Minimal communication in a distributed discrete …ece.eng.wayne.edu/~flin/Journal/minicom.pdfIEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 48, NO. 6, JUNE 2003 957 Minimal Communication

IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 48, NO. 6, JUNE 2003 957

Minimal Communication in a DistributedDiscrete-Event System

Karen Rudie, Senior Member, IEEE, Stéphane Lafortune, Fellow, IEEE, and Feng Lin, Member, IEEE

Abstract—This paper deals with distributed discrete-event sys-tems, in which agents (or local sites) are required to communicate inorder to perform some specified tasks. Associated with each agentis a finite-state automaton that captures the required tasks to beperformed at that site. The problem considered is that each agentmust be able to distinguish between the states of its automaton. Tohelp it disambiguate states, an agent uses a combination of directobservation (obtained from sensor readings available to that agent)and communicated information (obtained from sensor readingsavailable to another agent). Since communication may be costly,a strategy to minimize communication between sites is developed.The complexity of the solution reflects the interdependence ofthe agents’ communication protocols. That is, the decision tocommunicate the occurrence of an event relies on which eventsequences are indistinguishable to an agent, which, in turn, is aresult of what has already been communicated to that agent.

I. INTRODUCTION

E XISTING work on decentralized control of discrete-eventsystems (DESs) focuses on problems where decentralized

agents each control and observe some events in a system andmust together achieve some prescribed goal [15], [4], [19], [7].In this model it is assumed that agents make independent obser-vations and control decisions, with no communication betweenagents. Here, we examine models for decentralized DESs thatincorporate explicitly in the model a degree of communicationbetween agents. In particular, we are interested in investigatingproblems wheresomedegree of communication must take placefor the problem to be solved and we would like to characterizethe minimal degree of communication needed for the distributedagents to achieve the global prescribed goal. Synthesis prob-lems for decentralized controlplus communication have onlyrecently been investigated for DESs. Such problem formula-tions are important because of the pervasiveness of computernetworks and capture real-life problems in which a centralized

Manuscript received June 25, 2001; revised August 30, 2002. Recommendedby Associate Editor R. S. Sreenivas. This work was supported in part by theNatural Sciences and Engineering Research Council of Canada (NSERC)under Grant 138887, by the Department of Defense Research and Engineering(DDR&E) Multidisciplinary University Research Initiative (MURI) on “LowEnergy Electronics Design for Mobile Platforms,” managed by the ArmyResearch Office (ARO) under grant ARO DAAH04-96-1-0377, by the NationalScience Foundation under Grants CCR-0082784 and Grant INT-9602485,and by the National Aeronautics and Space Administration under GrantNAG2-1279.

K. Rudie is with the Department of Electrical and Computer Engineering,Queen’s University, Kingston, ON K7L 3N6, Canada (e-mail: [email protected]).

S. Lafortune is with the Department of Electrical Engineering and ComputerScience, University of Michigan, Ann Arbor, MI 48109-2122 USA.

F. Lin is with the Department of Electrical and Computer Engineering, WayneState University, Detroit, MI 48202 USA.

Digital Object Identifier 10.1109/TAC.2003.812780

controller is implemented by several independent componentsthat communicate with each other via a network. Some pro-posed models can be found in [1], [2], [10]–[12], [18], and [20].Work on diagnostics (i.e., monitoring) with communication canbe found in [17] and [5].

The setting considered is that of distributed monitoring andcontrol systems in industrial automation where agents (or localsites) are cooperating in order to perform a given system-levelfunction such as failure detection and identification or super-visory control. Agents make local observations based on theirown sensors; there may be common observations in that somesensors may report to more than one site. We are interested insituations where the agents are not able to perform the desiredsystem-level function without communicating with each other;in other words, their own local observations do not provide suf-ficient information to accomplish the required task. Thus, theagents need to communicate during the operation of the au-tomated system. The problem of interest is how to minimizethe communication required between the agents in order to cor-rectly implement the given system-level function. We assumethat if the agents were to exchange all of their (local) observa-tions, then they would be able to perform the system-level func-tion. However, this solution is not optimal in the sense that theremay be unnecessary communications between the agents. Forvarious reasons, communication may be costly. For example, insome applications it may be desirable to save bandwidth for “ab-solutely necessary” communication or, in wireless networks, itmay be crucial to save battery power.

In order to tackle the types of problems described above, weproceed as follows. For simplicity, we consider the case of twoagents. We formulate our problem in a DES framework, whereeach agent has associated with it a finite-state automaton. Thisautomaton encodes the solution to some monitoring or supervi-sory control problem to be implemented by the agent. Namely,with each state of the automaton is associated a function that de-scribes the tasks to be performed by the local agent. Therefore,at any time, each agent must know unambiguously the state ofits automaton to correctly implement the desired system-levelfunction. However, the state transitions of the automaton aredue to both local and remote observations; remote observationsrequire communication from the other agent. Moreover, eachagent must also know when it is supposed to communicate alocal observation to the other agent, if this observation is re-quired by the other agent. These facets of the problem makeit both interesting and difficult to solve. We provide an algo-rithm that finds a minimal communication strategy between thetwo agents. A communication strategy is a set of functions, onefor each agent, that determines if an observation made by an

0018-9286/03$17.00 © 2003 IEEE

958 IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 48, NO. 6, JUNE 2003

agent should be communicated or not to the other agent. Theminimality property of our algorithm is to be interpreted as fol-lows: if any of the observations that is supposed to be commu-nicated according to the communication strategy is not commu-nicated, then the agents will not be able to continue correctlyimplementing the desired system-level function. Such solutionsare not unique. Some of the parameters of our algorithm can betuned to synthesize different minimal (incomparable) commu-nication strategies. It should be noted that our solution is min-imal among all solutions that satisfy a property termedimple-mentability(defined in Section III) that depends on the state setsof the given automata.

Our work aims at understanding and addressing problems of“decentralized implementations with communication” that arisein: 1) supervisory control of DESs (in the framework initiated byRamadge and Wonham [9]) and 2) failure diagnosis of DESs (inthe frameworks proposed in [16] and [8]). The former problemis difficult because control affects information andvice versa.In particular, producing a control solution means determiningwhen controllers communicate and what information they ex-change in each communication; however, the information thatcontrollers exchange may depend on what control protocol theyare using. Since both the type of control algorithm and the com-munication protocol are free parameters of the algorithm, it isnot obvious at the outset how to separate control from communi-cation to produce a solution. Moreover, the algorithm may needto account for nonnegligible time delays in message commu-nication. For example, suppose a controller’s decision to dis-able an event depends on it being able to distinguish the se-quence from the sequence and suppose that the con-troller cannot observe directly. A communication from an-other controller indicating that has occurred will not help indecision-making if the message transmission could be delayedso that it is not received untilafter is observed by the firstcontroller even if the message was sentbefore actually oc-curred. Finally, in developing algorithms that solve distributedsupervisory control problems, the term “minimal communica-tion” must be formalized. Is it best to have a protocol where,in the worst case, the number of messages sent is less than thenumber of messages sent in any other protocol, even if, on av-erage, the number of messages sent is greater than the averageof some other protocol?

