Temporal Analysis of Influence of Resource Failures on Cyber-Physical Systems Based on Discrete Timed Petri Nets

Featured Application

An analysis method to assess and respond to the impact of resource failures on deadline of orders in Cyber-Physical Systems based on transformation of discrete timed Petri nets.

Abstract

Advancement of IoT and ICT provide infrastructure to manage, monitor and control Cyber-Physical Systems (CPS) through timely provision of real-time information from the shop floor. Although real-time information in CPS such as resource failures can be detected based on IoT and ICT, improper response to resource failures may cripple CPS and degrade performance. Effective operations of CPS relies on an effective scheme to evaluate the impact of resource failures, support decision making needed and take proper actions to respond to resource failures. This motivates us to develop a methodology to assess the impact of resource failures on operations of CPS and provide the decision support as needed. The goal of this study is to propose solution algorithms to analyze robustness of CPS with respect to resource failures in terms of the impact on temporal properties. Given CPS modeled by a class of discrete timed Petri nets (DTPNs), we develop theory to analyze robustness of CPS by transforming the models to residual spatial-temporal network (RSTN) models in which capacity loss due to resources is reflected. We formulate an optimization problem to determine the influence of resource failures on CPS based on RSTNs and analyze the feasibility to meet the order deadline. To study the feasibility to solve a real problem, we analyze the computational complexity of the proposed algorithms. We illustrate the proposed method by application scenarios. We conduct experiments to study efficiency and verify computational feasibility of the proposed method to solve a real problem.

1. Introduction

The advancement of information and communications technology (ICT) and Internet of Things (IoT) [1] provides the infrastructure for Cyber-Physical Systems (CPS) [2,3] to manage, monitor and control manufacturing systems. ICT refers to technologies involving any kind of computing/communication devices, networking components and information systems that enable efficient interaction in the digital world, while IoT can be defined as the network of physical objects embedded with sensors, software and relevant ICT technologies for interacting with other objects/systems over the Internet. Although CPS provides the potential visibility and a paradigm for enterprises to respond to dynamic changing environments based on ICT and IoT, these advantages also pose challenges in modeling, design and implementation of CPS [4]. In particular, robust design of CPS has become an important issue to achieve stable and secure CPS and is attracting a lot of attention in the CPS research community. A comprehensive survey of the concept and strategies for robust design of CPS can be found in [5]. In CPS for manufacturing systems, failures of machines/resources are unavoidable. Managers often wonder and worry about whether the original due dates of orders can still be met when failures of machines/resources occur, i.e., whether the manufacturing system is robust with respect to the failures. Providing a decision support tool for managers to assess the impact of failures of machines/resources on the orders is an important issue.

In terms of the robustness design requirements of CPS, the real-time information and communication infrastructure provided by IoT and ICT alone cannot ensure effective operations and robustness of CPS. Robustness of CPS can be achieved only if the real-time information provided by IoT and ICT are timely and properly used to support decision making and respond to the changing environment. For example, real-time information from the shop floor—such as resource failures [6]—can be detected in CPS. However, real-time resource failures information from IoT and ICT is useful only if an effective scheme to evaluate the impact of, and deal with, resource failures is available. In the literature, design issues of CPS include robustness, security and cost effectiveness [7]. Study on the impact of resource failures on CPS is less explored. This motivates us to develop a methodology to assess the impact of resource failures on operations and temporal properties of CPS. The goal of this study is to propose a method for modeling and analysis of CPS, in order to pave the way for developing an effective strategy to handle resource failures in CPS.

To evaluate the impact of resource failures on CPS, we will study the robustness of CPS in the context of manufacturing systems in this paper. The robustness property is concerned with the influence of resource failures on the operations and performance of CPS. In make-to-order manufacturing, meeting the deadline of orders is an important issue. Resource failures often cripple the operations of manufacturing systems and may lead to delays in fulfillment of orders. Therefore, the robustness property of CPS with respect to resource failures to be studied in this paper is concerned with how the orders will be influenced due to resource failures. In classical control theory, robustness addresses the issue about whether the desired system property can be maintained in the presence of uncertainty. The problem to be studied in this paper is to investigate the effects of resource failures on operations of CPS and the fulfillment of an order with multiple product demands and deadlines. The problem setting of this paper is different from that of [8], in that multiple types of product demands are considered in this study whereas the work of [8] considers a single type of product demands. The objective of this study is to propose a solution algorithm to analyze robustness of CPS with respect to resource failures, based on a class of discrete timed Petri net (DTPN) model that extends the one in [8].

The approach to robustness analysis of the DTPN models in this study is different from the existing reachability analysis methods that rely on abstraction of state space of timed Petri nets [9,10]. Our approach is based on the concept of model transformation in Model Driven approach (MDA) [11], which transforms DTPNs into spatial-temporal networks (STNs) to enable the compact representation and efficient search for solutions based on mathematical programming/optimization tools. As this study focuses on assessing the impact of resource failures on temporary properties based on model transformation, this study is different from [12,13], which focus on robust control and scheduling based on timed, extended reachability graphs. This paper is different from [8,14] as it focuses on the robustness property of CPS. In addition, the problem studied in this paper considers order requirements with multiple types of product demands instead of a single type of product demands. This paper is different from [15] as it includes important properties, algorithms, rigorous proof of properties of CPS, complexity analysis and verification of complexity analysis results by experiments. In summary, the contributions of this paper include: (1) proposing a formal timed model to capture resource failures in CPS, (2) formulating a feasibility problem for nominal CPS and a robustness analysis problem to analyze the impact of resource failures on temporal properties, (3) developing algorithms for the problems based on model transformation and (4) analyzing complexity of the proposed algorithms and verifying the computational feasibility of the proposed approach.

The structure of this paper is as follows. A literature review and the robustness analysis problems in CPS will be introduced in Section 2 and Section 3, respectively. In Section 4, construction of STNs and analysis of the nominal CPS based on STNs will be presented. In Section 5, the impact of resource failures on CPS will be analyzed. In Section 6, we will illustrate the proposed method by examples and present the results. We will discuss the results in Section 7 and conclude this paper in Section 8.

2. Literature Review

CPS consist of two parts: the cyber space and the physical space. Control of entities in physical space of CPS is based on the cyber space model. To analyze CPS, proper modeling tools to construct the cyber space model of the CPS are relied upon. A modeling tool must be able to capture concurrent, synchronous and asynchronous operations/events in CPS and must support construction, edition and representation of the model in industrial standard format. A variety of modeling approaches/tools can be used to capture the operations of CPS by constructing the cyber space model of CPS, e.g., Discrete Event System [16], Extended Hybrid Automata [17] and Petri nets (PN) [18]. Among these tools, Petri nets [19] provide an easy-to-use graphical user interface that can capture concurrent, synchronous and asynchronous operations/events in CPS. Petri nets can be represented by the Petri Net Markup Language (PNML) [20], an XML-based interchange format widely supported by many software tools [21]. Therefore, we adopt Petri nets in this paper to model CPS. Despite the variety of Petri net tools such as the ones in [22,23] available for modeling CPS, these tools do not provide a method for analyzing the influence of resource failures on performance.

As the objective of this paper is to analyze the influence of resource failures on temporal property of CPS, Petri nets supporting modeling of time are adopted. In the literature, some Petri net models assign time delay to transitions while others assign time delay to places in the nets [24]. A timed Petri net is called deterministic timed Petri net if the time delay is deterministic [25,26,27,28,29]. A timed Petri net is called stochastic timed Petri net if the time delay is probabilistically specified [30,31,32,33]. As this paper focuses on influence of resource failures on temporal property of CPS, a class of deterministic discrete timed Petri nets are adopted. Different models have been proposed to capture resource failures. Some of the works (e.g., [34,35]) model resource failures as loss of tokens in untimed Petri nets models and develop methods to assess the impact of resource failures on the system after the occurrence of failures. The works [36,37] classify the resources into reliable resources and unreliable resources based on a class of untimed Petri nets (S4PR) and develop methods to allocate resources. The works [12,13] consider uncertainties due to the interruptions of operations and unreliable resources and take performance and risk into account in the objective function to deal with uncertainties in manufacturing systems based on timed Petri nets. As the goal of this paper is to develop a method to assess the impact of resource failures on the system after the occurrence of failures, we model resource failures as loss of tokens in discrete timed Petri nets. Although the proposed discrete timed Petri nets can capture the characteristics of CPS, there still lacks a theory to analyze the robustness property. For this reason, this paper is devoted to development of theory to facilitate the analysis of robustness property of CPS based on the proposed discrete timed Petri nets.

To study robustness property of CPS, a nominal solution must be generated first. Robustness analysis for CPS is done based on the nominal solution. To generate a nominal solution, models that can capture the spatial and temporal properties of workflows are constructed. In this paper, we consider order requirements with multiple product demands and a deadline. A spatial-temporal network (STN) model is constructed for each type of production process required by the orders. The STN models are constructed based on transformation of the DTPN models of CPS. The STNs constructed for CPS are capable of capturing the dynamics of workflows in space and time. The STNs can only capture the nominal operations of CPS. To study the influence of resource failures on CPS, we construct residual spatial-temporal network (RSTN) models in which capacity loss due to resources is reflected and modeled. We analyze the impact of resource failures on CPS based on RSTNs. To optimize the performance after resource failures, we formulate an optimization problem to determine the influence of resource failures on CPS and analyze the feasibility to meet the deadline. The optimization problem can be solved by applying any integer programming solver such as the CPLEX Optimizer [38]. We assess practicality of the proposed method by applying it to application scenarios in which resource failures occur in executing production schedules. The influence of resource failures on the schedules in each scenario can be visually and clearly represented in the residual spatial-temporal networks. To study the feasibility to solve a real problem, we analyze the computational complexity of the proposed algorithm. Our analysis indicates that the lower bound on the complexity of the proposed algorithm is polynomial with respect to the tasks (product demands) and scale of the production processes. We verify the computational feasibility of the proposed method by conducting experiments. The results indicate that the computational time grows polynomially with the quantity of the products influenced by resources failures and the number of transitions in the task subnet.

