Upload
doannhu
View
213
Download
0
Embed Size (px)
Citation preview
Robust State-Based Supervisory Control of Discrete Event Systems
Sherif [email protected]
Gabor [email protected]
Gautam [email protected]
Abstract— In this paper we present an approach for robustsupervisory control of Discrete Event Systems. In the proposedapproach, we assume that the current state is known only tobe within a nonempty subset of the system states. We extendthe definition of discrete event system controllability to takeinto account such uncertainty about the current state. Weshow that if the system behavior can be traced within theuncertainty set then an optimal non-blocking supervisor canbe constructed for the system based on the optimal supervisorunder full observation.
I. INTRODUCTION
Supervisory controller for discrete event systems [1]
works by disabling certain actions or events that could lead
the system into unwanted or undesirable situations. The
classic supervisory control theory assumes accurate current
state observation. However, in practice the current system
state may not be exactly known. Such uncertainty arises
in many real-life situations, particulary, when a discrete
event system model is used as an approximation for the
continuous dynamics of the system. Typical abstraction
schemes partition the state space of the system into finite
regions with well-defined boundaries [2]–[5]. States in the
abstracted system correspond to regions in the state space
of the continuous system, and events capture the crossing
of the boundaries between these regions. While boundary
crossing is typically instantaneous, measurement sampling
is not and therefore it is not always possible to get accurate
account of the current system state.
In general, uncertainty in the current state of the system
may result from one or more of the following factors:
• Limited measurement accuracy: sensors that detect
boundary crossing or other discrete transitions may fail
to report the occurrence of certain events,
• Noise: components of the system as well as their
interaction can be affected by noise, which may result
in state detection delays and possible loss of data, or
• Sampling and synchronization effects: system events
are generated from sampled measurements, and then
sent to the supervisor in a synchronized way, which
may result in event delay or loss of ordering.
In many practical situations, it is reasonable to assume that
uncertainty in the current state is bounded in the sense that
an external observer will not completely lose track of the
system behavior. Under this assumption, uncertainty about
the current state of the system can be represented by a set
of possible current states rather than a single one.
Funded, in part, by Boeing and the NASA ALS program (Contract:NCC 9-159).
The authors are with the Institute for Software Integrated Systems,Vanderbilt University, Nashville, TN
The original supervisory control theory was developed for
systems whose models were precise and complete, and it
also assumes that the system behavior is fully observed. The
theory was later extended to handle the situation when some
of the system events are not observable [6], [7]. Extensions
to handle non-deterministic systems has been introduced in
[8]–[10]. Both extensions can handle certain cases of event
uncertainties in discrete events systems.
There have been several research efforts on developing
robust supervisory controllers for specific cases of uncer-
tainties in discrete event systems. In [11], the problem of
DES supervision under model uncertainties is addressed.
This work assumes the system model belongs to a set
of possible models. This work has been later extended in
[12], [13] to deal with the case where the event set and
the language for a given model of the plant may contain
elements that do not belong to any other plant in the family
of models. This work was then extended to timed discrete
event systems in [14]. In [15], uncertainties in system
events are considered. In this work, states can undergo
a specified maximum number of unobserved transitions.
Model uncertainties in DES is also addressed in [16], [17].
However, the objective in this case was to synthesize a
controller which maximizes the family of plants for which
the closed-loop behavior is within specified bounds.
In this paper we consider another form of uncertainty in
discrete event systems in which the exact current state is not
known and can only specified within a set. State uncertainty
is presented as a state observation mapping. Given that the
addressed uncertainty is associated with the system states
rather than its events or transitions we implement a state-
based form of the supervisory control theory based on the
approach presented in [18].
There are several important differences between the state
uncertainty problem addressed in this paper and the super-
visory control problem. For instance, in our case an event
associated with an uncertain state transition (and therefore
can be considered unobservable from this state) can be
observable in another state. Also, state uncertainty cannot
be expressed using a set of models as such models cannot
be directly computed from the state uncertainty observation
map. The work of [15] is the closest to our work, however,
uncertainty in our work is not necessary transitive while the
unobservable transitions in [15] are transitive by definition.
