Decidability of Two Truly Concurrent Equivalences for Finite Bounded Petri Nets

We prove that the well-known (strong) fully-concurrent bisimilarity and the novel i-causal-net bisimilarity, which is a sligtlhy coarser variant of causal-net bisimilarity, are decidable for finite bounded Petri nets. The proofs are based on a generalization of the ordered marking proof technique that Vogler used to demonstrate that (strong) fully-concurrent bisimilarity (or, equivalently, history-preserving bisimilarity) is decidable on finite safe nets.


Introduction
The causal semantics of Petri nets has been studied according to the so-called individual token interpretation, where multiple tokens on the same place are seen as individual entities, starting from the work of Goltz and Reisig [GR83], further explored and extended in [Eng91,MMS97].However, the token game on such nets is defined according to the so-called collective token interpretation, where multiple tokens on the same place are considered as indistinguishable.Causal semantics for Petri nets under this more relaxed interpretation is under investigation (see, e.g., [BD87,MM90] for important contributions in the linear-time semantics), but a completely satisfactory solution to the general problem is not yet available (see the survey [vGGS11] and the references therein).
The main aim of this paper is to investigate the decidability of two behavioral equivalences defined over the causal semantics developed for Petri nets under the individual token interpretation, based on the concept of causal net [GR83,Eng91,MMS97].In particular, we study the well-known fully-concurrent bisimilarity [BDKP91] and a variant of causal-net bisimilarity [vG15,Gor22] (we call i-causal-net bisimilarity), which have been advocated as very suitable equivalences to compare the behavior of Petri nets.
Fully-concurrent bisimilarity considers as equivalent those markings that can perform the same partial orders of events.Its definition was inspired by previous notions of equivalence on other models of concurrency: history-preserving bisimulation, originally defined in [RT88] under the name of behavior-structure bisimulation, and then elaborated on in [vGG89] (who called it by this name) and also independently defined in [DDNM89] (who called it by mixed ordering bisimulation).Causal-net bisimilarity [vG15,Gor22], which coincides with structure-preserving bisimilarity [vG15], observes not only the partial order of events, but also the size of the distributed state: more precisely, if two markings are related by a causal-net bisimulation, then they generate the same causal nets.
We think that causal-net bisimilarity is more accurate than fully-concurrent bisimilarity because it is resource-aware.In fact, in the implementation of a system, a token is an instance of a sequential process, so that a processor is needed to execute it.If two markings have different size, then a different number of processors is necessary.Hence, a semantics such as causal-net bisimilarity, which relates markings of the same size only, is more accurate as it equates distributed systems only if they require the same amount of execution resources.Van Glabbeek [vG15] argued that structure-preserving bisimilarity (hence, also causal-net bisimilarity) is the most appropriate behavioral equivalence for Petri nets, as it is the only one respecting a list of 9 desirable requirements he proposed.Moreover, [Gor20] offers, in the area of information flow security, further arguments in favor of concrete, resource-aware equivalences that, differently from fully-concurrent bisimilarity, observe also the size of the distributed state.
However, we think that causal-net bisimilarity is a bit too discriminating, because of a peculiar aspect in its definition: the bijective mappings from the current marking of the causal net to the two markings under scrutiny are defined before the bisimulation game starts, and this may impede to equate some markings generating the same causal nets.(An illustrative example explaining this shortcoming is outlined in Example 3.11.)For this reason, we propose in this paper a variant definition, where the bijective mappings of the current markings are not defined (i.e., the mappings of the maximal conditions of the causal net are left open) before the bisimulation game starts; on the contrary, they are actually constructed progressively as long as the computation proceeds.More precisely, the selection of the matching transitions is made before fixing the mapping, or equivalently, the mapping is partially computed after choosing the matching transitions.This variant bisimilarity, we call i-causal-net bisimilarity (where the prefix i-denotes that it works up to the choice of the isomorphism of the current markings), is slightly coarser than causal-net bisimilarity, but still ensuring that related markings generate the same causal nets, so that it is resource-aware, too, even if it does not respect all the desiderata listed by van Glabbeek in [vG15] (e.g., it does not respect inevitability [MOP89], i.e., if two systems are equivalent, and in one the occurrence of a certain action is inevitable, then so is it in the other one.)The definition of i-causal-net bisimilarity is the first contribution of this paper.
The results about the decidability of truly concurrent behavioral equivalences are rather rare [Vog91,JM96,Vog95,MP97] and are often limited to the class of finite safe nets, i.e., nets whose places can hold one token at most.Our main aim is to extend some of these decidability proofs to the case of bounded nets.
In his seminal paper [Vog91], Vogler demonstrated that (strong) fully-concurrent bisimilarity is decidable on finite safe nets.His proof is based on an alternative characterization of fully-concurrent bisimulation, called ordered marking bisimulation (OM bisimulation, for short), which is based on the idea of representing the current global state of the net system as a marking equipped with a pre-ordering on its tokens, that reflects the causal ordering of the transitions that produced the tokens.However, the ordered marking idea works well if the marking is a set (as it is the case for safe nets), and so it is not immediate to generalize it to bounded nets, whose markings are, in general, multisets.
The second contribution of this paper is the definition of an alternative token game semantics for Petri nets which is defined according to the individual token philosophy, rather than the collective token philosophy, as it is customary for Petri nets.Differently from the first, rather complex, definition of this sort, proposed in [vG05], we achieve this goal by representing each token simply as a pair (s, i), where s is the name of the place where the token is on, and i is a natural number (an index) assigned to the token in such a way that different tokens on the same place have different indexes.In this way, a multiset over the set of places (i.e., a marking) is turned into a set of indexed places.The main advantage of having turned multisets into sets is that Vogler's ordered marking idea can be used also in this richer context, yielding ordered indexed markings.
The third contribution of the paper is to show that (strong) fully-concurrent bisimulation can be equivalently characterized as a suitable bisimulation over ordered indexed markings, called OIM bisimulation, generalizing the approach by Vogler [Vog91].An OIM bisimulation is formed by a set of triples, each composed of two ordered indexed markings and a relation between these two ordered indexed markings that respects the pre-orders.The decidability of (strong) fully-concurrent bisimilarity on finite bounded nets follows by observing that the reachable indexed markings are finitely many, so the ordered indexed markings of interest are finitely many as well, so that there can only be finitely many candidate relations (which are all finite) to be OIM bisimulations.
The fourth contribution of the paper is to show that our generalization of Vogler's proof technique can be adapted to prove the decidability on bounded finite nets also of i-causal-net bisimilarity.This result is obtained by showing that it can be equivalently characterized as a suitable bisimulation over ordered indexed markings, called OIMC bisimulation, which is a variant of OIM bisimulation with similar finiteness properties.
The paper is organized as follows.Section 2 recalls the basic definitions about Petri nets.Section 3 recalls the causal semantics, including the definition of causal-net bisimilarity and (strong) fully-concurrent bisimilarity, and proposes the novel i-causal-net bisimilarity.Section 4 introduces indexed markings and the alternative token game semantics according to the individual token philosophy.Section 5 describes indexed ordered markings and their properties.Section 6 introduces OIM bisimulation, proves that its equivalence coincides with (strong) fully-concurrent bisimilarity and, moreover, shows that it is decidable.Section 7 proves that also i-causal-net bisimilarity is decidable.Finally, in Section 8 we discuss related literature, we hint that other truly concurrent behavioral equivalences are decidable for finite bounded Petri nets and we also suggest some future research.
A preliminary version of this paper appeared in the proceedings of the 22nd Italian Conference on Theoretical Computer Science, Bologna, Italy, September 13-15, 2021 [CG21].

