . . . , πβπ» . The
external hyperedges connect vertices from distinct partitions. In [17], they reduce the problem of
generating as little data flow as possible to hypergraph β-partitioning with minimal cost for β > 0. The
cost of a partitioning is related to the number of external hyperedges in the following way:
Definition 16 (Cost of a Hypergraph Partitioning). Given a hypergraph π» = [π π» , πΈ π» ], the cost of
an β-partitioning Ξ = {π1π» , π2π» , . . . , πβπ» } is defined as π(Ξ ) = |πΈππ₯π‘πππ
π» |.
In [18], they additionally present a balance criterion.
Definition 17 (Balanced Partition, Balance Criterion [18]). Let π» = [π π» , πΈ π» ] be a hypergraph and
Ξ = {π1π» , π2π» , . . . , πβπ» } an β-partitioning of π». For every vertex π£ β π»
βοΈπ , π€(π£) denotes a weight
π» π»
of π£. For every partition ππ for π β {1, . . . , β}, we define π€(ππ ) = π£βπ π» π€(π£) as the weight of
π
πππ» . Over all partitions, we can calculate the average weight of the partitions: π€ππ£π = ππ=1 π€(πππ» )/π.
βοΈ
Partition Ξ is said to be balanced if it fulfills the balance criterion: π€(πππ» ) β€ π€ππ£π (1 + π).
Here, π denoted a predefined maximum imbalance ratio allowed. The bigger we set π, the more the
partitions are permitted to differ. The hypergraph partitioning problem is defined as follows:
67
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
Hypergraph β, Partitioning
Input: Hypergraph π», β β Z+
Question: Find a balanced β-partitioning Ξ = {π1π» , π2π» , . . . , πβπ» }, such that π(Ξ ) is minimal.
This problem is NP-hard [19]. Therefore, we do not expect to find a hypergraph partitioning with
the minimal cost; however, a heuristic approximate solution satisfies our requirements.
The following step is an interpretation of a Petri net system as a hypergraph, for which we then
aim to generate a balanced partitioning with minimal cost. Therefore, we introduce the incidence
hypergraph.
Definition 18 (Incidence Hypergraph). Given a Petri net system π = [π, π, πΉ, π, π0 ], the incidence
hypergraph πΌ = [π πΌ , πΈ πΌ ] is an undirected, bipartite graph, where
β’ ππΌ =π
β’ πΈ πΌ = ππππ (βπ‘ βͺ π‘β | π‘ β π ) (with ππππ (π) being a multiset with elements from π. )
Note, that in contrast of the Definition 14, the set of edges is defined as a multiset of subsets of
places. The reason is, that for a Petri net system, the hyperedges should represent the transitions. The
conventional hypergraph definition would compress transitions with the same set of pre/postplaces to
one hyperedge, so structural information about the Petri net system would be neglected. For example,
consider Petri net system π in Figure 4a. If we add a transition π‘0 with βπ‘0 = {π2 } and π‘0 β = {π1 },
this would result in a hyperedge {π1 , π2 }, which is already part of πΈ πΌ representing transition π‘1 .
Consequentially, no additional edge would be introduced and π‘0 becomes invisible. To avoid this,
we adapt the definition for the use case of Petri net systems. As the weights are not important, the
incidence hypergraph abstracts this information. For incidence hypergraph πΌ we aim to generate a
balanced β-partition Ξ = {π1πΌ , π2πΌ , . . . , πβπΌ } with minimal cost π(Ξ ). In our use case, we can weaken
the balancing criterion formulated in Definition 17. As for now, the places of a Petri net system that
form the vertices of the incidence hypergraph are all equally valid, we can neglect the weight of the
vertices. To us, it is sufficient to have partitions with approximately the same size.
Definition 19 (Balance Criterion for Incidence Hypergraph Partitioning). Let πΌ = [π πΌ , πΈ πΌ ] be an
incidence hypergraph of a Petri net system π and Ξ = {π1πΌ , π2πΌ , . . . , πβπΌ } an β-partitioning of π».
Partitioning Ξ is balanced, if every partition πππΌ for π β {1, . . . , β} fulfills the following balance
criterion: |πππΌ | β€ |π πΌ |/β Β· (1 + π).
