Modular Verification and Supervisory Controller Design for Discrete-Event Systems Using Abstraction and Incremental Construction.

The subject of this dissertation is modular approaches to the verification and control of discrete-event systems (DES). DES are dynamic systems characterized by discrete states and event-driven evolution. In recent years, a substantial body of work has been built up to provide a theory and framework for the control and verification of DES. Despite all the advancements that have been made in this area, application to real-life systems has been somewhat slow. A significant hurdle to the adoption of these methods is the state-space explosion that occurs in modeling systems of the size most commonly found in industry. A common approach that has been applied to address this complexity problem is to construct a series of smaller modular supervisors, rather than a single monolithic supervisor. The problem with this approach is that the modular supervisors can often conflict with one another. This dissertation develops three new approaches to the supervisory control of DES that adopt a modular aspect to their control, while addressing the potential problem of conflict. The first approach addresses the problem of state-space explosion by offering a procedure for incrementally building modular supervisors that are guaranteed to not conflict with one another by construction. An observer type abstraction is employed to make the procedure more computationally feasible. The second approach of this dissertation constructs traditional modular supervisors, then adds another level of coordinating control to resolve conflict between the supervisors. This work employs a conflict-equivalence preserving abstraction to detect and resolve the conflict. The final approach of this dissertation employs interfaces between different components of the global system. The additional structure of these interfaces allows global properties to be verified through the achievement of local properties. Additionally, these interfaces allow for modular supervisors to be synthesized locally such that the necessary requirements are met by construction. In this work, the correctness of the three approaches is proven. Additionally, application to some manufacturing based examples are employed to illustrate the potential strengths and weaknesses of each of the approaches.Ph.D.Mechanical EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/60669/1/rchill_1.pd

On Compositional Approaches for Discrete Event Systems Verification and Synthesis

Over the past decades, human dependability on technical devices has rapidly increased.Many activities of such devices can be described by sequences of events,where the occurrence of an event causes the system to go from one state to another.This is elegantly modelled by state machines. Systems that are modelledin this way are referred to as discrete event systems. Usually, these systems arehighly complex, and appear in settings that are safety critical, where small failuresmay result in huge financial and/or human losses. Having a control functionis one way to guarantee system correctness.The work presented in this thesis concerns verification and synthesis of suchsystems using the supervisory control theory proposed by Ramadge and Wonham. Supervisory control theory provides a general framework to automaticallycalculate control functions for discrete event systems. Given a model of thesystem, the plant to be controlled, and a specification of the desired behaviour,it is possible to automatically compute, i.e. synthesise, a supervisor that ensuresthat the specification is satisfied.Usually, systems are modular and consist of several components interactingwith each other. Calculating a supervisor for such a system in the straightforwardway involves constructing the complete model of the considered system, whichmay lead to the inherent complexity problem known as the state-space explosionproblem. This problem occurs as the number of states grows exponentially withthe number of components, which makes it intractable to examine the globalstates of a system due to lack of memory and time.One way to alleviate the state-space explosion problem is to use a compositionalapproach. A compositional approach exploits the modular structure of asystem to reduce the size of the model. This thesis mainly focuses on developingabstraction methods for the compositional approach in a way that the finalverification and synthesis results are the same as it would have been for the nonabstractedsystem. The algorithms have been implemented in the discrete eventsystem software tool Supremica and have been applied to verify and computememory efficient supervisors for several large industrial models

On Compositional Approaches for Discrete Event Systems Verification and Synthesis

Over the past decades, human dependability on technical devices has rapidly increased.Many activities of such devices can be described by sequences of events,where the occurrence of an event causes the system to go from one state to another.This is elegantly modelled by state machines. Systems that are modelledin this way are referred to as discrete event systems. Usually, these systems arehighly complex, and appear in settings that are safety critical, where small failuresmay result in huge financial and/or human losses. Having a control functionis one way to guarantee system correctness.The work presented in this thesis concerns verification and synthesis of suchsystems using the supervisory control theory proposed by Ramadge and Wonham. Supervisory control theory provides a general framework to automaticallycalculate control functions for discrete event systems. Given a model of thesystem, the plant to be controlled, and a specification of the desired behaviour,it is possible to automatically compute, i.e. synthesise, a supervisor that ensuresthat the specification is satisfied.Usually, systems are modular and consist of several components interactingwith each other. Calculating a supervisor for such a system in the straightforwardway involves constructing the complete model of the considered system, whichmay lead to the inherent complexity problem known as the state-space explosionproblem. This problem occurs as the number of states grows exponentially withthe number of components, which makes it intractable to examine the globalstates of a system due to lack of memory and time.One way to alleviate the state-space explosion problem is to use a compositionalapproach. A compositional approach exploits the modular structure of asystem to reduce the size of the model. This thesis mainly focuses on developingabstraction methods for the compositional approach in a way that the finalverification and synthesis results are the same as it would have been for the nonabstractedsystem. The algorithms have been implemented in the discrete eventsystem software tool Supremica and have been applied to verify and computememory efficient supervisors for several large industrial models