Basic Definitions
Definition 2.1.(Multiset) Let N be the set of natural numbers.Given a finite set S, a multiset over S is a function m : S → N. The support set dom(m) of m is {s ∈ S m(s) ̸ = 0}.The set of all multisets over S, denoted by M(S), is ranged over by m.We write s ∈ m if m(s) > 0. The multiplicity of s in m is given by the number m(s).The size of m, denoted by |m|, is the number s∈S m(s), i.e., the total number of its elements.A multiset m such that dom(m) = ∅ is called empty and is denoted by θ.We write m ⊆ m ′ if m(s) ≤ m ′ (s) for all s ∈ S. Multiset union ⊕ is defined as: (m ⊕ m ′ )(s) = m(s) + m ′ (s); it is commutative, associative and has θ as neutral element.Multiset difference ⊖ is defined as: (m 1 ⊖ m 2 )(s) = max{m 1 (s) − m 2 (s), 0}.The scalar product of a number j with m is the multiset j • m defined as (j • m)(s) = j • (m(s)).By s i we also denote the multiset with s i as its only element.Hence, a multiset m over S = {s 1 , . . ., s n } can be represented as Definition 2.2.(Place/Transition net) A labeled Place/Transition Petri net (P/T net for short) is a tuple N = (S, A, T ), where • S is the finite set of places, ranged over by s (possibly indexed), • A is the finite set of labels, ranged over by ℓ (possibly indexed), and is the finite set of transitions, ranged over by t (possibly indexed).Given a transition t = (m, ℓ, m ′ ), we use the notation: • • t to denote its pre-set m (which cannot be an empty multiset) of tokens to be consumed; • l(t) for its label ℓ, and • t • to denote its post-set m ′ of tokens to be produced.
Hence, transition t can be also represented as • t l(t) −→ t • .We also define the flow function flow : (S × T ) ∪ (T × S) → N as follows: for all s ∈ S, for all t ∈ T , flow(s, t) = • t(s) and flow(t, s) = t • (s) (note that • t(s) and t • (s) are integers, representing the multiplicity of s in • t and t • , respectively).We will use F to denote the flow relation {(x, y) x, y ∈ S ∪ T ∧ flow(x, y) > 0}.Finally, we define pre-sets and post-sets also for places as follows: In the graphical description of finite P/T nets, places (represented as circles) and transitions (represented as boxes) are connected by directed arcs.The arcs may be labeled with the number representing how many tokens of that type are to be removed from (or added to) that place, as specified by function flow; no label on the arc is interpreted as the number one, i.e., one token flowing on the arc.This numerical label of the arc is called its weight.
Definition 2.3.(Marking, P/T net system) A multiset over S is called a marking.Given a marking m and a place s, we say that the place s contains m(s) tokens, graphically represented by m(s) bullets inside place s.A P/T net system N (m 0 ) is a tuple (S, A, T, m 0 ), where (S, A, T ) is a P/T net and m 0 is a marking over S, called the initial marking.We also say that N (m 0 ) is a marked net.
The sequential semantics of a marked net is defined by the so-called token game, describing the flow of tokens through it.There are several possible variants of the token game (see, e.g., [vG05]).Below we present the standard token game, following the socalled collective interpretation, according to which multiple tokens on the same place are indistinguishable, while in Section 4 we introduce a novel variant following the so-called individual interpretation.

Definition 2.4. (Token game)
Definition 2.5.(Firing sequence, reachable marking) A firing sequence starting at m is defined inductively as follows: • m[ϵ⟩m is a firing sequence (where ϵ denotes an empty sequence of transitions) and and σ = t 1 . . .t n is called a transition sequence starting at m and ending at m ′ .The set of reachable markings from m is [m⟩ = {m ′ ∃σ.m[σ⟩m ′ }.Note that the set of reachable markings may be countably infinite for finite P/T nets.
Definition 2.6.(Classes of finite P/T Nets) A finite marked P/T net N = (S, A, T, m 0 ) is: • safe if each place contains at most one token in each reachable marking, i.e., ∀m ∈ [m 0 ⟩, ∀s ∈ S, m(s) ≤ 1. • bounded if the number of tokens in each place is bounded by some k for each reachable marking, i.e., ∃k ∈ N such that ∀m ∈ [m 0 ⟩, ∀s ∈ S we have that m(s) ≤ k.If this is the case, we say that the net is k-bounded (hence, a safe net is just a 1-bounded net).
Then we propose some novel definitions (in particular, partial folding and partial process) that are necessary to introduce the novel i-causal-net bisimilarity.
Definition 3.1.(Acyclic net) A P/T net N = (S, A, T ) is acyclic if its flow relation F is acyclic (i.e., ̸ ∃x such that xF + x, where F + is the transitive closure of F ).
The concurrent semantics of a marked P/T net is defined by a particular class of acyclic safe nets, where places are not branched (hence they represent a single run) and all arcs have weight 1.This kind of net is called causal net.We use the name C (possibly indexed) to denote a causal net, the set B to denote its places (called conditions), the set E to denote its transitions (called events), and L to denote its labels.Note that any reachable marking of a causal net is a set, i.e., this net is safe; in fact, the initial marking is a set and, assuming by induction that a reachable marking m is a set and enables e, i.e., m[e⟩m ′ , then also m ′ = (m ⊖ • e) ⊕ e • is a set, as the net is acyclic (with unbranched places) and because of the condition on the shape of the post-set of e (weights can only be 1).
As the initial marking of a causal net is fixed by its shape (according to item 3 of Definition 3.2), in the following, in order to make the notation lighter, we often omit the indication of the initial marking (also in their graphical representation), so that the causal net C(m 0 ) is simply denoted by C. • L = A and l(e) = l(ρ(e)) for all e ∈ E; A pair (C, ρ), where C is a causal net and ρ a folding from C to a net system N (m 0 ), is a process of N (m 0 ), written also as π.
Definition 3.5.(Partial orders of events from a process) From a causal net C = (B, L, E, m 0 ), we can extract the partial order of its events E C = (E, ⪯), where e 1 ⪯ e 2 if there is a path in the net from e 1 to e 2 , i.e., if e 1 F * e 2 , where F * is the reflexive and transitive closure of F, which is the flow relation for C. Given a process π = (C, ρ), we denote ⪯ as ≤ π , i.e., given e 1 , e 2 ∈ E, e 1 ≤ π e 2 if and only if e 1 ⪯ e 2 .Given two partial orders of events E C 1 = (E 1 , ⪯ 1 ) and E C 2 = (E 2 , ⪯ 2 ), we say that they are isomorphic if there exists an order-preserving bijection f : E 1 → E 2 , i.e., such that e 1 ⪯ 1 e 2 if and only if f (e 1 ) ⪯ 2 f (e 2 ).In such a case, we say that f is an isomorphism between E C 1 and E C 2 .Definition 3.6.(Moves of a process, event sequence) Let N (m 0 ) = (S, A, T, m 0 ) be a net system and let (C i , ρ i ), for i = 1, 2, be two processes of N (m 0 ).We say that (C 1 , ρ 1 ) moves in one step to (C 2 , ρ 2 ) through e, denoted by (C 1 , ρ 1 ) ) and π 2 = (C 2 , ρ 2 ), we denote the move as π 1 e −→ π 2 .An event sequence starting at a process π is defined as follows: • π[ϵ⟩π is an event sequence (where ϵ denotes an empty sequence of events) and , where ρ ′ 2 (e) = t 2 , and , where ρ ′ 1 (e) = t 1 , and (ρ ′ 1 , C ′ , ρ ′ 2 ) ∈ R. Two markings m 1 and m 2 of N are cn-bisimilar (or cn-bisimulation equivalent), denoted by m 1 ∼ cn m 2 , if there exists a causal-net bisimulation R containing a triple (ρ 0 1 , C 0 , ρ 0 2 ), where C 0 contains no events and [vG15,Gor22], which coincides with structure-preserving bisimilarity [vG15], observes not only the partial orders of events, but also the size of the distributed state; in fact, it observes the causal nets.A weaker equivalence, observing only the partial orders of the events performed, is fully-concurrent bisimulation (fc-bisimulation, for short) [BDKP91].Here we present the strong version, where all the events are considered observable.
Definition 3.9.(Fully-concurrent bisimilarity) Given a finite P/T net N = (S, A, T ), a fully-con-current bisimulation is a relation R, composed of triples of the form (π 1 , f, π 2 ) where, for i = 1, 2, π i = (C i , ρ i ) is a process of N (m 0i ) for some m 0i and f is an isomorphism between E C 1 and E C 2 , such that if (π 1 , f, π 2 ) ∈ R then: where id is the identity function on E, is an fc-bisimulation.This implication is strict, as illustrated by the following example.
Example 3.10.In Figure 1 a simple finite P/T net N is given.It is easy to see that C 1 (resp.C 2 ) corresponds to a process π 1 (resp.π 2 ) of N (s 1 ) (resp.N (s 3 )), where ρ 1 (resp.ρ 2 ) maps each condition b i to the place s i having the same subscript and each event to the corresponding transition having the same shape.In the graphical depiction of causal nets, we will omit the initial marking for simplicity, since it can be inferred by looking at conditions of the causal net with empty preset.Consider places s 1 and s 3 : we have s 1 ∼ f c s 3 and this is proved by relation Figure 1: A finite P/T net N and two causal nets: C 1 corresponds to the maximal process of N (s 1 ) and C 2 corresponds to the maximal process of N (s 3 ).
: Two non-cn-bisimilar markings, but with the same causal nets ) is a process of N (s 3 ), as both processes contain no events and are such that minimal and maximal conditions are the same and mapped on the corresponding initial markings.If and (π 1 , e a 1 → e a 2 , π 2 ) ∈ R. Symmetrical is the case when ((b 3 , {a}, ∅, b 3 ), b 3 → s 3 ) moves first, and so it is omitted.However, it is not true that s 1 ∼ cn s 3 , because C 1 and C 2 are not isomorphic and therefore it is not possible to build a causal-net bisimulation.

