Design of Logic Controllers Thanks to Symbolic Computation of Simultaneously Asserted Boolean Equations

Roussel, Jean-Marc; Lesage, Jean-Jacques

doi:https://doi.org/10.1155/2014/726246

Mathematical Problems in Engineering

On this page

Abstract Introduction Discussion Conclusion References Copyright Related Articles

Special Issue

Mathematical Modeling, Analysis, and Advanced Control of Complex Dynamical Systems

View this Special Issue

Research Article | Open Access

Volume 2014 | Article ID 726246 | https://doi.org/10.1155/2014/726246

Design of Logic Controllers Thanks to Symbolic Computation of Simultaneously Asserted Boolean Equations

Jean-Marc Roussel¹and Jean-Jacques Lesage¹

Academic Editor: Hamid R. Karimi

Received11 Dec 2013

Revised06 Feb 2014

Accepted07 Feb 2014

Published28 May 2014

Abstract

Formal methods can strongly contribute to improve dependability of controllers during design, by providing means to avoid flaws due to designers' omissions or specifications misinterpretations. This paper presents a synthesis method dedicated to logic controllers. Its goal is to obtain the control laws from specifications given in natural language by symbolic computation. The formal framework that underlies this method is the Boolean algebra of -variable switching functions. In this algebra, thanks to relations and theorems presented in this paper, it is possible to formally express logical controllers specifications, to automatically detect inconsistencies in specifications, and to obtain automatically the set of solutions or to choose an optimal solution according to given optimization criteria. The application of this synthesis method to an example allows illustrating its main advantages.

1. Introduction

Programmable logic controllers (PLCs) are industrial automation components that receive input signals coming from sensors and send output signals to actuators, in accordance with control laws implemented into a user program (Figure 1). The control algorithms that allow the real time calculation of new output values, according to the current state of the PLC and the observation of new values of inputs, are written in standardized languages, such as ladder diagram (LD), structured text (ST) or instruction list (IL) [1]. A PLC cyclically performs three tasks: inputs reading, program execution, and outputs updating. The period of this task may be constant (periodic scan) or may vary (cyclic scan).

Because of their reliability, even in very severe conditions in terms of temperature, vibrations, electromagnetic perturbations, and so forth, PLCs are frequently used for the control of safety-critical systems (energy production, transport, chemical industry, etc.). In this context, improving the reliability of the user program has been one of the main challenges of the past two decades in the field of automation. Among the different techniques that can be used in this aim [2], formal verification and validation and formal synthesis are the most efficient. Verification is the proof that the internal semantics of a model is correct, independently from the modeled system. The searched properties of the models are stability, deadlock existence, and so on . The validation determines if the model agrees with the designer’s purpose [3]. Efficient validation/verification techniques of PLC programs [4], most often based on model-checking technique, have been proposed by researchers and are now widely used in industry [5], despite problems of state-space explosion that arise when treating large scale systems.

Contrary to verification techniques that aim at proving, after a PLC program has been more or less correctly designed by an expert, that control laws are safe, automatic synthesis methods aim at systematically generating control laws which guarantee by construction the respect of expected safety properties. The avoidance of human errors during the design of controllers is one of the main reasons for which synthesis is a very important subject of research in the field of discrete event systems (DES) since the end of 80’s.

Most part of recent works in this area are still based onto the Supervisory Control Theory (SCT) [6] and are aiming for the synthesis of a supervisor, and not directly to the controller of an automated system. Furthermore, the use of state models (Finite Automata, Petri Nets, etc.) and their composition for the construction of the models of the plant and of the specifications generates a complexity which remains problematic for the synthesis of a supervisor for complex systems [7]. It is therefore interesting to explore other ways for performing synthesis, such as algebraic approaches. In previous works, we proposed a method specifically developed to get the control laws that can be directly implemented into the controller [8]. We have chosen to synthesize these control laws under the form of recurrent Boolean equations because of the wide possibilities they offer for the formalization of safety requirements and for implementation.

Nevertheless, whatever is the used synthesis method, one of the weak links of the automatic generation of the control laws is the step of formal transcription by the designer (within state models or algebraic expressions) of the informal requirements and safety properties the controller has to satisfy. In the case of SCT, some authors have proposed more or less generic approaches for the construction of the models of the plant [9] or of the specifications [10]. But in any case, the hypothesis that requirements can be inconsistent has never been taken into account. Unfortunately in the framework of industrial collaborations we have been able to verify that it is always the case. In this paper we show how, in consideration of specific hypotheses, it is possible to install a correction loop for helping the designer to formalize these requirements and so improving the synthesis method robustness to the lack of precision of the specifications.