For supervisory control problems, where legal behavior isrepresented by a formal language (which captures some set ofevent sequences), the control-versus-communication problemreduces to “How to achieve more (in terms of language inclu-sion) while communicating less (in terms of message passing)?”That is, in having distributed agents inhibit the plant’s behaviorthrough event disablement, the goal is to generate as many ofthe legal sequences as possible while disallowing any illegalsequences to be generated, and subject to as little communica-tion as possible. A tradeoff between control and communicationseems likely. In general, one would expect that the more we re-quire our controllers to communicate, the more they can collec-tively achieve. However, if communication is costly, a compro-mise must be made between control and communication.

The preceding discussion on supervisory control problemsraises challenging issues regarding control and communication

in problems with decentralized information. The work presentedhere is a first step toward making inroads into this importantresearch area. For this first step, we assume communication isreliable and without delay. Our contribution is twofold: 1) weprovide a framework and define concepts for analyzing suchproblems in the context of DESs, and 2) we provide an algorithmthat minimizes the communication required between two sitesto ensure state disambiguation.

A preliminary and partial version of this paper appeared as[13].

II. PROBLEM SETTING

This work draws, in part, from the supervisory control frame-work for DESs developed by Ramadge and Wonham [9] and, inpart, on standard automata theory [6]. A brief review of the rel-evant concepts is given in this section. Readers unfamiliar withthe notation and definitions may refer to [9] or to [3, Chs. 2 and3]. The key tie between the work presented in this paper andthat of the discrete-event control approach is that, as in stan-dard discrete-event control theory, we assume that process be-havior is typified by event sequences and that, therefore, thesystem or process under consideration can be modeled by anautomaton—often a finite-state automaton.

In standard DES control, a typical problem proceeds asfollows: one first models the uncontrolled plant behavior byan automaton; then one describes desirable behavior, usuallyas a formal language or a pair of formal languages; then onetries to find conditions under which a supervisor could befound that would enable and disable plant events to yield thedesired behavior. Controllers are also typically modeled byautomata, where the interpretation is that they are devices(hardware or software or human) which make observations ofevent sequences—possibly only partial observations if someevents are not accessible via sensors—and then based on theirobservations, disable various subsets of events throughout theevent evolution of the plant.

In this paper, we do not solve the more difficult problem ofensuring that appropriate supervisory control is exercised in theface of partial observation and using minimal communicationbetween distributed supervisors. Instead, we abstract away theissue of means of control and assume that for whatever controlobjective must be met, the agents responsible for the objectivemust be able to distinguish certain states for decision making. Inother words, the control decision might be when to enable anddisable which events, but the control goal might also instead re-late to diagnosing a system failure. We do not specifyhow anagent would make whatever control decisions it needs to makeonce it can determine which state or subset of states it is in. Forsupervisory control problems, this would require determining aminimal communication scheme that relates to the property ofco-observability—shown in [15] to be necessary for decentral-ized control.

We use the term “agent” to mean a process of interest whosebehavior is described by sequences of events or actions. In prac-tice, an agent could be, for example, a wireless device, a micro-controller, a robot, a piece of machinery, a piece of hardware orsoftware, or even a human operator. What we have in mind for

RUDIE et al.: MINIMAL COMMUNICATION IN A DISTRIBUTED DISCRETE-EVENT SYSTEM 959

supervisory control is that the agents of interest are supervisorsor controllers that make control decisions or that do diagnostics.

Associated with an agent( ) is a (finite-state) au-tomaton

where is an alphabet of event labels, is a set of states,is the initial state, and is the tran-

sition function. (Note that here is assumed to be a definedover its entire domain. This is in contrast to the definition of au-tomata usually used in the DESs literature). For the case where

is finite, can be represented by a directed graph whosenodes are states and whose edges are transitions defined by.Sometimes, it is more convenient to specifyby a set of tran-sitions: Transition .The objective of Agent is defined as a state feedback mapping

, where is some set, which we will not specify.In other words, we do not commit ourselves to a specific typeof objective (such as supervisory control or diagnosis).

We will assume that each agent only observes directly theoccurrence of some subset of events in. To conveniently de-scribe what sequence of events an agent sees, we use a mappingcalled anatural projection. The projection isdefined recursively as follows: ,if and if , and

, i.e., erases all events which are notin the local event set . Given any language , the notation

stands for the language . For an agent,which observes only the events in , the natural projection

is interpreted as the agent’s view of the stringsin .

In order for the tasks described by the mapto be performedcorrectly, i.e., for the agent to know unambiguously what ac-tion to perform at any given time, we assume that event se-quences that are indistinguishable to an agent must lead to thesame state in . The assumption is that if each agent had onlydirect observations (and was not given information from theother agent), then they would not be able to disambiguate states.In other words, one of the agents, say Agent, might observetwo sequences and as identical [i.e., ], but

. In that case, Agent might not beable to perform the necessary control or monitoring task sinceupon observing , the agent would not know if or hadoccurred and since each leads to a different state, the values ofthe control function (which is a function onstatesof ) foreach might differ.

The idea then is to allow the agents to communicate with eachother so that each helps the other to disambiguate states. Somesubtlety arises from the fact that once information is communi-cated from Agent 2 to Agent 1, Agent 1 will find fewer pairs ofsequences indistinguishable than it did when it only had directobservations to rely on; while that is a good thing, at the sametime, Agent 1’s decision to communicate to Agent 2 must be thesame for pairs of sequences thatit (Agent 1) finds indistinguish-able and that situation is now different than it was when nothingwas communicated to Agent 1. In other words, it seems unlikelythat one could independently find a communication scheme that

prescribed a procedure for Agent 1 and then separately find aprocedure for Agent 2 without some kind of iteration.

In this paper, we assume that and are given. Wemake this assumption because factoring out the issue of howto construct a suitable and allows us to focus on thefollowing fundamental issues that arise when considering anyDES problem in which multiple agents need to communicatewith each other: 1) if an agent cannot distinguish severalpossible situations, it must make the same communicationdecision in all those situations; 2) in satisfying 1), the agentmay need to send seemingly extraneous communications, i.e.,communications that the other agent does not require; and 3)the extraneous communications may render some communica-tions of the other agent redundant. Therefore, the problem ofminimizing communication even given a fixed and is adifficult problem. A solution to this problem provides insightinto how to inject communication into a DES.

Although a method for producing and is beyond thescope of this paper, one can imagine the following possibil-ities for generating a suitable and . One might solvea supervisory control problem where each agent has limitedand prescribed controllable events under the assumption (tobe relaxed by minimizing communication) that all observableevents are communicated. The modular supervisors thusderived would yield a possible and . As a second possi-bility, one might solve the standard decentralized supervisorycontrol problem, yielding fully decentralized supervisors (fora co-observable plant) and then explore scenarios in whichsome reconfiguration takes place either because some sensorsnow fail or are relocated, which now makes communicationbetween the original supervisors necessary. The decentralizedsupervisors play the role of and . Finally, situationssimilar to the above two possibilities could apply to failurediagnosis problems where instead of separate controllableevent sets, agents have separate failure event sets to diagnose.

