Simbolic Representation and Computation of Timed Discrete Events Systems

8/12/2019 Simbolic Representation and Computation of Timed Discrete Events Systems

1/14

6 IEEE TRANSACTIONS ON AUTOMATION SCIENCE AND ENGINEERING, VOL. 11, NO. 1, JANUARY 2014

Symbolic Representation and Computation ofTimed Discrete-Event Systems

S. Miremadi, Z. Fei, K. kesson, and B. Lennartson

AbstractIn this paper, we symbolically represent timed dis-crete-event systems (TDES), which can be used to efficientlycompute the supervisor in the supervisory control theory context.We model a TDES based on timed extended finite automata(TEFAs): an augmentation of extended finite automata (EFAs)by incorporating discrete time into the model. EFAs are ordinaryautomata extended with discrete variables, where conditionalexpressions and update functions can be attached to the transi-tions. The symbolic computations are based on binary decisiondiagrams (BDDs). We show how TEFAs can be repre sented byBDDs. The main feature of this approach is that the BDD-basedfixed point computations are not based on tickmodels that have

been commonly used in this area, leading to better performancein many cases. The approach has been implemented and appliedto a simple case study and several large-scale benchmarks.

Note to PractitionersIn todays industry, the control functionsare implemented to a great extent manually by designing a candi-date and verifying it towards different properties to ensure that thecontrol function is satisfactory. Designing a control function man-ually makes it a tedious, error-prone and time consuming process.Another way is to do this process automatically, referred to as thesynthesismethod. In the synthesis method, the designers model thesystems behavior and the desired properties and feed them to analgorithm that can automatically generate the control function. Su-pervisory Control Theory (SCT) provides a powerful frameworkfor automatically synthesizing safe and flexible control functions,

referred to assupervisors, that restrict the system only when it nec-essary. For large-scale systems, synthesis typically suffers of fromthe state space explosion problem, that is the required memoryto represent the states of the system is more than the availablememory. To handle real-time systems, in this paper, we also incor-porate time in the theory and show how the supervisor can be effi-ciently computed for large-scale systems.

Index TermsBinary decision diagrams (BDD), extendedfiniteautomata (EFA), supervisory control theory (SCT), timed discrete-event systems (TDES).

I. INTRODUCTION

DISCRETE EVENT SYSTEMS (DES) are discrete-state,event-driven systems where their state evolution depends

entirely on the occurrence of asynchronous events over time.DES have many applications in modeling technological systemssuch as automated manufacturing and embedded systems. When

Manuscript received April 10, 2013; accepted May 23, 2013. Date of publi-cation October 22, 2013; date of current version January 01, 2014. This paperwas recommended for publication by Associate Editor C. Seatzu and Editor M.C. Zhou upon evaluation of the reviewers comments.

The authors are with the Automation Research Group, Department ofSignals and Systems, Chalmers University of Technology, SE-412 96 Gothen-

burg, Sweden (e-mail: [email protected]; [email protected];[email protected]; [email protected]).

Digital Object Identifier 10.1109/TASE.2013.2282895

designing control functions for DES, model-based approachesmay be used to conveniently understand the systems behavior.A well known framework of such a model-based approach is su-

pervisory control theory (SCT) [1]. Having a plant (the systemto be controlled) and a specification, SCT automatically syn-thesizes a control function, called supervisor, that restricts theconduct of the plant to ensure that the system never violatesthe given specification. The main feature of the supervisor inSCT is that it restricts the plant only when it is necessary,referred to as the minimally restrictivesupervisor. Most of the

research in this field has focused on analyzing qualitative prop-erties, such as safety or liveness specifications, by investigatingthe logical sequencing of events. However, the correct behaviorof many real-time systems such as air traffic control systems andnetworked multimedia systems depends on the delays betweenevents. In addition, on pure DES one cannot perform quantita-tive analysis such as time optimization or scheduling. TimedDES (TDES) is a generalization of DES in which the timesthat the events occur are also taken into consideration. In thiswork, we do not consider stochastic properties of the models.The modeling formalism used in this work is an augmentationofa previously proposed modeling formalism, called extendedfi-nite automaton (EFA) [2], where time has been incorporated into

the model. EFAs are ordinary automata extended with discretevariables, guard expressions and action functions. The guardsand action functions are attached to the transitions, which admitlocal design techniques of systems consisting of different parts.The main features of EFAs are that they are suitable for the SCTframework and that they usually yield compact models becauseof the existence of discrete variables. EFAs have been used inseveral research works and successfully applied to a range ofexamples such as [3][5]. The EFA framework has been imple-mented in Supremica [6], a verification and supervisory con-trol tool, where powerful algorithms exist for analysis of DES[7][9].

There have been many attempts to model TDES and gener-alize SCT considering the real-time aspects. These works canbe divided into two categories; they are either based on con-tinuous time or discrete time. On the continuous side, timedautomata (TAs) [10] is the most popular modeling formalismused for modeling TDES andemploying them in SCT[11][13],[15]. However, in TAs, as the clocks progress by real values,the number of states becomes finite which is not suitable foranalysis of TDES. To this mean, in [11], a time automaton istransformed to a correspondingregion automaton, based on anequivalence relation, which makes the state-spacefinite. In [12],two special types of events Set and Exp are introduced, whichare used to transform a timed automaton into a minimal and

equivalent finite-state automaton, called SetExp-Automaton. In

1545-5955 2013 IEEE


2/14

MIREMADIet al.: SYMBOLIC REPRESENTATION AND COMPUTATION OF TIMED DISCRETE-EVENT SYSTEMS 7

[13], a TDES is modeled by timed Petri nets and a fixed point al-gorithm is presented to compute the unique extremal control-in-variant subpredicate of a given predicate. In [15], the passing oftime is measured using the number of ticks generated by a dig-ital-clock, thereby relaxing the assumption of the prior worksthat time can be measured precisely. With respect to controlfunction generation, there exists another approach that differs

from the ones using the SCT theory [14], where the controlleris based on a winning strategy for a certain game defined for thetimed automata, called timed game automata.

