1. Introduction
An automated manufacturing system (AMS) is a conglomeration of robots, machine tools, fixtures, and buffers. Several types of products enter the manufacturing system at separate points in time; the system can process these parts based on a specified sequence of operations and resource sharing. The sharing of resources leads to the occurrence of deadlock states, in which the local or global system is incapacitated [
1,
2,
3,
4]. Thus, an efficient deadlockcontrol algorithm is needed to prevent the deadlocks in an AMS. Petri nets are an excellent mathematical and graphical tool suitable for modeling, analyzing, and controlling deadlocks in AMSs [
5,
6]. The behavior and characteristics of an AMS (such as synchronization, conflict, and sequences) can be described by using Petri nets. Moreover, Petri nets may be used to provide the liveness and boundedness of a system [
7]. To address the deadlock problem in AMSs, several approaches with Petri nets exist. These approaches are categorized into three strategies: (1) deadlock detection and recovery, (2) deadlock prevention, and (3) deadlock avoidance [
7,
8].
Traditionally, deadlock control approaches for AMS control are evaluated by using three criteria: structural complexity, computational complexity, and behavioral permissiveness [
7]. Structural complexity means that a controller can be implemented with fewer monitors and arcs. When the computational complexity of a deadlock control approach is low, it can be applied to a largescale system [
7]. Behavioral permissiveness achieves high resource utilization in a controlled Petri net. Deadlock control may be implemented in AMS with reliable resources (resources without failures or breakdowns) or unreliable resources (resources with failures or breakdowns). For reliable resources, there are two main techniques to prevent deadlocks in AMSs using a Petri net: reachability graph analysis [
9,
10,
11] and structural analysis [
12,
13]. The reachability graph analysis needs listing all or a part of the reachable markings of the Petri net model. There are two parts of the reachability graph: the deadlock zone (DZ) and the live zone (LZ). Firstmet bad markings (FBMs) are defined in and extracted from the DZ. In this case, the deadlock is eliminated by designing and adding a monitor to prohibit the firstmet bad markings from being reached. In this process, all firstmet bad markings can be prevented by using iterations [
14]. Several policies have been developed to prevent deadlock states, including iterative methods, the theory of region, and siphon control [
10,
13,
14,
15,
16,
17,
18,
19]. The weakness of the reachability graph analysis is that the size of a reachability graph of a Petri net grows quickly and, in the worst case, grows exponentially with respect to the net size and its initial marking, and the net can easily reach an unmanageable level. Structural analysis is often applied to a typical structure of Petri nets, such as siphons. The control steps in this technique are simple: each minimal siphon is prohibited from being nonempty, and each unmarked minimal siphon needs an added monitor to ensure a system to be live. However, the weakness of this technique is that the number of control places will be increased when the size of a Petri net model is increased; hence, this results in high structural complexity [
20].
In the literature, deadlock control approaches based on the structural analysis technique (siphons) for AMSs with the Petri nets framework can be implemented by inserting the control places and the associated arcs to the original net, so that its siphons are permanently nonempty. The main disadvantage of the current policies is that many control places and associated arcs are inserted into the original Petri net model, which leads to the increased complexity of the supervisor of the Petri net model, compared with the initial model for the Petri net supervisor. Hence, an efficient approach is needed to minimize the Petri net supervisors’ structural complexity for AMS. The objective of this study is to develop a twostep robust deadlock control policy. A technique based on SMSs developed in [
21] is used in the first phase to develop a controlled Petri net model. In the second step, all control places obtained in the first step are merged into one control place based on colored Petri nets to make all SMSs marked.
The rest of the paper is organized as follows. Basic concepts of Petri nets are introduced in
Section 2.
Section 3 describes a deadlock prevention approach based on the SMS and the proposed robust control based on colored Petri nets.
Section 4 shows an example from the literature. Finally,
Section 5 presents conclusions and future research.
2. Preliminaries
This section introduces the basics of Petri nets and a general Petri net simulator (GPenSIM) tool.
2.1. Basics of Petri Nets
Let N = (P, T, F, W) be a Petri net, where P and T are finite nonempty sets of places and transitions, respectively. Elements in P ∪ T are named nodes. Here, P ∪ T ≠ ∅ and P ∩ T = ∅; P and T are depicted by circles and bars, respectively. Next, F ⊆ (P × T) ∪ (T × P) is the set of directed arcs that join the transitions with places (and vice versa), W: (P × T) ∪ (T × P) →IN is a mapping that assigns an arc’s weight, where IN = {0, 1, 2, …}.
N is known as an ordinary net if ∀ (p, t) ∈ F, W (p, t) = 1, where N = (P, T, F). N is named a weighted net if there is an arc between x and y such that W (x, y) > 1. Let N = (P, T, F, W) and node a ∈ P ∪ T. Then, ·a = {b ∈ P ∪ T  (b, a) ∈ F} is named the preset of node a, and a· = {b ∈ P ∪ T  (a, b) ∈ F} is named the postset of node a.
A marking M of N is a mapping M: P → IN. Next, (N, M_{o}) is a marked Petri net (PN), represented as PN = (P, T, F, W, M_{o}), where the initial marking of PN is M_{o}: P → IN. A transition t ∈ T is enabled at marking M if for all p ∈ ·t, M (p) ≥ W (p, t), which is denoted as M [$t\rangle $. When a transition t fires, it takes W (p, t) token (s) from each place p ∈ ·t, and adds W (t, p) token (s) in each place p ∈ t·. Thus, it reaches a new marking M′, denoted as M [$t\rangle $ M′, where M′(p) = M (p) − W (p, t) + W (t, p).
We call N selfloop free if for all a, b ∈ P ∪ T, W (a, b) > 0 implies W (b, a) = 0. Let [N] be an incidence matrix of net N, where [N] is an integer matrix that consists of T columns and P rows with [N] (p, t) = W (t, p) − W (p, t). The set of markings that are reachable from M in N is named the set of reachability of the Petri net model (N, M) denoted by R (N, M).