I-causal-net Bisimilarity.
Causal-net bisimulation may be criticized because it may fail to equate nets that, intuitively, should be considered equivalent, as they can perform the same causal nets, as illustrated in the following example.
Example 3.11.Consider the nets in Figure 2 and the two markings s 1 ⊕ s 2 ⊕ s 3 and r 1 ⊕ r 2 ⊕ r 3 .Let us consider the initial causal net C 0 composed of three conditions b 1 , b 2 , b 3 only.Whatever are the initial mappings ρ 0 1 and ρ 0 2 from conditions to places, it is always possible for the first net to perform a transition that is not matched by the second net.For instance, assume that these mappings are the trivial ones, i.e., ρ 0 1 maps b i to s i and ρ 0 2 maps b i to r i for i = 1, 2, 3.Then, if the first net performs the transition (s 1 ⊕ s 3 , a, θ), the second net cannot reply because r 1 ⊕ r 3 is stuck.However, these two nets should be considered equivalent, because what they can do is just one single causal net, which is isomorphic to the one on the right of Figure 2. Therefore, we want to relax the definition of causal-net bisimulation in order to equate the two nets discussed in the example above.The problem is essentially that causal-net bisimulation requires to fix the mappings of the current markings before the transition is selected, while it should be more correct to fix the mapping after the transition is selected, in order to work up to the choice of the isomorphism.To achieve this, we have to rephrase the definition of causal-net bisimulation by exploiting more relaxed definitions of folding and process.In particular, the partial folding below is defined as a folding (cf.Definition 3.4) except that the mapping may be undefined, actually it is undefined only on the maximal conditions of the causal net; this has the consequence that (i) the mapping of the initial conditions of the causal net is included in the initial marking of the net (of course, it coincides only if the mapping is defined for all the initial conditions) and (ii) the post-set of each event has the same size of the post-set of the corresponding transition (while the actual mapping of its post-set can be only partially included in the post-set of the corresponding transition).Definition 3.12.(Partial Folding and Partial Process) A partial folding from a causal P/T net C = (B, L, E, m 0 ) into a P/T net system N (m 0 ) = (S, A, T, m 0 ) is a partial function ρ : B ∪ E → S ∪ T , which is type-preserving, i.e., such that ρ(B) ⊆ S and ρ(E) ⊆ T , satisfying the following: A pair (C, ρ), where C is a causal net and ρ a partial folding from C to a net system N (m 0 ), is a partial process of N (m 0 ).Given a process π = (C, ρ), it is possible to derive a unique partial process π ′ = (C, ρ ′ )where ρ ′ is undefined on M ax(C), while it is defined as ρ on all the other conditions and on all the events of C -we call its associated partial process.Definition 3.13.(Moves of a partial process) Let N (m 0 ) = (S, A, T, m 0 ) be a net system and let (C i , ρ i ), for i = 1, 2, be two partial processes of N (m 0 ).We say that (C 1 , ρ 1 ) moves in one step to (C 2 , ρ 2 ) through e, denoted by Example 3.14.Consider the marked net N (s 1 ⊕ s 2 ) and the three causal nets C 0 , C 1 and C 2 in Figure 3, where by e a (or e b ) we mean the event with label a (or b).The initial partial process for N (s 1 ⊕ s 2 ) is given by the pair π 0 = (C 0 , ∅), where the mapping is empty (or undefined); the only nontrivial condition that must be satisfied is (3) of Definition 3.12; hence, π 0 is a partial process, indeed.Let us denote by a n the transition (s 2 , a, s 3 ).Consider the mapping ρ 1 = {b 2 → s 2 , e a → a n }.It is easy to see that π 1 = (C 1 , ρ 1 ) is a partial process for N (s 1 ⊕ s 2 ), as also conditions (4), ( 5) and (6) of Definition 3.12 are satisfied.Note also that π where by b n we denote the transition (s 1 ⊕ s 3 , b, s 4 ).It is easy to see that π 2 = (C 2 , ρ 2 ) is a partial process for N (s 1 ⊕ s 2 ), as also 1 To be precise, as ρ is a partial function, by ρ(m0) ⊆ m0 we mean that if ρ(m0) returns a marking, then that marking is contained in m0.In general, if B ia a set of conditions and ρ is defined only on a subset B ′ ⊆ B, then ρ(B) = ρ(B ′ ); in case B ′ = ∅, then ρ(B) is undefined.The same proviso applies also to the condition ρ(e • ) ⊆ ρ(e) • in the last item of this definition.

