This paper deals with the problem of forbidden states in discrete event systems based on Petri net models. So, a method is presented to prevent the system from entering these states by constructing a small number of generalized mutual exclusion constraints. This goal is achieved by solving three types of Integer Linear Programming problems. The problems are designed to verify the constraints that some of them are related to verifying authorized states and the others are related to avoiding forbidden states. The obtained constraints can be enforced on the system using a small number of control places. Moreover, the number of arcs related to these places is small, and the controller after connecting them is maximally permissive.
Safety analysis of discrete event systems using a simplified petri net controller
1. ResearchArticle
Safety analysisofdiscreteeventsystemsusingasimplified Petri
net controller
MeysamZareiee n, AbbasDideban,AliAsgharOrouji
Electrical EngineeringDepartment,SemnanUniversity,Semnan,Iran
a rticleinfo
Article history:
Received14June2013
Receivedinrevisedform
9 August2013
Accepted4September2013
Availableonline24September2013
Keywords:
Discreteeventsystem
Supervisory control
Controller synthesis
Petri net
a b s t r a c t
This paperdealswiththeproblemofforbiddenstatesindiscreteeventsystemsbasedonPetrinet
models. So,amethodispresentedtopreventthesystemfromenteringthesestatesbyconstructinga
small numberofgeneralizedmutualexclusionconstraints.Thisgoalisachievedbysolvingthreetypesof
IntegerLinearProgrammingproblems.Theproblemsaredesignedtoverifytheconstraintsthatsomeof
them arerelatedtoverifyingauthorizedstatesandtheothersarerelatedtoavoidingforbiddenstates.
The obtainedconstraintscanbeenforcedonthesystemusingasmallnumberofcontrolplaces.
Moreover,thenumberofarcsrelatedtotheseplacesissmall,andthecontrollerafterconnectingthemis
maximally permissive.
& 2013ISA.PublishedbyElsevierLtd.Allrightsreserved.
1. Introduction
Discreteeventsystems(DESs)workbasedonchangingstates
by occurringevents [1]. Supervisorycontrolisatheorywhich
wantstorestrictthebehaviorofthesystemforobtainingdesired
function [2,3]. Therestrictioncanbeperformedbydisablingsome
events inspecialconditions [4]. DESscanbemodeledbyPetrinet
(PN) whereitscompactstructure,modelingpowerandmathema-
tical propertieshavemadeitsuitableformodelingthiskindof
systems [5,6]. Moreover,thePNcanalsomodelalargerangeof
systemssuchasdiscrete,continuousandhybridones [7,8].
In DESs,therearesomestateswhicharecalledforbiddenstates
and thesystemshouldbepreventedfromenteringthem.The
reachablestateswithoutforbiddenstatesarecalledauthorized
states. Inrecentyears,alotofresearcheshavebeenaccomplished
for avoidingtheforbiddenstates.Specifically,in flexiblemanu-
facturing systems(FMS)wheredeadlocksaremajorproblems,
a lotofmethodsbasedonPNmodelshavebeenproposedtodeal
with deadlocks [9–16]. Someofthemgeneratecontrolplacesto
preventthesystemfromenteringthedeadlockstates.Particularly,
manyresearchersconstructgeneralizedmutualexclusioncon-
straints (GMEC)andenforcethemonthesystemtosatisfyasafety
specification thatspecifies whichevolutionsofthesystemshould
not beallowed.However,achievingmaximallypermissivebeha-
vior afterthisenforcementisimportant.Itmeansthatallthe
authorized statesshouldbereachableandalltheforbiddenstates
must beavoided.Giuaetal., [17] haveproposedamethodfor
assigningGMECstoforbiddenstatesinsafePNswhichisdeveloped
in [18] and [19] fornonsafePNs.Also,regiontheoryisauseful
methodforgenerationofGMECs [20]. GMECscanbeenforcedon
thesystemusingcontrolplaces [21].WhenthenumberofGMECsis
large,alargenumberofcontrolplacesshouldbeaddedtothe
systemwhichleadstoacomplicatedmodel.However,thenumber
ofcontrolplacescanbereducedbyconsideringPNstructural
properties [22–28]. Inalltheabovemethods,theconjunctionsof
theGMECsareenforcedonthesystem,but,whenthesetof
authorizedstatesisnonconvex,thedisjunctionsofconstraintscan
be enforcedonthesystem [29].
