Small Vertex Cover makes Petri Net Coverability and Boundedness Easier
aa r X i v : . [ c s . D S ] S e p Small Vertex Cover makes Petri Net Coverability andBoundedness Easier
M. Praveen
The Institute of Mathematical Sciences, Chennai, India
Abstract.
The coverability and boundedness problems for Petri nets are known to be
Expspace -complete. Given a Petri net, we associate a graph with it. With the vertex cover number k of thisgraph and the maximum arc weight W as parameters, we show that coverability and boundedness arein ParaPspace . This means that these problems can be solved in space O ( ef ( k, W ) poly ( n )), where ef ( k, W ) is some exponential function and poly ( n ) is some polynomial in the size of the input. Wethen extend the ParaPspace result to model checking a logic that can express some generalizations ofcoverability and boundedness.
Petri nets, introduced by C. A. Petri [19], are popularly used for modelling concurrent infinite state systems.Using Petri nets to verify various properties of concurrent systems is an ongoing area of research, withabstract theoretical results like [2] and actually constructing tools for C programs like [14]. Reachability,coverability and boundedness are some of the most fundamental questions about Petri nets. All three ofthem are
Expspace -hard [17]. Coverability and boundedness are in
Expspace [21]. Reachability is knownto be decidable [18, 15] but no upper bound is known.In this paper, we study the parameterized complexity of coverability and boundedness problems. Theparameters we consider are vertex cover number k of the underlying graph of the given Petri net and themaximum arc weight W . We show that both problems can be solved in space exponential in the parametersand polynomial in the size of the input. Such algorithms are called ParaPspace algorithms. Fundamentalcomplexity theory of such parameterized complexity classes have been studied [10], but parameterized
Ptime (popularly known as Fixed Parameter Tractable,
Fpt ) is the most widely studied class. Usage of otherparameterized classes such as
ParaPspace is rare in the literature.As mentioned before, one of the uses of Petri nets is modelling software. It is desirable to have bettercomplexity bounds for certain classes of Petri nets that may have some simple underlying structure dueto human designed systems that the nets model. For example, it is known that well structured programshave small treewidth [24]. Unfortunately, the Petri net used by Lipton in the reduction in [17] (showing
Expspace -hardness) has a constant treewidth. Hence, we cannot hope to get better bounds for coverabilityand boundedness with treewidth as parameter. Same is the case with many other parameters like pathwidth,cycle rank, dagwidth etc. Hence, we are forced to look for stronger parameters. In [20], we studied the effectof a newly introduced parameter called benefit depth. In this paper, we study the effect of using vertex coveras parameter, using different techniques. The class of Petri nets with bounded benefit depth is incomparablewith the class of Petri nets with bounded vertex cover.Feedback vertex set of a graph is a set of vertices whose removal leaves the graph without any cycles.The smallest feedback vertex set of the Petri net used in the lower bound proof of [17] is large (as opposedto treewidth, pathwidth, cycle rank etc., which are small). In the context of modelling software, smallestfeedback vertex set can be thought of as control points covering all loop structures. In fact, the Petri net inthe lower bound proof of [17] models a program that uses a large number of loops to manipulate countersthat can hold doubly exponential values. Removal of a feedback vertex set leaves a Petri net without anycycles. It would be interesting to explore the complexity of coverability and boundedness problems with thesize of the smallest feedback vertex set as parameter. We have not been able to extend our results to the caseof feedback vertex set yet, but hope that these results will serve as a theoretically interesting intermediatestep.In a tutorial article [7], Esparza argues that for most interesting questions about Petri nets, the rule ofthumb is that they are all
Expspace -hard. Despite this, the introduction of the same article contains anexcellent set of reasons for studying finer complexity classification of such problems. We will not reproducethem here but note some relevant points — many experimental tools have been built that solve
Expspace -complete problems that can currently handle small instances. Also, a knowledge of complexity of problemselps in answering other questions. In such a scenario, having an “extended dialog” with the problem isbeneficial, and parameterized complexity is very good at doing this [5].
Related work.
In [23], Rosier and Yen study the complexity of coverability and boundedness problems withrespect to different parameters of the input instance, such as number of places, transitions, arc weight etc.In particular, they show that the space required for boundedness is exponential in the number of unboundedplaces and polynomial in the number of bounded places. If for a Petri net, the smallest vertex cover is the setof all places, our results coincide with those found in [23]. Hence, our results refine those of Rosier and Yen.In [13], Habermehl shows that the problem of model checking linear time µ -calculus formulas on Petri netsis Pspace -complete in the size of the formula and
Expspace -complete in the size of the net. However, the µ -calculus considered in [13] cannot express coverability and boundedness. In [25], Yen extends the inductionstrategy used by Rackoff in [21] to give Expspace upper bound for deciding many other properties. Anotherwork closely related to Yen’s above work is [1].One-counter automata are closely related to Petri nets. Precise complexity of reachability and many otherproblems of this model have been recently obtained in [12, 11]. We have adapted some of the techniques usedin [12, 11], in particular the use of [16, Lemma 42].The effect of treewidth and other parameters on the complexity of some pebbling problems on digraphshave been considered in [6, Section 5]. These problems relate to the reachability problem in a class of Petrinets (called
Elementary Net Systems ) with semantics that are different from the ones used in this paper (see[22] for details of different Petri Net semantics).
Let Z be the set of integers and N the set of natural numbers. A Petri net is a 4-tuple N = ( P, T,
Pre , Post ),where P is a set of places, T is a set of transitions and Pre and
Post are the incidence functions:
Pre : P × T → [0 . . . W ] (arcs going from places to transitions) and Post : P × T → [0 . . . W ] (arcs going fromtransitions to places), where W ≥
1. In diagrams, places will be represented by circles and transitions bythick bars. Arcs are represented by weighted directed edges between places and transitions.A function M : P → N is called a marking . A marking can be thought of as a configuration of the Petrinet, with every place p having M ( p ) tokens. Given a Petri net N with a marking M and a transition t suchthat for every place p , M ( p ) ≥ Pre ( p, t ), the transition t is said to be enabled at M and can be fired . Afterfiring, the new marking M ′ (denoted as M t == ⇒ M ′ ) is given by M ′ ( p ) = M ( p ) − Pre ( p, t )+ Post ( p, t ) for everyplace p . A place p is an input ( output ) place of a transition t if Pre ( p, t ) ≥ Post ( p, t ) ≥
1) respectively.We can think of firing a transition t resulting in Pre ( p, t ) tokens being deducted from every input place p and Post ( p ′ , t ) tokens being added to every output place p ′ . A sequence of transitions σ = t t · · · t r (called firing sequence ) is said to be enabled at a marking M if there are markings M , . . . , M r such that M t == ⇒ M t == ⇒ · · · t r == ⇒ M r . M, M , . . . , M r are called intermediate markings . The fact that firing σ at M results in M r is denoted by M σ == ⇒ M r .We assume that a Petri net is presented as two matrices for Pre and
Post . In the rest of this paper, wewill assume that a Petri net N has m places, n transitions and that W is the maximum of the range of Pre and
Post . We define the size of the Petri net to be |N | = 2 mn log W + m log | M | bits, where | M | is themaximum of the range of the initial marking M . Definition 2.1 (Coverability and Boundedness).
Given a Petri net with an initial marking M anda target marking M cov , the Coverability problem is to determine if there is a firing sequence σ such that M σ == ⇒ M ′ and for every place p , M ′ ( p ) ≥ M cov ( p ) (this is denoted as M ′ ≥ M cov ). The boundednessproblem is to determine if there is a number c ∈ N such that for every firing sequence σ enabled at M with M σ == ⇒ M , M ( p ) ≤ c for every place p . In the Petri net shown in Fig. 1, the initial marking M is given by M ( p ) = 1 and M ( p ) = M ( p ) = 0.If M cov is defined as M cov ( p ) = M cov ( p ) = 1 and M cov ( p ) = 0, then M cov is not coverable since p and p cannot have tokens simultaneously. Since for any c ∈ N , the Petri net in Fig. 1 can reach a markingwhere p has more than c tokens (by firing the sequence t t repeatedly), this Petri net is not bounded.Lipton proved both coverability and boundedness problems to be Expspace -hard [17, 7]. Rackoff provided
Expspace upper bounds for both problems [21]. In the definition of the coverability problem, if we replace M ′ ≥ M cov by M ′ = M cov , we get the reachability problem. Lipton’s Expspace lower bound applies to thereachability problem too, and this is the best known lower bound. Though the reachability problem is knownto be decidable [18, 15], no upper bound is known. Many of the problems that are decidable for bounded2 p t p t p Fig. 1.
An example of a Petri netPetri nets are undecidable for unbounded Petri nets. Model checking some logics extending the one definedin section 6 fall into this category. Esparza and Nielsen survey such results in [8]. Reachability, coverabilityand boundedness are few problems that remain decidable for unbounded Petri nets.
In this section, we introduce the notion of vertex cover for Petri nets and intuitively explain how small vertexcovers help in getting better algorithms. We will also state and prove the key technical lemma used in thenext two sections.For a normal graph G = ( V, E ) with set of vertices V and set of edges E , a vertex cover V C ⊆ V is asubset of vertices such that every edge has at least one of its vertices in V C . Given a Petri net N , we associatewith it an undirected graph G ( N ) whose set of vertices is the set of places P . Two vertices are connected byan edge if there is a transition connecting the places corresponding to the two vertices. To be more precise,if two vertices represent two places p and p , then there is an edge between the vertices in G ( N ) iff in N ,there is some transition t such that Pre ( p , t ) + Post ( p , t ) ≥ Pre ( p , t ) + Post ( p , t ) ≥
1. If a place p is both an input and an output place of some transition, the vertex corresponding to p has a self loop in G ( N ). Any vertex cover of G ( N ) should include all vertices that have self loops.Suppose V C is a vertex cover for some graph G . If v , v / ∈ V C are two vertices not in
V C that have thesame set of neighbours (neighbours of a vertex v are vertices that have an edge connecting them to v ), v and v have similar properties. This fact is used to obtain Fpt algorithms for many hard problems, e.g., see[9]. The same phenomenon leads to
ParaPspace algorithms for Petri net coverability and boundedness. Inthe rest of this section, we will define the formalisms needed to prove these results.Let the places of a Petri net N be p , p , . . . , p m . Suppose there is a vertex cover V C consisting ofplaces p , . . . , p k . We say that two transitions t and t are of the same type if Pre ( p i , t ) = Pre ( p i , t )and Post ( p i , t ) = Post ( p i , t ) for all i between 1 and k . In Fig. 2, transitions t and t are of the sametype. Intuitively, two transitions of the same type behave similarly as far as places in the vertex cover areconcerned. Since there can be 2 k arcs between a transition and places in V C and each arc can have weightbetween 0 and W , there can be at most ( W + 1) k different types of transitions.Let p be a place not in the vertex cover V C . Suppose there are l ≤ ( W + 1) k types of transitions. Place p can have one incoming arc from or one outgoing arc to each transition of the net (it cannot have bothan incoming and an outgoing arc since in that case, p would have a self loop and would be in V C ). If p ′ isanother place not in V C , then no transition can have arcs to both p and p ′ , since otherwise, there wouldhaven been an edge between p and p ′ in G ( N ) and one of the places p and p ′ would have been in V C . Hence,places not in
V C cannot interact with each other directly. Places not in
V C can only interact with placesin
V C through transitions and there are at most l types of transitions. Suppose p and p ′ have the followingproperty: for every transition t that has an arc to/from p with weight w , there is another transition t ′ ofthe same type as t that has an arc to/from p ′ with weight w . Then, p and p ′ interact with V C in the sameway in the following sense: whenever a transition involving p fires, an “equivalent” transition can be firedthat involves p ′ instead of p , provided there are enough tokens in p ′ . In Fig. 2, places p and p satisfy theproperty stated above. Transition t can be fired instead of t , t can be fired instead of t etc. Definition 3.1.
