LIVENESS ENFORCING SUPERVISION FOR SEQUENTIAL RESOURCE ALLOCATION SYSTEMS State of the Art and Open Issues

LIVENESS ENFORCING SUPERVISION FOR SEQUENTIAL RESOURCE ALLOCATION SYSTEMS State of the Art and Open Issues Spyros A. Reveliotis School of Industrial & Systems Engineering Georgia Institute of Technology spyros@isye.gatech.edu Abstract Liveness-enforcing supervision of sequential resource allocation systems is currently a well-defined problem, underlying the operation of many contemporary technological systems, spanning a wide spectrum of applications. This technical note provides a brief overview of the currently available results, delineating, both, our major analytical understandings/characterizations concerning the problem concepts/structure and its complexity, and also, our ability to synthesize effective and computationally tractable solutions to it. The last part of the document identifies open / unaddressed research issues, the resolution of which will extent the power of the current theory and will allow the integration of the developed results in the broader control frameworks managing the behavior of these environments. Keywords: Resource Allocation Systems, Supervisory Control, Petri Net Structural Analysis, Liveness, Deadlock Avoidance Introduction A sequential resource allocation system (RAS) is characterized by a set of resources, each available at a finite level, known as the resource capacity, and a (finite) set of job types that can be processed through the system, according to a sequence of processing steps/stages, with each step requiring a prespecified set of the system resources. Furthermore, a job advances to the execution of its next stage only after it has secured This work has been partially supported by NSF grant ECS-9979693 1

2 the entire set of resources required for the execution of that stage, and upon its advancement, the job releases any resources allocated to it for the execution of its current stage that are not necessary for the support of the next stage. As an abstraction, sequential resource allocation characterizes the operational dynamics of many contemporary technological applications. For instance, in a flexibly automated production system, like the emerging 300mm fab, the finite capacity of the system processing, material handling and storage equipment is allocated and de-allocated to the jobs loaded in the system for the execution of the processing steps indicated by their associated process plans. Similarly, focusing on the internal operation of a material handling system (MHS) like an AGV or overhead monorail system, one can discern the allocation and de-allocation of the system guidepath segments zones in the corresponding field terminology to the system vehicles for the execution of their transfer trips. This MHS example can then be directly generalized to other transportation systems like a railway network or an inter-city monorail system. More recently, the notion of sequential resource allocation has found application in the advent of workflow management systems and internet-based transaction systems where the various resources can be personnel, application software and/or data-files exclusively allocated to the various projects/cases for the execution of specific stages of their associated routines. From a control-theoretic standpoint, a sequential resource allocation system falls into the realm of Discrete Event Systems (DES). Hence, following the standard categorization of DES theory, the underlying control issues can be classified as structural/logical and performance-related (c.f. Cassandras and Lafortune, 1999). Performance-related concerns in the context of sequential resource allocation essentially correspond to different variations of the scheduling problem, that has been extensively studied in the literature under various assumptions and modeling frameworks. Typically, one tries to allocate the system capacity to the contesting jobs in a way that leads to (near-)optimal operation with respect to some time-related performance criteria, like the maximization of the system throughput, the minimization of the job cycle-times, the observation of some due date requirements while minimizing the system WIP, etc. On the other hand, the study of the structural/logical control problems arising in these environments has been undertaken only in the last decade, and it has primarily focused on the establishment of live system behavior, or equivalently, the effective avoidance of deadlocking situations, i.e., the development of circular waiting patterns among a subset of jobs, such that each job in order to advance to its next stage

