Liveness-Enforcing Supervision of
Sequential Resource Allocation
Systems
Spyros Reveliotis
School of Industrial & Systems Eng.
Georgia Institute of Technology
Talk Outline
• Problem motivation and the abstraction of the
Resource Allocation System (RAS)
• Formal characterization of the considered problem,
its optimal solution, and the involved complexity
• The current State of Art
– Special RAS structure admitting optimal livenessenforcing supervision of polynomial complexity w.r.t. the
RAS size
– Suboptimal, polynomial-complexity liveness-enforcing
supervisors for many of the remaining cases
– A generic methodology for verification and design of
efficient suboptimal liveness-enforcing supervisors
A motivational example:
Part flow control in an FMS
R1
R2
J1 : R1 R2 R3
R3
J2 : R3 R2 R1
Another example:
Traffic Management in an AGV System
Type - 2
Deadlock
W1
W2
Type - 1
Deadlock
W3
W4
Docking
Station
The current state of art:
Dealing with the considered problem in
the 300mm FAB
A Transportation example
Internet-based business workflow
management
A modeling abstraction:
Sequential Resource Allocation Systems (RAS)
•
•
•
•
A set of (re-usable) resource types R = {Ri, i = 1,...,m}.
Finite capacity Ci for each resource type Ri.
a set of job types J = {Jj, j = 1,...,n}.
An (partially) ordered set of job stages for each job type, {pjk, k =
1,...,lj}.
• A resource requirements vector for each job stage p, ap[i], i =
1,...,m.
• Jobs release their currently held resources only upon allocation
of the resources requested for their next stage
Sequential RAS deadlock: A RAS state in which there exists a
subset of jobs s.t. every job in this subset in order to proceed
requires some resource(s) currently allocated to some other job in
this subset.
Logical vs Performance Control
of Sequential RAS
Resource
Allocation
System
Behavioral
Correctness
Efficiency
Admissible
Actions
Configuration Data
RAS Domain
Performance Control
Feasible
Actions
Logical Control
Event
System State Model
An Event-Driven RAS Control Scheme
Commanded
Action
The RAS Logical Control Problem:
Characterization of the optimal solution
and its complexity
Finite State Automata (FSA)-based modeling
of RAS behavior
q0
q1
q2
J11
J 21
q15
q3
J11
J12
q16
J12 J21
q18
J11 J12 J21
q4
J21
J22
q17
J11 J22
q19
J11 J22 J21
Safe vs. Unsafe Region and
the Optimal Logical Control Policy
q0
q1
q2
J11
J21
q15
q3
J11
J12
q5
J11 J12
J11
q18
q11
J12 J13
q13
J11 J12 J13
J11 J12 J21
J22
q7
J13
J23
J12 J21
J13
J21
q6
q16
q9
q4
q8
J22 J 21
q17
q10
J11 J22
J23
J21
q19
J11 J22 J21
q12
J23 J22
q14
J23 J22 J21
Complexity Considerations
• State Safety is an NP-complete problem in sequential RAS
(by reduction of the 3SAT problem)
• State Transition Diagram (STD) size:
C Q
O(
Q
)
m
where:
• C = max resource capacity
• Q = max number of stages supported by a resource
• m = number of resource types
Dealing with the non-polynomial
complexity
• Special RAS structure admitting an optimal logical control policy of
polynomial complexity w.r.t the RAS size
• Polynomial-Kernel (PK-) RAS logical control policies: Sub-optimal one-steplookahead policies based on state properties that are polynomially verifiable,
e.g.,
– RUN (Resource Upstream Neighborhood)
– RO (Resource Ordering)
– Banker’s algorithm
• An analytical framework for
– interpreting the correctness of the above policies, and
– enabling the “automatic” validation and synthesis of new members from
this class of policies
Some Major Contributors and
Research Groups in this Area
The first attempts, primarily in the computer system context (60’s and 70’s)
– Dijkstra, Havender, Habermann, Coffman, Holt
– Gold, Araki, Sugiyama, Kasami, Okui
