Continuous Reachability for Unordered Data Petri nets is in PTime

Unordered data Petri nets (UDPN) are an extension of classical Petri nets with tokens that carry data from an infinite domain and where transitions may check equality and disequality of tokens. UDPN are well-structured, so the coverability and termination problems are decidable, but with higher complexity than for Petri nets. On the other hand, the problem of reachability for UDPN is surprisingly complex, and its decidability status remains open. In this paper, we consider the continuous reachability problem for UDPN, which can be seen as an over-approximation of the reachability problem. Our main result is a characterization of continuous reachability for UDPN and polynomial time algorithm for solving it. This is a consequence of a combinatorial argument, which shows that if continuous reachability holds then there exists a run using only polynomially many data values.


Introduction
The theory of Petri Nets has been developing since more than 50 years. On one hand, from a theory perspective, Petri Nets are interesting due to their deep mathematical structure and despite exhibiting nice properties, like being a well structured transition system [1], we still don't understand them well. On the other hand, Petri Nets are a useful pictorial formalism for modeling and thus found their way to the industry. To connect this theory and practice, it would be desirable to use the developed theory of Petri Nets [2,3,4] for the symbolic analysis and verification of Petri Nets models. However, we already know that this is difficult in its full generality. It suffices to recall two results that were proved more than 30 years apart. An old but classical result by Lipton [5] shows that even coverability is ExpSpace-hard, while the non-elementary hardness of the reachability relation has just been established this year [6]. Moreover, when we look at Petri nets based formalisms that are needed to model various aspects of industrial systems, we see that they go beyond the expressivity of Petri Nets. For instance, colored Petri nets, which are used in modeling workflows [7], allow the tokens to be colored with an infinite set of colors, and introduce a complex formalism to describe dependencies between colors. This makes all verification problems undecidable for this generic model. Given the basic nature and importance of the reachability problem in Petri nets (and its extensions), there have been several efforts to sidestep the complexity-theoretic hardness results. One common approach is to look for easy subclasses (such as bounded nets [8], free-choice nets [9] etc). The other approach, which we adopt in this work, is to compute over-approximations of the reachability relation.
Continuous reachability. A natural question regarding the dynamics of a Petri net is to ask what would happen if tokens instead of behaving like discrete units start to behave like a continuous fluid? This simple question led us to an elegant theory of so-called continuous Petri nets [10,11,12]. Petri nets with continuous semantics allow markings to be functions from places to nonnegative rational numbers (i.e., in Q + ) instead of natural numbers. Moreover, whenever a transition is fired a positive rational coefficient is chosen and both the number of consumed and produced tokens are multiplied with the coefficient. This allows to split tokens into arbitrarily small parts and process them independently. This for instance may occur in applications related to hybrid systems where the discrete part is used to control the continuous systems [13,14]. Interestingly, this makes things simpler to analyze. For example reachability under the continuous semantics for Petri nets is P T ime-complete [11].
However, when one wants to analyze extensions of Petri nets, for example reset Petri Nets with continuous semantics, it turns out that reachability is as hard as reachability in reset Petri nets under the usual semantics i.e. it is undecidable 3 . In this paper we identify an extension of Petri nets with unordered data, for which this is not the case and continuous semantics leads to a substantial reduction in the complexity of the reachability problem.
Unordered data Petri Nets. The possibility of equipping tokens with some additional information is one of the main lines of research regarding extensions of Petri Nets, the best known being Colored Petri Nets [15] and various types of timed Petri Nets [16,17]. In [18] authors equipped tokens with data and restricted interactions between data in a way that allow to transfer techniques for well structured transition systems. They identified various classes of nets exhibiting interesting combinatorial properties which led to a number of results [19,20,21,22,23]. Unordered Data Petri Nets (UDPN), are simplest among them: every token carries a single datum like a barcode and transitions may check equality or disequality of data in consumed and produced tokens. UDPN are the only class identified in [18] for which the reachability is still unsolved, although in [20] authors show that the problem is at least Ackermannian-hard (for all other data extensions, reachability is undecidable). A recent attempt to over-approximate the reachability relation for UDPN in [22] considers integer reachability i.e. number of tokens may get negative during the run (also called solution of the state equation). From the above perspective, this paper is an extension of the mentioned line of research.
Our contribution. Our main contribution is a characterization of continuous reachability in UDPN and a polynomial time algorithm for solving it. Observe that if we find an upper bound on the minimal number of data required by a run between two configurations (if any run exists), then we can reduce continuous reachability in UDPN to continuous reachability in vanilla Petri nets with an exponential blowup and use the already developed characterization from [11]. In Section 5 we prove such a bound on the minimal number of required data. The bound is novel and exploits techniques that did not appear previously in the context of data nets. Further, the obtained bounds are lower than bounds on the number of data values required to solve the state equation [22], which is surprising considering that existence of a continuous run requires a solution of a sort of state equation. Precisely, the difference is that we are looking for solutions of the state equation over Q + instead of N and in this case we prove better bounds for the number of data required. This also gives us an easy polytime algorithm for finding Q + -solutions of state equations of UDPN (we remark that for Petri nets without data, this appears among standard algebraic techniques [24]).
Finally, with the above bound, we solve continuous reachability in UDPN by adapting the techniques from the non-data setting of [12,25]. We adapt the characterization of continuous reachability to the data setting and next encode it as system of linear equations with implications. In doing so, however, we face the problem that a naive encoding (representing data explicitly) gives a system of equations of exponential size, giving only an ExpTime-algorithm. To improve the complexity, we use histograms, a combinatorial tool developed in [22], to compress the description of solutions of state equations in UDPNs. However, this may lead to spurious solutions for continuous reachability. To eliminate them, we show that it suffices to first transform the net and then apply the idea of histograms to characterize continuous runs in the modified net. The whole procedure is described in Section 7.3 and leads us to our P T ime algorithm for continuous reachability in UDPN. Note that since we easily have P T ime hardness for the problem (even without data), we obtain that the problem of continuous reachability in UDPN is P T ime-complete.
Towards verification. Over-approximations are useful in verification of Petri nets and their extensions: as explained in [24], for many practical problems, over-approximate solutions are already correct. Further, we can use them as a sub-routine to improve the practical performance of verification algorithms. A remarkable example is the recent work in [25], where the P T ime continuous reachability algorithm for Petri nets from [11] is used as a subroutine to solve the ExpSpace hard coverability problem in Petri nets, outperforming the best known tools for this problem, such as Petrinizer [26]. Our results can be seen as a first step in the same spirit towards handling practical instances of coverability, but for the extended model of UDPN, where the coverability problem for UDPN is known to be Ackermannian-hard [20].

