I' zyxwvutsrqponmlk
zyxwvu
zyxwv
zyxwvuts
TP7 = 4:40
-
Modular Supervisory Control of Timed Discrete-Event Systems
B. A. Brandin
brandin@control.utoronto.ca
Systems Control Group
Department of Electrical Engineering
University of Toronto
10 King's College Road
Toronto, Canada M5S 1A4
Abstract
The timed discrete-event system framework [Z, 3, 51 admits
disablement and forcing as means of control, as well as the
treatment of hard temporal behavioural constraints. The no-
tion of modular supervisory control of discrete-event systems
proposed in [11] is extended to this framework. The approach
consists of dividing the overall supervisory task into two or
more subtasks, with the resultingindividual subsupervisorsbe-
zyxwvutsrqpo
ing run concurrently to implement a solution of the original
control problem, if necessary under the assumption of partial
observation.
The design of the corresponding subsupervisors deals with
issues of conflict, blocking, optimality and correctness. The
results presented can be used in the development of control
software for interacting concurrent processes. Based on them,
experimental work (hardware and software) has been carried
out on the supervision of manufacturing systems.
1 Introduction
For the supervisorycontrol of discrete-eventconcurrent pro-
cesses, a modular approach to their supervisory control has
been developed, based on the timed discrete-event framework
proposed by Brandin and Wonham [3,51.
Our approach is based on [ll],and consists of dividing the
overall supervisory task into two or more subtasks. Each of
zyxwvutsrqpon
the latter is solved using the results on the supervisory con-
trol of timed discrete-event systems reported in [3,51, and the
resulting individualsubsupervisors are run concurrentlyto im-
plement a solution of the original control problem. We refer to
such a constructionas a modular synthesis, and to the resultant
supervisor as a modular supervisor.
In addition to being more easily synthesized, a modular su-
pervisor should ideally be more readily modified, updated and
maintained. For example, if one subtask is changed, then it
should only be necessary to redesign the correspondingcompo-
nent supervisor; in other words, the overall modular supervisor
should exhibit greater flexibility than its 'monolithic' counter-
part.
The fact that the individual supervisory modules are sim-
pler implies that their control action must be based on an ag-
gregated version of the global system state. Consequently,the
different component supervisors,acting quasi-independentlyon
the basis of partial information, may come into conflict and the
overall system may fail to be nonblocking. Thus a fundamental
issue that always arises in the presence of modularity is how to
guarantee the nonblocking property of the final synthesis [ll].
To this end, the state structure of a modular supervisor
must be such that it embodies enoughinformation to carry out
its assigned control task, in a manner which does not conRict
with control tasks concurrently implemented by other modular
supervisors; in other words, the closed-loop behaviour result-
zyxwvut
zyxwvutsr
ing from the supervision of any modular supervisor must be in
0191-2216/93/$3.00 0 1993 IEEE
-7
W. M. Wonham
wonham@control.utoronto.ca
Proceedlngrof the 32nd Conferenco
M)DEClslon and CmVd
San Antonio, Texas * Dwmber 1993
agreement with the closed-loopbehaviour sought by any other
modular supervisor working concurrently. As an example in
which blocking may occur due to the conflicting nature of con-
trol tasks consider the following scenario. Two numerically
controlled machines (users) require the simultaneous use of a
tool-bit and a fixture (resources); two modular supervisors are
each responsible for the control of one resource. If these su-
pervisors are such that at any one time each user is allowed to
take possession of one resource (by the respective supervisor),
blocking results since effectivelyeither user prevents the other
from finishing its task and freeing the resource it possesses.
In case, only partial information' on the event occurrences
in the plant is assumed to be available to carry out the var-
ious control subtasks, we refer to the corresponding modular