Each partition must not differ in size by more than π-fold from the average size of a partition. Solving
the hypergraph partitioning problem for the incidence hypergraph of a Petri net system will result in a
partitioning of places and an identification of transitions as internal and interface. This information
is sufficient to build a modular Petri net. Partition Ξ divides the vertices of the incidence hypergraph
πΌ into partitions {π1πΌ , π2πΌ , . . . , πβπΌ }. If we take this down to the Petri net system level, the partitions
correspond place sets {π1 , π2 , . . . , πβ }, such that ππ = πππΌ for π β {1, . . . , β}. Each place set ππ then
forms the place set of an instance [ππ , π0π ] for π β {1, . . . , β}. In accordance to Lemma 1 and with
reference to our initially given Petri net system π , we can generate a modular structure, thus a modular
Petri net out of {π1 , π2 , . . . , πβ }. Due to the balance criterion, the instances are approximately the
same size while keeping the number of fusion transitions as small as possible.
Example 4. Let π be a given Petri net system, depicted in Figure 4a. For π , we generate the
incidence hypergraph πΌ, depicted in Figure 4b. A balanced 2-partitioning for πΌ would be Ξ =
πΌ
{{π1 , π2 , π3 }, {π4 , π5 , π6 }} with only one external hyperedge πΈππ₯π‘πππ = {{π3 , π4 , π5 }}. This parti-
tioning is balanced, as the partitions are the same size, and minimal - less than one hyperedge would
not be possible for a connected underlying Petri net system. A resulting modular structure would
contain two instances [π1 , π01 ], [π2 , π02 ], where π1 = {π1 , π2 , π3 }, π1 = {(π‘1 , 1), (π‘2 , 1), (π‘3 , 1)} and
π2 = {π4 , π5 , π6 } and π2 = {(π‘3 , 2), (π‘4 , 2), (π‘5 , 2)}. The other components are defined appropriately.
The only fusion set would be π = {(π‘3 , 1), (π‘3 , 2)}.
68
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
p1 p4
{p1,p2}
p1 p2
p3 p6
{p1,p2,p3}
t1 t2 t3 t4 t5
{p3,p4,p5}
p3 p4
{p4,p5}
p5 p6
p2 p5 {p4,p5,p6}
(a) Petri net system π . (b) Incidence hypergraph πΌ of π .
Figure 4: Incidence hypergraph of a given net
For solving the hypergraph partitioning problem, there exist several tools, like [18] or [20]. In [21],
they provide a parallel approach to handle the severity of the problem. The problem remains NP-hard,
which is why the approaches are only heuristic. In our case, the application of hypergraph partitioning
may not necessarily deliver optimal results, nevertheless, in the following subsection we want to
consider an approach which solves another applicable problem in polynomial time.
4.2.2. Modularization by Dual Hypergraph Cutting
In this chapter, we highlight a method for modularizing Petri net systems using the dual incidence
hypergraph. For this purpose, further graph-theoretic definitions are required.
Definition 20 (Dual Hypergraph [22]). Let π» = [π π» , πΈ π» ] be a hyphergraph. The dual hypergraph
π» * = [π π»* , πΈ π»* ] is a hypergraph, where π π»* = πΈ π» and πΈ π»* = {{π | π β πΈ π» β§ π£1 β π}, {π | π β
πΈ π» β§ π£2 β π}, . . . , {π | π β πΈ π» β§ π£π β π}} for {π£1 , π£2 , . . . , π£π } = π π» .
The edges of the hypergraph form the vertices of the dual hypergraph. For every vertex of a
hypergraph, the set of hyper edges that contain this vertex corresponds to one edge of the dual
hypergraph.
The hypergraph partitioning problem from Section 4.2.1 seeks interdisjoint sets of vertices connected
by as few hyperedges as possible. The equivalent problem in the dual hypergraph now aims to find the
smallest possible set of vertices to remove, such that the graph is no longer connected without this set
[22]. Such a set of vertices is called a minimal cut in graph theory. To approach this concept, we first
define the connectivity of a graph.
Definition 21 (π-Connectivity, Vertex Connectivity [23]). Let π β N. A Graph πΊ = [π, πΈ] is k-
connected, if |π | > π and every subgraph πΊ β π for π β π with |π| < π is connected. The maximum
π for that πΊ is π-connected, we call the vertex connectivity π
(πΊ).
In other words, the π
(πΊ) defines a number of vertices we need to remove to destroy the connectivity
of a graph. We can describe the set of vertices we need to remove more precisely as the minimal cut in
a graph.