3. Robustness Analysis Problem Formulation in CPS

The problem to be studied in this paper is to analyze the impact of resource failures on CPS. To formulate the problem to be addressed in this paper, we summarize a list of notations/symbols that will be used in this paper in

Table 1. Notations.

Symbol/Variable	Meaning
$J$	The number of different types of tasks
$\mathit{J}$	The set of indices of all different types of tasks, $\mathit{J}$ = $\{1,2,3,\dots ,J\}$
$j$	A type of task $j\in \mathit{J}$
$G{J}_j$	A task subnet, $G{J}_j=(P_j,T_j,F_j,m_{j0},{\mu }_j)$
$N_j$	The number of operations in $G{J}_j$
$R$	The number of different types of resources
$\mathit{R}$	$\mathit{R}$ = $\{1,2,3,\dots ,R\}$, the set of different types of resources in the system
$r$	The index of a type of resources, $r\in \mathit{R}$ = $\{1,2,3,\dots ,R\}$
$k$	The $k$-th operation performed by a type $r$ resource, where $r\in \mathit{R}$
$G_r^{jk}$	A circuit (a DTPN model) that represents the activity of the $k$-th operation in type $j$ task to be performed by a type $r$ resource
${\Omega }_r^j$	The set of indices of circuits of type $r$ resources involved in type $j$ task, ${\Omega }_r^j$ = $\{1,2,\dots ,K_r^j\}$, where $K_r^j$ is the number of circuits involved.
$\Vert$	An operator to merge Petri nets
$G{R}_r$	A type $r$ resource subnet, $G{R}_r$ = ($P_r$, $T_r$, $F_r$, $m_{r0}$, ${\mu }_r$) == $\underset{j\in \mathit{J}}{\Vert }\underset{k\in {\Omega }_r^j}{\Vert }{G}_r^{jk}$
$C_{rt}$	The initial capacity (the number) of type $r$ resources in period $t$; initially, $C_{rt}$ is set to $m_{r0}\left(r\right)$ for all $t$
${\overline{C}}_{rt}$	The residual capacity ${\overline{C}}_{rt}$ of type $r$ resources in period $t$, initial value of ${\overline{C}}_{rt}$ is set to $C_{rt}$.
$G$	A nominal CPS model, $G=(P,T,F,m_0,\mu )$ = $GJ\Vert GR$, where $GJ=\underset{j\in \mathit{J}}{\Vert }G{J}_j$ and $GR$ = $\underset{r\in \mathit{R}}{\Vert }G{R}_r$
$m$	A marking of $G$
$\delta$	A $\left|P\right|$ dimensional perturbation vector
${\delta }_i$	The $i$-th element ${\delta }_i$ of the perturbation vector $\delta$
${\omega }_{il}$	A discrete time failure interval, ${\omega }_{il}$ = $[{\alpha }_{il} {\beta }_{il}]$, where $i\in \{1,2,\dots ,\left|P\right|\}$ and $l\in \{1,2,\dots ,{\delta }_i\}$
$\omega$	All failure intervals ${\omega }_{il}$ associated with $\delta$, $i\in \{1,2,\dots ,\left|P\right|\}$, $l\in \{1,2,\dots ,{\delta }_i\}$,
$\Delta (m)$	The uncertainty model that captures resource failures for a reachable marking $m$, $\Delta (m)$ = ($m$, $\delta$, $\omega$)
$Q_j$	The product demands, $Q_j$, where $j\in \mathit{J}$ = $\{1,2,3,\dots ,J\}$
$Q_j^{\delta }$	The quantity of products influenced by resource failures $\Delta (m)$
$\theta$	The deadline
$P^F$	The set of all final state places in $P$
$\Pi$	The number of periods in the time horizon
$ST{N}_j(V_j,A_j)$	A spatial-temporal network constructed for type $j$ task, $j\in \mathit{J}$ = $\{1,2,3,\dots ,J\}$
$RST{N}_j(V_j,A_j)$	A residual spatial-temporal network constructed based on $ST{N}_j(V_j,A_j)$ for $j\in \mathit{J}$

. The cyber world model of a CPS is represented by $G$. It is used to capture the dynamics of CPS. The nominal cyber world model is an abstraction of the physical world of CPS. The structure of the nominal cyber world model considered in this paper is similar to the S3PR model and the S4PR model in the literature [39,40] that can capture sequential processes with shared resources, is extended with time factor and a proper uncertainty model to capture failures of resources and the time intervals during which failures occur. Uncertainties such as machine failures may occur in the physical world of CPS and influence the operations of CPS. In the remainder of this paper, we will use $\Delta$ to denote the uncertainty model. Given the nominal cyber world model $G$ and the uncertainty model $\Delta$, the problem is to study the influence of $\Delta$ on the operations of CPS. To analyze the influence of $\Delta$ on the operations of CPS, the nominal cyber world model $G$ and the uncertainty model $\Delta$ must be represented properly. In this paper, the nominal cyber world model $G$ will be presented by a DTPN model. The uncertainty model $\Delta$ will be characterized based on the failed resources as well as the time intervals during which unexpected events occur. In this section, we first introduce construction of the nominal model $G$ for CPS and then present the uncertainty model to formulate the problem.

We consider a make-to-order manufacturing system in which an order is specified by the quantity of different types of product demands, $Q_j$, where $j\in \mathit{J}$ = $\{1,2,3,\dots ,J\}$ and the deadline $\theta$. The production process of each type of product is associated with a type of task. Therefore, the number of different types of tasks is $J$. The set of indices of all different types of tasks is denoted by $\mathit{J}$ = $\{1,2,3,\dots ,J\}$ and we refer to a type of task by $j\in \mathit{J}$ = $\{1,2,3,\dots ,J\}$. We define a task subnet to describe the production process of a type of products. A task subnet can be described by a discrete timed Petri net (DTPN). A DTPN is a five-tuple $D=(P,T,F,m_0,\mu )$ in which $P$ is a set of places, $T$ is a set of transitions, $F\subseteq (P\times T)\cup (T\times P)$ is a set of flow relation, $m_0:P\to Z^{\left|P\right|}$ is an initial marking, and $\mu :T\to Z$ is a function that specifies either a lower bound of the firing time of each transition or the firing time of each transition, where $Z$ is the set of nonnegative integers.

Definition 1.

A task subnet is a discrete timed Petri net, $G{J}_j=(P_j,T_j,F_j,m_{j0},{\mu }_j)$, with sequential structure, where $j\in \mathit{J}$ and the function ${\mu }_j:T_j\to Z$ is used to specify the lower bound of the firing time of each transition in $T_j$. For a task subnet $G{J}_j=(P_j,T_j,F_j,m_{j0},{\mu }_j)$ that describes $N_j$ operations in $G{J}_j$, there are $2N_j$ transitions in $G{J}_j$ as each operation is described by a start transition and an end transition. Therefore, there are $2N_j+1$ places in $P_j$. We assume that the places in $P_j$ are numbered from upstream to downstream. That is, $P_j=$ {$p_1^j$, $p_2^j$, $p_3^j$,…, $p_{2N_j+1}^j$}.

Note that for transition $t\in T_j$, ${\mu }_j(t)$ only specifies a lower bound of the firing time of transition $t$ by using any resource. Firing a transition relies on the use of a resource. The firing time of transition $t\in T_j$ depends on the type of resource used to fire $t$. The exact firing time of $t$ is determined by the firing time of the same transition specified in the corresponding resource subnet of the resource involved. Therefore, ${\mu }_j(t)$ can be set to zero for each transition $t\in T_j$ because is always a lower bound of transition $t$ by using any resource. Figure 1 shows two examples of task subnets, $G{J}_1$ and $G{J}_2$. The firing time of transitions in $G{J}_1$ can be set as ${\mu }_1(t_1)$ = ${\mu }_1(t_2)$ = ${\mu }_1(t_3)$ = ${\mu }_1(t_4)$ = 0 if the lower bound of the firing time of each transition in $T_1$ is unknown. Similarly, if the lower bound of the firing time of each transition in $T_2$ is unknown, the firing time of transitions in $G{J}_2$ can be set as ${\mu }_2(t_5)$ = ${\mu }_2(t_6)$ = ${\mu }_2(t_7)$ = ${\mu }_2(t_8)$ = ${\mu }_2(t_9)$ = ${\mu }_2(t_{10})$ = 0.

To facilitate modeling, the operator “$\Vert$” is defined as follows to merge two DTPNs through common transitions, places and arcs.

Definition 2.

Given two discrete timed PNs, $G_1$ = ($P_1$, $T_1$, $F_1$, $m_{10}$, ${\mu }_1$) and $G_2$ = ($P_2$, $T_2$, $F_2$, $m_{20}$, ${\mu }_2$), the operator $“\Vert ”$ to combine $G_1$ and $G_2$ is defined as follows:

$G_1\Vert G_2$ = ($P$, $T$, $F$, $W$, $m_0$, $\mu$), where $P=P_1\cup P_2$, $T=T_1\cup T_2$, $F(p,t)=\{\begin{array}{l}{F}_1(p,t) if p\in P_1 and t\in T_1\\ F_2(p,t) if p\in P_2 and t\in T_2 \end{array}$, $F(t,p)=\{\begin{array}{l}{F}_1(t,p) if p\in P_1 and t\in T_1\\ F_2(t,p) if p\in P_2 and t\in T_2 \end{array}$, $m_0(p)=\{\begin{array}{l}{m}_{10}(p) if p\in P_1\\ m_{20}(p) if p\in P_2\end{array}$ and $\mu (t)=\{\begin{array}{l}\max ({\mu }_1(t),{\mu }_2(t)) if t\in T_1\cap T_2\\ {\mu }_1(t), if t\in T_1\backslash T_2\\ {\mu }_2(t), if t\in T_2\backslash T_1 \end{array}$.

