Keywords Abstract 1 Introduction and Motivation - CiteSeerX

TIME MEASURES AND STATE MAINTAINABILITY FOR A CLASS OF COMPOSED SYSTEMS Lawrence E. Holloway Dept. of Electrical Engineering and Center for Manufacturing Systems, University of Kentucky, Lexington, Kentucky 40506, USA

Keywords

Left-bin

Right-bin

This paper considers the composition of timed systems which interact with each other and externally through condition signals which enable and disable state changes. Bounds are determined on the maximum time necessary to change a condition to true or false, and on the minimum time a condition can be maintained true. Finally, we present results to determine if an external control can be used to drive a subsystem to a given state, and then maintain that state for any time period.

1 Introduction and Motivation This paper is motivated by problems in modeling and control of low-level automated manufacturing systems. The systems we consider are typically controlled by programmable logic controllers which directly turn on and o signals to devices in response to changing discrete sensor information. Such manufacturing systems can be represented as the composition of several elemental subsystems which each de ne the dynamics of a low-level state variable. State changes in these elemental subsystems are dependent upon state conditions in other subsystems and conditions of signals from an external controller. We consider the problem of determining if there exists a control policy (external condition assignment policy) that can drive a subsystem to a given state and maintain it in that state inde nitely. To illustrate the type of systems we examine, consider the simple workcell example in gure 1. The example consists of a robot which moves parts from either of two bins to a product on a conveyor. Different types of products may arrive on the conveyor; some will require a part from the left bin of parts,

c 1996 IEE, WODES96 { Edinburgh UK

proc. of the workshop on Discrete Event Systems

0 Please address all correspondence to L. E. Holloway at the

above address or email: [email protected]. This work has been supported in part by Rockwell International, NASA grant NGT-40049, NSF grant ECS-9308737, and the Center for Manufacturing Systems at the University of Kentucky.

bo Ro

Abstract

t

Timed Discrete Event Systems, state control, composed systems

Home Product

Conveyor

Figure 1: A simple robot workcell example. and some will require a part from the right bin of parts. The state of the workcell can be represented by the state of the robot arm position, the robot arm motor, the state of the two bins, the state of the gripper on the robot, the conveyor state, the state of the product on the conveyor, the state of the sensors, etc. Each of these elemental subsystems has its own set of states, and any state changes for such a subsystem may depend on the signals from the controller or conditions on the state of other subsystems. For example, state changes for the robot motor state (on-left, on-right, or o) depend on the signals coming from the controller. The robot arm position has the states left-bin, right-bin, and home, as well as intermediate states between these. Note that state changes in the arm position depend on the state of the robot motor. Similarly, when the gripper grasps a part, the next state of the gripper, representing the type of part held, depends on which bin the arm was over when the gripper was activated. The example of the robot workcell presents several important issues for control, one of the most important of which is the speed of response of the dierent subsystems. In an untimed system, there is no assurance that the arm position can be stopped over a particular bin, since there is no knowledge that the state of the motor can be changed to o rapidly enough once the arm is over that bin. In other words, the arm may shoot right past the intended bin before the motor can move to the o state. If we consider timed dynamics, however, then we can determine if a given state of a subsystem can be reached and main-

tained for a given time in that state. Modular speci cation of discrete event system models has been considered by many authors. Research following the lead of Ramadge and Wonham typically considers subsystems which interact through synchronization of events. One drawback of this form of interaction is that all events must be accepted and modelled within all subsystems, even when a subsystem may not have any physical relationship to a given event. Heymann [1], and later Kumar and Shayman [2] address this limitation with prioritized synchronous composition, where only events in a system's priority set require synchronization. However, when modeling low-level physical systems, either event synchronization paradigm may be less appropriate in some cases than an interaction based on state conditions. Sreenivas and Krogh and other researchers have considered system models that interact through both event signals and state condition signals [3]. Several researchers have considered control of timed discrete event systems. Cofer and Garg [4] and Brave and Krogh [5]) consider control of timed marked graphs, a class of timed Petri nets. Brandin and Wonham extended the Ramadge and Wonham control theory to timed systems using the notion of a tick event to track time [6]. It should be noted that Brandin and Wonham do consider the composition of timed systems, but using synchronous composition of events as compared to our state-based condition interactions. They do not consider the notion of speed of response of dierent component systems, except for the controller which they assume is fast enough to force events. In section 2, we present a class of timed system models composed of element nets, a class of Petri nets with external condition inputs. The element nets interact with each other through condition labels, that may be driven by other element nets or by an external controller. In section 3, a method is presented for calculating bounds for the time behavior of a class of composed systems. In particular, we can determine a bound on the maximum time for an external controller to drive a particular condition to a true or false, and a bound on the minimum time that an external controller can maintain a given condition in a true state. Section 4 applies these results to determine time measures associated with controlling a system to a given state and maintaining it at that state. An example is presented in section 5.

