A Correct And Scalable Deadlock Avoidance Policy For Flexible

796

IEEE TRANSACTIONS ON ROBOTICS AND AUTOMATION, VOL. 14, NO. 5, OCTOBER 1998

A Correct and Scalable Deadlock Avoidance Policy for Flexible Manufacturing Systems Mark A. Lawley, Spyros A. Reveliotis, and Placid M. Ferreira

Abstract—Configuration flexibility and deadlock-free operation are two essential properties of control systems for highly automated flexible manufacturing systems. Configuration flexibility, the ability to quickly modify manufacturing system components and their logical relationships, requires automatic generation of control executables from high level system specifications. These control executables must guarantee deadlock-free operation. The resource order policy is a configurable controller that provides the deadlock-free guarantee for buffer space allocation. It uses a total ordering of system machines and routing information to generate a set of configuration specific linear constraints. These constraints encode the system state along with a buffer capacity function and define a deadlock-free region of operation. Constraint generation and execution are of polynomial complexity. Index Terms—Deadlock avoidance, discrete event systems, flexible manufacturing.

I. INTRODUCTION

M

ANUFACTURING agility has emerged as an important strategic goal for manufacturing enterprises. In a highly automated environment, rapid redeployment of technological resources requires flexible system control software. Unfortunately, control software issues spawn the most difficult problems associated with building highly automated flexible manufacturing systems (FMS’s) [1]. Traditionally, system designers developed FMS control software for specific system configurations, “hard coding” the control logic for specific part types, routes, and machines into the FMS controller. Adding new part types or machines to the configuration required development of new control software. Manufacturing agility, however, precludes these time consuming and error prone bouts of manual software modification and development. Indeed, agility concepts compel researchers to seek methods for developing flexible controllers that automatically reflect changes in system configuration. Automatic control software development is, therefore, an important area of manufacturing systems research. Good surveys of this research area are found in [2] and [3]. A common theme is that the control function can be formally modeled, typically with Petri nets, while control Manuscript received September 22, 1997; revised July 4, 1998. This paper was recommended for publication by Associate Editor R. Uzsoy upon evaluation of the reviewers’ comments. M. A. Lawley is with the School of Industrial Engineering, Purdue University, West Lafayette, IN 47907-1287 USA. S. A. Reveliotis is with the School of Industrial and Systems Engineering, Georgia Institute of Technology, Atlanta, GA 30332-0205 USA. P. M. Ferreira is with the Department of Mechanical and Industrial Engineering, University of Illinois at Urbana-Champaign, Urbana, IL 61801 USA. Publisher Item Identifier S 1042-296X(98)07729-5.

executables can be automatically generated from these models [4], [5]. Controller configuration is the process of updating a system specification template from which control models and code are generated. Current research in this area includes [6]–[9]. Control code must direct system operation so that the processing requirements of parts passing through the system are met in a timely fashion. This requires some strategy for handling deadlock, an insidious halting condition prevalent in many types of discrete event systems [10]. When an FMS enters deadlock, the whole system can cease to operate, making deadlock-free operation a primary concern in designing configurable FMS controllers. FMS deadlock typically results from imprudent allocation of system resources such as buffer space, tooling, and material handling equipment [11]. Because each resource type exhibits unique deadlocking characteristics, FMS controllers must integrate a variety of strategies for handling these different deadlock scenarios. For example, a controller that allocates buffer capacity to parts and guidepath segments to AGV’s will likely require different allocation control methods for each since parts follow predetermined routes and eventually terminate, whereas AGV’s plan new paths and persist in the system. This work focuses on control policies for allocating buffer capacity in a deadlock-free manner. An FMS deadlocks with respect to buffer capacity when there exists a set of parts in the system with each part in the set awaiting buffer capacity occupied by another part in the set. The objective of a deadlock avoidance policy (DAP) is to constrain allocation so that this situation never occurs. To accomplish this, DAP’s define regions of operation within which systems must work. They do not direct operation within these regions, this task being left to performance oriented order release, dispatching, and scheduling techniques. DAP’s must demonstrate four important properties: 1) correctness; 2) scalability; 3) operational flexibility; 4) configurability. Correct DAP’s provide the deadlock-free guarantee, that is, they constrain buffer allocation so that all parts eventually complete their routes under normal system operation. Scalable DAP’s are computationally tractable and can be executed in real time. Because optimal deadlock avoidance (restraining buffer allocation only when necessary) is computationally intensive, scalable DAP’s typically sacrifice optimality for real time execution. DAP operational flexibility measures how much system operating space a scalable DAP sacrifices

