Discrete event dynamic systems最新文献

The paper presents a novel approach for discovering Petri nets (PN) that include silent transitions from logs of event sequences. We propose a repairing method that extends existing discovery techniques that do not deal with silent transitions; such techniques may yield substructures that involve deadlocks. Such substructures, called inconsistent (IS), are detected through a structural pattern. IS are rewritten by adding new transitions labelled with event symbols already assigned to transitions in IS; the rewritten model has no deadlocks. Afterwards, the PN with duplicated event labels is transformed into an equivalent model with silent transitions. The algorithms derived from the technique, which have polynomial-time complexity, have been implemented and tested on examples of diverse structures.

Opacity is an information flow property that captures the notion of plausible deniability in dynamic systems, that is whether an intruder can deduce that “secret” behavior has occurred. In this paper we provide a general framework of opacity to unify the many existing notions of opacity that exist for discrete event systems. We use this framework to discuss language-based and state-based notions of opacity over automata. We present several methods for language-based opacity verification, and a general approach to transform state-based notions into language-based ones. We demonstrate this approach for current-state and initial-state opacity, unifying existing results. We then investigate the notions of K-step opacity. We provide a language-based view of K-step opacity encompassing two existing notions and two new ones. We then analyze the corresponding language-based verification methods both formally and with numerical examples. In each case, the proposed methods offer significant reductions in runtime and space complexity.

This work is set in the context of supervisory control of discrete-event systems under partial observation. Attackers that are able to insert or erase occurrences of particular output symbols can tamper with the supervisor’s observation and by doing so, can lead the controlled system to undesirable states. We consider a scenario with multiple attackers, each one being an element of a set, called the attack set. We also assume that only one of the attackers within an attack set is acting, although we don’t know which one. According to previous results in the literature, a supervisor that enforces a given legal language, regardless of which attacker is acting, can be designed if the legal language is controllable and satisfies a property called P-observability for an attack set. The latter is an extended notion of observability and is related with the supervisor’s ability to always distinguish between outputs that require different control actions, even if the outputs were attacked. We present a new approach for checking if a given language is P-observable for an attack set, by first introducing a visual representation as well as some definitions that capture the attack’s effect. Additionally, we present two algorithms that together allow us to verify if a given language is P-observable for an attack set, when it is represented as an automaton.

In this paper, we consider a decentralized failure diagnosis problem for discrete event systems. Each local diagnoser makes a diagnosis decision based on local event observations. A sensor that detects the occurrence of an event may possibly fail due to, for example, aging degradation. It is desirable that the occurrence of any failure string should be correctly detected in the presence of sensor failures. We introduce a new notion of codiagnosability subject to permanent sensor failures, which is defined with respect to not only the set of nondeterministic local observation masks but also the global nondeterministic observation mask. Although the global observation mask is necessary to define codiagnosability, it is not used for performing decentralized diagnosis. The introduced notion of codiagnosability guarantees that the occurrence of any failure string can be correctly detected by a decentralized diagnoser within a bounded number of steps even if permanent sensor failures occur. We develop a method for verifying the codiagnosability property subject to permanent sensor failures. In addition, we compute the delay bound within which the occurrence of any failure string can be detected.

The development of supervisory controllers for cyber-physical systems is a laborious and error-prone process. Supervisor synthesis enables control designers to automatically synthesize a correct-by-construction supervisor from a model of the plant combined with a model of the control requirements. From the supervisor model, controller code can be generated which is suitable for the implementation on a programmable logic controller (PLC). Supervisors for industrial systems that operate in close proximity to humans have to adhere to strict safety standards. To achieve these standards, safety PLCs (SPLCs) are used. For SPLC implementation, the supervisor has to be split into a regular part and a safety part. In previous work, a method is proposed to automatically split a supervisor model for this purpose. The method assumes that the provided plant model is a collection of finite automata. In this paper, the extension to extended finite automata is described. Additionally, guidelines are provided for modeling the plant and the requirements to achieve a favorable splitting. A case study on a rotating bridge is elaborated which has been used to validate the method. The case study spans all development steps, including the implementation of the resulting supervisor to control the real bridge.

Hierarchy is a tool that has been applied to improve the scalability of solving planning problems modeled using Supervisory Control Theory. In the work of Hill and Lafortune (2016), the notion of cost equivalence was employed to generate an abstraction of the supervisor that, with additional conditions, guarantees that an optimal plan generated on the abstraction is also optimal when applied to the full supervisor. Their work is able to improve their abstraction by artificially giving transitions zero cost based on the sequentially-dependent ordering of events. Here, we relax the requirement on a specific ordering of the dependent events, while maintaining the optimal relationship between upper and lower levels of the hierarchy. This present paper also extends the authors’ work (Vilela and Hill 2020) where we developed a new notion of equivalence based on cost equivalence and weak bisimulation that we term priced-observation equivalence. This equivalence allows the supervisor abstraction to be generated compositionally. This helps to avoid the explosion of the state space that arises from having to first synthesize the full supervisor before the abstraction can be applied. Here, we also show that models with artificial zero-cost transitions can be created compositionally employing the new relaxed sequential dependence definition. An example cooperative robot control application is used to demonstrate the improvements achieved by the compositional approach to abstraction proposed by this paper.

Our work is integrated into a global methodology to design synchronously executed embedded critical systems. It is used for the development of medical devices implanted into human body to perform functional electrical stimulation solutions (used in pacemakers, deep brain stimulation...). These systems are of course critical and real time, and the reliability of their behaviors must be guaranteed. These medical devices are implemented into a programmable logic circuit in a synchronous way, which allows efficient implementation (space, consumption and actual parallelism of tasks execution). This paper presents a solution that helps to prove that the behavior of the implemented system respects a set of properties, using Petri nets for modeling and analysis purposes. But one problem in formal methods is that the hardware target and the implementation strategy can have an influence on the execution of the system, but is usually not considered in the modeling and verification processes. Resolving this issue is the goal of this article. Our work has two main results: an operational one, and a theoretical one. First, we can now design critical controllers with hard safety or real time constraints, being sure the behavior is still guaranteed during the execution. Second, this work broadens the scope of expressivity and analyzability of Petri nets extensions. Until then, none managed in the same formalism, both for modeling and analysis, all the characteristics we have considered (weights on arcs, specific test and inhibitor arcs, interpretation, and time intervals, including the management of effective conflicts and the blocking of transitions).