The problem revival in the manufacturing context (late 80’s / early 90’s)
– Banaszak & Krogh
– Viswanadham, Narahari & Johnson
– Wysk, Joshi & Smith
The current DES-based community (mid-90’s to present)
– Colom, Ezpeleta & Tricas
– Xie & Jeng
– Zhou and his colleagues
– Fanti & her colleagues
– Roszkowska
– Hsieh
– Reveliotis, Lawley, Ferreira, Park and Choi
A RAS taxonomy
Structure of the process
sequential logic
Structure of the stage resource
requirement vectors
• Linear: each process is defined • Single-unit: each stage requires
a single unit from a single
by a linear sequence of stages
resource
• Disjunctive: A number of
• Single-type: each stage
alternative process plans
requires an arbitrary number
encoded by an acyclic digraph
of units, but all from a single
resource
• Merge-Split or Fork-Join: each
process is a fork-join network • Conjunctive: Arbitrary number
of units from different
• Complex: a combination of the
resources
above behaviors
RAS admitting optimal logical control
of polynomial complexity
• Type 1: The search for a process terminating sequence can be
organized in a way that backtracking is not necessary:
Process advancing events can be selected in such a manner that
the resource slack capacity is increased monotonically
– e.g., under “nested” resource allocation: resources are released by a
process in a sequence that is reverse to that followed for their acquisition
• Type 2: Unsafety Deadlock deadlock is polynomially
identifiable.
This kind of results are available for sub-classes of DIS-SU-RAS
only.
DC-RAS with
“nested” resource allocation
1.
2.
3.
Every process transition corresponds either to a pure allocation or a pure
de-allocation.
Resources allocated as a block are also de-allocated as a block. The
“scope” of each such allocation is defined by the processing stages that
engage the corresponding resource block.
In each path of the process-defining graph that corresponds to a single
realization of the process, the “scopes” of two different allocations are
either disjoint or one contains the other – this is equivalent to the
statement that resource blocks are de-allocated in reverse order of their
allocation.
A(R1)
R1
A(R2)
R1+R2
A(R3)
R1+R2+R3
D(R3)
R1+R2
D(R2)
R1
D(R1)
A polynomial algorithm resolving safety
in DC-RAS with nested allocations
• Given a state RAS state s, let:
– δi(s) be the slack capacity of resource Ri at s, for all i;
– Sa(s) be the set of “active” processing stages at s;
– <Ajk1, Ajk2, …, Ajkn(jk)> be the resource allocation sequence for the
resources occupied by a job instance executing proc. stage Ξjk in Sa(s);
– Q := { Ajkn(jk) | Ξjk in Sa(s) }.
• While Q is not empty:
– Try to find an allocation Ajki in Q that is de-allocateable under the
current slack capacities;
– If no such allocation exists, declare s as unsafe and exit.
– O.w.,
• add the resources corresponding to Ajki to the slack vars δi(s);
• remove Ajki from Q and, if i > 1, enter in Q the allocation Ajki-1.
• Declare state s safe and exit.
An Example Result of the 2nd Type
Theorem 1: In a DIS-SU-RAS where every resource has
at least two units of capacity, the optimal logical
control policy is polynomially implementable (through
one-step lookahead)
Proof: We shall show that for this class of systems,
– unsafety deadlock, and
– deadlock is polynomially identifiable.
A polynomial deadlock detection algorithm
for DIS-SU RAS
• Given a state s of a DIS-SU RAS,
– R := the entire set of the system resources;
– DEADLOCK := FALSE;
• While (R is not empty AND not DEADLOCK)
– Try to identify a resource R in R s.t. R is not allocated to
capacity in s or it contains a job requesting advancement
to a resource not in R or out of the system.