1042–296X/98$10.00  1998 IEEE

LAWLEY et al.: CORRECT AND SCALABLE DEADLOCK AVOIDANCE POLICY

797

(how much stricture it imposes) to achieve scalability. Higher operational flexibility provides greater leeway for performance oriented control policies. Regarding DAP configurability, we make the following observations: the composition and frequency of deadlocked part sets depends on the interaction of part routes. In environments where new part types are continually being produced, system deadlock characteristics will vary widely over time depending on part mix. This fact has two implications. First, handling deadlock tends to be a control rather than a design problem. For instance, two ways to handle deadlock in the design phase would be either: 1) adding significant processing redundancy so that part routes can be highly restricted; 2) adding extra buffer capacity to reduce competition among parts. Both approaches only reduce the probability of deadlock, neither guarantees deadlock-free operation. We discount the first alternative based on expense, and note that the second does not support the concept of agile manufacturing. Increased system buffer capacity invariably leads to higher levels of work in process and poorer system response. We therefore approach deadlock as a system control problem. The second implication of the time-variance of system deadlock properties is that DAP’s requiring configuration specific deadlock analysis are not applicable in an agile manufacturing environment. A DAP developed by analyzing the interactions among a given set of part types applies for those part types only. When new part types are added, the DAP no longer works, and new deadlock analysis is required. The allocation constraints of configurable DAP’s are quickly generated and updated without configuration specific deadlock analysis. Analysis must occur in the DAP design stage where properties are established, not in DAP application. Our work treats deadlock as a real time operational problem and emphasizes correctness, scalability, and configurability over optimal allocation. Once we develop a DAP that satisfies these properties, we investigate and develop methods for improving its operational flexibility. In [12], we provide a detailed review of manufacturing research dealing with buffer capacity allocation and deadlock handling strategies that includes [13], [11], [14]–[24]. The following section presents an FMS buffer allocation model that sets the stage for discussing DAP properties. Section III then presents a DAP called the Resource Order Policy (RO), establishes its properties, and applies it to a realistic example. Section IV develops methods for improving RO’s operational flexibility and provides empirical verification of corresponding enhancements in system flexibility. The paper then concludes by discussing current and future research directions.

to be any physical location where a part can sit or be held. This includes locations for part staging as well as machine processing (these are identical in terms of deadlock). Furthermore, we assume that: 1) a part visits the sequence of machines specified in its route; 2) a part requires a single unit of buffer capacity at each machine in its route; 3) a part occupies one and only one unit of buffer capacity at a time; 4) a unit of buffer capacity can accommodate only one part at a time; 5) preemption is not allowed (the controller allocates unoccupied buffer capacity only). To visit a machine, a part first requests a single unit of that machine’s capacity. It then waits at its current location until the system controller grants the request. The part then releases its currently held capacity and proceeds to the next machine. Because this scenario contains the four necessary conditions for deadlock [10], the system controller must allocate prudently, otherwise the system will stall. The allocation state captures the distribution of parts in their various stages of processing across the system. It implicitly provides information regarding future requirements since routes are known. The system changes its allocation state in one of three ways: 1) a new part is loaded into the system; 2) some part already in the system is advanced one step in its route; 3) a finished part leaves the system. The allocation state space is the set of all such states augmented with state transition information. Such a space is conveniently represented by a directed graph, where vertices represent states and directed edges represent state transition. (Fig. 1 presents a small system and a portion is present of its allocation state space). Directed edge if and only if the single step advancement of one part in state results in state A state is safe if and only if there exists a path in the state space leading to the empty state. If no such path exists, then there is some set of parts in the system that cannot be completed under normal system operation, and the state is deemed unsafe (deadlock is unavoidable). Note that unsafe states are either deadlock or deadlock-free. is a deadlock-free unsafe state, that is, In Fig. 1, does not exhibit deadlock, but once it is reached, deadlock cannot be avoided. Optimal deadlock avoidance (the policy that allows all safe states and rejects all unsafe states) is hard [25]. Because of these (NP-complete) due to states like states, we must sacrifice optimality for scalability. Finally, we and in Fig. 1 that note the existence of states such as are not reachable under normal FMS operation. We are now prepared to discuss DAP properties.

II. BUFFER ALLOCATION MODEL AND DEADLOCK AVOIDANCE POLICIES Buffer capacity allocation is a fundamental control function in automated manufacturing. The FMS controller regulates part flow through the system by granting and rejecting capacity requests made by parts. We define a unit of buffer capacity

A. DAP Correctness A DAP is an algorithm that partitions or cuts the FMS state space into admissible and inadmissible regions. The admissible region, the set of all states that the DAP permits the system to

798


Fig. 1. Example system with portion of state space.

visit, must satisfy certain properties if the DAP is to guarantee be the set of states admitdeadlock-free operation. Let ted by a DAP under normal FMS operation (we assume contains only reachable states). Further, let be the subthat is, space induced by where Finally, for every let is reachin . Then, a DAP is correct if and only able from and (2) In if (1)

essence, this says that a DAP is correct (guarantees deadlockfree allocation) if and only if for every reachable allocation state that it admits, there exists a sequence of admissible allocation states leading to the empty state. In Fig. 1, a DAP cutting the subspace at admits the region and is correct though highly restrictive. A DAP that does single step look ahead


799

for deadlock would cut the subspace at The resulting admissible region does not satisfy (2), and, therefore, the policy is not correct. Reference [20] provides a formal framework for proving DAP correctness.

