- Email: [email protected]
event systems
Mathl. Comput. Modelling Vol. 23, No. H/12, pp. 161-173, 1996 Copyright@1996 Elsevier Science Ltd Printed in Great Britain. All rights reserved 08957177/96 $15.00 t 0.00
Pergamon
SO8957177(96)00070-2
State Feedback of Condition/Event B. Department
of Electrical
H. KROGH
and Computer Pittsburgh,
Control Systems
Engineering,
Carnegie
Mellon
University
PA 15213-3890, U.S.A. [email protected]
S. KOWALEWSKI Department of Chemical Engineering, University of Dortmund Process Control Group (AST), D-44221 Dortmund, Germany stefanQast.chemietechnik.uni-dortmund.de Abstract-we consider the problem of synthesizing state feedback control policies for condition/event (C/E) systems where the control signals can be both conditions, which enable and inhibit state transitions, and events, which force state transitions. To represent the causal structure of condition and event feedback, a new feedback composition is defined. An algorithm is presented for synthesizing state feedback policies that keep the state of the C/E system out of a given set of forbidden states. The problem formulation and solution is illustrated for a process control example. Keywords-Supervisory Untimed models.
control, State feedback policies, Continuous-time
discrete event systems,
1. INTRODUCTION The most common approach to feedback control of untimed (logical) discrete event systems is the supervisory control theory of Ramadge and Wonham (RW) [l]. In the RW formulation, events in the controlled system (plant) are enabled or disabled by the controller (szlpervisor) to achieve a desired sequential behavior. The plant and supervisor are both modeled as finite-state automata with complementary input-output behavior: the plant automaton generates events from spontaneous state transitions, while the supervisor automaton accepts events from the plant which force state transitions in the supervisor and change the control input to the plant. ‘Thus, plant automata and supervisor automata in the RW model are different classes of discrete event systems with respect to their input-output behavior. Sreenivas and Krogh introduced condition/event (C/E) sys t ems to provide a single, uniform formalism for modular modeling of untimed discrete event systems [2]. C/E systems are continuous-time discrete event systems with two classes of symbolic-valued input and output signals: piecewise continuous condition signals and pointwise nonnull event signals. In general, both types of signals can be input signals and output signals for C/E systems, as illustrated in Figure 1. State transitions in C/E systems can be enabled or disabled by the condition input signal, and they can be forced by the event input signal. Plants and supervisors in the RW theory correspond to restricted classes of C/E systems as illustrated in Figure 2. Event signals from Research of the first author was supported in part by a grant from Rockwell International. The second author gratefully acknowledges the support of the German Academic Exchange Service (DAAD) which made it possible to perform most of the research described in this paper during a three-month visiting research appointment in 1994 with the Department of Electrical and Computer Engineering, Carnegie Mellon University, Pittsburgh, PA, U.S.A. Typeset 161
by A&@-TBX
B. EI. KROGH AND S. KOWALEWSKI
162
40
Y(t)
v(t)
z(t)
Conditionsignal flow lines e Event signal flow lines Figure 1. C/E system with continuoustime condition and event input-output signals.
Figure 3. General setting of C/E tern feedback control.
sys-
Figure 2. C/E system model of Ramadge and Wonham supervisory control.
Figure 4. State feedback policy and observer as subsystems of the controller.
the plant force transitions in the supervisor and condition signals from the supervisor enable or disable state transitions in the plant. This leads naturally to the question of what consequences will arise if both types of signals are allowed to flow between the plant to the controller and vice versa, as illustrated in Figure 3. In this paper, we consider the synthesis of state feedback control policies for C/E systems when the control objective is to avoid a given set of forbidden states in the plant. In the setting of Figure 3, we regard the control as consisting of two subsystems: a state observer, which identifies the current plant state from the plant output signals; and a state feedback policy, which maps the state trajectory into the two input signals of the plant. This controller structure is illustrated in Figure 4. We assume in this paper that a state observer exists (or the state can be measured directly) and focus on the synthesis of the state feedback policy. In the following section, we define C/E systems and state feedback policies, and characterize the closed-loop dynamics for systems with the controller structure in Figure 4. To model the causal sequence of event feedback based on state transitions in the plant, we define a new feedback composition operator for C/E systems called the sequential event feedback composition (SEFC). In Section 3, we formulate the state feedback problem for forbidden state specifications and present an algorithm that generates all state feedback policies that solve the problem when a solution exists. In Section 4, we present a process control example to illustrate the problem formulation and solution. The concluding section summarizes the results presented in this paper and discusses directions for future research. 2.
C/E STATE TRANSITION AND STATE FEEDBACK
STRUCTURES POLICIES
C/E systems provide a formalism for modeling precisely the behaviors of interconnected discrete-event systems in terms of continuous-time signals. Although the dynamics of C/E systems are untimed in the sense that there is no specification regarding the timing of events, the introduction of continuous-time input-output signals allows one to construct models of physical systems that reflect causality and spontaneity more intuitively than is possible with automatabased models. Moreover, interfaces between C/E systems and continuous dynamic systems can be more easily defined because C/E systems are already defined in a continuous-time setting [3].
State Feedback Control
163
In this section, we define C/E systems and the particular feedback control behaviors considered in this paper. General properties of interconnected C/E systems are discussed in [2]. DEFINITION 2.1. A C/E system is a nine-tuple C = (U, V, X, Y, 2, f, g, h, x0) where U. V, X, Y, Z are finite, .mutually disjoint sets of elements not including 0 (the null or zero event), defined, and output events; respectivel_y, as: input conditions, input events, states, output conditions, f, g, h are functions
function satisfying defined as: f : X x U x V” --+ 2xJ the state transition x E f (x, u, 0) for all x E X, with Vo = V U (0): g : X x U + Y, the condition output function, and h : X :KX x Vo + 20 the event output function satisfying h(x, x, 0) = 0 for all x E X, with Z,, E 2 u (0); and x0 E X is the initial state. Given a C/E system C as defined above and input signals U(O), U(O) defined on [0, co), the set of valid state trajectories and output signals contains all triples of signals (x(e)! Y(a). Z(O)) defined
on [0, co) satisfying 5 (o-)
= x0 E x,
x(t) E f (x (t--) ,u (t-)
7(t))
3
y(t) = g(x(t), u(t)), Z(t) = h (x (t-)
>x(t)> u(t)) 1
where x(o) and y(o) are condition signals and ~(0) is an event signal. In the state transition relation above, t- symbolizes the limit from the left. Condition signals (including the state trajectory) are defined to be right continuous on [0, co). It is also assumed condition and event signals are nonexplosive; that is, they have a finite number of discontinuities on any finite interval. The state feedback policy in Figure 4 maps the state trajectory into condition and event input signals for the plant. Inserting this controller structure into Figure 3 and combining the state observer dynamics with the plant dynamics yields the feedback structure shown in Figure 5 in which the state feedback policy is now seen to play the role of the output functions in the overall C/E system model. To formulate the state feedback control problem, we define the dynamics generating the state trajectory as a C/E state transition structure, and define the state feedback input policy by the functions g(o) and h(o,o), where g(*) maps the state into the condition signal and h(*,*) maps the state transitions into the event input signal. These notions are defined formally in the following paragraphs.
Figure 5. State feedback policy as output functions of an overall C/E system 2.2. A C/E state transition structure (C/E STS) is a five-tuple G = (U V, X, f, x0) with the components defined as in Definition 2.1 for a complete C/E system.
DEFINITION
2.3. Given a C/ESTSG = (U, V, X, f, XO), a state feedback policy is a pair F = (g, h) with g : X -+ U being the condition signal feedback function, and h : X x X - V the event signal feedback function satisfying:
DEFINITION
(i) h(x, x) = 0 for all x E X; and (ii) h(x’,x) = h( x”, x) for all distinct
x, x’, x” E X.
B. H. KROGH AND S. KOWALEWSKI
164
Given a state feedback policy F = (g, h), the inputs to the given C/E STS are determined from the state trajectory as u(t) = g(z(t)) and v(t) = h(z(t-), z(t)). Condition (i) on h in the definition of a state feedback policy guarantees nonzero event inputs occur only when state transitions occur. Condition (ii) indicates the event feedback depends only on the state at the end of the state transition; that is, h(x’, x) depends only on the “current” state 2, and is independent of the state x’ from which the transition began. Since the event signal h in a state feedback policy depends only on the second argument, we will denote the value of the event feedback policy due to a transition to a state 2 E X by h(*, x). Given a C/E STS G and a state feedback policy F, we denote the closed-loop system by G/F. We are interested in characterizing the admissible state trajectories for G/F and the set of all states reached along all possible state trajectories. At this juncture, we discover that if one applies the feedback composition for C/E systems defined by Sreenivas and Krogh [2], the resulting set of state trajectories for G/F would not represent the most natural interpretation of the behavior of the closed-loop system in Figure 4. In particular, since the event feedback policy is intended to force state transitions in the plant based on the detection of state transitions, one finds that the most natural modeling paradigm is to “freeze” time at the instants when spontaneous state transitions occur to allow for the event feedback to force a sequence of instantaneous state transitions. For example, if a spontaneous state transition occurring in the plant, say ~1 -+ x2, leads through the feedback policy h(xl,xz) to the forcing of another state transition 22 + 23 (with no new transition forced by h(x2, x3)), 1 ‘t IS . most natural in an untimed model to ignore the finite time for this transition-control-transition sequence to occur and allow for the forced state transition to occur instantaneously. Thus, in the continuous-time setting of C/E systems, if the state transition in this example occurs at time t 1, the state trajectory (which by definition is a right-continuous condition signal) would assume the values I = zi and I = 23. The system passes through the intermediate state 22 instantaneously, so the zero residence-time in state 52 is not reflected in the continuous-time state trajectory. (We define such states below as transient states.) Under the Sreenivas and Krogh feedback composition for C/E systems, the event feedback signal in this example would not force the transition x2 ---) ~3 since the state transition causing the event input would not be completed when the event input is received; that is, the state trajectory for the Sreenivas and Krogh feedback composition at time tr would assume the values I = ~1 and x(tr) = 52, To define a new feedback composition for state feedback policies which allows for the type of instantaneous sequential behavior described above, we first define the sequences of states that satisfy the state transition relation under the given state feedback policy. DEFINITION 2.4. Given a C/E STS G = (U, V, X, f, x0) and state feedback policy F, a finite or infinite sequence of states xk E X, k = 0, 1,2,. . . is an admissible state sequence for G/F if for all k = 0, 1,2, . . . , xk # Xkfl and either:
(i) (ii)
xk
E f(xk,g(zk),
h(*,
zk))
and
xk+l
E
xk
$
h( 0, xk))
and
zk+l
E f(xk,g(xk),
Moreover,
f(xkr
g(xk),
if the sequence
defined only for k = 0, 1, .
f(Zk,g(xk),
of states is finite length, . . , K,
then
XK
E f(xK,
0); h(*,
01. xk)).
that is, if there is some K > 0 such that xk is g(xK),
h(@, XK)).