Suppose N is a Petri net with vertex cover V C and l types of transitions. Let p / ∈ V C be a place not in the vertex cover. The variety var [ p ] of p is defined as the function var [ p ] : { , . . . l, } → {− W,...,W }\{ } , where for every j between and l and every w = 0 between − W and W , there is a transition t j of type j such that w = − Pre ( p, t j ) + Post ( p, t j ) iff w ∈ var [ p ] . We denote varieties of places by v , v ′ etc. The author acknowledges an anonymous IPEC referee for pointing out an error here in the submitted version. t t t t t t t t p p p p p N p p p p p p Vertex Cover G ( N ) Fig. 2.
A Petri net with vertex cover { p , . . . , p } In the above definition, since p / ∈ V C , at most one among
Pre ( p, t j ) and Post ( p, t j ) will be non-zero.The fact that transitions can be exchanged between two places of the same variety can be used to obtainbetter bounds on the length of firing sequences. For example, suppose a firing sequence σ is fired in thePetri net of Fig. 2, with an initial marking that has no tokens in p and p . Let c be the maximum numberof tokens in any place in any intermediate marking during the firing of σ . Since there are 6 places andeach intermediate marking has at most c tokens in every place, the number of possible distinct intermediatemarkings is ( c + 1) . This is also an upper bound on the length of σ (if two intermediate markings areequal, then the subsequence between those two markings can be removed without affecting the final markingreached). Now, suppose that in the final marking reached, p and p do not have any tokens and we replace alloccurrences of t , t , t and t in σ by t , t , t and t respectively. After this replacement, the final markingreached will be same as the one reached after firing σ . Number of tokens in p will be at most 2 c in anyintermediate marking and there will be no tokens at all in p . Variation in the number of tokens in p , p , p and p do not change (since as far as these places are concerned, transitions t , t , t and t behave in thesame way as do t , t , t and t respectively). Hence, in any intermediate marking, each of the places p , p , p and p will still have at most c tokens. When we exchange the transitions as mentioned above, there mightbe some intermediate markings that are same, so that we can get a shorter firing sequence achieving thesame effect as the original one. These duplicate markings signify the “redundancy” that was present in theoriginal firing sequence σ , but was not apparent to us due to the distribution of tokens among places. Afterremoving such redundancies, the new upper bound on the length of the firing sequence is (2 c + 1) . ( c + 1) ,which is asymptotically smaller than the previous bound ( c + 1) . A careful observation of the effect of thisphenomenon on Rackoff’s induction strategy in [21] leads us to the main results of this paper. Definition 3.2.
Let p and p be two places of the same variety. Let σ be a firing sequence. A sequence oftransitions σ ′ = t . . . t r is said to be a sub-word of σ if there are positions i < · · · < i r in σ such that foreach j between and r , i j th transition of σ is t j . Suppose σ ′ is a sub-word of σ made up of transitions thathave an arc to/from p . Transferring σ ′ from p to p means replacing every transition t of σ ′ (whichhas an arc to/from p with some weight w ) with another transition t ′ of the same type as t which has an arcto/from p with weight w . The sub-word σ ′ is said to be safe for transfer from p if for every prefix σ ′′ of σ ′ , the effect of σ ′′ on p (i.e., the change in the number of tokens in p as a result of firing all transitionsin σ ′′ ) is greater than or equal to . Intuitively, if some sub-word σ ′ is safe for transfer from p , it never removes more tokens from p than ithas already added to p . So if we transfer σ ′ from p to p , the new transitions will always add tokensto p before removing them from p , so there is no chance of number of tokens in p becoming negativedue to the transfer. However, the number of tokens in p may become negative due to some old transitionsremaining back in the “untransferred” portion of the original firing sequence σ . The following lemma saysthat if some intermediate marking has very high number of tokens in some place, then a suitable sub-wordcan be safely transfered without affecting the final marking reached or introducing negative number of tokensin any place, but reducing the maximum number of tokens accumulated in any intermediate marking. The4roof is a simple consequence of [16, Lemma 42], which is about one-counter automata. An one-counterautomaton is an automaton with a counter that can store natural numbers. Apart from changing its state,the automaton can increment the counter, test it for zero and decrement it when not zero. It is proven in[16, Lemma 42] that if a one-counter automaton can reach from one of its configuration to another, it can doso without increasing the intermediate values of the counter by large numbers. A full proof of the followinglemma is included in the Appendix for easy reference. Lemma 3.3 (Truncation lemma, [16]).
Let p and p be places of the same variety. Let e ∈ N be anynumber and σ be a firing sequence. Suppose during the firing of σ , there are intermediate markings M and M such that M ( p ) = e and M ( p ) ≤ e . Suppose M is an intermediate marking between M and M suchthat M ( p ) ≥ e + W + W is the maximum number of tokens in p at any intermediate marking between M and M . Then, there is a sub-word σ ′ of σ that is safe for transfer from p to p such that1. The total effect of σ ′ on p is .2. After transferring σ ′ to p , the number of tokens in p at M is strictly less than the number of tokensin p at M before the transfer.3. No intermediate marking will have negative number of tokens in p after the transfer. There can be at most (2 W ) l ≤ W ( W +1) k varieties of places that are not in the vertex cover V C , if thenumber of places in the vertex cover is k . For each variety v , we designate one of the places having v as itsvariety as special, and use p v to denote it. We will call S = V C ∪ { p v | v is the variety of a place not in V C } the set of special places. We will denote the set P \ S using I and call the places in I independent places.We will use k ′ for the cardinality of S and note that k ′ ≤ k + 2 W ( W +1) k . If k and W are parameters, then k ′ is a function of the parameters only. Hence, in the rest of the paper, we will treat k ′ as the parameter. In this section, we will show that for a Petri net N with a vertex cover of size k and maximum arc weight W , the coverability problem can be solved in space O ( ef ( k, W ) poly ( |N | + log | M cov | )). Here, ef is somecomputable function exponential in k and W while poly ( |N | + log | M cov | ) is some polynomial in the size ofthe net and the marking to be covered. We will need the following definition, which is Definition 3.1 from[21] adapted to our notation. Definition 4.1.
Let Q ⊆ P be some subset of places such that I ⊆ Q . For a transition t and functions M, M ′ : P → Z , we write M t −−→ Q M ′ if M ′ ( p ) = M ( p ) − Pre ( p, t )+ Post ( p, t ) for all p ∈ P and M ( q ) , M ′ ( q ) ≥ for all q ∈ Q . Let M cov be some marking to be covered. For a function M : P → Z , a firing sequence σ = t t · · · t r is said to be Q -covering from M if there are intermediate functions M , M , . . . , M r suchthat M t −−→ Q M t −−→ Q · · · t r −−→ Q M r and M r ( q ) ≥ M cov ( q ) for all q ∈ Q . The firing sequence σ is furthersaid to be Q, e -covering if for all i between and r − , the functions M i above satisfy M i ( q ) ≤ e for all q ∈ Q . For a function M : P → Z , let lencov ( Q, M, M cov ) be the length of the shortest firing sequencethat is Q -covering from M . Define lencov ( Q, M, M cov ) to be if there is no such sequence. Define ℓ ( i ) =max { lencov ( Q, M, M cov ) | I ⊆ Q ⊆ P, | Q \ I | = i, M : P → Z } . Intuitively, a Q -covering sequence does not care about places that are not in Q , even if some intermediatemarkings have “negative number of tokens”. The number ℓ ( i ) is an upper bound on the length of coveringsequences that only care about independent places and i special places. Obviously, we are only interested in ℓ ( k ′ ), but other values help in obtaining it. With slight abuse of terminology, we will call functions M : P → Z also as markings. It will be clear from context what is meant.Let R be the maximum of the range of M cov , the marking to be covered. We will denote R + W + W + W by R ′ . Recall that m is the number of places in the given Petri net. The following lemmas give an upperbound on ℓ ( k ′ ). Lemma 4.2. ℓ (0) ≤ mR .Proof. ℓ (0) is the length of the shortest I -covering sequence. Recall that all places in I are independent ofeach other, so if a transition has an arc to one of the places in I , it does not have arcs to any other place in I . Since an I -covering sequence does not care about places in S , it only has to worry about adding tokens5o places in I . If a transition adds a token to some place p in I , it does not remove tokens from any otherplace in I . Hence, this transition can be repeated R times to add at least R tokens to the place p , which isall that is needed for p . Arguing similarly for other places in I , a total of mR transitions are enough to addall required tokens to all places in I , since there are less than m places in I . ⊓⊔ Lemma 4.3. ℓ ( i + 1) ≤ R ′ m ( W ℓ ( i ) + R ) i +1 + ℓ ( i ) .Proof. Suppose I ⊆ Q ⊆ P and | Q \ I | = i + 1. Suppose there is a sequence σ that is Q -covering fromsome M . Let p be any place in I of some variety v . Let M be the first intermediate marking such that M ( p ) ≥ M cov ( p ). We have M ( p ) ≤ R + W . We distinguish two cases:1. For all intermediate markings M ′ after M , M ′ ( p ) ≥ M ( p ). This means the number of tokens in p never goes below M ( p ) after the marking M . Let σ ′ be the sub-word of σ that consists of all transitionoccurrences after M that has an arc to/from p . The sub-word σ ′ is safe for transfer from p to p v . Wetransfer σ ′ from p to p v and note that in the final marking reached after the transfer, p still has M ( p )tokens, which is enough to cover M cov .2. Let M ′ be the last intermediate marking such that M ′ ( p ) < M ( p ). We invoke the truncation lemma bysetting e = M ( p ) ≤ R + W , M = M and M = M ′ . We can then transfer the sub-word σ ′ identified bythe truncation lemma to p v to reduce the number of tokens in p in some intermediate markings between M and M ′ . We repeat this process until there are no more than R ′ tokens in p in any intermediate markingbetween M and M ′ . Let M ′′ be the first intermediate marking after M ′ such that M ′′ ( p ) ≥ M cov ( p ).Again, M ′′ ( p ) ≤ R + W . If no intermediate marking M ′′ after M ′′ has M ′′ ( p ) < M ′′ ( p ), we can transferall transitions with an arc to/from p occurring after M ′′ to p v . Otherwise, we can invoke truncationlemma again to ensure that p has at most R ′ tokens in any intermediate marking after M ′′ .Repeating the above case analysis for every independent place p ∈ I , we get a firing sequence π that is Q -covering from M such that in all intermediate markings, every independent place p has at most R ′ tokens.If this sequence happens to be Q, ( W ℓ ( i ) + R )-bounded, then R ′ m ( W ℓ ( i ) + R ) i +1 is an upper bound onits length (since all independent places have at most R ′ tokens and the i + 1 places in Q \ I have at most( W ℓ ( i ) + R ) tokens in all intermediate markings) and we are done.Otherwise, suppose there is some place q ∈ Q \ I and some intermediate marking M such that M ( q ) ≥ W ℓ ( i ) + R . Let M be the first such marking and call the prefix of π up to M as π and the rest of π as π .The length of π is at most R ′ m ( W ℓ ( i ) + R ) i +1 . The sequence π is a ( Q \ { q } )-covering sequence from M .By definition, there is such a sequence π ′ of length at most ℓ ( i ). The sequence π π ′ is a ( Q \ { q } )-coveringsequence from M . Since M ( q ) ≥ W ℓ ( i ) + R and π ′ removes at most W ℓ ( i ) tokens from q , π π ′ is in fact a Q -covering sequence from M . Its length is bounded by R ′ m ( W ℓ ( i ) + R ) i +1 + ℓ ( i ). ⊓⊔ The following lemma gives an upper bound on ℓ ( i ) using the recurrence relation obtained above. Lemma 4.4. ℓ ( i ) ≤ (2 mW RR ′ ) m ( i +1)! .Proof. By induction on i . For i = 0, ℓ (0) ≤ mR ≤ (2 mW RR ′ ) m . i = 1: ℓ (1) ≤ R ′ m ( W ℓ (0) + R ) + ℓ (0) ≤ R ′ m ( W mR + R ) + mR ≤ ( W RR ′ ) m mR + mR ≤ ( mW RR ′ ) m + mR ≤ mW RR ′ ) m ≤ (2 mW RR ′ ) m ≥ ℓ ( i + 1) ≤ R ′ m ( W ℓ ( i ) + R ) i +1 + ℓ ( i ) ≤ R ′ m ( W (2 mW RR ′ ) m ( i +1)! + R ) i +1 + (2 mW RR ′ ) m ( i +1)! ≤ ( W RR ′ ) m ( i +1) (2 mW RR ′ ) m ( i +1)!( i +1) + (2 mW RR ′ ) m ( i +1)! ≤ (2 mW RR ′ ) m ( i +1) (2 mW RR ′ ) m ( i +1)!( i +1) + (2 mW RR ′ ) m ( i +1)! ≤ (2 mW RR ′ ) m ( i +1)(( i +1)!+1) + (2 mW RR ′ ) m ( i +1)! ≤ mW RR ′ ) m ( i +1)(( i +1)!+1) ≤ (2 mW RR ′ ) m ( i +1)(( i +1)!+2) ≤ (2 mW RR ′ ) m ( i +2)! The last step follows since i ≥ ⇒ i ! ≥ ⇒ ( i + 1) i ! ≥ i + 1) ⇒ ( i + 1)! ≥ i + 1) ⇒ ( i + 1)( i + 1)! + ( i + 1)! ≥ ( i + 1)( i + 1)! + 2( i + 1) ⇒ ( i + 2)( i + 1)! ≥ ( i + 1)(( i + 1)! + 2) ⇒ ( i + 2)! ≥ ( i + 1)(( i + 1)! + 2) ⊓⊔ Theorem 4.5.
