- Email: [email protected]
Toward an Implementation of Recovery Procedures for FMS Supervision
Copyright © IFAC Information Control in Manufacturing, Nancy - Me1z, France, 1998
TOWARD AN IMPLEMENTATION OF RECOVERY PROCEDURES FOR FMS SUPERVISION
P. Berruet, A.K.A. Toguyeni, S. Elkhattabi, E.Craye.
Laboratoire d'Automatique et d'Informatique Industrielle de Lille (L.A.I.L.), (URA_CNRS D 1440), Ecole Centrale de Lille, B.P. 48, 59651 Villeneuve d'Ascq Cedex, France Tel: (33/0)32033 54 16, Fax: (33/0)320335418 email: [email protected]
Abstract: This paper first specifies Recovery and gives some trends about Recovery strategies. Then, it focuses on Reconfiguration. Several reactivity levels are defined according to the failure impact, flexibilities reserved during the exploitation phase, and flexibilities corresponding to the whole potentialities of the architecture. These enable to know if the FMS can react with its current configuration, or if its configuration has to be changed to go on with the production, or if the production has to be changed to maintain FMS availability. The Recovery procedures are implemented through a model named Operational Accessibility Graph, that has been emphasized by the definition of new attributes and methods. Some algorithms, based on the graph theory, are presented. Copyright © 1998IFAC Keywords: Recovery, Supervision.
Reconfiguration,
Graphs,
Flexible
Manufacturing
Systems,
It is organized as follows. After the definition of Recovery including some strategies in section 2, the modeling by operational accessibility graph is introduced in section 3. New features emphasizing the model are also detailed in the same section. Section 4 refers to the model exploitation for Recovery and especially for Reconfiguration.
1. INTRODUCTION Flexible Manufacturing Systems (FMS) are specific Manufacturing Systems. They are Discrete Event Systems (DES), that include flexibility notion, which is characterized by the capability and the speed of adapting to new situations (Ranky, 1990). Our Supervision approach is different from the Supervisory Control (Ramadge and Wonham, 1987; Charbonnier, et aI., 1995; Niel, et aI., 1996). Supervision is independent from Control Part. The aim of Supervision is to give parameters to Control Part in order to perform, in the best conditions, production planning (Berruet, et aI., 1997a). Supervision fulfiIls functions like Monitoring, Piloting, Working Modes' Management.
2. CONTEXT
2.1 Definitions Recovery notion of automatic field is a borrowed term from computer field. It comes from error recovery concept, first introduced by Laprie, et al. (1995). From control part point of view, this notion induces several actions' types: • freezing and error confining: Control is set in a state as it can not propagate a diagnosed failure; • resumption: A Control procedure is established to enable to resume from the failure point; • continuation: treatment is carried on at a point set below the suspended point; • reconfiguration: Control is reorganized to adapt itself to a new operating part configuration.
The architecture is supposed to be tolerant (Berruet, et aI., 1997b). So FMS has the potentiality to be reconfigurable. Control Part takes into account FMS flexibilities, that are considered as potentialities in the set of possible controls. But the Control Part remains non deterministic and does not decide about FMS configurations. This paper focuses on Recovery and especially on Reconfiguration based on the hypothesis of complete failures.
Recovery is classically considered as a monitoring function. It operates after the detection and the diagnosis of failures of some FMS elements. It establishes some strategies in order to maintain 909
security and to increase the FMS dependability. In other words, Recovery determines the new state to be reach for the FMS. It decides about FMS resources and products present in the system. It provides a service continuity with reduced performances after the failure of some FMS elements.
..-J IProduction
Decision
2.3 Recovery strategies First, Recovery deals with FMS safety. It can request an emergency stop or some material withdrawal. Then it waits for Piloting to process the case of parts in the system during the failure appearance. After that, Recovery tries to deduce an optimal working for the system. It tries to correlate Product priority and Availability priority. The first option is to go on with the current production. If the FMS is now manufacturing a product, this means that the current product has a great importance for the factory. So the batch has to be finished as far as it is possible. If it is really impossible to go on with the production, the last option is to change production according to Production Management.
Failures are considered as unexpected and complete on resources chosen by scheduling. The failure induces a scheduling malfunction.
The strategy to go on with the production can be carried out considering alternately three cases: 1. stop time due to the failing resource repair is smaller than the margin left; 2. active redundancies enable to go on; 3. passive redundancies enable to go on.
Piloting is requested when a failure appears in order to manage transition up to the definition of a new scheduling for parts that have to be manufactured form here to the end of the production horizon. (Fig. 2)
In the first case, Recovery proposes to stop the failing resources and to resume the production with them after their reparation. In the second case, it proposes possible paths in the FMS architecture using the «reserved resources» before the failure happening. In the third case, it proposes possible paths in the FMS architecture using all «available resources ». The results are sent to the piloting module that can accept or reject them.
So Piloting assumes evacuation of parts already in the FMS, and the admission of new parts to be performed according to production ratios established by the scheduling before the failing.
~ - Down time
--
Act or Nack of propos;~i,!flS by DtclSlon
..
'
I _ Passive
","
Resouro::s
ktpleSlS to run" on passivt \
"
~
./'
./
Functioning mode of
The following of the paper focuses on the two last cases. The approach is carried out through a model named Operational Accessibility Graph (OAG).
1hc failing resource
propositions 11\' Modes MaflQger
" "
+~
Rccoftry
1 ,
I
/
- Critical fault
I
'I
, \
Working Modes
Management (Sutes of resources)
/
"" A d,,': or Nod: of
rtsourcts
• A function failw-c
",,,,,-
,.
Ad or Nod: of propositions ~. Piloling
...
Scheduling 2 computation
With the type of failures described above, the recovery will be implemented by reconfiguration procedures.
The study is based on a deterministic and cyclic scheduling (Korbaa, et al., 1998). On a given horizon, for each part at the FMS entry is performed a temporal and spatial assignment of machining and transport resources. The path of each part in the FMS architecture is completely established at the entry. Piloting is of no use in this case.
~,
I
Fig. 2. Piloting use In the context of cyclIc deterministic scheduling.