Definition 22 (Minimal Cut). For a Graph πΊ = [π, πΈ], a subset π β π is a minimal cut, if πΊ β π is
not connected and |π| = π
(πΊ).
By removing a minimal cut, the connectivity of the graph is broken, and the graph decomposes into
components that are not connected to each other. A minimal cut of a hypergraph can be found by
computing a minimal cut of its 2-section. Any minimal cut in π» is also a minimum cut in [π»]2 and vice
versa.
Definition 23. 2-Section [22] Let π» = [π π» , πΈ π» ] be a hypergraph. The 2-section of π» is an undirected
graph [π»]2 = (π π» , πΈ2 ) where π β πΈ π» : {π₯, π¦} β π β {π₯, π¦} β πΈ2 .
69
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
t1
{t1,t2} {t1,t2}
t1 t2
t2
t3
{t2,t3} {t3,t4,t5} t4 t3
t4
t5
{t3,t4,t5} {t5} t5
(a) Dual Incidence hypergraph πΌ * of πΌ. (b) 2-Section [πΌ * ]2 of πΌ * .
Figure 5: Dual Incidence hypergraph and 2-section
Thus, the 2-section of a hypergraph π» contains all vertices of π» and connects two vertices, if there
is at least one hyperedge that contains those two vertices. In other words, the 2-section represents
which vertices of π» are connected to each other. As described in [24], a minimal cut can be found in
polynomial time.
To use this knowledge to generate instances for a modular Petri net, we first generate the dual
* *
incidence hypergraph πΌ * = [π πΌ , πΈ πΌ ] to incidence hypergraph πΌ for a given Petri net system π , as
defined in Definition 20. In πΌ * the vertices correspond to the transitions of π ; an edge represents a set
of adjacent transitions for a particular place. Second, we create the 2-section of πΌ * as in Definition 23:
* *
[πΌ * ]2 = [π πΌ , πΈ2* ], where π πΌ = π and {π‘, π‘β² } β πΈ2 , iff (βπ‘ βͺ π‘β) β© (βπ‘β² βͺ π‘β² β) ΜΈ= β
. Thus, the 2-section
[πΌ * ]2 contains all transitions of π as vertices. Two vertices are connected if the according transitions
share a place in their environments. A minimal cut π of [πΌ * ]2 gives a set of transitions, we need to
remove to disconnect the graph. This cut π leads to a set of external edges in the incidence hypergraph
πΌ
πΈππ₯π‘πππ ; edges that lead from one partition of the incidence hypergraph to another partition of vertices.
Vertices correspond to places of the underlying Petri net system, thus, we get a partitioning {π1 , . . . , πβ }
of π . With Lemma 1 we can deduce a modular structure which we can transform into a modular Petri
net. Notice, that the generated partitioning is not necessarily balanced.
Example 5. For incidence hypergraph πΌ in Figure 4b, we generate the dual incidence hypergraph
πΌ * , where the vertices correspond to the transitions of π (cf. Figure 4a) and an edge represents a set
of transitions that share one place in their environment. For example the edge {π‘1 , π‘2 } expresses the
fact, that π‘1 and π‘2 share one place, i.e. π1 . They are connected with two distinct arcs, with is which
is evident from the fact that they also share two places, π2 in addition to π1 . The same holds for the
transitions π‘3 , π‘4 and π‘5 . The 2-section of πΌ * is presented in Figure 5b. Here, the number of shared places
is abstracted. Only the fact that two transitions are connected can be inferred from this representation.
The main issue with this approach is the lack of control over the number and size of instances.
A minimal cut separates the net into at least two components, but possibly more. Furthermore, no
formulation of a balancing criterion is possible, i.e. the size of the modules is not balanced; the focus
here is only on finding a minimum cut. Cutting the dual incidence hypergraph leads to optimal, i.e.
minimal sets of fusion transitions but possibly to the detriment of the size and number of modules.