An operation is performed by a resource. In this study, the number of different types of resources is denoted by $R$. We use $\mathit{R}$ = $\{1,2,3,\dots ,R\}$ to denote the set of different types of resources in the system. We use $r$ to refer to a type of resources, where $r\in \mathit{R}$. The $k$-th operation performed by type $r$ resource is represented by a circuit, $G_r^{jk}$, which is a discrete timed PN. Each circuit $G_r^{jk}$ has an idle place $r$, a busy place, one start transition and one end transition. Figure 2a–e shows examples of resource circuits. Let ${\Omega }_r^j$ = $\{1,2,\dots ,K_r^j\}$ denote the set of indices of circuits of type $r$ resources involved in type $j$ task. The capabilities of a resource type $r$ is described by a resource subnet defined below.

Definition 3.

A resource subnet $G{R}_r$ for a type $r$ resource is a discrete timed Petri net $G{R}_r$ = ($P_r$, $T_r$, $F_r$, $m_{r0}$, ${\mu }_r$) obtained by merging the circuits of type $r$ resource, where $r\in \mathit{R}$ and the function ${\mu }_r$ is used to specify the firing time of each transition in $T_r$. That is, $G{R}_r$ = ($P_r$, $T_r$, $F_r$, $m_{r0}$, ${\mu }_r$) = $\underset{j\in \mathit{J}}{\Vert }\underset{k\in {\Omega }_r^j}{\Vert }{G}_r^{jk}$. A resource subnet $G{R}_r$ has an idle place denoted by $r$.

Figure 2f shows the resource subnet $G{R}_{r_1}$ obtained by merging $G{R}_{r_1}^{11}$ in Figure 2a with $G{R}_{r_1}^{21}$ in Figure 2c. $G{R}_{r_2}$, $G{R}_{r_3}$ and $G{R}_{r_4}$ can be obtained similarly. The firing time of transitions in $G{R}_{r_1}$ is set as ${\mu }_{r_1}(t_1)$ = 1, ${\mu }_{r_1}(t_2)$ = 0, ${\mu }_{r_1}(t_5)$ = 2, ${\mu }_{r_1}(t_6)$ = 0. The firing time of transitions in $G{R}_{r_2}$ is set as ${\mu }_{r_2}(t_3)$ = 2, ${\mu }_{r_2}(t_4)$ = 0. The firing time of transitions in $G{R}_{r_3}$ is set as ${\mu }_{r_3}(t_7)$ = 1, ${\mu }_{r_3}(t_8)$ = 0. The firing time of transitions in $G{R}_{r_4}$ is set as ${\mu }_{r_4}(t_9)$ = 1, ${\mu }_{r_4}(t_{10})$ = 0.

Operations in manufacturing systems are performed by resources to process parts. The proposed model captures synchronization between parts and resources by applying the merging operator “$\Vert$” to a common transition in a task subnet and a resource subnet. The operator “$\Vert$” also merges relevant common places and arcs involved between a task subnet and the associated resource subnet. Note that as the firing time for a transition in the task subnet is just a lower bound, which is always smaller than the firing time specified in the resource subnet, the exact time for firing a transition depends on the resource involved. Therefore, after applying the merging operator, the firing time of the merged transition is defined as the maximum of the transition firing time specified in the task subnet and the resource subnet.

Consider a task subnet $G{J}_j=(P_j,T_j,F_j,m_{j0},{\mu }_j)$ and a resource subnet $G{R}_r$ = ($P_r$, $T_r$, $F_r$, $m_{r0}$, ${\mu }_r$). For the model $G{J}_j\Vert G{R}_r$ obtained by applying the $“\Vert ”$ operator to combine a task subnet $G{J}_j=(P_j,T_j,F_j,m_{j0},{\mu }_j)$ with a resource subnet $G{R}_r$ = ($P_r$, $T_r$, $F_r$, $m_{r0}$, ${\mu }_r$), the firing time of transition $t\in T_j\cap T_r$ in $G{J}_j\Vert G{R}_r$ is $\mu (t)=\max ({\mu }_j(t),{\mu }_r(t) )={\mu }_r(t)$ as ${\mu }_j(t)$ is a lower bound of ${\mu }_r(t)$. That is, the firing time $\mu (t)$ of transition $t\in T_j\cap T_r$ in $G{J}_j\Vert G{R}_r$ is determined by the firing time ${\mu }_r(t)$ specified in $G{R}_r$. Therefore, ${\mu }_j(t)$ can be set to zero for each transition $t\in T_j$ because ${\mu }_j(t)$ is a lower bound of ${\mu }_r(t)$.

To capture cooperation and interaction between different types of tasks and resources in the CPS, we merge the task subnets with the resource subnets to construct the discrete timed Petri net model $G$ for the nominal CPS defined $G$ as follows.

Definition 4.

A nominal model is described by a discrete timed Petri net $G=(P,T,F,m_0,\mu )$ = $GJ\Vert GR$, where $GJ=\underset{j\in \mathit{J}}{\Vert }G{J}_j$ and $GR$ = $\underset{r\in \mathit{R}}{\Vert }G{R}_r$ = ($P_R$, $T_R$, $F_R$, $m_{R0}$, ${\mu }_R$), where $m_0:P\to Z^{\left|P\right|}$ and $\mu :T\to Z^{+}\cup \left\{0\right\}$. The state of $G$ is called a marking represented by a vector $m\in Z^{\left|P\right|}$.

In this paper, it is assumed that the timed Petri net models work under infinite server policy. As we focus on the deterministic and aim to determine the feasible firing sequences to meet the deadline, the firing of transitions is determined by the algorithm. Note that operations of the DTPN models are based on the firing sequences found by the proposed algorithm. Therefore, firing policy and memory policy are not required in the proposed method.

Figure 3 shows an example of $G=(P,T,F,m_0,\mu )$ = $GJ\Vert GR$, where $GJ$ = $G{J}_1\Vert G{J}_2$, $G{J}_1$ and $G{J}_2$ are shown in Figure 1 and $GR$ is obtained by merging all the circuits in Figure 2. The firing time of each transition of $G$ in Figure 3 is as follows:

$\mu (t_1)$ = $\max ({\mu }_1(t_1),{\mu }_{r_1}(t_1))=1$, $\mu (t_2)$ = $\max ({\mu }_1(t_2),{\mu }_{r_1}(t_2))=0$,

$\mu (t_3)$ = $\max ({\mu }_1(t_3),{\mu }_{r_2}(t_3))=2$, $\mu (t_4)$ = $\max ({\mu }_1(t_4),{\mu }_{r_2}(t_4))=0$

$\mu (t_5)$ = $\max ({\mu }_2(t_5),{\mu }_{r_1}(t_5))=2$, $\mu (t_6)$ = $\max ({\mu }_2(t_6),{\mu }_{r_1}(t_6))=0$

$\mu (t_7)$ = $\max ({\mu }_2(t_7),{\mu }_{r_3}(t_7))=1$, $\mu (t_8)$ = $\max ({\mu }_2(t_8),{\mu }_{r_3}(t_8))=0$

$\mu (t_9)$ = $\max ({\mu }_2(t_9),{\mu }_{r_4}(t_9))=1$, $\mu (t_{10})$ = $\max ({\mu }_2(t_{10}),{\mu }_{r_4}(t_{10}))=0$

Note that the set $P_R$ of all the places in $GR$ can be divided into two subsets: the subset of idle places $\left\{r_s|s\in \mathit{R}\right\}$ of resources and the subset of non-idle places of resources $P_R/\left\{r_s|s\in \mathit{R}\right\}$. That is, $P_R=(P_R/\{r_s|s\in \mathit{R}\})\cup \left\{r_s|s\in \mathit{R}\right\}$. As each non-idle places subset in $P_R/\left\{r_s|s\in \mathit{R}\right\}$ belongs to $P$ = $\underset{j\in \mathit{J}}{\cup }{P}_j\cup \left\{r_s|s\in \mathit{R}\right\}$, the set of places in $G$ is $P$ = $\underset{j\in J}{\cup }{P}_j\cup \left\{r_s|s\in \mathit{R}\right\}$ = $\underset{j\in \mathit{J}}{\cup }${$p_1^j$, $p_2^j$, $p_3^j$,…, $p_{2N_j+1}^j$} $\cup$ {$r_1$, $r_2$, $r_3$,…, $r_{\left|\mathit{R}\right|}$}. Therefore, the dimension of $P$ is $\left|P\right|$ = $\underset{j\in \mathit{J}}{\Sigma }(2N_j+1)+R$. A marking $m$ is defined by

$$m=[m(p_1) m(p_2) m(p_3) \dots \dots m(p_{\underset{j\in \mathit{J}}{\Sigma }(2N_j+1)}) m(r_1) m(r_2) m(r_3) \dots \dots m(r_{\left|\mathit{R}\right|})]$$

In this paper, the final state place in $P_j$ is $p_{2N_j+1}^j$. The set of all final state places in $P$ is denoted by $P^F$ = {$p_{2N_j+1}^j$, $j\in \mathit{J}$ = $\{1,2,3,\dots ,J\}$}.

