Universidade Federal de Santa Catarina
Pós Graduação em Engenharia Elétrica
Departamento de Automação e Sistemas
An Assume-Guarantee Reasoning for Hierarchical
Coordination of Discrete Event Systems
Antonio E. C. da Cunha
José E. R. Cury
Universidade Federal de Santa Catarina
Departamento de Automação e Sistemas
Caixa Postal 476 – CTC – Campus Trindade
88.040-970 – Florianópolis – SC – Brasil
{aecc,cury}@das,ufsc.br
Bruce H. Krogh
Carnegie Mellon University
Department of Electrical and Computer Engineering
5000 Forbes Avenue
Pittsburgh – PA – 15213 – USA
[email protected]
Outline
1.
2.
3.
4.
5.
Introduction
Model for controlled DES
Abstraction for Hierarchical Control
Hierarchical Control for Composed Systems
Final Remarks
October 2002
WODES 2002
2
Introduction
•
•
Problem of state-space explosion in the supervisor synthesis for Discrete Event
Systems (DES)
Hierarchical supervision of DES
–
–
•
•
High level abstraction has potentially smaller state-space
Hierarchical decomposition in the implementation of the supervisor
For composed systems, it is still necessary to build the full system to compute the
high level abstraction
Objective
–
–
Find first high level abstractions of system components
Compose them to get an abstraction of the low level system
P
P
S
P
S
Pn
S1
Sn
S
S1
October 2002
P1
Sn
WODES 2002
3
Model for controlled DES
• Given a set of events Σ, a controlled DES S on Σ is a
pair (LS, ΓS) where
– LS ⊆ Σ* prefix-closed language
– ΓS function that associates s ∈LS to ΓS (s) ⊆ 2Σ ×{M,N}
• Interpretation
– LS contains the strings on Σ generated by S
– For s ∈LS, ΓS (s) is a set of controls (γ,#), where
• γ ⊆ Σ is a set of enabled events after s
• If # = M, s is marked, a task of the system
• If # = N, s is non-marked, not a task of the system
J. E. R. Cury, C. R. C. Torrico and A. E. C. da Cunha. A new approach for supervisory control of discrete event systems.
In: Proceedings of the European Control Conference, Porto, Portugal, September 2001.
October 2002
WODES 2002
4
Example – cat in a maze
G
4
4
c4
c1
3
1
food
c1
c3
c2
1
October 2002
2
c4
3
c3
c2
c3
L = L(G)
2
c3
x
1
2
3
4
WODES 2002
Γ(x)
(∅,N) ({c2},N) ({c2,c3},M)
({c3},N)
(∅,N) ({c4},N)
(∅,N) ({c1},N)
5
Supervisory control results
• Supervisor for the controlled DES S on Σ
– function f that associates s∈LS to f(s) = (γ,#)∈ΓS (s)
• Closed-loop system f/S
– Generated language Lf/S ⊆ LS
– Marked language Lf/S,m ⊆ Lf/S - supervisor selects “M” controls
• Non-blocking supervisor
– Lf/S,m = Lf/S
• Existence of supervisors
– Given K ⊆ LS, there is a non-blocking supervisor f for S such that
Lf/S,m = K if and only if K is (LS,Γ
ΓS)-compatible.
J. E. R. Cury, C. R. C. Torrico and A. E. C. da Cunha. A new approach for supervisory control of discrete event systems.
In: Proceedings of the European Control Conference, Porto, Portugal, September 2001.
