- Email: [email protected]
On observability of discrete-event systems
INFORMATION
SCIENCES
44,173-198
(1988)
173
On Observability of Discrete-Event Systems F. LIN and W. M. WONHAM Systems Control Group, Department of Electrical Engineering, Universit_v of Toronto, Toronto, Ontario M5S IA4, Canuda
ABSTRACT
The observability of discrete-event systems is investigated. A discrete-event system G is modeled as the controlled generator of a formal language L,,,(G) in the framework of Ramadge and Wonham. To control G, a supervisor S is developed whose action is to enable and disable the controllable events of G according to a record of occurrences of the observable events of G, in such a way that the resulting closed-loop system obeys some prespecified operating rules embodied in a given language K. A necessary and sufficient condition is found for. the existence of a supervisor S such that L, (S/G) = K. Based on this condition, a solution of the supervisory control and observation problem (SCOP) is obtained. Two examples are provided.
1.
INTRODUCTION
In this paper, we investigate the observability of discrete event systems. The paper is set in the framework of [S] and subsequent articles, with which the reader is assumed to be familiar. The discrete-event system (DES) to be controlled (i.e. the plant) is modeled by an automaton
where Z is the alphabet of event labels, Q is the set of states, 6: Z X Q + Q is the transition function (a partial function), q0 is the initial state, and Q, c Q is the set of marked states. The behavior of the DES is described by the language (BElsevier Science Publishing Co., Inc. 1988 52 Vanderbilt Ave., New York, NY 10017
0@20-0255/88/$03.50
174 generated
F. LIN AND W. M. WONHAM by G:’
or by the language
marked by G:
L,(G)
:= {s:sEL(G)
and 6(s,q,,)
EQ,}
We interpret 2 as the set of euents. Hence the plant generates a stream of Some of these events are controllable, i.e., their occurrence can be prevented; and some of these events are observable, i.e., their occurrence can be observed. Thus Z is partitioned as events.
where 2, is the set of controllable events, Z,, is the set of uncontrollable events, 2, is the set of observable events, and Z,, is the set of unobservable events. An automaton G over Z can be extended to an automaton G’ over Z’, with I: C Z’, as
The transition
function
8’ : 2’ x Q -P Q is defined by
qu,qj =i 6(a,q) q
if if
uE2, aEZ’-Z.
Such a transition function 8’ will be called (Z’-X)-null. Our objective is to design a controller (or supervisor) whose task is to enable and disable the controllable events based on a record of occurrences of the observable events such that the resulting closed-loop system obeys some prespecified operating rules. Formally, a supervisor is a pair
S=(S,#), where S = (Z, X, 6, x,,, X,) is an automaton 5: Z X X+
in which
X (pfn) is EUO-null,
%(s, qo)! means that 6(s, 9,,) is defined.
OBSERVABILITY
OF DISCRETE-EVENT
175
SYSTEMS
and J, : Z X X + { 0, l} is the feedback map, satisfying
4(%X) =l
J1(v4
E
(091)
if
uEZZ,,,
if
uEZ,,
xEX, xEX.
S is considered to be driven externally by the stream of event symbols generated by G; while in turn, with S in state x, the events u of G are subject to the control #(a, x). If $(a, x) = 0, then u is “disabled’ (prohibited from occurring), while if #(u, x) = 1, then u is “enabled” (permitted but not forced to occur). In this way there results a closed-loop feedback structure S/G, called the supervised discrete event system. S/G is itself an automaton
where([x6)#:ZxXxQ+XxQisdefinedas*
(~xq+C(~,x,q)=
(t(u,x),a(u,q))
if 44~~~)=I,
undefined
if
Following [8], we say that a supervisor three conditions
#(u.x)
=O.
S = (S, 4) for G is complete if the
(1) s E US/G), (2) su E L(G), i.e. &(~a, qO)!, (3) $(u,E(s,x,)) =l, i.e. u is enabled at [(s,x,), together imply that (4) su E L(S/G),
i.e. [(su, x,)!.
It will always be assumed (or guaranteed) that S is complete. of S/G is described by the languages L(S/G) and L,(S/G). supervisor S is proper if L,(S/G)
= L(S/G).
*(E(o, x). 6(0, x))! iff both [(o, x)! and 6(0,4)!.
The behavior A (complete)
176
F. LIN AND W. M. WONHAM
We shall need the following notation &nd definitions. If X is a set and 9 an equivalence relation on X, then for x E X we write 0[ x] for the coset (equivalence class) of x mod 8. The index of 6 (cardinality of the quotient set X/e) will be written l/Q. Let B and p be two binary relations on X. We write II Q p (a refines p) if
* (%Y)“P*
(x,y)-
(vx,_+x)
Let E(X) denote the lattice of all equivalence relations on X, under the partial ordering ( d ). If 8,fP E E(X),the meet 8 A 8’ E E(X) is given by (x,y)
~f3~8’
iff
(x,y) iff thereexist
k>Oand
(x,y)
~6’ and (x,y)
~8’,
EBVB’
~~z~,...,z~~Xsuchthat (X,Zi) EB
or
(X,Zi) EB’,
(ri,~)
Ed
or
(z1.z2) Eo’,
(zk,y)
E@ or
(zkry) E@‘.
An equivalence relation 6 on 2* is a right congruence if3 (Vs, s’, t
E
z*)
s =s’ (mod 0) *
st =s’t
(mod 0).
Given an automaton G= (Z,Q, 6, q,,,Q,), we define a right congruence eq(G) on 2*, called the equiresponse reiation -of G [4], by4 _ s=s’(modeq(G))
iff
6(s,qO)
=6(.s’,qO).
Conversely, if 8 is a right congruence on Z*, then the following automaton G can be defined:
G=(Z,Q,~,a,>Q,),
‘If B is an equivalence relation, we may write s = s’ (mod 8) for (s, s’) E 8. “If 6(s, 90) is undefined, then S(S, 9,,) = 6(s’, 90) iff (a(~‘, %) is also undefined
OBSERVABILITY
OF DISCRETE-EVENT
SYSTEMS
177
where
S(uJ[s])
:=B[sa], @):=8[1].
Clearly, eq(G) = 8; and Q, can be designated arbitrarily. Let 2, z Z. The projection P: Z* --, Z,* is given by Pl=l, Pa=l,
UEZ-XZo,
Pa=o, P(su)
UEX,,
= P(s)P(u),
SEX*,
UGX.
For s. s’ E Z* define s = s’ (mod kerP) if Ps = Ps’. Clearly kerP is a right congruence on I: *. For a language L c E*, the right congruence = (mod L), viz. Nerode equivalence, is defined by L)
s=s’(mod Given
iff
(Vt~2*)
st~L
w S’~EL.
K c L,,,(G), for s E Z* define the active event set
(QP:suEK}
if
sEK,
otherwise. and the inactive event set u:su~L(G)-K}
if
SEE,
otherwise. Finally,
the binary
(i) AK(S)nIAK(s’) (ii) sEKnL,(G)
relation =0=
act,
on Z* is defined as (s,s’) E act, iff
+(s’)nIA,(s),
AS’EK~L,(G)
and a
(SEK
CJ
s'EK).
178
F. LIN AND W. M. WONHAM
Equivalently,
for all s, s’ E Z*, (s, 3’) E act,
iff
(i) (Vu) su E K A s’ E K A s’u E L(G) * s’u E K, and (ii) SEK r\s’EKnL,(G) =+. s’EK,and (iii) (i) and (ii) hold with s and s’ interchanged. We note that act, but not transitive.
2.
is a tolerance relation on Z*, i.e. is reflexive and symmetric
OBSERVABILITY
In this section, we obtain a necessary and sufficient condition for the existence of a supervisor S for G such that L,(S/G) = K. We assume that G is trim, i.e., G is reachable and L,,,(G) = L(G). We first prove the following lemma. LEMMA 2.1. Given a language K, 0 # K c L,,,(G). There exists a proper supervisor S such that L,,,(S/G) = K if and only if the following conditions are both satisfied: (1) KZ,, n L(G) G K. (2) There exists a right congruence y such that kerP
act,.
Proof. “ Only if ‘: Let S = (S, +) be a proper supervisor = K. By Theorem 6.1 of [8],
such that L, (S/G)
KZ,, n L(G) c i?. Define
y = es(S).
Since 5 is Z,, -null, kerP 6 y.
Finally, to show that y < act,, let s = s’ (mod y). If either t(s, x0) or [(s_I, x,,) is undefined, then (s, s’) E act, is automatic. Otherwise we have s, s’ E K and write x = [(s, x0) = [(s’, x0).
OBSERVABILITY (i)
OF DISCRETE-EVENT
We claim that AK(S)nIA(d)
(3u
E
SUEK
2)
=0. A
179
SYSTEMS Otherwise
S’EK
A
s'eL(G)-K.