Preliminaries
We denote integers, non-negative integers, rationals, and reals as Z, N, Q, and R, respectively. For a set X ⊆ R denote by X + , the set of all non-negative elements of X. We denote by 0, a vector whose entries are all zero. We define in a standard point-wise way operations on vectors i.e. scalar multiplication ·, addition +, subtraction −, and vector comparison ≤. In this paper, we use functions of the type X → (Y → Z), and instead of (f (x))(y), we write f (y, x). For functions f, g where the range of g is a subset of the domain of f , we denote their composition by f • g. If π is an injection then by π −1 we mean a partial function such that π −1 • π is the identity function. Let f : X 1 → Y , g : X 2 → Y be two functions with addition and scalar multiplication operations defined on Y.
A scalar multiplication of a function is defined as follows (a·f )(x) = a·f (x) for all x ∈ X 1 . We lift addition operation to functions pointwise, i.e. f +g : We use matrices with rows and columns indexed by sets S 1 , S 2 , possibly infinite. For a matrix M , let M (r, c) denote the entry at column c and row r, and M (r, •),M (•, c) denote the row vector indexed by r and column vector indexed by c, respectively. Denote by col (M ), row (M ) the set of indices of nonzero columns and nonzero rows of the matrix M , respectively. Even if we have infinitely many rows or columns, our matrices will have only finitely many nonzero rows and columns, and only this nonzero part will be represented. Following our nonstandard matrix definition we precisely define operations on them, although they are natural. First, a multiplication by a constant number produces a new matrix with row and columns labelled with the same sets S 1 , S 2 and defined as follows (a · M )(r, c) = a · (M (r, c)) for all (r, c) ∈ S 1 × S 2 . Addition of two matrices is only defined if the sets indexing rows S 1 and columns S 2 are the same for both summands M 1 and M 2 , ∀(r, c) ∈ S 1 × S 2 the sum (M 1 + M 2 )(r, c) = M 1 (r, c) + M 2 (r, c), the subtraction M 1 − M 2 is a shorthand for M 1 + (−1) · M 2 . Observe that all but finitely many entries in matrices are 0, and therefore when we do computation on matrices we can restrict to rows row (M 1 ) ∪ row (M 2 ) and columns col (M 1 ) ∪ col (M 2 ). Similarly the comparison for two matrices M 1 , M 2 is defined as follows ; relations >, ≥, ≤ are defined analogically. The last operation which we need is matrix multiplication M 1 · M 2 = M 3 , it is only allowed if the set of columns of the first matrix M 1 is the same as the set of rows of the second matrix M 2 , the sets of rows and columns of the resulting matrix M 3 are rows of the matrix M 1 and columns of M 2 , respectively. M 3 (r, c) = k M 1 (r, k)M 2 (k, c) where k runs through columns of M 1 . Again, observe that if the row or a column is equal to 0 for all entries then the effect of multiplication is 0, thus we may restrict to row (M 1 ) and col (M 2 ). Moreover in the sum it suffices to write k∈col(M1) M 1 (r, k)M 2 (k, c).

