Timed I/O Automata: It is never too late to complete your timed specification theory

A specification theory combines notions of specifications and implementations with a satisfaction relation, a refinement relation and a set of operators supporting stepwise design. We develop a complete specification framework for real-time systems using Timed I/O Automata as the specification formalism, with the semantics expressed in terms of Timed I/O Transition Systems. We provide constructs for refinement, consistency checking, logical and structural composition, and quotient of specifications -- all indispensable ingredients of a compositional design methodology. The theory is backed by rigorous proofs and is being implemented in the open-source tool ECDAR.Comment: Version submitted for revie

Quantifying model quality for supervisory control synthesis - an experimental study

Supervisory control synthesis is a model-based engineering method to design supervisory controllers for high-tech and cyber-physical systems. Recent advances in synthesis techniques and modelling formalisms allow for synthesis of supervisors for large-scale industrial applications. Yet, the synthesis results depends on the quality and validity of the models used as input. Other model-based techniques such as simulation, testing, and verification provide complementary support in the design process to increase the quality and validity of the models. In this paper, we propose, in addition to the other supporting techniques, eleven modeling aspects to assess the model quality in the context of supervisory control synthesis. Examples of modeling aspects are the interdependency between component models, whether independent subsystems are modeled, and whether the model is annotated with comments. For each modeling aspect, we discuss its importance and describe how it can be quantified. We report on an experiment where 21 models of automated guided vehicles, created by students during a course on Supervisory Control Theory, are evaluated with the proposed modeling aspects. This experiment demonstrates the applicability of the modeling aspects

Timed I/O Automata:It is never too late to complete your timed specification theory

A specification theory combines notions of specifications and implementations with a satisfaction relation, a refinement relation and a set of operators supporting stepwise design. We develop a complete specification framework for real-time systems using Timed I/O Automata as the specification formalism, with the semantics expressed in terms of Timed I/O Transition Systems. We provide constructs for refinement, consistency checking, logical and structural composition, and quotient of specifications -- all indispensable ingredients of a compositional design methodology. The theory is backed by rigorous proofs and is being implemented in the open-source tool ECDAR

Design of a Tunnel Supervisory Controller using Synthesis-Based Engineering

Nowadays, each tunnel is equipped with a supervisory controller that ensures correct cooperation between the tunnel subsystems, such as lighting, ventilation, and emergency detection sensors. Practice has shown that traditional design methods require a lot of manual effort, which is error-prone, time consuming, and costly. Therefore, an alternative design method is explored. In this paper, three methods for designing a supervisory controller are discussed: traditional engineering, model-based engineering, and synthesis-based engineering. They are assessed based on three criteria, being the quality of the controller, the variability of the time-to-market, and the evolvability. The synthesis-based engineering method turns out to be the most appropriate design method. In a case study, a supervisory controller for a roadway tunnel in the Netherlands is designed using synthesis-based engineering and validated using simulation-based visualization. This case study shows that SBE is a suitable design method for designing a tunnel supervisory controller

Modeling for supervisor synthesis – a lock-bridge combination case study

Designing supervisory controllers for high-tech systems is becoming increasingly complex due to demands for verified safety, higher quality and availability, and extending functionality. Supervisor synthesis is a method to automatically derive a supervisor from a model of the plant and a model of the control requirements. While supervisor synthesis is an active research topic, only a few reports exist on industrial applications. One of the reasons for this is the lack of acquaintance of control engineers with modeling and specifying in the framework of automata. In addition to this, there are no clear guidelines for obtaining the necessary models for synthesis. In this paper, we describe a general way of modeling for the plant and the requirements in order to contribute towards the acceptance of supervisor synthesis in industry. This way of modeling is illustrated with an industrial case study in which a supervisory controller is synthesized for the Algera complex. The Algera complex consists of a waterway lock and a movable bascule bridge. The supervisor has to control 80 actuators based on the observations from 96 discrete sensors, in response to 63 control commands available from the operator. We show how to model the plant as a collection of extended finite-state automata, how to model the requirement as a collection of event conditions, how to synthesize the monolithic supervisor, and how to validate the resulting supervisor using continuous-time simulation

Supervisor Synthesis: Bridging Theory and Practice

n recent years, owing to important improvements, the applicability of supervisor synthesis has significantly increased. We discuss notable developments that were pivotal in the application of supervisor synthesis to large infrastructural systems

Model properties for efficient synthesis of nonblocking modular supervisors

Supervisory control theory provides means to synthesize supervisors for cyber-physical systems from models of the uncontrolled plant and models of the control requirements. It has been shown that in general supervisory control synthesis is NP-hard. However, for several industrial systems supervisory control synthesis verifies that the provided control requirements are sufficient to act as a supervisor. In this paper, we propose model properties and a method to identify when no synthesis is needed for a given set of plant models and requirement models, i.e., the plant models and requirement models together form a maximally permissive, controllable, and nonblocking supervisor. The method consists of creating a control problem dependency graph and verifying whether it is acyclic to establish that synthesis can be skipped. In case of a cyclic graph, potential blocking issues can be localized, so that the original control problem can be reduced to only synthesizing supervisors for smaller partial control problems. The proposed method is illustrated in detail with a case study of a production line and applied on a case study of a roadway tunnel for which the method identifies a large part of the system that requires no synthesis

Compositional coordinator synthesis of extended finite automata

To avoid the state-space explosion problem, a set of supervisors may be synthesized using divide and conquer strategies, like modular or multilevel synthesis. Unfortunately, these supervisors may be conflicting, meaning that even though they are individually non-blocking, they are together blocking. Abstraction-based compositional nonblocking verification of extended finite automata provides means to verify whether a set of models is nonblocking. In case of a blocking system, a coordinator can be synthesized to resolve the blocking. This paper presents a framework for compositional coordinator synthesis for discrete-event systems modeled as extended finite automata. The framework allows for synthesis of a coordinator on the abstracted system in case compositional verification identifies the system to be blocking. As the abstracted system may use notions not present in the original model, like renamed events, the synthesized coordinator is refined such that it will be nonblocking, controllable, and maximally permissive for the original system. For each abstraction, it is shown how this refinement can be performed. It turns out that for the presented set of abstractions the coordinator refinement is straightforward

Efficient Validation of Supervisory Controllers using Symmetry Reduction

Supervisory control synthesis is a method to automatically generate a correct-by-construction supervisory controller. Validation of the synthesized controller is an important step to guarantee correct and safe system behavior. Especially requirement validation for systems with numerous components can be a difficult and time-consuming task. This paper proposes a method that reduces the required validation time and effort of systems through symmetry reduction, and is based on the concept of isomorphism. Isomorphism of component models and requirement models means that these models are equivalent in behavior, and therefore only part of the system needs to be validated. This method is used in an industrial case study, in which a supervisory controller is synthesized for a road tunnel (the Koning Willem-Alexandertunnel, the Netherlands). In this case study, the modeling of the plant and the requirements, supervisor synthesis, simulation, and validation are described