If $(a, x) =l, then s’u E L(S/G) A s’u 6%K, and therefore L(S/G) f K; whereas if $( u, x) = 0, then su @ L(S/G)A suE K,and therefore L(S/G) + E. But then L,(S/G)# K, a contradiction. Similarly, AK(s’)nIA,(s) = 0. (ii) If SEK~L,,,(G) A dEKnL,(G) then ~'EKcL(S/G), so that S(s’, q,,)! and ((s’, x0)!, and then
SEK
*
x=~ts,x,)=5(s',x,)EX,,
S'EL,,,(G)* hence s’ E
6(s',q,) E Q,;
K. Similarly s’ E K * sE K. Hence
scKnL,(G)
A dEKnL,(G)
*
(SEK - s'EK)
“If”: Let y be a right congruence such that kerP < y < act,; s = (Z, X, t, x0, X,) be the automaton with eq(S) = y and with
x,:={x:xEx
A (3s)
SEK
A [(s,xo)=x}
For all x E X, let Z~:=U{IA,(s):5(s,x,) ~‘,:=i_j{A,(s):.$(s,x,) Then y < act,
=x}, =x}.
implies Zz n Xl, = 0 ; furthermore KZ,,nL(G)
cK
implies
Z~CZ,..
So we can define $: 2 X X-,
{O,l} to be any function
such that
Because E is a total function,
S = (S, 4) is a complete supervisor
for G.
and let
180
F. LIN AND W. M. WONHAM
Next we show that L(S/G) = K, using induction For UEZ.
UEK
*
UEL(G)
A Ada,
*
UEL(G)
A $(u,xo)
*
UE L(S/G).
on the length of words.
(KG =l
L(G))
(definition
of $)
On the other hand, u E L(S/G)
*
UEL(G)
A $(a,~,)=1
*
UEL(G)
A u@IA,(l)
(definition
*
UEL(G)
A &L(G)-i?
(IEK)
*
UEK.
NowsupposethatforaIls,Isl,
SUEK * *
S+ sEK.FixswithIsl=n
WEL(G)
A
USA,
A
SEE
SUEL(G)
A
u~A~(s)
A
SEL(S/G)
(induction 2
A $( u,x) =l
SUEL(G)
hypothesis)
A SE L(S/G) (definition
*
of +)
of Ic/)
su E L(S/G).
Conversely, su E L(S/G)
=a
SEL(S/G)
*
ski?
A
sueL(G)
A uEIA,(s)
*
SEE
A
SUEL(G)
A
*
SaEK.
A
SUEL(G)
A
$(a,~)=1
suzL(G)-K
(induction
hypothesis
and definition
of 4)
OBSERVABILITY Finally, have
OF DISCRETE-EVENT
to prove that S is proper,
s E 472(S/G)
we must show that L,(S/G)
-
SEL(S/G)
A
SEL,,,(G)
=a
SEL(S/G}
A
eL,(G)
A
181
SYSTEMS
(3s’) (~‘EK
= K. We
tfs,--q,)EXm
A
A .$(s,xO)=~(s’,xO)) (by definition
3
~EL(S/G) A (3s’)
2
A ssL,(G)
(s’EK
~EL(S/G) A (3s’)
A s=S’(mod
S’EK
A ~/EL,(G) *
A sEKnL,(G)
3
SEE
*
s E L(S/G)
--j
s E L,,,(S,'G)
A [(s,+,)
y))
A seL,(G)
But S’E K A s E En L,(G) A (s, s’) E act, the definition of act,. On the other hand .SEK
of X,)
A (s,s’)
E act,.
s E K by condition
(ii) of
i K c L,(G)) E X,
A s E L,(G)
(definition
of X,,,) II
Recall from [8] that a language L(G)] if
ZX,,
K c L,(G)
n L(G)
is controllable [with respect to
c K.
We shall define a language K c L,,,(G) to be P-observable L(G)], or simply observable, if
[with respect
to
ker P < set, . The following
theorem is now immediate,
THEOREM 2.1. Let K be a nonempty sublanguage of L,,,(G). There exists a proper supervisor S such that L, (S/G) = K if and only if K is both controllable and observable.
F. LIN AND W. M. WONHAM
182 Proof.
n
By Lemma 2.1 and the fact that ker P is a right congruence.
We have already shown that a supervisor S = (S, +) can be constructed a right-congruence y on 2* such that
from
kerP < y Q act,.
Since there could be many such right congruences, Let us define
supervisors
are not unique.
such that ker P < y < act, } .
r := { y : y is a right congruence
Because yi E r and y2 E l? do not imply yi V yz E r, we cannot conclude that r has a supremal element. But the following result implies that supervisors exist that are “optimal” in an evident weak sense. THEOREM 2.2.
r has at ieast one maximal element.
Proof. Since ker P is a right congruence, I + 0. Because every chain C c I has an upper bound in I, by Zom’s lemma there exists a maximal element n 0f r.
Our next result casts additional not be used in the sequel. THEOREM
light on the structure of supervisors,
2.3. For all S = (S, $) such that L(S/G)
but will
= IE’,
Proof. For simplicity we write (mod K) etc. in place of (mod = K). Let s, s’ E E. If s = s’ (mod eq(S)) and s = s’ (mod L(G)) but s + s’ (mod K), then
(3 E Z”)
ItI,
A
Let t’o be the longest prefix of t such that
StEK
A
s’teK.
OBSERVABILITY In particular
OF DISCRETE-EVENT
183
SYSTEMS
st’u E L(G). Since eq(,S) and = L(oj are right congruences, st’= s’t’ (mod eq( S))
and
st’u = s’r’u (mod L(G));
hence we can write x = [(st’, x,,) = [(~‘t’, x0) and s’t’u E L(G). By definition of AK(sl’) and IA,(s’t’) st’u E
K
*
u~A~(st’)
and s’t’~K
A s’t’u~L(G)
A s’t’u4i?
*
u~IA~(s’r’).
Finally, u~A,(sr’)
A L(S/G)=K
u~IA,(s’t’) With this contradiction
A L(S/G)=K
*
$(a,~)
*
$(u,x)=O.
=l,
n
the result is proved.
To conclude this section, we show how to deal with a nondeterministic generator G. It has been assumed so far that distinct transitions of G out of any state carry distinct event labels (6: Z X Q + Q). However, the “noisy” or nondeterministic case (8 :2 x Q + 2Q), where labels needn’t be distinct, can be brought within our framework by introducing new unobservable events. For example, suppose we have a nondeterministic transition a as shown below:
a
a <
Then we can introduce
two new unobservable
events (pi. a,
and replace the
184
F. LIN AND W. M. WONHAM
previous
transitions
by the following:
from the supervisor’s point of view the Because (pi, 0~~ are unobservable, transition (Y is still nondeterministic. However, in the formal description of G the transitions LY,CQ, LT~are now deterministic.
3.
SUPERVISORY
CONTROL
AND OBSERVATION
PROBLEM
Let Z,, = Z, U Z,, and let T be the projection Z + ZzO, i.e., T erases all the events that are neither controllable nor observable (hence cannot be manipulated or processed by the supervisor). Since in this section only the language L(S/G) will be synthesized, we assume that all the languages introduced are closed. Following [8], let languages A, E c Z,* be given with
Ac
EcTL(G).
We interpret E as “legal behavior” (i.e., each word of E is a “legal task”), and A as “minimal acceptable behavior” (i.e., control of the plant G in such a way that a language smaller than A is generated is considered inadequate). The condition A, E c Z,*, amounts to assuming that a specification involving the uncontrollable and unobservable events can typically be restated as a specification involving only the controllable or observable events. We now introduce the SUPERVISORY CONTROL
supervisor
AND OBSERVATION PROBLEM (SCOP).
S for G such that A G TL(S/G)
L E.
Construct
a
OBSERVABILITY
OF DISCRETE-EVENT
To discuss the solvability L G TL(G) E ZTO,
of SCOP, we define,
for a (closed)
_C( L) := { K: KC L and K is closed and controllable Q(L)
185
SYSTEMS
:= { K: K 2 L and K is closed and observable
language
w.r.t. TL(G)}, w.r.t. TL(G)}
It is clear from the definition of act, that if the language K is closed, then a fact that we shall exploit condition (ii) for act, is satisfied automatically, throughout this section. Also, in this section all the languages involved and observability are to [A, E, TLjG), etc.] belong to ZTO,,and controllability be understood with respect to TL(G). Hence the relevant superset of events is Z,, rather than Z. It was shown in [8] that _C(L) is a nonempty class of languages that is closed under arbitrary unions. Hence SuPa L) exists and is the supremal controllable sublanguage contained in the given language L. Notice that sup_C(L) c TL(G) c IX&. Dually we have the following. PROPOSITION 3.1. Q(L) arbitrary intersection.
is a nonempty class of languages that is closed under
Proof. Since TL(G) EQ(L),Q( closed under arbitrary intersection,
L) is nonempty. To show that let Kl, K, E Q(L), i.e.
K, is closed
A
K, 2 L
A
kerP < aCtK,.
K, is closed
A
K, 2 L
A
ker P d act,,.
Q(L)
is
Then K,nK,
isclosed
K,nK,zL.
A
It remains to prove that kerP G actKIn K2. Let s, s’ E Z$ consider condition (i) for actK, n x,:
with Ps = l’s’, and
(9 A ~,n~,(s)nIA,~,.~(s’)=0. If this condition sa~K,nK,
fails, then for some u E Z,,, A
s’sK,nK,
A
~‘0. E
TL(G) - K, n K,
186
F. LIN AND W. M. WONHAM
Also s’uETL(G)-K,nK,
w
s’uETL(G)
(s’aeZKK, v s’a@K*).
