Synthesis of Inference-Based Decentralized Control for Discrete Event Systems

522 IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 53, NO. 2, MARCH 2008

Synthesis of Inference-Based Decentralized Controlfor Discrete Event Systems

Shigemasa Takai, Member, IEEE, and Ratnesh Kumar, Fellow, IEEE

Abstract—In our past work, we presented a framework for thedecentralized control of discrete event systems involving inferenc-ing over ambiguities, about the system state, of various local deci-sion makers. Using the knowledge of the self-ambiguity and thoseof the others, each local control decision is tagged with a certainambiguity level (level zero being the minimum and representingno ambiguity). A global control decision is taken to be a “win-ning” local control decision, i.e., one with a minimum ambiguitylevel. For the existence of a decentralized supervisor, so that foreach controllable event the ambiguity levels of all winning dis-ablement or enablement decisions are bounded by some numberN (such a supervisor is termed N -inferring), the notion of N -inference-observability was introduced. When the given specifi-cation fails to satisfy the N -inference-observability property, anN -inferring supervisor achieving the entire specification does notexist. We first show that the class of N -inference-observable sub-languages is not closed under union implying that the supremal N -inference-observable sublanguage need not exist. We next providea technique for synthesizing an N -inferring decentralized super-visor that achieves an N -inference-observable sublanguage of thespecification. The sublanguage achieved equals the specificationlanguage when the specification itself is N -inference-observable.A formula for the synthesized sublanguage is also presented. Forthe special cases of N = 0 and N = 1, the proposed supervi-sor achieves the same language as those reported in [25], [31] (forN = 0) and [32] (for N = 1). The synthesized supervisor is pa-rameterized by N (the parameter bounding the ambiguity level),and as N is increased, the supervisor becomes strictly more per-missive in general. Thus, a user can choose N based on the de-gree of permissiveness and the degree of computational complexitydesired.

Index Terms—Ambiguity, decentralized control, discrete eventsystems, inference-observability, inferencing, knowledge.

I. INTRODUCTION

IN ANY decentralized decision-making paradigm, such asdecentralized control or diagnosis, multiple decision mak-

ers, each with its own limited sensing and/or control capabili-ties, interact to come up with the global decisions. Presence oflimited sensing capabilities can lead to ambiguity in knowingthe system state, and thereby, ambiguity in decision making.

Manuscript received July 17, 2006; revised April 6, 2007. Recommendedby Associate Editor J. E. Ribeiro Cury. This work was supported in part by theNational Science Foundation under Grant NSF-ECS-0218207, Grant NSF-ECS-0244732, Grant NSF-EPNES-0323379, Grant NSF-ECS-0424048, and GrantNSF-ECS-0601570, and in part by the MEXT under Grant-in-Aid for ScientificResearch (C) 18560433.

S. Takai is with the Department of Information Science, Kyoto Institute ofTechnology, Kyoto 606-8585, Japan (e-mail: [email protected]).

R. Kumar is with the Department of Electrical and Computer Engineer-ing, Iowa State University, Ames, IA 50011-3060 USA (e-mail: [email protected]).

Digital Object Identifier 10.1109/TAC.2007.915171

Consider, for example, the problem of decentralized control ofdiscrete event systems (DESs). Suppose there exist two tracesthat are executable in the plant and are indistinguishable to alocal supervisor, and a locally controllable event that is fea-sible and legal following the first trace, whereas it is feasibleand illegal following the second trace. Since these two tracesare indistinguishable, upon receiving their observation, the localsupervisor will be ambiguous about whether to enable or disablethe locally controllable event. A similar situation can arise in thesetting of decentralized/distributed diagnosis when a faulty traceis indistinguishable from a nonfaulty trace to a local decisionmaker.

In the context of decentralized control, a knowledge-basedmechanism for assessing the self-ambiguity was presented in[16], and later, the same architecture was used for assessing theself-ambiguity as well as the ambiguities of the others in [17].The process of utilizing the knowledge of the self-ambiguity to-gether with the ambiguities of the others for the sake of decisionmaking was referred to as “inferencing” in [17] and “condition-ing” in [32]. The idea of conditioning was used in the contextof diagnosis in [29]. These prior inferencing-based approacheswere limited to a “single-level” of inferencing, and a compre-hensive framework allowing multilevel inferencing over variouslocal control decisions of varying levels of ambiguity was pre-sented in [6] and [7]. This framework supports 1) inferencingutilizing the knowledge of the self-ambiguity as well as the am-biguities of the other decision makers and 2) inferencing overan arbitrary number of levels of ambiguity. Also, an a prioripartitioning of controllable events into disjunctive/conjunctiveclasses as in [31] and [32] is not required. Each local supervisoruses its observations of the system behavior to come up with itscontrol decision together with a grade or level of ambiguity forthat control decision. The computation of an ambiguity gradeof a local decision requires the assessment of the self-ambiguitytogether with the ambiguities of the others. Our inference-baseddecentralized control framework is general enough to subsumethe earlier works on decentralized control that either had noinferencing [1]–[5], [9]–[14], [16], [18]–[22], [26]–[28], [30],[31] or had a single level of inferencing [17], [32]. A similarinferencing-based framework for the management of ambigui-ties in the decentralized diagnosis of failures was reported in [8]and [23].

A control decision with level-zero ambiguity is takenwhen the local supervisor is unambiguous about its enable-ment/disablement decision. This happens for a locally control-lable event if all the traces, producing the same observationas the one received, when extended by the locally controllableevent yield traces such that the ones feasible are either all legal

0018-9286/$25.00 © 2008 IEEE

TAKAI AND KUMAR: SYNTHESIS OF INFERENCE-BASED DECENTRALIZED CONTROL FOR DISCRETE EVENT SYSTEMS 523

or all illegal. Otherwise, a higher ambiguity level control deci-sion is issued. For example, a disablement decision of level-oneambiguity is issued for a certain controllable event following acertain observation if there exist certain traces, producing thesame observation as the one received, such that the extensionby the controllable event is feasible and legal in some caseswhereas feasible and illegal in some others. Existence of suchtraces is clearly the source of ambiguity for the local super-visor in question. Yet, suppose the local supervisor is able todetermine that for each trace for which the controllable eventextension is feasible and legal, there exists another local super-visor which can issue an enablement decision with level-zeroambiguity, then the local supervisor issues a disablement deci-sion with level-one ambiguity.

In general, a local supervisor will issue a disablement (resp.,enablement) decision with an ambiguity level N for a locallycontrollable event following a certain observation if for each“ambiguous” trace, producing the same observation as the onereceived, and possessing a feasible and legal (resp., illegal) con-trollable event extension, there exists another local supervisorthat can issue an enablement (resp., disablement) decision withan ambiguity level at most N − 1. Clearly, a level-zero am-biguity control decision is based on assessment of only theself-ambiguity, whereas a level-N ambiguity control decision isbased on assessment of the self-ambiguity together with the am-biguities of the other local supervisors such that for each tracethat creates the ambiguity, there exists another local supervisorwhich can issue a control decision with an ambiguity level atmost N − 1.

Following the execution of each event, all local supervisorsreceiving a new observation issue a control decision for each oftheir locally controllable events, tagged with a certain level ofambiguity. The global control decision for a controllable event istaken to be the same as a local control decision whose ambiguitylevel is the minimum. (Such a local decision can be consideredto be a “winning” local decision.) The notion of inference-observability was formulated in [6] and [7] to characterize theclass of languages achievable in the proposed framework of de-centralized control. The property of N -inference-observabilityensures that for each controllable event, the ambiguity levelsof all winning enablement or all winning disablement controldecisions are at most N .

When the given specification fails to satisfy the N -inference-observability property, an N -inferring supervisor achieving theentire specification does not exist. In this paper, we provide atechnique for synthesizing an N -inferring decentralized super-visor that achieves an N -inference-observable sublanguage ofthe specification. In the presence of N -inference-observability,1) the ambiguity levels of all winning decisions are at mostN + 1 and 2) for each controllable event, either all winningenablement or all winning disablement decisions have ambigu-ity levels at most N [6], [7]. In the absence of N -inference-observability, 1) a correct control decision may require anambiguity level to exceed N + 1, or 2) regardless of the am-biguity level explored, a correct decision may not be possible.In cases where a correct decision cannot be arrived at withan ambiguity level at most N + 1 by a local supervisor, it is-

sues a disablement decision with ambiguity level N + 1. Weshow that this maintains the N -inferringness of the decentral-ized control, and at the same time, ensures that the specificationis not violated. We also show that the resulting controlled lan-guage is an N -inference-observable sublanguage. Moreover,the sublanguage thus achieved equals the specification lan-guage when the specification itself is N -inference-observable.We also provide a closed-form formula for the languagesynthesized.

We show that the class of N -inference-observable sublan-guages is not closed under union implying that the supremal N -inference-observable sublanguage need not exist. For the specialcases of N = 0 and N = 1, the proposed supervisor achieves thesame language as those reported in [25] and [31] (for N = 0,i.e., for the case of C&P∨D&A-coobservability) and [32](for N = 1, i.e., for the case of conditional C&P∨D&A-coobservability). We also show that as the parameter N isincreased, the supervisor becomes strictly more permissive ingeneral. Thus, a user can choose N based on the degree ofpermissiveness and the degree of computational complexitydesired.

II. NOTATION AND PRELIMINARIES

We consider a DES modeled by an automaton G =(Q,Σ, δ, q0 , Qm ), where Q is the set of states, Σ is the finiteset of events, a partial function δ : Q × Σ → Q is the transitionfunction, q0 ∈ Q is the initial state, and Qm ⊆ Q is the set ofmarked states. Let Σ∗ be the set of all finite traces of elementsof Σ, including the empty trace ε. The function δ can be gen-eralized to δ : Q × Σ∗ → Q in the natural way. The generatedand marked languages of G, denoted by L(G) and Lm (G), re-spectively, are defined as L(G) = {s ∈ Σ∗| δ(q0 , s) is defined}and Lm (G) = {s ∈ Σ∗| δ(q0 , s) ∈ Qm}. Let K ⊆ Σ∗ be a lan-guage. We denote the set of all prefixes of traces in K by K.K is said to be (prefix-)closed if K = K. For supervisory con-trol purposes [15], the event set Σ is partitioned into two dis-joint subsets Σc and Σuc of controllable and uncontrollableevents, respectively. K is said to be controllable if KΣuc ∩L(G) ⊆ K.