In a make-to-order manufacturing system, an order is specified by the quantity of different types of product demands, $Q_j$, where $j\in \mathit{J}$ = $\{1,2,3,\dots ,J\}$, and the deadline $\theta$. The requirements to meet an order with product demands, $Q_j$, where $j\in \mathit{J}$ = $\{1,2,3,\dots ,J\}$ can be described by a marking $m_d$ in the discrete timed Petri net $G=(P,T,F,m_0,\mu )$, where $m_d(p)=\{\begin{array}{l}0\hspace{1em}p\in P\backslash (P^F\cup \{r_s|s\in \mathit{R}\left\}\right)\hspace{1em}\\ Q_j\hspace{1em}p=p_{2N_j+1}^j\in P^F,j\in \{1,2,3,\dots ,J\}\end{array}$.

Therefore, the problem to determine whether the order can be fulfilled by the deadline $\theta$ can be stated as the following feasibility problem:

Feasibility Problem for Nominal CPS (FPN):

Given a DTPN model $G$ under a reachable marking $m$, a target marking $m_d$ defined by $m_d(p)=\{\begin{array}{l}0\hspace{1em}p\in P\backslash (P^F\cup \{r_s|s\in \mathit{R}\left\}\right)\hspace{1em}\\ Q_j\hspace{1em}p=p_{2N_j+1}^j\in P^F,j\in \{1,2,3,\dots ,J\}\end{array}$ and a deadline $\theta$, determine whether there exists a firing sequence that brings $G$ from $m$ to $m_d$ by the deadline $\theta$.

Operations of manufacturing systems are usually influenced by unexpected events such as resource failures. The influence of resource failures may have impact on the operations and orders in the system. To deal with resource failures properly, the impact due to resource failures must be evaluated.

To study the influence of resource failures on CPS, we must represent resource failures properly. We introduce the uncertainty model $\Delta (m)$ based on the concept of perturbation vectors and failure time intervals as follows.

Definition 5.

A $\left|P\right|$ dimensional perturbation vector $\delta$ is an integer vector to specify the number of tokens lost for the set of places in $P$ due to resource failures. The $i$-th element ${\delta }_i$ of the perturbation vector $\delta$ is a non-negative integer that represents the number of tokens lost in the place $p_i$, $p_i\in P$, due to resource failures, where $i\in \{1,2,\dots ,\left|P\right|\}$.

In this study, a discrete time horizon of $\Pi$ periods is considered. To describe the time intervals of resource failures, we define a discrete time failure interval. Note that if ${\delta }_i>1$, it means that there are ${\delta }_i$ failures of multiple resources in place $p_i$. As the time interval of each resource failure may not be the same, we define a failure interval as follows.

Definition 6.

For each resource failure $l\in \{1,2,\dots ,{\delta }_i\}$, the corresponding discrete time failure interval that describes the starting time and the end time of the resource failure is denoted by ${\omega }_{il}$ = $[{\alpha }_{il} {\beta }_{il}]$, where $i\in \{1,2,\dots ,\left|P\right|\}$. Note that if ${\delta }_i=0$, ${\omega }_{il}$ = $[L \infty )$, where $L$ is a number larger than $\Pi$.

According to Definition 6, a failure taking place outside the time horizon $\Pi$ can be represented by ${\delta }_i=0$ with ${\omega }_{il}$ = $[L \infty )$, where $L$ is a number larger than $\Pi$. We use $\omega$ to refer to all failure intervals ${\omega }_{il}$, $i\in \{1,2,\dots ,\left|P\right|\}$, $l\in \{1,2,\dots ,{\delta }_i\}$, associated with $\delta$.

Given a nominal cyber-physical system model $G=(P,T,F,m_0,\mu )$, an uncertainty model is defined based on a marking $m$ reachable from $m_0$. As the dimension of a marking is $\left|P\right|$, the uncertainty model is defined as follows:

Definition 7.

A $\left|P\right|$ dimensional uncertainty model $\Delta (m)$ for a reachable marking $m$ is described by a three-tuple $\Delta (m)$ = ($m$, $\delta$, $\omega$), where the $\left|P\right|$ dimensional perturbation vector $\delta$ represents perturbation of nominal marking and the $\left|P\right|$ dimensional vector $\omega$ describes all failure intervals associated with the perturbation $\delta$.

In this paper, we will study whether deadline $\theta$ can be met in the presence of uncertainty $\Delta (m)$ = ($m$, $\delta$, $\omega$) based on the following problem formulation.

Robustness Analysis Problem (RAP)

Given a DTPN model $G=(P,T,F,m_0,\mu )$ under a reachable marking $m$, a target marking $m_d$ defined by $m_d(p)=\{\begin{array}{l}0\hspace{1em}p\in P\backslash (P^F\cup \{r_s|s\in \mathit{R}\left\}\right)\hspace{1em}\\ Q_j\hspace{1em}p=p_{2N_j+1}^j\in P^F,j\in \{1,2,3,\dots ,J\}\end{array}$ and $\theta$, suppose there exists a firing sequence (a nominal solution) that brings $G$ from $m$ to $m_d$ by the deadline $\theta$. Determine whether there exists a firing sequence that brings $G$ from $m$ to $m_d$ by the deadline $\theta$ under the uncertainty $\Delta (m)$ = ($m$, $\delta$, $\omega$).

4. Generation of Solutions for Nominal CPS

The two problems presented in the previous section, FPN and RAP, aim to analyze the robustness of a solution of nominal CPS. In this section, we first present our approach to generate a solution to FPN. We will study RAP and analyze the robustness of the solution in the next section.

As the classical reachability analysis methods suffer from state explosion problem, we will propose a different approach to representing and finding solutions based on spatial-temporal network (STN) models, which describe the movement of flow tasks in space and time. The steps to construct STN will be presented later and are intuitively done by capturing the flows of tasks from upstream to downstream spatially and temporally based on DTPN.

The feasibility problem of nominal CPS aims to determine the feasibility to meet an order with $J$ types of product demands by a deadline $\theta$, which extends the problem for a single type of product demand addressed in [8]. The novelty of the proposed approach is to analyze the DTPN based on transformation of the model into spatial-temporal network (STN) models without relying on classical reachability analysis method for timed Petri nets. Such transformation enables compact representation of solutions and efficient search for solutions based on mathematical programming/optimization tools. The proposed method is obviously different from the ones that rely on abstraction of state space of timed Petri nets.

To deal with an order with multiple types of product demands by a deadline, a spatial-temporal network $ST{N}_j(V_j,A_j)$ is constructed for each $G{J}_j$ by applying Algorithm 1, where $j\in \mathit{J}$ = $\{1,2,3,\dots ,J\}$, based on the demands of type $j$ tasks, $Q_j$, order deadline, $\theta$, and the residual capacity. For each type of resource, the residual capacity in a period is defined as the number of unallocated resources. The main algorithm (Algorithm 2) iteratively invokes the algorithm to construct the STN, $ST{N}_j(V_j,A_j)$, for each type of task according to the residual capacity, allocates the tasks by solving the Feasibility Problem of Spatial-Temporal Network (FPSTN) (to be introduced later) and updates the residual capacity. The capacity on arcs of STN is bounded by the residual capacity of resources involved. For each STN, tasks can only be allocated according to the residual capacity of resources involved. The residual capacity for each period is calculated by deducting the number of allocated resources from the original capacity. The residual capacity is updated after allocating tasks to STN. The cost on arcs is specified according to the deadline. To optimize the schedule to meet the deadline, we set the cost for arcs connecting to the end node according to the periods. The cost for an arc corresponding to period $t$ after the deadline $\theta$ is simply set to $t$. The cost for all the other arcs is set to zero.

A spatial-temporal network $ST{N}_j(V_j,A_j)$ is constructed based on the task subnet $G{J}_j=(P_j,T_j,F_j,m_{j0},{\mu }_j)$ for each $j\in \mathit{J}$. Note that the set of places in $P_j$ can be decomposed into two disjoint subsets, $P_{j1}$ and $P_{j2}$, where $P_{j1}$ represents the set of idle state places for parts in type $j$ tasks and $P_{j2}$ represents the set of busy state places of parts in type $j$ tasks. That is, $P_j=P_{j1}\cup P_{j2}$. Without loss of generality, it is assumed that the places in $P_{j1}$ correspond to states in the production process from upstream to downstream. Suppose there are $N_j$ operations in $G{J}_j$ and each operation is represented by one start transition and one end transition. Then there are $2N_j$ transitions in $P_j$. In this case, the places in $P_j$ are numbered from upstream to downstream and are denoted as $p_1^j$, $p_2^j$, $p_3^j$,…, $p_{2N_j+1}^j$, $P_j=$ {$p_1^j$, $p_2^j$, $p_3^j$,…, $p_{2N_j+1}^j$} and $P_{j1}$ = {$p_1^j$, $p_3^j$, $p_5^j$,…, $p_{2N_j+1}^j$}. To represent timing in a spatial-temporal network $ST{N}_j(V_j,A_j)$, a time horizon of $\Pi$ periods is considered. A node in $ST{N}_j(V_j,A_j)$ represents a specific point in time and space. We create $\Pi$ nodes for each place in $P_{j1}$, one start node and one end node in $ST{N}_j(V_j,A_j)$ to represent spatial-temporal information.

In constructing $ST{N}_j(V_j,A_j)$, the capacity of an arc involving the use of type $r$ resources is set to the residual capacity ${\overline{C}}_{rt}$ of type $r$ resources. Let $C_{rt}$ denote the initial capacity (the number) of type $r$ resources in period $t$, where $C_{rt}$ is set to $m_{r0}\left(r\right)$ for all $t$. Initially, the residual capacity ${\overline{C}}_{rt}$ of type $r$ resources in period $t$ is set to $C_{rt}$. The residual capacity ${\overline{C}}_{rt}$ will be updated iteratively in the Algorithm 2 (to be introduced later) to check feasibility of nominal CPS to reflect the assignment of tasks to resources. The algorithm (Algorithm 1) to construct $ST{N}_j(V_j,A_j)$ for type $j$ tasks, where $j\in \mathit{J}$, is as follows.