2 Element nets Before formally de ning element nets and their operation, we give a summary of several key ideas which we develop. First, the systems we consider consist of a set of element nets, each of which is a form of Petri net, and each of which characterizes the opera-

tion of dierent portions of the system. The element nets interact with each other through condition labels. Places in an element net are associated with condition labels, and a condition label is said to be true if the element net is in a state corresponding to a place with that label. Other element nets use these labels as ring conditions on their transitions: each transition has a set of substate conditions, output from other nets or from an external control, each of which must be true for a period of time for the transition to be enabled to re. Let L be a set of condition labels, including the empty label ". Formally, we de ne an element net as a tuple G = (PG ; TG ; EG ; g; '; r; MG), where PG is a set of places, TG is a set of transitions, and EG (PG TG ) [ (TG PG ) is a set of arcs. The labeling function g associates sets of labels to places, such that for all p 2 PG , g(p) L. The function ' : TG ! 2L associates an enabling condition set to each transition. The residence time function r gives a half-closed interval subset of [0; 1) to each transition in the net. Speci cally, for any transition t, r(t) = [rmin (t); rmax (t)), where rmin (t) denotes the minimum of the interval, and rmax (t) denotes the limit of the maximum of the interval. A marking m : PG ! f0; 1; : : :g of an element net G is a function that associates a nonnegative integer to each place in G. We will say that a place p is marked if m(p) is nonzero. MG is a set of initial markings for the net G, and will be discussed more later. Given a place p and the set of arcs EG , the set of transitions which are outputs to p is denoted p t TG , and the set tof transitions which are inputs to p is denoted by p TG . An element net is a state graph if each transition has exactly one input place and exactly one output place. A condition system consists of a nonempty set G = fG1 ; G2 ; : : : Gn g of element nets over a common set of labels L. Let PG , TG , and EG be the union of places, transitions, and arcs, respectively, among all element nets in G . The function g for the system is the obvious extension of the labeling function from the individual nets over the domain P1 [P2 [ Pn . The functions ' and r are the obvious extensions of the functions on the individual nets to the domain T1 [T2 [ Tn . The set MG is the set of all markings de ned over PG , such that for any m 2 MG , the projection of m onto element net places PG is a subset of MG . Given a system G , we generalize the notation such that for any P PG , g(P ) = [p2P g(p), and for any T T , '(T ) = [t2T '(t). An external condition assignment uG associates a value in f0; 1g with each label in '(TG ) ? g(PG ), and UG is the set of all such condition assignments for G . A feedback condition assignment policy is a mapping UG : MG ! 2UG ( )

( )

1

1

which associates a set of condition assignments to each marking in the set MG . Given a set of condition labels, L L, a marking m 2 MG , and an external condition assignment u 2 UG , we can now de ne a condition evaluation function, f , such that f (L; m; u) = 1 if for each ` 2 L, either u(`) = 1 or there exists a p 2 PG with ` 2 g(p) such that m(p) 1. Thus for each label in L, either the label corresponds to a place in the system that is marked under the current marking, or the label has been assigned a value of one by the external condition assignment u. We can now de ne the dynamics of our system models. Given a system G , a transition set T 2 TG is marking enabled if

m(p) j p t \ T j for all p 2 p t; t 2 T: ( )

( )

The set T is condition enabled if

f ('(t); m; u) = 1 for all t 2 T: The state of the system at a given time is represented as a triple (m ; T ; c ), where m is a marking, T T is a set of transitions said to re at time , and c : T ! [0; 1) [ f?1g de nes the enabling clock values for each transition in the system, where c(t) 2 [0; rmax(t)) for a transition t that is marking enabled and condition enabled at time , and c(t) = ?1 otherwise. Let (m ? ; T ? ; c ? ) indicate the state immediately prior to time , and let u ? denote an external condition assignment immediately prior to time .

