Reconfigurable Open Algebraic High-Level Systems Electronic Communications of the EASST Volume 14 (2008) Proceedings of the Third Workshop on Petri Nets and Graph Transformations (PNGT 2008) Reconfigurable Open Algebraic High-Level Systems Conny Ullrich and Julia Padberg 14 pages Guest Editors: Paolo Baldan, Barbara König Managing Editors: Tiziana Margaria, Julia Padberg, Gabriele Taentzer ECEASST Home Page: http://www.easst.org/eceasst/ ISSN 1863-2122 http://www.easst.org/eceasst/ ECEASST Reconfigurable Open Algebraic High-Level Systems Conny Ullrich and Julia Padberg1 1 Technische Universität Berlin Fakultät IV - Informatik und Elektrotechnik Abstract: In this paper reconfigurable open algebraic high-level (AHL) systems are introduced as an extension of AHL systems [PER95]. In addition to the integra- tion of data structures open places and communicating transitions allow modelling reactive behavior as communication with their environment. Reconfigurable open AHL systems are defined that comprise rules and transformations of these nets. For- mally they are an instance of weak adhesive HLR systems [EP06] and so yield the same results. Moreover, a case study is presented that demonstrates the practical need for reconfigurable open AHL systems. Keywords: open Petri nets, reconfiguration, transformation, emergency scenarios 1 Motivation A mobile ad hoc network (MANET) is an autonomous collection of mobile nodes that commu- nicate with each other over wireless links. Since the nodes are mobile, the network topology may change unpredictably over time. Applications that are based on MANETs need extra ef- fort to be maintainable because of the nondeterministic nature of distribution and mobility. In order to facilitate more complex applications of MANETs a modeling technique is needed that enables the modeling of flexible workflows and supports changes of the network topology and the transformation of workflows. In [HEP07] flexible processes in MANETs are realised by using the formal notions of reconfigurable systems based on weak adhesive HLR systems ([EEPT06]). An instance of these systems are reconfigurable algebraic high-level (AHL) systems based on AHLSystems, the category of AHL systems and AHL system morphisms. AHL nets them- selves are an extension of the Place/Transition (P/T) Nets in the sense of [MM90] and combine P/T nets with algebraic specifications. A reconfigurable AHL system consists of an AHL sys- tem, i.e. an AHL net with an actual marking, and a set of rules whose application modify the AHL system’s structure at runtime. In our case studies [Ull08, HEP07] we have seen the need to model the workflows of different organisational units that communicate internally but also with other units. So, we need modeling means to express communication with the environment of each team. Communication can be modeled implicitly, as occurring messages or explicitly, where the message is send from some other unit via some channel. Open nets allows both: We can use open places for the implicit communication that abstract from the environment and we can use special transition to model explicit communication. For the adequate modeling of such systems suitable control structures are needed. In our project forMA`NET (Formal modeling and analysis of flexible workflows in mobile ad-hoc networks) [for08] we assume a control layer in terms algebraic higher order nets. Moreover, there are promising approaches to transfer different notions for control from graph transformation, e.g. negative application conditions [Rei08]. 1 / 14 Volume 14 (2008) Reconfigurable Open AHL Systems Figure 1 illustrates a workflow of an emergency scenario in a hospital where two organisations are involved: the Fire Department and the hospital personnel which consists of three units. The different units are marked by light blue squares. Each line represents the workflow of one person. Hence, the unit Nurses consists of two Nurses (N1, N2), Security consists of three persons (SCO, S1, EO), Fire Department consists of four persons (FDO, F1, F2, F3) and CEO represent one person. For the sake of clarity we omit the naming of the places, transitions and the arc inscriptions. Nurses CEO Security N2 N1 SCO S1 EO Fire Department FDO F1 F3F2 Figure 1: Emergency Scenario modelled with an AHL System In emergency scenarios typically different organizational units are participating that should be modeled individually. So, we extend the formalism of AHL Nets with open places and com- municating transitions to open AHL nets. The idea of open places is to provide an interface, that serves for implicit communication. Communicating transitions represent the interconnec- tion between different organizational units. Hence, the explicit communication event itself is represented by firing of the communicating transition, that is located between the