Technical Reprot Systems Control and Automation Group School of Electro-Mechancial Engineering Xidian University
Deadlock Prevention Based on Structure Reuse of Petri Net Supervisors for Flexible Manufacturing Systems
ZhiWu Li School of Electro-Mechanical Engineering Xidian University No.2 South Taibai Road Xi’an 710071, China email:
[email protected] Hans-Michael Hanisch Institute of Computer Science Martin Luther Universit¨at of Halle–Wittenburg Kurt-Mothes Straße 1 06120 Halle, Germany email:
[email protected] MengChu Zhou Department of Electrical and Computer Engineering New Jersey Institute of Technology Newark, NJ 07102, USA e-mail:
[email protected]
Contact Information: Office Location: A1111, New Sci-Tech Building, North-Campus, Xidian University Access ID: SCATR201008001 Tel: 86-29-88-20-24-41 Fax: 86-29-88-20-43-38 Website: http://sca.xidian.edu.cn/ 2010.08.13
Deadlock Prevention Based on Structure Reuse of Petri Net Supervisors for Flexible Manufacturing Systems Zhiwu Li, Hans-Michael Hanisch, and MengChu Zhou Abstract Deadlocks are an undesirable situation in automated flexible manufacturing systems. Their occurrences often deteriorate the utilization of resources and may lead to catastrophic results. The solution of a maximally permissive, i.e., optimal, supervisor in general belongs to the class of NP-hard problems. A computationally efficient policy, however, often implies a behaviorally restricted supervisor. This paper develops a deadlock prevention policy that establishes a trade-off between the behavioral permissiveness and computational tractability for a class of Petri nets, which can model many flexible manufacturing systems. The theory of regions guides our efforts towards the development of near-optimal solutions for deadlock prevention. Given a plant net structure, a minimal initial marking is first decided by structural analysis, and an optimal live controlled system is computed. Then, a set of inequality constraints is derived with respect to the markings of monitors and the places in the plant model such that no siphon can be insufficiently marked. A method is proposed to identify the redundancy condition for a constraint. For a new initial marking of the plant net structure, a deadlock prevention controlled system can be obtained by regulating the markings of the monitors such that the inequality constraints are satisfied, without changing the structure of the controlled system obtained previously. The behavioral performance of a controlled net system via the proposed method is shown to be nearly optimal by experimental studies. Index Terms: Petri net, deadlock prevention, flexible manufacturing system, the theory of regions, siphon
1
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
1
Introduction
The survivability of traditional mass production is challenged by the quick changes of market requirements, leading to the emergence of flexible manufacturing systems (FMS) that can produce multiple product types with a small batch. An FMS is a conglomeration of computer numerically controlled machine tools, robots, AGV, buffers and fixtures, served by a material-handling system. It usually exhibits a high degree of resource sharing in order to increase flexibility such that it can quickly respond to market changes. Resource sharing may lead to circular wait conditions, the cause of deadlocks in which each of a set of two or more jobs keeps waiting indefinitely for the other jobs in the set to relinquish resources that they hold. Deadlocks and related blocking phenomena can give rise to unnecessary productivity loss, and even catastrophic results in some highly automated systems such as semiconductor manufacturing and safety-critical distributed databases. It is thereof necessary to explore an effective and computationally efficient mechanism to properly allocate resources such that deadlocks can never occur. With the wide application of FMS, their deadlock control problem was extensively studied over the last two decades, leading to significant results in theory and successful industrial applications [8], [9], [14], [17], [19], [28], [26], [29], [33], [46]. Digraphs, automata, and Petri nets are three major mathematical tools to investigate deadlock problems in FMS [12], [16]. Due to their inherent characteristics, Petri nets as well as their extended versions are increasingly becoming a fully fledged formalism and have received particular attention from academic and industrial communities [24], [25], [39], [40], [41], [42], [45], [49]. 1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
The major strategies using Petri net techniques to cope with deadlocks in FMS are deadlock detection and recovery [12], deadlock avoidance [15], [1], [3], and deadlock prevention [4], [6], [9], [20], [46], [26], [28]. Deadlock detection and recovery is an optimistic strategy that grants a resource to a request as long as the resource is available. A deadlock detection algorithm is used to detect the occurrence of deadlocks. Once a deadlock is detected, a recovery mechanism is initialized by aborting one or more processes involved in the deadlock and the resources held by the aborted processes are relinquished. A deadlock detection and recovery strategy is often used in the case where deadlocks are infrequent and resulting consequence is not serious or does not cause much damage. In a deadlock avoidance strategy, a resource is granted to a process only if the resulting state is not a deadlock. In order to decide whether the forthcoming state is safe if a resource is allocated to a process, every cell controller and global controller need to keep track of the global system state. Some aggressive deadlock avoidance policies do not eliminate all deadlock states [52], [53], [54], [55]. Deadlock prevention is a well-defined problem in FMS, which is usually achieved either by designing an effective system [58] or by using an off-line mechanism to control the requests for resources to ensure that deadlocks never occur. In the Petri net framework, control places (monitors) as well as related arcs can be used to implement this mechanism [1], [9], [26], [27], [28], [51]. Recent effective and computationally efficient deadlock prevention policies are proposed by Piroddi et al. in [36], [37], and [38]. The deadlock prevention policies underlying Petri net formalisms in the the literature are developed on the basis of either state space or structural analysis, e.g., siphon control. Falling into the first category, the theory of regions [2] that can derive Petri nets from automaton-based models is an important method for supervisory control of discrete event systems. Its appearance is followed by a large amount of research aiming to develop optimal deadlock prevention policies [13], [46], [47], [48]. Ghaffari et al. [13] explore the condition on the existence of a monitor-based liveness-enforcing Petri net supervisor that is optimal, i.e., maximally permissive, and develop a methodology to synthesize such a supervisor. The most attractive advantage of the approach is that an optimal Petri net supervisor can always be obtained, by adding monitors that are used to separate events from unsafe states, when such a supervisor exists. However, it bears much computational cost. In such an approach, one first needs to generate the reachability graph given a plant Petri net model. Then, the set of marking/transition separation instances is calculated, whose number is in theory exponential with respect to the size of a net and its initial marking. Finally, for each instance, a monitor is computed by solving a linear programming problem in which the number of constraints is approximately equal to that of nodes in the reachability graph. For a system under any change in its initial marking, the aforementioned steps have to be repeated. In such an approach, no information of previously computed supervisors is reused. Deadlock prevention based on siphon control is a typical application of structural analysis techniques of Petri nets. The approaches derived from siphon control are in general not optimal, or even overly restrictive and conservative, from the behavioral permissiveness standpoint. However, they can usually provide a computationally tractable supervisor reconfiguration for a system with a new configuration of resource capacity and processing instances, whose supervisor structure has been computed by a siphon-based approach [4], [9], [10], [17], [18], [19], [26], [27], [28], [44], [50], [57]. To inherit and reserve the advantages of two classes of approaches, this work proposes a novel design method of deadlock prevention supervisors based on Petri nets, which does not guarantee maximal permissiveness but empirical results show its superiority over other suboptimal approaches derived from siphon control. Given the plant Petri net model of 2
27
an FMS, one first designs an optimal liveness-enforcing controlled system for the model at a minimal initial marking by utilizing the theory of regions. Then, we calculate all strict minimal siphons in the controlled system. Such a siphon does not contain a trap. For each strict minimal siphon, an algebraic inequality with respect to the markings of monitors and resource places in the controlled system, also called a liveness constraint, is established in terms of the concept of max-controlled or invariant-controlled siphons. The satisfaction of such a constraint implies the absence of dead transitions in the postset of the siphon. Consequently, given initial markings that satisfy all the liveness inequality constraints, all siphons can be max-controlled, and the resulting controlled system is live. After a controlled system structure is found, one can reallocate the initial markings according to the inequality constraints. No matter how large the initial markings and the number of states are, the liveness constraints remain unchanged. Their satisfaction ensures the absence of uncontrolled siphons. This implies that, for a plant model with a fixed net structure, we only need to compute its reachability graph and the siphons of the controlled system once. Whenever the number of process instances and the capacity of manufacturing resources change, a Petri net supervisor can be determined easily via these algebraic inequality constraints. The paper proceeds as follows. Section 2 provides the necessary background on Petri nets and the concept of multisets. Section 3 formulates the considered problem through a motivation example and generalizes a class of manufacturing-oriented Petri nets. Section 4 elaborates a method that properly allocates initial markings for monitors to prevent siphons from being uncontrolled. Section 5 proposes an algorithm to identify the redundant constraints. A deadlock prevention policy is developed in Section 6. A real-world example is given in Section 7 to demonstrate the proposed method. Experimental studies are conducted in Section 8, showing the near optimality of the proposed deadlock prevention policy. A problem of the proposed method is discussed in Section 9. Section 10 concludes this work.
28
2
29
2.1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
Preliminaries Basics of Petri Nets
A Petri net [34] is a four-tuple N = (P, T, F, W ) where P and T are finite and nonempty sets. P is the set of places and T is the set of transitions with P ∪ T 6= ∅ and P ∩ T = ∅. F ⊆ (P × T ) ∪ (T × P ) is called flow relation of the net, represented by arcs with arrows from places to transitions or from transitions to places. W : (P × T ) ∪ (T × P ) → N is a mapping that assigns a weight to an arc: W (f ) > 0 if f ∈ F and W (f ) = 0 otherwise, where N = {0, 1, 2, . . .}. N = (P, T, F, W ) is called an ordinary net, denoted as N = (P, T, F ), if ∀f ∈ F, W (f ) = 1. A marking M∑of N is a mapping from P to N. (N, M0 ) is called a marked net. We usually use p∈P M (p)p to denote vector T M . For example, M = (2, 0, 1, 0) in a net with four places p1 –p4 can be re-written as M = 2p1 + p3 . The preset of x ∈ P ∪ T is defined as • x = {y ∈ P ∪ T |(y, x) ∈ F }. While the postset of x is defined as x• = {y ∈ P ∪ T |(x, y) ∈ F }. This notation can be extended to a set of nodes as follows: given X ⊆ P ∪ T , • X = ∪x∈X • x, and X • = ∪x∈X x• . A transition t ∈ T is enabled at a marking M iff ∀p ∈ • t, M (p) ≥ W (p, t); this fact is denoted as M [ti; when fired, this gives a new marking M 0 such that ∀p ∈ P , M 0 (p) = M (p) − W (p, t) + W (t, p); it is denoted as M [tiM 0 . Marking M 0 is said to be reachable from M if there exist a sequence of transitions σ = t0 t1 . . . tn and markings M1 , M2 , . . ., and Mn such that M [t0 iM1 [t1 iM2 . . . Mn [tn iM 0 holds. The set of markings 3
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
33 34 35
reachable from M in N is denoted as R(N, M ). [N ] is called the incidence matrix of N . It is a |P | × |T | integer matrix with [N ](p, t)=W (t, p) − W (p, t). For a place p in net N , its incidence vector is denoted as [N ](p, ·). A transition t ∈ T is live at M0 iff ∀M ∈ R(N, M0 ), ∃M 0 ∈ R(N, M ), M 0 [ti. N is dead at M0 iff 6 ∃t ∈ T , M0 [ti. (N, M0 ) is deadlock-free iff ∀M ∈ R(N, M0 ), ∃t ∈ T , M [ti. (N, M0 ) is live iff ∀t ∈ T , t is live at M0 . (N, M0 ) is bounded iff ∃k ∈ N, ∀M ∈ R(N, M0 ), ∀p ∈ P , M (p) ≤ k. It is quasi-live iff ∀t ∈ T , there exists M ∈ R(N, M0 ) such that M [ti holds. It is reversible if ∀M ∈ R(N, M0 ), M0 ∈ R(N, M ). A P-vector is a column vector I : P → Z indexed by P and a T-vector is a column vector J :∑ T → Z indexed ∑ by T , where Z is the set of integers. A P(T)-vector I(J) is denoted by I(p)p ( p∈P t∈T J(t)t) for economy of space. P-vector I is a P-invariant (place invariant) iff I 6=0 and I T [N ] = 0T . P-invariant I is said to be a P-semiflow if no element of I is negative. ||I|| = {p ∈ P |I(p) 6= 0} is called the support of I. ||I||+ = {p|I(p) > 0} denotes the positive support of P-invariant I, while ||I||− = {p|I(p) < 0} denotes the negative support of I. An invariant is called minimal when its support is not a strict superset of the support of any other, and the greatest common divisor of its elements is one. If I is a P-invariant of (N, M0 ) then ∀M ∈ R(N, M0 ), I T M = I T M0 . Let S be a non-empty subset of places. S ⊆ P is a siphon (trap) iff • S ⊆ S • (S • ⊆• S). A marked trap can never be emptied. A siphon is said to be minimal iff it contains no other siphons as its proper subsets. A minimal siphon is strict if it contains no marked trap. Siphon S is called uncontrolled in (N, M0 ) iff ∃M ∈ R(N, M0 ), ∀t ∈ S • , t is dead at M . It is said to be invariant-controlled by P-invariant I if I T M0 > 0 and ||I||+ ⊆ S. A siphon S in (N, M0 ) is said to be uncontrolled if ∃t ∈ S • , ∀M ∈ R(N, M0 ), t is dead at M. A siphon S is said to be max-marked at a marking M ∈ R(N, M0 ) iff ∃p ∈ S such that M (p) ≥ maxp• , where maxp• = max{W (p, t)|t ∈ p• }. S is max-controlled iff it is maxmarked at any reachable marking. (N, M0 ) satisfies the maximal cs-property (maximal controlled-siphon property) iff each minimal siphon of N is max-controlled. A siphon satisfying the max-controlled property can be always marked sufficiently to allow firing a transition once at least. The work in [5] shows that a Petri net is deadlock-free if it satisfies the cs-property. The concept of invariant-controlled siphons is a special case of max-controlled siphons. Proposition 1 [5] Let (N, M0 ) be a Petri net and S be a siphon of N . If there ex− + T • ists ∑ a P -invariant I such that ∀p ∈ (||I|| ∩ S), maxp = 1, ||I|| ⊆ S, and I M0 > p∈S I(p)(maxp• − 1), then S is max-controlled.