UDPN, reachability and its variants: Our main results
Unordered data Petri nets extend the classical model of Petri nets by allowing each token to hold a data value from a countably-infinite domain D. Our definition is closest to the definition of ν-Petri Nets from [27]. For simplicity we choose this one instead of using the equivalent but complex one from [18]. Definition 1. Let D be a countably infinite set. An unordered data Petri net (UDPN) over domain D is a tuple (P, T, F, Var ) where P is a finite set of places, T is a finite set of transitions, Var is a finite set of variables, and F : (P × T ) ∪ (T × P ) → (Var → N) is a flow function that assigns each place p ∈ P and transition t ∈ T a function over variables in Var.
For each transition t ∈ T we define functions F (•, t) and For X ∈ {N, Z, Q, Q + }, we define an X-marking as a function M : D → (P → X) that is constant 0 on all except finitely many values of D. Intuitively, M (p, α) denotes the number of tokens with the data value α at place p. The fact that it is 0 at all but finitely many data means that the number of tokens in any X-marking is finite. We denote the infinite set of all X-markings by M X .
We define an X-step as a triple (c, t, π) for a transition t ∈ T , mode π being an injective map π : Var → D, and a scalar constant c ∈ X + . An X-step (c, t, π) is fireable at a X- The X-marking f reached after firing an X-step (c, t, π) at i is given as f = i + c · ∆(t) • π −1 . We also say that an X-step (c, t, π) when fired consumes tokens c·F (•, t)• π −1 and produces tokens c·F (t, •)• π −1 . We define an X-run as a sequence of X-steps and we can represent it as {(c i , t i , π i )} |ρ| where (c i , t i , π i ) is the i th X-step and |ρ| is the number of X-steps.
− → X f we denote that ρ is fireable at i and after firing ρ at i we reach X-marking as the effect of the run and denote it by ∆(ρ).
We fix some notations for the rest of the paper. We use Greek letters α, β, γ to denote data values from data domain D, ρ, σ to denote a run, π to denote a mode and x, y, z to denote the variables. When clear from the context, we may omit X from X-marking, X-run and just write marking, run, etc. Further, we will use letters in bold, e.g., m to denote markings, where i , f will be used for initial and final markings respectively. Further, throughout the paper, unless stated explicitly otherwise, we will refer to a UDPN N = (P, T, F, Var ), therefore P, T, F, Var will denote the places, transitions, flow, and variables of this UDPN.
, and an assignment of 0 to every variable for the remaining of the pairs. Thus, for enabling transition p 1 and p 2 must have one token each with a different data value (since x = y) and after firing two tokens are produced in p 3 with same data value as was consumed from p 1 and two tokens are produced in p 4 , one of whom has same data as consumed from p 2 .
When X = N, X-reachability is the classical reachability problem, whose decidability is still unknown, while Z-reachability for UDPN is in NP [22]. In this paper we tackle Q and Q + -reachability, also called continuous reachability in UDPN.
The first step towards the solution is showing that if a Q + -marking f is Q + -reachable from a Q + -marking i , then there exists a Q + -run ρ which uses polynomially many data values and i ρ − → Q + f . We first formalize the set of distinct data values associated with X-markings, data values used in X-runs and variables associated with a transition.
With this we state the first main result of this paper, which provides a bound on witnesses of Q, Q + -reachability, and is proved in Section 5.
Using the above bound, we obtain a polynomial time algorithm for Q-reachability, as detailed in Section 6.
Finally, we consider continuous, i.e., Q + -reachability for UDPN. We adapt the techniques used for Q + -reachability of Petri nets without data from [11,12] to the setting with data, and obtain a characterization of Q + -reachability for UDPN in Section 7.1. Finally, in Section 7.3, we show how the characterization can be combined with the above bound and compression techniques from [22] to obtain a polynomial sized system of linear equations with implications over Q + . To do so, we require a slight transformation of the net which is described in Section 7.2.
This leads to our headline result, stated below.

Theorem 3 (Continuous reachability for UDPN). Given
The rest of this paper is dedicated to proving these theorems. First, we present an equivalent formulation via matrices, which simplifies the technical arguments.

Equivalent formulation via Matrices
From now on, we restrict X to a symbol denoting Q or Q + . We formulate the definitions presented earlier in terms of matrices, since defining object such as X-marking as functions is intuitive to define but difficult to operate upon. In the following, we abuse the notation and use the same names for objects as well as matrices representing them. We remark that this is safe as all arithmetic operations on objects correspond to matching operations on matrices.
An X-marking m is a P × D matrix M , where ∀p ∈ P, ∀α ∈ D, M (p, α) = m(p, α). As a finite representation, we keep only a P × dval (m) matrix of nonzero columns. For a transition t ∈ T , we represent F (t, •), F (•, t) as P × Var matrices. Note that (t, •) is not the position in the matrix, but is part of the name of the matrix; its entry at (i, j) ∈ P × Var is given by for t ∈ T, p ∈ P, and x ∈ Var . Although, both ∆(t) and F (•, t) are defined as P × Var matrices, only the columns for variables in vars(t) may be non-zero, so often we will iterate only over vars(t) instead of Var.
Finally, we capture a mode π : Var → D as a Var × D permutation matrix P. Although P may not be a square matrix, we abuse notation and call them permutation matrices. P basically represents assignment of variables in Var to data values just like π does. An entry of 1 represents that the corresponding variable is assigned corresponding data value in mode π. Thus, for each mode π : Var → D there is a permutation matrix P π , such that for all x ∈ Var , α ∈ col (P π ), P π (x, α) = 1 if π(x) = α, and P π (x, α) = 0 otherwise. Formulating a mode as a permutation matrix has the advantage that ∆(t) • π −1 is captured by ∆(t) · P π where P π can be represented as a sub-matrix of actual P π , whose set of row indices is limited to the set of column indices of the matrix ∆(t).
Example 2. In the UDPN N 1 from Example 1, the initial marking i can be represented by the matrix i below and the function ∆(t) by the matrix ∆(t) If we fire transition t with the assignment x = blue, y = green, z = black, we get the following net depicted below (left), with marking f (below center). The permutation matrix corresponding to the mode of fired transition is given by P matrix on the right. Note that the matrix f − i is indeed the matrix ∆(t) · P.
Using the representations developed so far we can represent an X-run ρ as {(c i , t i , P i )} |ρ| where (c i , t i , P i ) denotes the i th X-step fired with coefficient c i using transition t i with a mode corresponding to the permutation matrix P i . The sum of the matrices ( |ρ| i=1 c i ∆(t i ) · P i ) gives us the effect of the run i.e.