corresponding input and output places. When examining one organizational unit the communication events are given implicitly by the creation and deletion of tokens. Closely related to our work there are different extensions of Petri nets for both the modelling of open systems, e.g. open nets and labelled nets with interface, and the modelling of dynami- cally changes of systems, e.g. dynamic Petri nets and reconfigurable Petri nets. The main idea to develop a formalism that allows modeling the the creation and deletion of tokens by the envi- ronment stems from [BCEH05], where open nets, classical P/T nets with a distinguished set of open places, are introduced. In [BCE+07] open net are composed by specific pushouts that are used for the definition of reconfigurations, in the DPO-approch as well. There the emphasis is on bisimilarity and rules that preserve the observational behaviour. Labelled nets with interface have been introduced in [NPS95]. Here, an interface is built of two components – the ’input’ interface, consisting of places, and the ’output’ interface, consisting of transitions. This approach Proc. PNGT 2008 2 / 14 ECEASST are continued in [PW98], where an elementary calculus is introduced in which one can construct any Petri net with an interface from trivial constants (single places, single transitions) by drawing arcs, adding tokens, and hiding public places and transitions. Reconfigurable Petri nets are a sub- class of net rewriting systems and formally equivalent to Petri nets. They have been introduced in [LO04]. Net rewriting systems are based on graph grammars and Valk’s self-modifying nets. Their rules are very similar to productions of graph grammars and the application of a rewriting rule is like a direct derivation in graph grammars. The formalism of reconfigurable Petri nets is a particular net rewriting system where the set of places and transitions is left unchanged by rewriting rules. Such rules only change the flow relations of the places in their domains. 2 Open AHL Systems Open AHL systems are an extension of AHL system (see [PER95]) with open places and com- municating transitions. Open places – as in [BCEH05] – may have token that are generated or removed independently of the net’s state. In contrast to AHL systems an open AHL system has three different modi for places—local, input and output—and two different modi of transitions– local and communicating. While local places are used to demonstrate the internal process scheme of a system, input and output places describe the interaction of this system with its environment. The embedding and transforming of an open AHL system S1 in an adequate open AHL system S2 is formally described by open AHL system morphisms. Here the structure and functionality of the modelled system must be preserved, i.e. amongst others an open AHL system morphism must preserve the modus of places. To keep at the categorical context we build the sets of places (P) by using the categorical coproduct, which ensures that the individual morphisms for the different modi are preserved by an open AHL system morphism. PL, PI and PO are objects of the category SETS, hence, the coproduct is given by the disjoint union. Definition 1 (Open Algebraic High Level (AHL) Systems) An open AHL system S = (N, m) is given by an open AHL net N = (SP, P, T, pre, post, cond,type, A) and a marking m. An open AHL net N consists of • an algebraic specification SP = (Σ, E; X ) with signature Σ = (S, OP), equations E, and additional variables X over Σ; • the disjoint union P = PL]PI ]PO of local (PL), input (PO) and output places (PO); • the disjoint union T = T L]T C of local (T L) and communicating transitions (T C); • pre- and post conditions pre and post, with pre, post : T → (TΣ(X )⊗P)⊕ where – pre : T L → (TΣ(X )⊗(PL]PI)⊕, post : T L → (TΣ(X )⊗PL]PO)⊕, – pre : T C → (TΣ(X )⊗PO)⊕, post : T C → (TΣ(X )⊗PI)⊕; • firing conditions cond : T → P f in(Eqns(Σ; X )); • a type of places with type : P → S • a (Σ, E)-algebra A where 1. the signature Σ = (S, OP) consists of sorts S and operation symbols OP, 3 / 14 Volume 14 (2008) Reconfigurable Open AHL Systems 2. TΣ(X ) is the set of terms with variables X over the signature Σ, 3. (TΣ(X )⊗P) = {(term, p)|term ∈ TΣ(X )type(p); p ∈ P}, 4. Eqns(Σ, X ) are all equations over the signature Σ with variables X. The marking m of N is given by M ∈CP⊕ where CP = (A⊗P) = {(a, p)|a ∈ Atype(p), p ∈ P}. The local places and local transitions comply with places and transitions of AHL nets. So, each AHL net can be mapped to an open AHL net with PI = PO = T C = /0. In the graphical representation of an open AHL net input and output places are distinguished from local places by incoming and outgoing arrows. In Example 1 we consider a part of our case study from Section 4 as an introductory example. Example 1 Figure 2 shows an open system