Synthesis of Liveness-Enforcing Petri Net Supervisors Based on a Think-Globally-Act-Locally Approach and a Structurally Minimal Method for Flexible Manufacturing Systems

This paper proposes a deadlock prevention policy for flexible manufacturing systems (FMSs) based on a think-globally-act-locally approach and a structurally minimal method. First, by using the think-globally-act-locally approach, a global idle place is temporarily added to a Petri net model with deadlocks. Then, at each iteration, an integer linear programming problem is formulated to design a minimal number of maximally permissive control places. Therefore, a supervisor with a low structural complexity is obtained since the number of control places is greatly compressed. Finally, by adding the designed supervisor, the resulting net model is optimally or near-optimally controlled. Three examples from the literature are used to illustrate the proposed method

Strict Minimal Siphon-Based Colored Petri Net Supervisor Synthesis for Automated Manufacturing Systems With Unreliable Resources

Various deadlock control policies for automated manufacturing systems with reliable and shared resources have been developed, based on Petri nets. In practical applications, a resource may be unreliable. Thus, the deadlock control policies proposed in previous studies are not applicable to such applications. This paper proposes a two-step robust deadlock control strategy for systems with unreliable and shared resources. In the first step, a live (deadlock-free) controlled system that does not consider the failure of resources is derived by using strict minimal siphon control. The second step deals with deadlock control issues caused by the failures of the resources. Considering all resource failures, a common recovery subnet based on colored Petri nets is proposed for all resource failures in the Petri net model. The recovery subnet is added to the derived system at the first step to make the system reliable. The proposed method has been tested using an automated manufacturing system deployed at King Saud University.publishedVersio

Intelligent Colored Token Petri Nets for Modeling, Control, and Validation of Dynamic Changes in Reconfigurable Manufacturing Systems

The invention of reconfigurable manufacturing systems (RMSs) has created a challenging problem: how to quickly and effectively modify an RMS to address dynamic changes in a manufacturing system, such as processing failures and rework, machine breakdowns, addition of new machines, addition of new products, removal of old machines, and changes in processing routes induced by the competitive global market. This paper proposes a new model, the intelligent colored token Petri net (ICTPN), to simulate dynamic changes or reconfigurations of a system. The main idea is that intelligent colored tokens denote part types that represent real-time knowledge about changes and status of a system. Thus, dynamic configurations of a system can be effectively modeled. The developed ICTPN can model dynamic changes of a system in a modular manner, resulting in the development of a very compact model. In addition, when configurations appear, only the changed colored token of the part type from the current model has to be modified. Based on the resultant ICTPN model, deadlock-free, conservative, and reversible behavioral properties, among others, are guaranteed. The developed ICTPN model was tested and validated using the GPenSIM tool and compared with existing methods from the literature.publishedVersio

Contributions to the deadlock problem in multithreaded software applications observed as Resource Allocation Systems