A survey on compositional algorithms for verification and synthesis in supervisory control

This survey gives an overview of the current research on compositional algorithms for verification and synthesis of modular systems modelled as interacting finite-state machines. Compositional algorithms operate by repeatedly simplifying individual components of a large system, replacing them by smaller so-called abstractions, while preserving critical properties. In this way, the exponential growth of the state space can be limited, making it possible to analyse much bigger state spaces than possible by standard state space exploration. This paper gives an introduction to the principles underlying compositional methods, followed by a survey of algorithmic solutions from the recent literature that use compositional methods to analyse systems automatically. The focus is on applications in supervisory control of discrete event systems, particularly on methods that verify critical properties or synthesise controllable and nonblocking supervisors

Symbolic Supervisory Control of Resource Allocation Systems

<p>Supervisory control theory (SCT) is a formal model-based methodology for verification and synthesis of supervisors for discrete event systems (DES). The main goal is to guarantee that the closed-loop system fulfills given specifications. SCT has great promise to assist engineers with the generation of reliable control functions. This is, for instance, beneficial to manufacturing systems where both products and production equipment might change frequently.</p> <p>The industrial acceptance of SCT, however, has been limited for at least two reasons: (i) the analysis of DES involves an intrinsic difficulty known as the state-space explosion problem, which makes the explicit enumeration of enormous state-spaces for industrial systems intractable; (ii) the synthesized supervisor, represented as a deterministic finite automaton (FA) or an extended finite automaton (EFA), is not straightforward to implement in an industrial controller.</p> <p>In this thesis, to address the aforementioned issues, we study the modeling, synthesis and supervisor representation of DES using binary decision diagrams (BDDs), a compact data structure for representing DES models symbolically. We propose different kinds of BDD-based algorithms for exploring the symbolically represented state-spaces in an effort to improve the abilities of existing supervisor synthesis approaches to handle large-scale DES and represent the obtained supervisors appropriately.</p> <p>Following this spirit, we bring the efficiencies of BDD into a particular DES application domain -- deadlock avoidance for resource allocation systems (RAS) -- a problem that arises in many technological systems including flexible manufacturing systems and multi-threaded software. We propose a framework for the effective and computationally efficient development of the maximally permissive deadlock avoidance policy (DAP) for various RAS classes. Besides the employment of symbolic computation, special structural properties that are possessed by RAS are utilized by the symbolic algorithms to gain additional efficiencies in the computation of the sought DAP. Furthermore, to bridge the gap between the BDD-based representation of the target DAP and its actual industrial realization, we extend this work by introducing a procedure that generates a set of "guard" predicates to represent the resulting DAP.</p> <p>The work presented in this thesis has been implemented in the SCT tool Supremica. Computational benchmarks have manifested the superiority of the proposed algorithms with respect to the previously published results. Hence, the work holds a strong potential for providing robust, practical and efficient solutions to a broad range of supervisory control and deadlock avoidance problems that are experienced in the considered DES application domain.</p

Software Engineering and Petri Nets

This booklet contains the proceedings of the Workshop on Software Engineering and Petri Nets (SEPN), held on June 26, 2000. The workshop was held in conjunction with the 21st International Conference on Application and Theory of Petri Nets (ICATPN-2000), organised by the CPN group of the Department of Computer Science, University of Aarhus, Denmark. The SEPN workshop papers are available in electronic form via the web page:http://www.daimi.au.dk/pn2000/proceeding

NASA Space Engineering Research Center for VLSI System Design

This annual report outlines the activities of the past year at the NASA SERC on VLSI Design. Highlights for this year include the following: a significant breakthrough was achieved in utilizing commercial IC foundries for producing flight electronics; the first two flight qualified chips were designed, fabricated, and tested and are now being delivered into NASA flight systems; and a new technology transfer mechanism has been established to transfer VLSI advances into NASA and commercial systems

Doctor of Philosophy

dissertationFormal verification of hardware designs has become an essential component of the overall system design flow. The designs are generally modeled as finite state machines, on which property and equivalence checking problems are solved for verification. Reachability analysis forms the core of these techniques. However, increasing size and complexity of the circuits causes the state explosion problem. Abstraction is the key to tackling the scalability challenges. This dissertation presents new techniques for word-level abstraction with applications in sequential design verification. By bundling together k bit-level state-variables into one word-level constraint expression, the state-space is construed as solutions (variety) to a set of polynomial constraints (ideal), modeled over the finite (Galois) field of 2^k elements. Subsequently, techniques from algebraic geometry -- notably, Groebner basis theory and technology -- are researched to perform reachability analysis and verification of sequential circuits. This approach adds a "word-level dimension" to state-space abstraction and verification to make the process more efficient. While algebraic geometry provides powerful abstraction and reasoning capabilities, the algorithms exhibit high computational complexity. In the dissertation, we show that by analyzing the constraints, it is possible to obtain more insights about the polynomial ideals, which can be exploited to overcome the complexity. Using our algorithm design and implementations, we demonstrate how to perform reachability analysis of finite-state machines purely at the word level. Using this concept, we perform scalable verification of sequential arithmetic circuits. As contemporary approaches make use of resolution proofs and unsatisfiable cores for state-space abstraction, we introduce the algebraic geometry analog of unsatisfiable cores, and present algorithms to extract and refine unsatisfiable cores of polynomial ideals. Experiments are performed to demonstrate the efficacy of our approaches