S, which consists of the subsystems S1 and S2. The subsystem S2 starts operating when it has received an appropriate message from subsystem S1. The transition TC, which is located between the output place Message to Escort Officer of S1 and the input place Receive call from SCO of S2, serves as interconnection between these subsystems. Message: Call for fire emergency from centrex Person: Respond IFRT to fire location IFRT informed Message: Message to IFRT Person: start P9 message(codeRed, getCall-ID(P9), l1, s1) m18 Received call from centrex isIn(getRecipients(m18), getCall-ID(P9); getKind(m18)=codeRed P9 P9 P9 Person: Respond Escort Officer to staging location Message: Message to Escort Officer EO informed P9 P9 m Person: start Person: Meet FD at staging area P8 Got message isIn(getRecipients(m16), getCall-ID(P8)) getKind(m16)=codeRed Message: Receive call from SCO m16 m setLocation(P8, sArea) TC S S1 S2 Person: Waiting for receiving new information message(codeRed, getCall-ID(P9), l2, s2) Figure 2: open AHL net of system S For the formal definition of the operational behaviour of open AHL nets we first define functions to determine the data elements which must be removed from the pre-domain and added to the post-domain after firing of a transition. To fire a transition t ∈ T the conditions of t must be fulfilled. Let the set of variables Var(t) of a transition t ∈ T be the variables of the net inscrip- tions in pre(t), post(t) and cond(t) and asg : Var(t) → A be a variable assignment. Then set of consistent transition assignments CT = {(t, asg)|t ∈ T , cond(t) holds in A under asg} gives the assignments for the variables of t so that the conditions of t are fulfilled. Definition 2 (A - Pre and Post Domains) The A-pre-domain and A-post-domain preA, postA : CT → CP⊕ of a given open AHL net oAN = (SP, P, T, pre, post, cond, type, A) are defined by preA(t, asg) = (asg⊗idP)⊕pre(t) and postA(t, asg) = (asg⊗idP)⊕post(t) with asg = xeval(asg) where xeval is the extended evaluation of asg. Proc. PNGT 2008 4 / 14 ECEASST Definition 3 (Operational Behaviour) The operational behavior of an open AHL net N is de- scribed by the following three cases. I Firing of a transition: A transition t ∈ TN is enabled in M under asg iff (t, asg) ∈ CT and preA(t, asg) ≤ M. The follower marking M′ is given by M′ = M preA(t, asg)⊕ postA(t, asg). II Creation of a token by the environment: Let the set of active input places of N IA be defined by IA = PIN \ {p ∈ PIN| ∃c ∈ T CN : p ≤ post(c). Then the creation of a token is given by the follower marking M′ as defined as follows: M′ = M⊕(a, p) with p ∈ IA, a ∈ type(p). III Deletion of a token by the environment: Let the set of active output places of N OA be defined by OA = PON \{p∈PON |∃c∈T CN : p≤ pre(c)}. Then the deletion of a token is given by the follower marking M′ as defined as follows: M′ = M (a, p) with p ∈ OA, a ∈ type(p). An open AHL system morphism maps an open AHL system to another open AHL system which can have a different algebraic specification and algebra. This means that we have to deal with a morphism between algebras of different specifications. Therefore, we use generalised homomorphisms, a special case of generalised morphisms introduced in [EBO91]. A generalised homomorphism (( fS, fOP), fA) : ((Σ, E), A) → ((Σ, E)′, A′) is given by a specification morphism ( fS, fOP) : (Σ, E) → (Σ, E)′ and a homomorphism fA : A → V( fS, fOP)(A′) where V( fS, fOP) is the forgetful functor induced by ( fS, fOP). Definition 4 (Open AHL System Morphisms) Given open AHL systems S, S’. Then f = ( fSP, fP, fT , fA) : S → S′ is given by • fSP = ( fS, fOP, fX ) with fX : X → X′ is an injective mapping of variables • fP = ( fPL : PL → PL′)]( fPI : PI → PI′)]( fPO : PO → PO′) • fT = ( fT L : T L → T L′)]( fT C : T C → T C′) and • (( fS, fOP), fA) is a generalised homomorphism. f is an open AHL system morphism iff 1. f is compatible with pre, post, cond and type as shown in the following diagrams; P f in(Eqns(Σ; X )) T (TΣ(X ) ⊗ P)⊕ P S P f in(Eqns(Σ′; X′)) T ′ (TΣ′ (X′) ⊗ P′)⊕ P′ S′ fT ( f #SP ⊗ fP) ⊕ pre, post pre′, post′ P f in ( f # SP) cond cond′ fP fSP,S ty pe ty pe′ === 2. f is marking-preserving, i.e. for all (a, p) ∈ (A⊗P) : m1(a, p) ≤ m2( fA(a), fP(p)). An open AHL system morphism f is strict iff 1. fSP is strict injective, i.e. fSP is injective and f −1 SP (E ′) ⊆ E, 2. fP and fT are injective, and 3. f is marking strict, i.e. for all (a, p) ∈ (A⊗P) : m1(a, p) = m2( fA(a), fP(p)). The next theorem states that open AHL net morphisms preserve firing and communication. Theorem 1 (Preservation of firing and communiction) Given an open AHL net morphism fN = 5 / 14 Volume 14 (2008) Reconfigurable Open AHL Systems ( fSP, fP, fT , fA) : N1 → N2. Let M1 be a marking of N1 and M2 := ( f #SP ⊗ fP)⊕(M1) a marking of N2. Then I. fN preserves the firing behaviour of N1: (a) Let CT1 