Decentralized Supervisory Control with Conditional ...

Viewer
Transcript

IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. XX, NO. Y, MONTH 2005

Decentralized Supervisory Control with Conditional Decisions: Supervisor Realization Tae-Sic Yoo and St´ephane Lafortune

Abstract— The strategy of decentralized supervisory control of discrete event systems using so-called “conditional decisions” initiated in prior work is further investigated in this paper. Specifically, a constructive methodology for realizing supervisors that employ conditional decisions is developed. This methodology is based on the construction of (deterministic) observers of nondeterministic automata that are built so as to track violations of C&P and D&A coobservability.

1

II. C ONDITIONAL A RCHITECTURE AND C OOBSERVABILITY Let us consider the decentralized control architecture depicted in Fig. 1 where a set of supervisors jointly controls a system G by each observing subsets of Σo (denoted by Σo,i ) and controlling subsets of Σc (denoted by Σc,i ) in order to achieve the desired behavior K ⊆ L(G) ⊆ Σ∗ . We denote by Σuo = Σ \ Σo and Σuc = Σ \ Σc , the unobservable and uncontrollable event sets, respectively. As in [10], we assume at the outset that the controllable event sets Σc,i , i = 1, . . . , n, are not mutually disjoint.

Decision Fusion

I. I NTRODUCTION In the companion paper [10], we consider decentralized supervisory control problems where supervisors are allowed to make unconditional (“enable” and “disable”) as well as conditional (“enable if nobody disables” and “disable if nobody enables”) decisions. This control architecture is referred to as the conditional architecture. In this architecture, the controllable events are partitioned a priori so that some controllable events are disabled by default and the remaining ones are enabled by default when supervisors do not issue unconditional or conditional decisions. Given such a partition of the controllable events, the necessary and sufficient conditions for the existence of supervisors in the context of the conditional architecture are identified in [10]. The notion of conditional coobservability appears in these conditions, together with the familiar controllability and Lm (G)-closure conditions (see, e.g., [1]). Furthermore, [10] also contains the following results: (i) a polynomial-time algorithm for verifying conditional coobservability and (ii) a polynomial-time technique to partition the set of controllable events in the conditional architecture so as to satisfy conditional coobservability, if one exists. These polynomial-time verification and controllable event partitioning results build upon the original results in [4] about C&P coobservability. This paper addresses supervisor synthesis issues regarding the results in [10]; note that only supervisor existence issues are treated in [10]. More specifically, given a regular language that is achievable in the conditional architecture, we develop in Section 3 a synthesis procedure for building realizations1 of finite-state automata supervisors that encode the required unconditional and conditional decisions. The key feature of this procedure is the realization of the conditional decisions, which is somewhat intricate and requires building deterministic observers2 of suitably-modified versions of the nondeterministic automata used in [8] to verify the properties of C&P and D&A coobservability. An example illustrating the application of the above synthesis results is presented in Section IV. Due to space constraints, we assume in the remainder of this paper that the reader is familiar with supervisory control theory and with the salient features of [10]. This work was supported in part by the National Science Foundation under grant CCR-0082784. The major part of this work was done while T.-S. Yoo was a Ph.D. student at the University of Michigan, Ann Arbor. T.-S. Yoo is with Idaho National Laboratory, Idaho Falls, ID 83403 USA (e-mail: [email protected]). S. Lafortune is with Department of Electrical Engineering and Computer Science, The University of Michigan, 1301 Beal Avenue, Ann Arbor, MI 48109-2122 USA (e-mail: [email protected]); www.eecs.umich.edu/umdes. 1 The word “realization” is used here in the sense of [6] and [1] (Chapter 3). 2 In the sense of [1] (Chapter 2).

Local Decisions

SP1

SP2

SPn

G System

P1

Fig. 1.