hypergeometric (we approximate with where This holds when (we argue that because the size of the state space is typically huge, and samples are relatively small). If is large enough then by the Central Limit Theorem the statistic follows the standard normal distribution and From this, we (where 100% confidence interval on compute the following (where is the probability of a type (where is a specified I error). By selecting 100% confident that the error), we can be at least covers interval At this point, we need a method of generating samples of safe states for the given FMS configuration. Random state generation is not feasible since the general problem of deciding whether a state is safe or unsafe is NP-complete. Define the to be co-space of the state space digraph where Note that reverses the sense of all arcs in and states that are reachable are safe in (see [28] for proof). from the empty state in we traverse the edges of To generate a safe sample from starting at and randomly save a sample of the states encountered. This is accomplished by reversing the routes of the given FMS configuration and running it backward. Although this approach does not guarantee unbiased sampling, no other tractable method is known. It is currently unclear whether this sampling method affects the validity of the confidence intervals developed earlier. After state collection is completed, the states are sorted and redundant states removed. Estimates can then be computed. We have now established sufficient background to present the Resource Order Policy, a correct, scalable, and configurable DAP that provides good operational flexibility for most FMS configurations tested.

B. DAP Scalability Real time control policies must use computationally tractable algorithms. Formally, an algorithm is characterized as tractable if its time and space requirements are bounded by polynomial functions of problem encoding size [26], since, in theory, computational requirements do not become unmanageable as input sizes grow. (As a matter of practicality, these bounding polynomials need to be of relatively low order with execution times measured in seconds.) We say that a DAP is scalable if the time and space required for constraint execution is bounded by polynomial function of FMS configuration size, where configuration size is measured the number of machines, the number of part by the cumulative route length. types, and CRL C. DAP Configurability As discussed in the introduction, configuration flexibility is an increasingly important characteristic for automated manufacturing systems. A DAP is configurable if the operating constraints that it imposes can be quickly generated for new FMS configurations. This implies that DAP correctness and scalability must be independent of FMS configuration. As with scalability, we say that a DAP is configurable if the time and space required for constraint generation is bounded by a polynomial function of FMS configuration size: and CRL. D. DAP Operational Flexibility As previously noted, a DAP is optimal if it admits every safe state and rejects every unsafe state. The optimal DAP is not generally tractable since state safety is NP-complete for FMS buffer allocation. This, together with the DAP scalability requirement, implies DAP sub-optimality, that is, scalable DAP’s generally reject some safe states. If too many such states are rejected, however, the DAP will be too restrictive to use. One measure of DAP operational flexibility is the proportion of the safe state space that it admits, that is, This measure essentially compares the DAP to the optimal policy. Because closed form solutions for these quantities are unknown, we develop an empirical approach for estimating this ratio (see [27] for statistical details). we collect a sample of To get a point estimate of safe states and let be the number of admissible states in the sample. is a hypergeometric random variable, that is, (see Table I) the probability distribution of is where the total number of items in the population is the number of admissible items in the population and the number of items sampled from is It is a standard result that the ratio the population is is an unbiased estimator of To get an interval we invoke the binomial approximation to the estimate of

III. THE RESOURCE ORDER POLICY A. Introduction The resource order policy (RO) is a DAP based on the intuition that parts traveling through the same machines but in opposing directions must at some point be able to pass. The policy arose from an analysis of the deadlock characteristics of counter-flow systems [12]. In this policy, the machines are ordered, and each part is categorized according to how it flows with respect to that order. Allocation is constrained so that there never simultaneously exists a machine low in the order filled with parts moving up the order and a machine high in the order filled with parts moving down the order. linear inequalities RO is expressible as a set of that defines a deadlock-free convex region of FMS operation. Because the categorization of parts as moving up or down the order depends on the ordering used, as many as independent constraint sets can be generated (and thus RO forms a family of DAP’s). Mathematical programming is used to develop methods for selecting good orders (those yielding less restrictive constraint sets) from among the possibilities available.

800


TABLE I NOTATION

B. Policy Statement of FMS machines RO uses a total ordering, to categorize each part as right, left, or undirected. be the reLet If the sequence maining route of part stage is monotone is right. If increasing, then is monotone decreasing, is a left. Otherwise, is undirected. If then then is terminal and is ignored. Note that the remaining moves of a right (left) part are always to machines of

increasing (decreasing) order, whereas an undirected part requires at least one more move up the order and at least one more move down the order. RO can now be expressed as the following set of linear constraints:

where is the set of right and undirected part stages is the set of left and undirected part produced by and is any stages produced by


801

bijective mapping. This policy precludes states exhibiting a machine high in the order filled with left/undirected parts and a machine low in the order filled with right/undirected parts. We now demonstrate the logic of this policy by applying it to a relevant technology in semi-conductor manufacturing, cluster tools.

