Control and diagnosis of real-time systems under finite-precision measurement of time

A discrete event system (DES) is an event-driven system that evolves according to abrupt occurrences of discrete changes (events). The domain of such systems encompasses aspects of many man-made systems such as manufacturing systems, telephone networks, communication protocols, traffic systems, embedded software, asynchronous hardware, robotics, etc. Supervisory control theory for DESs studies the existence and synthesis of the supervisory controllers, namely, supervisors that restrict the system behaviors by dynamically disabling certain controllable events so that the controlled close-loop system could behave as desired. Extensive work on supervisory control of untimed DESs exists and the extension to the timed setting has been reported in the literature. In this dissertation, we study the supervisory control of dense-time DESs in which the digital-clocks of finite-precision are employed to observe the event occurrence times, thereby relaxing the assumption of the prior works that time can be measured precisely. In our setting, the passing of time is measured using the number of ticks generated by a digital-clock and we allow the plant events and digital-clock ticks to occur concurrently. We formalize the notion of a control policy that issues the control actions based on the observations of events and their occurrence times as measured using a digital-clock, and show that such a control policy can be equivalently represented as a digitalized -automaton, namely, an untimed-automaton that evolves over the events (of the plant) and ticks (of the digital-clock). We introduce the notion of observability with respect to the partial observations of time resulting from the use of a digital-clock, and show that this property together with controllability serves as a necessary and sufficient condition for the existence of a supervisor to enforce a real-time specification on a dense-time discrete event plant. The observability condition presented in the dissertation is very different from the one arising due to a partial observation of events since a partial observation of time is in general nondeterministic (the number of ticks generated in any time interval can vary from execution to execution of a digital-clock). We also present a method to verify the proposed observability and controllability conditions, and an algorithm to compute a supervisor when such conditions are satisfied. Furthermore we examine the lattice structure of a class of timing-mask observable languages, and show that the proposed observability is not preserved under intersection but preserved under union. Fault diagnosis for DESs is to detect the occurrence of a fault so as to enable any corrective actions. It is crucial in automatic control of large complex man-made systems and has attracted considerable attention in the literature of reliability engineering, control and computer science. For the event-driven systems with timing-requirements such as manufacturing systems, communication networks, real-time scheduling and traffic systems, fault diagnosis involves detecting the timing-faults, besides the sequence-faults. This requires monitoring timing and sequence of events, both of which may only be partially observed in practice. In this dissertation, we extend the prior works on fault diagnosis of timed DESs by allowing time to be partially observed using a digital-clock which measures the advancement of time with finite precision by the number of ticks. For the diagnosis purposes, the set of nonfaulty timed-traces is specified as another timed-automaton that is deterministic. We show that the set of timed-traces observed using a digital-clock with finite precision is regular, i.e., can be represented using a finite (untimed) automaton. We also show that the verification of diagnosability (the ability to detect the execution of a faulty timed-trace within a bounded time delay) as well as the off-line synthesis of a diagnoser are decidable by reducing these problems to the untimed setting. The reduction to the untimed setting also suggests an effective method for the off-line computation of a diagnoser as well as its on-line implementation for diagnosis. The aforementioned results are further extended to the nondeterministic setting, i.e., diagnosis of dense-time DESs using digital-clocks under nondeterministic event observation mask. We introduce the notion of lifting (associating each event with each of its nondeterministic observations), and show that diagnosis of dense-time DESs employing digital-clocks to observe event occurrence times under nondeterministic event observation mask can be reduced to that of the deterministic setting, i.e., diagnosis of the lifted dense-time DESs under the deterministic lifted event observation mask, and hence can be further reduced to diagnosis of the untimed setting

Distributed Supervisory Control of Discrete-Event Systems with Communication Delay

