- Email: [email protected]
Modelling, Analysis and Control of DEDS in the Framework of Temporal Logic: A Case Study
3c-025
Copyright © 1996IFAC 13th Triennial World ('ongrcs~. San Francisco, USA
MODELLING, ANALYSIS AND CONTROL OF DEDS IN THE FRAMEWORK OF TEMPORAL LOGIC: A CASE STUDY
Tian Guohui
Liu Changyou
Department ofAutomation Shandong University of Technology, Jinan 250061 P.R.China
XuXinhe
Department ofAutomatic Control Northeastern University, Shenyang 110006 F.R.China
Abstract: In this paper, a case of discrete event dynamic system(DEDS). the sorting process in the automated warehouse is studied in the temporal logic framework. The temporal logic modcl(fLM) of the process is established, the reachability and qualitative properties of the TLM are analyzed, and the synthesis problem of TLM is also discussed. The plant. controller, and the desired closed system behaviour are specified in temporal logic formulae, and the problem is verified that the specifications of the desired closed loop system behaviour can be deduced from the descriptions of the plant and the controller. Keywords: discrete event dynamic system, modelling. system analysis, temporal logic, warehouse automation.
I. INTRODUCTION
The basic problem of the research on Discrete Event Dynamic Systcm(DEDS) is the modelling and analysis. Many approaches have been applied, such as boolean models(Aveyard, 1974); Petri nets(David and Alia, 1994; Murata, I 989);queuingnetworks(Gershwin, 1987); perturbation analysis(Ho,Y.C and Cao.x.R.1983,1991); minimax algebra(Cohen,et al.,1989); finitely recursive processes (lnan and Variaya,1988). automata and formal language (Cieslk. et al.. 1988; Kumar. et 01.,1993; Ramage and WOnham.1987); and so on. All of these methods can be divided into three levels: logic level, time level and
stochastic level. In the logic level, people study the logic relations and the soundness of the states and events of DEDS, search for a reasonable control strategy so that the desired behaviour can be reached. Such methods include Petri nets, temporal logIC, automata and formal language, etc. Temporal logic is a formalism that has been proposed in computer science(Alur and Henzinger,1994; Galton,l987) for software verification, particularly in the analysis and synthesis of concurrent programs. operating systems and distributed systems(Clarke, et al.,1986; Rechard and Melliar-Smith,1987). Recently, it has been applied to the
4766
~:
control problems of DEDS(Fusaoka,el 01., 1983 ; Lin F, 1993: Lin J-Y and londscu, 1990, 1992a, I992b; Tbistlc and Wonltam, 1986). Thc specificalion of real lime DEDS and the synthesis of conlrolJer have been investigated using real time temporal logic (Ostrol[ 1987, 1989a, 1989b, 1992; OstrotJ and Wonham,1 990).
The packing-box requests to output-sorting. The sorter starts input-sorting. The sorter starts output-sorting. The sorter finishes input-sorting. The sorter finishes output-sorting. £: The null event.
y: 11 : v: ,,:
Temporal logic has powerful cxpressivity and allows for the treatment of some infinite state systems because it is not necessary to cheak finite state reachable graphs for the existence of required properties. Instead, it provides the capability for pcrforming a deductivc corrcctness proof
The local variable symbols x l ,"2 ... ,xN will be used to represent the states of the N processes; and these symbols are of the same sort as the global constant symbols,ID,W!, WO,IS,OS.
In this paper, a case of DEDS, the sorting process in the automated warehouse, is studied in the temporal logic framework. The modelling, model synthesis, contrOl, specification and verification problems are discussed respectively.
In the uncontrolled system, there is no restriction on the number of packing-box which is allowed to simultaneously access to the sorter system for either input or output of the warehouse. The system should be controlled according to the following requirements: I). The sorter can sort any number of packing-box input of the warehouse simultaneously. 2).The sorter can sort only one p.1cking-box output of the warehouse at any time. The above requirements make the soter sort the packingboxes input of the warehouse one time in a group, but sort the packing-boxes output of the warehouse one by one.
This paper is organized as foUows: the following section introduces the sorting process of the automated warehouse. Then a brief summary of temporal logic is given. In seclion 4, the discrete event dynamic behaviour is analyzed and the temporal logic model(TLM) is defined. In section S, essential properties of TLM, such as reachability, Iiveness, safety, and so on, are analyzed. In section 6, the specifications of the plant , the closed loop system and the controller are given.In section 7, the TLM of the closed loop system is synthesised, and the verification analysis of the system is studied.
2.THE SORTING PROCESS IN THE AUTOMATED WAREHOUSE The sorting process in the automated warehouse can be considered as a discrete event process. The materials in the packing-shelves of the warehouse are picked into the packing-box and carried to the sorting system by the conveying system, then the sorter sorts the materials so that the right kind and right number of materials c.1n be delivered to the right users, we call this sorting process output-sorting. The materials in the packing-box which are out of the warehouse and will be deposited into the warehouse, also should be sorted by the sorter, in order to be deposited into the right packing-position of the warehouse, wc call this sorting process input-sorting. Thus each process i can be in one of the five states: idle(ID), waiting for input-sorting(WI), waiting for outputsorting(WO), input-sorting (IS). output-sorting(OS), which are represented by 5 .. '2, 53. s4 and s5 respectively. The events would be as follows: a : The packing-box requests to input-sorting.
