Generalised Nonblocking

This paper studies the nonblocking check used in supervisory control of discrete event systems and its limitations. Different examples with different liveness requirements are discussed. It is shown that the standard nonblocking check can be used to specify most requirements of interest, but that it lacks expressive power in a few cases. A generalised nonblocking check is proposed to overcome the weakness, and its relationship to standard nonblocking is explored. Results suggest that generalised nonblocking, while having the same useful properties with respect to synthesis and compositional verification, can provide for more concise problem representations in some cases

A Graph-Transformation Modelling Framework for Supervisory Control

Formal design methodologies have the potential to accelerate the development and increase the reliability of supervisory controllers designed within industry. One promising design framework which has been shown to do so is known as supervisory control synthesis (SCS). In SCS, instead of manually designing the supervisory controller itself, one designs models of the uncontrolled system and its control requirements. These models are then provided as input to a special synthesis algorithm which uses them to automatically generate a model of the supervisory controller. This outputted model is guaranteed to be correct as long as the models of the uncontrolled system and its control requirements are valid. This accelerates development by removing the need to verify and rectify the model of the supervisory controller. Instead, only the models of the uncontrolled system and its requirements must be validated. To address problems of scale, SCS can be applied in modular fashion, and implemented in hierarchical and decentralized architectures. Despite the large body of research con rming the bene ts of integrating SCS within the development process of supervisory controllers, it has still not yet found widespread application within industry. In the author's opinion, this is partly attributed to the non-user-friendly nature of the automaton-based modelling framework used create the models of the uncontrolled system (and control requirements in even-based SCS). It is believed that in order for SCS to become more accessible to a wider range of non experts, modelling within SCS must be made more intuitive and user-friendly. To improve the usability of SCS, this work illustrates how a graph transformation-based modelling approach can be employed to generate the automaton models required for supervisory control synthesis. Furthermore, it is demonstrated how models of the speci cation can be intuitively represented within our proposed modelling framework for both event- and state-based supervisory control synthesis. Lastly, this thesis assesses the relative advantages brought about by the proposed graph transformation-based modelling framework over the conventional automaton based modelling approach

Progressive events in supervisory control and compositional verification

This paper investigates some limitations of the nonblocking property when used for supervisor synthesis in discrete event systems. It is shown that there are cases where synthesis with the nonblocking property gives undesired results. To address such cases, the paper introduces progressive events as a means to specify more precisely how a synthesised supervisor should complete its tasks. The nonblocking property is modified to take progressive events into account, and appropriate methods for verification and synthesis are proposed. Experiments show that progressive events can be used in the analysis of industrial-scale systems, and can expose issues that remain undetected by standard nonblocking verification

Logic diagram verification by modular supervisory control of discrete-event system

Control function verification is an important task in current engineering design. Traditional researches usually focus on the final function validation when the control system has already been implemented on a hardware controller. However, it would be more useful if design errors are found in earlier stages of design. Logic diagram, as a popular middle medium, plays a critical role in the current design practices, especially for medium-sized and large-sized control systems. Therefore, verification of the design specifications of the logic diagrams is an interesting topic in order to find and eliminate the design errors in an early stage. In this thesis, we provide a viable approach to verify the design functions of the logic diagrams which is based on the modular supervisory control of Discrete-Event Systems. We create models for basic logic gates and introduce buffers to obtain automaton representation of logic diagrams After converting the informal verbal specifications to automata, we can verify whether the logic diagram satisfies these specifications with the help of TTCT (a computer program based on automata for analysis and design of supervisory control systems). A formal proof of controllability and a semi-formal proof of nonblocking property are given. An industrial-sized example is studied to demonstrate the feasibility of our methodology

Supervisory Control Theory in System Safety Analysis

Development of safety critical systems requires a risk management strategy to identify and analyse hazards, and apply necessary actions to eliminate or control them as malfunctions could be catastrophic. Fault Tree Analysis (FTA) is one of the most widely used methods for safety analysis in industrial use. However, the standard FTA is manual, informal, and limited to static analysis of systems. In this paper, we present preliminary results from a model-based approach to address these limitations using Supervisory Control Theory. Taking an example from the Fault Tree Handbook, we present a systematic approach to incrementally obtain formal models from a fault tree and verify them in the tool Supremica. We present a method to calculate minimal cut sets using our approach. These compositional techniques could potentially be very beneficial in the safety analysis of highly complex safety critical systems, where several components interact to solve different tasks

On Provably Correct Decision-Making for Automated Driving

The introduction of driving automation in road vehicles can potentially reduce road traffic crashes and significantly improve road safety. Automation in road vehicles also brings several other benefits such as the possibility to provide independent mobility for people who cannot and/or should not drive. Many different hardware and software components (e.g. sensing, decision-making, actuation, and control) interact to solve the autonomous driving task. Correctness of such automated driving systems is crucial as incorrect behaviour may have catastrophic consequences. Autonomous vehicles operate in complex and dynamic environments, which requires decision-making and planning at different levels. The aim of such decision-making components in these systems is to make safe decisions at all times. The challenge of safety verification of these systems is crucial for the commercial deployment of full autonomy in vehicles. Testing for safety is expensive, impractical, and can never guarantee the absence of errors. In contrast, formal methods, which are techniques that use rigorous mathematical models to build hardware and software systems can provide a mathematical proof of the correctness of the system. The focus of this thesis is to address some of the challenges in the safety verification of decision-making in automated driving systems. A central question here is how to establish formal verification as an efficient tool for automated driving software development.A key finding is the need for an integrated formal approach to prove correctness and to provide a complete safety argument. This thesis provides insights into how three different formal verification approaches, namely supervisory control theory, model checking, and deductive verification differ in their application to automated driving and identifies the challenges associated with each method. It identifies the need for the introduction of more rigour in the requirement refinement process and presents one possible solution by using a formal model-based safety analysis approach. To address challenges in the manual modelling process, a possible solution by automatically learning formal models directly from code is proposed