application: discrete event systems (pre lecture) · discoveries & inventions of the nineteenth...

Application: Discrete Event Systems (Pre Lecture)

Dr. Neil T. Dantam

CSCI-561, Colorado School of Mines

Fall 2019

Dantam (Mines CSCI-561) Application: Discrete Event Systems (Pre Lecture) Fall 2019 1 / 63

On Specifications


Introduction

Discrete Event Systems

I Discrete Event System (DES): asystem that exhibits discrete(non-continuous change)

I The control engineer’s view oflanguage and automata theory

I Applications:I Embedded SystemsI RoboticsI Verification

OutcomesI Broad introduction to DES

I Construct DES models of physicalprocesses / systems

I Construct specifications as formallanguages

I Control DES to achieve a desiredspecification


Outline

Introduction to Control

Discrete Event SystemsDefinitionsDES Languages & Properties

Supervisory Control



Outline



Supervisory Control



Physical vs. Computational Laws

A Physical Law

dx

dt= g(x,u)

I x: current state

I u: current input

I dxdt : change in state

I g: process function

A Computational Law

qk+1 = δ(qk , σk)

I qk : current state

I σk : current input

I qk+1: successor state

I δ: transition function

Continuous Dynamics. Discrete Dynamics.



Ye Olde Controller

Flyball Governer

Discoveries & Inventions of the Nineteenth Century.R. Routledge, 13th edition, published 1900.

Control: modify system’s input to achieve desired property



The World According to Controls Engineers

x = F (x , u)u = G (r)

Controller Plant

uxr

Symbol Description

x ∈ X stateu ∈ U input

r referenceX state spaceF PlantG Control Law



Feedforward and Feedback Control

Feedforward / Open-Loop Control

x = F (x , u)u = G (r)

Controller Plant

uxr

Feedback / Closed-Loop Control

x = F (u)u = G (r , x)

Controller Plant

uxr



Example: The Classic Inverted Pendulum

mcy

x

m`

`

θ

f

(mc + m`) x −m``θ cos θ + m`θ2 sin θ = f`θ − g sin θ = x cos θ

Gf x , x

θ, θx = 0, x = 0θ = 0, θ = 0



Outline



Supervisory Control



Supervisory Control Theory

Peter Ramadge

I Princeton

Walter Wonham

I Toronto (emeritus)

P. J. Ramadge and W. M. Wonham. Supervisory control of a class ofdiscrete event processes. SIAM J. Control and Optimization, Vol. 25,No. 1, pp. 206-230, 1987.


Discrete Event Systems Definitions

Events

Switch On/Off

+5V

0

Clock edge

Contact

|x | ≥ k

Threshold

A discrete item of a finite set.Dantam (Mines CSCI-561) Application: Discrete Event Systems (Pre Lecture) Fall 2019 13 / 63


Physical Interpretation of Events

Quantum Mechanics

Maxwell’s Equations ∇× B = µ0

(J + ε0

δEδt

)Linear Circuits V = IR

Switch

Event {on,off}

Events are a convenient abstractionDantam (Mines CSCI-561) Application: Discrete Event Systems (Pre Lecture) Fall 2019 14 / 63


The Discrete Event System

Definition (Discrete Event System)

A discrete-state, event-drive system. That is, its state evolutiondepends entirely on the occurrence of asynchronous discrete eventsover time.D = (X ,E , f , Γ, x0,Xm):

I X is the set of states

I E is the finite set of events

I f : X × E 7→ X is the transition function

I Γ : X 7→ P (E ) is the active event function.Γ(x) = {e ∈ E | f (x , e) is defined}

I x0 is the initial state

I Xm is the set of marked states



DES vs. DFA

DES

D = (X ,E , f , Γ, x0,Xm):

I X is the set of states

I E is the finite set of events

I f : X × E 7→ X is the transition function

I Γ : X 7→ P (E ) is the active eventfunction.Γ(x) = {e ∈ E | f (x , e) is defined}

I x0 is the initial state

I Xm is the set of marked states

DFA

M = (Q,Σ, δ, q0,F ), where

I Q is a finite set call the states

I Σ is a finite set call the alphabet

I δ : Q ×Σ 7→ Q is the transition function

I q0 ∈ Q is the start state

I F ⊆ Q is the set of accept states



Example: Going for a walk

I Scenario:I You may go for a walk.I It could rain.I If it rains, you’ll get wet.

I Events:I go-outsideI sunI rainI get-wetI go-home

go-outside

sun

rain

get-wet

go-home

go-home

start



Example: Carry an Umbrella

I Scenario:I You may go for a walk.I It could rain.I If it rains, you’ll get wet.I You can pack an umbrella.