Let the set C = {0, 1, φ} be the set of control decisions,where “0” represents a disablement decision, “1” represents anenablement decision, and “φ” represents an unsure (or pass)decision. Formally, a supervisor is defined as a map S : L(G) ×Σ → C such that S(s, σ) = 1 for each s ∈ L(G) and σ ∈ Σuc .We define the generated language L(S/G) under the controlaction of S. For this, we inductively define a sequence {Lk} oflanguages as follows:

1) L0 := {ε},2)

Lk+1 :=

{sσ ∈ L(G) ∩ LkΣ| S(s, σ) = 1},if Lk is defined and(∀sσ ∈ L(G) ∩ LkΣ)S(s, σ) �= φ

undefined, otherwise.


Then,

L(S/G) :={ ⋃

k∈N Lk , if (∀k ∈ N )Lk is defined

undefined, otherwise

where N denotes the set of nonnegative integers.S is said to be valid when L(S/G) is defined, i.e., none of

the control decisions for feasible events are unsure. When it isclear from context that L(S/G) is defined, the validity of S isunderstood and not explicitly mentioned. For a valid supervisorS, the definition of L(S/G) can be presented in the followingsimplified manner:

1) ε ∈ L(S/G),2) (∀s ∈ L(S/G),∀σ ∈ Σ)sσ ∈ L(S/G) ⇔ [sσ ∈

L(G) ∧ S(s, σ) = 1].

III. REVIEW OF THE INFERENCE-BASED

DECENTRALIZED CONTROL

We review the inference-based decentralized control frame-work introduced in [6] and [7]. In the decentralized controlsetting, there exist n local supervisors, whose decisions arefused to obtain a global control decision so that the controlledbehavior satisfies a (global) specification. Let Σic be the setof locally controllable events for the ith local supervisor Si

(i ∈ I := {1, 2, · · · , n}), in which case, Σc =⋃

i∈I Σic . Foreach controllable event σ ∈ Σc , the index set of local super-visors for which σ is controllable is denoted by In(σ) = {i ∈I| σ ∈ Σic}. The limited sensing capability of the ith local su-pervisor Si (i ∈ I) is represented as a local observation mask,Mi : Σ ∪ {ε} → ∆i ∪ {ε}, where ∆i is the set of locally ob-served symbols, and Mi(ε) = ε.

Each inference-based local supervisor Si is defined as a mapSi : Mi(L(G)) × Σic → C ×N , where for each s ∈ L(G) andσ ∈ Σic

Si(Mi(s), σ) = (ci(Mi(s), σ), ni(Mi(s), σ)).

Here ci(Mi(s), σ) ∈ C denotes the control decision of Si fora locally controllable event σ ∈ Σic following an observationMi(s) ∈ Mi(L(G)), and ni(Mi(s), σ) ∈ N denotes the am-biguity level of the control decision of Si . Let n(s, σ) be theminimum ambiguity level of local decisions, i.e.,

n(s, σ) := mini∈In(σ )

ni(Mi(s), σ).

The decentralized supervisor {Si}i∈I that consists of localsupervisors Si (i ∈ I) issues global decisions on controllableevents. Formally, {Si}i∈I is defined as a map {Si}i∈I : L(G) ×Σ → C. For each s ∈ L(G) and σ ∈ Σ, the control decision{Si}i∈I (s, σ) is given as follows:

1) If σ ∈ Σc ,

{Si}i∈I (s, σ)

=

1, if ∀i ∈ In(σ) s.t. ni(Mi(s), σ) = n(s, σ);ci(Mi(s), σ) = 1

0, if ∀i ∈ In(σ) s.t. ni(Mi(s), σ) = n(s, σ);ci(Mi(s), σ) = 0

φ, otherwise.

2) If σ ∈ Σuc , {Si}i∈I (s, σ) = 1.In other words, for a controllable event, a global control de-

cision is taken to be the same as the minimum ambiguity levellocal control decision.

A useful notion of a decentralized supervisor is the bounded-ness of the ambiguity level of its “winning” decisions. A super-visor is said to be N -inferring if for each controllable event, allwinning enablement or all winning disablement decisions haveambiguity levels at most N .

Definition 1 [6], [7]: A decentralized supervisor {Si}i∈I :L(G) × Σ → C is said to be N -inferring if for each σ ∈ Σc ,either

(∀s ∈ L({Si}i∈I /G) s.t. sσ ∈ L(G))

{Si}i∈I (s, σ) = 0 ⇒ n(s, σ) ≤ N

or

(∀s ∈ L({Si}i∈I /G) s.t. sσ ∈ L(G))

{Si}i∈I (s, σ) = 1 ⇒ n(s, σ) ≤ N.

Given a specification K ⊆ L(G) of the plant language, wedivide K into a set of language pairs, one pair for each control-lable event σ ∈ Σc . The set D0(σ) ⊆ K is the set of traces inK where σ must be disabled (s ∈ D0(σ) ⇔ sσ ∈ L(G) − K),whereas the set E0(σ) ⊆ K is the set of traces where σ must beenabled (s ∈ E0(σ) ⇔ sσ ∈ K). Using these as the base step,we inductively define a monotonically decreasing sequence oflanguage pair (Dk (σ), Ek (σ)) as follows:

1){

D0(σ) := {s ∈ K| sσ ∈ L(G) − K}E0(σ) := {s ∈ K| sσ ∈ K}.

2)

{Dk+1(σ) := Dk (σ) ∩

( ⋂i∈In(σ ) M−1

i Mi(Ek (σ)))

Ek+1(σ) := Ek (σ) ∩(⋂

i∈In(σ ) M−1i Mi(Dk (σ))

).

Note that Dk+1(σ) is a sublanguage of Dk (σ) consisting oftraces for which there exists an Mi-indistinguishable trace inEk (σ) for each i ∈ In(σ). As a result, all the local supervi-sors that have control over σ will be ambiguous about theircontrol decision for σ following the execution of a trace inDk+1(σ) (and as we will see next, their ambiguity level will beat least as high as k + 1). The sublanguage Ek+1(σ) of Ek (σ)can be understood in a similar fashion. The language Dk+1(σ)has the following intuitive interpretation: It consists of thosetraces for which the required control for σ is disablement, butall supervisors remain ambiguous about it even after k-levelsof inferencing. A dual interpretation exists for the languageEk+1(σ).

Then, we have the following definition of N -inference-observability.

Definition 2 [6], [7]: A language K ⊆ L(G) is said to beN -inference-observable if for any σ ∈ Σc , [DN +1(σ) = ∅] ∨[EN +1(σ) = ∅].

The following theorem shows the necessity and sufficiency ofN -inference-observability for the existence of an N -inferringdecentralized supervisor enforcing the given specification.


Fig. 1. Automata G and GK of Example 1.

Theorem 1 [6], [7]: For a nonempty language K ⊆ L(G),there exists an N -inferring decentralized supervisor {Si}i∈I :L(G) × Σ → C such that L({Si}i∈I /G) = K if and only if Kis controllable and N -inference-observable.

Example 1: We consider a plant modeled by the automatonG shown in Fig. 1(a). Let n = 2, Σc = Σ1c = Σ2c = {c}

M1(σ) ={

σ, if σ ∈ {a, a′, a′′, d}ε, otherwise

M2(σ) ={

σ, if σ ∈ {b, b′, b′′, d}ε, otherwise.

Also, let K ⊆ L(G) be a closed language generated by theautomaton GK shown in Fig. 1(b). Clearly, K is controllable.

We show that K is 3-inference-observable. Initially, we have

D0(c) = {a, b, ab′a′′, ba′b′′, d, dab′, dba′}E0(c) = {ε, ab′, ba′, da, db, dab′a′′, dba′b′′}.

Since

M1(D0(c)) = {ε, a, a′, aa′′, d, da, da′}M2(D0(c)) = {ε, b, b′, bb′′, d, db, db′}M1(E0(c)) = {ε, a, a′, d, da, da′, daa′′}M2(E0(c)) = {ε, b, b′, d, db, db′, dbb′′}

we have

D1(c) = D0(c) ∩

⋂

i∈In(c)

M−1i Mi(E0(c))

= {a, b, d, dab′, dba′},

E1(c) = E0(c) ∩

⋂

i∈In(c)

M−1i Mi(D0(c))

= {ε, ab′, ba′, da, db}.Also, since

M1(D1(c)) = {ε, a, d, da, da′}M2(D1(c)) = {ε, b, d, db, db′}M1(E1(c)) = {ε, a, a′, d, da}M2(E1(c)) = {ε, b, b′, d, db}

we have

D2(c) = D1(c) ∩

⋂

i∈In(c)

M−1i Mi(E1(c))

= {a, b, d}

E2(c) = E1(c) ∩

⋂

i∈In(c)

M−1i Mi(D1(c))

= {ε, da, db}.Moreover, since

M1(D2(c)) = {ε, a, d}, M2(D2(c)) = {ε, b, d},M1(E2(c)) = {ε, d, da},M2(E2(c)) = {ε, d, db},

we have

D3(c) = D2(c) ∩

⋂

i∈In(c)

M−1i Mi(E2(c))

= {d}

E3(c) = E2(c) ∩

⋂

i∈In(c)

M−1i Mi(D2(c))

= {ε}.

Furthermore, since

M1(D3(c)) = M2(D3(c)) = {d}M1(E3(c)) = M2(E3(c)) = {ε}

we have

D4(c) = D3(c) ∩

⋂

i∈In(c)

M−1i Mi(E3(c))

= ∅

E4(c) = E3(c) ∩

⋂

i∈In(c)

M−1i Mi(D3(c))

= ∅

which implies that K is 3-inference-observable.Remark 1: It was shown in [7] that C&P∨D&A-

coobservability [31] and conditional C&P∨D&A-coobserv-ability [32] are equivalent to 0-inference-observability and1-inference-observability, respectively.

