6
Robust State-Based Supervisory Control of Discrete Event Systems Sherif Abdelwahed [email protected] Gabor Karsai [email protected] Gautam Biswas [email protected] Abstract— In this paper we present an approach for robust supervisory control of Discrete Event Systems. In the proposed approach, we assume that the current state is known only to be within a nonempty subset of the system states. We extend the definition of discrete event system controllability to take into account such uncertainty about the current state. We show that if the system behavior can be traced within the uncertainty set then an optimal non-blocking supervisor can be constructed for the system based on the optimal supervisor under full observation. I. I NTRODUCTION Supervisory controller for discrete event systems [1] works by disabling certain actions or events that could lead the system into unwanted or undesirable situations. The classic supervisory control theory assumes accurate current state observation. However, in practice the current system state may not be exactly known. Such uncertainty arises in many real-life situations, particulary, when a discrete event system model is used as an approximation for the continuous dynamics of the system. Typical abstraction schemes partition the state space of the system into finite regions with well-defined boundaries [2]–[5]. States in the abstracted system correspond to regions in the state space of the continuous system, and events capture the crossing of the boundaries between these regions. While boundary crossing is typically instantaneous, measurement sampling is not and therefore it is not always possible to get accurate account of the current system state. In general, uncertainty in the current state of the system may result from one or more of the following factors: Limited measurement accuracy: sensors that detect boundary crossing or other discrete transitions may fail to report the occurrence of certain events, Noise: components of the system as well as their interaction can be affected by noise, which may result in state detection delays and possible loss of data, or Sampling and synchronization effects: system events are generated from sampled measurements, and then sent to the supervisor in a synchronized way, which may result in event delay or loss of ordering. In many practical situations, it is reasonable to assume that uncertainty in the current state is bounded in the sense that an external observer will not completely lose track of the system behavior. Under this assumption, uncertainty about the current state of the system can be represented by a set of possible current states rather than a single one. Funded, in part, by Boeing and the NASA ALS program (Contract: NCC 9-159). The authors are with the Institute for Software Integrated Systems, Vanderbilt University, Nashville, TN The original supervisory control theory was developed for systems whose models were precise and complete, and it also assumes that the system behavior is fully observed. The theory was later extended to handle the situation when some of the system events are not observable [6], [7]. Extensions to handle non-deterministic systems has been introduced in [8]–[10]. Both extensions can handle certain cases of event uncertainties in discrete events systems. There have been several research efforts on developing robust supervisory controllers for specific cases of uncer- tainties in discrete event systems. In [11], the problem of DES supervision under model uncertainties is addressed. This work assumes the system model belongs to a set of possible models. This work has been later extended in [12], [13] to deal with the case where the event set and the language for a given model of the plant may contain elements that do not belong to any other plant in the family of models. This work was then extended to timed discrete event systems in [14]. In [15], uncertainties in system events are considered. In this work, states can undergo a specified maximum number of unobserved transitions. Model uncertainties in DES is also addressed in [16], [17]. However, the objective in this case was to synthesize a controller which maximizes the family of plants for which the closed-loop behavior is within specified bounds. In this paper we consider another form of uncertainty in discrete event systems in which the exact current state is not known and can only specified within a set. State uncertainty is presented as a state observation mapping. Given that the addressed uncertainty is associated with the system states rather than its events or transitions we implement a state- based form of the supervisory control theory based on the approach presented in [18]. There are several important differences between the state uncertainty problem addressed in this paper and the super- visory control problem. For instance, in our case an event associated with an uncertain state transition (and therefore can be considered unobservable from this state) can be observable in another state. Also, state uncertainty cannot be expressed using a set of models as such models cannot be directly computed from the state uncertainty observation map. The work of [15] is the closest to our work, however, uncertainty in our work is not necessary transitive while the unobservable transitions in [15] are transitive by definition. In addition we introduce the concept of delectability which allow for efficient construction of an optimal non-blocking supervisory controller under state uncertainty. Proceedings of the 2005 IEEE Conference on Control Applications Toronto, Canada, August 28-31, 2005 TB6.2 0-7803-9354-6/05/$20.00 ©2005 IEEE 922