and CT2 be the sets of consistent transition assignments. If (t, asg1) ∈ CT1 with asg1 : (Var(t)) → A1 and pre1A(t, asg1) ≤ M1 then there is an assignment asg2 : Var( fT (t)) → A2 with ( fT (t), asg2) ∈CT2 and pre2A( fT (t), asg2) ≤ M2; (b) the follower marking after firing is preserved: if M1 (t,asg1)−→ M′1 in N1 then M2 ( fT (t),asg2)−→ M′2 in N2 with M ′ 2 = ( f # SP ⊗ fP)⊕(M′1). II. fN is communication preserving as follows: (a) For all p ∈ IA,1 with fI (p) ∈ IA,2 the follower marking after creation of a token is preserved: if M1 ⊕(a,p)−→ M′1 in N1 then M2 ⊕( fA(a), fP(p))−→ M′2 in N2. (b) For all p ∈ OA,1 with fO(p) ∈ OA,2 the follower marking after deletion of a token is preserved: if M1 (a,p)−→ M′1 in N1 then M2 ( fA(a), fP(p))−→ M′2 in N2. Proof sketch: I. The proof is identical to AHL net morphisms. II. (a) Given p ∈ IA,1 with fI (p) ∈ IA,2 and M′1 = M1 ⊕ (a, p) with a ∈ type(p). To show ( fSP, fP)(M′1) = M ′ 2 := M2 ⊕( fA(a), fI (p)). II. (b) Given p ∈ OA,1 with fO(p) ∈ OA,2 and M1 = M′1 ⊕(a, p) with a ∈ type(p). For M′2 = M2 ( fA(a), fI (p)) we show that M′2 = ( fSP, fP)(M′1). Open AHL systems and open AHL system morphisms where fA : A → VSP(A′) is an iso- morphism form the category OAHLSystems. In OAHLSystems pushouts and pullbacks along strict open AHL system morphisms can be constructed componentwise as described in detail in Lemma 2.19 and 2.23 in [Ull08]. Remark: Open nets as in [BCEH05] have a precise and compositional process semantics based on occurrence nets. There the main focus has been to transfer the well-known concepts of deterministic processes and occurrence nets to open nets, that are nets with additional in or out places. The morphisms are defined accordingly. Since, our approach is focused on being reconfigurable and having open place, we are unfortunately forced to neglect the given notions, i.e. the definition of the morphisms as in [BCEH05]. Since we concentrate on reconfiguration we use morphisms that preserve the firing of transitions, and preserve communication in the sense that active places are mapped to active places or there is a corresponding communicating transition. 3 Reconfiguration of Open AHL Systems We define rules and transformation in terms of the algebraic approach to graph transformation, more precisely as an instantiation of weak adhesive high-level replacement (HLR) systems. There rules are given as a span of morphisms, denoting the parts to be deleted and those to be added. An application of a rule is called a direct transformation and describes how a net is modified by such a rule. A direct transformation is formalized using the pushout construc- tion, i.e. a construction glues the corresponding nets. A sequence of these applications yields a Proc. PNGT 2008 6 / 14 ECEASST transformation. Definition 5 (Rules and Transformation) Given the category OAHLSystems and the morphism class M of all strict open AHL system morphisms (see Definition 4). • A rule p = (L l← K r→ R) consists of three systems L, K and R called left hand side, gluing object and right hand side respectively, and morphisms l : K → L and r : K → R with l, r ∈ M . • Given a rule p = (L l← K r→ R) and an system G with a morphism m : L → G called match. A direct transformation G p,m =⇒ H from G to a system H is given by the following diagram, called DPO-diagram, where (1) and (2) are pushouts. A sequence G0 ⇒ G1 ⇒ ···⇒ Gn of direct transformations, written G0 ∗ =⇒ Gn, is called a transformation. L K L G D H l r m k n f g (1) (2) The operational behaviour of reconfigurable Petri Systems in general and reconfigurable open AHL systems in particular can be considered as the arbitrary and interleaving of firing and trans- formation steps. Unfortunately there is up to now no formal definition of that. Reconfigurable open AHL systems are open AHL nets that have explicit rules for establishing the communication,. In [BCEH05] this is achieved by pushout construction, where as we use specific rules, namely those in the set RC of rules. Definition 6 (Reconfigurable Open AHL System) Given an open AHL System S = (N, m) and a set of rules R. Then a reconfigurable open AHL system is defined by ((N, m), R). The set R of rules consists of • a set RM of rules to modify the structure of an open AHL system and • a set RC of rules to describe the explicit communication of an open AHL system. As for reconfigurable Petri nets in general we have rules RM to modify the net and additionally we introduce a separate set of rules modelling explicitly the communication. Nevertheless, the syntactical definitions of RM and RC are identical. But for practical reasons we separate these sets of rules w.r.t. the different use. The communication rules describe the explicit communica- tion of teams modelled as an open AHL system. Possible communication rules are presented in the following. The rules connect 1-1 (Fig- ure 3(a)) and disconnect 1-1 (Figure 3(b)) describe an asynchronous communication between two subsystems. More precisely an output place sends a message to an input place. The rules connect-1-n (Figure 4(a)) and disconnect-1-n (Figure 4(b)) also describe asynchronous commu- nication. However, we extend the above mentioned rules so that an output place can send a message to more than one input places. In order to apply a rule in an open AHL system the so-called gluing condition must be satisfied. This condition assures that the application of a rule yields an open AHL system as given in Definition 1. The gluing condition for open AHL systems complies with the gluing condition for AHL systems which is defined in [PER95, Rei08]. Results (for Reconfigurable Open AHL Systems) The subsequent Theorems hold: • Local Church-Rosser and Parallelism: The local Church-Rosser property for transfor- mations states that for two transformations the application of the rules at the matches to 7 / 14 Volume 14 (2008) Reconfigurable Open AHL Systems O1 I1 O1 I1 O1 I1 TC x x (a) connect 1-1 O1 I1 O1 I1 O1 I1 TC x x (b) disconnect-1-1 Figure 3: Rules for 1-1 Communication O1 I1 TC In... O1 I1 In... O1 I1 In... xx x (a) connect-1-n O1 I1 TC In... O1 I1 In... O1 I1 In... x xx (b) disconnect-1-n Figure 4: Rules for 1-n Communication the same open AHL system in any order (sequential independence provided) or in parallel (parallel independence provided) yields the same result. • Conflicts and Critical Pairs: If two transformations are not parallel independent as described above they are in conflict. A critical pair describes such a conflict between two transformations in a minimal context. Critical pairs are proven to be complete. • Concurrency: If sequential dependencies occur the concurrent rule can be constructed establishing the same effect in one transformation step as the given sequence. The Con- currency Theorem states that the concurrent rule constructed from a sequence of rules is applicable and yields the same result. Proof sketch Theorem 3.12 in [Ull08] yields that the category OAHLSystems is a weak ad- hesive HLR category with the class M of all strict open AHL system morphisms. Therefore, a reconfigurable open AHL system with a set of rules forms a weak adhesive HLR system. Fur- thermore, Fact 4.7 in [Ull08] states that OAHLSystems has coproducts compatible with the class M . Corollary 1 in [EP06] yields that for reconfigurable open AHL systems we can adopt the Local Church-Rosser Theorem, the Parallelism Theorem and the Concurrency Theorem where the class E consists of jointly surjective and marking minimal morphisms (see [Rei08]). 4 Case Study: Fire Incident Responsibilities The basis of our case study is part of the ”Johns Hopkins Safety Manual” [JH007a, JH007b] for fire incident responsibilities in the Johns Hopkins Hospital (JHH). In this manual the responsi- bilities of different personnel groups are given. First we describe a possible scenario. Johns Hopkins Hospital - Floor 3 (JHH3): During the visiting hours a nurse (N1) discovers smoke in the room for medicaments. She pulls the fire alarm and calls the Central Exchange Officer CEO. At this time another nurse (N2) is also working at this ward. N1 and N2 begin preparing the evacuation. After being informed by the Central Exchange Officer (CEO) the Se- curity Communication Officer (SCO) sends two IFRT members (S1 and S2) to the ward and the Proc. PNGT 2008 8 / 14 ECEASST Escort Officer (EO) to the staging area, the Jefferson Entrance, to meet the Fire Department (FD). At the start of the scenario S1, S2 and the EO are located in the first floor of the Johns Hopkins Hospital. When S1 and S2 arrive at ward JHH3, mobile equipment, which can ob- struct the passage, is still standing on the corridor. Therefore, S2 assists the nurses and clears the corridor of this equipment before he secures the area. In the meantime S1 communicates the conditions to the SCO. The SCO forwards this information to the Fire Department. In the meantime the FD has arrived at the Jeffersen Entrance and is directed ward JHH3 by the EO to. After arriving at the ward the FD decides that this area must be evacuated. The clinic personnel begins to evacuate the patients and visitors of ward JHH3 and directs them into the first floor (JHH1). In order to define the open AHL system, we must decide on the internal system, i.e., which personnel groups we want to observe. To demonstrate internal and external communication we only observe the security group. This group consists of the security communication officer (SCO), the escort officer (EO) and the IFRT members (S1 and S2). This means our internal system is represented by an open AHL system IS (shown in Figure 10), which consists of one SCO workflow, one EO workflow and two IFRT workflows. A suitable set of rules (RM) to change