Carlo Simon. 1. , Kurt Lautenbach. 2. , Hans-Michael Hanisch ... its timestamp denotes the time the token was put on its place [4]. In Timestamp Nets, transitions ...
Using Parameterized Timestamp Petri Nets In Automatic Control Carlo Simon1 , Kurt Lautenbach2 , Hans-Michael Hanisch3 , and Jan Thieme3 1 2 3
Universit¨ at Koblenz-Landau, Institut f¨ ur Management, D-56075 Koblenz Universit¨ at Koblenz-Landau, Institut f¨ ur Softwaretechnik, D-56075 Koblenz Martin-Luther Universit¨ at Halle-Wittenberg, Fachbereich Ingenieurwissenschaften, D-06099 Halle (Saale)
Abstract. In the following sections, we describe a method to deal with time critical problems in the field of automatic control of manufacturing systems. The behavior of a technical system is represented by Timestamp Petri Nets. With the aid of symbolic analysis of such nets we generate a linear optimization problem from a system of inequalities. Their solutions imply time parameters for software controllers which avoid dangerous situations from occurring. We show the applicability of the method by a small example where unknown time parameters of a controller have to be determined to avoid forbidden states of the controlled system from occurring.
1
Introduction
As a base for synthesizing a minimal restrictive controller, we need a model of the uncontrolled plant. We model this by means of Net Condition Event Systems (NCES) [20,14], which are a kind of CES [19] that use Petri Nets to describe the inside of the modules. By assigning a timing concept to these NCES, one can speak of Timed NCES models (TNCES). If a TNCES model is safe one can transform it into a timed Petri Net [21,16] which can be analyzed. For Petri Nets, there exist several timing concepts. We decided to use Timestamp Nets, where intervals are assigned to the incoming edges of transitions [9]. Such an interval assigned to some edge (p, t) describes the permeability of this edge relative to the timestamp of a token on p. For each token its timestamp denotes the time the token was put on its place [4]. In Timestamp Nets, transitions which synchronize several token flows (i.e. such with more than one incoming edge) may be supplied with tokens sufficiently without being able to fire if their incoming edges are not permeable simultaneously. In this case we say the transition got timewise stuck. In the following we examine conditions for transitions of Timestamp Nets getting timewise stuck by reducing these investigations to solving systems of inequalities. The method presented here can also be used to determine parameters for a Timestamp Net in order to prevent transitions from getting timewise stuck. The applicability of the method is shown by a small technical plant described in [10].
2
2
Carlo Simon et al.
An Example
The technical plant we chose as an example is part of a laboratory batch plant. The flowchart of the entire batch plant is shown in figure 1 and was already described in [10]. Here, we consider a modified problem which is restricted to the part of the plant shown in figure 2.
Fig. 1. Flowchart the entire process
In tank T 5, a solution is evaporated in order to increase its concentration. The steam is captured by condenser C1 which is supplied with cooling water.
Using Parameterized Timestamp Petri Nets In Automatic Control
3
When the desired concentration is achieved and tank T 7 is empty, the concentrated solution is drained off into T 7 where a postprocessing step takes place. Finally, the medium is pumped out of T 7.
Fig. 2. Flowchart of the considered sub-process
For the different processes their duration is approximately known [10]. To be more realistic, we permit here that they may vary [7,8]. Table 1 gives an overview over our estimations. Process step / Time between events Filling T 5 Evaporation process in T 5 until the target concentration is achieved Draining the medium off T 5 into T 7 Postprocessing step in T 7 Draining medium off T 7 Time between switching off the heating and gelatinizing of the medium Time between loss of cooling and destruction of the condenser
min 3-4 58 - 61 2-3 40 - 44 10 - 11 4 8
Table 1. Process steps and their duration
If in the case of a condenser’s cooling system breakdown the evaporation process is continued in T 5, it comes to a dangerously high pressure in C1 after a certain time which might result in the destruction of the condenser. Therefore, the evaporation process must be aborted in case of such a breakdown. However, there is a problem. If the medium in tank T 5 is not heated
4
Carlo Simon et al.
up and cannot be drained off into T 7, because the previous batch is still processed in T 7, it will gelatinize after a certain time. This in turn would cause the destruction of the evaporator T 5. Consequently, we are always in a dangerous situation if the breakdown (cooling water loss) occurs and T 7 is still occupied with processing the previous batch. Now we are interested in solutions for two time parameters in order to develop a controller that allows us to react on a condenser’s cooling system breakdown. 1. The first time parameter TV is the time between processing two batches in T 5. It must be large enough to ensure that enough time remains after a shutdown of the heating, allowing the medium in T 5 to be drained off into T 7 before it gelatinizes. 2. The second time parameter TW states the amount of time the heating can be continued without destroying the condenser.