40
As for the concepts of plants, supervisors, and controlled systems, the reader is referred to [31]. A supervisor is said to be maximally permissive, i.e., optimal, if its resulting controlled system comprise all safe states of a plant and every reachable state in the controlled system is a safe state of the plant. Such a controlled system is said to be optimal.
41
2.2
36 37 38 39
42 43
44 45 46
Multisets
Definition 1 A multiset Ω, ∑ over a non-empty set A, is a mapping Ω : A → N, which we represent as a formal sum a∈A Ω(a).a. A multiset is a generalization of the concept of a set. In multiset Ω, non-negative integer Ω(a) is the coefficient of element a ∈ A, indicating the number of occurrences of a in Ω. It is said that a ∈ A belongs to Ω, denoted by a ∈ Ω, if Ω(a) > 0. It does not 4
15
belong to Ω, denoted by a 6∈ Ω, if Ω(a) = 0. Let Ω1 and Ω2 be two multisets. The basic operations on multisets are union, intersection, addition, difference and comparison, which are defined, respectively, as follows: ∑ Ω1 ∪ Ω2 := ∑a∈A max{Ω1 (a), Ω2 (a)}.a, Ω1 ∩ Ω2 := ∑a∈A min{Ω1 (a), Ω2 (a)}.a, Ω1 + Ω2 := ∑a∈A (Ω1 (a) + Ω2 (a)).a, Ω1 − Ω2 := a∈A (Ω1 (a) − (Ω1 ∩ Ω2 )(a)).a, Ω1 ≤ Ω2 ⇔ ∀a ∈ Ω1 , Ω1 (a) ≤ Ω2 (a), and Ω1 < Ω2 ⇔ ∀a ∈ Ω1 , Ω1 (a) < Ω2 (a). Let Ω1 = a + b, Ω2 = 2a + b + c, and Ω3 = 3a + 2c be three multisets over A = {a, b, c}. We have Ω1 ∪ Ω2 = 2a + b + c, Ω1 ∪ Ω3 = 3a + b + 2c, Ω1 ∩ Ω3 = a, Ω2 ∩ Ω3 = 2a + c, Ω1 + Ω2 = 3a + 2b + c, Ω1 − Ω2 = ∅, Ω3 − Ω1 = 2a + 2c, Ω3 − Ω2 = a + c, and Ω1 < Ω2 . Later, we can say that multiset Ω1 is less than Ω2 if Ω1 < Ω2 and Ω2 is greater than or equals to Ω1 if Ω1 ≤ Ω2 . A multiset without any element is denoted by ∅ as an empty set. A multiset becomes a set if the multiplicity of every element is one.
16
3
17
3.1
1 2 3 4 5 6 7 8 9 10 11 12 13 14
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
Structure Design of a Petri Net Supervisor Motivation and Problem Formulation
Let us recall the steps to use the theory of regions to design a supervisor for a Petri net model. First, generate the reachability graph of the model. Then, find all marking/transition separation instances. For each instance, a monitor is computed by solving a linear programming problem (LPP). In theory, the number of marking/transition separation instances grows exponentially with the net size and initial marking. So is the number of constraints in each LPP. Moreover, the size of a reachability graph is rather sensitive to the size and initial marking of a net. These facts make it infeasible for the theory of regions to be applied to real-world problems. We formulate the problem and illustrate the proposed method through a small example from [58]. Consider a net (N, M0 ) in Figure 1(a) with its reachability graph shown in Figure 1(b). Its optimal controlled system (N c , M0c ) can be found by the theory of regions [46], [13], as shown in Figure 1(f). Now we consider the deadlock control in (N m , M0m ) as shown in Figure 1(c). It has the same topology structure as (N, M0 ) in Figure 1(a), but has a small initial marking. Its reachability graph is shown in Figure 1(d). Figure 1(e) shows its controlled system (N mc , M0mc ) obtained by using the theory of regions. The computation of (N mc , M0mc ) is obviously more tractable than that of (N c , M0c ) since (N m , M0m ) has a small reachability space. Now we investigate the relationship between controllability of siphons in (N mc , M0mc ) and its initial marking. Specifically, N mc has five minimal siphons: S1 = {p1 , p2 , p3 , p4 }, S2 = {p3 , p5 }, S3 = {p2 , p4 , p6 }, S4 = {p2 , p3 , pc }, and S5 = {p4 , p5 , p6 }. The first four siphons are also traps, implying that they cannot be unmarked once p1 , p5 , p6 , and pc are initially marked. From the original net model (N, M0 ), p1 , p5 , and p6 are initially marked. As a monitor, pc must be initially marked. Otherwise there exist dead transitions at the initial marking. Next we give a marking relationship at which S5 is controlled. Note that Ip5 = p3 + p5 , Ip6 = p2 + p4 + p6 , and Ipc = p2 + p3 + pc are P-invariants in Figure 1(e). Let I = Ip5 + Ip6 − Ipc . Clearly, I = p4 + p5 + p6 − pc is a P-invariant. Since ||I||+ ⊆ S5 , S5 is controlled if I T M0mc > 0 holds, i.e., S5 is controlled if M0mc (p4 ) + M0mc (p5 ) + M0mc (p6 ) > M0mc (pc ). The above results indicate that each siphon in the net shown in Figure 1(e) is controlled if p1 , p5 , and p6 are initially marked, and M0mc (p4 ) + M0mc (p5 ) + M0mc (p6 ) > M0mc (pc ) is true. 5
M0
p1
p1
t4
t1 t1
t1
M3
M1 p2
p2
t2 t3
t2
M2
p5 p3
t2
t1
p6
p5
M6
t3
t3
p6 p3
M4
t4 t2
t3
M5 p4
p4
t1 t4
t4
M7
(a)
(b)
(c)
p1
p1 t1
t1 p2
M0
M1
p5
p6
p5
p6
p3
p3
t3
t3
p4
p4
M3 t2 t3
M2
pc
t2
t2
t4
t1
p2
pc
t1
(d)
t4
t4
M4
(e)
(f)
Figure 1: (a) A plant model (N, M0 ), (b) the reachability graph of (N, M0 ), (c) a modified model (N m , M0m ), (d) the reachability graph of (N m , M0m ), (e) a controlled system (N mc , M0mc ) for (N m , M0m ), and (f) a controlled system (N c , M0c ) for (N, M0 ).
6
25
Now we consider the deadlock prevention problem for (N, M0 ) by using the net structure of the controlled system in Figure 1(e). In (N, M0 ), M0 = 4p1 + 2p5 + p6 , i.e., p1 , p5 , and p6 are initially marked. If pc is initially marked and M0c (p5 ) + M0c (p6 ) > M0c (pc ) is true, then a controlled system for (N, M0 ) can be obtained. Since M0c (p5 ) = M0 (p5 ) = 2 and M0c (p6 ) = M0 (p6 ) = 1, M0c (pc ) = 2 means the truth of M0c (p5 ) + M0c (p6 ) > M0c (pc ), as shown in Figure 1(f). In summary, by using the structure of the controlled system of a net with a small initial marking, we can compute a controlled system for the same net structure with a large initial marking, in terms of algebraic inequality constraints with respect to markings. That is to say, once the structure of a controlled system is computed, the initial marking of monitors is determined by a set of inequality constraints. For a plant model (N, M00 ) with its structure shown in Figure 1(a) and a new initial marking M00 = 4p1 + 3p5 + p6 , one can easily find a controlled system with its structure shown in Figure 1(f) and M0mc (pc ) = 3 such that M0c (p5 ) + M0c (p6 ) > M0c (pc ) is true. It is not necessary to apply the theory of regions afresh to (N, M00 ). Let (N, M0 ) be a plant net model with place set P and PV be the set of monitors in its controlled system (N c , M0c ). The deadlock prevention procedure proposed in this study contains the following steps: 1. Find a controlled system (N mc , M0mc ) for (N m , M0m ) by using the theory of regions, where N m = N and M0m ≤ M0 . 2. Derive the controllability conditions of siphons in N mc , which are represented by algebraic inequalities of markings of the places in the plant model and monitors in N mc . 3. Decide an initial marking M0c such that ∀p ∈ P , M0c (p) = M0 (p) and ∀p ∈ PV , c M0 (p) satisfies its corresponding inequality constraints. (N c , M0c ) is a controlled system for (N, M0 ), where N c = N mc .
26
3.2
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
M-nets
29
This study considers deadlock problems for a class of manufacturing-oriented Petri nets, M-nets for short. It is a generalization of the existing net classes that model FMS. In what follows, an M-net is referred to as a net system unless otherwise stated.
30
Definition 2 An M-net denoted by (N, M0 ) satisfies the following statements:
27 28
31 32
33 34 35
36
1. N = °ni=1 Ni = (P 0 ∪ PA ∪ PR , T, F, W ) is composed of n nets N1 , N2 , . . ., and Nn , where ∀i ∈ Nn , Ni = ({p0i } ∪ PAi ∪ PRi , Ti , Fi , Wi ) is called a subnet of N . 2. P 0 = ∪ni=1 {p0i } is called a set of idle process places with p0i = 6 p0j , ∀i, j ∈ Nn , i 6= j; n PA = ∪i=1 PAi is called a set of operation places with PAi ∩ PAj = ∅, ∀i, j ∈ Nn , i 6= j; and PR = ∪ni=1 PRi is called a set of resource places. 3. ∀i, j ∈ Nn , i 6= j, Ti ∩ Tj = ∅.
