arxiv: v1 [eess.sy] 2 Aug 2021

N -Step Nonblocking Supervisory Control of Discrete-Event

Systems

Renyuan Zhang1_{, Zenghui Wang}1 _{and Kai Cai}2

Abstract

In this paper, we propose a new automaton property of N -step nonblockingness for a given pos-itive integer N . This property quantifies the standard nonblocking property by capturing the practical requirement that all tasks be completed within a bounded number of steps. Accordingly, we formulate a new N -step nonblocking supervisory control problem, and characterize its solvability in terms of a new concept of N -step language completability. It is proved that there exists a unique supremal N -step completable sublanguage of a given language, and we develop a generator-based algorithm to compute the supremal sublanguage. Finally, together with the supremal controllable sublanguage, we design an algorithm to compute a maximally permissive supervisory control solution to the new N -step nonblocking supervisory control problem.

I. INTRODUCTION

In standard supervisory control of discrete-event systems (DES) [1–5], systems are modeled by finite-state automata and marker finite-states are used to represent ‘desired finite-states’. A desired finite-state can be a goal location, a start configuration, or task completion. Besides enforcing all imposed control specifications, a nonblocking supervisor ensures that every system trajectory can reach a marker state (in a finite number of steps). As a result, the system under supervision may always reach a goal, return home (start configuration), or complete a task.

While the nonblocking property is important, it only qualitatively guarantees finite reachability of marker states. There is no given bound on the number of steps for reaching marker states, so it can take an arbitrarily large (though finite) number of steps before a marker state is reached. Consequently, this

*This work was supported in part by the Natural Science Foundation of Shaanxi Province, China, Grant no. 2021JM-072, the Postdoctoral Science Foundation of China, Grant no. 2019M663819, the Key R & D Programs in Shaanxi Province, China, Grant no. 2018YBXM-G-3-3.

1_{R. Zhang and Z. Wang are with the School of Automation, Northwestern Polytechnical University, Xi’an, China}

([email protected]).

2_{K. Cai is with the Department of Electrical and Information Engineering, Osaka City University, Osaka, Japan}

([email protected]).

qualitative nonblocking property might not be sufficient for many practical purposes, especially when there are prescribed bounds for reaching desired states. For example, a rescue vehicle is required not only to reach a goal location but to do so within a given time; a warehouse AGV is expected not only to return to a self-charging area but to do so periodically with a predetermined period; and a production machine is required not only to complete a task (e.g. processing a workpiece) but also to do so within a prescribed time. In Section II below, we will present a more detailed motivation example.

In this paper, we propose a quantitative nonblocking property to capture the practical requirement that marker states be reached within a prescribed number of steps. Roughly speaking, we measure the ‘maximal distance’ between the set of non-marker states and the set of marker states, and this is done by counting the number of events in every string leading a non-marker state to a marker state. More specifically, let N be a finite positive integer which denotes the required number of steps to reach a marker state; then we define an N -step nonblocking automaton if from every reachable state of this automaton, all the strings that lead the state to a marker state have lengths smaller or equal to N . That is, in the worst case, every reachable state can reach a marker state in no more than N steps.

Moreover, we formulate a new N -step nonblocking supervisory control problem by requiring a super-visory control solution to be implementable by an N -step nonblocking automaton. To solve this problem, we present a new necessary and sufficient condition by identifying a language property called N -step completable. The latter roughly means that in the worst case, every string in the closure of a language can be extended to a string in the language in no more than N steps. Further we show that this N -step language completability is closed under arbitrary set unions, and together with language controllability which is also closed under unions, a maximally permissive solution exists for the newly formulated N -step nonblocking supervisory control problem. Finally we design effective algorithms for the computation of such an optimal solution.

To our best knowledge, the concept of N -step nonblocking automaton, N -step completable language, and N -step nonblocking supervisory control problem are new in the literature. Previous work on weighted automata (e.g. [6, 7]), extended automata (e.g. [8, 9]), timed automata/DES (e.g. [10, 11]), and ω-automata (e.g. [12, 13]) also considers quantification of various properties of automata; the quantification approaches are by means of introducing new features into the basic finite-state automata. In contrast, we work with the basic automata, and focus on the basic nonblocking property with a different purpose from [6–13]. In addition, N -step opacity [14, 15], diagnosability [16], and detectability [17, 18] are also studied in the literature; again, these work and ours are concerned with distinct properties and problems.

The contributions of this paper are as follows.

This property quantifies the standard nonblocking property by capturing the practical requirement that all tasks be completed within the bounded N steps.

• Second, we formulate a new N -step nonblocking supervisory control problem, and characterize its solvability by a new N -step language completability in addition to language controllability. This problem and its solvability condition are again generalizations of the standard supervisory control problem and solvability condition.

