2.2 Supervisory Control of Timed Discrete Event Systems

2.2 Supervisory Control of Timed Discrete Event

To use TDES models for supervisory control, Σ_act is also categorized as Σ_con (con- trollable), Σ_unc(uncontrollable), and Σ_{f or} (forcible). An event is controllable if it can be prevented from occurring at a specific point in a logical event sequence or in time, and is uncontrollable otherwise. SCTDES includes a mechanism for forcing certain events to occur before a specific time instant. Specifically, forcible events can preempt a tick of the global clock. In this thesis, we are concerned with tasks having a finite deadline and hence, we assume all timed controllable events to be forcible.

2.2.2 Timed Discrete Event Systems (TDES)

A TDES Gis derived from its corresponding ATG G_act and represented by, G= (Q,Σ, δ, q₀, Q_m)

Thestate setQ=A×Q

{T_σ|σ ∈Σ_act}, where a stateq∈Qis of the formq ={a,{t_σ|σ ∈ Σ_act}} in which a ∈ A and t_σ ∈ T_σ is the timer of event σ. The initial state q₀ ∈ Q is defined as q₀ = {a₀,{t_σ0|σ ∈ Σ_act}}, where t_σ0 is u_σ if σ ∈ Σ_spe (respectively, l_σ if σ ∈ Σ_rem). The marker state set Q_m ⊆ Q is given by Q_m ⊆ A_m ×Q

{T_σ|σ ∈ Σ_act}.

Σ = Σ_act∪{tick}, where˙ tick denotes the passage of one unit time of the global clock.

δ :Q×Σ→Q is the state transition function which is defined in terms of δact and the time bounds [18].

In case of σ ∈ Σ_spe, δ(q, σ) is defined, provided q = (a, ), δ_act(a, σ) is defined, and 0 ≤ t_σ ≤ µ_σ −l_σ. An event σ ∈ Σ_spe is enabled at q = (a, ) ∈ Q if δ_act(a, σ) is defined, and is disabled otherwise. An enabled event σ (either tick or in A) is eligible if δ(q, σ) is defined. Only eligible events can actually occur. Thetimer mechanism can be summarized as: Once an eventσ is enabled, the timer tσ of σ is decremented by one time unit at every subsequenttick of the clock, until either, (i)t_σ reaches zero (at which point σ is forced to occur), or (ii) σ occurs, or (iii) σ is disabled due to the occurrence of some other transition to a new activity. After all these cases, t_σ is reset to its default value (i.e.,t_σ =u_σ if σ ∈Σ_spe). We use q −→^σ q⁰ to denote δ(q, σ) = q⁰.

2.2 Supervisory Control of Timed Discrete Event Systems

2.2.3 Example

Let us consider a single instance of a task τ_i (i.e., job) with arrival time A_i, execution time E_i and deadline D_i. The ATG model and its corresponding TDES model, for τ_i are shown in Figures 2.2 and 2.3, respectively. Here, the set of activities A = {IDLE, READY, EXECUTING, COMPLETION}, the event set Σ_act = {a_i, s_i, c_i}, where, the event a_i represents the arrival of τ_i, s_i represents the start of execution of τ_i and c_i represents the completion of execution of τ_i. All events are categorized as prospective since they are assigned with finite time bounds. We have used the shorthand notation t to represent the tick event.

IDLE a_i READY s_i EXECUTING c_i COMPLETION

[A_i, A_i] [0, D_i - E_i] [E_i, E_i]

Figure 2.2: ATG for a single instance of τi with parameters Ai, Ei and Di

a_i

t t

# t = A_i

s_i

t t t

# t = D_i - E_i

s_i s_i s_i

t

t t t

c_i

c_i c_i

c_i

# t = E_i

t

Figure 2.3: TDES for a single instance of τ_i with parameters A_i, E_i andD_i

2.2.4 Behavior of TDES

Let us denote by Σ⁺the set of all finite sequences of events (or strings) of Σ, of the form σ₁σ₂...σ_k where k ≥ 1, k ∈ N and σ_k ∈ Σ. Let /∈ Σ be the empty event and define Σ^∗ = {} ∪Σ⁺. Function δ can be extended to δ : Q×Σ^∗ → Q. The closed behavior of TDES G is the language L(G) = {s ∈ Σ^∗|δ(q0, s) is defined}. The marked behavior of TDES G is the language Lm(G) = {s ∈ Σ^∗|δ(q0, s) ∈ Qm}. The prefix-closure of a language L ⊆ Σ^∗ is denoted by L and consists of all the prefixes of all strings in L. L = {s ∈ Σ^∗ : (∃x ∈ Σ^∗) [sx ∈ L]}. L is said to be prefix-closed if L = L. G is non-blocking if L_m(G) satisfies L_m(G) = L(G). Likewise, G is blocking if L(G) 6=

L_m(G).

2.2.5 Reachability, Co-reachability, Composition

A state q ∈ Q is reachable, if δ(q₀, s) = q, for some s ∈ Σ^∗. TDES G is said to be reachable, if q is reachable for all q ∈ Q. We use the notation Ac(G) to denote the operation of deleting all the states of G that are not reachable from q0. A state p∈ Q is co-reachable, if δ(p, s)∈Q_m, for some s ∈Σ^∗. A TDES G is said to be co-reachable, if p is co-reachable for every p ∈ Q. G is said to be non-blocking, if L(G) = L_m(G).