3. TEMPORAL LOGIC As a formulism, temporal logic is composed of the language, syntax,semantics and the proof system. The symbols of its language include individual constant symbols, called global constant symbols; individual variable symbols,called local variable; function letters; predicate letters; logical connectives: , (the negation symbols), V (the disjunction eonoective), 1I (the conjunction connective); and temporal operators. For simplicity, we use two basic temporal operators 0 (next) and U(until) from which we can define many other useful operators including: o (henceforth), 0 (eventually), II (unless), p(precedes). For the details of the syntax, semanlics and proof system, see (Alur and Henzinger,1994: Galton, 1987; Thistle and Wonham.l986). A state formula is any first order predicate which does not have any temporal operators and can be cvallmted in a single state, but a temporal formula must be evaluated over a sequence of states(i.e. over a trajectory). For an arbitral' trajectory Cl O~soslS,"', (J k denotes the k-shifted trajectory suffix, i.c. (J k~"k"'+ 1"'+2"" Lel the symbol I~~ 0 "' mean that the trajectory (J satisfies the formula "' , the satisfaction relation is defined as follows: Definition 3.1 (satisfaction) For temporal formulae "'.
4767
w " '" 2 and trajectory cr 0: I). if w is a state formul", then I~~" 0 '" iff so( '" )=1rue. 2). I~~ "0 0 '" , iff I~~
"
I
W.
3). I~~ '" I U", 2' iff there exists k;;' O. such that I~~ CH", 2'
and fOT i O
I'
Other operators now can be dcfined from the abovc definition as follows: 1) . 0 w is an abbreviation for (!rUcU w ). 2), 0 w is an abbreviation for h (0 h ",))). J). ""Pw 2 isanabbreviationforh (h w,)Uw 2 ))· 4). w, U "'2 is an abbreviation for (0", ,)V(w ,U( 2)· Definition 3.2. (I: M-Validity) For any system M, let S be a temporal formula specifying the required plant behaviour to be ensured by the controller. and let I: M be its legal trajectories, Specification S is L M-valid if all trajectories
describlcd by a set of formulae. A dynamic formula L(c,s) has thc following form: O[ 5 ~e 11 x~ID ~> (Ox)~WIl which is related to the transition ~ by s~x and s'~ ~ (e,s)~ o x. It means that the occurrence of the event e changes the value of the state x from ID to WI. Here, 5 is an event variable represcnting the event which will occur.
5.ESSENT1AL PROPERTY ANALYSIS OF TLM
5. l.Reachability ,1na/ysis of1lM
Firing an event e E E in a state s produces an evolution in the system, and a new state s' will occur. That is to say that s' is immediately reachable from s. If s' is immediately reachable from sand s" is immediately reachable from s', we say that s" is reachable from s, the Teachability set R(M,so) is defined by
in I: M satisfy it. Definition
5.1.1
If S is I: M-valid, we can know that the plant controlled by
The
M~(G,F* ,L)
is the smallest set of states defined by
the controller will certanly meet the specificaton S. The verification problem of TLM will be stnied in this term in section 7.2. _
I).so E R(M.so): 2).Ifs (R(M,so) and
s'~ ~
reachability
set
R(M,so)
for
(e,s) for some e E E; then
s' ( R(M,so)' 4.DISCRETE EVENT DYNAMIC BEHAVIOUR AND TEMPORAL LOGIC MODEL(TLM) The discrete event dynamic system to be controlled (called the plant) is structured as G~(S.E, ~ .so), where S denotes the state set; E, the finite event set: ~ , thc partial state transition function S x E ~ S; and sodenotes the initial state. A firing of a transition in a DEDS must satisfy a set of enable conditions in some time interval. corresponding to an activity in the system. Those conditions can be described by temporal logic formulae, thus a possiblc modcl for dcscribiug the dynamics of DEDS can be built using temporal logic formulae. Let F be a set of logic formulae, thcn a temporal logic model(TLM) for DEDS can be defined as a 3-tuple M~(G,F*,L), where G~(S,E. ~ ,so), F* is thc set of all subscts of F, and L:S x E ~ F* is a labelling function, associating every pair (c,s) to the set of formulae that hold in this pair. With the labelling function L, a temporal logic model is
From the above definiton, the next-state function to map a state and a sequence of events into a new state can be extended to be: ~ ( a e,s)~ ~ (e, ~ (" ,s) ~(E.S)~S
where s is a state, the sequence of events er, er e E E, and
e is a nul event.
5.2.Essential Qualitative Temporal Properties ofTLM
The temporal logic can be used to reason about some essential qualitative temporal properties. Safety properties can be specified including mutual exclusion and absence of deadlock(Ostroff, 1987, 1989a; LinJ.Y.and londscll, 1990. 19923, I 992b). Li,eness properties including termination and responsiveness (Thistle and Wonham, 1986). Fairness properties including scheduling a given process "infinitely ofen" or requiring that a continously enabled transition ultimately fire(Rcchard and MelliarSmith, 1987). Priority stating that a particular event always be prevented from occurring under certain conditions or an event must occur under a particular condition(Ostroff, 1992). Precedence stating that events will occur in some
4768
particular order(Ostorff and Wonham, 1990)_
Remark2: the fonnula (CLl) means that if there is a process is in the input-sorting state, no other process can be in the output-sorting state at this time; (CL2)means that if there is a process is in the output-sorting state, the other
6_SPECTFICATIONS AND CONTROL OF DEDS
processes can be in neither input-sorting nor output-sorting stale at this time_
6. I.P/ant Specifications The first specificaton of a plant is the set of possible events which can occnr in the system, and then the state changes caused by an occurrence of events. In addition, all the distinct possible state values and the initial stales of the system should also be specificd. The plant of thc sorting process in the automated warehouse should be specified as follows:
Axioms: D VNj-J(o~aiV o~~iV b~~iV b~v iV b~AiV b~c) (PI)
D[ID .. WT 11 ID .. WO 11 ID .. ISII ID .. OS 11 Wi .. WO 11 WI .. ISII Wi .. OSII WO .. ISII WO .. OSIIIS .. OS] (P2) Dynamics of the processes: D IIN;--P\ ~ai~> ,,;~IDII(Ox)=WTII (fI Ni+j-t(0xf='9]
(P3)
D fI NF ,[ 1\ ~ ~ i~> yID I\( O,,;}=WOfl (11 Ni*i=I( Oxf="j)] (P4) D 11 NFlf 6 ~y i~>,,;~WiIl(Ox)=ISl\(fI Ni * j~I(0xf='9] (P5)
D IINF ,[ b ~ ~ i~>yWOII(O,,;}=OSII( 11 Ni*rl(0xf='9] (F\S) D IINFlf b ~ v i~>,,;~IS III oxi}=ID 11 (11 Ni-.