III. M INIMAL COMMUNICATION BETWEENTWO AGENTS

In this section, we consider the problem of minimizing com-munications between two agents. We are given two agents andtheir respective objectives and we know that if they exchange allthe information (i.e., occurrences of events) that they observe,then they will be able to achieve their objectives. In practice,however, exchanging all the information will be uneconomicaland unnecessary. Our goal is, therefore, to develop an algorithmto find the minimal set of communications needed, in the sensethat if any one event occurrence is not communicated from anagent to the other, the agents will not be able to achieve theirobjectives.

A. Desirable Properties of Solutions

In this section, we identify characteristics of a desirable solu-tion. Informally, an agent must be able to identify which state itis in, the essence of what we will term avalidsolution. Addition-ally, an agent must make consistent communication decisionsin the sense that if the agent cannot distinguish between two se-quences of events, then it must make the same communicationdecision after the occurrence of either of those sequences, a re-quirement which we will callfeasibility. Finally, for our results


to be synthesized using finite-state automata, we will restrict ourattention to solutions that possess a property which makes themimplementable.

Formally, we define the observations of each agent and thecommunications between two agents as follows. Each agent canobserve the occurrences of events in , , via thenatural projection

Each agent can also communicate some occurrences of eventsto the other agent via a communication mapping

where describes communications from Agentto Agentand . For a string of (observable) events,

is the set of events that will be communicated fromAgent to Agent . That is, if event may occur after sequence

and if is an element of , then upon its occurrenceafter , event will be communicated.

The domain of cannot be since we want to allowthe communications from Agentto Agent to depend on priorcommunications from Agent to Agent . Ideally, one wouldwant the domain of to be the set of possible strings in

that Agent can differentiate (based on direct observationsand communications from Agent). However, the set of dis-tinct possible strings seen by Agentitself depends on ,which, in turn, depends on . Therefore, to break this cir-cular dependence, we choose the domain of to be .Given that Agent does not necessarily distinguish between allstrings in we will need a condition (termed “feasibility,” de-fined below) that guarantees that can be performed byAgent .

We assume that there is no delay or loss in communicationand observation. We also assume that if an event needs to becommunicated, then it will be communicated immediately uponits observation.

Given and , we can define the in-formation mapping as follows:

is the empty string

,

if

otherwise.

In other words, after the occurrence of, the next event isknown to Agent 1 if and only if it is either directly observedby Agent 1 or communicated by Agent 2 to Agent 1. The map-ping is defined similarly. Clearly, from this definition, isa mapping from to . This definition shows how to derive

from for the given . We de-note this operation by

Before discussing how to find minimal communications (ina sense to be made precise later), we note that not any arbi-

trary pair will be “feasible” based on the in-formation available to the agents. To guarantee feasibility, it isrequired that any two sequences of events that are indistinguish-able to an agent must be followed by the same communication.Namely, and must be “compatible” with theand that are built from them. Formally, isfeasible with respect to if

and

where and is the natural pro-jection onto . The projection onto the set of events observedby Agent 1 or Agent 2 is used because, as noted earlier, themappings and take sequences of events inas inputs. To check feasibility, we first calculate

and then check if the above condition holds.Recall that an automaton is associated with each agent

( ). Since we assume that by communicating all the oc-currences of observable events the two agents are able to achievetheir objectives, we require that all the events unobservable toeither agent form self-loops in

Our goal is to find minimal communications between twoagents to ensure their ability to achieve their objectives. There-fore, if two sequences of events look the same to Agent, thenthey must lead to the same state in:

(1)

When a communication scheme gives rise to, that satisfycondition (1), we say that is valid with respectto .

The above properties of validity and feasibility arise directlyfrom the objectives imposed upon the agents and from the infor-mation available to them. They serve to precisely characterizethe solutions we are aiming for.

In order to address the issue of minimizing communicationbetween the agents, we impose a structural requirement oncommunication maps that we call “implementability based on

.” For this purpose, we form theproductof and:

where is defined in the standard manner. Namely

where is the Cartesian product of the two state sets,, and is defined by

and is the accessible part of the automaton [3], meaningthat all unreachable states have been removed.


To guarantee that is implementable based on, it is required that any two strings leading to the same

state in (and hence in both and ) must be followed bythe same communication. Formally, is said tobe implementable with respect to if

Intuitively, implementability based on means that wedo not wish to consider communication mappings that wouldbe based on finer state-space structures than that of. If onewishes to use a finer state-space structure than that of, thenone should modify the original and , accordingly.

Building on the aforementioned discussion, we can formallydefine the problem solved in this paper. First, we define whatit means for a communication scheme to be minimal, a notionthat in turn requires some ordering on communication maps tobe defined. These definitions are as follows.

A communication scheme commu-nicates strictly less than , denoted by

, if

A communication pair is minimal if thereis no that communicates strictly less than

.Problem Statement:Given , , , , find a minimal

pair of communication maps that is valid withrespect to subject to the following constraints:

i) is feasible w.r.t. ;ii) is implementable w.r.t. ;

Constraint i) cannot be relaxed since feasibility is necessary tomake the problem well-posed, as explained earlier in this sec-tion. Constraint ii), on the other hand, restricts the range of so-lutions for the desired communication maps.

B. Solution Approach

Our solution technique for finding a minimal communicationpair that is valid, feasible and implementable is as follows. Westart with and specify in a set of occurrences of eventsthat will be communicated from Agentto Agent . In otherwords

is the set of transitions in whose event labels will be commu-nicated from Agent 1 to Agent 2. Obviouslyfor such transitions. Similarly, we specify

to be the set of transitions in whose event labels will be com-municated from Agent 2 to Agent 1.

The sets and will be used to construct communica-tion maps denoted by and . To describe this con-

struction, we must consider how Agent 1 can track the state ofduring the operation of the system in order to know when

to send an event from a transition in . Since Agent 1 seesonly the events in (via direct observation) and the eventsin the transitions in (via communication from Agent 2), allthe other transitions in should be replaced by the empty string, from the point of view of Agent 1. We call the resulting tran-

sition function . The resulting automaton

is a nondeterministic finite-state automaton (NFA). We trans-form into a reachable deterministic finite-state au-tomaton (DFA) in the usual way [6] and denote

We drop the arguments to when they are understood.The automaton captures the information of

available to Agent 1 in a nondeterministic structure. That is,if there is an -transition from state to state inthis means that if were to reach state , then Agent 1would not be able to determine whether had then movedto state . The automaton captures the same informationin a deterministic structure. That is, if is a state of and

, then this means thatit is possible for to be in a state ( ) andfor Agent 1 to not know whether is in that state or in anyother state ( ).

Since some transitions are replaced byin the process of con-structing , not all events are defined in every state of. Todefine as a total function, we add self-loops for all transitionsthat are not defined and denote the resulting automaton by

The automata , and are similarlydefined by interchanging 1 and 2 in the previous expressions.

Since captures the complete state-space structure relevantfor solving our problem, we would like Agent 1 to base its de-sired actions (for control or monitoring) and its required com-munications (to Agent 2) on [or ]. In view of theprevious observations about the structure of, we introducetwo intermediate conditions that will be used to prove our mainresults. The first condition (correctness) deals with the desiredactions of Agent 1 while the second condition (consistency)deals with the required communications from Agent 1 to Agent2. Roughly speaking, these conditions further characterize theproperties of validity (cf. correctness) and feasibility (cf. con-sistency) in terms of the structure of , as imposed bythe requirement of implementability.