Liveness Enforcing Supervisionfor Sequential ResourceAllocation Systems 3 requests the allocation of some resource units currently held by some other job in that set. The resulting problem is characterized as liveness enforcing supervision (LES) for sequential RAS. In the rest of this document, we formulate the problem of liveness enforcing supervision in sequential RAS as a supervisory control problem, and we review all the major existing results relating to it. We also discuss open research issues, including the implications of the presented results for the complementary problem of performance-oriented control for sequential RAS. In the process, we hope to establish that liveness enforcing supervision of sequential RAS is one of the most vigorous, mature and successful applications of supervisory control theory. 1. Liveness Enforcing Supervision of Sequential RAS: A Supervisory Control-based Characterization and the Complexity of the Resulting Problem As it has been shown in Viswanadham et al., 1990; Reveliotis and Ferreira, 1996, the behavioral dynamics of a sequential RAS can be modeled by a Finite State Automaton (FSA). The states of this automaton are defined by the distribution of the currently running jobs to the distinct process stages supported by the considered RAS configuration, whereas the system events / state transitions are defined by the loading, stage advancement and unloading of the various jobs. The FSA initial and final states correspond to the RAS empty and idle state, and as a result, the language accepted by this automaton corresponds to complete job runs. In the context of this FSA representation of the RAS behavior, the system non-liveness is expressed by the presence of states from which the system final state is not reachable, even though they are reachable from the initial state. Hence, ideally, one would like to restrict the system operation to the maximal communicating class of its state space that contains the FSA initial (and final) state known as the system safe subspace by recognizing and preventing transitions outside this subspace. From the standpoint of Ramadge and Wonham s supervisory control theory (c.f. Ramadge and Wonham, 1989), the resulting problem is a well-characterized and thoroughly studied problem, known as the trimming of the FSA modeling the uncontrolled system behavior (c.f. also Cassandras and Lafortune, 1999; Kumar and Garg, 1995). However, while the existing computational techniques for performing the trimming operation are polynomial w.r.t. the size of the modeling FSA, the size of the FSA itself typically is non-polynomial w.r.t. the size of the

4 RAS, where the latter is defined by the number of the available resource types and the distinct process stages. In fact, as it is shown in Reveliotis and Ferreira, 1996, the size of this FSA can explode very fast, even for moderately sized and simple-structured RAS. Hence, even though the basic supervisory control theory provides a concise and rigorous characterization for the problem of liveness enforcing supervision in sequential RAS, it fails to provide computationally efficient solutions for it. Furthermore, any attempts for efficient on-line resolution of the (transition) safety problem through search-based techniques will not work either, since the transition safety problem for sequential RAS has been established to be NP-complete, in the general case (c.f. Araki et al., 1977; Gold, 1978; Lawley and Reveliotis, 2001). 2. Polynomial-Kernel Liveness Enforcing Supervisors and a RAS Taxonomy Motivated by the aforestated complexity results for the basic LES synthesis problem for sequential RAS, the works of Lawley et al., 1997; Reveliotis et al., 2001 introduced the notion of Polynomial-Kernel (PK) LES, as a suboptimal but computationally efficient, and therefore, realtime implementable solution to the considered problem. The basic idea underlying the definition of PK-LES is that, since the safety property, characterizing the subspace admissible by the maximally permissive LES discussed above, is computationally intractable, the system should be essentially confined to a polynomially recognizable kernel of its safe space, i.e., a subspace that is (i) polynomially recognizable, (ii) contains the initial empty and idle state of the underlying RAS, and (iii) is itself strongly connected. The last property is necessary in order to ensure that the controlled system behavior does not present policy-induced deadlocks, and it is the hardest to validate in the synthesis of PK-LES, since it is equivalent to the assessment of the liveness of the controlled system. It turns out that the complexity of the development of PK-LES solutions for sequential RAS depends strongly on the underlying RAS structure, and in particular, (i) the ordering structure imposed on the process stages associated with any single job type, and (ii) the structure of the resource request vectors associated with the various processing stages. This dependency has been recognized in most past works on LES synthesis for sequential RAS, and it has been made explicit in the RAS taxonomy presented in Reveliotis et al., 1997; Reveliotis et al., 2001. The main RAS classes recognized in the taxonomy of Reveliotis et al., 1997; Reveliotis et al., 2001 are: (i) Single-Unit (SU) RAS, which is the most restrictive RAS class since it admits only linearly ordered job stage

