Optimal Supervisory Control Synthesis

The place invariant method is well known as an elegant way to construct a Petri net controller. It is possible to use the constraint for preventing forbidden states. But in general case, the number forbidden states can be very large giving a great number of control places. In this paper is presented a systematic method to reduce the size and the number of constraints. This method is applicable for safe and conservative Petri nets giving a maximally permissive controller.Comment: Journ\'ee sur l'Instrumentation Industrielle J2I, ORAN : Alg\'erie (2009

Automated Analysis and Optimization of Distributed Self-Stabilizing Algorithms

Self-stabilization [2] is a versatile technique for recovery from erroneous behavior due to transient faults or wrong initialization. A system is self-stabilizing if (1) starting from an arbitrary initial state it can automatically reach a set of legitimate states in a finite number of steps and (2) it remains in legitimate states in the absence of faults. Weak-stabilization [3] and probabilistic-stabilization [4] were later introduced in the literature to deal with resource consumption of self-stabilizing algorithms and impossibility results. Since the system perturbed by fault may deviate from correct behavior for a finite amount of time, it is paramount to minimize this time as much as possible, especially in the domain of robotics and networking. This type of fault tolerance is called non-masking because the faulty behavior is not completely masked from the user [1]. Designing correct stabilizing algorithms can be tedious. Designing such algorithms that satisfy certain average recovery time constraints (e.g., for performance guarantees) adds further complications to this process. Therefore, developing an automatic technique that takes as input the specification of the desired system, and synthesizes as output a stabilizing algorithm with minimum (or other upper bound) average recovery time is useful and challenging. In this thesis, our main focus is on designing automated techniques to optimize the average recovery time of stabilizing systems using model checking and synthesis techniques. First, we prove that synthesizing weak-stabilizing distributed programs from scratch and repairing stabilizing algorithms with average recovery time constraints are NP-complete in the state-space of the program. To cope with this complexity, we propose a polynomial-time heuristic that compared to existing stabilizing algorithms, provides lower average recovery time for many of our case studies. Second, we study the problem of fine tuning of probabilistic-stabilizing systems to improve their performance. We take advantage of the two properties of self-stabilizing algorithms to model them as absorbing discrete-time Markov chains. This will reduce the computation of average recovery time to finding the weighted sum of elements in the inverse of a matrix. Finally, we study the impact of scheduling policies on recovery time of stabilizing systems. We, in particular, propose a method to augment self-stabilizing programs with k-central and k-bounded schedulers to study dierent factors, such as geographical distance of processes and the achievable level of parallelism

From Security Enforcement to Supervisory Control in Discrete Event Systems: Qualitative and Quantitative Analyses

Cyber-physical systems are technological systems that involve physical components that are monitored and controlled by multiple computational units that exchange information through a communication network. Examples of cyber-physical systems arise in transportation, power, smart manufacturing, and other classes of systems that have a large degree of automation. Analysis and control of cyber-physical systems is an active area of research. The increasing demands for safety, security and performance improvement of cyber-physical systems put stringent constraints on their design and necessitate the use of formal model-based methods to synthesize control strategies that provably enforce required properties. This dissertation focuses on the higher level control logic in cyber-physical systems using the framework of discrete event systems. It tackles two classes of problems for discrete event systems. The first class of problems is related to system security. This problem is formulated in terms of the information flow property of opacity. In this part of the dissertation, an interface-based approach called insertion/edit function is developed to enforce opacity under the potential inference of malicious intruders that may or may not know the implementation of the insertion/edit function. The focus is the synthesis of insertion/edit functions that solve the opacity enforcement problem in the framework of qualitative and quantitative games on finite graphs. The second problem treated in the dissertation is that of performance optimization in the context of supervisory control under partial observation. This problem is transformed to a two-player quantitative game and an information structure where the game is played is constructed. A novel approach to synthesize supervisors by solving the game is developed. The main contributions of this dissertation are grouped into the following five categories. (i) The transformation of the formulated opacity enforcement and supervisory control problems to games on finite graphs provides a systematic way of performing worst case analysis in design of discrete event systems. (ii) These games have state spaces that are as compact as possible using the notion of information states in each corresponding problem. (iii) A formal model-based approach is employed in the entire dissertation, which results in provably correct solutions. (iv) The approaches developed in this dissertation reveal the interconnection between control theory and formal methods. (v) The results in this dissertation are applicable to many types of cyber-physical systems with security-critical and performance-aware requirements.PHDElectrical and Computer EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/150002/1/jiyiding_1.pd