October 2002
WODES 2002
6
Hierarchical Control of DES
•
Two-level hierarchy
– Low level: controlled DES S on Σ
– High level system constructed by
observation of relevant events Σr ⊆ Σ
•
Reporter map θ
Hierarchical consistency
– Language of P is θ-image of the language
of S
– Behaviors of P realizable by non-blocking
high level supervisory control are θ-images
of behaviors of S realizable by nonblocking supervisory control
October 2002
P
fh
– Updates the high level model by the
occurrence of relevant events in the low
level
– Relates the behaviors of the low level and
the high level
•
events
WODES 2002
virtual
controls
high level
directives
relevant
events
events
fl
S
controls
Hierarchical supervision
7
Example – decomposition of the low level
Relevant events
Σr = {a, b, c}
Low level system
c
S
α
a
1
α
5
c
µ
3
4
4
6
a
a
b
qF
c
S(4)
α
vocal states (yellow)
sink states of transitions with
relevant events, plus start state
5
c
c
2
α
b
7
β
c
S(3)
3
0
S(x): subsystem for state x
Portion of the system starting
from x and terminating at the
occurrence of a relevant event
α
6
a
qF
ΓS,voc(x): vocal control set for state x
Abstract controls involving relevant
events, obtained by control in the
subsystem S(x)
ΓS,voc (3) = {({b},N), ({b,c},N)}
ΓS,voc (4) = {({c},N), ({a},M), ({a,c},M)}
A. E. C. da Cunha and J. E. R. Cury. Hierarchically consistent controlled discrete event systems.
IFAC World Congress, Barcelona, july, 2002
October 2002
WODES 2002
8
Consistent abstraction
•
Definition
– A consistent abstraction of S w.r.t. Σr is a DES P on Σr such that
• LP = θ (LS)
• For all t∈LP, (γ, #)∈ΓP(t) iff for all s∈θ-1voc(t) there is (γ’,#’)∈ΓS,voc(s)
s.t.
– γ’ = γ ∩ ΣS,voc(s) and
– #’ = #
– where
• θ-1voc (t) : low level vocal strings corresponding to t ∈ θ (LS)
• θ-1(t) : low level strings corresponding to t ∈ θ (LS)
• ΣS,voc (s) : next relevant events after s
•
Proposition
– P is a consistent abstraction of S w.r.t. Σr if and only if there is hierarchical
consistency between S and P
•
A lattice of consistent abstractions is defined
– There is a maximal consistent abstraction of S w.r.t Σr, denoted by 〈S,Σ
Σr〉
October 2002
WODES 2002
9
Example - consistent abstraction
c
S
α
a
1
0
α
3
c
µ
P = 〈S,Σr〉
5
a
b
{0}
7
c
β
2
4
α
{1, 7}
a
c
{3, 4}
a
b
a
6
a
{4}
a
Construction of high level system
Low level system decomposed into
subsystems related to the vocal states
{7}
q
{0}
{1, 7}
{3, 4}
{4}
{7}
ΓP (q)
({a},N)
∅
({b, c},N)
({c},N) ({a},M) ({a, c},M)
(∅,M) ({a},M)}
c
a
high level generator
constructed by addressing abstract
transitions to vocal states and
making the result deterministic
High level control structure
constructed from the vocal
control sets for the vocal states
Construction of a high level control set
ΓP (3,4) = {({b,c},N)}
ΓS,voc (3) = {({b},N), ({b,c},N)}
October 2002
ΓS,voc (4) = {({c},N), ({a},M), ({a,c},M)}
WODES 2002
10
Hierarchical control of composed systems
P
P
S
S1
Sn
S = S1 || ... || Sn
Objective
–
•
Sn
Let S be a composed system on Σ
–
•
Pn
S
S1
•
P1
Given set of relevant events Σr ⊆ Σ, construct the maximal consistent abstraction P = 〈S, Σr〉
Compositional hierarchical control
–
Construct P without constructing S, but by composition of abstraction for modules S1, ..., Sn