P2

Pn

Decentralized control architecture

We briefly review notation, concepts, and results (proved in [10]) that are required for understanding and gaining insight into the synthesis methodology of Section 3. Conditional D&A coobservability is a key component of the necessary and sufficient conditions for the existence of a decentralized control system that exactly achieves the desired behavior when supervisors make “disable”, “enable”, “enable if nobody disables” decisions and a controllable event is disabled by default if there is no decision over that event [7, 10]. The architecture where supervisors are allowed to make the above three decisions is referred to as the conditional-enabling architecture and conditional D&A coobservability is defined as follows [7, 10]. In that definition, Pi is the projection operation from Σ∗ to Σ∗o,i , Pi−1 (s) := {s0 ∈ Σ∗ : Pi (s0 ) = s}, Ei (s) := Pi−1 Pi (s) ∩ K, and Ic (σ) := {i : σ ∈ Σc,i }. Definition 1: A language K ⊆ M = M is said to be conditionally D&A coobservable3 w.r.t. M , Σo,1 , Σc,1 ,. . ., Σo,n , Σc,n , if ∀s ∈ K and ∀σ ∈ Σc = ∪n i=1 Σc,i s.t. sσ ∈ K, (∃i ∈ Ic (σ))[CE] where CE denotes the following condition: (∀si σ ∈ Ei (s)σ ∩ (M \ K))[∃j ∈ Ic (σ) s.t. Ej (si )σ ∩ K = ∅]. The CE condition implies that for each illegal controllable continuation σ that the ith supervisor estimates, there is a supervisor that can ensure that this continuation with σ is illegal. That is, the ith supervisor can infer that there is a supervisor (j) that can disable σ with certainty. In [10], another decentralized control architecture, the conditionalenabling architecture, is considered. In this architecture, supervisors make three types of decisions: “enable”, “disable”, and “disable if nobody enables”. Moreover, a controllable event is enabled by default if there is no decision over this event. The analogue of conditional D&A coobservability for this architecture is called conditional C&P coobservability and it is defined as follows [10]. Definition 2: A language K ⊆ M = M is said to be conditionally C&P coobservable w.r.t. M , Σo,1 , Σc,1 ,. . ., Σo,n , Σc,n , if ∀s ∈ K 3 This

notion is called EDF-partitionability in [7].

2

IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. XX, NO. Y, MONTH 2005

and ∀σ ∈ Σc = ∪n i=1 Σc,i s.t. sσ ∈ L(G) \ K, (∃i ∈ Ic (σ))[CD] where CD denotes the following condition: (∀si σ ∈ Ei (s)σ ∩ K)[∃j ∈ Ic (σ) s.t. Ej (si )σ ∩ M ⊆ K]. The CD condition implies that for each legal controllable continuation σ that the ith supervisor estimates, there is a supervisor that can ensure that this continuation with σ is legal. That is, the ith supervisor can infer that there is a supervisor (j) that can enable σ with certainty. The conditional architecture where individual supervisors are allowed to make “enable”, “disable”, “enable if nobody disables”, and “disable if nobody enables” decisions is also considered in [10]. That is, local supervisors are formally defined as follows: SPi : Pi (Σ∗ ) → 2Σc,i × 2Σc,i × 2Σc,i × 2Σc,i , where SPi (Pi (s)) = (ei (Pi (s)), di (Pi (s)), eci ((Pi (s)), dci (Pi (s))), for i ∈ {1, . . . , n}. The “enable”, “disable”, “enable if nobody disables”, and “disable if nobody enables” decisions of the ith local supervisor are represented by ei (Pi (s)), di (Pi (s)), eci (Pi (s)), and dci (Pi (s)), respectively. The joint control action of local supervisors SP1 ,. . ., SPn is denoted by Sfc . For the Sfc supervisor, fc stands for “Fusion of decentralized unconditional and Conditional decisions”. Since Sfc is a joint action of local supervisors, the domain of Sfc is P (Σ∗ ) and the role of Sfc is to issue joint global “enable” and “disable” decisions. That is, Sfc : P (Σ∗ ) → 2Σc × 2Σc , Sfc (P (s)) = (e(P (s)), d(P (s))), where e(P (s)) and d(P (s)) are global “enable” and “disable” decisions, respectively, which are defined as follows. For σ ∈ Σc , σ ∈ e(P (s)) iff [σ ∈

n [

ei (Pi (s))] ∨ [σ ∈

i=1

n [

eci (Pi (s)) ∧ σ ∈ /

i=1

n [

di (Pi (s))].

