On Petri Net Models of Infinite State Supervisors Where L(G) = {Wlw~~*And6*(W,G,)~Q}

274 IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 37, NO. 2, FEBRUARY 1992

On Petri Net Models of Infinite State Supervisors where L(G) = {wlw~~*and6*(w,g,)~Q}. R. S. Sreenivas and B. H. Krogh Given a language L G X* we use the symbol zto denote its prefix Abstract-We consider a class of supervisory control problems that closure. require infinite state supervisors and introduce Petri nets with inhibitor To control a DES we assume the set C is partitioned into two sets arcs (PN's) to model the supervisors. We compare this PN-based ap- C, and X,, where C, is the set of events that can be disabled. We proach to supervisory control to automata-based approaches. The pri- mary advantage of a PN-based supervisory controller is that a PN-based let r denote the set of control patterns, where controller provides a finite representation of an infinite state supervisor. I'={yIy:X+{O,l}andy(a)=l foreachuEC,}. For verification, implementation, and testing reasons, a finite PN-based representation of aninfinite state supervisor is preferred over an au- An event u E C is said to be enabled by y when y( u j = 1, and is tomata-basedsupervisor. We show that thismodeling advantage is disabled otherwise. accompanied by a decision disadvantage, in that in general the controllability of a language that can be generated by the closed-loop system is A supervisor 0 is asystem that changes the controlpattern undecidable. dynamically.An automata-based supervisor 0 is apair (S,+), I. INTRODUCTION where S = (X,C, f , x,) is an automaton with a (possibly infinite) state set X, input alphabet C, partial transition function E: X X C Supervisory control of discrete-event systems (DES'S) was intro- -+ X, initial state x,, and 6:X -+ r. As defined by Ramadge and duced by Ramadge and Wonham [l], [2] and has since been studied Wonham [l], the supervisor state transitions are synchronous with extensively [3]-[7]. A DES is a dynamical system with a (possibly identically labeled events in the plant G. At each state of S a control infinite) set of stares and a finite set of events. For a given DES G, pattern is selected basedon the 6 function.We usethe symbol it is of interest to synthesize a supervisor DES 0 that prevents the 0 1 G to represent the closed-loop plant-supervisor system described occurrence of certain events of G to enforce some specifications on above, and the symbol L(O I G) torepresent the language generated thebehavior of thecontrolled DES. The classes ofspecifications by the system 0 I G. thathave been consideredhitherto fall intotwo categories: state To havea well-defined closed-loopbehavior a completeness avoidance problems [2], where the objective is to avoid a collec- condition [l] must be imposed on thesupervisor 0, namely, V tion of states.and string avoidance problems [I], wherethe w E C* and u E X the following statement must be true: objective is to avoid a collection of event strings. In this note. we consider string avoidance problems. weL(Q1G) and W"UEL(G)and $(E*(xo, w))(u) We introduce a method of modeling infinite state supervisors by = 1 * w'uo~L(0IG) Petri nets (PN's) of finite size. We relate supervisory control in the where isthe stringconcatenation operator and (*: X X C* -+ X PN-based models tothose in thecurrent literature thatuse is an extension of (: X X C + X. automata-based models.We then introducea class of supervisory Following Ramadge and Wonham [l] a language K E C* is said controlproblems that require infinitestate supervisors.We show to be controllable with respect to G if that for these problems there is a PN-based supervisor thathas a finite representation. For verification,implementation, and testing PC,n L(G) c E. reasons, a finite PN-based representation of an infinite state supervi- Thereexists a complete supervisor 0 suchthat L(0I G) = K if sor is preferred over an automata-based supervisor. and only if the language K E C* is prefix-closed and controllable Thisnote is organizedas follows. In Section 11, wepresent an with respect