The admissible state sequences for a closed-loop system G/F characterize the possible state transitions that can occur at any instant along a state trajectory. Condition (i) in Definition 2.4 pertains to the case when the system remains in a state xk for a finite residence time. This occurs when the event input signal does not force the system to leave state xk. Condition (ii) pertains to the case when the event input signal from the state transition xk-1 --t xk forces another state transition xk + %k+l. In this case, the latter state transition occurs instantaneously and the state 21, is called a transzent state. We note that if condition (ii) is satisfied at x0, the initial
State FeedbackControl
165
state is a transient state and the system makes an instantaneous transition to a nontransient state when the state feedback is applied at time t = 0. Since event inputs force state transitions only when the system cannot remain in the current state, we make the following assumption concerning the state transition function. ASSUMPTION 1. For any given C/E STS G = (U, V! X, f, Q),
fies for each u E U, ‘u E V, z E X, either (i) f(z,u,
the state transition function satis-
w) = f(z,u,O),
or (ii) z $ f(~,u,~).
Conditions (i) and (ii) in Assumption 1 correspond to (i) and (ii), respectively, in Definition 2.4. This assumption introduces no loss of generality since if it is not true for a given C/E STS, ,a new state transition function can be defined satisfying (i) in Assumption 1 whenever u and v are such that 5 E ~(z,u,v)
in the original state transition function. This modification will have no effect
on the closed-loop behavior of the system under state feedback policies due to condition (i) in Definition 2.4. Assumption 1 simplifies the statements of the computational procedures below. The last statement in Definition 2.4 regarding finite-length admissible state sequences indicates that the system must be able to remain in the last state in the sequence indefinitely; that is, the final state must be a nontransient state. We note that the definition above retains the nondeterministic behaviors allowed in general C/E system models. For example, even under forcing of state transitions, the system may make a transition to one of several possible states. To guarantee the state trajectories are well defined for the closed-loop system, we must preclude situations where the state feedback policy leads to the possibility of an infinite-length sequence of transient states. If this could occur, there would be a “burst” of an infinite number of events and time would not advance. Therefore, we define admissible state feedback policies as follows. Given a C/E STS G = (U, V, X, f, zo), a state feedback policy F is ad,missible provided there is no infinite-length admissible state sequence xk E X, k = 0,l. 2, and some K > 0 such that the states xk are transient states for all k > K. DEFINITION 2.5.
Since the set of states is finite, the admissibility of a state feedback policy can be tested by checking whether the event feedback policy can lead to a finite cycle of transient states, in which case this cycle could be repeated indefinitely and the feedback policy would not be admissible. The state trajectories for closed-loop C/E systems under admissible state feedback policies are defined by the following composition operation. DEFINITION 2.6.
SEQUENTIAL EVENT FEEDBACK COMPOSITION (SEFC).
Given a C/13 STS
0) and an admissible state feedback policy F, a condition signal x : [0, co) ---f X G = (U,V,X,f,x with discontinuities at 0 < tl < tz < ... is a state trajectory for the closed-loop system G/F if there exists an admissible state sequence xk E X, k = 0, 1,2,. . . for G/F, such that the subsequence xkO)xkl ) xk2) . . of all nontransient states in the admissible state sequence sa.tisfies z(tl) = xkl, for 1 = 0,1,2,. . . , where to = 0. Given a state trajectory x(o) for a closed-ioop system G/F, an admissible state sequence satisfying the condition in Definition 2.6 for x(o) is said to be an admissible state sequence assoczated with z(o). Since C/E systems are untimed models, a C/E system identifies only the sequence of states along a state trajectory, not, the times at which the state transitions (occur. Therefore there are an infinite number of state trajectories that have the same set of associated admissible state sequences. The following proposition demonstrates that the admissible state sequences completely characterize the state trajectories for a closed-loop system G/F. PROPOSITION 1. Given a C/E STS G = (U, V, X, f, x0), an admissible state feedback policy F,
and an admissible state sequence xk E X, k = 0, 1,2,. . . for G/F, there exists a state tirajectory x(o) ibr G/F such that xk E X, Ic = 0,1,2,. . . i’s associated with x(o). PROOF. Let Xk,, Xk2,. . . be the subsequence of nontransient states in the given admissible state sequence. Define L as the last subindex in the sequence xkl, xk2,. . . if the sequence has finite length; otherwise define L = 00. Note that since F is an admissible state feedback policy, there
B. H. KROGHAND S. KOWALEWSKI
166
is a finite number of nontransient states if and only if the given admissible state sequence has finite length. Moreover, if the admissible state sequence has finite length, the final state in the sequence is nontransient. Define the infinite-length sequence ~0, ~1,. . . by Zl =
xh
forOil
xkr,
for L < 1.
is the sequence of nontransient states extended to an infinite-length sequence Thus, zo,zl,... with a constant value equal to the last nontransient state when the admissible state sequence has finite length. Consider the condition signal x : [0, co) + X defined for I = 0, 1, . . . by z(t) = zl for t E [l, 1 + 1). We claim this condition signal x(o) is a state trajectory for G/F. This follows by observing that the discontinuity points of x(o) are at t = 1,. . . , L, which implies the given admissible state sequence is associated with x(m) as defined in Definition 2.6.
I
Our objective is to design state feedback policies that satisfy specifications on the states that are reached along state trajectories in the closed-loop system, including transient states. Thus, we define the set of reachable states for a closed-loop system G/F, denoted by R(G/F), as follows. DEFINITION 2.7.
Given C/E STS G = (U, V, X, f, x0 ) an d an admissible state feedback policy F, the set of reachable states R(G/F) for G/F is the union of states in all admissible state sequences
for G/F. We conclude this section by showing the set of reachable states R(G/F) the following iterative procedure.
can be computed by
REACH: Given C/E STS G = (U, V, X, f, 20) and state feedback policy F: x0 := (x0) Ic := 0 repeat X”+l := X” u Ic:=k+l until Xk = X”-l R(G/F) := X” end-REACH
a C/E STS terminates.
PROPOSITION 2. Given
procedure
REACH
(UzEXkf(x, g(x),h(., ~1))
G = (U, V, X, f, x0) and a state
feedback
policy
F,
the
PROOF. The proposition follows from the observations that the sequence Xk is monotone increasing with respect to set containment and the set of states X is finite. I PROPOSITION 3. Given a C/E STS G = (U, V, X, f, x0) and an admissible state feedback policy F, the set of states R(G/F) generated by the procedure REACH is the set of reachable states for G/F. PROOF. This proposition follows immediately from Definitions 2.4 and 2.7.
3. FORBIDDEN
STATES
AND
ADMISSIBLE
I
CONTROLS
Our objective is to synthesize state feedback policies that guarantee the plant state for the closed-loop system does not enter a given set of forbidden states, denoted by Xf c X. The problem to be solved is stated formally as the following. DEFINITION 3.1.
forbidden
states Xf
Given a C/E STS G and a set of state feedback policy F such that R(G/F) nXf = 0.
FORBIDDEN STATES PROBLEM (FSP). c X, find an admissible
In general, if there is a solution to a given FSP, the solution is not unique. In this section, we present an algorithm that generates a characterization of all possible state feedback policies that
State Feedback Control solve an FSP in terms of the sets of control
input
167
alternatives that can be applied at each state
of the given C/E STS. Given a C/E STS G = (U,V,X,f,zo), a function Q : X - 2”& defines control alternatives for each state. An admissible state feedback policy F = (g, h) is said to be
DEFINITION
3.2.
in Q (denoted F E @p) if for all x E X, (g(x), h(z))
E Q(x).