This paper identifies a property of delay-robustness in distributed supervisory control of discrete-event systems (DES) with communication delays. In previous work a distributed supervisory control problem has been investigated on the assumption that inter-agent communications take place with negligible delay. From an applications viewpoint it is desirable to relax this constraint and identify communicating distributed controllers which are delay-robust, namely logically equivalent to their delay-free counterparts. For this we introduce inter-agent channels modeled as 2-state automata, compute the overall system behavior, and present an effective computational test for delay-robustness. From the test it typically results that the given delay-free distributed control is delay-robust with respect to certain communicated events, but not for all, thus distinguishing events which are not delay-critical from those that are. The approach is illustrated by a workcell model with three communicating agents

Robust decentralized supervisory control of discrete-event systems

In this thesis we study robust supervisory control of discrete event systems in two different settings. First, we consider the problem of synthesizing a set of decentralized supervisors when the precise model of the plant is not known, but it is known that it is among a finite set of plant models. To tackle this problem, we form the union of all possible behaviors and construct an appropriate specification, from the given set of specifications, and solve the conventional decentralized supervisory control associated with it. We also prove that the given robust problem has a solution if and only if this conventional decentralized supervisory control problem has a solution. In another setting, we investigate the problem of synthesizing a set of communicating supervisors in the presence of delay in communication channels, and call it Unbounded Communication Delay Robust Supervisory Control problem (UCDR-SC problem). In this problem, We assume that delay is unbounded but it is finite, meaning that any message sent from a local supervisor will be received by any other local supervisors after a finite but unknown delay. To solve this problem, we redefine the supervisory decision making rules, introduce a new language property called unbounded-communication-delay-robust (UCDR), and present a set of conditions on the specification of the problem. We also show that the new class of languages that is the solution to this problem has some interesting relations with other observational languages

INCREMENTAL FAULT DIAGNOSABILITY AND SECURITY/PRIVACY VERIFICATION

Dynamical systems can be classified into two groups. One group is continuoustime systems that describe the physical system behavior, and therefore are typically modeled by differential equations. The other group is discrete event systems (DES)s that represent the sequential and logical behavior of a system. DESs are therefore modeled by discrete state/event models.DESs are widely used for formal verification and enforcement of desired behaviors in embedded systems. Such systems are naturally prone to faults, and the knowledge about each single fault is crucial from safety and economical point of view. Fault diagnosability verification, which is the ability to deduce about the occurrence of all failures, is one of the problems that is investigated in this thesis. Another verification problem that is addressed in this thesis is security/privacy. The two notions currentstate opacity and current-state anonymity that lie within this category, have attracted great attention in recent years, due to the progress of communication networks and mobile devices.Usually, DESs are modular and consist of interacting subsystems. The interaction is achieved by means of synchronous composition of these components. This synchronization results in large monolithic models of the total DES. Also, the complex computations, related to each specific verification problem, add even more computational complexity, resulting in the well-known state-space explosion problem.To circumvent the state-space explosion problem, one efficient approach is to exploit the modular structure of systems and apply incremental abstraction. In this thesis, a unified abstraction method that preserves temporal logic properties and possible silent loops is presented. The abstraction method is incrementally applied on the local subsystems, and it is proved that this abstraction preserves the main characteristics of the system that needs to be verified.The existence of shared unobservable events means that ordinary incremental abstraction does not work for security/privacy verification of modular DESs. To solve this problem, a combined incremental abstraction and observer generation is proposed and analyzed. Evaluations show the great impact of the proposed incremental abstraction on diagnosability and security/privacy verification, as well as verification of generic safety and liveness properties. Thus, this incremental strategy makes formal verification of large complex systems feasible