this workflows at runtime are given in the appendix in Fig. 11. Combining the system IS, the rules RM and the rules mentioned in Section 3 we obtain the reconfigurable open AHL system to simulate our scenario. We do not simulate all steps in detail, but give an example for the exchange of information inside of the system IS and an example for the communication between this system and its environment. Since the specification and the algebra are the same for all systems in our case study, we restrict our observation to the places and transitions. For the system IS the scenario starts with the message from the Central Exchange Officer to the SCO. This means that IS interacts with an external system and we simulate this by the creation of a token M1 on the place SCO:Call for fire emergency from centrex = P∗ (see Figure 5). The token M1 is a data element of the sort AMessage and is defined as M1 = message(codeRed, 54999, 100, ”Fire in ward B3A.”). Following Definition 3 the marking m1 of IS after the creation of M1 is given by: m1 = (SCO, SCO:start) ⊕ (EO, EscortOfficer:start) ⊕ (S1, Security1:start) ⊕ (S2, Security2:start) ⊕ (M1, SCO:Call for fire emergency from centrex) The next step which we consider is the sending of the message M2 from SCO to S1 and S2. In this case we have an internal communcation from the output place SCO:Message to IFRT to the input places S1:Receive call from SCO and S2:Receive call from SCO. After the application of this rule the output place SCO:Message to IFRT is connected with the input places S1:Receive call from SCO and S2:Receive call from SCO. Via firing of transition TC the message M2 is transmitted from SCO to S1 and S2. Figure 8 shows the relevant part of system IS′ after firing TC. After the transmission of a message we want to close the connection between the involved workflows. Therefore, we apply the rule disconnect-1-n (see Figure 4(b)) with n = 2. The application of disconnect-1-2 yields the system IS as partly shown in Figure 9. Figure 6 shows the relevant part of the system IS before sending the message M2. Since we have two addresses, viz. S1 with call-ID 101 and S2 with call-ID 102, we apply the rule connect-1-n (see Figure 4(a)) with n = 2 and get the system IS′ as shown in Figure 7. 9 / 14 Volume 14 (2008) Reconfigurable Open AHL Systems Message: Call for fire emergency from centrex Person: Respond IFRT to fire location Person: start P9 m18 Received call from centrex isIn(getRecipients(m18), getCall-ID(P9); getKind(m18)=codeRed P9 P9 SCO ⊕(M1,P∗)−→ Message: Call for fire emergency from centrex Person: Respond IFRT to fire location Person: start P9 m18 Received call from centrex isIn(getRecipients(m18), getCall-ID(P9); getKind(m18)=codeRed P9 P9 SCO M1 Figure 5: Detail of IS: Creation of token M1 Person: Respond IFRT to fire location IFRT informed Message: Message to IFRT P9 P9 Person: Respond Escort Officer to staging location P9 message(codeRed, getCall-ID(P9), l1, s1) SCO M2 Person: start Message: Receive call from SCO Person: Go to emergency area P10 Got message isIn(getRecipients(m24), getCall-ID(P10)) getKind(m24)=codeRed m24 P10 P10 S2Person: start Message: Receive call from SCO Person: Go to emergency area P7 Got message isIn(getRecipients(m13), getCall-ID(P7)) getKind(m13)=codeRed m13 P7 P7 S1 P9 Figure 6: Detail of IS before applying connect-1-2 5 Conclusion Reconfigurable open AHL systems are particularly suitable for modelling complex data and concurrent systems whose structure can change dynamically. Additionally, open AHL systems allow modelling reactive systems, which interact with its environment. Future work concerns further results as given in [EEPT06]: The Embedding and Extension Theorem which allows embedding transformations into larger contexts, and the Local Conflu- ence Theorem that allows showing local confluence of transformation systems on the basis of the confluence of critical pairs. To achieve these theorems we need additional properties for open AHL systems. In [Lam07] an extension of weak adhesive HLR categories to weak adhesive HLR categories with negative application conditions (NACs). NACs are used for the control of rule applications by prohibiting specific structures in the source system. Weak adhesive HLR cate- gories with NACs require some additional properties that have to be shown for OAHLSystems. Furthermore, open AHL systems can be extended to labeled open AHL systems. Labels offer an additional control structure for reconfigurable systems. The idea of labels is to mark every place with a fixed label and to allow only mappings of places with the same label. In [Rei08] this extension has been shown to be very useful for P/T systems. Acknowledgments: We would like to thank our referees for their justified criticism and their constructive remarks. Proc. PNGT 2008 10 / 14 ECEASST Person: Respond IFRT to fire location