Supervisor Synthesis for Discrete Event Systems under Partial Observation and Arbitrary Forbidden State Specifications

In this paper, we consider the forbidden state problem in discrete event systems modeled by partially observed and partially controlled Petri nets. Assuming that the reverse net of the uncontrollable subnet of the Petri net is structurally bounded, we compute a set of weakly forbidden markings from which forbidden markings can be reached by firing a sequence of uncontrollable/unobservable transitions. We then use reduced consistent markings to represent the set of consistent markings for Petri nets with structurally bounded unobservable subnets. We determine the control policy by checking if the firing of a certain controllable transition will lead to a subsequent reduced consistent marking that belongs to the set of weakly forbidden markings; if so, we disable the corresponding controllable transition. This approach is shown to be minimally restrictive in the sense that it only disables behavior that can potentially lead to a forbidden marking. The setting in this paper generalizes previous work by studying supervisory control for partially observed and partially controlled Petri nets with a general labeling function and a finite number of arbitrary forbidden states. In contrast, most previous work focuses on either labeling functions that assign a unique label to each observable transition or forbidden states that are represented using linear inequalities. More importantly, we demonstrate that, in general, the separation between observation and control (as considered in previous work) may not hold in our setting

Supervisory Control and Analysis of Partially-observed Discrete Event Systems

Nowadays, a variety of real-world systems fall into discrete event systems (DES). In practical scenarios, due to facts like limited sensor technique, sensor failure, unstable network and even the intrusion of malicious agents, it might occur that some events are unobservable, multiple events are indistinguishable in observations, and observations of some events are nondeterministic. By considering various practical scenarios, increasing attention in the DES community has been paid to partially-observed DES, which in this thesis refer broadly to those DES with partial and/or unreliable observations. In this thesis, we focus on two topics of partially-observed DES, namely, supervisory control and analysis. The first topic includes two research directions in terms of system models. One is the supervisory control of DES with both unobservable and uncontrollable events, focusing on the forbidden state problem; the other is the supervisory control of DES vulnerable to sensor-reading disguising attacks (SD-attacks), which is also interpreted as DES with nondeterministic observations, addressing both the forbidden state problem and the liveness-enforcing problem. Petri nets (PN) are used as a reference formalism in this topic. First, we study the forbidden state problem in the framework of PN with both unobservable and uncontrollable transitions, assuming that unobservable transitions are uncontrollable. For ordinary PN subject to an admissible Generalized Mutual Exclusion Constraint (GMEC), an optimal on-line control policy with polynomial complexity is proposed provided that a particular subnet, called observation subnet, satisfies certain conditions in structure. It is then discussed how to obtain an optimal on-line control policy for PN subject to an arbitrary GMEC. Next, we still consider the forbidden state problem but in PN vulnerable to SD-attacks. Assuming the control specification in terms of a GMEC, we propose three methods to derive on-line control policies. The first two lead to an optimal policy but are computationally inefficient for large-size systems, while the third method computes a policy with timely response even for large-size systems but at the expense of optimality. Finally, we investigate the liveness-enforcing problem still assuming that the system is vulnerable to SD-attacks. In this problem, the plant is modelled as a bounded PN, which allows us to off-line compute a supervisor starting from constructing the reachability graph of the PN. Then, based on repeatedly computing a more restrictive liveness-enforcing supervisor under no attack and constructing a basic supervisor, an off-line method that synthesizes a liveness-enforcing supervisor tolerant to an SD-attack is proposed. In the second topic, we care about the verification of properties related to system security. Two properties are considered, i.e., fault-predictability and event-based opacity. The former is a property in the literature, characterizing the situation that the occurrence of any fault in a system is predictable, while the latter is a newly proposed property in the thesis, which describes the fact that secret events of a system cannot be revealed to an external observer within their critical horizons. In the case of fault-predictability, DES are modeled by labeled PN. A necessary and sufficient condition for fault-predictability is derived by characterizing the structure of the Predictor Graph. Furthermore, two rules are proposed to reduce the size of a PN, which allow us to analyze the fault-predictability of the original net by verifying that of the reduced net. When studying event-based opacity, we use deterministic finite-state automata as the reference formalism. Considering different scenarios, we propose four notions, namely, K-observation event-opacity, infinite-observation event-opacity, event-opacity and combinational event-opacity. Moreover, verifiers are proposed to analyze these properties

Controller synthesis for parameterized discrete event systems

Les systèmes à événements discrets sont des systèmes dynamiques particuliers. Ils changent d’état de fa¸con discrète et le terme événement est utilisé afin de représenter l’occurrence de changements discontinus. Ces systèmes sont principalement construits par l’homme et on les retrouve surtout dans les secteurs manufacturier, de la circu- lation automobile, des bases de données et des protocoles de communication. Cette thèse s’intéresse au contrôle des systèmes paramétrés à événements discrets où les spécifications sont exprimées à l’aide de prédicats et satisfont une condition de similarité. Des conditions sont données afin de déduire des propriétés, en observation partielle ou totale, pour un système composé de n processus similaires à partir d’un système com- posé de n0 processus, avec n ≥ n0. De plus, il est montré comment inférer des politiques de contrôle en présence de relations d’interconnexion entre les processus. Cette étude est principalement motivée par la faiblesse des méthodes actuelles de synthèse pour le traitement des problèmes industriels de taille réelle.Discrete event systems are a special type of dynamic systems. The state of these systems changes only at discrete instants of time and the term event is used to represent the occurrence of discontinuous changes. These systems are mostly man-made and arise in the domains of manufacturing systems, traffic systems, database management systems and communication protocols. This thesis investigates the control of parameterized discrete event systems when specifications are given in terms of predicates and satisfy a similarity assumption. For systems consisting of similar processes under total or partial observation, conditions are given to deduce properties of a system of n processes from properties of a system of n0 processes, with n ≥ n0. Furthermore, it is shown how to infer a control policy for the former from the latter’s, while taking into account interconnections between processes. This study is motivated by a weakness in current synthesis methods that do not scale well to huge systems