to G [I]. The supervisor 0 thus prevents the genera- overviewof automata-based supervisory control. Section 111 states tion ofstrings in L(G) that are notin K, while making sure all tworesults onthe use of infinite state models for plantsand strings in K can be generated by the system 0 I G. We callthe supervisors. Section IV introduces Petri netswith inhibitor arcs as problem of synthesising a supervisor to realize a restricted language finite-sizemodels of infinite statesupervisors. We showthat any K as the string avoidance problem. Turing acceptable language can be realized with such supervisors. III. INFINITE STATE PLANTSAND SUPERVISORS The concluding section indicates directions for future research. Inthis section. we consider two ways in whichinfinite size 11. Ah: OVERVIEWOF AUTOMATA-BASEDSUPERVISORY automata may be required for the string avoidance problem. First, CONTROL the plant G might be ofinfinite size,for example, when the languagegenerated by the plant L(G) is nonregular.Second, the Following Ramadgeand Wonham [7], wedefine a controlled desired closed-loop behavior K E L(G)may lead to an infinite state DES or a plant asa 4-tuple G = X, 6, qo), where Q is a (Q, supervisor,for example, when K is acontrollable, prefix-closed, (possibly infinite) state sef, 40 E Q is the inirial state, C is a finite and nonregular language. The following two propositions deal with alphabet usedto label transitionsbetween states (events), and 6: each of these cases in turn. The second case is illustrated with an Q x C --t Q is a partial function that describes the dynamics of the example following Proposition 2. system. Events are assumed to be instantaneous and asynchronous. Proposition I: If G = (Q, 6,6, q,,) is an infinite size plant and We extendthe function 6 to afunction 6*: Q X C* + Q inthe K is a prefix-closed language such that K E L(G) and K is usual way. Also, we define the size of an automaton to be card G C* (Q). controllable with respect to G, then there exists a finite size plant The language generated by G is denoted by the symbol L(G), G' = (Q. C, 6', 46) (i,e,, Q' is finite), such that Manuscript received January 12, 1990.This work was supported in part I) L(G) G L(G'j, and b} the National Science Foundation under Grant DMC-8451493. 2) 3 aK' E C* suchthat K' 1 K, and K' is prefix-closed and The authors are with the Laboratory for Automated Systems and Informa- tion Processing, Department of Electrical Engineering and Computer Engi- controllable with respect to G', and any complete supervisor 0' that neering. Carnegie Mellon University, Pittsburgh, PA 15213. satisfiesthe property L(0' 1 G') = K' also satisfies theproperty IEEE Log Number 9104397. L(0' 1 G) = K.

0018-9286/92$03,00 0 1992 IEEE IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 37, NO. 2, FEBRUARY 1992 275

Proof.. The first part of the proposition follows trivially from a b the fact that for any language that is based on a finite alphabet there is alwaysa regular language that is a superset. For example, if L(G) E C*, then the language of the trivial automaton G' with only one state for which L(G') = X* contains L(G). For thesecond part, let L(G') = E* asdescribed above. Now, Fig. 1. A plant automation. considerthe language K' = K'X;. Notethat K' is prefix-closed since K is prefix-closed.Furthermore, K'"C, fl L(G3 = K'OE, TABLE I = K'. This implies that K' is controllable with respect to G'. Since K' is prefix-closed and controllable with respectto G', there exists a complete supervisor 0' such that L(0' I G') = K'. Since L(G) E 40 a 90 L(G'), 0' 1 G is well-defined and L(0' 1 G) E L(0'I G3. We now 90 b 41 91 b q1 show that L(Q' 1 G) = K. Let weL(Q' 1 G) and suppose w#K. Since L(0' 1 G) C L(0' 1 G') = K"Xz, 3 w, EK and 3 w2 E Et such that w = wIaw2 be a finite state automaton as in the previous section. However, the and wlouu# K, where u, is the first element in the string w2. This supervisor is a PN. In thefollowing paragraphs, we describethe contradictsthe assumption that K is controllable.Therefore, closed-loop behavior when a PN based supervisor is used in con- L(Q 1 G) C K. junction with a finite automata based plant. Now, suppose w E K and w $L(Q' 1 G). Clearly, w # E: be- Dejnition I: A Petri net with inhibitor arcs (PN) is an ordered cause this would imply that weL(0' l G). So, if w #LC@'l G), Stuple, N = (n,T, a, 4,m0), where II = { pl,p2; . ., pn) is a