Note that to arrive at a correct control decision for each con-trollable event σ following each trace, it suffices to have eitherDN +1(σ) = ∅ (which implies EN +2(σ) = ∅) or the dual prop-erty that EN +1(σ) = ∅ (which implies DN +2(σ) = ∅). Then,for each controllable event, either all winning disablement deci-sions or all winning enablement decisions will have ambiguity


levels bounded by N . It was shown in [7] that the N -inference-observability is strictly weaker than the condition

∀σ ∈ Σc : [DN +1(σ) = ∅] ∧ [EN +1(σ) = ∅].

In other words, requiring all winning decisions (both enable-ments as well as disablements) to have ambiguity levels boundedby N will imply that the corresponding class of controlledsystem languages will be a strict subclass of the class ofN -inference-observable languages.

Assume that a language K ⊆ L(G) is N -inference-observable so that for each σ ∈ Σc either DN +1(σ) = ∅ orEN +1(σ) = ∅. Note that the former implies EN +2(σ) = ∅,whereas the latter implies DN +2(σ) = ∅. Knowing that a spec-ification language is N -inference-observable, a local supervisorcan compute its control decision and associate a level of ambi-guity with it as follows. For each s ∈ L(G) and σ ∈ Σic , the ithlocal supervisor Si computes

ndi (Mi(s), σ) := min{k ∈ N| Mi(s) /∈ Mi(Ek (σ))} (1)

nei (Mi(s), σ) := min{k ∈ N| Mi(s) /∈ Mi(Dk (σ))}. (2)

The notation ndi (Mi(s), σ) represents the ambiguity level of

a disablement decision “contemplated” by the ith supervisorfor the event σ following the observation Mi(s). Similarly,ne

i (Mi(s), σ) represents the ambiguity level of an enablementdecision “contemplated” by the ith supervisor for the event σfollowing the observation Mi(s). Which of the two contem-plated decisions is ultimately issued is decided by comparingthe two ambiguity levels, nd

i (Mi(s), σ) vs. nei (Mi(s), σ), and

favoring the smaller one.For a local supervisor Si : Mi(L(G)) × Σic → C ×N , its

control decision and ambiguity level for a controllable eventσ ∈ Σic following an observation Mi(s) ∈ Mi(L(G)), i.e.,Si(Mi(s), σ) = (ci(Mi(s), σ), ni(Mi(s), σ)), is determined asfollows:

ci(Mi(s), σ) =

1, if nei (Mi(s), σ) < nd

i (Mi(s), σ)0, if nd

i (Mi(s), σ) < nei (Mi(s), σ)

φ, otherwise,

(3)

and

ni(Mi(s), σ) = min{ndi (Mi(s), σ), ne

i (Mi(s), σ)}. (4)

The decentralized supervisor {Si}i∈I : L(G) × Σ → C thatconsists of local supervisors Si : Mi(L(G)) × Σic → C ×N (i ∈ I) given by (1)–(4) is N -inferring and satisfiesL({Si}i∈I /G) = K whenever K satisfies the conditions ofTheorem 1.

Example 2: We revisit the setting of Example 1, where thegiven specification was shown to be 3-inference-observable.The local decisions of S1 and S2 computed using (1)–(4) areshown in Table I. Then, the global control decisions of thedecentralized supervisor {Si}i∈I on c are computed as shown inTable II. It follows from Table II that L({Si}i∈I /G) is definedand L({Si}i∈I /G) = K. Further, all winning decisions on chave ambiguity levels at most 3, which implies that {Si}i∈I is3-inferring.

TABLE ILOCAL DECISIONS OF S1 AND S2

TABLE IIGLOBAL DECISIONS OF {Si}i∈I

IV. NONPRESERVATION OF N -INFERENCE-OBSERVABILITY

UNDER UNION

When the index set I of local supervisors is singleton, N -inference-observability is equivalent to observability. So, it isexpected that N -inference-observability is not preserved underunion. We establish this in the following result.

Theorem 2: For any N ∈ N , N -inference-observability is notpreserved under union in general.

Proof: Consider the automaton G shown in Fig. 2(a), whereL(G) = {adic, bdic| i ∈ I}. Let Σc = Σic = {a, b, c} and

Mi(σ) ={

σ, if σ = di

ε, otherwise

for any i ∈ I . Also, let K1 = {adic| i ∈ I} and K2 ={bdi | i ∈ I} ⊆ L(G) be closed languages generated by theautomata GK 1 and GK 2 shown in Figs. 2(b) and 2(c),respectively.

For K1 , since D0(a) = ∅, E0(b) = ∅, and D0(c) = ∅, K1 isN -inference-observable for any N ∈ N . Also, for K2 , sinceE0(a) = ∅, D0(b) = ∅, and E0(c) = ∅, K2 is N -inference-observable for any N ∈ N . We show that, however, the unionK1 ∪ K2 is not N -inference-observable for any N ∈ N . For


Fig. 2. Automata G, GK 1 , and GK 2 of Theorem 2.

K1 ∪ K2 , we have

D0(c) = {bd1 , bd2 , · · · , bdn}, E0(c) = {ad1 , ad2 , · · · , adn}.

Since Mi(D0(c)) = Mi(E0(c)) = {ε, di} for any i ∈ I ,we have D1(c) = D0(c) and E1(c) = E0(c). It fol-lows that Dk (c) = {bd1 , bd2 , · · · , bdn} �= ∅ and Ek (c) ={ad1 , ad2 , · · · , adn} �= ∅ for any k ∈ N , implying that K1 ∪K2 is not N -inference-observable. Further, the supremalN -inference-observable sublanguage of K1 ∪ K2 does notexist. �

The aforesaid theorem shows that the class of N -inference-observable sublanguages is not closed under union implying thatthe supremal N -inference-observable sublanguage does not ex-ist in general. In the following, we present a way to synthesize anN -inferring supervisor that achieves an N -inference-observablesublanguage with the property that the enforced language equalsthe specification language when the latter is itself N -inference-observable.

V. SYNTHESIS FOR ENFORCING N -INFERENCE-OBSERVABLE

SUBLANGUAGE

Throughout this paper, we assume that a control specificationis given by a nonempty and controllable language K ⊆ L(G).To enforce a sublanguage of K, a disablement decision is re-quired for σ ∈ Σc following traces in D0(σ) = {s ∈ K| sσ ∈L(G) − K}. Then, the traces that can cause ambiguity arethe traces E0(σ) = {s ∈ K| sσ ∈ K} = {s ∈ L(G)| sσ ∈ K}following which, an enablement decision for σ is desired toenhance the permissiveness of control. In the presence of N -inference-observability, 1) the ambiguity levels of all winningdecisions are at most N + 1 and 2) for each controllable event,either all winning enablement or all winning disablement deci-sions have ambiguity levels at most N [6], [7]. In the absenceof N -inference-observability, 1) a correct control decision mayrequire an ambiguity level to exceed N + 1, or 2) regardlessof the ambiguity level explored, a correct decision may not be

possible. In cases where a correct decision cannot be arrived atwith an ambiguity level at most N + 1 by a local supervisor, itissues a disablement decision with ambiguity level N + 1. Thisis formalized as follows.

For each s ∈ L(G) and σ ∈ Σic , let

nd,Ni (Mi(s), σ)

:=

min {k ∈ N| Mi(s) /∈ Mi(Ek (σ))}if DN +1(σ) = ∅ ∨ EN +1(σ) = ∅

min{k ∈ N| Mi(s) /∈ Mi(Ek (σ)) ∨ k = N + 1}if DN +1(σ) �= ∅ ∧ EN +1(σ) �= ∅.

(5)

ne,Ni (Mi(s), σ)

:=

min{k ∈ N| Mi(s) /∈ Mi(Dk (σ))}if DN +1(σ) = ∅ ∨ EN +1(σ) = ∅

min{k ∈ N| Mi(s) /∈ Mi(Dk (σ)) ∨ k = N + 1}if DN +1(σ) �= ∅ ∧ EN +1(σ) �= ∅.

(6)

By the aforesaid definitions, when DN +1(σ) �= ∅ andEN +1(σ) �= ∅, nd,N

i (Mi(s), σ) and ne,Ni (Mi(s), σ) are

bounded above by N + 1.We define a local supervisor SN

i : Mi(L(G)) × Σic → C ×N . The pair SN

i (Mi(s), σ) = (cNi (Mi(s), σ), nN

i (Mi(s), σ))of its control decision and ambiguity level for a locally con-trollable event σ ∈ Σic following an observation Mi(s) ∈Mi(L(G)) is determined as follows:

cNi (Mi(s), σ)

=

1, if ne,Ni (Mi(s), σ) < nd,N

i (Mi(s), σ)

0, if [nd,Ni (Mi(s), σ) < ne,N

i (Mi(s), σ)]∨[DN +1(σ) �= ∅ ∧ EN +1(σ) �= ∅∧nd,N

i (Mi(s), σ) = ne,Ni (Mi(s), σ) = N + 1]

φ, otherwise

(7)

and

nNi (Mi(s), σ)

= min{nd,Ni (Mi(s), σ), ne,N

i (Mi(s), σ)}. (8)

We denote the minimum ambiguity level of local decisionsby nN (s, σ), i.e.,

nN (s, σ) := mini∈In(σ )

nNi (Mi(s), σ).

We first show that the decentralized supervisor defined by thelocal supervisors (5)–(8) is valid and achieves a sublanguage ofK. This requires the following two lemmas.

Lemma 1: For any N ∈ N , consider the decentralized super-visor {SN

i }i∈I : L(G) × Σ → C for which the local supervi-sors are given by (5)–(8). Then, for any s ∈ K and any σ ∈ Σc

s ∈ E0(σ) ⇒ s ∈ EnN (s,σ )(σ)

s ∈ D0(σ) ⇒ s ∈ DnN (s,σ )(σ).