(OR), (D), (C), (OR), (D), (C), (CD) : undirected (D), (C), (OR), (D), C), (CD) : undirected (C), (OR), (D), (C), (CD) : undirected (OR), (D), (C), (CD) : left (D), (C), (CD) : left (C), (CD) : left. We next generate the sets RU and LU for each chamber. Recall that RU is the set of right and undirected wafer stages produced by chamber and LU is the set of left and undirected wafer stages produced by chamber as shown at the bottom of this page. RO constraints are now generated as

C. Example Cluster tools are an emerging technology in the semiconductor industry. These systems provide an enclosed clean room environment for processing silicon wafers. Cluster tools typically consist of a set of processing chambers within which wafer operations are performed. Some type of material handling device, such as a pick and place robot, transfers individual wafers between chambers. Each wafer type requires a predetermined sequence of operations and may revisit some chambers several times. These systems therefore share the deadlock characteristics found in highly automated systems with limited buffer space. For a more complete discussion of cluster tools, see [29]. This reference also provides several cluster tool examples to demonstrate their deadlocking potential. We will use Case III, Section VII-B of [29] to demonstrate the setup and execution of RO constraints. The process plans of two wafer types to be produced in a cluster tool with four processing chambers A, B, C, D one orientation chamber OR and one cool down chamber CD are shown at the bottom of this page. Operations are assigned to chambers as follows: Note that each chamber has one assigned operation, and that, with this chamber assignment, OR, C, B, A, CD wafer routes are computed to be: and OR, D, C, OR, D, C, CD We will assume that each chamber can accommodate only one wafer at a time. To construct RO constraints, we use the chamber ordering Note that we could have used any one of the 6! 720 different chamber orders available (later in the paper, we will discuss methods for selecting orders). We now categorize each wafer stage as right, left, or undirected (OR), (C), (B), (A), (CD) : left (C), (B), (A), (CD) : left (B), (A), (CD) : left (A), (CD) : left

Wafer Type

In the first twelve constraints, RU and, thus, these constraints do not enforce any new limitations on the system. Constraints (13)–(15) do effectively preclude certain states. Among these are the deadlock states of Fig. 2. We will now establish that these constraints guarantee deadlock-free operation. D. Policy Correctness In this section, we formally establish the correctness of the and RO DAP. In this proof, we let Theorem 1: RO is correct.

Process Plan

802


Fig. 2. Cluster tool with deadlock states.

Proof: In this proof, we must show that for every state admitted by the policy, there exists a sequence of admissible states leading to the empty state. We start by assuming that the policy is not correct, that the FMS has been emptied of all parts that can be completed, and that no new part is allowed to enter the system. Under these assumptions, there exists an with no admissible successor admissible state, state in which a part already in the system moves forward. implies that the constraints Note that

next to enter and, as before, such a move would not violate policy constraints. Therefore, the part must be blocked We have now established that a blocked from entering implies a blocked right part in where right part in This is clearly a contradiction since is a finite set. is filled with undirected parts. No Next, suppose that can be filled with left/undirected (since the machine of policy is not violated) or right/undirected (by assumption), that must have at least one right is, any filled machine in can be part and at least one left part. No machine of filled with undirected or right/undirected (since the policy is must have not violated), that is, any filled machine of at least one left part. Furthermore, if there exists a left (right) it must be blocked, else it could move part in forward without violating policy constraints. Note that if such a part exists, we get the contradiction given above. Therefore, is the only all parts in the system must be undirected, and without machine filled. Clearly, we can advance any part at policy violation. Thus, the assumption that RO is not correct is invalid. This theorem guarantees that RO is correct, that is, for every state admitted by RO constraints, there exists a sequence of admissible states leading to the empty state. Thus, the constraint set developed in the cluster tool example will not allow the system to deadlock.

such that are satisfied. If any part moves forward in its route, then the constraints are violated, and we have the following condition: such that

and

must have a machine, say such that either or since, after the movement of one part, there will be two machines, one filled with right/undirected and one filled with left/undirected. Since the movement of one part cannot cause both, one must to be already exist. Without loss of generality, assume 1 . machine of highest order for which and note that this implies In the Let is filled with left/undirected current state, no machine of (since the policy is not violated) or right/undirected (since is machine of highest order for which this is true). is filled with undirected, no machine of Furthermore, if is filled with right/undirected (again since the policy is needs next to enter not violated). Finally, every part of or either We first suppose that has at least one right and such part. Clearly, this part needs next to enter a move would not violate policy constraints since it would not to become filled with left/undirected. cause a machine in Therefore, the part must be blocked from entering Suppose this part next requires Clearly, is full and must hold at least one right part. This right part needs 1 The case where 6 P 2LU jPkm j duality of the right and left concepts.

= Ci is symetrically covered by the

E. Policy Configurability and Scalability To show policy configurability and scalability, we must prove that constraint setup and execution are polynomially bounded in FMS configuration size. Theorem 2: RO is configurable and scalable. Proof: The steps involved in setting up the policy are as follows: 1) order the machines; 2) categorize the part stages produced by each machine into right and left sets; 3) generate a constraint for each pair of machines. steps. For (2), we must examine Equation (1) takes no more than (CRL- ) part stages (the last stage of each part type is terminal and need not be examined). For each part type, start with the next to last part stage. It will always be either right or left but never both. Then, traverse the part type route backward one stage at a time, noting whether the machine order increases or decreases at each step. As long as the observed machine ordering remains monotonically increasing (decreasing), stages are categorized as left (right). When the observed machine ordering undergoes a “switch,” all remaining part stages in the route are categorized as undirected. An upper bound on (2) is, therefore, (CRL) steps. For (3), we must generate one linear constraint for each pair of machines. The number of terms in the constraint for machine where is which pair has an upper bound of CRL. Therefore, (3) will require no steps. An upper bound for more than CRL Constraint execution policy setup is therefore (CRL is also (CRL


803

These bounds are intended to establish the polynomiality of constraint setup and execution in terms of system parameters. Tighter bounds may be possible.