Given a C/E STS and a set of forbidden states, the following algorithm generates the control alternatives that characterize all solutions to the FSP (provided the initial state satisfies the condition stated in Theorem 1, below). ADMISSIBLE_CONTROLS: xj
(1 x: x;
Given a C/E STS G = (U. V, X, f, 20) and a set of forbidden states
:= Xf
for each z E Xj Q(x) := u x v, end-for-each k:=O
repeat X’ := 0 for each 5 E X - Xf” @p’“(Z) := ((‘11,u) E u x vo if Q’(x)
1f(z, 21,u) n xf” = 0)
= 0 X’:=X’U{x} Q(x) := u x v,
end-if end-for-each x:+1 := xf” u X’ k:=k+l until X’ = 0 X; ::: Xf” for each x E X - X$ (a(x) := @k(x) end-for-each end-ADMISSIBLE-CONTROLS PROPOSITION 4. Given C/E STS G = (U, V, X, f, x0 ) an d a set of forbidden states Xf c X, the procedure ADMISSIBLE_CONTROLS terminates. PROOF. The proposition follows from the observations that the sequence of sets Xf” is monotone increasing with respect to set containment and the set of states X is finite. I The set of states X; generated by the procedure ADMISSIBLE-CONTROLS is the set of states from which it is impossible to avoid reaching the set of forbidden states Xf under any control action. This fact is stated and proved as the following lemma. x0 ) an d a set of forbidden states Xf c X, Jet Xi > ADMISSIBLE_CONTROLS. If x’ E Xi - Xf . then there exists some K > 0 such that for any control sequence Uk E U, vk E VO, k = 0, 1, . , J: - i, there is a sequence of states xl,. ..,XK, such that xl E f(x',uOrvO),Xk 6 f(~k-lj~k-l~~k-I) for k = 2,. . , K, and xK E Xf.. LEMMA
Xf
1. GivenaC/ESTSG=(U,V,X,f,
be the set of states generated
PROOF.
by procedure
We prove the lemma by proving the following assertion:
if state x’ E Xi - Xf was added
to Xi on iteration k > 0 of the algorithm ADMISSIBLE-CONTROLS, i.e., if x’ E Xs - Xr-lY then the lemma is true for K = k. We prove this assertion by induction on k. Suppose x’ E Xi - Xfo (i.e., k = 1). This implies for all u E U, v E VO, ~(x’,~L,v) n Xf” # 8. Therefore,
168
B. H. KROGH AND S. KOWALEWSKI
for any given uo E U, vo E VO, there exists a state 21 E ~(z’,uo, WO)n Xf”, which implies the lemma is true for K = 1 since Xf” = Xf.
Now, suppose the assertion is true for k = k’ > 1, and - Xfk’, this implies for all u E U, 21E VO,
consider the assertion for k = k’ + 1. If 2’ E X:‘+’ f(z’,
IL,ZI)n Xf”’ # 0. Moreover, since 2’ $ X, ” , it must be the case that for some u E U, u E VO,
f(z’,
21,u) n x?‘-l
= 0, which implies for all u E U, w E VO, f(d,
u,v) n (Xy’ - XF’-‘)
# 8.
Therefore, for any given uo E U, ZIOE VO, there exists a state x1 E f(z’, ~0, ~0) n (Xj’ - X,“‘-l). Since the assertion is assumed to be true for k = k’, for any control sequence uk E U, ‘uk E VO, k = l,..., k’, there exists a sequence of states x2,. . . ,xp+l such that xk E f(xk_1,~k__1,~k_-l) for k = 2,. . . , k’ + 1, and xkf+l E Xf This proves the lemma holds for K = k’ + 1, which proves the induction hypothesis and the lemma.
I
By Lemma 1, if the initial state is in the set X;,
it will not be possible to guarantee a state
trajectory will not enter the set of forbidden states. On the other hand, if the initial state is not in the set X(f, FSP has a solution and all possible solutions are completely characterized by the set of control alternatives generated by the procedure ADMISSIBLE-CONTROLS. These facts are established by the following theorems. THEOREM 1. Given C/E ST’S G = (U, V, X, f, x0) and a set of forbidden states Xf c X, let X; be the set of states and @ the control alternatives generated by procedure ADMISSIBLE-CONTROLS. If x0 E X - X;, any admissible state feedback policy F E @ solves the FSP. Furthermore, if an admissible state feedback policy F E Q, solves the FSP, then x0 E X - Xi. PROOF. Regarding the last statement of the theorem, if F E Cpsolves the FSP, it follows immediately from Lemma 1 that x0 E X - X(f. Now, suppose x0 E X - Xi and that F E @ is an admissible state feedback policy. It must be shown that R(G/F) nXf = 0. We show by induction that for each iteration of the procedure REACH, Xk n X; = 0, which implies the desired result,
since R(G/F)
= X” and Xf C X(f. k = 0:
X0 n X; = {x0} n Xi = 0
(by assumption).
Induction hypothesis: X” n X; = 0 k + 1:
From REACH: Xk+l := X” U
u
f(x,
s(x), f4.7 x))
i XEX”
Since XknX;
= 0 and (g(x), h(z)) E Q(x), for any x E Xk, if x’ E f(x,g(x),
from procedure ADMISSIBLE-CONTROLS
that 2’ $! X;.
. )
h(o, x)), it follows
Therefore, Xk+’ n X; = 0.
I
2. Given C/E STS G = (U, V, X, f, x0) and a set of forbidden states Xf c X, let Xi be the set of states and Q the control alternatives generated by procedure ADMISSIBLE-CONTROLS. The sets of control alternatives Cpgenerated by procedure ADMISSIBLE_ CONTROLS for each state are the maximal sets of controls with respect to set containment which guarantee any admissible state feedback policy F E Q is a solution to the FSP for any x0 EX-XX;. THEOREM
PROOF. Suppose that for some x0 E X - Xi and admissible feedback policy F, there exists a 4 Q. Th is implies from the procedure reachable state x E R(G/F) such that F = (g(a),h(x)) ADMISSIBLE-CONTROLS that f(x, g(x), h(o, x)) n Xi # 0. Therefore, by Lemma 1, F is not a solution to the FSP. I
Thus, in the sense of set containment, the control alternatives generated by procedure ADMISSIBLE_CONTROLS is the maximal solution to a FSP. In contrast to the supervisory control problems formulated in the standard RW framework, there is no notion of a unique maximal control to be applied at each state. Rather, the structure of the C/E STS with the possibility of forcing controls creates a situation analogous to the RW formation with arbitrary control sets considered by Golaszewski and Ramadge [4].
State Feedback Control
169
4. EXAMPLE Consider processes
a tank for liquid material shown in Figure
as it is used for storage or dosing purposes
valve. Both valves can be in only one of two states, open or closed. a heating coil because the stored material can gelatinize at ambient coil has two states,
on (energized)
and 08.
The heating
it is on when the liquid level is below the heating example
in chemical
6. The tank can be filled via an inlet valve and drained
The tank is equipped with temperature. The heating
coil can be damaged
coil. This example
batch
via an outlet
by overheating
is a modified
version
if
of the
in [5,6]. Feed
Valve 1 full
J-5-G
I
’
I
/
medium
Valve 2
D&n Figure 6. Tank example
Figure 7. State graph for tank example.
Figure 7 shows the state graph of the tank model. For simplicity, we assume only one .valve can be operated at a time and control actions (opening/closing of valves or starting/stopping the heating) never happen simultaneously with a change in level range (see Figure 6 for definition of the level ranges). It is possible, however, that one of the valves and the heating coil change states at the same time. The state spill stands for overflow, gel represents the case when the material has gelatinized, oo is the situation when both valves are opened, and burn represents
170
B. H. KROGH
AND
S. KOWALEWSKI
the damaged state of the heating. All other states are named in the following fashion: the first letter describes the state of valve 1: o = open, c = closed; the second does the same for valve 2; the third letter represents the level-range: f = full, m = medium, 1 = low, e = empty; and a fourth letter h shows that the heating is on. At state ~0, the tank is empty, the heater is off, and the valves are closed. Concerning the control of the tank, we assume the following. The valves can be opened and closed by a human operator, but the tank is equipped with an automatic controller which can enable and disable these operations as well as operate the valves automatically. The heating is switched on and off by a supervisory control system so that the tank controller has no influence on it. To represent these assumptions in the C/E model of the tank, the condition input consists of two values: en = enable opening and closing of both valves, and dis = disable opening and closing of both valves. The event inputs are: opvl = open valve 1, clvl = close valve 1; opv2 and clv2 are similar for valve 2. The specific problem is to design a controller for the system described above such that, no matter how and when the operator opens and closes the valves, the process always shows a desired behavior described by the following four specifications: (1) The tank shall not overflow. (2) Both valves shall never be open at the same time. (3) The material shall not gelatinize in the tank. (This failure is possible if the material rests in the tank (both valves closed) and the heating is off.) (4) The heating coil shall not be damaged by overheating. (This can happen if the heating is on for some time while the tank level is low or empty.) It is easy to see that each specification listed above corresponds exactly to one state of the system model: (1) spill, (2) 00, (3) gel, and (4) burn. So, we can formulate the controller synthesis as an FSP and apply the approach introduced in the previous sections. The example nicely motivates a control policy combining condition and event signal feedback and illustrates the resulting phenomena including transient states. First, consider the state ocm in which the tank is being filled and has a medium level. For the controller, it is sufficient to know the state and map it back into a condition signal, g(ocm) = dis, disabling the operator from opening valve 2 and by this preventing a transition to the forbidden state 00. Event signal feedback as a response to a transition to ocm is not necessary: h(*, ocm) = 0. This is different from the situation when the level just reaches the range full. In the model for the open loop system, this corresponds to the spontaneous transition from ocm to ocf (Figure 8 shows a portion of the complete state transition graph). A reasonably designed controller would close valve 1 to prevent overflow in this situation. This means the controller would use the state transition information to force the system into state ccf (illustrated by the dotted arrow in Figure 8) and by this action preempt a spontaneous transition to spill. Forcing is only possible when event signals are fed back. In terms of C/E state feedback policies, the described control behavior corresponds to g(ocf) = en, h(e, ocf) = clwl. In state ccf, however, it is possible that the material will gelatinize (transition to gel). The controller therefore has to react on the transition ocf to ccf again and force the system to cof: g(ccf) = en, h(*, ccf) = opw2. In this case, no preemption by forcing is necessary and it is sufficient to disable the opening of valve 1: g(cof) = dis, h(o,cof) = 0. Figure 9 shows the logical sequence of states in the closed loop system resulting from the control policy described above. It is an admissible state sequence according to Definition 2.4. The transitions to the forbidden states are either disabled (to 00) or preempted (to spill and gel). There are two transient states in this sequence: ocf and ccf. In both cases, the transition leaving the states is forced as a reaction to the transition leading to the state. Figure 10 shows the state trajectory of the closed loop system composed by SEFC. All transient states are eliminated which results in just a spontaneous transition from ocm to cof. The time consumed by the sequence (ocm, ocf, ccf, cof) collapses to an instant.
