Synthesis of Liveness-Enforcing Petri Net Supervisors Based on a Think-Globally-Act-Locally Approach and a Structurally Minimal Method for Flexible Manufacturing Systems

This paper proposes a deadlock prevention policy for flexible manufacturing systems (FMSs) based on a think-globally-act-locally approach and a structurally minimal method. First, by using the think-globally-act-locally approach, a global idle place is temporarily added to a Petri net model with deadlocks. Then, at each iteration, an integer linear programming problem is formulated to design a minimal number of maximally permissive control places. Therefore, a supervisor with a low structural complexity is obtained since the number of control places is greatly compressed. Finally, by adding the designed supervisor, the resulting net model is optimally or near-optimally controlled. Three examples from the literature are used to illustrate the proposed method

Deadlock Prevention Policy with Behavioral Optimality or Suboptimality Achieved by the Redundancy Identification of Constraints and the Rearrangement of Monitors

This work develops an iterative deadlock prevention method for a special class of Petri nets that can well model a variety of flexible manufacturing systems. A deadlock detection technique, called mixed integer programming (MIP), is used to find a strict minimal siphon (SMS) in a plant model without a complete enumeration of siphons. The policy consists of two phases. At the first phase, SMSs are obtained by MIP technique iteratively and monitors are added to the complementary sets of the SMSs. For the possible existence of new siphons generated after the first phase, we add monitors with their output arcs first pointed to source transitions at the second phase to avoid new siphons generating and then rearrange the output arcs step by step on condition that liveness is preserved. In addition, an algorithm is proposed to remove the redundant constraints of the MIP problem in this paper. The policy improves the behavioral permissiveness of the resulting net and greatly enhances the structural simplicity of the supervisor. Theoretical analysis and experimental results verify the effectiveness of the proposed method

Supervisor Synthesis for Discrete Event Systems under Partial Observation and Arbitrary Forbidden State Specifications

In this paper, we consider the forbidden state problem in discrete event systems modeled by partially observed and partially controlled Petri nets. Assuming that the reverse net of the uncontrollable subnet of the Petri net is structurally bounded, we compute a set of weakly forbidden markings from which forbidden markings can be reached by firing a sequence of uncontrollable/unobservable transitions. We then use reduced consistent markings to represent the set of consistent markings for Petri nets with structurally bounded unobservable subnets. We determine the control policy by checking if the firing of a certain controllable transition will lead to a subsequent reduced consistent marking that belongs to the set of weakly forbidden markings; if so, we disable the corresponding controllable transition. This approach is shown to be minimally restrictive in the sense that it only disables behavior that can potentially lead to a forbidden marking. The setting in this paper generalizes previous work by studying supervisory control for partially observed and partially controlled Petri nets with a general labeling function and a finite number of arbitrary forbidden states. In contrast, most previous work focuses on either labeling functions that assign a unique label to each observable transition or forbidden states that are represented using linear inequalities. More importantly, we demonstrate that, in general, the separation between observation and control (as considered in previous work) may not hold in our setting