construction as a partial-observation modular synthesis, and
to the resultant supervisor as a partial-observation modular
SUpeTViSOT.
Modular supervisory control under partial observation ex-
hibits the same advantages as modular supervisory control un-
der full observation,but in addition offers a potential economy
in communication requirements between the plant and super-
visory control system. The fact that the individual supervisory
modules are simpler implies that their control action must be
based on the one hand, on an aggregated version of the global
system state; and on the other hand, on partial information
on event occurrences. Again, the nonblocking property of the
final synthesis must be guaranteed.
While introducing time in the modular supervisory control
context, we assume that the various modular supervisors have
access to a global clock2, and thus share information on the
passing of clock time if such information is required for control
purposes.
zyxwvutsr
2 Preliminaries
Let K E C*. We define the closure of K as i? = { t E
C*1(3s E K ) t 5 s} where we write t 5 s , t is a prefix of s,
if s = t u for some U E E*. The language K is L-closed if
K=i?nL.
Let K , L be a r r y sublan-guages of E'. Then K , L are
nonconflicting if K n L = K n L. Thus K and L are noncon-
fictingjust in case every string that is both a prefix of K and
a prefix of L can be extended to a word belonging to K and L
in common.
'For examplein the manufacturingcontext, partialinforma-
tion on the event occurrences translates in the limited use (for
control purposes) of the manufacturing system sensory outputs
that are available.
2This assumption is easily satisfied in any computer based
implementation (e.g.[l]) in which a number of computers host
corresponding supervisory control modules: the clocks of all
but one of the computers are synchronisedto a chosen (allowed)
accuracy to the clock of the remaining computer. The latter
clock effectively becomes the 'global' clock.
2230
 zyxwvutsr
zyxwvutsrqpon
zyxwvutsrqpon
zyxwvut
zyxwvutsrqponm
zyxwvu
zyxwvutsrqp
Let G = ( C , Q , 6 , qo, Qm) be a timed discrete event system
as described in [3,51. The event set C is partitioned as follows
C := CremuCspeu{tick}. where Crem is the set of r e m o t e
event8,i.e. theset of eventswithaninfiniteuppertimebound3,
Cspe is the set of prospective events, i.e. the set of events
whose upper time bound is finite, and where the event tick
represents the passing of one unit of clock time. Thus the
temporal 'resolution' available for modelling purposes is just
one d t of clock time. As in [3]let Chit, Crem be the set of
prohibifible events, i.e. the set of events which through control
action may be prevented indefinitely from occurring, and let
Cfor CremUCspe be the set of forcible events, i.e. the set
of events able to preempt a tick of the clock. It is convenient
to define the uncontrollable event set Cunc := EapeU(Crem -
Chib), and the controllable event set Cc, := Chiblj{tiCk). It
should be noted that a forcible event may be controllable or
uncontrollable.
Let K E', s E K and write EligK(s) = { U E Clsu E E}.
A language K 2 L ( G ) is defined [SI to be controllable (with
respect t o L ( G ) )if, for all s E I<,
Thus K controllablemeans that anevent U (in the full alphabet
C including tick) may occur in K if either (i) it is uncontrollable
or tick, and currently eligible in G, and no forcible event is
zyxwvutsrq
currently eligible in K , or (ii) it is definitely uncontrollable,
zyxwvutsrqpo
and eligible in G I but some forcible event is eligible in K. The
effect of the definition is to allow the occurrence of tick (when
it is eligible in G ) to be ruled out of K only when a forcible
event is eligible in K and could thus be relied on to preempt
it.
Let K C L ( G ) . K 1 s said to be coerciue (with re-
spect to L ( G ) ) if Vs E K nL(G) (tick E EligqG)(s) -
E k K n L ( G ) ( s )=+ E l i g m L ( G ) ( s )n ?for # 01,Thus K is CO-
ercive if, in case the occurrence of ttck must be ruled out of
K n L ( G ) , there exists a forcibleevent eligiblein K n L ( G ) that
can be relied on to preempt it.
Let K1, K2 C L(G). KI and K2 are said to be jointly co-