A lot of works have been carried out on discrete-time modelswith respect to SCT [16][21]. In these works, it is assumedthat there exists a global digital clock. In [17], the timing in-formation is incorporated into the system states in the form oftimer variables, which are updated according to some rules re-lating event occurrences and the passage of time. The morecommon way to model TDES, described in [16] and [18], is thatlower and upper time bounds are associated with events to re-strict their occurrence times. In addition, they use a special event

tick, which represents the passage of time, and is generated bythe global clock. In [22], Brandin and Wonham applied SCT toTimed Transition Models (TTMs) proposed in [16]. The main

problem with their approach is that by introducing thetickeventmore iterations may be needed in the fixed point computations.In addition, it is more likely to get early state space explosion.To this end, some methods have been proposed to shrink thestate space such as [23], where the supervisor is computed basedon an abstraction of the plant model in which time is measuredwith a slower clock. In [19], the notion of eligible time boundsis considered to analyze the timed-behavior of the system andto avoid the state space explosion due to the addition of tick.In [20], time optimization is also incorporated. Then, the syn-

thesis problem is to end the supervisor whose makespan is min-imum among those of all possible supervisors, where the theoryof heaps-of-pieces is used to deal with time information. In [21],the synthesis problem is to enforce boundedness, reversibility,and liveness in timed transition Petri nets with firing durations,where stretching is used to represent the state of the system.

Nevertheless, most of the aforementioned approaches haveaddressed the scalability and efficiency issues. In fact, for manyof them, currently there is no evidence of an existing implemen-tation including [11], [12], [15], and [19]. In [13], [20], and [21],the implementation is applied to quite simple examples and thestate space is explored explicitly.

This paper is comparable with the approach in [18] that isbased on [22]. Both approaches symbolically compute the su-pervisor for a give TDES based on binary decision diagrams(BDDs) [25]. BDDs are useful data structures for representingBoolean functions, which typically yield compact representa-tions for large state spaces. The main difference between our ap-

proach and [18] is how a TDES is represented by BDDs and howthe BDDs are used to compute thesupervisor.In contrast to [18],in our approach, we eliminate the tickevent in the BDD rep-resentation overcoming the problem with the tickevent, statedearlier. As it will be shown in Section VI, this will typically leadto less fixed point iterations and smaller intermediate BDDs,duringthe synthesis procedure. As a result, The synthesis can

be performed in an efficient manner, which is the main contri-bution of this paper.

We model a TDES by Timed EFAs(TEFAs), which are EFAsequipped with a finite set of discrete clocks, and where the valueof each clock is increased implicitly at the locations as time pro-gresses. From a modeling perspective, the advantage of usingTEFAs compared to TTMs is that the time constraints are addedas guards on the transitions (as in timed automata), rather thanlower and upper bounds on the events. This could potentially

facilitate the modeling for the users. For instance, if the con-straints are associated to the events, it will be complicated tomodel the situation, where the user wants to put different timeconstraints on an event that appears at different places on thesame model. Furthermore, usually such way of modeling leadsto a large state space.

This paper is organized as follows: Section II intro-duces TEFAs and explains the semantics of such models.In Section III, we briefly describe supervisory control theory.Section IV describes the EFA semantics of TEFAs, i.e., howTEFAs can be transformed into EFAs. The symbolic repre-sentations and computations of TEFAs based on BDDs are

described in Section V. In Section VI, the proposed approachhas been analyzed by applying it to a case study and severallarge-scale benchmarks. Finally, Section VII provides someconclusions and suggestions for future work.

II. TIMEDEXTENDEDFINITEAUTOMATA

In [2], a modeling formalism called Extended Finite Au-tomaton (EFA) was introduced, which is an augmentation ofordinary automata with a finite set of discrete-valued variables.The variables appear in the transitions of the automata as eitherlogical conditions, called guards, or updating functions, calledactions. A transition in an EFA is enabled if and only if its

corresponding guard formula is evaluated to true and when atransition is taken; and it may follow by updates of variablesdefined by the associated actions.

A Timed Extended Finite Automaton (TEFA) is an EFA aug-mented with a finite set of digital clocks. Intuitively, a clockina TEFA is a discrete variable in the sense of EFAs, restricted

by some rules, mentioned later. The time automatically elapsesonly at locations, whereas the transitions occur instantaneouslywith zero delay.

A. Syntaxand Semantics

In the following, we describe the syntax and the semantics of

TEFAs.Definition 1 (Timed Extended Finite Automaton): A timedextended finite automaton is a 10-tuple

where is a finite set of locations; is the domain of variables

, where is a finite set of integers; is a finite set of discrete valued clocks ; is a nonempty finite set of events; is the transition relation;

, is an invariant-assignment function; is a set of initial locations;


3/14


is a set of initial values of thevariables;

is a set of marked locations that are desired to bereached;

is a set of pairs of marked valuationsof the variables and clocks.

In addition to , we also define representing the domain

of the clocks. Later we will explain how the domain of a clockis defined and show that it is finite. Theglobal variable domaindenoted by is the set that contains the values of all variables,defined formally as

The global clock domain denoted by is defined similarly.The largest value in and is denoted by and

, respectively. If a variable exceeds its domain, the re-sult is not defined, and from an implementation point of view,

it is upon the developer to decide how to implement such cases.For instance, the program can give the user a warning. In ourimplementation, values outside the domain will be ignored andwill not be included in our computations, i.e., the correspondingtransition will not be executed. In contrast to variables, it is as-sumed that if a clock reaches its maximum value, it will keepits value until it is reset. For a clock , this behavior is modeled

by a saturation function

where is the set of natural numbers. The function

is used to saturate the current value of all clocks.The elements and are the sets of guards (conditional

expressions) and action functions, respectively. In the TEFAframework, an arithmetic expression is formed according tothe grammar

%

where , and % is the modulo op-erator. We use to denote an expression that does not containany clocks and then . Avariable evaluationfor a vari-able is a function , assigning a value to thevariable. Aclock evaluation is defined similarly.

A set of evaluations for all variables and clocks is representedby and , respectively.

A guard is a propositional expression formed ac-cording to the grammar

where and are guards that are based onvariables and clocks, respectively

where and represent Boolean logictrueand false, re-spectively, and . This implies that clocks can only becompared to constants. All nonzero values are considered as .The semantics of a guard is specified by asatisfaction relation

indicating the pair of variable and clock evaluationsfor which guard is . It is written .

An action is a tuple of functions

A variable action is a function thatupdates a variable; and a reset action is a func-tion that only resets a clock. Hence, for a variable, the actionis formed as and for a clock it is formed as .An action function that does not update a variable or clock isdenoted by , which is later used in the synchronization processto determine the updated value of . Function assigns toeach location alocation invariantthat constrains the amount of

time that may be spent in the location. Specifically, the locationshould be left before the invariant becomes invalid. Intuitively,if a location invariant consists of a less than relation, the in-variant can be considered as a deadline.