then 3 wl, wzE C*, and 3 uc E E,, such that set of n places, T = { t,, tZ;9 * , tm} is a collection of m transi- 1) w = wloucc'wz,and tions, @ E (XI X T)U (Tx n) is a set of arcs, 'Ir E (II X T)is 2) wlouc#L(O' I G). a set of inhibitor arcs, mO:II + N is the initial markingfunction These observations imply that wlooc~L(O'1 G'), since the supervi- (or the initial marking), and N is the set of nonnegative integers. sor 0' disables the event uc after the generation of the string wl. The state of a PN is given by the marking m: Il -t N which Note that wl"uc E K since K is prefix-closed, which implies wl'uc indicatesthe distribution of tokens ineach place. We definethe E L(0' I G'), as L(0' 1 G') = K' 3 K. Thisis acontradiction, size of a PN as max {card (n),card (T)}. We note that since the therefore K E L(0' I G).Hence K = L(0' 1 G). value of the marking is unbounded, finite PN's can represent infinite Proposition 1 implies that in general the procedure of Ramadge state systems. and Wonham [I] can be used to construct supervisors for infinite In a graphical representation of PN's, transitions are represented sizeplants by applyingtheir procedure to a finite size plant (al- by vertical bars, places by circles, tokens by dots that reside in the though the proof of the proposition does nor necessarily suggest the places.Members of @ are represented by directedarcs between most computationally efficient method for doing this). The following places and transitions, and members of f by arcs from places to propositiondemonstrates that the size of thesupervisor is deter- transitions with a circle (logical negation symbol) at the arc terminus mined by the desired closed-loop language K. instead of an arrowhead, Fig. 2 shows a graphical representation of Proposition 2: Givena finite size plant G, and K C L(G), a aPN, where, forexample, (p3, t2)ef,and(p,, t,)~@.. prefix-closed, language that is controllable with respect to G. If K For XEII U T we definethe following notation: X* := is nonregular,then there does not exist a completefinite size {y/(x,y)~@}and*x:={yI(y,x)~+}.Givenamarkingm,a supervisor 0 such that L(O I G) = K. transition I E T is said to be enabled if Proof: The proposition follows from the fact that for any finite 1) V pe't, m(p)L 1, and sizesupervisor, the composite system 0 I G is necessarilyfinite. 2) vpEnsuchthat(p,t)E\k,m(p)=O. Thus if K is anonregular language, any complete supervisor 0 For a given marking m the set of enabled transitions is denoted by suchthat L(0I G) = K can beobtained only if 0 isof infinite the symbol T,(m). An enabled transition ?ET,(rn) can fire , which size. changes the marking m to m' according to the equation As an exampleconsider the plant G = (Q, X, 6, qO),where Q = { qo,q,}, C = {a, b},and 6 is the function tabulated in Table rn'(p) = m(p) - card(p* n {t})+ card(*p n {t}). 1. The state diagram of the plant G is shown in Fig. 1. The initial Inthis note wedo not considersimultaneous firing of multiple state is represented by an arrow head on the vertex representing qo. transitions. Let C, = { b}, and 8, = { a}. L(G) is theregular language de- A string of transitions tlotz0t,, where ti E T (i = noted by the regular expression (a*"b*), Le., = L(a*"b*). L(C) { 1,2,. * , k})is said to be a validfiring sequence starting from the Consider the language K E L(G), where K := { ufl0bmI n z m marking rn if 2 0). K is prefix-closed and controllable because if w E K, w'a E 1) the transition t, is enabled under the marking m,and L(G) implies the fact that w does not contain any b's, so woaE K. 2) for i = { 1,2; . ., k - 1) the firing of the transition ti pro- However, K is nonregular. From the Proposition 2 we know that duces a marking under which the transition ri+ I is enabled. any complete supervisor 0 that produces