-
ercive if Vs E K1 n K2 (tick E EligqG)(S) EligKlnKl(s)
EkgK,?K,(s) n Cfor # 0 ) . Thus K1 and K2 are jointly coer-
cive if, in case the occurrence of tick must be ruled out of K1
or K2 or both, there exists a forcible event eligible in both K1
and K2 that can be relied on to preempt it.
3 Modular Supervisory Control under
Full Observation
It will be shown that optimal (maximallypermissive)super-
vision can be achieved modularly if the timed closed-loop be-
haviours enforced independently and concurrently by the mod-
ular supervisors are nonconflictingand jointly coercive.
3.1 Conjunction of Supervisors
Q ~' 3, 2I =
Let GI = ( C , Q I , ~ I , Q ~ , I ~and ) (ClQ 2 , 6 2 , PO,^,
Qm,2) be two automata. G3 = G1 A G2 denotes the operation
that returns a reachable timed discrete-event system G3 such
that Lm(G3) = Lm(G1) n Lm(G2), L(G3) = L ( G i ) n +(G?)-
Let S = ( C , X , ( , x o , X m ) be an automaton whch un-
plements a supervisory control law for the plant G =
(C,Q,6,qo,Qm) [5]. The automaton S/G, such that
Lm(S/G) = Lm(S) n Lm(G), and L ( S / G ) = L(S)n L(G),
constitutes the corresponding closed-loop supervisory control
system that results from the action of S over G [SI.
~~
3Recall that in [3, 51 every event U E CremUCspe is
equipped with a lower time bound I , and an upper time bound
U,; the triples (u,l,,u,) are referred to as timed events.
A supervisor S is said to be complete for C [SI if (i) Lm(.S)
is controllable with respect to L(G), and (ii) L(S)is coerclve
with respect to L(G).
A supervisor S is said to be proper for G [5] if (i) S is
a trim automaton, (ii) S is complete for G,and (iii) S/G is
nonblocking (namely L m ( S / G ) = L ( S / G ) ) .
Let S1 and S2 be proper supervisors for G. We define the
conjunction S3 of SI and S2 (LS s3 = Si A S2. It is easily
seen from the definition that the supervisory action of Sa A S2
is to enable an event U just when U is enabled by SI and S2
simultaneously.
To describe the action of SI A & more f d y we have the
following.
Theorem 3.1
Let SIand S2 be proper supervisors for G . Then Lm((S1h
&)IC) = Lm(S1/G)n Lm(S2/G). W h e n n o r e , Si A S2 is a
proper supervisor for G if and only if it is trim and L,(Si / G )
and Lm(S2/G) are n o n c d c t i n g , and L(S1) and L(S2) are
jointly coercive. 0
(1)
Theorem 3.2
Let K1,K2 5 L(G) be controllable with respect to L(G). If
K1 and K2 are nonconflictingand jointly coercive, then K1 n
K2 is controllable with respect to L(G). 0
Let E L(G) and denote by C(E) the set of all sublan-
guages of E that are controllable with respect to L(G).C ( E )
is nonempty and is closed under arbitrary unions;furthermore,
there exists a unique supremal element supC(E) = U{KIK E
C(E)}in E [5].
Theorem 3.3
Let E1,Ez E*.IfsupC(ElnL(G))andsupC(EZnL(G))
are noncon0icting and jointly coercive, then supC(E1 n E2 n
L ( G ) )= supC(E1 n L(G)) n supC(EZ n L ( G ) ) . 0
* The results of Theorems 3.2 and 3.3 are now extended
to two or more modular supervisors running concurrently.
Accordingly, the definitions of nonconflicting languages and
jointly coercive languaga are extended.
Let Z,IZI 2 2 be an index set. &t K i C C',i E I . Then
K i , i E I are nonconflicting if nieIKi = n i e I K i .
Let Ki 2 C * , i E I . Then K i , i E Z are joint13
coercive if VS E L ( G ) n n i e X K i (tick E Elig,(G (S) -
*
EligL(G)n"iGlKi(S) EligL(G)nni,lK, (5) n Cjor # d*
Corollary 3.1
Let Z,IZI 2 2 be an index set. Let Ki C L ( G ) , i E Z be
controllablewith respect to L(G). If the K i , i E I are noncon-
flicting and jointly coercive, then n i E I K , is controllable with
respect to L(G). 0
Corollary 4.2
Let Z,[ZI 2 2 be an index set. Let Ei E C*,i E Z. If
supC(L(G)n E i ) , i E Z are nonconflictingand jointly coercive,
then niEIsupC(L(G)n E i ) = supC(L(G)n nieIEi). 0
4 Modular Supervisory Control under
Partial Observation
It will be shown that
(i) globally (full-observationequivalent) optimal (maximally
permissive) supervision can be achieved through local
(partial observation) supervision;
2231
(i) zyxwvutsrqponmlkjihgfedcbaZYX
zyxwvutsrqp
zyxwvutsrq
globally (full-observation equivalent) optimal (maxi-
mally permissive) supervision can be achieved modularly
Proposition 4.1

