Structural Design of Supreme Controller with Uncontrollable Transitions


 In the framework of Petri net (PN), the structural supervisory control of discrete event system (DES) is an exciting method to design controller in the presence of uncontrollable transitions. Especially, this method addresses the controllability problem existing in the desired functioning PN. The controllability condition defined by uncontrollable synchronization can be expressed as constraints (GMEC). This leads to design place invariant-based controller, implemented through control places connected to plant transitions. The controller is maximally permissive if the transitions are controllable. Implying that the controller insures that the constraints are never violated directly or may be violated through the firing of uncontrollable transitions. But, if one control place is connected to uncontrollable transition, then the controller is non-admissible, since it cannot prevent such transition. The common idea is to transform the constraints or to displace the controller arcs. Unfortunately, the constraints transformation is computationally complex and not structural, while the arcs displacement approach is unsystematic. Our idea consists to iterate the structural supervisory control method to ensure a systematic displacement of controller arcs, so that no control place is input place of uncontrollable transition. This approach focuses on structural design of a less restrictive and admissible controller, namely the supreme controller.


Introduction
The paradigm of supervisory control theory (SCT) for discrete event systems (DES) is based on languages, but implemented on automata (Cassandras and Lafortune, 2008). Since, a DES is a dynamic, event-driven system with discrete state, Petri nets (PNs) have become a successful tool for analysis and control (Cabasino et al., 2017).
PNs provide features -such as the synchronous product (Section 3.2) -to alleviate the state explosion. For supervisory control the synchronous product between plant and specification PNs, gives the desired functioning PN, typically grows linearly with the number of models (Seatzu et al., 2012). Unfortunately, almost approaches of PN supervisory control are based on the reachability graph, which require the enumeration of the PN states (David and Alla, 2010). Consequently, these approaches are partially structural and subjected again to the state explosion phenomenon. Moreover, very few works have addressed the controllability notion (Kumar and Holloway, 1996), even those focused to particular PNs (Basile et al., 2006;Wang et al., 2013).
To address this issue, a structural method avoiding the construction of reachability graph and that take into account controllability condition, is proposed to design controller via labelled Petri nets (Gonza et al., 2020). This method is based on a one-to-one link between the supervisory control theory and the place invariant method (Yamalidou et al., 1996). Indeed, from the controllability condition, defined to deal with uncontrollable transitions in the desired functionning PN, the generalized mutual exclusion constraints (GMEC) are expressed (Moody and Antsaklis, 2000). To enforce these linear constraints, the place invariant-based controller is designed. As a result, controller is still be a relatively simple structure and implemented through control places and arcs connected to plant PN transitions. If the transitions are controllable, then the controller is maximally permissive (optimal). When the control place is connected to uncontrollable transition, the controller is not admissible since it cannot prevent the firing of such transition. The issue is that, we have no guarantee that at least one control place will not be connected to an uncontrollable transition.
To address that issue, an intuitive method was to ride up the branches of PN plant until finding a controllable transition that is upstream of the control place (Yamalidou et al., 1996). Unhappily, this method is not systematic and effectively applicable. Beside, some solutions proposed are based on constraint transformation (Moody and Antsaklis, 2000;Luo et al., 2012;Ma et al., 2014;Wang et al., 2018) to ensure that none control place is connected to uncontrollable transition. But, the modified constraint itself may not represent the admissible controller corresponding to the original constraint (Ghaffari et al., 2003;Wang et al., 2018).
Although someone can use the approach based on constraint transformation proposed by Luo and Zhou (2017), the high computational complexity of the control policy and the algorithm to transform a constraint into a disjunction of admissible ones, may not be efficient and optimal. In order to guarantee the optimal control solution, a dynamic linear constraint must be introduced. Recently a method presented by Luo, et al. (2020) to design a maximally permissive controller require to partione the desired functioning PN into a set of dangerous regions to deal with uncontrollable events. However, the control action is to maintain the most number of tokens not more than 1 for any sequence, contratry to the structural supervisory control where the control action is to maintain the number of tokens of specification PN more or egual to the number of tokens of the plant PN, with respect of arcs weight of transitions (see definition 8, section 3.2). In addition, there is a need for a algorithm to compute the set of controllable transitions that should be disabled by the controller.
Consider the complexity these approaches and the disadvantage of not offering structural control solution, it seems necessary for us to propose a new idea to obtain structurally the less restrictive and admissible controller, namely, the supreme controller (Ramadge and Wonham, 1989). Practically, the controller formed of the transitions of the plant PN and a separate set of places, is not admissible if there is an uncontrollable synchronization between the controller and plant PN. Intuitionally, the idea is to iterate the structural supervisory control method that was presented by Gonza et al. (2020), adapted to ride up the branches of PN plant until finding a controllable transition.
Naturally, this iteration deal with the uncontrollable synchronizations and the corresponding constraint in the controlled PN. We assume the supreme controller will be obtain systematically (section 4). This idea will be presented through the modified classic manufacturing system (section 3.1).
Following the recall on supervisory control related to controllability notion in section 2, a brief summary of PN tool and the structural supervisory control appears in section 3.
In section 4, the contribution of this paper is lights up to structurally design supreme controller, for plants with uncontrollable transition. To provide possibility to appreciate the computational simplicity or complexity, the proposed idea is apply to a case study (section 5).