A
If s’u Z K,, then SOCK,
A
s’EK~
A
s’uETL(G)-KI,
namely,
which contradicts
the hypothesis
ker P < actK,. If
A&) which contradicts reasoning
qi
K,, simihrly
+0,
the hypothesis ker P < actK,, so (i) is true after all. By similar
From the above proposition, infimal observable sublanguage infQ(L)G TL(G)GZ,*. THEOREM
nIA&‘)
S'U
we conclude that infQ( L) exists and is the containing the given language L. Of course
3.1. SCOP is solvable if and onb if infQ(A)
G sup_C( E)
The proof of this theorem requires three lemmas. LEMMA 3.1. For a given language CC(L)
L s TL(G),the set of languages
:= { K: K a L and K is closed and controllable
w.r.t.
TL(G)}
is nonempty and closed under arbitrary interactions.
KI
Proof. We have TL(G) E CC( L). If n K, is closed, and
K,,K, E CC(L),then KI n K2 a L,
(K,nK,)Z,,nTL(G)=K,Z,,nK,Z,,nTL(G)cK,nK,.
n
OBSERVABILITY
OF DISCRETE-EVENT
187
SYSTEMS
By Lemma 3.1, inf CC(L) exists and is the infimal closed controllable sublanguage of 7X.(G) containing the given language L. It can even be written down explicitly, as follows. LEMMA 3.2. = TL(G) n LZ$
inf CC(L)
Proof. Write M = TL(G)n LX*,,. Clearly M 2 L and show that M is controllable w.r.t. TL(G), we have MX,, n TL(G)
= TL(G)Z,,
n LZp,,
M is closed.
To
n TL(G)
c LX:, n TL(G) = M. If now K a L and K is closed and controllable LX,, n TL(G) and by induction
w.r.t. TL(G), then
G KZ,, n TL(G)
G K,
on r it follows that LX:, n TL(G)
= LZ:;‘Z,,
n TL(G) c K,
so that M c K, i.e., M is infimal.
n
LEMMA 3.3. If L c TL(G) is observable, then inf CC( L) is also observable. Proof. Write M = TL(G) n LX,*,. By Lemma 3.2 we need only show that ker P < act,
*
kerP < act,.
Assume ker P Q act, and s, s’ E Z*,, with Ps = Ps’. We check condition (s,s’) pacts. If A,(s)nIA,(s’)#lzr, then for some UEZ~~, SOEM
A
S’EM
A
(i) for
s’aETL(G)-M.
By controllability of M, s’ E M A s’u 66M implies u E Z,,. Hence su E L and s’u B L. We claim that s’ E L. Otherwise, if ~‘4 L, let w’u’ be the longest prefix of s’ such that w’ E L A w’u’E L. Then s’ E LX,*, =. a’ E Z,,. * a’ E X,. So there exists a prefix wu’ of s such that Pw = Pw’. Since L is
F. LIN AND W. M. WONHAM
188 observable, Pw = Pw’ A wa’gTL(G) But this contradicts
A w’u’ETL(G)
A
namely, A,(s) O IA, (3’) # 0. act,. Similarly, A,,,,(s’)OIA,(s)
.s’EL
A
if’:
2.1, TL(S/G)
is controllable
infQ(A)
the assumption
If SCOP is solvable,
A c TL(S/G)
If infQ(A)
W’U’E L.
s’uETL(G)-L,
This contradicts =0.
Proof of Theorem 3.1. “Only supervisor S such that
“If’:
*
the fact that w’u’E L, so that s’ E L after all. Therefore
SUEL
By Theorem
A WU’E L
that ker P <
then
there is a
c E. and observable.
c TL(S/G)
Hence
c sup_C( E).
c sup_C( E) then infQ( A) c inf CC (infQ(
A)) c sup_C( E)
Now K := inf CC(inf Q(A)) is controllable by definition, Lemma 3.3. The result follows by Theorem 2.1.
and is observable
by n
The requirement in this section that the relevant languages be closed cannot be dropped. If they are not closed and for L c TL,(G) we consider instead of CC(L) the family NCC ( L) := { K : K 2 L and K is controllable then inf NCC( L) need not exist. Suppose for instance ~=~,={%fi,Y}, L,(G) Since
&= =l+ap+clly,
{P?Y>,
w.r. t. TL, (G) } , that &=
{a)?
L=l.
(YE LX, f~ L(G) and a +ZL, L is not controllable.
Because
L,,,(G) is
OBS~RVABILI~ controllable, the possible
OF DISCRETE-E~NT
1x9
SYSTEMS
if inf NCC(L) exists then L c inf NCC( L) c L,,(G). candidates for inf NCC( L) ue
Therefore
but none of these is infimal. The following example shows that if A and E are not closed, a solution SCOP need not exist. even if A is observable and E is controllable. Let
x= {%P},
&={a},
L,(G)= fl+B)dr as displayed
T= (8).
L,(G)
=L(G)-(1).
below:
c We take
Now ii-=
{LP},
so A = An L,,,(G), i.e., A is L,(G)-closed. A,fI) A,(P) hence A is observable.
= Pt =a,
PEL,(G), Also IA,(I)
= a,
IA,(B)
=cu;
However, as
P E .%
a!EE,,,
@a E L(G) - A,
to
190
F. LIN AND W. M. WONT
A is not controllable.
Next, since E = L(G), E is controllable; CY,J3CYE E,
&(a) A,(P)
Pa=a= IAE(~)
=a,
%(@a)
= {B}s
P(/?a),
= its)> =a,
it follows that E is not observable. Thus neither A nor E is a solution of SCOP. Finally, AcKcE,
however, as
if
A#K#E,
then K=Kl:=/3+a
or
K=&:=/34-/3~&,
but neither Ki nor X2 is controllable, and we conclude that SCOP is not solvable. Of course, if E is replaced by E = L(G), then SCOP is trivially solvable by E, and nontrivially by
In general, if E is not closed, SCOP may fail to be solvable simply because E has too few sublanguages. 4.
SUPERVISORY
CONTROL
Recall from [6J that a language L(G) and P] if
AND NORMALITY K, KC L(G), is nor~naf [with respect to
K=L(G)nP-“P(K). K is normal just when it is the largest sublanguage of L(G) whose projection is P(K), and so is determined uniquely by its projection. Intuitively, therefore, one expects normality to be stronger than observability. In fact we have PROPOSITION 4.1. Let K be a closed or an L, (G)-closed subTanguage of L(G). If K is normal than K is observable. Proof. Suppose K = L(G)n P-‘P(K). Let s, s’ E Z* with Ps = Ps’. We show that (s, s’) E act K by checking the two conditions for act K.
OBSERVABILITY
OF DISCRETE-EVENT
(i) We claim that A,(s)
191
SYSTEMS
CIIA, (3’) = 0 . Otherwise su E K A s’ E K and s’e E L(G) - K.
(3UEZ)
But S’Q E L(G) and P(s’a) = P(su) E PK imply s’u E L(G)fl P-lP(K) K, a contradiction. Similarly, A, (s’) O IA, (s) f 0. (ii) By definition, if K is L,,,(G)-closed, then
=
K=hL,(G) and condition closed.
(ii) holds automatically.
Similarly,
the result is obvious if K is H
A controllable language, even one that is closed, need not be normal; normal does not imply that sup_C( E) is normal. For instance let
and E
and -L(G) = Pa + XPv, Then
E=&
E is closed and normal but controllable,
VY.
while
sup_C( E) = h/Q is closed and controllable but not normal. Similarly, a closed and observable language instance let z= (i.e. PA = Pp -1);
{%P,h,P},
%=
need
{%P>
and let L(G) = (l+X+p)“+P, J=l+/.&+/.&a,
K=l+cx+X+k.
Then K is closed and observable, PK=l+a=PJ,
not
be normal.
For
F. LIN AND W. M. WONHAM
192 but
L(G) n P-‘PK = J + K, namely, K is not normal. The class of normal sublangnages of L(G) (for a fixed projection P) is algebraically better behaved than the observable sublanguages, as illustrated by the following proposition, whose proof may be left to the reader. PROPOSKTION 4.2. Let 3 c L(G), and consider the classes of languages
FJ(B) := {K
C
BIZ is normal),
CN ( B) := {K c BI K is closed and normal},
RCN f B) := {K c B/ K is ~~{G)-closed
and li- is normal} .
Then IV(B), CN( B), and RCN( B) are closed under arbitrary unions. In particular, zj_X( B) ~nu!s /or any of these classes, then 0 E _X( B),namely _X(B)# 0, and therefore sup_X( B) alwaysexists in _X(B). n It follows from Propositions 4.1,4.2 and the definition of controllability the class IZ( B) of sublanguages of B c L(G) defined by
that
_z(B):=_C(B)nz(B) = {K c Bi k- is normal,
I(: is L,(G)
is closed and controllable}
is nonempty and closed under arbitrary unions. Thus z(B) constitutes a natural and convenient class of sublanguages to be considered as candidates for the solution of problems of the type of SCOP. For instance, with A E E c L(G) given, the condition
sup’(E) a A is necessary and sufficient for the existence of a solution to SCOP in _Z(E), and is thus sufficient for the existence of a solution to SCOP with no particular restrictions placed on A and E.