Let (N, M_{o}) be a marked Petri net. A transition t ∈ T is live if for all M ∈ R (N, M), there exists a reachable marking M′ ∈ R (N, M) such that M′[$t\rangle $ holds. A transition is dead at M_{o} if there does not exist t ∈ T such that M_{o} [$t\rangle $ holds. M′ is said to be reachable from M if there exists a finite transition sequence δ = t_{1} t_{2} t_{3} … t_{n} that can be fired, and markings M_{1}, M_{2}, M_{3}, …, and M_{n}_{−1} such that M [${\mathrm{t}}_{1}\rangle $ M_{1} [${\mathrm{t}}_{2}\rangle $ M_{2} [${\mathrm{t}}_{3}\rangle $ M_{2} … M_{n−}_{1} [${\mathrm{t}}_{\mathrm{n}}\rangle $ M′, denoted as M [$\delta \rangle $ M′, satisfies the state equation M′ = M + [N] $\overrightarrow{\delta}$, where $\overrightarrow{\delta}$: T → IN maps t in T to the number of appearances of t in δ and is called a Parikh vector or a firing count vector.
Let (N, M_{o}) be a marked Petri net. It is said to be kbounded if for all M ∈ R (N, M_{0}), for all p ∈ P, M(p) ≤ k (k ∈ {1, 2, 3, …}). A net is safe if all of its places are safe, i.e., in each place p, the number of tokens does not exceed one. In other words, a net is ksafe if it is kbounded.
Pvectors (place vectors) and Tvectors (transition vectors) are column vectors. A Pvector I: P → Z cataloged by P is said to be a place invariant or Pinvariant if I ≠ 0 and I^{T}. [N] = 0^{T}, and a Tvector J: T → Z cataloged by T is said to be a transition invariant or Tinvariant if J ≠ 0 and [N]. J = 0, where Z is the set of integers.
When each element of I is nonnegative, place invariant I is called a place semiflow or Psemiflow. Assume that I is a Pinvariant of a net with (N, M_{o}) and M is a marking reachable from the initial marking M_{o}. Then, I^{T}M = I^{T}M_{o}. Let I = {p I(p) ≠ 0} be the support of Pinvariant I.
The supports of Pinvariant I are classified into three types: (1) I^{+} is the positive support of Pinvariant I with I^{+}= {pI (p) > 0}. (2) I^{−} is the negative support of Pinvariant I with I^{−} = {p I(p) < 0}. (3) I is a minimal Pinvariant if I is not a superset of the support of any other one and its components are mutually prime. Let l_{i} be the coefficients of Pinvariant I if for all p_{i} ∈ P, l_{i} = I(p_{i}).
A colored Petri net (CPN) is described as a ninetuple CPN = (P, T, F, SC, C_{f}, N_{f}, A_{f}, G_{f}, I_{f}), where
P and T are finite nonempty sets of places and transitions, respectively, assuming P ∩ T = ∅. F is a set of flows (arcs), from p_{i} ∈P to t_{j} ∈T and from t_{i} ∈ T to p_{j} ∈ P.
SC is a color set that contains colors c_{i} and the operations on the colors.
C_{f} is the color function that maps p_{i} ∈P into colors c_{i} ∈ SC.
N_{f} is the node function that maps F into (P × T) ∪ (T × P).
A_{f} is the arc function that maps each flow (arc) f ∈ F into the term e.
G_{f} is the guard function that maps each transition t_{i} ∈ T to a guard expression g that has a Boolean value.
I_{f} is the initialization function that maps each place p_{i} ∈ P into an initialization expression.
2.2. GPenSIM Tool
GPenSIM was developed by R. Davidrajuh (the fourth author of our paper) and runs in MATLAB. GPenSIM has been designed to model, control, simulate, and analyze discrete event systems [
22]. GPenSIM enables the integration of Petri net models with other toolboxes in MATLAB (e.g., “Control systems” and “Fuzzy logic”).
Table 1 shows the advantages and disadvantages of GPenSIM compared to CPN Tools [
23]. Compared to the CPN tools, it is simpler to create a colored Petri net in GPenSIM. For instance,
Being versatile, CPN allows manipulation of the functions C_{f}, N_{f}, A_{f}, G_{f}, and I_{f} independently. However, being simple and crude, these functions (C_{f}, N_{f}, A_{f}, G_{f}, and I_{f}) are merged together in GPenSIM and are coded in the preprocessor files. Hence, GPenSIM allows fewer degrees of freedom when developing a model.
In CPN tools, it is possible to impose logical constraints on places, transitions, and arcs. In GPenSIM, logical expressions can only be processed by transitions. Inevitably, this means GPenSIM poses restrictions in modeling compared to CPN. However, this is the price paid for achieving simplicity in GPenSIM (easiness in learning, using, and extending).
The arc weights can dynamically alter in CPN tools because of the logic conditions connected to it. GPenSIM does not allow dynamic nets (e.g., dynamic arcs, runtime removal of places and transitions). Once a Petri net is defined in the Petri net definition file (PDF), it cannot be changed.
To model, simulate, analyze, and control the Petri net models in GPenSIM, three files should be coded: Petri net definition file (PDF), main simulation file (MSF), and pre and postprocessor files.
PDF defines the static elements of a Petri net (places, transitions, and arcs).
Before the simulation starts, MSF loads a PDF into memory and the workbench, and then the simulation begins. During the simulation runs, MSF will be blocked; the control will be handed back to MSF together with the simulation results when the simulation is finished. Consequently, MSF has no control over what happens during the simulation.
Preand postprocessors will be called during the simulation before and after firing of the transition. The preprocessor will inspect if the conditions of firing for a certain transition are met, and the postprocessor will execute postfiring activities if needed after a certain transition has been fired. These can be used to control the runtime of the system, as they are called during the simulation.
All tokens are homogeneous inside a place. It does not matter which token is first or last to arrive at the place. Similarly, it does not matter by which transition a token is deposited at the place. However, GPenSIM introduces the token colors. Each token can become identifiable and unique with a unique token identification number (tokID). Moreover, we can add some tags (“colors”) to each token. The following problems are crucial when using colors in GPenSIM:
Only transitions can manipulate colors: the colors of the output tokens can be added, deleted, or changed in the preprocessor.
By default, colors are inherited: the system gathers all colored tokens from the input places when a transition fires and then transfers the colored tokens to the output places. However, color inheritance can be avoided by overriding.
An enabled transition may choose certain colorbased input tokens.