In thispaper,theaimistodevelopthemethodin [25] for
obtaining asmallnumberofcontrolplaceswithsmallnumberof
arcsinsmallertime.Forthisreason,threetypesofIntegerLinear
Programming(ILP)problemsaresolvedtoclassifytheforbidden
statesinsmallnumberofsetswhereforeachoneofthesets,
a GMECisassigned.The firsttypeproblemstrytoclassifythe
forbiddenstatesinasmallnumberofsets.Foreachoneofthesesets,
a GMECcanbeassignedbutthenumberofarcsrelatedtothecontrol
places maybelarge(inthisstepthenumberofcontrolplacesisonly
reduced).So,thesecondtypeofILPproblemsisdesignedtochange
the setsofforbiddenstatesandobtainnewsets.Thisleadsto
reducingthenumberofarcsofcontrolplaces.Attheend,bysolving
thethirdtypeofILPproblems,aGMECisassignedtoeachoneofthe
new sets.EnforcingtheseGMECsonthesystemleadstoamaximally
permissivecontrollerwithsmallnumbersofcontrolplacesandarcs.
So,thestructuralcomplexityofthecontrollerisreduced.Moreover,
thehardwareandsoftwarecostsforimplementingthecontroller
Contents listsavailableat ScienceDirect
journalhomepage: www.elsevier.com/locate/isatrans
ISATransactions
0019-0578/$-seefrontmatter & 2013ISA.PublishedbyElsevierLtd.Allrightsreserved.
http://dx.doi.org/10.1016/j.isatra.2013.09.006
n Corresponding author.Tel.: þ98 2313354123;fax: þ98 2313366997.
E-mail addresses: mzareiee@semnan.ac.ir, meisamzareiee@gmail.com
(M. Zareiee), adideban@semnan.ac.ir (A.Dideban), aliaorouji@ieee.org
(A.AsgharOrouji).
ISA Transactions53(2014)44–49
2. maybereduced.Attheend,toshowtheadvantagesofthenew
method,someexamplesareintroduced.
The restofthispaperisasfollows.In Section 2, someimportant
and basicconceptsareintroduced.Thenewmethodisexplained
in Section 3. In Section 4, experimentalresultsareconsidered.
Finally,conclusionsarepresentedin Section 5.
2. Preliminarypresentation
In thissection,basicconceptsandimportantdefinitions are
presentedwhichwillbeusedlater.Itissupposedthatthereaderis
familiar withthePNsbasis [30], andthetheoryofsupervisory
control [2,3,31].
2.1.Petrinets
A PNisrepresentedbyaquadruplet R¼{P, T, W, M0} where P is
the setofplaces, T is thesetoftransitions, W is theincidence
matrix and M0 is theinitialmarking.EachmarkingofthePNcan
be shownbyavectorasfollows:
MT
¼ ½m1m2m3…mn ð1Þ
where, mi is thenumberoftokensinplace pi and n is thenumberof
places. MR denotesthesetofallreachablemarkingsandisdivided
intotwosubsets:thesetofauthorizedstates MA andthesetof
forbidden states MF. MF is separatedintotwogroups:(1)thesetof
reachablestates(M′F) whicheitherdonotrespectthespecifications
or aredeadlockstates.(2)Thesetofstatesforwhichtheoccurrenceof
uncontrollableeventsleadstothestatesin M′F. Thesetofreachable
stateswithoutforbiddenstatesisthesetofauthorizedstates.
