Modular Supervisory Control · April 29, 2010 TU/e Mechanical Engineering, Systems Engineering Group 2 Outline • Motivation • Ramadge-Wonham Modular Supervisory Control • Queiroz-Cury

April 29, 2010 TU/e Mechanical Engineering, Systems Engineering Group 1

Modular Supervisory Control

Rong Su


Outline

• Motivation

• Ramadge-Wonham Modular Supervisory Control

• Queiroz-Cury Extension

• Coordinated Modular Supervisory Control

• Example

• Interface-based Approach

• Conclusions


Divide & Conquer

a1

b1

Machine G1

a2

b2

Machine G2

a3

b3

Machine G3

b1

a2

Specification R1

b2

a3

Specification R2


Construct Local Supervisors (by TCT)

• G = G1×G2×G3 (G = Sync(Sync(G1 , G2) , G3) (8 ; 24))• SPEC1 = Selfloop(R1 , {a1,a3,b2,b3}) (2 ; 10)• SPEC2 = Selfloop(R2 , {a1,a2,b1,b3}) (2 ; 10)• SUPER1 = Supcon(G , R1) (12 ; 28)• SUPER2 = Supcon(G , R2) (12 ; 28)• Nonconflict(SUPER1 , SUPER2) = true• R = R1×R2 (R = Sync(R1 , R2) (4 ; 16))• SUPER = Supcon(G , R) (18 ; 32)• Isomorph(SUPER , Sync(SUPER1 , SUPER2)) = true


What to Gain ?

• Minsuper = Supreduce(G , SUPER , SUPER) (4 ; 13)

• Minsuper1 = Supreduce(G , SUPER1 , SUPER1) (2 ; 2)

• Minsuper2 = Supreduce(G , SUPER2 , SUPER2) (2 ; 2)

• |A| := the total number of states and transitions of A

|SUPER1| + |SUPER2| < |SUPER|


Motivation of Modular Control

Reduce complexity by allocating control tasks to local supervisors!


Outline

• Motivation




• Example


• Conclusions


Architecture of Modular Supervisory Control

E1

G

S1

S2 E2

local specification


Composition of Local Supervisors (1)

• Recall that S is a proper supervisor of G if– Lm(S)∩Lm(G) is controllable with respect to G– Lm(S)∩Lm(G) = L(S)∩L(G)– S is nonblocking, i.e. Lm(S) = L(S)

• Let S/G denote the supervision of S over G– Lm(S/G) := Lm(S)∩Lm(G)– L(S/G) := L(S)∩L(G)

• Given S1 and S2, let S1∧S2 := reachable(S1×S2)



• Theorem 1 (Ramadge-Wonham)– Given two proper supervisors S1 and S2 of G, we have

Lm((S1∧S2)/G) = Lm(S1/G)∩Lm(S2/G)L((S1∧S2)/G) = L(S1/G)∩Lm(S2/G)

– Furthermore, S1∧S2 is a proper supervisor of G if and only if• S1∧S2 is nonblocking• Lm(S1/G) and Lm(S2/G) are nonconflicting, i.e.

Lm(S1/G)∩Lm(S2/G) = Lm(S1/G)∩Lm(S2/G) = L(S1/G)∩L(S2/G)



• Let C (G , E):={K⊆Lm(G)∩Lm(E)|KΣuc ∩ L(G) ⊆ K}.

• Let supC (G , E) be the greatest element of C (G , E).

• Theorem 2 (Wonham-Ramadge)– Given a plant G and two specifications E1, E2, if supC(G , E1) and

supC(G , E2) are nonconflicting, then

supC(G , E1×E2) = supC(G , E1)∩supC(G , E2)


The General Procedure for RW Modular Design

• Given G and E1, E2

• S1 = Supcon(G , E1)

• S2 = Supcon(G , E2)

• Nonconflict(S1 , S2) = true ?

– If yes, then {S1 and S2} is a modular supervisor of G w.r.t. E1, E2

– Otherwise, the problem is unsolvable by RW modular control theory• But we can compute a coordinator to solve the conflicting part of (S1∧S2)/G


Inadequacy of RW Modular Control Theory (MCT)

• More on implementation simplicity than synthesis simplicity

– It is computationally expensive to verify the condition supC(G , E1) and supC(G , E2) are nonconflicting

– If the condition doesn’t hold, RWMCT doesn’t tell what to do next ?