Undirected parts are, in a sense, double counted. It seems intuitive that orders minimizing the number of undirected part stages would generate less restrictive and therefore more flexible DAP’s. This is a surrogate objective for the true, yet far more computationally difficult, objective of finding the order that maximizes the size of the admissible region. We note that even the surrogate problem of minimizing undirected part stages is NP-complete by restriction, that is, a restricted version of the problem in which each part route is acyclic with three machines is equivalent to BETWEENESS, an NPcomplete problem documented by [26] (for details, see [30]). Fortunately, computing good orderings needs to be done only when the system is re-configured, not in real time. We therefore address this problem by developing a linear integer programming (IP) model (see Fig. 3). For reasonably sized systems the proposed IP model can be solved to optimality, while for larger systems and/or stricter time constraints, improved but suboptimal solutions can be obtained by terminating the branch and bound search early. We now present this model using the previous example. (For the remainder of this discussion, “optimal order” refers to a machine ordering that minimizes the number of undirected stages.) Consider the cluster tool example with chambers A, B, C, D, OR, CD For notational convenience, B as C as we refer to chamber A as D as OR as and CD as Wafer types and and routes are thus We need to order the chambers so that the number of undirected part stages in be an integer variable these two routes is minimized. Let and consider the data structure that represents the order of of Fig. 4. This is a 2 CRL matrix where the row headings

F. Operational Flexibility and the Optimal Order Problem To implement RO, it is necessary to order the machines. Although any total order will do, some orders generate more restrictive constraints than others. In the cluster tool example, if we order the chambers as follows: then we get this constraint set as shown at the bottom of this page. Although these constraints guarantee deadlock-free operation, they appear much more restrictive than those previously developed. To investigate this, we collected a sample of 490 safe states from this system using the previously discussed sampling procedure. We then computed the proportion of the sample admitted by each constraint set. To help relate operational flexibility to performance, we simulated system operation under these two DAP’s and saved performance results. This information is presented below. Note the positive correlation between operational flexibility and system performance measures, as shown at the bottom of the page. One difference in the two orders is the number of undirected part stages that each generates. The first order generates three, whereas the second generates eight. Recall that any part that switches direction with respect to the order in the remainder of its route is undirected. Such a part restricts both the number of right/undirected parts of machines lower in the order and the number of left/undirected parts of machines higher in the order, that is, the undirected part appears in both the right hand and left hand constraints of its machine.

Chamber Order

Sample Proportion Admitted

Average Production Rate wafers/hr wafers/hr

Average Machine Utilization

804


one to one

(1) Note that since the Next, we discuss constraints on the last stage of each part type is ignored (since the part at this point is leaving the system), 0. Also, observe that the next to last stage of each part type is either right or left but never undirected, since a sequence of two natural numbers cannot have a switch. Therefore, we Finally, note that have for For example, in Fig. 5 we have Intuitively, if a part stage is categorized as right, all preceding part stages in the route must also be categorized as right (similarly for left). In general, these constraints are expressed as for

(2) Fig. 3. General integer programming formulation for the “optimal order” problem.

indicate right and left, the column headings represent the order assigned to the machines in each route, and the binary indicate whether the part stage is variables, right, left, or undirected. Observe that the subscript denotes denotes part type, and denotes stage. For right/left, example, consider Fig. 5 where that is, 3, etc. We see that is undirected, 1, since the sequence 52 316 has a i.e., is right only, i.e., switch. Furthermore, we see that and 0, since the inclusive remainder of ’s route is increasing with respect to i.e., the sequence 16 has no switch. Using this structure, it is possible to develop the following constraints. We start with constraints that guarantee to a one to one mapping from the set A well known expression from analysis is that 1 2 2 (in for any natural number the cluster tool example, the variables must sum to 21). We where 1 if introduce a binary indicator variable, zero otherwise. Assuming is some large number the following constraints are satisfied if and only to is if the mapping from

1 if and Finally, note that 1 if In words, is 1 if the column heading of the next column is greater than (the part stage represented by the column heading of must next move up the order), and is 1 if the column heading of the next column is less than the column (the part stage represented by must heading of next move down the order). For example, in Fig. 5 we see that since 1. Similarly, since 4. We encode these in linear constraints as and ( 1), respectively. To express these constraints in general, we let be 1 if is the ( 1)st machine in route 1 if is the th machine in route and 0 otherwise (note that indicates machine, indicates the route, and indicates stage). All required constraints are then generated by for

(3) Finally, we must select an appropriate objective. Because of the structure of these constraints, minimizing the summation of the binary variables is equivalent to minimizing the number


805

Fig. 4. Stage direction matrix.