Proof: We begin by proving the first part. Suppose for contra-diction that s ∈ E0(σ) and s /∈ EnN (s,σ )(σ). There exists l ∈N such that 0 ≤ l < nN (s, σ), s ∈ El(σ), and s /∈ El+1(σ).Since s ∈ El(σ) and s /∈ El+1(σ), there exists i ∈ In(σ) suchthat s /∈ M−1

i Mi(Dl(σ)). It follows that Mi(s) /∈ Mi(Dl(σ)).Thus, we have

nNi (Mi(s), σ) ≤ ne,N

i (Mi(s), σ)

≤ min{k ∈ N| Mi(s) /∈ Mi(Dk (σ))}≤ l

< nN (s, σ)

which contradicts the definition of nN (s, σ).We next prove the second part. Suppose for contradiction that

s ∈ D0(σ) and s /∈ DnN (s,σ )(σ). There exists l′ ∈ N such that0 ≤ l′ < nN (s, σ), s ∈ Dl ′(σ), and s /∈ Dl ′+1(σ). Since s ∈Dl ′(σ) and s /∈ Dl ′+1(σ), there exists i′ ∈ In(σ) such that s /∈M−1

i′ Mi ′(El ′(σ)). It follows that Mi ′(s) /∈ Mi ′(El ′(σ)). Thus,we have

nNi ′ (Mi ′(s), σ) ≤ nd,N

i ′ (Mi ′(s), σ)

≤ min{k ∈ N| Mi ′(s) /∈ Mi ′(Ek (σ))}≤ l′

< nN (s, σ)

which contradicts the definition of nN (s, σ). �Lemma 2: For any N ∈ N , consider the decentralized super-

visor {SNi }i∈I : L(G) × Σ → C for which the local supervi-

sors are given by (5)–(8). Then for any s ∈ K and any σ ∈ Σc

sσ ∈ L(G) ⇒ {SNi }i∈I (s, σ) ∈ {0, 1}

sσ ∈ L(G) − K ⇒ {SNi }i∈I (s, σ) = 0.

Proof: We begin by proving the first part. Supposefor contradiction that sσ ∈ L(G) and {SN

i }i∈I (s, σ) = φ.There exist i, j ∈ In(σ) such that nN (s, σ) = nN

i (Mi(s), σ) =nN

j (Mj (s), σ), cNi (Mi(s), σ) �= 1, and cN

j (Mj (s), σ) �= 0.Since cN

i (Mi(s), σ) �= 1, we have by (7) and (8) that

nN (s, σ) = nNi (Mi(s), σ) = nd,N

i (Mi(s), σ).

Also, since cNj (Mj (s), σ) �= 0, we have

nN (s, σ) = nNj (Mj (s), σ) = ne,N

j (Mj (s), σ).

We show that Mi(s) /∈ Mi(EnN (s,σ )(σ)) and Mj (s) /∈Mj (DnN (s,σ )(σ)). If DN +1(σ) = ∅ or EN +1(σ) = ∅, we haveby (5) and (6) that Mi(s) /∈ Mi(EnN (s,σ )(σ)) and Mj (s) /∈Mj (DnN (s,σ )(σ)). We consider the case that DN +1(σ) �= ∅and EN +1(σ) �= ∅. If cN

j (Mj (s), σ) = φ, we have

nd,Nj (Mj (s), σ) = ne,N

j (Mj (s), σ) ≤ N

which implies that nN (s, σ) = nd,Ni (Mi(s), σ) = ne,N

j

(Mj (s), σ) < N + 1. If cNj (Mj (s), σ) = 1, we have

nN (s, σ) = nd,Ni (Mi(s), σ)

= ne,Nj (Mj (s), σ)

< nd,Nj (Mj (s), σ)

≤ N + 1.

Since nN (s, σ) = nd,Ni (Mi(s), σ) = ne,N

j (Mj (s), σ) < N +1, we have by (5) and (6) that


= min{k ∈ N| Mi(s) /∈ Mi(Ek (σ))}

and

nN (s, σ) = ne,Nj (Mj (s), σ)

= min{k ∈ N| Mj (s) /∈ Mj (Dk (σ))}.

Again, we have Mi(s) /∈ Mi(EnN (s,σ )(σ)) and Mj (s) /∈Mj (DnN (s,σ )(σ)). It follows that s /∈ EnN (s,σ )(σ) and s /∈DnN (s,σ )(σ).

Since s ∈ K and sσ ∈ L(G), we have s ∈ E0(σ) ∪ D0(σ).It follows from Lemma 1 that s ∈ EnN (s,σ )(σ) ∪ DnN (s,σ )(σ).This is a contradiction.

Next, we prove the second part. By the first partof this lemma, it suffices to show that if sσ ∈ L(G) −K, then {SN

i }i∈I (s, σ) �= 1. Suppose for contradiction thatsσ ∈ L(G) − K and {SN

i }i∈I (s, σ) = 1. Then, we havecNi (Mi(s), σ) = 1 for any i ∈ In(σ) such that nN (s, σ) =

nNi (Mi(s), σ). It follows that nN (s, σ) = ne,N

i (Mi(s), σ).We show that Mi(s) /∈ Mi(DnN (s,σ )(σ)). If DN +1(σ) = ∅or EN +1(σ) = ∅, then we have by (6) that Mi(s) /∈Mi(DnN (s,σ )(σ)). If DN +1(σ) �= ∅ and EN +1(σ) �= ∅,

then nN (s, σ) = ne,Ni (Mi(s), σ) < nd,N

i (Mi(s), σ) ≤ N + 1,which implies together with (6) that

nN (s, σ) = ne,Ni (Mi(s), σ)

= min{k ∈ N| Mi(s) /∈ Mi(Dk (σ))}.

Again, we have Mi(s) /∈ Mi(DnN (s,σ )(σ)). It follows that s /∈DnN (s,σ )(σ). Also, since s ∈ K and sσ ∈ L(G) − K, we haves ∈ D0(σ). This contradicts Lemma 1. �

The following lemma shows that the decentralized supervisordefined by the local supervisors (5)–(8) is valid and achieves asublanguage of K.

Lemma 3: For any N ∈ N , consider the decentralized super-visor {SN

i }i∈I : L(G) × Σ → C for which the local supervi-sors are given by (5)–(8). Then, L({SN

i }i∈I /G) is defined andL({SN

i }i∈I /G) ⊆ K.Proof: It suffices to show that Lk is defined and satisfies

Lk ⊆ K for all k ∈ N for {SNi }i∈I . Since K is nonempty,

we have {ε} = L0 ⊆ K. For the induction step, suppose thatLk is defined and satisfies Lk ⊆ K for some k ∈ N . By thefirst part of Lemma 2, we have {SN

i }i∈I (s, σ) �= φ for anysσ ∈ L(G) ∩ LkΣ ⊆ L(G) ∩ KΣ, which implies that Lk+1

is defined. We consider any sσ ∈ L(G) ∩ LkΣ ⊆ L(G) ∩ KΣsuch that {SN

i }i∈I (s, σ) = 1. If σ ∈ Σuc , then controllability ofK implies that sσ ∈ K. If σ ∈ Σc , then we have by the secondpart of Lemma 2 that sσ ∈ K. Thus, we have Lk+1 ⊆ K. �

The next lemma establishes the N -inferringness of the de-centralized supervisor defined by the local supervisors (5)–(8).


Lemma 4: For any N ∈ N , the decentralized supervisor{SN

i }i∈I : L(G) × Σ → C for which the local supervisors aregiven by (5)–(8) is N -inferring.

Proof: We first consider the case that DN +1(σ) = ∅. Considerany s ∈ L(G) such that {SN

i }i∈I (s, σ) = 0. For any i ∈ In(σ)such that nN (s, σ) = nN

i (Mi(s), σ), we have cNi (Mi(s), σ) =

0, which implies that nNi (Mi(s), σ) = nd,N

i (Mi(s), σ) <

ne,Ni (Mi(s), σ). Also, since DN +1(σ) = ∅, we have Mi(s) /∈

Mi(DN +1(σ)), which implies that ne,Ni (Mi(s), σ) ≤ N + 1.

It follows that nN (s, σ) = nNi (Mi(s), σ) ≤ N . Thus, the first

condition of Definition 1 holds.We next consider the case that EN +1(σ) = ∅. Consider any

s ∈ L(G) such that {SNi }i∈I (s, σ) = 1. For any i ∈ In(σ)

such that nN (s, σ) = nNi (Mi(s), σ), we have cN

i (Mi(s), σ) =1, which implies that nN

i (Mi(s), σ) = ne,Ni (Mi(s), σ) <

nd,Ni (Mi(s), σ). Also, since EN +1(σ) = ∅, we have Mi(s) /∈

Mi(EN +1(σ)), which implies that nd,Ni (Mi(s), σ) ≤ N + 1. It

follows that nN (s, σ) = nNi (Mi(s), σ) ≤ N . Thus, the second

condition of Definition 1 holds.Finally, we consider the case that DN +1(σ) �= ∅

and EN +1(σ) �= ∅. Consider any s ∈ L(G) such that{SN

i }i∈I (s, σ) = 1. For any i ∈ In(σ) such that nN (s, σ) =nN

i (Mi(s), σ), we have cNi (Mi(s), σ) = 1, which implies

that nNi (Mi(s), σ) = ne,N

i (Mi(s), σ) < nd,Ni (Mi(s), σ) ≤

N + 1. It follows that nN (s, σ) = nNi (Mi(s), σ) ≤ N ,

implying the second condition of Definition 1 holds. �Using the lemmas of the section, the main result of the sec-

tion is established in the following theorem, which states thatthe decentralized supervisor defined by the local supervisors(5)–(8) achieves a closed, controllable, and N -inference-observable sublanguage of K.