Symbolic Supervisory Control of Resource Allocation Systems

<p>Supervisory control theory (SCT) is a formal model-based methodology for verification and synthesis of supervisors for discrete event systems (DES). The main goal is to guarantee that the closed-loop system fulfills given specifications. SCT has great promise to assist engineers with the generation of reliable control functions. This is, for instance, beneficial to manufacturing systems where both products and production equipment might change frequently.</p> <p>The industrial acceptance of SCT, however, has been limited for at least two reasons: (i) the analysis of DES involves an intrinsic difficulty known as the state-space explosion problem, which makes the explicit enumeration of enormous state-spaces for industrial systems intractable; (ii) the synthesized supervisor, represented as a deterministic finite automaton (FA) or an extended finite automaton (EFA), is not straightforward to implement in an industrial controller.</p> <p>In this thesis, to address the aforementioned issues, we study the modeling, synthesis and supervisor representation of DES using binary decision diagrams (BDDs), a compact data structure for representing DES models symbolically. We propose different kinds of BDD-based algorithms for exploring the symbolically represented state-spaces in an effort to improve the abilities of existing supervisor synthesis approaches to handle large-scale DES and represent the obtained supervisors appropriately.</p> <p>Following this spirit, we bring the efficiencies of BDD into a particular DES application domain -- deadlock avoidance for resource allocation systems (RAS) -- a problem that arises in many technological systems including flexible manufacturing systems and multi-threaded software. We propose a framework for the effective and computationally efficient development of the maximally permissive deadlock avoidance policy (DAP) for various RAS classes. Besides the employment of symbolic computation, special structural properties that are possessed by RAS are utilized by the symbolic algorithms to gain additional efficiencies in the computation of the sought DAP. Furthermore, to bridge the gap between the BDD-based representation of the target DAP and its actual industrial realization, we extend this work by introducing a procedure that generates a set of "guard" predicates to represent the resulting DAP.</p> <p>The work presented in this thesis has been implemented in the SCT tool Supremica. Computational benchmarks have manifested the superiority of the proposed algorithms with respect to the previously published results. Hence, the work holds a strong potential for providing robust, practical and efficient solutions to a broad range of supervisory control and deadlock avoidance problems that are experienced in the considered DES application domain.</p

Intelligent Colored Token Petri Nets for Modeling, Control, and Validation of Dynamic Changes in Reconfigurable Manufacturing Systems

The invention of reconfigurable manufacturing systems (RMSs) has created a challenging problem: how to quickly and effectively modify an RMS to address dynamic changes in a manufacturing system, such as processing failures and rework, machine breakdowns, addition of new machines, addition of new products, removal of old machines, and changes in processing routes induced by the competitive global market. This paper proposes a new model, the intelligent colored token Petri net (ICTPN), to simulate dynamic changes or reconfigurations of a system. The main idea is that intelligent colored tokens denote part types that represent real-time knowledge about changes and status of a system. Thus, dynamic configurations of a system can be effectively modeled. The developed ICTPN can model dynamic changes of a system in a modular manner, resulting in the development of a very compact model. In addition, when configurations appear, only the changed colored token of the part type from the current model has to be modified. Based on the resultant ICTPN model, deadlock-free, conservative, and reversible behavioral properties, among others, are guaranteed. The developed ICTPN model was tested and validated using the GPenSIM tool and compared with existing methods from the literature.publishedVersio

A Forward On-The-Fly Approach for Safety and Reachability Controller Synthesis of Timed Systems