This paper is organized as follows. Some basics of algebraic synthesis given in Sections 2 and 3 recall the main steps of our method. Section 4 presents the mathematical framework of our approach and new results that allow us to accept inconsistencies in specifications. The strategy we developed for making the synthesis more robust to the lack of consistency of the specifications is described in Section 5, thanks to a case study.

2. Problem Statement

Figure 2 proposes a generic representation of a DES whose controller has Boolean inputs (), Boolean outputs (), and Boolean state variables (). Plant and controller are connected through a closed loop exchanging inputs and outputs signals. The state variables, needed for expressing sequential behaviors of the controller, are represented by internal variables.

The algebraic modeling of the control laws of the controller necessitates the definition of switching functions of variables. Even if this representation is very compact (the Boolean state variables allow the representation of different states), the construction by hands of these switching functions is a very tedious and error-prone task [11]; the controller of Figure 2 admits inputs combinations can send outputs combinations and can express sequential behaviors. That is the reason why algebraic modeling approaches have been replaced by methods based on state models since the middle of 50’s [12, 13]. Nevertheless, thanks to recent mathematical results obtained onto Boolean algebras [14, 15], the automatic algebraic synthesis of switching functions is now possible.

In [16] an interesting approach for the systematic construction of a reactive program from its formal specification is proposed. In this work, the program synthesis is considered as a theorem proving activity. A program with input and output , specified by the formula , is constructed as a byproduct of proving the theorem . The specification characterizes the expected relation between the input and the output computed by the program. This approach is based on the observation that the formula is equivalent to the second-order formula , stating the existence of a function , such that holds for every .

This approach provides a conceptual framework for the rigorous derivation of a program from its formal specification. It has also been used to synthesize specifications under the form of finite automata from their linear temporal logic (LTL) description [17].

The core of our approach is based on this strategy: we aim at deducing the switching functions of variables which define the behavior of the controller from a formula that holds for every , every , and every .

To cope with combinatorial explosion, switching functions will be handled through a symbolic representation (and not their truth-tables which contain Boolean values). Each input (resp., output ) of the controller will be represented by a switching function (resp., ). To take into account the recursive aspect of state variables, each state variable will be represented by two switching functions: (for time ) and (for time ).

According to this representation, the synthesis of control laws of a logical system from its specification can now be transformed into the search of the solutions to the mathematical problem as follows: where are switching functions of variables.

3. Overview of Our Method

The input data of the proposed method (Figure 3) are unformal functional and safety requirements given by the designer. In practice, these requirements are most often given in a textual form and/or by using technical Taylor-made languages (Gantt diagrams, function blocks diagrams, Grafcet, etc.) or imposed standards.

All the steps of our synthesis method are implemented into a prototype software tool developed in Python (Case studies are available online: http://www.lurpa.ens-cachan.fr/-226050.kjsp). The first step is the formalization of requirements within an algebraic description; examples are given in Section 5.2. Requirements expressed with a state model can directly be translated into recurrent Boolean equations, thanks to the algorithm proposed by Machado et al. [18]. In case where the knowhow of the designer enables him to build a priori the global form of the solution (or of a part of the whole solution) it is also possible to give fragments of solution as requirements [19].

The second step consists in checking the consistency of the set of requirements by symbolic calculation. The sufficient condition for checking this consistency has been given in [20] but no strategy has been proposed for coping with potential inconsistencies. In this paper we show that thanks to new theorems the causes of these inconsistencies can be pointed out. It is then possible for the designer to fix priority rules between the concerned requirements that will allow finding, if exist, solutions despite inconsistencies.

The core of the method is the third step, which consists in the synthesis of the control laws. This step is performed by solving the system of equations which represents the set of consistent requirements. The mathematical results we have obtained (Theorem 12 given in Section 4.3), allow finding a parametric expression of the set of solutions.

In the fourth step of the method, a particular solution has to be chosen among the set of solutions. For that, a specific value of each parameter of the general solution has to be fixed. In a previous work [19], we showed how well chosen heuristics can be used for fixing these parameters. In this paper, we show that the choice of a particular solution among the set of solutions can be expressed as an optimization problem. We propose new theorems that allow calculating the maximum and the minimum of a Boolean formula, and we show how optimal solutions can be automatically found. For ergonomic reasons, the synthesized control laws can finally be displayed under the form of a finite automaton [21].