38
4. ∀r ∈ PR , it is associated with a minimal P-semiflow Ir such that Ir (r) = 1, ∀p ∈ PA , Ir (p) ≥ 0, and ∀p ∈ P 0 , Ir (p) = 0.
39
5. ∀p ∈ PA , p is associated with a minimal P-semiflow Ip , where ||Ip || ⊆ PA .
40
6. (Ni , M0i ) is quasi-live, bounded, and conservative.
37
41 42
0 ) with N 0 = ({p0 } ∪ P , T , F 0 , W 0 ) is live, bounded, and reversible, where 7. (Ni0 , M0i i Ai i i i i 0 Ni is the resulting net from removing resource places in (Ni , M0i ).
7
1 2 3
8. Let (Ni , M0i ) (i = 1, 2) be two subnets with Ni = ({p0i } ∪ PAi ∪ PRi , Ti , Fi , Wi ). 0 ∪ P Their composition, denoted by (N12 , M12 ) with N12 = N1 ◦ N2 = (P12 A12 ∪ PR12 , T12 , F12 , W12 ), is defined as follows:
4
0 = {p0 } ∪ {p0 } = {p0 , p0 }, P • P12 A12 = PA1 ∪ PA2 , and PR12 = PR1 ∪ PR2 1 2 1 2
5
• T12 = T1 ∪ T2
6
• F12 = F1 ∪ F2
7
• ∀f ∈ F1 , W (f ) = W1 (f ) and ∀f ∈ F2 , W (f ) = W2 (f ) • ∀p ∈ {p01 } ∪ PA1 , M12 (p) = M01 (p); ∀p ∈ {p02 } ∪ PA2 , M12 (p) = M02 (p); ∀r ∈ PR1 \ PR2 , M12 (r) = M01 (r); ∀r ∈ PR2 \ PR1 , M12 (r) = M02 (r); and ∀r ∈ PR1 ∩ PR2 , M12 (r) = max{M01 (r), M02 (r)}
8 9 10
11 12
13 14
9. The net N resulting from the composition of n subnets N1 , N2 , . . ., and Nn is defined n−1 as follows: if n = 1, then N = N1 ; if n > 1, then N = °ni=1 Ni = (°i=1 Ni ) ◦ Nn . 10. ∀p ∈ P 0 , M0 (p) > 0; ∀p ∈ PA , M0 (p) = 0; and ∀r ∈ PR , M0 (r) ≥ max{Ir (p)|p ∈ ||Ir ||}. Such a marking is said to be an admissible initial marking.
16
11. An uncontrolled siphon in (N, M0 ) contains at least one resource place and an operation place. No idle process place belongs to an uncontrolled siphon.
17
12. (N, M0 ) is live if no siphon is uncontrolled.
15
18 19
20 21 22
23 24
13. Liveness can be enforced to (N, M0 ) by adding monitors whose addition leads to a controlled system. 14. Let (N c , M0c ) be a controlled system for (N, M0 ). (N c , M0c ) is live if it is ordinary and no siphon is unmarked. (N c , M0c ) is live if it is generalized and satisfies the cs-property. 15. Let PV be the set of monitors in (N c , M0c ). ∀v ∈ PV , there exists a minimal Psemiflow Iv such that Iv (v) ≥ 1 and ∀p ∈ ||Iv || \ {v}, p ∈ PA .
34
For example, the net shown in Figure 1(a) is an M-net, where p1 is an idle process place, p2 , p3 , and p4 are operation places, and p5 and p6 are resource places. It is quasilive, bounded, and conservative. It is live if no siphon is uncontrolled. For example, the net at initial marking 2p1 + 2p5 + p6 is live since every siphon can never be emptied. It is easy to verify that M-nets are more general than almost all manufacturing-oriented Petri net subclasses in the literature such as PPN, augmented marked graphs [8], S3 PR [9], L-S3 PR [10], S4 R [1], S4 PR [44], ES3 PR [18], WS3 PSR [43], S∗ PR [11], S3 PMR [19], PNR [22], RCN-merged nets [21], ERCN-merged nets [56], ERCN∗ -merged nets [23], S3 PGR2 [35], G-tasks [6], and well-formed G-systems [59]. In an appendix, a formal proof is presented to show that an M-net is more general than a well-formed G-system.
35
3.3
25 26 27 28 29 30 31 32 33
36 37 38
Minimal Initial Marking
Let (N, M0 ) be a plant M-net in which M0 is admissible. This section finds a minimal initial marking M0m at which M-net N contains deadlocks and any strict minimal siphon of N can become uncontrolled at a marking M ∈ R(N, M0m ).
8
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
Algorithm 1 finding a minimal initial marking for N Input: a plant model (N, M0 ) with N = (P 0 ∪ PA ∪ PR , T, F, W ) Output: M0m , “(N, M0 ) is live”, or “(N, M0 ) cannot be handled by the proposed method” begin{ the MIP-based deadlock detection method [8], [35] is applied to (N, M0 ) if {there are uncontrolled siphons in (N, M0 )} then compute the set Πu of strict minimal siphons in N ∀p ∈ P 0 ∪ PA , M0m (p) := M0 (p) ∀r ∈ PR , M0m (r) := max{Ir (p)|p ∈ ||Ir ||} the MIP-based deadlock detection method is applied to (N, M0m ) if {there are no uncontrolled siphons in (N, M0m )} then flag:=2 else compute the set of reachable markings of (N, M0m ) Find the set of dead markings RD (N, M0m ) if {∀S ∈ Πu , ∃M ∈ RD (N, M0m ), S is uncontrolled at M } then flag:=0 else flag:=2 end if end if else flag:=1 end if if {flag==2} then output “(N, M0 ) cannot be handled by the proposed method” else if {flag==1} then output “(N, M0 ) is live” else output M0m end if end if }end of the algorithm First, Algorithm 1 decides whether the original plant model (N, M0 ) is live. By the definition of M-nets, it is live if there is no uncontrolled siphon, which can determined be by an MIP-based deadlock detection method. If it is live (flag=1), the algorithm exits. If it is not live, then the set of strict minimal siphons and the minimal admissible initial marking M0m are computed. If (N, M0m ) is live (flag=2), then we cannot find a minimal initial marking for it and its deadlock problems can be handled by any existing approach. If (N, M0m ) is not live and for any strict minimal siphon, there exists a dead marking in R(N, M0m ) at which the siphon is uncontrolled, then the minimal admissible marking M0m is obtained. Otherwise (flag=2), we cannot find a minimal initial marking for it and its deadlock problems can be handled by any existing approach, e.g., the theory of regions and siphon-based ones. Note that this algorithm needs to compute the state space and the set of strict minimal siphons of (N, M0m ) if the original plant model is not live. However, if the algorithm outputs the minimal initial marking M0m for N , the information of the state space and siphons of (N, M0m ) will be useful later. Take the net (N, M0 ) shown in Figure 1(a) as an example. (N, M0 ) is not live and S = {p4 , p5 , p6 } is unique strict 9
3
minimal siphon. Let M0m = 4p1 + p5 + p6 . (N, M0m ) is neither live and S is uncontrolled at a marking M4 = 2p1 + p2 + p3 . Then M0m = 4p1 + p5 + p6 is the minimal initial marking of (N, M0 ).
4
3.4
1 2
5 6 7
8 9 10 11 12 13 14 15 16 17 18 19 20
21 22 23 24 25 26 27 28
29
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
Derivation of the Structure of a Controlled System
Let (N, M0 ) be an M-net with N = (P 0 ∪ PA ∪ PR , T, F, W ). To find its controlled system, as stated in Section 3.1, we first design a controlled system for (N m , M0m ), where N m = N and M0m is the minimal initial marking. Algorithm 2 structure design of a controlled system for (N, M0 ) Input: a plant model (N, M0 ) Output: (N mc , M0mc ) begin{ N m := N find the minimal initial marking M0m by Algorithm 1 if {there exists an optimal controlled system for (N m , M0m )} then design a controlled system (N mc , M0mc ) for (N m , M0m ) by the theory of regions else design a controlled system (N mc , M0mc ) for (N m , M0m ) by the method in [47] end if output (N mc , M0mc ) }end of the algorithm The motivation to design a controlled system (N mc , M0mc ) for (N m , M0m ) is that M0m is not greater than M0 and it is more tractable by using the theory of regions to design a controlled system for (N m , M0m ) than that for (N, M0 ). The net shown in Figure 1(a) with an initial marking M0 = 150p1 + 100p5 + 50p6 has more than 1.3 × 105 states. One can imagine the computational overhead if the theory of regions is applied to such a net. However, Algorithm 2 considers (N m , M0m ) as shown in Figure 1(c), which has five reachable markings only. As a result, it is easy to compute a controlled system for (N m , M0m ) by using the theory of regions, as shown in Figure 1(e).
4
Siphon Controllability Constraints
This section presents a set of algebraic inequality constraints with respect to the markings of resource places and monitors at which (N mc , M0mc ) is live, where (N mc , M0mc ) is a controlled system for (N m , M0m ) with N mc = (P 0 ∪ PA ∪ PR ∪ PV , T, F mc , W mc ) and N m = (P 0 ∪ PA ∪ PR , T, F, W ), which has been computed in Algorithm 1. Let Πu denote the set of uncontrolled minimal siphons in (N mc , M0mc ). Πu can be further divided into three disjoint subsets ΠG , ΠH , and ΠV , called the sets of plant, hybrid, and monitor siphons, respectively, such that ∀S ∈ ΠG , ∀p ∈ S, p ∈ PA ∪PR ; ∀S ∈ ΠV , ∀v ∈ S\(S ∩ PA ), v ∈ PV ; and ∀S ∈ ΠH , ∃r ∈ PR and v ∈ PV such that {r, v} ⊆ S. The Petri net shown in Figure 2(b) is an optimal controlled system for a plant model (N, M0 ) depicted in Figure 2(a) that is an M-net with P 0 = {p1 , p5 }, PR = {p9 , p10 , p11 }, and the others are operation places. There are 15 minimal siphons: S1 = {p3 , p8 , p9 , p10 }, S2 = {p4 , p7 , p10 , p11 }, S3 = {p4 , p8 , p9 , p10 , p11 }, S4 = {p3 , p7 , v1 , v2 }, S5 = {p3 , p8 , p9 , v1 , v2 }, S6 = {p4 , p7 , p11 , v1 , v2 }, S7 = {p4 , p8 , p9 , p11 , v1 , v2 }, S8 = {p1 , p2 , p3 , p4 }, S9 = {p5 , p6 , p7 , p8 }, S10 = {p2 , p8 , p9 }, S11 = {p3 , p7 , p10 }, S12 = {p4 , p6 , p11 }, S13 = {p2 , p7 , v1 }, S14 = {p3 , p6 , v2 }, and S15 = {p2 , p6 , v3 }. Note that S8 , S9 , . . ., and S15 are also traps that 10
1 2 3 4
are marked at the minimal initial marking by the definition of M-nets. As a result, they do not contribute to deadlocks. We have Πu = {S1 , S2 , . . . , S7 } with ΠG = {S1 , S2 , S3 }, ΠV = {S4 }, and ΠH = {S5 , S6 , S7 }. From the definition of an M-net, a plant siphon S can be represented by SA ∪ SR , where SA ⊆ PA and SR ⊆ PR . t1
t8
t1
t8 p9
p9 2 2
p2
p8
2
p2 v1
t2
4
t7 p10
p1 p3
t2
4 p1
v2 t6
t6
v3 p4
p6
t4
4
p7 p5
t3 p11
t7 2
p3
p5 t3
2
p10
4
p7
p8
2
2
p6
p4 p11
2
t5
t4
(a)
t5
(b)
Figure 2: (a) A plant model (N, M0 ), (b) a controlled system (N mc , M0mc ) for (N, M0 ).