5. Conclusion and Future Work
This paper provides approaches to automatically modularize Petri net systems. The main advantage in
the modular state space analysis arises from the fact that several instances of the same module share
the same state space if they have an analogous initial marking. Instances of the same module with
different initial markings are still likely to have overlapping state spaces. These properties can be
exploited during analysis to drastically reduce memory requirements. Therefore, the obvious approach
to modularization is to first attempt to find replications. To incentivize that the replications contain
70
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
neither too little nor too much internal behavior, the FindReplications algorithm is controlled by a
parameter which gives an upper bound for module size. If the identified replications are too small, the
procedure can be restarted with a different set of seeds in an attempt to find another modularization
with bigger modules. A prototype implementation shows the validity of the proposed method for
models containing highly replicated structures, while yielding a starting point for improvements on
less suitable models. Further improvements of the conflict handling employed by the process, of which
several where suggested in 3.2, can push the point of termination further into the future, allowing the
algorithm to find larger replicated modules.
After replications have been identified, further modularization methods can be applied. This can be
used to further modularize both the remaining Petri net system and the replications themselves. If a
replicated module is further modularized, the results can be propagated to its other instances via the
isomorphic mappings, which are computed during the process. In addition to replication finding, three
other methods were presented.
The first method, based on t-invariants, is rather difficult to compare with the other methods, since it
was aimed at a different target. Here, the focus was on generating instances with nontrivial behavior.
For this purpose, the concept of super-disjointness was introduced in order to derive disjoint instances
from transition invariants. Those can be calculated efficiently. We also hope that the second method
presented, based on hypergraph partitioning, will have an impact on module size, and thus behavior
as well. Although this does not directly require the modules to have a certain size and structure, the
balancing criterion expects the modules to be generated in a similar size. However, the main goal of this
method was to minimize the interface behavior. This is achieved by finding a minimal β-partitioning
of the incidence hypergraph, as which the Petri nets system is represented for this purpose. The
major drawback of this method is that the hypergraph partitioning problem is NP-hard and thus rather
heuristically generated solutions can be expected. The third method overcomes this disadvantage
and provides a way to efficiently generate minimal interfaces. The idea is to represent the Petri net
system as a dual hypergraph and then determine a minimal cut. This leads directly to a partition of
the places of the Petri net system and thus to a valid modularization. But here, too, we have to make
concessions. With this approach, the instances generated can be of arbitrary size. The minimal cuts
also may generate a variable number of instances. Based on the fact that the method of hypergraph
partitioning allows a balancing criterion, which controls both - the module size and the interface size -
we consider this method to be the most promising. Also supporting this is that hypergraph partitioning
can be performed well in parallel.
Future Work might be an implementation of the other methods to compare their performance. The
goal is to develop an implementation that offers different approaches to modularization. Those can
be applied depending on the structure of the given Petri net system, resulting in the best possible
modularization. This also includes further considerations of the structure. For example, net classes such
as state machine or marked graph could be identified as distinct instances, making the analysis more
efficient.
The quality of a modularization is not only a measure of how closely the modules match a modu-
larization performed by a model designer. Instead, it is also measured by the amount of state space
reduction gained during analysis of a modular Petri net compared to its unmodularized counterpart.
To evaluate our presented methods further in that regard, tool support is required to generate the full
modular state space. A quantitative way to measure result quality would open up a more in-depth way
of finding generally suitable parameters, as well as exploring ways to calculate fitting parameters from
the structure of the given Petri net model.
References
[1] E. Grafahrend-Belau, F. Schreiber, M. Heiner, A. Sackmann, B. H. Junker, S. Grunwald, A. Speer,
K. Winder, I. Koch, Modularization of biochemical networks based on classification of Petri net
t-invariants, BMC Bioinformatics 9 (2008).
71
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
[2] P. Buchholz, P. Kemper, Hierarchical Reachability Graph Generation for Petri Nets, Formal
Methods in System Design 21 (2002) 281β315.
[3] J. Gaede, S. Wallner, K. Wolf, Modular State Spaces - A New Perspective, 2024. Accepted at Petri
Nets Conference 2024.
[4] M. R. Garey, D. S. Johnson, Computers and Intractability: A Guide to the Theory of NP-
Completeness, A Series of Books in the Mathematical Sciences, W. H. Freeman, New York, 1979.
[5] M. Kuramochi, G. Karypis, Finding Frequent Patterns in a Large Sparse Graph, Data Mining and
Knowledge Discovery 11 (2005) 243β271.