D 11 NF ,[ 1\ ~ Ai~>yOSII (0 ,,;}=ID 11 (11 Ni*;-I( 0"iF"j)]
(1'8)
D 11 Ni~" 0 ~ c ~>(
(P9)
° xi)~x;l
6.3. Controller Specifications
Genreally speaking, the uncontrolled system can not reach the desired behavior, therefore some control strategies should be added to it The mechanism which gives the reasonable control strategies is called controller, it ensures that the requirements proposed by the desired behaviour of system dynamics are met. In order to monitor and control the system, additional local variable symbols band care used to represent the data stored by the controller. b is assigaed values I and 0 representing whether a process is output-sorting or not; and c is assib'lled non-negative integer values representing the number of processes which are input-sorting_ Specifications of the controller are specified as follows: Dynamics ufthe cunlruller: D 11 Ni_d b ~ Y i~>b~ fI (0 b)~bll (Oc)~c+ I]
(Cl)
D IINHI 0 ~
(C2)
~ i~>b~II(Ob)~lllc~O fI(Oc)~O]
D 11 Ni~d 6 ~ v i~>b~ 11 (0 b)~bll c>0 fI (Oc)~-l] (C3)
D 11 Ni~d 0 ~ A ;~>b~11I (Ob)~O 11 c~O 11 (0 c)~c]
D 11 Ni~" 0 ~ c ~>(
°b)~b 11 (Oc)~]
(C4) (CS)
Initial condition of the controller: ~Ollc~
(C6)
Initial condition:
1\ Ni~l xj=ID
(PlO)
Remarkl:Formula (PI) describes the set of possible events of the process; (P2) describes the five possibe states ;(P3)(P9) describe the effect of every event on the staleS of process i respectively; (PlO) means that initially all processes are idle.
Remark3: Formula (Cl)means that the event Y i can fire in the condition of ~O, and then the value of c increases by one; (C2) means that 11 i can fire in the condition ofb~O and c~O, and then b is assigned value I; (C3) means that if v i fires, the value of c will decrease by one; (C4) means that if A i fires, b will be assigned value 0; (CS) means that the null event has no influence on the cotroller; (C6) means initially band c are both assigaed value 0_
6. 2. C/osed Loop System Specifications The closed loop system specifications describe the desired dynamical behaviour of the system. The required behaviour of the sorting system is specified as follows: D fI Ni~,lxi~IS~> fI Ni * j~IXj" OSl
D 11 Ni~llxi~OS~> fI Ni * j~I(Xj" IS 11 Xj "OS)]
(CLI) (CL2)
7.THE SYNTHESIS OF TEMPORAL LOGIC MODEL AND VERIFICATION ANALYSIS OF DEDS
7. I. Synthesis o/TIM/or The Closed loop System
When we know the TLM of the plant and the controller,
4769
we can synthesis the TLM of the closed-loop system from them. Let
M~({S.E,
<; ,so},F*,L) model the plant and
Mc~
(4). IS" ID A IS* WI A IS .. WOA IS .. OS from (P2) and by PR(propositional Reasoning). (5). (Ox;)=IS => (Ob)=O from (2)-(4) and bY PR. (6). b = ~ k hypothesis.
({Q,Ec, 1; c' qo)' Fe'. Le) model the controller, where Q is the set of states of the controller, Ec is a subset of E. Then the closed loop system M'~M 11 Mc=({S',E', <; , • s'o}. F**,L') can be synthesised as follows:
(8). b=O A (Ob)= I A ~O A (Oe)=O from (6) and (C3). (9) OS"IDAOS .. WIAOS"WOAOS .. IS from (P2)
The formulae set F* *= F* U Fe *, the sct of states S'=S
(10). (0 x,)=IS =>( Ob)=O from (7)-(9) and by PR.
(7). xk=WO 11 (0 xk)~S A [A Nk*j~l( 0 Xj)~xi]
from
(6) and (P6).
by PR. x
Q,
the set of events E'=E. and (so'Qc) is the initial state s'o of M'.
~'denotes
the
transition function in M',
then
(11). (0 \)~IS =>( 0 xk) .. OS from (5) and (10) by PR. (12). D I,;=IS ~>xk" OS] from (11) by FT(Frame
(s',q')= <; , (e,(s,q» in M' if and only if s'= <; (e,s) in M and q'~ 1; c(e,q) in Mc'
(13). D A N'*j_l[xi~IS~> 11 Ni*j~IXj * OS] from (12) by
The definitions corresponding to the reachable properties of the synthesised TLM are given as follows:
PR the verification about (CL2) is similar to the proof above for (CLI). The proof of theorem 7.2.1 is completed.
Thorem).
Definition 7.1.1. A state (s.q) in M'~M 11 Mc is said to be reachable if and only if s is reachable in M and q is reachable in McDefinition 7.1.2 .The reachability sel R(M'.(so,Qc)) is defined as the smallest set of states dcfined by I). (so,qo) E R(M',(so,qo»; 2). (s',q') E R(M'.(so.qo»' if (s.q) ( R(M'.(so'Qc)) and (s',q') E <; '(c.(s,q)). Then the corresponding reachable properties of the synthesised TLM can be analyzed in the similar way as the single TLM.