n [

ei (Pi (s))].

i=1

Similarly, for σ ∈ Σc , σ ∈ d(P (s)) iff [σ ∈

n [

i=1

di (Pi (s))] ∨ [σ ∈

n [

i=1

dci (Pi (s)) ∧ σ ∈ /

i=1

The conditional architecture is more powerful than both the conditional-enabling and the conditional-disabling architectures in the sense that a relaxed version of coobservability appears in the necessary and sufficient conditions for the existence of a set of supervisors that achieves a given desired language [10]. Define the following sets of events: For i ∈ {1, . . . n}, Σc,e,i := Σc,i ∩ Σc,e and Σc,d,i := Σc,i ∩ Σc,d , where Σc,d ∪˙ Σc,e = Σc . Σc,e,i is the set of locally controllable events whose default setting is enablement while Σc,d,i is the set of locally controllable events whose default setting is disablement. Definition 3: A language K ⊆ M = M is said to be conditionally coobservable w.r.t. M , Σo,1 , Σc,d,1 , Σc,e,1 ,. . ., Σo,n , Σc,d,n , Σc,e,n , if the following two conditions hold: (i) K is conditionally C&P coobservable w.r.t. M , Σo,1 , Σc,e,1 ,. . ., Σo,n , Σc,e,n ; (ii) K is conditionally D&A coobservable w.r.t. M , Σo,1 , Σc,d,1 ,. . ., Σo,n , Σc,d,n . The existence result of the conditional architecture can now be presented. Theorem 1: [10] Consider the language K ⊆ Lm (G) where K 6= ∅ and consider a fixed partition of Σc such that Σc = Σc,d ∪˙ Σc,e . There exists a nonblocking and control-nonconflicting supervisor Sfc such that Lm (Sfc /G) = K and L(Sfc /G) = K iff the following

three conditions hold: (i) K is controllable w.r.t. L(G) and Σuc ; (ii) K is conditionally coobservable w.r.t. L(G), Σo,1 , Σc,d,1 , Σc,e,1 ,. . ., Σo,n , Σc,d,n , Σc,e,n ; (iii) K is Lm (G)-closed. When the above necessary and sufficient conditions hold, the following local decision rules can be applied to achieve the desired language K: For s ∈ K, i ∈ {1, . . . , n}, fc fc fc SPfci (Pi (s)) = (efc i (Pi (s)), di (Pi (s)), eci (Pi (s)), dci (Pi (s)))

where efc i (Pi (s)) := {σ ∈ Σc,i : Ei (s)σ ∩ L(G) 6= ∅, Ei (s)σ ∩ L(G) ⊆ K}, dfc (P (s)) := {σ ∈ Σc,i : Ei (s)σ ∩ L(G) 6= ∅, i i Ei (s)σ ∩ K = ∅},

(1)

ecfc i (Pi (s)) := {σ ∈ Σc,i : Ei (s)σ ∩ L(G) 6= ∅, ∀si σ ∈ Ei (s)σ ∩ (L(G) \ K), ∃j ∈ Ic (σ) s.t. Ej (si )σ ∩ K = ∅}, dcfc i (Pi (s)) := {σ ∈ Σc,i : Ei (s)σ ∩ L(G) 6= ∅, ∀si σ ∈ Ei (s)σ ∩ K, ∃j ∈ Ic (σ) s.t. Ej (si )σ ∩ L(G) ⊆ K}.

(2)