[6] V. T. T. Duong, K. U. Khan, B.-S. Jeong, Y.-K. Lee, Top-k Frequent Induced Subgraph Mining
Using Sampling, in: Proceedings of the Sixth International Conference on Emerging Databases:
Technologies, Applications, and Theory, EDB β16, Association for Computing Machinery, New
York, NY, USA, 2016, pp. 110β113.
[7] A. Inokuchi, T. Washio, H. Motoda, An Apriori-Based Algorithm for Mining Frequent Substructures
from Graph Data, in: D. A. Zighed, J. Komorowski, J. Ε»ytkow (Eds.), Principles of Data Mining
and Knowledge Discovery, Lecture Notes in Computer Science, Springer, Berlin, Heidelberg, 2000,
pp. 13β23.
[8] E. Wong, B. Baur, S. Quader, C.-H. Huang, Biological Network Motif Detection: Principles and
Practice, Briefings in Bioinformatics 13 (2012) 202β215.
[9] A. A. Hagberg, D. A. Schult, P. J. Swart, Exploring network structure, dynamics, and function
using networkx, in: G. Varoquaux, T. Vaught, J. Millman (Eds.), Proceedings of the 7th Python in
Science Conference, 2008, pp. 11 β 15.
[10] L. P. Cordella, P. Foggia, C. Sansone, M. Vento, A (sub) graph isomorphism algorithm for matching
large graphs, IEEE transactions on pattern analysis and machine intelligence 26 (2004) 1367β1372.
[11] T. Shmeleva, D. Zaytcev, I. Zaytcev, Analysis of square communication grids via infinite petri nets
(2009).
[12] H. Garavel, Nested-unit petri nets: A structural means to increase efficiency and scalability of
verification on elementary nets, in: R. R. Devillers, A. Valmari (Eds.), Application and Theory of
Petri Nets and Concurrency - 36th International Conference, PETRI NETS 2015, Brussels, Belgium,
June 21-26, 2015, Proceedings, volume 9115 of Lecture Notes in Computer Science, Springer, 2015,
pp. 179β199.
[13] D. Zaitsev, Decomposition of petri nets, Cybernetics and Systems Analysis 40 (2004) 739β746.
[14] C. Lakos, On the Abstraction of Coloured Petri Nets, in: Application and Theory of Petri Nets
1997, volume 1248, Springer Berlin Heidelberg, Berlin, Heidelberg, 1997, pp. 42β61.
[15] K. Schmidt, Using Petri Net Invariants in State Space Construction, in: H. Garavel, J. Hatcliff (Eds.),
Tools and Algorithms for the Construction and Analysis of Systems, Lecture Notes in Computer
Science, Springer, Berlin, Heidelberg, 2003.
[16] K. Wolf, Petri Net Model Checking with LoLA 2, in: V. Khomenko, O. H. Roux (Eds.), Applica-
tion and Theory of Petri Nets and Concurrency, Lecture Notes in Computer Science, Springer
International Publishing, Cham, 2018, pp. 351β362.
[17] A. Ben Khaled El Feki, Distributed Realtime Simulation of Numerical Models : Application to
Power-Train (2014).
[18] Γ. CatalyΓΌrek, C. Aykanat, PaToH (Partitioning Tool for Hypergraphs), in: D. Padua (Ed.),
Encyclopedia of Parallel Computing, Springer US, Boston, MA, 2011, pp. 1479β1487.
[19] T. Lengauer, Combinatorial Algorithms for Integrated Circuit Layout, Springer Science & Business
Media, 2012.
[20] G. Karypis, V. Kumar, Metis: A Software Package for Partitioning Unstructured Graphs, Partitioning
Meshes, and Computing Fill-Reducing Orderings of Sparse Matrices (1997).
[21] A. Trifunovic, W. J. Knottenbelt, Parkway 2.0: A Parallel Multilevel Hypergraph Partitioning Tool,
in: International Symposium on Computer and Information Sciences, Springer, 2004, pp. 789β800.
[22] M. Dewar, D. Pike, J. Proos, Connectivity in Hypergraphs, Canadian Mathematical Bulletin 61
(2018) 252β271. Publisher: Cambridge University Press.
[23] R. Diestel, Graphentheorie, 5 ed., Springer Spektrum, Berlin, 2017.
72
�Julian Gaede et al. CEUR Workshop Proceedings 53β73
[24] M. Stoer, F. Wagner, A Simple Min-Cut Algorithm, Journal of the ACM (JACM) 44 (1997) 585β591.
73