The clocks can be seen as EFA variables that are synchro-nized with aglobal digital clock. Hence, the clocks will evolveeach time the global clock ticks. In other words, all clocksevolve synchronically at rate one. The value of a clock denotesthe amount of time that has been elapsed since its last reset. Po-tentially, the clocks in can have an infinite domain becausethe time will elapse forever. Nevertheless, based on the fol-lowing argument a finite domain can be considered for each

clock. Among the possible values of a clock, only a subset isrelevant: those that can impact the guards evaluations. For in-stance, for a guard , the values above 4 will all havethe same impact on the guard; thus the relevant values of are

. Considering to be the largest constant inthe model (including all guards), which the clock is comparedto, the domain of the clock is .Thus, . Consequently, the domain of the clocks will be finite.

A partial transition relation is written as , where

, and . A transition without guardindicates that there are no restrictions, i.e., .

For a variable consists of the initial values of .Since TEFAs are specifically designed to conform to the su-

pervisory control theory, it becomes natural to include a set ofmarked locations and values in the tuple of definition of a TEFA.If the setof marked locations,evaluationsof a variable or a clockis empty, then the entire domain is considered as marked.

The states of a TEFA are defined as .The state for a location , variable evaluations , and clockevaluations is represented as . Based on the statesof a TEFA, a state transition system can be defined.

A notation that will be used frequently in this paper, is theSOS-notation (Structured Operational Semantics) [26]. Thenotation


4/14


should be read as follows: if the proposition above the solidline (premise) holds, then the proposition under the fraction

bar (conclusion) holds as well.Definition 2 (State Transition System of a TEFA): Let

be a TEFA.Its corresponding state transition system (STS), denoted by

, is a 5-tuple, where

is a finite set of states; is a set of events; is a explicit state transition relation defined

by the following rule:

(1)

is a set of initial states ( is a -tupleof zeros);

is a set of marked states.

We assume that all TEFAs are deterministic. A determin-istic TEFA has only a single initial state in its correspondingSTS and for any two transitions and

, it always implies.

Remark (Nonzenoness): We have omitted requirements onthe definition necessary for executability. From every reachablestate, the TEFA should admit the possibility of time to diverge.For example, the automaton should not enforce infinitely manyevents in a finite interval of time. A TEFA satisfying this oper-ational requirement is callednon-zeno[27].

B. Extended Full Synchronous Composition

For modeling purposes, it is often easier to have a modularrepresentation, specially for complex systems. Then, to havea monolithic model of the system we need to synchronize thecomponents. For a model with a number of TEFAs, we assumethat the variables and clocks are all global, i.e., they areshared between the TEFAs. The global behavior of a modularTEFA model can be expressed by the extended full synchronouscompositionon TEFAs, similar to the full synchronous compo-sition described in [2].

Definition 3 (Extended Full Synchronous Composition: Con-

sider the following two TEFAs

for . The ExtendedFull Synchronous Composition(EFSC) of and , denoted by , is definedas

where ; ;

the transition relation isdefined as follows:

(2)

wherea) :

such that* ,* For ,

(3)

where is the actionfunction belonging to ,updating the th variable, and is defined ex-actly as but on clocks;

b) :

c) :

; ; .

Intuitively, in (2), an action function of form indicatesthat variable keeps its current value. Similar to the proof in[28], it can be proved that the EFSC operator is both commu-tative and associative and can be extended to multiple TEFAs.

Note that, in the case of multiple TEFAs, the transition relationin (2) refers to all TEFAs. In other words, should first

be computed for all TEFAs and then replace with the currentvalue. In the above definition, also observe that when the ac-tion functions of and explicitly try to update a sharedvariable to different values, we assume that the variable is notupdated. It can indeed be discussed whether such a transitionshould be executed, nevertheless, such a situation is usually aconsequence of bad modeling.

III. SUPERVISORYCONTROLTHEORY

Supervisory Control Theory (SCT) [1], [29] is the first con-trol theory for a general class of DES, where a control functionisautomatically synthesized, referred to assupervisor, based on a


5/14


givenplantand aspecification. A specification describes the al-lowed and inhibited behaviors. The supervisor restricts the con-duct of the plant to guarantee that the system never violates thegiven specification. However, it is often desired, and also in ourwork, that the supervisor restricts the plant as little as possible,referred to as a minimally restrictivesupervisor. This gives thedevelopers several alternatives to implement the controller and

perform further analysis such as time or energy optimization.There exist several works on developing efficient algorithms

and data structures for SCT problems formulated with EFAs [3],[30]. In this work, the problems are modeled by TEFAs. How-ever, the computations are performed on their correspondingEFAs that will be described in Section IV. In [3], [30], it isshown how a nonblocking and minimally restrictive supervisorcan be symbolically computed for a system modeled by EFAmodels. The computations are based on the corresponding fi-nite automata of EFAs.

An automaton-plant can be described by the synchroniza-tion of a number of sub-plants and similarly

for a specifi

cation . In our computations,we assume that a supervisor always refines the plant, i.e.,. There are different ways of computing a supervisor

such as monolithic [1], modular [31], and compositional [32]synthesis. In our approach we apply monolithic synthesis, whichis performing fixed point computations on the single composedautomaton .

Following, we describe some of the concepts in SCT. A stateis reachableif it can be reached from the initial state by exe-cuting a sequence of events. A state iscoreachableif a markedstate can be reached from that state. A state is nonblockingif itis both reachable and coreachable. A supervisor is nonblockingif all its states are nonblocking. For a supervisor candidate

that is a sub-automaton of , a reachable state in isuncontrollableif from that state an uncontrollable event is de-fined for the plant but not for the supervisor . A supervisor iscontrollable if all its states are controllable. A state that is bothnonblocking and controllable is called a safestate.

As stated earlier, the safe states are synthesized by fixedpoint computations [7]. There are two operators that areused frequently in the fixed point computations: Image andPreImage. Given a set of statescomputes the set of states that can be reached in one transition

and computes the set of states that, in onetransition, can reach a state in

The transition relation is the key element in performing the fixedpoint computations. In Section V, we show how the symbolicrepresentation of the transition relation of a TEFA is computed.

IV. EFA SEMANTICS OFTEFA

As mentioned earlier, the clocks in TEFAs are discrete-valuesindicating that we imagine measuring time only with a global

digital clock with output

where is the set of positive real values.Consequently, the temporal resolution available for modeling

purposes is thus just one unit of clock time. For a TEFA, thisbehavior, can be represented by an EFA by introducing an addi-tional eventtickas in [16]. The event tickoccurs exactly at thereal time moments, which can be imagined to be generated bythe global digital clock.