zyxwvutsrq
Let P-I Kfoc and L(G) be noncodicting. Then Z? K. 0
through local (partial observation) supervision if

zyxwvutsrq
. the timed closed-loop behaviours enforced indepen-
dently by the local (partial observation) modular
supervisors are globdy optimal, and
Proposition 4.2
If PL(G) n El, is locally controllable with respect to
PL(G), and;P-'(PL(G) nEl,) and L ( G ) are nonconflicting,
then K = K .

zyxwvutsr
0
. these behaviours are nonconflicting and jointly co- Figure 1 illustrates the various languages introduced and

zyxwvutsrqponm
ercive.
the correspondingprojections.
4.1 Local and Global Suprema1 Control- Theorem 4.1
lable Sublanguages Let P-'PK and L(G) be nonconflicting. Then K = I? if

zyxwvut
and only if K is normal. 0
Let G = ( C , Q ,6,40,Qm) be a timed discrete-event system.
LA$ 0 # CI, C and write 4.2 Conjunction of Supervisors
Cunc,toc = Cunc n Cioct (2) Let I,III 2 2 be an index set. Let Cloc,i C C , i E Z be
Ccon,Ioc = Ccm n %a. (3) given subalphabets of C not necessarily pairwise disjoint. We
will relax the assumption provided initially by equation (7)and
As in [6]we interpret X i o c as a local subalphabet of C which assume instead that
specifies those events that can be observed by a local supervi-
sor. Define P : C' +*&, , according to U i E I x h i b , l o c , i = Zhib and U i E J for,foc,i = for. (9)
i.e. the set of possible local controls constitutes the set of
P(€) = €
possible global controls.
Let Pi : C* -+ C:oc,i,i E I be the corresponding projec-
tions. Suppose further that the overall legal specifications on
P(sa) = P ( s ) P ( a ) , sE C*,U E c (4) the behaviour of G is expressed by the language

Let A L(G) be an arbitrary sublanguage of L(G). A

is said to be normal (with respect to L(G) and P) if A =
L(G) n P-'PA, i.e. A is normal if it can be recovered from
its local version P ( A ) C C;, together with the knowledge of
the constraints embodied in the transition structure of L(G)
[SI. Let E[, ,:E be a nonempty sublanguage which we
zyxwvutsrq
interpret as a specificationof legal behaviour at the local level.
The correspondingglobal legal behaviour is the nonempty sub-
language L(G) n P-IEl,.
i E I, let
E = n i c r P c l Eloc,i C E',