A B C D OR Fig. 5. Right left categorization for order CD 6 1 3 2 4 5

:

of undirected part stages (similarly, maximizing the summation variables is equivalent to maximizing the of the binary number of undirected part stages). We therefore have

Fig. 6 provides the constraints generated by the cluster tool example. We solved the program of Fig. 6 using branch and bound and obtained the order The reader can easily verify that this order generates three undirected part stages. We are able to characterize the number of variables and machines and constraints generated for a system with part types each with route length as follows: Number of Variables Number of Constraints

In the program of Fig. 6, there are 36 2 12 60 variables and 1 3 2 1.5 (36 6) 2 (12 2) 4 3 6 5 114 constraints. These derivations rely on simple counting. We make the following observations regarding the solvability of this IP. First, we applied and easily solved the IP for eight experimental systems presented in the next section. The largest of these systems consisted of nine machines producing nine different part types with a cumulative route length of forty-five stages. For larger systems, where the required computation might be intractable, the proposed formulation can still provide efficient but suboptimal orderings by using the incumbent solution(s) obtained by a branch and bound search

over a constrained time budget. In fact, more than one of the currently obtained best solutions can be used in a disjunctive RO implementation, which admits a buffer allocation state if the policy implementation based on any of the considered resource orderings admits the state. For additional discussion on DAP disjunction and the computation of “complementary” orderings for such schemes, see [31]. IV. EXPERIMENTS IN OPERATIONAL FLEXIBILITY A. Introduction This section presents the results of simulation experiments in which we investigate the effects of optimal orders and system parameters on operational flexibility, average machine utilization, and normalized system production rate. In this experiment, we randomly generate a set of FMS configurations (where a configuration consists of a set of machines and their capacities along with a set of part types and their routes) and then collect a sample of safe states from each using the co-space simulation method discussed earlier. We then use this sample to estimate the operational flexibility of RO using optimal and worst case orders (worst case orders maximize the number of undirected part stages). Our objective in doing this is to evaluate the effectiveness of the surrogate objective used in the IP formulation, that is, to determine the extent to which the number of undirected part stages affects the operational flexibility of the RO policy. Worst case and optimal orderings provide the maximum difference in the number of undirected part stages. We also simulate two large production runs for each system, the first with system operation constrained by RO under the “worst case” order, and the second with system operation constrained by RO under the “optimal” order. Finally, we compute and analyze system performance measures from these runs. Our intention in this

806


Fig. 6. Example optimal order formulation.

last set of experiments is to establish that operational flexibility can lead to improved performance, but to make effective use of this potential, sophisticated scheduling policies are needed. To neutralize effects caused by the scheduling policy, we apply an opportunistic scheduling scheme based on a “push,” first-come-first-serve approach to part loading and dispatching. Developing good scheduling policies for these environments

is a complex problem that is part of our current research and is beyond the scope of this paper. B. Random System Generation We randomly generated FMS configurations to be tested by systematically varying the following parameters, taking one


807

Fig. 7. Example configuration sheet. Fig. 8. Effects of experimental factors on proportion admitted.

configuration at each of the levels for a total of eight systems, shown at the bottom of this page. For example, to produce a random configuration with both the number of machines and machine capacities at high levels, we selected the number of machines from a normal distribution with mean of 8 and variance of 1 and machine capacities from a normal distribution with mean of 6 and variance of 1. Shop type affected the structure of the routes in the system. Flow shops tended to have routes with parts flowing in a single direction, whereas the routes of job shops exhibited no apparent structure. To generate routes for a job shop type of configuration, we chose the first machine in each route uniformly from the set of machines in the system, that is, each machine had equal probability of being selected. We selected the remainder of the route uniformly with the restriction that no machine could follow itself in any route. For flow shops, we chose the first machine in each route uniformly and selected remaining machines from a binomial distribution that placed most of the weight of the distribution on machine numbers just larger than the last selected machine. In other words, for small there was high probability that followed and for there was high probability that followed large small Thus, routes tended to be increasing in machine number with occasional cycles back to machines with low numbers (see the route in the example of Fig. 7). C. Experimental Results Fig. 7 presents the data sheet for the system with low number of machines, high machine capacities, and routes that tend to have flow shop structure. We collected a sample of 417 950 safe states from this system and used them to check the operational flexibility of the worst case and optimal orders. These orders were determined by solving the formulation of Fig. 3 for this configuration. We then simulated two production runs for this system, the first with the system operating under RO constraints generated from the worst case order, and the second with the system operating under RO constraints generated from the optimal order. Each production run consisted

Fig. 9. Two factor interaction between shop type and DAP.

of approximately 1000 of each part type. We then computed the normalized production rates and machine utilizations from each of these runs. Note that the normalized production rate was computed by taking the ratio of the observed system production rate to the ideal system rate, the ideal rate being where is the computed as: is set of all part stages operated on by machine and This equation the average processing time of part stage essentially computes an upper bound on the output rate of the bottleneck machine, and thus represents an upper bound on system production rate. In the system of Fig. 7, optimal ordering provides a good increase in operational flexibility that leads to enhanced production rate and machine utilization. Fig. 8 summarizes the effects of DAP, shop type, capacity, and number of machines on the proportion of sample admitted. DAP and capacity are statistically significant with values of 0.09 and 0.8%, respectively. The average proportion increases from about 45% for systems under worst case RO to 83% under optimal RO. The figure further indicates that, on average, RO tends to be less constraining for higher capacity systems with routes structured after the flow shop. The negative correlation between number of machines and RO flexibility is natural since the size of RO’s constraint set is quadratic in number of machines. Furthermore, in larger systems, part routes are unlikely to consist of all machines.

