Robust State-Based Supervisory Control of Hierarchical Discrete-Event Systems

Model uncertainty due to unknown dynamics or changes (such as faults) must be addressed in supervisory control design. Robust supervisory control, one of the approaches to handle model uncertainty, provides a solution (i.e., supervisor) that simultaneously satisfies the design objectives of all possible known plant models. Complexity has always been a challenging issue in the supervisory control of discrete-event systems, and different methods have been proposed to mitigate it. The proposed methods aim to handle complexity either through a structured solution (e.g. decentralized supervision) or by taking advantage of computationally efficient structured models for plants (e.g., hierarchical models). One of the proposed hierarchical plant model formalisms is State-Tree-Structure (STS), which has been successfully used in supervisor design for systems containing up to 10^20 states. In this thesis, a robust supervisory control framework is developed for systems modeled by STS. First, a robust nonblocking supervisory control problem is formulated in which the plant model belongs to a finite set of automata models and design specifications are expressed in terms of state sets. A state-based approach to supervisor design is more convenient for implementation using symbolic calculation tools such as Binary Decision Diagrams (BDDs). In order to ensure that the set of solutions for robust control problem can be obtained from State Feedback Control (SFBC) laws and hence suitable for symbolic calculations, it is assumed, without loss of generality, that the plant models satisfy a mutual refinement assumption. In this thesis, a set of necessary and sufficient conditions is derived for the solvability of the robust control problem, and a procedure for finding the maximally permissive solution is obtained. Next, the robust state-based supervisory framework is extended to systems modeled by STS. A sufficient condition is provided under which the mutual refinement property can be verified without converting the hierarchical model of STS to a flat automaton model. As an illustrative example, the developed approach was successfully used to design a robust supervisor for a Flexible Manufacturing System (FMS) with a state set of order 10^8

Supervisory Control and Analysis of Partially-observed Discrete Event Systems

Nowadays, a variety of real-world systems fall into discrete event systems (DES). In practical scenarios, due to facts like limited sensor technique, sensor failure, unstable network and even the intrusion of malicious agents, it might occur that some events are unobservable, multiple events are indistinguishable in observations, and observations of some events are nondeterministic. By considering various practical scenarios, increasing attention in the DES community has been paid to partially-observed DES, which in this thesis refer broadly to those DES with partial and/or unreliable observations. In this thesis, we focus on two topics of partially-observed DES, namely, supervisory control and analysis. The first topic includes two research directions in terms of system models. One is the supervisory control of DES with both unobservable and uncontrollable events, focusing on the forbidden state problem; the other is the supervisory control of DES vulnerable to sensor-reading disguising attacks (SD-attacks), which is also interpreted as DES with nondeterministic observations, addressing both the forbidden state problem and the liveness-enforcing problem. Petri nets (PN) are used as a reference formalism in this topic. First, we study the forbidden state problem in the framework of PN with both unobservable and uncontrollable transitions, assuming that unobservable transitions are uncontrollable. For ordinary PN subject to an admissible Generalized Mutual Exclusion Constraint (GMEC), an optimal on-line control policy with polynomial complexity is proposed provided that a particular subnet, called observation subnet, satisfies certain conditions in structure. It is then discussed how to obtain an optimal on-line control policy for PN subject to an arbitrary GMEC. Next, we still consider the forbidden state problem but in PN vulnerable to SD-attacks. Assuming the control specification in terms of a GMEC, we propose three methods to derive on-line control policies. The first two lead to an optimal policy but are computationally inefficient for large-size systems, while the third method computes a policy with timely response even for large-size systems but at the expense of optimality. Finally, we investigate the liveness-enforcing problem still assuming that the system is vulnerable to SD-attacks. In this problem, the plant is modelled as a bounded PN, which allows us to off-line compute a supervisor starting from constructing the reachability graph of the PN. Then, based on repeatedly computing a more restrictive liveness-enforcing supervisor under no attack and constructing a basic supervisor, an off-line method that synthesizes a liveness-enforcing supervisor tolerant to an SD-attack is proposed. In the second topic, we care about the verification of properties related to system security. Two properties are considered, i.e., fault-predictability and event-based opacity. The former is a property in the literature, characterizing the situation that the occurrence of any fault in a system is predictable, while the latter is a newly proposed property in the thesis, which describes the fact that secret events of a system cannot be revealed to an external observer within their critical horizons. In the case of fault-predictability, DES are modeled by labeled PN. A necessary and sufficient condition for fault-predictability is derived by characterizing the structure of the Predictor Graph. Furthermore, two rules are proposed to reduce the size of a PN, which allow us to analyze the fault-predictability of the original net by verifying that of the reduced net. When studying event-based opacity, we use deterministic finite-state automata as the reference formalism. Considering different scenarios, we propose four notions, namely, K-observation event-opacity, infinite-observation event-opacity, event-opacity and combinational event-opacity. Moreover, verifiers are proposed to analyze these properties