Supervisor synthesis for discrete event systems under partial observation and arbitrary forbidden state specifications

Abstract

In this paper, we consider the forbidden state problem in discrete event systems modeled by partially observed and partially controlled Petri nets. Assuming that the reverse net of the uncontrollable subnet of the Petri net is structurally bounded, we compute a set of weakly forbidden markings from which forbidden markings can be reached by firing a sequence of uncontrollable/unobservable transitions. We then use reduced consistent markings to represent the set of consistent markings for Petri nets with structurally bounded unobservable subnets. We determine the control policy by checking if the firing of a certain controllable transition will lead to a subsequent reduced consistent marking that belongs to the set of weakly forbidden markings; if so, we disable the corresponding controllable transition. This approach is shown to be minimally restrictive in the sense that it only disables behavior that can potentially lead to a forbidden marking. The setting in this paper generalizes previous work by studying supervisory control for partially observed and partially controlled Petri nets with a general labeling function and a finite number of arbitrary forbidden states. In contrast, most previous work focuses on either labeling functions that assign a unique label to each observable transition or forbidden states that are represented using linear inequalities. More importantly, we demonstrate that, in general, the separation between observation and control (as considered in previous work) may not hold in our setting.

Appendix: Complexity analysis of Algorithm 2

1.1 A.1 Lemmas

Before discussing the computational complexity of Algorithm 2, we first introduce some notation.

Given a partially observed and partially controlled Petri net Q, the unobservable subnet is denoted by \(N_{T_\mathrm{uo}}\), and has n _uo = |P _uo| places and m _uo = |T _uo| transitions. Under Assumption A2, the unobservable subnet is structurally bounded or, equivalently, there exists an n _uo-dimensional column vector y ₁ with positive integer entries, such that \(y_1^T D_\mathrm{uo} \leq \textbf{0}_{m_\mathrm{uo}}^T\), where D _uo is obtained from D by keeping rows that correspond to places in P _uo and columns that correspond to unobservable transitions in T _uo. Similarly, the uncontrollable subnet is denoted by \(N_{T_\mathrm{uc}}\), and has n places and m _uc = |T _uc| transitions. Under Assumption A3, the reverse net of \(N_{T_\mathrm{uc}}\) is structurally bounded or, equivalently, there exists an n-dimensional column vector y ₂ with positive integer entries, such that \(y_2^T (-D_\mathrm{uc}) \leq \textbf{0}_{m_\mathrm{uc}}^T\), where D _uc is obtained from D by keeping columns that correspond to uncontrollable transitions in T _uc.

The following lemma (refer to Theorem 2 in Ru and Hadjicostis 2009) gives an upper bound on the number of markings consistent with an observation sequence ω in a partially observed and partially controlled Petri net Q with labeling function L and a structurally bounded unobservable subnet.

Lemma 1

Consider a partially observed and partially controlled Petri net Q with labeling function L and a structurally bounded unobservable subnet \(N_{T_\mathrm{uo}}\) . If the observation sequence ω has length k , then the number of consistent markings is upper bounded by

$$ (1+ a_1 + a_2k)^{n-n_\mathrm{uo}}(1+c_1 + c_2 k)^{n_\mathrm{uo}}, $$

where ¹⁰ \(a_1 = \max_{p \in P\backslash P_\mathrm{uo}} M_0(p)\) , \(a_2 = \max_{p \in P\backslash P_\mathrm{uo}, t \in T_o} D(p,t)\) , \(c_1 = y_{1}^T M_0^{uo}\) , and c ₂ is the maximal entry of \(y_{1}^T D_o^{uo}\) (note that \(M_0^{uo}\) is the restriction of M ₀ to places in P _uo, and \(D_o^{uo}\) is the submatrix of the incidence matrix D that has rows that correspond to the places in P _uo and columns that correspond to the transitions in T _o ).

In Lemma 1, a ₁, a ₂, c ₁, c ₂ are constants which depend on the initial state M ₀ and the incidence matrix D, and thus the number of markings consistent with a k-length observation sequence is \(\mathcal{O}(k^n)\). Also, in the derivation of the above bound, one obtains that for each place p ∈ P _uo and any \(M \in \mathcal{C}(\omega)\), 0 ≤ M(p) ≤ c ₁ + c ₂ k.