5 6 7 8
9 10 11 12
Definition 3 Let S be a plant siphon in N mc = (P 0 ∪ PA ∪ PR ∪ PV , T, F mc , W mc ) and Ir the minimal ∑P-semiflow associated∑with r ∈ PR ∪PV . Ir and S are considered as multisets. Let ΩS = r∈S\PA Ir and Ω0S = p∈S ΩS (p)p. As a multiset, T hS = ΩS − Ω0S is called the complementary set of siphon S. For example, S1 = {p3 , p8 , p9 , p10 } is a plant siphon in Figure 2(b). We have ΩS1 = p2 + 2p8 + p9 + p3 + p7 + p10 and Ω0S1 = p3 + 2p8 + p9 + p10 . Thus, T hS1 = p2 + p7 . S2 = {p4 , p7 , p10 , p11 } is also a plant siphon with ΩS2 = p3 + p7 + p10 + p4 + p6 + p11 and Ω0S2 = p4 + p7 + p10 + p11 . Therefore, we have T hS2 = p3 + p6 .
14
Definition 4 Let r ∈ PR ∪ PV be a resource or monitor in N mc . H(r) = Ir − r is called the set of holders of r, where H(r) is a multiset.
15
Corollary 1 ∀r ∈ PR ∪ PV , {p|p ∈ H(r)} ⊆ PA .
13
16 17
18 19 20 21
22 23 24 25 26
For example, H(p9 ) = Ip9 − p9 = p2 + 2p8 + p9 − p9 = p2 + 2p8 and Hp10 = p3 + p7 . It is easy to verify that {p2 , p8 } $ PA and {p3 , p7 } $ PA . Definition 5 Let S be a plant siphon. αS ⊆ PR ∪ PV is called a minimal set of constraint + places of ∑S with respect to AS = {dvi ∈ N |i = 1, 2, . . . , |αS |} if (1) ∑ αS 6= S \ PA ; (2) T hS ≤ vi ∈αS dvi H(vi ); (3) ∃p ∈ T hS , T hS (p) > Ω(p), where Ω = vi ∈αS (dvi − 1)H(vi ); and (4) @αS0 ⊆ PR ∪ PV such that (1)–(3) are satisfied and |αS0 | < |αS |. The addition of the sets of the holders of the monitors in αS is greater than or equals to multiset T hS . For example, S1 = {p3 , p8 , p9 , p10 } is a plant siphon in Figure 2(b) with T hS1 = p2 + p7 . Note that H(v1 ) = p2 + 2p7 . We have αS1 = {v1 } and dv1 = 1 since T hS1 < p2 + 2p7 . Consider a plant siphon S3 = {p4 , p8 , p9 , p10 , p11 } with T hS3 = p2 + p3 + p6 + p7 . We have αS3 = {v1 , v2 } with dv1 = 1 and dv2 = 1.
11
1 2 3
4 5 6 7 8 9 10 11 12 13 14
15
16 17
18 19
20 21 22 23
24 25 26 27
28 29 30
31 32 33
34 35 36 37
38 39 40
Proposition set of ∑ 2 Let S∑be a plant siphon and αS be its minimal ∑constraintmcplaces. mc Let ∑ IS = r∈SR Ir − v∈αS dv Iv . S is max-controlled if M0 (SR ) − v∈αS dv M0 (v) > p∈S IS (p)(maxp• − 1). ∑ ∑ Proof: Both r∈SR Ir and v∈αS dv Iv are P-semiflows. As a result, IS is a Pinvariant. By the definition of a minimal set αS of constraint places for a plant siphon ∑ S, we have T hS ≤ d H(v). Therefore, ||IS ||− ∩ S = ∅, ∑ ||IS ||+ ⊆ S, and ∀p ∈ v∈αS v ∑ ||IS || \ (SR ∪ αS ), M0mc (p) = 0. M0mc (SR ) − v∈αS dv M0mc (v) > p∈S IS (p)(maxp• − 1) ∑ implies the truth of IST M0mc > p∈S IS (p)(maxp• − 1). By Proposition 1, S is maxcontrolled. ¤ Note that the condition in Proposition 2 is rather conservative. This is due to Proposition 1. Consider S3 = {p4 , p8 , p9 , p10 , p11 } in Figure 2(b). We have αS3 = {v1 , v2 } with dv1 = 1 and dv2 = 1. As a result, S3 is max-controlled if M0mc (p9 ) + M0mc (p10 ) + M0mc (p11 ) − M0mc (v1 ) − M0mc (v2 ) > 1. It is easy to verify that the above inequality does not hold in Figure 2(b). However, transitions in S3• are still live. Corollary 2 Let S be a minimal siphon in an ordinary net N . ∀p ∈ S, maxp• − 1 = 0. Proof: By contradiction, suppose that ∃p ∈ S, p• = ∅. It means that • (S \ {p}) ⊆ (S \ {p})• . This contradicts the minimality of siphon S. ¤ Corollary 3∑Let S be a plant siphon in (N mc , M0mc ) that is ordinary. S is controlled if M0mc (SR ) − v∈αS dv M0mc (v) > 0. Proof: It immediately follows from Corollary 2. ¤ For example, S5 = {p4 , p5 , p6 } is a plant siphon in Figure 1(e) that is ordinary. We have T hS5 = p2 + p3 and H(pc ) = p2 + p3 . Thus, αS5 = {pc }. Note that p4 ∈ PA and {p5 , p6 } ⊆ PR . S5 is controlled if M0mc (p5 ) + M0mc (p6 ) − M0mc (pc ) > 0. Definition 6 Let S be a monitor siphon. αS ⊆ PR ∪ PV is called a minimal set of + constraint places αS 6= S \ PA ; ∑ of S with respect to AS = {dvi ∈ N |i = 1, 2, . . . , |αS |} if (1)∑ (2) T hS ≤ vi ∈αS dvi H(vi ); (3) ∃p ∈ T hS , T hS (p) > Ω(p), where Ω = vi ∈αS (dvi − 1)H(vi ); and (4) @αS0 ⊆ PR ∪ PV such that (1)-(3) are satisfied and |αS0 | < |αS |. Proposition 3 Let∑ S be a monitor siphon and αS its minimal set of constraint places. Let ∑ ∑ mc mc I∑ S = v∈S∩PV Iv − r∈αS dr Ir . S is max-controlled if M0 (S ∩PV )− r∈αS dr M0 (r) > p∈S IS (p)(maxp• − 1). For instance, S4 = {p3 , p7 , v1 , v2 } is a monitor siphon in Figure 2(b). Its minimal set of constraint places is αS4 = {p9 , p11 } with H(p9 ) = p2 + 2p8 , dp9 = 1, H(p11 ) = p4 + p6 , and dp11 = 1. Thus, S4 is max-controlled if M0mc (v1 ) + M0mc (v2 ) − M0mc (p9 ) − M0mc (p11 ) > 1. Definition 7 Let S be a hybrid siphon. αS ⊆ PR ∪PV is called a minimal set of constraint + (1) αS 6= S \ PA ; (2) places of ∑S with respect to AS = {dvi ∈ N |i = 1, 2, . . . , |αS |} if ∑ T hS ≤ vi ∈αS dvi H(vi ); (3) ∃p ∈ T hS , T hS (p) > Ω(p), where Ω = vi ∈αS (dvi − 1)H(vi ); and (4) @αS0 ⊆ PR ∪ PV such that (1)–(3) are satisfied and |αS0 | < |αS |. Proposition 4 Let∑S be a hybrid siphon and αS its minimal set of constraint places. Let ∑ ∑ mc (S \ P ) − mc I∑ = I − d I . S is max-controlled if M d S A 0 v∈S\PA v r∈αS r r r∈αS r M0 (r) > p∈S IS (p)(maxp• − 1).
12
1 2 3
4 5 6 7 8 9 10 11 12 13 14 15 16
17 18
For example, S6 = {p4 , p7 , p11 , v1 , v2 } is hybrid with T hS6 = p2 + p3 + 2p6 . We have αS6 = {p10 , v3 } with dp10 = 1 and dv3 = 1. As a result, S6 is max-controlled if M0mc (p11 ) + M0mc (v1 ) + M0mc (v2 ) − M0mc (p10 ) − M0mc (v3 ) > 1. Algorithm 3 controllability constraint generation for siphons in (N mc , M0mc ) Input: a set of uncontrolled siphons Πu Output: a set of inequality constraints C begin{ divide Πu into ΠG , ΠH , and ΠV derive constraints for siphons in ΠG , ΠH , and ΠV by Propositions 2, 3, and 4, respectively denote the set of constraints for siphons in ΠG (ΠH ; ΠV ) by CG (CH ; CV ) and let C := CG ∪ CH ∪ CV Reorder the variables in each constraint in C such that no resource place is in the left side and no monitor is in the right side output C }end of the algorithm Let C = {ci |i ∈ N|Πu | } be the set of constraints of siphons in a net with PV = {v1 , v2 , . . . , vm } and PR = {r1 , r2 , . . . , rk }. A constraint ci ∈ C can be represented by ci ≡
m ∑
βjSi M0mc (vj )
0 and ∃ nonempty A, B ⊂ CE such that A ∩ B = ∅, and l = (li ,bi )∈A ai li − (li ,bi )∈B ai li . Theorem 1 |CE | = rank(L), where rank(L) denotes the rank of L.
21
Proof: It follows immediately from the definition of elementary constraints. ¤ Since the rank of L is bounded by the smaller of |PV | and |Πu |, Theorem 1 leads to the following important conclusion.
22
Theorem 2 |CE | ≤ |PV |.
19 20
23
24 25
26 27
28 29 30
31 32 33 34 35
Proof: |CE | = rank(L) ≤ min{|PV |, |Πu |} ≤ |PV |.
¤
∑ Theorem 3 Let (l, b) be a strongly dependent constraint with l = (li ,bi )∈CE ai li (ai ≥ 0). ∑ lT x ≤ bT y is true, i.e., (l, b) is redundant with respect to CE , if (li ,bi )∈CE ai bTi y ≤ bT y. Proof: It immediately follows due to lT x = ∑ bT y that results from l = (li ,bi )∈CE ai li .