8.CONCLUSION In this paper, a case of DEDS, the sorting part in the autom-aled warehouse is studied in the temporal logic framework. The temporal logIc model(TLM) of the process is established, the reachability and qualitative properties of the TLM are analyzed, and the synthesis problem of TLM is also discussed. The plant,controller, and the desired closed system behaviour are specified in temporal logic formulae, and the problem is verified that the specifications of the desired closed loop system behaviour
can be deduced from the descriptions of the plant and the controller. ensnring that the behaviour of the controlled closed loop system can meet lhe desired requirements.
7.2. Verification Analysis oJDEDS
REFERENCES The verification problem of the closed loop system is to verilY that the closed loop system specifications can be deduced from the descriptions of the plant and the controller, ensuring that the behaviour of the controlled closed loop system can meet the desired requirements. Theorem 7.2.1 The closed loop system specifications (CLl )-(CL2) can be deduced from the descriptions of the plant (Pl)-(PIO) and the controller (C1)-(C6). Proof of Theorem 7.2. I (I). b = y ; hypothesis. (2). '; =WT A (0 x;)~IS A [A N; *j -I( 0 Xj)=x) from (I) and (PS) (3). (0 c)~c+l A b~O A (0 b)=b
from (I) and (C2).
AJur,R. and Thomas A.Henzinger(l994). A Really Temporal Logic. JACM, 41, 181-204 Aveyard.R.(l974). A Boolean Model for A Class of Discrete Event Systems.lEEE Trans un Syst Man Cyb . Vol SMC-4. 249-258. C1arke,E.M.,E.A.Emerson,and A.P.Sisla( 1986). Automatic vcrifh::ation of finite-state concurrent systems using temporal logic specifications. ACA1 trans. on Programming Languages and Systems, 8, 244-263. Cicslak.R .. et 0/.(1988). Supervisory Control of Discrete E,enl Processes With Partial Observations. lE!!"!!.' Trans on Automat Contr, 33,249-260. Cohen.G.,et a/.(1989). Algebraic Tools for The Perfonnance Evaluation of Discrete Event System. Proc '1'the IEEl':. 77,39-58.
4770
David,R and Hassane Alla(l994). Petri Nets for Modeling of Dynamic Systems---A Survey, Automatica 30, 175-202. Fusaoka,A.,H.Seki,and K.Takahashi(1983). A description and reasoning of plant controllers in temporal logic. In: Proc. the 8th Int. Joint. Coni on Artificial Intelligence,pp.405-408. Galton,A.( 1987). Temporal Logics and Their Applications. Academic Press, London. Gcrshwin,S.B.(I987). An Efficient Decomposition Method for The Approximation Evaluation of Tandem Queues With Finite Storage Space and Blocking. Operation Research, 35, 291-305.
Ho,Y.C, Cao,X.R and c.G.Cassandras(l983). Infinitesimal and Finite Pcrturbation Analysis for Queuing Networks. Automalica.19.439--l45. Ho,Y.C and Cao,X.R(1991), Peturbation Analysis of Discrete t:vent Dynamical System. Klumer Academic Publishers. Inan,K. and P.Variaya(l988). Finitely Recursive Process Models for Diserete Event Systems. 11<.'£E Trons on
and Design of Real-Time Safety Critical systems. J. Systems Software 18,33-60. Ostroff,lS. and W.M.Wonham(1990). A Framework for Real Time Discrete Event Control. IEEE Trans on Automatic Control 35.386-397. Ramadge,PJ. and W.M.Wonham(1987). Supervisory Control of A Class of Discrete Event Proccss. SIAM J.Contr & Optimiz, 25,206-230. Rechard,S. and P.M.Melliar-Smith(l987). Temporal Logic Specificaton of Distributed Systems.!n: Proc of 2nd 1nl Con! on Distributed Computing Systems. 454.
pp.446~
Thistle,lS. and W.M. Wonham(1986). Control Problems in A Temporal Logic Framework.. Int.J.Control,44,943976.
Automat Contr. 33,629-639.
Kumar,R.,Vijay Garg,and Steven LMarcus(l993). Predicates and Predicate Transformers for Supervisory Control of Discrete Event Dynamical Systems. IEEE Trans on Automat Contr. 38, 232-247. Lin,F(l993). Analysis and Synthesis of Discrete Event Systems Using Temporal Logic. Control Theory and Advanced Technology, 9,341-350. Lin,J.Y and D.Iondscu(l990). A GcncrnJized TempornJ Logic Approach for Control Problems of A Class of Nondeter-ministic Discrete Event Systems. In: Proc. 29th IEEE Coni DeciSion & Control, Honolulu, Hawaii, pp.3440-3445. Lin,J.Y and D.!ondscu(1992a). Analysis and Synthesis Procedures of Discrete Event Systems in A Temporal
Logic Framework. In:lERF Intern ~)ympo on Intelligent control. pp.184-191 Lin,J.Y and D.Iondscu(l992b). Veifying a Class of Nondctcnninistic Discrete event systems in a Generalized
TcmpornJ logic. IEEE Trans on Syst Man Cyb, 22,1461-1469. Murata,T.(I989). Petri nets: Properties, Analysis and Applications.Proc of the IEEE. 77,541-580. Ostroff,lS.(1987). State Machines.Temporal Logic and Control:a Framework for Discrete Event Systems.ln: Froc 0/ the 26th conI un Decision and Control, Los
Angoies CA December 1987. pp.681-686. Ostroff,lS.(l989a.) Synthesis of Controllers for Real Time Discrete Event Systems. In: Proc of the 28th conf on Decision and Control. Tempa Florids pp. 138-144. Temporal Logic for Real-Time Ostroff,lS.(l989b), Systems. Research Studies Press,England. Ostroff,lS.(l992). Formal Methods for The Specification
4771
Copyright © 1996IFAC 13th Triennial World ('ongrcs~. San Francisco, USA
MODELLING, ANALYSIS AND CONTROL OF DEDS IN THE FRAMEWORK OF TEMPORAL LOGIC: A CASE STUDY
Tian Guohui
Liu Changyou
Department ofAutomation Shandong University of Technology, Jinan 250061 P.R.China
XuXinhe
Department ofAutomatic Control Northeastern University, Shenyang 110006 F.R.China
Abstract: In this paper, a case of discrete event dynamic system(DEDS). the sorting process in the automated warehouse is studied in the temporal logic framework. The temporal logic modcl(fLM) of the process is established, the reachability and qualitative properties of the TLM are analyzed, and the synthesis problem of TLM is also discussed. The plant. controller, and the desired closed system behaviour are specified in temporal logic formulae, and the problem is verified that the specifications of the desired closed loop system behaviour can be deduced from the descriptions of the plant and the controller. Keywords: discrete event dynamic system, modelling. system analysis, temporal logic, warehouse automation.