III. R EALIZATION OF S UPERVISORS Suppose that the desired behavior Lm (H) is a solvable regular language under the conditional architecture and it is desired to realize, in the form of finite-state automata, local supervisors that result in this desired behavior. Given that solvability is assured, local unconditional decision rules are obtained from (1). Without loss of generality, we can assume that H is a strict subautomaton of G [2, 3]. Then, local unconditional decision rules can be realized by constructing for each local site i the observer of H for projection Pi and finding “enable” and “disable” decisions according to (1) for each observer state as is done in [5, 8]. Details are omitted here. Hereafter, we focus on the realization of the first part of Equation (2), regarding the “enable if nobody disables” decision rule. The treatment of the “disable if nobody enables” decisions is similar, with suitable modifications as will be described later. Equation (2) is the basis for the realization of local conditional decision rules. The “enable if nobody disables” decision rule ecfc i (Pi (·)) in (2) implies that a controllable continuation σ is enabled conditionally by supervisor i only if supervisor i is certain that all illegal controllable continuations with σ can be disabled by some local supervisor. In other words, based on its observation and inference on observations of other supervisors, if there is some illegal continuation σ that cannot be disabled by some local supervisor for sure, then σ is not conditionally enabled. Formally, σ 6∈ ecfc i (Pi (s)) if Ei (s)σ ∩ L(G) = ∅ or ∃si σ ∈ Ei (s)σ ∩ (L(G) \ L(H)) such that (∀j ∈ Ic (σ))[Ej (si )σ ∩ L(H) 6= ∅].

(3)

The condition Ei (s)σ ∩ L(G) = ∅ simply means that the estimated behaviors (Ei (s)) cannot be continued with event σ within the system behavior. Therefore, σ is excluded from the decision since decisions over σ are irrelevant to the resulting controlled language. Therefore, we only concentrate on the second part of the condition σ 6∈ ecfc i (Pi (s)). Let us recall the definition of C&P coobservability from [8] for the sake of further discussion. Definition 4: A language K ⊆ M = M is said to be C&P coobservable w.r.t. M , Σo,1 , Σc,1 ,. . ., Σo,n , Σc,n , if ∀s ∈ K and ∀σ ∈ Σc = ∪n i=1 Σc,i s.t. sσ ∈ M \ K, there exists i ∈ Ic (σ) s.t. Ei (s)σ ∩ K = ∅. From Definition 4 and Equation (3), when the system executes trace s, the following happens: (i) there exists si such that Pi (si ) = Pi (s)

IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. XX, NO. Y, MONTH 2005

and si σ violates C&P coobservability and (ii) σ is excluded from the “enable if nobody disables” decision of supervisor i. In order to identify traces violating C&P coobservability, we will modify the automaton Mc (Σc ) of [4]. In [4], Mc (Σc ) is denoted by M . The notation Mc (Σc ) here emphasizes that the M of [4] pertains to C&P coobservability and that it is parameterized by the set of controllable events. The modification involves changing the labels of some of the (unobservable) transitions to in order to identify the precise trace executed by the system. More precisely, we have mod

Mcmod (Σc ) = (QMc

mod

, Σ ∪ {}, δ Mc

Mcmod

, q0

M mod

, Qm c

3

relation of Mcmod (Σc ) is defined to track the traces in the following manner: QH × QH × QH × QG |{z} |{z} | {z } s0

0

s00

s

00

Two traces s and s are tracked by the first two H’s and the last pair H and G tracks s. The violation of C&P coobservability is characterized by traces s, s0 , s00 ∈ L(H) and event σ such that P1 (s) = P1 (s0 ), P2 (s) = P2 (s00 ), s σ ∈ L(H), s00 σ ∈ L(H), sσ ∈ L(G) \ L(H),

)

0

where mod

QMc

Mcmod

q0

M mod Qm c

:=

(QH × QH × QH × QG ) ∪ {vc},

:=

(q0H , q0H , q0H , q0G ),

:=

{vc}. mod

Hereafter, only the accessible part of the state space QMc is mod considered when we refer to QMc . Let us recall from [4] the set of conditions implying the violation of C&P coobservability; we retain these conditions in Mcmod (Σc ). For σ ∈ Σc ,  δ H (q1 , σ) is defined if σ ∈ Σc,1    δ H (q2 , σ) is defined if σ ∈ Σc,2 (∗) H δ (q3 , σ) is not defined    δ G (q4 , σ) is defined mod

The transition relation δ Mc is defined as follows. For the sake of brevity, given that q1 , q2 , q3 ∈ QH , q4 ∈ QG , and σ ∈ Σ, let us define the followings: qi0 := δ H (qi , σ) for i ∈ {1, 2, 3}, q40 := δ G (q4 , σ), and ~ q := (q1 , q2 , q3 , q4 ).