Desde el punto de vista de la competencia por recursos compartidos sucesivamente reutilizables, se dice que un sistema concurrente compuesto por procesos secuenciales está en situación de bloqueo si existe en él un conjunto de procesos que están indefinidamente esperando la liberación de ciertos recursos retenidos por miembros del mismo conjunto de procesos. En sistemas razonablemente complejos o distribuidos, establecer una política de asignación de recursos que sea libre de bloqueos puede ser un problema muy difícil de resolver de forma eficiente. En este sentido, los modelos formales, y particularmente las redes de Petri, se han ido afianzando como herramientas fructíferas que permiten abstraer el problema de asignación de recursos en este tipo de sistemas, con el fin de abordarlo analíticamente y proveer métodos eficientes para la correcta construcción o corrección de estos sistemas. En particular, la teoría estructural de redes de Petri se postula como un potente aliado para lidiar con el problema de la explosión de estados inherente a aquéllos. En este fértil contexto han florecido una serie de trabajos que defienden una propuesta metodológica de diseño orientada al estudio estructural y la correspondiente corrección física del problema de asignación de recursos en familias de sistemas muy significativas en determinados contextos de aplicación, como el de los Sistemas de Fabricación Flexible. Las clases de modelos de redes de Petri resultantes asumen ciertas restricciones, con significado físico en el contexto de aplicación para el que están destinadas, que alivian en buena medida la complejidad del problema. En la presente tesis, se intenta acercar ese tipo de aproximación metodológica al diseño de aplicaciones software multihilo libres de bloqueos. A tal efecto, se pone de manifiesto cómo aquellas restricciones procedentes del mundo de los Sistemas de Fabricación Flexible se muestran demasiado severas para aprehender la versatilidad inherente a los sistemas software en lo que respecta a la interacción de los procesos con los recursos compartidos. En particular, se han de resaltar dos necesidades de modelado fundamentales que obstaculizan la mera adopción de antiguas aproximaciones surgidas bajo el prisma de otros dominios: (1) la necesidad de soportar el anidamiento de bucles no desplegables en el interior de los procesos, y (2) la posible compartición de recursos no disponibles en el arranque del sistema pero que son creados o declarados por un proceso en ejecución. A resultas, se identifica una serie de requerimientos básicos para la definición de un tipo de modelos orientado al estudio de sistemas software multihilo y se presenta una clase de redes de Petri, llamada PC2R, que cumple dicha lista de requerimientos, manteniéndose a su vez respetuosa con la filosofía de diseño de anteriores subclases enfocadas a otros contextos de aplicación. Junto con la revisión e integración de anteriores resultados en el nuevo marco conceptual, se aborda el estudio de propiedades inherentes a los sistemas resultantes y su relación profunda con otros tipos de modelos, la confección de resultados y algoritmos eficientes para el análisis estructural de vivacidad en la nueva clase, así como la revisión y propuesta de métodos de resolución de los problemas de bloqueo adaptadas a las particularidades físicas del dominio de aplicación. Asimismo, se estudia la complejidad computacional de ciertas vertientes relacionadas con el problema de asignación de recursos en el nuevo contexto, así como la traslación de los resultados anteriormente mencionados sobre el dominio de la ingeniería de software multihilo, donde la nueva clase de redes permite afrontar problemas inabordables considerando el marco teórico y las herramientas suministradas para subclases anteriormente explotadas