With the vertex cover number k and maximum arc weight W as parameters, the Petri netcoverability problem can be solved in ParaPspace .Proof.
From the Lemma 4.4, we get ℓ ( k ′ ) ≤ (2 mW RR ′ ) m ( k ′ +1)! . To guess and verify a covering sequenceof length at most ℓ ( k ′ ), a non-deterministic Turing machine needs to maintain a counter and intermediatemarkings, which can be done using memory size O ( m ( k ′ + 1)!( m log | M | + log m + log W + log R + log R ′ )).An application of Savitch’s theorem then gives us the ParaPspace algorithm. ⊓⊔ In this section, we will show that with vertex cover number and maximum arc weight as parameters, thePetri net boundedness problem can be solved in
ParaPspace . If there is a firing sequence σ such that M σ == ⇒ M and an intermediate marking M such that M < M (i.e., M ≤ M and M = M ), then σ iscalled a self-covering sequence . It is well known that a Petri net is unbounded iff the initial marking enables aself-covering sequence. Similar to the recurrence relation for the length of covering sequences, Rackoff gave arecurrence relation for the length of self-covering sequences also in [21]. We will again use truncation lemmato prove that this recurrence relation grows slowly for Petri nets with small vertex cover. The followinglemma formalizes the way truncation lemma is used in boundedness. Definition 5.1.
Let Q ⊆ P be a subset of places with I ⊆ Q . Let M : P → Z be some function. Afiring sequence σ = t t · · · t r is said to be a Q -enabled self-covering sequence if there are intermediatefunctions M , M , . . . , M r ′ , . . . , M r with r ′ < r such that M t −−→ Q M t −−→ Q · · · t r ′ −−→ Q M r ′ −−→ · · · t r −−→ Q M r and M r ′ < M r . We call the subsequence between M r ′ and M r as the pumping portion of the self-coveringsequence. Lemma 5.2.
Suppose Q ⊆ P is a subset of places with I ⊆ Q . Let U be the maximum of the range ofthe initial marking. If there is a Q -enabled self-covering sequence, then there is a Q -enabled self-coveringsequence in which none of the places in I will have more than U + W + W + W tokens in any intermediatemarking.Proof. Let σ = t t · · · t r be the Q -enabled self-covering sequence with M t −−→ Q M t −−→ Q · · · t r ′ −−→ Q M r ′ −−→· · · t r −−→ Q M r and M r ′ < M r . First ensure that for every place p with M r ( p ) > M r ′ ( p ), M r ( p ) ≥ M r ′ ( p ) + 2 W .7f this is not the case, we can repeat the pumping portion of σ W times to ensure it. After this modification,let σ σ be the Q -enabled self-covering sequence with σ being the pumping portion. Consider the Q -enabledself covering sequence σ σ σ . For convenience, we will denote this sequence by π π , where π = σ σ and π = σ , with π being the pumping portion.Consider a place p of some variety v in I . Let M be the last intermediate marking during the firing of π from M such that M ( p ) is the minimum number of tokens in p among all intermediate markings. Case 1: M ( p ) ≥ M ( p ). In this case, the number of tokens in p does not come below M ( p ) at all. Let π ′ be the sub-word of π π consisting of all transitions having an arc to/from p . Transfer π ′ to p v . If thenumber of tokens in p was being increased by π before the transfer, the transfer will result in the numberof tokens in p remaining unchanged during the pumping portion. To remedy this, identify the last transitionthat adds tokens to p v and transfer it back to p . Since π was adding at least 2 W tokens to p v (which weensured in the beginning of this proof), the above mentioned transfer of one transition back to p will notaffect firability of any transition and will also ensure that the number of tokens in both p and p v increaseduring pumping portion π . Case 2: M ( p ) < M ( p ). Invoking truncation lemma with e = M ( p ) + W , we identify sub-words between M and M and transfer them to p v so that in any intermediate marking, p has at most U + W + W + W tokens. Let π ′ be the sub-word of π π consisting all transitions having an arc to/from p , occurring between M and the final marking reached. This sub-word π ′ is safe for transfer from p to p v (since M ( p ) is theminimum number of tokens in p reached during the firing of π and π will not decrease the number oftokens in p below M ( p ) in any intermediate marking after M ) and we transfer it to p v . Again, if π wasincreasing the number of tokens in p before the above transfer, identify the last transition adding tokens to p v and transfer it back to p . As in the first case, this will ensure that the number of tokens in both p and p v increase during pumping portion π .For every independent place p ∈ I , we identify and transfer sub-words to p v based on one of the abovetwo cases. Finally, we end up with a Q -enabled self-covering sequence in which none of the independentplaces will have more than U + W + W + W tokens in any intermediate marking. ⊓⊔ Before we can use Lemma 5.2, we need the following technical lemmas. The first one is an adaptation ofLemma 4.5 in Rackoff’s paper [21] to our setting.
Lemma 5.3.
Let Q ⊆ P with I ⊆ Q and U ′ ∈ N be such that there is a Q -enabled self-covering sequencefrom some M in which all intermediate markings have at most U ′ tokens in any independent place. Alsosuppose that all intermediate markings have at most e tokens in any place in Q \ I . Then, there is a Q -enabledself-covering sequence of length at most k ′ (2 e ) c ′ k ′ ( U ′ W ) c ′ m for some constant c ′ .Proof. Suppose the given self-covering sequence is of the form M σ −−→ Q M σ −−→ Q M with σ being thepumping portion. The length of σ is at most U ′ m e k ′ . For reducing the length of σ , we will closely followthe proof of Lemma 4.5 in Rackoff’s paper [21]. Let a Q -loop be any sequence of transitions whose totaleffect is 0 on any place in Q .As in Rackoff’s proof of Lemma 4.5 in [21], remove Q -loops from σ carefully until what remains behindis a sequence σ ′ of length at most ( U ′ m e k ′ + 1) . Let b ∈ N k ′ be a vector containing a 1 in each coordinatecorresponding to a special place in S whose number of tokens is increased by σ and 0 in all other coordinates.If π is a Q -loop, its loop value is the vector in Z k ′ , which contains in each coordinate the total effect of π on the corresponding special place in S . Let L ⊆ Z k ′ be the set of loop values that were removed from σ .Let B be the matrix with k ′ rows, whose columns are the members of L . For any sequence π , let ef ( π ) bethe vector in Z k ′ , which contains in each coordinate the total effect of π on the corresponding special placein S . Since σ is a pumping portion, ef ( σ ) ≥ b . Now, the effect of σ can be split into the effect of σ ′ andthe effect of Q -loops that were removed from σ . If x ( i ) is the number of Q -loops removed from σ whoseloop value is equal to the i th column of B , then we have Bx ≥ b − ef ( σ ′ ).A loop value is just the effect of at most e k ′ U ′ m transitions, and hence each entry of B is of absolutevalue at most e k ′ U ′ m W . The matrix B has therefore at most (2 e k ′ U ′ m W + 1) k ′ columns. Each entry of b − ef ( σ ′ ) is of absolute value at most W ( e k ′ U ′ m + 1) + 1. Letting d = k ′ and d = max { (2 e k ′ U ′ m W +1) k ′ , e k ′ U ′ m W, W ( e k ′ U ′ m + 1) + 1 } ≤ (2 e ) k ′ ( U ′ W ) m , we can apply Lemma 4.4 of [21]. The result is thatthere is a vector y ∈ N | L | such that the sum of entries of y is equal to l ≤ d ((2 e ) k ′ ( U ′ W ) m ) ck ′ for someconstant c . Let c ′ be a constant such that l ≤ k ′ (2 e ) c ′ k ′ ( U ′ W ) c ′ m .Now, we will put l Q -loops back to σ ′ , which was of length at most ( e k ′ U ′ m + 1) . Since the lengthof each Q -loop is at most e k ′ U ′ m , the total length of the newly constructed pumping portion is at most8 e k ′ U ′ m + 1) + k ′ (2 e ) c ′ k ′ ( U ′ W ) c ′ m . Together with σ , whose length is at most e k ′ U ′ m , we get a Q -enabledself-covering sequence of length at most 2( e k ′ U ′ m + 1) + k ′ (2 e ) c ′ k ′ ( U ′ W ) c ′ m ≤ k ′ (2 e ) c ′ k ′ ( U ′ W ) c ′ m . ⊓⊔ Definition 5.4.
Let U ′ ∈ N be some fixed number (we will later use it to denote U + W + W + W , as inLemma 5.2). For j ∈ N , Q ⊆ P with I ⊆ Q and a function M : P → Z , let slencov ( Q, j, M ) be the length ofthe shortest Q -enabled self-covering sequence from M if there is a Q -enabled self-covering sequence from M inwhich all intermediate markings have at most U ′ + jW tokens in any independent place. Let slencov ( Q, j, M ) be if there is no such sequence. Define ℓ ( i, j ) = max { slencov ( Q, j, M ) | I ⊆ Q ⊆ P, | Q \ I | = i, M : P → Z } . The following lemma is an immediate consequence of Lemma 4.5 in [21].
Lemma 5.5.
There is a constant d such that ℓ (0 , j ) ≤ ( U ′ + jW ) m d . Lemma 5.6. ℓ ( i +1 , j ) ≤ k ′ (2 W ℓ ( i, j +1)) ck ′ (( U ′ + jW ) W ) c ′ m for some appropriately chosen constants c and c ′ .Proof. Suppose Q ⊆ P such that I ⊆ Q and | Q \ I | = i + 1. Also suppose that there is a Q -enabled self-covering sequence from some marking M such that all intermediate markings have at most U ′ + jW tokensin any independent place. If all intermediate markings have at most W ℓ ( i, j + 1) tokens in any place in Q \ I , the required result is a consequence of Lemma 5.3, substituting W ℓ ( i, j + 1) for e and U ′ + jW for U ′ . Otherwise, let σ = σ σ be the self-covering sequence, with σ being the pumping portion. Ensure thatfor any independent place p , σ adds at most W tokens (otherwise, we can transfer from p to p v the lasttransition that adds tokens to p , where v is the variety of p ). Let M be the first intermediate marking withmore than W ℓ ( i, j + 1) tokens in some special place q ∈ Q \ I . Let the subsequence up to M be called π and rest of the sequence be called π (the pumping portion σ is a suffix of σ = π π ). The length of π is at most ( W ℓ ( i, j + 1)) k ′ ( U ′ + jW ) m . Starting from M , π σ is a Q -enabled self-covering sequence. Atthe end of π , every independent place has at most U ′ + jW tokens. During the firing of σ after π , everyindependent place has at most U ′ + ( j + 1) W tokens in any intermediate marking (since σ adds at most W tokens to every independent place; see Fig. 3). Steps of firing sequence N o . o f t o k e n s i n p M · π σ σ · ≤ U ′ + jW ≤ W ≤ U ′ + ( j + 1) W Fig. 3.