An enabled transition may choose certain timebased input tokens (e.g., when the creation time of the tokens is known).
A token has the following structure: tokID, time of creation, and color setting.
tokID: a single token identifier (integer value).
creation_time: the transition time (real value) when the token was produced. Importantly, this time may differ when the transition actually deposited the token in an output place.
t_color (text string set) is a color setting.
There are several GPenSIM functions used for color manipulation. One of the functions used in this study is tokenEXColor, which can be expressed as follows:
[set_of_tokID,nr_token_av] = tokenEXColor (place, nr_tokens_wanted, t_color), where the function requires three input arguments and returns two output values.
Input arguments:
Output values:
3. Deadlock Prevention Policy Based on SMSs and Colored Petri Nets
In this section, we use a deadlockprevention approach based on strict SMSs to design a controlled Petri net model. This approach is adopted from Ezpeleta et al. [
1].
Definition 1 [
23]
. A PN N = (P_{A} ∪ {p^{0}}, T, F) is said to be a simple sequential process (S^{2}P), if: (1) N is a strongly connected state machine and (2) each circuit N includes place p^{0}, where p^{0} is named the idle process place and P_{A} ≠ ∅ is an operation places set. Definition 2 [
23]
. A PN N = ({p^{0}} ∪ P_{A} ∪ P_{R}, T, F) is said to be a simple sequential process with resources (S^{2}PR) such that: 1.
The subnet generated by X = P_{A} ∪ {p^{0}} ∪ T is an S^{2}P.
 2.
P_{R} ≠ ∅ and (P_{A} ∪ {p^{0}}) ∩ P_{R} = ∅, where P_{R} is a resource places set.
 3.
∀p ∈ P_{A}, ∀t ∈^{.}p, ∀t′ ∈ p^{.},$\exists $r_{p} ∈ P_{R}, ^{.}t ∩ P_{R} = t′^{.} ∩ P_{R} = {r_{p}}.
 4.
∀r ∈ P_{R}, ^{.}r ∩ P_{A} = r^{.} ∩ P_{A} ≠ ∅ and ^{.}r ∩ r^{.} ≠ ∅.
 5.
(p^{0}) ∩ P_{R} = (p^{0})^{.} ∩ P_{R} ≠ ∅.
Definition 3 [
23]
. Let N = ({p^{0}} ∪ P_{A} ∪ P_{R}, T, F) be an S^{2}PR, and M_{o} be an initial marking of N. An S^{2}PR with such a marking is said to be acceptably marked if (1) M_{o}(p^{0}) ≥ 1, M_{o}(r) ≥ 1, ∀r ∈ P_{R}, and (3) M_{o}(p) = 0, ∀p ∈ P_{A}. Definition 4 [
23]
. A system of S^{2}PR, named S^{3}PR for abbreviation, is defined recursively as follows: 1.
An S^{2}PR is as well an S^{3}PR
 2.
Let N_{1} and N_{2} be two S^{3}PRs, where N_{1} = ({p^{0}_{1}} ∪ P_{A1} ∪ P_{R1}, T_{1}, F_{1}) and N_{2} = ({p^{0}_{2}} ∪ P_{A2} ∪ P_{R2}, T_{2}, F_{2}), such that ({p^{0}_{1}} ∪ P_{A1}) ∩ ({p^{0}_{2}} ∪ P_{A2}) = ∅, P_{A1} ∩ P_{A2} ≠ P_{C}, P_{R1} ∩ P_{R2} = P_{C} and T_{1} ∩ T_{2} ≠ ∅. Then, the net N = ({p^{0}} ∪ P_{A} ∪ P_{R}, T, F) is also an S^{3}PR resulting from the composition of N_{1} and N_{2} via the set of common P_{C} and defined as follows: (1) p^{0} = {p^{0}_{1}} ∪ {p^{0}_{2}}, P_{R} = P_{R1} ∪ P_{R2}, P_{A} = P_{A1} ∪ P_{A2}, T = T_{1} ∪ T_{2}, F = F_{1} ∪ F_{2}.
The composition of n S^{2}PR N_{1}N_{n} via P_{C}, is denoted by ${\u2a02}_{i=1}^{n}{N}_{i}$. $\overline{{N}_{i}}$ is used to denote the S^{2}P from which the S^{2}PR N_{i} is formed.
Definition 5 [
23]
. Let N = ({p^{0}} ∪ P_{A} ∪ P_{R}, T, F) be an S^{3}PR. M_{o} is an initial marking of N. (N, M_{o}) is said to be an acceptably marked S^{3}PR if (1) (N, M_{o}) is an acceptably marked S^{2}PR, (2) N = N_{1} $\circ $ N_{2}, where (N_{i}, M_{oi}) is said to be an acceptably marked S^{3}PR and∀p ∈ P_{Ai} ∪ {p^{0}_{i}}, M_{o} (p) = M_{oi} (p), ∀i ∈ {1,2}.
∀r ∈ P_{Ri} $\setminus $ P_{C}, M_{o}(r) = M_{oi} (r), ∀i ∈ {1,2}.
∀r ∈ P_{Ri}, M_{o} (p) = max {M_{o1} (r), M_{o2} (r)}, ∀i ∈ {1,2}.
