Structuring Multilevel Discrete-Event Systems With Dependence Structure Matrices

Despite the correct-by-construction property, one of the major drawbacks of supervisory control synthesis is state-space explosion. Several approaches have been proposed to overcome this computational difficulty, such as modular, hierarchical, decentralized, and multilevel supervisory control synthesis. Unfortunately, the modeler needs to provide additional information about the system's structure or controller's structure as input for most of these nonmonolithic synthesis procedures. Multilevel synthesis assumes that the system is provided in a tree-structured format, which may resemble a system decomposition. In this paper, we present a systematic approach to transform a set of plant models and a set of requirement models provided as extended finite automata into a tree-structured multilevel discrete-event system to which multilevel supervisory control synthesis can be applied. By analyzing the dependencies between the plants and the requirements using dependence structure matrix techniques, a multilevel clustering can be calculated. With the modeling framework of extended finite automata, plant models and requirements depend on each other when they share events or variables. We report on experimental results of applying the algorithm's implementation on several models available in the literature to assess the applicability of the proposed method. The benefit of multilevel synthesis based on the calculated clustering is significant for most large-scale systems

Timed I/O Automata: It is never too late to complete your timed specification theory

A specification theory combines notions of specifications and implementations with a satisfaction relation, a refinement relation and a set of operators supporting stepwise design. We develop a complete specification framework for real-time systems using Timed I/O Automata as the specification formalism, with the semantics expressed in terms of Timed I/O Transition Systems. We provide constructs for refinement, consistency checking, logical and structural composition, and quotient of specifications -- all indispensable ingredients of a compositional design methodology. The theory is backed by rigorous proofs and is being implemented in the open-source tool ECDAR.Comment: Version submitted for revie

Lessons learned in the application of formal methods to the design of a storm surge barrier control system

The Maeslantkering is a key flood defense infrastructural system in the Netherlands. This movable barrier protects the city and harbor of Rotterdam, without impacting ship traffic under normal circumstances. Its control system, which operates completely autonomously, must be guaranteed to work correctly even under extreme weather conditions, although it closes only sporadically. During its development in the 1990's, the formal methods Z and Spin were used to increase reliability. As the availability of industrial expert knowledge on these formal methods declines, maintaining the specifications defined back then has become cumbersome. In the quest for an alternative mathematically rigorous approach, this paper reports on an experience in applying supervisory control synthesis. This formal method was recently applied successfully to other types of infrastructural systems like waterway locks, bridges, and tunnels, with the purpose to ensure safe behavior by coordinating hardware components. Here, we show that it can also be used to coordinate several (controller) software systems. Additionally, we compare the lessons learned from the originally used formal methods and link Z to supervisory control synthesis

Model Properties for Efficient Synthesis of Nonblocking Modular Supervisors

Supervisory control theory provides means to synthesize supervisors for systems with discrete-event behavior from models of the uncontrolled plant and of the control requirements. The applicability of supervisory control theory often fails due to a lack of scalability of the algorithms. We propose a format for the requirements and a method to ensure that the crucial properties of controllability and nonblockingness directly hold, thus avoiding the most computationally expensive parts of synthesis. The method consists of creating a control problem dependency graph and verifying whether it is acyclic. Vertices of the graph are modular plant components, and edges are derived from the requirements. In case of a cyclic graph, potential blocking issues can be localized, so that the original control problem can be reduced to only synthesizing supervisors for smaller partial control problems. The strength of the method is illustrated on two case studies: a production line and a roadway tunnel.Comment: Submitted to Journal of Control Engineering Practice, revision