[IEEE 2005 IEEE Conference on Control Applications, 2005. CCA 2005. - Toronto, Canada (Aug. 29-31, 2005)] Proceedings of 2005 IEEE Conference on Control Applications, 2005. CCA 2005

  • Upload
    doannhu

  • View
    213

  • Download
    0

Embed Size (px)

Citation preview

Robust State-Based Supervisory Control of Discrete Event Systems

Sherif [email protected]

Gabor [email protected]

Gautam [email protected]

Abstract— In this paper we present an approach for robustsupervisory control of Discrete Event Systems. In the proposedapproach, we assume that the current state is known only tobe within a nonempty subset of the system states. We extendthe definition of discrete event system controllability to takeinto account such uncertainty about the current state. Weshow that if the system behavior can be traced within theuncertainty set then an optimal non-blocking supervisor canbe constructed for the system based on the optimal supervisorunder full observation.

I. INTRODUCTION

Supervisory controller for discrete event systems [1]

works by disabling certain actions or events that could lead

the system into unwanted or undesirable situations. The

classic supervisory control theory assumes accurate current

state observation. However, in practice the current system

state may not be exactly known. Such uncertainty arises

in many real-life situations, particulary, when a discrete

event system model is used as an approximation for the

continuous dynamics of the system. Typical abstraction

schemes partition the state space of the system into finite

regions with well-defined boundaries [2]–[5]. States in the

abstracted system correspond to regions in the state space

of the continuous system, and events capture the crossing

of the boundaries between these regions. While boundary

crossing is typically instantaneous, measurement sampling

is not and therefore it is not always possible to get accurate

account of the current system state.

In general, uncertainty in the current state of the system

may result from one or more of the following factors:

• Limited measurement accuracy: sensors that detect

boundary crossing or other discrete transitions may fail

to report the occurrence of certain events,

• Noise: components of the system as well as their

interaction can be affected by noise, which may result

in state detection delays and possible loss of data, or

• Sampling and synchronization effects: system events

are generated from sampled measurements, and then

sent to the supervisor in a synchronized way, which

may result in event delay or loss of ordering.

In many practical situations, it is reasonable to assume that

uncertainty in the current state is bounded in the sense that

an external observer will not completely lose track of the

system behavior. Under this assumption, uncertainty about

the current state of the system can be represented by a set

of possible current states rather than a single one.

Funded, in part, by Boeing and the NASA ALS program (Contract:NCC 9-159).

The authors are with the Institute for Software Integrated Systems,Vanderbilt University, Nashville, TN

The original supervisory control theory was developed for

systems whose models were precise and complete, and it

also assumes that the system behavior is fully observed. The

theory was later extended to handle the situation when some

of the system events are not observable [6], [7]. Extensions

to handle non-deterministic systems has been introduced in

[8]–[10]. Both extensions can handle certain cases of event

uncertainties in discrete events systems.

There have been several research efforts on developing

robust supervisory controllers for specific cases of uncer-

tainties in discrete event systems. In [11], the problem of

DES supervision under model uncertainties is addressed.

This work assumes the system model belongs to a set

of possible models. This work has been later extended in

[12], [13] to deal with the case where the event set and

the language for a given model of the plant may contain

elements that do not belong to any other plant in the family

of models. This work was then extended to timed discrete

event systems in [14]. In [15], uncertainties in system

events are considered. In this work, states can undergo

a specified maximum number of unobserved transitions.

Model uncertainties in DES is also addressed in [16], [17].

However, the objective in this case was to synthesize a

controller which maximizes the family of plants for which

the closed-loop behavior is within specified bounds.

In this paper we consider another form of uncertainty in

discrete event systems in which the exact current state is not

known and can only specified within a set. State uncertainty

is presented as a state observation mapping. Given that the

addressed uncertainty is associated with the system states

rather than its events or transitions we implement a state-

based form of the supervisory control theory based on the

approach presented in [18].

There are several important differences between the state

uncertainty problem addressed in this paper and the super-

visory control problem. For instance, in our case an event

associated with an uncertain state transition (and therefore

can be considered unobservable from this state) can be

observable in another state. Also, state uncertainty cannot

be expressed using a set of models as such models cannot

be directly computed from the state uncertainty observation

map. The work of [15] is the closest to our work, however,

uncertainty in our work is not necessary transitive while the

unobservable transitions in [15] are transitive by definition.