SAT-Solving in Practice, with a Tutorial Example from Supervisory Control

Satisfiability solving, the problem of deciding whether the variables of a propositional formula can be assigned in such a way that the formula evaluates to true, is one of the classic problems in computer science. It is of theoretical interest because it is the canonical NP-complete problem. It is of practical interest because modern SAT-solvers can be used to solve many important and practical problems. In this tutorial paper, we show briefly how such SAT-solvers are implemented, and point to some typical applications of them. Our aim is to provide sufficient information (much of it through the reference list) to kick-start researchers from new fields wishing to apply SAT-solvers to their problems. Supervisory control theory originated within the control community and is a framework for reasoning about a plant to be controlled and a specification that the closed-loop system must fulfil. This paper aims to bridge the gap between the computer science community and the control community by illustrating how SAT-based techniques can be used to solve some supervisory control related problems

A Graph-Transformation Modelling Framework for Supervisory Control

Formal design methodologies have the potential to accelerate the development and increase the reliability of supervisory controllers designed within industry. One promising design framework which has been shown to do so is known as supervisory control synthesis (SCS). In SCS, instead of manually designing the supervisory controller itself, one designs models of the uncontrolled system and its control requirements. These models are then provided as input to a special synthesis algorithm which uses them to automatically generate a model of the supervisory controller. This outputted model is guaranteed to be correct as long as the models of the uncontrolled system and its control requirements are valid. This accelerates development by removing the need to verify and rectify the model of the supervisory controller. Instead, only the models of the uncontrolled system and its requirements must be validated. To address problems of scale, SCS can be applied in modular fashion, and implemented in hierarchical and decentralized architectures. Despite the large body of research con rming the bene ts of integrating SCS within the development process of supervisory controllers, it has still not yet found widespread application within industry. In the author's opinion, this is partly attributed to the non-user-friendly nature of the automaton-based modelling framework used create the models of the uncontrolled system (and control requirements in even-based SCS). It is believed that in order for SCS to become more accessible to a wider range of non experts, modelling within SCS must be made more intuitive and user-friendly. To improve the usability of SCS, this work illustrates how a graph transformation-based modelling approach can be employed to generate the automaton models required for supervisory control synthesis. Furthermore, it is demonstrated how models of the speci cation can be intuitively represented within our proposed modelling framework for both event- and state-based supervisory control synthesis. Lastly, this thesis assesses the relative advantages brought about by the proposed graph transformation-based modelling framework over the conventional automaton based modelling approach

Supervisory Control of Extended Finite Automata Using Transition Projection

A limitation of the Ramadge and Wonham (RW) framework for the supervisory control theory is the explicit state representation using finite automata, often resulting in complex and unintelligible models. Extended finite automata (EFAs), i.e., deterministic finite automata extended with variables, provide compact state representation and then make the control logic transparent through logic expressions of the variables. A challenge with this new control framework is to exploit the rich control structure established in RW's framework. This paper studies the decentralized control structure with EFAs. To reduce the computational complexity, the controller is synthesized based on model abstraction of subsystems, which means that the global model of the entire system is unnecessary. Sufficient conditions are presented to guarantee that the decentralized supervisors result in maximally permissive and nonblocking control to the entire system

INCREMENTAL FAULT DIAGNOSABILITY AND SECURITY/PRIVACY VERIFICATION

Dynamical systems can be classified into two groups. One group is continuoustime systems that describe the physical system behavior, and therefore are typically modeled by differential equations. The other group is discrete event systems (DES)s that represent the sequential and logical behavior of a system. DESs are therefore modeled by discrete state/event models.DESs are widely used for formal verification and enforcement of desired behaviors in embedded systems. Such systems are naturally prone to faults, and the knowledge about each single fault is crucial from safety and economical point of view. Fault diagnosability verification, which is the ability to deduce about the occurrence of all failures, is one of the problems that is investigated in this thesis. Another verification problem that is addressed in this thesis is security/privacy. The two notions currentstate opacity and current-state anonymity that lie within this category, have attracted great attention in recent years, due to the progress of communication networks and mobile devices.Usually, DESs are modular and consist of interacting subsystems. The interaction is achieved by means of synchronous composition of these components. This synchronization results in large monolithic models of the total DES. Also, the complex computations, related to each specific verification problem, add even more computational complexity, resulting in the well-known state-space explosion problem.To circumvent the state-space explosion problem, one efficient approach is to exploit the modular structure of systems and apply incremental abstraction. In this thesis, a unified abstraction method that preserves temporal logic properties and possible silent loops is presented. The abstraction method is incrementally applied on the local subsystems, and it is proved that this abstraction preserves the main characteristics of the system that needs to be verified.The existence of shared unobservable events means that ordinary incremental abstraction does not work for security/privacy verification of modular DESs. To solve this problem, a combined incremental abstraction and observer generation is proposed and analyzed. Evaluations show the great impact of the proposed incremental abstraction on diagnosability and security/privacy verification, as well as verification of generic safety and liveness properties. Thus, this incremental strategy makes formal verification of large complex systems feasible