Bounding number of data values used in Q, Q + -run
We now prove the first main result of the paper, namely, Theorem 1, which shows a linear upper bound on the number of data values required in a Q + -run and a Q-run. Theorem 1 is an immediate consequence of the following lemma, which states that if more than a linearly bounded number of data values are used in a Q or Q + run, then there is another such run in which we use at least one less data value.
By repeatedly applying this lemma, Theorem 1 follows immediately. The rest of this section is devoted to proving this lemma. The central idea is to take any Q or Q + -run between i , f and transform it to use at least one data value less.

Transformation of an X-run
The transformation which we call decrease is defined as a combination of two separate operations on an X-run; we name them uniformize and replace and denote them by U and R respectively.
uniformize takes an X-step and a non-empty set of data values E as input and produces an X-run, such that in the resultant run, the effect of the run for each data value in E is equal. -replace takes an X-step, a single data value α, and a non-empty set of data values E as input and outputs an X-step which doesn't use data value α.
The intuition behind the decrease operation is that we would like to take two data values α and β used in the run such that effect on both of them is 0 (they exists as the effect on every data value not present in the initial of final configuration is 0) and replace usage of α by β. However, such a replacement can only be done if both data are not used together in a single step (indeed, a mode π cannot assign the same data values to two variables). Unfortunately we cannot guarantee the existence of such a β that may replace α globally. We circumvent this by applying the replace operation separately for every step, replacing α with different data values in different steps. But such a transformation would not preserve the effect of the run. To repair this aspect we uniformize i.e. guarantee that the final effect after replacing α by other data values is equal for every datum that is used to replace α. As the effect on α was 0 then if we split it uniformly it adds 0 to effects of data replacing α, which is exactly what we want. We now formalize this intuition below.
The uniformize operator. By c we denote an operator of concatenation of two sequences. Although the data set D is unordered, the following definitions require access to an arbitrary but fixed linear order on its elements. The definition of the uniformize operator needs another operator to act on an X-step, which we call rotate and denote by rot.
Definition 4. For a non-empty set of data values E ⊂ D and an X-step, ω = (c, t, P), define rot (E, ω) = (c, t, P ′ ) where P ′ is obtained from P as follows.
For a fixed set E, we can repeatedly apply rot(E, •) operation on an X-step, which we denote by rot k (E, ω), where k is the number of times we applied the operation (for example: rot 2 (E, ω) = rot (E, (rot (E, ω))).
Definition 5. For a non-empty set of data values E ⊂ D and an X-step ω = (c, t, P), we define uniformize as follows ). An important property of uniformize is its effect on data values.
This lemma tells us the effect of the run on the initial marking is equalized for data values in E by the U operation, and is unchanged for the other data values.
The replace operator. To define the replace operator it is useful to introduce swap α,β (P) which exchanges columns α and β in the matrix P.
Definition 6. For a set of data values E, an X-step ω = (c, t, P), and α ∈ E we define replace as follows After applying the replace operation α is no longer used in the run, which reduces the number of data values used in the run. Observe that replace can not be always applied to an X-step. It requires a zero column labelled with an element from E in the permutation matrix corresponding to the X-step.
The decrease transformation. Now we are ready to define the final transformation on an X-run between two markings which we call decrease and denote by dec.
where σ(j) denotes the j th X-step of σ.
Observe that the required size of dval (σ) guarantees existence of a β ∈ E which can be replaced with α, for every application of the R operation. Note that the exchanged data value β could be different for each step. Finally, we can analyze the decrease transformation and show that if the original run allows for the decrease transformation (as given in the above definition), then after the application of it, the resulting sequence of transitions is a valid run of the system.
Proof. Suppose σ = σ 1 σ 2 . . . σ l where each σ j = (c j , t j , P j ), for 1 ≤ j ≤ l is an X-step. Then ρ = ρ 1 c . . . c ρ l , where each ρ j is an X-run defined by ρ j = U(E, R(α, E, σ j )). It will be useful to identify intermediate X-markings We split the proof: first we show that f = f ′ and then ρ is X-fireable from i .
Step 1: Showing that the final markings reached are the same. We prove a stronger statement which implies that f = f ′ , namely: The proof is obtained by induction on j, and is a resulting computations as detailed in Appendix 9.1. Intuitively, point 1 holds as we shift effects on α to β-s, point 2 holds as the transformation does not touch γ ∈ dval (i ) ∪ dval (f ). The last most complicated point follows from the fact that the number of tokens consumed and produced along each is the same as for σ j , but uniformized over E.
Step 2: Showing that ρ is an X-run. If X = Q then the run ρ is fireable, as any Q-run is fireable, so in this case this step is trivial. The case when X = Q + is more involved. As we know from claim 1 , each m ′ j is a Q + -marking, so it suffices to prove that for every j, m ′ j U (E,R(α,E,σj)) Consider a data vector of tokens consumed along the Q + -run U(E, R(α, E, σ j )). If we show that it is smaller than or equal to m ′ j (component-wise), then we can conclude that U(E, R(α, E, σ j )) is indeed Q + -fireable from m ′ j . To show this, we examine the consumed tokens for each datum γ separately. There are three cases: (i) γ = α. For this case, every step in U(E, R(α, E, σ j )) does not make any change on α so tokens with data value α are not consumed along the Q +run U(E, R(α, E, σ j )). (ii) γ ∈ dval (i ) ∪ dval (f ). This is similar to the above case. Consider any data value γ ∈ (dval (σ)\E) \ {α}. Since γ does not change on rotate operation, the U operation causes each Q-step in U(E, R(α, E, σ j )) to consume 1 |E| of the tokens with data value γ consumed when σ j is fired. This is repeated |E| times and hence the vector of tokens with data value γ consumed along U(E, R(α, E, σ j )) is equal to the vector of tokens with value γ consumed by step σ j . But we know that, it is smaller than m j (•, γ) and concluding smaller than m ′ j (•, γ). The last inequality is true as Let ω be a triple (c j , F (•, t j ), P j ) where (c j , t j , P j ) = σ j . ω simply describes tokens consumed by σ j . We slightly overload the notation and treat a triple ω like a step, where F (•, t j ) represents a transition " " for which F (•, ) = F (•, t j ) and F ( , •) is a zero matrix. We calculate the vector of consumed tokens with data value γ as follows: the first equality is from definition and the second by the replace operation, Further, observe that as σ j can fired in m j summing up over δ ∈ E ∪ {α} and multiplying with 1 |E| we get where the last equality comes from Claim 1 point 3. Combining inequalities we get consumed(•, γ) ≤ m ′ i (•, γ). Proof (of Lemma 1). Now the proof of Lemma 1 (and hence Theorem 1) follow immediately, since we can use the decrease transformation, to decrease the number of data values required in an X-run. We simply take α ∈ dval (σ) \ (dval (i ) ∪ dval (f )) and E = dval (σ) \ (dval (i ) ∪ dval (f )) \ {α}. Next, let ρ = dec(E, α, σ)). Due to Lemma 3 we know that i ρ − → X f . Moreover, observe that dval (ρ) ⊆ dval (σ). But in addition, α ∈ dval (ρ) as due to the one of properties of the decrease operation α does not participate in the run ρ. So dval (ρ) ⊂ dval (σ). Therefore |dval (ρ)| ≤ |dval (σ)| − 1.