∑ (li ,bi )∈CE
ai liT x ≤
∑ (li ,bi )∈CE
ai bTi y ≤ ¤
∑ ∑ Theorem 4 Let (l, b) be weakly dependent with l = (li ,bi )∈CE ai li − (lj ,bj )∈CE aj lj . ∑ ∑ T T T l x ≤ b y is true (redundant with respect to CE ) if (li ,bi )∈CE ai bi y− (lj ,bj )∈CE aj bTj y ≤ bT y. Proof: This result is trivially true. ¤ For example, CE = {(l1 , b1 ), (l2 , b2 ), (l6 , b6 )} is a set of elementary constraints of Eq. (4). We have l3 = l1 + l2 , l4 = −l1 − l2 , l5 = l1 + l6 , and l7 = l1 + l6 . By Definitions 11 and 12, (l3 , b3 ), (l5 , b5 ), and (l7 , b7 ) are strongly dependent constraints, and (l4 , b4 ) is weakly dependent. Specifically, the redundancy condition of (l3 , b3 ) is M0mc (p9 )+M0mc (p10 )−2+M0mc (p10 )+M0mc (p11 )−1 ≤ M0mc (p9 )+M0mc (p10 )+M0mc (p11 )−2,
36 37
i.e., M0mc (p10 ) ≤ 1. The redundancy conditions of the dependent constraints in Eq. (4) are summarized in Table 1. 15
Table 1: Redundancy conditions of the dependent constraints in Figure 2(b). dependent constraint l3 = l1 + l2 l4 = −l1 − l2 l5 = l1 + l6 l7 = l1 + l6
1
2 3 4 5 6 7 8 9 10
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
27 28
29 30 31 32 33 34 35 36 37 38
6
redundancy condition M0mc (p10 ) ≤ 1 M0mc (p10 ) ≥ 2.5 M0mc (p11 ) ≤ 2 M0mc (p10 ) ≤ 2
Deadlock Prevention Policy
This section proposes a deadlock prevention policy based on the results obtained in the previous sections. Its computational complexity is also discussed. Let ΠST denote the set of minimal siphons that are also traps marked at the minimal initial marking of an M-net. They are called st-siphons. In fact, ΠST can be easily computed from (N mc , M0mc ) by its structural properties. For example, {p3 , p5 }, {p2 , p4 , p6 }, and {p1 , p2 , p3 , p4 } are st-siphons since they are marked at any admissible initial marking. By using the MIP-based deadlock detection method [8] or complete siphon enumeration [9], it can be verified whether a plant M-net contains deadlocks. We assume that there are deadlocks in a plant M-net. Algorithm 4 controlled system design for (N, M0 ) Input: an M-net (N, M0 ) with N = (P 0 ∪ PA ∪ PR , T, F, W ) Output: controlled system (N c , M0c ) begin{ find (N m , M0m ) for (N, M0 ), where N m = N design a controlled system (N mc , M0mc ) for (N m , M0m ) by Algorithm 2 compute the set ΠA of all minimal siphons in N mc find ΠST Πu := ΠA \ ΠST derive controllability constraints for siphons in Πu by Algorithm 8 find redundancy conditions for constraints decide M0c (v) by reduced constraint set and M0 , ∀v ∈ PV ∀p ∈ P 0 ∪ PA ∪ PR , M0c (p) := M0 (p) N c := N mc output (N c , M0c ) }end of the algorithm Theorem 5 (N c , M0c ) resulting from Algorithm 4 is a live controlled system for plant model (N, M0 ). Proof: All siphons in (N c , M0c ) are max-controlled, implies that it satisfies cs-property. From Definition 2, (N c , M0c ) is live. ¤ The complexity of this deadlock control algorithm is exponential with respect to the size of a plant net model since both the theory of regions and complete siphon enumeration are exponential. However, the fact underlying this deadlock control policy is that, given a plant model with any admissible initial marking, its controlled system can be easily decided by the controllability constraints of siphons once the structure of a controlled system is computed. That is to say, given a plant net model, we just need to use the theory of regions and compute all minimal siphons once to find the structure of a controlled system. Even if the initial marking of the plant model changes, the structure of the controlled system 16
1 2 3 4 5
obtained previously can be reused as the structure of a new controlled system. This means that we just need to find the markings of the monitors in the new controlled system, which can be decided by satisfying the controllability constraints of siphons. Figure 3 shows the flowchart underlying the deadlock control strategy, where the computation involved in the steps above the dotted line is carried out only once for a net structure N . Design a plant net model (N, M0) Find the modified model (Nm, M0m) by using Algorithm 1, where Nm=N, M0m 0. Similarly, the controllability constraints of siphons S2 and S3 can be found, which are M0mc (p17 ) + M0mc (p18 ) − M0mc (v2 ) > 0 and M0mc (p16 ) + M0mc (p17 ) + M0mc (p18 ) − M0mc (v1 ) − M0mc (v2 ) > 0, respectively. Let µ0 = 1. Their matrix form is as follows: p 1 0 1 −1 16 v1 1 0 0 1 v2 ≤ 0 1 1 −1 p17 (5) p18 1 1 1 −1 v3 1 1 µ0 Constraint M0mc (p16 ) + M0mc (p17 ) + M0mc (p18 ) − M0mc (v1 ) − M0mc (v2 ) > 0 is redundant with respect to M0mc (p16 ) + M0mc (p18 ) − M0mc (v1 ) > 0 and M0mc (p17 ) + M0mc (p18 ) − M0mc (v2 ) > 0 if M0mc (p18 ) ≤ 1. The controlled system of the original plant model shown in Figure 5(a) can be decided by Eq. (5) and by considering M0 (p16 ) = 3, M0 (p17 ) = 2, M0 (p18 ) = 1, and µ0 = 1. It is shown in Figure 5(d) in which v3 is redundant with respect to v1 and v2 and can be removed. For the net structure shown in Figure 5(a) at any admissible initial marking, it can be verified that Eq. (5) leads to an optimal liveness-enforcing controlled system.
18
30
30 t1
t1
t6
p1 p13
p14
5
5
t6
p1 p14
p13 B1
p7
B2
p7
p2
t2
t7
t2
t7
p3
p8
p3
p8
B1
p2
B2
p18 p4
p4
p9
M1
p18
p16
p17 Robot
t8
t3
t8
t3 p16
p17 p9
Robot
M1
M2
M2
t4
t9
t4
t9
p5
p10
p5
p10
t5
t10
t5
t10
p19
p15
p11
10
p15
Elevator
C1
Elevator
C1
t11
t11 p12
p12 t13
t12
t13
t12
(a)
(b)
30
t1
p1 p13
t6
t1
p7
p2
t7
t2
30 p13
B2
t2
B1
p14
t7 v3
p3
p3
p8
p8
v2
t3
v2
v1 t8
Robot p18
p16
p7
5 B2
5
v3
v1
t6
p1
p14
B1
p2
p19
p11
t3
p4
p9
t4
t8
Robot p18
p16
p17
p17
p4
p9
t9
t4
t9
p5
p10
p5
p10
t5
t10
t5
t10
M1
M1
M2
p19
p11
p15
Elevator
C1
t11
t11
p12
p12 t13
t12
p19
p11
p15 10
Elevator
C1
M2
t13
t12
(c)
(d)
Figure 5: (a) An M-net (N, M0 ), (b) (N m , M0m ), (c) controlled system (N mc , M0mc ), and (d) controlled system for (N, M0 ).
19
1
2 3 4 5 6 7 8
8
Experimental Studies
This section considers two typical examples that are widely investigated in the literature, indicating that the proposed deadlock prevention policy is nearly optimal. Figure 6(a) shows an FMS that consists of two robots R1 and R2 and three machine tools M1, M2, and M3. Each robot can handle one part at a time and each machine tool can process one part at a time. Parts enter and leave the system through two loading and unloading buffers I1/O1 and I2/O2. The system can produce three part types P1, P2, and P3 whose processing routings are shown in 6(b). I1\O1
M2
R2
P1:
R1
M3
P2:
R1
M1
M1
I2\O2
P3:
R1
M3
R2 R2
M2
(a)
M2 M1
(b)
Figure 6: (a) The layout of an FMS, (b) part routings of the FMS
9 10 11 12 13 14 15 16
The Petri net model of the FMS is shown in Figure 7(a). It is an M-net, where p1 and p10 are idle places, p11 , p12 , . . ., and p15 are resource places, and the others are operation places. The net (N mc , M0mc ) shown in Figure 7(b) is the controlled system for the plant net with the minimal initial marking. Seven uncontrolled siphons in (N mc , M0mc ) are S1 = {p6 , p8 , p13 , p14 }, S2 = {p5 , p8 , v2 , v3 }, S3 = {p5 , p7 , p12 , p13 }, S4 = {p6 , p7 , p12 , p14 , v2 , v3 }, S5 = {p6 , p8 , p14 , v2 , v3 }, S6 = {p6 , p7 , p12 , p13 , p14 }, and S7 = {p5 , p7 , p12 , v2 , v3 }. Let θi = M0mc (vi ), µj = M0mc (pj ), and µ0 = 1, where i = 1, 2, 3 and j = 12, 13, 14. The matrix form of the controllability constraints is as follows: t11 t9
p11 p2
p11 p2
t7 t1
t2 p4
p7
t3
t4
t8
t1
p5
t3
3
p5
t6
t10
3
p8 p10
v2
t8
p9
t8 p13
t9
p6
t4
p1
3
p8
p14
p7 p4
p10 t5
t4
p12
p15
p13
p1
t5
t2
p3
3
t4 t7
p3
t10
v3 v1
t2
p12
p15
t9
t10
t11
t9 p14_
t9
(a)
t5 p6
p9
t6
t10
(b)
Figure 7: (a) An M-net (N, M0 ), and (b) controlled system (N mc , M0mc ).
20
1 2 3 4 5 6
0 0 1 1 −1 −1 0 1 0 1 0 0 1 −1 0 0 1 1 1 0 −1
θ1 · θ2 ≤ θ3
0 0 1 1 0 1 1
1 0 1 0 0 1 0
−1 −1 −1 −1 −1 −1 −1
1 0 0 1 1 1 0
·
µ12 µ13 µ14 µ0
(6)
Table 2 shows the permissive behavior of controlled systems at different initial markings, where the initial markings of the monitors are decided by Eq. (6). In this table, Bp is the number of reachable states of a plant model (N, M0 ), BL represents the number of states that an optimal liveness-enforcing controlled system for (N, M0 ) has, Bm indicates the number of states of controlled system (N mc , M0mc ), and Bm /BL implies the optimality degree of the controlled systems. Table 2: Behavioral permissiveness of the proposed deadlock prevention policy p1 , p10 , p11 , p12 , p13 , p14 , p15 3, 3, 1, 1, 1, 1, 1 4, 4, 2, 2, 2, 2, 2 5, 5, 3, 3, 3, 3, 3 6, 6, 4, 4, 4, 4, 4 7, 7, 5, 5, 5, 5, 5 8, 8, 6, 6, 6, 6, 6 9, 9, 7, 7, 7, 7, 7 10, 10, 8, 8, 8, 8, 8 11, 11, 9, 9, 9, 9, 9 12, 12, 10, 10, 10, 10, 10
7 8 9 10 11 12
v1 , v2 , v3 1, 1, 1 3, 3, 2 5, 5, 3 7, 7, 4 9, 9, 5 11, 11, 6 13, 13, 7 15, 15, 8 17, 17, 9 19, 19, 10
Bp 73 1093 5767 20324 57450 140703 310783 634173 1214679 2208445
BL 54 1047 5705 20263 57390 140643 310723 634113 1214619 2208385
Bm 54 941 5151 18517 52995 131000 291363 597853 1150189 2098887
Bm /BL 100% 89.88% 90.29% 91.38% 92.25% 93.14% 93.77% 94.28% 94.70% 95.04%
The second flexible manufacturing cell is shown in Figure 8(a). It has two robots R1 and R2, each of which can hold one product at a time. The cell also contains four machine tools M1–M4, and each of them can hold one part. Parts enter the cell through two automatic loading buffers I1 and I2, and leave the cell through two unloading buffers O1 and O2. The robots deal with the movements of parts. Two part types P1 and P2 are produced. Their respective production routings are shown in Figure 8(b). Input1
Output2
R1 P1:
Machine2
Machine1
R1
M1
M3
R2 O1
I1 R1
Robot1
R1
M2
M3
R2
Machine4
Machine3
P2:
Output1
Input2
I2
R2
M4
R1
M2
R1
O2
Robot2
(b)
(a)
Figure 8: (a) The layout of an FMS, (b) The routings of part types P1 and P2.