Example – Resource Competition

Resource A: RA Resource B: RB

a1

a1

b1

b1

r1

a2

a2

b2

b2

r2

User 1: G1 User 2: G2

a1,a2

r1,r2

b1,b2

r1,r2


Specification

• Deadlock should not happen.


A “Naive” Modular Supervisor

a1

a1

b1

b1

r1

a2

a2

b2

b2

r2

G1 G2

a1

r1

a2

r2

Local Supervisor: SA

b1

r1

b2

r2

Local Supervisor: SB

selfloop: {b1,b2} selfloop: {a1,a2}


Facts

• SA is a proper supervisor of G1×G2×RA

• SB is a proper supervisor of G1×G2×RB

• Nevertheless, Lm(SA) and Lm(SB) are conflicting.

• We can check that G1×G2×RA×RB×SA×SB has deadlock!


OutlineOutline

• Motivation




• Example


• Conclusions


An Extended Architecture

G2

G1

S1

S2

E1

E2


Main Result

• (Product) Plant: {Gi∈φ(Σi) | i∈I ∧ (∀j∈I) j≠i ⇒ ∑i∩∑j=∅} • Specifications: {Ei∈φ(Σi)|i∈I}• Let G= ×i∈IGi and E= ×i∈IEi

• Let Si be a proper supervisor of Gi with respect to Ei

• Theorem 3 (Queiroz-Cury)– ∧i∈ISi is a proper supervisor of G with respect to E if ∧i∈ISi is

nonblocking and {Lm(Si/Gi)|i∈I} is (synchronously) nonconflicting.

– Furthermore, if {supC(Gi,Ei) |i∈I} is (synchronously) nonconflicting thensupC(G,E) = ||i∈IsupC(Gi,Ei)


The inadeqracy of RW modular control theory still exists!

But we can do something about it …


One Solution to The Inadequacy

G2

G1

S1

S2

E1

E2

Coordinator P:Σ* →Σ'*

Σ = Σ1 ∪ Σ2

Σ' ⊇ Σ1 ∩ Σ2


OutlineOutlineOutline

• Motivation




• Example


• Conclusions


Example – Resource Competition Revisit

a1

a1

b1

b1

r1

a2

a2

b2

b2

r2

G1 G2

a1

r1

a2

r2 SA

b1

r1

b2

r2 SB

selfloop: {b1,b2} selfloop: {a1,a2}

a1

b1b2

a2

b1a1

b2

a2

C


SA∧SB∧C is a proper supervisor of G1×G2×RA×RB


The Concept of L-observer

• Given L⊆Σ* and Σ'⊆Σ, let P:Σ*→Σ'* be the natural projection• P is called an L-observer if

(∀t∈P(L))(∀s∈L) P(s)≤t ⇒ (∃u∈Σ*) su∈L ∧ P(su)=t

t' t''

s u

P(s) = t' P(u) = t''

t't''=t∈P(L)

su∈L


The Main Property of L-observer (MPLO)

• Σ1∩Σ2 ⊆ Σ′ ⊆ Σ1∪Σ2

• If– P1:Σ1

*→(Σ1∩Σ′)* is L1-observer– P2:Σ2

*→(Σ2∩Σ′)* is L2-observer• then

– P:(Σ1∪Σ2)*→Σ′* is L1||L2-observer L1||L2

L1 L2

Σ′*

P1 P2

P


Application of MPLO

• Given L⊆Σ* and Σ′⊆Σ, let P:Σ*→Σ′* be the L-observer. • Let Σ′′⊆Σ′ and L′′⊆Σ′′*, then

P(L) and L′′ is nonconflicting ⇔ L and L′′ is nonconflicting

L

P(L)

P

L′′

L′′

nonconflicting

nonconflicting

L || L′′ = L || L′′

P(L) || L′′ = P(L) || L′′

⇑


Coordinated Modular Supervisory Control

• Given Σ, let φ(Σ) denote the set of all FSAs over Σ.• Given two alphabets Σ1 and Σ2, let G1∈φ(Σ1) and G2∈φ(Σ2).• Let Si be a proper supervisor of Gi (i=1,2). • Let Σ'⊆Σ1∪Σ2 with Σ1∩Σ2⊆Σ′.• Suppose Pi:Σi

*→(Σi∩Σ')* be an Lm(Si/Gi)-observer, where i=1,2.• Let P1(S1/G1) denote an automaton, where

– L(P1(S1/G1))= P1(L(S1/G1)) and Lm(P1(S1/G1))= P1(Lm(S1/G1))

• Let G:= P1(S1/G1)× P2(S2/G2)• Compute a coordinator C∈φ(Σ') such that C/G is nonblocking

Theorem 4– Given the above setup, S1∧S2∧C is a proper supervisor of G1×G2.