In addition we introduce the concept of delectability which
allow for efficient construction of an optimal non-blocking
supervisory controller under state uncertainty.
Proceedings of the2005 IEEE Conference on Control ApplicationsToronto, Canada, August 28-31, 2005
TB6.2
0-7803-9354-6/05/$20.00 ©2005 IEEE 922
II. PRELIMINARIES AND NOTATION
Let Σ be an alphabet representing the events in the
process under consideration. A string or word is a sequence
of events. We use Σ+ to denote the set of all nonempty finite
strings with events in Σ, and Σ∗ = Σ+ ∪ {ε}, where ε �∈ Σrepresents the empty string. A language over the alphabet Σis any subset of Σ∗. A string s′ ∈ Σ∗ is a prefix of s ∈ Σ∗,
denoted s′ ≤ s, if there exists u ∈ Σ∗ such that s′u = s.
The prefix closure of a language H ⊆ Σ∗, denoted H , is
the set of all strings in Σ∗ that are prefixes of strings in H .
An automaton is a 5-tuple:A = (Q,Σ, δ, qo, Qm), where
Q is a finite set of states, Σ is a finite nonempty set of
events, δ : Q × Σ → Q is a (partial) transition function,
qo ∈ Q is the initial state, and Qm ⊆ Q is a nonempty
set of marker states. If δ(q, σ) is defined, then we say that
σ is eligible at q in A. This can also be expressed by the
map EligA : Q → Pwr(Σ), which assigns to each state
in A the set of eligible events. The map δ is extended to
strings in the usual way. For a language L ∈ Pwr(Σ∗),we will write A(L) to denote the minimal automaton that
generates L. In this case we will use the overloaded map
EligA : L → Pwr(Σ) to denote the set of events eligible
at each string s ∈ L. The map Elig is extended to sets of
states (or strings) in the usual way with the convention that
Elig(∅) = ∅.
Let A = (Q,Σ, δ, qo, Qm) be an automaton. For two
states q, q′ in Q we say that q′ is reachable from q in Aif there exists a string s ∈ Σ∗ such that q′ = δ(q, s). We
will write �A(q) to denote the set of states reachable from
q in A. A state q ∈ Q is said to be reachable if it can be
reached from the initial state, that is , if q ∈ �A(qo), and Ais reachable if all its states are reachable. A state q is said to
be coreachable if it can reach one of the marker states, that
is, if there exists a state qm ∈ Qm such that qm ∈ �A(q),and A is coreachable if all its states are coreachable. If all
the states in A are both reachable and coreachable then Ais said to be trim. We will write Trim(A) to denote the
trim automaton obtained by removing all states that are not
reachable or coreachable from A.
The closed language generated by an automaton A is
L(A) = {s ∈ Σ∗ | δ(qo, s) is defined}, and the markedlanguage of A is Lm(A) = {s ∈ Σ∗ | δ(qo, s) ∈ Qm}.
Clearly, A is trim if and only if Lm(A) = L(A). Let
A = (Qa, Σ, δa, qoa, Qma) and B = (Qb,Σ, δb, qob, Qmb)be two automata. We say that B is a subautomaton of A if
qob = qoa, Qb ⊆ Qa, Qmb ⊆ Qma and δb ⊆ δa. That is, a
subautomaton of A is any automaton obtained from A be
removing some states and/or transitions without changing
the transition structure of A. We will write B ≤ A to denote
that B is a subautomaton of A.
III. STATE-BASED SUPERVISORY CONTROL
A supervisor can be viewed as an agent that restrict the
system behavior to satisfy a given specification. This is
achieved by disabling certain events along possible behavior
trajectories. It is desired that such supervision is done in
the least restrictive way, and without blocking the system,
namely, every possible (controlled) trajectory should end in
a terminal state. In classical supervisory control theory [19]
the set of system events Σ is partitioned into two disjoint
subsets: Σc denoting the set of controllable events, and
Σu denoting the set of uncontrollable events. Controllable
events can be disabled by an external agent, while the
uncontrollable ones are considered permanently enabled.