N )
Figure 3: A finite marked P/T net N and three causal nets conditions (4), ( 5) and (6) of Definition 3.12 are satisfied.Note also that π 1 The novel behavioral equivalence we propose is the following i-causal-net bisimulation, where the prefix i− stands for up to the isomorphism of the current markings.Definition 3.15.(i-causal-net bisimulation) Let N = (S, A, T ) be a P/T net.An i-causal-net bisimulation (icn-bisimulation, for short) is a relation R, composed of triples of the form (ρ 1 , C, ρ 2 ), where, for i = 1, 2, (C, Two markings m 1 and m 2 of N are icn-bisimilar, denoted by m 1 ∼ icn m 2 , if there exists an i-causal-net bisimulation R containing a triple of the form (ρ 0 , C 0 , ρ 0 ), where: • C 0 contains no events, • ρ 0 is undefined for all b ∈ C 0 (i.e., it is the empty function, also denoted by ∅) and, | because an i-casual-net bisimulation R must contain the triple (ρ 0 , C 0 , ρ 0 ) mentioned above.Moreover, whenever a triple (ρ 1 , C, ρ 2 ) ∈ R is reached by the icn-bisimulation game, we know that the current markings m ′ 1 and m ′ 2 , reached from the initials m 1 and m 2 , respectively, must have the same size, equal to that of M ax(C).
Of course, ∼ icn is an equivalence relation because the identity relation defined as Id = {(ρ, C, ρ) (C, ρ) is a partial process of N (m 0 )} is an icn-bisimulation, the inverse relation R −1 of an icn-bisimulation R is an icn-bisimulation and, finally, the relational composition R 1 •R 2 of the icn-bisimulations R 1 and R 2 is an icn-bisimulation.Moreover, ∼ cn is finer than where for i = 1, 2, (C, ρ ′ i ) is the partial process associated to (C, ρ i ), is an i-causal-net bisimulation.
Example 3.16.Let us consider the net N discussed in Example 3.11 (more precisely, N is the union of the two nets, considered unmarked).By a s l we denote the a-labeled transition with preset s 1 ⊕ s 2 , by a s c that with preset s 1 ⊕ s 3 , by a s r that with preset s 2 ⊕ s 3 , by a r l that with preset r 1 ⊕ r 2 and, finally, by a r r that with preset r 2 ⊕ r 3 .Moreover, we denote by C 0 the causal net with no events and conditions b 1 , b 2 , b 3 , while we denote by C 1 the causal net extending C 0 with one a-labeled event e 1 such that • e 1 = b 1 ⊕ b 2 and e • 1 = θ, as depicted on the right of Figure 2. Similarly, we define C 2 as the extension of C 0 with one a-labeled event e 2 such that • e 2 = b 1 ⊕ b 3 and e • 2 = θ, and also C 3 as the extension of C 0 with one a-labeled event e 3 such that ))}, is an icn-bisimulation containing a triple of the form (∅, C 0 , ∅), where (C 0 , ∅) is a partial process of both N (s 1 ⊕ s 2 ⊕ s 3 ) and N (r 1 ⊕ r 2 ⊕ r 3 ).Indeed, these two markings are icnbisimilar, but not cn-bisimilar, because it is not possible to build a causal-net bisimulation by fixing the initial isomorphism before choosing the matching transitions.
As a final observation, we remark that, contrary to causal-net bisimulation, the definition of fully-concurrent bisimulation could be also rephrased in terms of partial processes, instead of (normal) processes, i.e., each triple (π 1 , f, π 2 ) in the relation is such that π 1 and π 2 are partial processes.This because what is actually observed is only that f is an isomorphism between E C 1 = (E 1 , ⪯ 1 ) and E C 2 = (E 2 , ⪯ 2 ), so that there is no need to fix the mapping on the maximal conditions before the fully-concurrent bisimulation game starts.In other words, also fully-concurrent bisimulation can be actually defined up to the choice of the isomorphism from maximal conditions of the current causal net to the tokens of the current marking.
We will prove that ∼ icn is finer than ∼ f c in Section 7 (cf.Theorem 7.6), as a byproduct of the alternative characterizations of i-causal-net bisimilarity and fully-concurrent bisimilarity in terms of OIMC bisimilarity and OIM bisimilarity, respectively.This implication is strict, as illustrated by the following example.
Example 3.17.Consider the nets , as the generated partial orders are the same (and also the related markings have the same size), but s 1 ⊕ s 2 ≁ icn s ′ 1 ⊕ s ′ 2 , as the generated causal nets are different.

Indexed Marking Semantics
We define an alternative, novel token game semantics for Petri nets according to the individual token philosophy.A token is represented as an indexed place, i.e., as a pair (s, i), where s is the name of the place where the token is on, and i is an index assigned to the token such that different tokens on the same place have different indexes.In this way, a standard marking is turned into an indexed marking, i.e., a set of indexed places.
The set of all the indexed markings over S is denoted by K(S).An indexed place is a pair (s, i) such that s ∈ S and i ∈ N. A finite set of indexed places {(s 1 , i 1 ), . . ., (s n , i n )} ∈ P f in (S × N) is also another way of describing an indexed marking. 2 Hence, K(S) = P f in (S × N).Each element of an indexed marking, i.e., each indexed place, is a token.
An indexed marking k ∈ K(S) is closed if k(s) = {1, 2, . . ., | k(s) |} for all s ∈ dom(k), i.e., there are no holes in the indexing.If there exists a marked net N (m 0 ) and a closed indexed marking k 0 such that α(k 0 ) = m 0 , we say that k 0 is the initial indexed marking of N , and we write N (k 0 ).
Note that, given a marked net N (m 0 ), the initial indexed marking k 0 is unique, because such k 0 is the only closed function from S to P f in (N) such that α(k 0 ) = m 0 .However, it is interesting to observe that this modeling of the initial indexed marking is actually up to isomorphism of the choice of the initial index assignment to multiple tokens on the same place.For instance, if we have a marking composed of two tokens on place s, say a and b (to distinguish them), then both {(s a , 1), (s b , 2)} and {(s a , 2), (s b , 1)} are possible initial indexings.However, this difference is completely inessential for the treatment that follows, as the two behavioral relations we study are defined up to isomorphism of the chosen initial assignment.In fact, in the example above, this unique initial indexed marking is {(s, 1), (s, 2)}, that summarizes the two, more concrete marking representations above, up to isomorphism, but still giving individuality to each token for the future by means of the index associated to the place.
We define the difference between an indexed marking k and a marking m (such that m(s) ≤ |k(s)| for all s ∈ S) where for each s, m(s) arbitrary tokens are removed from k (hence, this operation is nondeterministic) as ⊟ : 2 Being a set, we are sure that ̸ ∃j1, j2 such that sj 1 = sj 2 ∧ ij 1 = ij 2 , i.e., each token on a place s has an index different from the index of any other token on s.
and the deterministic operation of union of an indexed marking k and a marking m as where for all s ′ ∈ S , k ′ (s ′ ) is defined as: where we use min(H), with H ∈ P(N), to denote the least element of H.Note that the difference between an indexed marking and a marking is a set of indexed markings: since it makes no sense to prefer a single possible execution over another, all possible choices for n ∈ k(s) are to be considered.The token game is modified accordingly, taking into account the individual token interpretation.
Definition 4.2.(Token game with indexed markings) Given a net N = (S, A, T ) and an indexed marking k ∈ K(S) such that m = α(k), we say that a transition t ∈ T is enabled Note that there can be more than one indexed marking produced by the firing of t, but for all k ′ such that k t⟩k ′ , it is true that α From now on, indexed markings will be always represented as sets of indexed places, i.e., we denote an indexed marking k by {(s 1 , n 1 ) . . .Example 4.3.In Figure 4(a) a simple marked net N is given.The initial marking is m 0 = s 1 ⊕ 3s 2 , and it is not difficult to see that the net system N (m 0 ) is 5-bounded.The initial indexed marking is k 0 = {(s 1 , 1), (s 2 , 1), (s 2 , 2), (s 2 , 3)}.
The notation for tokens in the token game has become less intuitive, so in Table 1 we provide a comparison between the one used in the previous sections and the one we will use in the following part of this work.Given a transition t such that k t⟩k ′ and m[t⟩m ′ , where Table 1: Different notation for tokens in the token game.On the first line, the collective case.On the last one, the individual case.
Definition 4.4.(Firing sequence with IM) Given a finite net N = (S, A, T ) and an indexed marking k, a firing sequence starting at k is defined inductively as follows: • k ϵ⟩k is a firing sequence (where ϵ denotes an empty sequence of transitions) and • if k σ⟩k ′ is a firing sequence and k ′ t⟩k ′′ , then k σt⟩k ′′ is a firing sequence.The set of reachable indexed markings from k is k⟩ = {k ′ ∃σ .k σ⟩k ′ }.Given a net N (k 0 ) with k 0 an initial indexed marking, we call IM (N (k 0 )) the set of reachable indexed marking of N (k 0 ).When the initial indexed marking k 0 is clear from the context, we may just write IM (N ).
Proposition 4.5.Given a finite bounded net N = (S, A, T, m 0 ), the set IM (N ) ⊆ K(S) of reachable indexed markings is finite.
Proof.Since N (m 0 ) is bounded, an index h ∈ N exists such that the net is h-bounded.The initial indexed marking k 0 , with α(k 0 ) = m 0 , being closed, is such that no indexed places in k 0 has an index larger than h.Each token in a reachable indexed marking k has always index less than, or equal to h, because the net is h-bounded and, by definition of ⊞, in the token game we choose always the least available index for a newly produced token.Therefore, IM (N ) is finite because IM (N ) ⊆ P f in (S × {1, . . ., h}), which is finite as S is finite as well.