Liveness Enforcing Supervisionfor Sequential ResourceAllocation Systems 5 sequences (process plans) and resource request vectors corresponding to unit vectors of dimensionality equal to the resource set, (ii) Conjunctive (C) RAS, which maintain the request for linearly ordered process plans, but allow arbitrary resource allocation for the system process stages, and (iii) Disjunctive/Conjunctive (D/C) RAS, which further allow the job process plans to present a more general acyclic graph structure. Most well-known results in the synthesis of PK-LES for sequential RAS address the class of SU-RAS. These are, for instance, the results presented in Banaszak and Krogh, 1990; Reveliotis and Ferreira, 1996; Xing et al., 1996; Lawley et al., 1998a; Fanti et al., 1997; Lawley et al., 1998b. Yet, the last year has seen also the development of PK-LES for the more general class of D/C-RAS; a detailed PK-LES for D/C-RAS is reported in Park and Reveliotis, 2001b. 3. Automating the Synthesis of PK-LES for sequential RAS through Petri net-based Structural Analysis All the PK-LES solutions for sequential RAS cited above can be characterized as point solutions to the underlying LES synthesis problem. Each of these policies was developed by the intuitive identification of a specific policy-defining condition to be met by the admissible RAS states, which was subsequently proven to satisfy the three criteria characterizing PK-LES (c.f. Section 2). Ideally, given a sequential RAS, one would like to have the ability to systematically synthesize tentative PK-LES from a well-defined policy space, and subsequently, automatically evaluate their correctness. Such a capability would (i) enrich the space of effectively implementable LES for sequential RAS, hopefully leading to more efficient policy implementations, and (ii) would allow the integration of the LES synthesis problem to a broader framework addressing the real-time control problem of sequential RAS, including the optimization of their performance. This capability has been recently materialized by reconsidering the problem of behavioral modeling, analysis and control of sequential RAS in the representational framework of Petri nets (PN) (for an excellent introduction to Petri net theory c.f. Desel and Esparza, 1995). One major early finding from the PN-based investigation of the liveness-enforcing supervision problem was that in the PN class modeling SU-RAS, possibly with disjunctive process routes, the presence of deadlocks in the underlying RAS behavior can be directly associated to the development of a PN structural object known as empty siphon (c.f. Ezpeleta et al., 1995). The work of Park and Reveliotis, 2000a subsequently established

6 that this association of the system liveness problem to empty siphons can lead to a powerful analytical LES synthesis tool for the class of SU-RAS. More specifically, the LES synthesis methodology proposed in Park and Reveliotis, 2000a is established on the following two observations: (i) When the LES-defining condition can be expressed as a set of linear inequalities on the vector modeling the RAS state i.e., the LES synthesis problem is restricted to the LES class known as algebraic PK-LES the class of nets modeling the resulting controlled system behavior also has its liveness directly linked to the (non)development of reachable empty siphons. (ii) As it was shown in Chu and Xie, 1997, the absence of empty siphons from the system behavioral (reachability) space of the considered class of nets can be effectively verified through a mathematical programming test that is polynomially sized (in terms of variables and constraints) with respect to the original RAS size. In the light of the first observation, this mathematical programming test becomes an algebraic correctness verification tool for any tentative algebraic PK-LES, superimposed on any given SU-RAS configuration. Indeed, by exploiting this correctness verification capability, the work of Park and Reveliotis, 2000a was able to (i) extend the permissiveness/flexibility of policy instantiations coming from already known LES families, and furthermore, (ii) effectively identify the correctness of new algebraic PK-LES, not belonging to any of the originally developed LES classes. More recently, the work of Park and Reveliotis, 2001b has generalized the PN siphon-based structural characterization of liveness to the class of D/C-RAS, and it has also