I Events:I go-outsideI sunI rainI get-wetI go-homeI pack-umbrella

startgo-outside

sun

rain get-wet

go-home

go-home

go-outside sun

rain

packumbrella

go-home



Exercise: Robot Vacuum

I Drive till bump sensor

I Then turnI Events:

I startI stopI driveI bumpI turn

startstart drive bump

turn

stop



Exercise: Robot Vacuum, Redux

I Add IR proximitysensor

I Events:

I startI stopI driveI bumpI turnI Proximity

startstart drive proximity

driveturn

stop

bump

turn


Discrete Event Systems DES Languages & Properties

Extended Transition Function

Transition Function f : X × E 7→ X

Extended Transition Function f : X × E ∗ 7→ X

base: f (x , ε) = xinductive: f (x , αe) = f (f (x , α), e)

where α ∈ E ∗ and e ∈ E

Define transitions recursively over strings



Language Marked

Definition (Language Marked)

The language marked by D = (X ,E , f , Γ, x0,Xm) is the set of stringsthat take D to a final marked state:

Lm (D) ={s ∈ E ∗ | f (x0, s) ∈ Xm

}

Different word for acceptance



Language Generated for DES

Definition (Language Generated)

The language generated by D = (X ,E , f , Γ, x0,Xm) is the set ofstrings that have defined transitions in D:

Lg (D) ={s ∈ E ∗ | f (x0, s) is defined

}

Behavior that is possible, but not necessarily “acceptable.”



Example: Marking and Generation 0

0 1 2 3

start

a b c Lm (D) = {ab}

Lg (D) = {ε, a, ab, abc}



Example: Marking and Generation 1

0 1

startb a

a

b

D I Lm (D) :I Strings ending in aI (a|b)∗a

I Lg (D) :I All strings in EI (a|b)∗



Exercise: Marking and Generation

0 1

starta

a

b

D

I Lm (D) :

I Sequences of a’s with isolated b’s,starting and ending with a

I a (a| (ba))∗

I Lg (D) :

I Sequences a’s and b’s with at most oneconsecutive b

I (a|ab)∗



Prefix-Closure

Definition

The prefix closure of language L is the set of all prefixes of strings in L:

L = {α ∈ E ∗ | ∃β ∈ E ∗, αβ ∈ L},

where E is the event set (alphabet) for L.



Example: Prefix Closure 0

0 1 2 3

start

a b c

Lm (D) = {ab}


Lm (D) = {ε, a, ab}



Example: Prefix Closure 1

0 1

b aa

b

D

start

0 1

b aa

b

start

L (D)



Prefix Closure Algorithm

Algorithm 1: prefix-closure

Input: M = (Q,Σ, δ, q0,F ) ; // states,alphabet,transition,start,accept

Output: M ′ = (Q ′,Σ, δ′, q′0,F′) ; // states,alphabet,transition,start,accept

1 (Q ′, δ′, q′0,F′)← (Q, δ, q0,F );

2 function visit(q,p) is // new-state× visited-states

3 if q 6∈ p then

4 p′ ← p ∪ {q};5 if q ∈ F then F ′ ← F ′ ∪ p′;6 forall σ ∈ Σ do // Visit all neighbors of q

7 visit(δ(q, σ), p′);

8 visit(q0, ∅);



Exercise: Prefix Closure

0 1

2

aa

bb

a,b

start

D

0 1

2

aa

bb

a,b

start

L (D)



Deadlock

Generally: Lm (D) ⊆ Lm (D) ⊆ Lg (D)

Definition

Automaton reaches a state from which no further execution is possible:

∃x ∈ X , σ ∈ Lg (D),

(x = f (x0, σ))

︸︷︷︸Reach x on σ

∧ (Γ(x) 6= ∅)︸︷︷︸Some active event at x



Example: Deadlock

0 1

2 3

aa

b

b

a

start



Livelock

Definition

Automaton reaches a cycle from which a marked (accept) state is notreachable.

∃(x ∈ X ,σ ∈ Lg (D), α ∈ E+),

∀β ∈ E ∗,(x = f (x0, σ)

)︸︷︷︸

Reach x on σ

∧(x = f (x , α)

)︸︷︷︸

Cycle

∧(f (x , β) 6∈ Xm

)︸︷︷︸No path to accept



Example: Livelock

0 1

2 3

aa

b

b a

b

start



Blocking

Generally: Lm (D) ⊆ Lm (D) ⊆ Lg (D)

Definition

An automaton D is blocking if it can deadlock or livelock. Anautomaton D is nonblocking if neither deadlock nor livelock arepossible.

Blocking: Lm (D) ⊂ Lg (D)

I We can generate a string that is not a prefix to amarked state.

Nonblocking: Lm (D) = Lg (D)

I Every string we can generate is a prefix to a markedstate.


Supervisory Control

Outline



Supervisory Control


Supervisory Control

Supervisor Function

I Dynamically enable/disable events in E

I S : Lg (D) 7→ P (E )

DSS(σ)

σ

SupervisorUncontrolled

System

AllowedEvents Generated

String

Restricts the DES to desirable behavior.


