Supervisory Control Applied to Automata Extended with Variables - Revised

To get industrial acceptance of supervisory control theory, there is a need to bridge the gap between the signal-based industrial reality and the event-based supervisory control framework. This report tries to shorten this gap by introducing a modeling formalism with automata extended with variables, guard expressions and action functions. The formalism is suitable for modeling plants and specifications in the supervisory control framework. No restrictions are made on the sharing of variables between concurrent automata and don\u27t care updating of shared variables is allowed. This leads to frame problems since unreachable states of subsystems can become reachable in the entire system. To define supervisory control problems in this general setting we introduce the concept of controllable languages with respect to the entire system which is a generalization of the classical definition of controllability. An algorithm that transforms supervisory control problems modeled by automata with shared variables into equivalent ordinary automata supervisory control problems, is presented. This allows the user to model complex behaviors with a compact representation, and at the same time use existing algorithms for synthesis and verification. The proposed approach has been implemented in the supervisory control tool, Supremica

Supervisory Control Applied to Automata Extended with Variables - Revised

To get industrial acceptance of supervisory control theory, there is a need to bridge the gap between the signal-based industrial reality and the event-based supervisory control framework. This report tries to shorten this gap by introducing a modeling formalism with automata extended with variables, guard expressions and action functions. The formalism is suitable for modeling plants and specifications in the supervisory control framework. No restrictions are made on the sharing of variables between concurrent automata and don\u27t care updating of shared variables is allowed. This leads to frame problems since unreachable states of subsystems can become reachable in the entire system. To define supervisory control problems in this general setting we introduce the concept of controllable languages with respect to the entire system which is a generalization of the classical definition of controllability. An algorithm that transforms supervisory control problems modeled by automata with shared variables into equivalent ordinary automata supervisory control problems, is presented. This allows the user to model complex behaviors with a compact representation, and at the same time use existing algorithms for synthesis and verification. The proposed approach has been implemented in the supervisory control tool, Supremica

Compact Representation of Time-Index Job Shop Problems Using a Bit-Vector Formulation

The Job Shop Scheduling Problem (JSP) is a combinatorial optimization problem where jobs visit single-capacity machines while minimizing a cost function, typically the makespan. The problem can be extended to fit typical industrial scenarios such as flexible assembly shop floors or for coordinating fleets of automated vehicles. General purpose optimizers can handle extended versions of the problem that typically arise in industrial problems. Mixed Integer Linear Programming (MILP) solvers and recently optimizing Satisfiability Modulo Theory (SMT) solvers can be used as general solvers for JSP problems. There exist different formulations of JSP problems, among them the time-index (TI) model. The TI offers the advantage of providing strong lower bounds, though its drawback is the model size.In this paper we present a new formulation of the TI model suitable for optimizing SMT-solvers that support bit-vector theories. The new formulation is significantly more compact than the standard TI formulation and is thus reducing one of the major issues with the TI model.We benchmark two different optimizing SMT solvers supporting bit-vector theories, comparing the standard formulation of the TI to the new formulation on a set of benchmark instances. The computational analysis shows that the new formulation outperforms the standard one, being up to twice faster and regardless of the solver employed; moreover the model generated with the new formulation is considerably smaller than with the standard formulation

Evaluating Two Semantics for Falsification using an Autonomous Driving Example

We consider the falsification of temporal logic properties as a method to test complex systems, such as autonomous systems. Since these systems are often safety-critical, it is important to assess whether they fulfill given specifications or not. An adaptive cruise controller for an autonomous car is considered where the closed-loop model has unknown parameters and an important problem is to find parameter combinations for which given specification are broken. We assume that the closed-loop system can be simulated with the known given parameters, no other information is available to the testing framework. The specification, such as, the ability to avoid collisions, is expressed using Signal Temporal Logic (STL). In general, systems consist of a large number of parameters, and it is not possible or feasible to explicitly enumerate all combinations of the parameters. Thus, an optimization-based approach is used to guide the search for parameters that might falsify the specification. However, a key challenge is how to select the objective function such that the falsification of the specification, if it can be falsified, can be falsified using as few simulations as possible. For falsification using optimization it is required to have a measure representing the distance to the falsification of the specification. The way the measure is defined results in different objective functions used during optimization. Different measures have been proposed in the literature and in this paper the properties of the Max Semantics (MAX) and the Mean Alternative Robustness Value (MARV) semantics are discussed. After evaluating these two semantics on an adaptive cruise control example, we discuss their strengths and weaknesses to better understand the properties of the two semantics

Evaluating Optimization Solvers and Robust Semantics for Simulation-Based Falsification

Temporal-logic based falsification of Cyber-Physical Systems is a testing technique used to verify certain behaviours in simulation models, however the problem statement typically requires some model-specific tuning of parameters to achieve optimal results. In this experience report, we investigate how different optimization solvers and objective functions affect the falsification outcome for a benchmark set of models and specifications. With data from the four different solvers and three different objective functions for the falsification problem, we see that choice of solver and objective function depends both on the model and the specification that are to be falsified. We also note that using a robust semantics of Signal Temporal Logic typically increases falsification performance compared to using Boolean semantics