In addition we introduce the concept of delectability which

allow for efficient construction of an optimal non-blocking

supervisory controller under state uncertainty.

Proceedings of the2005 IEEE Conference on Control ApplicationsToronto, Canada, August 28-31, 2005

TB6.2

0-7803-9354-6/05/$20.00 ©2005 IEEE 922

II. PRELIMINARIES AND NOTATION

Let Σ be an alphabet representing the events in the

process under consideration. A string or word is a sequence

of events. We use Σ+ to denote the set of all nonempty finite

strings with events in Σ, and Σ∗ = Σ+ ∪ {ε}, where ε �∈ Σrepresents the empty string. A language over the alphabet Σis any subset of Σ∗. A string s′ ∈ Σ∗ is a prefix of s ∈ Σ∗,

denoted s′ ≤ s, if there exists u ∈ Σ∗ such that s′u = s.

The prefix closure of a language H ⊆ Σ∗, denoted H , is

the set of all strings in Σ∗ that are prefixes of strings in H .

An automaton is a 5-tuple:A = (Q,Σ, δ, qo, Qm), where

Q is a finite set of states, Σ is a finite nonempty set of

events, δ : Q × Σ → Q is a (partial) transition function,

qo ∈ Q is the initial state, and Qm ⊆ Q is a nonempty

set of marker states. If δ(q, σ) is defined, then we say that

σ is eligible at q in A. This can also be expressed by the

map EligA : Q → Pwr(Σ), which assigns to each state

in A the set of eligible events. The map δ is extended to

strings in the usual way. For a language L ∈ Pwr(Σ∗),we will write A(L) to denote the minimal automaton that

generates L. In this case we will use the overloaded map

EligA : L → Pwr(Σ) to denote the set of events eligible

at each string s ∈ L. The map Elig is extended to sets of

states (or strings) in the usual way with the convention that

Elig(∅) = ∅.

Let A = (Q,Σ, δ, qo, Qm) be an automaton. For two

states q, q′ in Q we say that q′ is reachable from q in Aif there exists a string s ∈ Σ∗ such that q′ = δ(q, s). We

will write �A(q) to denote the set of states reachable from

q in A. A state q ∈ Q is said to be reachable if it can be

reached from the initial state, that is , if q ∈ �A(qo), and Ais reachable if all its states are reachable. A state q is said to

be coreachable if it can reach one of the marker states, that

is, if there exists a state qm ∈ Qm such that qm ∈ �A(q),and A is coreachable if all its states are coreachable. If all

the states in A are both reachable and coreachable then Ais said to be trim. We will write Trim(A) to denote the

trim automaton obtained by removing all states that are not

reachable or coreachable from A.

The closed language generated by an automaton A is

L(A) = {s ∈ Σ∗ | δ(qo, s) is defined}, and the markedlanguage of A is Lm(A) = {s ∈ Σ∗ | δ(qo, s) ∈ Qm}.

Clearly, A is trim if and only if Lm(A) = L(A). Let

A = (Qa, Σ, δa, qoa, Qma) and B = (Qb,Σ, δb, qob, Qmb)be two automata. We say that B is a subautomaton of A if

qob = qoa, Qb ⊆ Qa, Qmb ⊆ Qma and δb ⊆ δa. That is, a

subautomaton of A is any automaton obtained from A be

removing some states and/or transitions without changing

the transition structure of A. We will write B ≤ A to denote

that B is a subautomaton of A.

III. STATE-BASED SUPERVISORY CONTROL

A supervisor can be viewed as an agent that restrict the

system behavior to satisfy a given specification. This is

achieved by disabling certain events along possible behavior

trajectories. It is desired that such supervision is done in

the least restrictive way, and without blocking the system,

namely, every possible (controlled) trajectory should end in

a terminal state. In classical supervisory control theory [19]

the set of system events Σ is partitioned into two disjoint

subsets: Σc denoting the set of controllable events, and

Σu denoting the set of uncontrollable events. Controllable

events can be disabled by an external agent, while the

uncontrollable ones are considered permanently enabled.