Contributions to the deadlock problem in multithreaded software applications observed as Resource Allocation Systems

Desde el punto de vista de la competencia por recursos compartidos sucesivamente reutilizables, se dice que un sistema concurrente compuesto por procesos secuenciales está en situación de bloqueo si existe en él un conjunto de procesos que están indefinidamente esperando la liberación de ciertos recursos retenidos por miembros del mismo conjunto de procesos. En sistemas razonablemente complejos o distribuidos, establecer una política de asignación de recursos que sea libre de bloqueos puede ser un problema muy difícil de resolver de forma eficiente. En este sentido, los modelos formales, y particularmente las redes de Petri, se han ido afianzando como herramientas fructíferas que permiten abstraer el problema de asignación de recursos en este tipo de sistemas, con el fin de abordarlo analíticamente y proveer métodos eficientes para la correcta construcción o corrección de estos sistemas. En particular, la teoría estructural de redes de Petri se postula como un potente aliado para lidiar con el problema de la explosión de estados inherente a aquéllos. En este fértil contexto han florecido una serie de trabajos que defienden una propuesta metodológica de diseño orientada al estudio estructural y la correspondiente corrección física del problema de asignación de recursos en familias de sistemas muy significativas en determinados contextos de aplicación, como el de los Sistemas de Fabricación Flexible. Las clases de modelos de redes de Petri resultantes asumen ciertas restricciones, con significado físico en el contexto de aplicación para el que están destinadas, que alivian en buena medida la complejidad del problema. En la presente tesis, se intenta acercar ese tipo de aproximación metodológica al diseño de aplicaciones software multihilo libres de bloqueos. A tal efecto, se pone de manifiesto cómo aquellas restricciones procedentes del mundo de los Sistemas de Fabricación Flexible se muestran demasiado severas para aprehender la versatilidad inherente a los sistemas software en lo que respecta a la interacción de los procesos con los recursos compartidos. En particular, se han de resaltar dos necesidades de modelado fundamentales que obstaculizan la mera adopción de antiguas aproximaciones surgidas bajo el prisma de otros dominios: (1) la necesidad de soportar el anidamiento de bucles no desplegables en el interior de los procesos, y (2) la posible compartición de recursos no disponibles en el arranque del sistema pero que son creados o declarados por un proceso en ejecución. A resultas, se identifica una serie de requerimientos básicos para la definición de un tipo de modelos orientado al estudio de sistemas software multihilo y se presenta una clase de redes de Petri, llamada PC2R, que cumple dicha lista de requerimientos, manteniéndose a su vez respetuosa con la filosofía de diseño de anteriores subclases enfocadas a otros contextos de aplicación. Junto con la revisión e integración de anteriores resultados en el nuevo marco conceptual, se aborda el estudio de propiedades inherentes a los sistemas resultantes y su relación profunda con otros tipos de modelos, la confección de resultados y algoritmos eficientes para el análisis estructural de vivacidad en la nueva clase, así como la revisión y propuesta de métodos de resolución de los problemas de bloqueo adaptadas a las particularidades físicas del dominio de aplicación. Asimismo, se estudia la complejidad computacional de ciertas vertientes relacionadas con el problema de asignación de recursos en el nuevo contexto, así como la traslación de los resultados anteriormente mencionados sobre el dominio de la ingeniería de software multihilo, donde la nueva clase de redes permite afrontar problemas inabordables considerando el marco teórico y las herramientas suministradas para subclases anteriormente explotadas

Proceedings of Monterey Workshop 2001 Engineering Automation for Sofware Intensive System Integration

The 2001 Monterey Workshop on Engineering Automation for Software Intensive System Integration was sponsored by the Office of Naval Research, Air Force Office of Scientific Research, Army Research Office and the Defense Advance Research Projects Agency. It is our pleasure to thank the workshop advisory and sponsors for their vision of a principled engineering solution for software and for their many-year tireless effort in supporting a series of workshops to bring everyone together.This workshop is the 8 in a series of International workshops. The workshop was held in Monterey Beach Hotel, Monterey, California during June 18-22, 2001. The general theme of the workshop has been to present and discuss research works that aims at increasing the practical impact of formal methods for software and systems engineering. The particular focus of this workshop was "Engineering Automation for Software Intensive System Integration". Previous workshops have been focused on issues including, "Real-time & Concurrent Systems", "Software Merging and Slicing", "Software Evolution", "Software Architecture", "Requirements Targeting Software" and "Modeling Software System Structures in a fastly moving scenario".Office of Naval ResearchAir Force Office of Scientific Research Army Research OfficeDefense Advanced Research Projects AgencyApproved for public release, distribution unlimite