2.2. GMECsandenforcingthemonthesystemusingcontrolplaces
GMECsaretheconstraintsthatrestricttheweightsumoftokens
in someplaces.Theconstraintscanbeassignedtoforbiddenstates
topreventthesystemfromenteringthesestates [17–19]. Control
placescanbeconnectedtothesystemforenforcingGMECsonthe
system.Inthiscase,foreachGMEC,acontrolplaceisaddedtothe
system.Toexplainhowitispossibletocalculatethecontrolplaces,
supposethattheincidencematrixandtheinitialmarkingofthe
systemare WP and MP0 respectively.ThesetofGMECsisconsidered
as LMPrb where MP is themarkingvector, L is a ncn matrix, b
is a nc1 vector, nc is thenumberofGMECsand n is thenumberof
places.ForeachGMEC,arowisaddedto WP. Theserowsare
consideredinmatrix Wc andarecalculatedasfollows [21]:
Wc ¼LWP ð2Þ
So,theincidencematrixofthesystemafterconnectingthecontrol
placesisinthefollowingform:
W ¼
WP
Wc
#
ð3Þ
Theinitialmarkingofthecontrolplacesarecalculatedasfollows:
Mc0 ¼ bLMP0 ð4Þ
Therefore,theinitialmarkingofthecontrolledsystemisinthe
followingform:
M0 ¼
MP0
Mc0
#
ð5Þ
The setofplacesinaPNmodelofanFMSisclassified intothree
groups:Idle,OperationandResource places, respectively.Tocalculate
thesetofGMECs(controlplaces),themarkingsofoperationplaces
should beonlyconsidered [13]. Thisconceptleadstoreducingthe
numbersofstatesthatshouldbeverified orforbiddenbythe
controller [19] whichsimplifies thecomputationsforconstructing
the GMECs.Thereducedsetsofauthorizedandforbiddenstatesare
denotedas MCA and MOF, respectively.
When thenumberofGMECsislarge,alargenumberofcontrol
placesshouldbeaddedtothesystemwhichcomplicatesthemodel.
Inthenextsection,amethodisproposedforobtainingasmall
numberofcontrolplaceswithsmallnumberofarcswhichis
maximallypermissive.
3. Newapproachforobtainingasmallnumber
of controlplaceswithsmallnumberofarcs
In thissection,theobjectiveistoobtainasmallnumberof
simple GMECswhichenforcingthemonthesystemleadsto
obtaining asmallnumberofcontrolplacesandsmallnumberof
relatedarcs.So,theobjectiveistomodifythemethodin [25]. To
do this,at first stepweconsiderasetofsafeconstraints(with
unknownvariables)whereeachoneoftheseconstraintsarefor
verifyinganauthorizedstate,andalsoasetofunsafeconstraints
(with unknownvariables)atwhicheachoneoftheseconstraintsis
for avoidingoneoftheforbiddenstates.Verifyingallthesafe
constraintsleadstoverifyingalltheauthorizedstatesandverify-
ing eachoneoftheunsafeconstraintsleadstoavoidingtherelated
forbidden state.Then,wesolveanILPproblemtoobtainthe
unknownvariablesbyverifyingallthesafeconstraintsandthe
largestnumberofunsafeconstraintsandwesavetheanswerin
a setlike W1. Next,theverified unsafeconstraintsshouldbe
eliminated fromthesetofunsafeconstraintsandshouldbesaved
in anewset(forexamplewecallthissetas R1). Ifthesetofunsafe
constraintsisnotempty,werepeatthisstepagainforthe
remainingunsafeconstraintsandsavetheanswerinasetlike
W2 that verifyallthesafeconstraintsandthelargestnumberof
remainingunsafeconstraints.Thenewverified unsafeconstraints
should beeliminatedfromthesetofunsafeconstraintsandmust
be consideredinanewset(wecallthissetas R2). Then,wesolve
anotherILPproblemwhichverifies allthesafeconstraintsandall
the unsafeconstraintsintheset R2 and thelargestnumberof
unsafe constraintsin R1 and replacethisanswerbytheanswerin
W2 (in thisILPproblemaconstraintisaddedthatdonotpermit
the rightsideoftheobtainedGMECincreasemorethanbefore.For
examplesupposethattheobtainedGMECinthisstepshouldbein
this form: k1þk2þ…þknrx, andthenumberintherightsideof
the obtainedGMECinthelaststepis5.So,theconstraints xr5 is
added totheILPproblem.Thisconstraintcanbeleadtoreducing
the numberofarcsandtheirweighs).Theverified unsafecon-
straintsshouldbeeliminatedfrom R1 and shouldbeaddedto R2. If
the setofunsafeconstraintsisnotempty,wedothesestepsforthe
remainingunsafestates(inthiscase,ifweareinstep t, we
consider R1[R2[…[Rt1 instead of R1). Whenthesetofunsafe
constraintsisempty,foreachoneofthesets R1, R2, …, Rt1 (by
considering thatthisisrepeated t times), otherILPproblems
should besolvedtoverifyallthesafeconstraintsandallthe
constraintsin Re (e¼1, 2, …, t1) andreplacetheanswerin We
(e¼1, 2, …, t1). Thisconceptisformalizedandgeneralizedin
Algorithm1.