October 2002
WODES 2002
11
Composition of controlled DES
•
The synchronous product of the controlled DES S1 on Σ1 and S2 on Σ2 is
a controlled DES S1||S2 = S on Σ = Σ1 ∪ Σ2 such that
– The language LS is the synchronous product of LS1 and LS2
• LS = LS1 || LS2
– The control (γ,#) is valid for s ∈ LS if there are controls (γ1,#1) and (γ2,#2) valid
for the corresponding strings of S1 and S2 for that
• For the active events in S1 that are not in S2,the result of the control action
of γ and γ1 is the same
• Idem for γ and γ2
• For the shared active events, the result of the control action of γ, γ1 and γ2 is
the same
– ΓS (s) = {(γ,#) ∈ 2^{ΣLs(s)} × {M,N} :
» (∃(γ1,#1) ∈ ΓS1 (p1(s))) and (∃(γ2,#2) ∈ ΓS2 (p2(s))) such that
» γ ∩ (Σ1 - Σ2) = (γ1 - γ2) ∩ ΣLs(s)
» γ ∩ (Σ2 - Σ1) = (γ2 - γ1) ∩ ΣLs(s)
» γ ∩ (Σ1 ∩ Σ2) = (γ1 ∩ γ2) ∩ ΣLs(s)
» # = #1 ∧ #2 }, for all s ∈ LS
October 2002
WODES 2002
12
Example - synchronous product of controlled DES
Σ1 = Σ2 = {a, b, c}
b
x
a
y
a
ΣLs1 (x) = {a,b}
ΣLs2 (y) = {a,c}
({ },N) ({a,b},N)
({a},M) ({a,c},N)
∩ ΣLs(x,y)
∩ ΣLs(x,y)
a
x,y
({ },N) ({a},N)
c
ΣLs (x,y) = {a}
({a},M)
({a},N)
October 2002
WODES 2002
13
Composition of consistent abstractions
•
Problem setting
– Relevant events Σr ⊆ Σ
– Two components
• Σ1r = Σ1 ∩ Σr
• Σ2r = Σ2 ∩ Σr
• S1 on Σ1
• S2 on Σ2
– Maximal consistent abstractions
• P = 〈S, Σr〉
• P1 = 〈S1, Σ1r〉
• P2 = 〈S2, Σ2r〉
– Composed system
• S = S1||S2 on Σ = Σ1 ∪ Σ2
• Σ1 ∩ Σ2 = ∅ (product system)
• Fact
– P1||P2 is not guaranteed to be a consistent abstraction of S
• P ≤ P1|| P2
October 2002
WODES 2002
14
Example - composition of consistent abstractions
S1
S = S1||S2
S2
a
b
0
1
d
c
2
0
1
θ1
θ2
P2
b
0
2
01
0 ({},M) ({b},M) ({b},N)
2 ({},M)
P1 || P2
||
d
a
2
0 ({},M) ({b},M) ({b},N)
2 ({},M)
d
d
b
2
October 2002
Controls that are
not valid for the maximal
consistent abstraction
P = 〈S,Σr〉
1
3
21
d
b
12
22
Σ={a,b,c,d}
b
0
c
b
11
d
Σr2={d}
d
0
c
a
02
P1
20
||
2
Σ2={c,d}
Σr1={b}
b
10
c
Σ1={a,b}
a
00
0 ({},M) ({b},M) ({d},M) ({b,d},M)
({b},N) ({d},N) ({b,d},N)
1 ({},M) ({d},M) ({d},N)
2 ({},M) ({b},M) ({b},N)
3 ({},M)
WODES 2002
Σr={b,d}
b
0
1
d
d
b
2
θ
3
0 ({},M) ({b},M) ({b,d},M)
({b},N) ({b,d},N)
1 ({},M) ({d},M) ({d},N)
2 ({b},N)
3 ({},M)
15
Reliable abstractions
•
•
•
From the previous development, the compositional reasoning does not
apply to consistent abstractions
The reliable abstraction (Pu 2000) is a class of consistent abstraction for
that the compositional reasoning applies
In our framework, for a reliable abstraction, a control (γ,#) is valid for a high
level string t iff for all low level string s corresponding to t, there is a control
(γ’,# ’) in the vocal control set of s for that the abstract control action is the
same than (γ,#) in the high level
– For the consistent abstraction, this property is required only for the vocal strings
corresponding to t
•
The conditions imposed to obtain a reliable abstraction are more
conservative than in the case of a consistent abstraction
K.Q. Pu. Modeling and control of discrete-event systems with hierarchical abstraction.Master´s thesis, Systems
control group, Department of electrial and computer engineering, University of Toronto, Toronto, Canada, 2000.