Note the use of the label in three instances below. For σ 6∈ Σo,1 and σ 6∈ Σo,2 , 0 mod (q1 , q2 , q3 , q4 ) if q10 exists δ Mc ((q1 , q2 , q3 , q4 ), ) = (q1 , q20 , q3 , q4 ) if q20 exists mod

δ Mc

(~ q , σ) =

(q1 , q2 , q30 , q40 ) if q30 and q40 exist vc if (∗)

For σ 6∈ Σo,1 and σ ∈ Σo,2 , mod

δ Mc mod

δ Mc

(~ q , ) = (q10 , q2 , q3 , q4 ) if q10 exists

(~ q , σ) =

(q1 , q20 , q30 , q40 ) if q20 , q30 , and q40 exist vc if (∗)

For σ ∈ Σo,1 and σ 6∈ Σo,2 , mod

δ Mc mod

δ Mc

(~ q , ) = (q1 , q20 , q3 , q4 ) if q20 exists

(~ q , σ) =

(q10 , q2 , q30 , q40 ) if q10 , q30 , and q40 exist vc if (∗)

For σ ∈ Σo,1 and σ ∈ Σo,2 , 0 0 0 0 mod (q1 , q2 , q3 , q4 ) if q10 , q20 , q30 , and q40 exist q , σ) = δ Mc (~ vc if (∗) mod

For σ ∈ Σ, δ Mc (vc, σ) is undefined. The state space QH × QH × QH × QG tracks all traces s, s0 , s00 ∈ L(H) such that P1 (s) = P1 (s0 ) and P2 (s) = P2 (s00 ). The transition

where σ ∈ Σc,1 ∩ Σc,2 . The characterization of the violation of C&P coobservability demands to track legal traces (this is done by the first two H’s) and one illegal trace (the last pair H and G tracks this). The occurrence of this violation that is captured by condition (∗) causes a transition into marked state vc. In order to identify the illegal traces (denoted by sσ above in Equation (3)) violating C&P coobservability, we need to distinguish the transitions tracking trace s from the transitions tracking traces s0 and s00 (traces that have the same local projections as s at local sites 1 and 2, respectively). Hence, when we consider a transition σ tracking s (that is, when the last pair of H and G involved), we attach the label σ to the transition. Otherwise (that is, when the last pair H and G is not involved), the label is attached to the transition. With this modification, if sσ reaches state vc, then we know for sure that sσ ∈ L(G) \ L(H) and that sσ violates C&P coobservability. In order to realize the local “enable if nobody disables” decision rule of supervisor i from (3), we need to identify every si σ ∈ Ei (s)σ ∩ (L(G) \ L(H)) violating C&P coobservability and exclude such σ ∈ Σc,i from the local “enable if nobody disables” decisions. Let us remove marked state vc and its attached transitions from Mcmod (Σc ) and denote the result by Mc− (Σc ). We construct the (deterministic) observer of Mc− (Σc ) with respect to Σo,i , denoted by Obsi (Mc− ). The purpose of constructing the observer of Mc− (Σc ) with respect to Σo,i is to identify the reachable states of Mc− (Σc ) with Ei (s) when s is the trace executed by the system and the observed trace is Pi (s). Moreover, Mcmod (Σc ) is constructed to explicitly identify traces violating C&P coobservability. Therefore, if a state of Obsi (Mc− ) that is reached by trace Pi (s) contains states of Mcmod (Σc ) that reach state vc with some transition σ in automaton Mcmod (Σc ), then we know that there exists si σ ∈ Ei (s)σ ∩ (L(G) \ L(H)) violating C&P coobservability and event σ is excluded from the local “enable if nobody disables” decision of supervisor i after observing Pi (s). In this manner, the automaton Obsi (Mc− ), together with Mcmod (Σc ), can be used as a realization of the local “enable if nobody disables” decision rule of supervisor i. Algorithm 1 below formalizes the procedure described above. The correctness of Algorithm 1, namely the realization of the local “enable if nobody disables decision”, is shown in Theorem 2. Theorem 2: For all s ∈ L(H) and i ∈ {1, . . . n}, eci (Pi (s)) = ecfc i (Pi (s)). Proof: (⊆) Suppose that σ 6∈ ecfc i (Pi (s)). This implies that for σ ∈ Σc,i (i) Ei (s)σ ∩ L(G) = ∅ or (ii) there exists si σ ∈ Ei (s)σ ∩ (L(G) \ L(H)) s.t. (∀j ∈ Ic (σ))[Ej (si )σ ∩ L(H) 6= ∅].