Theorem 3: For any N ∈ N , consider the decentralized su-pervisor {SN

i }i∈I : L(G) × Σ → C for which the local super-visors are given by (5)–(8). Then, L({SN

i }i∈I /G) is a closed,controllable, and N -inference-observable sublanguage of K.Further, {SN

i }i∈I is N -inferring.Proof: By Lemma 3, L({SN

i }i∈I /G) is a closed sublanguageof K. Also, Lemma 4 shows that {SN

i }i∈I is N -inferring. ByTheorem 1, L({SN

i }i∈I /G) is controllable and N -inference-observable. �

Remark 2: From the definition of local supervisors givenby (5)–(8), their synthesis complexity is determined by thecomplexity of computing the languages {Dk (σ), Ek (σ)| k ≤N + 1, σ ∈ Σc}, which is discussed in [6, Remark 1] and [7,Remark 2].

Example 3: Consider the plant G and the closed languageK ⊆ L(G) given in Example 1. As shown in Example 1, Kis not 2-inference-observable. We synthesize the 2-inferringdecentralized supervisor {S2

i }i∈I that achieves a 2-inference-observable sublanguage of K.

We use languages {Dk (c), Ek (c)| k ≤ 3} computed inExample 1 to synthesize the local supervisors S2

1 and S22 given

by (5)–(8). The local decisions of S21 and S2

2 are shown inTable III. Then, the global control decisions of the decen-tralized supervisor {S2

i }i∈I on c are computed as shown inTable IV. It follows from Table IV that L({S2

i }i∈I /G) is de-

TABLE IIILOCAL DECISIONS OF S2

1 AND S22

TABLE IVGLOBAL DECISIONS OF {S2

i }i∈I

Fig. 3. Generator of L({S2i }i∈I /G).

fined and L({S2i }i∈I /G) ⊆ K. The equality does not hold since

c is legal but unnecessarily disabled at the initial state. Theautomaton shown in Fig. 3 generates L({S2

i }i∈I /G). By Theo-rem 3, L({S2

i }i∈I /G) is 2-inference-observable, and {S2i }i∈I is

2-inferring.

VI. PROPERTIES OF THE SYNTHESIZED SUPERVISORS

In this section, we establish several properties of interest ofthe proposed decentralized supervisor. They all attest to thequality of the supervisor defined. The first property establishesthat the decentralized supervisor achieves exactly K whenever


K is N -inference-observable. We also obtain a formula of theachieved sublanguage. Using this formula, we next show that asthe parameter N is increased, the supervisor becomes strictlymore permissive in general. Finally, we show that for the specialcases of N = 0 and N = 1, the proposed supervisor achievesthe same language as those reported in [31] and [25] (for N = 0)and [32] (for N = 1).

We show that N -inference-observability of K is the neces-sary and sufficient condition for the decentralized supervisor{SN

i }i∈I to achieve exactly K. We need the following lemmathat clarifies the condition when a legal controllable event getsdisabled by the decentralized supervisor {SN

i }i∈I .Lemma 5: For any N ∈ N , consider the decentralized super-

visor {SNi }i∈I : L(G) × Σ → C for which the local supervi-

sors are given by (5)–(8). Then, for any s ∈ K and any σ ∈ Σc

such that sσ ∈ K

{SNi }i∈I (s, σ) = 0 ⇔ [s ∈ EN +1(σ) �= ∅ ∧ DN +1(σ) �= ∅].

Proof: First, we prove that

[s ∈ EN +1(σ) �= ∅ ∧ DN +1(σ) �= ∅] ⇒ {SNi }i∈I (s, σ) = 0.

Suppose for contradiction that {SNi }i∈I (s, σ) �= 0. Then, we

have {SNi }i∈I (s, σ) = 1. We have cN

i (Mi(s), σ) = 1 for anyi ∈ In(σ) such that nN (s, σ) = nN

i (Mi(s), σ). Since Mi(s) ∈Mi(EN +1(σ)), we have

nN (s, σ) = nNi (Mi(s), σ)

= ne,Ni (Mi(s), σ)

< nd,Ni (Mi(s), σ)

= N + 1

which implies together with (6) that

nN (s, σ) = ne,Ni (Mi(s), σ)

= min{k ∈ N| Mi(s) /∈ Mi(Dk (σ))}.

We have Mi(s) /∈ Mi(DnN (s,σ )(σ)), i.e., s /∈ M−1i Mi

(DnN (s,σ )(σ)). Since nN (s, σ) ≤ N , we have s /∈ M−1i Mi

(DN (σ)), which implies that s /∈ EN +1(σ). This is acontradiction.

Next, we prove that

{SNi }i∈I (s, σ) = 0 ⇒ [s ∈ EN +1(σ) �= ∅ ∧ DN +1(σ) �= ∅].

We have cNi (Mi(s), σ) = 0 for any i ∈ In(σ) such that

nN (s, σ) = nNi (Mi(s), σ). We suppose that nd,N

i (Mi(s), σ) <

ne,Ni (Mi(s), σ). Then, nN (s, σ) = nd,N

i (Mi(s), σ). Weshow that Mi(s) /∈ Mi(EnN (s,σ )(σ)). If DN +1(σ) = ∅or EN +1(σ) = ∅, then we have by (5) that Mi(s) /∈Mi(EnN (s,σ )(σ)). If DN +1(σ) �= ∅ and EN +1(σ) �= ∅, then

nN (s, σ) = nd,Ni (Mi(s), σ) < ne,N

i (Mi(s), σ) ≤ N + 1

which implies together with (5) that


= min{k ∈ N| Mi(s) /∈ Mi(Ek (σ))}.

Again, we have Mi(s) /∈ Mi(EnN (s,σ )(σ)). It follows thats /∈ EnN (s,σ )(σ). Also, since sσ ∈ K, we have s ∈ E0(σ).This contradicts Lemma 1. Thus, we have by (7) thatnd,N

i (Mi(s), σ) = ne,Ni (Mi(s), σ) = N + 1, DN +1(σ) �= ∅,

and EN +1(σ) �= ∅. It follows that nN (s, σ) = nNi (Mi(s), σ) =

N + 1. Since s ∈ E0(σ), we have by Lemma 1 that s ∈EnN (s,σ )(σ) = EN +1(σ). �

The following theorem establishes that whenever K is N -inference-observable, the proposed decentralized supervisorachieves the entire specification language.


i }i∈I : L(G) × Σ → C for which the local super-visors are given by (5)–(8). Then, L({SN

i }i∈I /G) = K if andonly if K is N -inference-observable.

Proof: (⇒) It follows from Lemma 4 that {SNi }i∈I is N -

inferring. By Theorem 1, K is N -inference-observable. �(⇐) By the second part of Lemma 2, it suffices to show that for

any s ∈ K and any σ ∈ Σc such that sσ ∈ K, {SNi }i∈I (s, σ) =

1. Since K is N -inference-observable, we have by Lemma 5 that{SN

i }i∈I (s, σ) �= 0, which implies together with the first partof Lemma 2 that {SN

i }i∈I (s, σ) = 1. �We next present a formula of the achieved sublanguage

L({SNi }i∈I /G). It states that the language achieved by the

proposed supervisor excludes precisely those traces from thespecification language for which a correct enablement decisionrequires exploring N + 2 or higher levels of ambiguity.


i }i∈I : L(G) × Σ → C for which the local super-visors are given by (5)–(8). Then

L({SNi }i∈I /G) = K −

⋃

σ∈Σ c , N

EN +1(σ){σ}

Σ∗

where Σc,N := {σ ∈ Σc | DN +1(σ) �= ∅ ∧ EN +1(σ) �= ∅}.Proof: Let

ΨN (K) := K −

⋃

σ∈Σ c , N

EN +1(σ){σ}

Σ∗.

We have ε ∈ L({SNi }i∈I /G) ∩ ΨN (K). Consider any s ∈

L({SNi }i∈I /G) ∩ ΨN (K) and σ′ ∈ Σ.

First, we show that if sσ′ ∈ L({SNi }i∈I /G), then sσ′ ∈

ΨN (K). Suppose for contradiction that sσ′ /∈ ΨN (K). Sincesσ′ ∈ L({SN

i }i∈I /G) ⊆ K, we have

sσ′ ∈

⋃

σ∈Σ c , N

EN +1(σ){σ}

Σ∗.

Also, since s ∈ ΨN (K), we have

s /∈

⋃

σ∈Σ c , N

EN +1(σ){σ}

Σ∗.

It follows that

sσ′ ∈⋃

σ∈Σ c , N

EN +1(σ){σ}.


Fig. 4. Generator of L({S1i }i∈I /G).

We have σ′ ∈ Σc , s ∈ EN +1(σ′), DN +1(σ′) �= ∅, andEN +1(σ′) �= ∅. By Lemma 5, we have {SN

i }i∈I (s, σ′) = 0,which contradicts sσ′ ∈ L({SN

i }i∈I /G).Next, we show that if sσ′ ∈ ΨN (K), then sσ′ ∈

L({SNi }i∈I /G). It suffices to show that {SN

i }i∈I (s, σ′) = 1.Suppose for contradiction that {SN

i }i∈I (s, σ′) �= 1. It followsthat σ′ ∈ Σc and {SN

i }i∈I (s, σ′) = 0. Since sσ′ ∈ ΨN (K) ⊆K, we have by Lemma 5 that s ∈ EN +1(σ′), DN +1(σ′) �= ∅,and EN +1(σ′) �= ∅. Then we have

sσ′ ∈

⋃

σ∈Σ c , N

EN +1(σ){σ}

Σ∗

which contradicts sσ′ ∈ ΨN (K). �Note that Σc,N +1 ⊆ Σc,N and EN +2(σ) ⊆ EN +1(σ) for any

σ ∈ Σc . So, using the formula shown in Theorem 5, the follow-ing monotonicity result is obtained.

Theorem 6: For any N ∈ N , L({SNi }i∈I /G) ⊆

L({SN +1i }i∈I /G).

As shown in the following example, the converse inclusionrelation of Theorem 6 need not hold.

Example 4: Consider the plant G and the closed languageK ⊆ L(G) given in Example 1. The automaton shown in Fig. 4generates L({S1

i }i∈I /G). We can verify that L({S2i }i∈I /G) is

strictly larger than L({S1i }i∈I /G).