Ki =
Kfoc,i =
(10)
where Eloc,i Cl,i E Z. In other words, globallegal behaviour
can be reduced to the simultaneous satisfaction of local legal
specificationsexpressible in the sublanguages C&, i E I . For

supC(L(G)n Pi-lE[oc,,),
supC(PiL(G)n Etoc,i)l
(11)
(12)
At the global level a supervisor S achieves optimal be- Ki = L ( G ) n Pi-lKioc,,. (13)
haviour of G by generating Theorem 4.2
K := supC(L(G)n P-'E[,) C L ( G ) C E*. (5) For i E Z , let Si be a supervisor for G such that L ( S i / G ) =
Ki = sufl(L(G)nP;lEloc,i),and let K i , i E I be nonconflict-
The correspondinglocal supervisor S[, generates ingandjointly coercive. ThenL(hiclSi/G) = supC(L(G)nE).
0
Kim := supC(PL(G)n PP-'El,) =
Theorem 4.3
supC(PL(G)n E[,) C PL(G) nE t a G C;,(6)
For i E I, let Ki = K , , let Sfoc,i be a supervisor for Gi
Si, can be extended to a global supervisor s for G by assuming where L(Gi) = PiL(G), such that L(Sfoc,i/Gi) = Ktm,i =
4 that supC(PiL(G)n Eloc,i),let Si be a supervisor for G such that
Chib,loc = Chib and f o r , f o c = for- (7) L(S,/G) = I?i = L(G) n PFIKloc,irand finally let K i , i E Z
The language thereby synthesized at the global level is then be nonconflictingand jointly coercive. Then L(Ai,=rsi/G)=
given by supC(L(G)n E ) . 0
I? := L(G)n P - ~ K ~c, L(G) E*. (8)
As in [SI,the question now of interest is whether K = 2, 5 Example
namely whether 3 can achieve the optimal behaviour synthe-
sized by S. Lemma 4.1 is used below in the proofs of Proposi- Consider the manufacturing cell shown in Figure 2, consist-
tion 4.1 and Theorem 4.1. ing of two machines MI and Mz and a buffer of size one. The
machines are represented in the form of activity transition dia-
Lemma 4.1 grams in Figure 3 , where Zi : Mi is idle, W , : Mi is operating,
Di : Mi is broken down, Ri : Mi is under repair, and where
Let A, B be any two languages such that A C PB E C:,,. CY;: initialise operation, p i : operation carried out, X i : f a i l u r e ,

zyxwvuts
Let E l i g A ( r ) 1. EligpB(r) n Cunc,loc. Then (Vr E 2,s E
P - l ( r ) ) Eligp-,A(s) 2 E l i g p - l p g ( s ) n Cunc-
Propositions 4.1 and 4.2 are extensions of Propositions 3.1
and 3.2 in [SI. They state that can never do better than S.
Recall that K, L E C* nonconflicting, i.e. KnL= z n E,
implies for s E C', EkgK(S) n E l i g L ( s ) = EligKnL(s).
'This assumption will be replaced by a weaker assumption
in Section 4.2.
p i : initialise repair, vi: repair carried out. Furthermore,
0 cunc = {/311Xlr~19~2rXZt)72)1xhib = {alraZ~Pl,PZ) =
Cfm. The following timing information applies
(a190,w) (/31,L2) (X1,0,2) (Pl,O,Co) (01,1,00)
(az,O,w) (P2,Ll) (X2,011) ( P Z , O , O o ) (vz,2,co).
The corresponding timed transition graphs are shown5 in Fig-
ure 4. A workpiece produced by A41 is placed in the buffer
51n figures, the tick event will be labelled t .