1) Correctness: While Agent 1 need not know whatstate of Agent 2 is in, it should always know whatstate of Agent 1 is in. Formally, consider anystate in . The state is a subset of states in:

. In order for Agent 1to achieve its objective defined by the state feedback map

, it is required that all the pairs inhave the same firstcomponent . When this requirement


is satisfied, we say that is correct. In that case, aunique feedback mapping can be definedas

This mapping will achieve the objective defined by.2) Consistency: In order for communication from Agent 1

to Agent 2 to be well defined, Agent 1 must have enoughinformation about the state of to either know to commu-nicate an event occurrence or to know not to communicateit. Formally, for all , for all

When this requirement is satisfied, we say thatis con-sistent. In that case, a well-defined mapping

, which prescribes communication, can be de-fined from as follows:

(2)

The communication mappingbased on can now be defined as

(3)

Note that the notion of consistency is a prerequisite for the def-initions of and used in (2) and (3).

We show that the communication scheme resulting from (2)and (3) is feasible and implementable.

Theorem 1: If and are both consistent, then theresulting is feasible with respect toand implementable with respect to . That is, for

and

and

Proof: For feasibility, let us prove

only, as the dual result for and is analogous.Since by construction all the transitions in that are not

self-loops are either observable by Agent 1 ( ) or commu-nicated by Agent 2 ( ), it is clear that

Since all the unobservable events ( form self-loops in

Moreover, the assumption of consistency ofcan be invokedto define the mapping . Therefore

For implementability, it suffices to note that

since unobservable events

only appear in self-loops in

since the procedure that

converts a nondeterministic

automaton into an equivalent

deterministic one at most

amalgamates states; it doesn't

split states, i.e., sequences

that lead to the same state in

still lead to the same state

in

Let us now consider how to satisfy the correctness condition,which will lead us to the validity requirement. Intuitively, inorder for Agent 1 to distinguish the states in, Agent 2 mustcommunicate to Agent 1 the occurrences of events not inand not forming self-loops in . In other words, we define

Transition

Lemma 1: If , then is cor-rect, that is, all the pairs in a stateof have the same firstcomponent.

Proof: Shown in [14].Needless to say, all the aforementioned discussions are

equally valid if we exchange Agent 1 and Agent 2.If both and are consistent, then, as mentioned ear-

lier, we can derive a communication schemeas follows:

where and are given by (2).


If and are both correct and consistent, then the re-sulting is valid with respect to( ), as we now show.

Theorem 2: Let and be correct and consistent. Then,the resulting communication scheme is validwith respect to ( ). That is

Proof: We prove the result for only since issimilar. Note that consistency is needed in the theorem statementso that is well defined, which, in turn, makes it possible torefer to the defined in (3). Since by construction all thetransitions in that are not self-loops are either observable byAgent 1 ( ) or communicated by Agent 2 ( ), for all

,

Let

Let

By construction of , we know that and. Since is correct, all the pairs in have the

same first component, i.e., . Therefore

C. Algorithm and Results

In view of the results in Section III-B, our approach will beto find and that are correct and consistent and wherethe communication scheme derived from and is minimalamongall valid, feasible and implementable solutions. The firstresult, presented in Theorem 3, will guarantee thatandare valid, feasible and implementable. The second result, pre-sented in Theorem 4, will establish the desired minimality prop-erty of the communication scheme.

By Lemma 1, correctness can be guaranteed if we letand . Therefore, we will initially takeand . We will then add communications to

and to make both and consistent. For minimality,we should add as few communications to and as pos-sible. To this end, we develop a procedure thatcomputes minimal additional communications needed to make

consistent given that Agent 1 already communicatestoAgent 2 and Agent 2 already communicates to Agent 1. Theprocedure will return , the minimal ad-ditional communications needed to resolve the communicationinconsistency.

Fig. 1. Illustration of Lemma 2.

Function : Input: Transition

Output:

1) ;2) Transition ;3) For all Transition do

If , thenTransition Transition ;elseTransition Transition ;

4) Transition ;5) ;6) ;7) For all do

If, then

;8) If , then , go to 7);

elsereturn.

We similarly define the function by inter-changing 1 and 2 everywhere in the aforementioned function.

To characterize the function , we have the fol-lowing lemma. The lemma says that a transition must be com-municated if there is a chain of strings that look alike (each toits neighbor in the chain) and that leads to a transition thatiscommunicated. A picture of this concept can be seen in Fig. 1;this figure illustrates why iterations are needed at step 7) of thefunction . It is useful to recall that the transition func-tion of is total in reading the statement of Lemma 2.

Lemma 2: if and only if

where is the state–space of .Proof: Shown in [14].

Intuitively, the more Agent 2 communicates to Agent 1, theless communication inconsistency there is in Agent 1 and,hence, the fewer additional communications are needed toresolve the communication inconsistency. This can be stated inthe following proposition.


Proposition 1: is a monotonic function with re-spect to its second argument:

Proof: Let us denote the set of all possible finite sequencesof transitions of as

Transition

For a sequence of transitionsin , we define its projectionrecursively as

if

otherwise

It is clear from this definition that if , then for all

We now prove . If, then by Lemma 2

where is the state–space of .Let . Since , , and

since contains only reachable states, there exist pairs of se-quences of transitions in , and , ending in and

respectively, such that .Since, for ,

, and will end in the samestate in as well; let us denote these states by,

. [This is because —by construc-tion—captures the set of projected strings. So, if two stringshave the same projection, they will lead to the same state in

.] Hence

where is the state–space of . This implies that(by Lemma 2).

Similarly, is also monotonic in the second argument

Now, we can proceed to present our main algorithm to findminimal communications between two agents. In the main al-gorithm, there is asymmetry between Agent 1 and Agent 2 thatcan be explained as follows. Once there is some inconsistencyin Agent 1 (resulting from two strings and that are indis-tinguishable to Agent 1 and that lead to different communica-tion decisions), you can resolve the problem either by a) havingAgent 1 communicate more to Agent 2 (so that if some eventwere going to be communicated by Agent 1 upon Agent 1’s de-ducing that has occurred, then that same event would haveto be communicated upon Agent 1’s assuming thathas oc-curred), or by b) having Agent 2 communicate earlier to Agent1 so that Agent 1 would not find and indistinguishable (bythe time either or has occurred). Consequently, the strategywe use can be informally described as follows.

1) Each agent communicates those events necessary to en-sure correctness.

2) Then, Agent 1 communicates events necessary to be con-sistent.

3) Then, given those communications added by Agent 1,Agent 2 adds communication to resolveits communica-tion inconsistencies.

4) Now, we go back and try to remove some communicationby Agent 1, given that Agent 2’s communications in step3) may render strings distinguishable that had previouslybeen indistinguishable by Agent 1 and that had hencecaused a communication inconsistency in step 2). How-ever, we only remove those communications by Agent 1that will not lead to new communication inconsistenciesby Agent 2.