Modeling and formal verification of probabilistic reconfigurable systems

In this thesis, we propose a new approach for formal modeling and verification of adaptive probabilistic systems. Dynamic reconfigurable systems are the trend of all future technological systems, such as flight control systems, vehicle electronic systems, and manufacturing systems. In order to meet user and environmental requirements, such a dynamic reconfigurable system has to actively adjust its configuration at run-time by modifying its components and connections, while changes are detected in the internal/external execution environment. On the other hand, these changes may violate the memory usage, the required energy and the concerned real-time constraints since the behavior of the system is unpredictable. It might also make the system's functions unavailable for some time and make potential harm to human life or large financial investments. Thus, updating a system with any new configuration requires that the post reconfigurable system fully satisfies the related constraints. We introduce GR-TNCES formalism for the optimal functional and temporal specification of probabilistic reconfigurable systems under resource constraints. It enables the optimal specification of a probabilistic, energetic and memory constraints of such a system. To formally verify the correctness and the safety of such a probabilistic system specification, and the non-violation of its properties, an automatic transformation from GR-TNCES models into PRISM models is introduced. Moreover, a new approach XCTL is also proposed to formally verify reconfigurable systems. It enables the formal certification of uncompleted and reconfigurable systems. A new version of the software ZIZO is also proposed to model, simulate and verify such GR-TNCES model. To prove its relevance, the latter was applied to case studies; it was used to model and simulate the behavior of an IPV4 protocol to prevent the energy and memory resources violation. It was also used to optimize energy consumption of an automotive skid conveyor.In dieser Arbeit wird ein neuer Ansatz zur formalen Modellierung und Verifikation dynamisch rekonfigurierbarer Systeme vorgestellt. Dynamische rekonfigurierbare Systeme sind in vielen aktuellen und zukünftigen Anwendungen, wie beispielsweise Flugsteuerungssystemen, Fahrzeugelektronik und Fertigungssysteme zu finden. Diese Systeme weisen ein probabilistisches, adaptives Verhalten auf. Um die Benutzer- und Umgebungsbedingungen kontinuierlich zu erfüllen, muss ein solches System seine Konfiguration zur Laufzeit aktiv anpassen, indem es seine Komponenten, Verbindungen zwischen Komponenten und seine Daten modifiziert (adaptiv), sobald Änderungen in der internen oder externen Ausführungsumgebung erkannt werden (probabilistisch). Diese Anpassungen dürfen Beschränkungen bei der Speichernutzung, der erforderlichen Energie und bestehende Echtzeitbedingungen nicht verletzen. Eine nicht geprüfte Rekonfiguration könnte dazu führen, dass die Funktionen des Systems für einige Zeit nicht verfügbar wären und potenziell menschliches Leben gefährdet würde oder großer finanzieller Schaden entstünde. Somit erfordert das Aktualisieren eines Systems mit einer neuen Konfiguration, dass das rekonfigurierte System die zugehörigen Beschränkungen vollständig einhält. Um dies zu überprüfen, wird in dieser Arbeit der GR-TNCES-Formalismus, eine Erweiterung von Petrinetzen, für die optimale funktionale und zeitliche Spezifikation probabilistischer rekonfigurierbarer Systeme unter Ressourcenbeschränkungen vorgeschlagen. Die entstehenden Modelle sollen über probabilistische model checking verifiziert werden. Dazu eignet sich die etablierte Software PRISM. Um die Verifikation zu ermöglichen wird in dieser Arbeit ein Verfahren zur Transformation von GR-TNCES-Modellen in PRISM-Modelle beschrieben. Eine neu eingeführte Logik (XCTL) erlaubt zudem die einfache Beschreibung der zu prüfenden Eigenschaften. Die genannten Schritte wurden in einer Softwareumgebung für den automatisierten Entwurf, die Simulation und die formale Verifikation (durch eine automatische Transformation nach PRISM) umgesetzt. Eine Fallstudie zeigt die Anwendung des Verfahren

On Minimum-time Control of Continuous Petri nets: Centralized and Decentralized Perspectives

Muchos sistemas artificiales, como los sistemas de manufactura, de logística, de telecomunicaciones o de tráfico, pueden ser vistos "de manera natural" como Sistemas Dinámicos de Eventos Discretos (DEDS). Desafortunadamente, cuando tienen grandes poblaciones, estos sistemas pueden sufrir del clásico problema de la explosión de estados. Con la intención de evitar este problema, se pueden aplicar técnicas de fluidificación, obteniendo una relajación fluida del modelo original discreto. Las redes de Petri continuas (CPNs) son una aproximación fluida de las redes de Petri discretas, un conocido formalismo para los DEDS. Una ventaja clave del empleo de las CPNs es que, a menudo, llevan a una substancial reducción del coste computacional. Esta tesis se centra en el control de Redes de Petri continuas temporizadas (TCPNs), donde las transiciones tienen una interpretación temporal asociada. Se asume que los sistemas siguen una semántica de servidores infinitos (velocidad variable) y que las acciones de control aplicables son la disminución de la velocidad del disparo de las transiciones. Se consideran dos interesantes problemas de control en esta tesis: 1) control del marcado objetivo, donde el objetivo es conducir el sistema (tan rápido como sea posible) desde un estado inicial a un estado final deseado, y es similar al problema de control set-point para cualquier sistema de estado continuo; 2) control del flujo óptimo, donde el objetivo es conducir el sistema a un flujo óptimo sin conocimiento a priori del estado final. En particular, estamos interesados en alcanzar el flujo máximo tan rápido como sea posible, lo cual suele ser deseable en la mayoría de sistemas prácticos. El problema de control del marcado objetivo se considera desde las perspectivas centralizada y descentralizada. Proponemos varios controladores centralizados en tiempo mínimo, y todos ellos están basados en una estrategia ON/OFF. Para algunas subclases, como las redes Choice-Free (CF), se garantiza la evolución en tiempo mínimo; mientras que para redes generales, los controladores propuestos son heurísticos. Respecto del problema de control descentralizado, proponemos en primer lugar un controlador descentralizado en tiempo mínimo para redes CF. Para redes generales, proponemos una aproximación distribuida del método Model Predictive Control (MPC); sin embargo en este método no se considera evolución en tiempo mínimo. El problema de control de flujo óptimo (en nuestro caso, flujo máximo) en tiempo mínimo se considera para redes CF. Proponemos un algoritmo heurístico en el que calculamos los "mejores" firing count vectors que llevan al sistema al flujo máximo, y aplicamos una estrategia de disparo ON/OFF. También demostramos que, debido a que las redes CF son persistentes, podemos reducir el tiempo que tarda en alcanzar el flujo máximo con algunos disparos adicionales. Los métodos de control propuestos se han implementado e integrado en una herramienta para Redes de Petri híbridas basada en Matlab, llamada SimHPN