State
Figure 8. Illustration transitions.
of cause-effect
Feedback
Control
relationship
between
Figure 9. Admissible state sequence ineluding transient states in the closed loop system.
An alternative of h(o,ccf)
to the state
= 0~~2.
This
feedback means
In this case, the spontaneous
feedback
policy
states
could not be applied
ocf and ccf.
this transition
trajectory
resulting
policy above would be to choose h(o, ccf)
because
= opal
in.stead
will open valve 1 as soon as the state
transition
to gel would be preempted, it causes
As soon as the tank becomes
the controller
forcing and forced state
Figure 10. State from SEFC.
the controller
reached.
171
a transient
as before,
cycle consisting
ccf
is
but the
of the two
full, valve 1 will be closed, and as a reaction
will force the opening
of valve 1 which again will result
to
in closing
valve 1, and so on. We now describe feedback
the first iteration the condition spill.
how the procedure
policies for the C/E STS
(k = 0) of the main repeat-untzl
generates
states
Xf
all admissible
= {spill,
loop, the algorithm
that for all states
next state.
This is represented
in which the tank is empty
will find for every state all by Q’(z).
and the heating
gel,
burn, oceh,
Consequently,
cceh, coeh}.
Now, the procedure
are forbidden,
the states
because
is no value of (u,u)
there
leads t,o Xf” = {spill,
represented
which can prevent
the heating
not being in Xf” with Q’(z)
with X;
The first line is for the states those
will determine
that
that a transition
with X; if oceh,
= {spill,
= Xf” and Q(z)
Table
X’ remains
too,
on. This will find
empty
1 shows the resulting
and a@(z).
in X;.
has to be implemented, by Q(z).
= Q’(z).
states,
The third iteration
= 0. Therefore,
00,
cceh, and coeh
from being switched
00, gel, burn, oceh, cceh, coeh, ace, ccc, toe}.
terminates
If a controller
will be started
it
is on, i.e., oceh, cceh,
ace, ccc, and toe have to be added to the set of forbidden
that there are no more states the iteration
the next iteration
s#tates
By doing this,
and coeh, @O(x) = 0 which means there is no value of (u, v) which will guarantee to burn does not occur.
state
00, gel, bzlrm}. In
and event input signal values (u, w) which will not allow any of the forbidden
oo, gel, or burn as a possible
will discover
ADMISSIBLE-CONTROLS
and the set of forbidden
This
we have to choose one unique state feedback
choice is restricted
by the constraint
that
policy from
the state
feedback
B. H. KROGH AND S. KOWALEWSKI
172
Table 1. @a(z) for the example resulting from ADMISSIBLE_CONTROLS. @(spill) = +(oo) = @(gel) = @(bum) = @(oceh) =
*(cceh)
= Q(coeh)
= Q(coe) = *(ax)
= @(toe) =
u x vi @(ocfh) = {(en, clwl), (dis, clvl)} Q(ccfh) = u x vo @(cofh) = {(en, cZw2), (dis, 0), (dis, clwl), (dis, opv2), (dis, cZv2)) @(ocf)
= {(en, clwl), (dis, @(ccf) = {(en, opal), (dis, +(cof) = {(en, cZw2), (dis, +(ocm) = {(en, clwl), (dis,
clwl)} opwl), (en, opw2), (dis, opw2)) 0), (dis, clwl), (dis, opw2), (dis, cZV2)) 0), (dis, opwl), (dis, clwl), (dis, CZw2))
@(ccm) = {(en, opwl), (dis, opwl), (en, opw2), (dis, opw2)) @(corn) = {(en, cZw2), (dis, 0), (dis, clwl), (dis, opw2), (dis, cZw2)) +(ocmh) = {(en, clwl), (dis, 0), (dis, opwl), (dis, clwl), (dis, cZw2)) @(cc&z) = {(en, 0), (en, opwl), (en, clwl), (en, opw2), (en, clw2), (dis, 0), (dis, opwl), (dis, clwl), (dis, opw2), (dis, cZv2)) @(CEO)= {(en,
0), (en, opwl), (en, clwl), (en, opv2), (en, cZ7~2), (dis, 0), (dis, opwl), (dis, clwl), (dis, opw2),
(dis, cZv2)) Q(comh)
= {(en,
cZw2), (dis, 0), (dis, clwl), (dis, opw2), (dis, clw2))
+(ocZ) = {(en, clwl), (dis, 0), (dis, opwl), (dis, clvl), (dis, clw2)) @(ccl) = ((en,
opwl), (dis, opwl), (en, opw2), (dis, 0~2))
+(coZ) = {(en,
cZw2), (dis, cZw2))
O(ocZh) = {(en,
clwl), (dis, 0), (dis, opwl), (dis, clwl), (dis, cZw2))
@(ccZh) = {(en, opwl), (dis, opwl)) +(coZh) = {(en, cZw2), (dis, cZw2)) Table 2. A cycle-free state feedback policy. F(spiZZ)
= F(o0)
= F(geZ) = F(bum)
= F( oceh) = F(cceh)
= F(coeh)
= F(coe)
= F(cce)
=
F(cm) =
{Cd& 0)) F(ocfh)
= {(en, clwl)}
F(ccfh) = {(en, 0)) F(cofh) = {(dis, 0)) F(ocf) = {(en, clwl)} F(4) F(cof)
= {(en, opv2)) = {(dis, 0))
F(ocm)
= {(dis, 0))
F(ccm) = {(en, opvl)) F(com) = {(dis, 0)) F(ocmh) = {(dis, 0)) F(ccrrzh) = {(en, 0)) F(z0) = {(en, 0)) F(comh) = {(dis, 0)) F(ocZ) = {(dis, 0)) F(ccZ) = {(en, opwl)} F(coZ) = {(en, cZw2)) F(ocZh)
= {(dis,
0))
F(ccZh)
= {(en,
opwl)}
F(coZh)
= {(en,
cZw2))
policy has to be free of transient cycles. Table 2 shows an example for a cycle-free state feedback policy. Here, the additional criterion was applied that event feedback shall be omitted whenever disabling of transitions by condition signal feedback is sufficient. We note that the state feedback policy in Table 2 leads to a cycle in which valve 1 is open until the tank is full, then valve 2 is open until the tank is emptied, and so on. The operator is not allowed to intervene once this
State Feedback
cycle is reached. assume
This is due to the simplifying
the controller
immediately
is not able to disable
in case it is turned the controller
the heater.
upon reaching
made in the model.
cannot
allow the operator
Eliminating
might
the empty
to avoid damaging
to interrupt
assumptions
for a more ‘complex system
we
This implies the tank must be emptied state
be turned
or enabled
the emptying
off; and the
together,
the heater
which means
or filling process
the other valve would also have to be enabled, these
In particular,
since the heater
on. We also assume the valves are disabled
the open valve because 00 st,ate.
173
assumptions
once it is full to avoid gelatitiizing,
tank must be refilled immediately
Control
by closing
allowing a transit,ion
would lead to a more realistic
feedback
to the
cont,rol policy
model.
5. CONCLUSIONS This
paper
C/E
systems.
tion
(SEFC)
presents
the formulation
A new feedback is introduced
set of state
trajectories
for closed-loop The difference
sequence responses
composition
The
state
servability framework, specifications
systems
and events,
C/E systems
of the SEFC feedback and observer
in practical
policies
can be measured.
is synthesis
the complete
of supervisory
for the closed-loop
solut,ion are suggested
controllers
for C/E systems
for general
of transition:;
and
above, whereas the feedback
The
constraints
feedback
for the example
developed
The
an instantaneous
loops as instantaneous
the state
composi-
systems.
and Krogh
loops in continuous-state are illustrated
for
from the trajecto-
reflects
of the sequence
system as described
design have not been completely
but steps toward
of Sreenivas
applications
assume
is different
problem
feedback
in practical
is that, the SEFC
views event feedback
control
event
control
under the SEFC
as an idealization
similar to algebraic
feedback
the sequential
using the algorithm
that would occur in a physical
for general
future research
composition,
between the approaches
of transitions
the set of valid trajectories, implications
systems
of a state
the effect of forcing
for closed-loop
rics obtained
control
system
to represent
C/E systems. causal
and solution
The
in Section
4.
problems
for the general in [7]. Another
on
systems. of stat{:
ob-
C/E system direction
to satisfy sequential
for
control
system.
REFERENCES I. P.J. Ramadge and W.M. Wonham, Supervisory control of a class of discrete event processes, SIAM .J. Control Optim. 25, 206-230 (1987). 2. R.S. Sreenivas and B.H. Krogh, On condition/event systems with discrete state realizations, Dzscrete Event Dynamic Systems: Theory and Applications 1, 209-236 (1991). 3. B.H. Krogh, Condition/event signal interfaces for modeling and analysis of hybrid systems, In proc. 8’” International Symposium on Intelligent Control Systems, Chicago, IL, June 1993, pp. 180-185. 4. C.H. Golaszewski and P.J. Ramadge, Control of discrete event processes with forced events, In Proc. 2eh Con& on Decision and Control, Los Angeles, CA, December 1987, pp. 247-251. 5. S. Kowalewski and H.-M. Hanisch, Permissive control of Boolean condition/event systems: Synthesis and limits, In Preprints gth International Symposium on Intelligent Control, Columbus. OH. August 1994, pp. 118--123. G. H.-M. Hanisch and S. Kowalewski, Algebraic synthesis and verification of discrete supervtsory controllers for forbidden states specifications, In Renssellaer’s 4 th Int. Conf. on Comp. Integrated Manufacturznq and Automation Technology, Troy, NY October 1994, pp. 157~162. 7. S. Kowalewski, Synthesis of static controllers for forbidden states problems in Boolean C/E systems using the Boolean differential calculus, In 11 th Internatzonal Conference on Analysis and Optimzzation of Systems, Sophia-Antipolis. France, June 1994, LNCIS 199, pp. 122-128, Springer-Verlag, London, f 1994).