Remark 3: In [24], we show that as the parameter N is in-creased, the language pair (DN (σ), EN (σ)) becomes strictlysmaller in general. This together with Theorem 5 implies thatthe permissiveness of the proposed decentralized supervisor in-creases strictly monotonically as the parameter N is increased.In other words, there does not exist an a priori upper boundfor the parameter N beyond which an increase in N willnot increase the permissiveness of the proposed decentralizedsupervisor.

In the remainder of the section, we examine the specialcases of N = 0 (case of C&P∨D&A-coobservability as in-vestigated in [31] and [25]) and N = 1 (case of conditionalC&P∨D&A-coobservability as investigated in [32]) and showthat the permissiveness of the supervisor proposed is identi-cal to the corresponding supervisors reported in the previouscitations. The following supervisor was synthesized in [31]:Sgdec : L(G) × Σ → C under a partition {Σce ,Σcd} of Σc . Foreach s ∈ L(G) and σ ∈ Σ, the control decision Sgdec(s, σ) isgiven as follows:

1) If σ ∈ Σce

Sgdec(s, σ)

={

1, if ∀i ∈ In(σ); M−1i Mi(s){σ} ∩ K �= ∅

0, otherwise.

2) If σ ∈ Σcd

Sgdec(s, σ)

=

1, if ∃i ∈ In(σ)(M−1

i Mi(s) ∩ K){σ} ∩ L(G) ⊆ K0, otherwise.

3) If σ ∈ Σuc , Sgdec(s, σ) = 1.By [31,Theorem 9], if {σ ∈ Σc | D1(σ) �= ∅} ⊆ Σcd , thenL(Sgdec/G) ⊆ K.

Theorem 7: If {σ ∈ Σc | D1(σ) �= ∅} = Σcd , thenL({S0

i }i∈I /G) = L(Sgdec/G).Proof: We have ε ∈ L({S0

i }i∈I /G) ∩ L(Sgdec/G). Considerany s ∈ L({S0

i }i∈I /G) ∩ L(Sgdec/G) and σ ∈ Σ.First, we show that if sσ ∈ L(Sgdec/G), then sσ ∈

L({S0i }i∈I /G). It suffices to show that {S0

i }i∈I (s, σ) = 1. Sup-pose for contradiction that {S0

i }i∈I (s, σ) �= 1. It follows thatσ ∈ Σc and {S0

i }i∈I (s, σ) = 0. Consider any i ∈ In(σ) suchthat n0(s, σ) = n0

i (Mi(s), σ). Then, we have c0i (Mi(s), σ) =

0. Also, since sσ ∈ L(Sgdec/G) ⊆ K, we have s ∈ E0(σ).We consider the case that σ ∈ Σce . Since D1(σ) = ∅, we have

Mi(s) /∈ Mi(D1(σ)), which implies that ne,0i (Mi(s), σ) ≤ 1.

Also, it follows from s ∈ E0(σ) that Mi(s) ∈ Mi(E0(σ))and nd,0

i (Mi(s), σ) ≥ 1. Since 1 ≤ nd,0i (Mi(s), σ) and

ne,0i (Mi(s), σ) ≤ 1, nd,0

i (Mi(s), σ) < ne,0i (Mi(s), σ) does not

hold. By (7), we have c0i (Mi(s), σ) �= 0, which contradicts

c0i (Mi(s), σ) = 0.

We also consider the case that σ ∈ Σcd . Since Sgdec(s, σ) =1, there exists j ∈ In(σ) such that (M−1

j Mj (s) ∩ K){σ} ∩L(G) ⊆ K. Then, we have Mj (s) /∈ Mj (D0(σ)), which im-plies that ne,0

j (Mj (s), σ) = 0. Thus, we have n0(s, σ) = 0.Since c0

i (Mi(s), σ) = 0, we have n0(s, σ) = n0i (Mi(s), σ) =

nd,0i (Mi(s), σ) = 0, which implies that Mi(s) /∈ Mi(E0(σ)).

It follows that s /∈ E0(σ), which contradicts s ∈ E0(σ).Next, we show that if sσ ∈ L({S0

i }i∈I /G), then sσ ∈L(Sgdec/G). It suffices to show that Sgdec(s, σ) = 1. Supposefor contradiction that Sgdec(s, σ) �= 1. Then, we have σ ∈ Σc .Also, since L({S0

i }i∈I /G) ⊆ K, we have sσ ∈ K.We consider the case that σ ∈ Σce . Since Sgdec(s, σ) �= 1,

there exists i ∈ In(σ) such that M−1i Mi(s){σ} ∩ K = ∅. Since

s ∈ M−1i Mi(s), we have sσ /∈ K, which contradicts sσ ∈ K.

We also consider the case that σ ∈ Σcd , i.e., D1(σ) �= ∅. SinceSgdec(s, σ) �= 1, we have (M−1

i Mi(s) ∩ K){σ} ∩ L(G) �⊆ Kfor any i ∈ In(σ). We then have Mi(s) ∈ Mi(D0(σ)), whichimplies that ne,0

i (Mi(s), σ) ≥ 1. If E1(σ) = ∅, then Mi(s) /∈Mi(E1(σ)), which implies that nd,0

i (Mi(s), σ) ≤ 1. Also, ifE1(σ) �= ∅, then nd,0

i (Mi(s), σ) ≤ 1. Since ne,0i (Mi(s), σ) ≥

1 and nd,0i (Mi(s), σ) ≤ 1, ne,0

i (Mi(s), σ) < nd,0i (Mi(s), σ)

does not hold, which implies that c0i (Mi(s), σ) �= 1. Since

c0i (Mi(s), σ) �= 1 for any i ∈ In(σ), we have {S0

i }i∈I (s, σ) �=1, which contradicts sσ ∈ L({S0

i }i∈I /G). �


By introducing the conditional decisions, the following su-pervisor was synthesized in [32]: Sf c : L(G) × Σ → C undera partition {Σce ,Σcd} of Σc . For each s ∈ L(G), the sets e(s)and d(s) of globally enabled and disabled events, respectively,are defined as

e(s) =

(⋃i∈I

ei(Mi(s))

)∪

{(⋃i∈I

eci(Mi(s))

)

−(⋃

i∈I

di(Mi(s))

)}

d(s) =

(⋃i∈I

di(Mi(s))

)∪

{(⋃i∈I

dci(Mi(s))

)

−(⋃

i∈I

ei(Mi(s))

)}

where, for each i ∈ I

ei(Mi(s))

= {σ ∈ Σic | ∅ �= (M−1i Mi(s) ∩ K){σ} ∩ L(G) ⊆ K}

di(Mi(s))

= {σ ∈ Σic | [(M−1i Mi(s) ∩ K){σ} ∩ L(G) �= ∅]

∧ [(M−1i Mi(s) ∩ K){σ} ∩ K = ∅]}

eci(Mi(s))

= {σ ∈ Σic | [(M−1i Mi(s) ∩ K){σ} ∩ L(G) �= ∅]

∧ [(∀siσ ∈ (M−1i Mi(s) ∩ K){σ} ∩ (L(G) − K))

∃j ∈ In(σ); (M−1j Mj (si) ∩ K){σ} ∩ K = ∅]}

dci(Mi(s))

= {σ ∈ Σic | [(M−1i Mi(s) ∩ K){σ} ∩ L(G) �= ∅]

∧ [(∀siσ ∈ (M−1i Mi(s) ∩ K){σ} ∩ K)

∃j ∈ In(σ); (M−1j Mj (si) ∩ K){σ} ∩ L(G) ⊆ K]}.

Then, for each s ∈ L(G) and σ ∈ Σ, the control decisionSf c(s, σ) is given as follows:

1) If σ ∈ Σce ,

Sf c(s, σ) ={

1, if σ /∈ d(s)0, otherwise.

2) If σ ∈ Σcd ,

Sf c(s, σ) ={

1, if σ ∈ e(s)0, otherwise.

3) If σ ∈ Σuc , Sf c(s, σ) = 1.By the proof of [32,Theorem 1], we can verify that if {σ ∈Σc | D2(σ) �= ∅} ⊆ Σcd , then L(Sf c/G) ⊆ K.

Theorem 8: If {σ ∈ Σc | D2(σ) �= ∅} = Σcd , thenL({S1

i }i∈I /G) = L(Sf c/G).Proof: We have ε ∈ L({S1

i }i∈I /G) ∩ L(Sf c/G). Considerany s ∈ L({S1

i }i∈I /G) ∩ L(Sf c/G) and σ ∈ Σ.

First, we show that if sσ ∈ L(Sf c/G), then sσ ∈L({S1

i }i∈I /G). It suffices to show that {S1i }i∈I (s, σ) = 1. Sup-

pose for contradiction that {S1i }i∈I (s, σ) �= 1. It follows that

σ ∈ Σc and {S1i }i∈I (s, σ) = 0. Consider any j ∈ In(σ) such

that n1(s, σ) = n1j (Mj (s), σ). Then, we have c1

j (Mj (s), σ) =0. Also, since sσ ∈ L(Sf c/G) ⊆ K, we have s ∈ E0(σ).