Illustration of Coordinator Synthesis

P1 : Lm(S1/G1) -observer

G1S1 G2S2

P1(S1/G1) P2(S2/G2)

P2 : Lm(S2/G2) - observer

G = P1(S1/G1) × P2(S2/G2)

C : C/G is nonblocking


Multi-Level Coordinators

P1

G1S1 G2S2

P1(S1/G1) P2(S2/G2)P2

G12

C12

P3

G3S3 G4S4

P3(S3/G3) P4(S4/G4)P4

G34

C34

G=P12((S1∧S2∧C12)/(G1×G2))×P34((S3∧S4∧C34)/(G3×G4))

C

G1×G2

S1∧S2∧C12

G3×G4

S3∧S4∧C34

G1×G2×G3×G4

S1∧S2∧S3∧S4∧C12∧C34∧C

P12:(Σ1∪Σ2)*→((Σ1∪Σ2)∩ Σ'')* P34:(Σ3∪Σ4)*→((Σ3∪Σ4)∩ Σ'')*

• Σ'' ⊆ Σ1∪Σ2∪Σ3∪Σ4

• (Σ1∪Σ2)∩(Σ3∪Σ4) ⊆ Σ''


Outline

• Motivation




• Example


• Conclusions


Simple Transfer Line (STL)

M1 B1 M2 B2 M3 B3

M4B4TU

1 2 3 4 5 6

7

8912

10


Component Models

1

2

M1

3

4

M2

5

6

M3

7

8

M4

9

10,12

TU


Buffer Specifications

2,12

3

B1

2,12

3

4

5

B2

6

7

B3

6

7

8

9

B4

8

9


Partition of STL

M1 B1 M2 B2 M3 B3

M4B4TU

1 2 3 4 5 6

7

8912

10PLANT1 PLANT2


Local Synthesis with TCT

• PlANT1 = M1 × M2 × M3 × TU (use Sync) (16 , 72)

• PlANT2 = M3 × M4 × TU (8 , 28)

• SPEC1 = Selfloop(Sync(B1,B2),{1,6,9,10}) (4 , 42)

• SPEC2 = Selfloop(Sync(B3,B4),{5,10,12}) (9 , 51)

• SUPER1 = Supcon(PLANT1,SPEC1) (48 , 146)

• SUPER2 = Supcon(PLANT2,SPEC2) (50 , 137)

• SUPER1 and SUPER2 are conflicting


Create an Coordinator

M1 , M2 , M3 , TU M3 , M4 , TU

SUPER1Σ1={1,2,3,4,5,6,9,10,12}

SUPER2Σ2={5,6,7,8,9,10,12}

CΣc ⊇ Σ1∩Σ2 = {5,6,9,10,12}

P1 P2

P2(SUPER2)P1(SUPER1)


Coordinator Synthesis

• Preparation– Set the coordinator’s alphabet as Σc = {1,5,6,9,10,12}– We can check that both P1 and P2 are observers.

• Create local abstractions– PPLANT1=Project(SUPER1,{1,5,6,9,10,12}) (14 , 40)– PPLANT2=Project(SUPER2,{5,6,9,10,12}) (18 , 41)

• Create a specification SPEC, recognizing Σc*.

• Synthesis– PPLANT=Sync(PPLANT1,PPLANT2) (63 , 168) – C = Supcon(PPLANT,SPEC) (59 , 158)


Verification

• C, SUPER1 and SUPER2 are nonconflicting


Monolithic Supervisor Synthesis

• PLANT = Sync(PLANT1,PLANT2) (32 , 176)

• SPEC = Selfloop(Sync(Sync(Sync(B1,B2),B3),B4), {1,10}) (54 , 414)

• SUPER = Supcon(PLANT,SPEC) (568 , 1927)

Isomorphic(Sync(C,Sync(SUPER1,SUPER2)),SUPER)=true


Comparison

• Monolithic Approach– Plant : (32 , 176)– Supervisor : (568 , 1927)– The largest intermediate computational result : (568 , 1927)

• Coordinated Modular Approach– Local Plants : (16 , 72) , (8 , 28) – Local Supervisors : (48 , 146) , (50 , 137)– Coordinator : (59 , 158)– The largest intermediate computational result : (63 , 168)