• Third, we prove that the language property of N -step completability is closed under arbitrary set unions, and develop a generator-based algorithm to compute the supremal N -step completable sublanguage.

• Fourth, we present a fixpoint algorithm to compute the supremal controllable and N -step com-pletable sublanguage of a given (specification) language, which synthesizes an optimal (maximally permissive) supervisory control solution for the N -step nonblocking supervisory control problem. The rest of this paper is organized as follows. Section II reviews the nonblocking supervisory control theory of DES and presents a motivating example for this work. Section III introduces the new concept of N -step nonblocking automata, and formulates the N -step nonblocking supervisory control problem (N -NSCP). Section IV presents a necessary and sufficient condition for the solvability of N -NSCP in terms of a new concept of N -step language completability, and develops an algorithm to compute the supremal N -step completable sublanguage. Section V presents a solution to the N -step nonblocking supervisory control problem. Finally Section VI states our conclusions.

II. PRELIMINARIES ANDMOTIVATINGEXAMPLE

A. Nonblocking Supervisory Control of DES A DES plant is modeled by a generator [3]

G = (Q, Σ, δ, q0, Qm) (1)

where Q is the finite state set; q0 ∈ Q is the initial state; Qm ⊆ Q is the subset of marker states; Σ is the finite event set; δ : Q × Σ → Q is the (partial) state transition function. Let Σ∗ be the set of all finite-length strings of events in Σ, including the empty string . In the usual way, δ is extended to δ : Q × Σ∗ → Q, and we write δ(q, s)! to mean that δ(q, s) is defined. The closed behavior of G is the language

and the marked behavior is

Lm(G) = {s ∈ L(G)|δ(q0, s) ∈ Qm} ⊆ L(G).

A string s1 is a prefix of a string s, written s1 ≤ s, if there exists s2 such that s1s2 = s. For a string s ∈ Σ∗, write ¯s := {s1∈ Σ∗| s1 ≤ s} for the set of all prefixes of s. Note that  and s are members of ¯

s. For a language K ⊆ Lm(G), the (prefix) closure of K is K := {s1 ∈ Σ∗|(∃s ∈ K) s1 ≤ s}. We say that K is closed if K = K.

For a generator G as in (1), a state q ∈ Q is reachable if there is a string s ∈ L(G) such that q = δ(q0, s); state q ∈ Q is coreachable if there is a string s ∈ Σ∗ such that δ(q, s)! and δ(q, s) ∈ Qm. We say that G is nonblocking if every reachable state in G is coreachable. In fact G is nonblocking if and only if Lm(G) = L(G) [3].

For the control purpose, the event set Σ is partitioned into Σc (the subset of controllable events) and Σuc (the subset of uncontrollable events), i.e. Σ = Σc∪Σ˙ uc. A supervisory control for G is any map V : L(G) → Γ, where Γ := {γ ⊆ Σ | γ ⊇ Σuc}. Then the closed-loop system is denoted by V /G, with closed behavior L(V /G) defined as follows:

(i)  ∈ L(V /G);

(ii) s ∈ L(V /G) & σ ∈ V (s) & sσ ∈ L(G) ⇒

sσ ∈ L(V /G); (iii) no other strings belong to L(V /G).

On the other hand, for any sublanguage K ⊆ Lm(G), the closed-loop system’s marked behavior Lm(V /G) is given by1

Lm(V /G) := K ∩ L(V /G).

The closed behavior L(V /G) represents the strings generated by the plant G under the control of V , while the marked behavior Lm(V /G) represents the strings that have some special significance, for instance representing ‘task completion’. We say that V is nonblocking if

Lm(V /G) = L(V /G). (2)

A language K ⊆ Lm(G) is controllable (w.r.t. G and Σuc) if KΣuc∩ L(G) ⊆ K. The following is

1_{With this definition of L}

2 3 1 4 5 12 14 11 13 24 15 17 25 26 16 19 21 27 23 G 2 3 1 4 5 12 14 11 13 24 26 16 19 21 27 23 SUP 0 0

Fig. 1. Transition graphs of G and SUP

a central result of nonblocking supervisory control theory [1–3].

Theorem 1: Let K ⊆ Lm(G), K 6= ∅. There exists a nonblocking (marking) supervisory control V (for (K, G)) such that Lm(V /G) = K if and only if K is controllable. Moreover, if such a nonblocking supervisory control V exists, then it may be implemented by a nonblocking generator S, i.e. Lm(S) =

Lm(V /G). 

