Compositional Verification in Supervisory Control

SIAM Journal on Control and Optimization (Impact Factor: 1.46). 01/2009; 48(3):1914-1938. DOI: 10.1137/070695526
Source: DBLP


This paper proposes a compositional approach to verifying whether a large discrete event system is nonblocking. The new approach avoids computing the synchronous product of a large set of finite-state machines. Instead, the synchronous product is computed gradually, and intermediate results are simplified using conflict-preserving abstractions based on process-algebraic results about fair testing. Heuristics are used to choose between different possible abstractions. By translating the problem representation, the same method can also be applied to verify safety properties, in particular, controllability. Experimental results show that the method is applicable to finite-state machine models of industrial scale and brings considerable improvements in performance over other methods for nonblocking verification.

3 Reads
    • "This gives several candidate subsystems, one for each event, so a second step applies a strategy called MinSync, which chooses the subsystem with the smallest number of states in its synchronous composition. It is worth mentioning that other methods[11],[35] Fig. 14shows some data concerning the performance of the abstraction rules. For each example, it shows the ratio of the number of states removed by each rule over the total number of states removed, and the ratio of the runtime consumed by each rule over the total runtime of all abstraction rules. "
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper describes an approach for compositional nonblocking verification of discrete event systems modelled as extended finite-state machines (EFSM). Previous results about finite-state machines in lock-step synchronisation are generalised and applied to EFSMs communicating via shared variables. This gives rise to an EFSM-based conflict check algorithm that composes EFSMs gradually and partially unfolds variables as needed. At each step, components are simplified using conflict-equivalence preserving abstraction. The algorithm has been implemented in the discrete event systems tool Supremica. The paper presents experimental results for the verification of two scalable manufacturing system models, and shows that the EFSM-based algorithm verifies some large models faster than previously used methods.
    No preview · Article · Sep 2015 · Discrete Event Dynamic Systems
  • Source
    • "The nonconflict test is the only operation that really takes the entire L D model into account. Even so, this test does not necessarily require the full parallel composition of the models, as it can be simplified by the use of projections of languages [19] or compositional verification [9], for example. "
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper deals with two relevant aspects of the Supervisory Control Problem (SCP) of Discrete Event Systems (DES): the degree of difficulty faced when modeling specifications to be fulfilled by the system under control, and the computational complexity of the synthesis procedure. The presented approach consists in refining the set of events of a DES model into a new set. Each refinement is properly chosen to identify a particular instance of the original event in the system, which may simplify the modeling of specifications. A map named Distinguisher is then proposed to establish the relationship between strings of the original and refined alphabets. It is initially shown that using a refined set of events to solve a SCP directly leads to the optimal control solution, yet without providing computational advantages in synthesis with respect to the nonrefined method. Then, we propose the use of outer-approximations for the refined DES model as a way to reduce the cost of synthesis, while preserving controllability, least restrictiveness and nonblocking of the control solution. Two examples of manufacturing systems illustrate our results.
    Full-text · Article · Jun 2015 · Automatica
  • Source
    • "The projection P : Σ * → Σ * 0 , with Σ 0 ⊆ Σ, is an L-observer for L ⊆ Σ * if, for all t ∈ P (L) and s ∈ L, P (s) is a prefix of t implies that there exists u ∈ Σ * such that su ∈ L and P (su) = t, see [30], [22]. This property is well known and widely used in supervisory control of hierarchical and distributed discrete-event systems, and, as mentioned in [23], also in compositional verification [12] and modular synthesis [9], [13]. If the projection does not satisfy the property, the co-domain of the projection can be extended so that it is satisfied. "
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we discuss a supervisory control problem of modular discrete-event systems that allows for a distributed computation of supervisors. We provide a characterization and an algorithm to compute the supervisors. If the specification does not satisfy the properties, we make use of a relaxation of coordination control to compute a sublanguage of the specification for which the supervisors can be computed in a distributed way.
    Full-text · Conference Paper · Jun 2015
Show more