Definition 4 (Clock-EFA): For a clock with max value, a clock-EFA, denoted by , is an EFA with the

following tuple:

where

If multiple clocks exist, all combinations of the transitions in aclock-EFA for different clocks should be considered. This can

be carried out by synchronizing the clock-EFAs based on thefull synchronous composition of EFAs [2].However, in the existence of an invariant for , it should not

be possible to execute thetickevent if the invariant is not satis-fied. For instance, if the location has an invariant

, only a transitionshould be added. Note that in the new ticktransition the term

has beenchangedto ; because based onthe invariantsemantics, should never reach value 4. In general, a location

with invariant can be described by the following ticktransition:

where is obtained by replacing all terms in form ofand appearing in withand , respectively.

Definition 5 (Invariant-EFA): Letbe a TEFA. We define its corre-

sponding invariant-EFA, denoted by , by theEFA :

, where ; ; ; , where is a -tuple of zeros.

An invariant-EFA of a TEFA , where the tick transitions

have been removed (in the above definition this implies that) is called the isomorphic EFAof .

Proposition 1: For TEFAs, the following statement holds:

Proof: The proof follows directly from Definition 3 andthe full synchronous composition of EFAs, defined in [2].

Definition 6 (Tick-EFA): For a TEFA , its correspondingtick-EFA, denoted by , is defined as the followingEFA:

(4)


6/14


Essentially, a tick-EFA is the EFA semantics of a TEFA. Inthe sequel, we denote the synchronization of all clock-EFAs as

. Note that synchronizingclock-EFAs will never disable the tickevent.

Lemma 2: Synchronizing clock-EFAs, thetickevent neverbecomes disabled.

Proof: Consider the following facts:

for a clock , sincewill always allow either of the transitions;

the clock-EFAs do not share any variables and thus cannotrestrict each other in synchronization.

Based on the above facts and the definition of full synchronouscomposition on EFAs, it directly follows that the tickeventnever becomes disabled.

Theorem 3: For TEFAs and clocks, the following state-ment holds:

(5)

Proof: We construct the left-hand side by starting from theright-hand side. From (4), we have

(6)

From Proposition 1, (6) is equal to

(7)

Finally, from (4), (7) is equal to .

The above theorem will be the basis forapplying SCTto TEFAs.From the SCT perspective, we assume that thetickevent is un-controllable because the supervisor cannot impact the passageof time. However, as we will see later in Section V, the sym-

bolic computations will be performed on an abstraction of thetick-EFAs by eliminating the tickevent. This will be the mainadvantage of this approach compared to thetick-based approachin [33], [34].

V. SYMBOLICREPRESENTATIONS ANDCOMPUTATIONS

When performing fixed point computations for systems ofindustrially interesting sizes, exploring all states in the com-

posed model explicitly can be computationally expensive, interms of both time and memory, due to the state space explosion

problem. We tackle this problem by representing the models andperforming the computations symbolicallyusing Binary Deci-sion Diagrams (BDDs) [25], powerful data structures for repre-senting Boolean functions. For large systems where the numberof states grows exponentially, BDDs can improve the efficiencyof set and Boolean operations performed on the state sets [8],[35], [7].

Given a set of Boolean variables , a Boolean function( is the set of Boolean values, i.e., 0 and 1) can

be expressed using Shannons decomposition. This decomposi-tion can be expressed by a directed acyclic graph, called a BDD,which consists of two types of nodes: decision nodesand ter-minal nodes. A terminal node can either be0-terminalor1-ter-

minal. Each decision node is labeled by a Boolean variable andhas two edges to itslow-childand high-child, corresponding toassigning 0 and 1 to the variable, respectively. The size of aBDD, denoted as , refers to the number of decision nodes.

The power of BDDs lies in their simplicity and efficiencyto perform binary operations. The time complexity of a binaryoperator between two BDDs and is .

Two BDD operations that have been used extensively in ourimplementation is the existential quantificationand the substi-tution operators. Let be a BDD and and two sets ofBoolean variables. The operation removes all vari-ables belonging to that have appeared in . The notation

is used to describe the result of substituting all freeoccurrences of in by their one-to-one corresponding vari-ables in . For a more elaborate and verbose exposition ofBDDs and the implementation of different operators, refer to[36].

The corresponding BDD for a finite set can be repre-sented using its correspondingcharacteristic function.

Definition 7 (Characteristic Function): Let be afi

nite setso that , where is the finite universal set. Acharacter-istic function is defined by

Since the set is finite, in practice, its elements are representedwith numbers in or their corresponding binary -tuples be-

longing to . For a binary characteristic func-tion, an injective function is used to map the ele-ments in to elements in . In general, is constructedas

(8)

where on two binary -tuples and is defined as

(9)

where denotes the th element of .Hence, different set-operations can be carried out on using

basic Boolean operators.

A. Abstraction of Tick-EFAs

As stated earlier, supervisory control on timed DES basedon tickmodels has been investigated in several works such as[33], [34]. The tickmodels suffer from a major problem. Thestate size is very sensitive to the clock frequency: a tickeventmust be associated with the passage of each unit of time. As theclock frequency increases, so must the number of tickevents.As a consequence, performing reachability analysis based ontickmodels using BDDs follows with two main issues:

1) usually many iterations are needed in the fixed point com-putations;

2) the intermediate BDDs representing the reachable statescan be very bigthat may need more memory than available,i.e., state space explosion.


7/14


Following, we explain how the iterations caused by the tickevent can be eliminated in the BDD implementation to tacklethe above-mentioned issues.

The idea lies on the fact that time cannot be stopped. In tick-EFAs, this indicates that all the tick transitions will eventu-ally occur, unless there exist a location invariant (Lemma 2).For instance, consider two clocks with domains and

and assume isthe current state of the system.Following, shows the sequence of the states that can be reached

by the tickevent:

Since all tick transitions will eventually occur, it can be di-rectlycomputed thatwhen the state isreached, the states

are also reachable. Given a set ofstates , we define as below

(10)

where .Definition 8 (Timed Transition Relation (TTR)): For a set of

clocks , thetimed transition relation (TTR)is defined as below

In particular, the TTR will expand a tuple of clock evalua-tions to the clock evaluations that can be reached bythe passage of time. We write to denote a numberof explicit transitions , where

. Based on the TimedImage operator, wepropose the following definition.Definition 9 (Reachability Transition Relation): For a TEFA

with transition relation , its correspondingreachability tran-sition relation, denoted by , is defined as below

(11)

where

Consequently, by using in the fixed point computations (asthe transition relation passed to the Image and PreImage op-erators), rather than transitions based on tick-EFAs:

1) a number of states can be reached with a single iteration,compared to theticktransitions, where multiple iterationsare required (multiple calls ofImage and PreImage op-erators);

2) usually the corresponding BDD of a set of states becomessmaller than the intermediate BDDs resulted after exe-cuting a tick transition.