Algorithm1. Obtaining asmallnumberofcontrolplaceswith
small numberofarcs
Input: The setofauthorizedstates MA¼{[z11 z12 … z1n], …, [zr1
zr2 … zrn]} andthesetofforbiddenstates MF¼{[B11 B12 … B1n], …,
[Bt1 Bt2 … Byn]}.
Output: The smallnumberofcontrolplaceswithsmallnumber
of arcs.
M. Zareieeetal./ISATransactions53(2014)44–49 45
3. Default: t is avariableandsupposethat t¼0, and Rt¼∅,Wt¼∅,
Wt
k¼∅ (8t, k), and Rt
k¼∅ (8t, k) aresomesets.
Step1. Consider agenericconstraintasfollows:
k1m1þk2m2þ…þknmnrx ð6Þ
where mi is thenumberoftokensinplace pi.
Step2. Substitute themarkingsoftheauthorizedstatesinthe
constraint (6) and considertheobtainedconstraintsasfollows:
Σ n
i ¼ 1
zj; ikirx j¼ 1; 2; :::; r ð7Þ
which arecalledsafeconstraints.
Step3. Substitutethemarkingsoftheforbiddenstatesinthe
constraint (6) and convertthesmallerequalsigntogreater
sign. Considertheobtainedconstraintsasthefollowingform:
Σ n
i ¼ 1
Bl; iki4x l¼ 1; 2; :::; y ð8Þ
which arecalledunsafeconstraints.Thesetofunsafecon-
straints isdenotedas H.
Step4. t¼tþ1
Step5. SolvethefollowingILPproblemandobtainthe
constants x and ki (for i¼1, …, n) whichverifyallthesafe
constraintsandthelargestnumberofunsafeconstraintsin
H (this stepisdescribedin Remark3):
min F ¼ Σ
lANH
f l ð9Þ
Subject to
Σ n
i ¼ 1
zj; ikixr0 j ¼ 1; 2; :::; r ð10Þ
Σ n
i ¼ 1
Bl; ikix4Q f l 8lANH ð11Þ
f lAf0; 1g ð12Þ
where Q is apositiveconstantthatshouldbeconsideredlarge
enough and NH denotes
lj Σ n
i ¼ 1
Bl; iki4x
!
AH
( )
Step6. Savetheobtainedconstantsintheset Wt and then
removetheverified unsafeconstraintsfrom H and substitute
them intheset Rt (if fl¼0 intheILPprobleminstep5,the
unsafe constraintnumber l is verified, elseitisnotverified).
Step7. xt¼x (the obtained x).
Step8. If t41,
SolvethefollowingILPproblemandobtaintheconstants x and
ki (for i¼1,…, n) whichverifyallthesafeconstraintsandallthe
constraintsintheset Rt, andthebiggestnumberofunsafe
constraintsintheset R1[R2[…[Rt1 (this isdescribedin
Remark4):
min F ¼ Σ
lA N1
R [N2
R [:::[Nt1
ð R Þ
f l ð13Þ
Subject to
Σ n
i ¼ 1
zj; ikixr0 j ¼ 1; 2; :::; r ð14Þ
Σ n
i ¼ 1
Bl; ikix40 8lANt
R ð15Þ
Σ n i ¼ 1
Bl;i:kix4 Q f l 8lAðN1
R [ N2
R [ ::: [ Nt1
RÞ ð16Þ
xrxt ð17Þ
f lAf0; 1g ð18Þ
where Q is apositiveconstantsthatshouldbeconsideredlarge
enough and Nq
R denotes
lj Σ n
i ¼ 1
Bl; iki4x
!
