Control and diagnosis of real-time systems under finite-precision measurement of time

A discrete event system (DES) is an event-driven system that evolves according to abrupt occurrences of discrete changes (events). The domain of such systems encompasses aspects of many man-made systems such as manufacturing systems, telephone networks, communication protocols, traffic systems, embedded software, asynchronous hardware, robotics, etc. Supervisory control theory for DESs studies the existence and synthesis of the supervisory controllers, namely, supervisors that restrict the system behaviors by dynamically disabling certain controllable events so that the controlled close-loop system could behave as desired. Extensive work on supervisory control of untimed DESs exists and the extension to the timed setting has been reported in the literature. In this dissertation, we study the supervisory control of dense-time DESs in which the digital-clocks of finite-precision are employed to observe the event occurrence times, thereby relaxing the assumption of the prior works that time can be measured precisely. In our setting, the passing of time is measured using the number of ticks generated by a digital-clock and we allow the plant events and digital-clock ticks to occur concurrently. We formalize the notion of a control policy that issues the control actions based on the observations of events and their occurrence times as measured using a digital-clock, and show that such a control policy can be equivalently represented as a digitalized -automaton, namely, an untimed-automaton that evolves over the events (of the plant) and ticks (of the digital-clock). We introduce the notion of observability with respect to the partial observations of time resulting from the use of a digital-clock, and show that this property together with controllability serves as a necessary and sufficient condition for the existence of a supervisor to enforce a real-time specification on a dense-time discrete event plant. The observability condition presented in the dissertation is very different from the one arising due to a partial observation of events since a partial observation of time is in general nondeterministic (the number of ticks generated in any time interval can vary from execution to execution of a digital-clock). We also present a method to verify the proposed observability and controllability conditions, and an algorithm to compute a supervisor when such conditions are satisfied. Furthermore we examine the lattice structure of a class of timing-mask observable languages, and show that the proposed observability is not preserved under intersection but preserved under union. Fault diagnosis for DESs is to detect the occurrence of a fault so as to enable any corrective actions. It is crucial in automatic control of large complex man-made systems and has attracted considerable attention in the literature of reliability engineering, control and computer science. For the event-driven systems with timing-requirements such as manufacturing systems, communication networks, real-time scheduling and traffic systems, fault diagnosis involves detecting the timing-faults, besides the sequence-faults. This requires monitoring timing and sequence of events, both of which may only be partially observed in practice. In this dissertation, we extend the prior works on fault diagnosis of timed DESs by allowing time to be partially observed using a digital-clock which measures the advancement of time with finite precision by the number of ticks. For the diagnosis purposes, the set of nonfaulty timed-traces is specified as another timed-automaton that is deterministic. We show that the set of timed-traces observed using a digital-clock with finite precision is regular, i.e., can be represented using a finite (untimed) automaton. We also show that the verification of diagnosability (the ability to detect the execution of a faulty timed-trace within a bounded time delay) as well as the off-line synthesis of a diagnoser are decidable by reducing these problems to the untimed setting. The reduction to the untimed setting also suggests an effective method for the off-line computation of a diagnoser as well as its on-line implementation for diagnosis. The aforementioned results are further extended to the nondeterministic setting, i.e., diagnosis of dense-time DESs using digital-clocks under nondeterministic event observation mask. We introduce the notion of lifting (associating each event with each of its nondeterministic observations), and show that diagnosis of dense-time DESs employing digital-clocks to observe event occurrence times under nondeterministic event observation mask can be reduced to that of the deterministic setting, i.e., diagnosis of the lifted dense-time DESs under the deterministic lifted event observation mask, and hence can be further reduced to diagnosis of the untimed setting

Opacity with Orwellian Observers and Intransitive Non-interference

Opacity is a general behavioural security scheme flexible enough to account for several specific properties. Some secret set of behaviors of a system is opaque if a passive attacker can never tell whether the observed behavior is a secret one or not. Instead of considering the case of static observability where the set of observable events is fixed off line or dynamic observability where the set of observable events changes over time depending on the history of the trace, we consider Orwellian partial observability where unobservable events are not revealed unless a downgrading event occurs in the future of the trace. We show how to verify that some regular secret is opaque for a regular language L w.r.t. an Orwellian projection while it has been proved undecidable even for a regular language L w.r.t. a general Orwellian observation function. We finally illustrate relevancy of our results by proving the equivalence between the opacity property of regular secrets w.r.t. Orwellian projection and the intransitive non-interference property

An algebra of discrete event processes

This report deals with an algebraic framework for modeling and control of discrete event processes. The report consists of two parts. The first part is introductory, and consists of a tutorial survey of the theory of concurrency in the spirit of Hoare's CSP, and an examination of the suitability of such an algebraic framework for dealing with various aspects of discrete event control. To this end a new concurrency operator is introduced and it is shown how the resulting framework can be applied. It is further shown that a suitable theory that deals with the new concurrency operator must be developed. In the second part of the report the formal algebra of discrete event control is developed. At the present time the second part of the report is still an incomplete and occasionally tentative working paper

On Conditional Decomposability

The requirement of a language to be conditionally decomposable is imposed on a specification language in the coordination supervisory control framework of discrete-event systems. In this paper, we present a polynomial-time algorithm for the verification whether a language is conditionally decomposable with respect to given alphabets. Moreover, we also present a polynomial-time algorithm to extend the common alphabet so that the language becomes conditionally decomposable. A relationship of conditional decomposability to nonblockingness of modular discrete-event systems is also discussed in this paper in the general settings. It is shown that conditional decomposability is a weaker condition than nonblockingness.Comment: A few minor correction

Supervisory Control of Fuzzy Discrete Event Systems

In order to cope with situations in which a plant's dynamics are not precisely known, we consider the problem of supervisory control for a class of discrete event systems modelled by fuzzy automata. The behavior of such discrete event systems is described by fuzzy languages; the supervisors are event feedback and can disable only controllable events with any degree. The concept of discrete event system controllability is thus extended by incorporating fuzziness. In this new sense, we present a necessary and sufficient condition for a fuzzy language to be controllable. We also study the supremal controllable fuzzy sublanguage and the infimal controllable fuzzy superlanguage when a given pre-specified desired fuzzy language is uncontrollable. Our framework generalizes that of Ramadge-Wonham and reduces to Ramadge-Wonham framework when membership grades in all fuzzy languages must be either 0 or 1. The theoretical development is accompanied by illustrative numerical examples.Comment: 12 pages, 2 figure

Partial unfolding for compositional nonblocking verification of extended finite-state machines

This working paper describes a framework for compositional nonblocking verification of reactive systems modelled as extended finite-state machines. The nonblocking property can capture the absence of livelocks and deadlocks in concurrent systems. Compositional verification is shown in previous work to be effective to verify this property for large discrete event systems. Here, these results are applied to extended finite-state machines communicating via shared memory. The model to be verified is composed gradually, simplifying components through abstraction at each step, while conflict equivalence guarantees that the final verification result is the same as it would have been for the non-abstracted model. The working paper concludes with an example showing the potential of compositional verification to achieve substantial state-space reduction