Recall on supervisory control
Supervisory control theory (SCT) of DES, based on automata, is considered as one of the most successful approaches (Ramadge and Wonham, 1989). DES are systems that evolve in accordance with the occurrence of events e and their behavior may be described as a set of sequences over the alphabet Σ (the event set). Consider the unary operator Kleene star (Dorsaf et al., 2012), the notation * gives infinite set of all possible sequences of events over , including empty string .
Definition 1 (language). For a given alphabet Σ, the formal language L is a subset of Σ * ; it can be finite or infinite (Wonham and Kai, 2017).

r
A supervisory control is a feedback control (figure 1) where the a controller C runs parallel with the plant G in order to enable/disable event occurrence based on the sequences generated by plant, so as to make the closed-loop behavior correspond to desired or legal language K. The legal behavior is defined by a given specification. In that principle of supervisory control, the plant coupled with its controller C/G (read C controlling G) constitutes the closed-loop DES. Each time, the controller C provides a list of enabled/disabled events to occur in plant G.
The set of events may be partitioned as = ! ∪ ! , where ! and ! are, respectively, the sets of controllable events, and uncontrollable events, whose occurrence cannot be prevented by the controller. Generally, the behavior of the plant G is unsatisfactory for a given specification S and needs to be "restrict". Since, the desired functioning (or legal behavior) is specify by the language K, the basic control problem is to design a controller that restricts the closed loop behavior DES to K∩L(G). But, the presence of uncontrollable events ! , whose occurrence cannot be prevent by controller, leads to define the controllability condition. is said to be controllable with respect to the plant language L(G) and ! , if

Definition 2 (Controllability
⊆ ( ) is prefix closed by construction; any sequence σ ∈ K, implies that every prefix of σ is in K (Hopcroft et al., 2007), i.e, :={σ' ∈ Σ* |∃ (σ ∈ K) such σ' is a prefix of σ} r The existence of controller C such that the language achieved by the closed-loop DES be L(C/G) = K is linked to the controllability condition (eq. 1). In the case where K ⊆ L(G) is not controllable with respect to the plant language L(G), it is necessary to get supreme controllable language, SupC(K), less permissive than K (Wonham and Kai, 2017). Thereby, the behavior of closed-loop DES is said to be maximally permissive.
Regarding the automata based supervisory control, from models of given a plant G and specification S, the Kumar's algorithm (Kumar, 1991) allows to compute a maximally permissive controller corresponding to the supreme controllable language, such as SupC(K) ⊆ L(S)∩L(G).
In this paper, we focus on structural design of such controller, avoiding the complexity linked to languages or reachability graph, (Basile et al., 2006;Iordache et al., 2013).
Thus, we will use the structural supervisory method which address PN controllability condition to design the controller in the presence of uncontrollable transitions (Gonza et al., 2020). In fact, from the structure of desired functioning PN, obtained by the synchronous product between plant PN ( ! ) and specification PN ( ! ), namely ! ! .
The language that characterizes the trajectory of the controller satisfies (Wonham and Kai, 2017) We can get via the PN controllability condition, the linear constraints (GMEC-type) to compute the place invariant-based controller (Section 3.2), without constructing the reachability graph. The controller is admissible when control places are connected to controllable transitions of the plant ( ! ). It guarantees for any PN state that : if transition is enabled in the plant ( ! ), it must also be enabled by the specification ( ! ).
Nevertheless, there may exist situations where the control place is connected to uncontrollable transition, i.e, there exist uncontrollable synchronization between the controller and plant PN. Consequently, the designed controller is non-admissible, since it can never prevent plant-enabled uncontrollable transitions from firing.
In such a situation we need to obtain a less restrictive and admissible controller, such that the behavior of controlled PN (formed of the plant PN and that of the controller) being supreme controllable. For this, we propose a new idea based on the iteration of the structural supervisory control method (Gonza et al., 2020) adapted to ensure there exist no arc from a control place to an uncontrollable transition by using labelled PN.
This idea is explored through the classical manufacturing system where we have brought some modifications (example 1)

Petri nets tools
The power of modeling DES is strictly related to the sequences of events that it can generate. For this reason, it is suitable to use Labelled PN, which permits to specify event corresponding to transition (Komenda et al., 2008). The graphical representation of PN is given in figure 3.