Modeling and verification of reconfigurable discrete event control systems

Most modern technological systems rely on complicated control technologies, computer technologies, and networked communication technologies. Their dynamic behavior is intricate due to the concurrence and conflict of various signals. Such complex systems are studied as discrete event control systems (DECSs), while the detailed continuous variable processes are abstracted. Dynamic reconfigurable systems are the trend of all future technological systems, such as flight control systems, vehicle electronic systems, and manufacturing systems. In order to meet control requirements continuously, such a dynamic reconfigurable system is able to actively adjust its configuration at runtime by modifying ist components, connections among components and data, while changes are detected in the internal/external execution environment. Model based design methodologies attract wide attention since they can detect system defect earlier, increase system reliability, and decrease time and cost on system development. An accurate, compact, and easy formal model to be analyzed is the first step of model based design methods. Formal verification is an expected effective method to completely check if a designed system meets all requirements and to improve the system design scheme. Considering the potential benefits of Timed Net Condition/Event Systems (TNCESs) in modeling and analyzing reconfigurable systems, this dissertation deals with formal modeling and verification of reconfigurable discrete event control systems (RDECSs) based on them.Die meisten modernen technologischen Systeme benötigen aufwändige Steuerungs-, Rechner- und Kommunikationstechnologien. Aufgrund von Nebenläufigkeit und Konflikten ergibt sich ein kompliziertes dynamisches Verhalten. Derartige komplexe Systeme werden dadurch untersucht, dass man sie als ereignisdiskrete Steuerungssysteme (Discrete Event Control Systems, DECSs) betrachtet und dabei die detaillierten unterlagerten kontinuierlichen Prozesse abstrahiert. Um die Anforderungen an die Steuerung durchgängig erfüllen zu können adaptieren sich dynamische rekonfigurierbare Systeme zur Laufzeit durch Modifikation ihrer Komponenten, deren Verbindungen untereinander und der gespeicherten Daten, sobald Änderungen in der internen oder externen Umgebung festgestellt werden. Beispiele für dynamische Rekonfigurierbare Systeme finden sich in der Luftfahrt, im Automobilbereich aber auch in Fertigungssystemen. Modellbasierte Entwicklungsmethoden erfreuen sich zunehmender Beliebtheit, da sie es erlauben Fehler früher im Entwicklungsprozess aufzudecken und damit zu höherer Systemverfügbarkeit bei verkürzter Entwicklungszeit führen. Ein formales Modell des Systems bildet hierbei den ersten wichtigen Schritt. Durch formale Verifikation kann dieses Modell effektiv und vollständig überprüft und ggf. verbessert werden. Eine geeignete Modellform hierfür sind Timed Net Condition/Event Systems (TNCESs). Die vorliegende Dissertation befasst sich mit der Anwendung von TNCES zur Modellierung und Verifikation rekonfigurierbarer ereignisdiskreter Steuerungssysteme (RDECSs)