OBSERVABILITY 5.
OF DISCRETE-EVENT
SYSTEMS
193
EXAMPLES
EJ$AMPLE
1. Consider
a rail network with two stations (0,l):
-station
station
0
1
Let Gj be the “process” that generates trains that depart from station i for j (event d;‘) and arrive at j from i (event u{). Let Z;l := { a_l, dj }. In the absence of further restrictions, the language generated by Gj would be
L(GJ’)={wEZ:
:
WI(w)
Q
WI(w)}
Suppose for simplicity that control is imposed by supervisor Sj, say, so that at most one train is running from i to j at any time. The sequence of arrivals and departures at station 0 is now determined by the generator
where 6:,’ refers to G,’ controlled
by the S,/, namely
L(Q)
-o*.
Consider a control for station 0 that enforces the capacity constraint that at most two trains be in the station at any time. Assume that this controller, S,, say, will only observe events that occur at station 0, i.e.,
and can only control the departure Z,=
of a train, i.e., {d&d,“}.
On the assumption that initially one train is present at station 0 and no trains are en route, the constraint is expressed by the legal language E,, c Z*
194
F. LIN AND W. M. WONHAM
having the transition structure
with adjunction of a self-loop at each state, labeled &. It can be shown that the language L(G)n E, is both controllable and observable. By Theorem 2.1, there exists a supervisor S such that L(S/G)
= L(G)n
E,.
In fact, we can take S = (S, \I/) where 5’ is the generator for E, as given above and # is defined as x Xl x2 x3
(7= 4 0 1 1
d! 1 1 0
EXAMPLE 2. A production system consists of a workshop and an inventory. Raw materials are ordered from the dealer and delivered to the inventory and then sent to the workshop when they are required:
? dealer t
workshop
OBSERVABILITY
OF DISCRETE-EVENT
195
SYSTEMS
We consider the problem of inventory control. Assume that there are two types of raw materials, 1 and 2. The inventory has a capacity of n units. The order size is n, units for type i. Raw material is sent to the workshop in unit amounts. To model and control the system, we designate the following events: cxi: type-i material is ordered from the dealer; /3, : type-i material is delivered to the inventory: y, : type-i material is sent to the workshop. Suppose that the controller (supervisor) is located at the inventory site whereas material is ordered from the workshop site, and assume that the controller observes only events that occur at its site, i.e. Z,={&,y,:i=1,2}. Assume
that the controller
can disable y, as well as OL,,i.e. Z,=
{a,,y,:i=1,2}
Assume finally that each order is filled with negligible realized by the following:
In the transition diagrams, a self-loop labeled adjoined at each node. Our task is to design a controller so that:
time delay. Hence G is
{ yl, yz } is understood
to be
(1) The (virtual) quantity k of raw material in the inventory never exceeds the inventory’s capacity, i.e. 0 Q k G n. (2) Type-l material has priority over type 2, i.e., whenever k > m for some fixed threshold m c: n, type-2 material is rejected, i.e. cannot be added to inventory.
196
F. LIN AND W. M. WONHAM
The legal language E is determined by these two rules. In case n, = n2 = 3, n=8, m=3 9 we have E = E'n L(G),where E' is realized by the following generator:
To specify A, we impose the following minimal loop system:
requirements
on the closed-
(3) The situation k = n is possible, i.e., the inventory can be fully utilized. (4) Whenever k < m, type-2 material will not be rejected. For the listed parameter
‘i
‘i
values, A is realized by the following generator:
Y.
1
‘i
It can be checked that A is observable, controllable, but sup _C(E) = A.That is, infQ(A)
'i
'i
'i
i.e. inf Q(A) = A; while
‘i
E is not
=A=sup_C(E).
By Theorem 3.1, SCOP is solvable. A supervisor S = (S, J/) can be modeled on the inventory structure as follows. S has n +l states, X= {x0,x1 ,..., x, }, x0 is the initial state, and every state is marked The state transitions are the following: (a) If the current state is x.4 and material inventory, then the next state is xk+,, .
of type i is delivered
to the
OBSERVABILITY
OF DISCRETE-EVENT
197
SYSTEMS
(b) If the current state is xk and material of type i is sent to the workshop, then the state changes from xk to xk _ 1. The state feedback
map $( u, x) is defined as follows:
(i) at state x0 disable y,, (ii) at state xk, k > m, disable q, (iii) at state x, , disable a,. In case n, = n2 = 3, n = 8, m = 3, the supervisor has the following structure: a
x = xg
a2
1 0 1
Y2
0
a1 Yl
6.
Xl
x2
1 1 11111111 1 1 11111111
x3
x4
x5
X6
Xl
xn
1
1
1
1
1
0
1
0
0
0
0
0
CONCLUSION
A definition of observable language was framed in the setting of the discrete-event system theory of Ramadge and Wonham. Under certain restrictions, the existence problem for a supervisory controller (respecting both controllability and observability constraints) was solved abstractly. It was pointed out that the “normal” subclass of the observable languages has certain advantages as a source of control solutions. In future papers the computational aspects of the theory and more substantial application will be reported. 7.
BIBLIOGRAPHICAL
NOTE
The results reported herein were essentially completed in April 1986, and presented at that time in the second author’s graduate seminar ELE1637S. We note that a similar definition of observable language was reported independently by Cieslak et al. [3]. The supervisory control and observation problem (SCOP) solved herein does not, however, appear in the Cieslak report. REFERENCES 1. F. Andri, D. Hennand, and J.-P. Vejus, Synchronization of Parallel Programs, MIT Press, Cambridge, Mass., 1985. 2. G. van Bochmann, Concepts for Distributed System Design. Springer. Berlin, 1983.
198
F. LIN AND W. M. WONHAM
3. R. Cieslak, C. Desclaux, A. Fawaz, and P. Varaiya, Supervisory Control of Discrete Event Processes with Partial Observations, Memo No. UCB/ERL M86/63, Electronics Res. Lab., Coll. of Engrg., Univ. of Calif., Berkeley, 7 August 1986. 4. M. A. Harrison, 1965. Introduction to Switching and Automata Theoty, McGraw-Hill, New York, 1965. 5. C. A. R. Hoare, Communicating Sequential Processes, Prentice-Hall, Englewood Cliffs, NJ., 1985. 6. F. Lin and W. M. Wonham, Decentralized Supervisory Control of Discrete-Event Systems, Systems Control Group Report 8612, Dept. of Electrical Engineering, Univ. of Toronto, 1986; Inform. Sci., to appear. 7. P. Milner, A Calculus of Communicating Systems, Lecture Notes in Computer Science, No. 92, Springer, Berlin, 1980. 8. P. J. Ramadge and W. M. Wonham, Supervisory Control of a Class of Discrete Event Processes, Systems Control Group Report 8311, Dept. of Electrical Engineering, Univ. of Toronto; SIAM J. Control Optim., to appear. [For a summary version see Lecture Notes in Computer Science, No. 63, Springer, Berlin, 1984, pp. 477-498.1 9. P. J. Ramadge and W. M. Wonham, Modular Feedback Logic for Discrete Event Systems, Technical Report No. 48, Information Sciences and Systems Lab., Dept. of Electrical Engineering, Princeton Univ., 1985; SIAM I. Control Optim., to appear. 10. P. J. Ramadge and W. M. Wonham, Modular supervisory control of discrete event systems, in Proceedings of the Seventh International Conference on Analysis and Optimization of Systems, Antibes, June 1986, in Analysis and Optimization of Systems (A. Bensoussan and J. L. Lions, Eds.), Lecture Notes in Computer Science, Vol. 83, Springer, New York, 1986, pp. 202-214. 11. W. M. Wonham, 1985. On control of discrete event systems, in Proceedings of the Seventh International Conference on the Mathematical Theory of Networks and Systems (MTNS85), Computational and Combinatorial Methods in Systems Theory, (C. I. Bymes and A. Lindquist, Eds.) North-Holland, Amsterdam, 1986, pp. 159-174. 12. W. M. Wonham and P. J. Ramadge, On the Supremal Controllable Sublanguage of a Given Language, Systems Control Group Report 8312, Dept. of Electrical Engineering, Univ. of Toronto, 1983; SIAM I. Control Optim., to appear. [For a summary version see Proceeding of the 23 IEEE Conference on Decision and Control, IEEE Control Systems Sot., New York, 1984, pp. 1073-1080.1 13. W. M. Wonham and P. J. Ramadge, On Modular Synthesis of Supervisory Controls for Discrete Event Processes, Systems Control Group Report 8314, Dept. of Electrical Engineering, Univ. of Toronto, 1983. [For a summary version see Proceedings of the International Conference on Computers, .Systems and Signal Processing, IEEE and I.I.Sc., Bangalore, 1984, pp. 500-404.1 14. B. P. Zeigler, Multifacetted Modeling and Discrete Event Simulation, Academic, London, 1984. Received 28 February I987
SCIENCES
44,173-198
(1988)
173
On Observability of Discrete-Event Systems F. LIN and W. M. WONHAM Systems Control Group, Department of Electrical Engineering, Universit_v of Toronto, Toronto, Ontario M5S IA4, Canuda
ABSTRACT
The observability of discrete-event systems is investigated. A discrete-event system G is modeled as the controlled generator of a formal language L,,,(G) in the framework of Ramadge and Wonham. To control G, a supervisor S is developed whose action is to enable and disable the controllable events of G according to a record of occurrences of the observable events of G, in such a way that the resulting closed-loop system obeys some prespecified operating rules embodied in a given language K. A necessary and sufficient condition is found for. the existence of a supervisor S such that L, (S/G) = K. Based on this condition, a solution of the supervisory control and observation problem (SCOP) is obtained. Two examples are provided.