IFRT informed Message: Message to IFRT P9 P9 Person: Respond Escort Officer to staging location P9 message(codeRed, getCall-ID(P9), l1, s1) SCO M2 Person: start Message: Receive call from SCO Person: Go to emergency area P10 Got message isIn(getRecipients(m24), getCall-ID(P10)) getKind(m24)=codeRed m24 P10 P10 S2Person: start Message: Receive call from SCO Person: Go to emergency area P7 Got message isIn(getRecipients(m13), getCall-ID(P7)) getKind(m13)=codeRed m13 P7 P7 S1 P9 TC m mm Figure 7: Detail of IS′ after applying connect-1-2 Person: Respond IFRT to fire location IFRT informed Message: Message to IFRT P9 P9 Person: Respond Escort Officer to staging location P9 message(codeRed, getCall-ID(P9), l1, s1) SCO Person: start Message: Receive call from SCO Person: Go to emergency area P10 Got message isIn(getRecipients(m24), getCall-ID(P10)) getKind(m24)=codeRed m24 P10 P10 S2Person: start Message: Receive call from SCO Person: Go to emergency area P7 Got message isIn(getRecipients(m13), getCall-ID(P7)) getKind(m13)=codeRed m13 P7 P7 S1 P9 TC m mm M2 M2 Figure 8: Detail of IS′ after firing TC Person: Respond IFRT to fire location IFRT informed Message: Message to IFRT P9 P9 Person: Respond Escort Officer to staging location P9 message(codeRed, getCall-ID(P9), l1, s1) SCO Person: start Message: Receive call from SCO Person: Go to emergency area P10 Got message isIn(getRecipients(m24), getCall-ID(P10)) getKind(m24)=codeRed m24 P10 P10 S2Person: start Message: Receive call from SCO Person: Go to emergency area P7 Got message isIn(getRecipients(m13), getCall-ID(P7)) getKind(m13)=codeRed m13 P7 P7 S1 P9 M2 M2 Figure 9: Detail of IS after applying disconnect-1-n 11 / 14 Volume 14 (2008) Reconfigurable Open AHL Systems References [AB96] A. Asperti, N. Busi. Mobile Petri Nets. Technical report UBLCS-96-10, 1996. [BCE+07] P. Baldan, A. Corradini, H. Ehrig, R. Heckel, B. Konig. Bisimilarity and Behaviour- Preserving Reconfigurations of Open Petri Nets? LECTURE NOTES IN COMPUTER SCI- ENCE 4624:126, 2007. [BCEH05] P. Baldan, A. Corradini, H. Ehrig, R. Heckel. Compositional Semantics of Open Petri Nets based on Deterministic processes. MSCS 15(1):1–35, 2005. [EBO91] H. Ehrig, M. Baldamus, F. Orejas. New concepts for amalgamation and extension in the framework of specification logics. In Proc.ADT-Workshop Durdan. Pp. 199 – 221. Springer, 1991. [EEPT06] H. Ehrig, K. Ehrig, U. Prange, G. Taentzer. Fundamentals of Algebraic Graph Transforma- tion. EATCS Monographs in Theoretical Computer Science. Springer, 2006. [EP06] H. Ehrig, U. Prange. Weak Adhesive High-Level Replacement Categories and Systems: A Unifying Framework for Graph and Petri Net Transformations. In Algebra, Meaning and Computation. Essays Dedicated to J.A. Goguen. Pp. 235–251. Springer, 2006. [for08] forMAlNET Homepage. 2008. http://tfs.cs.tu-berlin.de/formalnet. [HEP07] K. Hoffmann, H. Ehrig, J. Padberg. Flexible Modeling of Emergency Scenarios using Recon- figurable Systems. In Proc. of the 10th World Conference on Integrated Design & Process Technology. P. 15. 2007. [JH007a] Fire Incident Responsibilities in JHH. 2007. http://www.hopkinsmedicine.org/hse/Policies/HSE Policies/indiv sections/HSE406.pdf [JH007b] Incipient Fire Response Team for JHH. 2007. http://www.hopkinsmedicine.org/hse/Policies/HSE Policies/indiv sections/HSE409.pdf [Lam07] L. Lambers. Adhesive High-Level Replacement Systems with Negative Application Condi- tions. Technical report, Technische Universität Berlin, 2007. [LO04] M. Llorens, J. Oliver. Structural and Dynamic Changes in Concurrent Systems: Reconfig- urable Petri Nets. IEEE Transactions on Computers 53(9):1147–1158, 2004. [MM90] J. Meseguer, U. Montanari. Petri Nets Are Monoids. In Information and Computation. Pp. 105–155. 1990. [NPS95] M. Nielsen, L. Priese, V. Sassone. Characterizing Behavioural Congruences for Petri Nets. In International Conference on Concurrency Theory. Pp. 175–189. 1995. [PER95] J. Padberg, H. Ehrig, L. Ribeiro. Algebraic High-Level Net Transformation Systems. Mathe- matical Structures in Computer Science 5:217–256, 1995. [PW98] L. Priese, H. Wimmel. A uniform approach to true-concurrency and interleaving semantics for Petri nets. Theor. Comput. Sci. 206(1-2):219–256, 1998. [Rei08] A. Rein. Reconfigurable Petri Systems with Negative Application Conditions. Technical re- port 2008/01, Technische Universität Berlin, 2008. Diploma Thesis. [Ull08] C. Ullrich. Reconfigurable Open AHL Systems. Technical report 2008/10, Technische Uni- versität Berlin, 2008. Diploma Thesis. Proc. PNGT 2008 12 / 14 http://www.hopkinsmedicine.org/hse/Policies/HSE_Policies/indiv_sections/HSE406.pdf http://www.hopkinsmedicine.org/hse/Policies/HSE_Policies/indiv_sections/HSE409.pdf ECEASST P er so n: s ta rt P er so n: M ee t F D at s ta gi ng a re a F D a rr iv ed P er so n: D ire ct ed F D to th e sc en e of fi