Algorithm 1: Construct Spatial-Temporal Network $ST{N}_j(V_j,A_j)$ for Type $j$ Tasks

Input: $G{J}_j$, $G_r^{jk}$, $k\in {\Omega }_r^j$ = $\{1,2,\dots ,K_r^j\}$, $\Pi$, $Q_j$, $\theta$   Output: $ST{N}_j(V_j,A_j)$, where $V_j$ is the set of nodes and $A_j$ is the set of arcs   Step 0: Create a start node $s_j$ and an end node $e_j$      $V_j=\{s_j,e_j\}$   Step 1: For $n=1$ to $N_j$       For each $t=1$ to $\Pi$        Create a node numbered $(n-1)\Pi +t$        Add the node to $V_j=V_j\cup \{(n-1)\Pi +t\}$       End For      End For   Step 2: Add an arc $a=(s_j,1)$ from $s_1$ to the node 1      $A_j\leftarrow A_j\cup \left\{a\right\}$      Set arc capacity $c_a$ to $Q_j$ and arc cost $w_a$ to 0   Step 3: For $n=1$ to $N_j$       For each $t=1$ to $\Pi -1$        Add an arc $a$ from node $(n-1)\Pi +t$ to node $(n-1)\Pi +t+1$        $A_j\leftarrow A_j\cup \left\{a\right\}$        Set arc capacity $c_a$ to according to the residual capacity ${\overline{C}}_{rt}$, where        $r$ is theresource type used by operation $n$        Set arc cost $w_a$ to 0       End For      End For   Step 4: For $n=1$ to $N_j$       For each $t=1$ to $\Pi -1$        If $t+\mu (t_{2n-1})+\mu (t_{2n})\le \Pi$         Add an arc $a$ from node $(n-1)\Pi +t$ to node $n\Pi +t+\mu (t_{2n-1})+\mu (t_{2n})$         $A_j\leftarrow A_j\cup \left\{a\right\}$         Find the resource type $r$ for processing operation $n$          Update $A_{jrt}\leftarrow A_{jrt}\cup \left\{a\right\}$, the set of arcs in the spatial-temporal          network of type $j$ task involved in the use of type-$r$ resource in period $t$         Set arc cost $w_a$ to 0        End If       End For      End For   Step 5: For each $t=1$ to $\Pi$       Add an arc $a$ from $N_j\Pi +t$ to node $e_j$       $A_j\leftarrow A_j\cup \left\{a\right\}$        If $t>\theta$         Set arc cost $w_a$ to $t$        Else         Set arc cost $w_a$ to 0        End If      End For

$ST{N}_j(V_j,A_j)$ captures the flows of parts temporally and spatially. To optimize the schedule to meet the deadline, the cost for an arc corresponding to period $t$ after the deadline $\theta$ is simply set to $t$ and the cost for all the other arcs is set to zero. We use $f_j$ to denote the flows of parts in $ST{N}_j(V_j,A_j)$. We use $f_j(u,v)$ to represent the flows of parts from node $u$ to node $v$ in $ST{N}_j(V_j,A_j)$ across time and space. To concisely represent the flows in $ST{N}_j(V_j,A_j)$, we will use $f_{u,v}$ instead of $f_j(u,v)$ whenever it is clear from the context. In $ST{N}_j(V_j,A_j)$, the flows of parts in horizontal arcs denote parts in waiting state and flows of parts in arcs connecting to the end node represent the finished parts. Flows of parts in all the other arcs denote the parts in busy state (being processed by machines/resources). Figure 4 shows the structure of $ST{N}_j(V_j,A_j)$ for type 1 tasks ($j=1$) obtained by applying the above algorithm to $G{J}_1$ in Figure 2a.

Let $A_{jrt}$ denote the set of arcs involved in the use of type-$r$ resource in period $t$ in $ST{N}_j(V_j,A_j)$. The capacity constraints (1), the flow balance Equation (2), supply constraints (3) and demand constraints (4) must hold. Based on the spatial-temporal network $ST{N}_j(V_j,A_j)$, the following problem is formulated to check the feasibility to meet product demands, $Q_j$, by the deadline $\theta$.

Feasibility Problem of Spatial-Temporal Network (FPSTN) $ST{N}_j(V_j,A_j)$

$$\underset{f_j}{\min }\sum _{a=(u,v)\in A_{jrt}}{w}_a{f}_j(u,v)$$

$$\sum _{a=(u,w)\in A_{jrt}}{f}_j(u,w)\le {\overline{C}}_{rt}\forall r\in \mathit{R} \forall t\in \{1,2,\dots ,\Pi \}\hspace{1em}$$

(1)

$$\sum _{w\in V}{f}_j(u,w)=0 \forall u\notin \{s,e\}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}$$

(2)

$$\sum _{w\in V}{f}_j(s,w)=Q_j\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}$$

(3)

$$\sum _{w\in V}{f}_j(w,e)=Q_j\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}$$

(4)

$$f_j(u,v)\in Z \forall (u,v)\in A_j, \mathrm{where} Z \mathrm{is} \mathrm{the} \mathrm{set} \mathrm{of} \mathrm{nonnegative} \mathrm{integers}$$

(5)

To check whether it is feasible to meet an order with product demands, $Q_j$, for $j\in \mathit{J}$ = $\{1,2,3,\dots ,J\}$ by the deadline $\theta$, the following algorithm can be applied by solving the feasibility problem of spatial-temporal network $ST{N}_j(V_j,A_j)$ for $j\in \mathit{J}$ = $\{1,2,3,\dots ,J\}$ iteratively.

By solving the above problem iteratively for $j\in \mathit{J}$ = $\{1,2,3,\dots ,J\}$, a solution $f$ = $\underset{j\in \mathit{J}}{\Sigma }{f}_j$ will be found, where $f_j$ is the component of $f$ in spatial-temporal network $ST{N}_j(V,A)$ for type $j$ task, where $j\in \mathit{J}$. For each $j\in \mathit{J}$ = $\{1,2,3,\dots ,J\}$, we compute the residual capacity ${\overline{C}}_{rt}=C_{rt}-{\displaystyle \sum _{a=(u,w)\in A_{jrt}}}{f}_j(u,w)\forall r\in \mathit{R} \forall t\in \{1,2,\dots ,\Pi \}$ based on the solution found in $ST{N}_j(V_j,A_j)$. Obviously, the following property holds.

Property 1.

If there exists a solution $f$ = $\underset{j\in \mathit{J}}{\Sigma }{f}_j$ such that the flows in all the arcs from node $N_j\Pi +t$ to node $e$ are all zero for all $t\in \{\theta +1,\theta +2,\dots ,\Pi \}$ for $j\in \mathit{J}$ = $\{1,2,3,\dots ,J\}$, $f$ can meet the deadline $\theta$.

Based on Property 1 and the reasoning above, the algorithm below can be applied to generate a solution and check the feasibility to meet the deadline.

Algorithm 2: Check Feasibility of Nominal CPS

Input: $\mathit{J}$, $\mathit{R}$, $\Pi$, $C_{rt}$, $G{J}_j$, $G_r^{jk}$, $k\in {\Omega }_r^j$ = $\{1,2,\dots ,K_r^j\}$, $Q_j$, $r\in \mathit{R} \forall t\in \{1,2,\dots ,\Pi \}$ Output: $Feasibility\_Indicator$, $f$ Step 0: $f\leftarrow \underset{\_}{0}$    ${\overline{C}}_{rt}\leftarrow C_{rt}$ Step 1: ${\mathit{J}}_1\leftarrow \mathit{J}$    While ${\mathit{J}}_1\ne \Phi$       Select $j\in {\mathit{J}}_1$       Construct $ST{N}_j(V_j,A_j)$       Find a solution $f_j$ for the Spatial-Temporal Network $ST{N}_j(V_j,A_j)$ based       on ${\overline{C}}_{rt}\forall r\in \mathit{R} \forall t\in \{1,2,\dots ,\Pi \}$       Update ${\overline{C}}_{rt}={\overline{C}}_{rt}-{\displaystyle \sum _{a=(u,w)\in A_{jrt}}}{f}_j(u,w)\forall r\in \mathit{R} \forall t\in \{1,2,\dots ,\Pi \}$       ${\mathit{J}}_1\leftarrow {\mathit{J}}_1\backslash \left\{j\right\}$       $f\leftarrow f+$$f_j$    End While Step 2: If the solution $f$ satisfies the condition of Property 1       Set $Feasibility\_Indicator$ = true     Else     Set $Feasibility\_Indicator$ = false     End If

The above optimization problem is an integer programming problem that can be solved by applying any integer programming solvers such as the CPLEX Optimizer [38]. We will analyze the complexity of Algorithm 2 later in this section. The following property states that a property can be used to check whether the order deadline $\theta$ can be met.

Property 2.

If the $Feasibility\_Indicator$ is “true” by applying the Algorithm to Check Feasibility of $G=GJ\Vert GR$ with respect to $m$, $G=GJ\Vert GR$ is feasible with respect to $\theta$.

Proof of Property 2

Please refer to Appendix A.