Supervisory Control

Supervised Generation: Lg (S/D)

Formal Description

Base: Contains the empty string:ε ∈ Lg (S/D)

Inductive: Next event e in recursively-allowed string σ is allowed by the supervisor:

(σe ∈ Lg (S/D)) ⇐⇒

(σ ∈ Lg (S/D))︸︷︷︸recurse

∧ (σe ∈ Lg (D))︸︷︷︸uncontrolled

∧ (e ∈ S(σ))︸︷︷︸allowed

,

where e ∈ E and σ ∈ E ∗


Supervisory Control

Supervised Marking: Lm (S/D)

Lm (S/D)︸︷︷︸supervised marked

= Lm (D)︸︷︷︸system marked

∩ Lg (S/D)︸︷︷︸supervised generated


Supervisory Control

Supervised Blocking

∅ ⊆ Lm (S/D) ⊆ ˜Lm (S/D) ⊆ Lg (S/D) ⊆ Lg (D)

Blocking Lg (S/D) 6= ˜Lm (S/D)

I Generated strings not prefixes of marked stringsI Can generate unmarked strings

Nonblocking Lg (S/D) = ˜Lm (S/D)

I All generated strings are prefixes of marked strings


Supervisory Control

Example: Supervision

0 1 2 3

start

a b cD

Lm (D) = {ab}

Lm (D) = {ε, a, ab}


I S(ε) = a

I S(a) = b

I S(ab) = ∅

0 1 2 3

start

a bS/D

Lm (D) = {ab}

Lm (D) = {ε, a, ab}

Lg (D) = {ε, a, ab}


Supervisory Control

Supervisor Functions are Languages

Language of Supervisor

Supervisor functions define languages:

L (S) =

σe | (σ ∈ L (S))︸︷︷︸recurse

∧ (e ∈ S(σ))︸︷︷︸allowed

Supervisor of Language

Languages define supervisor functions:

SL(σ) = {e | σe ∈ L}

Lg (S/D) ⊆ L (S)


Supervisory Control

Example: Supervisor

Function

I S(ε) = a

I S(a) = b

I S(ab) = ∅

Language

L (S) = {ε, a, ab}

Automaton

s0 s1 s2

start

a b


Supervisory Control

Exercise: Supervision

D

x0

x1

x2

start a

b

S

I S(ε) = {a}I S(a) = ∅

L (S)

L (S) = {ε, a}

s0

s1

start

a

S / D

x0

x1

x2

start a


Supervisory Control

Specifications

I Express desired behavior:I “Don’t do x”I “Don’t do x after you do y”I “Do x , then do y”

I Represent (specify) language of acceptable/admissible behavior:La

I System should only generate admissible behaviors:Lg (La/D) ⊆ La


Supervisory Control

Example: Specifications

For E = {x , y , z}, write the following as regular expressions:I “Don’t do x”

I (y |z)∗

I “Don’t do x after you do y”I (x |z)∗

(y (y |z)∗

)?

I (x |z)∗(ε|y (y |z)∗

)I “Do x , then do y”

I xy(x |y |z)∗


Supervisory Control

Exercise: Specifications

For E = {a, b, c}, write the following as regular expressions:I “Repeat a until b”

I a∗b(a|b|c)∗

I “Avoid a until b”

I c∗b(a|b|c)∗

I “Do a at most once”

I (b|c)∗a?(b|c)∗

I (b|c)∗(a|ε)(b|c)∗


Supervisory Control

Controllable and Uncontrollable Events

E =

controllable︷︸︸︷Ec ∪

uncontrollable︷︸︸︷Euc

Controllable Events: events we can prevent from happening.Conversely, an action we may choose to take.

I Honk hornI Turn left

Uncontrollable Events: events we cannot prevent from happening

Other agent: Stoplight turns redSensed condition: Icy roads

Fault: Brakes fail


Supervisory Control

Fully Controllable Case

I All events are controllable:I Ec = EI Euc = ∅

I Supervision is a direct intersection operate:I Lg (S/D) = Lg (D) ∩ L (S)


Supervisory Control

Example: Weather

0 1

2

3 4

out

sun

rain

wet

home

home

start

D

s

S = (E \ wet)∗

= (home|out|sun|rain)∗

home,out,sun,rain

start dwet

home,out,sun,rain,wet


Supervisory Control

Example: Weather (continued)

0,s 1,s

2,s

3,s 4,s

out

sun

rain

home

home

start 0,d 1,d

2,d

3,d 4,d

out

sun

rain

wet

home

homewet

What’s wrong?