In [3], we have shown how EFAs and their synchronous oper-ator are transformed to BDDs. However, this transformation be-comes more complicated when clocks are included in the model,specially when it comes to synchronizing the clocks with the

same rate. We will discuss these challenges and motivate the so-lution we used to construct the corresponding BDD for . Inthe sequel, we base our discussions on the corresponding char-acteristic functions of BDDs.

B. BDD Representation of

Assume we have a model with a single TEFA including asingle clock with no invariants. Let us construct the corre-sponding characteristic function of the reachability transitionrepresenting a partial transition ; for brevity, wewrite . We start by constructing the explicit transition

of the corresponding isomorphic EFAs, denoted as .

Let be a -tuple of Boolean variables used to rep-

resent the events; be a -tuple of Boolean variables

used to represent the locations; be a -tuple of Boolean variables used to represent the valuations of variable

and be a -tuple of Boolean variables used torepresent the valuations of clock . Similarly, let

and denote Boolean tuples used to represent the target(updated) locations and valuations of and , respectively. In[3], we showed that the characteristic function of a transition

is

(12)

(13)

where and . The character-istic function of the total transition relation can be computed

by disjuncting the corresponding characteristic functions of allpartial transition relations. Recall that in (13) the clocks are con-sidered as ordinary variables of an EFA. Now let us transform(13) to its reachability transition to give the clock its real seman-tics. Based on (11), this can be performed by replacing the term

with , where ,i.e., .

However, if we follow the above formula to construct a par-tial transition relation with multiple clocks, the clocks will notbe synchronized with the same rate. If we add another clock tothe model, then the above result will be logically conjuncted

. Thus, the termwill yield states, where the target evaluations of the clocks will

be , which clearly means that clocks do not evolvesynchronously with the same rate, i.e., the TimedImage oper-ator will not be implemented correctly.

Hence, when there exists clocks, to get the correctresult, the statement (12) should be

(14)


8/14


where and thus

Essentially, the characteristic function (14) represents the time

evolution.The construction of the BDD representing the synchroniza-

tion of a number of EFAs has already been elaborated in [3].Having a number of TEFAs and clocks, we construct the BDDrepresenting by performing the following steps:

1) construct the BDD of the explicit transition relation ofeach corresponding isomorphic EFA and compute theirsynchronization;

2) construct the BDD representing the TTR;3) apply the timed semantics to the BDD of step1 by consid-

ering the BDD computed in Step 2;4) compute the invariant-BDDand apply it to the BDD from

Step 3.We denote the characteristic function of the BDD from Step 1 by

. In Step 2, we implement the TTR by constructing a BDDthat represents (14) for all clock valuations . As mentionedearlier, we use the expand operator to replace the target value

by a set of values. This replacement occurs in Step 3 and todo this on the BDD level, in addition to , we introduce aset of temporary Boolean variables . The BDD computed inStep 3 will represent without considering the invariants,denoted by . In Step 4, we compute a BDD representing

the invariants of all locations and apply it to the BDD obtainedfrom Step 3 to get the corresponding BDD of .

1) BDD Construction of the Isomorphic EFAs: This step has

been explained in [3].2) BDD Construction of the Time Transition Relation: Be-

fore continuing, as an example, we apply steps 2 and 3 to theBDD representing the characteristic function (13). We first com-

pute the BDD representing the TTR for all values in

(15)

where . Next, we compute (15) (13) yielding

(16)

where . Let be the BDD representing (16).The final step is to quantify away the Boolean variables inand then substitute the variables in by

which represents the following characteristic function:

Hence, each value represented by has been substitutedby .

Algorithm 1 shows the construction of the BDD representingthe TTR having the following characteristic function:

(17)

Before digging into the algorithm, it is worth describingthe principle behind implementing the saturation function ,which is especially an issue when there are multiple clocks.The basic idea is to first let the values of the clocks groweven when they exceed the domains of the clocks. In otherwords, we enlarge the domains of the clocks. Then, in the

next step, all values outside of the domain will be replaced bythe largest value. For instance, assume there exist two clockseach with domain and let be a tuple whichwe want to expand. Without enlarging the domain the resultis , however, changing the domain to

the result would be .Finally, value 3 will be replaced by 2, i.e., the largest value inthe old domain, yielding , whichwill be the result of the function. This implementation could

be done in other ways too, but the main reason that we wantto enlarge the domain is to always have unique values in thetuples, which is necessary for the correctness of the algorithm.

Note that the increase of the domain will be applied to thetemporary Boolean variables . To ensure that the valuesalways increase when we want to expand a tuple of multipleclocks, we let include Boolean variables.

In the algorithm, and denote the 0 and 1 terminals,respectively; represents a number of Boolean variables usedto represent represents a number of Boolean variablesused to represent ; and corresponds to the BDD rep-resenting value by using . In our implementation, we repre-sent integers and the arithmetic operations byBDD bit-vectors

[37]. The notation is the BDD bit-vector representing

value , where each bit is a BDD using . is the BDDbit-vector for all values that can be represented by . For amore detailed description on how arithmetic operations are per-formed on BDD bit-vectors refer to [37].


9/14


Lines 27 construct the time transition relation for the case

of a single clock in the model. In this case

(18)

This represents the set

(19)

Lines 819 synchronize the clocks without considering the satu-ration function . The basic idea is to synchronize each clock inthe model with the first clock and conjunct it with the BDDthat has been computed so far for the previous clocks. In line16, represents all evaluation pairs larger than andfor clocks and , respectively, where the difference is .

will then represent

(20)

where . Such a BDDwill be constructed for all s and s in and , respectively,and will be disjuncted together, stored in . Then,will be conjuncted with that represents the TTR ofthe clocks that have been computed so far. In lines 20-24 thesaturation function is implemented. As mentioned earlier, foreachclock all valuesthat are larger than willbe replaced

by .Lemma 4: Algorithm 1 returns the corresponding BDD of the

TTR.