We consider the case that σ ∈ Σce . Since D2(σ) = ∅, we haveMj (s) /∈ Mj (D2(σ)), which implies that ne,1

j (Mj (s), σ) ≤ 2.Also, it follows from s ∈ E0(σ) that Mj (s) ∈ Mj (E0(σ))and nd,1

j (Mj (s), σ) ≥ 1. Since c1j (Mj (s), σ) = 0 and D2(σ) =

∅, we have nd,1j (Mj (s), σ) < ne,1

j (Mj (s), σ). Thus, we

have nd,1j (Mj (s), σ) = 1 and ne,1

j (Mj (s), σ) = 2. Since

nd,1j (Mj (s), σ) = 1, we have Mj (s) /∈ Mj (E1(σ)), which im-

plies that s /∈ E1(σ). Also, since s ∈ E0(σ) and n1(s, σ) =n1

j (Mj (s), σ) = nd,1j (Mj (s), σ) = 1, we have by Lemma 1 that

s ∈ E1(σ), which contradicts s /∈ E1(σ).We also consider the case that σ ∈ Σcd . Since Sf c(s, σ) =

1, we have σ ∈ e(s). If σ ∈⋃

i∈I ei(Mi(s)), there ex-ists j′ ∈ I such that σ ∈ ej ′(Mj ′(s)). By the definitionof ej ′(Mj ′(s)), we have j′ ∈ In(σ) and (M−1

j ′ Mj ′(s) ∩K){σ} ∩ L(G) ⊆ K. Then, we have Mj ′(s) /∈ Mj ′(D0(σ)),which implies that ne,1

j ′ (Mj ′(s), σ) = 0. Thus, we haven1(s, σ) = 0. Since c1

j (Mj (s), σ) = 0, we have n1(s, σ) =n1

j (Mj (s), σ) = nd,1j (Mj (s), σ) = 0, which implies that

Mj (s) /∈ Mj (E0(σ)). It follows that s /∈ E0(σ), whichcontradicts s ∈ E0(σ). We consider the case that σ ∈(⋃

i∈I eci(Mi(s))) − (⋃

i∈I di(Mi(s))). There exists j′ ∈ Isuch that σ ∈ ecj ′(Mj ′(s)). Then, we show that Mj ′(s) /∈Mj ′(D1(σ)). If Mj ′(s) ∈ Mj ′(D1(σ)), then there exists s′ ∈D1(σ) such that Mj ′(s) = Mj ′(s′). Since s′ ∈ D0(σ), wehave s′ ∈ K and s′σ ∈ L(G) − K. Also, since s′ ∈ D1(σ), wehave s′ ∈ M−1

j ′′ Mj ′′(E0(σ)) for any j′′ ∈ In(σ). There existssj ′′ ∈ E0(σ) such that Mj ′′(s′) = Mj ′′(sj ′′). Consequently, wehave

s′σ ∈ (M−1j ′ Mj ′(s) ∩ K){σ} ∩ (L(G) − K)

and, for any j′′ ∈ In(σ)

sj ′′σ ∈ (M−1j ′′ Mj ′′(s′) ∩ K){σ} ∩ K �= ∅.

This implies that σ /∈ ecj ′(Mj ′(s)), which contradicts σ ∈ecj ′(Mj ′(s)). Hence, Mj ′(s) /∈ Mj ′(D1(σ)) holds. Then, wehave nd,1

j (Mj (s), σ) = n1(s, σ) ≤ ne,1j ′ (Mj ′(s), σ) ≤ 1, which

implies that

n1(s, σ) = nd,1j (Mj (s), σ)

= min{k ∈ N| Mj (s) /∈ Mj (Ek (σ))}.

So, we have Mj (s) /∈ Mj (En1 (s,σ )(σ)), which implies that s /∈En1 (s,σ )(σ). Since s ∈ E0(σ), this contradicts Lemma 1.

Next, we show that if sσ ∈ L({S1i }i∈I /G) then sσ ∈

L(Sf c/G). It suffices to show that Sf c(s, σ) = 1. If σ ∈Σuc , then Sf c(s, σ) = 1. Since L({S1

i }i∈I /G) ⊆ K, we havesσ ∈ K.

We consider the case that σ ∈ Σce . Suppose for con-tradiction that Sf c(s, σ) �= 1. Then, we have σ ∈ d(s).


If σ ∈⋃

i∈I di(Mi(s)), then there exists j ∈ I such thatσ ∈ dj (Mj (s)). By the definition of dj (Mj (s)), we havej ∈ In(σ) and (M−1

j Mj (s) ∩ K){σ} ∩ K = ∅. Since s ∈(M−1

j Mj (s) ∩ K), we have sσ /∈ K, which contradicts sσ ∈K. We consider the case that σ ∈ (

⋃i∈I dci(Mi(s))) −

(⋃

i∈I ei(Mi(s))). Since {S1i }i∈I (s, σ) = 1, there exists j ∈

In(σ) such that n1(s, σ) = n1j (Mj (s), σ) and cj (Mj (s), σ) =

1. It follows from σ /∈ ej (Mj (s)) and sσ ∈ (M−1j Mj (s) ∩

K){σ} ∩ L(G) �= ∅ that (M−1j Mj (s) ∩ K){σ} ∩ L(G) �⊆ K.

We then have Mj (s) ∈ Mj (D0(σ)), which implies thatne,1

j (Mj (s), σ) ≥ 1. Thus, we have

n1(s, σ) = n1j (Mj (s), σ) = ne,1

j (Mj (s), σ) ≥ 1. (9)

Also, since σ ∈ (⋃

i∈I dci(Mi(s))), there exists j′ ∈ I such thatσ ∈ dcj ′(Mj ′(s)). Then, we show that Mj ′(s) /∈ Mj ′(E1(σ)).If Mj ′(s) ∈ Mj ′(E1(σ)), then there exists s′ ∈ E1(σ) such thatMj ′(s) = Mj ′(s′). Since s′ ∈ E0(σ), we have s′ ∈ K and s′σ ∈K. Also, since s′ ∈ E1(σ), we have s′ ∈ M−1

j ′′ Mj ′′(D0(σ)) forany j′′ ∈ In(σ). There exists sj ′′ ∈ D0(σ) such that Mj ′′(s′) =Mj ′′(sj ′′). Consequently, we have

s′σ ∈ (M−1j ′ Mj ′(s) ∩ K){σ} ∩ K

and, for any j′′ ∈ In(σ),

sj ′′σ ∈ (M−1j ′′ Mj ′′(s′) ∩ K){σ} ∩ (L(G) − K).

This implies that σ /∈ dcj ′(Mj ′(s)), which contradicts σ ∈dcj ′(Mj ′(s)). Therefore, Mj ′(s) /∈ Mj ′(E1(σ)) holds. We haves /∈ E1(σ). Further, since 1 ≤ n1(s, σ) by (9), we have s /∈En1 (s,σ )(σ). Since s ∈ E0(σ), this contradicts Lemma 1.

We also consider the case that σ ∈ Σcd , i.e., D2(σ) �= ∅. Since{S1

i }i∈I (s, σ) = 1, there exists j ∈ In(σ) such that n1(s, σ) =n1

j (Mj (s), σ) and cj (Mj (s), σ) = 1. If E2(σ) = ∅, then

Mj (s) /∈ Mj (E2(σ)), which implies that nd,1j (Mj (s), σ) ≤

2. Also, if E2(σ) �= ∅, then nd,1j (Mj (s), σ) ≤ 2. Since ne,1

j

(Mj (s), σ) < nd,1j (Mj (s), σ) ≤ 2, we have ne,1

j (Mj (s), σ) ≤1. First, we consider the case that ne,1

j (Mj (s), σ) = 0. Then,we have Mj (s) /∈ Mj (D0(σ)). We have

sσ ∈ (M−1j Mj (s) ∩ K){σ} ∩ L(G) �= ∅

and

(M−1j Mj (s) ∩ K){σ} ∩ L(G) ⊆ K

which implies that σ ∈ ej (Mj (s)) ⊆ e(s). Thus, wehave Sf c(s, σ) = 1. Next, we consider the case thatne,1

j (Mj (s), σ) = 1. We show that σ ∈ ecj (Mj (s)). Sup-pose for contradiction that σ /∈ ecj (Mj (s)). Since sσ ∈(M−1

j Mj (s) ∩ K){σ} ∩ L(G) �= ∅, there exists

sjσ ∈ (M−1j Mj (s) ∩ K){σ} ∩ (L(G) − K)

such that, for any j′ ∈ In(σ),

(M−1j ′ Mj ′(sj ) ∩ K){σ} ∩ K �= ∅.

We have sj ∈ D0(σ) and Mj ′(sj ) ∈ Mj ′(E0(σ)) forany j′ ∈ In(σ), which implies that sj ∈ D1(σ). Since

Mj (s) = Mj (sj ), we have Mj (s) ∈ Mj (D1(σ)), which con-tradicts ne,1

j (Mj (s), σ) = 1. Thus, we have σ ∈ ecj (Mj (s)) ⊆⋃i∈I eci(Mi(s)). Further, we show that σ /∈

⋃i∈I di(Mi(s)).

For any i ∈ I , if i /∈ In(σ), then σ /∈ di(Mi(s)). We con-sider the case that i ∈ In(σ). If n1(s, σ) = n1

i (Mi(s), σ),then 0 ≤ n1

i (Mi(s), σ) = ne,1i (Mi(s), σ) < nd,1

i (Mi(s), σ).Also, if n1(s, σ) �= n1

i (Mi(s), σ), then 0 ≤ n1(s, σ) <

n1i (Mi(s), σ) ≤ nd,1

i (Mi(s), σ). Thus, we have nd,1i (Mi(s),

σ) �= 0, which implies that Mi(s) ∈ Mi(E0(s)). It followsthat (M−1

i Mi(s) ∩ K){σ} ∩ K �= ∅. We have σ /∈ di(Mi(s)).Consequently, we have

σ ∈(⋃

i∈I

eci(Mi(s))

)−

(⋃i∈I

di(Mi(s))

)⊆ e(s),

which implies that Sf c(s, σ) = 1. �

VII. CONCLUSION

The paper complements our prior work on an inference-basedframework for decentralized control by proposing a scheme tosynthesize a decentralized supervisor when the specificationlanguage is not necessarily achievable in entirety. The schemeproposed is parameterized by N so that the controlled behav-ior under the proposed scheme is an N -inference-observablesublanguage of the specification language. A user can chooseN based on the degree of permissiveness (we establish strictmonotonicity of permissiveness with respect to the parameterN ) and the degree of computational complexity desired. Weobtain several results regarding the permissiveness of the super-visor proposed, first showing that a unique maximally permis-sive supervisor need not exist. One of the results shows that theproposed supervisor achieves the entire specification languagewhenever it is N -inference-observable. Other results show thatin the special cases of N = 0 and N = 1, the permissivenessis identical to ones reported in prior papers [25], [31], [32].It is also argued that in general there does not exist an upperbound for the parameter N beyond which an increase in N willnot increase the permissiveness of the proposed decentralizedsupervisor.