The solution for the supervisory control synthesis prob-
lem is based on the controllability property which is defined
for languages (system behavior) as follows: a language K ⊆Σ∗ (representing the specification) is said to be controllablewith respect to a closed language L (representing the system
behavior) if
KΣu ∩ L ⊆ K.
That is, K is controllable if and only if no string in L that is
already a prefix of K, when followed by an uncontrollable
event in L exits from the prefixes of K.
The controllability property in the state based frame-
work can be derived using the synchronous product op-
eration (to generate languages intersection), defined as
follows: Given two automata A = (Qa, Σ, δa, qoa, Qma)and B = (Qb,Σ, δb, qob, Qmb), the synchronous product of
A and B is denoted A × B and is defined as the tuple
(Q,Σ, δ, qo, Qm), where Q = QA × QB , qo = (qoa, qob),Qm = Qma × Qmb, and δ is given by
(∀(qa, qb) ∈ Q) δ((qa, qb), σ) = (q′a, q′b) ⇔δa(qa, σ) = q′a and δb(qb, σ) = q′b
It is easy to see that Lm(A×B) = Lm(A)∩Lm(B). Now
let A be a trim automaton representing the system, and Ba trim automaton representing the controller specification.
A×B is the synchronous product automaton defined above.
The automaton B is said to be controllable with respect to
A if
(∀(qa, qb) ∈ Q) EligA(qa) ∩ Σu ⊆ EligB(qb)
It is easy to verify that the above definition is equivalent
to the language-based definition, where A and B are trim
automata models for L and K. Note that the state-based
definition is valid for any trim automata A and B, irrespec-
tive of whether they are minimal or deterministic.
Let A and B be the automata defined above. A mapping
h : Qb → Qa is an automata homomorphism if h(qob) =qoa, h(Qmb) ⊆ Qma, and for all q, q′ ∈ Qb, and all σ ∈ Σ
δb(q, σ) = q′ ⇒ δa(h(q), σ) = h(q′)
We say that A simulates B if there exists a homomorphism
h from B to A. It is easy to see that if A simulates B then
Lm(B) ⊆ Lm(A). It can also be proven that if Lm(B) ⊆Lm(A) then Lm(A×B) = Lm(B), and a homomorphism hcan then be defined between Trim(A×B) and A as follows
(∀(qa, qb) ∈ QA×B) h((qa, qb)) = qa
2
923
Clearly, the above map is well-defined and satisfies the
properties of homomorphisms. The above result shows that
any sub-behavior of a given automaton A can be modeled
as a trim automaton B that can be simulated by A.
Given a system modeled by an automaton A and a spec-
ification modeled as another automaton B, if Trim(A×B)is controllable with respect to A then it is straightforward to
see that Trim(A×B) is the supremal nonblocking supervisor
for A. For the case when Trim(A × B) is not controllable
w.r.t. A, write E for Trim(A × B), therefore, A simulates
E. Let CA(E) denotes the set of trim subautomata of Ethat are controllable with respect to A, namely
CA(E) = {E′ ≤ E | E′ is controllable w.r.t A
and E′ = Trim(E′)}The set CA(E) is not empty and is closed under automata
union, and, therefore, it contains a supremal element. Given
that the trimness property is preserved under automata
union, it can be proven [18] that this supremal element,
sup CA(E) corresponds to the optimal non-blocking super-
visor for A. Algorithmically, the optimal supervisor can be
computed through an iterative backtracking procedure on
the automaton E.
IV. SUPERVISORY CONTROL UNDER STATE
UNCERTAINTY
Let A = (Q,Σ, δ, qo, Qm) be a discrete event system. As
discussed earlier in the Section I, the practical limitations of
system observation may result in a “bounded” uncertainty
about the current state of the system. We consider the case
in which the current state of the system A can change to
a one in a predefined set of states without such change
being observed. This ambiguity in the current state of the
system can be represented by an observation map O : Q →Pwr(Q). If the current observed state is q, the system can
move to one of the states O(q) without being observed. A
system with such state uncertainty will be described a tuple
(A,O).The problem of robust supervisory control under state
uncertainty can be stated as follows:
Given (A,O) and a specification automaton B,
design a non-blocking supervisor V such that
Lm(V/A) ⊆ Lm(B), where V/A is the super-
vised system under the limited state observation
map O.