Further, the property of language controllability is closed under set union. Hence for any language K ⊆ Lm(G) (whether or not controllable), the set C(K) = {K0 ⊆ K | K0Σuc∩ L(G) ⊆ K0} contains a unique supremal element denoted by sup C(K) [2, 3]. Whenever sup C(K) is nonempty, by Theorem 1 there exists a nonblocking supervisory control Vsup that satisfies Lm(Vsup/G) = sup C(K) and may be implemented by a nonblocking generator SUP with Lm(SUP) = Lm(Vsup/G).

B. Motivating Example

Nonblockingness of supervisory control V describes a general requirement that every string generated by the closed-loop system V /G can be completed to a marked string in finite but indefinite steps. However, in many real-world applications, it is often required that a task be completed in a prescribed, bounded number of steps. As an illustration, we present the following example.

We model the movement of the autonomous vehicle by a generator G with transition graph displayed on the left of Fig. 1. State 1 (important customer) is chosen to be the sole marker state. For simplicity, all events (i.e. movement of the vehicle) are assumed to be controllable.

Suppose that due to road maintenance, the (directed) route zone 0 → zone 5 → zone 4 → zone 3

is not usable. This constraint is imposed as a specification. To satisfy this specification, a nonblocking supervisory control can be synthesized [2, 3], and implemented by a nonblocking generator SUP as displayed on the right of Fig. 1. This SUP disables event 25 at state 0, event 15 at state 5, and event 17 at state 4. Moreover, since SUP is nonblocking, every non-marker state can reach the marker state 1 in a finite number of steps.

Now consider a further requirement that the important customer at zone 1 need a timely service: every package addressed to this customer must be delivered by the vehicle to zone 1 within (say) 20 minutes, and whenever this customer calls for package collection, the vehicle must reach zone 1 within 20 minutes. To meet this requirement, it is no longer enough to just be able to reach zone 1 (namely the marker state 1) in a finite number of steps. Let us assume that the vehicle can move from one zone to the next zone in 10 minutes (finishing one state transition). Then the above requirement means that whichever zone the vehicle is in, it must reach state 1 in no longer than 2 steps (or transitions).

The nonblocking supervisor SUP in Fig. 1 fails to fulfill this requirement, because if the vehicle is at zone 4, it cannot move to zone 1 in 2 steps. Thus intuitively we need a new method that can quantify the number of steps from each non-marker state to the marker states, and design a supervisor to satisfy the quantitative requirement with respect to reaching marker states. This is the motivation for our study in this work.

III. N -STEPNONBLOCKINGSUPERVISORYCONTROLPROBLEM

We start by introducing a new concept that quantifies the nonblocking property of a generator. Let G = (Q, Σ, δ, q0, Qm) be a generator as in (1) and assume that G is nonblocking (i.e. every reachable state of G is also coreachable). Let q ∈ Q \ Qm be an arbitrary non-marker state. We define the set of strings that lead q to a marker state for the first time, namely

CG(q) := {s ∈ Σ∗|δ(q, s)! & δ(q, s) ∈ Qm &

(∀s0 ∈ s \ {s})δ(q, s0) /∈ Qm} (3)

2 1 12 14 11 13 K1 0 1 2 K2 0 3 12 14 24 11 13 23 2 3 4 5 12 14 11 13 26 16 19 21 23 K3 0 1

Fig. 2. Transition graphs of K1, K2 and K3

Let q ∈ Q be an arbitrary state and N a finite positive integer. We say that state q is N -step coreachable if

(i) q is coreachable; and (ii) (∀s ∈ CG(q)) |s| ≤ N.

Condition (i) holds under the assumption that G is nonblocking, and ensures that CG(q) in (3) is nonempty. Condition (ii) means that all strings that lead q to a marker state for the first time have length at most N . Intuitively, one may think of the ‘maximum distance’ between q and Qm is bounded by N . Thus if Qm represent task completion, condition (ii) means that in the worst case, it takes N steps from state q to complete tasks.

Now we introduce the new concept of quantitative nonblockingness of a generator.

Definition 1: Let G be a nonblocking generator and N a finite positive integer. We say that G is N -step nonblocking if every state q ∈ Q is N -step coreachable.

Next we quantify the nonblocking property of a supervisory control V . For this, we first introduce a new concept called N -step language completability.

arbitrary string s ∈ K \ K, define the set of strings that lead s to a member in K for the first time: PK(s) := {t ∈ Σ∗ |st ∈ K &

(∀t0∈ t \ {t})st0 ∈ K}./ (4)

If s ∈ K, we define PK(s) := {}. Thus this definition of PK(s) is the language counterpart of CG(q) for generator.

Definition 2: Let G be a nonblocking generator, K ⊆ Lm(G) a sublanguage, and N a finite positive integer. We say that K is N -step completable if

(∀s ∈ K) (∀t ∈ Σ∗) t ∈ PK(s) ⇒ |t| ≤ N.