– If successful, R := R\{R} else DEADLOCK:=TRUE;
• Return DEADLOCK
• Algorithm complexity: O(|R|2Cmax)
Unsafety Deadlock
The topological relationship of DEADLOCK and UNSAFE spaces / Deadlock-free unsafe states one
step away from deadlock
UNSAFE
DEADLOCK
The absurdity of the existence of a deadlock-free unsafe state one step away from deadlock
for the considered RAS class
Rk
Rl
Rj
An alternative mechanism for
establishing UNSAFETY= DEADLOCK in
various sub-classes of DIS-SU-RAS
Basic structure of deadlock-free unsafe states one step away
from deadlock in DIS-SU-RAS
Potential
Deadlock 2
Potential
Deadlock 1
C=1
Potential
Deadlock n
Potential
Deadlock i
Polynomial-Kernel Policies
• Search-based: Confine the system operation to those states from
which there exists a terminating sequence that completes one
process stage at a time. This sub-class of states are called
ordered, and the resulting policy is the renowned (Dijkstra’s)
Banker’s algorithm.
• Algebraic: Confine the system operation to those states s that
satisfy an inequality of the type:
A·s b
Remark: The system state s is a vector with its components
indicating how many jobs execute each processing stage of the
considered RAS
Example: The RUN (Resource Upstream
Neighborhood) Policy for SU-RAS
A partial resource reservation scheme based on a (partial) ordering of the
resource set: A job instance executing on a resource reserves capacity on
every downstream resource of order greater than or equal to the order of the
currently held resource, unless there is an intermediate resource of higher
order than the considered downstream resource.
R1
R2
R3
J1 : R1 R2 R3
J2 : R3 R2 R1
O(R1) = 1, O(R2) = 2, O(R3) = 1
J11
J
1 12 C1 1
1
J13
1 1
1 1 C2 1
J 21
J C3 1
1 1
22
J 23
A s b
Example: The Policy-Admissible Region
q0
q1
q2
J11
J21
q15
q3
J11
J12
q5
J11 J12
J11
q18
q11
J12 J13
q13
J11 J12 J13
J11 J12 J21
J22
q7
J13
J23
J12 J21
J13
J21
q6
q16
q9
q4
q8
J22 J 21
q17
q10
J11 J22
J23
J21
q19
J11 J22 J21
q12
J23 J22
q14
J23 J22 J21
Proving RUN Correctness
• It suffices to show that for every policy-admissible state, other than
the empty state, there is at least one loaded job that can advance.
• If there exists a job that needs to advance to a resource of order
higher than or equal to the order of the currently held resource, then,
this job does not enter a new resource neighborhood upon its
advancement. Therefore, (i) it has already reserved capacity on the
requested resource and (ii) it can advance without violating the policy.
• If every loaded job requests advancement to a resource of lower
order than the order of the currently held resource, consider a
minimal order resource containing jobs. Then, (i) the resource
requested by any of these jobs has free capacity. Furthermore, (ii) any
new neighborhoods entered by these jobs upon their advancement,
are empty (since they must belong to even lower-order resources).
Therefore, any of these jobs can advance without violating the policy.
Case 1 in the proof of
RUN correctness
NH(Rh)
Rc
Rn
Ri
o(Rc) o(Rn) o(Ri) o(Rh)
Rh
Case 2 in the proof of
RUN correctness
NH(Rh)
Rc
Rn
NH(Rl)
Rl
Rh
Rc is a minimum-order resource containing jobs
Then,by case assumptions,
• o(Rn) < o(Rc) Rn empty
Also,
• for any resource Rh such that st(Rn) NH(Rh) and o(Rh) o(Rc):
st(Rn) NH(Rh) st(Rc) NH(Rh)
• for any resource Rl such that st(Rn) NH(Rl) and o(Rl) < o(Rc):
Ri, Ri NH(Rl) o(Ri) o(Rl) < o(Rc) Ri empty NH(Rl) empty
Automatic Correctness Verification of
Algebraic PK Policies
Petri Net-based modeling of RAS
T20
T10
R1
R2
R3
P11
R1
P21
T11
P10
J1 : R1 R2 R3
J2 : R3 R2 R1
O(R1) = 1, O(R2) = 2, O(R3) = 1
P12
T21
R2
P22
P20
T12
P13
T13
T22
R3
P23
T23
Siphon-based characterization of RAS liveness:
Single Unit-RAS
T20
T10
P11
R1
T11
P10
P12
T21
R2
T12
P13
T13
P21
P22
T22
R3
P23
T23
P20
S = {R1, R2, P12, P23}
S* = {T10, T22, T11, T21,
T12, T23}
*S = {T11, T23, T12, T22}
*S S*
Siphon-based characterization of RAS liveness:
Conjunctive RAS
t20
t20
t10
p10
r1
2
t10
p21
t21
p11
t11
3
p22
t22
p10
p20
r1
2
p21
t21
p11
Modified
marking
3
t11
Resourceinduced
• Generalizing empty siphon:
Siphon S is deadly marked iff t*S, t is disabled by some pS
p22
t22
p20
A key result
Theorem 2: Consider a process-resource net N where:
I. every process subnet Ni is
– quasi-live for M0(pi0) = 1,
– reversible for every initial marking M0(pi0), and
– “acyclic”, i.e., strongly connected with every cycle containing pi0;