Illustration for proof of Lemma 5.6Hence, π σ is a Q \ { q } -enabled self-covering sequence from M such that in all intermediate markings,every independent place has at most U ′ + ( j + 1) W tokens. By definition, there is a Q \ { q } -enabled self-covering sequence π ′ from M of length at most ℓ ( i, j + 1). Since M ( q ) ≥ W ℓ ( i, j + 1) and M π −−→ Q M ,9 π ′ is a Q -enabled self-covering sequence from M of length at most ( W ℓ ( i, j +1)) k ′ ( U ′ + jW ) m + ℓ ( i, j +1). ⊓⊔ Now using Lemma 5.2, we can conclude that if there is a self-covering sequence, there is one of length atmost ℓ ( k ′ , U ′ = U + W + W in the definition of ℓ . The following lemma gives an upper boundon this quantity. We use h to denote c ′ k ′ . Lemma 5.7. ℓ ( i, j ) ≤ (8 k ′ ) (1+ h ) i (2 W ) poly ( h i ) ( U ′ + ( j + i ) W ) poly ( h i ) where poly ( h i ) and poly ( h i ) arepolynomials in h i , c ′ , k ′ and m .Proof. By induction on i . ℓ (0 , j ) ≤ ( U ′ + jW ) m d ≤ k ′ ( U ′ + jW ) m d . ℓ ( i + 1 , j ) ≤ k ′ (2 W ℓ ( i, j + 1)) h (( U ′ + jW ) W ) c ′ m ≤ k ′ h W (8 k ′ ) (1+ h ) i (2 W ) poly ( h i ) ( U ′ + ( j + 1 + i ) W ) poly ( h i ) i h (( U ′ + jW ) W ) c ′ m ≤ (8 k ′ ) h (1+ h ) i (2 W ) (1+ poly ( h i )) h + c ′ m ( U ′ + ( j + i + 1) W ) poly ( h i ) h + c ′ m It is now enough to choose poly and poly such that poly ( h i +1 ) ≥ (1 + poly ( h i )) h + c ′ m , poly ( h ) ≥ m d and poly ( h i +1 ) ≥ poly ( h i ) h + c ′ m . These conditions are met by poly ( h i ) = ( h + c ′ m )( h i −
1) and poly ( h i ) = h i m d + c ′ m ( h i − h ≥ ⊓⊔ Theorem 5.8.
With the vertex cover number k and maximum arc weight W as parameters, the Petri netboundedness problem can be solved in ParaPspace .Proof.
A non-deterministic Turing machine can test for unboundedness by guessing and verifying the pres-ence of a self-covering sequence of length at most ℓ ( k ′ , O ( m log | M | + m + log W + (1 + c ′ k ′ ) k ′ log k ′ + poly ( c ′ k ′ k ′ k ′ ) log W + poly ( c ′ k ′ k ′ k ′ ) log( U ′ k ′ W )), or O ( m log | M | + m + poly ( c ′ k ′ k ′ k ′ ) log( U ′ k ′ W )) for some polynomial poly .An application of Savitch’s theorem now gives us the ParaPspace algorithm for boundedness. ⊓⊔ Following is a logic (borrowed from [20]) of properties such that its model checking can be reduced tocoverability ( κ ) and boundedness ( β ) problems, but is designed to avoid expressing reachability. This is afragment of Computational Tree Logic (CTL). τ ::= p, p ∈ P | τ + τ | cτ, c ∈ N κ ::= τ ≥ c, c ∈ N | κ ∧ κ | κ ∨ κ | EF κβ ::= { τ , . . . , τ r } < ω | ¬ β | β ∨ β φ ::= β | κ | φ ∧ φ | φ ∨ φ The satisfaction of a formula φ by a Petri net N with initial marking M (denoted as N , M | = φ )is defined below. The boolean operators work as usual. Note that every term (of type τ ) gives a function L τ : P → N such that τ is syntactically equivalent to P p ∈ P L τ ( p ) p . – N , M | = τ ≥ c if P p ∈ P L τ ( p ) M ( p ) ≥ c . – N , M | = EF κ if there is a marking M reachable from M such that N , M | = κ . – N , M | = { τ , . . . , τ r } < ω if ∃ c ∈ N such that for all markings M reachable from M , there is a j ∈ { , . . . , r } such that P p ∈ P L τ j ( p ) M ( p ) ≤ c .In the Petri net of Fig. 1, if we set M cov as M cov ( p ) = M cov ( p ) = 1 and M cov ( p ) = 0, the coverabilityof M cov can be expressed as EF ( p ≥ ∧ p ≥ { p + p + p } < ω . If the κ formulas of the above logic had allowed formulas of type τ ≤ c , then we couldhave expressed reachability of M cov as EF ( p ≥ ∧ p ≤ ∧ p ≥ ∧ p ≤ ∧ p ≤ heorem 6.1. Given a Petri net with an initial marking and a formula φ , if the vertex cover number k andthe maximum arc weight W of the net are treated as parameters and the nesting depth D of EF modality inthe formula is treated as a constant, then there is a ParaPspace algorithm that checks if the net satisfiesthe given formula.
The details of model checking κ formulas is given in Sub-section 6.1. While reading [3], we realized thatthere is a mistake in the reduction from model checking β formulas to checking the presence of self-coveringsequences that we gave in [20]. However, it can be corrected using the notion of disjointness sequences introduced by Demri in [3]. Sub-section 6.2 gives the details of a ParaPspace algorithm for model checking β formulas using ideas borrowed from [3]. κ formulas We now consider verifying the formulas κ . We first reduce the formulas to the form of γ ∧ EF ( κ ) ∧ · · · ∧ EF ( κ r ), with γ having only conjunctions of τ ≥ c formulas by nondeterministically choosing disjuncts fromsubformulas of κ . We call γ the content of κ and κ , . . . , κ r the children of κ . Each of the children mayhave their own content and children, thus generating a tree with nodes Γ , with κ at the root of this tree.We will represent the nodes of this tree by sequences of natural numbers, 0 being the root.The maximum length of sequences in Γ is one more than the nesting depth of the EF modality in κ and we denote it by D . Let [ D ] = { , , . . . , D − } . If α ∈ Γ is a tree node that represents the formula κ ( α ) = γ ∧ EF ( κ ) ∧ · · · ∧ EF ( κ r ), content ( α ) = γ denotes the content of the node α . Let ratio ( τ ≥ c ) = max {⌈ c/L τ ( p ) ⌉ | L τ ( p ) = 0 , p ∈ P } . Defining max( ∅ ) = 0, we define the maximum ratio at height i in the treeby ratio ( i ) = max { ratio ( τ ≥ c ) | τ ≥ c appears as a conjunct in content ( α ) for some α ∈ Γ, | α | = i + 1 } . Definition 6.2.
Recalling Def. 4.1, let ℓ ′ ( M cov ) = max { lencov ( P, M, M cov ) | M : P → Z } . Given a formula κ and a Petri net N with initial marking M , the bound function f : [ D ] × P → N is defined as follows. Weuse f ( j ) for the marking defined by f ( j )( p ) = f ( j, p ) . • f ( D − , p ) = ratio ( D − , • f ( D − i, p ) = max { ratio ( D − i ) , W ℓ ′ ( f ( D − i + 1)) + f ( D − i + 1 , p ) } , < i < D , • f (0 , p ) = M ( p ) .A guess function g : Γ × P → N is any function that satisfies g ( α, p ) ≤ f ( | α | − , p ) for all α ∈ Γ and p ∈ P .If g is a guess function, g ( α ) is the marking defined by g ( α )( p ) = g ( α, p ) . If a given Petri net satisfies the formula κ = γ ∧ EF ( κ ) ∧ · · · ∧ EF ( κ r ), then there exist firing sequences σ , . . . , σ r that are all enabled at the initial marking M such that M σ i == ⇒ M i and M i satisfies κ i . Ingeneral, if κ generates a tree with set of nodes Γ , then there is a set of sequences { σ α | α ∈ Γ \ { }} andset of markings { M α | α ∈ Γ } such that M α σ αj == ⇒ M αj for all α, αj ∈ Γ and M α satisfies content ( α ) for all α ∈ Γ . Lemma 6.3.
There exist sequences { µ α | α ∈ Γ \ { }} and markings { M α | α ∈ Γ } such that M α µ αj == ⇒ M αj for all α, αj ∈ Γ with M α satisfying content ( α ) and | µ α | ≤ ℓ ′ ( f ( | α | − iff there exist sequences { σ α | α ∈ Γ \ { }} and markings { M ′ α | α ∈ Γ } ( M ′ should be equal to M ) such that M ′ α σ αj == ⇒ M ′ αj for all α, αj ∈ Γ with M ′ α satisfying content ( α ) .Proof. ( ⇒ ) Since M α satisfies content ( α ), we can take M ′ α = M α and σ α = µ α .( ⇐ ) Consider the following guess function: g ( α, p ) = M ( p ) if α = 0 M ′ α ( p ) if α = 0 and M ′ α ( p ) ≤ f ( | α | − , p ) f ( | α | − , p ) otherwiseBy definition, g ( α ) ≤ M ′ α and g ( α ) ≤ f ( | α | − σ αj is a firing sequence that covers M ′ αj from M ′ α ,there exist sequences µ αj that cover g ( αj ) starting from M ′ α whose length is at most ℓ ′ ( g ( αj )) (and henceat most ℓ ′ ( f ( | αj | − { M α | α ∈ Γ } such that M α µ αj == ⇒ M αj for all α, αj ∈ Γ and that M α satisfies content ( α ) for all α ∈ Γ .First, we claim that every µ αj can be fired from M α and that every place p will satisfy at least one ofthe following two conditions: 11. M αj ( p ) ≥ M ′ αj ( p )2. M αj ( p ) ≥ f ( | αj | − , p )We will prove this claim by induction on | α | . Base case : | α | = 1. µ j is a firing sequence of length at most ℓ ′ ( g (0 j )) that covers g (0 j ) starting from M . The claim is clear by the definition of g (0 j ). Induction step : We want to prove that µ αj can be fired at M α and that M αj satisfies the stated claims.We will prove these for an arbitrary place p . By induction hypothesis, either M α ( p ) ≥ M ′ α ( p ) or M α ( p ) ≥ f ( | α | − , p ).First, suppose that M α ( p ) ≥ M ′ α ( p ). Since µ αj covers g ( αj ) starting from M ′ α , M αj ( p ) ≥ g ( αj )( p ) andthere are no intermediate markings between M α and M αj where p receives negative number of tokens. Also,since M αj ( p ) ≥ g ( αj )( p ), either M αj ( p ) ≥ M ′ αj ( p ) or M ( αj )( p ) ≥ f ( | αj | − , p ).Second, suppose that M α ( p ) ≥ f ( | α | − , p ). | µ αj | ≤ ℓ ′ ( g ( αj )) and g ( αj ) ≤ f ( | αj | −
1) by definition.Hence ℓ ′ ( g ( αj )) ≤ ℓ ′ ( f ( | αj | − | µ αj | ≤ ℓ ′ ( f ( | αj | − f ( | α | − , p ), we get M α ( p ) ≥ W ℓ ′ ( f ( | αj | − f ( | αj | − , p ). µ αj will remove at most W ℓ ′ ( f ( | αj | − p and hence, at least f ( | αj | − , p ) tokens will be left in place p at marking M αj . Therefore, M αj ( p ) ≥ f ( | αj | − , p ).This completes the induction and hence the claim.Now, we will prove that each M α satisfies content ( α ). For each conjunct τ ≥ c in content ( α ), we willprove that P p ∈ P L τ ( p ) M α ( p ) ≥ c , where L τ is the positive linear combination represented by τ . If c = 0,then the required result can be obtained by just observing that both L τ ( p ) and M α ( p ) are positive for all p ∈ P . So suppose that c = 0. Let Q τ = { p ∈ P | L τ ( p ) = 0 } . We distinguish two cases:1. For some p ∈ Q τ , M α ( p ) ≥ f ( | α |− , p ). In this case, M α ( p ) ≥ f ( | α |− , p ) ≥ cL τ ( p ) . Hence, L τ ( p ) M α ( p ) ≥ c .2. For all p ∈ Q τ , M α ( p ) < f ( | α | − , p ). In this case, for all p ∈ Q τ , M α ( p ) ≥ M ′ α ( p ). Since M ′ α satisfies content ( α ), we have P p ∈ Q τ L τ ( p ) M ′ α ( p ) ≥ c . Therefore, P p ∈ Q τ L τ ( p ) M α ( p ) ≥ c . ⊓⊔ To derive an upper bound for f ( i ) to use in a nondeterministic algorithm, let R = max { ratio ( τ ≥ c ) | τ ≥ c is a subformula of κ } , R ′ = R + W + W + W and W ′ = max { W, } . Recall that D − EF and note that boundedness and coverability can be expressed with D ≤ Lemma 6.4.