3
Timestamp Nets
In this section, we introduce a timing concept for Petri Nets which helps us solving such problems as described in the previous section. We assume that the reader is familiar with basic concepts of Petri Nets [1,5]. +,∞ Definition 1. Given a ∈ R+ . 0 and b ∈ R0 [a; b] is called time interval, and if a ≤ b holds [a; b] is called non-negative +,∞ + time interval. I+ ∧ a ≤ b} is the set of all R := {[a; b] | (a; b) ∈ R0 × R0 1 non-negative time intervals.
Definition 2. N = (P, T, F, I) is called Timestamp Net, iff (P, T, F ) is a Petri Net, and I : (P × T ) ∩ F → I+ R assigns a non-negative time interval to each incoming edge of a transition describing the edge’s permeability. Given I(p, t) = [r; l], Ir (p, t) = r denotes the begin and Il (p, t) = l the end of the permeability of edge (p, t) ∈ (P × T ) ∩ F relative to the moment place p was marked. The marking m of a Timestamp Net N = (P, T, F, I) is a function m : P → (�R+ 0 ∪ {0}). m(p) = 0 means that p ∈ P is not marked. If a place p ∈ P is marked by m(p) = �ts then ts is called the token’s timestamp indicating the moment the token was put on p. Definition 3. Let N = (P, T, F, I) be a Timestamp Net and m a marking of N . � max{tsp | p ∈ P ∧ m(p) = �tsp } if ∃p : m(p) �= 0 max(m) := 0 else 1
+,∞ + With: R+,∞ := R+ : r + ∞ = ∞. In 0 0 ∪ {∞}, ∀r ∈ R0 : r < ∞ and ∀r ∈ R0 � := {�ts� | ts ∈ R+ the following, we will also consider the set �R+ 0 0}
Using Parameterized Timestamp Petri Nets In Automatic Control
5
is called the highest timestamp or as well the timestamp of the youngest token of m in case that a token exists under m. Now, let t ∈ T be a transition of N . eft(t, m) := max{tsp + Ir (p, t) | p ∈ •t ∧ m(p) = �tsp } is the earliest and lft(t, m) := min{tsp + Il (p, t) | p ∈ •t ∧ m(p) = �tsp } the latest firing time of t under m. The enabling of a transition does not only depend on whether its preplaces are marked, but also on the timestamps of the tokens. Therefore, we have a multi-stage enabling term. Definition 4. Let N = (P, T, F, I) be a Timestamp Net and m a marking of N . • t ∈ T is called marking enabled under m, iff ∀p ∈ •t : m(p) �= 0 ∧ ∀p ∈ t • − • t : m(p) = 0. • t is possibly enabled under m, iff t is marking enabled under m, eft(t, m) ≤ lft(t, m), and lft(t, m) ≥ max(m) hold. • t can get enabled under m, iff t is possibly enabled under m and no other transition t� is possibly enabled with lft(t� , m) < eft(t, m). • t is enabled under m, iff t is possibly enabled under m, and eft(t, m) ≤ max(m). Now, we can define fire rule and firing sequences for Timestamp Nets. Definition 5. Let N = (P, T, F, I) be a Timestamp Net and m a marking of N , t ∈ T might can get enabled and/or is enabled under m, and τ ∈ R+ 0. t can fire at τ , iff eft(t, m) ≤ τ ≤ lft(t, m) and τ ≥ max(m). (t, τ ) is called a step, iff t fires at τ . An enabled transition must fire at the latest at lft(t, m) or is no longer enabled due to the firing of other transitions. The follower marking m� of place p ∈ P which is reached after step (t, τ ) (m [t, τ m� ) is defined by if p ∈ •t − t• 0 m� (p) = �τ if p ∈ t• m(p) if p ∈ P − (•t ∪ t•) ∗ Let m0 be the initial marking of N , and w ∈ (T × R+ 0 ) with w = (t1 , τ1 ) . . . (tn , τn ) a firing sequence. A marking m�� of N is follower marking of m0 under w, written as m0 [w m�� , iff
6
Carlo Simon et al.