Pergamon
SO8957177(96)00070-2
State Feedback of Condition/Event B. Department
of Electrical
H. KROGH
and Computer Pittsburgh,
Control Systems
Engineering,
Carnegie
Mellon
University
PA 15213-3890, U.S.A. [email protected]
S. KOWALEWSKI Department of Chemical Engineering, University of Dortmund Process Control Group (AST), D-44221 Dortmund, Germany stefanQast.chemietechnik.uni-dortmund.de Abstract-we consider the problem of synthesizing state feedback control policies for condition/event (C/E) systems where the control signals can be both conditions, which enable and inhibit state transitions, and events, which force state transitions. To represent the causal structure of condition and event feedback, a new feedback composition is defined. An algorithm is presented for synthesizing state feedback policies that keep the state of the C/E system out of a given set of forbidden states. The problem formulation and solution is illustrated for a process control example. Keywords-Supervisory Untimed models.
control, State feedback policies, Continuous-time
discrete event systems,
1. INTRODUCTION The most common approach to feedback control of untimed (logical) discrete event systems is the supervisory control theory of Ramadge and Wonham (RW) [l]. In the RW formulation, events in the controlled system (plant) are enabled or disabled by the controller (szlpervisor) to achieve a desired sequential behavior. The plant and supervisor are both modeled as finite-state automata with complementary input-output behavior: the plant automaton generates events from spontaneous state transitions, while the supervisor automaton accepts events from the plant which force state transitions in the supervisor and change the control input to the plant. ‘Thus, plant automata and supervisor automata in the RW model are different classes of discrete event systems with respect to their input-output behavior. Sreenivas and Krogh introduced condition/event (C/E) sys t ems to provide a single, uniform formalism for modular modeling of untimed discrete event systems [2]. C/E systems are continuous-time discrete event systems with two classes of symbolic-valued input and output signals: piecewise continuous condition signals and pointwise nonnull event signals. In general, both types of signals can be input signals and output signals for C/E systems, as illustrated in Figure 1. State transitions in C/E systems can be enabled or disabled by the condition input signal, and they can be forced by the event input signal. Plants and supervisors in the RW theory correspond to restricted classes of C/E systems as illustrated in Figure 2. Event signals from Research of the first author was supported in part by a grant from Rockwell International. The second author gratefully acknowledges the support of the German Academic Exchange Service (DAAD) which made it possible to perform most of the research described in this paper during a three-month visiting research appointment in 1994 with the Department of Electrical and Computer Engineering, Carnegie Mellon University, Pittsburgh, PA, U.S.A. Typeset 161
by A&@-TBX
B. EI. KROGH AND S. KOWALEWSKI
162
40
Y(t)
v(t)
z(t)
Conditionsignal flow lines e Event signal flow lines Figure 1. C/E system with continuoustime condition and event input-output signals.
Figure 3. General setting of C/E tern feedback control.
sys-
Figure 2. C/E system model of Ramadge and Wonham supervisory control.
Figure 4. State feedback policy and observer as subsystems of the controller.
the plant force transitions in the supervisor and condition signals from the supervisor enable or disable state transitions in the plant. This leads naturally to the question of what consequences will arise if both types of signals are allowed to flow between the plant to the controller and vice versa, as illustrated in Figure 3. In this paper, we consider the synthesis of state feedback control policies for C/E systems when the control objective is to avoid a given set of forbidden states in the plant. In the setting of Figure 3, we regard the control as consisting of two subsystems: a state observer, which identifies the current plant state from the plant output signals; and a state feedback policy, which maps the state trajectory into the two input signals of the plant. This controller structure is illustrated in Figure 4. We assume in this paper that a state observer exists (or the state can be measured directly) and focus on the synthesis of the state feedback policy. In the following section, we define C/E systems and state feedback policies, and characterize the closed-loop dynamics for systems with the controller structure in Figure 4. To model the causal sequence of event feedback based on state transitions in the plant, we define a new feedback composition operator for C/E systems called the sequential event feedback composition (SEFC). In Section 3, we formulate the state feedback problem for forbidden state specifications and present an algorithm that generates all state feedback policies that solve the problem when a solution exists. In Section 4, we present a process control example to illustrate the problem formulation and solution. The concluding section summarizes the results presented in this paper and discusses directions for future research. 2.
C/E STATE TRANSITION AND STATE FEEDBACK
STRUCTURES POLICIES
C/E systems provide a formalism for modeling precisely the behaviors of interconnected discrete-event systems in terms of continuous-time signals. Although the dynamics of C/E systems are untimed in the sense that there is no specification regarding the timing of events, the introduction of continuous-time input-output signals allows one to construct models of physical systems that reflect causality and spontaneity more intuitively than is possible with automatabased models. Moreover, interfaces between C/E systems and continuous dynamic systems can be more easily defined because C/E systems are already defined in a continuous-time setting [3].
State Feedback Control
163
In this section, we define C/E systems and the particular feedback control behaviors considered in this paper. General properties of interconnected C/E systems are discussed in [2]. DEFINITION 2.1. A C/E system is a nine-tuple C = (U, V, X, Y, 2, f, g, h, x0) where U. V, X, Y, Z are finite, .mutually disjoint sets of elements not including 0 (the null or zero event), defined, and output events; respectivel_y, as: input conditions, input events, states, output conditions, f, g, h are functions
function satisfying defined as: f : X x U x V” --+ 2xJ the state transition x E f (x, u, 0) for all x E X, with Vo = V U (0): g : X x U + Y, the condition output function, and h : X :KX x Vo + 20 the event output function satisfying h(x, x, 0) = 0 for all x E X, with Z,, E 2 u (0); and x0 E X is the initial state. Given a C/E system C as defined above and input signals U(O), U(O) defined on [0, co), the set of valid state trajectories and output signals contains all triples of signals (x(e)! Y(a). Z(O)) defined
on [0, co) satisfying 5 (o-)
= x0 E x,
x(t) E f (x (t--) ,u (t-)
7(t))
3
y(t) = g(x(t), u(t)), Z(t) = h (x (t-)
>x(t)> u(t)) 1
where x(o) and y(o) are condition signals and ~(0) is an event signal. In the state transition relation above, t- symbolizes the limit from the left. Condition signals (including the state trajectory) are defined to be right continuous on [0, co). It is also assumed condition and event signals are nonexplosive; that is, they have a finite number of discontinuities on any finite interval. The state feedback policy in Figure 4 maps the state trajectory into condition and event input signals for the plant. Inserting this controller structure into Figure 3 and combining the state observer dynamics with the plant dynamics yields the feedback structure shown in Figure 5 in which the state feedback policy is now seen to play the role of the output functions in the overall C/E system model. To formulate the state feedback control problem, we define the dynamics generating the state trajectory as a C/E state transition structure, and define the state feedback input policy by the functions g(o) and h(o,o), where g(*) maps the state into the condition signal and h(*,*) maps the state transitions into the event input signal. These notions are defined formally in the following paragraphs.
Figure 5. State feedback policy as output functions of an overall C/E system 2.2. A C/E state transition structure (C/E STS) is a five-tuple G = (U V, X, f, x0) with the components defined as in Definition 2.1 for a complete C/E system.
DEFINITION
2.3. Given a C/ESTSG = (U, V, X, f, XO), a state feedback policy is a pair F = (g, h) with g : X -+ U being the condition signal feedback function, and h : X x X - V the event signal feedback function satisfying:
DEFINITION
(i) h(x, x) = 0 for all x E X; and (ii) h(x’,x) = h( x”, x) for all distinct
x, x’, x” E X.
B. H. KROGH AND S. KOWALEWSKI
164
Given a state feedback policy F = (g, h), the inputs to the given C/E STS are determined from the state trajectory as u(t) = g(z(t)) and v(t) = h(z(t-), z(t)). Condition (i) on h in the definition of a state feedback policy guarantees nonzero event inputs occur only when state transitions occur. Condition (ii) indicates the event feedback depends only on the state at the end of the state transition; that is, h(x’, x) depends only on the “current” state 2, and is independent of the state x’ from which the transition began. Since the event signal h in a state feedback policy depends only on the second argument, we will denote the value of the event feedback policy due to a transition to a state 2 E X by h(*, x). Given a C/E STS G and a state feedback policy F, we denote the closed-loop system by G/F. We are interested in characterizing the admissible state trajectories for G/F and the set of all states reached along all possible state trajectories. At this juncture, we discover that if one applies the feedback composition for C/E systems defined by Sreenivas and Krogh [2], the resulting set of state trajectories for G/F would not represent the most natural interpretation of the behavior of the closed-loop system in Figure 4. In particular, since the event feedback policy is intended to force state transitions in the plant based on the detection of state transitions, one finds that the most natural modeling paradigm is to “freeze” time at the instants when spontaneous state transitions occur to allow for the event feedback to force a sequence of instantaneous state transitions. For example, if a spontaneous state transition occurring in the plant, say ~1 -+ x2, leads through the feedback policy h(xl,xz) to the forcing of another state transition 22 + 23 (with no new transition forced by h(x2, x3)), 1 ‘t IS . most natural in an untimed model to ignore the finite time for this transition-control-transition sequence to occur and allow for the forced state transition to occur instantaneously. Thus, in the continuous-time setting of C/E systems, if the state transition in this example occurs at time t 1, the state trajectory (which by definition is a right-continuous condition signal) would assume the values I = zi and I = 23. The system passes through the intermediate state 22 instantaneously, so the zero residence-time in state 52 is not reflected in the continuous-time state trajectory. (We define such states below as transient states.) Under the Sreenivas and Krogh feedback composition for C/E systems, the event feedback signal in this example would not force the transition x2 ---) ~3 since the state transition causing the event input would not be completed when the event input is received; that is, the state trajectory for the Sreenivas and Krogh feedback composition at time tr would assume the values I = ~1 and x(tr) = 52, To define a new feedback composition for state feedback policies which allows for the type of instantaneous sequential behavior described above, we first define the sequences of states that satisfy the state transition relation under the given state feedback policy. DEFINITION 2.4. Given a C/E STS G = (U, V, X, f, x0) and state feedback policy F, a finite or infinite sequence of states xk E X, k = 0, 1,2,. . . is an admissible state sequence for G/F if for all k = 0, 1,2, . . . , xk # Xkfl and either:
(i) (ii)
xk
E f(xk,g(zk),
h(*,
zk))
and
xk+l
E
xk
$
h( 0, xk))
and
zk+l
E f(xk,g(xk),
Moreover,
f(xkr
g(xk),
if the sequence
defined only for k = 0, 1, .
f(Zk,g(xk),
of states is finite length, . . , K,
then
XK
E f(xK,
0); h(*,
01. xk)).
that is, if there is some K > 0 such that xk is g(xK),
h(@, XK)).