developed the corresponding mathematical programming-based tests for liveness verification. In the PN modeling and analysis framework, this generalization essentially involves the (non-trivial) extension of the siphon-based deadlock/liveness characterization and analysis to the class of non-ordinary Petri nets. From the RAS modeling and analysis standpoint, the work of Park and Reveliotis, 2001b provides a complete liveness theory and LES synthesis capability for the entire spectrum of the RAS taxonomy defined in Reveliotis et al., 1997; Reveliotis et al., 2001. Moreover, the results of Park and Reveliotis, 2001b have the additional practical implication that they allow the coupling of the LES synthesis problem with any other supervisory control problem(s) for which the resulting policies/constraints can be implemented as a set of (place-invariant) control places, since the resulting net modeling the controlled system behavior still belongs to the class of D/C RAS; this can be, for instance, any forbidden state problem for which the set of forbidden states can be expressed by a set of linear inequalities on the marking of the RAS modeling net (c.f. Yamalidou et al., 1996). In the same vein, the work presented in Park and

Liveness Enforcing Supervisionfor Sequential ResourceAllocation Systems 7 Reveliotis, 2000b enables the synthesis of correct algebraic PK-LES for any given D/C-RAS as a solution to an appropriately synthesized linear program (LP), and thus, it allows the synthesis of PK-LES that take into consideration additional structural constraints imposed on the policy logic, like the accommodation of uncontrollable and/or unobservable transitions. 4. Conclusions and Remaining Open Issues The above discussion has established that in the last 10 years the research community has made extensive progress regarding the problem of LES for sequential RAS. Summarizing the key points developed above, currently we possess (i) a very rigorous characterization and analysis of the basic problem and its complexity; (ii) a series of easily configurable and scalable solutions applicable to any given RAS coming from any class of the taxonomy presented in Reveliotis et al., 1997; (iii) effective analytical/computational tools that can further extend the efficiency of the aforementioned solutions, and allow the synthesis of solutions to the LES problem under the imposition of additional logical/structural constraints. Further existing results, not cited in the above discussion, include (i) the identification of special RAS structure, primarily in the context of SU-RAS, that can admit polynomially computable maximally permissive LES (c.f. Xing et al., 1996; Reveliotis et al., 1997; Fanti et al., 1997; Lawley and Reveliotis, 2001), (ii) the synthesis of LES for RAS not identifying completely with any of the classes in the taxonomy of Reveliotis et al., 1997, like the AGV RAS of Reveliotis, 2000, and (iii) the development of compositional techniques that when applied on the available LES can lead to a policy providing more permissive supervision than that attained by any of the constituent LES (e.g, Park and Reveliotis, 2001a; Park and Reveliotis, 2001c). Yet, the undertaken assessment of the state of art w.r.t. the LES synthesis problem for sequential RAS, suggests also a number of issues that naturally arise as follow-up questions to our current findings, and in a way define the current research frontier in the supervisory control of sequential RAS. Some of these issues are identified as follows: PN-based structural analysis and LES synthesis for new sequential RAS structures. The modeling power of the class of D/C RAS is still limited by the fact that the process plans associated with each job type must present the structure of an acyclic graph. In the PN representational framework, these process plans are represented by wellformed state-machines where every cycle contains the idle place, i.e., the place containing all the jobs waiting to be loaded to the system. The

8 effective modeling of features like job reworks and assembly/disassembly operations necessitates the extension of the PN structures modeling the job process plans to more general state machines and/or nets with merging and splitting transitions. Similarly, it has been argued in the past that in many business workflow environments, the nets modeling the corresponding process plans should present a free-choice or some other special structure (c.f. Van der Aalst, 1996). How do the existing PNbased structural characterizations of deadlock extend to these new subclasses of resource/process nets, and how can these extensions support the synthesis of effective and efficient LES for these new RAS classes? An additional issue relative to this line of research is the distributed implementation of the LES function for RAS