Definition 6 [
23]
. Let N be an S^{3}PR, A nonempty set S ⊆ P is said to be a siphon in N if · $S$ ⊆ $S$·. When a siphon does not include other siphons, it is said to be a minimal siphon. Definition 7 [
24]
. Let S be a minimal siphon in an S^{3}PR N. A minimal siphon S is said to be strict if · $S$ $\u228a$ $S$ ·. Let $\Pi $ = {S_{1}, S_{2}, S_{3}, …, S_{k}} be a set of SMSs of N. We have $S$ = $S$ _{A} $\cup $ $S$ _{R}, $S$ _{R} = $S\text{}\cap $ P_{R}, and $S$_{A} = $S$ \ $S$_{R}, where $S$_{A} denotes the places of operations and $S$_{R} denotes the places of resources. Definition 8 [
23]
. Let r ∈ P_{R} be a reliable resource place in an S^{3}PR N. The operation places that use r are known as the set of holders of r, indicated by H(r) = {p\p ∈ P_{A}, p ∈ ^{.}r ∩ P_{A} ≠ ∅}. $\left[S\right]$ is said to be the complementary set of S if $\left[S\right]{=(\mathrm{U}}_{\mathrm{r}\in {S}_{\mathrm{R}}}\mathrm{H}\left(\mathrm{r}\right))\setminus S\mathrm{A}$. Definition 9 [
24]
. Let (N_{a}, M_{a}) and (N_{b}, M_{b}) be marked Petri nets; N_{i} = (P_{i}, T_{i}, F_{i}, W_{i}), where i = a, b. We call (N, M) with N = (P, T, F, W) a synchronous net resulting from the integration of (N_{a}, M_{a}) and (N_{b}, M_{b}) and denote it as (N_{a}, M_{a}) ∥ (N_{b}, M_{b}) when the following conditions are satisfied: (1) P = P_{a} ∪ P_{b}, and P_{a} ∩ P_{b} = ∅. (2) T = T_{a} ∪ T_{b}. (3) F = F_{a} ∪ F_{b}. (4) W (e) = W_{i} (e), where e ∈ F_{i}, i= a, b. (5) M(p) = M_{i} (p), where p ∈ P_{i}, i = a, b. Definition 10 [
25]
. Let (N, M_{o}) be an S^{3}PR with N = (P_{A} ∪ {p^{0}} ∪ P_{R}, T, F, M_{o}). The deadlock controller for (N, M_{o}) developed by Ezpeleta et al. [1] is denoted as (V, M_{Vo}) = (P_{V}, T_{V}, F_{V}, M_{Vo}), where (1) P_{V} = {V_{S} \ S ∈ $\Pi $} is a set of control places. (2) T_{V} = {t \ t ∈ ·V_{S} ∪V_{S}·}. (3) F_{V} ⊆ (P_{V} × T_{V}) ∪ (T_{V} × P_{V}) is the set of directed arcs that join the control places with transitions (and vice versa). (4) For all V_{S} ∈ P_{V}, M_{Vo} (V_{S}) = M_{Vo} (S) – 1, where M_{Vo} (V_{S}) is called an initial marking of a control place V_{S}. We call (
N_{V},
M_{Vo}) a controlled Petri net model resulting from the integration of (
V,
M_{Vo}) and (
N,
M_{o}), denoted as (
V,
M_{Vo}) ∥ (
N,
M_{o}). A control place or monitor is inserted to each SMS to ensure the liveness of a Petri net, and all SMSs can never be unmarked. The proposed policy is simple and guarantees success. However, it leads to a more complex Petrinetcontrolled system than the original Petri net model, because the number of added monitors is equal to that of the SMSs in the target Petri net model, and the number of associated arcs is larger than that of the added monitors. According to the strict minimal siphon concept, the developed deadlock prevention approach proposed by [
1] is described by Algorithm 1.
Algorithm 1: Strict minimal siphonbased algorithm 
Input: Original S^{3}PR Petri net model (N, M_{o}) 
Output: Controlled net (N_{V}, M_{Vo}). 
Step 1: Compute the set of SMS $\Pi $ for N. 
Step 2: for each S ∈ $\Pi $ doAdd a control place V_{S}. /* By using Definition 10.*/ Add Vs output arcs; all arc weights are unitary. /* By using Definition 10.*/ Add Vs input arcs; all arc weights are unitary. /* By using Definition 10.*/ Compute M_{Vo}(V_{S}). /* By using Definition 10.*/

end for 
Step 3: Output a controlled net (N_{V}, M_{Vo}). 
Step 4: End 
Consider the S
^{3}PR Petri net model shown in
Figure 1. The Petri net model involves eleven places and eight transitions. The places can be described as the following set partition:
P^{0} = {
p_{1},
p_{8}},
P_{R} = {
p_{9},
p_{10},
p_{11}}, and
P_{A} = {
p_{2},
p_{3}, …,
p_{7}}. The model has 20 reachable markings and eight minimal siphons, three of which are SMSs. The siphons are
S_{1} = {
p_{4},
p_{7},
p_{9},
p_{10},
p_{11}},
S_{2} = {
p_{4},
p_{6},
p_{10},
p_{11}}, and
S_{3}= {p_{3},
p_{7},
p_{9},
p_{10}}. According to Definitions 2, 3, and 5
 (1)
For S_{1}: S_{A} = {p_{4}, p_{7}}, S_{R} = {p_{9}, p_{10}, p_{11}}, H (p_{9}) = {p_{2}, p_{7}}, H (p_{10}) = {p_{3}, p_{6}}, H (p_{11}) = {p_{4}, p_{5}}, [S_{1}] = {p_{2}, p_{3}, p_{5}, p_{6}}, ·V_{S}_{1} = {t_{3}, t_{7}}, V_{S}_{1}· = {t_{1}, t_{5}}, and M_{Vo} (V_{S}_{1}) = 2.
 (2)
For S_{2}: S_{A} = {p_{4}, p_{6}}, S_{R} = {p_{10}, p_{11}}, H (p_{10}) = {p_{3}, p_{6}}, H (p_{11}) = {p_{4}, p_{5}}, [S_{2}] = {p_{3}, p_{5}}, ·V_{S}_{2} = {t_{3}, t_{6}}, V_{S}_{2}· = {t_{2}, t_{5}}, and M_{Vo} (V_{S}_{2}) = 1.
 (3)
For S_{3}: S_{A} = {p_{3}, p_{7}}, S_{R} = {p_{10}, p_{11}}, H (p_{10}) = {p_{3}, p_{6}}, H (p_{11}) = {p_{4}, p_{5}}, [S_{3}] = {p_{2}, p_{6}}, ·V_{S}_{3} = {t_{2}, t_{7}}, V_{S}_{3}· = {t_{1}, t_{5}}, and M_{Vo} (V_{S}_{3}) = 1.
After monitors have been added using Algorithm 1, we obtain the controlled Petri net model shown in
Figure 2.