2232
 zyxwvutsr
and is consequently available for further work by M2. Both
machines may be either idle, working or down. Once a work
cycle has begun, the machines either finish worlring or break
dorm, in which case they are repaired. The following produc-
tion specificationsare considered:
(i) the buffer must not overtlow or underflow,
(ii) if both machines are broken down, the repair of M2 must
be initialised before the repair of Mi.
zyxwvutsrq
Centralized supervisorycontrol based on [3,51 is considered
zyxwvutsr
first. The cell open loop behaviour G (49 states, 134 transi-
zyxwvutsrqpon
tions) is obtained by composing [3,51 Mi and M2.
zyxwvutsrqponm
The above mentioned specifications are translated into the
form of automata, i.e. we introduce the automata R1 and
R2 which enforce the buffer and breakdown specificationsre-
spectively. R1 and R2 are shown in Figure 5 . Accord-
ingly, the corresponding specification languages are provided
by E1 = Lm(R1) and E2 = Lm(R2) respectively.
R1 and R2 are combined together through the h operation,
i.e. R3 = RI h R2. R3 represents the combined specifications
zyxwvutsrq
and is shown in Figure 6. Accordingly we have E3 = E1 nE2 =
zyxwvuts
Lm(R3).
The cell closed-loop behaviour, which meets the specifica-
tions in the freest possible way, is given6 by su(pc(E3ilL(G)),
i.e. the supremal controllable sublanguage of the cell with re-
spect to the combined specifications. S (49 states, 110 tran-
sitions) is the corresponding automaton mcb that L(S) =
supC(E3 n L(G)).
zyxwvutsr
One possible modular design solution is now proposed. The
supervisory task is carried out concurrently by two modules:
zyxwvutsrqpo
the first module is responsiblefor the buffer specification;and
the second for the breakdown specification.
It can be checked that E1 = Lm(R1) and E2 = Lm(R2)
are coercive and controllable with respect to L(G). Hence RI
and R2 are complete. Furthermore, El = Lm(R1) and E2 =
Lm(R2) can be shown to be nonconflicting with respect to
L(G) = Lm(G), and thus [5]R1 and R2 are nonblodringfor G.
Finally, E1 = Lm(R1) and E2 = Lm(R2) can be shown to be
jointly coercive with respect to L(G); so we may conclude from
Theorem3.1, that R1 and R2 are propersupervisorsfor G. The
jointly coercive property of E1 = Lm(R1) and E2 = Lm(R2)
comes into play, for example, upon the occurrence of X2: the
repair of machine M2 must be initialised without delay, thus
preempting the occurrenceof tick from the transition structure
of R2 and consequently of RI.
For our modular supervisor, we take the conjunction R3 =
RI hR2.
It is easily checked that E1 = Lm(R1) and E2 = Lm(R2)
are noncoficting, so that R3 is trim; furthermore it can be
checked that E3 = Lm(R3) = +(RI) n Lm(R2) is both con-
trollable and noncodcting wlth respect to L(G), and thus
from Theorem 3.1 (since El = Lm(R1) and E2 = Lm(R2)
are jointly coercive), it can be deduced that R3 is a proper
supervisor for G. R3 is shown in Figure 6.
Fmally, we consider the w e in which the Specificationlan-
guage is not controllable with respect to L(G). We introduce
the automaton R: to enforce the buffer specification. R; is
shown in Figure 7. Note that E; = Lm(R;) is not Controllable
with respect to L(G): the event a1 may occur when the buffer
is either full or empty.
It can bechecked thatsupC(E;nL(G)) andsupC(E2nL(G))
are nonconfIicting and jointly coercive. Thus, according to
Theorem 3.3 it can be deduced that
nL(G))nsupC(E2nL(G))= supC(E;nE2nL(G)).
SU~C(E;
sHere and below, G3 = sugcon(G1,Gz) denotes the op-
eration that returns a timed discretoevent system G3 whose
marked behaviour is the supremal controllable sublanguage
supC(L,(Gl) n Lm(G2)); while its closed behaviour L(G3) =
Lm(G3) 191.
2233
Si (56 states, 137 traneitions) is the corresponding au-
tomaton such that Lm(S;) = supC(Ei 'IL(G)), and S2 (49
states, 127 transitions)is the correspondrng automaton such
that Lm($) = rupC(E2 n L(G)).