2.2 Hypothesis
.
L.
Production with Production with Piloting scheduling 2
with scheduling 1
The implementation of such function often requires coordinate actions of MonitoringlRecovery, Working Modes' Management and Piloting modules (Fig. 1). The Working Modes' Management module has information about working states (Idle, Preparation, Production, ... ), and operating states (Normal, Degraded, Out of order) of each FMS level (Toguyeni, et al., 1996). This module set inactive the control of an out of order system. It also assumes the tactical reconfiguration by the management of transitional resources states between the actual situation to the objective established by Recovery. Piloting module raises indeterminismes left.
decision
Production with detenninistic scheduling
3. THE OPERATIONAL ACCESSIBILITY GRAPH MODEL
I • Opcn1ioa Down
Tames
The OAG is a model of Operating Part. It is expressed as a graph, whose nodes are the operations performed by system's resources and whose oriented arcs represent the accessibility and preceding relationships between operations. (Fig. 3)
• New opcnIing debys for a dep'adcd mJdc
• Added opcntiom • Proposition of a straaeglC
3.1 General presentation FIg. 1. Interaction between Recovery, Working Modes' Management and Piloting.
Function, operation, and node-operation concepts The concept of function is introduced here with the point of view of production. So, a function is defined as a service delivered by a system. Here, the system is
910
same resource (polyvalent resource) are grouped in a Node-operation. In fact, the nodes of OAG are Nodeoperations.
the FMS. So, different machining or transport functions are considered.
Attributes To implement the OAG model, the authors have defined two types of objects: operation object and node-operation object. A node-operation object is a composite object. It is composed by operation objects. Let us emphasize that there is no object linked to function concept. General attributes has been defined for each type of object (Berruet, et al., 1997a, b). These attributes are useful for off-line studies of the FMS properties with regards to dependability.
Fig. 3. An example of OAG.
Attribute "Function" gives information about the function implemeted by an operation (Fig. 4).
An operation is a resource function considered when the resource is a component of the FMS. Several types of operations are considered: • A transfer operation enables a part to change from physical area. It is achieved by transport system elements; • A machining operation performs a manufacturing function on a part in the manufacturing resource area; • A stocking operation is defined from a physical area that can receive one or more products, that do not undergo any machining.
For example, "Function" can take as value {Transfer Al -> A2} for an elementary transfer operation from A1 to A2 by a robot RI. It can take as value {Screw cutting L, D} for an operation of screw cutting on a milling center M 1.
Others attributes are directly attached to nodeoperation object. They are induced on operations belonging to the node. Some are updated according to information coming from external models. Other are updated according to changes among other operations features. That is carried out thanks to the graph representation chosen for the model. This enables to use path determination, based on the graph theory.
The atoms for the distinction of component parts are named operations. These are operations that, as soon as they are started, there is no way to operate on the part until the end of the operation. This behavior is assumed only for the normal working mode.
Two main attributes Accessible and Block.
:
~ A
introduced:
Accessibility from the entry (Acc.f.E.) enables to know if there is a path from the entry to the node. This is a necessary condition for asking an operation completion. It is also a necessary condition for the performing of a logical operating sequence. If a node is not in elementary accessibility, it can not receive any part. Therefore it can not participate in the completion of an operating sequence.
Referring to definitions above, a function can be seen as a set of operations. Operation implements a function. When this set is empty, the system is not able to fulfill the service any more (Fig. 4). It is important to notice that the failing of a machining operation may not induce the disappearance of the corresponding machining function if there are other operations that implement this function. ,
been
Attribute "Accessible" gives information about the accessibility properties of a node. Two types of accessibility are studied: Accessibility from the entry and Accessibility toward a logical sequence.
So, operations are defined at resources level. Functions are defined at the whole system level. However, several resources can perform the same function in an FMS. At different dates, one or the other of these operations can implement the considered FMS function.
Functions
have
A logical sequence is a set of partially ordered machining functions that are applied to a family of part (Ausfelder, et ai., 1994). Consequently, accessibility toward a logical operating sequence concerns only machining nodes. A machining node is said to be in accessibility toward a logical operating sequence if this node can be reached from a machining node implementing the previous machining function in the logical operating sequence.
Dode-operatiO; operation An
::::::::·W::::::::J:::::::f::£~-:~:D±~~~~OD::
Fig. 4. Relation between operations and functions.
This kind of accessibility determines if the considered machining operation can participate in the completion of a logical operating sequence. It also enables to know if the FMS can fully or partly achieve a logical sequence.
A Node-operation is composed of one or more operations. Grouping rules have been established. For machining operations, operations performed on the
Attribute "Block" indicates if the node is blocking to the exit (Blk.t.E), that means if the following operations irreparably lead the product to requesting
f4
~
.. RI
$-.
.. R2
~ .. .
R3
~
.. . R4
. Resources
911
Example: For a machining node-operation Op 1: Milling center on Ml constituted of 4 operations (Gpl-l: Screw cutting. LJ. DJ on Ml, 0Pl-2: Screw cutting, 12. D2 on Ml, 0pl.3: Straightening U. /3 on Ml and 0Pl4: Straightening lA. /4 on MJ), the methods delineated before give the following results: • "Potential operations" {Opl-l, Opl-2, 0Pl-3, 0pl4}; • "Possible operations" = {Opl-l, 0Pl-3, Opl4} if a tool is broken; • "Reserved operations" = {Opl-l, Opl-3, 0pl4} if these operations are selected to participate to the completion of the logical operating sequence; {Opl.d if the machining resource is "Used operation" currently performing this operation.
a failing operation. It indicates if a part at a node of the graph will be able to be evacuate from the FMS.
3.2 Specific attributes & methods addedfor Recovery
=
In this section, new attributes are added in order to adapt the OAG to be used during the FMS exploitation. Let us first define the attribute Operation state that only concerns operations. It gives information about the state of an operation from Monitoring and Working Modes Management point of view. According to the hypothesis of complete failure, it can take two values: {Normal} or {Out of order}.
=
The link between the results of the methods is as follows: "Possible operations" takes all values of "Potential operations" except for operations, attribute "Operation state" of which is at {Out_of_order}. "Reserved operations" contains all or a part of operations listed in the attribute "Possible operations" .