If K is N -step completable, then every string s ∈ K may be extended to a member of K by strings of lengths at most N . We illustrate this definition by the following example.

Example 2: Consider the generator G in Example 1, and let K1, K2, K3 ⊆ Lm(G) be sublanguages as represented by generators K1, K2 and K3 respectively (displayed in Fig. 2).

It is easily verified that K1 is 1-step completable, because state 1 is the marker state. Non-marker state 0 (resp. state 2) may reach the marker state 1 by string 11 (resp. string 14) of length 1. However, K2 is not N -step completable for any finite positive integer N , because for every N , at state 2 there exists string t = (23.24)N.14 ∈ PK2(11) that does not satisfy |t| ≤ N . Finally, K3 is 5-step completable, because starting from any state (0, 2, 3, 4, or 5), the marker state 1 may be reached in at most 5 steps. With the above N -step language completability, we introduce the quantified nonblocking property of a supervisory control.

Definition 3: Let G be a nonblocking generator, K ⊆ Lm(G) a sublanguage, V : L(G) → Γ a (marking) supervisory control (for (K, G)), and N a finite positive integer. We say that V is N -step nonblocking if

(i) V is nonblocking; and

(ii) (∀s ∈ L(V /G))(∀t ∈ Σ∗) t ∈ PLm(V /G)(s) ⇒ |t| ≤ N.

Condition (i) means that Lm(V /G) = L(V /G), while condition (ii) means that Lm(V /G) is N -step completable.

Consider a DES plant modeled by a generator G = (Q, Σc∪Σ˙ uc, δ, q0, Qm), a specification language E ⊆ Σ∗, and a finite positive integerN ; let K := E ∩Lm(G). Construct a (marking) supervisory control V : L(G) → Γ (for (K, G)) satisfying the following properties:

• Safety. Marked behavior of the closed-loop system V /G satisfies the imposed specification E in the sense thatLm(V /G) ⊆ E ∩ Lm(G) = K.

• N -step nonblockingness. Supervisory control V is N -step nonblocking.

• Maximally permissiveness. Supervisory control V does not restrict more behavior than necessary to satisfy safety and N -step nonblockingness, i.e. for all other supervisory controls V0 it holds that Lm(V0/G) ⊆ Lm(V /G)

The N -NSCP is a generalization of the the traditional nonblocking supervisory control problem [1–3], in that the second requirement of N -nonblockingness is stronger than the traditional nonblockingness. This generalized problem cannot be solved in general by supervisors synthesized using the standard method; an example is SUP in Example 1. In the subsequent sections, we will develop new algorithms to design supervisors satisfying the new requirement of N -step nonblockingness and resolving the N -NSCP.

IV. SUPREMALN -STEPCOMPLETABLESUBLANGUAGE ANDITSCOMPUTATION

Towards solving the N -NSCP formulated in the preceding section, we first present a basic result which is a counterpart to Theorem 1.

Theorem 2: Let K ⊆ Lm(G) (K 6= ∅) and N be a finite positive integer. There exists an N -step nonblocking (marking) supervisory control V (for (K, G)) such that Lm(V /G) = K if and only if K is controllable and N -step completable. Moreover, if such an N -step nonblocking supervisory control V exists, then it may be implemented by an N -step nonblocking generator S, i.e. Lm(S) = Lm(V /G).

 Theorem 2 asserts that when the K-synthesizing supervisory control V is required to be N -step nonblocking, it is necessary and sufficient to require that K be not only controllable but also N -step completable. Such a V may be realized by a generator that is not only nonblocking but N --step nonblocking. This result extends the standard one of supervisory control theory (i.e. Theorem 1) [1–3].

the supremal element also exists. We provide a positive answer in the subsection below. Before we proceed, the following is a proof of Theorem 2.

Proof of Theorem 2.The first statement (i.e. the necessary and sufficient condition) is a direct result of Definitions 2, 3, and Theorem 1. For the second statement, let V be an N -step nonblocking supervisory control that synthesizes a controllable and N -step completable K, i.e. Lm(V /G) = K. From Theorem 1 we know that V may be implemented by a nonblocking generator S = (X, Σ, ξ, x0, Xm); that is Lm(S) = Lm(V /G) = K. Without loss of generality, consider that S does not contain non-reachable states; if there were non-reachable states, simply remove them and this does not change Lm(S). Let x ∈ X be an arbitrary (reachable) state; since S is nonblocking, x is also coreachable. The reachability of x means that there is a string s ∈ L(S) such that ξ(x0, s)! and ξ(x0, s) = x. It follows from L(S) = Lm(S) = K that s ∈ K. Since K is N -step completable, for every t ∈ PK(s) the length |t| satisfies |t| ≤ N . By the definition of PK(s), this implies that every string that leads state x to a marker state in Xm has length no more than N . Hence x is N -step coreachable. Finally by Definition 1, S is an N -step nonblocking generator. This completes the proof.