which present a natural spatial and/or functional decomposition. Preliminary results addressing some of these issues can be found in Chu and Xie, 1997; Fanti et al., 1998; Xie and Jeng, 1999; Park et al., 2001; Park and Reveliotis, 2000b. Robust LES synthesis for sequential RAS experiencing resource outages. An issue that has received very little attention in the current literature on sequential RAS supervision, but has very important practical implications for the operation of many contemporary systems modeled as sequential RAS, is that of the effective and efficient accommodation of operational contingencies like resource outages, and the arrival of expedient jobs. We believe that this issue can be rigorously addressed by tapping on the area of robust and/or adaptive SC theory (e.g., Lin, 1993). Some preliminary results on the problem of modeling and/or accommodating contingencies in the structural control of sequential RAS can be found in Reveliotis, 1999. Integration of structural and performance-oriented control. Although logical control of sequential RAS is very important for the robust and stable system operation, it is only part of the overall control problem. The complementary component of performance optimizing control logic is also a very important component for the successful implementation and operation of any RAS application. In fact, the criticality of this component can be realized from the fact that for a very long time it had preoccupied the research community, overshadowing completely the corresponding logical control issues. In the prevailing DES modeling framework, the adopted structural control logic essentially defines the feasibility space for any performance-optimizing control policy. As a result, two naturally arising questions are (i) how the effects of the applied logical control policies should be modeled and accounted for in existing performance-related control frameworks, and reversely, (ii)

Liveness Enforcing Supervisionfor Sequential ResourceAllocation Systems 9 how the synthesis of the logical controller should be tuned in order to better assist the adopted performance objectives. We believe that the formal/analytical characterizations of the problems of LES synthesis and liveness verification of the resulting controlled system presented in this document, will provide the starting point for systematically addressing the above two questions. References Araki, T., Sugiyama, Y., and Kasami, T. (1977). Complexity of the deadlock avoidance problem. In 2nd IBM Symp. on Mathematical Foundations of Computer Science, pages 229 257. IBM. Banaszak, Z. A. and Krogh, B. H. (1990). Deadlock avoidance in flexible manufacturing systems with concurrently competing process flows. IEEE Trans. on Robotics and Automation, 6:724 734. Cassandras, C. G. and Lafortune, S. (1999). Introduction to Discrete Event Systems. Klumwer Academic Pub., Boston, MA. Chu, F. and Xie, X.-L. (1997). Deadlock analysis of petri nets using siphons and mathematical programming. IEEE Trans. on R&A, 13:793 804. Desel, J. and Esparza, J. (1995). Free Choice Petri Nets. Cambridge Univerrsity Press. Ezpeleta, J., Colom, J. M., and Martinez, J. (1995). A petri net based deadlock prevention policy for flexible manufacturing systems. IEEE Trans. on R&A, 11:173 184. Fanti, M. P., Maione, B., Mascolo, S., and Turchiano, B. (1997). Event-based feedback control for deadlock avoidance in flexible production systems. IEEE Trans. on Robotics and Automation, 13:347 363. Fanti, M. P., Maione, B., and Turchiano, B. (1998). Deadlock avoidance in cellular manufacturing systems. In Proceedings of the 1998 IEEE Conference on Systems, Man and Cybernetics, pages 588 593. IEEE. Gold, E. M. (1978). Deadlock prediction: Easy and difficult cases. SIAM Journal of Computing, 7:320 336. Kumar, R. and Garg, V. (1995). Modeling and Control of Logical Discrete Event Systems. Kluwer Academic, Pub., Boston, MA. Lawley, M., Reveliotis, S., and Ferreira, P. (1997). Design guidelines for deadlock handling strategies in flexible manufacturing systems. Intl. Jrnl. of Flexible Manufacturing Systems, 9:5 29. Lawley, M., Reveliotis, S., and Ferreira, P. (1998a). The application and evaluation of banker s algorithm for deadlock-free buffer space allocation in flexible manufacturing systems. Intl. Jrnl. of Flexible Manufacturing Systems, 10:73 100. Lawley, M., Reveliotis, S., and Ferreira, P. (1998b). A correct and scalable deadlock avoidance policy for flexible manufacturing systems. IEEE Trans. on Robotics & Automation, 14:796 809. Lawley, M. A. and Reveliotis, S. A. (2001). Deadlock avoidance for sequential resource allocation systems: hard and easy cases. Intl. Jrnl of FMS (to appear). Lin, F. (1993). Robust and adaptive supervisory control of discrete event systems. IEEE Trans. Autom. Control, 38:1848 1852.