To take into account the fact that not all FMS flexibilities are used during the exploitation, the model has be emphasized by the definition of new features (attributes and methods). The following attributes concern all operations.
By analogy, some features concerning the machining functions at FMS (respectively machining nodeoperation) level are defined. "Potential machining functions" gives the set of machining functions the FMS (respectively the machining node-operation) is designed for. "Possible machining functions" gives information about the machining functions the FMS (respectively the machining node-operation) can currently complete, according to the failing of some of its elements. "Reserved machining functions" takes as values the set of machining functions implemented for a given configuration.
Attribute Reserved is set to {true} if the operation is chosen to contribute to an FMS production. The difference between a possible non-reserved operation and a reserved operation is that, in the first case, the resource performing the operation has to be set in production mode before the requested operation becomes available. Attribute Used indicates if the operation is currently active in the node-operation. For nodes-operations, composed of operations, methods are defined. They give information about the "Potential operations", "Possible operations", "Reserved operations" and "Used operation" that compose the node-operation.
The method to determine the value of "Possible machining functions" for the FMS (respectively the machining node-operation) is the following: •
"Potential operations" gives the set of all operations, that compose the node-operation. "Possible operations" gives information about the operations still available when the node-operation is functionally degraded. It takes as values the oonfailing operations that compose the node-operation. This information is obtain by listing the attribute "Operation_state" of each operation that composes the node-operation.
For "Reserved machining functions" determination method is nearly similar. 4. MODEL EXPLOITATION FOR FMS RECONFIGURATION
4.1 Principle
operation
The OAG enables to determine: • if there is a possibility for the FMS to go on with the current production: if there is a path in the OAG, including nodes-operations containing operations that respectively take contribution in the completion of the functions that composed the logical operating sequence; • if some resources have to be set in production mode: if some non-reserved but possible operations have to be used to complete to logical operating sequence; • the path. a part can follow to complete its logical operating sequence: the sets of possible controls.
faili~ible
Nonres~ed
~
Not used
The non-Blk.t.E. and Acc.f.E. operations {Opi} of the FMS (respectively the machining node-operation), attribute "Operation_state" of which is at {Nonnal} are listed. For each Opi, the value of attribute "Function" is considered. "Possible machining function" contains the union of all the machining functions founded.
used
Fig. 5. Acceptances for an operation. For a node-operation, "Reserved operations" gives information about the operations chosen in a given configuration of an FMS.
"Used operation" takes as value the operation currently active in the node-operation.
912
Algorithm 1: Determination of paths existence in the OAG.
This information is given to Working Modes' Management (case of point 2) and to Piloting (case of point 3).
BEGIN ANBf1 .. .fn 0~ loop 1: For each function fj do
=
The principle is the following, considering that the FMS has to perfonn the logical operating sequence
Establish ANBfj = set of nodes in Acc.fE.. non- Blk.t.E. that are allowed 10 perform fj; Set {h} in the attribute "Accessible" of each element of ANBh; Loop 2: For each element NOpx ofANBfj do
fb···,fn. 1.
2.
3. 4. 5.
6.
7.
The GAG enables to know if there are "Reserved" operations left, that are accessible and nonblocking from fh... ,fn point of view. In case of null result, the procedure is considered again with "Possible" operations. In case of negative result, the production has to change or the system has to be stopped. A new scheduling calculation is requested. It is off line performed. During this time, the GAG enables to determine all the paths in FMS architecture in order to complete fl, ... ,fn' The different paths are sent to Piloting, that evaluates them in order to choose one according to some criteria such as production time, quality nature and Tolerance (Berruet, et ai., 1997b). When the scheduling computation is finished and validated, it is applied.
If there is a path between an element of ANBf1 ...fj-l and NOp,,; then Begin Set {f1,... Jj-l,fj} in the attribute "Accessible" of N0Px; (* i.e.: NOp,,; E ANBf1 ...fj *) End
End Loop 2 End Loop 1
H ANB/J.. .fn ;r!: 0 then set the attribute "Accessible" of Ihe exit node at {/J•... ,fn}; END.
The algorithms are based on the concepts developed in (Berruet, et aI., 1997a). The machining nodeoperations are listed and their attribute "Accessible" is updated in order to know if these nodes can take contribution in the achievement of a logical sequence. That means that, for machining node-operation NOPi that takes contribution in performing the function fk , there is a path from the entry node to NOPi including machining nodes-operations that respectively take contribution in performing f t to fk- t • Moreover, there exists at least a path from NOPi to the exit node. So this algorithm gives the nodes that can be used to determine the path.
According to this procedure, several levels of reactivity can be established: Ll: Some used operations disappeared. Reserved functions are not altered. Reserved operations are accessible and not blocking from fb ... ,fn point of view. L2: Some used operations disappeared. Reserved functions are not altered. At least one "Reserved" operation is not accessible or blocking from f t , ••• ,fn point of view. L3: Some used operations disappeared. Some reserved functions disappeared. Possible functions are not altered. Possible operations are accessible and not blocking from fb ... ,fn point of view. L4: Some used operations disappeared. Some reserved functions disappeared. Possible functions are not altered. One or more Possible operations are non-accessible or blocking from fb ... ,fn point of view.
This algorithm has been modified and accepts in input, for each node-operation, the functions this node takes contribution in the completion. So, it can be used with several initializations. (Algorithm 1) Algorithm 2: Determination of paths in the OAG. BEGIN SPfl ...fn-1 = set of nodes-operations attribute "Accessible" of which has got {fl,...,fn-l} ~ i = n-l; Loop 1: Establish SPfl .. .fi-l set of nodes-operations attribute "Accessible" of which has got {fl,...,fi-d; Loop 2: For each element NOpi,k of SPft ...fi do Loop 3: For each element NOPi-l.j of SPfl ...fi-l do if there is a path from NOPi-l.j and NOpi.k then Establish the set of paths (Wi-U ) from NOpi-l.j to NOpi,k using the Depth-first Search procedure considering NOpi-l.j successors from which NOpi.k is still accessible and that a node may be used once in a path;
Establish
=
In case L1, Recovery procedure is to determine paths using the reserved operations. In case L2, Recovery procedure considers possible operations. It jumps to case L3 or case U. In case L3, Recovery procedure is to request the possibility of a production mode for the concerning resources (that implement the non-reserved but possible operations) and to determine paths using possible operations. After Piloting choice, Recovery requests the production mode for the chosen resources.
else Remove NOPi-lj from SPf) ...fi-l; End Loop 3 End Loop 2 i := i-I; End Loop 1 Concatenate the founded pieces of paths in W 1.2 to W n-l.n whose termination node is the same as the starting node of the other. END.