I. INTRODUCTION
The basic problem of the research on Discrete Event Dynamic Systcm(DEDS) is the modelling and analysis. Many approaches have been applied, such as boolean models(Aveyard, 1974); Petri nets(David and Alia, 1994; Murata, I 989);queuingnetworks(Gershwin, 1987); perturbation analysis(Ho,Y.C and Cao.x.R.1983,1991); minimax algebra(Cohen,et al.,1989); finitely recursive processes (lnan and Variaya,1988). automata and formal language (Cieslk. et al.. 1988; Kumar. et 01.,1993; Ramage and WOnham.1987); and so on. All of these methods can be divided into three levels: logic level, time level and
stochastic level. In the logic level, people study the logic relations and the soundness of the states and events of DEDS, search for a reasonable control strategy so that the desired behaviour can be reached. Such methods include Petri nets, temporal logIC, automata and formal language, etc. Temporal logic is a formalism that has been proposed in computer science(Alur and Henzinger,1994; Galton,l987) for software verification, particularly in the analysis and synthesis of concurrent programs. operating systems and distributed systems(Clarke, et al.,1986; Rechard and Melliar-Smith,1987). Recently, it has been applied to the
4766
~:
control problems of DEDS(Fusaoka,el 01., 1983 ; Lin F, 1993: Lin J-Y and londscu, 1990, 1992a, I992b; Tbistlc and Wonltam, 1986). Thc specificalion of real lime DEDS and the synthesis of conlrolJer have been investigated using real time temporal logic (Ostrol[ 1987, 1989a, 1989b, 1992; OstrotJ and Wonham,1 990).
The packing-box requests to output-sorting. The sorter starts input-sorting. The sorter starts output-sorting. The sorter finishes input-sorting. The sorter finishes output-sorting. £: The null event.
y: 11 : v: ,,:
Temporal logic has powerful cxpressivity and allows for the treatment of some infinite state systems because it is not necessary to cheak finite state reachable graphs for the existence of required properties. Instead, it provides the capability for pcrforming a deductivc corrcctness proof
The local variable symbols x l ,"2 ... ,xN will be used to represent the states of the N processes; and these symbols are of the same sort as the global constant symbols,ID,W!, WO,IS,OS.
In this paper, a case of DEDS, the sorting process in the automated warehouse, is studied in the temporal logic framework. The modelling, model synthesis, contrOl, specification and verification problems are discussed respectively.
In the uncontrolled system, there is no restriction on the number of packing-box which is allowed to simultaneously access to the sorter system for either input or output of the warehouse. The system should be controlled according to the following requirements: I). The sorter can sort any number of packing-box input of the warehouse simultaneously. 2).The sorter can sort only one p.1cking-box output of the warehouse at any time. The above requirements make the soter sort the packingboxes input of the warehouse one time in a group, but sort the packing-boxes output of the warehouse one by one.
This paper is organized as foUows: the following section introduces the sorting process of the automated warehouse. Then a brief summary of temporal logic is given. In seclion 4, the discrete event dynamic behaviour is analyzed and the temporal logic model(TLM) is defined. In section S, essential properties of TLM, such as reachability, Iiveness, safety, and so on, are analyzed. In section 6, the specifications of the plant , the closed loop system and the controller are given.In section 7, the TLM of the closed loop system is synthesised, and the verification analysis of the system is studied.
2.THE SORTING PROCESS IN THE AUTOMATED WAREHOUSE The sorting process in the automated warehouse can be considered as a discrete event process. The materials in the packing-shelves of the warehouse are picked into the packing-box and carried to the sorting system by the conveying system, then the sorter sorts the materials so that the right kind and right number of materials c.1n be delivered to the right users, we call this sorting process output-sorting. The materials in the packing-box which are out of the warehouse and will be deposited into the warehouse, also should be sorted by the sorter, in order to be deposited into the right packing-position of the warehouse, wc call this sorting process input-sorting. Thus each process i can be in one of the five states: idle(ID), waiting for input-sorting(WI), waiting for outputsorting(WO), input-sorting (IS). output-sorting(OS), which are represented by 5 .. '2, 53. s4 and s5 respectively. The events would be as follows: a : The packing-box requests to input-sorting.