A. Supremal N-Step Completable Sublanguage

Let G be a nonblocking generator. First, we present the following proposition that N -step language completability is closed under arbitrary set unions.

Proposition 1: Let K1, K2 ⊆ Lm(G) and N be a positive integer. If both K1 and K2 are N -step completable, then K := K1∪ K2 is also N -step completable.

Proof: Let s ∈ K, t ∈ Σ∗, and suppose t ∈ PK(s). According to Definition 2, to show that K is N -step completable, we will show that |t| ≤ N .

Since K = K1∪ K2 = K1∪ K2, either s ∈ K1 or s ∈ K2. We consider the case s ∈ K1; the other case is similar. It follows from t ∈ PK(s) that st ∈ K and for every t0 ∈ ¯t\{t} it holds that st0 ∈ K. This/ implies that st0 ∈ K/ ₁ and st0 ∈ K/ ₂ for every t0 ∈ ¯t \ {t}; and either st ∈ K1 or st ∈ K2. Hence either t ∈ PK1(s) or t ∈ PK2(s). No matter which is the case, since both K1 and K2 are N -step completable, we derive |t| ≤ N .

Consider a language K ⊆ Lm(G) and a positive integer N . Whether or not K is N -step completable, let

N C(K, N ) = {K0 ⊆ K | K0 is N -step completable}

N C(K, N ) is never empty. Moreover by Proposition 1, there exists the supremal N -step completable sublanguage of K, given by

sup N C(K, N ) :=[{K0| K0∈ N C(K, N )}. (5)

In the next subsection, we present a generator-based algorithm to compute sup N C(K, N ) for any given language K ⊆ Lm(G) and any finite positive integer N .

B. Generator-Based Computation of sup N C(K, N )

Consider a language K ⊆ Lm(G) and a positive integer N . We present an algorithm to compute the supremal N -step completable sublanguage sup N C(K, N ). Let K be represented by a (nonblocking) generator K, i.e. Lm(K) = K. The intuition is that we find for each state of K the N -step completable strings, and remove other non-N -step completable strings from the transition graph. The detailed steps are described in Algorithm 1. In the algorithm, we employ a first-in-last-out stack ST to store the states to be processed (a first-in-first-out queue can also be used instead to perform a different order of search), and for a set Z a flag F : Z → {true, f alse} to indicate whether or not an element of Z has been visited: F (z) = true represents that z ∈ Z has been visited.

Algorithm 1 (Algorithm of Computing sup N C(K, N )):

Input: Generator G = (Q, Σ, δ, q0, Qm), K ⊆ Lm(G), and positive integer N . Output: Generator K0= (X0, Σ, ξ0, x0₀, X_m0 ).

Step 1. Construct a nonblocking generator K = (X, Σ, ξ, x0, Xm) such that Lm(K) = K. Step 2. Let

X0 := {(x, d)|x ∈ X, d ∈ {0, ..., N − 1}},

ξ0 = ∅, x0₀ = (x0, 0), and Xm0 := {(x, 0)|x ∈ Xm}. Initially set F ((x, d)) = f alse for each state x ∈ X and each d ∈ {0, ..., N − 1}. Then push the initial state x0₀ = (x0, 0) into stack ST , and set F ((x0, 0)) = true.

Step 3. If stack ST is empty, output the trimmed2 _{generator K}0 _{= (X}0_{, Σ, ξ}0_{, x}0

0, Xm0 ). Otherwise, pop out the top element (x, d) of stack ST . If x ∈ Xm, go to Step 4; otherwise, go to Step 5.

Step 4. For each event σ ∈ Σ defined at state x (i.e. ξ(x, σ)!), let x0 := ξ(x, σ) and do the following

2

two steps 4.1 and 4.2.

Step 4.1 Add transition ((x, 0), σ, (x0, 0)) to ξ0, i.e.

ξ0 := ξ0∪ {((x, 0), σ, (x0, 0))}.

Step 4.2 If F ((x0, 0)) = f alse, push (x0, 0) into stack ST and set F ((x0, 0)) = true. Step 4.3 Go to Step 3 with updated stack ST .

Step 5. For each event σ ∈ Σ defined at state x (i.e. ξ(x, σ)!), let x0 := ξ(x, σ) and do the following three steps 5.1–5.3.

Step 5.1 If x0 ∈ Xm, set d0 = 0; if x0 ∈ X/ m, set d0 = d + 1.