• w = ✷ ∧ m0 = m�� , or • there exists a marking m� of N , with m0 [(t1 , τ1 ) . . . (tn−1 , τn−1 ) m� ∧ m� [tn , τn m�� . ✷ designates the empty firing sequence. ∗ [m0 N := {m | ∃w ∈ (T × R+ 0 ) : m0 [w m} is called the reachability set of N under m0 . Although marking enabled, a transition t with at least two preplaces cannot fire under a marking m, if its incoming edges are not permeable simultaneously. In this case we say t is timewise stuck and eft(t, m) > lft(t, m) holds, consequently: Definition 6. Let N = (P, T, F, I) be a Timestamp Net, m0 its initial marking, and m a marking of N with m ∈ [m0 N . A transition t ∈ T is timewise stuck under m, iff it is marking enabled but eft(t, m) > lft(t, m) holds. t is possibly getting timewise stuck, iff a marking m ∈ [m0 N exists and t is timewise stuck under m. If a transition gets timewise stuck, it forces tokens to remain on places forever. In a dynamic system this is an indicator for a faulty situation and as a consequence there is a need to detect such situations and prevent them from occurring. Since in Timestamp Nets the underlying time concept is continuous, there usually exist overcountable many markings in the reachability set of such a net. As a consequence, finding all situations under which transitions might get timewise stuck cannot be computed by considering the entire reachability set. In [6] we proposed a method for estimating whether certain transitions might get timewise stuck or not. This method which has been implemented in the Petri Net tool POSEIDON ([15]) works as follows: Instead of having a marking where timestamps are assigned to tokens we use symbolic tokens. The domain of such a symbol describes the range of possible timestamp values that could be achieved due to a certain fire sequence. Such ranges can be defined with the aid of time intervals and their calculation bases on the non-negative time intervals assigned to the net’s edges. If firing a transition produces two or more tokens simultaneously, under a symbolic marking the equality of their timestamp values is taken into account by using the same symbol for each of these tokens. Now, determining whether a certain transition t might get timewise stuck or not is done by calculating all symbolic markings under which t is enabled, i.e. we have to consider the reachability set of the symbolic marking instead of the reachability set of the timestamp marking. For these symbolic markings we derive systems of inequalities such that if these have a solution t cannot get timewise stuck.
Using Parameterized Timestamp Petri Nets In Automatic Control
7
This approach has the advantage that it can be even extended by some few modifications: If we use parameters to describe the time intervals at the edges of our net, and if we use these parameters for calculating our symbolic marking, then a solution for these parameters guarantees that those transitions we concentrate our investigations on cannot get timewise stuck. With other words, our approach allows to find values for our parameters such that we can avoid faulty situation. In the rest of this section, we define Parameterized Timestamp Petri Nets which have to be used for our approach. In the following section, we define symbolic markings and conditions under which we can exclude that certain transitions can get timewise stuck under a corresponding timestamp marking. +,∞ ∪ VP with VP is a set of Definition 7. Let a ∈ R+ 0 ∪ VP , and b ∈ R0 variables. [a; b] is called parameterized time interval and IVP := {[a; b] | a ∈ R+ 0 ∪ VP , b ∈ R0+,∞ ∪ VP } is the set of all parameterized time intervals.
Definition 8. A Parameterized Timestamp Net N = (P, T, F, VP , I) is a tuple, where (P, T, F ) is a net, VP a set of variables, and I : (P ×T )∩F → IVP assigns to each incoming edge of a transition a parameterized time interval. For f ∈ (P × T ) ∩ F and I(f ) = [r; l], both, Ir (f ), and Il (f ) are defined comparable to definition 2. The initial marking m ˆ of a Parameterized Timestamp Net N = (P, T, F, ˆ : P → (�R+ ˆ = 0 means that p ∈ P VP , I) is a function m 0 ∪ {0}) with m(p) is not marked. We are not interested in the behavior of Parameterized Timestamp Nets but in such solutions for the variables of VP for which certain transitions in the corresponding Timestamp Net will never get timewise stuck. As a corresponding Timestamp Net we define a Timestamp Net which results from a Parameterized Timestamp Net by replacing each occurrence of a parameter by its solution.
4
Symbolic Marking
Under a symbolic marking the places are marked with symbols (i.e. variables) instead of tokens with timestamps. The domain of these symbols is restricted by a system of inequalities. Solutions for these variables imply possible moments at which tokens can be put onto their places under a timestamp marking. If the same symbol is used to mark several places, these places were marked simultaneously by a branching transition. In preparation of definitions 10 and 14, we need rules for calculating with intervals:
8
Carlo Simon et al.
+ Definition 9. Let [a; b], [c; d] ∈ I+ R and therefore a ∈ R0 .
[a; b] ⊕ [c; d] := [a + c; b + d] a ⊕ [c; d] := [a; a] ⊕ [c; d] [a; b] � [c; d] := [max{a, c}; min{b, d}] Definition 10. Let V be a set of variables. A term is defined inductively as follows: • Each value r ∈ R0+,∞ and each variable v ∈ V are terms. • If t1 , t2 are terms then t1 + t2 , max{t1 , t2 }, and min{t1 , t2 } are terms, too. An interval term is defined inductively as follows: • [r; l] is an interval term if r and l are terms. • If t1 , t2 are interval terms then t1 ⊕ t2 , and t1 � t2 are interval terms, too. IV is the set of all interval terms which can be build using the variables in V . Definition 11. Let V be a set of variables. A function c : V → IV , assigning intervals to the variables of V , is called constraint system on V if a partition V1 , . . . , Vn of V exists, with � • ∀ : Vi �= ∅, Vi = V and ∀i, j ∈ {1, . . . , n}, i �= j : Vi ∩ Vj = ∅ 1≤i≤n
1≤i≤n
• and for v ∈ Vi , 1 ≤ i ≤ n: c(v) �→ it, with it ∈ I S Vj j