One poasible partial-observation modular design solution is
now proposed. Again, the supervisory task is carried out con-
currently by two modules, the first being responsible for the
buffer specificstion, and the second for the breakdown specifi-
cation; these mod& will be provided only with partial infor-
mation about the plant. Let G represent the plant constituted
by the two machines Mi and M2, with alphabet C = {ai,
&,XI, ~ 1 ~h, 2 pz1
~ A2, , tick).
We consider two automata R ~ , J and &,2 which respec-
tively enforce the buffer and repair specificationslocally. Cor-
respondingly, the local specification languages are given by
E I ~= J Lm(RIoc,l) and &oc,2 = Lm(R1~,2)-Rioc,~and
R~,J are shown in Figure 8.
Recall that Chib = {ai,Pi,a2,p2) = C f w . Now cioc,i=
{ ~ I ~ O I ~ Va 2I t, P2, ~ 2 and
) Cloc,2 = {A19~19X2r~29ti~k)*
Then xhib,loc,l = {aira2) and xhib,i=,2 = ( ~ 1 ~ ~are 2 )
Such that Chib,ioc,lU Chib,loc,2= xh;b, and thus Satisfy (13).
It can be checked that correspondingly for i = 1,2 K; =
supC(L(G) n PFIEim,i) = Ri = L(G)n PF1Kl,,i, and that
K1 and K2 are nonconflictingand jointly coercive. fiom Th-
rem 4.3 we then have L(G)n PF1KI,J n PplK~,J = L(G)n
Pl-'wpC(&L(G) n Ei,,i)n PF'supC(SL(G) n EI,,~) =
supC(L(G)n P:'~I~,In&-1E~w,2).
Thus the local supervison Slm,l and SI,,^, which when
=
acting alone reapectively synthesize the languages Kl,,l
sUpC(PiL(G) n Ei,,i) and Kim,2 = supC(P2L(G) n EiX,2)1
concurrently achieve global optimality. The local versions
of the plant G are Gloc,l (15 states, 47 transitions) with
L(Gt,,I) = PlL(G), and GI,, (12states, 20 transitions) with
L(G1,,2) = F$L(G). The corresponding local supervisors are
Sloc,l (11 states, 26 transitions), SI,,^ (12 states, 19 transi-
tions). The correspondingglobal supervisors are SI(51 states,
123 transitions) and S 2 (49 states, 127 transitions). GI,, and
are shown in Figures 9 and 10 respectively.
6 Discussion
A modular approach to the Supervisory control of concur-
rent processes has been developed in the timed discrete-event
framework proposed by Brandin and Wonham [3,51. The re-
sults on modular supervision presented in [11] are extended to
yield the results on modular Supervision under full observs-
tion; while the results on deccntralieed supervision in [6] are
extendedand combinedwith the results of modular anpervision
under full observation, to yield the result8 on modular supervi-
sion under partial observation. The present framework retains
the concept of maximally permissive supervision, and
(i) allows the timed modelling of discrete-event systems:
events may occur only within designated time bounds,
relative to the times when the events become enabled;
(ii) admits mbsyatem composition;
(iii) allows the treatment of hard temporal behavioural spec-
ifications;
(iv) admits forcing and disablement:as means of control; and
(v) allows the explicit incorporation in the system model of
the effects of time related control enforcement constraints
such as communication time delays between the supervi-
sory control system and the manufacturing workcell de-
vices.
Modular supervisionpermits the natural subdivisionof con-
trol tasks according to their nature, e.g. nominal production
and error recovery procedures in manufacturing systems; or ac-
cording to physical/topological requirements. For this reason,
 zyxwvutsr
the modular supervisors obtained are more readily modified,
updated and maintained than their centralized counterparts.
Centralized supervisory control is seen [5] to be suitable
for fairly small problems since the corresponding supervisory
controls tend to be large in state size; they are required to
[lo] K. G. Rudie, “Softwarefor the Control of Discrete Event
Systems: A Complexity Study”, Systems Control Group
Report No. 8806, Department of Electrical Engineering,
University of Toronto, Sept. 1988.
(111 W. M. Wonham and P. J. h a d g e , “Modular supervi-