In case U, Recovery procedure informs the Planning for a production change.
Another algorithm (Algorithm 2) determines the feasible paths in the OAG. It gets in entry the graph structure with the nodes it has to take in consideration (Acc.f.E, non-Blk.t.E., reserved, possible). It also gets from algorithm 1 the possible machining nodes to be used in order to build up the paths. This
4.2 Algorithms In this part, algorithms are briefly presented. They enable to implement the procedures delineated in the previous part.
913
algorithm is based on the Depth-first Search (Tarjan, 1972). It begins with the end of the path (nodes taking contribution in performing the function fn) because, according to results of algorithm 1, there exists at least a preceding node, taking contribution in performing fn- 1 from where the nodes are accessible.
• • •
The decision algorithm could be emphasized by taking into account the case of resource stop and repair. Further work will be to develop integration with the Control Part (i.e. to study the data flow transmitted to the Piloting and to clearly define links with production Management).
For these algorithms, the existence of path between two nodes can be established by the computation of the transitive closing of the oriented graph, that is once calculated using the Warshall algorithm.
The general procedure, used implementation, is the following:
for
the FMS can react with its current configuration; its configuration has to be changed to go on with the current production; the production has to be changed in order to maintain FMS availability.
The method developed here is centralized. At the scale of a whole plant, the model may become complex. It will be interesting to study the distribution of the method, too.
Recovery
A. The nodes in Acc.f.E and non-Blk.t.E are detennined from the reserved operations of the OAG. (named: Set ANBR). B. The set of "Reserved functions" at FMS level is established. 1) If this set contains all the functions of the logical operating sequence, then a) For each machining node of ANBR, the functions the machining node-operation can implement is established by the method "Reserved functions"; b) run Algorithm 1 with this initialization; c) If there exists a path (case Ll) then i) run Algorithm 2; ii) treat case Ll; iii) exit. d) if not (case 12) goto C. 2) If not goto C. C. Recovery lists all the non-reserved operations and negotiates with the Maintenance module in order to know if the considered resources can be set in production mode. D. The nodes in Acc.f.E. and non-Blk.t.E. are detennined from the possible operations of the OAG. (named: Set ANBP). E. The set of "Possible functions" at FMS level is established. 1) If this set contains all the functions of the logical operating sequence, then a) For each machining node of ANBP, the functions the machining node-operation can implement is established by the method "Possible functions"; b) run Algorithm 1 with this initialisation; c) If there exists a path (case L3) then i) run Algorithm 2; ii) treat case L3; iii) exit. d) if not (case lA) goto F. 2) if not goto F F. Recovery informs Planning for a possible production change.
REFERENCES Ausfelder, C. , E. Castelain and J.C.Gentina. (1994). A method for hierarchical Modelling of the Command of Flexible Manufacturing Systems, IEEE TRANS. On "Systems, Man, and Cybernetics", Ed. A.P. Sage, Vol. 24, n04, pp. 564573. Berruet, P., A.K.A. Toguyeni, S. Elkhattabi, E. Craye (1997a) A process modelling for Supervision in FMS Operational Accessibility Graph, CACSD'97-IFAC, pp 225-230, Gent. Berruet, P., A.K.A. Toguyeni, S. Elkhattabi and E. Craye (1997b). Characterisation of Tolerance in FMS, 15th IMACS world congress, pp 409-414, Vol. 2, Berlin. Charbonnier, F., H. Alla and R. David (1995). The Supervised Control of Discrete Event Dynamic Systems: A New Approach. In: IEEE, 34th Conference on Decision & Control, Dec. 1995, pp 913-920, New Orleans. Korbaa, 0., H.Camus and J.C.Gentina. (1998). FMS Cyclic Scheduling with Overlapping production cycles, ICATPN'98, workshop on Petri nets and Manufacturing, Toulouse. Laprie J.C et al. (1995). Guide de la surete de fonctionnement, Cepadues-Editions, Toulouse. Niel, E., N. Rezg, M. Nourelfath and S. Boukhobza (1996). Supervisory CO,ntrol in the context of Operational Safety Reactivity, In: CESA '96 IMACS, Symp. on Discrete Event and Manufacturing Systems, pp.746-751, Lille. Ramadge, P.J. and W.M. Wonham (1987). Supervisory control of a class of dicrete event processes, SIAM, Journal on Control and Optimization 25(1), pp 206-230. Ranky, P. (1990) Aexible Manufacturing Cells and Systems in CIM, CIMware Ltd, Guildford, U.K. Tarjan R. (1972), Depth-first Search and Linear graph Algorithms, Siam J. computing 1. Toguyeni, A.K.A., S. Elkhattabi and E. Craye (1996). Functional and/or Structural approach for the Supervision of Flexible Manufacturing Systems. In: CESA '96 IMA CS, Symp. on Discrete Event and Manufacturing Systems, pp.716-721, Lille.