De nition 1 Given a system G , a valid evolution of the state satis es the following for all time :

1. T must be both marking enabled and condition enabled under m ? and u ? , and c ? (t) 2 [rmin (t); rmax (t)). 2. For all p 2 PG ,

m (p) = m ? (p)? j p t \ T j + j t p \ T j ( )

( )

3. For any transition t 2 TG , if ftg is marking enabled and condition enabled under m and u but not under m ? and u ? , then c (t) = 0. While t is marking enabled and condition enabled at time , c (t) increases with a rate of 1, and c (t) 2 [0; rmax (t)). Otherwise, c (t) = ?1.

From the above de nition, we see that the marking is updated at a time by ring a set of transitions T , each of which has been both marking enabled and condition enabled over a period at least

rmin (t) and less than rmax (t). It can thus be consid-

ered that upon a transition becoming enabled, a ring delay between rmin (t) and rmax (t) is chosen, such that t will never be continuously enabled longer than rmax (t) without ring (although the transition may become disenabled before its intended ring time, in which case the ring does not happen). The clock for each transition is an indication of how long the transition has been enabled. Given a marking m, a marking m0 is said to be reachable from m if there exists some external condition assignment policy and some valid evolution of the system and times ; 0 , such that m = m , and m0 = m 0 . Let R(m) be the set of markings reachable from m. We will assume that the set of initial markings MG is closed under reachability, i.e. MG = [m2MG R(m). Finally, we note that a system G can be converted into a single controlled timed Petri net in a straightforward manner. A condition on a transition is the same as having a self-loop to a place with the associated condition label. For labels associated with more than one place, then the multiple transitions in parallel must be used, where each transition has a sel oop with a dierent combination of places which are associated with each label in '(t).

3 Time measures In this section, we determine bounds on the time to change a condition to true or to false, and a bound on the time that a condition can be maintained true. Before de ning the time measures, some additional terminology is necessary. Given a system G , let Depend(`) be the set of all conditions such t 0 0 that ` 2 Depend(`) if either ` 2 '(p ) for some p 2 g?1 (`), or `0 is mutually exclusive of ` over all MG . For the case where `0 2 '(p t ) for p 2 g?1 (`), maintaining `0 true would enable a transition that then might re, possibly making ` false. Thus, Depend(`) consists of conditions that cannot be true while ` is true, or else might enable ` to become false. Note that Depend(`) = ; when ` 62 g(PG ). Finally, let p0 ;p denote the set of paths (along arcs in EG ) leading from place p0 to place p. A path 2 p;p0 is a sequence of places and transitions in net G beginning with p0 and ending with p. Sometimes we will operate on as if it were the set of places and transitions in the path. Thus, t 2 denotes a transition in . We de ne time measures for a system G as functions MaxToFalseG : L ! rmin (t) for `0 2 '(t). We now proceed to de ne a class of systems for which the time measures de ned above are unique and are guaranteed to satisfy the bounding property. These systems are constructed from the composition of smaller systems. The requirement for the composition of these systems is de ned in the following.