13
Figure 9(a) shows the Petri net model of the FMS, which is an M-net with P 0 = 21
1 2 3 4 5 6 7
{p1 , p8 }, PR = {p15 , p16 , p17 , p18 , p19 }, and the others are operation places. It can be easily verified that the current initial marking is minimal. The controlled system of such a plant model is depicted in Figure 9(b), which can be obtained by the theory of regions [46], [29]. In Figure 9(b), there are 54 uncontrolled minimal siphons. For economy of space, the liveness constraint equation for the system is not shown. Table 3 shows the performance of the controlled systems at different initial markings. From this table, we conclude that the proposed method for this example is near-optimal. t6 t11
t1 t14
t1
p13
p2
t2
t14
t1
t5
p21
p25
t4
p13 p20
p2
t11
t7 t9
t11 p15 p3
t12
t5
t4
p17
t6 p6
p10
p1 5
p18
t10 p22
t10 p19
p7
p9
p16 p6
M4 p23
t4 t7
p1 5 t6
p17
M3
t4
M3
t9
t4
t7
p19 t6 p9
t2
t9
t11
p24
t5 t7
t9
t8
(a)
t9 t8
t5 t11
p7 R2
R2
t4 p5
R1
p16
p10 M4
t5
p11 5 p8 t11
p18
5 p8 t11
M1
t12
p5
R1
p4
p3
M2
M1
M2
p11
p12
p4
t3 p14
p15
t5
p14
p12
t2
t13
t3
t2
t13
t6
t2
(b)
Figure 9: (a) Petri net model for an FMS, and (b) the structure of the controlled system.
Table 3: Behavioral permissiveness of the proposed deadlock prevention policy 3, 3, 4, 4, 5, 5, 6,
8
9 10 11
9
p1 , p8 , p14 − p19 3, 1, 3, 1, 2, 3, 4, 1, 4, 1, 1, 3, 4, 1, 5, 1, 1, 2, 5, 1, 5, 2, 2, 4, 5, 1, 6, 1, 1, 3, 6, 1, 7, 1, 6, 3, 6, 3, 7, 3, 3, 5,
2 3 4 5 5 1 7
p20 − p25 5, 4, 5, 8, 7, 7 4, 4, 7, 9, 8, 9 6, 7, 6, 14, 14, 14 5, 9, 9, 5, 10, 18 8, 9, 7, 10, 12, 17 9, 10, 8, 13, 13, 13 8, 8, 10, 17, 13, 12
Bp 2946 5235 6877 31759 28243 24448 298725
BL 2945 5233 6868 31578 28233 24438 298724
Bm 2842 4730 6861 29129 28177 24384 290187
Bm /BL 96.50% 90.35% 99.90% 92.24% 99.80% 99.78% 97.14%
Discussion
For a generalized Petri net model, the proposed deadlock prevention policy does not provide a controlled system as permissive as the case in which N mc is ordinary. From the theoretical point of view, this is due to the conservativeness of Proposition 1, which can be 22
1 2 3
verified by the following example. Figure 10(a) shows a generalized net and Figure 10(b) depicts its controlled system derived from Propositions 1 and 2. For the sake of simplicity, r1 (r2 ; v) is used to denote a place as well as the number of tokens in it.
t1
r1
p1
10
t2 p2
10
t3
r2
10 10
t6
t1
r1
p4
p1
10
t5
t2
v
p3
p2
t4
t3
(a)
10
10
t6
10
p4
10
t5
10
r2
p3 t4
(b)
Figure 10: (a) an example net, and (b) its controlled system.
26
The only siphon in Figure 10(a) is S = {p2 , p4 , r1 , r2 }. Its controllability is ensured by the addition of monitor∑v, as shown in Figure 10(b) [6]. By Proposition 2, S is maxcontrolled if v < r1 + r2 − p∈S IS (p)(maxp• − 1), where IS = p2 + p4 + r1 + r2 − v − 9p3 . When r1 = r2 = 10, we have v ≤ 10. However, v can be obtained by solving the following LPP: max v = x + y x ≤ r1 (1/W (v, t4 ))y ≤ r2 ∑ (r1 + r2 ) − x − (1/W (v, t4 ))y ≥ p∈S IS (p)(maxp• − 1) This problem has an optimal solution v = 100 with x = 0 and y = 100. It can be verified that the net shown in Figure 10(b) at initial marking M0 = 10r1 + 10r2 + 100v is live. Compared with v = 10 resulting from Propositions 1 and 2, this novel siphon control method achieves much better control effects. For the net shown in Figure 2(b), when M0 (p9 ) = M0 (p10 ) = M0 (p11 ) = 6, we have M0mc (v1 ) = 5, M0mc (v2 ) = 11, and M0mc (v3 ) = 14 due to Eq. (4). However, by the novel siphon control approach, we can have M0mc (v1 ) = 16, M0mc (v2 ) = 11, and M0mc (v3 ) = 16. The net in Figure 2(a) at M0 (p9 ) = M0 (p10 ) = M0 (p11 ) = 6 has 12,495 reachable states. An optimal live controlled system should have 12,415 states. The controlled system at M0mc (v1 ) = 16, M0mc (v2 ) = 11, and M0mc (v3 ) = 16 has 12,374 reachable states. The optimality ratio is 12,374/12,425=99.67%. The proposed deadlock prevention policy can also lead to a nearly optimal controlled system for a generalized plant net model if the concept of max’controlled or max”-controlled siphons [7], [32] is employed to derive siphon controllability condition.
27
10
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
28 29 30 31 32 33
Concluding Remarks
Deadlocks are a threat to the safety and high productivity of a highly automated flexible manufacturing system. Deadlock prevention is a well defined problem in resource allocation systems. The deadlock prevention approaches in the literature are usually developed by either structural or state space analysis. The policies based on structural analysis such as siphons cannot in general lead to optimal supervisors [20], [30], while the policies combining state space analysis can lead to optimal or at least suboptimal supervisors [37], [38], 23
17
[46], [47], [48]. For example, the theory of regions is a technique that can find an optimal liveness-enforcing supervisor in general cases when it exists. However, its computation is notoriously expensive since the complete state enumeration is necessary and the number of LPP to be solved is exponential with respect to the structural size of a plant model and its initial marking. The proposed deadlock prevention policy aims to felicitously trade off behavioral optimality for computational tractability. To achieve this, we first derive, by using the theory of regions, a supervisor for the plant model with the minimal initial marking. The controllability of siphons is expressed as a set of inequality constraints with respect to the markings of resource places and monitors. For a fixed net structure with different initial markings, the theory of regions is used and siphon enumeration is computed once only. Then, the supervisor can be decided by satisfying the constraints of siphon controllability via adjusting the initial marking of monitors only. Once an optimally controlled system’s structure is found, a nearly optimal system can be obtained without using the theory of regions. Experimental studies show that the proposed method is nearly optimal. Future efforts will be guided to a near-optimal supervisor with low computational overhead and an efficient method to find a deadlock-liable minimal initial marking for an M-net.
18
Acknowledgments
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
27
This work was supported in part by the Natural Science Foundation of China under Grant No 60773001 and 61074035, the Fundamental Research Funds for the Central Universities under Grant No. 72103326, the National Research Foundation for the Doctoral Program of Higher Education, the Ministry of Education, P. R. China, under Grant No. 20090203110009, the Research Fellowship for International Young Scientists, National Natural Science Foundation of China, under Grant No. 61050110145, the Chang Jiang Scholar Program, Ministry of Education, P. R. China, “863” High-tech Research and Development Program of China under Grant No 2008AA04Z109, and Alexander von Humboldt Foundation.
28
References
19 20 21 22 23 24 25 26
29 30
31 32 33
34 35 36
37 38
39 40 41
[1] I. B. Abdallah and H. A. ElMaraghy, “Deadlock prevention and avoidance in FMS: a Petri net based approach,” Int. J. Adv. Manuf. Tech., vol.14, pp.704–715, Sept. 1998. [2] E. Badouel and P. Darondeau, Theory of Regions. Lecture Notes on Petri Net I: Basic Models, Lecture Notes in Computer Science, W. Reisig and G. Rozenberg (Eds.), 1998. pp.529–586. [3] K. Barkaoui and I. B. Abdallah, “An efficient deadlock avoidance control policy in FMS using structural analysis of Petri nets,” in Proc. IEEE Int. Conf. Syst., Man, Cybern., vol.1, San Antonio, TX, 1994. pp.525–530. [4] K. Barkaoui and I. B. Abdallah, “A deadlock prevention method for a class of FMS,” in Proc. IEEE Int. Conf. Syst., Man, Cybern., 1995, pp. 4119–4124. [5] K. Barkaoui and J. F. Pradat-Peyre, “On liveness and controlled siphons in Petri nets,” In Proc. 17th Int. Conf. on Applications and Theory of Petri Nets Lecture Notes in Computer Science, vol.1091, pp.57–72, 1996.
24
1 2 3
4 5
6 7
8 9 10
11 12 13 14
15 16 17
18 19
20 21 22
23 24
25 26 27
28 29
30 31
32 33 34
35 36 37
38 39 40
[6] K. Barkaoui, A. Chaoui, and B. Zouari, “Supervisory control of discrete event systems based on structure theory of Petri nets,” in Proc. IEEE Int. Conf. Syst., Orlando, Florida, U.S.A., 1997, pp.3750–3755. [7] Y. Chao, “Max’-controlled siphons for liveness of S3 PGR2 ,” IET Control Theory and Application, vol.1, no.4, pp. 933–936, 2007. [8] F. Chu and X. L. Xie, “Deadlock analysis of Petri nets using siphons and mathematical programming,” IEEE Trans. Robot. Automat., vol.13, pp.793–804, Dec. 1997. [9] J. Ezpeleta, J. M. Colom, and J. Martinez, “A Petri net based deadlock prevention policy for flexible manufacturing systems,” IEEE Trans. Robot. Automat., vol.11, pp.173–184, Apr. 1995. [10] J. Ezpeleta, F. Garc´ıa-Vall´es, and J. M. Colom, “A class of well structured Petri nets for flexible manufacturing systems,” in Proc. 19th Int. Conf. on Applications and Theory of Petri Nets, Lecture Notes in Computer Science, vol.1420, J. Desel and M. Silva (Eds.), pp.64–83, 1998. [11] J. Ezpeleta, F. Tricas, F. Garc´ıa-Vall´es, J. M. Colom, “A banker’s solution for deadlock avoidance in FMS with flexible routing and multiresource states,” IEEE Transactions on Robotics and Automaton, vol.18. no.4, pp.621–625, 2002. [12] M. P. Fanti and M. C. Zhou, “Deadlock control methods in automated manufacturing systems,” IEEE Trans. Syst., Man, Cybern., A., vol.34, pp.5–22, Jan. 2004. [13] A. Ghaffari, N. Rezg, and X. L. Xie, “Design of a live and maximally permissive Petri net controller using the theory of regions,” IEEE Trans. Robot. Automat., vol.19, pp.137–142, Feb. 2003. [14] L. Gomes and J. P. Barros, “Structuring and composability issues in Petri nets modeling,” IEEE Transactions on Industrial Informatics, vol.1, no.2, pp.112–123, 2005. [15] F. S. Hsien and S. C. Chang, “Dispatching-driven deadlock avoidance controller synthesis for flexible manufacturing systems,” IEEE Trans. Robot. Automat., vol.10, no.2, pp.196–209, 1994. [16] B. Hruz and M. C. Zhou, Modeling and Control of Discrete-Event Dynamic Systems: With Petri Nets and Other Tools, London, U.K.: Springer-Verlag, 2007. [17] Y. S. Huang, M. D. Jeng, X. L. Xie, and S. L. Chung, “Deadlock prevention policy based on Petri nets and siphons,” Int. J. Prod. Res., vol.39, pp.283–305, 2001. [18] Y. S. Huang, M. D. Jeng, X. L. Xie, and S. L. Chung, “A deadlock prevention policy for flexible manufacturing systems using siphons,” in Proc. IEEE Int. Conf. on Robotics and Automation, pp.541–546, 2001. [19] Y. S. Huang, M. D. Jeng, X. L. Xie, and D. H. Chung, “Siphon-based deadlock prevention policy for flexible manufacturing systems,” IEEE Transactions on Systems, Man, and Cybernetics, Part A, vol.36, no.6, pp.2152–2160, 2006. [20] M. V. Iordache, J. O. Moody, and P. J. Antsaklis, “Synthesis of deadlock prevention supervisors using Petri nets,” IEEE Trans. Robot. Automat., vol.18, no.1, pp.59–68, 2002.