Definition 11. Let (N, M_{o}) be an S^{3}PR with N = (P_{A} ∪ {p^{0}} ∪ P_{R}, T, F, M_{o}). The deadlock controller for (N, M_{o}) developed in Ezpeleta et al. [1] is denoted as (V, M_{Vo}) = (P_{V}, T_{V}, F_{V}, M_{Vo}). Here, (V, M_{Vo}) can be reduced and replaced by a colored common deadlock control subnet, which is a PN N_{DC} = ({p_{combined}}, {T_{DCi} ∪ T_{DCo}}, F_{DC}, C_{vsi}), where p_{combined} is called the merged control place of all monitors P_{V} = {V_{S} \ S ∈ $\Pi $}. T_{DCi} = {t \ t ∈ ^{•}V_{S}}. T_{DCo} = {t \ t ∈ V_{S}^{•}}. F_{DC} ⊆ ({p_{combined}}× {T_{DCi} ∪ T_{DCo}}) ∪ ({T_{DCi} ∪ T_{DCo}}× {p_{combined}}) is the set of arrows that join the merged control place with transitions (and vice versa). C_{cri} is the color that maps p_{combined} into colors C_{vsi} ∈ SC, where SC = ∪_{i}_{∈}_{Vs} {C_{vsi}}. (N_{DC}, M_{DCo}) is called a colored common deadlock control subnet. For all V_{S} ∈ P_{V}, M_{DCo} (p_{combined}) = ∑M_{Vo}(V_{S}), where M_{DCo} (p_{combined}) is an initial token with the colors marking of the merged monitor. Figure 3 shows
p_{combined}, the merged control place of all monitors
P_{V} of the controlled Petri net model from
Figure 2, according to Definition 6.
The output arcs of
p_{combined} are connected to the source transitions
T_{DCo}, which lead to the sink transitions of
S. Transitions
V_{si}^{•} for all monitors
P_{V} augmented from Algorithm 1 are defined as
V_{S}_{1}· = {
t_{1},
t_{5}},
V_{S}_{2}· = {
t_{2},
t_{5}}, and
V_{S}_{3}· = {
t_{1},
t_{5}}. Thus,
T_{DCo} can be denoted as
T_{DCo} = ∪
_{i}_{∈}_{Vs}{
V_{Si}·}, so
T_{DCo} = {2
t_{1},
t_{2}, 3
t_{5}}, as shown in
Figure 4.
The input arcs of
p_{combined} are connected with the output of
$S$, denoted as
T_{DCi}. Transitions ·
V_{si} for all monitors
P_{V} augmented from Algorithm 1 are defined as ·
V_{s}_{1} = {
t_{3},
t_{7}}, ·
V_{s}_{2} = {
t_{3},
t_{6}}, and ·
V_{s}_{3} = {
t_{2},
t_{7}}. Thus,
T_{DCi} can be represented by
T_{DCi} = ∪
_{i}_{∈}_{Vs}{·
V_{si}}, so
T_{DCi} = {
t_{2}, 2
t_{3},
t_{6}, 2
t_{7}}, as shown in
Figure 5.
Moreover,
M_{DCo} (
p_{combined})
= ∑M_{Vo} (
V_{S})
= M_{Vo} (
V_{S}_{1})
+ M_{Vo} (
V_{S}_{2})
+ M_{Vo} (
V_{S}_{3}) = 2 + 1 + 1 = 4. Thus, in the model of the Petri net from
Figure 2, we have three color types:
SC = {
C_{vs}_{1},
C_{vs}_{2},
C_{vs}_{3}}. Therefore, the total number of colored tokens is 4: we have two tokens of
C_{vs}_{1} color, one token of
C_{vs}_{2} color, and one token of
C_{vs}_{3} color, as shown in
Figure 6.
Definition 12. Let (N, M_{o}) be an S^{3}PR with N = (P_{A} ∪ {p^{0}} ∪ P_{R}, T, F, M_{o}) and (N_{DC}, M_{DCo}) a deadlock controller for (N, M_{o}) created by Definition 11 with N_{DC} = {p_{combined}}, {T_{DCi} ∪ T_{DCo}}, F_{DC}, C_{vsi}, M_{DCo}). We call (N_{C}, M_{Co}) a controlled marked Petri net, denoted as (N_{C}, M_{Co}) = (N, M_{o}) ∥ (N_{DC}, M_{DCo}) and called the composition of (N, M_{o}) and (N_{DC}, M_{DCo}), where N_{C} = (P_{A} ∪ {p^{0}} ∪ P_{R} ∪ {p_{combined}}, T ∪ T_{DCi} ∪ T_{DCo}, F ∪ F_{DC}, C_{R}, M_{Co}) be a colored controlled marked S^{3}PR, and R(N_{C}, M_{Co}) be its reachable graph.
Theorem 1. The colored controlled net (N_{C}, M_{Co}) is live.
Proof. We must prove that all transitions T, T_{DCi}, T_{DCo} in (N_{C}, M_{Co}) are live. No strict minimal siphon is emptied. In addition, no new strict minimal siphon is created, since all t_{1} ∈ T are live. For all t_{2} ∈ T_{DCi}; if ∀p_{i} ∈ $\u2022$ t_{2}, M_{C}(p_{i}) > 0, then t_{2} can fire in any case because it is uncontrollable. Thus, M_{C} (p_{combined}) > 0, for all t_{3} ∈ T_{DCo}, if M_{C} (p_{combined}) > 0, then t_{3} can fire. Therefore, controlled net (N_{C}, M_{Co}) is live. □
According to the concepts of SMSs and colored Petri nets, the developed policy is stated in Algorithm 2.
Algorithm 2: Integrated Strict Minimal Siphon And Colored Petri NetsBased Algorithm 
Input: Petri net models (N, M_{o}) and (V, M_{Vo}). 
Output: Colored controlled S^{3}PR Petri net (N_{C}, M_{Co}). 
Step 1: Combine all monitors P_{V} into one monitor (p_{combined}), considering the following steps:Add p_{combined} output arcs T_{DCo}. /* By Definition 11.*/ Add p_{combined} input arcs T_{DCi}. /* By Definition 11.*/ Define colors for monitors P_{V} /* By Definition 11.*/ Compute M_{DCo} (p_{combined}) = ∑M_{Vo} (V_{S}), where M_{DCo} (p_{combined}) is an initial token with the colors marking of a merged monitor. /* By Definition 11.*/

Step 2: Insert the combined monitor into the Petri net model (N, M_{o}). The obtained net is denoted as (N_{C}, M_{Co}). 