5. CONCLUSION The Recovery strategies presented in this paper take into account some criteria such as product priority and availability priority. This enables to define four levels of reactivity for Recovery procedures, according to the failure impact, the potentialities of FMS resources and configurations' options considered during the FMS normal working mode. The implementation of these procedures is based on a model named OAG. The modelling takes now into account, not only the flexibilities corresponding to the whole potentialities of the architecture, but also a restriction of this set that is: the flexibilities reserved during the exploitation phase. The information is stored through attributes "Reserved" and "Used" of GAG elements. Some methods are defined to collect information about "Potential operations", "Possible operations", "Reserved operations" and "Used operation" . Algorithms presented enable to know if:
914
TOWARD AN IMPLEMENTATION OF RECOVERY PROCEDURES FOR FMS SUPERVISION
P. Berruet, A.K.A. Toguyeni, S. Elkhattabi, E.Craye.
Laboratoire d'Automatique et d'Informatique Industrielle de Lille (L.A.I.L.), (URA_CNRS D 1440), Ecole Centrale de Lille, B.P. 48, 59651 Villeneuve d'Ascq Cedex, France Tel: (33/0)32033 54 16, Fax: (33/0)320335418 email: [email protected]
Abstract: This paper first specifies Recovery and gives some trends about Recovery strategies. Then, it focuses on Reconfiguration. Several reactivity levels are defined according to the failure impact, flexibilities reserved during the exploitation phase, and flexibilities corresponding to the whole potentialities of the architecture. These enable to know if the FMS can react with its current configuration, or if its configuration has to be changed to go on with the production, or if the production has to be changed to maintain FMS availability. The Recovery procedures are implemented through a model named Operational Accessibility Graph, that has been emphasized by the definition of new attributes and methods. Some algorithms, based on the graph theory, are presented. Copyright © 1998IFAC Keywords: Recovery, Supervision.
Reconfiguration,
Graphs,
Flexible
Manufacturing
Systems,
It is organized as follows. After the definition of Recovery including some strategies in section 2, the modeling by operational accessibility graph is introduced in section 3. New features emphasizing the model are also detailed in the same section. Section 4 refers to the model exploitation for Recovery and especially for Reconfiguration.
1. INTRODUCTION Flexible Manufacturing Systems (FMS) are specific Manufacturing Systems. They are Discrete Event Systems (DES), that include flexibility notion, which is characterized by the capability and the speed of adapting to new situations (Ranky, 1990). Our Supervision approach is different from the Supervisory Control (Ramadge and Wonham, 1987; Charbonnier, et aI., 1995; Niel, et aI., 1996). Supervision is independent from Control Part. The aim of Supervision is to give parameters to Control Part in order to perform, in the best conditions, production planning (Berruet, et aI., 1997a). Supervision fulfiIls functions like Monitoring, Piloting, Working Modes' Management.
2. CONTEXT
2.1 Definitions Recovery notion of automatic field is a borrowed term from computer field. It comes from error recovery concept, first introduced by Laprie, et al. (1995). From control part point of view, this notion induces several actions' types: • freezing and error confining: Control is set in a state as it can not propagate a diagnosed failure; • resumption: A Control procedure is established to enable to resume from the failure point; • continuation: treatment is carried on at a point set below the suspended point; • reconfiguration: Control is reorganized to adapt itself to a new operating part configuration.
The architecture is supposed to be tolerant (Berruet, et aI., 1997b). So FMS has the potentiality to be reconfigurable. Control Part takes into account FMS flexibilities, that are considered as potentialities in the set of possible controls. But the Control Part remains non deterministic and does not decide about FMS configurations. This paper focuses on Recovery and especially on Reconfiguration based on the hypothesis of complete failures.
Recovery is classically considered as a monitoring function. It operates after the detection and the diagnosis of failures of some FMS elements. It establishes some strategies in order to maintain 909
security and to increase the FMS dependability. In other words, Recovery determines the new state to be reach for the FMS. It decides about FMS resources and products present in the system. It provides a service continuity with reduced performances after the failure of some FMS elements.
..-J IProduction
Decision
2.3 Recovery strategies First, Recovery deals with FMS safety. It can request an emergency stop or some material withdrawal. Then it waits for Piloting to process the case of parts in the system during the failure appearance. After that, Recovery tries to deduce an optimal working for the system. It tries to correlate Product priority and Availability priority. The first option is to go on with the current production. If the FMS is now manufacturing a product, this means that the current product has a great importance for the factory. So the batch has to be finished as far as it is possible. If it is really impossible to go on with the production, the last option is to change production according to Production Management.
Failures are considered as unexpected and complete on resources chosen by scheduling. The failure induces a scheduling malfunction.
The strategy to go on with the production can be carried out considering alternately three cases: 1. stop time due to the failing resource repair is smaller than the margin left; 2. active redundancies enable to go on; 3. passive redundancies enable to go on.
Piloting is requested when a failure appears in order to manage transition up to the definition of a new scheduling for parts that have to be manufactured form here to the end of the production horizon. (Fig. 2)
In the first case, Recovery proposes to stop the failing resources and to resume the production with them after their reparation. In the second case, it proposes possible paths in the FMS architecture using the «reserved resources» before the failure happening. In the third case, it proposes possible paths in the FMS architecture using all «available resources ». The results are sent to the piloting module that can accept or reject them.
So Piloting assumes evacuation of parts already in the FMS, and the admission of new parts to be performed according to production ratios established by the scheduling before the failing.
~ - Down time
--
Act or Nack of propos;~i,!flS by DtclSlon
..
'
I _ Passive
","
Resouro::s
ktpleSlS to run" on passivt \
"
~
./'
./
Functioning mode of
The following of the paper focuses on the two last cases. The approach is carried out through a model named Operational Accessibility Graph (OAG).
1hc failing resource
propositions 11\' Modes MaflQger
" "
+~
Rccoftry
1 ,
I
/
- Critical fault
I
'I
, \
Working Modes
Management (Sutes of resources)
/
"" A d,,': or Nod: of
rtsourcts
• A function failw-c
",,,,,-
,.
Ad or Nod: of propositions ~. Piloling
...
Scheduling 2 computation
With the type of failures described above, the recovery will be implemented by reconfiguration procedures.
The study is based on a deterministic and cyclic scheduling (Korbaa, et al., 1998). On a given horizon, for each part at the FMS entry is performed a temporal and spatial assignment of machining and transport resources. The path of each part in the FMS architecture is completely established at the entry. Piloting is of no use in this case.
~,
I
Fig. 2. Piloting use In the context of cyclIc deterministic scheduling.
2.2 Hypothesis
.
L.