1.
INTRODUCTION
In this paper, we investigate the observability of discrete event systems. The paper is set in the framework of [S] and subsequent articles, with which the reader is assumed to be familiar. The discrete-event system (DES) to be controlled (i.e. the plant) is modeled by an automaton
where Z is the alphabet of event labels, Q is the set of states, 6: Z X Q + Q is the transition function (a partial function), q0 is the initial state, and Q, c Q is the set of marked states. The behavior of the DES is described by the language (BElsevier Science Publishing Co., Inc. 1988 52 Vanderbilt Ave., New York, NY 10017
0@20-0255/88/$03.50
174 generated
F. LIN AND W. M. WONHAM by G:’
or by the language
marked by G:
L,(G)
:= {s:sEL(G)
and 6(s,q,,)
EQ,}
We interpret 2 as the set of euents. Hence the plant generates a stream of Some of these events are controllable, i.e., their occurrence can be prevented; and some of these events are observable, i.e., their occurrence can be observed. Thus Z is partitioned as events.
where 2, is the set of controllable events, Z,, is the set of uncontrollable events, 2, is the set of observable events, and Z,, is the set of unobservable events. An automaton G over Z can be extended to an automaton G’ over Z’, with I: C Z’, as
The transition
function
8’ : 2’ x Q -P Q is defined by
qu,qj =i 6(a,q) q
if if
uE2, aEZ’-Z.
Such a transition function 8’ will be called (Z’-X)-null. Our objective is to design a controller (or supervisor) whose task is to enable and disable the controllable events based on a record of occurrences of the observable events such that the resulting closed-loop system obeys some prespecified operating rules. Formally, a supervisor is a pair
S=(S,#), where S = (Z, X, 6, x,,, X,) is an automaton 5: Z X X+
in which
X (pfn) is EUO-null,
%(s, qo)! means that 6(s, 9,,) is defined.
OBSERVABILITY
OF DISCRETE-EVENT
175
SYSTEMS
and J, : Z X X + { 0, l} is the feedback map, satisfying
4(%X) =l
J1(v4
E
(091)
if
uEZZ,,,
if
uEZ,,
xEX, xEX.
S is considered to be driven externally by the stream of event symbols generated by G; while in turn, with S in state x, the events u of G are subject to the control #(a, x). If $(a, x) = 0, then u is “disabled’ (prohibited from occurring), while if #(u, x) = 1, then u is “enabled” (permitted but not forced to occur). In this way there results a closed-loop feedback structure S/G, called the supervised discrete event system. S/G is itself an automaton
where([x6)#:ZxXxQ+XxQisdefinedas*
(~xq+C(~,x,q)=
(t(u,x),a(u,q))
if 44~~~)=I,
undefined
if
Following [8], we say that a supervisor three conditions
#(u.x)
=O.
S = (S, 4) for G is complete if the
(1) s E US/G), (2) su E L(G), i.e. &(~a, qO)!, (3) $(u,E(s,x,)) =l, i.e. u is enabled at [(s,x,), together imply that (4) su E L(S/G),
i.e. [(su, x,)!.
It will always be assumed (or guaranteed) that S is complete. of S/G is described by the languages L(S/G) and L,(S/G). supervisor S is proper if L,(S/G)
= L(S/G).
*(E(o, x). 6(0, x))! iff both [(o, x)! and 6(0,4)!.
The behavior A (complete)
176
F. LIN AND W. M. WONHAM
We shall need the following notation &nd definitions. If X is a set and 9 an equivalence relation on X, then for x E X we write 0[ x] for the coset (equivalence class) of x mod 8. The index of 6 (cardinality of the quotient set X/e) will be written l/Q. Let B and p be two binary relations on X. We write II Q p (a refines p) if
* (%Y)“P*
(x,y)-
(vx,_+x)
Let E(X) denote the lattice of all equivalence relations on X, under the partial ordering ( d ). If 8,fP E E(X),the meet 8 A 8’ E E(X) is given by (x,y)
~f3~8’
iff
(x,y) iff thereexist
k>Oand
(x,y)
~6’ and (x,y)
~8’,
EBVB’
~~z~,...,z~~Xsuchthat (X,Zi) EB
or
(X,Zi) EB’,
(ri,~)
Ed
or
(z1.z2) Eo’,
(zk,y)
E@ or
(zkry) E@‘.
An equivalence relation 6 on 2* is a right congruence if3 (Vs, s’, t
E
z*)
s =s’ (mod 0) *
st =s’t
(mod 0).
Given an automaton G= (Z,Q, 6, q,,,Q,), we define a right congruence eq(G) on 2*, called the equiresponse reiation -of G [4], by4 _ s=s’(modeq(G))
iff
6(s,qO)
=6(.s’,qO).
Conversely, if 8 is a right congruence on Z*, then the following automaton G can be defined:
G=(Z,Q,~,a,>Q,),
‘If B is an equivalence relation, we may write s = s’ (mod 8) for (s, s’) E 8. “If 6(s, 90) is undefined, then S(S, 9,,) = 6(s’, 90) iff (a(~‘, %) is also undefined
OBSERVABILITY
OF DISCRETE-EVENT
SYSTEMS
177
where
S(uJ[s])
:=B[sa], @):=8[1].
Clearly, eq(G) = 8; and Q, can be designated arbitrarily. Let 2, z Z. The projection P: Z* --, Z,* is given by Pl=l, Pa=l,
UEZ-XZo,
Pa=o, P(su)
UEX,,
= P(s)P(u),
SEX*,
UGX.
For s. s’ E Z* define s = s’ (mod kerP) if Ps = Ps’. Clearly kerP is a right congruence on I: *. For a language L c E*, the right congruence = (mod L), viz. Nerode equivalence, is defined by L)
s=s’(mod Given
iff
(Vt~2*)
st~L
w S’~EL.
K c L,,,(G), for s E Z* define the active event set
(QP:suEK}
if
sEK,
otherwise. and the inactive event set u:su~L(G)-K}
if
SEE,
otherwise. Finally,
the binary
(i) AK(S)nIAK(s’) (ii) sEKnL,(G)
relation =0=
act,
on Z* is defined as (s,s’) E act, iff
+(s’)nIA,(s),
AS’EK~L,(G)
and a
(SEK
CJ
s'EK).
178
F. LIN AND W. M. WONHAM
Equivalently,
for all s, s’ E Z*, (s, 3’) E act,
iff
(i) (Vu) su E K A s’ E K A s’u E L(G) * s’u E K, and (ii) SEK r\s’EKnL,(G) =+. s’EK,and (iii) (i) and (ii) hold with s and s’ interchanged. We note that act, but not transitive.
2.
is a tolerance relation on Z*, i.e. is reflexive and symmetric
OBSERVABILITY
In this section, we obtain a necessary and sufficient condition for the existence of a supervisor S for G such that L,(S/G) = K. We assume that G is trim, i.e., G is reachable and L,,,(G) = L(G). We first prove the following lemma. LEMMA 2.1. Given a language K, 0 # K c L,,,(G). There exists a proper supervisor S such that L,,,(S/G) = K if and only if the following conditions are both satisfied: (1) KZ,, n L(G) G K. (2) There exists a right congruence y such that kerP
act,.
Proof. “ Only if ‘: Let S = (S, +) be a proper supervisor = K. By Theorem 6.1 of [8],
such that L, (S/G)
KZ,, n L(G) c i?. Define
y = es(S).
Since 5 is Z,, -null, kerP 6 y.
Finally, to show that y < act,, let s = s’ (mod y). If either t(s, x0) or [(s_I, x,,) is undefined, then (s, s’) E act, is automatic. Otherwise we have s, s’ E K and write x = [(s, x0) = [(s’, x0).
OBSERVABILITY (i)
OF DISCRETE-EVENT
We claim that AK(S)nIA(d)
(3u
E
SUEK
2)
=0. A
179
SYSTEMS Otherwise
S’EK
A
s'eL(G)-K.