II. Resources are re-usable, i.e., for every resource Rk, p-semiflow yRk s.t.
– yRk(rk) = 1,
– p sup(Rk), yRk(p) = # units of Rk required for the execution of stage p,
– yRk(p) = 0, o.w.
III. Each process sub-net when augmented with the required resource places is
quasi-live (i.e., the process-resource net is “well-marked”).
Then,
1. N is live iff ~ resource-induced deadly marked siphon in the modified
reachability space.
2. Liveness Reversibility
3. If N is PT-ordinary, liveness ~ empty siphon in the reachability space.
Modeling an algebraic PK policy as a set of
fictitious resources
T20
T10
P11
R1
T11
J11
J
1 12 C1 1
1
J13
1 1
1 1 C2 1
J 21
J C3 1
1 1
22
J 23
P10
P12
T13
W1
T21
R2
T12
P13
P21
P22
P20
W2
T22
R3
P23
T23
W3
Computing the maximal empty siphon
Remove Marked Places
T20
T10
P11
R1
T11
P10
P12
T12
P13
T13
P21
R1
T21
R2
P22
T22
R3
P23
T23
T20
T10
T11
P20
P12
T12
P13
T13
P21
T21
R2
T22
P23
T23
Computing the maximal empty siphon
(cont.)
Remove enabled transitions and places that will be marked by their firing.; repeat.
T20
T10
T10
R1
T11
P12
T12
P13
T13
P21
T21
R2
R1
T11
P12
T22
P23
T23
T12
P13
T13
T21
R2
T22
P23
T23
A sufficiency condition for non-existence of
reachable empty siphons in structurally
bounded Petri nets
Theorem 3: A structurally bounded Petri net N=(P,T,F, M0) has no reachable empty siphons
if C(N) = |P|, where
C ( N ) min
s.t.
v
pP
p
zt v p |t | 1, t T
p t
v p zt , (t , p) F
M ( p)
vp
, p P
SB( p)
M M 0 y
v p , zt {0,1}; M , y 0
Practical Implications
• Theorems 2 and 3 provide the basis for the development of verification tests
for
– RAS liveness and
– algebraic PK policy correctness
that take the form of a Mixed Integer Programming formulation with
polynomial number of variables and constraints in terms of the size of the
underlying RAS.
• Embedded in a search process, these tests can support the design of
optimized algebraic PK policies – This is essentially a combinatorial
optimization problem and constitutes ongoing research.
Some Additional Developments and
Future Work
•
•
•
•
•
An algebraic theory for interpreting the functionality of algebraic PK policies
through siphon dependencies and the notion of “basic” / “elementary”
siphons.
A methodology for designing optimized (maximally permissive) algebraic PK
policies through non-blocking supervisory control theory and the theory of
regions for Petri net synthesis from their reachability space.
A generalization of the concept of algebraic PK policy in order to encompass
the potential nonlinearity of the maximally permissive supervisor, based on
results from pattern recognition / classification theory, and extension of the
correctness verification tests to these policies.
Future work: Integrate the presented results on the RAS logical control
problem with the time-based performance control / scheduling problems
arising in these environments.
The proposed framework: Markov Decision Processes and Approximate
Dynamic Programming.
Thank You!
© Copyright 2026 Paperzz