Production with Production with Piloting scheduling 2
with scheduling 1
The implementation of such function often requires coordinate actions of MonitoringlRecovery, Working Modes' Management and Piloting modules (Fig. 1). The Working Modes' Management module has information about working states (Idle, Preparation, Production, ... ), and operating states (Normal, Degraded, Out of order) of each FMS level (Toguyeni, et al., 1996). This module set inactive the control of an out of order system. It also assumes the tactical reconfiguration by the management of transitional resources states between the actual situation to the objective established by Recovery. Piloting module raises indeterminismes left.
decision
Production with detenninistic scheduling
3. THE OPERATIONAL ACCESSIBILITY GRAPH MODEL
I • Opcn1ioa Down
Tames
The OAG is a model of Operating Part. It is expressed as a graph, whose nodes are the operations performed by system's resources and whose oriented arcs represent the accessibility and preceding relationships between operations. (Fig. 3)
• New opcnIing debys for a dep'adcd mJdc
• Added opcntiom • Proposition of a straaeglC
3.1 General presentation FIg. 1. Interaction between Recovery, Working Modes' Management and Piloting.
Function, operation, and node-operation concepts The concept of function is introduced here with the point of view of production. So, a function is defined as a service delivered by a system. Here, the system is
910
same resource (polyvalent resource) are grouped in a Node-operation. In fact, the nodes of OAG are Nodeoperations.
the FMS. So, different machining or transport functions are considered.
Attributes To implement the OAG model, the authors have defined two types of objects: operation object and node-operation object. A node-operation object is a composite object. It is composed by operation objects. Let us emphasize that there is no object linked to function concept. General attributes has been defined for each type of object (Berruet, et al., 1997a, b). These attributes are useful for off-line studies of the FMS properties with regards to dependability.
Fig. 3. An example of OAG.
Attribute "Function" gives information about the function implemeted by an operation (Fig. 4).
An operation is a resource function considered when the resource is a component of the FMS. Several types of operations are considered: • A transfer operation enables a part to change from physical area. It is achieved by transport system elements; • A machining operation performs a manufacturing function on a part in the manufacturing resource area; • A stocking operation is defined from a physical area that can receive one or more products, that do not undergo any machining.
For example, "Function" can take as value {Transfer Al -> A2} for an elementary transfer operation from A1 to A2 by a robot RI. It can take as value {Screw cutting L, D} for an operation of screw cutting on a milling center M 1.
Others attributes are directly attached to nodeoperation object. They are induced on operations belonging to the node. Some are updated according to information coming from external models. Other are updated according to changes among other operations features. That is carried out thanks to the graph representation chosen for the model. This enables to use path determination, based on the graph theory.
The atoms for the distinction of component parts are named operations. These are operations that, as soon as they are started, there is no way to operate on the part until the end of the operation. This behavior is assumed only for the normal working mode.
Two main attributes Accessible and Block.
:
~ A
introduced:
Accessibility from the entry (Acc.f.E.) enables to know if there is a path from the entry to the node. This is a necessary condition for asking an operation completion. It is also a necessary condition for the performing of a logical operating sequence. If a node is not in elementary accessibility, it can not receive any part. Therefore it can not participate in the completion of an operating sequence.
Referring to definitions above, a function can be seen as a set of operations. Operation implements a function. When this set is empty, the system is not able to fulfill the service any more (Fig. 4). It is important to notice that the failing of a machining operation may not induce the disappearance of the corresponding machining function if there are other operations that implement this function. ,
been
Attribute "Accessible" gives information about the accessibility properties of a node. Two types of accessibility are studied: Accessibility from the entry and Accessibility toward a logical sequence.
So, operations are defined at resources level. Functions are defined at the whole system level. However, several resources can perform the same function in an FMS. At different dates, one or the other of these operations can implement the considered FMS function.
Functions
have
A logical sequence is a set of partially ordered machining functions that are applied to a family of part (Ausfelder, et ai., 1994). Consequently, accessibility toward a logical operating sequence concerns only machining nodes. A machining node is said to be in accessibility toward a logical operating sequence if this node can be reached from a machining node implementing the previous machining function in the logical operating sequence.
Dode-operatiO; operation An
::::::::·W::::::::J:::::::f::£~-:~:D±~~~~OD::
Fig. 4. Relation between operations and functions.
This kind of accessibility determines if the considered machining operation can participate in the completion of a logical operating sequence. It also enables to know if the FMS can fully or partly achieve a logical sequence.
A Node-operation is composed of one or more operations. Grouping rules have been established. For machining operations, operations performed on the
Attribute "Block" indicates if the node is blocking to the exit (Blk.t.E), that means if the following operations irreparably lead the product to requesting
f4
~
.. RI
$-.
.. R2
~ .. .
R3
~
.. . R4
. Resources
911
Example: For a machining node-operation Op 1: Milling center on Ml constituted of 4 operations (Gpl-l: Screw cutting. LJ. DJ on Ml, 0Pl-2: Screw cutting, 12. D2 on Ml, 0pl.3: Straightening U. /3 on Ml and 0Pl4: Straightening lA. /4 on MJ), the methods delineated before give the following results: • "Potential operations" {Opl-l, Opl-2, 0Pl-3, 0pl4}; • "Possible operations" = {Opl-l, 0Pl-3, Opl4} if a tool is broken; • "Reserved operations" = {Opl-l, Opl-3, 0pl4} if these operations are selected to participate to the completion of the logical operating sequence; {Opl.d if the machining resource is "Used operation" currently performing this operation.
a failing operation. It indicates if a part at a node of the graph will be able to be evacuate from the FMS.
3.2 Specific attributes & methods addedfor Recovery
=
In this section, new attributes are added in order to adapt the OAG to be used during the FMS exploitation. Let us first define the attribute Operation state that only concerns operations. It gives information about the state of an operation from Monitoring and Working Modes Management point of view. According to the hypothesis of complete failure, it can take two values: {Normal} or {Out of order}.
=
The link between the results of the methods is as follows: "Possible operations" takes all values of "Potential operations" except for operations, attribute "Operation state" of which is at {Out_of_order}. "Reserved operations" contains all or a part of operations listed in the attribute "Possible operations" .