For i ≥ , f ( D − i, p ) ≤ ( i + 1) R ′ W ℓ ′ ( f ( D − i + 1)) .Proof. By induction on i . Base case : i = 2 f ( D − , p ) ≤ max { R, W ℓ ′ ( f ( D − f ( D − , p ) }≤ R + W ℓ ′ ( f ( D − f ( D − , p ) ≤ R + W ℓ ′ ( f ( D − R ≤ R + W ℓ ′ ( f ( D − ≤ R ′ W ℓ ′ ( f ( D − Induction step : f ( D − i − , p ) ≤ max { R, W ℓ ′ ( f ( D − i )) + f ( D − i, p ) }≤ R + W ℓ ′ ( f ( D − i )) + ( i + 1) R ′ W ℓ ′ ( f ( D − i + 1)) ≤ R ′ W ℓ ′ ( f ( D − i )) + ( i + 1) R ′ W ℓ ′ ( f ( D − i ))= ( i + 2) R ′ W ℓ ′ ( f ( D − i )) Lemma 6.5.
Let q ( i ) = (2 m ( k ′ + 1)!) i . Then ℓ ′ ( f ( D − ≤ (2 mW ′ R ′ ) q (1) and also ℓ ′ ( f ( D − i )) ≤ Q D − j = D − i (cid:0) ( D − j + 1)2 mW ′ R ′ (cid:1) q ( i + j +1 − D ) .Proof. ℓ ′ ( f ( D − ≤ (2 mW ′ R ′ ) q (1) is by Lemma 4.4. Next result is by induction on i . Base case : i = 2. Since f ( D − , p ) ≤ R ′ W ℓ ′ ( f ( D − ℓ ′ ( f ( D − ≤ (2 mW r ′ ) q (1) where r ′ = max { f ( D − , p ) | p ∈ P } + W + W + W , we get ℓ ′ ( f ( D − ≤ (2 mW (3 R ′ W ℓ ′ ( f ( D − W + W + W )) q (1) ≤ (3 ∗ mW ′ R ′ ) q (1) (2 mW ′ R ′ ) q (2) nduction step : Since f ( D − i − , p ) ≤ ( i + 2) R ′ W ′ ℓ ′ ( f ( D − i )), we have ℓ ′ ( f ( D − i − ≤ (2 mW (( i + 2) R ′ W ′ ℓ ′ ( f ( D − i )) + W + W + W )) q (1) ≤ ( i + 2)2 mW ′ R ′ D − Y j = D − i (( D − j + 1)2 mW ′ R ′ ) q ( i + j +1 − D ) q (1) = (cid:0) ( i + 2)2 mW ′ R ′ (cid:1) q (1) D − Y j = D − i (cid:0) ( D − j + 1)2 mW ′ R ′ (cid:1) q ( i +1+ j +1 − D ) = D − Y j = D − i − (cid:0) ( D − j + 1)2 mW ′ R ′ (cid:1) q ( i +1+ j +1 − D ) ⊓⊔ Theorem 6.6.
Given a Petri net with an initial marking and a κ formula φ , if the vertex cover number ofthe Petri net k and the maximum arc weight W are treated as parameters and the nesting depth D of EF modality in the formula is treated as a constant, then there is a ParaPspace algorithm that checks if thePetri net satisfies the given formula.Proof.
First reduce φ to the form of γ ∧ EF ( κ ) ∧ · · · ∧ EF ( κ r ), with γ having only conjunctions of τ ≥ c formulas by nondeterministically choosing disjuncts from subformulas of φ . By Lemma 6.3, it is enough fora nondeterministic algorithm to guess sequences σ αj , αj ∈ Γ of lengths at most ℓ ′ ( f ( | αj | − k ′ and polynomial in the size ofthe net and numeric constants in the formula. This gives the ParaPspace algorithm. ⊓⊔ The space requirement of the above algorithm will have terms like m D and hence it will not be ParaPspace if D is treated as a parameter instead of a constant. In order to check the truth of β formulas, we adapt the concept of disjointness sequence introduced in [3]to our notation. To make the presentation suitable for our setting, we use terminology different from thoseused in [3]. Definition 6.7 ([3]).
Let X ⊆ P be a non-empty subset of places. If σ = t · · · t r is a sequence of transitionsand p is a place, ∆ [ σ ]( p ) denotes the total effect of σ on p : ∆ [ σ ]( p ) = P ri =1 Post ( p, t i ) − Pre ( p, t i ) . A firingsequence σ enabled at an initial marking M : P → N is said to be a X -pumping sequence if σ can bedecomposed as σ ′ σ σ ′ σ · · · σ ′ α σ α such that1. For each p ∈ P , ∆ [ σ ]( p ) ≥ and for each λ between and α , ∆ [ σ λ ]( p ) < implies there is a µ ≤ λ − such that ∆ [ σ µ ]( p ) > and2. X ⊆ S αλ =1 { p ∈ P | ∆ [ σ λ ]( p ) > } .The subsequences σ , . . . , σ α are called pumping portions of the pumping sequence. They are underlined todistinguish them from non-pumping portions of the sequence. The following lemma from [3] establishes the connection between model checking β formulas and the existenceof pumping sequences. Lemma 6.8 ([3]). N , M | = { τ , . . . , τ r } = ω iff there exists a X -pumping sequence for some X ⊆ P suchthat for every j ∈ { , · · · , r } , there is a p j ∈ X with L τ j ( p j ) ≥ .Proof. ( ⇐ ) Suppose there is a X -pumping sequence σ as given in the lemma. Let σ ′ σ · · · σ ′ α σ α be thedecomposition of σ as in Def. 6.7. By repeating the subsequences σ , . . . , σ α suitably many times (see [3,Lemma 3.1]), we can ensure that for all c ∈ N , there is a marking M reachable from M such that for all j ∈ { , . . . , r } , P p ∈ P L τ j ( p ) M ( p ) > c .( ⇒ ) Suppose N , M | = { τ , . . . , τ r } = ω . By semantics, we get ∀ c ∈ N , there is a marking M reachablefrom M such that for all j ∈ { , . . . , r } P p ∈ P L τ j ( p ) M ( p ) > c . Hence, we can conclude that for all c ∈ N ,13here are places p c , p c , . . . , p cr and M c reachable from M such that M c ( p cj ) > c ∧ L τ j ( p cj ) ≥ j ∈ { , . . . , r } . For each c ∈ N , let X c = { p c , . . . , p cr } . Since the sequence X , X , . . . is infinite and thereare only finitely many subsets of P , at least one subset of P occurs infinitely often in this sequence. Let X be this subset. We will now prove that there is a X -pumping sequence using some results about coverabilitytrees [4, Section 4.6].Recall that in a coverability tree, markings M : P → N are extended to ω -markings M : P → N ∪ { ω } , bymapping unbounded places to ω . We first claim that there is some reachable ω -marking M in the coverabilitytree of ( N , M ) such that for all p ∈ X , M ( p ) = ω . Suppose not. Then, for every reachable ω -marking M ,there is some place p ∈ X such that M ( p ) < ω . Let c be the maximum of such bounds. Then, by [4, Theorem22], for every marking M reachable from M , there exists p ∈ X such that M ( p ) ≤ c , a contradiction. Hence,there is a reachable ω -marking M in the coverability tree of ( N , M ) such that for all p ∈ X , M ( p ) = ω .Now, the required X -pumping sequence can be constructed (see [3, Lemma 3.1] for details). ⊓⊔ Model checking β formulas thus reduces to detecting the presence of certain X -pumping sequences. Thefollowing definition adapted from [3] is a generalization of Q -enabled self-covering sequences. Definition 6.9 ([3]).
Let I ⊆ Q ⊆ P be a subset of places that contains all independent places, Y ⊆ P apossibly empty subset of places and X ⊆ P a non-empty subset of places. Let M : P → Z and c ∈ N ∪ { ω } .A sequence of transitions is said to be a Y -neglecting weakly M, Q, c -enabled X -pumping sequence if it can be decomposed as σ ′ σ σ ′ σ · · · σ ′ α σ α such that1. For each ≤ λ ≤ α , for each p ∈ P , ∆ [ σ λ ]( p ) < implies (there is a ≤ µ ≤ λ − such that ∆ [ σ µ ]( p ) > or p ∈ Y ).2. X ⊆ S αλ =1 { p ∈ P | ∆ [ σ λ ( p )] > } \ Y .3. For any intermediate marking M ′ and any place p ∈ Q \ I , M ′ ( Q ) < c .4. For any intermediate marking M ′ and any place p ∈ Q , M ′ ( p ) < implies (there is a σ µ occurring before M ′ such that ∆ [ σ µ ]( p ) > or p ∈ Y ). Intuitively, a Y -neglecting weakly M, Q, c -enabled X -pumping sequence maintains the number of tokensbetween 0 and c in all places in Q while in other places, it can become less than 0 or more than c . If a place p ∈ Q has already been pumped up by some pumping portion σ µ , p may have negative number of tokens inintermediate markings that occur after σ µ . The following lemma implies that for detecting the presence ofpumping sequences, it is enough to detect certain weakly enabled pumping sequences. Lemma 6.10 ([3]).