Step 5.2 If d0= N , go to Step 5.1 with the next event σ defined at x; if no more events are defined at x, go to Step 5.4. Otherwise, add a new transition ((x, d), σ, (x0, d0)) to ξ0, i.e.

ξ0 := ξ0∪ {((x, d), σ, (x0, d0))}

Step 5.3 If F ((x0, d0)) = f alse, push (x0, d0) into stack ST and set F ((x0, d0)) = true. Step 5.4 Go to Step 3 with updated stack ST .

In Step 5.2 above, note that the condition d0 = N means that the N -step downstream transitions that have never reached a marker state will be removed, therefore guaranteeing that from an arbitrary state, at most N -step transitions are needed to reach a marker state.

Continuing Example 1, with inputs G, K2(= Lm(K2)), and N = 3, Algorithm 1 outputs a new generator K0₂, as displayed in Fig. 3. From the figure, we see that state 2 is guaranteed to reach the marker state 1 in at most 3 steps. By contrast in K2 (displayed in Fig. 2), the strings (23.24)N.14 with N ≥ 2 will also lead state 2 to the marker state 1; however, their lengths are greater than 3. Thus, in fact those strings are removed from K2 in Algorithm 1.

The correctness of Algorithm 1 is confirmed by the following theorem.

Theorem 3: Given a generator G = (Q, Σ, δ, q0, Qm), a language K ⊆ Lm(G), a positive integer N , and let K0 be the generator returned by Algorithm 1. Then Lm(K0) = sup N C(K, N ).

Proof:First, we prove that Lm(K0) ∈ N C(K, N ). We start by showing that Lm(K0) ⊆ K. The reasons are as follows. (i) In Steps 4 and 5, all the transitions added to K0 correspond to those existing in K, so L(K0) ⊆ L(K) = K. (ii) Since marker states in K0 are copied from K by Xm0 := {(x, 0)|x ∈ Xm}, Lm(K0) ⊆ L(K0) ∩ Lm(K) = K.

2 K2' 0 3 12 14 11 13 23 4 14 24 1

Fig. 3. Transition graph of K02

string is longer than N and has never reached a marker state, then it will not be added to L(K0). Thus, those strings s added to L(K0) must satisfy that for every t ∈ PLm(K0)(s), there holds |t| ≤ N . Hence, Lm(K0) is N -step completable. This establishes Lm(K0) ∈ N C(K, N ).

It remains to show that Lm(K0) is the largest element in N C(K, N ). Let M ∈ N C(K, N ) be another element in N C(K, N ). It will be shown that M ⊆ Lm(K0). For this, we first prove that M ⊆ L(K0) by induction on the length of a string s ∈ M .

Base case: Let s =  ∈ M . Then  ∈ K and the initial state x0 exists in K. It follows from Step 2 that x0₀= (x0, 0) is designated to be the initial state of K0, and hence  ∈ L(K0).

Inductive case: Let s ∈ M , s ∈ L(K0), σ ∈ Σ, and suppose that sσ ∈ M ; we will show that sσ ∈ L(K0) as well. Since M ∈ N C(K, N ), we have (i) M ⊆ K and (ii) M is N -step completable. It follows from (i) that s ∈ L(K), i.e. ξ(x0, s)!. By the same reason, ξ(x0, sσ)!. Letting x = ξ(x0, s), we derive ξ(x, σ)!. Since s ∈ L(K0), ξ0((x0, 0), s)!. According to the definition of ξ0, there must exist d ∈ {0, ..., N − 1} such that (x, d) = ξ0((x0, 0), s). We already know that ξ(x, σ)!. If x ∈ Xm, according to Step 4, ξ0((x, d), σ) is defined where d = 0. If x /∈ X_m, according to Step 5.1, if ξ(x, σ) ∈ Xm, d0 = 0; otherwise d0 = d + 1. For the former case, according to Step 5.2, ξ0((x, d), σ) is defined with d0 = 0. For the latter case, it must hold that d0 ≤ N − 1 because ξ(x, σ) /∈ X_m and M is N -step completable (otherwise there exists a string s0 ∈ M and t ∈ PM(s) such that |t| = N + 1). According to Step 5.2, in this case ξ0((x, d), σ) is also defined. Hence, we conclude that sσ ∈ L(K0).

Lm(K) ⊆ Lm(K0). Let s ∈ L(K0) and s ∈ Lm(K); then we have ξ0((x0, 0), s)! and ξ(x, s) ∈ Xm. According to Steps 4.1 and 5.1, when ξ(x, s) ∈ Xm, d0 = 0. Since Xm0 = {(x, 0)|x ∈ Xm} and ξ0((x0, 0), s) ∈ Xm0 , we derive s ∈ Lm(K0). Finally,

M ⊆ M ∩ Lm(K)

⊆ L(K0) ∩ Lm(K)

⊆ Lm(K0).