To take into account the fact that not all FMS flexibilities are used during the exploitation, the model has be emphasized by the definition of new features (attributes and methods). The following attributes concern all operations.
By analogy, some features concerning the machining functions at FMS (respectively machining nodeoperation) level are defined. "Potential machining functions" gives the set of machining functions the FMS (respectively the machining node-operation) is designed for. "Possible machining functions" gives information about the machining functions the FMS (respectively the machining node-operation) can currently complete, according to the failing of some of its elements. "Reserved machining functions" takes as values the set of machining functions implemented for a given configuration.
Attribute Reserved is set to {true} if the operation is chosen to contribute to an FMS production. The difference between a possible non-reserved operation and a reserved operation is that, in the first case, the resource performing the operation has to be set in production mode before the requested operation becomes available. Attribute Used indicates if the operation is currently active in the node-operation. For nodes-operations, composed of operations, methods are defined. They give information about the "Potential operations", "Possible operations", "Reserved operations" and "Used operation" that compose the node-operation.
The method to determine the value of "Possible machining functions" for the FMS (respectively the machining node-operation) is the following: •
"Potential operations" gives the set of all operations, that compose the node-operation. "Possible operations" gives information about the operations still available when the node-operation is functionally degraded. It takes as values the oonfailing operations that compose the node-operation. This information is obtain by listing the attribute "Operation_state" of each operation that composes the node-operation.
For "Reserved machining functions" determination method is nearly similar. 4. MODEL EXPLOITATION FOR FMS RECONFIGURATION
4.1 Principle
operation
The OAG enables to determine: • if there is a possibility for the FMS to go on with the current production: if there is a path in the OAG, including nodes-operations containing operations that respectively take contribution in the completion of the functions that composed the logical operating sequence; • if some resources have to be set in production mode: if some non-reserved but possible operations have to be used to complete to logical operating sequence; • the path. a part can follow to complete its logical operating sequence: the sets of possible controls.
faili~ible
Nonres~ed
~
Not used
The non-Blk.t.E. and Acc.f.E. operations {Opi} of the FMS (respectively the machining node-operation), attribute "Operation_state" of which is at {Nonnal} are listed. For each Opi, the value of attribute "Function" is considered. "Possible machining function" contains the union of all the machining functions founded.
used
Fig. 5. Acceptances for an operation. For a node-operation, "Reserved operations" gives information about the operations chosen in a given configuration of an FMS.
"Used operation" takes as value the operation currently active in the node-operation.
912
Algorithm 1: Determination of paths existence in the OAG.
This information is given to Working Modes' Management (case of point 2) and to Piloting (case of point 3).
BEGIN ANBf1 .. .fn 0~ loop 1: For each function fj do
=
The principle is the following, considering that the FMS has to perfonn the logical operating sequence
Establish ANBfj = set of nodes in Acc.fE.. non- Blk.t.E. that are allowed 10 perform fj; Set {h} in the attribute "Accessible" of each element of ANBh; Loop 2: For each element NOpx ofANBfj do
fb···,fn. 1.
2.
3. 4. 5.
6.
7.
The GAG enables to know if there are "Reserved" operations left, that are accessible and nonblocking from fh... ,fn point of view. In case of null result, the procedure is considered again with "Possible" operations. In case of negative result, the production has to change or the system has to be stopped. A new scheduling calculation is requested. It is off line performed. During this time, the GAG enables to determine all the paths in FMS architecture in order to complete fl, ... ,fn' The different paths are sent to Piloting, that evaluates them in order to choose one according to some criteria such as production time, quality nature and Tolerance (Berruet, et ai., 1997b). When the scheduling computation is finished and validated, it is applied.
If there is a path between an element of ANBf1 ...fj-l and NOp,,; then Begin Set {f1,... Jj-l,fj} in the attribute "Accessible" of N0Px; (* i.e.: NOp,,; E ANBf1 ...fj *) End
End Loop 2 End Loop 1
H ANB/J.. .fn ;r!: 0 then set the attribute "Accessible" of Ihe exit node at {/J•... ,fn}; END.
The algorithms are based on the concepts developed in (Berruet, et aI., 1997a). The machining nodeoperations are listed and their attribute "Accessible" is updated in order to know if these nodes can take contribution in the achievement of a logical sequence. That means that, for machining node-operation NOPi that takes contribution in performing the function fk , there is a path from the entry node to NOPi including machining nodes-operations that respectively take contribution in performing f t to fk- t • Moreover, there exists at least a path from NOPi to the exit node. So this algorithm gives the nodes that can be used to determine the path.
According to this procedure, several levels of reactivity can be established: Ll: Some used operations disappeared. Reserved functions are not altered. Reserved operations are accessible and not blocking from fb ... ,fn point of view. L2: Some used operations disappeared. Reserved functions are not altered. At least one "Reserved" operation is not accessible or blocking from f t , ••• ,fn point of view. L3: Some used operations disappeared. Some reserved functions disappeared. Possible functions are not altered. Possible operations are accessible and not blocking from fb ... ,fn point of view. L4: Some used operations disappeared. Some reserved functions disappeared. Possible functions are not altered. One or more Possible operations are non-accessible or blocking from fb ... ,fn point of view.
This algorithm has been modified and accepts in input, for each node-operation, the functions this node takes contribution in the completion. So, it can be used with several initializations. (Algorithm 1) Algorithm 2: Determination of paths in the OAG. BEGIN SPfl ...fn-1 = set of nodes-operations attribute "Accessible" of which has got {fl,...,fn-l} ~ i = n-l; Loop 1: Establish SPfl .. .fi-l set of nodes-operations attribute "Accessible" of which has got {fl,...,fi-d; Loop 2: For each element NOpi,k of SPft ...fi do Loop 3: For each element NOPi-l.j of SPfl ...fi-l do if there is a path from NOPi-l.j and NOpi.k then Establish the set of paths (Wi-U ) from NOpi-l.j to NOpi,k using the Depth-first Search procedure considering NOpi-l.j successors from which NOpi.k is still accessible and that a node may be used once in a path;
Establish
=
In case L1, Recovery procedure is to determine paths using the reserved operations. In case L2, Recovery procedure considers possible operations. It jumps to case L3 or case U. In case L3, Recovery procedure is to request the possibility of a production mode for the concerning resources (that implement the non-reserved but possible operations) and to determine paths using possible operations. After Piloting choice, Recovery requests the production mode for the chosen resources.
else Remove NOPi-lj from SPf) ...fi-l; End Loop 3 End Loop 2 i := i-I; End Loop 1 Concatenate the founded pieces of paths in W 1.2 to W n-l.n whose termination node is the same as the starting node of the other. END.
