3.1. Partially Observable DESs
Consider a discrete event system (DES) in the form of a generator
of a formal language [
4]. Here,
Q is the set of states
q;
the set of events;
:
the transition function;
the initial state;
the set of marked states. Let
be a language generated by
G, and
be a language marked by
G. The Ramadge–Wonham supervisory control framework assumes the existence of a means of control
G presented by a
supervisor [
4]. Let
be a controllable event set,
,
. The supervisor switches control patterns so that the supervised discrete event systems achieve a control objective described by some regular language
K.
Let G be partially observable, i.e., a set of observable events is distinguished from all events, , . The observation function is usually defined as the natural projection , which erases unobservable events for if and if . The supervisor only observes events from and, based on this information, disables events in . Denote a language generated by the closed-looped behavior of the plant and the supervisor. In this paper, for simplicity of presentation, the marked language and related problems, such as the construction of nonblocking supervisory control, are not considered.
Supervisory control and observation problem (SCOP). Given a plant G over an alphabet , a language , a language , and sets , , construct a supervisor J for G such that .
The less complex problem consists in finding such control patterns that the language marked by the supervisor is equal to some desired language. Thus, the special case of SCOP is constructing such a supervisor that where K is called a specification language. We refer to this problem as basic SCOP (BSCOP). The notions of controllable and observable languages are essential in solving this problem. Let be a set of all strings that are prefixes of words of L, i.e., .
Definition 5. A language K is called controllable (with respect to and ) if . Here, is a shortened expression denoting concatenations of all the strings from with any of the symbols from the set .
Definition 6. The K is observable (with respect to and P) if .
If observability holds true, this means that no event should be enabled and disabled simultaneously to satisfy specification K. The opposite situation is called a conflict.
Supervisor existence criterion for BSCOP sounds as follows: given , there exists a supervisor J such that iff K is controllable and observable with respect to and P.
The PCF-based procedure for checking controllability was suggested in [
26]. It also allows one to construct supremal controllable sublanguage of uncontrollable specification such that it may be chosen as a new specification and be ensured by a proper supervisor. In the rest of the paper, we show how PCFs allow testing regular language for observability and implementing supervisory control.
3.2. Checking Observability via PCFs
There are several algorithms exist to check if the regular language
K is observable. Among them is the algorithm from [
1] that is polynomial with respect to the size of the automata generating
K. The main idea of the algorithm is constructing an automaton for tracking two words
,
of
which have the same projection
but such that
while
. Strings
and
are then called conflicting because they demand different control actions from the supervisor. Let the regular language
K be recognized by the finite-state automaton
H. The algorithm from [
1] suggests to consider two copies of the automaton
H and one copy of the automaton
G and to design an automaton
T with the states of the form
, where
,
,
, and the single state
. The existence of the state
denotes the unobservability of
K, because in this case, there exist a set of strings
,
, and some event
such that
and
,
,
, while
, i.e., the observability condition is violated.
We prove that the above algorithm may be realized with the help of ATP in the PCF calculus. For this, some preliminary procedures are required, in particular, we determine what transitions are defined in each state of automata involved, namely
G and
H, using logical inference only. The following list of predicates will be exploited in this procedure: a predicate
that corresponds to all states of the automaton
X, a predicate
that defines all events of the automaton
X, and terms
that determine transitions from the state
of automaton
X to the state
labeled with an event
. Let the term
mean that there is a transition from the state
of the automaton
X labeled by the event
. Let
mean the opposite, i.e., that there is no such transition. For an automaton
X, consider the PCF
(
1) with the base
,
,
:
During the inference search for , the following strategy is used: First, all possible answers to the first question are being searched for, thus atoms are added into the base. Then, answers to the second question add proper atoms into the base while removing respective atoms . The inference of PCF for any finite automaton X ends due to exhaustion of answering substitutions since the sets used for searching for substitutions are finite.
The operator ∗, used for the deletion of the redundant atoms added by the first question, demonstrates the essential feature of the calculus of PCFs, namely, the possibility of nonmonotonic inference. In particular, after applying the inference rule , the atoms that participated in the matching search with the atoms marked with * in question should be removed from the base. In general, the operator * affects the property of completeness of the PCF calculus, but for the problem considered in this paper, the inference using * is always complete.
Denote by the base obtained as a result of the inference search of . Let , , , , }, where determines the initial state of automaton X, atoms , , and define controllable and observable events. The predicate will be used to construct states of the automaton , while the predicate will construct transitions of , and is equal to the phrase “there is a transition labeled ,, from the state to the state of the automaton ”.
To test observability, we employ a PCF
(
2) that constructs the testing automaton
. The questions of
are listed as formulas
below.
Proposition 1. Given a partially observable DES G and a regular language K recognized by a finite-state automaton H, let in the PCF (2) , , , , }. Then, the inference of always terminates, and the language K is unobservable if and only if the resulting base contains an atom . Proof. To prove the proposition, we consider each question of the PCF to show that violation of observability leads to the appearance of the atom in the base of . The question adds into the base an atom that serves as a starting point for the inference since no question except the last one may be answered without finding in the base a proper substitution for the term .
Questions
are aimed at constructing states and transitions of the automaton
, wherein
is responsible for processing observable events, while
and
are responsible for processing unobservable events occurrences.
is constructed in such a way as to ensure
and
, thus implementing the main idea of the rules for constructing
from [
1]. Each state of the desired automaton
has the form
, where the first two components of the triple are some states of automaton
H, and
q is the state of automaton
G, i.e.,
,
,
. Thus, we consider a set of strings
,
corresponding to transitions between these states. An observable event
allows answering to the question
that results in adding into the base
a transition of
labeled by a triple
. If event
is unobservable, then two transitions are constructed: The first one is determined by the question
, labeled by a triple
to ensure
,
,
. The second transition is constructed by the question
, which is labeled by a triple
to ensure
,
.
The question checks if a controllable event e violates the observability condition at the current state of achieved by a set of strings , . Indeed, let there be a substitution , , , such that atoms , , , , become simultaneously. This means that for , , and for the event e, we have , , while . By construction of , , and , and such a combination means a violation of observability. Given such a substitution, the answer to the question adds the atom into the base. It contains the information about the state and event where the observation conditions are violated. The question cannot be answered if observability is not violated by some controllable event e.
The question is the goal question an answer to which terminates the inference search. It may be answered only if the base contains the atom ; thus, if it has been answered, then the language K is unobservable.
The inference of the PCF is always finite since no functional symbols are used (only calculated ones), and all sets used for searching for substitutions are finite. The inference always ends with either a refutation of the base by answering the goal question , i.e., adding the atom into the base, or an exhaustion of options for searching of answering substitutions. □
Example 1. Consider a DES presented by the generator G in Figure 1 and specification language K generated by the automaton H in Figure 2. Let , . It may be noted that the strings and are those that cause the conflict in the system G. Indeed, the occurrence of event a leads to the situation when , but , which violates the observability condition. Table 1 illustrates the process of adding new atoms to the base that define the states and transitions of the automaton serving for observability check. As one can see, the minimum inference for PCF with the base corresponding to the automata in Figure 1 and Figure 2 consists of four steps. Since inference is random in nature, its length may vary. The choice of questions and answers occurs according to the chosen strategy (see Section 6), but whether the strategy will lead to the contradiction in a short or long way is unknown a priori. Table 1 shows the inference constructed by the prover Bootfrost, consisting of eight steps. The entire automaton and all possible conflicts can be constructed by removing the goal question from PCF . Figure 3 shows a part of automaton constructed by the inference presented in Table 1.