If $(a, x) =l, then s’u E L(S/G) A s’u 6%K, and therefore L(S/G) f K; whereas if $( u, x) = 0, then su @ L(S/G)A suE K,and therefore L(S/G) + E. But then L,(S/G)# K, a contradiction. Similarly, AK(s’)nIA,(s) = 0. (ii) If SEK~L,,,(G) A dEKnL,(G) then ~'EKcL(S/G), so that S(s’, q,,)! and ((s’, x0)!, and then
SEK
*
x=~ts,x,)=5(s',x,)EX,,
S'EL,,,(G)* hence s’ E
6(s',q,) E Q,;
K. Similarly s’ E K * sE K. Hence
scKnL,(G)
A dEKnL,(G)
*
(SEK - s'EK)
“If”: Let y be a right congruence such that kerP < y < act,; s = (Z, X, t, x0, X,) be the automaton with eq(S) = y and with
x,:={x:xEx
A (3s)
SEK
A [(s,xo)=x}
For all x E X, let Z~:=U{IA,(s):5(s,x,) ~‘,:=i_j{A,(s):.$(s,x,) Then y < act,
=x}, =x}.
implies Zz n Xl, = 0 ; furthermore KZ,,nL(G)
cK
implies
Z~CZ,..
So we can define $: 2 X X-,
{O,l} to be any function
such that
Because E is a total function,
S = (S, 4) is a complete supervisor
for G.
and let
180
F. LIN AND W. M. WONHAM
Next we show that L(S/G) = K, using induction For UEZ.
UEK
*
UEL(G)
A Ada,
*
UEL(G)
A $(u,xo)
*
UE L(S/G).
on the length of words.
(KG =l
L(G))
(definition
of $)
On the other hand, u E L(S/G)
*
UEL(G)
A $(a,~,)=1
*
UEL(G)
A u@IA,(l)
(definition
*
UEL(G)
A &L(G)-i?
(IEK)
*
UEK.
NowsupposethatforaIls,Isl,
SUEK * *
S+ sEK.FixswithIsl=n
WEL(G)
A
USA,
A
SEE
SUEL(G)
A
u~A~(s)
A
SEL(S/G)
(induction 2
A $( u,x) =l
SUEL(G)
hypothesis)
A SE L(S/G) (definition
*
of +)
of Ic/)
su E L(S/G).
Conversely, su E L(S/G)
=a
SEL(S/G)
*
ski?
A
sueL(G)
A uEIA,(s)
*
SEE
A
SUEL(G)
A
*
SaEK.
A
SUEL(G)
A
$(a,~)=1
suzL(G)-K
(induction
hypothesis
and definition
of 4)
OBSERVABILITY Finally, have
OF DISCRETE-EVENT
to prove that S is proper,
s E 472(S/G)
we must show that L,(S/G)
-
SEL(S/G)
A
SEL,,,(G)
=a
SEL(S/G}
A
eL,(G)
A
181
SYSTEMS
(3s’) (~‘EK
= K. We
tfs,--q,)EXm
A
A .$(s,xO)=~(s’,xO)) (by definition
3
~EL(S/G) A (3s’)
2
A ssL,(G)
(s’EK
~EL(S/G) A (3s’)
A s=S’(mod
S’EK
A ~/EL,(G) *
A sEKnL,(G)
3
SEE
*
s E L(S/G)
--j
s E L,,,(S,'G)
A [(s,+,)
y))
A seL,(G)
But S’E K A s E En L,(G) A (s, s’) E act, the definition of act,. On the other hand .SEK
of X,)
A (s,s’)
E act,.
s E K by condition
(ii) of
i K c L,(G)) E X,
A s E L,(G)
(definition
of X,,,) II
Recall from [8] that a language L(G)] if
ZX,,
K c L,(G)
n L(G)
is controllable [with respect to
c K.
We shall define a language K c L,,,(G) to be P-observable L(G)], or simply observable, if
[with respect
to
ker P < set, . The following
theorem is now immediate,
THEOREM 2.1. Let K be a nonempty sublanguage of L,,,(G). There exists a proper supervisor S such that L, (S/G) = K if and only if K is both controllable and observable.
F. LIN AND W. M. WONHAM
182 Proof.
n
By Lemma 2.1 and the fact that ker P is a right congruence.
We have already shown that a supervisor S = (S, +) can be constructed a right-congruence y on 2* such that
from
kerP < y Q act,.
Since there could be many such right congruences, Let us define
supervisors
are not unique.
such that ker P < y < act, } .
r := { y : y is a right congruence
Because yi E r and y2 E l? do not imply yi V yz E r, we cannot conclude that r has a supremal element. But the following result implies that supervisors exist that are “optimal” in an evident weak sense. THEOREM 2.2.
r has at ieast one maximal element.
Proof. Since ker P is a right congruence, I + 0. Because every chain C c I has an upper bound in I, by Zom’s lemma there exists a maximal element n 0f r.
Our next result casts additional not be used in the sequel. THEOREM
light on the structure of supervisors,
2.3. For all S = (S, $) such that L(S/G)
but will
= IE’,
Proof. For simplicity we write (mod K) etc. in place of (mod = K). Let s, s’ E E. If s = s’ (mod eq(S)) and s = s’ (mod L(G)) but s + s’ (mod K), then
(3 E Z”)
ItI,
A
Let t’o be the longest prefix of t such that
StEK
A
s’teK.
OBSERVABILITY In particular
OF DISCRETE-EVENT
183
SYSTEMS
st’u E L(G). Since eq(,S) and = L(oj are right congruences, st’= s’t’ (mod eq( S))
and
st’u = s’r’u (mod L(G));
hence we can write x = [(st’, x,,) = [(~‘t’, x0) and s’t’u E L(G). By definition of AK(sl’) and IA,(s’t’) st’u E
K
*
u~A~(st’)
and s’t’~K
A s’t’u~L(G)
A s’t’u4i?
*
u~IA~(s’r’).
Finally, u~A,(sr’)
A L(S/G)=K
u~IA,(s’t’) With this contradiction
A L(S/G)=K
*
$(a,~)
*
$(u,x)=O.
=l,
n
the result is proved.
To conclude this section, we show how to deal with a nondeterministic generator G. It has been assumed so far that distinct transitions of G out of any state carry distinct event labels (6: Z X Q + Q). However, the “noisy” or nondeterministic case (8 :2 x Q + 2Q), where labels needn’t be distinct, can be brought within our framework by introducing new unobservable events. For example, suppose we have a nondeterministic transition a as shown below:
a
a <
Then we can introduce
two new unobservable
events (pi. a,
and replace the
184
F. LIN AND W. M. WONHAM
previous
transitions
by the following:
from the supervisor’s point of view the Because (pi, 0~~ are unobservable, transition (Y is still nondeterministic. However, in the formal description of G the transitions LY,CQ, LT~are now deterministic.
3.
SUPERVISORY
CONTROL
AND OBSERVATION
PROBLEM
Let Z,, = Z, U Z,, and let T be the projection Z + ZzO, i.e., T erases all the events that are neither controllable nor observable (hence cannot be manipulated or processed by the supervisor). Since in this section only the language L(S/G) will be synthesized, we assume that all the languages introduced are closed. Following [8], let languages A, E c Z,* be given with
Ac
EcTL(G).
We interpret E as “legal behavior” (i.e., each word of E is a “legal task”), and A as “minimal acceptable behavior” (i.e., control of the plant G in such a way that a language smaller than A is generated is considered inadequate). The condition A, E c Z,*, amounts to assuming that a specification involving the uncontrollable and unobservable events can typically be restated as a specification involving only the controllable or observable events. We now introduce the SUPERVISORY CONTROL
supervisor
AND OBSERVATION PROBLEM (SCOP).
S for G such that A G TL(S/G)
L E.
Construct
a
OBSERVABILITY
OF DISCRETE-EVENT
To discuss the solvability L G TL(G) E ZTO,
of SCOP, we define,
for a (closed)
_C( L) := { K: KC L and K is closed and controllable Q(L)
185
SYSTEMS
:= { K: K 2 L and K is closed and observable
language
w.r.t. TL(G)}, w.r.t. TL(G)}
It is clear from the definition of act, that if the language K is closed, then a fact that we shall exploit condition (ii) for act, is satisfied automatically, throughout this section. Also, in this section all the languages involved and observability are to [A, E, TLjG), etc.] belong to ZTO,,and controllability be understood with respect to TL(G). Hence the relevant superset of events is Z,, rather than Z. It was shown in [8] that _C(L) is a nonempty class of languages that is closed under arbitrary unions. Hence SuPa L) exists and is the supremal controllable sublanguage contained in the given language L. Notice that sup_C(L) c TL(G) c IX&. Dually we have the following. PROPOSITION 3.1. Q(L) arbitrary intersection.
is a nonempty class of languages that is closed under
Proof. Since TL(G) EQ(L),Q( closed under arbitrary intersection,
L) is nonempty. To show that let Kl, K, E Q(L), i.e.
K, is closed
A
K, 2 L
A
kerP < aCtK,.
K, is closed
A
K, 2 L
A
ker P d act,,.
Q(L)
is
Then K,nK,
isclosed
K,nK,zL.
A
It remains to prove that kerP G actKIn K2. Let s, s’ E Z$ consider condition (i) for actK, n x,:
with Ps = l’s’, and
(9 A ~,n~,(s)nIA,~,.~(s’)=0. If this condition sa~K,nK,
fails, then for some u E Z,,, A
s’sK,nK,
A
~‘0. E
TL(G) - K, n K,
186
F. LIN AND W. M. WONHAM
Also s’uETL(G)-K,nK,
w
s’uETL(G)
(s’aeZKK, v s’a@K*).