a closed-loop language K Given an initial marking rno, the set of reachable markings for has to have an infinitesize. In the next section, we illustratea ma denoted by %(rno), is defined as the set of markings generated supervisor for this example which is of finite size within the PN by all valid firing sequences starting with marking mo. We use the framework (but infinite stare) and produces the desired closed-loop notation rn -t w -t m' ifthe firing sequence w startingfrom the behavior K. marking m results in the marking rn'. We define a PN-based supervisor as a 4-tuple 0 = (S, X, a,$I), IV. PN-BASEDSUPERVISORY CONTROL In this section, we introduce a modeling framework for DES'S using PN's. For the sake of uniformity we assume the plant DES to I The term card (.) is used to denote the cardinality of the set argument. IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 37, NO. 2, FEBRUARY 1992 276 -f-%- P2 P4 Supervisor Fig. 2. A PN example. Fig. 3. A supervisor 8 that is complete with respect to the plant G shown in Fig. 1. I where S = (n,,T,, a,, mt) is a PN, I: is an alphabet set (same as the alphabet set associated with the plant), and a: T, + I: U {E} is a total function that identifies a plant event or the null event E

with each transition in S. The function a*: T: + X* is the extension of the a function to strings.The function 6: %(m!) + r defines a control pattern for each marking in the set of reachable markings, and r is the set of control patterns defined in the previous section. The function 4: R(m;) + r is definedexplicitly for m,~W(m:),and UEX as follows: P3

where 3 e(ms)= { t I t E Te(m,) or t E T,(m:), where m, + w + ml, and ct*(w) = E I 1 } and the symbol I w I denotes the length of the firing sequence w. As withautomata based supervisors, events (transitions) in the supervisor are triggered by eventsin the plantaccording to the following convention which takes into account the null event sym- bols defined above. Suppose the supervisor has a marking m, and Fig. 4. A closed-loop system that generates {un'bmI n S m 5 0). $(m,)(a) = 1 for event u E X. If the event u occurs in the plant, a firing sequence w occurs simultaneously in the PN-based supervisor in the plant) and t5 (event b) can fire repeatedly until the tokens in where a*(@)= (E~~~-')"U.We note that the PN-based supervisor place p4 are depleted. Firing t, terminates the string of b's before canbe nondeterministicsince for agiven marking of thePN S, p4 is emptied. Thus, the closed-loop system generates the language there canbe manyfirable transitions that have the same symbol { d"'bm I n L m L 0). This isan example of aPN supervisor associated with them via the a function. Furthermore, deterministic which realizes a nonregular language. Also, since the language K is PN-based supervisors as defined above that recognize controllable aL-type PN language (cf. 181) thePN in thedefinition of the languages are always complete. supervisor did not require inhibitor arcs. As in the previous section, we denote the closed-loop supervisor- The nexttheorem describes the class of closed-looplanguages plant combination by 0 1 G and its language by L(8 I G). A plant that can be obtained by using a finite size PN as the supervisor. G can be considered as a language generator, while a supervisor 0 Theorem I: Givena finite size plant G = (Q, X, 6, qo), let can be thought of as a language acceptor. We observe that L(O I G) K E L(G) be a prefix-closed, Turing acceptable language that is = L(8)n L(G), where L(Q) denotesthe controllable language controllablewith respect to G, thenthere exists a complete PN accepted by a complete PN-based supervisor 0. based supervisor 8 = (S,X, a,4) such that S is of finite size and As an example of PNbased supervisory control, consider the L(0l G) = K. example described in the previous section. Let C = {a, b}, where Proof: Hack [9] proved that for every Turing acceptable lan- X, = { b} and E,, = {a}. Theplant G shown in Fig. 1 generates guage K' there exists a (possibly nondeterminisitic) finite size PN the language denoted by the regular expression