Definition 3 (Labelled PN).
Let N denote a Labelled PN, it is defined to be the 7-tuplet, is a finite set of events (labels) including the event always occurring ε; -! , ! : = × → ℤ is the backwards incidence matrix that define the weights of the directed arcs , ! from places ! to transitions ! ; -! , ! ≔ × → ℤ is the forwards incidence matrix. that define the weights of the directed arcs , ! from transitions ! , to places ! ; -! ∈ ℕ ! is the initial marking or state. It is given by the number of In a Labelled PN, firing a transition is linked to events occurrence, witch can be partioned into uncontrollable events set ! and controllable events set ! . By analogy, the set of uncontrollable transitions is denoted by ! : = ! ∈ ℒ( ! ) ∈ ! , and the controllable transitions set, ! : Example 1. Modified classic manufacturing system The classic manufacturing system is composed of two machines (Mch_1 and Mch_2) working independently, draw raw parts upstream and reject processed parts downstream. The existing Buffer (Buf) between the machines receives the machined parts from the conveyor transfer station, after overturning. Machine (Mch_2) can only start working if it can take processed parts from the Buffer (Buf), assuming to be empty in its initial state. This modification supposes the existence of the turn over event r and transfer event v. To illustrate our contribution, we will consider that these events and the ending of the works as uncontrollable We consider a given specification, which consists to ensure that a buffer (Buf) has a capacity limited to x parts, defined by the operator.  For this given example, the controllable events set is ! : The PN dynamic can be represent by the presence / absence of tokens in the places.
The marking or state is a column vector, ≔ → ℤ is a mapping function that assigns a non-negative integer (tokencount) to each place. For a transition ! ∈ we define the set of input places as !
From a state ! , only enabled transitions can be fired, and the new state !!! ′is where We denote by ℛ( , ! ) the reachability graph, which is the set of reachable states from Given a Labelled PN , if we consider instead the transitions sequence, the events sequence (finite set) generated, then we can define PN language (Hopcroft et al., 2007) as follows Generally, PNs can represent more expressive and prefix closed languages in * than automata (Guia, 2013).

Structural supervisory control
The system in need of supervision, the plant and its specifications are modeled by PNs. From the desired functioning PN (figure 4), obtained by the synchronous product between plant PN ( ! ) and specification PN ( ! ), namely ! ! , the controllability condition is established.

Definition 4 (Synchronous product) Let
be the specification PN, both build on the same events set ( ! = ! ). Their synchronous product ! ! is another Intuitively, the synchronuous product is a matter of structural synchronization, where a pair of transitions ! , ! with the same event is replace with a single transition ! = ! , ! , Particularly, called synchronous transition. If there exist several transitions in each PN with the same event, then there exists one transition in the desired functioning PN for each transition pair combination (Kumar and Holloway, 1996).
Without loss this generality, we applying this suitable operation to the PN of figure 3, where each event is associated with at most one transition in each PN.
The desired functioning PN, ∶= ! ! , is uncontrollable when a reachable state ! ∈ ℳ ! . In the figure 4 we face such situation when we consider the uncontrollable synchronous transition t 4 , namely, This allows defining structural controllability condition of the desired functioning PN Definition 6 (structural controllability). For any uncontrollable synchronous transition ! = ! , ! ∈ ! , the structural controllability condition for any reachable (Gonza et al., 2020).
r It has been proven that the structural controlability condition is equivalent to that defined on the PN languages (Gonza, 2019) From this it is seem not necessary scanning the reachability graph or PN languages to check the controllability and to define a set of admissible states.
Definition 7 (Admissible states). Given a desired functioning PN, the set of admissible states, ℳ ! , is the one in which the structural controllability condition is verified.
The controllability condition can be is expressed into linear contraints of Hence, in the figure 4, the controllability condition is ! ! ≥ ! ! and the corresponding constraint is = 0 0 0 1 0 0 0 − 1 r At this point, the control goal is to insure that the constraints are met during the plant's operation. At this point, the place invariant method provides the controller incidence matrix ! and initial state !! of the PN that implements a controller C (Guia, 2013). The place invariant based controller identical to the monitors C (Uzam, 2010;Wang et al., 2013). The controller is a PN with incidence matrix ! ∈ ℤ ! ! ×! with initial state !! ∈ ℤ ! ! , made up of the plant's transitions and a separate set of places.
The controller is maximmally permissive assuming that the plant's transitions are controllable