After the mathematical background of the method has been recalled, we are going to show how, in consideration of specific hypotheses, the second step of the method can be improved by a correction loop helping the designer to formalize the requirements and so improving the robustness of our synthesis method to the lack of precision of the specifications. The strategy to find an optimal solution according to given criteria will be also presented.

4. Mathematical Foundations

This section is composed of five subsections. Sections 4.1 and 4.2 recall some classical results about Boolean algebras and the Boolean algebra of -variable switching functions. Section 4.3 presents how to solve Boolean equations. Sections 4.4 and 4.5 present specific results obtained for the algebraic synthesis of control laws.

4.1. Boolean Algebra: Typical Feature

Definition 1 (Boolean algebra). (Definition 15.5 of [22]) Let be a nonempty set that contains two special elements 0 (the zero element) and 1 (the unity, or one, element) and on which we define two closed binary operations +, , and an unary operation . Then is called a Boolean algebra if the following conditions are satisfied for all :

Many Boolean algebras could be defined. The most known are the two-element Boolean algebra: and the algebra of classes (set of subsets of a set ): .

Definition 2 (Boolean formula). (From Section of [15]) A Boolean formula (or a Boolean expression) on is any formula which represents a combination of members of by the operations +, , or .

By construction, any Boolean formula on represents one and only one member of . Two Boolean formulae are equivalent if and only if they represent the same member of . Later on, a Boolean formula built with the members of is denoted .

Theorem 3 (Boole’s expansion of a Boolean formula). Let be members of . Any Boolean Formula can be expanded as where and are Boolean formulae of only . These two formulae can be directly obtained from as follows:

The relation equality is not the only defined relation on a Boolean algebra. It is also possible to define a partial order relation between members of . This relation is called Inclusion-Relation in [15].

Definition 4 (Inclusion-Relation). (Definition 15.6 of [22].) If , define if and only if .

As Relation Inclusion is reflexive (), antisymmetric (if and , then ), and transitive (if and , then ), this relation defines a partial order between members of (Theorem 15.4 of [22]).

Since in any Boolean algebra, , we also have .

Remark 5. For the algebra of classes , the Inclusion-Relation is the well-known relation and we have: .

Theorem 6 (reduction of a set of relations). (Theorem 5.3.1 of [15].) Any set of simultaneously asserted relations built with the members of can be reduced to a single equivalent relation such as: .

To obtain this equivalent relation, it is necessary(i)to rewrite each equality according to (ii)to rewrite each inclusion according to (iii)to group together rewritten equalities as follows:

4.2. The Boolean Algebra of -Variable Switching Functions

To avoid confusion between Boolean variables and Boolean functions of Boolean variables, each Boolean variable is denoted by . The set of the two Boolean values and is denoted by .

Definition 7 (-variable switching functions). (From Section 3.11 of [15].) An -variable switching function is a mapping of the form

The domain of a -variable switching function has elements and the codomain has elements; hence, there are -variable switching functions. Let be the set of the -variable switching functions.

contains specific -variable switching functions: the 2 constant functions and the projection-functions (). These functions are defined as follows:

can be equipped with three closed operations (two binary and one unary operations) where ,

is a Boolean algebra [22]. Then, it is possible to write a Boolean formula of -variable switching functions and relations between Boolean formula of -variable switching functions. In the case of -variable switching functions, relations Equality and Inclusion can also be presented as follows:(i) and are equal () if and only if the columns of the truth-tables of , are exactly the same, that is, , .(ii) is included into if and only if the value of is always when the value of is , that is, , , or .

Remark 8. Each -variable switching function can be expressed as a composition of by operations and .

Therefore, the Boolean algebra is a mathematical framework which allows composing and to comparing switching functions. Thanks to the results presented in the next subsection, this framework allows also solving Boolean equations systems of switching functions.

4.3. Solutions of Boolean Equations over Boolean Algebra

In [15], Brown explains that many problems in the application of Boolean algebra may be reduced to solving an equation of the form over a Boolean algebra . Formal procedures for producing solution of this equation were developed by Boole himself as a way to treat problems of logical inference. Boolean equations have been studied extensively since Boole’s initial work (a bibliography of nearly 400 sources is presented in [14]). These works concern essentially the two-element Boolean algebra .