Otherwise, G is said to be blocking.

Suppose we have n languages corresponding to n TDES, L_i ⊆ Σ^∗_i with Σ =∪ⁿ_i=1Σ_i. The natural projection Pi : Σ^∗ →Σ^∗_i is defined as: (i) Pi() = , (ii) Pi(σ) = if σ /∈Σi, (iii) Pi(σ) = σ if σ ∈ Σi and (iv) Pi(sσ) = Pi(s)Pi(σ), s ∈ Σ^∗, σ ∈ Σ. The inverse projection of P_i is, P_i⁻¹ : 2^Σ∗i → 2^Σ∗. The synchronous product of L₁, L₂, . . ., L_n, denoted by L₁||L₂||. . .||L_n, is defined asP₁⁻¹L₁∩P₂⁻¹L₂∩ · · · ∩P_n⁻¹L_n.

2.2.6 Supervisory Control

Formally, a supervisory control for G is a map S : L(G) → 2^Σ. Given G and S, the resulting closed-loop system, denoted by S/G, is defined inductively according to (i) an empty event ∈ L(S/G) (ii) [(s ∈ L(S/G)) and (sσ ∈ L(G)) and (σ ∈ S(s))] ⇔ [sσ ∈ L(S/G)] (iii) No other strings belong to L(S/G). The marked behavior of S/G is: Lm(S/G) = L(S/G)∩Lm(G). To summarize, a supervisor of G can be considered as an automaton S that monitors each state of G, and disable certain events inG when necessary, in order to control its behavior [29].

Given the system G and a desired specification K ⊆ L_m(G), K 6= ∅, the synthesis process first builds a supervisor candidate using G||K and this must be non-blocking as well as controllable [104]. A TDES is controllable with respect to G if it always admits the occurrence of (i) uncontrollable events eligible in G, (ii) tick events, if eligible, and not preempted by an eligible forcible event. If the controllability condition is satisfied, then the resulting controlled system ensures L_m(S/G) = K. Otherwise, a largest (i.e., supremal) controllable sublanguage of K can always be found (even though it may be empty). LetC(K) denote the family of controllable sub-languages ofK. C(K) is always

2.2 Supervisory Control of Timed Discrete Event Systems

non-empty, since ∅ is controllable. C(K) is closed under arbitrary set unions and has a unique largest controllable sub-language supC(K) such that supC(K)⊆K. Therefore, it is possible to design a supervisor which restricts the system behavior to supC(K). If this supervisor is adjoined withG, then L_m(S/G) = supC(K). The supervisorS is said to be minimally restrictive in the sense that its only action is to disable certain events when necessary so as to preserve the desired behavior of the system. As a consequence, the solution generates the largest possible subset of legal sequences.

2.2.7 Supervisor Computation

In order to transform G||K (denoted by M) such that it becomes both controllable and non-blocking, we apply the standard safe state synthesis mechanism presented in Algorithm 1 (SAFE STATE SYNTHESIS) [77, 104]. The synthesis algorithm iteratively removes the blocking states, together with all predecessor states that are reachable by uncontrollable transitions, and afterwards computes the set of nonblocking states. The algorithm stops either if all remaining states are non-blocking or if the initial state becomes blocking and has been eliminated, in which case a supervisor does not exist.

This procedure returns a unique maximal least restrictive supervisor, i.e., supC(K) [74, 108]. Next, we present the detailed discussion of each step involved in Algorithm 1.

Algorithm 1 first initializes the set of safe (un-safe) states Q_s (Q_u) of M to empty.

Then, it invokes Algorithm 2 (CO-REACHABLE) to compute the set of co-reachable states in M, denoted by Q⁰. Algorithm 2 first initializesSQ_i to the set of marked states Q_m and do not include any state in Q_u, i.e.,Q_m\Q_u. Then, SQ_i is iteratively extended by adding all states that can reach the co-reachable states using PreImage¹.

Next, Algorithm 1 invokes Algorithm 3 (NON-CO-REACHABLE) which first com- putes the initial set of non-co-reachable states in M through Q\Q⁰, denoted by SQ_i. Then, SQ_i is iteratively extended by adding: (i) Q^uc: The set of states in M that can reach the non-co-reachable states in SQ_i through only uncontrollable events using PreImage UC². (ii)Q^t: The set of states inM that contain outgoing transition on t to a

1The operatorPreImage(V, δ)computes the set of states that, by one transition, can reach a state in V (⊆Q), formally defined as: PreImage(V, δ)={q∈Q|∃q⁰∈V :δ(q, σ) =q⁰, σ∈Σ}.

2PreImage UC(V, δ) = {q∈Q|∃q⁰∈V :δ(q, σ) =q⁰, σ∈Σ_uc}.

state inSQ_i (usingPreImage t¹). In addition, these states should not contain outgoing transition on any forcible event (obtained using Undef for²). The extended set of non- co-reachable states is denoted by Q⁰⁰. In Algorithm 1, Q⁰⁰ is added to the set of un-safe states Qⁱ_u and is iteratively extended until fix-point is reached.

ALGORITHM 1: SAFE STATE SYNTHESIS