The proof is now complete.

The above theorem confirms that Algorithm 1 computes the supremal N -step completable sublanguage sup N C(K, N ). According to Steps 4 and 5, the time complexity of Algorithm 1 is O(|X| · |Σ| · N ), because K has at most |X| · |Σ| transitions and each transitions are visited at most N − 1 times.

V. MAXIMALLY PERMISSIVEN -STEPNONBLOCKINGSUPERVISORYCONTROL

In this section, we present our solution to the N -NSCP. Consider a DES plant modeled by a generator G as in (1) with Σ = Σc∪Σ˙ u, a specification language E ⊆ Σ∗, and a finite positive integer N . Let K := E ∩ Lm(G).

Whether or not K is controllable and N -step completable, let CN C(K, N ) be the set of sublanguages of K that are both controllable and N -step completable, i.e.

CN C(K, N ) := {K0 ⊆ K | K0 is both controllable and

N -step completable}. (6)

Since the empty language ∅ is trivially controllable and N -step completable, the set CN C(K, N ) is nonempty. Moreover, since both controllability and N -step completability are closed under arbitrary set unions, CN C(K, N ) contains a unique supremal element given by

sup CN C(K, N ) :=[{K0 ⊆ K | K0 ∈ CN C(K, N )}. (7)

Theorem 4:Suppose that sup CN C(K, N ) 6= ∅. Then the supervisory control Vsupsuch that Lm(Vsup/G) = sup CN C(K, N ) ⊆ K is the solution to the N -NSCP.

permis-siveness requirement of the N -NSCP is also satisfied. Therefore, Vsup that synthesizes sup CN C(K, N ) is the solution to the N -NSCP.

We proceed to design an algorithm to compute this solution sup CN C(K, N ). Since there exists a well-known algorithm to compute the supremal controllable sublanguage [2, 3], and in the preceding section we designed an algorithm to compute the supremal N -step completable sublanguage, a natural idea is to iterate these two algorithms until the fixed point is reached. Then the fixed point is the supremal controllable and N -step completable sublanguage. This idea is implemented in Algorithm 3 below based on generator computation.

For reference, we call the known algorithm that computes the supremal controllable sublanguage Algorithm 2, whose inputs are generator G = (Q, Σ, δ, q0, Qm) and language K ⊆ Lm(G), whereas output is a nonblocking generator S with Lm(S) = sup C(K). The time complexity of Algorithm 2 is known to be O(|Q|2· |Σ|).

Algorithm 3 (Algorithm of Computing sup CN C(K, N )):

Input: Plant generator G = (Q, Σ, δ, q0, Qm), specification language E ⊆ Σ∗, and positive integer N . Output: Generator S = (X, Σ, δ, x0, Xm).

Step 1. Let K := E ∩ Lm(G). Construct a nonblocking generator K0 such that Lm(K0) = K.

Step 2. For i ≥ 0, apply Algorithm 1 (with inputs G, Lm(Ki), and N ) to compute Hi such that Lm(Hi) = sup N C(Lm(Ki), N ).

Step 3. Apply Algorithm 2 (with inputs G and Lm(Hi)) to compute Ki+1 such that Lm(Ki+1) = sup C(Lm(Hi)).

Step 4. If Ki+1= Ki, then output S = Ki+1. Otherwise, advance i to i + 1 and go to Step 2.

The correctness of Algorithm 3 is stated in the following theorem.

Theorem 5: Given a plant generator G, a specification language E, a positive integer N , and let K := E ∩ Lm(G), S be the generator returned by Algorithm 3. Then Lm(S) = sup CN C(K, N ). Proof:In Algorithm 3, Step 2 performs the computation of supremal N -step completable sublanguage, and Step 3 supremal controllable sublanguage. The iteration of Steps 2 and 3 generates the following sequence of languages:

2 0 3 12 14 11 13 23 27 1

Fig. 4. Transition graph of H0

2 0

12 14

11 1 13

Fig. 5. Transition graph of K1= S

Since both Algorithms 1 and 2 are finitely convergent, so is the above sequence. When the sequence converges, i.e. in Step 4 Ki+1= Ki holds for some i, Lm(Ki+1) is the supremal controllable and N -step completable sublanguage of K. This proves that Lm(S) = sup CN C(K, N ).

The above theorem confirms that Algorithm 3 computes the supremal controllable and N -step com-pletable sublanguage sup CN C(K, N ). Since Algorithm 1 used in Step 2 has complexity O(|Q| · |Σ| · N ), Algorithm 2 used in Step 3 has complexity O(|Q|2· |Σ|), and there can be at most |Q| iterations of Steps 2 and 3, the time complexity of Algorithm 3 is O(|Q| · |Σ| · max(|Q|, N )).