Ordered Indexed Marking Semantics
Vogler [Vog91] introduces ordered markings (OM for short) to describe the state of a safe marked net.An ordered marking consists of a safe marking together with a preorder which reflects precedences in the generation of tokens.This is reflected in the token game for OM: if s precedes some s ′′ in the old OM and s ′′ is used to produce a new token s ′ , then s must precede s ′ in the new OM.The key idea of Vogler's decidability proof for safe nets is that the OM obtained by a sequence of transitions of a net is the same as the one induced by a process, whose events correspond to that sequence of transitions, on the net itself.Vogler defines OM bisimulation and shows that it coincides with fully-concurrent bisimulation.Since ordered markings are finite objects and the reachable ordered markings are finitely many, the candidate relations to be OM bisimulations are finite and finitely many, so that OM bisimilarity is decidable.He himself hinted at a possibility [Vog91] of extending the result to bounded nets, but suggested that it would have been technically quite involved [Vog91](p.503).We adapt his approach by defining a semantics based on ordered indexed markings, taking into account the individual token interpretation of nets, and proving that an extension to bounded nets is indeed possible.Definition 5.1.(Ordered indexed marking) Given a P/T net N = (S, A, T ) and an indexed marking k ∈ K(S), the pair (k, ≤) is an ordered indexed marking if ≤⊆ k × k is a preorder, i.e. a reflexive and transitive relation.The set of all possible ordered indexed markings of N is denoted by OIM (N ).
If k 0 is the initial indexed marking of N , we define the initial ordered indexed marking, denoted by init(N (k 0 )), as (k 0 , k 0 × k 0 ), where the initial preorder relates each token with each other one.If the initial indexed marking k 0 is clear from the context, we write simply init(N ) to denote the initial ordered indexed marking.Definition 5.2.(Token game with ordered indexed markings) Given a P/T net N = (S, A, T ) and an ordered indexed marking (k, ≤), we say that a transition t ∈ T is enabled at (k, ≤) if k t⟩; this is denoted by (k, ≤) t⟩.The firing of t enabled at (k, ≤) may produce an ordered indexed marking (k ′ , ≤ ′ ) -and we denote this by (k, ≤) t⟩(k ′ , ≤ ′ )where:

and
• for all (s h , i h ), (s j , i j ) ∈ k ′ , (s h , i h ) ≤ ′ (s j , i j ) if and only if: (1) (s h , i h ), (s j , i j ) ∈ k ′′ (i.e., the two tokens belong to the untouched part of the indexed marking) and (s h , i h ) ≤ (s j , i j ), or (2) (s h , i h ), (s j , i j ) ∈ k ′ \ k ′′ (i.e., the two tokens are generated by the firing), or (3) (s h , i h ) ∈ k ′′ , (s j , i j ) ∈ k ′ \ k ′′ and ∃(s l , i l ) ∈ k \ k ′′ (i.e., (s l , i l ) is a token consumed by the firing of t) such that (s h , i h ) ≤ (s l , i l ).
Note that, as for indexed markings, many different ordered indexed markings are produced from the firing of t.This means that also the transition relation for ordered indexed markings is nondeterministic.Moreover, in the same fashion as Vogler's work [Vog91], the preorder reflects the precedence in the generation of tokens, which is not strict, i.e., if tokens (s 1 , n 1 ) and (s 2 , n 2 ) are generated together (case (2) above) we have both (s 1 , n 1 ) ≤ (s 2 , n 2 ) and (s 2 , n 2 ) ≤ (s 1 , n 1 ).
Definition 5.4.(Firing sequence with OIM) A firing sequence starting at (k, ≤) is defined inductively as follows: • (k, ≤) ϵ⟩(k, ≤) is a firing sequence (where ϵ denotes an empty sequence of transitions) and Given an initial indexed marking k 0 , the set of all the reachable ordered indexed markings of N (k 0 ) (starting from init(N (k 0 )) = (k 0 , k 0 × k 0 )) is denoted by init(N )⟩.
Proof.The set IM (N ) of reachable indexed markings is finite by Proposition 4.5.The set of possible preorders for an indexed marking k = {(s 1 , n 1 ) . . .(s j , n j )} ∈ IM (N ) is finite, because ≤⊆ k × k.Therefore, init(N )⟩ is finite.5.1.Ordered indexed marking and causality-based semantics.If π = (C, ρ) is a process of a marked net N (m 0 ) and k 0 is the initial indexed marking for N (m 0 ) (i.e.α(k 0 ) = m 0 and k 0 is closed), we also say that π is a process of N (k 0 ).Given a firing sequence of a net N (k 0 ), there is an operational preorder on tokens obtained by Definition 5.4, and a preorder ≤ π derived from the causal net C of a process π which models that execution.
In order to relate the execution of an event sequence σ of π and its corresponding firing sequence ρ(σ) on the actual net N (k 0 ), one must define how maximal conditions in the process π are mapped to indexed places.Indeed, the firing sequence ρ(σ) on N (k 0 ), corresponding to the execution of an event sequence σ of π, might generate many ordered indexed markings, depending on the choice of the initial mapping from conditions to tokens of the initial markings as well as on the choice of the mapping from newly generated conditions of a new event e to multiple tokens on the same place generated by the corresponding transition ρ(e), as illustrated in the following Example 5.8.To reconcile abstract process semantics and concrete indexed marking semantics, we inductively define a process sequence for π, which contains both an event sequence σ for π and a mapping δ from maximal conditions of the process π to indexed places of the current marking of the net.
In the following, we may denote an indexed place (s, i) as p when it is not needed to make place s and index i explicit.
The definition of process sequence (w.r.t.processes or partial processes) is nondeterministic.First, the initial step allows for different choices for the initial δ 0 function, which is a concrete mapping from minimal conditions to tokens of the initial indexed marking k 0 (respecting the function ρ 0 in case we consider processes instead of partial processes); and then, in the inductive case, δ ′ can be any bijection from the newly generated conditions to the newly generated tokens in k ′ (respecting ρ ′ , in case we consider processes).However, this kind of nondeterminism is just apparent, because δ works on the concrete net and, by the indexes chosen initially for each minimal condition as well as for the new (i.e., generated) tokens in the same place, different concrete runs (i.e., with a different indexing of tokens due to a different choice of δ) may originate isomorphic processes only, as illustrated by the following example.Example 5.8.Consider the net in Figure 4(a), with k 0 = {(s 1 , 1), (s 2 , 1), (s 2 , 2), (s 2 , 3)}, and assume that the initial δ 0 maps b 1 to s 1 , and b i 2 to (s 2 , i) for i = 1, 2, 3. Consider the transition sequence t 1 t 2 (with label u v).Transition t 1 consumes the token (s 1 , 1) and generates tokens (s 2 , 4) and (s 2 , 5); assume that transition t 2 consumes the token (s 2 , 2) and generates the token (s 3 , 1).Given that there is no causality between the firing of the two transitions, the process π, whose causal net is in Figure 5(a), models that execution, with trivial mappings (i.e., the mapping δ after the execution of the two transitions maps b i 2 to (s 2 , i) for i = 1, 3, 4, 5 and b 3 to (s 3 , 1)).Let σ = e u e v be the event sequence of the process π, such that ρ(σ) = t 1 t 2 .
Indeed, it is not even enough to keep track of the order of events to compute the resulting indexed markings: one must also consider how conditions are mapped to individual tokens initially.In fact, if we consider a different initial δ ′ 0 (compatible with the initial ρ 0 , that is not modified, if we consider processes instead of partial processes) mapping b 3 2 on (s 2 , 2) and b 2 2 on (s 2 , 3), and the same transition sequence t 1 t 2 above, where, however, the second transition consumes the token (s 2 , 3) and generates the token (s 3 , 1), we get the same process π of Figure 5(a) (with the same event sequence σ on π), but the final indexed marking is {(s 2 , 1), (s 2 , 2)(s 2 , 4), (s 2 , 5), (s 3 , 1)}.
Lemma 5.9.(A minimality condition for ≤) Let π = (C, ρ) be a process of N (k 0 ) and, moreover, let (k 0 , ≤ 0 ) σ, δ|⟩(k, ≤) be a process sequence for π.For all b ∈ M ax(C) (i.e., for all b such that δ Proof.By induction on the length of σ. In other words, if b ∈ M ax(C) and also b ∈ M in(C), then the current token (ρ(b), i) ∈ k was actually already present in the initial indexed marking k 0 and it is also minimal for the preorder ≤.Note that the lemma above holds even in case π = (C, ρ) is a partial process of N (k 0 ).Theorem 5.10.(Coherence of ≤ and process) Let π = (C, ρ) be a process of N (k 0 ) and, moreover, let (k 0 , ≤ 0 ) σ, δ|⟩(k, ≤) be a process sequence for π.Then, for all b, b ′ ∈ M ax(C) we have: Proof.We prove the implication in the two directions.First, we prove that the antecedent implies the consequent by induction on the length of σ.
The induction hypothesis is that init(N ) λ, δ|⟩(k, ≤) is a process sequence for π, where the thesis holds for (k, ≤).
• and δ ′ defined as in Definition 5.6.Then, init(N ) λe, δ ′ |⟩(k ′ , ≤ ′ ) is a process sequence for π ′ .We have to prove the thesis for (k ′ , ≤ ′ ).The proof is by cases on the definition of δ ′ (b) Then, we prove that the consequent implies the antecedent by induction on the length of σ.
The induction hypothesis is that init(N ) λ, δ|⟩(k, ≤) is a process sequence for π, where the thesis holds for (k, ≤) and π.
Note that this theorem holds even in case π = (C, ρ) is a partial process of N (k 0 ), with a proof that is a minor adaptation of the one given above.
Example 5.12.In Figure 6(a), the same 5-bounded P/T net N as Figure 4 is depicted, together with its empty process (we omit to represent its initial marking).Figure 6(b,c) shows how the process corresponding to the transition sequence t 2 t 1 grows.We consider the same execution as in Example 4.3, i.e. k 0 t 2 ⟩k 1 t 1 ⟩k 2 .For simplicity's sake, in the following each condition will be mapped to the place having same subscript and each event will be mapped to the transition having same label.We will denote each process π i as the one thus corresponding to causal net C i .Before any transition fires, we have init(N ) = (k 0 , ≤ 0 ) where ≤ 0 = k 0 × k 0 by Definition 5.1.
Not surprisingly, all conditions b j i are minimal in the causal net C 0 and mapped to tokens in (k 0 , ≤ 0 ).The firing of t 2 deletes token (s 2 , 2) and generates token (s 3 , 1); moreover, since (s 2 , 1) ≤ 0 (s 2 , 2) we have (s 2 , 1) ≤ 1 (s 3 , 1).Note that b 1 2 ∈ M in(C 1 ) but b 3 ̸ ∈ M in(C 1 ).After the firing of t 1 , there are four tokens in place s 2 .However, since (s 2 , 2) and (s 2 , 4) are generated by t 1 , they are greater in ≤ 2 than (s 2 , 1) and (s 2 , 3).This can also be seen at the process level: b 1 2 and b 3 2 are minimal conditions of C 2 , while b 4 2 and b 5 2 are not.On the other hand, note that, just as b 4 2 and b 3 are not minimal in C 2 but also not related by ≤ π 2 , also (s 2 , 2) and (s 3 , 1) are not related by ≤ 2 .