The supervisory control scheme under state uncertainty is
shown in Figure 1.
In this scheme, the supervisor obtains the information
about the current state from a set of sensors. The sensors
provide sampled measurements of the state and output
variables, which can be translated (using a certain abstrac-
tion mapping) into discrete states and events. In the above
scheme information about the system state may be delayed
before reaching the supervisor. Such delay can be attributed
to the quantization, abstraction and sampling process.
O
state sensors
AV
Γk
O(qk) qk
Fig. 1. Supervisory control under uncertain state observation
Consider for instance the operation scenario shown in
Figure 2. In this example it is assumed that the current
system state is sampled at a fixed rate and the sampled state
value is mapped to a given discrete state which then sent
the supervisor. At time point tk the supervisor is informed
that the system is at state qk. The limited accuracy of this
setting can be captured by a map O that defines the set
of possible states that system may move to from qk during
the period [tk, tk+1], where tk+1 is the next time point at
which the supervisor receives information about the state of
the system.
We assume that at any time instance k with observed
state qk, the next observed state qk+1 is in the set O(qk).This requirement ensures that the supervisor can cope with
possible delays in receiving information about the current
state of the system. In addition, we assume that for a system
A, the map O satisfies the following property:
(∀q ∈ QA) q ∈ O(q) and O(q) ⊆ �A(q)
This condition requires the system to move only to reach-
able states between any two observation instances. It also
allows the system to stay in the same state indefinitely.
z }| {states in O(qk)
q′kq′
o ...
tk+1to tk
qo qk,1qk... ...
... q′k+1
qk+1
Time
Supervisor
System
Fig. 2. Example trajectories for a supervised system with uncertainobservation
In classical supervisory control theory, the supervisor
is synchronized with the system at each transition. Such
synchronization cannot be achieved in the above situation.
We will adopt here a weaker form of synchronization in
which the supervisor synchronizes with the system when the
3
924
current state measurement is received. In order to achieve
such synchronization, we assume that it is possible to
know what path the system has taken when moving from
qk to qk+1. A system that satisfies this property will be
characterized as detectable. The detectability of the system
clearly depends on the map O, and the available information
about the system between tk and tk+1. Such information
depends on many factors including the timing properties
of the system (e.g., how long the system may stay in
each state), the sampling rate, the abstraction scheme, and
the accuracy of the sensors. The following represent some
typical situations in practical systems:
• No information is available between two state obser-
vations. In this case, the system is detectable if there
exists a unique path between every state q ∈ Qa and
the corresponding states in the set O(q).• The sequence of transitions between any two observa-
tion instances, tk and tk+1 is available at tk+1. The
system is always detectable in this case.
• The sequence of states that occur between any two
observation instances instances tk and tk+1 is available
at tk+1. System is detectable here if |Elig(q)| = 1 for
all q ∈ Q.
• The exact sequence of events that occur between any
two state observation instances tk and tk+1 is available
at tk+1. In this case, the system is detectable if it is
deterministic.
• The (unordered) set of events that took place between
tk and tk+1 is available at tk+1. In this case, the system
is detectable if the order of events is irrelevant with
respect to determining the path from any state q to
any of the states in O(q).The above cases illustrate that the detectability property
is hard to characterize in general. However, checking de-
tectability in the above situations for a given (A,O) is
obviously decidable. Further investigation on this issue is
set aside for future research. Next, we characterize the
controllability property under state uncertainty based on the
above assumptions.
Let A be a trim automaton representing a system, O be an
observation map for A, E be a specification automaton. We
will assume hereafter that A is detectable with respect to O.
Let B be a trim non-blocking supervisor for A with respect
to the specification E. Without losing generality we will
assume that A×B is trim. In the perfect observability case,
the supervisor B guarantees that Lm(B/A) ⊆ Lm(E).The supervisor B can also be represented as a map V B :QA×B → Γ, where Γ = {γ ∈ Pwr(Σ)|γ ⊇ Σu}. In the
above case, V is defined as follows. For all (qa, qb) in
QA×B
V B((qa, qb)) = Σu ∪ (Σc − (EligA(qa) − EligB(qb))
)
In this scheme, the system will synchronize with the super-
visor, and at any combined state q = (qa, qb) the system
is allowed to take only those actions specified by V B(q).