Q-reachability is in PTime
We recall the definition of histograms from [22]. Definition 8. A histogram M of order q ∈ Q is a Var × D matrix having nonnegative rational entries such that,
We now state two properties of histograms in the following lemma. We say that a histogram of order a is an [a]-histogram if the histogram has only {0, a} entries. Using histograms we define a representation Hist(ρ) for an X-run ρ, which captures ∆(ρ). From an X-run ρ = {(c j , t j , P j )} |ρ| we obtain Hist(ρ) as follows. For all transitions t ∈ T , define the set I t = {j ∈ [1..|ρ|]| t j = t}. Then calculate the matrix H t = i∈It c i P i . Observe that since permutation matrices are histograms and histograms are closed under scalar multiplication and addition, H t is a histogram. If I t is empty, then H t is simply the null matrix. We define Hist(ρ) as a mapping from T to histograms such that t is mapped to H t .
Analogous to an X-run we can represent Hist(ρ) simply as {(t j , H tj )}, unlike an X-run we don't indicate the length of the sequence since it is dependent on the net and not the individual run itself. Proposition 1. Let N = (P, T, F, Var ) be a UDPN, i, f X-markings, and σ an X-run such that i σ − → X f. Then for each t ∈ T there exists H t such that: A PTime Procedure. We start by observing that from any Q-marking i , every Q-step (c, t, P) is fireable and every Q run is fireable. This follows from the fact that rationals are closed under addition, thus i + c · F (•, t) · P is a marking in M Q . Thus if we have to find a Q-run ρ = {(c j , t j , P j )} |ρ| between two Q-markings, i , f it is sufficient to ensure that f − i = |ρ| j=1 c j ∆(t j ) · P j . Thus for a Q-run all that matters is the difference in markings caused by the Q-run which is captured succinctly by Hist(ρ) = {t j , H tj }. This brings us to our characterization of Q-run. Lemma 5. Let N = (P, T, F, Var ) be a UDPN, a marking f is Q-reachable from i iff there exists set E of size bounded by |E| ≤ |dval (i) ∪ dval (f)| + 1 + max t∈T (|vars(t)|) and a histogram H t for each t ∈ T such that f−i = t∈T ∆(t)· H t and ∀t ∈ T col (H t ) ⊆ E.
Using this characterization we can write a system of linear inequalities to encode the condition of Lemma 5. Thus, we obtain our second main result, with detailed proofs in the Appendix 9.2. Theorem 2. Given N = (P, T, F, Var ) a UDPN and two Q-markings i, f, deciding if f is Q-reachable from i in N is in polynomial time.

Q + -reachability is in PTime
Finally, we turn to Q + -reachability for UDPNs and to the proof of Theorem 3. At a high level, the proof is in three steps. We start with a characterization of Q + -reachability in UDPNs.
Then we present a polytime reduction of the continuous reachability problem to the same problem but for a special subclass of UDPN, called loop-less nets. Finally, we present how to encode the characterization for loop-less nets into a system of linear equations with implications to obtain a polytime algorithm for continuous reachability in UDPNs.

Characterizing Q + -reachability
We begin with a definition. For an X-run we introduce the notion of the pre and post sets of X−run. For an X-run, Intuitively, P re(ρ)/P ost(ρ) denote the set of (α, p) (data value,place) pairs describing tokens that are consumed/produced by the run ρ.
Throughout this section, by a marking we denote a Q + -marking.  Note that if there exist markings i ′ and f ′ and Q + runs ρ, ρ ′ , ρ ′′ such The above characterization and its proof are obtained by adapting to the data setting, the techniques developed for continuous reachability in Petri nets (without data) in [11] and [12]. Details are in Appendix 9.3.