Computational complexity of the Algorithm 2 to check feasibility of nominal CPS is analyzed as follows. For each $f\in {\mathit{J}}_1$, Algorithm 2 constructs $ST{N}_j(V_j,A_j)$, finds a solution $f_j$ for the spatial-temporal network $ST{N}_j(V_j,A_j)$ and updates ${\overline{C}}_{rt}={\overline{C}}_{rt}-{\displaystyle \sum _{a=(u,w)\in A_{jrt}}}{f}_j(u,w)\forall r\in \mathit{R} \forall t\in \{1,2,\dots ,\Pi \}$ and $f\leftarrow f+f_j$. The number of nodes constructed in the spatial-temporal network $ST{N}_j(V_j,A_j)$ for type $j$ task, where $j\in \mathit{J}$ is $N_j\Pi +2$. The number of arcs constructed in the spatial-temporal network $ST{N}_j(V_j,A_j)$ for type $j$ task, where $j\in \mathit{J}$, is bounded by $2N_j(\Pi -1)+2+\Pi$. Therefore, the complexity to construct $ST{N}_j(V_j,A_j)$ and the number of nodes in $ST{N}_j(V_j,A_j)$ is bounded by $O(N_j\Pi )$. The problem to find the solution $f_j$ for the spatial-temporal network $ST{N}_j(V_j,A_j)$ is a minimal cost flow problem with additional constraints. Therefore, a lower bound of the computational complexity to find the solution $f_j$ for the spatial-temporal network with capacity constraint ${\overline{C}}_{rt}$ is $O(N_j^2{\Pi }^2{Q}_j)$. Therefore, a lower bound on the computational complexity of the algorithm to construct $RST{N}_j(V_j,A_j)$ and find a solution is $O(J{R}^2{\Pi }^2+N_j^2{\Pi }^2{Q}_j)$. As the number of arcs in the set $A_{jrt}$ is no greater than $R\Pi$, the number of arithmetic operations involved in calculating ${\displaystyle \sum _{a=(u,w)\in A_{jrt}}}{f}_j(u,w)$ is bounded by $JR\Pi$ for each $r\in \mathit{R}, t\in \{1,2,\dots ,\Pi \}$. Therefore, the overall computational complexity to compute ${\overline{C}}_{rt}-{\displaystyle \sum _{a=(u,w)\in A_{jrt}}}{f}_j(u,w)\forall r\in \mathit{R} \forall t\in \{1,2,\dots ,\Pi \}$ is bounded by $J{R}^2{\Pi }^2$. Therefore, the overall computational complexity to update ${\overline{C}}_{rt}$ is $O(J{R}^2{\Pi }^2)$. As ${\mathit{J}}_1$ is set to $\mathit{J}$ initially in Algorithm 2 and $\left|\mathit{J}\right|=J$, a lower bound on the computational complexity of Algorithm 2 to check feasibility is $O(J^2{R}^2{\Pi }^2+J{N}_j^2{\Pi }^2{Q}_j)$, which is of polynomial complexity. Although the above analysis only provides a lower bound on the computational complexity of Algorithm 2, the numerical results to be presented in later shows that computational time grows polynominally, which is consistent with above lower bound on the computational complexity analyzed above.

5. Analysis of Impact of Resource Failures on CPS

Consider a perturbation vector $\delta$ and the associated uncertainty model $\Delta (m)$ = ($m$, $\delta$, $\omega$) due to resource failures. To study the influence of $\delta$, we construct a residual spatial-temporal network $RST{N}_j(V_j,A_j)$ based on $ST{N}_j(V_j,A_j)$ for $j\in \mathit{J}$ and the nominal solution $f$.

The nominal solution $f$ for the Feasibility Problem (FP) can be decomposed into several components, $f_1$, $f_2$, $f_3$,…, $f_J$, with $f$ = $f_1$ + $f_2$ + $f_3$+…+$f_J$ = $\underset{j\in \mathit{J}}{\Sigma }{f}_j$, where $f_j$ is the component of the solution in spatial-temporal network $ST{N}_j(V_j,A_j)$ for type $j$ task, $j\in \mathit{J}$. Note that $f_j$ can be divided into two parts, $f_{j1}$ and $f_{j2}$, where $f_{j1}$ denotes the flows in $ST{N}_j(V_j,A_j)$ not influenced by the resource failures $\Delta (m)$ and $f_{j2}$ represents the flows in $ST{N}_j(V_j,A_j)$ influenced by the resource failures $\Delta (m)$.

Before constructing $RST{N}_j(V_j,A_j)$, we compute the residual capacity ${\tilde{C}}_{rt}$ based on the nominal solution in $ST{N}_j(V_j,A_j)$ and resource failures first. The procedure to compute the residual capacity and construct $RST{N}_j(V_j,A_j)$ is shown as follows.

Procedure I to Compute Residual Capacity

Input: $ST{N}_j(V,A)$, $f_j$, $j\in \mathit{J}$, $\Pi$, $\theta$, $\delta$, $\Delta (m)$ = ($m$, $\delta$, $\omega$), $C_{rt}$, $r\in \mathit{R}$, $t\in \{1,2,\dots ,\Pi \}$ Output: ${\tilde{C}}_{rt}$, $RST{N}_j(V_j,A_j)$, $Q_j^{\delta }$ Step 1: Apply the Algorithm to Construct spatial-temporal network $ST{N}_j(V_j,A_j)$ Step 2: $RST{N}_j(V_j,A_j)\leftarrow ST{N}_j(V_j,A_j)$ Step 3: Find the flows $f_{j1}$ not influenced by resource failures $\delta$ in the      solution $f_j$ of $RST{N}_j(V_j,A_j)$ for $j\in \mathit{J}$     Find the flows $f_{j2}$ influenced by resource failures $\delta$ in the solution $f_j$ of        $RST{N}_j(V_j,A_j)$ for $j\in \mathit{J}$ Step 4: Remove all the flows $f_{j1}$ not influenced by the resource failures $\Delta (m)$ from        $RST{N}_j(V_j,A_j)$ for $j\in \mathit{J}$ Step 5: Remove the flows influenced $f_{j2}$ by the resource failures $\Delta (m)$ from        $RST{N}_j(V_j,A_j)$ for $j\in \mathit{J}$.    Find $Q_j^{\delta }$ denote the quantity of products associated with $f_{j2}$ influenced by         resource failures $\Delta (m)$. Step 6: ${\tilde{C}}_{rt}\leftarrow C_{rt}$ for each $r\in \mathit{R}$ for each period $t\in \{1,2,\dots ,\Pi \}$    Update the residual resource capacity ${\tilde{C}}_{rt}$ for each $r\in \mathit{R}$ for each period $t$:    Update the residual capacity ${\tilde{C}}_{rt}$ by removing the associated resource    capacities originally allocated to $f_{j1}$ from $C_{rt}$ for $r\in \mathit{R}$ for $j\in \mathit{J}$    Update the residual capacity ${\tilde{C}}_{rt}$ by removing the associated resource capacities    due to resource failures $\delta$ in $\Delta (m)$ from $C_{rt}$ for $r\in \mathit{R}$ for $j\in \mathit{J}$:    ${\tilde{C}}_{rt}=C_{rt}-{\displaystyle \sum _{j\in \mathit{J}}}{\displaystyle \sum _{a=(u,w)\in A_{jrt}}}{f}_{j1}(u,w)-C_{rt}^{\delta }\forall r\in \mathit{R} \forall t\in \{1,2,\dots ,\Pi \}$, where $C_{rt}^{\delta }$ is the capacity    loss due to resource failures $\delta$.

Feasibility Problem of Residual Spatial-Temporal Network (FPRSTN) $RST{N}_j(V,A)$

$\underset{f_j}{\min }{\displaystyle \sum _{a=(u,v)\in A_{jrt}}}{w}_a{f}_j(u,v)$

$$\sum _{a=(u,w)\in A_{jrt}}{f}_j(u,w)\le {\tilde{C}}_{rt}\forall r\in \mathit{R} \forall t\in \{1,2,\dots ,\Pi \}$$

(6)

$$\sum _{w\in V}{f}_j(u,w)=0 \forall u\notin \{s,e\}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}$$

(7)

$$\sum _{w\in V}{f}_j(s,w)=Q_j\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}$$

(8)

$$\sum _{w\in V}{f}_j(w,e)=Q_j\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}$$

(9)

$$f_j(u,v)\in Z \forall (u,v)\in A_j, \mathrm{where} \mathrm{is} \mathrm{the} \mathrm{set} \mathrm{of} \mathrm{nonnegative} \mathrm{integers}$$

(10)

Consider a perturbation vector $\delta$ and $\Delta (m)$ = ($m$, $\delta$, $\omega$) due to resource failures. Let $\mathit{J}(\Delta (m))$ denote the set of task types influenced by resource failures $\delta$. We propose Algorithm 3 to iteratively check the robustness of $G=GJ\Vert GR$ with respect to $\delta$ and $\Delta (m)$. The algorithm first applies the Procedure I to compute residual capacity ${\tilde{C}}_{rt}$, construct $RST{N}_j(V_j,A_j)$ according to $ST{N}_j(V_j,A_j)$, $f_{j2}$, $\Pi$, $\theta$, $\Delta (m)$ and set the capacity constraints of the FPRSTN based on $RST{N}_j(V_j,A_j)$ according to the residual capacity ${\tilde{C}}_{rt}$. Finally, it finds the solution $f_{j2}^{\prime }$ for the FPRSTN for $RST{N}_j(V_j,A_j)$. If the solution $f_{j2}^{\prime }$ found for each $j\in \mathit{J}$ satisfies the condition of Property 1, the $Robustness\_Indicator$ will be set to “true” to indicate the solution is robust with respect to resource failures $\delta$ and $\Delta (m)$.