Modeling: can’t control the rain


Supervisory Control

Partially Controllable Case

I Some events are uncontrollable:I Ec ⊂ EI Euc 6= ∅

I A Simple Controller Synthesis Algorithm:1. Find “bad” states:

I base: Disallowed and blocking states in SI recursive: states with uncontrollable transitions to “bad” states

2. Avoid “bad” states


Supervisory Control

Example: Weather (continued)

Euc = {sun, rain,wet}

0,s 1,s

2,s

3,s 4,s

out

sun

rain

home

home

start 0,d 1,d

2,d

3,d 4,d

out

sun

rain

wet

home

homewet

0,d 1,d

2,d

3,d 4,d3,s

1,s 0,d 1,d

2,d

3,d 4,d3,s

1,s


Supervisory Control

Example: Umbrella

0start 1

2

3 4out

sun

rainget-wet

home

home

5 6 7out sun

rain

packumbrella

home

0start 1

2

3out

sun

rain

get-wet

home

5 6out

packumbrella

sun,rain

simplify


Supervisory Control

Example: Umbrella(continued)

0,s 1,s

2,s

3,s

5,s 6,s

start 0,d 1,d

2,d

3,d

5,d 6,d

out

sun

rain

home

out

packumbrella

sun,rain

out

sun

rain

wet

home

out

packumbrella

sun,rain

wet

0,d 1,d

2,d

3,d

5,d 6,d

3,s1,s


Supervisory Control

Fixed PointReview

Definition: Fixed Point

The fixed point of function is avalue where the function’s inputand output are equal.

For f : X 7→ X , the fixpoint issome value x ∈ X where f (x) = x .

Examples

I f : Z 7→ ZI f (x) = x2

I 0 is a fixpoint: f (0) = 0I 1 is a fixpoint: f (1) = 1I 2 is NOT a fixpoint: f (2) = 3

I g : R 7→ RI g(σ) = σR

I aa is a fixpoint: g(aa) = aaI ab is NOT fixpoint: g(ab) = ba


Supervisory Control

Partition Bad States

Algorithm 2: partition-bad-states(D,S)

Input: D = (XD ,E , fD , ΓD , x0,D ,Xm,D); // DES

Input: S = (XS ,E , fS , ΓS , x0,S ,Xm,S); // Specification

Input: Xbad; // Bad states

1 B ← blocking states in S ;2 X ′ ← XD × XS ;

3 Xbad ←

(xD , xS) ∈ X ′ |uncontrollable︷︸︸︷∃e ∈ Euc , e ∈ ΓD(xD)︸︷︷︸

allowed in D

∧

fS(xS , e) = ∅︸︷︷︸not in S

∨ fS(xS , e) ∈ B︸︷︷︸blocking in S

;

4 XOK ← X ′ \ Xbad;

5 f ′((xD , xS), e) , (fD(xD , e), fS(xS , e));6 Xbad ← partition-fixpoint(XOK,Xbad, f

′);

Initial Xbad: defined transitions to blocking states


Supervisory Control

Partition Fixpoint

Function partition-fixpoint(XOK,Xbad,E , f )

/* Uncontrollable transitions to bad states */

1 X ′ = {x ∈ XOK | ∃e ∈ Euc , f (x , e) ∈ Xbad};2 if X ′ = ∅ then // base: fixpoint

3 return Xbad;4 else // Recurse

5 return partition-fixpoint(XOK \ X ′,Xbad ∪ X ′, f );


Supervisory Control

Exercise: Robot Vacuum Supervision

0

start

1 2 3

45

start

stop drive proximitydrive

turn

bumpturn

I Don’t bump

s

start

d

E \ bump

bump

E


Supervisory Control

Exercise: Robot Vacuum Supervisioncontinued

0,s

start

1,s 2,s 3,s

4,s5,s

0,d 1,d 2,d 3,d

4,d5,dstart

stop drive proximity

drive

turn

turn

start

stop drive proximity

drive

turn

bumpturn

bump

0,d 1,d 2,d 3,d

4,d5,d

4,s


Supervisory Control

Why don’t I just write the code?

I Can you prove the code does what you want?

I How do you say (specify) what you want?

“Program testing can be usedto show the presence of bugs,but never to show their absence!”–Edsger W. Dijkstra (EWD249)

“A design without specificationscannot be right or wrong,it can only be surprising!”–William D. Young (paraphrased)Young, Boebert, and Kain.Proving a computer system secure.


Supervisory Control

References and Further Reading

Discrete Event Systems: Christos Cassandras and Stephane Lafortune.Introduction to Discrete Event Systems.

Verification: Christel Baier and Joost-Pieter Katoen. Principles of Model Checking.

Switching and Hybrid Systems: Daniel Liberzon. Switching in Systems and Control.

Principles of Model CheckingChristel Baier and Joost-Pieter Katoen


application: discrete event systems (pre lecture) · discoveries & inventions of the nineteenth...

Documents