RÉSUMÉ Cette thèse s’intéresse à la synthèse de contrôleurs pour des systèmes temps réel (systèmes temporisés). Partant d’un système temps réel modélisé par un réseau de Petri temporel composé de transitions contrôlables et non contrôlables (TPN), le contrôle vise à forcer, en restreignant les intervalles de franchissement des transitions contrôlables, le système à satisfaire les propriétés souhaitées. Nous proposons, dans cette thèse, un algorithme pour synthétiser de tels contrôleurs pour des propriétés de sûreté et d’accessibilité. Cet algorithme, basé sur la méthode de graphe de classes d’états, calcule à la volée les classes d’états atteignables du TPN tout en collectant progressivement les sous-intervalles de tir à éviter, afin de satisfaire les propriétés souhaitées. Avec cet algorithme, il n’est plus nécessaire de calculer les prédécesseurs contrôlables et de partitionner récursivement les classes d’états jusqu’à atteindre un point fixe, comme c’est le cas dans les autres approches basées sur l’exploration, en avant et en arrière, de l’espace des états du système. Nous prouvons formellement la correction de l’algorithme, puis nous montrons que dans la catégorie des contrôleurs basés sur la restriction des intervalles de tir, l’algorithme, proposé dans cette thèse, synthétise un contrôleur optimal (le plus permissif possible). Afin d’atténuer davantage le problème d’explosion combinatoire, nous montrons comment combiner cette approche avec une abstraction par l’inclusion, par union-convexe ou par enveloppe-convexe. Nous montrons également comment exploiter cet algorithme pour générer des contrôleurs décentralisés. Enfin, nous proposons d’appliquer cet algorithme pour contrôler des TPN par des chronomètres. Notre algorithme permet de partitionner les intervalles des transitions en “bons” et “mauvais” sous-intervalles (à éviter). L’idée est d’utiliser des chronomètres pour suspendre les tâches (transitions) durant leurs mauvais sous-intervalles et les activer dans leurs “bons sous-intervalles”. Il s’agit donc de contrôler les réseaux de Petri temporels en associant des chronomètres aux transitions contrôlables, pour obtenir ainsi des réseaux de Petri temporels contrôlés.----------ABSTRACT This thesis deals with controller synthesis for real time systems (timed systems). Given a real time system modeled as a Time Petri Net (TPN) with controllable and uncontrollable transitions, the control aims at forcing the system to satisfy properties of interest, by limiting the firing intervals of controllable transitions. We propose, in this thesis, an algorithm to synthesize such controllers for safety / reachability properties. This algorithm, based on the state class graph method, computes on-the-fly the reachable state classes of the TPN while collecting progressively firing subintervals to be avoided so that the property is satisfied. It does not need to compute controllable predecessors and then split state classes until reaching a fixpoint, as it is the case for other approaches based on backward and forward exploration of state space of the system. We prove formally the correctness of the algorithm and show that, in the category of state dependent controllers based on the restriction of firing intervals, the algorithm proposed in this thesis, synthesizes maximally permissive controllers. In order to attenuate the state explosion problem, we show how to combine efficiently this approach with an abstraction by inclusion, convex union or convex hull. Afterwards, we discuss the compatibility of this method with distributed systems and decentralized controllers. Finally, we apply this algorithm to control TPN with controllable and uncontrollable transitions by stopwatch. In this approach, we find the subintervals violating the given properties and our objective is to suspend the tasks (transitions) during their bad subintervals and to resume them later. The controller is synthesized through the same algorithm already introduced. In this approach, we suggest to control time Petri nets by associating stopwatches to controllable transitions and to achieve a controlled time Petri nets

Non-Blockingness Verification of Bounded Petri Nets Using Basis Reachability Graphs -- An Extended Version With Benchmarks

In this paper, we study the problem of non-blockingness verification by tapping into the basis reachability graph (BRG). Non-blockingness is a property that ensures that all pre-specified tasks can be completed, which is a mandatory requirement during the system design stage. In this paper we develop a condition of transition partition of a given net such that the corresponding conflict-increase BRG contains sufficient information on verifying non-blockingness of its corresponding Petri net. Thanks to the compactness of the BRG, our approach possesses practical efficiency since the exhaustive enumeration of the state space can be avoided. In particular, our method does not require that the net is deadlock-free.Comment: This article is an extended version of the paper "C. Gu, Z. Ma, Z. Li and A. Giua. Non-blockingness verification of bounded Petri nets using basis reachability graphs. IEEE Control Systems Letters, doi:10.1109/LCSYS.2021.3087937, 2021" with benchmark