Step 6) ofMain checks if removing some communicationsfrom Agent 1 leads to inconsistencies for either Agent 1 (sec-ondnd conjunct in line 2, step 6 ofMain ) or for Agent 2 (firstconjunct in line 2, step 6) ofMain ). Again, the asymmetry in theconjuncts reflects the fact that removing a communication fromAgent 1 to Agent 2 renders Agent 2 communication-inconsis-tent if Agent 2 would now need more communication than it didwhen what it got from Agent 1 was . On the otherhand, removing a communication from Agent 1 to Agent 2 ren-ders Agent 1 itself communication-inconsistent if based on thissmaller set of communications, Agent 1 would still need morecommunication [i.e., ]. Finally,once the sets of communications are identified, a communica-tion scheme can be constructed [steps 8–10)] using the strategydescribed in Section III-B [cf. (2) and (3)].

Main: Input: andOutput: , , , , and

1) ;2) Transition

;Transition

;3) ;4) ;


5) ;6) For all such that do

If, then ;

7) Pick such that and for all ,

(i.e., is a minimal element in the range that satis-fies the two conditions of step 6);

8)

9)

10) Apply (2) and (3) and define andaccording to

and

(4)

11) End.We show in Sections III-C-1 and III-C-2 that theMain algo-

rithm produces a communication scheme that is valid, feasible,implementable and minimal. An interesting feature of this algo-rithm is that it is possible to obtain a solution pairby fixing , as described in step 4), and then just searchingfor in a certain range. Note that only becomes fixedafter one iteration of the functions and [as per steps3) and 4)]. Moreover, no further iterations on are needed.Finally, what we prove is that the solution space for is thendelimited by and computed in steps 3)–5). That is,in searching for a minimal pair , one does not haveto keep iterating on both of these sets, a fact which may not beobviousa priori, given the asymmetry of the algorithm.

1) Solution Is Valid, Feasible, and Implementable:We startwith the following two lemmas.

Lemma 3: For any disjoint sets

Proof: Shown in [14].Lemma 4: For any disjoint sets

Proof: Shown in [14].Similar results can be obtained for .Next, we use the previous lemmas to show that in step 6),

there indeed exists an , , such that; in particular .

Proposition 2: satisfies the conjuncts in step 6) of theMain algorithm, namely

Proof: The first condition is satisfied because of step 4) ofthe algorithm. The second condition is satisfied because

(by Lemma 3)

(by Proposition 1)

Moreover, no smaller than will satisfy the conditionin step 6).

Proposition 3: For all

Proof: We prove this by contradiction

(by Lemma 4)

(by Step 5 of the algorithm)

which is a contradiction.Let us now prove the correctness and consistency of the

and obtained by theMain algorithm.Lemma 5: The and obtained from theMain algorithm

are correct and consistent.Proof: The correctness follows from Lemma 1. For con-

sistency, we must show that

We proceed as follows. By Lemma 3

Therefore, by Step 7) of functions and ,and are consistent.

Theorem 3: The pair produced byMain isvalid, feasible, and implementable.

Proof: Follows directly from Theorems 1 and 2 andLemma 5.

2) Solution Is Minimal: In this section, we show that, in ad-dition to being valid, feasible and implementable, the solutionproduced byMain is also minimal.


Theorem 4: The produced byMain is aminimal pair of communication maps among all pairs of com-munication maps that are valid with respect to , fea-sible with respect to and implementable with respectto .

Proof: We proceed by contradiction. Suppose thatthere is a that is feasible with respect to

and implementable with respect to and. Then, we show that

is not valid with respect to , i.e.,

where .Let be the first instance when and

are different, namely, for all prefixesof ,and . Let

Part I: If the difference is in communication from Agent 2to Agent 1, that is

then clearly

There are two cases.Case 1 : In this case, let and. Since , , that is

. However, on the other hand, impliesthat , that is . Therefore,

is not a valid communication scheme.Case 2 : In this case, we have, from steps 6)

and 7) of theMain algorithm

Therefore

(5)

By Lemma 2

where is the state–space of .Let . Since , ,

and since contains only states reachable from the initial state,there exist pairs of strings and in , ending in and

respectively, such that and .Visually, this is depicted in Fig. 1.

If , then impliesand by the same argument as in Case 1, we get

that is not valid.

If , we show that we get a contradiction. Be-cause

(6)

That is, since , then two sequences that areindistinguishable to Agent 2 according to thescheme will also be indistinguishable according to the

scheme.Therefore

feasibility of with

respect to (6)

implementability of

with respect to

...

implementability of

with respect to

feasibility of with

respect to (6)

(7)

Since , we have , a contradiction.This completes Part I.Part II: If the difference is in communication from Agent 1

to Agent 2, that is

then

There are two cases.Case 3 : This case is analogous to Case 1.Case 4 : By Step 7) of theMain algorithm,

is a minimal such that . In other words, re-moving any element from will violate one of the followingtwo conditions:

.

Case 4(a): Suppose that (C1) is violated after removing, that is, for ,

(8)

Since by Proposition 1


is always true, (8) implies that there exists suchthat

Let be a string such that . Then

(9)

We will use a strategy similar to Case 2 to prove the result, butwe work with instead of . Beforedoing so, let us first denote the communication scheme obtainedby and by . We will firstshow that

This is true because andis the same as except at any

string such that . However, forsuch strings, implementability of with respectto implies that

(10)

Since , and

(11)

By the definition of , is implementable.By implementability of

(12)

Therefore, by (10), (11), and (12)

Thus, we have proven that

Now, implies byLemma 2 that

where is the state–space of .Let . Since , ,

and since contains only states reachable from the initial state,there exist pairs of strings and in , ending in and

, respectively, such that and .If , then implies

and by the same argument as in Case 1, we getthat is not valid.

If , we show that we get a contradiction. Be-cause

(13)

Therefore

feasibility of with

respect to (13)

implementability of

with respect to

...

implementability of

with respect to

feasibility of with

respect to (13)

(14)

Since , we have . By (9),. Hence, ,

a contradiction.Case 4(b): If (C1) is not violated but (C2) is violated after

removing from , then intuitively isadded not for the consistency of Agent 2 but for the consistencyof Agent 1. The resulting situation is more complicated becauseunlike , which can be explicitly expressed as

, there is noexplicit expression for (since it is the result of choosingsome in the range of and ). To characterize ,we draw upon an intermediate result about equivalence classesinduced by a relation on transitions. The equivalence relationgroups transitions into batches, where any two transitions inone batch are chained together as in Lemma 2 and Fig. 1.

More precisely, we define an equivalence relation () onTransition as follows:

if and only if

where is the state–space of .We denote the equivalence class of by .

By Lemma 2, if and only if

We proceed to prove the following claim, which says informallythat either an equivalence class is communicated because some


element in it is needed for the other agent to know which statethat agent is in (i.e., some element in the class belongs to)or because its removal would violate (C1).

Claim 1: For every equivalence class of, one of the following must be true:

a) ;b) .

Proof of Claim 1: Assume that neither a) nor b) is true. Wewill show that then and would satisfy (C1)and (C2), which would contradict the minimality ofproduced by theMain algorithm.

To see that (C1) is satisfied for and ,consider the following. Since b) is false, it is not the case that

This implies that

In particular, for

This means that (C1) is satisfied for and .We prove that (C2) is satisfied for and

by contradiction. If (C2) is not satisfied forand , then

where is the state space of . By rearrangingterms, we get

We treat the two conjuncts in the preceding expression.Case 1: If

[which means that ], then since,

we have . This,in turn, implies that , whichcontradicts the assumption that the , resulting from theMain algorithm satisfy (C2).