Transforming UDPN to loop-less UDPN
For a UDPN N = (P, T, F, Var ), we construct a UDPN N ′ which is polynomial in the size of N and for which the Q + -reachabilty problem is equivalent.
We define P reP lace(t) = {p ∈ P |∃v ∈ Var s.t. F (p, t)(v) > 0} and P ostP lace(t) = {p ∈ P |∃v ∈ Var s.t. F (t, p)(v) > 0}, where t ∈ T . The essential property of the transformed UDPN is that for every transition the sets of PrePlace and Post-Place do not intersect. A UDPN N = (P, T, F, Var ) is said to be loop-less if for all t ∈ T , P reP lace(t) ∩ P ostP lace(t) = ∅.
Any UDPN can easily be transformed in polynomial time into a loop-less UDPN such that Q + -reachability is preserved, by doubling the number of places and adding intermediate transitions. Formally, For every net N and two markings i , f in polynomial time one can construct a loop-less net N ′ and two markings The proof of this statement is formalized in Section 9.4 in the Appendix, along with examples and transformation. Now, the following lemma which describes a property of loop-less nets will be crucial for our reachability algorithm: Lemma 7. In a loop-less net, for markings i, f, if there exist a histogram H, and a transition t ∈ T such that i + ∆(t) · H = f, then there exist a Q + -run ρ such that i ρ − → Q + f.

Encoding Q + -reachability as linear equations with implications
Linear equations with implications are defined exactly as we use it in [23] but they were introduced in [12]. We also call a system of linear equations with implications a =⇒ system. A =⇒ -system is a finite set of linear inequalities, all over the same variables, plus a finite set of implications of the form x > 0 =⇒ y > 0, where x, y are variables appearing in the linear inequalities. Lemma 8. [12] The Q + solvability problem for a =⇒ system is in P T ime.
Our aim here will be to reduce the Q + -reachability problem to checking the solvability of a system of linear equations with implications, using the characterization of the problem established in Lemma 6.
Lemma 9. Q + -reachability in a UDPN N = (P, T, F, Var ) between markings i, f can be encoded as a set of linear equations with implications in P-time.
Proof. As mentioned in Subsection 7.2 , without loss of generality we may assume that UDPN N is loop-less. Invoking Theorem 1 w.l.o.g we can assume that the Q + -run σ uses at most |dval (i ) ∪ dval (i )| + 1 + max t∈T (|vars(t)|) data values, call Y the set of data vales used by σ.
As we need to describe several linear constraints we present them in terms of matrix multiplication. We use a word "array" instead of a matrix whenever we mean a table with variables instead of constants. To encode the conditions of lemma 6 as equations, we introduce markings i ′ and f ′ (they are used to represent the intermediate markings in Lemma 6). i ′ and f ′ are arrays of variables indexed with P × Y. As they should be evaluated to Q + -markings we introduce inequalities i ′ ≥ 0 and f ′ ≥ 0. Then it is left to encode the conditions of Lemma 6 as linear equations, which we do in two steps. Encoding of Conditions 2, 4, 5 of lemma 6 -We first encode Cond. 2 of lemma 6 (the linear equation representing Q- -To encode the conditions 4, 5 of lemma 6 , we will need to allow for implication relation between variables. Therefore, we add the constraints ∀t i ∈ T, ∀p ∈ P, ∀r ∈ Var , ∀α ∈ Y, This set of implications ensures that if for a Q-run σ ′ , (p, d) ∈ P re(σ ′ ), then i ′ (p, d) > 0 and similarly for the post-set.
Encoding of conditions 1 and 3 of Lemma 6: As these conditions are symmetric we explain in detail only the encoding of Condition 1. Knowing, dval (σ) ⊆ Y we may bound the number of transitions from i to i ′ by B = |P |·|Y| = |P |·(|dval (i ) ∪ dval (f )| + 1 + max t∈T (|vars(t)|)) . The first problem in trying to encode a run here is that, we don't know the exact order on which transitions of σ will be taken, the second is that we don't know the precise instantiation of them. We handle both problems by over-approximating reachability via at most B steps by a reachability via runs in following schema: where h i,j are histograms with columns from the set Y and the expression (t i , h i,j ) denotes any Q + -run that uses only a single transition t i . To see that it is an over-approximation it suffices to see that any run of length at most B can be performed within the schema. The mentioned over-approximation is sufficient for us due to Remark 1. The j th step from the run can be found in the j th block (t 1 , h 1,j ) . . . (t |T | , h |T |,j ) , histograms of all unnecessary transitions are instantiated to zero. Having above we describe Q + -reachability within this schema restricted to data values from Y. We do it by introducing sets of arrays describing configurations i = i 0 , i 1 , i 2 , . . . , i B·|T | = i ′ between runs (t i , h i,j ). Further, for all 0 ≤ i < B ·|T | we add equations i i +∆(t j )·h j,k = i i+1 where i = (j −1)+(k −1)·|T | and necessary equations guaranteeing h j,k to be histograms (as done for h i above). The described system is of polynomial size and correctly captures Q-reachability.
The last missing bit is to restrict solutions as we want to express only Q +reachability. Of course all of i i should be non-negative so we add equations i i ≥ 0 ∀i ≤ B · |T |. This suffices to capture Q + -reachability. Indeed, each of Q-runs between i i and i i+1 is using a single transition, and from Lemma 7 we get that they are fireable Q + -runs.
Thus, we have correctly described Q + reachability via the schema from i to i ′ .
Finally, we obtain Theorem 3 as a consequence of Lemma 8 and Lemma 9.