A
If s’u Z K,, then SOCK,
A
s’EK~
A
s’uETL(G)-KI,
namely,
which contradicts
the hypothesis
ker P < actK,. If
A&) which contradicts reasoning
qi
K,, simihrly
+0,
the hypothesis ker P < actK,, so (i) is true after all. By similar
From the above proposition, infimal observable sublanguage infQ(L)G TL(G)GZ,*. THEOREM
nIA&‘)
S'U
we conclude that infQ( L) exists and is the containing the given language L. Of course
3.1. SCOP is solvable if and onb if infQ(A)
G sup_C( E)
The proof of this theorem requires three lemmas. LEMMA 3.1. For a given language CC(L)
L s TL(G),the set of languages
:= { K: K a L and K is closed and controllable
w.r.t.
TL(G)}
is nonempty and closed under arbitrary interactions.
KI
Proof. We have TL(G) E CC( L). If n K, is closed, and
K,,K, E CC(L),then KI n K2 a L,
(K,nK,)Z,,nTL(G)=K,Z,,nK,Z,,nTL(G)cK,nK,.
n
OBSERVABILITY
OF DISCRETE-EVENT
187
SYSTEMS
By Lemma 3.1, inf CC(L) exists and is the infimal closed controllable sublanguage of 7X.(G) containing the given language L. It can even be written down explicitly, as follows. LEMMA 3.2. = TL(G) n LZ$
inf CC(L)
Proof. Write M = TL(G)n LX*,,. Clearly M 2 L and show that M is controllable w.r.t. TL(G), we have MX,, n TL(G)
= TL(G)Z,,
n LZp,,
M is closed.
To
n TL(G)
c LX:, n TL(G) = M. If now K a L and K is closed and controllable LX,, n TL(G) and by induction
w.r.t. TL(G), then
G KZ,, n TL(G)
G K,
on r it follows that LX:, n TL(G)
= LZ:;‘Z,,
n TL(G) c K,
so that M c K, i.e., M is infimal.
n
LEMMA 3.3. If L c TL(G) is observable, then inf CC( L) is also observable. Proof. Write M = TL(G) n LX,*,. By Lemma 3.2 we need only show that ker P < act,
*
kerP < act,.
Assume ker P Q act, and s, s’ E Z*,, with Ps = Ps’. We check condition (s,s’) pacts. If A,(s)nIA,(s’)#lzr, then for some UEZ~~, SOEM
A
S’EM
A
(i) for
s’aETL(G)-M.
By controllability of M, s’ E M A s’u 66M implies u E Z,,. Hence su E L and s’u B L. We claim that s’ E L. Otherwise, if ~‘4 L, let w’u’ be the longest prefix of s’ such that w’ E L A w’u’E L. Then s’ E LX,*, =. a’ E Z,,. * a’ E X,. So there exists a prefix wu’ of s such that Pw = Pw’. Since L is
F. LIN AND W. M. WONHAM
188 observable, Pw = Pw’ A wa’gTL(G) But this contradicts
A w’u’ETL(G)
A
namely, A,(s) O IA, (3’) # 0. act,. Similarly, A,,,,(s’)OIA,(s)
.s’EL
A
if’:
2.1, TL(S/G)
is controllable
infQ(A)
the assumption
If SCOP is solvable,
A c TL(S/G)
If infQ(A)
W’U’E L.
s’uETL(G)-L,
This contradicts =0.
Proof of Theorem 3.1. “Only supervisor S such that
“If’:
*
the fact that w’u’E L, so that s’ E L after all. Therefore
SUEL
By Theorem
A WU’E L
that ker P <
then
there is a
c E. and observable.
c TL(S/G)
Hence
c sup_C( E).
c sup_C( E) then infQ( A) c inf CC (infQ(
A)) c sup_C( E)
Now K := inf CC(inf Q(A)) is controllable by definition, Lemma 3.3. The result follows by Theorem 2.1.
and is observable
by n
The requirement in this section that the relevant languages be closed cannot be dropped. If they are not closed and for L c TL,(G) we consider instead of CC(L) the family NCC ( L) := { K : K 2 L and K is controllable then inf NCC( L) need not exist. Suppose for instance ~=~,={%fi,Y}, L,(G) Since
&= =l+ap+clly,
{P?Y>,
w.r. t. TL, (G) } , that &=
{a)?
L=l.
(YE LX, f~ L(G) and a +ZL, L is not controllable.
Because
L,,,(G) is
OBS~RVABILI~ controllable, the possible
OF DISCRETE-E~NT
1x9
SYSTEMS
if inf NCC(L) exists then L c inf NCC( L) c L,,(G). candidates for inf NCC( L) ue
Therefore
but none of these is infimal. The following example shows that if A and E are not closed, a solution SCOP need not exist. even if A is observable and E is controllable. Let
x= {%P},
&={a},
L,(G)= fl+B)dr as displayed
T= (8).
L,(G)
=L(G)-(1).
below:
c We take
Now ii-=
{LP},
so A = An L,,,(G), i.e., A is L,(G)-closed. A,fI) A,(P) hence A is observable.
= Pt =a,
PEL,(G), Also IA,(I)
= a,
IA,(B)
=cu;
However, as
P E .%
a!EE,,,
@a E L(G) - A,
to
190
F. LIN AND W. M. WONT
A is not controllable.
Next, since E = L(G), E is controllable; CY,J3CYE E,
&(a) A,(P)
Pa=a= IAE(~)
=a,
%(@a)
= {B}s
P(/?a),
= its)> =a,
it follows that E is not observable. Thus neither A nor E is a solution of SCOP. Finally, AcKcE,
however, as
if
A#K#E,
then K=Kl:=/3+a
or
K=&:=/34-/3~&,
but neither Ki nor X2 is controllable, and we conclude that SCOP is not solvable. Of course, if E is replaced by E = L(G), then SCOP is trivially solvable by E, and nontrivially by
In general, if E is not closed, SCOP may fail to be solvable simply because E has too few sublanguages. 4.
SUPERVISORY
CONTROL
Recall from [6J that a language L(G) and P] if
AND NORMALITY K, KC L(G), is nor~naf [with respect to
K=L(G)nP-“P(K). K is normal just when it is the largest sublanguage of L(G) whose projection is P(K), and so is determined uniquely by its projection. Intuitively, therefore, one expects normality to be stronger than observability. In fact we have PROPOSITION 4.1. Let K be a closed or an L, (G)-closed subTanguage of L(G). If K is normal than K is observable. Proof. Suppose K = L(G)n P-‘P(K). Let s, s’ E Z* with Ps = Ps’. We show that (s, s’) E act K by checking the two conditions for act K.
OBSERVABILITY
OF DISCRETE-EVENT
(i) We claim that A,(s)
191
SYSTEMS
CIIA, (3’) = 0 . Otherwise su E K A s’ E K and s’e E L(G) - K.
(3UEZ)
But S’Q E L(G) and P(s’a) = P(su) E PK imply s’u E L(G)fl P-lP(K) K, a contradiction. Similarly, A, (s’) O IA, (s) f 0. (ii) By definition, if K is L,,,(G)-closed, then
=
K=hL,(G) and condition closed.
(ii) holds automatically.
Similarly,
the result is obvious if K is H
A controllable language, even one that is closed, need not be normal; normal does not imply that sup_C( E) is normal. For instance let
and E
and -L(G) = Pa + XPv, Then
E=&
E is closed and normal but controllable,
VY.
while
sup_C( E) = h/Q is closed and controllable but not normal. Similarly, a closed and observable language instance let z= (i.e. PA = Pp -1);
{%P,h,P},
%=
need
{%P>
and let L(G) = (l+X+p)“+P, J=l+/.&+/.&a,
K=l+cx+X+k.
Then K is closed and observable, PK=l+a=PJ,
not
be normal.
For
F. LIN AND W. M. WONHAM
192 but
L(G) n P-‘PK = J + K, namely, K is not normal. The class of normal sublangnages of L(G) (for a fixed projection P) is algebraically better behaved than the observable sublanguages, as illustrated by the following proposition, whose proof may be left to the reader. PROPOSKTION 4.2. Let 3 c L(G), and consider the classes of languages
FJ(B) := {K
C
BIZ is normal),
CN ( B) := {K c BI K is closed and normal},
RCN f B) := {K c B/ K is ~~{G)-closed
and li- is normal} .
Then IV(B), CN( B), and RCN( B) are closed under arbitrary unions. In particular, zj_X( B) ~nu!s /or any of these classes, then 0 E _X( B),namely _X(B)# 0, and therefore sup_X( B) alwaysexists in _X(B). n It follows from Propositions 4.1,4.2 and the definition of controllability the class IZ( B) of sublanguages of B c L(G) defined by
that
_z(B):=_C(B)nz(B) = {K c Bi k- is normal,
I(: is L,(G)
is closed and controllable}
is nonempty and closed under arbitrary unions. Thus z(B) constitutes a natural and convenient class of sublanguages to be considered as candidates for the solution of problems of the type of SCOP. For instance, with A E E c L(G) given, the condition
sup’(E) a A is necessary and sufficient for the existence of a solution to SCOP in _Z(E), and is thus sufficient for the existence of a solution to SCOP with no particular restrictions placed on A and E.