1.2 A.2 Reachability analysis

Both Step 1 of Algorithm 1 and Proposition 1 involve reachability analysis: in Step 1 of Algorithm 1, one needs to calculate all markings that are reachable from a reduced consistent marking M by a sequence of unobservable transitions, while in Proposition 1, one needs to calculate all markings that are reachable from a forbidden marking M by a sequence of uncontrollable transitions in the reverse net of the uncontrollable subnet. In general, one could formulate the following reachability problem: given a K-bounded Petri net \(G = \langle N, M_0 \rangle\) with n places and m transitions, calculate all markings reachable from M ₀. To solve the problem efficiently, we propose a method based on a data array \(\mathcal{DA}\) of dimension B ⁿ, where B = K + 1. Each element of the array is shown in Fig. 9. Before we explain the array in detail, we first recall the following injective transformation function as defined in Ru et al. (2004).

Fig. 9

Data structure used for reachability analysis

Definition 11

Given a K-bounded Petri net G, the transformation function Γ: R(G) →N ₀ is defined as,

$$ \Gamma (M) = M (p_{1}) + M (p_{2}) B + M (p_{3}) B^2 + \cdot\cdot\cdot + M (p_{n}) B^{n-1} $$

where B = K + 1, M ∈ R(N, M ₀).

Given a marking M, the value Γ(M) can be calculated via the following recursion

$$ \begin{array}{lll} S_1 &= M(p_n)\\ S_2 &= B \times S_1 + M(p_{n-1})\\ &\vdots\\ S_k &= B \times S_{k-1} + M(p_{n+1 -k})\\ &\vdots\\ S_n &= B \times S_{n-1} + M(p_1) \end{array} $$

and Γ(M) = S _n . It can be verified that the complexity of this recursion is 2(n − 1) in terms of the number of additions and multiplications.

For any marking M ∈ R(N, M ₀), we first calculate Γ(M) and use Γ(M) as the index for M in the array \(\mathcal{DA}\). In the element with index Γ(M), the field “State” (in Fig. 9) stores the state M, the field “Mark” is binary and is initialized to be 0, the field “#neighbors” is equal to

$$ |\{M^{\prime} \in \mathbb{N}^n ~|~ \exists t \in T: M[t\rangle M^{\prime}\}|~, $$

and the pointer field points to a linked list representing the set

$$ \{\Gamma(M^{\prime}) ~|~ \exists t \in T: M[t\rangle M^{\prime}\}~. $$

Intuitively, the element corresponding to marking M includes necessary information of all one-step reachable markings. Because the Petri net is K-bounded and B = K + 1, the array is large enough to store all possible reachable markings for the Petri net. Based on this data array, we propose the following reachability algorithm.

Algorithm 3 Calculation of reachable markings

Input: A K-bounded Petri net \(G = \langle N, M_0 \rangle\) with n places and m transitions.

Output: A representation of all reachable markings.

1. Initialize the data array \(\mathcal{DA}\) for B n markings, where B = K + 1. \(\mathcal{DA}(\Gamma(M))\), the element corresponding to M in the array, has the structure shown in Fig. 9, and is initialized with “state” being M, “Mark” being 0, “#neighbors” being \(|\{M^{\prime} \in \mathbb{N}^n ~|~ \exists t \in T: M[t\rangle M^{\prime}\}|\) and the pointer field pointing to a linked list representing the set \(\{\Gamma(M^{\prime}) ~|~ \exists t \in T: M[t\rangle M^{\prime}\}\).

2. Initialize Q to the set11 {Γ(M 0) }.

3. While Q ≠ ∅

Pick one element s in Q

Change the field “Mark” in the element \(\mathcal{DA}(s)\) to be 1.

For any s ′ in the linked list pointed by the pointer in \(\mathcal{DA}(s)\)

If the “Mark” field of \(\mathcal{DA}(s^{\prime})\) is 0, add s ′ to the set Q.

Remove s from the set Q.

4. The states corresponding to the elements of the array with the field “Mark” being 1 form the set of all reachable markings.

We first explain the algorithm before analyzing its complexity. In Step 1, we build the data array, a process that involves the calculation of all possible one-step state transitions in the Petri net. In Steps 2 and 3, we mark all reachable states starting from M ₀ by traversing the data array. The algorithm must stop because the number of reachable states is bounded. In Step 4, we obtain a representation of all reachable markings using the data array.