Step 3: Output (N_{C}, M_{Co}). 
Step 4: End 
Figure 7 shows the proposed single controller for the controlled Petri net model from
Figure 2 by using Algorithm 2. In the net shown in
Figure 7, when transition
t_{1} fires, the system selects only one token from input place
p_{1}, one token from resource place
p_{9}, one token of color
C_{vs}_{1} from
p_{combined}, and one token of color
C_{vs}_{3} from
p_{combined}, and it transfers them into
p_{2}. Moreover, when transition
t_{2} fires, the system selects only one token from operation place
p_{2}, one token from resource place
p_{10}, and one token of color
C_{vs}_{2} from
p_{combined} and transfers them into
p_{3}. When transition
t_{5} fires, the system selects only one token from input place
p_{8}, one token from resource place
p_{11}, one token of color
C_{vs}_{2} from
p_{combined}, one token of color
C_{vs}_{2} from
p_{combined}, and one token of color
C_{vs}_{3} from
p_{combined} and transfers them into
p_{5}. When transition
t_{2} fires, it creates a color
C_{vs}_{3} on the tokens from
p_{2} and
p_{10} and transfers them into common place
p_{combined}. In addition, when the transition
t_{3} fires, it creates two colors
C_{vs}_{1} and
C_{vs}_{2} on the tokens from
p_{3} and
p_{11} and transfers them into place
p_{combined}. Moreover, when transition
t_{6} fires, the system creates a color
C_{vs}_{2} on the tokens from
p_{5} and
p_{10} and transfers them into place
p_{combined}. Finally, when transition
t_{7} fires, the system creates two colors
C_{vs}_{1} and
C_{vs}_{3} on the tokens from
p_{6} and
p_{9} and transfers them into
p_{combined}.
By default, colors are inherited: when a transition T_{DCo} fires, the system gathers all colored tokens from the input place p_{combined} and then transfers these colored tokens to the output place p_{i}. However, color inheritance can be prohibited by overriding.
After implementing a Petri net model shown in
Figure 7 by using the GPenSIM code, we usually obtain three files: the Petri net definition file (PDF), common processor file (COMMON_PRE file), and main simulation file (MSF).
Figure 8 shows the resulting PDF file and defines the static Petri net model by declaring the sets of places, transitions, and arcs.
Figure 9 shows the MSF file used to compute the simulation results.
Figure 10 displays the resulting MSF COMMON_PRE file and defines the conditions for the enabled failure and recovery transitions to start firing based on the colored tokens, mean time to failure, and mean time to repair.
To make the work more solid and wellpositioned, we have developed a Trustbased colored controlled Petri net (TCCPN) [
26,
27,
28,
29] and comparing the proposed work with relevant TCCPNs.
Definition 13. Let (N _{TM}, M _{TMo}) be a Trustbased colored controlled Petri net (TCCPN) S^{3}PR with N_{TM} = (P_{A} ∪ {p^{0}} ∪ P_{R} ∪ {p_{combined}}, T ∪ T_{DCi} ∪ T_{DCo}, F ∪ F_{DC}, C_{R}, η, τ, ψ, M_{TMo}), and R (N _{TM}, M_{TMo}) be its reachable graph, where
 1.
η is the arcs weight, which denotes the importance or probability of input arcs into a transition. If there is an arc (p, t), η (p, t) = c indicates there is a probability of η (p, t) encouraging the token entering t from p. If the token has a capacity h, the new capacity will be h * c.
 2.
τ is a time guard for transition t ∈ (T ∪ T_{DCi} ∪ T_{DCo}), τ: t → [e, f], τ (t) indicates transition t can only fire during e and f. Particularly, if e = f, that indicates the transition can only occur through e.
 3.
ψ is the threshold of token in p ∈ (P_{A} ∪ {p^{0}} ∪ P_{R} ∪ {p_{combined}}), ψ: p → R, and R is a real type data. Ψ (p) = r_{1}, indicates when the number of tokens in p is less than or equal to r_{1}, p can reach a new position.
To model a TCCPN, there are many types of factors that can have an influence on trust in colored controlled net S^{3}PR, and a nonnegative real number can represent the value of each factor type. An assessment process will consume factors for aggregating a new trust value. We use E^{in} to characterize the input factors consumed and use E^{out} to characterize the aggregation trust value. For an assessment process AP_{k}, E^{in}(AP_{k}) is related to the input place and E^{ou} (AP_{k}) is related to the output place. There are rules for firing transitions in a TCCPN and are stated as below:
Definition 14. Let (N _{TM}, M _{TMo}) be a Trustbased colored controlled Petri net (TCCPN) S^{3}PR with N_{TM} = (P_{A} ∪ {p^{0}} ∪ P_{R} ∪ {p_{combined}}, T ∪ T_{DCi} ∪ T_{DCo}, F ∪ F_{DC}, C_{R}, η, τ, ψ, M_{TMo}), a transition T_{k} under the marking M can be fired when the following conditions are satisfied:
 1.
t ∈ τ(T_{k})
 2.
E^{in}(AP_{k}) > 0
 3.
E^{out}(AP_{k}) ≥ Ψ(p_{i})
 4.
for all p ∈ ·t, M(p) ≥ W (p, t)
where τ(t) is the valid firing time in TCCPN, and E^{in} (AP_{k}) is the current value of the token in the input place. E^{out} (AP_{k}) is the current value of the token in the output place, and Ψ (p_{i}) is the threshold for entering p_{i}. Note that an assessment process AP_{k} may have more than one input place and output place.