Algorithm 3: Check Robustness with respect to Uncertainty $\Delta (m)$

Input: $ST{N}_j(V,A)$, $f_j$, $j\in \mathit{J}$, $\Pi$, $\theta$, $\delta$, $\Delta (m)$ = ($m$, $\delta$, $\omega$). Output: $Robustness\_Indicator$, $f_{j2}^{\prime }$ Step 1: Find $\mathit{J}(\Delta (m))$ Step 2: Apply Procedure I to compute residual capacity ${\tilde{C}}_{rt}$ for $r\in \mathit{R} \forall t\in \{1,2,\dots ,\Pi \}$ and $Q_j^{\delta }$    for each $j\in \mathit{J}$ Step 3: While $\mathit{J}(\Delta (m))\ne \Phi$      Select $j=j_k\in \mathit{J}(\Delta (m))$      Construct $RST{N}_j(V_j,A_j)$ according to $ST{N}_j(V_j,A_j)$ and ${\tilde{C}}_{rt}$      Set the capacity constraints of the FPRSTN defined by $RST{N}_j(V_j,A_j)$       according to the residual capacity ${\tilde{C}}_{rt}$      Find the solution $f_{j2}^{\prime }$ for the FPRSTN defined by $RST{N}_j(V_j,A_j)$ with residual       capacity constraint ${\tilde{C}}_{rt}$      Update $f^{\prime }$ based on $f_{j2}^{\prime }$      Update residual capacity ${\tilde{C}}_{rt}$ by deducting the capacity assigned to       $f_{j2}^{\prime }$ from ${\tilde{C}}_{rt}$:${\tilde{C}}_{rt}\leftarrow$${\tilde{C}}_{rt}-{\displaystyle \sum _{(u,w)\in A_{jrt}}}{f}_{j2}^{\prime }(u,w)$      If the solution $f_{j2}^{\prime }$ satisfies the condition of Property 1       Set $Robustness\_Indicato{r}_j$ = true      Else       Set $Robustness\_Indicato{r}_j$ = false      End If       $\mathit{J}(\Delta (m))\leftarrow \mathit{J}(\Delta (m))\backslash \{j\}$     End While     $Robustness\_Indicator\leftarrow true$     For $j\in \mathit{J}(\Delta (m)$      $Robustness\_Indicator\leftarrow Robustness\_Indicator\wedge Robustness\_Indicato{r}_j$     End For     Return $Robustness\_Indicator$

Property 3.

If the $Robustness\_Indicator$ is “true” by applying the Algorithm 3 to Check Robustness of $G=GJ\Vert GR$ with respect to $\Delta (m)$, $G=GJ\Vert GR$ is robust with respect to $\Delta (m)$.

Proof of Property 3

Please refer to Appendix B.

Computational complexity of the Algorithm 3 to check robustness is analyzed as follows. Note that the Algorithm 3 to check robustness invokes the construction of $RST{N}_j(V_j,A_j)$ based on the nominal solution and $ST{N}_j(V_j,A_j)$ for each $j\in \mathit{J}(\Delta (m))$. To construct $RST{N}_j(V_j,A_j)$, Procedure I to is called to compute the residual capacity ${\tilde{C}}_{rt}=C_{rt}-{\displaystyle \sum _{j\in \mathit{J}}}{\displaystyle \sum _{a=(u,w)\in A_{jrt}}}{f}_{j1}(u,w)-C_{rt}^{\delta }$ for $r\in \mathit{R}, t\in \{1,2,\dots ,\Pi \}$.

As the number of arcs in the set $A_{jrt}$ is no greater than $R\Pi$, the number of arithmetic operations involved is bounded by $JR\Pi$ for each $r\in \mathit{R}, t\in \{1,2,\dots ,\Pi \}$. Therefore, the overall computational complexity to compute the residual capacity is bounded by $J{R}^2{\Pi }^2$. Therefore, the overall computational complexity to compute the residual capacity is $O(J{R}^2{\Pi }^2)$.

Note that the number of nodes constructed in the spatial-temporal network $ST{N}_j(V_j,A_j)$ for type $j$ task, where $j\in \mathit{J}$ is $N_j\Pi +2$. The number of arcs constructed in the spatial-temporal network $ST{N}_j(V_j,A_j)$ for type $j$ task, where $j\in \mathit{J}$, is bounded by $2N_j(\Pi -1)+2+\Pi$. Therefore, the complexity to construct $ST{N}_j(V_j,A_j)$ and the number of nodes in $ST{N}_j(V_j,A_j)$ is bounded by $O(N_j\Pi )$. As the structure of $RST{N}_j(V_j,A_j)$ is the same as $ST{N}_j(V_j,A_j)$, the complexity to construct $RST{N}_j(V_j,A_j)$ and the number of nodes in $RST{N}_j(V_j,A_j)$ is bounded by $O(N_j\Pi )$. The problem to find the solution $f_{j2}^{\prime }$ for the FPRSTN (feasibility problem of residual spatial-temporal network) defined by $RST{N}_j(V_j,A_j)$ with residual capacity constraint ${\tilde{C}}_{rt}$ is a minimal cost flow problem with additional constraints. Therefore, a lower bound of the computational complexity to find the solution $f_{j2}^{\prime }$ for the FPRSTN defined by $RST{N}_j(V_j,A_j)$ with residual capacity constraint ${\tilde{C}}_{rt}$ is $O(N_j^2{\Pi }^2{Q}_j^{\delta })$. Therefore, a lower bound on the computational complexity of the algorithm to construct $RST{N}_j(V_j,A_j)$ and find a solution is $O(J{R}^2{\Pi }^2+N_j^2{\Pi }^2{Q}_j^{\delta })$. As $\left|\mathit{J}(\Delta (m))\right|=I$ is no greater than $J$, a lower bound on the computational complexity of the Algorithm 3 to Check Robustness is $O(J^2{R}^2{\Pi }^2+J{N}_j^2{\Pi }^2{Q}_j^{\delta })$, which is of polynomial complexity. Although the above analysis only provides a lower bound on the computational complexity of the algorithm, we will show that the numerical results indicate that computational time grows polynominally, which is consistent with above lower bound on the computational complexity analyzed above.

6. Results

In this section, we illustrate the proposed method by examples and present the results to illustrate computational feasibility of the proposed method. We first illustrate the results obtained by applying the proposed method to two examples that represent two application scenarios. In Example 1, a scenario in which resource failures influence only one type of product is considered. The patterns of resource failures in the scenario of Example 2 influence two types of products. We illustrate how the proposed method works to check the robustness of CPS with respect to resource failures. Following Example 1 and Example 2, we will present the results to study computational feasibility of the proposed method.

Example 1.

Consider a CPS that can produce two types of products. The production processes of the two types of products and the resources are modeled by task subnets, $G{J}_1$ and $G{J}_2$ in Figure 1 and the resource models in Figure 2, respectively. The CPS model is shown in Figure 3. The models can be download from the following link: https://drive.google.com/drive/folders/1rBiYKMoMDJOU1ktvjDGlz_nm1fFXOwdY?usp=sharing (accessed on 15 May 2021).

Suppose an order which requires three type-1 products and deadline AM 9:20 has arrived. A time horizon starting from AM 8:00 is considered to handle the order. The time horizon is divided into time periods and duration of each period is ten minutes. For this example, the order deadline AM 9:20 is presented by $\theta$ = 8 and we set $\Pi$ = 10 in our problem formulation. The data of the order described based on the above parameters is summarized in

Table 2. Order Data.

Type of Product	Demands (Quantity)	Deadline
1	3	8

. As the order only requires type-1 products, only the operations with associated transitions in the type-1 task subnet and the associated processing time of the resources are shown in

Table 3. Data for Operations, Transitions and Resources involved in Type-1 Tasks.

Resource Type	Capacity	Operation	Transitions	Processing Time
1	1	1	$t_1$, $t_2$	1
2	1	2	$t_3$, $t_4$	2

.

By applying Algorithm 2 to check feasibility of nominal CPS, we obtain a nominal solution as follows: $f_{1,12}=1$, $f_{4,15}=1$, $f_{5,16}=1$, $f_{12,24}=1$, $f_{15,27}=1$ and $f_{16,28}=1$. To present the solution clearly, the above solution is shown in a spatial-temporal network in Figure 5. In Figure 5, the flows influenced by the resource failure are represented by a red path. Obviously, the above solution can meet the deadline of the order.

In the process of producing products, resource may fail unexpectedly. Suppose a resource failed during the period from 8:00 a.m. Suppose the failure is expected to be recovered by 8:20 a.m. The resource failure information is shown in

Table 4. Information of a Resource Failure.

Resource Type	No. of Resources Failed	Operation	Start Period	End Period
1	1	1	1	2

. As there are 16 places in the CPS model, for this example, we represent the resource failure by the perturbation vector $\delta$ = [0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0] and discrete time failure interval ${\omega }_{21}$ = $[{\alpha }_{21} {\beta }_{21}]$ = [1 2]. To assess the influence of the resource failure, a residual spatial-temporal network is constructed based on $\Delta (m)$= ($m$, $\delta$, $\omega$). A solution is found by solving the FPRSTN defined by $RST{N}_1(V_1,A_1)$ with ${\Delta }_1(m)$ = ($m$, $\delta$, $\omega$).

As only one type of product involved in the nominal solution, only type-1 products will be influenced. Therefore, $\mathit{J}(\Delta (m))=\left\{1\right\}$ in Algorithm 3. By solving the FPRSTN defined by $RST{N}_j(V_j,A_j)$ with residual capacity constraint for $j=1$, a solution is obtained as follows: $f_{3,14}=1$, $f_{14,26}=1$ and $f_{26,1}=1$. This solution satisfies the condition of Property 3. The above solution can meet the deadline as the condition of Property 1 holds. Figure 6a shows the above solution represented in $RST{N}_1(V_1,A_1)$. The solution displayed in Figure 6a is obtained by rerouting the flows in the red path of Figure 5. Figure 6b shows the overall solution obtained by combining the solution in Figure 6a (rerouted workflows) with the flows not influenced by resource failures. It indicates that the solution can meet the deadline as the flows of each arc after the deadline is zero.