We now analyze the computational complexity of the algorithm. In Step 1, we build the array for any marking M among B ⁿ possible markings and the complexity is

$$B^n \times ( 2(n-1) + m \times (n + n + 2(n-1)) )~,$$

where the first 2(n − 1) is the complexity of calculating Γ(M), m refers to the number of transitions, the first n in m ×(n + n + 2(n − 1)) refers to the number of comparisons to determine if transition t (among m transitions) is enabled or not, the second n in m ×(n + n + 2(n − 1)) refers to the number of additions to calculate the next state M ^′ if transition t is enabled, and the last 2(n − 1) refers to the calculation of Γ(M ^′). The complexity of Step 1 is roughly \(\mathcal{O}(nmB^n)\). The complexity of Steps 2 and 3 is roughly \(\mathcal{O}(mB^n)\) because any state can be marked to be 1 at most once and can reach at most m other states. In summary, the complexity of Algorithm 3 is \(\mathcal{O}(nm B^n)\), where B = K + 1.

1.3 A. 3 Complexity of Algorithm 2

Now we examine the computational complexity of Algorithm 2.

Stage 1: :

Offline Checking of Supervisor Existence

In Step 1, we calculate the set of weakly forbidden markings W(M _F ) following Proposition 1. For any marking M ^′ reachable from some M ∈ M _F , there exists a firing vector σ such that

$$ M^{\prime} = M + (-D_\mathrm{uc}) \sigma~. \label{equation} $$

(6)

Since \(N^{\prime}_{T_\mathrm{uc}}\) is structurally bounded, there exists a vector y ₂ such that \(y_2^T (- D_\mathrm{uc}) \leq \textbf{0}_{m_\mathrm{uo}}^T\). If we left-multiply by \(y_2^T\) on both sides of Eq. 6, we get

$$y_2^T M^{\prime} = y_2^T M + y_2^T (- D_\mathrm{uc}) \sigma \leq y_2^T M~$$

Therefore, for any place p, \(0 \leq M^{\prime}(p) \leq y_2^T M^{\prime} \leq y_2^T M\). To apply Algorithm 3, we could choose K to be \(y_2^T M\). Therefore, the set of markings reachable from M in the reverse net of the uncontrollable subnet can be calculated with complexity \(\mathcal{O}(nm_\mathrm{uc} (y_2^T M + 1)^n)\) using Algorithm 3. One straightforward way to calculate all weakly forbidden markings is to apply Algorithm 3 |M _F | times and the complexity is

$$ \sum\limits_{M \in M_{F}} \mathcal{O}(nm_\mathrm{uc} (y_2^T M+1)^n) $$

which can be relaxed as

$$ \mathcal{O}\left(|M_{F}|nm_\mathrm{uc} \left(\max_{M \in M_{F}}y_2^T M+1\right)^n\right)~. $$

However, there is a more efficient implementation. We choose K as

$$ \max\limits_{M \in M_{F}} y_2^T M $$

and change Step 2 of Algorithm 3 as follows: let Q be {Γ(M)  |  M ∈ M _F }. Then the output of the changed algorithm is the set of weakly forbidden markings. The complexity is

$$ \mathcal{O}\left(nm_\mathrm{uc} \left(\max\limits_{M \in M_{F}} y_2^T M + 1\right)^n\right)~. $$

In Step 2, we check if M ₀ ∈ W(M _F ). With the data array, the checking can be done by first calculating Γ(M ₀) and then checking if the field “Mark” of the element with index Γ(M ₀) is 1 or 0: if the field “Mark” is 1, then M ₀ ∈ W(M _F ); otherwise, M ₀ ∉ W(M _F ). The complexity is \(\mathcal{O}(n)\) because accessing an array can be done in constant time; the complexity is essentially the complexity of calculating Γ(M ₀).

Stage 2: :

Online Determination of Control Policy

The bulk of the online computation is due to Step 2 and Step 5 in Stage 2 of Algorithm 2. If ϕ ^′ is of length k − 1, then \(\mathcal{C}_r (\phi^{\prime}) \subseteq \mathcal{C} (\phi^{\prime}) \subseteq \mathcal{C}(\omega)\) and \(|\mathcal{C}_r(\phi^{\prime})| \leq |\mathcal{C}(\omega)| = \mathcal{O}((k-1)^n)\). Similarly, \(|\mathcal{C}_r(\phi^{\prime} T^{\prime})| \leq \mathcal{O}(k^n)\).