Clearly, a supervisor map can always be translated into
a supervisor (automaton) and vise versa. To work under
uncertain state observation, the supervisor must take into
account possible unobserved state changes. To this end,
we define the set of O-control maps as follows. A map
V BO : QA×B → Γ is a O-control map if for all (qa, qb) in
QA×B the following holds,
• Σu ⊆ V BO ((qa, qb))
• (∀(q′a, q′b) ∈ �A×B(qa, qb)) q′a ∈ O(qa) =⇒EligA(q′a) − EligB(q′b) ∩ Σc ∩ V B
O ((qa, qb)) = ∅
In effect, the O-control map disables all events that
should be disabled if the system moves to any of the
states in O(qa) when the current observed state is qa. The
following property is easy to prove based on the definition
of O-control maps.
Proposition 4.1: The set of O-control maps are closed
under union. �We will write V̂ B
O to identify the supremal O control map
for B. Note that, in a O-control map, the set of eligible
events at any state (qa, qb) depends on whether qa is the
actual observed state or it belongs to the set O(q′a) where
q′a is the observed state. Therefore, in contrast with the
supervisor map V , the language generated by the system
under the map VO does not correspond directly to the
supervisor automaton B. However, it is easy to construct the
machine VO/A × B that generates the controlled behavior
of A × B under a O-control map VO. The steps for
constructing the automaton VO/A × B is given in the
following algorithm.
Algorithm 1 Computing VO/A × B
for all (qa, qb) ∈ QA×B doConstruct M(qa, qb) = A × B|�(qa,qb)∩O(qa)×QB
Compute MO(qa, qb) = Reachable(VO/M(qa, qb))Label each (q′a, q′b) in MO(qa, qb) as (q′a, q′b|qa, qb)
end forConstruct the automaton G = VO/A × B such that:
qoG = qo(A×B); QmG = Qm(A×B)
QG =⋃
(qa,qb)QMO(qa,qb)
δG =[⋃
(qa,qb)δMO(qa,qb)
]⋃δc where,
δc =⋃
(q′a,q′
b|qa,qb)∈QG((q′a, q′b|qa, qb), ε, (q′a, q′b|q′a, q′b))
Algorithm 1 constructs VO/A×B by first computing for
each (qa, qb) the automaton, MO(qa, qb), corresponding to
the controlled behavior of system while (qa, qb) is currently
observed, that is, the set of strings the system can execute
while observing (qa, qb) under the control map VO. The
automaton VO/A × B is then constructed by connecting
the set of machines {MO(qa, qb)|(qa, qb) ∈ QA×B} via
shared stated. In particular, connection is made by adding
an ε-transition from each state (q′a, q′b) ∈ MO(qa, qb) to the
correspond state (q′a, q′b) ∈ MO(q′a, q′b).The main problem with O-control maps is that it may
lead to blocking, even if B is a non-blocking supervisor.
4
925
This is due to the fact that O-control maps impose addi-
tional restriction on the system behavior to compensate for
the lack of accurate real-time observations. Note that the
machine VO/A × B is constructed in a way that simulates
the effect of the O-control map. Therefore, the machine
VO/A × B is trim if and only if the the supervision map
VO is non-blocking.
Based on the fact that the set of trim sub-automata of a
give automaton is closed under union we can establish the
following result.