Case 2: Let. Since

we have

However, , which means that. Since

cannot contain , it must be the case that, which contradicts the assumption at the

outset that a) is not true.Thus, for both Cases 1 and 2, we have obtained contradic-

tions, which means that (C2) is satisfied forand . We have therefore shown that and

satisfy (C1) and (C2). As stated at the beginning of theproof, this means that and are not a minimal pair sat-isfying the conjuncts in step 6) of theMain algorithm, which isa contradiction to step 7) ofMain . Consequently, it is not pos-sible for both a) and b) to be false.

Now we can proceed to show that if the removal offrom violates (C2), then, contradiction results. Consider theequivalence class of . By claim 1, one ofthe following must be true:

a) ;b)

If a) is true, then

This scenario is analogous to Case 2 with 1 and 2 interchanged.[Compare with (5).] If b) is true, then there exists

such that . Let ,, be strings that end in ( ).

Since , by feasibility and implementability of, , [by the

same reasoning as that used in (7) and (14)]. Denote bythe set and the communication scheme obtained using

and by . Since (C1) is vi-olated for , the rest of the proof is similar to Case 4(a)(with 1 and 2 interchanged). In particular,

because , .

D. Strategy for Implementation

The algorithm in Section III-C does not prescribe a uniqueset that satisfies the conditions in step 6) of theMain algo-rithm. Moreover, steps 6) and 7) ofMain suggest that all sets inthe range that satisfy the two conditions of step 6) be generatedand then a minimal one chosen. In fact, by taking advantageof the partition induced by the equivalence relation defined in


the proof of Theorem 4, we develop a method for generatingone set that obviates the need to check all sets in the range

. The strategy draws on the following three inter-mediate results.

Lemma 6: Suppose that . Then

Proof: Shown in [14].Lemma 7:

Transition such that

Proof: Shown in [14].Lemma 8: Suppose that and are not

in and . Then, for anyoutput by theMain algorithm,

.Proof: Shown in [14].

The previous three lemmas lead to the following methodfor generating an that, together with the prescribedby Main , will yield a minimal solution to the communicationproblem. First partition into the equivalenceclasses induced by the equivalence relation defined in the proofof Theorem 4. Note that these are disjoint sets. By Lemma 6,none of these equivalence classes overlap with . FromLemma 7, we can conclude that if (C2) were violated by anysolution there would be an equivalence class with oneelement of the class in and one element not in

. By Lemma 8, either all the elements in a givenequivalence class are in or none of them are. Consequently,if is expanded to include a minimal set of cells from theabove partition that satisfies (C1), then the resulting set willsatisfy both (C1) and (C2) (and, thus, be a legitimate choice ofa set at step 7) that satisfies the conditions of step 6) ofMain ).To expand in a systematic way that may avoid having totest all subsets of cells from the partition, add a single cell (i.e.,only one equivalence class) and check if (C1) is satisfied. If itis, then a minimal set has been found. If not, repeat for each ofthe other single cells. If no single equivalence class added to

yields a solution, try a pair of equivalence classes, andso on.

IV. EXAMPLES

We illustrate the mechanics of the algorithms and some ofthe characteristics of the results in Section III with several ex-amples. In all the examples in this section, when the sets of ob-servable events are not explicitly listed, an event labeledindi-cates that Agentobserves the event. Also, to forge a stronger tiebetween the sets of transitions listed and the visual representa-tions of finite-state automata shown in the figures, we representa transition triple of the form by the notation

.

A. Example Where Endpoints of Range Are Equal

Consider the finite-state automata and given in Fig. 2.For this example, we go through each step of theMain algo-rithm.

Fig. 2. Finite-state automata of agents in example of Section IV-A.

Step 1)We start theMain algorithm by constructing theCartesian product , displayed in Fig. 3.

Step 2)

Step 3)Here, we perform the function . First,to create (steps 2)–4) of function ), we startwith and replace the event labels of the transitions that arenot in andnot in with . This yields a nondetermin-istic finite automaton (NFA) (not shown due to spacelimitations). The NFA is converted into a deterministic finite au-tomaton (DFA) that is equivalent, displayed in Fig. 4.

Using , we compute in steps 6)–8) of function. This will be [step 3) of theMain

algorithm]. We illustrate how elements get added to instep 7) of . In the first pass through step 7),

is just equal to . So, a quick way to computestep 7 is to consider each that appears in the formas an element of . In this example, the candidates forare

and


Fig. 3. Cartesian productR � R .

Fig. 4. ~R (C ).

We now look at all (i.e., all states in the DFA )where appears as an element of. There is only onesuch state: . Since but

, we add to . Theidea behind step 8) (of the function ) is that if an element

is added to , it then serves as a candidatein thenext iteration of step 7) (of the function). In this particular case,nothing will get added to in the second iteration of step 7).[We will illustrate later on, in a different call to whathappens when more than one iteration of step 7) increases theset ].

We proceed in a manner similar to that for for ,, and to obtain the following :

Step 4)In this step, we compute. To get we will do the same type of computation that


Fig. 5. ~R (C [ N ).

we did in step 3) to get . The NFA [step4) of ] can be constructed by replacing all transitions thatare labeled by events which are not in and that arenot in

with . Using the NFA to DFA conversion, we get, a deterministic version of , shown in Fig. 5.To compute , we consider the elements of and first

add elements to where the state from which the transitionexits is grouped (in a state in ) with an exiting state of anelement of . For instance, and are grouped

together in and since is an element of, according to step 7) of function , we must add

to . Also, since and are

grouped together in and is an element of

, we must also add to .So, the first iteration of step 7) (of function ) yields

Next, is set to and step 7) is performed again. Thistime, though, we see that is in(namely, in ) and since and are grouped

together in a state in , we must also add to

. Similar reasoning leads us to add to .No further iterations are required and so the final , namely

, is

Step 5)In essence, now, we repeat step 3) but this time using, in addition to , as input. This means that the may

now have fewer transitions than that of . This wouldyield an NFA , which can be converted to a DFA

, shown in Fig. 6. Since all the states ofthatappear in grouped states in Fig. 4 also appear in those samegrouped states in Fig. 6, the computations for will yieldthe same result as those for and, hence

Steps 6) and 7)From Proposition 2, we know that sat-isfies the conditions in step 6) of theMain algorithm. Since thepreceding computations show that , we knowthat for this example, will satisfy the conditions in step 6)of theMain algorithm and, therefore

Steps 8) and 9)Now that we know which communicationsmust be sent, we compute the final and which will yieldthe communication protocol. The automatonwas already computed in step 5) (and is shown in Fig. 6). More-over, in this example, since , wasalready computed in step 4) and is shown in Fig. 5.

So that the transition functions are total, and not partial, func-tions, we add self-loops to each state, for each event not definedat that state, in Figs. 6 and 5, to yield and , respectively(not shown).