Conclusion
In this paper, we provided a polynomial time algorithm for continuous reachability in UDPN, matching the complexity for Petri nets without data. This is in contrast to problems such as discrete coverability, termination, where Petri nets with and without data differ enormously in complexity, and to (discrete) reachability, whose decidability is still open for UDPN. As future work, we aim to implement the continuous reachability algorithm developed here, to build the first tool for discrete coverability in UDPN on the lines of what has been done for Petri nets without data. The main obstacle will be performance evaluation due to lack of benchmarks for UDPNs. Another interesting avenue for future work would be to tackle continuous reachability for Petri nets with ordered data, which would allow us to analyze continuous variants of Timed Petri nets and so on.
Proof. By definition of uniformize operation, if α ∈ E, then The second equality is due to the definition of rotate, since data outside of E are not touched by rotate.
This completes the proof of Lemma 2. Next, we move to the important proof of Claim 1 stated in Lemma 3. We first recall the claim.
Proof (of Claim 1). We prove this claim by induction on j, the number of steps fired in the run σ. Assuming m ′ j to be as in the claim we show that m ′ -Condition 1. This is the simplest. Due to rot(α, E, •) operations being a part of every step in ρ we know that α does not participate in any step of ρ so its value stays constant, and equals 0. -Condition 2. Due to the definitions of replace, α, and E we have that , the first equality is due to the definition of replace the second due to the induction assumption. Now, combining above with Lemma 2 for all γ ∈ E we get, Using m j (•, α) = 0 ( by induction assumption) and as Moreover, for any γ ∈ E we have m ′ j (•, γ) = 1 as each H i is a histogram. Thus the second property of the definition also holds and hence H 0 is a histogram with order n i=1 q i . The proof of second property is very similar to the proof of Theorem 3 in [22], the only difference is that our histograms have non-negative rational entries while there, histograms had natural entries. Here we only describe an overview of the complete argument. The proof relies on building a weighted bipartite graph from the histogram H whose partite sets are row and column indices. An edge between nodes corresponding to row index x and column index α is given a weight H(x, α). Proof. Due to Theorem 1 if there is a run then there is run that uses at most |dval (i ) ∪ dval (f )| + 1 + max t∈T (|vars(t)|) different data values. Due to Proposition 1 there are required histograms. To prove the other direction, we just need to show that we can represent t∈T ∆(t)H t as c j ∆(t j )P j having c j ∈ Q + , as the latter is a sequence of Q-steps and hence a Q-run. To this end we just need to show that we can decompose a histogram as H i as k c k P k for some constants c k ∈ Q + and some permutation matrices P k . This follows from Lemma 4 as after decomposing H t into [a j ]-histograms we can take out a j and write a j · P j where P j is a permutation matrix. Thus we can decompose H t as k c k P k . This completes our proof. Theorem 2. Given N = (P, T, F, Var ) a UDPN and two Q-markings i, f, deciding if f is Q-reachable from i in N is in polynomial time.
Proof. We use the characterization from Lemma 5. We encode the reachability problem as a system of linear inequalities.
-Both the conditions of definition 8 are to be satisfied for all the histograms H t , t ∈ T .
-Variables are entries of the histograms and that is why for each variable v, we add condition v ∈ Q + .
The total number of variables equals |E| · |T | · |V ar|, since |E| is polynomial (according to Lemma 5) the total number of unknowns is polynomial. Thus, the number of equations is also polynomial. Since such a system of constraints can be solved as a system of linear equations over Q + in Ptime in the size of input[28], the Q−reachability can be solved in Ptime as the size of input is polynomial.