Supervisory Control and Analysis of Partially-observed Discrete Event Systems

Nowadays, a variety of real-world systems fall into discrete event systems (DES). In practical scenarios, due to facts like limited sensor technique, sensor failure, unstable network and even the intrusion of malicious agents, it might occur that some events are unobservable, multiple events are indistinguishable in observations, and observations of some events are nondeterministic. By considering various practical scenarios, increasing attention in the DES community has been paid to partially-observed DES, which in this thesis refer broadly to those DES with partial and/or unreliable observations. In this thesis, we focus on two topics of partially-observed DES, namely, supervisory control and analysis. The first topic includes two research directions in terms of system models. One is the supervisory control of DES with both unobservable and uncontrollable events, focusing on the forbidden state problem; the other is the supervisory control of DES vulnerable to sensor-reading disguising attacks (SD-attacks), which is also interpreted as DES with nondeterministic observations, addressing both the forbidden state problem and the liveness-enforcing problem. Petri nets (PN) are used as a reference formalism in this topic. First, we study the forbidden state problem in the framework of PN with both unobservable and uncontrollable transitions, assuming that unobservable transitions are uncontrollable. For ordinary PN subject to an admissible Generalized Mutual Exclusion Constraint (GMEC), an optimal on-line control policy with polynomial complexity is proposed provided that a particular subnet, called observation subnet, satisfies certain conditions in structure. It is then discussed how to obtain an optimal on-line control policy for PN subject to an arbitrary GMEC. Next, we still consider the forbidden state problem but in PN vulnerable to SD-attacks. Assuming the control specification in terms of a GMEC, we propose three methods to derive on-line control policies. The first two lead to an optimal policy but are computationally inefficient for large-size systems, while the third method computes a policy with timely response even for large-size systems but at the expense of optimality. Finally, we investigate the liveness-enforcing problem still assuming that the system is vulnerable to SD-attacks. In this problem, the plant is modelled as a bounded PN, which allows us to off-line compute a supervisor starting from constructing the reachability graph of the PN. Then, based on repeatedly computing a more restrictive liveness-enforcing supervisor under no attack and constructing a basic supervisor, an off-line method that synthesizes a liveness-enforcing supervisor tolerant to an SD-attack is proposed. In the second topic, we care about the verification of properties related to system security. Two properties are considered, i.e., fault-predictability and event-based opacity. The former is a property in the literature, characterizing the situation that the occurrence of any fault in a system is predictable, while the latter is a newly proposed property in the thesis, which describes the fact that secret events of a system cannot be revealed to an external observer within their critical horizons. In the case of fault-predictability, DES are modeled by labeled PN. A necessary and sufficient condition for fault-predictability is derived by characterizing the structure of the Predictor Graph. Furthermore, two rules are proposed to reduce the size of a PN, which allow us to analyze the fault-predictability of the original net by verifying that of the reduced net. When studying event-based opacity, we use deterministic finite-state automata as the reference formalism. Considering different scenarios, we propose four notions, namely, K-observation event-opacity, infinite-observation event-opacity, event-opacity and combinational event-opacity. Moreover, verifiers are proposed to analyze these properties

Synthesis of communicating decentralized supervisors for discrete-event systems with application to communication protocol synthesis

A Discrete-Event Systems (DES) may be viewed as a dynamic system with a discrete state space and a discrete state-transition structure with an event-driven nature, which makes it different from the systems described by differential or difference equations. Given the desired behavior of a DES as a specification, decentralized supervisory control theory seeks to design for a (distributed) DES, consisting of a number of (geographically distant) sites, a set of supervisors, one for each site, such that the behavior of the DES always remains within the specification. If the specification is not coobservable, these supervisors need to communicate amongst each other. This thesis proposes a mathematical framework to formally model and synthesize such communicating decentralized supervisors. The framework provides a decentralized representation of the DES's centralized supervisor and captures its observational and control-related information as mappings, which are called updating and guard functions, respectively. This leads to a polynomial dynamical system, which serves to model the required communication and synthesize its rules. The systematic synthesis, obtained through this approach, characterizes the class of distributed control problems which are solvable only with communication, comes up with a finer partition of it, and addresses practical issues. The thesis ends with the application of the theoretical results to the modeling and synthesis of a communication protoco