The solution for the supervisory control synthesis prob-

lem is based on the controllability property which is defined

for languages (system behavior) as follows: a language K ⊆Σ∗ (representing the specification) is said to be controllablewith respect to a closed language L (representing the system

behavior) if

KΣu ∩ L ⊆ K.

That is, K is controllable if and only if no string in L that is

already a prefix of K, when followed by an uncontrollable

event in L exits from the prefixes of K.

The controllability property in the state based frame-

work can be derived using the synchronous product op-

eration (to generate languages intersection), defined as

follows: Given two automata A = (Qa, Σ, δa, qoa, Qma)and B = (Qb,Σ, δb, qob, Qmb), the synchronous product of

A and B is denoted A × B and is defined as the tuple

(Q,Σ, δ, qo, Qm), where Q = QA × QB , qo = (qoa, qob),Qm = Qma × Qmb, and δ is given by

(∀(qa, qb) ∈ Q) δ((qa, qb), σ) = (q′a, q′b) ⇔δa(qa, σ) = q′a and δb(qb, σ) = q′b

It is easy to see that Lm(A×B) = Lm(A)∩Lm(B). Now

let A be a trim automaton representing the system, and Ba trim automaton representing the controller specification.

A×B is the synchronous product automaton defined above.

The automaton B is said to be controllable with respect to

A if

(∀(qa, qb) ∈ Q) EligA(qa) ∩ Σu ⊆ EligB(qb)

It is easy to verify that the above definition is equivalent

to the language-based definition, where A and B are trim

automata models for L and K. Note that the state-based

definition is valid for any trim automata A and B, irrespec-

tive of whether they are minimal or deterministic.

Let A and B be the automata defined above. A mapping

h : Qb → Qa is an automata homomorphism if h(qob) =qoa, h(Qmb) ⊆ Qma, and for all q, q′ ∈ Qb, and all σ ∈ Σ

δb(q, σ) = q′ ⇒ δa(h(q), σ) = h(q′)

We say that A simulates B if there exists a homomorphism

h from B to A. It is easy to see that if A simulates B then

Lm(B) ⊆ Lm(A). It can also be proven that if Lm(B) ⊆Lm(A) then Lm(A×B) = Lm(B), and a homomorphism hcan then be defined between Trim(A×B) and A as follows

(∀(qa, qb) ∈ QA×B) h((qa, qb)) = qa

2

923

Clearly, the above map is well-defined and satisfies the

properties of homomorphisms. The above result shows that

any sub-behavior of a given automaton A can be modeled

as a trim automaton B that can be simulated by A.

Given a system modeled by an automaton A and a spec-

ification modeled as another automaton B, if Trim(A×B)is controllable with respect to A then it is straightforward to

see that Trim(A×B) is the supremal nonblocking supervisor

for A. For the case when Trim(A × B) is not controllable

w.r.t. A, write E for Trim(A × B), therefore, A simulates

E. Let CA(E) denotes the set of trim subautomata of Ethat are controllable with respect to A, namely

CA(E) = {E′ ≤ E | E′ is controllable w.r.t A

and E′ = Trim(E′)}The set CA(E) is not empty and is closed under automata

union, and, therefore, it contains a supremal element. Given

that the trimness property is preserved under automata

union, it can be proven [18] that this supremal element,

sup CA(E) corresponds to the optimal non-blocking super-

visor for A. Algorithmically, the optimal supervisor can be

computed through an iterative backtracking procedure on

the automaton E.

IV. SUPERVISORY CONTROL UNDER STATE

UNCERTAINTY

Let A = (Q,Σ, δ, qo, Qm) be a discrete event system. As

discussed earlier in the Section I, the practical limitations of

system observation may result in a “bounded” uncertainty

about the current state of the system. We consider the case

in which the current state of the system A can change to

a one in a predefined set of states without such change

being observed. This ambiguity in the current state of the

system can be represented by an observation map O : Q →Pwr(Q). If the current observed state is q, the system can

move to one of the states O(q) without being observed. A

system with such state uncertainty will be described a tuple

(A,O).The problem of robust supervisory control under state

uncertainty can be stated as follows:

Given (A,O) and a specification automaton B,

design a non-blocking supervisor V such that

Lm(V/A) ⊆ Lm(B), where V/A is the super-

vised system under the limited state observation

map O.