Methods and Formal Models for Healthcare Systems Management

A healthcare system is an organization of people, institutions, and resources that deliver healthcare services to meet the health needs of target populations. The size of the systems, the huge number of agents involved and their different expectations make the management of healthcare systems a tough task which could be alleviated through the use of technology. In this thesis, new methods and formal models for healthcare system management are presented. Particularly, the thesis is divided in two main parts: the first one has to do with the modeling and analysis in hospitals by the use of clinical pathways while the second one deals with the planning and scheduling of patients in the operation rooms.Regarding the modeling and analysis of healthcare systems, depending on different visions and expectations, the system can be treated from different perspectives called facets. In chapter 2, the formal definition and characterization of two facets are given: (1) facet of resource management and (2) handshake between clinical pathways facet. They are obtained by applying to Stochastic Well-formed Nets (colored Petri Nets) modeling the healthcare system a set of relaxations, abstraction and modifications. In the first facet the subclass of S4PR is obtained which is a characteristic model of the resource allocation systems while in the second facet Deterministically Synchronized Sequential Process (DSSP) are considered. Both nets (S4PR and DSSP) are formal subclasses of Petri Nets where net level techniques can be applied.In chapters 3 and 4, we will focus on the liveness of the DSSP systems resulting from the facet of communication between clinical pathways. These kinds of nets are composed by agents (modeling clinical pathways) cooperating in a distributed way by the asynchronous messaging passing through the buffers (modeling the communication channels). In particular two approaches have been proposed.The idea behind the first approach is to advance the buffer consumption to the first conflict transition in the agents. Considering healthcare systems modeled by a DSSP, this means that before a patient starts a clinical pathway, all required information must be available. Unfortunately, this pre-assignment method only works in some particular DSSP structures which are characterized. A more general approach (than buffer pre-assignment) for liveness enforcing in non-live DSSP is given in Chapter. 4. The approach is formalized on two levels: execution and control. The execution level uses the original DSSP structure while for the control level we compute a new net system called the control PN. This net system is obtained from the original DSSP and has a predefined type of structure. The control PN will evolve synchronously with the non-live DSSP ensuring that the deadlock states will not be reached. The states (marking) of the control PN will enable or disable some transitions in the original DSSP, while some transitions in the control PN should fire synchronously with some transitions of the original DSSP.The second part of the thesis deals with surgery scheduling of patients in a hospital department. The Operating Rooms (ORs) are one of the most expensive material resources in hospitals, being the bottleneck of surgical services. Moreover, the aging population together with the improvement in surgical techniques are producing an increase in the demand for surgeries. So, the optimal use of the ORs time is crucial inhealthcare service management. We focus on the planning and scheduling of patients in Spanish hospital departments considering its organizational structure particularities as well as the concerns and specifications of their doctors.In chapter 5, the scheduling of elective patients under ORs block booking is considered. The first criterion is to optimize the use of the OR, the second criterion is to prevent that the total available time in a block will be exceeded and the third criterion is to respect the preference order of the patient in the waiting list. Three different mathematical programming models for the scheduling of elective patients are proposed. These are combinatorial problems with high computational complexity, so three different heuristic solution methods are proposed and compared. The results show that a Mixed Integer Linear Programming (MILP) problem solved by Receding Horizon Strategy (RHS)obtains better scheduling in lowest time.Doctors using the MILP problem must fix an appropriate occupation rate for optimizing the use of the ORs but without exceeding the available time. This has two main problems: i) inexperienced doctors could find difficult to fix an appropriate occupation rate, and ii) the uncertain in the surgery durations (large standard deviation) could results in scheduling with an over/under utilization. In order to overcome these problems, a New Mixed-Integer Quadratic Constrained Programming (N-MIQCP) model is proposed. Considering some probabilistic concepts, quadratic constraints are included in N-MIQCP model to prevent the scheduling of blocks with a high risk of exceeding the available time. Two heuristic methods for solving the N-MIQCP problem are proposed and compared with other chance-constrained approaches in bibliography. The results conclude that the best schedulings are achieved using our Specific Heuristic Algorithm (SHA) due to similar occupation rates than using other approaches are obtained but our SHA respects much more the order of the patients in the waiting list.In chapter 6, a three steps approach is proposed for the combined scheduling of elective and urgent patients. In the first step, the elective patients are scheduled for a target Elective Surgery Time (EST) in the ORs, trying to respect the order of the patients on the waiting list. In the second one, the urgent patients are scheduled in the remaining time ensuring that an urgent patient does not wait more than 48 hours. Finally, in the third step, the surgeries assigned to each OR (elective and urgent) are sequenced in such a way that the maximum time that an emergency patient should wait is minimized. Considering realistic data, different policies of time reserved in the ORs for elective and urgent patients are evaluated. The results show that all ORs must be used to perform elective and urgent surgeries instead of reserving some ORs exclusively for one type of patient.Finally, in chapter 7 a software solution for surgery service management is given. A Decision Support System for elective surgery scheduling and a software tool called CIPLAN are proposed. The DSS use as core the SHA for the scheduling of elective patients, but it has other features related to the management of a surgery department. A software tool called CIPLAN which is based on the DSS is explained. The software tool has a friendly interface which has been developed in collaboration with doctors in the “Lozano Blesa” Hospital in Zaragoza. A real case study comparing the scheduling using the manual method with the scheduling obtained by using CIPLAN is discussed. The results show that 128.000 euros per year could be saved using CIPLAN in the mentioned hospital. Moreover, the use of the tool allows doctors to reduce the time spent in scheduling to use it medical tasks.<br /