De nition 4 Given systems G and G , G is said to satisfy the Merger Condition (MC) with respect to G if each of the following is true: 1

2

2

1

1. G2 is a state graph with a single marked place for all m 2 MG ; 2

2. No two places in a sequence share the same label: g(p) \ g(p0 ) = ; for any p; p0 2 PG such that p t \ t p0 6= ;; 3. labels determined by G2 are not referenced or determined elsewhere in the composed system: g(PG ) \ (g(PG ) [ '(TG ) [ '(TG )) = ; 4. Conditions for transitions are independent: For each t 2 TG and `1 ; `2 2 '(t), `1 62 Depend(`2 ). 5. Con icting transition conditions are tindependent: For any p 2 P2 and t1 ; t2 2 p , 9`1 2 '(t1 ); `2 2 '(t2 ) such that g?1 (`1 ) \ g?1 (`2 ) = ;. ( )

2

( )

2

1

1

2

2

( )

It should be noted from the above de nition that there are no restrictions on G1 other than that its output labels cannot also be outputs of G2 . Thus G1 could be a system already composed of multiple other systems. We can then recursively compose systems, as long as each new subsystem that we add (e.g. G2 ) satis es the merger conditions. The lemma below gives us time measures for a base case subsystem on which we can compose our systems.

Lemma 1 Let G be a system with g(PG ) = ;. The unique and valid time measures for the system are such that for all ` 2 L, MaxToTrueG = 0, MaxToFalseG (`) = 0, and MinMaintG (`) = 1. Fur1

thermore, these time measures satisfy the bounding property.

Proof: Since g(PG ) = ;, then the value of the time measures follow directly from de nition 3. It only remains to be shown that the valuations satisfy the bounding property. Note that the policy U such that U (m) = fuoneg for all m where uone (`) = 1 for all ` is sucient for MaxToTrueG (`) = 0 to satisfy the bounding property. Similarly, the external condition assignment policy that assigns all conditions to zero is sucient for MaxToFalseG to satisfy the bounding property. Finally, for any initial marking, a condition assignment policy that is constant for all markings will not have any condition value changes, thus trivially satisfying the boundary requirement property for MinMaintG .

to G1 , then the time measures for G1 [ G2 are unique and satisfy the bounding property.

Proof: First we consider ` 2 g(PG ). Since g(PG ) \ '(TG [TG ) = ;, then no transition rings in system G are aected by any conditions in G , so the time measures for labels in G remain the same as before 1

2

1

the systems were composed. Now consider the system G2 . First we show that for any t 2 TG , the transition can be made to re by MaxTimeG1 [ G2 (t). From the de nition, we note that MaxTimeG [G (t) depends only on time measures for ` 2 '(t), and from MC, '(t)\g(PG ) = ;, so all time measures for ` 2 '(t) are known and satisfy the bounding property. If MinMaintG (`) rmax (t) for any ` 2 '(t), then each ` 2 '(t) can be individually maintained long enough to ensure t will re. By restriction 4, the conditions in '(t) are not mutually exclusive, and no set of conditions in '(t) enables another condition in '(t) to become false, so all ` 2 '(t) can be maintained simultaneously until t res. By restriction 5 in MC, any transitions in con ict with t can be disabled without disabling t. Thus, before time rmax , t will re. Since it will take less than MaxToTrueG (`0 ) to make each condition `0 2 '(t) on t true, and since t will re after being enabled at most for time rmax , then there exists an external condition assignment policy t that assures that t will re before time MaxTimeG [G (t). Next, we consider MaxToTrueG [G (`) for any ` 2 g(PG ). Since G2 is a state graph, then under any marking, some p0 2 PG is marked. The time for a token to move from p0 along a path to a place p 2 g?1 (`) is less than or equal to the sum of MaxTimeG [G (t) for all t in the path. MaxToTrueG [G (`) considers the shortest time path from each p0 2 PG to any place in g?1 (`), and then the longest time among all p0 2 PG . Thus, ` can be made true in a time no greater than MaxToTrueG [G (`), so the bounding property is satis ed for it. To determine MaxToFalseG [G (`) for each place p 2 PG with label `, the equation in de nition 3 considers all output transitions of that place and selects the transition with the shortest MaxTimeG [G (t). Since a marking enabled transition t can be guaranteed to re before MaxTimeG [G (t), then the place p can be unmarked within that time. Requirement 2 in MC ensures that the transition ring will falsify `, since no output place of the transition will have label `. Repeating this reasoning for all places with label ` shows that the label ` can be made false within time MaxToFalseG [G (`). Finally, we consider MinMaintG [G as a bound on how long a condition ` can be maintained true. At a minimum, a condition will be maintained until rmin of some transition has passed. To maintain a 2

1

2

2

1

1

1

1

Lemma 2 Consider two systems G and G such that the time measures for G satisfy the bounding property. If G satis es condition MC with respect 1

1

2

2

2

2

2

2

1

1

2

2

2

2

1

2

1

2

2

1

1

The next lemma shows that in composing two systems, if the bounding property holds for the time measures of subsystem G1 and if G2 satis es MC with respect to G1 , then the time measures in the composed system can be determined and will satisfy the bounding property.