The admissible state sequences for a closed-loop system G/F characterize the possible state transitions that can occur at any instant along a state trajectory. Condition (i) in Definition 2.4 pertains to the case when the system remains in a state xk for a finite residence time. This occurs when the event input signal does not force the system to leave state xk. Condition (ii) pertains to the case when the event input signal from the state transition xk-1 --t xk forces another state transition xk + %k+l. In this case, the latter state transition occurs instantaneously and the state 21, is called a transzent state. We note that if condition (ii) is satisfied at x0, the initial
State FeedbackControl
165
state is a transient state and the system makes an instantaneous transition to a nontransient state when the state feedback is applied at time t = 0. Since event inputs force state transitions only when the system cannot remain in the current state, we make the following assumption concerning the state transition function. ASSUMPTION 1. For any given C/E STS G = (U, V! X, f, Q),
fies for each u E U, ‘u E V, z E X, either (i) f(z,u,
the state transition function satis-
w) = f(z,u,O),
or (ii) z $ f(~,u,~).
Conditions (i) and (ii) in Assumption 1 correspond to (i) and (ii), respectively, in Definition 2.4. This assumption introduces no loss of generality since if it is not true for a given C/E STS, ,a new state transition function can be defined satisfying (i) in Assumption 1 whenever u and v are such that 5 E ~(z,u,v)
in the original state transition function. This modification will have no effect
on the closed-loop behavior of the system under state feedback policies due to condition (i) in Definition 2.4. Assumption 1 simplifies the statements of the computational procedures below. The last statement in Definition 2.4 regarding finite-length admissible state sequences indicates that the system must be able to remain in the last state in the sequence indefinitely; that is, the final state must be a nontransient state. We note that the definition above retains the nondeterministic behaviors allowed in general C/E system models. For example, even under forcing of state transitions, the system may make a transition to one of several possible states. To guarantee the state trajectories are well defined for the closed-loop system, we must preclude situations where the state feedback policy leads to the possibility of an infinite-length sequence of transient states. If this could occur, there would be a “burst” of an infinite number of events and time would not advance. Therefore, we define admissible state feedback policies as follows. Given a C/E STS G = (U, V, X, f, zo), a state feedback policy F is ad,missible provided there is no infinite-length admissible state sequence xk E X, k = 0,l. 2, and some K > 0 such that the states xk are transient states for all k > K. DEFINITION 2.5.
Since the set of states is finite, the admissibility of a state feedback policy can be tested by checking whether the event feedback policy can lead to a finite cycle of transient states, in which case this cycle could be repeated indefinitely and the feedback policy would not be admissible. The state trajectories for closed-loop C/E systems under admissible state feedback policies are defined by the following composition operation. DEFINITION 2.6.
SEQUENTIAL EVENT FEEDBACK COMPOSITION (SEFC).
Given a C/13 STS
0) and an admissible state feedback policy F, a condition signal x : [0, co) ---f X G = (U,V,X,f,x with discontinuities at 0 < tl < tz < ... is a state trajectory for the closed-loop system G/F if there exists an admissible state sequence xk E X, k = 0, 1,2,. . . for G/F, such that the subsequence xkO)xkl ) xk2) . . of all nontransient states in the admissible state sequence sa.tisfies z(tl) = xkl, for 1 = 0,1,2,. . . , where to = 0. Given a state trajectory x(o) for a closed-ioop system G/F, an admissible state sequence satisfying the condition in Definition 2.6 for x(o) is said to be an admissible state sequence assoczated with z(o). Since C/E systems are untimed models, a C/E system identifies only the sequence of states along a state trajectory, not, the times at which the state transitions (occur. Therefore there are an infinite number of state trajectories that have the same set of associated admissible state sequences. The following proposition demonstrates that the admissible state sequences completely characterize the state trajectories for a closed-loop system G/F. PROPOSITION 1. Given a C/E STS G = (U, V, X, f, x0), an admissible state feedback policy F,
and an admissible state sequence xk E X, k = 0, 1,2,. . . for G/F, there exists a state tirajectory x(o) ibr G/F such that xk E X, Ic = 0,1,2,. . . i’s associated with x(o). PROOF. Let Xk,, Xk2,. . . be the subsequence of nontransient states in the given admissible state sequence. Define L as the last subindex in the sequence xkl, xk2,. . . if the sequence has finite length; otherwise define L = 00. Note that since F is an admissible state feedback policy, there
B. H. KROGHAND S. KOWALEWSKI
166
is a finite number of nontransient states if and only if the given admissible state sequence has finite length. Moreover, if the admissible state sequence has finite length, the final state in the sequence is nontransient. Define the infinite-length sequence ~0, ~1,. . . by Zl =
xh
forOil
xkr,
for L < 1.
is the sequence of nontransient states extended to an infinite-length sequence Thus, zo,zl,... with a constant value equal to the last nontransient state when the admissible state sequence has finite length. Consider the condition signal x : [0, co) + X defined for I = 0, 1, . . . by z(t) = zl for t E [l, 1 + 1). We claim this condition signal x(o) is a state trajectory for G/F. This follows by observing that the discontinuity points of x(o) are at t = 1,. . . , L, which implies the given admissible state sequence is associated with x(m) as defined in Definition 2.6.
I
Our objective is to design state feedback policies that satisfy specifications on the states that are reached along state trajectories in the closed-loop system, including transient states. Thus, we define the set of reachable states for a closed-loop system G/F, denoted by R(G/F), as follows. DEFINITION 2.7.
Given C/E STS G = (U, V, X, f, x0 ) an d an admissible state feedback policy F, the set of reachable states R(G/F) for G/F is the union of states in all admissible state sequences
for G/F. We conclude this section by showing the set of reachable states R(G/F) the following iterative procedure.
can be computed by
REACH: Given C/E STS G = (U, V, X, f, 20) and state feedback policy F: x0 := (x0) Ic := 0 repeat X”+l := X” u Ic:=k+l until Xk = X”-l R(G/F) := X” end-REACH
a C/E STS terminates.
PROPOSITION 2. Given
procedure
REACH
(UzEXkf(x, g(x),h(., ~1))
G = (U, V, X, f, x0) and a state
feedback
policy
F,
the
PROOF. The proposition follows from the observations that the sequence Xk is monotone increasing with respect to set containment and the set of states X is finite. I PROPOSITION 3. Given a C/E STS G = (U, V, X, f, x0) and an admissible state feedback policy F, the set of states R(G/F) generated by the procedure REACH is the set of reachable states for G/F. PROOF. This proposition follows immediately from Definitions 2.4 and 2.7.
3. FORBIDDEN
STATES
AND
ADMISSIBLE
I
CONTROLS
Our objective is to synthesize state feedback policies that guarantee the plant state for the closed-loop system does not enter a given set of forbidden states, denoted by Xf c X. The problem to be solved is stated formally as the following. DEFINITION 3.1.
forbidden
states Xf
Given a C/E STS G and a set of state feedback policy F such that R(G/F) nXf = 0.
FORBIDDEN STATES PROBLEM (FSP). c X, find an admissible
In general, if there is a solution to a given FSP, the solution is not unique. In this section, we present an algorithm that generates a characterization of all possible state feedback policies that
State Feedback Control solve an FSP in terms of the sets of control
input
167
alternatives that can be applied at each state
of the given C/E STS. Given a C/E STS G = (U,V,X,f,zo), a function Q : X - 2”& defines control alternatives for each state. An admissible state feedback policy F = (g, h) is said to be
DEFINITION
3.2.
in Q (denoted F E @p) if for all x E X, (g(x), h(z))
E Q(x).