Let X ⊆ P be a non-empty subset of places and M : P → N be the initial marking. Any X -pumping sequence enabled at M is a ∅ -neglecting weakly M , P, ω -enabled X -pumping sequence. Supposethat σ = σ ′ σ σ ′ σ · · · σ ′ α σ α is a ∅ -neglecting weakly M , P, ω -enabled X -pumping sequence. Then, there are n , n , . . . , n α ∈ N such that σ ′ σ n σ ′ σ n · · · σ ′ α σ αn α is a X -pumping sequence enabled at M .Proof. The first part follows from definitions. For the second part, we define n α , . . . , n in that order asfollows: – n α = 1. – Suppose 1 ≤ λ < α and n λ +1 , . . . , n α have already been defined. Define n λ to be ( α − λ )( | σ | − W + P αµ = λ +1 ( | σ | − W n µ .We will prove that σ ′ = σ ′ σ n σ ′ σ n · · · σ ′ α σ αn α satisfies all conditions of Def. 6.7 and that it is enabledat M . Condition 2 follows by the fact that σ satisfies condition 2 of Def. 6.9 and that Y = ∅ . Condition1 of Def. 6.7 follows by the fact that σ satisfies condition 1 of Def. 6.9 and that Y = ∅ . For proving that σ ′ is enabled at M , we will prove the following claim by induction on λ : for any intermediate marking M ′ occurring when firing σ ′ σ n · · · σ ′ λ σ λn λ from M and any p ∈ P , M ′ ( p ) ≥
0; and for any intermediatemarking M ′′ occurring while firing σ ′ from M and any p ′ ∈ S λµ =1 { p ∈ P | ∆ [ σ µ ]( p ) > } , M ′′ ( p ) ≥ λ = 1: Since Y = ∅ and σ satisfies condition 4 of Def. 6.9, for any intermediate marking M ′ occurring when firing σ ′ σ from M and any place p ∈ P , M ′ ( p ) ≥
0. Since σ satisfies condition 1 of Def. 6.9and Y = ∅ , ∆ [ σ ]( p ) ≥ p ∈ P . Hence, for any intermediate marking M ′ occurring when firing σ ′ σ n from M and any place p ∈ P , M ′ ( p ) ≥
0. Since | σ ′ · · · σ ′ α | ≤ ( α − | σ | −
1) and | σ n · · · σ αn α | ≤ P αµ =2 ( | σ | − n µ , σ ′ σ n · · · σ ′ α σ αn α can decrease at most ( α − | σ | − W + P αµ =2 ( | σ | − W n µ tokensfrom any place. If M σ σ n ===== ⇒ M and ∆ [ σ ]( p ) > p , then M ( p ) ≥ ( α − | σ | − W + P αµ =2 ( | σ | − W n µ . Hence, the second part of the claim follows.14nduction step: Assume that M σ ′ σ n ··· σ ′ λ σ λnλ =========== ⇒ M λ . Suppose for some place p ′ and some intermediatemarking M ′ that occurs while firing σ λ +1 σ λ +1 from M λ , M ′ ( p ) <
0. By induction hypothesis, p ′ / ∈ S λµ =1 { p ∈ P | ∆ [ σ µ ]( p ) > } , which contradicts the fact that σ satisfies conditions 1 and 4 of Def. 6.9. Also from condi-tion 1 of Def. 6.9, ∆ [ σ λ +1 ]( p ) ≥ p / ∈ S λµ =1 { p ∈ P | ∆ [ σ µ ]( p ) > } . Hence, for all p ∈ P and any in-termediate marking M ′ that occurs while firing σ ′ λ +1 σ λ +1 n λ +1 from M λ , M ′ ( p ) ≥
0. Suppose λ +2 ≤ α . Since | σ ′ λ +2 · · · σ ′ α | ≤ ( α − λ − | σ | −
1) and | σ λ +2 n λ +2 · · · σ αn α | ≤ P αµ = λ +2 ( | σ | − n µ , σ ′ λ +2 σ λ +2 n λ +2 · · · σ ′ α σ αn α can decrease at most ( α − λ − | σ |− W + P αµ = λ +2 ( | σ |− W n µ tokens from any place. If M λ σ ′ λ +1 σ λ +1 nλ +1 ========== ⇒ M λ +1 and ∆ [ σ λ +1 ]( p ) > p , then M λ +1 ( p ) ≥ ( α − λ − | σ | − W + P αµ = λ +2 ( | σ | − W n µ .Hence, second part of the claim follows. ⊓⊔ As is done in section 5, we will bound the length of weakly enabled pumping sequences by induction on | Q | . The following two lemmas are helpful in manipulating weakly enabled pumping sequences. Lemma 6.11 ([3]).
Suppose σ = σ ′ σ σ ′ · · · σ ′ α σ α is a Y -neglecting M, Q, ω -enabled X -pumping sequence.Then the sequence σ ′ = σ ′ σ n σ σ n ′ σ ′ · · · σ ′ α σ n α α σ α is also a Y -neglecting M, Q, ω -enabled X -pumping se-quence for any n , n ′ , . . . , n α ∈ N ( σ λ is same as σ λ , except that σ λ is not considered a pumping portionwhile σ λ is considered a pumping portion).Proof. We will prove that the new sequence satisfies all the conditions of Def. 6.9. Conditions 1 and 2 aresatisfied since the set of pumping portions of the new sequence is equal to that of the old one and occursin the same order. Condition 3 is trivially satisfied since in this case, c = ω . Suppose for some intermediatemarking M ′ and some place p ∈ Q , M ′ ( p ) <
0. Let µ be the maximum number such that σ µ occurs before M ′ .Suppose M σ ′ σ n σ σ n ′ σ ′ ··· σ ′ µ σ nµµ σ µ −−−−−−−−−−−−−−−−−→ M ′′ and M ′′ η −−→ M ′ . If p ∈ Y or p ∈ S µµ ′ =1 { p ′ ∈ P | ∆ [ σ µ ′ ]( p ′ ) > } ,there is nothing else to prove. Otherwise, ∆ [ σ µ ′ ]( p ) = 0 for every µ ′ between 1 and µ . This implies that if M σ ′ σ σ ′ ··· σ ′ µ σ µ −−−−−−−−−→ M and M η −−→ M , then M ( p ) <
0, contradicting the fact that σ satisfies condition 4 ofDef. 6.9. ⊓⊔ Lemma 6.12.
Suppose σ = σ ′ σ · · · σ ′ α σ α is a Y -neglecting weakly M, Q, ω -enabled X -pumping sequenceand π = π ′ π · · · π ′ α ′ π α ′ is a Y -neglecting weakly M , Q, ω -enabled X -pumping sequence. If Y = Y ∪{ p ∈ P | ∆ [ σ λ ]( p ) > , ≤ λ ≤ α } , M σ −−→ M and for all p ∈ Q \ Y , M ( p ) = M ( p ) , then σπ = σ ′ σ · · · σ ′ α σ α π ′ π · · · π ′ α ′ π α ′ is a Y -neglecting weakly M, Q, ω -enabled ( X ∪ X ) -pumping sequence.Proof. We will prove that the combined sequence satisfies all conditions of Def. 6.9.1. This follows since σ and π individually satisfy condition 1 of Def. 6.9 and Y = Y ∪ { p ∈ P | ∆ [ σ λ ]( p ) > , ≤ λ ≤ α } .2. This follows from the fact that X and X individually satisfy condition 2 of Def. 6.9.3. This is trivially satisfied since in this case, c = ω .4. Suppose M ′ is some intermediate marking that occurs while firing π from M with M ′ ( p ) < p ∈ Q . If p ∈ Y or there is some π λ ′ occurring before M ′ such that ∆ [ π λ ′ ]( p ) >
0, there is nothingmore to prove. Otherwise, the fact that p ∈ Q \ Y and M ( p ) = M ( p ) contradicts the fact that π isa Y -neglecting weakly M, Q, ω -enabled X -pumping sequence, that should have satisfied condition 4 ofDef. 6.9. ⊓⊔ Now, we will generelize slencov and ℓ to weakly enabled pumping sequences so that we can calculatebounds on their lengths by induction on | Q | . Definition 6.13.
Let
Q, X, Y ⊆ P be subsets of places such that I ⊆ Q and X is non-empty. Suppose σ = σ ′ σ · · · σ ′ α σ α is a Y -neglecting weakly M, Q, ω -enabled X -pumping sequence for some M : P → Z . Forsome independent place p ∈ I , if there is a µ such that ∆ [ σ µ ] > , we do not care if p has negative numberof tokens in some intermediate marking that occurs after σ µ , even if p / ∈ Y . For each p ∈ I \ Y , let µ [ p ] bethe minimum number such that ∆ [ σ µ [ p ] ]( p ) > . If M σ ′ σ ··· σ ′ µ [ p ] σ µ [ p ] −−−−−−−−−−−→ M , then the set of all intermediatemarkings occurring between M and M (including M and M ) is called the caring zone of p . If there is no σ µ such that ∆ [ σ µ ]( p ) > , then the caring zone of p is the set of all intermediate markings. efinition 6.14. Let U ′ ∈ N be some fixed number. For j ∈ N , Q, X, Y ⊆ P with I ⊆ Q and X non-empty and a function M : P → Z , pumlen ( Q, j, M, X, Y ) is the length of the shortest Y -neglecting weakly M, Q, ω -enabled X -pumping sequence from M if there is a Y -neglecting weakly M, Q, ω -enabled X -pumpingsequence from M in which every independent place p ∈ I \ Y has at most U ′ + jW tokens in all intermediatemarkings belonging to the caring zone of p . Let pumlen ( Q, j, M, X, Y ) be if there is no such sequence. Let ℓ ( i, j ) = max { pumlen ( Q, j, M, X, Y ) | I ⊆ Q ⊆ P, | Q \ I | = i, M : P → Z , X, Y ⊆ P, X = ∅} . Lemma 6.15.
Let
Q, X, Y ⊆ P be subsets of places such that I ⊆ Q and X is non-empty and let U ′ ∈ N .Let e ∈ N . Suppose there is a Y -neglecting weakly M, Q, e -enabled X -pumping sequence σ = σ ′ σ · · · σ ′ α σ α for some M : P → Z such that every place p ∈ I \ Y has at most U ′ tokens in all intermediate markingsbelonging to the caring zone of p . Then, there is a Y -neglecting weakly M, Q, ω -enabled X -pumping sequenceof length at most αk ′ (2 e ) c ′ k ′ ( U ′ W ) c ′ m for some constant c ′ .Proof. By induction on α .Base case α = 1: In this case, σ = σ ′ σ . All intermediate markings occurring as a result of firing σ from M belong to the caring zone of each place p ∈ I \ Y . If any two intermediate markings occurring when σ ′ isfired from M agree on all places in Q \ Y , then the subsequence between them can be removed. Hence, wecan assume without loss of generality that | σ ′ | ≤ U ′ m e k ′ .As in Rackoff’s proof of Lemma 4.5 in [21], remove Q \ Y -loops from σ carefully until what remainsbehind is a sequence σ ′′ of length at most ( U ′ m e k ′ + 1) . Let b ∈ N | S \ Y | be the vector containing a 1 ineach coordinate corresponding to a special place in S \ Y whose number of tokens is increased by σ and 0in all other coordinates. If π is a Q \ Y -loop, its loop value is the vector in Z | S \ Y | , which contains in eachcoordinate the total effect of π on the corresponding special place in S \ Y . Let L ⊆ Z | S \ Y | be the set of loopvalues that were removed from σ . Let B be the matrix with | S \ Y | rows, whose columns are the membersof L . For any sequence π , let ef ( π ) be the vector in Z | S \ Y | , which contains in each coordinate the total effectof π on the corresponding special place in S \ Y . By definition, ef ( σ ) ≥ b . The effect of σ can be split intothe effect of σ ′′ and the effect of Q \ Y -loops that were removed from σ . If x ( i ) is the number of Q \ Y -loopsremoved from σ whose loop value is equal to the i th column of B , then we have Bx ≥ b − ef ( σ ′′ ).A loop value is just the effect of at most e k ′ U ′ m transitions, and hence each entry of B is of absolutevalue at most e k ′ U ′ m W . The matrix B has therefore at most (2 e k ′ U ′ m W + 1) k ′ columns. Each entry of b − ef ( σ ′′ ) is of absolute value at most W ( e k ′ U ′ m + 1) + 1. Letting d = k ′ and d = max { (2 e k ′ U ′ m W +1) k ′ , e k ′ U ′ m W, W ( e k ′ U ′ m + 1) + 1 } ≤ (2 e ) k ′ ( U ′ W ) m , we can apply Lemma 4.4 