Proofs from section 7.1
In this section, we prove Lemma 6. We recall the statement now.
The high level view of the proof is as follows. In the first step, we consider a special case when the Q-reachability implies Q + -reachability between markings in Lemma 10 below. The idea for this lemma and its proof is similar to Lemma 14 from [11] (in fact it would be possible to make a reduction from our setting to the statement of the mentioned lemma but it would require restating definitions from [11]). We extend it here for UDPN. The basic idea is to fire steps in such small fractions that the number of tokens never go negative. We repeatedly fire the complete Q-run σ with very small fractions until we reach the required marking. The second step uses this lemma to show a weak characterization of Q + -reachability, without bounding the number of Q + -steps in Lemma 11 below. Finally, the third step is to observe that both P re(σ) and P ost(σ) can be bounded by P × dval (σ) we strengthen this result and obtain Lemma 6.
Proof. For the Q-run σ = {(c i , t i , P i )} |σ| , we define a constant ω, which is the sum of all tokens consumed and produced along the path σ: Observe that for any factor s ∈ Q + and any σ ′ a prefix of σ if m s·σ ′ −−→ m ′ then m ′ ≥ m − s · ω; we use this inequality later in the proof. Let a constant c be a minimal distance from the empty marking to either i or f , i.e. c = min {i (p, α), f (p, β) : (p, α) ∈ P re(σ), (p, β) ∈ P ost(σ)}.
Let n = max(⌈ ω c ⌉, 2). Finally, we define the run the Q + -run ρ by firing n− times the run 1 n σ. We claim that ρ is the required Q + -run and is fireable at i . i ρ − → Q f trivially holds. Hence, the only question that remains is its fire-ability.
To show Q + -fireability, we consider intermediate markings: First, we observe that each m i (p, α) ≥ c for every pair (p, α) ∈ P re(σ)∪P ost(σ), indeed m i (p, α) ≥ min(i (p, α), f (p, α)) ≥ c for (p, α) ∈ P re(σ) ∪ P ost(σ). So we only need to show fireability of the run σ n from m i . But the number of tokens consumed along the run σ n is smaller than ω n ≤ ω · c ω = c. So, the total number of consumed tokens along the run σ n is smaller than c and smaller than the number of tokens in m i (p, α). Thus ω n is Q + fireable. Now using the above Lemma, we show a weaker characterization of Q + -reachability, without bounding the number of Q + -steps. We formalize this as: Lemma 11. For two Q + -markings i, f, there exists a Q + -run σ such that i σ − → Q + f iff there exist markings i ′ and f ′ (possibly on a different run) such that Proof. The easy direction is that the 5 conditions imply continuous reachability. Indeed, due to Lemma 10, points 2, 4, and 5 imply continuous reachability from i ′ to f ′ . Now, to obtain a fireable run from i to f we concatenate three runs: from i to i ′ (point 1), form i ′ to f ′ , and the run from f ′ to f (point 3).
The proof in the opposite direction is more involved. Before we start it, we introduce a new operation on two sequences {a n }, {b n } where {a n } is a sequence of steps and {b n } is a sequence of real numbers, both having length k. We define a n b n as {a 1 · b 1 , a 2 · b 2 , . . . , a k · b k }.
Lemma 12. For every net N and two markings i, f in polynomial time one can construct a loop-less net N ′ and two markings i ′ , f ′ such that i − → Q + f in the net N iff i ′ − → Q + f ′ in N ′ .
Proof. We first construct the loop-less net and then show its equivalence. Let the initial net be N = (P, T, F, Var ) and markings be i , f and transformed net N ′ = (P c , T c , F c , Var) and markings be i ′ , f ′ . The construction is as follows.
1. P c = P ∪P ′ where |P ′ | = |P |, and for each place p ∈ P there is a corresponding place denoted as f (p), where f is a relabelling operation. P ′ is defined as P ′ = ∪ p∈P f (p). Note that |P c | = 2 · |P |. 2. T c contains a modified transition corresponding to T and an additional transition for each place. We add a transition for each place in t that can remove an any data token from f (p) and add it to p. We modify each transition t ∈ T so that if a place p ∈ P reP lace(t) ∩ P ostP lace(t) , we remove p from the PostPlace and add f (p) to it. This is reflected in flow relation F c -if a place p ∈ P reP lace(t)∩P ostP lace(t) , F c (t, f (p)) = F (t, p) and F c (t, p) = ∅. Otherwise, F c (t, p) = F (t, p) and F c (p, t) = F (p, t). Further we add |P | transitions. For each p ∈ P we define a transition as t having pre-place as f (p) and post-place as p, we add the relation (f (p), t) → (x → 1), x ∈ V ar and (t, p) → (x → 1) in F c . This completes the construction for T c , F c . Note that |T c | = |T | + |P |. 3. We define i ′ as in i for all p ∈ P ∩ P c and for the ∀p ∈ P c \P , we define the marking to have zero tokens for all data.i.e. ∀p ∈ P, ∀d ∈ D, i ′ (p, d) = i (p, d) and ∀p ∈ P c \P, ∀d ∈ D, i ′ (p, d) = 0. Similarly we define f ′ .
Claim 4. The Q + -reachability problem on N and N ′ is equivalent.
Proof. Suppose that in the net N , f is Q + -reachable. Then we make the following modifications to the Q + -run :-We fire a transition t as in the original run, after which we fire all the newly added transitions t ′ which are involved with only p and f (p)) with appropriate modes so that for all f (p) all the data tokens are removed from f (p) and added to p. This is possible due to the fact that the flow relation for all such t ′ has only one variable in both arcs. We repeat this step for all transitions in the run. With this modification, each marking in the run has exactly the same tokens ∀p ∈ P as in the original run after firing the transitions and 0 ∀p ∈ P c \P . Since f (p) is not a pre-place for any transition t in the original net, all transitions can be fired. By induction, we reach a f ′ having the above mentioned property corresponding to final marking f . The marking f ′ is as described by the transformation. Therefore, f ′ is Q + -reachable in N ′ . In the other direction, suppose it is Q + -reachable in N ′ , then whenever a new transition t is fired, a modified transition t 1 must have been fired previously. Therefore, we remove all the firings of new transitions (take a projection on T ), and show that it remains a valid run. For a new transition to have been fired, a transition must have been fired that must have put tokens in the new place. However, in the original net, the tokens were simply added in the old place. Therefore, the transition can still be fired. Hence shown. This completes the proof of lemma 12.
Example 3. Consider the net N in Figure 2 (left). Then the net we get after the transformation is N ′ in Figure 2 (right).

Lemma 7.
In a loop-less net, for markings i, f, if there exist a histogram H, and a transition t ∈ T such that i + ∆(t) · H = f, then there exist a Q + -run ρ such that i ρ − → Q + f.

Proof.
Recall that by lemma 4, every histogram H can be decomposed as H = c i P i . Therefore, applying this decomposition we get f − i = ∆(t) · c i P i . Consider a Q + -run σ = {(c i , t, P i )} |σ| from i to f . We want to show that i σ − → Q + f holds. As the net is loop-less we can split places into three kinds: places from which the run σ consumes tokens, to which the run σ produces, and places not touched by the run σ. For the second and third kind of places it is trivial that number of tokens with any data value is not getting negative along σ. For the place of the first kind and for any data value observe that, along the run σ the number of tokens in the place and with the datum can only drop. Thus, if at any moment along the run σ it got negative then it would stay negative to the very end of σ. But in the end i.e. f it is non-negative. Thus, the number of tokens with any data value in any place along σ stays non-negative, and i σ − → Q + f holds.