(5)

If (i) holds, it is clear that σ 6∈ eci (Pi (s)). Therefore, we focus on condition (ii) hereafter. Since si σ ∈ Ei (s)σ ∩ (L(G) \ L(H)), we have that si ∈ L(H), si σ ∈ L(G) \ L(H), and Pi (s) = Pi (si ). With (5) indicating the violation of C&P coobservability and from the construction of Mcmod (Σc ), we know that there exists si σ ∈

4

IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. XX, NO. Y, MONTH 2005

Algorithm 1 REALIZE-CONDITIONAL-ENABLEMENTDECISIONS 1: Build Mcmod (Σc ). 2: Build Mc− (Σc ) by removing state vc and its attached incoming transitions from Mcmod (Σc ). 3: Build (deterministic) observers of Mc− (Σc ) with respect to Σo,i for each i ∈ {1, . . . , n} and denote them by Obsi (Mc− ). − − 4: For each q obs ∈ QObsi (Mc ) ⊆ 2Mc , set neci (q obs ) as {σ ∈ Σc,i : ∃q

Mc−

∈q

5: From the construction of

q

obs

∈Q

Obsi (Mc− )

q

obs

s.t. δ

Mc− (Σc ),

Mcmod

(q

Mc−

1 b

for all s ∈ L(H), there exists

−

{σ ∈ Σc,i : Ei (s)σ ∩ L(G) 6= ∅ ∧ σ 6∈ neci (q obs )}.

(4)

Let q that

Mc−

:= δ

Mcmod

Mc−

M− (q0 c , si )

δ

Mcmod

(q

−

Mc−

Mc−

13

9

15

c 14

10 b’

d

d 16

(a) G Fig. 2.

a

12 a’

d 20

8

11 b

c 18

b’

d

5

b’

17

4

3

2 a’

10

14 d

16

17

18

(b) H

Automata G and H

, si ). Then, we have

, σ) = vc.

{c}

5

c

−

∅

15

d

a

∅

16

∅

10

∅

14, 18 d

∅

17

(a) e1 (P1 (·)) ∅

1, 2 a’

∅

5

c

9

∅

{d}

c

∅

11, 12 d 16

∅

4, 8

d

a’ 15

a

∅

3

c

IV. E XAMPLE

4 Note that the automaton M mod (Σ ) is nondeterministic and the transition c c label in Mcmod (Σc ) represents the silent transition.

c

∅

11, 12

a’

∅

4, 8

d

∅

9

Therefore, we have σ ∈ neci (q obs ). Consecutively, we have σ 6∈ eci (Pi (s)). (⊇) The proof of this case follows similar arguments to the preceding case (in reverse), starting from the assumption that σ 6∈ eci (Pi (s)). The realization of the “disable if nobody enables” decision rule in Equation (2) can be performed analogously. The key difference is centered on the use of a suitably-modified version of the nondeterministic automaton introduced in [8] for testing D&A coobservability. Namely, we modify Md (Σc ) of [8] to get Mdmod (Σc ) by using labels, in the same spirit as was done when obtaining Mcmod (Σc ) in Algorithm 1. Then, state vd of Mdmod (Σc ) [which is analogous to state vc of Mcmod (Σc )] is deleted and Md− (Σc ) is obtained. The realization of the conditional “disable if nobody enables” decisions of supervisor i is then encoded in the observer of Md− (Σc ) for event set Σo,i , using Mdmod (Σc ). (For complete details, see [9].)

a

{d}

3

c

q Mc ∈ q obs := δ Obsi (Mc ) (q0obs , Pi (s)).