of [21]. The result is thatthere is a vector y ∈ N | L | such that the sum of entries of y is equal to l ≤ d ((2 e ) k ′ ( U ′ W ) m ) ck ′ for someconstant c . Let c ′ be a constant such that l ≤ k ′ (2 e ) c ′ k ′ ( U ′ W ) c ′ m .Now, we will put back l Q \ Y -loops back to σ ′′ , which was of length at most ( e k ′ U ′ m +1) . Since the lengthof each Q \ Y -loop is at most e k ′ U ′ m , the total length of the newly constructed pumping portion is at most( e k ′ U ′ m +1) + k ′ (2 e ) c ′ k ′ ( U ′ W ) c ′ m . Together with σ , whose length is at most e k ′ U ′ m , we get a Y -neglectingweakly M, Q, ω -enabled X -pumping sequence of length at most 2( e k ′ U ′ m + 1) + k ′ (2 e ) c ′ k ′ ( U ′ W ) c ′ m ≤ k ′ (2 e ) c ′ k ′ ( U ′ W ) c ′ m .Induction step: Suppose σ = σ ′ σ · · · σ ′ α +1 σ α +1 . Let X = { p ∈ P | ∆ [ σ ]( p ) > } . The sequence σ ′ σ isa Y -neglecting weakly M, Q, ω -enabled X -pumping sequence. Let M σ ′ σ −−−→ M . As is done in the base case,we can replace σ ′ σ by another Y -neglecting weakly M, Q, ω -enabled X -pumping sequence σ ′ of length atmost 8 k ′ (2 e ) c ′ k ′ ( U ′ W ) c ′ m ending at some marking M such that for all p ∈ Q \ Y , M ( p ) = M ( p ) (this isbecause we only remove Q \ Y loops from σ ′ σ to obtain the shorter sequence σ ′ ).The sequence σ ′ σ · · · σ ′ α +1 σ α +1 is a ( Y ∪ X )-neglecting weakly M , Q, ω -enabled ( X \ X )-pumpingsequence. By induction hypothesis, there is another ( Y ∪ X )-neglecting weakly M , Q, ω -enabled ( X \ X )-pumping sequence σ ′′ of length at most 8 k ′ α (2 e ) c ′ k ′ ( U ′ W ) c ′ m . Lemma 6.12 implies that σ ′ σ ′′ is a Y -neglecting weakly M, Q, ω -enabled ( X \ X ) ∪ X -pumping sequence. The length of σ ′ σ ′′ is at most 8 k ′ ( α +1)(2 e ) c ′ k ′ ( U ′ W ) c ′ m . ⊓⊔ Using the technical lemmas proved above, we will now obtain a recurrence relation for ℓ . Lemma 6.16. ℓ (0 , j ) ≤ mk ′ (2( U ′ + jW ) W ) c ′ m .Proof. By Lemma 6.15 after setting e = 1 and substituting U ′ by U ′ + jW . Lemma 6.17. ℓ ( i + 1 , j ) ≤ mk ′ (2 W ℓ ( i, j + 1)) c ′ k ′ (( U ′ + jW ) W ) c ′ m . roof. Let
Q, X, Y ⊆ P be subsets of places such that I ⊆ Q , | Q \ I | = i + 1 and X is non-empty. Let M : P → Z be some marking. Suppose there is a Y -neglecting weakly M, Q, ω -enabled X -pumping sequence σ such that every independent place p ∈ I \ Y has at most U ′ + jW tokens in any intermediate markingbelonging to the caring zone of p . We will prove that there is a Y -neglecting weakly M, Q, ω -enabled X -pumping sequence of length at most 10 mk ′ (2 W ℓ ( i, j + 1)) c ′ k ′ (( U + jW ) W ) c ′ m .Case 1: The sequence σ is a Y -neglecting weakly M, Q, W ℓ ( i, j + 1)-enabled X -pumping sequence. Therequired result is a consequence of Lemma 6.15, after substituting U ′ + jW for U ′ .Case 2: The sequence σ decomposes into σ = σ ′ σ · · · σ ′ α σ α such that for some 2 ≤ λ ≤ α , M σ ′ σ ··· σ λ − −−−−−−−−→ M σ ′ λ −−→ M and there is some intermediate marking M ′ between M and M and a place q ∈ Q \ Y with M ′ ( q ) ≥ W ℓ ( i, j + 1). Let M ′ be the earliest such intermediate marking occurring outside of pumpingportions. If there is some λ > { p ∈ P | ∆ [ σ λ ]( p ) > } ⊆ S λ − µ =1 { p ∈ P | ∆ [ σ µ ]( p ) > } , then σ λ can be considered as a non-pumping portion and the resulting sequence will still be a Y -neglecting weakly M, Q, ω -enabled X -pumping sequence. Hence, without loss of generality, we can assume that α ≤ m . Let M σ ′ λ −−→ M ′ σ ′ λ −−→ M . Let X = S λ − µ =1 { p ∈ P | ∆ [ σ µ ]( p ) > } . The sequence σ ′ σ · · · σ λ − is a Y -neglectingweakly M, Q, W ℓ ( i, j + 1)-enabled X -pumping sequence in which every place p ∈ Q \ Y has at most U ′ + jW tokens in all intermediate markings belonging to the caring zone of p . By Lemma 6.15, there isa Y -neglecting weakly M, Q, ω -enabled X -pumping sequence π of length at most 8( λ − k ′ (2 W ℓ ( i, j +1)) c ′ k ′ (( U ′ + jW ) W ) c ′ m . We can remove all ( Q \ Y \ X )-loops from σ ′ λ to obtain π ′ λ of length at most( W ℓ ( i, j + 1)) k ′ ( U ′ + jW ) m . If M π −−→ M ′ π ′ λ −−→ M ′′ σ ′ λ −−→ M ′ , we will have M ′′ ( p ) = M ′ ( p ) for all p ∈ ( Q \ Y \ X ).The sequence σ ′ λ σ λ · · · σ ′ α σ α is a ( Y ∪ X )-neglecting weakly M ′ , Q, ω -enabled ( X \ X )-pumping sequencesuch that every independent place p ∈ I \ ( Y ∪ X ) has at most U ′ + jW tokens in all intermediate markingsbelonging to the caring zone of p . By definition, there is a ( Y ∪ X )-neglecting weakly M ′ , Q \ { q } , ω -enabled( X \ X )-pumping sequence π of length at most ℓ ( i, j ). If q ∈ X , then π is also a ( Y ∪ X )-neglectingweakly M ′ , Q, ω -enabled ( X \ X )-pumping sequence. Otherwise, M ′′ ( q ) = M ′ ( q ) ≥ W ℓ ( i, j ) and π candecrease at most W ℓ ( i, j ) tokens from q , so again π is a ( Y ∪ X )-neglecting weakly M ′ , Q, ω -enabled( X \ X )-pumping sequence. In either case, Lemma 6.12 implies that π π ′ λ π is a Y -neglecting weakly M, Q, ω -enabled X -pumping sequence. Its length is at most 8 αk ′ (2 W ℓ ( i, j + 1)) c ′ k ′ (( U ′ + jW ) W ) c ′ m +( W ℓ ( i, j + 1)) k ′ ( U ′ + jW ) m + ℓ ( i, j ).Case 3: The sequence σ decomposes into σ = σ ′ σ · · · σ ′ α σ α such that for some intermediate marking M ′ occurring while firing σ ′ from M , there is some place q ∈ Q \ Y such that M ′ ( q ) ≥ W ℓ ( i, j ). Let M ′ bethe first such intermediate marking. Let M σ ′ −−→ M ′ σ ′ −−→ M . Remove all Q \ Y -loops from σ ′ to get π ′ of length at most ( W ℓ ( i, j + 1)) k ′ ( U ′ + jW ) m . In addition, M π ′ −−→ M ′′ such that M ′′ ( p ) = M ′ ( p ) for all p ∈ Q \ Y . The sequence σ ′ σ · · · σ α is a Y -neglecting weakly M ′ , Q \ { q } , ω -enabled X -pumping sequencesuch that every independent place p ∈ I \ Y has at most U ′ + jW tokens in any intermediate markingbelonging to the caring zone of p . By definition, there is a Y -neglecting weakly M ′ , Q \ { q } , ω -enabled X -pumping sequence π of length at most ℓ ( i, j ). Since π can decrease at most W ℓ ( i, j ) tokens from q and M ′ ( q ) = M ′′ ( q ) ≥ W ℓ ( i, j ), π is also a Y -neglecting weakly M ′ , Q, ω -enabled X -pumping sequence. Hence, σ ′ π is a Y -neglecting weakly M, Q, ω -enabled X -pumping sequence.Case 4: The sequence σ decomposes into σ = σ ′ σ · · · σ ′ α σ α such that for some 1 ≤ λ ≤ α , M σ ′ σ ··· σ ′ λ −−−−−−→ M σ λ −−→ M and there is some intermediate marking M ′ between M and M and a place q ∈ Q \ Y with M ′ ( q ) ≥ W ℓ ( i, j + 1). For every independent place p ∈ I \ Y , if ∆ [ σ λ ]( p ) > W , transfer to p v the lasttransition in σ λ that adds tokens to p , where v is the variety of p . Repeat this until for every p ∈ I \ Y with ∆ [ σ λ ]( p ) >
0, no more than W and no less than 1 tokens are added by the new pumping portion afterthe transfers. By Lemma 6.11, σ ′ σ · · · σ ′ λ σ λ σ λ · · · σ α is a Y -neglecting weakly M, Q, ω -enabled X -pumpingsequence such that every independent place p ∈ I \ Y has at most U ′ + ( j + 1) W tokens in any intermediatemarking belonging to the caring zone of p . Now, we are back to case 2 or case 3 with ( j + 1) replacing j . ⊓⊔ As earlier, we will denote c ′ k ′ by h . Lemma 6.18. ℓ ( i, j ) ≤ (10 mk ′ ) (1+ h ) i (2 W ) poly ( h i ) ( U ′ + ( j + i ) W ) poly ( h i ) where poly ( h i ) and poly ( h i ) are polynomials in h i , c ′ , k ′ and m . roof. By induction on i . ℓ (0 , j ) ≤ mk ′ (2( U ′ + jW ) W ) c ′ m . We will choose poly and poly such that8 mk ′ (2( U ′ + jW ) W ) c ′ m ≤ mk ′ (2 W ) poly (1) ( U ′ + jW ) poly (1) . ℓ ( i + 1 , j ) ≤ mk ′ (2 W ℓ ( i, j + 1)) h (( U ′ + jW ) W ) c ′ m ≤ mk ′ h W (10 mk ′ ) (1+ h ) i (2 W ) poly ( h i ) ( U ′ + ( j + 1 + i ) W ) poly ( h i ) i h (( U ′ + jW ) W ) c ′ m ≤ (10 mk ′ ) h (1+ h ) i (2 W ) (1+ poly ( h i )) h + c ′ m ( U ′ + ( j + i + 1) W ) poly ( h i ) h + c ′ m It is now enough to choose poly and poly such that poly ( h ) ≥ c ′ m , poly ( h i +1 ) ≥ (1+ poly ( h i )) h + c ′ m , poly ( h ) ≥ c ′ m and poly ( h i +1 ) ≥ poly ( h i ) h + c ′ m . These conditions are met by poly ( h i ) = h i c ′ m +( h + c ′ m )( h i −
1) and poly ( h i ) = h i c ′ m + c ′ m ( h i − h ≥ ⊓⊔ For the upper bound obtained in Lemma 6.18 to be useful, we should have a pumping sequence in whichindependent places have controlled number of tokens in intermediate markings (i.e., U ′ and j are bounded).The following lemma establishes this with the help of truncation lemma. Lemma 6.19.
Let
Q, X, Y ⊆ P be subsets of places such that I ⊆ Q and X is non-empty. For some M : P → Z , suppose σ is a Y -neglecting weakly M, Q, ω -enabled X -pumping sequence. Let U be the maximumof the range of M and let U ′ = U + W + W + W . There is a Y -neglecting weakly M, Q, ω -enabled X -pumpingsequence in which every independent place p ∈ I \ Y has at most U ′ tokens in all intermediate markingsbelonging to the caring zone of p .Proof. Suppose σ is of the form σ = σ ′ σ σ ′ σ · · · σ ′ α σ α . Ensure that for every independent place p ∈ I \ Y and 1 ≤ λ ≤ α , if ∆ [ σ λ ]( p ) >
0, then ∆ [ σ λ ]( p ) ≥ W . If this is not the case, we can repeat σ λ W times.By Lemma 6.11, σ ′ σ σ σ σ ′ σ σ σ · · · σ ′ α σ α σ α is also a Y -neglecting weakly M, Q, ω -enabled X -pumpingsequence. Consider some 1 ≤ λ ≤ α and an independent place p ∈ I \ Y such that ∆ [ σ λ ]( p ) = 0 and σ λ occurs within the caring zone of p . Let M σ ′ σ σ σ ··· σ ′ λ − −−−−−−−−−−−→ M σ λ −−→ M σ λ −−→ M σ λ −−→ M . Let e =min { M ′ ( p ) | M ′ occurs between M and M } be the minimum number of tokens in p among all intermediatemarkings occurring between M and M . Let M be the first intermediate marking between M and M such that M ( p ) = e (see Fig. 4). Similarly, let e = min { M ′ ( p ) | M ′ occurs between M and M } be Steps of firing sequence N o . o f t o k e n s i n p M M M M e = e M M σ λ σ λ σ λ Fig. 4.