Definition 8 (maximally permissive controller). A controller is maximally permissive
if all the admissible state, ℳ ! of the desired functioning PN, ∶= ! ! , are reachable under control, and the firing of transitions that leads the plant PN evolution to a forbidden state is prevented.

r
In incidence matrix ! positive elements in refer to arcs connecting transitions to control places and negative elements refer to arcs connecting control places to transitions. From this, the controller C is coupled by synchronization to desired functioning PN, to give the controlled PN (figure 5).

Definition 9 (Controlled PN).
A controlled PN is a triple = ( , , ); where ∶= ! ! is the desired functioning PN, C a PN model of the controller is a finite set of control places, ∩ = ∅, and ⊆ x is a set of arcs (with weight) connecting control places ( ! ) to transitions set T.
r Applying this to our current example 1 (figure 4), we have : Figure 5. The controlled PN of the modified classic manufacturing system r In controlled PN, the controller must allow all control (connected) transitions to be fired only when it is both control place and plant enabled, otherwise it is prevented.
Consider the control transition ! ℒ ! = as controllable, then the controller designed is maximally permissive. Unfortunately, it was specified (section 2) that the event is uncontrollable, i.e, the transition ! ℒ ! = is uncontrollable. Hence, the e 3.

P3
controller designed is non-admissible, since it cannot prevent such transition when it is enabled in plant PN.
The controllability of the controlled PN must be checked, in order to obtain the less restrictive and admissible controller (supreme controller). In fact, the controller designed may prevent plant-enabled uncontrollable transitions from firing.

Structural design of supreme controller (less restrictive and admissible)
Uncontrollable transitions can cause problem for controlled PN, due to arcs from the control places used to change the controller state based on the frings of plant transitions. For this reason, we propose an idea for structurally design the supreme controller, which is less restrictive and admissible.
For the controller to be less restrictive and admissible, the sufficient condition should be When the condition ! ≤ 0 is unsatisfied, the idea is to iterate the structural supervisory control method from the controlled PN until founding controllable transitions, which is upstream to the control places. Concretely, it is a question of extending the controlallitity condition to the controlled PN, = ( , , ). Hence, for any uncontrollable control transition ! ∈ ! , the structural controllability condition for

6: Do
Stop. ! is less restrictive and admissible controller
r Let us apply the above to controlled PN (figure 5) of our current example 1 where the controller is non-admissible, because it is connected to the uncontrollable transition, ! ℒ ! = .
Iteration or step 1 • The characteristics of the controlled PN are = We put in red the columns corresponds to " • The controllability condition is • The controller portion corresponding to uncontrollable transitions " = The resulting controller is non-admissible, since " ≰ 0 one strictly positive element) and ! ! draws an arc to the supposed uncontrollable transition ! ℒ ! = ( figure 6). Consequently, we must iterate the procedure again. Figure 6. Controlled PN ! , after 1 st step, with non-admissible controller !

Iteration or step 2
• Characteristic of controlled PN • The controller portion corresponding to uncontrollable transitions ! ! ! = This solution is less restrictive and admissible because ! ! ! ≤ 0 (none strictly positive element) and ! will draw an arc to the controllable transition ! ℒ ! = ! ( Figure 6). We must stop the iteration here, because we get the supreme controller. The approach is systematic and structural, since we find the solution similar to the intuitive approach of Yamalidou et al. (1996). Now, suppose that transition ! ℒ ! = ! is uncontrollable transition, then the control solution is empty. It can be noticed that, in Figure 6 place P 8 is implicit and can be suppressed.

Remark 1. Modeling considerations
Example 1 shows typical modeling plant PN's structures. It can be seen that the uncontrollable transition has only one input place. This is in fact a general modeling aspect, which leads us to precise the modeling characteristics of controllable and uncontrollable transitions.

Controllable transition:
A controllable transition may have several input places. Indeed, the firing of this transition is conditioned by the synchronization of several tasks behaving concurrently. The controllable transition is fired when all the input places are marked and the controllable event occurs.