The supervisory control scheme under state uncertainty is

shown in Figure 1.

In this scheme, the supervisor obtains the information

about the current state from a set of sensors. The sensors

provide sampled measurements of the state and output

variables, which can be translated (using a certain abstrac-

tion mapping) into discrete states and events. In the above

scheme information about the system state may be delayed

before reaching the supervisor. Such delay can be attributed

to the quantization, abstraction and sampling process.

O

state sensors

AV

Γk

O(qk) qk

Fig. 1. Supervisory control under uncertain state observation

Consider for instance the operation scenario shown in

Figure 2. In this example it is assumed that the current

system state is sampled at a fixed rate and the sampled state

value is mapped to a given discrete state which then sent

the supervisor. At time point tk the supervisor is informed

that the system is at state qk. The limited accuracy of this

setting can be captured by a map O that defines the set

of possible states that system may move to from qk during

the period [tk, tk+1], where tk+1 is the next time point at

which the supervisor receives information about the state of

the system.

We assume that at any time instance k with observed

state qk, the next observed state qk+1 is in the set O(qk).This requirement ensures that the supervisor can cope with

possible delays in receiving information about the current

state of the system. In addition, we assume that for a system

A, the map O satisfies the following property:

(∀q ∈ QA) q ∈ O(q) and O(q) ⊆ �A(q)

This condition requires the system to move only to reach-

able states between any two observation instances. It also

allows the system to stay in the same state indefinitely.

z }| {states in O(qk)

q′kq′

o ...

tk+1to tk

qo qk,1qk... ...

... q′k+1

qk+1

Time

Supervisor

System

Fig. 2. Example trajectories for a supervised system with uncertainobservation

In classical supervisory control theory, the supervisor

is synchronized with the system at each transition. Such

synchronization cannot be achieved in the above situation.

We will adopt here a weaker form of synchronization in

which the supervisor synchronizes with the system when the

3

924

current state measurement is received. In order to achieve

such synchronization, we assume that it is possible to

know what path the system has taken when moving from

qk to qk+1. A system that satisfies this property will be

characterized as detectable. The detectability of the system

clearly depends on the map O, and the available information

about the system between tk and tk+1. Such information

depends on many factors including the timing properties

of the system (e.g., how long the system may stay in

each state), the sampling rate, the abstraction scheme, and

the accuracy of the sensors. The following represent some

typical situations in practical systems:

• No information is available between two state obser-

vations. In this case, the system is detectable if there

exists a unique path between every state q ∈ Qa and

the corresponding states in the set O(q).• The sequence of transitions between any two observa-

tion instances, tk and tk+1 is available at tk+1. The

system is always detectable in this case.

• The sequence of states that occur between any two

observation instances instances tk and tk+1 is available

at tk+1. System is detectable here if |Elig(q)| = 1 for

all q ∈ Q.

• The exact sequence of events that occur between any

two state observation instances tk and tk+1 is available

at tk+1. In this case, the system is detectable if it is

deterministic.

• The (unordered) set of events that took place between

tk and tk+1 is available at tk+1. In this case, the system

is detectable if the order of events is irrelevant with

respect to determining the path from any state q to

any of the states in O(q).The above cases illustrate that the detectability property

is hard to characterize in general. However, checking de-

tectability in the above situations for a given (A,O) is

obviously decidable. Further investigation on this issue is

set aside for future research. Next, we characterize the

controllability property under state uncertainty based on the

above assumptions.

Let A be a trim automaton representing a system, O be an

observation map for A, E be a specification automaton. We

will assume hereafter that A is detectable with respect to O.