25
1 2 3
4 5 6
7 8 9 10
11 12 13
14 15 16
17 18 19
20 21 22
23 24 25
26 27 28 29
30 31 32 33
34 35
36 37 38
39 40 41
[21] M. D. Jeng and X. L. Xie, “Analysis of modularly composed nets by siphons,” IEEE Transactions on Systems, Man, and Cybernetics, Part A, vol.29, no.4, pp.399–406, 1999. [22] M. D. Jeng, X. L. Xie, and M. Y. Peng, “Process nets with resources for manufacturing modeling and their analysis,” IEEE Transactions on Robotics and Automation, vol.18, no.6, pp.875–889, 2002. [23] M. D. Jeng, X. L. Xie, and S. L. Chung, “ERCN* merged nets for modeling degraded behavior and parallel processes in semiconductor manufacturing systems,” IEEE Transactions on Systems, Man, and Cybernetics, Part A, vol.34, no.1, pp.102– 112, 2004. [24] R. R. Kumar, A. K. Singh, and M. K. Tiwari, “A fuzzy based algorithm to solve the machine-loading problems of a FMS and its neuro fuzzy petri net model,” International Journal of Advanced Manufacturing Technology, vol.23, no.2, pp. 318–341, 2004. [25] D. Y. Lee and F. DiCesare, “Scheduling flexible manufacturing systems using Petri nets and heuristic search,” IEEE Transactions on Robotics and Automation, vol.10, no.2, pp. 123–132, 1994. [26] Z. W. Li and M. C. Zhou, “Elementary siphons of Petri nets and their application to deadlock prevention in flexible manufacturing systems,” IEEE Transactions on Systems, Man, and Cybernetics, Part A, vol.34, no.1, pp.38–51, 2004. [27] Z. W. Li and M. C. Zhou, “Two-stage method for synthesizing liveness-enforcing supervisors for flexible manufacturing systems using Petri nets,” IEEE Transactions on Industrial Informatics, vol.2, no.4, pp.313-325, 2006. [28] Z. W. Li, H. S. Hu, and A. R. Wang, “Design of liveness-enforcing supervisors for flexible manufacturing systems using Petri nets,” IEEE Transactions on Systems, Man, and Cybernetics, Part C, vol.37, no.4, pp.517–526, 2007. [29] Z. W. Li, M. C. Zhou, and M. D. Jeng, “A maximally permissive deadlock prevention policy for FMS based on Petri net siphon control and the theory of regions,” IEEE Transactions on Automation Science and Engineering, vol.5, no.1, pp.183–188, Jan 2008. [30] Z. W. Li, M. C. Zhou, and N. Q. Wu, “A survey and comparison of Petri net-based deadlock prevention policy for flexible manufacturing systems,” IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Review, vol.38,, no.2, 172-188, 2008. [31] Z. W. Li and M. C. Zhou, Deadlock Resolution in Automated Manufacturing Systems: A Novel Petri Net Approach, Springer, 2009. [32] G. Y. Liu, Z. W. Li, and C. F. Zhong, “New controllability condition for siphons in a class of generalised Petri nets,” IET Control Theory and Applications, vol.4, no.5, pp.854–864, 2010. [33] J. L. Luo, W. M. Wu, H. Y. Su, and J. Chu, “Supervisor synthesis for enforcing a class of generalized mutual exclusion constraints on Petri nets,” IEEE Transactions on Systems, Man, and Cybernetics, A., vol.39, no.6, pp. 1237–1246, November 2009.
26
1 2
3 4 5
6 7 8
9 10 11
12 13 14
15 16 17
18 19 20
21 22 23
24 25 26
27 28 29
30 31 32
33 34 35
36 37 38
39 40 41
[34] T. Murata, “Petri nets: Properties, analysis, and applications,” Proc. IEEE, vol.77, pp.541–580, Apr. 1989. [35] J. Park and S. A. Reveliotis, “Deadlock avoidance in sequential resource allocation systems with multiple resource acquisitions and flexible routings,” IEEE Trans. Automat. Contr., vol.46, pp.1572–1583, Oct. 2001. [36] L. Piroddi, R. Cordone, and I. Fumagalli, “Selective siphon control for deadlock prevention in Petri nets,” IEEE Trans. Syst., Man, Cybern., A., vol. 38, no.6, pp.1337– 1348, Nov. 2008. [37] L. Piroddi, R. Cordone, and I. Fumagalli, “Combined siphon and marking generation for deadlock prevention in Petri nets,” IEEE Trans. Syst., Man, Cybern., A., vol.39, no.3, pp. 650–661, May 2009. [38] L. Piroddi, M. Cossalter, and L. Ferrarini, “A resource decoupling approach for deadlock prevention in FMS,” International Journal of Advanced Manufacturing Technology, vol.40, no.1, pp. 157–170, 2009. [39] R. Rai, V. Rai, M. K. Tiwari, and V. Allada, “Disassembly sequence generation: a Petri net based heuristic approach,” International Journal of Production Research, vol.40, no.13, pp.3183–3198, 2002. [40] R. Robidoux, H. P. Xu, L. D. Xing, M. C. Zhou, “Automated modeling of dynamic reliability block diagrams using colored Petri nets,” IEEE Transactions on Systems, Man, and Cybernetics, A., vol.40, no.2, pp. 337–351, March 2010. [41] R. L. Shen, Y. S. Chang, and T. Y. Juang, “Supervised and unsupervised learning by using petri nets,” IEEE Transactions on Systems, Man, and Cybernetics, A., vol.40, no.2, pp.363–375, March 2010. [42] M. K. Tiwari, N. Sinha, S. Kumar, R. Rai, and S. K. Mukhopadhyay, “A Petri Net based approach to determine the disassembly strategy of a product,” International Journal of Production Research, vol.40, no.5, pp.1113–1129, 2002. [43] F. Tricas and J. Martinez, “An extension of the liveness theory for concurrent sequential processes competing for shared resources,” in Proc. IEEE Int. Conf. on Systems, Man, and Cybernetics, pp.3035–3040, 1995. [44] F. Tricas, F. Garc´ıa-Vall`es, J. M. Colom, and J. Ezpeleta, “An iterative method for deadlock prevention in FMSs,” in Proc. 5th Workshop on Discrete Event Systems, R. Boel and G. Stremersch (Eds.), pp.139–148, 2000. [45] L. C. Tsironis, D. S. Sfiris, and B. K. Papadopoulos, “Fuzzy performance evaluation of workflow stochastic Petri nets by means of block reduction,” IEEE Transactions on Systems, Man, and Cybernetics, A., vol.40, no.2, pp. 352–362, March 2010. [46] M. Uzam, “An optimal deadlock prevention policy for flexible manufacturing systems using Petri net models with resources and the theory of regions,” Int. J Adv. Manuf. Tech., vol.19, pp.192–208, 2002. [47] M. Uzam and M. C. Zhou, “An iterative synthesis approach to Petri net based deadlock prevention policy for flexible manufacturing systems,” IEEE Transactions on Systems, Man, and Cybernetics, Part A, vol.37, no.3, pp.362–371, 2007.
27
1 2 3
4 5 6
7 8 9
10 11 12
13 14 15
16 17 18
19 20
21 22 23
24 25
26 27 28 29
30 31
[48] M. Uzam and M. C. Zhou, “An improved iterative synthesis method for liveness enforcing supervisors of flexible manufacturing systems,” International Journal of Production Research, vol.44, no.10, pp.1987–2030, 2006. [49] N. Viswanadham, Y. Narhari, and T. L. Johnson, “Deadlock prevention and deadlock avoidance in flexible manufacturing systems using Petri net models,” IEEE Transactions on Robotics and Automation, vol.6, no.6, pp. 713–724, 1990. [50] A. R. Wang, Z. W. Li, J. Y. Jia, and M. C. Zhou, “An effective algorithm to find elementary siphons in a class of petri nets,” IEEE Transactions on Systems, Man, and Cybernetics, A., vol.39, no.4, pp.912–923, 2009 [51] N. Wei and Z. W. Li, “On the suboptimal liveness-enforcing supervisors based on Petri net structural analysis and the theory of regions,” International Journal of Advanced Manufacturing Technology, vol.38, pp.195–204, 2008. [52] N. Q. Wu, “Necessary and sufficient conditions for deadlock-free operation in flexible manufacturing systems using a colored Petri net model,” IEEE Trans. on Systems, Man, and Cybernetics, C., vol.29, no.2, pp.192–204, May 1999. [53] N. Q. Wu and W. Q. Zeng, “Deadlock avoidance in AGV system using colored Petri net model,” International Journal of Production Research, vol.40, no.1, pp.223–238, 2002. [54] N. Q. Wu and M. C. Zhou, System Modeling and Control with Resource-oriented Petri Nets, CRC Press, Taylor & Francis Group, New York, October 2009. [55] N. Q. Wu and M. C. Zhou, “Process vs resource-oriented Petri net modeling of automated manufacturing systems,” Asian Journal of Control, vol.12, no.3, pp.267–280, 2010. [56] X. L. Xie and M. D. Jeng, “ERCN-merged nets and their analysis using siphons,” IEEE Transactions on Robotics and Automation, vol.15, no.4, pp.692–703, 1999. [57] K. Y. Xing, M. C. Zhou, H. X. Liu, and F. Tian, “Optimal Petri-net-based polynomial-complexity deadlock-avoidance policies for automated manufacturing systems,” IEEE Transactions on Systems, Man, and Cybernetics, A., vol.39, no.1, pp.188– 199, 2009. [58] M. C. Zhou and F. DiCesare, Petri Net Synthesis for Discrete Event Control of Manufacturing Systems, Kluwer Academic Publishers, Boston, 1993.
34
[59] B. Zouari and K. Barkaoui, “Parameterized supervisor synthesis for a modular class of discrete event systems,” in Proc. IEEE Int. Conf. Syst. Man. Cybern., Washington, DC, USA., 2003, pp.1874–1879.
35
Appendix
36
Proposition A1 There exists an M-net that is not a G-system.