OBSERVABILITY 5.
OF DISCRETE-EVENT
SYSTEMS
193
EXAMPLES
EJ$AMPLE
1. Consider
a rail network with two stations (0,l):
-station
station
0
1
Let Gj be the “process” that generates trains that depart from station i for j (event d;‘) and arrive at j from i (event u{). Let Z;l := { a_l, dj }. In the absence of further restrictions, the language generated by Gj would be
L(GJ’)={wEZ:
:
WI(w)
Q
WI(w)}
Suppose for simplicity that control is imposed by supervisor Sj, say, so that at most one train is running from i to j at any time. The sequence of arrivals and departures at station 0 is now determined by the generator
where 6:,’ refers to G,’ controlled
by the S,/, namely
L(Q)
-o*.
Consider a control for station 0 that enforces the capacity constraint that at most two trains be in the station at any time. Assume that this controller, S,, say, will only observe events that occur at station 0, i.e.,
and can only control the departure Z,=
of a train, i.e., {d&d,“}.
On the assumption that initially one train is present at station 0 and no trains are en route, the constraint is expressed by the legal language E,, c Z*
194
F. LIN AND W. M. WONHAM
having the transition structure
with adjunction of a self-loop at each state, labeled &. It can be shown that the language L(G)n E, is both controllable and observable. By Theorem 2.1, there exists a supervisor S such that L(S/G)
= L(G)n
E,.
In fact, we can take S = (S, \I/) where 5’ is the generator for E, as given above and # is defined as x Xl x2 x3
(7= 4 0 1 1
d! 1 1 0
EXAMPLE 2. A production system consists of a workshop and an inventory. Raw materials are ordered from the dealer and delivered to the inventory and then sent to the workshop when they are required:
? dealer t
workshop
OBSERVABILITY
OF DISCRETE-EVENT
195
SYSTEMS
We consider the problem of inventory control. Assume that there are two types of raw materials, 1 and 2. The inventory has a capacity of n units. The order size is n, units for type i. Raw material is sent to the workshop in unit amounts. To model and control the system, we designate the following events: cxi: type-i material is ordered from the dealer; /3, : type-i material is delivered to the inventory: y, : type-i material is sent to the workshop. Suppose that the controller (supervisor) is located at the inventory site whereas material is ordered from the workshop site, and assume that the controller observes only events that occur at its site, i.e. Z,={&,y,:i=1,2}. Assume
that the controller
can disable y, as well as OL,,i.e. Z,=
{a,,y,:i=1,2}
Assume finally that each order is filled with negligible realized by the following:
In the transition diagrams, a self-loop labeled adjoined at each node. Our task is to design a controller so that:
time delay. Hence G is
{ yl, yz } is understood
to be
(1) The (virtual) quantity k of raw material in the inventory never exceeds the inventory’s capacity, i.e. 0 Q k G n. (2) Type-l material has priority over type 2, i.e., whenever k > m for some fixed threshold m c: n, type-2 material is rejected, i.e. cannot be added to inventory.
196
F. LIN AND W. M. WONHAM
The legal language E is determined by these two rules. In case n, = n2 = 3, n=8, m=3 9 we have E = E'n L(G),where E' is realized by the following generator:
To specify A, we impose the following minimal loop system:
requirements
on the closed-
(3) The situation k = n is possible, i.e., the inventory can be fully utilized. (4) Whenever k < m, type-2 material will not be rejected. For the listed parameter
‘i
‘i
values, A is realized by the following generator:
Y.
1
‘i
It can be checked that A is observable, controllable, but sup _C(E) = A.That is, infQ(A)
'i
'i
'i
i.e. inf Q(A) = A; while
‘i
E is not
=A=sup_C(E).
By Theorem 3.1, SCOP is solvable. A supervisor S = (S, J/) can be modeled on the inventory structure as follows. S has n +l states, X= {x0,x1 ,..., x, }, x0 is the initial state, and every state is marked The state transitions are the following: (a) If the current state is x.4 and material inventory, then the next state is xk+,, .
of type i is delivered
to the
OBSERVABILITY
OF DISCRETE-EVENT
197
SYSTEMS
(b) If the current state is xk and material of type i is sent to the workshop, then the state changes from xk to xk _ 1. The state feedback
map $( u, x) is defined as follows:
(i) at state x0 disable y,, (ii) at state xk, k > m, disable q, (iii) at state x, , disable a,. In case n, = n2 = 3, n = 8, m = 3, the supervisor has the following structure: a
x = xg
a2
1 0 1
Y2
0
a1 Yl
6.
Xl
x2
1 1 11111111 1 1 11111111
x3
x4
x5
X6
Xl
xn
1
1
1
1
1
0
1
0
0
0
0
0
CONCLUSION
A definition of observable language was framed in the setting of the discrete-event system theory of Ramadge and Wonham. Under certain restrictions, the existence problem for a supervisory controller (respecting both controllability and observability constraints) was solved abstractly. It was pointed out that the “normal” subclass of the observable languages has certain advantages as a source of control solutions. In future papers the computational aspects of the theory and more substantial application will be reported. 7.
BIBLIOGRAPHICAL
NOTE
The results reported herein were essentially completed in April 1986, and presented at that time in the second author’s graduate seminar ELE1637S. We note that a similar definition of observable language was reported independently by Cieslak et al. [3]. The supervisory control and observation problem (SCOP) solved herein does not, however, appear in the Cieslak report. REFERENCES 1. F. Andri, D. Hennand, and J.-P. Vejus, Synchronization of Parallel Programs, MIT Press, Cambridge, Mass., 1985. 2. G. van Bochmann, Concepts for Distributed System Design. Springer. Berlin, 1983.
198
F. LIN AND W. M. WONHAM
3. R. Cieslak, C. Desclaux, A. Fawaz, and P. Varaiya, Supervisory Control of Discrete Event Processes with Partial Observations, Memo No. UCB/ERL M86/63, Electronics Res. Lab., Coll. of Engrg., Univ. of Calif., Berkeley, 7 August 1986. 4. M. A. Harrison, 1965. Introduction to Switching and Automata Theoty, McGraw-Hill, New York, 1965. 5. C. A. R. Hoare, Communicating Sequential Processes, Prentice-Hall, Englewood Cliffs, NJ., 1985. 6. F. Lin and W. M. Wonham, Decentralized Supervisory Control of Discrete-Event Systems, Systems Control Group Report 8612, Dept. of Electrical Engineering, Univ. of Toronto, 1986; Inform. Sci., to appear. 7. P. Milner, A Calculus of Communicating Systems, Lecture Notes in Computer Science, No. 92, Springer, Berlin, 1980. 8. P. J. Ramadge and W. M. Wonham, Supervisory Control of a Class of Discrete Event Processes, Systems Control Group Report 8311, Dept. of Electrical Engineering, Univ. of Toronto; SIAM J. Control Optim., to appear. [For a summary version see Lecture Notes in Computer Science, No. 63, Springer, Berlin, 1984, pp. 477-498.1 9. P. J. Ramadge and W. M. Wonham, Modular Feedback Logic for Discrete Event Systems, Technical Report No. 48, Information Sciences and Systems Lab., Dept. of Electrical Engineering, Princeton Univ., 1985; SIAM I. Control Optim., to appear. 10. P. J. Ramadge and W. M. Wonham, Modular supervisory control of discrete event systems, in Proceedings of the Seventh International Conference on Analysis and Optimization of Systems, Antibes, June 1986, in Analysis and Optimization of Systems (A. Bensoussan and J. L. Lions, Eds.), Lecture Notes in Computer Science, Vol. 83, Springer, New York, 1986, pp. 202-214. 11. W. M. Wonham, 1985. On control of discrete event systems, in Proceedings of the Seventh International Conference on the Mathematical Theory of Networks and Systems (MTNS85), Computational and Combinatorial Methods in Systems Theory, (C. I. Bymes and A. Lindquist, Eds.) North-Holland, Amsterdam, 1986, pp. 159-174. 12. W. M. Wonham and P. J. Ramadge, On the Supremal Controllable Sublanguage of a Given Language, Systems Control Group Report 8312, Dept. of Electrical Engineering, Univ. of Toronto, 1983; SIAM I. Control Optim., to appear. [For a summary version see Proceeding of the 23 IEEE Conference on Decision and Control, IEEE Control Systems Sot., New York, 1984, pp. 1073-1080.1 13. W. M. Wonham and P. J. Ramadge, On Modular Synthesis of Supervisory Controls for Discrete Event Processes, Systems Control Group Report 8314, Dept. of Electrical Engineering, Univ. of Toronto, 1983. [For a summary version see Proceedings of the International Conference on Computers, .Systems and Signal Processing, IEEE and I.I.Sc., Bangalore, 1984, pp. 500-404.1 14. B. P. Zeigler, Multifacetted Modeling and Discrete Event Simulation, Academic, London, 1984. Received 28 February I987