In case U, Recovery procedure informs the Planning for a production change.
Another algorithm (Algorithm 2) determines the feasible paths in the OAG. It gets in entry the graph structure with the nodes it has to take in consideration (Acc.f.E, non-Blk.t.E., reserved, possible). It also gets from algorithm 1 the possible machining nodes to be used in order to build up the paths. This
4.2 Algorithms In this part, algorithms are briefly presented. They enable to implement the procedures delineated in the previous part.
913
algorithm is based on the Depth-first Search (Tarjan, 1972). It begins with the end of the path (nodes taking contribution in performing the function fn) because, according to results of algorithm 1, there exists at least a preceding node, taking contribution in performing fn- 1 from where the nodes are accessible.
• • •
The decision algorithm could be emphasized by taking into account the case of resource stop and repair. Further work will be to develop integration with the Control Part (i.e. to study the data flow transmitted to the Piloting and to clearly define links with production Management).
For these algorithms, the existence of path between two nodes can be established by the computation of the transitive closing of the oriented graph, that is once calculated using the Warshall algorithm.
The general procedure, used implementation, is the following:
for
the FMS can react with its current configuration; its configuration has to be changed to go on with the current production; the production has to be changed in order to maintain FMS availability.
The method developed here is centralized. At the scale of a whole plant, the model may become complex. It will be interesting to study the distribution of the method, too.
Recovery
A. The nodes in Acc.f.E and non-Blk.t.E are detennined from the reserved operations of the OAG. (named: Set ANBR). B. The set of "Reserved functions" at FMS level is established. 1) If this set contains all the functions of the logical operating sequence, then a) For each machining node of ANBR, the functions the machining node-operation can implement is established by the method "Reserved functions"; b) run Algorithm 1 with this initialization; c) If there exists a path (case Ll) then i) run Algorithm 2; ii) treat case Ll; iii) exit. d) if not (case 12) goto C. 2) If not goto C. C. Recovery lists all the non-reserved operations and negotiates with the Maintenance module in order to know if the considered resources can be set in production mode. D. The nodes in Acc.f.E. and non-Blk.t.E. are detennined from the possible operations of the OAG. (named: Set ANBP). E. The set of "Possible functions" at FMS level is established. 1) If this set contains all the functions of the logical operating sequence, then a) For each machining node of ANBP, the functions the machining node-operation can implement is established by the method "Possible functions"; b) run Algorithm 1 with this initialisation; c) If there exists a path (case L3) then i) run Algorithm 2; ii) treat case L3; iii) exit. d) if not (case lA) goto F. 2) if not goto F F. Recovery informs Planning for a possible production change.
REFERENCES Ausfelder, C. , E. Castelain and J.C.Gentina. (1994). A method for hierarchical Modelling of the Command of Flexible Manufacturing Systems, IEEE TRANS. On "Systems, Man, and Cybernetics", Ed. A.P. Sage, Vol. 24, n04, pp. 564573. Berruet, P., A.K.A. Toguyeni, S. Elkhattabi, E. Craye (1997a) A process modelling for Supervision in FMS Operational Accessibility Graph, CACSD'97-IFAC, pp 225-230, Gent. Berruet, P., A.K.A. Toguyeni, S. Elkhattabi and E. Craye (1997b). Characterisation of Tolerance in FMS, 15th IMACS world congress, pp 409-414, Vol. 2, Berlin. Charbonnier, F., H. Alla and R. David (1995). The Supervised Control of Discrete Event Dynamic Systems: A New Approach. In: IEEE, 34th Conference on Decision & Control, Dec. 1995, pp 913-920, New Orleans. Korbaa, 0., H.Camus and J.C.Gentina. (1998). FMS Cyclic Scheduling with Overlapping production cycles, ICATPN'98, workshop on Petri nets and Manufacturing, Toulouse. Laprie J.C et al. (1995). Guide de la surete de fonctionnement, Cepadues-Editions, Toulouse. Niel, E., N. Rezg, M. Nourelfath and S. Boukhobza (1996). Supervisory CO,ntrol in the context of Operational Safety Reactivity, In: CESA '96 IMACS, Symp. on Discrete Event and Manufacturing Systems, pp.746-751, Lille. Ramadge, P.J. and W.M. Wonham (1987). Supervisory control of a class of dicrete event processes, SIAM, Journal on Control and Optimization 25(1), pp 206-230. Ranky, P. (1990) Aexible Manufacturing Cells and Systems in CIM, CIMware Ltd, Guildford, U.K. Tarjan R. (1972), Depth-first Search and Linear graph Algorithms, Siam J. computing 1. Toguyeni, A.K.A., S. Elkhattabi and E. Craye (1996). Functional and/or Structural approach for the Supervision of Flexible Manufacturing Systems. In: CESA '96 IMA CS, Symp. on Discrete Event and Manufacturing Systems, pp.716-721, Lille.
5. CONCLUSION The Recovery strategies presented in this paper take into account some criteria such as product priority and availability priority. This enables to define four levels of reactivity for Recovery procedures, according to the failure impact, the potentialities of FMS resources and configurations' options considered during the FMS normal working mode. The implementation of these procedures is based on a model named OAG. The modelling takes now into account, not only the flexibilities corresponding to the whole potentialities of the architecture, but also a restriction of this set that is: the flexibilities reserved during the exploitation phase. The information is stored through attributes "Reserved" and "Used" of GAG elements. Some methods are defined to collect information about "Potential operations", "Possible operations", "Reserved operations" and "Used operation" . Algorithms presented enable to know if:
914