INCREMENTAL FAULT DIAGNOSABILITY AND SECURITY/PRIVACY VERIFICATION

Dynamical systems can be classified into two groups. One group is continuoustime systems that describe the physical system behavior, and therefore are typically modeled by differential equations. The other group is discrete event systems (DES)s that represent the sequential and logical behavior of a system. DESs are therefore modeled by discrete state/event models.DESs are widely used for formal verification and enforcement of desired behaviors in embedded systems. Such systems are naturally prone to faults, and the knowledge about each single fault is crucial from safety and economical point of view. Fault diagnosability verification, which is the ability to deduce about the occurrence of all failures, is one of the problems that is investigated in this thesis. Another verification problem that is addressed in this thesis is security/privacy. The two notions currentstate opacity and current-state anonymity that lie within this category, have attracted great attention in recent years, due to the progress of communication networks and mobile devices.Usually, DESs are modular and consist of interacting subsystems. The interaction is achieved by means of synchronous composition of these components. This synchronization results in large monolithic models of the total DES. Also, the complex computations, related to each specific verification problem, add even more computational complexity, resulting in the well-known state-space explosion problem.To circumvent the state-space explosion problem, one efficient approach is to exploit the modular structure of systems and apply incremental abstraction. In this thesis, a unified abstraction method that preserves temporal logic properties and possible silent loops is presented. The abstraction method is incrementally applied on the local subsystems, and it is proved that this abstraction preserves the main characteristics of the system that needs to be verified.The existence of shared unobservable events means that ordinary incremental abstraction does not work for security/privacy verification of modular DESs. To solve this problem, a combined incremental abstraction and observer generation is proposed and analyzed. Evaluations show the great impact of the proposed incremental abstraction on diagnosability and security/privacy verification, as well as verification of generic safety and liveness properties. Thus, this incremental strategy makes formal verification of large complex systems feasible