3. TEMPORAL LOGIC As a formulism, temporal logic is composed of the language, syntax,semantics and the proof system. The symbols of its language include individual constant symbols, called global constant symbols; individual variable symbols,called local variable; function letters; predicate letters; logical connectives: , (the negation symbols), V (the disjunction eonoective), 1I (the conjunction connective); and temporal operators. For simplicity, we use two basic temporal operators 0 (next) and U(until) from which we can define many other useful operators including: o (henceforth), 0 (eventually), II (unless), p(precedes). For the details of the syntax, semanlics and proof system, see (Alur and Henzinger,1994: Galton, 1987; Thistle and Wonham.l986). A state formula is any first order predicate which does not have any temporal operators and can be cvallmted in a single state, but a temporal formula must be evaluated over a sequence of states(i.e. over a trajectory). For an arbitral' trajectory Cl O~soslS,"', (J k denotes the k-shifted trajectory suffix, i.c. (J k~"k"'+ 1"'+2"" Lel the symbol I~~ 0 "' mean that the trajectory (J satisfies the formula "' , the satisfaction relation is defined as follows: Definition 3.1 (satisfaction) For temporal formulae "'.
4767
w " '" 2 and trajectory cr 0: I). if w is a state formul", then I~~" 0 '" iff so( '" )=1rue. 2). I~~ "0 0 '" , iff I~~
"
I
W.
3). I~~ '" I U", 2' iff there exists k;;' O. such that I~~ CH", 2'
and fOT i O
I'
Other operators now can be dcfined from the abovc definition as follows: 1) . 0 w is an abbreviation for (!rUcU w ). 2), 0 w is an abbreviation for h (0 h ",))). J). ""Pw 2 isanabbreviationforh (h w,)Uw 2 ))· 4). w, U "'2 is an abbreviation for (0", ,)V(w ,U( 2)· Definition 3.2. (I: M-Validity) For any system M, let S be a temporal formula specifying the required plant behaviour to be ensured by the controller. and let I: M be its legal trajectories, Specification S is L M-valid if all trajectories
describlcd by a set of formulae. A dynamic formula L(c,s) has thc following form: O[ 5 ~e 11 x~ID ~> (Ox)~WIl which is related to the transition ~ by s~x and s'~ ~ (e,s)~ o x. It means that the occurrence of the event e changes the value of the state x from ID to WI. Here, 5 is an event variable represcnting the event which will occur.
5.ESSENT1AL PROPERTY ANALYSIS OF TLM
5. l.Reachability ,1na/ysis of1lM
Firing an event e E E in a state s produces an evolution in the system, and a new state s' will occur. That is to say that s' is immediately reachable from s. If s' is immediately reachable from sand s" is immediately reachable from s', we say that s" is reachable from s, the Teachability set R(M,so) is defined by
in I: M satisfy it. Definition
5.1.1
If S is I: M-valid, we can know that the plant controlled by
The
M~(G,F* ,L)
is the smallest set of states defined by
the controller will certanly meet the specificaton S. The verification problem of TLM will be stnied in this term in section 7.2. _
I).so E R(M.so): 2).Ifs (R(M,so) and
s'~ ~
reachability
set
R(M,so)
for
(e,s) for some e E E; then
s' ( R(M,so)' 4.DISCRETE EVENT DYNAMIC BEHAVIOUR AND TEMPORAL LOGIC MODEL(TLM) The discrete event dynamic system to be controlled (called the plant) is structured as G~(S.E, ~ .so), where S denotes the state set; E, the finite event set: ~ , thc partial state transition function S x E ~ S; and sodenotes the initial state. A firing of a transition in a DEDS must satisfy a set of enable conditions in some time interval. corresponding to an activity in the system. Those conditions can be described by temporal logic formulae, thus a possiblc modcl for dcscribiug the dynamics of DEDS can be built using temporal logic formulae. Let F be a set of logic formulae, thcn a temporal logic model(TLM) for DEDS can be defined as a 3-tuple M~(G,F*,L), where G~(S,E. ~ ,so), F* is thc set of all subscts of F, and L:S x E ~ F* is a labelling function, associating every pair (c,s) to the set of formulae that hold in this pair. With the labelling function L, a temporal logic model is
From the above definiton, the next-state function to map a state and a sequence of events into a new state can be extended to be: ~ ( a e,s)~ ~ (e, ~ (" ,s) ~(E.S)~S
where s is a state, the sequence of events er, er e E E, and
e is a nul event.
5.2.Essential Qualitative Temporal Properties ofTLM
The temporal logic can be used to reason about some essential qualitative temporal properties. Safety properties can be specified including mutual exclusion and absence of deadlock(Ostroff, 1987, 1989a; LinJ.Y.and londscll, 1990. 19923, I 992b). Li,eness properties including termination and responsiveness (Thistle and Wonham, 1986). Fairness properties including scheduling a given process "infinitely ofen" or requiring that a continously enabled transition ultimately fire(Rcchard and MelliarSmith, 1987). Priority stating that a particular event always be prevented from occurring under certain conditions or an event must occur under a particular condition(Ostroff, 1992). Precedence stating that events will occur in some
4768
particular order(Ostorff and Wonham, 1990)_
Remark2: the fonnula (CLl) means that if there is a process is in the input-sorting state, no other process can be in the output-sorting state at this time; (CL2)means that if there is a process is in the output-sorting state, the other
6_SPECTFICATIONS AND CONTROL OF DEDS
processes can be in neither input-sorting nor output-sorting stale at this time_
6. I.P/ant Specifications The first specificaton of a plant is the set of possible events which can occnr in the system, and then the state changes caused by an occurrence of events. In addition, all the distinct possible state values and the initial stales of the system should also be specificd. The plant of thc sorting process in the automated warehouse should be specified as follows:
Axioms: D VNj-J(o~aiV o~~iV b~~iV b~v iV b~AiV b~c) (PI)
D[ID .. WT 11 ID .. WO 11 ID .. ISII ID .. OS 11 Wi .. WO 11 WI .. ISII Wi .. OSII WO .. ISII WO .. OSIIIS .. OS] (P2) Dynamics of the processes: D IIN;--P\ ~ai~> ,,;~IDII(Ox)=WTII (fI Ni+j-t(0xf='9]
(P3)
D fI NF ,[ 1\ ~ ~ i~> yID I\( O,,;}=WOfl (11 Ni*i=I( Oxf="j)] (P4) D 11 NFlf 6 ~y i~>,,;~WiIl(Ox)=ISl\(fI Ni * j~I(0xf='9] (P5)
D IINF ,[ b ~ ~ i~>yWOII(O,,;}=OSII( 11 Ni*rl(0xf='9] (F\S) D IINFlf b ~ v i~>,,;~IS III oxi}=ID 11 (11 Ni-.