Parameters

High Level

Low Level

Number of Machines Machine Capacity Shop Type

Normal Normal Job Shop

Normal Normal Flow Shop

808


Although some cases exhibit considerable improvement (systems 1, 4, and 5), others show no improvement or even slight degradation (system 7). These results emphasize that exploiting increased operational flexibility for improved system performance requires more sophisticated scheduling and dispatching than the simple first come first serve policy that we implemented. Developing such effective scheduling schemes is a nontrivial task that is the logical extension and challenge to this work. Some preliminary results along these lines can be found in [21], [32]. Fig. 10.

Effects of experimental factors on normalized production rate.

V. CONCLUSION

Fig. 11.

Effects of experimental factors on average machine utilization.

In conclusion, the objective of our research is to develop rapidly configurable control policies that guarantee deadlockfree FMS operation. In this paper, we presented the Resource Order Policy, a correct, configurable, and scalable DAP. We used the FMS state space to develop the concepts of DAP correctness, configurability, scalability, and operational flexibility. We demonstrated RO setup and proved policy correctness. We also showed policy setup and execution to be polynomial in FMS configuration size. Finally, we discussed how to tune the policy for a particular FMS configuration using linear integer programming model that identifies “optimal” orders, and we presented experimental evidence supporting this approach. Future research will address routing flexibility under DAP supervision, the development of new DAP’s, and the relationships and interactions between DAP’s and FMS scheduling and dispatching policies. REFERENCES

Fig. 12.

Normalized production rates for optimal and worst case RO policies.

Since RO constraints do not recognize this, they tend to be more conservative for larger systems. There is also a significant two-factor interaction between DAP and shop type value of 4.7%). Fig. 9 indicates that shop type is significant only for worst case RO. Route structure has little effect on RO flexibility when the optimal order is used. We perceive this effect as an additional indication that the surrogate criterion selected for the “optimal order” problem is a valid one. Figs. 10 and 11 show that capacity level had the most dramatic effect on normalized production rate and machine values of 0.03%). We believe there are two utilization reasons for this. First, in our simulation, each unit of capacity has its own server, that is, a workstation with two units of capacity is equivalent to two identical machines each with a single unit of capacity. Second, as capacity increases, RO constraints become less restrictive, since higher capacity levels increase the right hand side of RO constraints, and this might lead to improved performance. Finally, Fig. 12 compares the normalized production rates obtained under optimal and worst case order implementations of the RO DAP for the eight considered configurations.

[1] D. Upton, “A flexible structure for computer-controlled manufacturing systems,” Manuf. Rev., vol. 5, pp. 58–74, Mar. 1992. [2] J. Charr, D. Teichroew, and R. Volz, “Developing manufacturing control software: A survey and critique,” Int. J. Flexible Manufact. Syst., vol. 5, pp. 53–88, June 1993. [3] K. D’Souza and S. Khator, “A survey of Petri net applications in modeling controls for automated manufacturing systems,” Comput. Ind., vol. 24, pp. 5–16, 1994. [4] R. Cossins and P. Ferreira, “Celeritas: A colored Petri net approach to simulation and control of flexible manufacturing systems,” Int. J. Prod. Res., vol. 30, pp. 1925–1956, Aug. 1992. [5] M. Zhou, Petri Nets in Flexible Automation. Boston, MA: Kluwer, 1995. [6] C. Ausfelder, E. Castelain, and J. Gentina, “A method for hierarchical modeling of the command of flexible manufacturing systems,” IEEE Trans. Syst., Man, Cybern., vol. 24, pp. 564–573, Apr. 1994. [7] H. Cho and R. Wysk, “Intelligent workstation controller for computerintegrated manufacturing: problems and models,” J. Manufact. Syst., vol. 14, pp. 252–263, 1995. [8] S. Joshi, E. Mettala, and R. Wysk, “CIMGEN—A computer aided software engineering tool for development of fms control software,” IIE Trans., vol. 24, pp. 84–97, July 1992. [9] J. Villarroel and P. Muro-Medrano, “Using Petri net models at the coordination level for manufacturing system control,” Robot. ComputerIntegrated Manufact., vol. 11, pp. 41–50, 1994. [10] A. Silberschatz and G. Peterson, Operating Systems Concepts. Reading, MA: Addison-Wesley, 1991. [11] H. Cho, T. Kumaran, and R. Wysk, “Graph-theoretic deadlock detection and resolution for flexible manufacturing systems,” IEEE Trans. Robot. Automat., vol. 11, pp. 413–421, June 1995. [12] M. Lawley, S. Reveliotis, and P. Ferreira, “Design guidelines for developing deadlock handling strategies in flexible manufacturing systems,” Int. J. Flexible Manufact. Syst., vol. 9, pp. 5–30, 1997. [13] Z. Banaszak and B. Krogh, “Deadlock avoidance in flexible manufacturing systems with concurrently competing process flows,” IEEE Trans. Robot. Automat., vol. 6, pp. 724–734, Dec. 1990.