Before analyzing Step 2, we first analyze the complexity of updating the set of reduced consistent markings using Algorithm 1. Given \(\mathcal{C}_r (\phi^{\prime})\), we want to compute \(\mathcal{C}_r (\phi^{\prime} T^{\prime})\). For any \(M \in \mathcal{C}_r (\phi^{\prime})\), we first need to calculate the set of markings reachable from M in the unobservable subnet,¹² which will give us \(\mathcal{C}(\phi^{\prime})\). Recall the bound on the number of tokens that each place p ∈ P _uo can have for any \(M^{\prime} \in \mathcal{C}(\omega)\) in Appendix A.1, namely \(0 \leq M^{\prime}(p) \leq c_1 + c_2 k\), where c ₁ and c ₂ are given in Lemma 1. Therefore, the set of markings reachable from any \(M \in \mathcal{C}_r(\phi^{\prime})\) in the unobservable subnet can be calculated with complexity \(\mathcal{O}(n_\mathrm{uo} m_\mathrm{uo} (c_1 + c_2 k + 1)^{n_\mathrm{uo}})\) using the more efficient version of Algorithm 3 for a set of initial states. After computing \(\mathcal{C}(\phi^{\prime})\), we compute \(\mathcal{C}_r (\phi^{\prime} T^{\prime})\) using the procedure in Algorithm 1. The complexity is

$$ \mathcal{O}\left(\left|\mathcal{C} \left(\phi^\prime\right)\right| \times \left|T^\prime\right| \times \left(n + n + n \left|\mathcal{C}_r \left(\phi^\prime T^\prime\right)\right|\right)\right), $$

where the first n corresponds to checking if the transition is enabled or not, the second n corresponds to the calculation of the next marking M ^′, and the last term corresponds to checking if M ^′ has appeared in \(\mathcal{C}_r (\phi^{\prime} T^{\prime})\) using linear search. The complexity is roughly \(\mathcal{O}(nmk^{2n})\). Putting these results together, we have that the complexity of updating reduced consistent markings is

$$ \mathrm{UpdateComplexity} = \mathcal{O} (nmk^{2n})~. $$

As only the update of reduced consistent markings is involved in Step 5, this complexity is also the complexity of Step 5. In Step 2, the complexity can be expressed as

$$ |T_c| \times ( \mathrm{UpdateComplexity} + |\mathcal{C}_r (\phi^\prime T^\prime)| n )~, $$

where the last n refers to the complexity of checking if a reduced consistent marking is weakly forbidden. The complexity in Step 2 is roughly \(\mathcal{O}(nm^2k^{2n} + nmk^n) = \mathcal{O}(nm^2k^{2n})\). In summary, the complexity of one iteration from k − 1 to k is \(\mathcal{O}(n{m^2}k^{2n})\). If we start with the empty string, the cumulative complexity of the online computation up to an observation sequence of length k is \(\mathcal{O}(nm^2k^{2n + 1})\). Note that the online computational complexity is polynomial in the length k of the observed sequence of labels, and exponential in the number of places n.

Remark 7

There exist Petri nets for which the number of reduced consistent markings (and basis markings) can increase exponentially in the Petri net size. One example is given in Fig. 10. In this specific Petri net, there are 2n places and 2n transitions. The n source transitions that are labeled a are observable while the other n transitions are unobservable. If the observation is a sequence aaa ⋯ a of length k, then any reduced consistent marking satisfies \(\sum_{i = 1}^n M( p^{1i}) = k\) and M(p ²ⁱ) = 0 for i = 1, 2, ..., n. It can be verified that the number of reduced consistent markings is \(k +n -1 \choose n-1\), where \({k \choose r} = \frac{k!}{r! (k-r)!}\) is the binomial coefficient “k choose r”. Therefore, the number of reduced consistent markings is \(\mathcal{O}(k^{n-1})\), which is exponential in the number of places. It can also be verified that any reduced consistent marking for this Petri net is also a basis marking based on the definition in Footnote 7, and that the set of reduced consistent markings is a set \(\mathcal{E}\) of minimum cardinality. This example shows that, in general, the complexity is exponential in Petri net size, and this appears to be unavoidable even when using the smallest set of markings that can represent the set of consistent markings, as in Eq. 2. In the next subsection, we will discuss different special types of Petri nets in which the exponential dependency could potentially be alleviated.

Fig. 10

Example for reduced consistent markings

1.4 A.4 Alleviation of exponential dependency on Petri net size

In general, the complexity of the online computation is exponential in n, the number of places in the given Petri net. However, if we impose further assumptions, this exponential dependency could be alleviated. For example, if the unobservable subnet is acyclic and backward conflict free and if the labeling function is the natural projection, then the basis marking is unique as shown in Giua et al. (2007). Another example is that if the Petri net model is a marked graph and if the labeling function is the natural projection, then there exists a unique marking which serves as the set \(\mathcal{E}\) of minimum cardinality (Achour et al. 2004). If we use such a unique marking instead of reduced consistent markings for supervisor synthesis, then the complexity function could be a linear function of k.