Let B be a trim non-blocking supervisor for A with respect

to the specification E. Without losing generality we will

assume that A×B is trim. In the perfect observability case,

the supervisor B guarantees that Lm(B/A) ⊆ Lm(E).The supervisor B can also be represented as a map V B :QA×B → Γ, where Γ = {γ ∈ Pwr(Σ)|γ ⊇ Σu}. In the

above case, V is defined as follows. For all (qa, qb) in

QA×B

V B((qa, qb)) = Σu ∪ (Σc − (EligA(qa) − EligB(qb))

)

In this scheme, the system will synchronize with the super-

visor, and at any combined state q = (qa, qb) the system

is allowed to take only those actions specified by V B(q).

Clearly, a supervisor map can always be translated into

a supervisor (automaton) and vise versa. To work under

uncertain state observation, the supervisor must take into

account possible unobserved state changes. To this end,

we define the set of O-control maps as follows. A map

V BO : QA×B → Γ is a O-control map if for all (qa, qb) in

QA×B the following holds,

• Σu ⊆ V BO ((qa, qb))

• (∀(q′a, q′b) ∈ �A×B(qa, qb)) q′a ∈ O(qa) =⇒EligA(q′a) − EligB(q′b) ∩ Σc ∩ V B

O ((qa, qb)) = ∅

In effect, the O-control map disables all events that

should be disabled if the system moves to any of the

states in O(qa) when the current observed state is qa. The

following property is easy to prove based on the definition

of O-control maps.

Proposition 4.1: The set of O-control maps are closed

under union. �We will write V̂ B

O to identify the supremal O control map

for B. Note that, in a O-control map, the set of eligible

events at any state (qa, qb) depends on whether qa is the

actual observed state or it belongs to the set O(q′a) where

q′a is the observed state. Therefore, in contrast with the

supervisor map V , the language generated by the system

under the map VO does not correspond directly to the

supervisor automaton B. However, it is easy to construct the

machine VO/A × B that generates the controlled behavior

of A × B under a O-control map VO. The steps for

constructing the automaton VO/A × B is given in the

following algorithm.

Algorithm 1 Computing VO/A × B

for all (qa, qb) ∈ QA×B doConstruct M(qa, qb) = A × B|�(qa,qb)∩O(qa)×QB

Compute MO(qa, qb) = Reachable(VO/M(qa, qb))Label each (q′a, q′b) in MO(qa, qb) as (q′a, q′b|qa, qb)

end forConstruct the automaton G = VO/A × B such that:

qoG = qo(A×B); QmG = Qm(A×B)

QG =⋃

(qa,qb)QMO(qa,qb)

δG =[⋃

(qa,qb)δMO(qa,qb)

]⋃δc where,

δc =⋃

(q′a,q′

b|qa,qb)∈QG((q′a, q′b|qa, qb), ε, (q′a, q′b|q′a, q′b))

Algorithm 1 constructs VO/A×B by first computing for

each (qa, qb) the automaton, MO(qa, qb), corresponding to

the controlled behavior of system while (qa, qb) is currently

observed, that is, the set of strings the system can execute

while observing (qa, qb) under the control map VO. The

automaton VO/A × B is then constructed by connecting

the set of machines {MO(qa, qb)|(qa, qb) ∈ QA×B} via

shared stated. In particular, connection is made by adding

an ε-transition from each state (q′a, q′b) ∈ MO(qa, qb) to the

correspond state (q′a, q′b) ∈ MO(q′a, q′b).The main problem with O-control maps is that it may

lead to blocking, even if B is a non-blocking supervisor.

4

925

This is due to the fact that O-control maps impose addi-

tional restriction on the system behavior to compensate for

the lack of accurate real-time observations. Note that the

machine VO/A × B is constructed in a way that simulates

the effect of the O-control map. Therefore, the machine

VO/A × B is trim if and only if the the supervision map

VO is non-blocking.

Based on the fact that the set of trim sub-automata of a

give automaton is closed under union we can establish the

following result.