2

1

2

1

1

2

2

1

2

2

condition true longer, transitions which are outputs of each place p 2 g?1(`) must be disabled before time rmin . This means that MaxToFalse(`0 ) < rmin (t) for each such output transition, so the set T` must be empty. In this case, each transition can be disabled inde nitely and repeatedly, so MinMaintG [G = 1 is a bound for maintaining `. 1

t3 M_OnLeft

t4 M_Off

t1

M_OnRight

t2

2

t12

t11 LR

4 Targetability and Maintainability In some situations, we are interested in the logical properties of whether a given condition can be made true in a system, and if the condition can then be maintained true inde nitely. The actual values of the time measures may not be of interest aside from determining if these properties hold. These properties are formally de ned in the following two de nitions.

De nition 5 A condition ` is targetable if there exists some time ` such that for any initial state (m ; ;; c ), there exists a condition assignment policy and time ` such that f (f`g; m ; u ) = 1. 0

0

De nition 6 A condition ` is maintainable if for any initial state (m ; ;; c ), there exists a condition assignment policy such that for any time , if f (f`g; m ? ; u ? ) = 0 and f (f`g; m ; u ) = 1, then f (f`g; m 0 ; u 0 ) = 1 for all 0 > . 0

0

The following two lemmas then follow directly from the de nition of the bounding property.

Lemma 3 Given a system G with time measure MaxToTrueG satisfying the bounding property, a condition ` 2 L is targetable if MaxToTrueG (`) < 1. Lemma 4 Given a system G with time measure MinMaintG satisfying the bounding property, a condition ` is maintainable if MinMaintG (`) = 1. Note that a condition assignment policy for maintaining a place p may necessarily not be the zero control. If an output transition t of p is condition enabled, but no conditions in '(t) are externally assignable, then a nonzero control may be necessary to allow the marking of other element nets to change to falsify the condition before time rmin (t). In contrast, for untimed nets, a marking can be maintained under the zero control if it can be maintained at all [7]. Finally, we present a rather course result that gives suciency for whether a condition will be maintainable in a composed system.

Lemma 5 Consider two systems G1 and G2 such that G2 satis es MC with respect to G1 . Let

R-bin

L_bin t10 t16

t9

t5

t8

LH

t6

Home

RH

t7

t15

t13

t14

Figure 2: The element nets for the robot arm and its motor.

MTF (G1 ) be a number such that MTF (G1) > MaxToFalseG (`) for all ` 2 g(PG ), where MaxToFalseG satis es the bounding property. All conditions ` 2 g(PG ) are maintainable in G1 [ G2 if for all transitions t in G2 , either 1

1

1

2

1. '(t) 6 g(PG ), or 2. '(t) 6= ; and MTF (G1 ) < rmin (t). 1

Proof: To show a condition ` from G is maintainable, we need to show that each transition t in G which may falsify ` can be disabled. If '(t) 6 g(PG ), then there exist conditions in '(t) ? g(PG ) that are 2

2

1

1

externally assignable and can be set to a value zero to disable the transition. Alternatively, t can be disabled if we can falsify ` for some `0 2 '(t) \ g(PG ). Since `0 2 g(PG ), then MaxToFalseG [G (`0 ) < MTF (G1 ), so MaxToFalseG [G (`) < rmin (t). Since MaxToFalse satis es the bounding property, then `0 can be made false before t has been enabled long enough to re. 1

1

1

1

2

2

5 Example To illustrate the results of the preceding section, we return to the workcell example. Figure 2 shows the element nets of the robot arm motor and the robot arm position. Table 1 shows the conditions and the residence time intervals on the dierent transitions in the net. From the nets, we can calculate the following: MaxToTrue( PowerOnLeft) = 0