Leveraging Conflicting Constraints in Solving Vehicle Routing Problems

The Conflict-Free Electric Vehicle Routing Problem (CF-EVRP) is a combinatorial optimization problem of designing routes for vehicles to visit customers such that a cost function, typically the number of vehicles or the total travelled distance, is minimized. The CF-EVRP involves constraints such as time windows on the delivery to the customers, limited operating range of the vehicles, and limited capacity on the number of vehicles that a road segment can simultaneously accommodate.In previous work, the compositional algorithm ComSat was introduced and that solves the CF-EVRP by breaking it down into sub-problems and iteratively solve them to build an overall solution.Though ComSat showed good performance in general, some problems took significant time to solve due to the high number of iterations required to find solutions that satisfy the road segments\u27 capacity constraints. The bottleneck is the Paths Changing Problem, i.e., the sub-problem of finding a new set of shortest paths to connect a subset of the customers, disregarding previously found shortest paths. This paper presents an improved version of the PathsChanger function to solve the Paths Changing Problem that exploits the unsatisfiable core, i.e., information on which constraints conflict, to guide the search for feasible solutions. Experiments show faster convergence to feasible solutions compared to the previous version of PathsChanger

Multi-Requirement Testing Using Focused Falsification

Testing of Cyber-Physical Systems (CPS) deals with the problem of finding input traces to the systems such that given requirements do not hold. Requirements can be formalized in many different ways; in this work requirements are modeled using Signal Temporal Logic (STL) for which a quantitative measure, or \emph{robustness value}, can be computed given a requirement together with input and output traces. This value is a measure of how far away the requirement is from not holding and is used to guide falsification procedures for deciding on new input traces to simulate one after the other. When the system under test has multiple requirements, standard approaches are to falsify them one-by-one, or as a conjunction of all requirements, but these approaches do not scale well for industrial-sized problems. In this work we consider testing of systems with multiple requirements by proposing focused multi-requirement falsification. This is a multi-stage approach where the solver tries to sequentially falsify the requirements one-by-one, but for every simulation also evaluate the robustness value for all requirements. After one requirement has been focused long enough, the next requirement to focus is selected by considering the robustness values and trajectory history calculated thus far. Each falsification attempt makes use of a prior sensitivity analysis, which for each requirement estimates the parameters that are unlikely to affect the robustness value, in order to reduce the number of parameters that are used by the optimization solver. The proposed approach is evaluated on a public benchmark example containing a large number of requirements, and includes a comparison of the proposed algorithm against a new suggested baseline method

The impact of visualizing operational deviations on overall quality in assembly lines

A framework for data collection and visualization of operational deviation at a Volvo truck manufacturing plant implementing Volvo Group\u27s production system, Volvo Production System (VPS), is presented. This includes visualisation of daily quality performance indicators to support decision making and improvement actions at the shop floor team level. The approach is evaluated in a qualitatively study using a survey instrument to collect responses from managers and team leaders, which acted as input for the actual use of the data and as validation of the framework. The results from this evaluation show that potentially operational deviations can be reduced, impacting positively quality performance indicators such as first-time through (FTT). This paper also provides a brief description of the VPS in connection with data analytics and visualization

Temporal Logic Falsification of Cyber-Physical Systems using Input Pulse Generators

Falsification is a testing method for cyber-physical systems where numerical optimization is used to find counterexamples of a given specification that the system must fulfill. The falsification process uses quantitative semantics that play the role of objective functions to minimize the distance to falsifying the specification. Falsification has gained attention due to its versatile applicability, and much work exists on various ways of implementing the falsification process, often focusing on which optimization algorithm to use, or more recently, the semantics for the formal requirements. In this work, we look at some practical aspects of input generation, i.e., the mapping from parameters used as optimization variables to signals that form the actual test cases for the system. This choice is critical but often overlooked. It is assumed that problem experts can guide how to parameterize inputs; however, this assumption is often too optimistic in practice. We observe that pulse generation is a surprisingly good first option that can falsify many common benchmarks after only a few simulations while requiring only a few parameters per signal

Comparative Case Studies of Reactive Synthesis and Supervisory Control

Reactive Synthesis and Supervisory Control Theory are both systematic approaches for the automatic construction of controllers from requirements. However, their underlying technicalities differ significantly. This paper provides an empirical comparison between these two approaches from the modelling perspective through case studies. Using the synthesis tools TuLiP and Supremica, two examples are modelled in the typical modelling formalism supported by each tool, and the algorithms are applied to synthesize controllers. Based on the obtained models and experiences, we compare how the models are derived, and how the characteristics of the examples and the underlying synthesis algorithms influence the modelling choices