Proposition 4.2: Let (A,O) be a system with uncertain

state observation and E be a specification automaton. Then

there exists a supremal non-blocking O-control map V such

that Lm(V/A) ⊆ Lm(E).Proof: (Outline) Let B be a supervisor for A with

respect the the specification E under full observation. Let

CBO be the set of all O-control maps V B

O such that V BO /A×B

is trim. Clearly, the set CBO is closed under union. This is

based on Proposition 4.1 and the fact that trim automata are

closed under union. Therefore, the set CBO has a supremal

element sup CBO . Now, let D, D′ be two trim supervisors for

A with respect to E, that is, D, D′ ∈ CA(E). Then based

on the definition of O-control maps we can write,

D ⊆ D′ =⇒ V̂ DO ⊆ V̂ D′

O =⇒ sup CDO ⊆ sup CD′

O

That is the set of supremal O-control maps is monotonic

with respect to supervisors in CA(E). Consequently, for the

supremal supervisor B = sup CA(E), the map V = sup CBO

is the supremal non-blocking O-control map for the system

A such that Lm(V/A) ⊆ Lm(E).Based on the above Proposition, the supremal O-control

map can be computed by first computing the supremal non-

blocking supervisor for A with respect to the specification

E, say B, then computing the corresponding supremal O-

control map V̂ BO . The maximal element of of CB

O is then

computed by first computing the machine V̂ BO /A×B using

Algorithm 1. A backtracking algorithm is then used to

eliminate unreachable states in V̂ BO /A×B by disabling con-

trollable events (ε is considered uncontrollable event). The

control map V̂ BO is updated with the new disabled events,

and the results is the desired map, sup CBO . Algorithm 2

shows the steps for computing sup CBO starting from the

machine V̂ BO /A × B.

Note that in the Algorithm 2, disabled events at

((q′a, q′b|qa, qb) are added to the disabled events at (qa, qb)in the updated O-control map. The complexity of the above

algorithm is linear in the size of the machine V̂ BO /A × B

which has a state space of O(|QA| × maxq∈QA|O(q)| ×

|QB |).V. EXAMPLE: MINE REMOVING ROBOT

The system in this example is a robot assigned to remove

mines from a given field. The mine field is partitioned into

regions and a set of sensors are configure at the perimeter

of the field to detect the current position of the robot within

the field. The current position of the robot is given in terms

Algorithm 2 Computing sup CBO

Input: G = V̂ BO /A × B

V ′ = V̂ BO

BState = QG − CoReachableG(QG)repeatNewBStates = ∅

for all (q′a, q′b|qa, qb) ∈ CoReachableG(QG) dofor all ((q′a, q′b|qa, qb), σ, q) ∈ δG, q ∈ BState do

if σ ∈ Σc thenV ′(qa, qb) = V ′(qa, qb) − {σ}

elseAdd (q′a, q′b|qa, qb) to NewBStates

end ifend for

end foruntil NewBStates! = ∅

Return: sup CBO = V ′

of a region in the field. It is assumed that the robot can move

in four directions. The system and its abstract discrete event

representation is shown in Figure 3.

d

u

u

u

u

u

uu

u

uu

u

u

r r r

l l l

lll

l l l

lll

r r r

rrr

r r r

d

d

dd

d

dd

d

d d

d

Fig. 3. The DES representation of the mine removal system

In this system, the sensors may encounter delay in

reporting the current position to the supervisor, therefore, it

is possible that the robot moves to one of the neighboring

positions and this position may not be reported to the

supervisor. We will write (i, j) to define the state at position

(i, j). The state uncertainty situation can be modeled by the

observation map, O, defined as follows.

O((i, j)) = {(k, l)|k ∈ [max(i−1, 0), min(Xmax, i+1)]and l ∈ [max(j − 1, 0), min(Ymax, j + 1)]}

In this system we have Xmax = Ymax = 4. The mine field

is located in a hostile environment, and in order to avoid

detection the robot is restricted to the diagonal part of the

field. In other words, it should avoid the top right and left

bottom corners of the field, which are known to contain

hostile elements. This specification is shown in Figure 4.

5

926

Figure 4(b) shows the optimal robust supervisor for this

specification.

(a)

(b)

r

r

l

r

r

r

rl

l

l

l

dd

d

d

d

d

uu

u u

r

r

l

d du u

d

rl

l

r

r

d

d

u

u

Fig. 4. (a ) Safety specification for the mine removing system, (b) Theoptimal robust supervisor under the observation map O.

VI. CONCLUSION

In this paper, we have addressed the problem of super-

visory control of systems with uncertain state observation.