re A rr iv ed a t s ce ne P er so n: D et ai n el ev at or s at th e fir st fl oo r M es sa ge : C al l f ro m S C O P 8 m 17 G ot m es sa ge is In (g et R ec ip ie nt s( m 16 ), ge tC al l-I D (P 8) ) ge tK in d( m 16 )= co de R ed M es sa ge : R ec ei ve c al l fr om S C O m 16 P 8 P 8 P 8 P 8 P er so n: E nd P 8 F in is he d is In (g et R ec ip ie nt s( m 17 ), ge tC al l-I D (P 8) ); ge tK in d( m 17 ) = al lC le ar se tL oc at io n( P 8, s A re a) se tL oc at io n( P 8, lo c) E O P er so n: s ta rt M es sa ge : R ec ei ve c al l fr om S C O P er so n: G o to e m er ge nc y ar ea A rr iv ed P er so n: A ss es s th e si tu at io n do ne P er so n: S ec ur e ar ea M es sa ge : In st ru ct io n P 10 m 25 G ot m es sa ge is In (g et R ec ip ie nt s( m 24 ), ge tC al l-I D (P 10 )) ge tK in d( m 24 )= co de R ed m 24 se tL oc at io n( P 10 , e A re a) P 7 P 10 P er so n: E nd P er so n: E va cu at e pa tie nt s G ot in st ru ct io n is In (g et R ec ip ie nt s( m 25 ), ge tC al l-I D (P 10 )) ge tK in d( m 25 ) = co de R ed G ot in st ru ct io n is In (g et R ec ip ie nt s( m 25 ), ge tC al l-I D (P 10 )) ge tK in d( m 25 ) = al lC le ar F in is he d ev ac ua tio n P 10 P 10 P 10 P 10 m 25 se tL oc at io n (P 10 , r A re a) S 2 P 10 P 10 P 10P 10 P er so n: s ta rt M es sa ge : R ec ei ve c al l fr om S C O P er so n: G o to e m er ge nc y ar ea A rr iv ed P er so n: A ss es s th e si tu at io n do ne P er so n: S ec ur e ar ea M es sa ge : In st ru ct io n P 7 m 15 G ot m es sa ge is In (g et R ec ip ie nt s( m 13 ), ge tC al l-I D (P 7) ) ge tK in d( m 13 )= co de R ed m 13 P 7 se tL oc at io n( P 7, e A re a) P 7 P 7 P 7 P 7 P 7 P er so n: E nd P er so n: E va cu at e pa tie nt s G ot in st ru ct io n is In (g et R ec ip ie nt s( m 15 ), ge tC al l-I D (P 7) ) ge tK in d( m 15 ) = co de R ed G ot in st ru ct io n is In (g et R ec ip ie nt s( m 15 ), ge tC al l-I D (P 7) ) ge tK in d( m 15 ) = al lC le ar F in is he d ev ac ua tio n P 7 P 7 P 7 P 7 m 15 se tL oc at io n (P 7, r A re a) S 1 M es sa ge : C al l f or fi re em er ge nc y fr om c en tr ex M es sa ge : R ec ei vi ng m es sa ge P er so n: W ai tin g fo r re ce iv in g ne w in fo rm at io n A pp ra is ed m es sa ge !( ge tK in d( m 20 )= al lC le ar ) P er so n: R es po nd IF R T to fi re lo ca tio n IF R T in fo rm ed P er so n: In fo rm se cu rit y pe rs on ne l in fo rm ed M es sa ge : M es sa ge to IF R T P er so n: B rie f ap pr op ria te pe rs on P er so n: s ta rt P er so n: E nd P 9 m 18 M es sa ge : M es sa ge to to ta l s ec ur ity pe rs on ne l A pp ra is ed m es sa ge ge tK in d( m 20 )= al lC le ar br ie fe d M es sa ge : B rie fin g R ec ei ve d ca ll fr om c en tr ex is In (g et R ec ip ie nt s( m 18 ), g et C al l-I D (P 9) ; ge tK in d( m 18 )= co de R ed m 21 m 21 P 9P 9 P 9 P 9 P 9P 9 P 9 P 9 P 9 P 9 P 9 P er so n: R es po nd E sc or t O ffi ce r to s ta gi ng lo ca tio n M es sa ge : M es sa ge to E sc or t O ffi ce r E O in fo rm ed P 9 P 9 m es sa ge (c od eR ed , ge tC al l-I D (P 9) , l 1, s 1) m es sa ge (c od eR ed , ge tC al l-I D (P 9) , l 2, s 2) S C O m es sa ge (t 2, g et C al l- ID (P 9) , l 7, s 7) m es sa ge (a llC le ar , ge tC al l-I D (P 9) , l 6, s 6) Figure 10: Initial System 13 / 14 Volume 14 (2008) Reconfigurable Open AHL Systems The rules ’assist in emergency procedures I + II’ are concerned with the case that the nursing staff needs assistance in following the emergency procedures. Then the security member on location must assist before he secures the area. Person: Communicate conditions informed Person: Secure area P P Person: Assist in emergency procedures Assistance finished Person: Communicate conditions informed Person: Secure area Message: Information for SOC P P P P Person: Communicate conditions Person: Secure area Message: Information for SOC Message: Information for SOC message(t1, getCall-ID(P), l5,s5) message(t1, getCall-ID(P), l5,s5) Figure 11: Rule: assist in emergency procedures I Person: Assess the situation done Person: Secure area P P Person: Assist in emergency procedures Assistance finished Person: Assess the situation done Person: Secure area P P P P Person: Assess the situation Person: Secure area Figure 12: Rule: assist in emergency procedures II The rule ’communicate conditions’ is intended for the workflow of the IFRT member which arrived at the emergency area first. This member must communicate the conditions to the SCO. Person: Communicate conditions informed Person: Secure area Message: Information for SOC P P message(t1, getCall-ID(P),l5,s5) done Person: Assess the situation P P Person: Secure area Person: Assess the situation Person: Secure area done P P Person: Assess the situation Figure 13: Rule: communicate conditions Proc. PNGT 2008 14 / 14 Motivation Open AHL Systems Reconfiguration of Open AHL Systems Case Study: Fire Incident Responsibilities Conclusion