In our case, we focus on the Boolean algebra of -variable switching functions . We consider a Boolean system composed of relations among members of for which of them are considered as unknowns. Theorems presented in this section permit to solve any system of Boolean equations as it exists in a canonic form of a Boolean system of unknowns and we are able to calculate solutions for this form.

4.3.1. Canonic Form of a Boolean System of Unknowns over Boolean Algebra

Consider the Boolean algebra of -variable switching functions .(i)Let be the projection-functions of .(ii)Let be elements of considered as unknowns.For notational convenience, we note “” as the vector of the unknowns and “Proj” as the vector of the projection-functions of .

Theorem 9 (reduction of a set of relations between -variable switching functions). Any set of simultaneously asserted relations of switching functions can be reduced to a single equivalent relation such as

This theorem comes from Theorem 6.

In order to be able to write a canonic form for a Boolean system of unknowns over Boolean algebra , we introduce the following notation: for and , is defined by This notation is extended to vectors as follows: for and , is defined by

Theorem 10 (canonic form of a Boolean equation). Any Boolean equation can be expressed within the canonic form where (with ) are the of according to (the term of “discriminant” comes from [15]).

This canonic form is obtained by expanding according to the unknowns . For example, we have

4.3.2. Solution of a Single-Unknown Equation over

The following theorem has initially been demonstrated for the two-element Boolean algebra [14]. A generalization for all Boolean algebras can be found in [15], but no detailed demonstration is given. A new formalization of this theorem and its full demonstration are given below.

Theorem 11 (solution of a single-unknown equation). The Boolean equation over for which the canonic form is is consistent (i.e., has at least one solution) if and only if the following condition is satisfied: In this case, a general form of the solutions is where is an arbitrary parameter, that is, a freely-chosen member of .
This solution can also be expressed as

Proof. This theorem can be proved in four steps as follows:(a)Equation (18) is consistent if and only if (20) is satisfied;(b)Equation (21) is a solution of (18) if (20) is satisfied;(c)each solution of (18) can be expressed as (21);(d)if (20) is satisfied, the three parametric forms proposed are equivalent.
Step (a) can be proved as follows: Equation (20) is a sufficient condition for (18) to admit solutions since is an obvious solution of (18). Equation (20) is also a necessary condition as if (18) admits a solution, then (18) can be also expressed thanks to the consensus theorem as and we have necessarily .
To prove Step (b), it is sufficient to substitute the expression for from (21) into (18) and to use (20) as follows:
To prove Step (c), it is sufficient to find one element of for each solution for of (18). Let us consider defined by “” where is a solution to (18). Then we have
as
To prove Step (d), it is sufficient to rewrite (21) in the two other forms by using (20) as follows:

4.3.3. Solution of -Unknown Equations over

The global result presented in the following theorem can be found in [14] or [15]. However, in these works, the solution is not expressed with a parametric form, but with intervals only. The formulation presented in this paper is more adapted to symbolic computation and is mandatory for practice optimization.

A -unknown equation can be solved by solving successively single-unknown equations. If we consider the -unknown equation as a single-unknown equation of , its consistence condition corresponds to a -unknown equation. The process can be iterated until . After substituting for in the last equation, it is possible to find the solution for . Then, it is sufficient to apply this procedure again times to obtain successively the solutions to .

Theorem 12 (solution of a -unknown equation). The Boolean equation over is consistent (i.e., has at least one solution) if and only if the following condition is satisfied: If (28) is satisfied, (27) admits one or more -tuple solutions such each component is defined by with (i)(ii) is an arbitrary parameter, that is, a freely-chosen member of .

The full demonstration of this theorem cannot be given in this paper because of lack of space (a full demonstration by mathematical induction can be found in [8]). A description of the different steps of the proof and the detail of the principal steps are given below.

Proof (elements of Proof). Equation (27) can be solved by applying Theorems 3 and 11 times according to the unknowns to as follows.
According to Theorem 3, (27) is equivalent to According to Theorem 11, (30) admits solutions in if and only if Equation (31) is an equation with unknowns. Each term of (31) can be expanded according to and (31) can be written in the form According to Theorem 11, (32) admits solutions in if and only if Equation (33) is an equation with unknowns. Each term of (33) can be expanded according to and (33) can be written in the form
In the end, we obtain an equation of only one unknown defined by
According to Theorem 11, (35) admits solutions if and only if
When (36) is satisfied, the equations for to admit solutions. Equation (27) is then coherent and admits solutions.
When (36) is satisfied, solutions of (35) for are
After substituting for into (27), we obtain a new equation involving the unknowns , where
By applying the previous procedure, we can obtain and . Then, it suffices to apply this procedure again times to obtain successively solutions to .