Proposition 4.2: Let (A,O) be a system with uncertain
state observation and E be a specification automaton. Then
there exists a supremal non-blocking O-control map V such
that Lm(V/A) ⊆ Lm(E).Proof: (Outline) Let B be a supervisor for A with
respect the the specification E under full observation. Let
CBO be the set of all O-control maps V B
O such that V BO /A×B
is trim. Clearly, the set CBO is closed under union. This is
based on Proposition 4.1 and the fact that trim automata are
closed under union. Therefore, the set CBO has a supremal
element sup CBO . Now, let D, D′ be two trim supervisors for
A with respect to E, that is, D, D′ ∈ CA(E). Then based
on the definition of O-control maps we can write,
D ⊆ D′ =⇒ V̂ DO ⊆ V̂ D′
O =⇒ sup CDO ⊆ sup CD′
O
That is the set of supremal O-control maps is monotonic
with respect to supervisors in CA(E). Consequently, for the
supremal supervisor B = sup CA(E), the map V = sup CBO
is the supremal non-blocking O-control map for the system
A such that Lm(V/A) ⊆ Lm(E).Based on the above Proposition, the supremal O-control
map can be computed by first computing the supremal non-
blocking supervisor for A with respect to the specification
E, say B, then computing the corresponding supremal O-
control map V̂ BO . The maximal element of of CB
O is then
computed by first computing the machine V̂ BO /A×B using
Algorithm 1. A backtracking algorithm is then used to
eliminate unreachable states in V̂ BO /A×B by disabling con-
trollable events (ε is considered uncontrollable event). The
control map V̂ BO is updated with the new disabled events,
and the results is the desired map, sup CBO . Algorithm 2
shows the steps for computing sup CBO starting from the
machine V̂ BO /A × B.
Note that in the Algorithm 2, disabled events at
((q′a, q′b|qa, qb) are added to the disabled events at (qa, qb)in the updated O-control map. The complexity of the above
algorithm is linear in the size of the machine V̂ BO /A × B
which has a state space of O(|QA| × maxq∈QA|O(q)| ×
|QB |).V. EXAMPLE: MINE REMOVING ROBOT
The system in this example is a robot assigned to remove
mines from a given field. The mine field is partitioned into
regions and a set of sensors are configure at the perimeter
of the field to detect the current position of the robot within
the field. The current position of the robot is given in terms
Algorithm 2 Computing sup CBO
Input: G = V̂ BO /A × B
V ′ = V̂ BO
BState = QG − CoReachableG(QG)repeatNewBStates = ∅
for all (q′a, q′b|qa, qb) ∈ CoReachableG(QG) dofor all ((q′a, q′b|qa, qb), σ, q) ∈ δG, q ∈ BState do
if σ ∈ Σc thenV ′(qa, qb) = V ′(qa, qb) − {σ}
elseAdd (q′a, q′b|qa, qb) to NewBStates
end ifend for
end foruntil NewBStates! = ∅
Return: sup CBO = V ′
of a region in the field. It is assumed that the robot can move
in four directions. The system and its abstract discrete event
representation is shown in Figure 3.
d
u
u
u
u
u
uu
u
uu
u
u
r r r
l l l
lll
l l l
lll
r r r
rrr
r r r
d
d
dd
d
dd
d
d d
d
Fig. 3. The DES representation of the mine removal system
In this system, the sensors may encounter delay in
reporting the current position to the supervisor, therefore, it
is possible that the robot moves to one of the neighboring
positions and this position may not be reported to the
supervisor. We will write (i, j) to define the state at position
(i, j). The state uncertainty situation can be modeled by the
observation map, O, defined as follows.
O((i, j)) = {(k, l)|k ∈ [max(i−1, 0), min(Xmax, i+1)]and l ∈ [max(j − 1, 0), min(Ymax, j + 1)]}
In this system we have Xmax = Ymax = 4. The mine field
is located in a hostile environment, and in order to avoid
detection the robot is restricted to the diagonal part of the
field. In other words, it should avoid the top right and left
bottom corners of the field, which are known to contain
hostile elements. This specification is shown in Figure 4.
5
926
Figure 4(b) shows the optimal robust supervisor for this
specification.
(a)
(b)
r
r
l
r
r
r
rl
l
l
l
dd
d
d
d
d
uu
u u
r
r
l
d du u
d
rl
l
r
r
d
d
u
u
Fig. 4. (a ) Safety specification for the mine removing system, (b) Theoptimal robust supervisor under the observation map O.
VI. CONCLUSION
In this paper, we have addressed the problem of super-
visory control of systems with uncertain state observation.