Illustration for proof of Lemma 6.19the minimum number of tokens in p among all intermediate markings occurring between M and M . Let18 be the last intermediate marking occurring between M and M such that M ( p ) = e . Note thatsince ∆ [ σ λ ]( p ) = ∆ [ σ λ ]( p ) = 0, e = e . Let M σ λ −−→ M σ λ −−→ M σ λ −−→ M σ λ −−→ M σ λ −−→ M . Let π λ be the sub-word of σ λ σ λ σ λ consisting of all the transition occurrences having an arc to/from p . Since M ( p ) = e = e = M ( p ) is the minimum number of tokens in p among all intermediate markings occurringbetween M and M , ∆ [ π λ ]( p ) = 0 and π λ is safe for transfer. Transfer π λ from p to p v , where v is the varietyof p . Perform similar transfers for all 1 ≤ λ ≤ α and independent places p ∈ I \ Y such that ∆ [ σ λ ]( p ) = 0and σ λ occurs within the caring zone of p .Consider some 1 ≤ λ ≤ α and an independent place p ∈ I \ Y such that ∆ [ σ λ ]( p ) > σ λ oc-curs within the caring zone of p . Let M σ ′ σ σ σ ··· σ ′ λ − −−−−−−−−−−−→ M σ λ −−→ M σ λ −−→ M . Let e = min { M ′ ( p ) | M ′ occurs between M and M } be the minimum number of tokens in p among all intermediate markingsoccurring between M and M . Let M be the first intermediate marking between M and M such that M ( p ) = e . Let M σ λ −−→ M σ λ −−→ M σ λ −−→ M . Let π λ be the sub-word of σ λ σ λ consisting of all transitionoccurrences having an arc to/from p . Since M ( p ) = e is the minimum number of tokens in p among allintermediate markings between M and M , π λ is safe for transfer. Transfer π λ to p v . To ensure that afterthis transfer, number of tokens in p is pumped up during the pumping portion under consideration, identifythe last transition in π λ that adds tokens to p and transfer it back to p . Since ∆ [ σ λ ]( p ) ≥ W , this last backtransfer will not violate any property of the pumping sequence. Perform this transfer and back transfer forall 1 ≤ λ ≤ α and independent places p ∈ I \ Y such that ∆ [ σ λ ]( p ) > σ λ occurs within the caring zoneof p .Now, we have a Y -neglecting weakly M, Q, ω -enabled X -pumping sequence with the following properties:1. For all 1 ≤ λ ≤ α and independent places p ∈ I \ Y such that ∆ [ σ λ ]( p ) = 0 and σ λ occurs within thecaring zone of p , no transition in σ λ has an arc to/from p .2. For all 1 ≤ λ ≤ α and independent places p ∈ I \ Y such that ∆ [ σ λ ]( p ) > σ λ occurs within thecaring zone of p , there is only one transition in σ λ that has an arc to/from p and this transition addssome tokens to p .Consider an independent place p ∈ I \ Y of some variety v . Let M ′ be the last intermediate marking in thecaring zone of p such that M ′ ( p ) is the minimum number of tokens in p among all intermediate markings inthe caring zone of p .Case 1: M ′ ( p ) ≥ M ( p ). In this case, the number of tokens in p does not come below M ( p ) at all. Let π p be the sub-word of the pumping sequence consisting of all transitions occurrences within the caring zone of p that have an arc to/from p , except the last such transition. Transfer π p to p v .Case 2: M ′ ( p ) < M ( p ). Invoking truncation lemma with e = M ( p ) + W , we identify sub-words between M and M ′ and transfer them to p v so that in any intermediate marking within the caring zone of p , p hasat most U + W + W + W tokens. Note that none of the sub-words transferred will involve any transitionin pumping portions due to the property we have ensured above.Due to the property we have ensured above, if for some place p ∈ I \ Y , there is some σ µ occurring withinthe caring zone of p with ∆ [ σ µ ]( p ) >
0, it remains so after any of the transfers above. For every independentplace p ∈ I \ Y , we identify and transfer sub-words to p v based on one of the above two cases. Finally, weend up with a Y -neglecting weakly M, Q, ω -enabled X -pumping sequence such that every independent place p ∈ I \ Y has at most U ′ tokens in all intermediate markings belonging to the caring zone of p . ⊓⊔ We will now combine results of previous lemmas to give a
ParaPspace upper bound for model checking β formulas. Theorem 6.20.
With the vertex cover number k and maximum arc weight W as parameters, β formulas ofthe logic given in the beginning of this section can be model checked in ParaPspace .Proof.
From Lemma 6.8, model checking β formulas is equivalent to checking the presence of X -pumpingsequences for some X . The choice of X can be done non-deterministically in the algorithm. From Lemma 6.10,checking the presence of X -pumping sequences is equivalent to checking the presence of ∅ -neglecting weakly M , P, ω -enabled X -pumping sequences. Setting U ′ = U + W + W in Def. 6.14, Lemma 6.19 implies that ifthere is a ∅ -neglecting weakly M , P, ω -enabled X -pumping sequence, there is one of length at most ℓ ( k ′ , ℓ ( k ′ , O ( m log | M | + m + log W + (1 + c ′ k ′ ) k ′ log k ′ log m + poly ( c ′ k ′ k ′ k ′ ) log W + poly ( c ′ k ′ k ′ k ′ ) log( U ′ k ′ W )), or O ( m log | M | + m + poly ( c ′ k ′ k ′ k ′ ) log( U ′ k ′ mW )) for some polynomial poly .An application of Savitch’s theorem now gives us the required ParaPspace algorithm. ⊓⊔ Conclusion
With the vertex cover number of the underlying graph of a Petri net and maximum arc weight as parameters,we proved that the coverability and boundedness problems can be solved in
ParaPspace . A fragment of CTLbased on these two properties can also be model checked in
ParaPspace . Since vertex cover is better studiedthan the parameter benefit depth we introduced in [20], the results here might lead us towards applyingother techniques of parameterized complexity to these problems. Whether coverability and boundedness arein
ParaPspace with the size of the smallest feedback vertex set and maximum arc weight as parameters isan open problem.
Acknowledgements.
The author acknowledges Kamal Lodaya and Saket Saurabh for helpful discussionsand feedback on the draft.
References [1] M. F. Atig and P. Habermehl. On Yen’s path logic for Petri nets. In
RP 2009 , volume 5797 of
LNCS , pages51–63, 2009.[2] M.F. Atig, A. Bouajjani, and S. Qadeer. Context-bounded analysis for concurrent programs with dynamiccreation of threads. In
TACAS ’09 , volume 5505 of
LNCS , pages 107–123, 2009.[3] S. Demri. On selective unboundedness. In
Infinity , 2010. To appear.[4] J. Desel and W. Reisig.
Place/transition Petri nets , volume 1491 of
LNCS , pages 122–173. 1998.[5] R. Downey. Parameterized complexity for the skeptic. In
CCC 2003 , pages 147–170.[6] R. G. Downey, M. R. Fellows, and U. Stege. Parameterized complexity: A framework for systematically con-fronting computational intractability. In
Contemporary Trends in Discrete Mathematics: From DIMACS andDIMATIA to the Future , volume 49 of
DIMACS , pages 49–100. 1999.[7] J. Esparza.
Decidability and complexity of Petri net problems — An introduction , volume 1491 of
LNCS , pages374–428. 1998.[8] J. Esparza and M. Nielsen. Decidability issues for Petri nets — a survey.
J. Inform. Process. Cybernet. ,30(3):143–160, 1994.[9] M. R. Fellows, D. Lokshtanov, N. Misra, F. A. Rosamond, and S. Saurabh. Graph layout problems parameterizedby vertex cover. In
ISAAC 2008 , volume 5369 of
LNCS , pages 294–305, 2008.[10] J. Flum and M. Grohe. Describing parameterized complexity classes.
Inf. Comput. , 187(2):291–319, 2003.[11] S. G¨oller, C. Haase, J. Ouaknine, and J. Worrell. Model checking succinct and parametric one-counter automata.In
ICALP 2010 , volume 6199 of
LNCS , pages 575–586, 2010.[12] C. Haase, S. Kreutzer, J. Ouaknine, and J. Worrell. Reachability in succinct and parametric one-counterautomata. In
CONCUR 2009 , volume 5710 of
LNCS , pages 369–383, 2009.[13] P. Habermehl. On the complexity of the linear-time µ -calculus for Petri-nets. In ATPN ’97 , volume 1248 of
LNCS , pages 102–116, 1997.[14] K. M. Kavi, A. Moshtaghi, and D-J. Chen. Modeling multithreaded applications using petri nets.
Int. J. ParallelProgram. , 30(5):353–371, 2002.[15] S.R. Kosaraju. Decidability of reachability in vector addition systems. In
Proc. 14th STOC , pages 267–281,1982.[16] P. Lafourcade, D. Lugiez, and R. Treinen. Intruder deduction for AC-like equational theories with homomor-phisms. In
RTA 2005 , volume 3467 of
LNCS , pages 308–322, 2005.[17] R. Lipton. The reachability problem requires exponential space. Technical report, 1975. Yale university.[18] E.W. Mayr. An algorithm for the general Petri net reachability problem. In
Proc. 13th STOC , pages 238–246,1981.[19] C.A. Petri.
Kommunikation mit Automaten . PhD thesis, Inst. Instrumentelle Math., 1962.[20] M. Praveen and K. Lodaya. Modelchecking counting properties of 1-safe nets with buffers in parapspace. In
FSTTCS 2009 , volume 4 of
LIPIcs , pages 347–358.[21] C. Rackoff. The covering and boundedness problems for vector addition systems.
Theoret. Comp. Sci. , 6:223–231,1978.[22] W. Reisig and G. Rozenberg. Informal introduction to Petri nets. In
Lectures on Petri Nets I: Basic Models ,volume 1491 of
LNCS , pages 1–11. 1998.[23] L.E. Rosier and H.-C. Yen. A multiparameter analysis of the boundedness problem for vector addition systems.
J. Comput. Syst. Sci. , 32(1):105–135, 1986.[24] M. Thorup. All structured programs have small tree width and good register allocation.
Inf. and Comp. ,142(2):159–181, 1998.[25] H.-C. Yen. A unified approach for deciding the existence of certain petri net paths.
Inf. Comput. , 96(1):119–137,1992. Proof of Truncation Lemma
Proof (Lemma 3.3).
Let M ′ be the last intermediate marking before M such that M ′ ( p ) ≤ e + W (seeFig. 5). Let M ′ be the first intermediate marking after M such that M ′ ( p ) ≤ e + W . We will call the Steps of firing sequence N o . o f t o k e n s i n p e · e + W · ≥ e + W + W · M · M ′ · M · M ′ · M · ascent descent Fig. 5.
Illustration for proof of Lemma 3.3subsequence between M ′ and M as ascent and the subsequence between M and M ′ as descent . Duringascent, the number of tokens in p increases by at least W . Since each transition can add at most W tokensto p , there are at least W transitions adding tokens to p during ascent. There must be at least one number1 ≤ w ≤ W such that among these W transitions, there are at least W transitions that add exactly w tokens to p . Similarly, there is a number 1 ≤ w ≤ W such that at least W transitions remove exactly w tokens from p during descent. The sub-word σ ′ we need consists of w “adding” transitions from ascent and w “removing” transitions from descent. The total effect of σ ′ on p is 0 and it is safe for transfer from p to p by construction. Since the first part of σ ′ removes w w > p , the number of tokens M ( p )after transferring σ ′ to p is strictly less than the number of tokens before the transfer. Before transfer,every intermediate marking between M ′ and M ′ had at least e + W tokens. Since the transfer of σ ′ causes w w ≤ W fewer tokens, all intermediate markings between M ′ and M ′ will have at least e ≥ p after transfer. Intermediate markings before M ′ and after M ′ do not change. ⊓⊔⊓⊔