REFERENCES

[1] R. Cieslak, C. Desclaux, A. S. Fawaz, and P. Varaiya, “Supervisory controlof discrete-event processes with partial observations,” IEEE Trans. Autom.Control, vol. 33, no. 3, pp. 249–260, Mar. 1988.

[2] S. Jiang and R. Kumar, “Decentralized control of discrete event sys-tems with specializations to local control and concurrent systems,” IEEETrans. Syst., Man, Cybern. B, Cybern., vol. 30, no. 5, pp. 653–660, Oct.2000.

[3] P. Kozak and W. M. Wonham, “Fully decentralized solutions of super-visory control problems,” IEEE Trans. Autom. Control, vol. 40, no. 12,pp. 2094–2097, Dec. 1995.

[4] R. Kumar and M. A. Shayman, “Centralized and decentralized supervisorycontrol of nondeterministic systems under partial observation,” SIAM J.Control Optim., vol. 35, no. 2, pp. 363–383, Mar. 1997.

[5] R. Kumar and M. A. Shayman, “Formulae relating controllability, observ-ability, and co-observability,” Automatica, vol. 34, no. 2, pp. 211–215,Feb. 1998.

[6] R. Kumar and S. Takai, “Inference-based ambiguity management in de-centralized decision-making: Decentralized control of discrete event sys-tems,” in Proc. 44th IEEE Conf. Decis. Control, Eur. Control Conf. 2005,Seville, Spain, Dec. 2005, pp. 3480–3485.


[7] R. Kumar and S. Takai, “Inference-based ambiguity management in de-centralized decision-making: Decentralized control of discrete event sys-tems,” IEEE Trans. Autom. Control, vol. 52, no. 10, pp. 1783–1794, Oct.2007.

[8] R. Kumar and S. Takai, “Inference-based ambiguity management in de-centralized decision-making: Decentralized diagnosis of discrete eventsystems,” in Proc. 2006 Amer. Control Conf., Minneapolis, MN, Jun.2006, pp. 6069–6074.

[9] F. Lin and W. M. Wonham, “Decentralized supervisory control of discrete-event systems,” Inf. Sci., vol. 44, no. 3, pp. 199–224, Apr. 1988.

[10] F. Lin and W. M. Wonham, “Decentralized control and coordination ofdiscrete-event systems with partial observation,” IEEE Trans. Autom.Control, vol. 35, no. 12, pp. 1330–1337, Dec. 1990.

[11] A. Overkamp and J. H. van Schuppen, “Maximal solutions in decentralizedsupervisory control,” SIAM J. Control Optim., vol. 39, no. 2, pp. 492–511,Mar. 2001.

[12] J. H. Prosser, M. Kam, and H. G. Kwatny, “Decision fusion and supervisorsynthesis in decentralized discrete-event systems,” in Proc. 1997 Amer.Control Conf., Albuquerque, NM, Jun.1997, pp. 2251–2255.

[13] W. Qiu and R. Kumar, “Decentralized nondeterministic supervisory con-trol of discrete event systems,” in Proc. 43rd IEEE Conf. Decis. Control,Atlantis Paradise Island, Bahamas, Dec. 2004, pp. 992–997.

[14] W. Qiu, R. Kumar, and V. Chandra, “Decentralized control of discreteevent systems using prioritized composition with exclusion,” in Proc.2004 Amer. Control Conf., Boston, MA, Jun. 2004, pp. 4483–4487.

[15] P. J. Ramadge and W. M. Wonham, “Supervisory control of a class ofdiscrete event processes,” SIAM J. Control Optim., vol. 25, no. 1, pp. 206–230, Jan. 1987.

[16] S. L. Ricker and K. Rudie, “Know means no: Incorporating knowledgeinto discrete-event control systems,” IEEE Trans. Autom. Control, vol. 45,no. 9, pp. 1656–1668, Sep. 2000.

[17] S. L. Ricker and K. Rudie, “Knowledge is a terrible thing to waste: Us-ing inference in discrete-event control problems,” IEEE Trans. Autom.Control, vol. 52, no. 3, pp. 428–441, Mar. 2007.

[18] K. Rohloff and S. Lafortune, “On the synthesis of safe control policiesin decentralized control of discrete-event systems,” IEEE Trans. Autom.Control, vol. 48, no. 6, pp. 1064–1068, Jun. 2003.

[19] K. Rudie and J. C. Willems, “The computational complexity of decen-tralized discrete-event control problems,” IEEE Trans. Autom. Control,vol. 40, no. 7, pp. 1313–1319, Jul. 1995.

[20] K. Rudie and W. M. Wonham, “Think globally, act locally: Decentral-ized supervisory control,” IEEE Trans. Autom. Control, vol. 37, no. 11,pp. 1692–1708, Nov. 1992.

[21] S. Takai, “On the language generated under fully decentralized supervi-sion,” IEEE Trans. Autom. Control, vol. 43, no. 9, pp. 1253–1256, Sep.1998.

[22] S. Takai, “Minimizing the set of local supervisors in fully decentralizedsupervision,” IEEE Trans. Autom. Control, vol. 44, no. 7, pp. 1441–1444,Jul. 1999.

[23] S. Takai and R. Kumar, “Decentralized diagnosis for nonfailures of dis-crete event systems using inference-based ambiguity management,” inProc. 8th Int. Workshop Discrete Event Syst., Ann Arbor, MI, Jul. 2006,pp. 242–247.

[24] S. Takai and R. Kumar, “Inference-observability: Nonconvergence andother complexity results,” submitted for publication.

[25] S. Takai, R. Kumar, and T. Ushio, “Characterization of co-observable lan-guages and formulas for their super/sublanguages,” IEEE Trans. Autom.Control, vol. 50, no. 4, pp. 434–447, Apr. 2005.

[26] S. Takai and T. Ushio, “Reliable decentralized supervisory control ofdiscrete event systems,” IEEE Trans. Syst., Man, Cybern. B, Cybern.,vol. 30, no. 5, pp. 661–667, Oct. 2000.

[27] S. Takai and T. Ushio, “A modified normality condition for decentralizedsupervisory control of discrete event systems,” Automatica, vol. 38, no. 1,pp. 185–189, Jan. 2002.

[28] S. Tripakis, “Undecidable problems of decentralized observation and con-trol on regular languages,” Inf. Process. Lett., vol. 90, no. 1, pp. 21–28,Apr. 2004.

[29] Y. Wang, T.-S. Yoo, and S. Lafortune, “Decentralized diagnosis of discreteevent systems using unconditional and conditional decisions,” in Proc.44th IEEE Conf. Decis. Control, Eur. Control Conf. 2005, Seville, Spain,Dec. 2005, pp. 6298–6304.

[30] Y. Willner and M. Heymann, “Supervisory control of concurrent discrete-event systems,” Int. J. Control, vol. 54, no. 5, pp. 1143–1169, 1991.

[31] T.-S. Yoo and S. Lafortune, “A general architecture for decentralizedsupervisory control of discrete-event systems,” Discrete Event Dyn. Syst.,Theory Appl., vol. 12, no. 3, pp. 335–377, Jul. 2002.

[32] T.-S. Yoo and S. Lafortune, “Decentralized supervisory control with con-ditional decisions: Supervisor existence,” IEEE Trans. Autom. Control,vol. 49, no. 11, pp. 1886–1904, Nov. 2004.

Shigemasa Takai (M’93) received the B.S. and M.S.degrees from Kobe University, Kobe, Japan, in 1989and 1991, respectively, and the Ph.D degree fromOsaka University, Suita, Japan, in 1995.

From 1992 to 1998, he was a Research Associatewith Osaka University. In 1998, he joined WakayamaUniversity, Wakayama, Japan, as a Lecturer, and be-came an Associate Professor in 1999. Since 2004,he has been with the Kyoto Institute of Technology,Kyoto, Japan. His current research interests includesupervisory control and fault diagnosis of discrete

event systems.Dr. Takai is a member of the Institute of Information, Electronics, and Com-

munication Engineers (IEICE), the Society of Instrument and Control Engi-neers (SICE), and the Institute of Systems, Control, and Information Engineers(ISCIE).

Ratnesh Kumar (S’87–M’90–SM’00–F’07)received the B.Tech. degree in electrical engineeringfrom the Indian Institute of Technology, Kanpur,India, in 1987, and the M.S. and Ph.D. degreesin electrical and computer engineering from theUniversity of Texas at Austin, Austin, in 1989 and1991, respectively.

From 1991 to 2002, he was on the faculty of theUniversity of Kentucky, Lexington, and since 2002,he is on the faculty of Iowa State University, Ames.He has held visiting positions at the Institute of

Systems Research, University of Maryland, College Park, the Applied ResearchLaboratory, Pennsylvania State University, Pittsburgh, the National Aeronauticsand Space Administration (NASA) Ames Research Center, Moffett Field,CA, and the Argonne National Laboratory—West, Idaho Falls, ID. He is thecoauthor of Modeling and Control of Logical Discrete Event Systems (KluwerAcademic, 1995). His current research interests include modeling, verification,control, and diagnosis of reactive/event-driven, real-time, and hybrid systemsand their applications.

Dr. Kumar serves on the program committees of the IEEE Control SystemsSociety and the International Workshop on Discrete Event Systems. He isan Associate Editor of the SIAM Journal on Control and Optimization, theIEEE TRANSACTIONS ON ROBOTICS AND AUTOMATION, and the IEEE ControlSystems Society. He was the recipient of several awards including the NationalScience Foundation Research Initiation Award, the NASA-American Societyfor Engineering Education (ASEE) Summer Faculty Fellowship Award, theMicroelectronics and Computer Development Fellowship from the Universityof Texas at Austin, the Lalit Narain Das Memorial Gold Medal for the Best EEStudent, and the Ratan Swarup Memorial Gold Medal for the Best All-RounderStudent from the Indian Institute of Technology.

Documents

Synthesis of Inference-Based Decentralized Control for Discrete Event Systems