ARq
( )
Replacetheobtainedanswerwiththeanswerin Wt.
Add theverified unsafeconstraintstotheset Rt.
Removetheverified unsafeconstraintsfromthesets R1, R2,
… Rt1.
Step 9. If thesetofunsafeconstraintsisnotempty,gotostep4.
Step 10. If t41,SolvethefollowingILPproblemforeachoneof
the sets Re (e¼1, 2, …, t1) andreplacethenewanswerswith
the answersinthesets W1, W2, …, Wt1 respectively(thisis
described in Remark5).
min X ¼ x ð19Þ
Subject to
Σ n
i ¼ 1
zj; ikixr0 j ¼ 1; 2; :::; r ð20Þ
Σ n
i ¼ 1
Bl; ikix40 8lANe
R ð21Þ
where Ne
R denotes
l Σ n
i ¼ 1
Bl; iki4x
!
ARe
( )
Step 11. Substitutetheanswersofthesets W1, W2, …, Wt in the
constraint (6). Theseconstraintsarethesmallnumberof
GMECs whichenforcingthemonthesystemleadstoobtaining
a maximallypermissivecontrollerwithsmallnumbersof
control placesandarcs.
Remark1. In Algorithm 1, step2isconsideredbecauseifthe
constraintsinthisstepareverified bythecontroller,allthe
authorized statesarereachable.
Remark2. In Algorithm 1, step3isconsideredbecauseverifying
each oneoftheconstraintsinthisstepleadstoavoidingthe
relatedforbiddenstate.
Remark3. The ILPprobleminstep5of Algorithm1 is considered
toobtain x and ki which verifyallthesafeconstraintsandthe
largestnumberofunsafeconstraintsin H. Inthisproblem,the
relation (10) showsverifyingallthesafeconstraintsby x and ki′s.
fl′s (for l¼1, 2, …) representtherelationbetween lth unsafe
constraintandtheobtainedconstants x and ki′s. fl¼0 meansthat
lth unsafeconstraintin H is verified bytheobtainedconstants
and fl¼1 meansthat lth unsafeconstraintisnotverified bythese
constants. So,therelation (11) is consideredforverifyingthe
largestnumberofunsafeconstraints.Therefore,theobjective
function isconsideredas.
min F ¼ Σ
lANH
f l
Remark4. An ILPproblemsimilartostep5isconsideredinstep8
of Algorithm 1for finding theconstants x and ki (for i¼1, …, n)
which verifyallthesafeconstraintsandalltheconstraintsinthe
set Rt, andthebiggestnumberofunsafeconstraintsintheprevious
sets(R1, R2, … Rt1).Inthisproblem,therelation (15) is considered
toverifyalltheunsafeconstraintsin Rt. Therelation (16) is
M. Zareieeetal./ISATransactions53(2014)4446 –49
4. consideredforverifyingthelargestnumberofconstraintsintheset
R1[R2[…[Rt1. Inthisstep,thegoalistoaddthelargestnumber
ofunsafeconstraintsintheprevioussets(R1, R2, … Rt1) totheset
Rt. But,addingtheseconstraintsmayleadtoincreasingthevalueof
constant x thatmayleadtoincreasingthenumberofarcsrelatedto
controlplaces.So,therelation (17) isconsideredtoprevent
increasingthevalueof x. Addingthelargestunsafeconstraintsfrom
previoussetsto Rt bythesame x reducesthenumberofunsafe
constraintsinprevioussetswhichleadstoobtainingsimplerGMECs
forthesesets(alsosomeofthesesetsmaygetempty).Moreover,the
numbersofarcsrelatedtotheseGMECsmayreduce.By fixing x, the
numberofarcsrelatedtotheGMECfor Rt (afteraddingtheunsafe
constraints)canbe fixed.
Remark5. In step10of Algorithm 1, anILPproblemisconsidered
to find newanswersforthenewsets R1, R2, … Rt1.