Outline

• Motivation




• Example


• Conclusions


Motivations

• Each component has a fixed interface

• Each component’s internal behaviour is unseen to outsiders

• Components communicate with each other through interfaces


Example 1 – Digital Circuit


Example 2 – Component-Based Software

Data Retrieval(DR)

Video SignalProcessor (VSP)

Audio SignalProcessor (ASP) V

ideo

-Aud

eo S

ynch

roni

zer (

VAS)

BV1

BA1 BA2

BV2IBV1

IBA1

IBV2

IBA2

IDR IVAS

IASP

IVSP


Our Goal

• Use interfaces to separate components, allowing local synthesis


The System Architecture

High-Level Component GH∈ φ(ΣH)(where φ(ΣH) contains all FSAs over ΣH)

GL1∈φ(ΣL1)

GI1∈φ(ΣI1)

GLn∈φ(ΣLn)…

Low-Level Components

GI1∈φ(ΣI1)Interfaces

…

• For any i,j∈{H,L1,...,Ln}

– Σi = Σi,c ∪ Σi,uc

– i ≠ j ⇒ Σi,c ∩ Σj,uc = ∅

• For any i,j∈{L1,...,Ln}

– ΣH ∩ ΣLi = ΣIi

– i ≠ j ⇒ ΣLi ∩ ΣLj = ΣIi ∩ ΣIj


Separable Requirements

• At the high level: EH∈φ(ΣH)

• At the low level: {ELi∈φ(ΣLi) | i=1,…,n}

A requirement can “touch” different components via interface events!


A Supervisor Synthesis Problem

• Compute an interface-based modular (IBM) supervisor {SH, SL1, … ,SLn},

– Requirements: Lm(SH/GH) ⊆ Lm(EH) ∧ (∀i∈{1,…,n}) Lm(SLi/GLi) ⊆ Lm(Eli)

– Nonblockingness : Lm(S/G) = L(S/G) where• Lm(G) = Lm(GH)||Lm(GL1)||…||Lm(GLn) and L(G) = L(GH)||L(GL1)||…||L(GLn)

• Lm(S) = Lm(SH)||Lm(SL1)||…||Lm(SLn) and L(S) = L(SH)||L(SL1)||…||L(SLn)

– Controllability: L(S/G)Σuc ∩ L(G) ⊆ L(S/G)

– Interface Invariance:

(∀i∈{1,…,n}) Pi(Lm(SLi/GLi)) = Lm(GIi)

where Pi : ΣLi* → ΣIi

* is an Lm(SLi/GLi)-observer


Theorem 1 :

Given G = {GH, GLi, GIi | i=1,…,n} and E = {EH, ELi | i=1,…,n},the largest IBM supervisor, denoted as the supremal IBMsupervisor, in terms of component-wise set inclusion exists.


Local Supervisor Synthesis (1)

• At the high level

– Plant : G = GH × GI1 × … × GIn

– Requirement : EH

– Synthesize SH∈φ(ΣH), where

• Lm(SH/G) ⊆ Lm(EH)

• Lm(SH/G) = L(SH/G)

• L(SH/G)ΣH,uc ∩ L(G) ⊆ L(SH/G)


Local Supervisor Synthesis (2)

• At the low level, for each local component GLi (i∈{1,…,n})

– Plant : GLi

– Requirement : ELi

– Synthesize SLi∈φ(ΣLi), where

1. Lm(SLi/GLi) ⊆ Lm(ELi)

2. Lm(SLi/GLi) = L(SLi/GLi)

3. L(SLi/GLi)ΣLi,uc ∩ L(GLi) ⊆ L(SLi/GLi)

4. Pi(Lm(SLi/GLi)) = Lm(GIi), where Pi : ΣLi* → ΣIi

* is an Lm(SLi/GLi)-observer


Theorem 2:

The largest language Lm(SLi/GLi) satisfying conditions 1-4 exists.

( Why ? )


• The largest language Lm(SLi/GLi) in Theorem 2 is computable.


Theorem 3:

{SH, SL1, … , SLn} is the supremal IBM supervisor w.r.t. G and E.


Conclusions

• Advantages of Modular Supervisory Control

– It is easy to present a system in a modular way

– It is computationally tractable compared to the monolithic approach

– It possesses a certain level of implementation flexibility

• Disadvantage of Modular Supervisory Control– Modular control is more conservative than centralized control (why?)

– The observer property is required during model abstraction

Documents

Modular Supervisory Control · April 29, 2010 TU/e Mechanical Engineering, Systems Engineering Group 2 Outline • Motivation • Ramadge-Wonham Modular Supervisory Control • Queiroz-Cury