10 Park, J. and Reveliotis, S. (2000a). Algebraic synthesis of efficient deadlock avoidance policies for sequential resource allocation systems. IEEE Trans. on R&A, 16:190 195. Park, J. and Reveliotis, S. (2001a). Algebraic deadlock avoidance policies for conjunctive/disjunctive resource allocation systems. In Proc. of ICRA 01. IEEE. Park, J. and Reveliotis, S. A. (2000b). Liveness-enforcing supervisors for resource allocation systems with reworks, forbidden states, and uncontrollable events. Technical Report (sumbitted to IEEE Trans. on R&A), ISyE, Georgia Tech. Park, J. and Reveliotis, S. A. (2001b). Deadlock avoidance in sequential resource allocation systems with multiple resource acquisitions and flexible routings. IEEE Trans. on Automatic Control (to appear), 46. Park, J. and Reveliotis, S. A. (2001c). Policy mixtures: A novel approach for enhancing the operational flexibility of resource allocation systems with alternate routings. Technical Report (sumbitted to IEEE Trans. on R&A), ISyE, Georgia Tech. Park, J., Reveliotis, S. A., Bodner, D., and McGinnis, L. (2001). A distributed eventdriven control architecture for flexibly automated manufacturing systems. Intl. Jrnl on CIM (to appear). Ramadge, P. J. G. and Wonham, W. M. (1989). The control of discrete event systems. Proceedings of the IEEE, 77:81 98. Reveliotis, S. A. (1999). Accommodating fms operational contingencies through routing flexibility. IEEE Trans. on R&A, 15:3 19. Reveliotis, S. A. (2000). Conflict resolution in agv systems. IIE Trans., 32(7):647 659. Reveliotis, S. A. and Ferreira, P. M. (1996). Deadlock avoidance policies for automated manufacturing cells. IEEE Trans. on Robotics & Automation, 12:845 857. Reveliotis, S. A., Lawley, M. A., and Ferreira, P. M. (1997). Polynomial complexity deadlock avoidance policies for sequential resource allocation systems. IEEE Trans. on Automatic Control, 42:1344 1357. Reveliotis, S. A., Lawley, M. A., and Ferreira, P. M. (2001). Structural control of large-scale flexibly automated manufacturing systems. In Leondes, C. T., editor, The Design of Manufacturing Systems, pages 4 1 4 34. CRC Press. Van der Aalst, W. (1996). Structural characterizations of sound workflow nets. Technical Report Computing Science Reports 96/23, Eindhoven University of Technology. Viswanadham, N., Narahari, Y., and Johnson, T. L. (1990). Deadlock avoidance in flexible manufacturing systems using petri net models. IEEE Trans. on Robotics and Automation, 6:713 722. Xie, X. and Jeng, M. (1999). Ercn-merged nets and their analysis using siphons. IEEE Trans. on R&A, 13:692 703. Xing, K. Y., Hu, B. S., and Chen, H. X. (1996). Deadlock avoidance policy for petri net modeling of flexible manufacturing systems with shared resources. IEEE Trans. on Aut. Control, 41:289 295. Yamalidou, K., Moody, J., Lemmon, M. D., and Antsaklis, P. J. (1996). Feedback control of petri nets based on place invariants. Automatica, 32:15 28.