For certain Petri nets with large n, but small n _uo (recall that n _uo is the cardinality of P _uo as defined in Definition 5) and small number of transitions m, the algorithm could be useful under slightly stronger assumptions: specifically, if the unobservable subnet is deadlock structurally bounded (which is stronger than Assumption A2), the number of markings consistent with ω of length k is \(\mathcal{O}(k^{j(\overline{l} - 1) + m_\mathrm{uo}})\), where j is the number of nondeterministic labels (i.e., nonempty labels that can be associated with more than one transition), and \(\overline{l}\) is the maximum number of transitions that can be associated with a nondeterministic label (Ru and Hadjicostis 2009). With this bound, we can show that the online computational complexity becomes \(\mathcal{O}(n_\mathrm{uo} m_\mathrm{uo} k^{n_\mathrm{uo} + 1} + nm^2 k^{2(j(\overline{l} -1) + m_\mathrm{uo} ) + 1})\) following the same reasoning as before (note that the exponent \(2(j(\overline{l} -1) + m_\mathrm{uo} ) + 1\) is \(\mathcal{O}(m^2)\)). The values of m _uo, n _uo, j and \(\overline{l}\) are critical in determining the complexity of the algorithm. Notice that for any given positive constant integer C satisfying¹³

$$1 \leq C \leq \lfloor \frac{2m}{3} + 1 \rfloor~, $$

there exist labeling functions that can make the exponents in \(\mathcal{O}(n_\mathrm{uo} m_\mathrm{uo} k^{n_\mathrm{uo} + 1} + nm^2 k^{2(j(\overline{l} -1) + m_\mathrm{uo} ) + 1})\) less than or equal to C. More specifically, we can construct a labeling function in the following way:

• There is a nonempty label for any transition t ∈ T; in other words, m _uo = n _uo = 0 so that n _uo + 1 is 1 and \(2(j(\overline{l} -1) + m_\mathrm{uo}) + 1\) is \(2j(\overline{l} -1) + 1\).

• If we choose \(j(\overline{l} - 1) \leq \lfloor \frac{C-1}{2} \rfloor\), then \(2(j(\overline{l} -1) + m_\mathrm{uo}) + 1 = 2j(\overline{l} -1) + 1 \leq C\) and n _uo + 1 = 1 ≤ C. Note that \(\lfloor \frac{C-1}{2} \rfloor\) is a nonnegative integer.

• To guarantee \(j(\overline{l} - 1) \leq \lfloor \frac{C-1}{2} \rfloor\), we can first factorize¹⁴ \(\lfloor \frac{C-1}{2} \rfloor\) to be C ₁ ×C ₂ where C ₁ and C ₂ are both nonnegative integers, and then set

  $$j = C_1,~\mathrm{and}~\overline{l} = C_2 +1~.$$

  If \(\lfloor \frac{C-1}{2} \rfloor = 0\), we set C ₁ = C ₂ = 0.

• If j = 0 (i.e., there is no nondeterministic label), then we can construct labeling function L(t) = t for any t ∈ T. If j ≥ 1, \(\overline{l}\) must be larger than 1 since C ₂ > 0 (note that if C ₂ = 0, j = C ₁ must be zero). Given j and \(\overline{l}\), there could be multiple labeling functions which result in the same j and \(\overline{l}\). We can construct a specific one by associating \(t_1, t_2, ..., t_{\overline{l}}\) with label e ₁, associating \(t_{\overline{l} + 2i - 1}, t_{\overline{l} + 2i}\) with label e _1 + i for i = 1, ..., j − 1, and associating t _i with label t _i for \(i = {\overline{l} + 2j - 1}, ..., m\). Note that \(\overline{l} + 2j - 1 = C_2 + 1 + 2C_1 - 1 \leq \frac{C-1}{2} + 2\frac{C-1}{2} \leq m\).

For example, if C is chosen to be 3, then we can set j to be 1 and \(\overline{l}\) to be 2. The labeling function constructed according to the above procedure is L(t ₁) = L(t ₂) = e ₁ and L(t _i ) = t _i for i = 3, ..., m. More generally, we could construct a labeling function as L(t _i ) = L(t _j ) = e ₁ for some i, j ∈ {1, 2, ..., m}, and L(t _k ) = e _k for k ∈ {1, 2, ..., m} ∖ {i, j}. The implication of the above analysis is that for Petri nets with large n and large m, there exist sensor configurations (namely, labeling functions) that allow the application of our approach with prescribed computational complexity. The above construction of sensor configurations assumes that there is no unobservable transition. If we do allow unobservable transitions, we can perform the same analysis except that C cannot be made as small as 1 (instead, C will be lower bounded by one plus the number of unobservable transitions).