Example 2.

Please refer to Appendix C for the details.

To illustrate the computational feasibility of the proposed method, we conduct relevant experiments. These experiments were running on a computer with an Intel CoreTM i7-4720 HQ CPU, 2.6 G Hz, and 16 GB of RAM. Two types of experiments have been performed. The first type of experiments aims to study the influence of number of tasks that need to be rerouted due to resource failures on the computation time. The second type of experiment focuses on the scalability of the proposed method with respect to the number of transitions in a task subnet.

For the first type of experiment, we increase the number of tasks influenced, $Q_j^{\delta }$, due to resource failures to study how the computational time grows with the number of tasks influenced. The number of tasks influenced due to resource failures is changed from 1 to 150. In this type of experiment, the number of operations in the task subnet is fixed at 10. Therefore, the number of transitions in the first type of experiments is 20. The time horizon, $\Pi$, is set to 722 in this type of experiment. The results are shown in Figure 7a. This indicates that the growth of computational time with respect to number of tasks influenced due to resource failures is polynomial.

For the second type of experiment, to study the scalability of the proposed algorithm, we conduct experiments by varying the number of transitions in the processes from 8 to 40. The time horizon, $\Pi$, is set to 722 in this type of experiment. The results are shown in Figure 7a. This indicates that the growth of computational time with respect to number of transitions in the task subnet is polynomial.

7. Discussion

Although CPS provides a paradigm to manage, monitor and control manufacturing resources in enterprises based on the real-time information from the IoT and ICT infrastructure, an effective scheme to deal with unexpected events must be developed to enhance robustness of CPS. Robust design of CPS becomes an important issue to achieve stable and secure CPS. It has attracted a lot of attention in the CPS research community. A comprehensive survey of the concept and strategies for robust design of CPS can be found in [5]. Although many studies have addressed the robustness issues on stability, security and systematicness in the context of CPS, robustness of CPS with respect to resource failures is less explored in the literature. This study aims to bridge this gap through development of a methodology to model and analyze robustness of CPS with respect to resource failures.

CPS relies on an effective scheme to deal with changes in processes, resources and implementation technology. Model driven approach (MDA) provides a method to accommodate these changes [11]. MDA is an approach for developing software systems based on specifications described as models. This MDA approach is supported by the Unified Modeling Language™ [41]. Although UML is the standard for specification of software systems, it is weak in analyzing production processes with shared resources, concurrent, synchronous and asynchronous operations in CPS. Petri nets provides the capabilities to model and analyze CPS. In [8], a class of Petri nets called DTPN is proposed to model CPS. In addition, due to the lack of an efficient method to analyze DTPN, an analysis method is proposed based on transformation of the DTPN model to a network model to analyze temporal property of the DTPN model. However, the problem in [8] considers order requirements with a single type of product demand and the issue to deal with resource failures is not addressed in [8]. In terms of modeling tools and analysis methods, despite the DTPN model for CPS being proposed previously, there still lacks an analysis method to model and analyze the impact of resource failures on the performance of CPS. Although the development of this paper is based on the preliminary results in [15] to analyze the influence of resource failures on CPS, the content presented in this paper is different from [15], in that it includes the rigorous proof of robustness properties of CPS, computational complexity analysis and verification of complexity analysis results by experiments, which are not covered in [15]. In addition, the problem studied in this paper considers order requirements with multiple types of product demands whereas the problem in [8] considers order requirements with a single type of product demand.

In Petri net literature, there are two ways to describe time regarding transition firing. Timed Petri nets specify a duration to represent firing time for a transition [27]. Time Petri nets describe a time interval for firing transition [42]. From the perspective of theoretical development, the timed Petri net model considered in this study is different from [43,44] in that the DTPN model used in this study specifies transition firing time delay whereas the time Petri net model used in [43] specifies time intervals for transition firing. The transition firing time delay in DTPN is discrete, which makes it possible to analyze the robustness property of the system with RSTN. In [42], Akshay et al. defined a model to be robust if the set of discrete behaviors is preserved under arbitrarily small perturbations in the firing intervals of transitions. Akshay et al. showed that TPNs are not robust in general and that the problem to check robustness with respect to boundedness and safety properties is undecidable. In [45], robustness is defined as a property to measure the allowed variability of the timing delays in their neighborhood. The model used in [45] is also TPN which specifies time intervals for transition firing. The robustness property studied in this paper is not robustness with respect to firing time variation. Instead, we study the robustness with respect to perturbation in markings, which corresponds to changes in the number of resources in the system. Therefore, the study in this paper is different from the papers mentioned above.

In this study, we focus on the development of an algorithm to analyze the impact of resource failures on the operations and temporal properties of CPS, based on transformation of the DTPN model of CPS into relevant spatial-temporal network models. We illustrate the proposed algorithm by applying it to two application scenarios. In the first scenario, only one type of production process is influenced by the resource failure. The results indicate that the influenced workflows are rerouted properly to reflect the unavailability of the failed resource. In the second scenario, two types of production processes are influenced due to the resource failure. The results also show that the influenced workflows of the two production processes are rerouted properly to reflect the unavailability of the failed resource. In addition to the two application scenarios above, we also perform experiments to study how the computational time grows with respect to number of tasks influenced due to resource failures and how the computational time grows with respect to number of transitions in the processes. The results of the computational time experiments indicate that the proposed is computationally feasible and is consistent with the characteristics of the lower bound on the polynomial complexity obtained in our analysis. This study provides a foundation for the analysis of temporal properties in CPS.

Complexity analysis provides a formal and widely accepted way to assess the computationally feasibility of different algorithms in the literature. We also follow this approach in this paper to compare our approach with classical reachability analysis methods. Classical reachability analysis methods suffer from the exponential state explosion problem even for untimed Petri nets. In the literature, complexity of the reachability problem of untimed Petri nets is exponential space and time although it is decidable [46,47]. For timed Petri nets, the complexity is higher than untimed Petri nets due to consideration of time factor. The complexity of classical reachability analysis methods for timed Petri nets also suffers from the state explosion problem. For the STN based approach proposed in this paper, the lower bound of the computational complexity is polynomial with respect to problem size parameters. Our experimental results are consistent with this lower bound. The proposed STN based approach has advantage over classical reachability analysis methods in terms of computational feasibility to deal with real problems. This advantage is due to the polynomial growth of the STN structure with respect to problem size parameters, compact representation of solutions and an effective way to search for solutions in STN.

In this paper, we limit our scope and aim to study the robustness of CPS for manufacturing systems. Depending on the domains in which CPS are applied, the challenges vary. Therefore, robustness of CPS need to be defined and studied in the context of a specific problem domain. Although the scope of this paper is target at robustness of CPS for manufacturing systems, it is promising to extend the proposed method to apply to other temporal analysis problems in CPS for manufacturing systems modelled with timed Petri nets. In addition to the issue to analyze the impact of resource failures addressed in this study, the widespread adoption of CPS raises other challenging research issues. Safety of CPS is another important issue that has attracted researchers’ attention. For example, the study [48] focuses on the safety property in which multiple CPS collaborate. Many safety properties are relevant to temporal analysis. An interesting issue to be studied is the feasibility of applying the proposed method to analyze the safety property of CPS.

8. Conclusions

With the maturity and adoption of the IoT and ICT infrastructure in CPS, availability of the real-time information from the shop floor enhances visibility of production status for manufacturers. The real-time information provided by the IoT and ICT infrastructure enables the development of an effective strategy to deal with undesirable events in CPS, such as resource failures. Resource failures may take place unexpectedly and have negative effects on the operations of CPS. Assessing the impact of resource failures on CPS is an important issue. Development of a systematic method to support analysis of the impact of resource failures on CPS is needed. This paper aims to propose a method to evaluate the effects of resource failures on operations and temporal properties of CPS by constructing residual spatial-temporal networks obtained based on transformation of a class of discrete timed Petri net models for CPS and the system state information. To evaluate the impact due to resource failures, we formulate a problem based on the residual spatial-temporal networks to check whether the order deadline is feasible after resource failures to efficiently assess the system. The proposed method is illustrated by examples. To assess practicality of the proposed method in terms of computational feasibility, we analyzed the computational complexity of the proposed algorithm and conducted experiments to study the growth of computational time required with respect to the number of tasks influenced due to resource failures and number of transitions in the processes. The analysis indicates that the lower bound on the complexity of the algorithm is polynomial with respect to problem size parameters. The numerical results of the experiments also indicate that the CPU time grows polynomially with respect to the number of tasks influenced due to resource failures and number of transitions in the processes. The numerical results are consistent with the complexity analysis and indicate that the proposed method can be applied to solve real problems. Formal models such as timed Petri nets have been widely accepted as tools for the specifying, modelling and simulation of systems. However, analysis methods of timed Petri nets are still limited. The method proposed in this paper attempts to analyze the temporal property of timed Petri nets based on transformation of the reachability problem into a problem relevant to the scheduling problem in the literature. Such transformation is nontrivial and provides an alternative approach to the analysis of timed Petri nets. One future research direction is to extend the proposed method to other types of processes. Although this study focuses on robustness of temporal property of CPS with respect to resource failures, this is not the only robustness research issue. There are other robustness issues of CPS due to the variety of uncertainties in the real world. These uncertainties include delay of raw materials/parts, unforeseen loss of manpower, arrival/cancellation of orders and variation of processing time of operations. Robustness of CPS can be studied for each type of uncertainty. In summary, there are a lot of promising future research directions relevant to robustness of CPS.