Consider the uncontrolled behavior generated by automaton G in Fig. 2(a) and the desired behavior generated by automaton H in Fig. 2(b). We define that Lm (H) = L(H) = K and Lm (G) = L(G) (i.e., marking is omitted for all states). We set Σo,1 = {a, a0 , c, d}, Σo,2 = {b, b0 , c, d}, Σc,1 = Σc,2 = {c, d}, Σc,e = {c}, and Σc,d = {d}. In [10], we showed that L(H) is conditionally coobservable w.r.t. L(G), Σo,1 , Σc,d,1 , Σc,e,1 , . . ., Σo,n , Σc,d,n , Σc,e,n . We focus here on the realization of the supervisors. Finite-state automata realization of the unconditional decisions of supervisor 1 are shown in Fig. 3. In Fig. 3(a), the event information appearing in each state of the realization (rectangle in figure) represents the enabled events; in the

∅

1, 2 a’

Since Pi (si ) = Pi (s), we have −

8 c

a

c

case of Fig. 3(b) it represents the disabled events. The automata in Fig. 3 are obtained using the techniques presented in [5, 8], which are not repeated here.

, si σ) = vc.

= δ Mc (q0

b

7

19

L(Mcmod (Σc ))4 ⊆ Σ∗ such that (q0

a

d

where q0obs is the initial state of Obsi (Mc− ). Set eci (Pi (s) as

mod

d

1 b’

d

= δ Obsi (Mc ) (q0obs , Pi (s))

δ Mc

c

11 b

12

15

and such that

obs

6

a’

, σ) = vc}.

d

4

c

c 9

a

3

2 a’ 5

c

∅

10 a

∅

∅

14, 18 d 17

∅

(b) d1 (P1 (·)) Fig. 3.

Supervisor 1: unconditional decisions

Following the procedure discussed in Section III, we construct Mcmod (Σc ), shown in Fig. 4, to identify the traces violating C&P coobservability (Step 1). By removing state vc from Mcmod (Σc ), we get Mc− (Σc ) (Step 2). In order to realize the local “enable if nobody disables” decision rules, we build observers of Mc− (Σc ) w.r.t. Σo,1 and Σo,2 , respectively (Step 3). The observer for supervisor 1 is shown in

IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. XX, NO. Y, MONTH 2005

5

1111 a 4144 ε

c

ε 1411

4444

2411

4888

b

1522

8444

c

ε

vc

d

ε

d 17 17 17 17

Fig. 4.

a 14 14 14 14

ε

18 14 14 14

ε

ε

11 14 11 11 ε

18 11 14 14

11 11 11 11

a

ε

12 14 11 11

b’

b’

b

12 12 12 12

ε

18 18 18 18

d

a

af,ag

{d}

ah

∅

ab,ac,ad,aj,ak,al {d} d

11 12 12 12 ε

b

a’

15 15 15 15

ai

ε 11 15 12 12 ε

15 12 15 15

ε

∅

s

9999

a’

14 18 18 18

c

t,u,v,w,x,y,z,aa ∅

a’

12 11 11 11 ε

d

∅

∅

j,k,l,o,p,q

5555

d

c

14 11 14 14

ε

r

ε

c 10 10 10 10

a

{d}

i

c

5255 a’

{c}

m,n

a’

2522

b’

8888

ε 2222

ε c

∅

c

1222 ε

ε

ε

ε

ε

2111

ε 8144

b’

a’

3333

ε

a

a,b,c,d,e,f,g,h

b

ε

ε

12 15 12 12 d 16 16 16 16

Mcmod (Σc )