Algorithm1 is agoodmethodforobtainingasmallnumberof
control placeswithsmallnumberofrelatedarcswhichconnecting
them tothesystemleadstoobtainingmaximallypermissive
behavior.Byusingthismethod,itispossibletogenerateasmall
number ofGMECsinalotofkindsofsystems.Themostimportant
result inthismethodisthenumberofarcsrelatedtothecontrol
places whichissmall.Moreover,thesmallnumberofarcscanlead
to thesmallimplementationcosts [32].
4. Experimentalresults
In thissection,someFMSexamplesareconsideredtoshowthe
experimentalresultsoftheproposedmethod.Inallexamples,the
forbidden statesaredeadlockstatesorthestatesthatleadto
deadlocks. Moreover,theresultsarecomparedwithsomeother
methods in Tables1–3. Inthesetables, NCP, Narc and NRS are the
numbers ofcontrolplaces,arcsandreachablestates,respectively.
Consider thePNmodeloftheFMSin Fig. 1 which istakenfrom
[19]. Thissystemconsistsof19placesand14transitions.Thesets
of idle,resourceandoperationplacesare P0¼{p1, p8}, PR¼{p14
p19} and PA¼{p2p7, p9p13}, respectively.Ithas282reachable
stateswhere205onesareauthorizedand77onesareforbidden
states.Thenumbersofstatesinthesets MCA and MOF are26
and 8,respectively.Topreventthesystemfromenteringthe
forbidden states, Algorithm1 is appliedtoitforgeneratinga
small numberofGMECs.Byapplyingthismethod,twoGMECsare
obtained asfollows:
m2þ2m3þm4þ2m5þ2m6þ3m9þ3m10r9 ð22Þ
m2þ2m3þm4þ2m11þ2m12r3 ð23Þ
Enforcing thesetwoGMECsonthesystempreventsitfrom
enteringtheforbiddenstates.Theincidencematrixandtheinitial
tokensrelatedtotheseGMECsarerespectivelyasfollows:
Wc ¼ 1 1 0 1 0 0 2 0 3 0 3000
1 1 01200000 2 0 2 0
;
Mc0 ¼
9
3
ð24Þ
As itisobviousfromtheincidencematrix,thenumbersof
controlplacesandtherelatedarcsareefficient. Inthisexample,
twocontrolplaceswith12arcsareobtained.So,byusing Algorithm
1, itispossibletoobtainasmallnumberofcontrolplaceswithsmall
numberofarcs.Theresultsarecomparedwithsomeconventional
methodsin Table1.
Now,considertheFMSin Fig. 2 taken from [15]. Thissystem
contains 19placesand14transitions.Ithas168reachablestatesat
which 96onesareauthorizedand72onesareforbiddenstates.
The sets MCA and MOF have13and11states,respectively.After
applying Algorithm1, 4GMECsareobtainedinthefollowingforms:
3m3þ3m4þm6þm7þ5m12r5 ð25Þ
4m7þm11þm13þ2m15þ2m16r5 ð26Þ
m3þm4þm6þ2m11þm12þ2m13r4 ð27Þ
m6þm15r1 ð28Þ
The incidencematrixandinitialtokensoftheseGMECsare
computed asfollows:
Wc ¼
0 3 0 2 0 1 0 5 0 50000
0 0 004 4 1 1 0 2 1 0 2 0
0 1 00 1 0 2 1012000
0 0 01 1 0000
1 1 1 0 0
2
6664
3
7775
Table1
The resultsofsomemethodsonthesystemin Fig. 1.
The methods [14][12][19][28][23][24][26] The proposedmethod
NCP 9 6 832222
Narc 42 32372112151512
NRS 205 205205205205205205205
Table2
The resultsofsomemethodsonthesystemin Fig. 2.
The methods [15][19][28][24][26] The proposedmethod
NCP 9 116444
Narc 444843262623
NRS 96 9696969696
Table3
The resultsofsomemethodsonthesystemin Fig. 3.
The
method
[11][13][19][28][23][24][26] The proposed
method
NCP 16 1917105666
Narc 88 1121018955454545
NRS 1265621562215812158121581215812158121581
Fig. 1. The FMSwith282reachablestates.
M. Zareieeetal./ISATransactions53(2014)44–49 47