Supervisory Control and Analysis of Partially-observed Discrete Event Systems

Nowadays, a variety of real-world systems fall into discrete event systems (DES). In practical scenarios, due to facts like limited sensor technique, sensor failure, unstable network and even the intrusion of malicious agents, it might occur that some events are unobservable, multiple events are indistinguishable in observations, and observations of some events are nondeterministic. By considering various practical scenarios, increasing attention in the DES community has been paid to partially-observed DES, which in this thesis refer broadly to those DES with partial and/or unreliable observations. In this thesis, we focus on two topics of partially-observed DES, namely, supervisory control and analysis. The first topic includes two research directions in terms of system models. One is the supervisory control of DES with both unobservable and uncontrollable events, focusing on the forbidden state problem; the other is the supervisory control of DES vulnerable to sensor-reading disguising attacks (SD-attacks), which is also interpreted as DES with nondeterministic observations, addressing both the forbidden state problem and the liveness-enforcing problem. Petri nets (PN) are used as a reference formalism in this topic. First, we study the forbidden state problem in the framework of PN with both unobservable and uncontrollable transitions, assuming that unobservable transitions are uncontrollable. For ordinary PN subject to an admissible Generalized Mutual Exclusion Constraint (GMEC), an optimal on-line control policy with polynomial complexity is proposed provided that a particular subnet, called observation subnet, satisfies certain conditions in structure. It is then discussed how to obtain an optimal on-line control policy for PN subject to an arbitrary GMEC. Next, we still consider the forbidden state problem but in PN vulnerable to SD-attacks. Assuming the control specification in terms of a GMEC, we propose three methods to derive on-line control policies. The first two lead to an optimal policy but are computationally inefficient for large-size systems, while the third method computes a policy with timely response even for large-size systems but at the expense of optimality. Finally, we investigate the liveness-enforcing problem still assuming that the system is vulnerable to SD-attacks. In this problem, the plant is modelled as a bounded PN, which allows us to off-line compute a supervisor starting from constructing the reachability graph of the PN. Then, based on repeatedly computing a more restrictive liveness-enforcing supervisor under no attack and constructing a basic supervisor, an off-line method that synthesizes a liveness-enforcing supervisor tolerant to an SD-attack is proposed. In the second topic, we care about the verification of properties related to system security. Two properties are considered, i.e., fault-predictability and event-based opacity. The former is a property in the literature, characterizing the situation that the occurrence of any fault in a system is predictable, while the latter is a newly proposed property in the thesis, which describes the fact that secret events of a system cannot be revealed to an external observer within their critical horizons. In the case of fault-predictability, DES are modeled by labeled PN. A necessary and sufficient condition for fault-predictability is derived by characterizing the structure of the Predictor Graph. Furthermore, two rules are proposed to reduce the size of a PN, which allow us to analyze the fault-predictability of the original net by verifying that of the reduced net. When studying event-based opacity, we use deterministic finite-state automata as the reference formalism. Considering different scenarios, we propose four notions, namely, K-observation event-opacity, infinite-observation event-opacity, event-opacity and combinational event-opacity. Moreover, verifiers are proposed to analyze these properties

On Supervisor Synthesis via Active Automata Learning

Our society\u27s reliance on computer-controlled systems is rapidly growing. Such systems are found in various devices, ranging from simple light switches to safety-critical systems like autonomous vehicles. In the context of safety-critical systems, safety and correctness are of utmost importance. Faults and errors could have catastrophic consequences. Thus, there is a need for rigorous methodologies that help provide guarantees of safety and correctness. Supervisor synthesis, the concept of being able to mathematically synthesize a supervisor that ensures that the closed-loop system behaves in accordance with known requirements, can indeed help.This thesis introduces supervisor learning, an approach to help automate the learning of supervisors in the absence of plant models. Traditionally, supervisor synthesis makes use of plant models and specification models to obtain a supervisor. Industrial adoption of this method is limited due to, among other things, the difficulty in obtaining usable plant models. Manually creating these plant models is an error-prone and time-consuming process. Thus, supervisor learning intends to improve the industrial adoption of supervisory control by automating the process of generating supervisors in the absence of plant models.The idea here is to learn a supervisor for the system under learning (SUL) by active interaction and experimentation. To this end, we present two algorithms, SupL*, and MSL, that directly learn supervisors when provided with a simulator of the SUL and its corresponding specifications. SupL* is a language-based learner that learns one supervisor for the entire system. MSL, on the other hand, learns a modular supervisor, that is, several smaller supervisors, one for each specification. Additionally, a third algorithm, MPL, is introduced for learning a modular plant model.The approach is realized in the tool MIDES and has been used to learn supervisors in a virtual manufacturing setting for the Machine Buffer Machine example, as well as learning a model of the Lateral State Manager, a sub-component of a self-driving car. These case studies show the feasibility and applicability of the proposed approach, in addition to helping identify future directions for research