Fig. 5 where, for the sake of readability, the states of Mcmod (Σc ) are renamed as described in the table in the figure. For Mcmod (Σc ), states (1, 5, 2, 2) (state d in Fig. 5) and (8, 1, 4, 4) (state o in Fig. 5) reach vc with event c and state (12, 14, 11, 11) (state z in Fig. 5) reaches vc with event d. Therefore, the observer states of Mc− (Σc ) containing state d (observer state (a,b,c,d,e,f,g,h) in Fig. 5) or state o (observer state (j,k,l,o,p,q) in Fig. 5) exclude c from the “enable if nobody disables” decisions, and the observer states of Mc− (Σc ) containing z (observer state (t,u,v,w,x,y,z,aa) in Fig. 5) exclude d from the “enable if nobody disables” decisions (Step 4). The realization of the “enable if nobody disables” decision rule of supervisor 1 is therefore as shown in Fig. 5 (set of events next to observer state components). Note that c = nec1 ((a, b, c, d, e, f, g, h)), c = nec1 ((j, k, l, o, p, q)), and d = nec1 ((t, u, v, w, x, y, z, aa)). States (a, b, c, d, e, f, g, h), (j, k, l, o, p, q), and (t, u, v, w, x, y, z, aa) are reached with observed traces , a, and cd, respectively. Therefore, we have that c 6∈ ec1 (), c 6∈ ec1 (a), and d 6∈ ec1 (cd). Finally, following Equation 4, we have ec1 () = ec1 (a) = ec1 (cd) = ∅. Note that trace cd remains feasible because event c is enabled by default initially. We omit the realization of supervisor 2, which can be performed similarly; see [9]. The realization of the local “disable if nobody enables” decision rules is omitted here due to space constraints; again, we refer the reader to [9] in this regard. V. C ONCLUSION The procedure presented to synthesize supervisors that implement conditional decisions is novel and relies on specially-constructed nondeterministic automata that track violations of C&P and D&A coobservability, respectively. This realization procedure gives insight into the nature of conditional decisions, especially regarding the inferencing process that is at the heart of the conditional architecture. R EFERENCES [1] C. G. Cassandras and S. Lafortune. Introduction to Discrete Event Systems. Kluwer Academic Publishers, 1999.

Fig. 5.

1111=a

5555=n

12 15 12 12 = aa

1222=b

8144=o

14 11 14 14 = ab

1411=c

8444=p

14 14 14 14 = ac

1522=d

8888=q

14 18 18 18 = ad

2111=e

9999=r

15 12 15 15 = af

2222=f

10 10 10 10 = s

15 15 15 15= ag

2411=g

11 11 11 11 = t

16 16 16 16 = ah

2522=h

11 12 12 12 = u

17 17 17 17= ai

3333=i

11 14 11 11 = v

18 11 14 14 = aj

4144=j

11 15 12 12 = w 18 14 14 14 = ak

4888=k

12 11 11 11 = x

4444=l

12 12 12 12 = y

5255=m

12 14 11 11= z

∅

18 18 18 18 = al

Supervisor 1: conditional decision ec1 (P1 (·))

[2] E. Chen and S. Lafortune. On the infimal closed and controllable superlanguage of a given language. IEEE Trans. on Automat. Contr., 35(4):398–404, 1990. [3] H. Cho and S. I. Marcus. On supremal languages of classes of sublanguages that arise in supervisor synthesis problems with partial observation. Math. Control Signals Systems, 2:47–69, 1989. [4] K. Rudie and J. C. Willems. The computational complexity of decentralized discrete-event control problems. IEEE Trans. on Automat. Contr., 40(7):1313–1318, 1995. [5] K. Rudie and W. M. Wonham. Think globally, act locally: Decentralized supervisory control. IEEE Trans. on Automat. Contr., 37(11):1692–1708, 1992. [6] W. M. Wonham. Notes on control of discrete–event systems. Technical report, University of Toronto, July 2003. Available at www.control.utoronto.ca/people/profs.wonham. [7] T. Yoo and S. Lafortune. Decentralized supervisory control: A new architecture with a dynamic decision fusion rule. In Proc. of 6th International Workshop on Discrete Event Systems, pages 11–17, Zaragoza, Spain, 2002. [8] T. Yoo and S. Lafortune. A general architecture for decentralized supervisory control of discrete-event systems. Discrete Event Dynamic Systems: Theory and Applications, 12(3):335–377, 2002. [9] T. Yoo and S. Lafortune. Decentralized supervisory control with conditional decisions Part II: Verification and synthesis. Technical report, Univ. of Michigan, 2003. CGR-03-18. [10] T. Yoo and S. Lafortune. Decentralized supervisory control with conditional decisions: Supervisor existence. IEEE Trans. Automat. Contr., 49(11):1886–1904, 2004.