Table 1: Transition enabling conditions and residence times t1 f PowerOnLeftg [.1,.2] t2 f PowerOffg [.1,.2] t3 f PowerOffg [.1,.2] t4 f PowerOnRightg [.1,.2] t5 ; t7 ; t9 f M OnLeftg [1,2] t6 ; t8 ; t10 f M OnLeftg [4,5] t11 ; t13 ; t15 f M Onrightg [1,2] t12 ; t14 ; t16 f M Onrightg [4,5]

6 Summary In this paper, a method is given for calculating bounds on time dynamics for a class of systems composed of element nets. These systems interact with each other and with an external controller through conditions on their state. The time bounds are important for characterizing the relative speed of response of the subsystems, since this may in uence the ability of control to target or maintain a state. Current research is aimed at developing synthesis methods for such control laws that can target a state condition or a sequence of state conditions.

0 References 0 Heymann. Concurrency and discrete :2 for i 2 f1; 2; 3; 4g [1] Michael event control. IEEE Control Systems Magazine, 0:4 10(4):103{112, June 1990. 0:4 [2] M. Shayman and R. Kumar. Supervisory control 0:2 of nondeterministic systems with driven events 0:2 via prioritized synchronization and trajectory models. SIAM Journal of Control and Optimiza1 tion , 33(2):469{497, March 1995. 1 [3] R.S. Sreenivas and B.H. Krogh. On condiFor the arm position element net, we are interested tion/event systems with discrete state realizain determining the maintainability and targetability tions. Discrete Event Dynamic Theory and Apof condition R-bin. plications, 1(2), September 1991. MaxTime(ti ) = 2:4 for i 2 f5; 7; 9; 11; 13; 15g [4] Darren D. Cofer and Vijay K. Garg. Supervisory MaxTime(ti ) = 5:4 for i 2 f6; 8; 10; 12; 14; 16g control of real-time discrete event systems using lattice theory. IEEE Transactions on Automatic MaxToTrue( R-bin) = 13:2 Control, 1996. to appear. MaxToFalse( R-bin) = 2:4 [5] Y. Brave and B. H. Krogh. Maximally permissive MinMaint( R-bin) = 1 policies for controlled time marked graphs. In Proc. 12th IFAC World Congress, pages I:263{ Note that since MaxToTrue( R-bin) < 1, then 266, Sydney, Australia, July 1993. R-bin is targetable. Since MinMaint( R-bin) = 1, then R-bin is maintainable. Maintainability could [6] B.A. Brandin and W.M. Wonham. Supervisory also have been determined through lemma 5. For control of timed discrete-event systems. IEEE this example, maintainability of R-bin means that Transactions on Automatic Control, 39(2):329{ the control and motor can react quickly enough to 342, February 1994. prevent the arm from moving through and beyond [7] L. E. Holloway and B. H. Krogh. Synthesis of the R-bin state. feedback control logic for a class of controlled In the above calculations, MaxToTrue( R-bin) Petri nets. IEEE Trans. on Automatic Control, was determined to be 13:2. This value corresponds 35(5):514{523, May 1990. Also appears in Disto a path from place labeled LH to place labeled crete Event Dynamic Systems: Analyzing ComR-bin, with two transitions with MaxTime of 5.4 plexity and Performance in the Modern World, and one transition with MaxTime of 2.4. However, edited by Y.C. Ho, IEEE Press, New York, 1992. it is easy to see that since each of the transitions in the path will depend on the same condition being true (either M OnLeft or M Onright, depending on which path selected), then no time is necessary for making the condition true for subsequent transitions after it has already been made true for the rst transition. Thus, R-bin can in fact be achieved in only 12:4 time units. This illustrates that the time measures are bounds, but may not be strict bounds. MaxToTrue( PowerOnRight) MaxToTrue( PowerOff) MaxTime(ti ) MaxToTrue( M OnLeft) MaxToTrue( M Onright) MaxToFalse( M OnLeft) MaxToFalse( M Onright) MinMaint( M Onright) MinMaint( M OnLeft)

= = = = = = = = =