Continuing Example 1 (with generators G and SUP displayed in Fig. 1), we now assume that the odd numbers represent controllable events and even numbers represent uncontrollable events. Input G, Lm(SUP), and N = 2 to Algorithm 3. In Step 1, K0 := SUP. Then in Step 2, Algorithm 1 generates a generator H0, as displayed in Fig. 4. It is easily verified that Lm(H0) is 2-step completable. However, it is not controllable, because uncontrollable event 24 is disabled at state 3. Next in Step 3, Algorithm 2 generates a generator K1 as displayed Fig. 5. It is easily verified that Lm(K1) is both controllable and 2-step completable. This means that in Step 4, although K16= K0and Steps 2 and 3 need to be repeated, no further change will be made. It follows that K2= K1, and Algorithm 3 outputs S = K1.

VI. CONCLUSION ANDFUTUREWORK

In this paper, we have introduced a concept of quantitative nonblocking automata, which requires that all tasks be completed in a prescribed number of steps. Moreover, we have formulated a new N -step nonblocking supervisory control problem, characterized its solution in terms of N -step language com-pletability, and developed algorithms to compute the optimal solution. In future work, we are interested in the situation where there are multiple types of tasks of distinct levels of importance; more important tasks need to be completed in fewer number of steps. We aim to extend and address the quantitative nonblocking supervisory control problem for such cases involving heterogeneous tasks.

REFERENCES

[1] P. Ramadge and W. Wonham, “Supervisory control of a class of discrete event processes,” SIAM Journal on Control and Optimization, vol. 25, no. 1, pp. 206–230, 1987.

[2] W. Wonham and P. Ramadge, “On the supremal controllable sublanguage of a given language,” SIAM Journal on Control and Optimization, vol. 25, no. 3, pp. 637–659, 1987.

[3] W. Wonham and K. Cai, Supervisory Control of Discrete-Event Systems. Springer, 2019.

[4] K. Cai and W. Wonham, Supervisory control of discrete-event systems. Encyclopedia of Systems and Control, 2nd ed., Springer, 2020.

[5] W. Wonham, K. Cai, and K. Rudie, “Supervisory control of discrete-event systems: a brief history,” Annual Reviews in Control, vol. 45, pp. 250–256, 2018.

[6] R. Su, “On the complexity of synthesizing a minimum-weighted supervisor under partial observa-tion,” Automatica, vol. 50, no. 6, pp. 1725–1729, 2014.

[7] S. Pruekprasert, T. Ushio, and T. Kanazawa, “Quantitative supervisory control game for discrete event systems,” IEEE Transactions on Automatic Control, vol. 61, no. 10, pp. 2987–3000, 2016. [8] L. Ouedraogo, R. Kumar, R. Malik, and K. Akesson, “Nonblocking and safe control of

discrete-event systems modeled as extended finite automata,” IEEE Transactions on Automaton Science and Engineering, vol. 8, no. 3, pp. 560–569, 2011.

[9] M. Goorden, J. van de Mortel-Fronczak, M. Reniers, W. Fokkink, and J. Rooda, “Structuring multilevel discrete-event systems with dependence structure matrices,” IEEE Transactions on Automatic Control, vol. 65, no. 4, pp. 1625–1639, 2020.

[10] A. Gouin, L. Libeaut, and J. Ferrier, “Supervisory control of timed automata,” in 1999 European Control Conference (ECC), 1999, pp. 543–550.

Trans-[12] J. Thistle and W. Wonham, “Supervision of infinite behavior of discrete-event systems,” SIAM Journal on Control and Optimization, vol. 32, no. 4, pp. 1098–1113, 1994.

[13] A. K. Schmuck, T. Moor, and R. Majumdar, “On the relation between reactive synthesis and supervisory control of non-terminating processes,” Discrete Event Dynamic Systems, vol. 30, no. 1, pp. 81–124, 2020.

[14] A. Saboori and C. Hadjicostis, “Verification of K-step opacity and analysis of its complexity,” IEEE Transactions on Automation Science and Engineering, vol. 8, no. 3, pp. 549–559, 2011.

[15] X. Yin, Z. Li, W. Wang, and S. Li, “Infinite-step opacity and K-step opacity of stochastic discrete-event systems,” Automatica, vol. 99, pp. 266–274, 2019.

[16] F. Lin, L. Wang, W. Chen, L. Han, and B. Shen, “N-diagnosability for active on-line diagnosis in discrete event systems,” Automatica, vol. 83, pp. 220–225, 2017.

[17] N. Hadjicostis and C. Seatzu, “K-detectability in discrete event systems,” in Proc. 55th IEEE Conference on Decision and Control, 2016, pp. 420–425.