zyxwvutsrqp
encompw the behavior of the whole plant subject to all spec- sory control of discrete event systems”, Maths. of Control,
ifications. Modular supervisors, running concurrently, jointly Signals and Systems, Vol. 1, No. 1, 1988,pp. 13-30.
achieve equivalent system behaviors, and tend to be smaller in
state size. Their design, though, is generally computationally
more expensive [lo]in comparison with equivalent centralized

zyxwvutsrqpo
designs. It must be noted however, that the corresponding E’
off-line computations may in most problems be carried out in
parallel; thus reducing the effective required computation time. P-l(PL(G))
r 1
The theory is presented in an elementary fashion in terms
of regular languages and finite automata. In higher-level ap-
proaches (e.g. [q) which support features such as program
variables, or real-time programming language features such P-’
as interrupts and logically conditioned events and procedures,

zyxwvutsrqpo
control synthesis tends to be heuristic. The present framework
may supply a basis for rendering such approaches more formal
and systematic.

zyxwvutsr
zyxwvutsr
Experimental results reported in [5]illustrate how central-
ized and modular supervisors based on the theory for timed
discrete-event systems [3,51 can be implemented on existing
industrial hardware: the supervisory control of a small manu-
facturing cell is carried out concurrently by a number of PLC
(Programmable Logic Controllers), each module being respon-
sible for a portion of the supervisory control task.

7 Acknowledgements
B. Brandin would like to thank the ManufacturingResearch
Corporation of Ontario and Professor B. Benhabib for the fi-
nancial support received during his Ph.D Thesis.

References
[l] B. A. Brandin, W. M. Wonham and B. Benhabib, “Dis-
crete event supervisory control applied to the manage-
ment of manufacturing workcells”, 7th International Con-
ference on Computer Aided Manufacturing Engineering, Figure 1: Relevant languages and projections

n
V.C. Venkatesh and J.A. McGeough Eds., Elsevier 1991,
pp. 527-536.
[2] B. A. Brandin, W. M. Wonham and B. Benhabib, “Manu-
-
facturing cell supervisory control a timed discrete-event
system approach”, 1992 IEEE International Conference
Infinite
Source

4 Infinite
Sink

zyxwvut
on Robotics and Automation, Nice, May 1992, pp. 531-
536.
[3] B. A. Brandinand W.M. Wonham, “The supervisorycon-
trol of timed discrete event systems”, B E E Transactions
on Automatic Control, to appear.
[4] B. A. Brandin, W. M. Wonham and B. Benhabib, “Mod- Buffer
ular supervisory control of timed discretcevent systems”, Figure 2: Twwmachine workcell setup
1992 Allerton Communication and Control Conference,
Urbana-Champaign, September 1992.
[5] B. A. Brandin, “Real-Time Supervisory Control of Auto-
mated Manufacturing Systems”, Systems Control Group
Report No. 9302,Department of Electricaland Computer
Engineering, University of Toronto, Toronto, February
1993.
[6] F. Lm and W. M. Wonham, “Decentralizedsupervisory

zyxwvutsrq
control of discrete-eventsystems”, Information Science44,
pp. 199224,1988.

zyxwv
[7] J. S. Ostroff and W. M. Wonham, “A framework for real-
time discrete event control”, IEEE, Transactions on Au-
tomatic Control, Vol. 35,No. 4,April 1990,pp, 386397.
[8] J.S. Ostroff, “Temporal Logic for Real-Time Systems”,
Research Studies Press Ltd, 1989.
[9] P. J. Ramadge and W. M. Wonham, “The control of dis- Figure 3: The activity transition graphs for Mi, i = 1,2
crete event systems”, IEEE, Proc., Vol. 77,No. 1, January
1989,pp. 81-98.

2234
 zyxwvut
F i u r e 9:

2235