D 11 NF ,[ 1\ ~ Ai~>yOSII (0 ,,;}=ID 11 (11 Ni*;-I( 0"iF"j)]
(1'8)
D 11 Ni~" 0 ~ c ~>(
(P9)
° xi)~x;l
6.3. Controller Specifications
Genreally speaking, the uncontrolled system can not reach the desired behavior, therefore some control strategies should be added to it The mechanism which gives the reasonable control strategies is called controller, it ensures that the requirements proposed by the desired behaviour of system dynamics are met. In order to monitor and control the system, additional local variable symbols band care used to represent the data stored by the controller. b is assigaed values I and 0 representing whether a process is output-sorting or not; and c is assib'lled non-negative integer values representing the number of processes which are input-sorting_ Specifications of the controller are specified as follows: Dynamics ufthe cunlruller: D 11 Ni_d b ~ Y i~>b~ fI (0 b)~bll (Oc)~c+ I]
(Cl)
D IINHI 0 ~
(C2)
~ i~>b~II(Ob)~lllc~O fI(Oc)~O]
D 11 Ni~d 6 ~ v i~>b~ 11 (0 b)~bll c>0 fI (Oc)~-l] (C3)
D 11 Ni~d 0 ~ A ;~>b~11I (Ob)~O 11 c~O 11 (0 c)~c]
D 11 Ni~" 0 ~ c ~>(
°b)~b 11 (Oc)~]
(C4) (CS)
Initial condition of the controller: ~Ollc~
(C6)
Initial condition:
1\ Ni~l xj=ID
(PlO)
Remarkl:Formula (PI) describes the set of possible events of the process; (P2) describes the five possibe states ;(P3)(P9) describe the effect of every event on the staleS of process i respectively; (PlO) means that initially all processes are idle.
Remark3: Formula (Cl)means that the event Y i can fire in the condition of ~O, and then the value of c increases by one; (C2) means that 11 i can fire in the condition ofb~O and c~O, and then b is assigned value I; (C3) means that if v i fires, the value of c will decrease by one; (C4) means that if A i fires, b will be assigned value 0; (CS) means that the null event has no influence on the cotroller; (C6) means initially band c are both assigaed value 0_
6. 2. C/osed Loop System Specifications The closed loop system specifications describe the desired dynamical behaviour of the system. The required behaviour of the sorting system is specified as follows: D fI Ni~,lxi~IS~> fI Ni * j~IXj" OSl
D 11 Ni~llxi~OS~> fI Ni * j~I(Xj" IS 11 Xj "OS)]
(CLI) (CL2)
7.THE SYNTHESIS OF TEMPORAL LOGIC MODEL AND VERIFICATION ANALYSIS OF DEDS
7. I. Synthesis o/TIM/or The Closed loop System
When we know the TLM of the plant and the controller,
4769
we can synthesis the TLM of the closed-loop system from them. Let
M~({S.E,
<; ,so},F*,L) model the plant and
Mc~
(4). IS" ID A IS* WI A IS .. WOA IS .. OS from (P2) and by PR(propositional Reasoning). (5). (Ox;)=IS => (Ob)=O from (2)-(4) and bY PR. (6). b = ~ k hypothesis.
({Q,Ec, 1; c' qo)' Fe'. Le) model the controller, where Q is the set of states of the controller, Ec is a subset of E. Then the closed loop system M'~M 11 Mc=({S',E', <; , • s'o}. F**,L') can be synthesised as follows:
(8). b=O A (Ob)= I A ~O A (Oe)=O from (6) and (C3). (9) OS"IDAOS .. WIAOS"WOAOS .. IS from (P2)
The formulae set F* *= F* U Fe *, the sct of states S'=S
(10). (0 x,)=IS =>( Ob)=O from (7)-(9) and by PR.
(7). xk=WO 11 (0 xk)~S A [A Nk*j~l( 0 Xj)~xi]
from
(6) and (P6).
by PR. x
Q,
the set of events E'=E. and (so'Qc) is the initial state s'o of M'.
~'denotes
the
transition function in M',
then
(11). (0 \)~IS =>( 0 xk) .. OS from (5) and (10) by PR. (12). D I,;=IS ~>xk" OS] from (11) by FT(Frame
(s',q')= <; , (e,(s,q» in M' if and only if s'= <; (e,s) in M and q'~ 1; c(e,q) in Mc'
(13). D A N'*j_l[xi~IS~> 11 Ni*j~IXj * OS] from (12) by
The definitions corresponding to the reachable properties of the synthesised TLM are given as follows:
PR the verification about (CL2) is similar to the proof above for (CLI). The proof of theorem 7.2.1 is completed.
Thorem).
Definition 7.1.1. A state (s.q) in M'~M 11 Mc is said to be reachable if and only if s is reachable in M and q is reachable in McDefinition 7.1.2 .The reachability sel R(M'.(so,Qc)) is defined as the smallest set of states dcfined by I). (so,qo) E R(M',(so,qo»; 2). (s',q') E R(M'.(so.qo»' if (s.q) ( R(M'.(so'Qc)) and (s',q') E <; '(c.(s,q)). Then the corresponding reachable properties of the synthesised TLM can be analyzed in the similar way as the single TLM.