a*' b". Let K := with inhibitorarcs which accepts K'. Since K is prefix-closed, {an0bmI n 2 m B 0). Fig. 3 showssupervisora 8 = Turning acceptable and controllable with respect to G, K' = K'C; (S, {a,b}, a, 6), where a(t4) = {a},and a(t5) = a(f.5)= a(?,) is alsoprefix-closed, Turing acceptable and controllablewith re- = { b}, This definition of a is represented by the symbol { u} being spect to G. Also, there exists a complete supervisor 0 = (S, x, a, placed alongside the transition I,, and the symbol { b} being placed 4) such that L(8)= K' = K'E; and L(O I G) = L(0)fl L(G) alongsidethe other transitions. By definition,the event {a} is = K' n L(G) = K fl L(G) = K,as KC L(G). W enabled all the time, and the event { b} is enabled only when the Ramadge and Wonham have shown that a procedure to test for marking of the supervisor PN is such that one of the transitions in thecontrollability of aprefix-closed regular language K with the set { t,, I,, t,} is enabled. For this example, we observe that one respect to L(G), where G is of finite size is O(n2kz),where k is of thesetransitions is enabled if andonly if theplace p, has a the cardinality of the state set for a trim recognizer of K and n is nonzero token load. This is illustrated graphically in the Fig.4. thecardinality of thestate set of G 171. Considerthe language From the figure we observe that every firing of ta (event a), puts K E {a, b}*,where K := {anDbmI n B m > 0) of the previous atoken in place p4 and re-enables t,. Uponthe first firing of t, example. It is easy to show this language is controllable by using an (event b), t, is disabled permanently (since no more a's can occur argument that is specific to this language. However, as the following IEEE TRANSACTIOXS ON AUTOMATICCONTROL,VOL. 37, NO. 2, FEBRUARY 1992 271 theorem states, the controllability of an arbitrary Turing acceptable [IO] J. E. Hopcroft and 1.D. Ullman, Introductionto Automata The- language cannot be decided in general. ory, Languages, and Computation. Reading,MA: Addison-Wes- Theorem 2: Controllabilityof a Turingacceptable language K ley, 1979. [Ill S. Lafortuneand H. Yoo, “Someresults on Petri net languages,” & C* with respect to a language L is undecidable if C, # 0 and IEEE Trans. Automat. Contr., vol. 35, no. 4, pp. 482-485, Apr. c, + 0. 1990. Proof: This resultfollows from Rice’s Theorem(cf. [lo]). Let 9 be thecollection of Turingacceptable languages that are controllable withrespect to L. If 8, f 0 and C, # 0 then controllability with respect to L is not a friviulproperty,that is, 3 On Damping Ratio of Polynomials with Perturbed is notempty nor does it includeall Turing acceptable languages Coefficients based on the alphabet C. Rice’s theorem states that any nontrivial property of Turing acceptable languages is undecidable. Hence the C. B. Soh result. As observed in Peterson’s book 181 the increase in the modeling Absfruct-Recently, Sohand Berger Ill havederlved a sufficient power by the introduction of inhibitor arcs in a PN is accompanied condition for a family of interval polynomials to have a damping ntio bya decrease in thedecision power. For example, afinite state of 4 using Kharitonov’s theorem for complex polynomials. This note automaton has restricted modeling power but its decision power is a points out that the transfornations used by Sob and Berger [l] to obtain the sufficient conditions also guarantees a simpli6cation of Kbaritonov’s desirable feature, on the other hand,Turing machines (or PN’s) theorem for complexpolynomials. That is, thenumber of required represent the other end of the spectrum. Sometimes as a compro- polynomials to be Humitz ishalf thenumber speeiBed by Sohand mise between modeling power and decision power, we might con- Berger 111. sider PN’s that do not have inhibitor arcs. In this case, Theorem 1 could be restated with the term “Turing acceptable” replaced by the I. INTRODUCTION term “L-type PN language with +transitions” (cf. [SI and [ll]). Consider the characteristic polynomialof a linear continuous-time system V. CONCLUSION P(s) = tos“ + t,Fl ... + fn (1) In this note, we introduce Petri net models for supervisory control + and illustrate via an example the modeling advantage of PN-based where supervisors for problemsthat require aninfinite state supervisor. tr=[to *.’ f“]. This modeling power can be beneficial for verification, implementa- Soh and Berger [l] haveshown that asufficient condition for a tion, and testing of supervisors. We also observe that this increase family of real interval polynomials (of the form (1)) to have only in modeling power is accompanied by a decrease in decision power roots inthe left sector (see Fig. 1) definingthe dampingratio of by proving theundecidability of the controllabilityproperty for continuous-time systems is that eight specified complex polynomials languages that can be generated by PN-based supervisors. However, are Hurwitz. We would like to point out that only four of the eight the controllability of more restrictive PN languages may be decid- specified complex polynomials are required to be Hurwitz to guaran- able, Since PN languages are more general than regular languages, tee the family of real interval polynomials has only roots in the left the development of algorithms for constructing PN-based supervi- sector. Similarly, only eight of the sixteen specified complex poly- sors may be a fruitful direction for research to increase the applica- nomials given by Soh and Berger [l] are required to be Hurwitz to bility of the recent results in supervisory control. guarantee a family of complex interval polynomials has only roots REFERENCES in the sector. This is because the transformations used by Soh and Berger [l] to P. 1. Ramadge and W. M. Wonham, “Supervisory control of class of discrete event processes,” SIAMJ. Contr. Optimiz.,vol. 25, no. 1, obtainthe sufficient conditionsalso guarantee asimplification of pp. 206-230, Jan. 1987. Kharitonov’s theorem for complex polynomials. Hence, the results _, “Modular feedback logic for discrete event systems,” SIAM of Soh and Berger [l] which is based on Kharitonov’s theorem for J. Contr. Optimiz., vol. 25, no. 5, pp. 1202-1218, Sept. 1987. complexpolynomials can also be simplified.We adopt the same R. Cieslak, C. Desclaux. A. S. Fawaz, and P. Varaiya, “Supervisory control of discrete-event processes with partial observations,” IEEE notation used by Soh and Berger [l]. Also note that the figure given Trans. Automat. Contr., vol. 33, no. 3, pp. 249-260, Mar. 1988. bySoh and Berger [l] has been incorrectlyprinted. Furthermore J. N. Tsitsiklis. “On the control of discrete-event dynamicd systems,” P(s) and Q(s) denotes, respectively,polynomials ofreal and Math. Contr., Signals, Syst., vol. 2, pp. 95-107, 1989. complex coefficients. K. lnan and P.Varaiya, “Finitely recursive process models for discrete event systems,” IEEE Trans.Automat. Contr., vol. 33, n. SUPWRTTNG RESULTS no. 7, pp. 626-639, July 1988. In this section, we develop the tools necessary for attaining the P. I. Ramadge,“Some tractable supervisory control problems for discrete-eventsystems modeled by Buchi Automata,” IEEE Trans. ultimate objective. Automot. Contr., vol. 34, no. 1, pp. 10-19, Jan. 1989. Lemma 1: Everypolynomial f(s) E K” does not haveimagi- P. J. Ramadge and W. M. Wonham, “Modular supervisory control of nary roots jw, with w,5 0 if and only if the pair polynomials discrete event systems,” in Proc. Seventh Internat. Conf. Analy- ris and Optimb. Syst., Antibes,June 25-27, 1986, pp. 202-214; {(~~,gl),(~,,g~)~(~~~gl)~(~*~g~)} also in Lecture Notes in Control and Optimization of Systems, Yo/. 83, A. Bensoussan and J.L. Lions, Eds. New York: Springer- are Hurwitz polynomials. Verlag, 1986. J. L. Peterson, Petri Net Theory and theModeling of Systems. Manuscript received January 26, 1990; revised November 16, 1990. Englewood Cliffs, NJ: Prentice-Hall, 1981. The author is with the School of Electrical and Electronic Engineering, M. H. T. Hack, “Petri net languages,” Tech. Rep. 159, Mass. Inst. Nanyang Technological Institute, Nanyang Avenue, Singapore 2263. Technol.. Cambridge, MA, Mar. 1976. IEEE Log Number 9104398.

0018-9286/92$03.M) 0 1992 IEEE