We defined the control problem under uncertain observation

and based on the definition extended the definition of

controllability to address the uncertainty condition. We

show that it is possible to construct an optimal non-blocking

supervisor that can take into account the limited observation

of the system and satisfy a given specification.

REFERENCES

[1] P. Ramadge and W. M. Wonham, “Supervisory control of a class ofdiscrete-event systems,” SIAM Journal on Control and Optimization,vol. 25, pp. 206–230, 1987.

[2] J. Lunze, “Qualitative modeling of linear dynamical systems withquantised state measurements,” Automatica, vol. 30, no. 3, pp. 417–431, 1994.

[3] J. Raisch and S. O’Young, “Discrete approximation and supervisorycontrol of continuous systems,” IEEE Transactions on AutomaticControl, vol. 43, no. 4, pp. 568–573, 1998.

[4] J. Cury, B. Krogh, and T. Niinomi, “Synthesis of supervisorycontrollers for hybrid systems based on approximating automata,”IEEE Transactions on Automatic Controll, vol. 43, no. 4, p. 564568,1998.

[5] J. Stiver, P. Antsaklis, and M. Lemmon, “A logical des approach tothe design of hybrid control systems,” Mathl. Comput. Modelling,vol. 23, no. 11/12, pp. 55–76, 1996.

[6] F. Lin and W. Wonham, “On observability of discrete-event systems,”Information Sciences, vol. 44, no. 3, pp. 173–198, 1988.

[7] R. Cieslak, C. Desclaux, A. Fawaz, and P. Varaiya, “Supervisorycontrol of discrete-event processes with partial observations,” IEEETrans. Autom. Control, vol. 33, no. 3, pp. 249–260, Mar. 1988.

[8] A. Overkamp, “Supervisory control for nondeterministic systems,”in Proccedings of 11th International Conference on Analysis andOptimization of Systems, 1994, pp. 59–65.

[9] M. A. Shayman and R. Kumar, “Supervisory control of nondeter-ministic systems with driven events via prioritized synchronizationand trajectory models,” SIAM Journal on Control and Optimization,vol. 33, no. 2, pp. 469–497, 1995.

[10] M. Heymann and F. Lin, “Discrete-event control of nondeterministicsystems,” IEEE Transactions on Automatic Control, vol. 43, no. 1,pp. 3–17, 1998.

[11] F. Lin, “Robust and adaptive supervisory control of discrete eventsystems,” IEEE Transactions on Automatic Control, vol. 38, pp.1848–1852, 1993.

[12] S. Takai, “Maximally permissive robust supervisors for a class ofspecification languages,” in Proceedings of the IFAC Conference onSystem Structure and Control, vol. 2, 1998, pp. 429–434.

[13] S. Bourdon, M. Lawford, and W. Wonhamy, “Robust nonblocking su-pervisory control of discrete-event systems,” McMaster University,”Technical Report, 2003.

[14] S. Takai, “Robust supervisory control of a class of timed discreteevent systems under partial observation,” Systems & Control Letters,vol. 39, no. 4, pp. 267–273, 2000.

[15] S.-J. Park and J.-T. Lim, “Robust and nonblocking supervisor fordiscrete-event systems with model uncertainty under partial observa-tion,” IEEE Transactions on Automatic Control, vol. 45, no. 12, pp.2393–2396, 2000.

[16] J. Cury and B. Krogh, “Robustness of supervisors for discrete-eventsystems,” IEEE Transactions on Automatic Control, vol. 44, no. 2,pp. 376–379, 1999.

[17] S. Takai, “Synthesis of maximally permissive and robust supervisorsfor prefix-closed language specifications,” IEEE Transactions onAutomatic Control, vol. 47, no. 1, pp. 132–136, 2002.

[18] B. Schwartz, “State aggregation of controlled discrete-event systems,”Master’s thesis, Dept. of Elec. Eng., Univ. of Toronto, Canada, Oct.1992.

[19] W. M. Wonham, Notes on Control of Discrete-Event Systems.ECE Department, University of Toronto, revised 1 July 2002,http://www.control.utoronto.ca/DES.

6

927