October 2002
WODES 2002
16
Assume-guarantee reasoning
• Assume-guarantee reasoning
– In contrast to compositional reasoning
– Applications
•
•
•
•
October 2002
modular verification of discrete-state systems
composition of reactive modules
set-theoretic framework for systems control
modular hybrid systems etc.
WODES 2002
17
Assume-guarantee reasoning for the composition
of consistent abstractions
•
Assume
–
–
•
Expanded systems (system+environment)
–
–
•
P2 = 〈S2, Σ2r〉 as environment for S1
P1 = 〈S1, Σ1r〉 as environment for S2
S1’ = S1 || P2
S2’ = S2 || P1
Guarantee
–
Under the assumption of P2 as environment for S1, S1´ guarantees Q1 as maximal consistent
abstraction
•
–
Under the assumption of P1 as environment for S2, S2’ guarantees Q2 as maximal consistent
abstraction
•
•
Q2 = 〈S2’, Σr〉
Boundary conditions
–
•
Q1 = 〈S1’, Σr〉
P1 and P2 : maximal consistent abstractions for S1 and S2 respectively
RESULT
–
–
Q1 || Q2 = 〈S1 || S2, Σr〉
Q1 || Q2 is the maximal consistent abstraction of S = S1 || S2 w.r.t. Σr
October 2002
WODES 2002
18
Example - assume-guarantee reasoning
S1
a
P2
b
0
1
0
2
P1
d
2
S2
b
0
0
2
S1’ = S1 || P2
a
00
02
20
d
a
12
22
θ
b
d
b
2
3
d
b
02
Q2 = 〈S2’ ,Σr〉
b
d
21
d
Q1 = 〈S1’,Σr〉
1
c
b
01
θ
0
20
c
d
b
0
0 ({},M) ({b},M) ({b,d},M)
({b},N) ({b,d},N)
1 ({},M) ({d},M) ({d},N)
2 ({b},N)
3 ({},M)
1
d
b
2
2
b
00
S2’ = P1||S2
b
10
d
1
||
||
d
c
3
22
0 ({},M) ({b},M) ({d},M) ({b,d},M)
({b},N) ({d},N) ({b,d},N)
d 1 ({},M) ({d},M) ({d},N)
2 ({},M) ({d},M) ({d},N)
3 ({},M)
Q1 || Q2 = 〈S1 || S2, Σr〉
October 2002
WODES 2002
19
Final Remarks
•
This paper presented a method to build consistent abstractions for
composed systems by composition of smaller abstractions of systems
components
– Since it produces the maximal consistent abstraction, the result is more refined
than the so-called reliable abstraction
•
•
•
The method is based on the assume-guarantee reasoning, in contrast to the
compositional reasoning
The method was applied to the design of a coordinator for an intelligent
cruise control system for an automobile (see paper)
Results for product systems
– claim: results are also valid for the case of system components sharing relevant
events
– claim: for the general case of a composed system, where any of the events can
be shared, the method produces a consistent abstraction
•
Results for the case of two system components
– claim: the method can be extended for n>2 systems
October 2002
WODES 2002
20
Final Remarks
•
Complexity of the operations
– The intermediate steps always involve smaller systems than the full composed
system
•
Results for the model of controlled DES of Cury et al. (2001)
– claim: the method can be applied to the standard RW model
– problem
• The construction of a consistent abstraction using the standard RW control, or the
generalized model of Pu (2000), requires some additional conditions for the hierarchy
•
Tool for hierarchical control of DES
– All the models and methods are implemented in a computational tool based on
Grail, a C++ library for manipulation of finite-state automata
– Tool for hierarchical control of DES
• http://www.das.ufsc.br/home/doutorado/aecc/public_html/grail-hier/grail-hier.tar.gz
– Suggested auxiliary tools
• Grail (original functions): http://www.csd.uwo.ca/research/grail/
• Tool for supervisory control: http://www.das.ufsc.br/~cury/ensino-5202.html
• Graphviz (graph visualization tool): http://www.research.att.com/sw/tools/graphviz/
October 2002
WODES 2002
21