Given a C/E STS and a set of forbidden states, the following algorithm generates the control alternatives that characterize all solutions to the FSP (provided the initial state satisfies the condition stated in Theorem 1, below). ADMISSIBLE_CONTROLS: xj
(1 x: x;
Given a C/E STS G = (U. V, X, f, 20) and a set of forbidden states
:= Xf
for each z E Xj Q(x) := u x v, end-for-each k:=O
repeat X’ := 0 for each 5 E X - Xf” @p’“(Z) := ((‘11,u) E u x vo if Q’(x)
1f(z, 21,u) n xf” = 0)
= 0 X’:=X’U{x} Q(x) := u x v,
end-if end-for-each x:+1 := xf” u X’ k:=k+l until X’ = 0 X; ::: Xf” for each x E X - X$ (a(x) := @k(x) end-for-each end-ADMISSIBLE-CONTROLS PROPOSITION 4. Given C/E STS G = (U, V, X, f, x0 ) an d a set of forbidden states Xf c X, the procedure ADMISSIBLE_CONTROLS terminates. PROOF. The proposition follows from the observations that the sequence of sets Xf” is monotone increasing with respect to set containment and the set of states X is finite. I The set of states X; generated by the procedure ADMISSIBLE-CONTROLS is the set of states from which it is impossible to avoid reaching the set of forbidden states Xf under any control action. This fact is stated and proved as the following lemma. x0 ) an d a set of forbidden states Xf c X, Jet Xi > ADMISSIBLE_CONTROLS. If x’ E Xi - Xf . then there exists some K > 0 such that for any control sequence Uk E U, vk E VO, k = 0, 1, . , J: - i, there is a sequence of states xl,. ..,XK, such that xl E f(x',uOrvO),Xk 6 f(~k-lj~k-l~~k-I) for k = 2,. . , K, and xK E Xf.. LEMMA
Xf
1. GivenaC/ESTSG=(U,V,X,f,
be the set of states generated
PROOF.
by procedure
We prove the lemma by proving the following assertion:
if state x’ E Xi - Xf was added
to Xi on iteration k > 0 of the algorithm ADMISSIBLE-CONTROLS, i.e., if x’ E Xs - Xr-lY then the lemma is true for K = k. We prove this assertion by induction on k. Suppose x’ E Xi - Xfo (i.e., k = 1). This implies for all u E U, v E VO, ~(x’,~L,v) n Xf” # 8. Therefore,
168
B. H. KROGH AND S. KOWALEWSKI
for any given uo E U, vo E VO, there exists a state 21 E ~(z’,uo, WO)n Xf”, which implies the lemma is true for K = 1 since Xf” = Xf.
Now, suppose the assertion is true for k = k’ > 1, and - Xfk’, this implies for all u E U, 21E VO,
consider the assertion for k = k’ + 1. If 2’ E X:‘+’ f(z’,
IL,ZI)n Xf”’ # 0. Moreover, since 2’ $ X, ” , it must be the case that for some u E U, u E VO,
f(z’,
21,u) n x?‘-l
= 0, which implies for all u E U, w E VO, f(d,
u,v) n (Xy’ - XF’-‘)
# 8.
Therefore, for any given uo E U, ZIOE VO, there exists a state x1 E f(z’, ~0, ~0) n (Xj’ - X,“‘-l). Since the assertion is assumed to be true for k = k’, for any control sequence uk E U, ‘uk E VO, k = l,..., k’, there exists a sequence of states x2,. . . ,xp+l such that xk E f(xk_1,~k__1,~k_-l) for k = 2,. . . , k’ + 1, and xkf+l E Xf This proves the lemma holds for K = k’ + 1, which proves the induction hypothesis and the lemma.
I
By Lemma 1, if the initial state is in the set X;,
it will not be possible to guarantee a state
trajectory will not enter the set of forbidden states. On the other hand, if the initial state is not in the set X(f, FSP has a solution and all possible solutions are completely characterized by the set of control alternatives generated by the procedure ADMISSIBLE-CONTROLS. These facts are established by the following theorems. THEOREM 1. Given C/E ST’S G = (U, V, X, f, x0) and a set of forbidden states Xf c X, let X; be the set of states and @ the control alternatives generated by procedure ADMISSIBLE-CONTROLS. If x0 E X - X;, any admissible state feedback policy F E @ solves the FSP. Furthermore, if an admissible state feedback policy F E Q, solves the FSP, then x0 E X - Xi. PROOF. Regarding the last statement of the theorem, if F E Cpsolves the FSP, it follows immediately from Lemma 1 that x0 E X - X(f. Now, suppose x0 E X - Xi and that F E @ is an admissible state feedback policy. It must be shown that R(G/F) nXf = 0. We show by induction that for each iteration of the procedure REACH, Xk n X; = 0, which implies the desired result,
since R(G/F)
= X” and Xf C X(f. k = 0:
X0 n X; = {x0} n Xi = 0
(by assumption).
Induction hypothesis: X” n X; = 0 k + 1:
From REACH: Xk+l := X” U
u
f(x,
s(x), f4.7 x))
i XEX”
Since XknX;
= 0 and (g(x), h(z)) E Q(x), for any x E Xk, if x’ E f(x,g(x),
from procedure ADMISSIBLE-CONTROLS
that 2’ $! X;.
. )
h(o, x)), it follows
Therefore, Xk+’ n X; = 0.
I
2. Given C/E STS G = (U, V, X, f, x0) and a set of forbidden states Xf c X, let Xi be the set of states and Q the control alternatives generated by procedure ADMISSIBLE-CONTROLS. The sets of control alternatives Cpgenerated by procedure ADMISSIBLE_ CONTROLS for each state are the maximal sets of controls with respect to set containment which guarantee any admissible state feedback policy F E Q is a solution to the FSP for any x0 EX-XX;. THEOREM
PROOF. Suppose that for some x0 E X - Xi and admissible feedback policy F, there exists a 4 Q. Th is implies from the procedure reachable state x E R(G/F) such that F = (g(a),h(x)) ADMISSIBLE-CONTROLS that f(x, g(x), h(o, x)) n Xi # 0. Therefore, by Lemma 1, F is not a solution to the FSP. I
Thus, in the sense of set containment, the control alternatives generated by procedure ADMISSIBLE_CONTROLS is the maximal solution to a FSP. In contrast to the supervisory control problems formulated in the standard RW framework, there is no notion of a unique maximal control to be applied at each state. Rather, the structure of the C/E STS with the possibility of forcing controls creates a situation analogous to the RW formation with arbitrary control sets considered by Golaszewski and Ramadge [4].
State Feedback Control
169
4. EXAMPLE Consider processes
a tank for liquid material shown in Figure
as it is used for storage or dosing purposes
valve. Both valves can be in only one of two states, open or closed. a heating coil because the stored material can gelatinize at ambient coil has two states,
on (energized)
and 08.
The heating
it is on when the liquid level is below the heating example
in chemical
6. The tank can be filled via an inlet valve and drained
The tank is equipped with temperature. The heating
coil can be damaged
coil. This example
batch
via an outlet
by overheating
is a modified
version
if
of the
in [5,6]. Feed
Valve 1 full
J-5-G
I
’
I
/
medium
Valve 2
D&n Figure 6. Tank example
Figure 7. State graph for tank example.
Figure 7 shows the state graph of the tank model. For simplicity, we assume only one .valve can be operated at a time and control actions (opening/closing of valves or starting/stopping the heating) never happen simultaneously with a change in level range (see Figure 6 for definition of the level ranges). It is possible, however, that one of the valves and the heating coil change states at the same time. The state spill stands for overflow, gel represents the case when the material has gelatinized, oo is the situation when both valves are opened, and burn represents
170
B. H. KROGH
AND
S. KOWALEWSKI
the damaged state of the heating. All other states are named in the following fashion: the first letter describes the state of valve 1: o = open, c = closed; the second does the same for valve 2; the third letter represents the level-range: f = full, m = medium, 1 = low, e = empty; and a fourth letter h shows that the heating is on. At state ~0, the tank is empty, the heater is off, and the valves are closed. Concerning the control of the tank, we assume the following. The valves can be opened and closed by a human operator, but the tank is equipped with an automatic controller which can enable and disable these operations as well as operate the valves automatically. The heating is switched on and off by a supervisory control system so that the tank controller has no influence on it. To represent these assumptions in the C/E model of the tank, the condition input consists of two values: en = enable opening and closing of both valves, and dis = disable opening and closing of both valves. The event inputs are: opvl = open valve 1, clvl = close valve 1; opv2 and clv2 are similar for valve 2. The specific problem is to design a controller for the system described above such that, no matter how and when the operator opens and closes the valves, the process always shows a desired behavior described by the following four specifications: (1) The tank shall not overflow. (2) Both valves shall never be open at the same time. (3) The material shall not gelatinize in the tank. (This failure is possible if the material rests in the tank (both valves closed) and the heating is off.) (4) The heating coil shall not be damaged by overheating. (This can happen if the heating is on for some time while the tank level is low or empty.) It is easy to see that each specification listed above corresponds exactly to one state of the system model: (1) spill, (2) 00, (3) gel, and (4) burn. So, we can formulate the controller synthesis as an FSP and apply the approach introduced in the previous sections. The example nicely motivates a control policy combining condition and event signal feedback and illustrates the resulting phenomena including transient states. First, consider the state ocm in which the tank is being filled and has a medium level. For the controller, it is sufficient to know the state and map it back into a condition signal, g(ocm) = dis, disabling the operator from opening valve 2 and by this preventing a transition to the forbidden state 00. Event signal feedback as a response to a transition to ocm is not necessary: h(*, ocm) = 0. This is different from the situation when the level just reaches the range full. In the model for the open loop system, this corresponds to the spontaneous transition from ocm to ocf (Figure 8 shows a portion of the complete state transition graph). A reasonably designed controller would close valve 1 to prevent overflow in this situation. This means the controller would use the state transition information to force the system into state ccf (illustrated by the dotted arrow in Figure 8) and by this action preempt a spontaneous transition to spill. Forcing is only possible when event signals are fed back. In terms of C/E state feedback policies, the described control behavior corresponds to g(ocf) = en, h(e, ocf) = clwl. In state ccf, however, it is possible that the material will gelatinize (transition to gel). The controller therefore has to react on the transition ocf to ccf again and force the system to cof: g(ccf) = en, h(*, ccf) = opw2. In this case, no preemption by forcing is necessary and it is sufficient to disable the opening of valve 1: g(cof) = dis, h(o,cof) = 0. Figure 9 shows the logical sequence of states in the closed loop system resulting from the control policy described above. It is an admissible state sequence according to Definition 2.4. The transitions to the forbidden states are either disabled (to 00) or preempted (to spill and gel). There are two transient states in this sequence: ocf and ccf. In both cases, the transition leaving the states is forced as a reaction to the transition leading to the state. Figure 10 shows the state trajectory of the closed loop system composed by SEFC. All transient states are eliminated which results in just a spontaneous transition from ocm to cof. The time consumed by the sequence (ocm, ocf, ccf, cof) collapses to an instant.