Proof: Without loss of generality, we perform the proofbased on the symbol introduced earlier, rather than using thecharacteristic functions.When will be equal to (18). In this case, only lines1-7 will be executed and it is straightforward to see thatrepresents (19).For , we divide the algorithm into two parts: lines 8-19and lines 20-24 (saturation implementation), and prove the cor-rectness of each part separately.For lines 8-19, we prove that represents

(21)

We prove this by induction.For the basic case, where , from (20) it can be directly de-duced thatat the end ofthe iterations, willrepresent (21).Since the loop in line 8 only iterates once,when line 19 is reached, which means that .Hence, represents (21) and the basic step is proved.

Now, for the inductive step, let us assume that rep-resents (21) for the first clocks, denoted by

(22)

where is a -tuple and is the domain for thefirst clocks. We prove that this also holds for . Initeration represents the TTR between clock 1 andclock . Based on (20), the BDD represents

(23)

Now, let us compute in line 19, which is obtainedby conjuncting the corresponding BDDs for (22) and (23). We


10/14


perform the conjunction on their corresponding characteristicfunctions. From (17), we have that the corresponding character-istic function for (22) is

(24)

and for (23), we have

(25)

By conjuncting (24) and (25) we get

which represents

and thus the inductive step is proved.Finally, in lines 20-24 of the algorithm (as stated earlier), foreach clock in the values that are larger than

will be replaced by , which will yield a BDD representing(17), i.e., . The correctness of these lines is straightforward.Hence, the correctness of the entire algorithm is proved.

Proposition 5: The time complexity of Algorithm 1 is, where is the time complexity of performing the

BDD operations in the loops, which is proportional to the sizesof the BDDs.

Proof: The algorithm consists of three sequential parts,lines 27, lines 819 and lines 2024. Since the time complexityof lines 819 is larger than the other two parts, it can be deducedthat the time complexity of the entire algorithm is equal to thetime complexity of lines 819, which is equal to

.3) Applying the Timed Semantics to the Isomorphic EFAs:

This step can be concluded in the following lemma.

Lemma 6: The CF representing is equal to

Proof: Based on the proof of correctness for in [3]and Lemma 4, the correctness can be directly deduced.

4) Applying Invariants: Finally, we need to consider the in-variants into . We compute a BDD, called invariant-BDD,

represented by the following characteristic function:

where is the number of TEFAs in the model and is the setof locations of TEFA . It can be observed thatrepresents the set

(26)

Theorem 7: The characteristic function of is

Proof: We prove based on the corresponding explicit sets.We have that represents

(27)

where

Hence, based on (26),

will represent the following set:

which represents .Consequently, having a number of TEFAs, the corresponding

BDD of represents the transition relation of the synchro-nized model, excluding the tickevent, and where the clocksevolve synchronously.

VI. CASESTUDY ANDEXPERIMENTALRESULTS

The symbolic approach discussed in Section V has been im-plemented and integrated in the DES tool Supremica[6] which

uses JavaBDD [38] as the BDD package. The experimentswere carried out on a standard PC (Intel Core 2 Quad CPU @


11/14


12/14


TABLE IRESULTS OF THEBENCHMARKSTUDIES

Fig. 3. The corresponding tick-EFA of .

Fig. 4. The intermediate BDD sizes during the reachability analysis for bothtick-EFAs and TEFAs.

the iterations the sizes of the BDDs of the TEFA approach aresmaller than the tick-based approach.

It should be mentioned that the result, in terms of the numberof states, computed from either of those two approaches is

different from the result in [18] due to distinct modeling for-malisms used to model the production cell.

B. Benchmarks

The benchmark cases include the following complex indus-trial models.

pim Design of a robust and optimal controller for a

plastic injection molding machine, taken from [41].fms Extension of the large-scale flexible manufacturing

system described in [42]. The time has beenconsidered into the model similar to the case studydescribed in Section VI-A.

agv Extension of the automated guided vehicle (AGV)coordination model (Petri net) described in [43]. Inthis version, a new zone is introduced at the inputstation, making the system blocking. Furthermore,the amount time needed for the AGVs to move

between work stations is considered. The time hasbeen considered into the model similar to the case

study described in Section VI-A.

mpp Extension of a production cell in a metal-processingplant, described in [44]. The time has beenconsidered into the model similar to the case studydescribed in Section VI-A.

epc Extension of a production cell, building the ceilingof toy car, taken from [45]. In this model, the systemis divided to different operations. The time that takesto perform the operations is considered in the model.

6link Extension of a cluster tool for wafer processing,studied for synthesis in [46]. The amount of time

needed to process the wafers is considered.

The results are shown in Table I. For each model, the tableshows the number of automata (Aut), the number of variables

, the number ofclocks , the number of reachable states(Size), the number of safe states , the number offixed

point iterations, the maximum size of the intermediate BDDsduring the fixed point computations (BDDmax), and the syn-thesis time in seconds.

The benchmarks include models from the size of and upto reachable states. From the table, it can be observed thatthe required fixed point iterations for the TEFA implementationisalwaysless than the tick-based implementation. On the other

side, this fact does not hold for the maximum size of the in-termediate BDDs. In modelspim and mpp, maxBDD is larger


13/14


for the TEFA implementation. These models contain time in-variants which forces the system to leave the locations quiteearly after that they are reached. In other words, fewtickeventsare performed at the locations, which will not be advantageouswhen using the BDD representing the TTR which abstracts thetickevents. In addition, in these cases, due to the large domain ofthe clocks, the BDD representing the TTR becomes very large.As a consequence, for thempp model, the TEFA implementa-tion needed more time to compute the supervisor compared tothe tick-based implementation. In all other cases, the TEFA im-

plementation computed the supervisor faster than the tick-basedimplementation. Consequently, for a TDES, the TEFA imple-mentation can, in most of the cases, compute the supervisorfaster than the tick-based implementation.

VII. CONCLUSION ANDFUTUREWORKS

In this paper, we presented a method to symbolically, usingBDDs, represent timed TDES, modeled by timed extended

finite automata (TEFAs), that are ordinary automata extendedwith variables and clocks. It was shown how the TEFAs andtheir synchronization can be represented by BDDs. Further-more, based on the framework in [16], we showed how SCTcan be applied to TEFAs, by introducing a new uncontrollableevent tickto the model, and transforming TEFAs to their cor-responding tick-EFAs. However, since the tick-based approachsuffers from the fact that the state space is very sensitive to theclock frequency, we proposed an approach to eliminate thetickevent in the BDD-based computations. The approach was im-

plemented and applied to a classical production cell and severallarge-scale benchmarks. The results show that the eliminationof thetickevent in the fixed point computations typically leadsto less iterations and smaller intermediate BDDs, which in turnwill improve the performance of the synthesis algorithm. Itwas also shown that for TEFAs consisting of clocks with largedomains, the BDD representing time can be large, which candecrease the performance of the synthesis algorithm.