809

[14] F. Hsieh and S. Chang, “Dispatching driven deadlock avoidance controller synthesis for flexible manufacturing systems,” IEEE Trans. Robot. Automat., vol. 10, pp. 196–209, Apr. 1994. [15] T. Kumaran, W. Chang, H. Cho, and R. Wysk, “A structured approach to deadlock detection, avoidance, and resolution in flexible manufacturing systems,” Int. J. Prod. Res., vol. 32, pp. 2361–2379, Oct. 1994. [16] M. Lawley and P. Ferreira, “An automaton based framework for analysis and control of flexible manufacturing systems,” in Proc. Mid-America Conf. Intell. Syst., Kansas City, KS, Oct. 1994, pp. 144–151. [17] M. Lawley, S. Reveliotis, and P. Ferreira, “Configurable and scalable real time control policies for deadlock avoidance in flexible manufacturing systems,” in Proc. 6th Int. FAIM Conf., Atlanta, GA, May 1996, pp. 758–767. , “Structural control of flexible manufacturing systems and the [18] neighborhood policy: Parts 1 & 2,” IIE Trans., vol. 29, no. 10, pp. 877–899, Oct. 1997. [19] Y. Leung and G. Sheen, “Resolving deadlocks in flexible manufacturing cells,” J. Manufact. Syst., vol. 12, pp. 291–304, 1993. [20] S. Reveliotis and P. Ferreira, “Deadlock avoidance policies for automated manufacturing cells,” IEEE Trans. Robot. Automat., vol. 12, pp. 845–857, Nov. 1996. , “Performance evaluation of structurally controlled fms: exact [21] and approximate methods,” in Proc. 6th Int. FAIM Conf., Atlanta, GA, May 1996, pp. 829–838. [22] N. Viswanadham, Y. Narahari, and T. Johnson, “Deadlock prevention and deadlock avoidance in flexible manufacturing systems using Petri nets,” IEEE Trans. Robot. Automat., vol. 6, pp. 712–723, Dec. 1990. [23] R. Wysk, N. Yang, and S. Joshi, “Detection of deadlocks in flexible manufacturing cells,” IEEE Trans. Robot. Automat., vol. 7, pp. 853–859, Dec. 1991. , “Resolution of deadlocks in flexible manufacturing systems: [24] avoidance and recovery approaches,” J. Manufact. Syst., vol. 13, pp. 128–138, 1994. [25] S. Reveliotis, M. Lawley, and P. Ferreira “Polynomial complexity deadlock avoidance policies for sequential resource allocation systems,” IEEE Trans. Automat. Contr., vol. 42, Oct. 1997. [26] M. Garey and D. Johnson, Computers and Intractability: A Guide to the Theory of NP-Completeness. New York: W. H. Freeman, 1979. [27] R. Walpole and R. Myers, Probability and Statistics for Engineers and Scientists. New York: Macmillan, 1995. [28] M. Lawley and P. Ferreira, “Efficiency analysis of deadlock avoidance policies in flexible manufacturing systems,” Tech. Rep. UILU-ENG-964009, Univ. Illinois at Urbana-Champaign, Urbana, IL, 1996. [29] D. Bodner, “Real-time control approaches to deadlock management in automated manufacturing systems,” Ph.D. dissertation, Georgia Inst. of Technol., Atlanta, GA, 1996. [30] M. Lawley, “Structural analysis and control of flexible manufacturing systems,” Ph.D. dissertation, Univ. Illinois at Urbana-Champaign, Urbana, IL, 1995. [31] S. Reveliotis, “Structural control of flexible manufacturing systems with a performance perspective,” Ph.D. dissertation, Univ. Illinois at Urbana-Champaign, Urbana, IL, 1996. [32] M. Lawley and J. Mittenthal, “Order release and deadlock avoidance interactions in counter-flow system optimization,” Research Memorandum 98-09, School of Industrial Engineering, Purdue Univ., West Lafayette, IN, 1998.

Mark A. Lawley received the B.S. degree in industrial engineering from Tennessee Technological University, Cookeville, the M.S. degree in manufacturing systems engineering from Auburn University, Auburn, AL, and the Ph.D degree in mechanical engineering from the University of Illinois at Urbana-Champaign. He is Assistant Professor of Industrial Engineering at Purdue University. He has held industrial positions with Westinghouse Electric Corporation and Emerson Electric Company. His research interests are in manufacturing systems modeling, analysis, and control. He is a registered professional engineer in the State of Alabama.

Spyros A. Reveliotis received the Ph.D degree in industrial engineering from the University of Illinois at Urbana-Champaign, the M.S. degree in computer systems engineering/engineering software design from Northeastern University, Boston, MA, and the B.S. degree in electrical engineering from National Technical University of Athens (NTUA), Greece. He is Assistant Professor of Industrial Engineering at the Georgia Institute of Technology, Atlanta. Before coming to the United States, he held the position of Scientific Associate in the Department of Electrical Engineering, NTUA. His research interests include real time control of automated manufacturing systems and discrete event modeling and control methodologies.

Placid M. Ferreira received the Ph.D. degree from Purdue University, West Lafayette, IN, in 1987. He is Associate Professor of Mechanical and Industrial Engineering at the University of Illinois at Urbana-Champaign. His research interests are in flexible automation.