32 33
37 38 39 40
We claim that the net shown in Figure A1 is an M-net that is more general than a G-system. In (N, M0 ), we have P 0 = {p1 }, PA = {p2 , p3 , p4 , p5 , p6 }, PR = {M, R}, and T = {t1 , t2 , t3 , t4 , trf , trr , tmf , tmr }, where M models a machine tool and R models a robot that uploads and downloads the machine tool. Place p1 models the availability of 28
1 2 3 4
raw materials, and p2 and p4 are used to model uploading and downloading operations of the robot for the machine tool, respectively. Place p3 indicates that M is performing an operation on a raw part. Note that there is only one process. It is clear that the net satisfies items 1), 2), and 3) of the definition of M-nets (Definition 2). t1 p2 trf
tmf
t2
p1 p5
p3
M
tmr
p6
R
t3 trr
p4 t4
Figure A1: An M-net (N, M0 ). 5 6 7 8 9 10 11 12 13 14 15 16
Let Ip be a minimal P-invariant of the net associated with place p. From its structural analysis, we have Ip1 = Ip2 = Ip3 = Ip4 = Ip5 = p1 +p2 +p3 +p4 +p5 , Ip6 = R+p2 +p4 +p6 , IM = M + p3 + p5 , and IR = R + p2 + p4 + p6 . As a result, the net satisfies items 4) and 5) of Definition 2. It is verified that σ = t1 t2 tmf tmr trf trr t3 t4 is a feasible firing sequence such that M0 [σiM0 is true. Thus, (N, M0 ) is quasi-live. Note that each place is covered by a positive P-semiflow. The net system is conservative. The bound of place p1 is four and that of other places is one. The net system is bounded. That is to say, (N, M0 ) in Figure A1 is quasi-live, bounded, and conservative. Item 6) of Definition 2 is satisfied. The net system resulting from removing resources in (N, M0 ) is shown in Figure A2. It is obviously live, bounded, and reversible. Consequently, net system (N, M0 ) satisfies item 7) of Definition 2. Also, items 8) and 9) are true for (N, M0 ). t1 p2 tmf
t2
p1 p5
M
p3
t3
tmr
p4 t4
Figure A2: An M-net (N 0 , M00 ). 17 18
Note that p1 is an idle place with M0 (p1 ) = 4. p2 , p3 , p4 , p5 , and p6 are operation places that are unmarked at M0 . Places M and R are resources that initially marked. 29
1 2 3 4 5 6 7 8 9
Hence, (N, M0 ) satisfies item 10) of Definition 2. In the net shown in Figure A1, the unique minimal siphon is S = {p4 , p6 , M, R} that contains two resource places and no idle place. If S is always marked at any reachable marking, the net system is live. Therefore it satisfies items 11) and 12) of Definition 2. The net system shown in Figure A3 is a controlled system resulting from adding a monitor to the original net in Figure A1. The monitor is used to make the unique siphon S = {p4 , p6 , M, R} controlled. It is verified that (N c , M0c ) is live. That is to say, liveness is enforced by the addition of a monitor. Item 13) of Definition 2 is hence satisfied, which also implies the truth of item 14). t1 v
p2
trf
tmf
t2
p1
p3 p5
M
tmr
p6
R
t3 trr
p4 t4
Figure A3: An M-net (N c , M0c ).
15
From the net system shown in Figure A3, Monitor v is associated with a minimal P-semiflow Iv = v + p2 + p3 + p5 . Note that Iv (v) = 1 and ∀p ∈ ||Iv || \ {v}, p ∈ PA . Thus item 15) of Definition 2 is true. We conclude that net system (N, M0 ) in Figure A1 is an M-net. We claim that net system (N, M0 ) in Figure A1 is not a G-system. First, let us present the definitions and results with respect to a G-system, which are primarily from [59].
16
Definition A1 A G-task is a Petri net GT = (N, M0 , MF ), where
10 11 12 13 14
17 18 19
• N = (P, T, F, W ) is a circuit-free Petri net with two special places i and o. The former is called a source place with • i = ∅ and the latter is called a sink place with o• = ∅.
21
• The augmented net N ∗ obtained from N by adding a transition t∗ with • t∗ = {o}, t∗• = {i}, and W (i, t∗ ) = W (o, t∗ ) = n is strongly connected.
22
• M0 = n.i and MF = n.o
23
• (N, n.i) is quasi-live.
20
25
Definition A2 A G-task GT is said to be sound if (i) ∀M ∈ R(N, n.i), n.o ∈ R(N, M ); (ii) ∀M ∈ R(N, n.i), M (o) ≥ n means M = n.o.
26
Proposition A2 Let GT be a G-task. GT is sound iff (N ∗ , n.i) is live and bounded.
27
Definition A3 A G-task GT is well-formed if ∃M0 = n.i such that GT is sound.
24
30
1 2
3 4
Theorem A1 Let GT be a G-task. GT is well-formed if ∃M0 = n.i such that (N ∗ , n.i) is bounded and satisfies the max-cs property. Definition A4 A G-task system with resources GT R is a Petri net (N R, M R0 , M RF ), where
6
• N R = (P ∪ PR , T, F ∪ FR , W ∪ WR ) is a net structure. P \ {i, o} is called the set of operation places.
7
• PR 6= ∅ is a set of resources with P ∩ PR = ∅.
8
• FR ⊆ (PR × T ) ∪ (T × PR ) is the flow relation of resources.
9
• ∀f ∈ FR , WR (f ) ≥ 1.
5
10
11
12 13
14
15
16 17 18 19 20 21
22 23
24 25
26 27
• ∀r ∈ PR , r is associated with a P-semiflow fr such that ||fr || ∩ PR = {r}. ∑|PR | ∑|PR | • M R0 = n.i+ j=1 kj .rj and M RF = n.o+ j=1 kj rj (∀j ∈ {1, 2, . . . , |PR |}, kj ≥ 1). • Subsystem G = (N, M0 , MF ) with N = (P, T, F, W ) is a G-task, where M0 and MF are the restrictions of M R0 and M RF to P , respectively. Definition A5 A G-system GS is recursively defined. • A GTR is a G-system • Let GSi = (N Si , M S0i , M SF i ) (i = 1, 2) be two G-systems such that P1 ∩ P2 = T1 ∩ T2 = ∅. We denote the set of shared resources by PR1 PR2 = PR1 ∩ PR2 . The system GS = (N S, M S0 , M F0 ) = GS1 ◦GS2 with N S = (P ∪PR , T, F ∪FR , W ∪WR ), resulting from the fusion of systems GS1 and GS2 over the set PR1 PR2 , is a Gsystem if (1) ∀r ∈ PR1 \ PR1 PR2 , M S0 (r) = M S01 (r); (2) ∀r ∈ PR2 \ PR1 PR2 , M S0 (r) = M S02 (r); and (3) ∀r ∈ PR1 PR2 , M S0 (r) = max{M S01 (r), M S02 (r)}. Definition A6 A G-system GS is well-formed if there exists an initial marking M S0 such that ∀M ∈ R(N S, M S0 ), M SF ∈ R(N S, M ). Proposition A3 Let S be a minimal siphon in the augmented net N S ∗ . There exists an initial marking M0 at which S is max-controlled. ∑ ∑ Let gS = f (r), r ∈ S ∩ PR ; Out(S) = ||gS || \ S; hS = f (p), p ∈ Out(S); λS = max{g(p)|p ∈ Out(S) ∩ ||hS ||}; and zs = gS − λS hS . Siphon S is max-controlled zST M0 >
∑
zS (p)(maxp• − 1)
p∈S 28 29
30 31
Therefore, there exists an initial marking at which siphon S is controlled. Also its controllability can be ensured by a monitor [59]. Theorem A2 Let GS be a G-system. GS is well-formed iff there exists an initial marking M S0 at which (N ∗ , M S0 ) is bounded and satisfies max-cs property.
31
1 2 3 4 5 6 7 8 9 10 11 12 13 14
From Definitions A1, A4, and A5, a G-system can be composed of a number of G-task systems with resources. While, a G-task system with resources is obtained by adding resources to a G-task. Note that a G-task is circuit-free, i.e., it is inadmissible to have loops in a G-task. However, a loop in an M-net is allowed. For example, p3 tmf p5 tmr p3 is a loop in Figure A1, which can model the fault occurrence and recovery of machine M. Specifically, tmf models that a fault occurs when machine M is performing some operation on a raw material and transition tmr means that a fault is recovered. Next we show that a G-system is an M-net. Shown in Figure A4(a) is a well-formed G-system and its augmented system by adding a transition t∗ is depicted in Figure A4(b). The net system shown in Figure A4(c) is obtained by merging o, i, and t∗ in (N ∗ , M S0 ) into an idle place p0 . Let u and v be two transition sequences consisting transitions in T (t∗ ∈ / T ). Let #(σ, t) denote the number of occurrences of transition t in σ, where σ is a transition sequence. The languages of a net system (N, M0 ) is defined as L = {σ|σ is a feasible transition sequence in (N, M0 )}. n
i
n i
n p0
n
t* n
o (a)
o (c)
(b)
Figure A4: (a) A G-system (N, M0 ), (b) augmented system (N ∗ , M S0 ), and (c) an equivalent net (N , M 0 ) of (N ∗ , M S0 ).
15 16
17 18 19 20 21
22 23
24
25 26
Definition A7 Let (N1 , M2 ) and (N2 , M2 ) be two net systems. They are said to be behaviorally equivalent if they have the same languages, i.e., L1 = L2 . Let T be the set of transitions in N ∗ and N , and σ = u1 t∗ . . . u2 t∗ . . . un−1 t∗ un be a feasible transition sequence in (N ∗ , M S0 ), where ∀i ∈ {1, 2, . . . , n}, #(ui , t∗ ) = 0. Let σ|T = u1 u2 . . . un be the transition sequence obtained by removing t∗ from σ. Let v be a feasible transition sequence in (N , M 0 ) and v ∗ be a transition sequence in (N ∗ , M S0 ) such that v = v ∗ |T , where #(v ∗ , t∗ ) ≥ 0. Definition A8 (N ∗ , M S0 ) is said to be behaviorally equivalent to (N , M 0 ) with respect to transition t∗ if 1. ∀σ ∈ L(N ∗ , M S0 ), σ|T ∈ L(N , M 0 ); 2. ∀v ∈ L(N , M 0 ), there exists v ∗ ∈ L(N ∗ , M S0 ) such that v = v ∗ |T is true, where #(v ∗ , t∗ ) ≥ 0.
32
1 2
Proposition A4 (N , M 0 ) is behaviorally equivalent to (N ∗ , M S0 ) with respect to transition t∗ .
6
Proof: It is easy for us to conclude that σ|T is feasible in (N , M 0 ) if σ is feasible in (N ∗ , M S0 ). If v is feasible in (N , M 0 ), then there exists a transition sequence v ∗ with v = v ∗ |T and #(v ∗ , t∗ ) ≥ 0 that is feasible in (N ∗ , M S0 ). By Definition A8, the proposition holds. ¤
7
Proposition A5 A well-formed G-system (N , M 0 ) is an M-net.
3 4 5
31
Proof: From Definitions A1 and A4, items 1), 2), 3), 4), and 5) in the definition of an M-net (Definition 2 in the mainbody of the manuscript) are satisfied. Now we show that (N , M 0 ) satisfies item 6) in Definition 2. By Theorem A2, (N , M 0 ) is bounded. By Definition A6, it is quasi-live. The conservativeness of (N , M 0 ) can be ensured by the fact that each place is associated with a P-semiflow. Item 7) is satisfied due to Definitions A1, A2, and A3, and Theorem A1. Items 8), 9), and 10) are true due to Definition A5. Deadlocks in an automated manufacturing system result from the existence of shared resources. That is to say, deadlocks do not exist if there is no shared resources in a system. Siphons are a structural object in a Petri net model of an automated manufacturing system, whose uncontrollability is the root of deadlock occurrences. In fact, if all siphons are controlled or max-controlled in a Petri net, it is deadlock-free. Without an external agent, an uncontrolled siphon can lead to deadlock transitions, making loss of system liveness. From a technical point of view, deadlocks are caused by shared resources and from a Petri net point of view, deadlocks are caused by uncontrolled siphons. Since a siphons is a set of places that can represent operations and resources, we conclude that item 11) holds. In the proof of Proposition 4.1 in [59], it is also shown that if S is an uncontrolled siphon in a G-system, S ∩ PR 6= ∅ is true. From Theorem A2, items 12) and 14) are satisfied. Siphon control can be considered as a GMEC (Generalized Mutual Exclusive Constraints) problem. Thus, it can be implemented by a monitor. Item 13) is true in a well-formed G-system. Monitors are used to limit the number resource units to be used by some operation places. From the structural theory (P-invariants) of Petri nets, item 15) is true. In summary, a well-formed G-system satisfies the definition of M-net. ¤
32
Theorem A3 An M-net is general than a well-formed G-system.
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
33
Proof: It follows from Propositions A1 and A5.
33
¤