There are some possible directions for future work that we arecurrently working on. So far, we have considered that the tickevent is always uncontrollable, however, we may have caseswhere an event can preempt the tick, called forcible events,which causes thetickevent to become controllable. In the nextwork, this property will be considered in the framework. Wealso desire to develop efficient algorithms for quantitative anal-

ysis such as time optimization, beside the qualitative analysis(supervisor synthesis). The interesting point about optimizationon TEFAs is the existence of uncontrollable events that mayleadto several optimal solutions.

REFERENCES

[1] P. Ramadge and W. M. Wonham, The control of discrete event sys-tems,Proc. IEEE, vol. 77, no. 1, pp. 8198, 1989.

[2] M. Skldstam, K. kesson, andM. Fabian, Modelingof discrete eventsystems usingfinite automata with variables, inProc. 46th IEEE Conf.

Decision Control, 2007, pp. 33873392.[3] S. Miremadi, B. Lennartson, andK. kesson, A BDD-basedapproach

for modeling plant and supervisor by extended finite automata,IEEE

Trans. Control Syst. Technol., vol. 20, no. 6, pp. 14211435, 2012.

[4] K. Bengtsson, C. Thorstensson, B. Lennartson, K. kesson, S. Mire-madi, and P. Falkman, Relations identification and visualization forsequence planning and automation design, in Proc. IEEE Int. Conf.

Autom. Sci. Eng., Aug. 2010, pp. 841848.[5] P. Magnusson, N. Sundstrm, K. Bengtsson, B. Lennartson, P.

Falkman, and M. Fabian, Planning transport sequences for flexiblemanufacturing systems, in Preprints of the 18th IFAC World Congr. ,Milano, Italy, 2011, pp. 94949499.

[6] K. kesson, M. Fabian, H. Flordal, and R. Malik, SupremicaAn in-tegrated environment for verification, synthesis and simulation of dis-crete event systems, inProc. 8th Int. Workshop Discrete Event Syst.,Ann Arbor, MI, USA, 2006, pp. 384385.

[7] A. Vahidi, M. Fabian, and B. Lennartson, Efficient supervisory syn-thesis of large systems, Control Eng. Practice, vol. 14, no. 10, pp.11571167, Oct. 2006.

[8] S. Miremadi, K. kesson, M. Fabian, A. Vahidi, and B. Lennartson,Solving two supervisory control benchmark problems usingSupremica, in Proc. 9th Int. Workshop on Discrete Event Syst.,May 2008, pp. 131136.

[9] Z. Fei, S. Miremadi, and K. kesson, Efficient symbolic supervisorysynthesis and guard generation, in Proc. 3rd Int. Conf. Agents Artif.

Intell., Rome, Italy, 2011, pp. 106115.[10] R. Alur and D. L. Dill, A theory of timed automata,Theor. Comput.

Sci., vol. 126, no. 2, pp. 183235, Apr. 1994.[11] H. Wong-Toi and G. Hoffmann, The control of dense real-time dis-

crete event systems,in Proc. 30th IEEE Conf. Decision Control, 1991,pp. 15271528.[12] L. Ouedraogo, A. Khoumsi, and M. Nourelfath, SetExp: A method of

transformation of timedautomata intofinite stateautomata,Real-TimeSyst., vol. 46, no. 2, pp. 189250, Aug. 2010.

[13] H. Chen and H. M. Hanisch, Control synthesis of timed discrete eventsystems based on predicate invariance, IEEE Trans. Syst., Man, Cy-bern.. Part B, Cybern., vol. 30, no. 5, pp. 71324, Jan. 2000.

[14] E. Asarin, O. Maler, and A. Pnueli, Symbolic controller synthesisfor discrete and timed systems,Hybrid Systems IILecture Notes inComputer Science, vol. 999, pp. 120, 1995.

[15] S. Xu and R. Kumar, Real-time control of dense-time systems usingdigital-clocks, IEEE Trans. Autom. Control, vol. 55, no. 9, pp.20032013, Sep. 2010.

[16] J. S. Ostroff and W. M. Wonham, A framework for real-time dis-crete event control, IEEE Trans. Autom. Control, vol. 35, no. 4, pp.386397, Apr. 1990.

[17] B. A. Brandin, The modeling and supervisory control of timed DES,inProc. 4th Int. Workshop of Discrete Event Syst., WODES98, 1998,

pp. 814.[18] A. Saadatpoor, Timed state tree structures: supervisory control and

fault diagnosis, Ph.D. dissertation, Univ. Toronto, Toronto, ON,Canada, 2009.

[19] S. Park, K.-H. Cho, and J.-T. Lim, Supervisory control of real-timediscrete event systems under bounded time constraints, in IEE Proc.Control Theory Appl., 2004, vol. 151, no. 3, pp. 347352.

[20] J. H. van Schuppen and J. E. Rooda, The synthesis of time optimalsupervisors by using heaps-of-pieces, IEEE Trans. Autom. Control,vol. 57, no. 1, pp. 105118, Jan. 2012.

[21] A. Aybar and A. Iftar, Supervisory controller design to enforce somebasic properties in timed-transition Petri nets using stretching,Non-linear Analysis: Hybrid Syst., vol. 6, no. 1, pp. 712729, Feb. 2012.

[22] B. A. Brandin and W. M. Wonham, Supervisory control of timed dis-

crete-event systems,IEEE Trans. Autom. Control, vol. 39, no. 2, pp.329342, 1994.

[23] P. Gohari and W. M. Wonham, Reduced supervisors for timed dis-crete-event systems,IEEE Trans. Autom. Control, vol. 48, no. 7, pp.11871198, Jul. 2003.

[24] R. Alur, C. Courcoubetis, and D. Dill, Model-checking in dense real-time,Inform. Comput., vol. 104, no. 1, pp. 234, 1993.

[25] S. B. Akers, Binary decision diagrams,IEEE Trans. Comput., vol.27, pp. 509516, Jun. 1978.