State
Figure 8. Illustration transitions.
of cause-effect
Feedback
Control
relationship
between
Figure 9. Admissible state sequence ineluding transient states in the closed loop system.
An alternative of h(o,ccf)
to the state
= 0~~2.
This
feedback means
In this case, the spontaneous
feedback
policy
states
could not be applied
ocf and ccf.
this transition
trajectory
resulting
policy above would be to choose h(o, ccf)
because
= opal
in.stead
will open valve 1 as soon as the state
transition
to gel would be preempted, it causes
As soon as the tank becomes
the controller
forcing and forced state
Figure 10. State from SEFC.
the controller
reached.
171
a transient
as before,
cycle consisting
ccf
is
but the
of the two
full, valve 1 will be closed, and as a reaction
will force the opening
of valve 1 which again will result
to
in closing
valve 1, and so on. We now describe feedback
the first iteration the condition spill.
how the procedure
policies for the C/E STS
(k = 0) of the main repeat-untzl
generates
states
Xf
all admissible
= {spill,
loop, the algorithm
that for all states
next state.
This is represented
in which the tank is empty
will find for every state all by Q’(z).
and the heating
gel,
burn, oceh,
Consequently,
cceh, coeh}.
Now, the procedure
are forbidden,
the states
because
is no value of (u,u)
there
leads t,o Xf” = {spill,
represented
which can prevent
the heating
not being in Xf” with Q’(z)
with X;
The first line is for the states those
will determine
that
that a transition
with X; if oceh,
= {spill,
= Xf” and Q(z)
Table
X’ remains
too,
on. This will find
empty
1 shows the resulting
and a@(z).
in X;.
has to be implemented, by Q(z).
= Q’(z).
states,
The third iteration
= 0. Therefore,
00,
cceh, and coeh
from being switched
00, gel, burn, oceh, cceh, coeh, ace, ccc, toe}.
terminates
If a controller
will be started
it
is on, i.e., oceh, cceh,
ace, ccc, and toe have to be added to the set of forbidden
that there are no more states the iteration
the next iteration
s#tates
By doing this,
and coeh, @O(x) = 0 which means there is no value of (u, v) which will guarantee to burn does not occur.
state
00, gel, bzlrm}. In
and event input signal values (u, w) which will not allow any of the forbidden
oo, gel, or burn as a possible
will discover
ADMISSIBLE-CONTROLS
and the set of forbidden
This
we have to choose one unique state feedback
choice is restricted
by the constraint
that
policy from
the state
feedback
B. H. KROGH AND S. KOWALEWSKI
172
Table 1. @a(z) for the example resulting from ADMISSIBLE_CONTROLS. @(spill) = +(oo) = @(gel) = @(bum) = @(oceh) =
*(cceh)
= Q(coeh)
= Q(coe) = *(ax)
= @(toe) =
u x vi @(ocfh) = {(en, clwl), (dis, clvl)} Q(ccfh) = u x vo @(cofh) = {(en, cZw2), (dis, 0), (dis, clwl), (dis, opv2), (dis, cZv2)) @(ocf)
= {(en, clwl), (dis, @(ccf) = {(en, opal), (dis, +(cof) = {(en, cZw2), (dis, +(ocm) = {(en, clwl), (dis,
clwl)} opwl), (en, opw2), (dis, opw2)) 0), (dis, clwl), (dis, opw2), (dis, cZV2)) 0), (dis, opwl), (dis, clwl), (dis, CZw2))
@(ccm) = {(en, opwl), (dis, opwl), (en, opw2), (dis, opw2)) @(corn) = {(en, cZw2), (dis, 0), (dis, clwl), (dis, opw2), (dis, cZw2)) +(ocmh) = {(en, clwl), (dis, 0), (dis, opwl), (dis, clwl), (dis, cZw2)) @(cc&z) = {(en, 0), (en, opwl), (en, clwl), (en, opw2), (en, clw2), (dis, 0), (dis, opwl), (dis, clwl), (dis, opw2), (dis, cZv2)) @(CEO)= {(en,
0), (en, opwl), (en, clwl), (en, opv2), (en, cZ7~2), (dis, 0), (dis, opwl), (dis, clwl), (dis, opw2),
(dis, cZv2)) Q(comh)
= {(en,
cZw2), (dis, 0), (dis, clwl), (dis, opw2), (dis, clw2))
+(ocZ) = {(en, clwl), (dis, 0), (dis, opwl), (dis, clvl), (dis, clw2)) @(ccl) = ((en,
opwl), (dis, opwl), (en, opw2), (dis, 0~2))
+(coZ) = {(en,
cZw2), (dis, cZw2))
O(ocZh) = {(en,
clwl), (dis, 0), (dis, opwl), (dis, clwl), (dis, cZw2))
@(ccZh) = {(en, opwl), (dis, opwl)) +(coZh) = {(en, cZw2), (dis, cZw2)) Table 2. A cycle-free state feedback policy. F(spiZZ)
= F(o0)
= F(geZ) = F(bum)
= F( oceh) = F(cceh)
= F(coeh)
= F(coe)
= F(cce)
=
F(cm) =
{Cd& 0)) F(ocfh)
= {(en, clwl)}
F(ccfh) = {(en, 0)) F(cofh) = {(dis, 0)) F(ocf) = {(en, clwl)} F(4) F(cof)
= {(en, opv2)) = {(dis, 0))
F(ocm)
= {(dis, 0))
F(ccm) = {(en, opvl)) F(com) = {(dis, 0)) F(ocmh) = {(dis, 0)) F(ccrrzh) = {(en, 0)) F(z0) = {(en, 0)) F(comh) = {(dis, 0)) F(ocZ) = {(dis, 0)) F(ccZ) = {(en, opwl)} F(coZ) = {(en, cZw2)) F(ocZh)
= {(dis,
0))
F(ccZh)
= {(en,
opwl)}
F(coZh)
= {(en,
cZw2))
policy has to be free of transient cycles. Table 2 shows an example for a cycle-free state feedback policy. Here, the additional criterion was applied that event feedback shall be omitted whenever disabling of transitions by condition signal feedback is sufficient. We note that the state feedback policy in Table 2 leads to a cycle in which valve 1 is open until the tank is full, then valve 2 is open until the tank is emptied, and so on. The operator is not allowed to intervene once this
State Feedback
cycle is reached. assume
This is due to the simplifying
the controller
immediately
is not able to disable
in case it is turned the controller
the heater.
upon reaching
made in the model.
cannot
allow the operator
Eliminating
might
the empty
to avoid damaging
to interrupt
assumptions
for a more ‘complex system
we
This implies the tank must be emptied state
be turned
or enabled
the emptying
off; and the
together,
the heater
which means
or filling process
the other valve would also have to be enabled, these
In particular,
since the heater
on. We also assume the valves are disabled
the open valve because 00 st,ate.
173
assumptions
once it is full to avoid gelatitiizing,
tank must be refilled immediately
Control
by closing
allowing a transit,ion
would lead to a more realistic
feedback
to the
cont,rol policy
model.
5. CONCLUSIONS This
paper
C/E
systems.
tion
(SEFC)
presents
the formulation
A new feedback is introduced
set of state
trajectories
for closed-loop The difference
sequence responses
composition
The
state
servability framework, specifications
systems
and events,
C/E systems
of the SEFC feedback and observer
in practical
policies
can be measured.
is synthesis
the complete
of supervisory
for the closed-loop
solut,ion are suggested
controllers
for C/E systems
for general
of transition:;
and
above, whereas the feedback
The
constraints
feedback
for the example
developed
The
an instantaneous
loops as instantaneous
the state
composi-
systems.
and Krogh
loops in continuous-state are illustrated
for
from the trajecto-
reflects
of the sequence
system as described
design have not been completely
but steps toward
of Sreenivas
applications
assume
is different
problem
feedback
in practical
is that, the SEFC
views event feedback
control
event
control
under the SEFC
as an idealization
similar to algebraic
feedback
the sequential
using the algorithm
that would occur in a physical
for general
future research
composition,
between the approaches
of transitions
the set of valid trajectories, implications
systems
of a state
the effect of forcing
for closed-loop
rics obtained
control
system
to represent
C/E systems. causal
and solution
The
in Section
4.
problems
for the general in [7]. Another
on
systems. of stat{:
ob-
C/E system direction
to satisfy sequential
for
control
system.
REFERENCES I. P.J. Ramadge and W.M. Wonham, Supervisory control of a class of discrete event processes, SIAM .J. Control Optim. 25, 206-230 (1987). 2. R.S. Sreenivas and B.H. Krogh, On condition/event systems with discrete state realizations, Dzscrete Event Dynamic Systems: Theory and Applications 1, 209-236 (1991). 3. B.H. Krogh, Condition/event signal interfaces for modeling and analysis of hybrid systems, In proc. 8’” International Symposium on Intelligent Control Systems, Chicago, IL, June 1993, pp. 180-185. 4. C.H. Golaszewski and P.J. Ramadge, Control of discrete event processes with forced events, In Proc. 2eh Con& on Decision and Control, Los Angeles, CA, December 1987, pp. 247-251. 5. S. Kowalewski and H.-M. Hanisch, Permissive control of Boolean condition/event systems: Synthesis and limits, In Preprints gth International Symposium on Intelligent Control, Columbus. OH. August 1994, pp. 118--123. G. H.-M. Hanisch and S. Kowalewski, Algebraic synthesis and verification of discrete supervtsory controllers for forbidden states specifications, In Renssellaer’s 4 th Int. Conf. on Comp. Integrated Manufacturznq and Automation Technology, Troy, NY October 1994, pp. 157~162. 7. S. Kowalewski, Synthesis of static controllers for forbidden states problems in Boolean C/E systems using the Boolean differential calculus, In 11 th Internatzonal Conference on Analysis and Optimzzation of Systems, Sophia-Antipolis. France, June 1994, LNCIS 199, pp. 122-128, Springer-Verlag, London, f 1994).