In addition, there are rules for new markings, when a transition
t fires, a token value can be changed and it will be kept in a new place because of the threshold,
E^{out}(
AP_{k}) =
${\sum}_{i=1}^{nf}$ η_{i} *
E^{in}_{i}(
AP_{k}), where
nf is the number of input factors. Then, the new marking will be changed as
M′(
p)
= M(
p)
− W(
p,
t)
+ W(
t,
p). In order to demonstrate the TCCPN, reconsider
Figure 7, it describes a system as follows:
τ(t): τ(t_{1}) = 0, τ(t_{2}) = 3, τ(t_{3}) = 2, τ(t_{4}) = 4, τ(t_{5}) = 0, τ(t_{6}) = 4, τ(t_{7}) = 5, τ(t_{8}) = 3;
M_{o} = (p_{1} p_{2} p_{3} p_{4} p_{5} p_{6} p_{7} p_{8} p_{9} p_{10} p_{11} p_{combined}) = (3 0 0 0 0 0 0 3 1 1 1 4);
Assessment process is a combined place Ap_{combined}
The input assessment process is T_{k} = {t_{2},2t_{3}, t_{6}, 2t_{7}}
The importance on arcs: η (p_{2}, t_{2}) = 0.5, η(p_{10}, t_{2}) = 0.5, η(p_{3}, t_{3}) = 0.5, η(p_{11}, t_{3}) = 0.5, η(p_{5}, t_{6}) = 0.5, η(p_{10,} t_{5}) = 0.5, η(p_{6}, t_{7}) = 0.5, η(p_{9}, t_{7}) = 0.5
The factors’ values of E^{in} (Ap_{combined}): if t_{2} enabled, E^{in}_{1}(Ap_{combined}) = (1, 1), if t_{3} enabled_{,} E^{in}_{2}(Ap_{combined}) = (2, 2), if t_{6} enabled_{,} E^{in}_{3}(Ap_{combined}) = (1, 1), if t_{7} enabled_{,} E^{in}_{4}(Ap_{combined}) = (2, 2).
Ψ(p): Ψ(p_{1}) = 0, Ψ(p_{2}) = 0, Ψ(p_{3}) = 0, Ψ(p_{4}) = 0, Ψ(p_{5}) = 0, Ψ(p_{6}) = 0, Ψ(p_{7}) = 0, Ψ(p_{8}) = 0, Ψ(p_{9}) = 0, Ψ(p_{10}) = 0, Ψ(p_{11}) = 0, and Ψ (p_{combined}) ≤ 4
Places p_{1}, p_{2}, p_{3}, p_{4}, p_{5}, p_{6}, p_{7}, p_{8}, p_{9}, p_{10} and p_{11} obtain tokens unconditionally, their thresholds are set as zero. t_{2}, t_{3}, t_{6}, t_{7} represent the four transitions that can fire. If any of four transitions fires, new tokens with colors are built. For example, when transition t_{2} fires, it creates a color C_{vs}_{3} on the tokens from p_{2} and p_{10} and transfers them into common place p_{combined}. For transition t_{2,} there are two factors: p_{2} and p_{10}
E^{out}(Ap_{combined}) = ${\sum}_{i=1}^{nf}$ η_{i} * E^{in}_{i} (Ap_{combined}) = η_{1}* E^{in}_{1}(Ap_{combined}) + η_{2}* E^{in}_{2}(Ap_{combined}) = 0.5*1 + 0.5*1= 1. Since if the current tokens in p_{combined} place + 1 ≤ 4, p_{combined} can be reached.
If transition t_{3} fires, it creates colors C_{vs1} and C_{vs2} on the tokens from p_{3} and p_{11} and transfers them into common place p_{combined}. For transition t_{3,} there are two factors: p_{3} and p_{11}
E^{out}(Ap_{combined}) = ${\sum}_{i=1}^{nf}$ η_{i} * E^{in}_{i} (Ap_{combined}) = η_{1}* E^{in}_{1}(Ap_{combined}) + η_{2}* E^{in}_{2}(Ap_{combined}) = 0.5*2 + 0.5*2 = 2. Since if the current tokens in p_{combined} place + 2 ≤ 4 p_{combined} can be reached.
When transition t_{6} fires, it creates a color C_{vs2} on the tokens from p_{5} and p_{10} and transfers them into common place p_{combined}. For transition t_{6,} there are two factors: p_{5} and p_{10}
E^{out}(Ap_{combined}) = ${\sum}_{i=1}^{nf}$ η_{i} * E^{in}_{i}(Ap_{combined}) = η_{1}* E^{in}_{1}(Ap_{combined}) + η_{2}* E^{in}_{2}(Ap_{combined}) = 0.5*1 + 0.5*1 = 1. Since if the current tokens in p_{combined} place + 1 ≤ 4 p_{combined} can be reached.
If transition t_{7} fires, it creates colors C_{vs}_{1} and C_{vs}_{3} on the tokens from p_{6} and p_{9} and transfers them into common place p_{combined}. For transition t_{7,} there are two factors: p_{6} and p_{9}
E^{out}(Ap_{combined}) = ${\sum}_{i=1}^{nf}$ η_{i} * E^{in}_{i}(Ap_{combined}) = η_{1}* E^{in}_{1}(Ap_{combined}) + η_{2}* E^{in}_{2}(Ap_{combined}) = 0.5*2 + 0.5*2 = 2. Since if the current tokens in p_{combined} place + 2 ≤ 4 p_{combined} can be reached.
Finally, comparing the proposed work with a relevant developed TCCPN is shown in
Section 4.
4. Case Study
In this section, we show the results of the experiments with the proposed approach. Specifically, we use an AMS example available in the literature: the AMS Petri net model given in Piroddi et al. [
30], Chen et al. [
8], Chen and Li [
31], Chen et al. [
32], and TCCPN [
26,
27,
28,
29]. The Petri net model is displayed in
Figure 11; it includes 14 transitions and 19 places. The places can be described as the following set partition:
P^{0} = {
p_{1,} p_{19}},
P_{R} = {
p_{13}, …,
p_{18}}, and
P_{A} = {
p_{2}, …,
p_{14}}. The properties of the developed Petri net models are obtained using the free GPenSIM tool [
22]. We find that it has 282 reachable markings, and the system is not live (it has a deadlock).