Uncontrollable transition:
An uncontrollable transition has only on input place. The occurrence of an uncontrollable event, a breakdown or the end of a task for example cannot be blocked by several input places. It occurs when the plant is in a given state, represented in a global way by the input place.
r Compare to existing methods (constraint transformation or algorithm to compute controllable transitions), we have present a very simple idea, systematic and easy to implement by using the iteration of structural supervisory control with respect of controllability condition. Also, the simplicity of linear constraints allows obtaining a controller structurally optimal (no addition of control places or arcs to the controlled PN). This solution problem has already been tackled in Yalamidou (1996) in an intuitive and unsystematic way (Dideban and Alla 2008). We assume that, a good variety of DES control problems can be efficiently solved through advantages of this approach: − The approach is elegant for implementation as it is based on constraints linking the supervisory control theory and the place invariant method.
− The synthesis technique make use of an incidence matrix corresponding to the uncontrollable portion of the plant to controlled PN model − The systematic handling of uncontrollable events is maintained with the controlled PN model.

Case study
As a case study, consider the real-life system taken from (Vasiliu, 2012). It is in an industrial assembly line, whose topology is illustrated in figure 7. Figure 8. Topology of industrial assembly line (Vasiliu, 2012) The assembly line consists of a conveyor, an assembly station, three barrier doors (B1−3) and five sensors (C1−5). An entry / exit station connects the assembly system with other systems in the line and provides entry / exit of parts into the assembly loop.
The assembly loop is divided into three areas: • the entrance area, between the entry / exit station and gate B1, • the assembly area, between doors B1 and B2 and • the exit area, between gates B2 and B3.
A part enters the system through the entry / exit station, travels the entry area, and then is admitted into the assembly area, where it is introduced inside the assembly station to be processed. Once it is complete, the assembled parts are returned to the conveyor, travel through the exit area and exit the assembly loop via the entry / exit station. The system (assembly line) must satisfy the following specifications: • the maximum number of parts allowed at any time in the assembly area (the length of the assembly queue) is ten; • the maximum number of parts allowed at any time in the exit area (the length of the exit queue) is twelve.
The PNs of figure 8, models the plant and the specification of the assembly line, while events associated with transitions and the place descriptions are shown in Table 1. There is no room at the entrance to the assembly area c1a c1 active (part detected at the entrance to door B1) P2 Part waiting to enter the assembly area b1o Door B1 opening P3 Part entering the assembly area c1i c1 inactive (part has left door B1) P4 Part entered in the assembly area b1f Door B1 closing P5 No part is awaiting assembly c2a c2 active (the part detected at the entrance of the assembly station) P6 Part awaiting assembly da Start of assembly P7 Part being assembled c3a c3 active (the part has left the assembly station / part detected at the entrance of door B2) P8 Part waiting to leave the assembly area b2o Door B2 opening P9 Part leaving the assembly area c4a c4 active (the part has left door B2) P10 Part taken out of the assembly area b2f Door B2 closing P11 There are no parts waiting to leave the assembly loop c5a c5 active (part detected at the entrance of door B3) P12 Piece waiting to leave the assembly loop b3o Door B3 opening P13 Piece leaving the assembly loop c5i c5 inactive (the part is at the exit of B3) P14 Piece taken out of the assembly loop b3f Door B3 closing P15 Current number of parts in the assembly area P16 Number of parts waiting to leave the assembly loop P17 Number of places available in the assembly queue P18 Number of places occupied in the assembly queue P19 Number of places available in the exit queue P20 Number of places occupied in the exit queue Figure 9. PNs of the plant and specification of assembly line (Vasiliu, 2012) r All forbidden states ℳ ! are consequences of the synchronization of plant PN with specification PN via uncontrollable transitions: ! ℒ ! = 1 , !" ℒ !" = 2 and !" ℒ !" = 3 . To ensure the respect of the specification, it is therefore necessary to define the controllability condition, namely The constraint is = The characteristic of desired functioning PN (figure 9) The controller of the assembly line can therefore be computed, that is The controller ! is not admissible, since it draws an arc to uncontrollable transitions ! ℒ ! = 1 , ! ℒ ! = 4 , !" ℒ !" = 5 (see figure 9).

Iteration or step 1
• The Characteristic of controlled PN = −1 1 0 The controller ! is admissible, since " ≤ 0 and it draws no arc to uncontrollable transitions (modified arcs in Figure 9). It is the supreme controller.

Conclusion
In this work, we propose a new idea based on iterations of the structural supervisory control method to ensure a systematic displacement of arcs in the nonadmissible solution, so that no control place is the input place of uncontrollable transition. Note that the arcs displacement avoids creating implicit places in the final solution. Finally, the proposed approach has the advantage to offer, structurally, less restrictive and admissible controller, i.e, supreme controller; and allows implementing efficiently the supervisory control schemes using PN for the practical DES.