8.CONCLUSION In this paper, a case of DEDS, the sorting part in the autom-aled warehouse is studied in the temporal logic framework. The temporal logIc model(TLM) of the process is established, the reachability and qualitative properties of the TLM are analyzed, and the synthesis problem of TLM is also discussed. The plant,controller, and the desired closed system behaviour are specified in temporal logic formulae, and the problem is verified that the specifications of the desired closed loop system behaviour
can be deduced from the descriptions of the plant and the controller. ensnring that the behaviour of the controlled closed loop system can meet lhe desired requirements.
7.2. Verification Analysis oJDEDS
REFERENCES The verification problem of the closed loop system is to verilY that the closed loop system specifications can be deduced from the descriptions of the plant and the controller, ensuring that the behaviour of the controlled closed loop system can meet the desired requirements. Theorem 7.2.1 The closed loop system specifications (CLl )-(CL2) can be deduced from the descriptions of the plant (Pl)-(PIO) and the controller (C1)-(C6). Proof of Theorem 7.2. I (I). b = y ; hypothesis. (2). '; =WT A (0 x;)~IS A [A N; *j -I( 0 Xj)=x) from (I) and (PS) (3). (0 c)~c+l A b~O A (0 b)=b
from (I) and (C2).
AJur,R. and Thomas A.Henzinger(l994). A Really Temporal Logic. JACM, 41, 181-204 Aveyard.R.(l974). A Boolean Model for A Class of Discrete Event Systems.lEEE Trans un Syst Man Cyb . Vol SMC-4. 249-258. C1arke,E.M.,E.A.Emerson,and A.P.Sisla( 1986). Automatic vcrifh::ation of finite-state concurrent systems using temporal logic specifications. ACA1 trans. on Programming Languages and Systems, 8, 244-263. Cicslak.R .. et 0/.(1988). Supervisory Control of Discrete E,enl Processes With Partial Observations. lE!!"!!.' Trans on Automat Contr, 33,249-260. Cohen.G.,et a/.(1989). Algebraic Tools for The Perfonnance Evaluation of Discrete Event System. Proc '1'the IEEl':. 77,39-58.
4770
David,R and Hassane Alla(l994). Petri Nets for Modeling of Dynamic Systems---A Survey, Automatica 30, 175-202. Fusaoka,A.,H.Seki,and K.Takahashi(1983). A description and reasoning of plant controllers in temporal logic. In: Proc. the 8th Int. Joint. Coni on Artificial Intelligence,pp.405-408. Galton,A.( 1987). Temporal Logics and Their Applications. Academic Press, London. Gcrshwin,S.B.(I987). An Efficient Decomposition Method for The Approximation Evaluation of Tandem Queues With Finite Storage Space and Blocking. Operation Research, 35, 291-305.
Ho,Y.C, Cao,X.R and c.G.Cassandras(l983). Infinitesimal and Finite Pcrturbation Analysis for Queuing Networks. Automalica.19.439--l45. Ho,Y.C and Cao,X.R(1991), Peturbation Analysis of Discrete t:vent Dynamical System. Klumer Academic Publishers. Inan,K. and P.Variaya(l988). Finitely Recursive Process Models for Diserete Event Systems. 11<.'£E Trons on
and Design of Real-Time Safety Critical systems. J. Systems Software 18,33-60. Ostroff,lS. and W.M.Wonham(1990). A Framework for Real Time Discrete Event Control. IEEE Trans on Automatic Control 35.386-397. Ramadge,PJ. and W.M.Wonham(1987). Supervisory Control of A Class of Discrete Event Proccss. SIAM J.Contr & Optimiz, 25,206-230. Rechard,S. and P.M.Melliar-Smith(l987). Temporal Logic Specificaton of Distributed Systems.!n: Proc of 2nd 1nl Con! on Distributed Computing Systems. 454.
pp.446~
Thistle,lS. and W.M. Wonham(1986). Control Problems in A Temporal Logic Framework.. Int.J.Control,44,943976.
Automat Contr. 33,629-639.
Kumar,R.,Vijay Garg,and Steven LMarcus(l993). Predicates and Predicate Transformers for Supervisory Control of Discrete Event Dynamical Systems. IEEE Trans on Automat Contr. 38, 232-247. Lin,F(l993). Analysis and Synthesis of Discrete Event Systems Using Temporal Logic. Control Theory and Advanced Technology, 9,341-350. Lin,J.Y and D.Iondscu(l990). A GcncrnJized TempornJ Logic Approach for Control Problems of A Class of Nondeter-ministic Discrete Event Systems. In: Proc. 29th IEEE Coni DeciSion & Control, Honolulu, Hawaii, pp.3440-3445. Lin,J.Y and D.!ondscu(1992a). Analysis and Synthesis Procedures of Discrete Event Systems in A Temporal
Logic Framework. In:lERF Intern ~)ympo on Intelligent control. pp.184-191 Lin,J.Y and D.Iondscu(l992b). Veifying a Class of Nondctcnninistic Discrete event systems in a Generalized
TcmpornJ logic. IEEE Trans on Syst Man Cyb, 22,1461-1469. Murata,T.(I989). Petri nets: Properties, Analysis and Applications.Proc of the IEEE. 77,541-580. Ostroff,lS.(1987). State Machines.Temporal Logic and Control:a Framework for Discrete Event Systems.ln: Froc 0/ the 26th conI un Decision and Control, Los
Angoies CA December 1987. pp.681-686. Ostroff,lS.(l989a.) Synthesis of Controllers for Real Time Discrete Event Systems. In: Proc of the 28th conf on Decision and Control. Tempa Florids pp. 138-144. Temporal Logic for Real-Time Ostroff,lS.(l989b), Systems. Research Studies Press,England. Ostroff,lS.(l992). Formal Methods for The Specification
4771