Supervisory Control and Analysis of Partially-observed Discrete Event Systems

Nowadays, a variety of real-world systems fall into discrete event systems (DES). In practical scenarios, due to facts like limited sensor technique, sensor failure, unstable network and even the intrusion of malicious agents, it might occur that some events are unobservable, multiple events are indistinguishable in observations, and observations of some events are nondeterministic. By considering various practical scenarios, increasing attention in the DES community has been paid to partially-observed DES, which in this thesis refer broadly to those DES with partial and/or unreliable observations. In this thesis, we focus on two topics of partially-observed DES, namely, supervisory control and analysis. The first topic includes two research directions in terms of system models. One is the supervisory control of DES with both unobservable and uncontrollable events, focusing on the forbidden state problem; the other is the supervisory control of DES vulnerable to sensor-reading disguising attacks (SD-attacks), which is also interpreted as DES with nondeterministic observations, addressing both the forbidden state problem and the liveness-enforcing problem. Petri nets (PN) are used as a reference formalism in this topic. First, we study the forbidden state problem in the framework of PN with both unobservable and uncontrollable transitions, assuming that unobservable transitions are uncontrollable. For ordinary PN subject to an admissible Generalized Mutual Exclusion Constraint (GMEC), an optimal on-line control policy with polynomial complexity is proposed provided that a particular subnet, called observation subnet, satisfies certain conditions in structure. It is then discussed how to obtain an optimal on-line control policy for PN subject to an arbitrary GMEC. Next, we still consider the forbidden state problem but in PN vulnerable to SD-attacks. Assuming the control specification in terms of a GMEC, we propose three methods to derive on-line control policies. The first two lead to an optimal policy but are computationally inefficient for large-size systems, while the third method computes a policy with timely response even for large-size systems but at the expense of optimality. Finally, we investigate the liveness-enforcing problem still assuming that the system is vulnerable to SD-attacks. In this problem, the plant is modelled as a bounded PN, which allows us to off-line compute a supervisor starting from constructing the reachability graph of the PN. Then, based on repeatedly computing a more restrictive liveness-enforcing supervisor under no attack and constructing a basic supervisor, an off-line method that synthesizes a liveness-enforcing supervisor tolerant to an SD-attack is proposed. In the second topic, we care about the verification of properties related to system security. Two properties are considered, i.e., fault-predictability and event-based opacity. The former is a property in the literature, characterizing the situation that the occurrence of any fault in a system is predictable, while the latter is a newly proposed property in the thesis, which describes the fact that secret events of a system cannot be revealed to an external observer within their critical horizons. In the case of fault-predictability, DES are modeled by labeled PN. A necessary and sufficient condition for fault-predictability is derived by characterizing the structure of the Predictor Graph. Furthermore, two rules are proposed to reduce the size of a PN, which allow us to analyze the fault-predictability of the original net by verifying that of the reduced net. When studying event-based opacity, we use deterministic finite-state automata as the reference formalism. Considering different scenarios, we propose four notions, namely, K-observation event-opacity, infinite-observation event-opacity, event-opacity and combinational event-opacity. Moreover, verifiers are proposed to analyze these properties

Structuring Multilevel Discrete-Event Systems With Dependence Structure Matrices

Despite the correct-by-construction property, one of the major drawbacks of supervisory control synthesis is state-space explosion. Several approaches have been proposed to overcome this computational difficulty, such as modular, hierarchical, decentralized, and multilevel supervisory control synthesis. Unfortunately, the modeler needs to provide additional information about the system's structure or controller's structure as input for most of these nonmonolithic synthesis procedures. Multilevel synthesis assumes that the system is provided in a tree-structured format, which may resemble a system decomposition. In this paper, we present a systematic approach to transform a set of plant models and a set of requirement models provided as extended finite automata into a tree-structured multilevel discrete-event system to which multilevel supervisory control synthesis can be applied. By analyzing the dependencies between the plants and the requirements using dependence structure matrix techniques, a multilevel clustering can be calculated. With the modeling framework of extended finite automata, plant models and requirements depend on each other when they share events or variables. We report on experimental results of applying the algorithm's implementation on several models available in the literature to assess the applicability of the proposed method. The benefit of multilevel synthesis based on the calculated clustering is significant for most large-scale systems

RULES BASED MODELING OF DISCRETE EVENT SYSTEMS WITH FAULTS AND THEIR DIAGNOSIS

Failure diagnosis in large and complex systems is a critical task. In the realm of discrete event systems, Sampath et al. proposed a language based failure diagnosis approach. They introduced the diagnosability for discrete event systems and gave a method for testing the diagnosability by first constructing a diagnoser for the system. The complexity of this method of testing diagnosability is exponential in the number of states of the system and doubly exponential in the number of failure types. In this thesis, we give an algorithm for testing diagnosability that does not construct a diagnoser for the system, and its complexity is of 4th order in the number of states of the system and linear in the number of the failure types. In this dissertation we also study diagnosis of discrete event systems (DESs) modeled in the rule-based modeling formalism introduced in [12] to model failure-prone systems. The results have been represented in [43]. An attractive feature of rule-based model is it\u27s compactness (size is polynomial in number of signals). A motivation for the work presented is to develop failure diagnosis techniques that are able to exploit this compactness. In this regard, we develop symbolic techniques for testing diagnosability and computing a diagnoser. Diagnosability test is shown to be an instance of 1st order temporal logic model-checking. An on-line algorithm for diagnosersynthesis is obtained by using predicates and predicate transformers. We demonstrate our approach by applying it to modeling and diagnosis of a part of the assembly-line. When the system is found to be not diagnosable, we use sensor refinement and sensor augmentation to make the system diagnosable. In this dissertation, a controller is also extracted from the maximally permissive supervisor for the purpose of implementing the control by selecting, when possible, only one controllable event from among the ones allowed by the supervisor for the assembly line in automaton models