We defined the control problem under uncertain observation
and based on the definition extended the definition of
controllability to address the uncertainty condition. We
show that it is possible to construct an optimal non-blocking
supervisor that can take into account the limited observation
of the system and satisfy a given specification.
REFERENCES
[1] P. Ramadge and W. M. Wonham, “Supervisory control of a class ofdiscrete-event systems,” SIAM Journal on Control and Optimization,vol. 25, pp. 206–230, 1987.
[2] J. Lunze, “Qualitative modeling of linear dynamical systems withquantised state measurements,” Automatica, vol. 30, no. 3, pp. 417–431, 1994.
[3] J. Raisch and S. O’Young, “Discrete approximation and supervisorycontrol of continuous systems,” IEEE Transactions on AutomaticControl, vol. 43, no. 4, pp. 568–573, 1998.
[4] J. Cury, B. Krogh, and T. Niinomi, “Synthesis of supervisorycontrollers for hybrid systems based on approximating automata,”IEEE Transactions on Automatic Controll, vol. 43, no. 4, p. 564568,1998.
[5] J. Stiver, P. Antsaklis, and M. Lemmon, “A logical des approach tothe design of hybrid control systems,” Mathl. Comput. Modelling,vol. 23, no. 11/12, pp. 55–76, 1996.
[6] F. Lin and W. Wonham, “On observability of discrete-event systems,”Information Sciences, vol. 44, no. 3, pp. 173–198, 1988.
[7] R. Cieslak, C. Desclaux, A. Fawaz, and P. Varaiya, “Supervisorycontrol of discrete-event processes with partial observations,” IEEETrans. Autom. Control, vol. 33, no. 3, pp. 249–260, Mar. 1988.
[8] A. Overkamp, “Supervisory control for nondeterministic systems,”in Proccedings of 11th International Conference on Analysis andOptimization of Systems, 1994, pp. 59–65.
[9] M. A. Shayman and R. Kumar, “Supervisory control of nondeter-ministic systems with driven events via prioritized synchronizationand trajectory models,” SIAM Journal on Control and Optimization,vol. 33, no. 2, pp. 469–497, 1995.
[10] M. Heymann and F. Lin, “Discrete-event control of nondeterministicsystems,” IEEE Transactions on Automatic Control, vol. 43, no. 1,pp. 3–17, 1998.
[11] F. Lin, “Robust and adaptive supervisory control of discrete eventsystems,” IEEE Transactions on Automatic Control, vol. 38, pp.1848–1852, 1993.
[12] S. Takai, “Maximally permissive robust supervisors for a class ofspecification languages,” in Proceedings of the IFAC Conference onSystem Structure and Control, vol. 2, 1998, pp. 429–434.
[13] S. Bourdon, M. Lawford, and W. Wonhamy, “Robust nonblocking su-pervisory control of discrete-event systems,” McMaster University,”Technical Report, 2003.
[14] S. Takai, “Robust supervisory control of a class of timed discreteevent systems under partial observation,” Systems & Control Letters,vol. 39, no. 4, pp. 267–273, 2000.
[15] S.-J. Park and J.-T. Lim, “Robust and nonblocking supervisor fordiscrete-event systems with model uncertainty under partial observa-tion,” IEEE Transactions on Automatic Control, vol. 45, no. 12, pp.2393–2396, 2000.
[16] J. Cury and B. Krogh, “Robustness of supervisors for discrete-eventsystems,” IEEE Transactions on Automatic Control, vol. 44, no. 2,pp. 376–379, 1999.
[17] S. Takai, “Synthesis of maximally permissive and robust supervisorsfor prefix-closed language specifications,” IEEE Transactions onAutomatic Control, vol. 47, no. 1, pp. 132–136, 2002.
[18] B. Schwartz, “State aggregation of controlled discrete-event systems,”Master’s thesis, Dept. of Elec. Eng., Univ. of Toronto, Canada, Oct.1992.
[19] W. M. Wonham, Notes on Control of Discrete-Event Systems.ECE Department, University of Toronto, revised 1 July 2002,http://www.control.utoronto.ca/DES.
6
927