Fully-concurrent Bisimilarity is Decidable
We now define a novel bisimulation relation based on ordered indexed markings (oim, for short), generalizing the similar idea in [Vog91].
An OIM bisimulation is a relation composed of triples of the form ((k 1 , ≤ 1 ), (k 2 , ≤ 2 ), β), such that relation β ⊆ k 1 × k 2 relates tokens of the two indexed markings k 1 and k 2 .The initial triple of an OIM bisimulation is (init(N (k 1 )), init(N (k 2 )), k 1 × k 2 ).Then, whenever the first oim moves with a transition t 1 , the second oim must respond with a transition t 2 such that not only the label of the two transitions is the same, but also the two transitions must consume individual tokens related via β.As individual tokens only interest us as far as precedences in their generation are concerned, we do not require that the tokens consumed by t 1 are in a bijective correspondence to those consumed by t 2 ; we do not even require that an individual token consumed by the first transition is itself related to another consumed by the second one; it is enough that each token consumed by t 1 precedes a (possibly different) token consumed by t 1 that is related via β to a token consumed by t 2 : this allows preserving causality among the generated events.4 and corresponding process (only the mapping of maximal conditions to tokens is displayed).Tokens to be consumed are red, generated ones blue.
Next, we show that fully-concurrent bisimilarity ∼ f c and OIM-bisimilarity ∼ oim coincide on P/T nets, by first proving that fully-concurrent bisimilarity implies OIM-bisimilarity, and then by proving that OIM-bisimilarity implies fully-concurrent bisimilarity.The basic idea behind these proofs is that two tokens are related by β if and only if the transition generating one of the two is mapped by the order-isomorphism f to the transition generating the other one.Proof.If m 01 ∼ f c m 02 , then there exists an fc-bisimulation R 1 containing the triple (π 0 1 , ∅, π 0 2 ), where π 0 i = (C 0 i , ρ 0 i ) is such that C 0 i contains no events and By symmetry, we consider only the case when . By definition of R 2 , there is a process sequence init(N (k 01 )) σ 1 , δ 1 |⟩(k 1 , ≤ 1 ) for π 1 .Hence, by Theorem 5.11, it follows that π 1 1 (e 1 ) = t 1 , and that init(N (k 01 )) 2 ) is a process sequence for π ′ 2 , so that, by Theorem 5.11, we have ( 2 ) is a process sequence for π ′ 2 , f ′ (σ 1 e 1 ) = σ 2 e 2 , and moreover, for β ′ defined as follows: Hence, in order to prove that ((k 1 , ≤ 1 ), (k 2 , ≤ 2 ), β) is a OIM bisimulation triple, as required, it remains to prove that the definition of β ′ arising from R 2 , i.e., the unique β ′ such that the triple ( is coherent with the one of Definition 6.1, i.e., it implies both Let us consider events e ′ 1 , e ′ 2 such that b 1 ∈ e If we prove that R 2 is an fc-bisimulation, then we have that m 01 ∼ f c m 02 .In fact, consider for i = 1, 2 the empty process (C 0 i , ρ 0 i ) (i.e., C 0 i contains no events and ρ 0 )) is a process sequence for π 0i and α(k 0i ) = m 0i , by definition of R 2 it follows that (π 0 1 , ∅, π 0 2 ) ∈ R 2 , and therefore m 01 ∼ f c m 02 .
Assume (π 1 , f, π 2 ) ∈ R 2 .By symmetry, we consider only the case when π 1 moves first.Let π 1 e 1 −→ π ′ 1 where ρ ′ 1 (e 1 ) = t 1 .By definition of R 2 , there is a process sequence init(N (k ) is a process sequence for π ′ 1 .Hence, by Theorem 5.11, it follows that (k We extend f to f ′ with the mapping f ′ (e 1 ) = e 2 : since f is an isomorphism between E C 1 and E C 2 , and π 1 we have only to prove that f maps the predecessors of e 1 to those of e 2 (and viceversa).For this check we need the following two facts: , where e is an event that immediately precedes e 1 , hence, e ⪯ ′ 1 e 1 and there exists b , where e ′ is an event that immediately precedes e 2 , hence, e ′ ⪯ ′ 2 e 2 and there exists b 2 such that b 2 ∈ e ′• and b 2 ∈ • e 2 .Since these two facts are essentially symmetric, we will prove only the first one. If

we know by Theorem
Proof.By Theorem 7.4, we have that ∼ icn coincides with ∼ oimc .Note that an OIMC bisimulation is actually also an OIM bisimulation, so that ∼ oimc ⊆∼ oim .By Theorem 6.4, we have that ∼ oim coincides with ∼ f c , so that the thesis ∼ icn ⊆∼ f c follows trivially.(Example 3.17 shows that the implication is strict.)