We apply the proposed deadlockprevention algorithm to this case study. Without considering recovery subnets, the system model has five SMSs that may be empty: S_{1} = {p_{7}, p_{12}, p_{13}, p_{14}, p_{15}, p_{16}, p_{17}, p_{18}}, S_{2} = {p_{5}, p_{12}, p_{13}, p_{16}, p_{17}}, S_{3} = {p_{2}, p_{7}, p_{12}, p_{14}, p_{15}, p_{16}, p_{17}, p_{18}}, S_{4} = {p_{2}, p_{7}, p_{10}, p_{12}, p_{14}, p_{15}, p_{17}, p_{18}}, and S_{5} = {p_{2}, p_{5}, p_{12}, p_{16}, p_{17}}. Based on the suggested deadlockprevention algorithm (Algorithm 1), five monitors are inserted to protect the five SMSs from being emptied. The required control places using Algorithm 1 are designed as follows:
 (1)
^{•}V_{S}_{1} = {t_{7}, t_{13}}, V_{S}_{1}^{•} = {t_{1}, t_{9}}, and M_{Vo}(V_{S}_{1}) = 5.
 (2)
^{•}V_{S}_{2} = {t_{4}, t_{5}, t_{13}}, V_{S}_{2}^{•} = {t_{1}, t_{11}}, and M_{Vo}(V_{S}_{2}) = 2.
 (3)
^{•}V_{S}_{3} = {t_{7}, t_{13}}, V_{S}_{3}^{•} = {t_{1}, t_{9}}, and M_{Vo}(V_{S}_{3}) = 4.
 (4)
^{•}V_{S}_{4} = {t_{7}, t_{11}}, V_{S}_{4}^{•} = {t_{1}, t_{9}}, and M_{Vo}(V_{S}_{4}) = 3.
 (5)
^{•}V_{S}_{5} = {t_{4}, t_{13}}, V_{S}_{5}^{•} = {t_{2}, t_{11}}, and M_{Vo}(V_{S}_{5}) = 3.
By Definition 11, a deadlock control subnet of the Petri net model illustrated in
Figure 11 is
N_{DC} = (
p_{combined}, {
T_{DCi},
T_{DCo}},
F_{DC},
C_{vsi}), where
T_{DCo} = {4
t_{1},
t_{2},
t_{3}, 3
t_{9}, 2
t_{11}}, and
T_{DCi} = {2
t_{4},
t_{5}, 3
t_{7}, 4
t_{13}}. The initial token with a color marking of a combined monitor is
M_{DCo}(
p_{combined})
= ∑M_{Vo}(
V_{S})
= M_{Vo}(
V_{S}_{1})
+ M_{Vo}(
V_{S}_{2})
+ M_{Vo}(
V_{S}_{3})
+ M_{Vo}(
V_{S}_{4})
+ M_{Vo}(
V_{S}_{5}) = 5 + 2 + 4 + 3 + 1 = 15 tokens. Thus, in the Petri net model illustrated in
Figure 11, there are five color types, which are
SC = {C_{vs}_{1},
C_{vs}_{2},
C_{vs}_{3},
C_{vs}_{4},
C_{vs}_{5}}. Therefore, the total number of colored tokens is 15: five tokens of color
C_{vs}_{1}, two tokens of color
C_{vs}_{2}, four tokens of color
C_{vs}_{3}, three tokens of color
C_{vs}_{4}, and one token of color
C_{vs}_{5}, as shown in
Figure 11.
In the net displayed in
Figure 11, when transition
t_{1} fires, the system selects only one token from input place
p_{1}, one token from resource place
p_{17.} Additionally, the system selects tokens from
p_{combined}: one token of color
C_{vs}_{1}, one token of color
C_{vs}_{2}, one token of color
C_{vs}_{3}, and one token of color
C_{vs}_{4}. If transition
t_{2} is fired, the system selects only one token from place
p_{2}, one token from resource place
p_{16}, and one token of color
C_{vs}_{5} from
p_{combined}. Moreover, when transition
t_{3} fires, the system selects only one token from input place
p_{2}, one token from resource place
p_{13}, and one token of color
C_{vs}_{3} from
p_{combined}.
If transition t_{9} fires, the system selects only one token from input place p_{19}, one token from resource place p_{18}, one token of color C_{vs}_{1} from p_{combined}, one token of color C_{vs}_{3} from p_{combined}, and one token of color C_{vs}_{4} from p_{combined}. In addition, when transition t_{11} fires, the system selects only one token from input place p_{9}, one token from resource place p_{15}, one token from resource place p_{17}, one token of color C_{vs}_{2} from p_{combined}, and one token of color C_{vs}_{5} from p_{combined}.
When transition t_{4} fires, the system creates two colored tokens—one of color C_{vs}_{2} and one of color C_{vs}_{5}—and transfers them into the common place p_{combined}. Moreover, when transition t_{5} fires, the system adds color C_{vs}_{2} to the tokens and transfers them into the common place p_{combined}. If transition t_{7} fires, the system creates three colored tokens—one of color C_{vs}_{1}, one of color C_{vs}_{3}, and one of color C_{vs}_{4}—and transfers them into the common place p_{combined}. Finally, when transition t_{13} fires, the system creates four colored tokens—one of color C_{vs}_{1}, one of color C_{vs}_{2}, one of color C_{vs}_{3}, and one of color C_{vs}_{5}—and transfers them into the common place p_{combined}.
To test and validate the developed GPenSIM code, we compared it with the methods in Piroddi et al. [
30], Chen et al. [
8], Chen and Li [
31], Chen et al. [
32], and TCCPN [
26,
27,
28,
29]. The simulation was undertaken for 480 min. After running and simulating the Petri net model in MATLAB, we obtained the results summarized in
Table 2 and
Table 3.
Table 2 shows the results in terms of the number of monitors, number of arcs, liveness, and reachable marking. We observe that the proposed approach provides a supervisor with only a single control place and 9 arcs, both of which are minimal compared with other techniques in Piroddi et al. [
30], Chen et al. [
8], Chen and Li [
31], and Chen et al. [
32].
Table 3 displays the results in terms of utilization of the robots and machines, throughput of Part A and Part B, workinprocess (WIP), and total time in system (throughput time). In terms of the resource utilization, all methods obtain approximately the same values, as shown in
Figure 12. Moreover, from the viewpoint throughput, the proposed method can provide greater throughput than other techniques as shown in
Figure 13. In term of WIP, the proposed method leads to better WIP than the other techniques as shown in
Figure 14. With respect to throughput time of Part A and Part B, overall, the proposed method can obtain less throughput time than other techniques as shown in
Figure 15 and
Figure 16. Therefore, the proposed method is valid, it can give sufficiently accurate results, and it can potentially be applied to other cases.