The communication scheme (namely, the protocol for com-munication that each agent uses) is completely determined bythe and that result from our algorithm. In particular, ac-cording to (2), an event is communicated from Agent 1 toAgent 2 at state of if and only if there is astate (from ) in such that is in the set


Fig. 6. ~R (C [ N ).

of communications. So, for example, sinceand since , we get

i.e., event is communicated by Agent 1 when Agent 1 is in theinitial state . On the other hand, since there is no

triple or in either or ,event is not communicated by Agent 1 at Agent 1’s initialstate.

We can apply the dual to (2) to determine . We representand thus computed by putting boxes around the event

label of a communicated transition in and . We displaythese updated versions of and in Figs. 7 and 8. The com-munication mappings and can now be inferredfrom and (or their corresponding diagrams, Figs. 7 and8). We can deduce, for example, that , whichmeans that is communicated by Agent 1 to Agent 2 afterAgent 1 sees ; this can be seen from Fig. 7 where theevent exiting state is in a box. Similarly, we know that

, which means that Agent 2 communicatesafter “seeing” . The reason “seeing” is in quotation

marks is because the eventis not directly observed by Agent2; rather, has been communicatedto Agent 2. It is worthnoting that the sequence that Agent 2 “sees” would notbe the first three s to occur in the system. This is because ifwe look at Fig. 7, we see that the first (that exits the initialstate) isnot communicated to Agent 2. It is only subsequentoccurrences of (exiting from state ) that arecommunicated. So, when the first occurs, Agent 2 remainsat its initial state of , while the second bringsAgent 2 to state .

B. Example Where Lower Bound of Range Works

The example in Section IV-A illustrates a case where therange between and is empty, i.e., when

. In that scenario, step 7) of theMain algorithm is vac-uous and the choice for is immediate. In this section, wehave a case where and where . Inother words, the determined at step 5) of theMain algo-rithm satisfies the two conditions in step 6). We do not illustrateall the steps of the computations, as we did in Section IV-A;rather, we display the and given at the outset and thenlist , , , , and so that, if desired, the in-terested reader may verify our results.

The finite-state automata for Agents 1 and 2 are given inFig. 9. By performing the computations detailed in theMainalgorithm, it can be determined that


Fig. 7. R .

Fig. 8. R .

C. Example Where Only Upper Bound of Range Works

The example in Section IV-B illustrates a case where thelower bound of the range between and works. Inthis section, we provide an example where nocontained in

satisfies the conditions in step 6) of theMain algorithm.Consequently, is the only that works. Again, to avoidtoo many tedious (and nonillustrative) computations, we do notdisplay all the results of the steps of the algorithm but only

show the inputs of and and the outputs of transitionscommunicated.

The finite-state automata for Agents 1 and 2 are given inFig. 10.

The relevant , , , and sets are given as

In this example, since does not work and sincehas two elements, the two proper subsets of must eachbe checked [and it can be shown that the conditions of step 6)of the Main algorithm are not satisfied for either set] beforeconcluding that is actually a minimal (in this case,theminimum) set in the range that works.

D. Example Where Solution Is Inside Range

An example where a minimal solution for is a strictsubset of and a strict superset of can be obtainedby combining the examples in Sections IV-B and IV-C. Forbrevity, the example is not presented here; however, it can befound in [14].


Fig. 9. Finite-state automata of agents in example of Section IV-B.

Fig. 10. Finite-state automata of agents in example of Section IV-C.

V. CONCLUSION

We have developed a communication scheme for distributedagents in a DES where, to perform some control or monitoringtask, each agent must be able to distinguish between some of itsstates. Subtleties arise because the decision to communicate anevent relies on what sequences are indistinguishable to an agent,

which, in turn, is a result of what has already been communi-cated to that agent. Our primary contribution is an algorithmwhich produces sets of communications for each agent such thatthe pair of sets is minimal, in the sense that no other pair of setsthat is strictly smaller than ours will solve the problem. To thisend, we have introduced the notions of validity, feasibility, andimplementability as useful properties for describing communi-cating discrete-event processes and their associated communi-cation schemes. The notion of implementability is essential forproving our main result in that the restriction of communica-tion solutions to being “implementable” with respect to somegivenfixedinitial pair of finite-state automata makes it possibleto produce a finite realization of the communication scheme.In other words, it may be possible to come up with a commu-nication scheme that communicates strictly less than that pro-duced by our algorithm but then such a scheme would have touse different transition structures for and than those givenat the outset of the problem. This suggests a generalization ofthe problem considered in this paper to one where the transitionstructures of the original and would become parametersin the communication problem and the original specificationswould have to be given in terms of, say, languages instead ofautomata. This is an interesting, but challenging, avenue for fu-ture research.

The algorithm presented in this paper has computationaltime-complexity that is, in the worst case, exponential in thesize of the state sets of the given and since it involves cre-ating deterministic automata from nondeterministic ones. Suchtransformations are known to be of exponential complexity.Based on known results onsynthesisproblems for partiallyobserved discrete-event systems, we suspect that exponentialcomplexity is a feature that is inherent to such problems. It maybe possible, however, to develop polynomial-time algorithmsthat yield “approximate” or “suboptimal” solutions.

It may be of interest to extend the results given in this paper tothe case where agents are not required to distinguish each statefrom every other state but only to distinguish certain states fromcertain other states. One can imagine that for certain partitionson the state space, our algorithm could be applied with minimalmodification. In such a scenario, the definition of validity wouldreflect that an agent must always know which equivalence class(on states) it is in (as opposed to which exact state it is in). Thecommunication sets and needed to satisfy correctnesswould have to change to reflect the requirement that transitionsare placed in the sets if theequivalence classesof the first argu-ments of the state labels differ (as opposed to if the first argu-ments themselves differ).

Future work could include applying this algorithm to theproblem of distributed supervisory control, where agentsin a discrete-event system must each make decisions aboutdisabling events to ensure that some specification (given as aformal language or set of languages) is met. This problem issignificantly more complicated than the problem considered inthis paper for the following reason. In the work of Section III,we assume that we have been given the finite-state automata

and that capture the behavior of the two agents. In thecorresponding decentralized supervisory control problem, onewould be required to find a pair of supervisors/agentsanda communication protocol that the supervisors will follow.


However, where a supervisor communicates is related tothe state-transition structure of the supervisor. However, thestate-transition structure of each supervisor is now one of thevariables of the algorithm. This highlights the inseparable linkbetween control and communication.

Finally, to port the results to application domains, the issue oflatency or delays in communication would need to be addressed.Our algorithm works under the assumption that messages sentare received immediately, with no delay. In practice, there maybe a nonnegligible time delay between when a message is sentand when it is received. If other events can occur during thattime interval, the system may evolve to a state from which oursolution will not work. Different state-transition structures havedifferent degrees of robustness to this type of delay. One wouldexpect that part of the investigation into the effects of latencywould involve characterizing the relationship between differenttypes of transition structures and robustness to delay.

ACKNOWLEDGMENT

The authors would like to thank A. Overkamp, D. Teneketzis,and G. Barrett for earlier collaborative interactions that helpedto hone their ideas about the subtle issues that arise when jointlytackling control and communication. They also thank the anony-mous reviewers whose helpful comments on earlier drafts im-proved the clarity of this paper.