[26] G. D. Plotkin, A structural approach to operational semantics, rhusUniv., Aarhus, Denmark, Sep. 1981, Tech. Rep..

[27] C. Baier andJ.-P.Katoen, Principles of Model Checking. Cambridge,MA, USA: The MIT Press, 2008.

[28] C. A. R. Hoare, Communicating sequential processes, Commun.ACM, vol. 21, no. 8, pp. 666667, 1978.

[29] C. G. Cassandras and S. Lafortune, Introduction to Discrete Event Sys-

tems, 2nd ed. New York, NY, USA: Springer, 2008.


14/14


[30] Z. Fei, S. Miremadi, K. kesson, and B. Lennartson, Efficient super-visory synthesis to large-scale discrete event systems modeled as ex-tendedfinite automata, Chalmers Univ. Technol., Gteborg, Sweden,2012, Tech. Rep..

[31] W. M. Wonham and P. Ramadge, Modular supervisory control of dis-crete-event systems, Math. Control Signals Syst., vol. 1, no. 1, pp.1330, 1988.

[32] H. Flordal, R. Malik, M. Fabian, and K. kesson, Compositional syn-thesis of maximally permissive supervisors using supervision equiva-lence,Discrete Event Dynamic Syst., vol. 17, no. 4, pp. 475504,Aug.2007.

[33] Y. Brave and M. Heymann, Formulation and control of real time dis-crete event processes, in Proc. 27th IEEE Conf. Decision Control,1988, pp. 11311132.

[34] B. A. Brandin and W. M. Wonham, The supervisory control of timedDES,IEEE Trans. Autom. Control, vol. 39, no. 2, pp. 329342, 1994.

[35] C. Ma and W. M. Wonham, STSLib and its application to twobenchmarks, in Proc. 9th Int. Workshop on Discrete Event Syst.,WODES08, May 2008, pp. 119124.

[36] H. Andersen, An introduction to binary decision diagrams, Dept. In-form. Technol., Technical Univ. Denmark, Lyngby, Denmark, 1999,Tech. Rep..

[37] E. M. Clarke, K. L. Mcmillan, X. Zhao, M. Fujita, and J. Yang, Spec-tral transforms for large boolean functions with applications to tech-nology mapping, Form. Methods Syst. Des., vol. 10, no. 23, pp.

137148, 1997.[38] JavaBDD [Online]. Available: javabdd.sourceforge.net [Online].Available:

[39] , C. Lewerentz and T. Lindner, Eds., Formal Development of ReactiveSystemsCase Study Production Cell, ser. Lecture Notes in ComputerScience. New York, NY, USA: Springer, 1995, vol. 891, ch. II, pp.719.

[40] C. Ma, Nonblocking supervisory control of state tree structures,Ph.D. dissertation, Univ. Toronto, Toronto, ON, Canada, 2005.

[41] F. Cassez, J. J. Jessen, K. G. Larsen, J.-F. Raskin, and P.-A. Reynier,Automatic synthesis of robust and optimal controllersAn industrialcase study, in Proc. 12th Int. Conf. Hybrid Syst.: Comput. Control,2009, pp. 90104.

[42] M. C. Zhou, F. Dicesare, and D. L. Rudolph, Design and imple-mentation of a Petri net based supervisor for a flexible manufacturingsystem,Automatica, vol. 28, no. 6, pp. 11991208, Nov. 1992.

[43] J. O. Moody and P. J. Antsaklis, Superviso ry Control of Discrete EventSystems Using Petri Nets. Norwell, MA, USA: Kluwer, 1998.

[44] L. Feng, K. Cai, andW. M. Wonham,A structural approach tothe non-blocking supervisory control of discrete-event systems, Int. J. Adv.Manuf. Technol., vol. 41, no. 1112, pp. 11521168, 2009.

[45] M. R. Shoaei, S. Miremadi, K. Bengtsson, and B. Lennartson, Re-duced-order synthesis of operation sequences, in Proc. EEE 16thConf. Emerging Technol. Factory Autom. (ETFA), 2011, pp. 18.

[46] R. Su, J. Schupen, and J. Rooda, Aggregative synthesis of distributedsupervisors based on automaton abstraction, IEEE Trans. Autom.Control, vol. 55, no. 7, pp. 12671640, 2010.

Sajed Miremadiwas born in Linkping, Sweden, in1983. He received the B.Sc. degree in computer en-gineering from the Sharif University of Technology,Tehran, Iran, in 2006, the M.Sc. degree in computerscience from Linkping University, Linkping,Sweden, in 2008, and the Ph.D. degree in automationfrom Chalmers University of Technology, Gothen-

burg, Sweden, in 2012.His main research interests include supervisory

control and optimization of untimed and timeddiscrete event systems, using formal methods.

Zhennan Feireceived the M.Sc. degree in computerscience from Chalmers University of Technology,Gothenburg, Sweden, in 2009. He is currently

pursuing the Ph.D. degree in automation at ChalmersUniversity of Technology.

His main research interests include supervisorycontrol and automated planning of discrete-eventsystems.

Knut lessonreceived the M.S. degree in computerscience and engineering from the Lund Institute ofTechnology, Lund, Sweden, in 1997 and the Ph.D.degree in control engineering from Chalmers Univer-sity of Technology, Gothenburg, Sweden, in 2002.

Currently, he is an Associate Professor with theDepartment of Signals and Systems, Chalmers Uni-versity of Technology, where his main research in-terest is to develop and applying formal methods forverification and synthesis of control logic.

Bengt Lennartson (M10) was born in Gnosj,Sweden, in 1956. He received the Ph.D. degreein automatic control from Chalmers University ofTechnology, Gothenburg, Sweden, in 1986.

Since 1999, he has been a Professor of the Chairof Automation, Department of Signals and Systems.He was Dean of Education at Chalmers Universityof Technology from 2004 to 2007, and since 2005,he is a Guest Professor at University West, Troll-httan. He was Chairman of the Ninth InternationalWorkshop on Discrete-Event Systems, WODES08,

Associate Editor forAutomaticafrom 2002 to 2005, and currently is Co-Chairof the RAS-TC on Sustainable Production Automation, and Associate Editorfor IEEE TRANSACTION ONAUTOMATION SCIENCE AND ENGINEERING. He is(co)author of two books and 220 peer reviewed international papers with morethan 3800 citations (GS). His main areas of interest include discrete event and

hybrid systems, especially for manufacturing applications, as well as robustfeedback control.

Documents

Simbolic Representation and Computation of Timed Discrete Events Systems