Conclusion and Future Research
We have extended Vogler's proof technique in [Vog91], based on ordered markings, that he used to prove decidability of (strong) fully-concurrent bisimilarity for safe nets, to bounded nets by means of indexed ordered markings.The extension is flexible enough to be applicable also to other similar equivalences, such as i-causal-net bisimilarity, a novel behavioral equivalence slightly coarser than causal-net bisimilarity [vG15,Gor22].While decidability of fully-concurrent bisimilarity for bounded nets was already proved by Montanari and Pistore [MP97], our result for i-causal-net bisimilarity is, of course, new.However, the approach of [MP97] is not defined directly on Petri nets, rather it exploits an encoding of Petri nets into so-called causal automata, a model of computation designed for handling dependencies between transitions by means of names.In addition to this, their encoding works modulo isomorphisms, so that, in order to handle correctly the dependency names, at each step of the construction costly renormalizations are required.Along the same line, recently history-dependent automata [BMS15a, BMS15b] have been proposed.They are a much refined version of causal automata, retaining not only events but also their causal relations.Moreover, they are equipped with interesting categorical properties such as having symmetry groups over them, which allow for state reductions.As in the former work, the latter ones do not work directly on the net and may require minimizations (albeit automatic, in the case of HD automata).On the contrary, our construction is very concrete and works directly on the net.Thus, we conjecture that, even if the worst-case complexity is roughly the same, our algorithm may perform generally better.
Decidability of fully-concurrent bisimilarity using the ordered indexed marking idea was claimed to have been proved by Valero-Ruiz in his PhD thesis [VR93] for the subclass of bounded P/T nets where transitions pre-and post-sets are sets.Valero-Ruiz's approach differs from ours both in how the proof is conducted and in accuracy.In his work, ordered indexed markings are defined in such a way that they are always closed, but depending on the chosen token to remove, there may appear a hole in the indexing (cf.Example 5.3), and therefore it is stated that the resulting ordered indexed marking may be subject to renaming to be again closed.This definition does not ensure the individuality of tokens: one token not used in a transition can be renamed, so that (even if it is not taking part to the transition) its index before and after the transition is different.Moreover, isomorphism of ordered indexed marking is defined only on closed ones, therefore it is not clear how the renaming is carried on.At the same time, it is left implicit how relation ≤ should behave w.r.t.renaming: since the individuality of tokens cannot be assumed, this is not a trivial detail.Another critical point is in the definition of the indexed ordered marking-based bisimulation (similar to Definition 6.1), where the possible renaming of tokens between transition steps is not taken into account.These inaccuracies undermine Valero-Ruiz's result on decidability of fully-concurrent bisimilarity for the subclass of bounded P/T nets where transitions preand post-sets are sets.Therefore, our work can be considered the first one to have proved it using the ordered indexed marking approach, and on the larger class of bounded nets.
A natural question is whether it is possible to decide these equivalences for larger classes of nets, notably unbounded P/T nets.However, as Esparza observed in [Esp98], all the behavioral equivalences ranging from interleaving bisimilarity to fully-concurrent bisimilarity are undecidable on unbounded P/T nets.So, there is no hope to extend our result about fc-bisimilarity further.Nonetheless, the proof of undecidability by Jancar [Jan95] does not apply to (i-)causal-net bisimilarity, so that the decidability of (i-)causal-net bisimilarity over unbounded P/T nets is open.
We conclude by offering a panorama of decidability results over the spectrum of the behavioral equivalences fully respecting causality and the branching time, defined over finite Petri nets, summarized as follows: where place bisimilarity ∼ p [ABS91, Gor21] is the finest one, then causal-net bisimilarity ∼ cn [vG15,Gor22] (which is equivalent to structure-preserving bisimilarity ∼ sp [vG15]), then i-causal-net bisimilarity (which is equivalent to OIMC bisimilarity ∼ oimc ), then statesensitive fully-concurrent bisimilarity ∼ sf c [Gor22], and finally fully-concurrent bisimilarity ∼ f c [BDKP91] (which is equivalent to OIM bisimilarity ∼ oim ), which is the coarsest one.
Place bisimilarity ∼ p , originally defined in [ABS91], is a behavioral equivalence that, differently from all the other listed above, is based on relations on the finite set of net places, rather than on relations on the (possibly infinite) set of reachable markings.This behavioral relation was recently proved decidable for finite unbounded P/T nets in [Gor21].In that paper also a novel variant behavioral equivalence, called d-place bisimilarity ∼ d , was introduced; this equivalence, which is coarser than ∼ p , finer than fully-concurrent bisimilarity ∼ f c , but incomparable with the other equivalences listed above, is the coarsest decidable behavioral equivalence, fully respecting causality and the branching time, defined so far for finite unbounded P/T nets.
Causal-net bisimilarity ∼ cn [vG15,Gor22] is decidable on finite bounded Petri nets.This can be proved by exploiting its equivalent characterization in terms of structure-preserving bisimilarity ∼ sp [vG15].In fact, a structure-preserving bisimulation may be seen as a relation composed of triples of type (marking, bijection, marking), where the first component and the third component are reachable markings (which are finitely many for finite bounded nets) and the second component is a bijection between the two (hence, this is one in a set of at most k! bijections, if the size of the markings is k).Therefore, as the possible triples can be finitely many for finite bounded P/T nets, there can only be finitely many candidate relations (which are all finite) to be structure-preserving bisimulations.As mentioned above, decidability of ∼ cn over finite unbounded P/T nets is an open problem.As discussed in [vG15], causal-net bisimilarity is the coarsest semantics respecting inevitability [MOP89], i.e., if two systems are equivalent, and in one the occurrence of a certain action is inevitable, then so is it in the other one.
We have proved that ∼ icn is decidable on finite bounded P/T nets by means of the equivalent characterization in terms of ∼ oimc .As mentioned above, decidability of ∼ icn over finite unbounded nets is an open problem.I-causal-net bisimilarity is the coarsest semantics respecting the structure of the net, i.e., the coarsest bisimulation-based one ensuring that related markings generate the same causal nets.
State-sensitive fully-concurrent bisimilarity ∼ sf c [Gor22] is a slight refinement of fullyconcurrent bisimilarity requiring that the current markings have the same size.Example 3.17 shows that ∼ sf c is coarser than ∼ icn .Hence, even if ∼ sf c is the coarsest equivalence to be resource-aware, we think that ∼ icn is more accurate, as an observer that can really observe the distributed state should be able to observe the structure of the transitions.It is easy to observe that ∼ sf c can be decided over finite bounded Petri nets, by simply enhancing the definition of OIM bisimulation: it is enough to add the condition that the current indexed markings k 1 and k 2 have the same size, in order to obtain a slightly stronger bisimulation relation, say OIMS bisimulation, whose induced behavioral equivalence, say ∼ oims , is, of course, decidable as well.Also the decidability of ∼ sf c over finite unbounded nets is open, even if we conjecture that it is undecidable.
Finally, we have proved that fully-concurrent bisimilarity ∼ f c , which is the coarsest equivalence fully respecting causality and the branching time, is decidable for finite bounded nets by means of its characterization in terms of ∼ oim , while, as mentioned above, it is undecidable for finite P/T nets with at least two unbounded places [Jan95,Esp98].
On BPP nets, i.e., nets whose transitions have singleton preset but whose set of reachable markings can be infinite, the classification above is largely simplified, as it is possible to prove [Gor22] that where ∼ t is team bisimilarity [Gor22], ∼ d is d-place bisimilarity [Gor21] and ∼ ht is h-team bisimilarity [Gor22].All these equivalences can be decided for BPP nets in polynomial time.
As a future work, we plan to extend Vogler's results in [Vog95] about decidability of weak fully-concurrent bisimilarity on safe nets with silent moves, to bounded nets with silent moves, by means of our indexed marking idea.
Definition 3.3.(Moves of a causal net) Given two causal nets C = (B, L, E, m 0 ) and C ′ = (B ′ , L, E ′ , m 0 ), we say that C moves in one step to C ′ through e, denoted by C[e⟩C ′ , if • e ⊆ M ax(C), E ′ = E ∪ {e} and B ′ = B ∪ e • ; in other words, C ′ extends C by one event e. Definition 3.4.(Folding and Process) A folding from a causal net C = (B, L, E, m 0 ) into a net system N (m 0 ) = (S, A, T, m 0 ) is a function ρ : B ∪E → S ∪T , which is type-preserving, i.e., such that ρ(B) ⊆ S and ρ(E) ⊆ T , satisfying the following: Definition 4.1.(Indexed marking) Given a finite net N = (S, A, T ), an indexed marking is a function k : S − → P f in (N) associating to each place a finite set of natural numbers, such that the associated (de-indexed) marking m is obtained as m(s) = | k(s) | for each s ∈ S. In this case, we write α

Figure 4 :
Figure 4: Execution of the transition labeled by v, then of the transition labeled by u, on a net with initial marking m 0 = s 1 ⊕ 3s 2 .Tokens to be consumed are in red, generated ones in blue.

Figure 5 :
Figure 5: The causal net of a process and two possible resulting indexed markings starting from the net of Figure 4(a).
by Proposition 3.7, it is true that there exists b ′′ ∈ • e such that • b ≤ π • b ′′ , and δ(b ′′ ) ∈ k \k ′′ .Then, by inductive hypothesis, δ ′ in the OIM bisimulation, where the new relation β ′ is obtained from β by retaining all the pairs of individual tokens related by β but untouched by the two transitions, and by adding all the pairs of individual tokens generated by the two matching transitions.Definition 6.1.(OIM bisimulation) Let N = (S, A, T ) be a P/T net.An OIM bisimulation is a relation B ⊆ OIM (N ) × OIM (N ) × P((S × N

Figure 6 :
Figure6: Execution of the transition labeled by v, then u, on the net of Figure4and corresponding process (only the mapping of maximal conditions to tokens is displayed).Tokens to be consumed are red, generated ones blue.
then p 1 βp 2 , therefore condition (i) holds.+ other cases: absurd since f ′ (e 1 ) = e 2 .Proof.If m 01 ∼ oim m 02 , then there exists an OIM bisimulation R 1 containing the triple (init(N (k 01 )), init(N (k 02 )), k 01 × k 02 ), where α(k 01 ) = m 01 , α(k 02 ) = m 02 , and k 01 , k 02 are closed.Let us consider that there exists a path in C ′ starting from • b and ending at • b ′ .Let us choose b ′′ to be the condition immediately before • b ′ in that path.It follows that there exists a path in C starting from • b and ending at • b ′′ : then, by Definition 3.5, we get the thesis.