REFERENCES

[1] G. Barrett, “Modeling, analysis and control of centralized and decen-tralized logical discrete-event systems,” Ph.D. dissertation, Dept. Elect.Eng. Comp. Sci., Univ. of Michigan, Ann Arbor, MI, 1999.

[2] G. Barrett and S. Lafortune, “Decentralized supervisory control withcommunicating controllers,”IEEE Trans Automat. Contr., vol. 45, pp.1620–1638, Sept. 2000.

[3] C. Cassandras and S. Lafortune,Introduction to Discrete Event Sys-tems. Boston, MA: Kluwer, 1999.

[4] R. Cieslak, C. Desclaux, A. S. Fawaz, and P. Varaiya, “Supervisory con-trol of discrete-event processes with partial observations,”IEEE Trans.Automat. Contr., vol. 33, pp. 249–260, Mar. 1988.

[5] R. Debouk, S. Lafortune, and D. Teneketzis, “Coordinated decentralizedprotocols for failure diagnosis of discrete event systems,”Discrete EventDyna. Syst.: Theory Applicat., vol. 10, pp. 33–86, 2000.

[6] J. E. Hopcroft and J. D. Ullman,Introduction to Automata Theory, Lan-guages, and Computation. Reading, MA: Addison-Wesley, 1979.

[7] K. Inan, “An algebraic approach to supervisory control,”Math Control,Sig., Syst., vol. 5, no. 2, pp. 151–164, 1992.

[8] F. Lin, “Diagnosability of discrete event systems and its applications,”Discrete Event Dyna. Syst.: Theory Applicat., vol. 4, no. 2, pp. 197–212,1994.

[9] P. J. G. Ramadge and W. M. Wonham, “The control of discrete eventsystems,”Proc. IEEE, vol. 77, no. 1, pp. 81–98, Jan. 1989.

[10] S. L. Ricker, “Knowledge and communication in decentralized discrete-event control,” Ph.D. dissertation, Dept. Comput. Info. Sci., Queen’sUniv., Kingston, ON, Canada, 1999.

[11] S. L. Ricker and K. Rudie, “Incorporating communication and knowl-edge into decentralized discrete-event systems,” inProc. Conf. DecisionControl, Phoenix, AZ, Dec. 1999, pp. 1326–1331.

[12] , “Know means no: Incorporating knowledge into decentralizeddiscrete-event control,”IEEE Trans Automat. Contr., vol. 45, pp.1656–1668, Sept. 2000.

[13] K. Rudie, S. Lafortune, and F. Lin, “Minimal communication in a dis-tributed discrete-event control system,” inProc. Amer. Control Conf.,San Diego, CA, June 1999, pp. 1965–1970.

[14] , “Minimal communication in a distributed discrete-event system,”College Eng., Univ Michigan, Ann Arbor, MI, Control Group Rep. NoCGR-00-06, 2000.

[15] K. Rudie and W. M. Wonham, “Think globally, act locally: Decentral-ized supervisory control,”IEEE Trans Automat. Contr., vol. 37, pp.1692–1708, Nov. 1992.

[16] M. Sampath, R. Sengupta, S. Lafortune, K. Sinnamohideen, and D.Teneketzis, “Diagnosability of discrete event systems,”IEEE Trans.Automat. Contr., vol. 40, pp. 1555–1575, Sept. 1995.

[17] R. Sengupta, “Diagnosis and communication in distributed systems,” inProc. Int. Workshop Discrete Event Syst. (WODES98), Cagliari, Italy,Aug. 1998, pp. 144–151.

[18] J. H. van Schuppen, “Decentralized supervisory control with infor-mation structures,” inProc. Int. Workshop Discrete Event Systems(WODES98), Cagliari, Italy, Aug. 1998, pp. 36–41.

[19] Y. Willner and M. Heymann, “Supervisory control of concurrent dis-crete-event systems,”Int. J. Control, vol. 54, no. 5, pp. 1143–1169, 1991.

[20] K. C. Wong and J. H. van Schuppen, “Decentralized supervisory controlof discrete-event systems with communication,” inProc. Int. WorkshopDiscrete Event Systems (WODES96), Edinburgh, U.K., Aug. 1996, pp.284–289.

Karen Rudie (S’84–M’85–SM’03) received theB.Sc. degree in mathematics and engineering fromQueen’s University, Kingston, ON, Canada, and theM.A.Sc. and Ph.D. degrees in electrical engineeringfrom University of Toronto, Toronto, ON, Canada,in 1985, 1988, and 1992, respectively.

From 1992 to 1993, she was a Postdoctoral Re-searcher at the Institute for Mathematics and its Ap-plications, Minneapolis, Minnesota. Since 1993, shehas been with the Department of Electrical and Com-puter Engineering at Queen’s University, where she

is currently an Associate Professor. Her research interests include control of dis-crete-event systems and hybrid systems.

Dr. Rudie has served as an Associate Editor for IEEE TRANSACTIONS ON

AUTOMATIC CONTROL (1996–1999), theJournal of Discrete Event DynamicSystems: Theory and Applications(since 2000), andIEEE Control SystemsMagazine(since 2003).

Stéphane Lafortune(S’78–M’80–SM’97–F’99) re-ceived the B.Eng. degree from École Polytechniquede Montreal, Montreal, QC, Canada, the M.Eng. de-gree from McGill University, Montreal, QC, Canada,and the Ph.D. degree from the University of Cali-fornia at Berkeley, all in electrical engineering, in in1980, 1982, and 1986, respectively.

Since September 1986, he has been with theUniversity of Michigan, Ann Arbor, where he is aProfessor of Electrical Engineering and ComputerScience. His research interests are in discrete-event

systems, including modeling, analysis, control, diagnostics, and optimization.He coauthored, with C. Cassandras, the textbookIntroduction to DiscreteEvent Systems(Norwell, MA: Kluwer, 1999). Recent publications, as wellas executables of the software package UMDES-LIB, are available atwww.eecs.umich.edu/umdes.

Feng Lin (S’86–M’87) received the B.Eng. degree inelectrical engineering from Shanghai Jiao-Tong Uni-versity, Shanghai, China, and the M.A.Sc. and Ph.D.degrees in electrical engineering from the Universityof Toronto, Toronto, ON, Canada, in 1982, 1984, and1988, respectively.

From 1987 to 1988, he was a Postdoctoral Fellowat Harvard University, Cambridge, MA. Since 1988,he has been with the Department of Electrical andComputer Engineering, Wayne State University, De-troit, MI, where he is currently a Professor. His re-

search interests include discrete-event systems, hybrid systems, robust control,and image processing.

Dr. Lin coauthored a paper, with S. L. Chung and S. Lafortune, that receivedthe George Axelby Outstanding Paper Award from the IEEE Control SystemsSociety. He is also a recipient of a Research Initiation Award from the NationalScience Foundation, an Outstanding Teaching Award from Wayne State Univer-sity, a Faculty Research Award from ANR Pipeline Company, and a ResearchAward from Ford Motor Company. He was an Associate Editor of the IEEETRANSACTIONS ONAUTOMATIC CONTROL.

Documents

Minimal communication in a distributed discrete …ece.eng.wayne.edu/~flin/Journal/minicom.pdfIEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 48, NO. 6, JUNE 2003 957 Minimal Communication