It is important to note that the order in which unknowns are treated affects only the parametric form of the -tuple solution. This is due to the fact that the same -tuple solution can be represented with several distinct parametric forms.

4.3.4. Partial Conclusions

Thanks to theorems presented above, it is possible to obtain a parametric representation of all the solutions of any set of simultaneously asserted relations with unknowns, if a solution exists. In practice, due to the complexity of systems to be designed, proposed set of simultaneously asserted relations is generally inconsistent [23]. To simplify the work of the designer, we have proved complementary theorems to improve the robustness of our method to the lack of precision of the specifications (Section 4.4).

When several solutions exist, the comparison of solutions according to a given criterion can be envisaged since the Boolean algebra is equipped with a partial order. To simplify the work of the designer too, we have developed a method to calculate the best solutions according to one or several criteria (Section 4.5).

4.4. Theorems to Cope with Inconsistencies of Specifications

In practice, it is very difficult for a designer to specify the whole requirements of a complex system without inconsistencies. It is the reason why requirements given by the designer are often declared as inconsistent according to Theorem 12. Since the inconsistency condition is a Boolean formula, it is possible to use it for the detection of the origin of inconsistencies. Two cases have to be considered as follows:(i)Several requirements cannot be simultaneously respected. In this case, a hierarchy between requirements can be proposed in order to find a solution. The requirements which have the lower priority have to be corrected for becoming consistent with the requirements which have the higher priority. This strategy is based on Theorem 14.(ii)The detected inconsistency refers to specific combinations of projection-functions for which the designer knows that they are impossible blocking the synthesis process, it is necessary to introduce new assumptions and to use Theorem 13.

Theorem 13 (solution of a Boolean equation according to an assumption among the projection-functions). The following problem admits the same solutions as the following equation:

Proof. According to , can be rewritten as
Equation is consistent if and only if the following condition is true (Theorem 12): By construction, this new condition is the subset of the initial condition () for which the proposed assumption is satisfied. All the other terms have been removed.
If (42) is satisfied, (40) admits one or more -tuple solutions where each component is defined by As , can also be expressed as When is satisfied, the solutions of (40) are also solution to .

Theorem 14 (Solution of a Boolean equation system according to a priority rule between requirements). The following problem where(i) is the formal expression of the requirements which have the higher priority (HR);(ii) is the formal expression of the requirements which have the lower priority (LR);(iii) is the formal expression of the others requirements (OR);(iv) is the priority rule between inconsistent requirements,admits the same solutions as the system of equations as follows: where is the inconsistency condition between requirements “HR” and “LR”:

Proof. Thanks to Theorem 12, the inconsistency condition between requirements “HR” and “LR” can be found by solving equation . We have To remove the inconsistency between requirements “HR” and “LR” according to the priority rule “HR LR”, it is necessary to restrict the range of requirement “LR” to the part for which there is no inconsistency, that is, . That is the case, when is replaced by .
Thanks to Theorem 12, (49) admits always one or more -tuple solutions and it is impossible to find a less restrictive condition over requirement “LR”.

4.5. Optimal Solutions of Boolean Equations over

The goal of this step is to be able to obtain automatically the parametric form of the -tuples solutions of which satisfy not only a given equation () of Boolean functions but also which maximize (or minimize) a Boolean formula of these Boolean functions () corresponding to the desired optimization criterion.

Generally speaking, the search of the best solution tuples according to a given criterion when the space of solutions is composed of discrete values is a complex mathematical issue. It is sometimes necessary to make a side-by-side comparison of each solution in order to identify the best one. In our case, this exhaustive method which cannot be used as is only provided by a partial order; two particular solutions cannot always be ordered between themselves.

Nevertheless, it is possible to obtain the researched parametric form of the -tuples thanks to the following results.(i)When an equation between Boolean functions has one or more solution tuples in , every Boolean formula onto these Boolean functions can be rewritten thanks to only projection-functions of and free parameters of which are describing these solution tuples.(ii)Every Boolean formula expressed as a composition of projection-functions of and free parameters of has a unique maximum and a unique minimum. These extrema can be expressed thanks to only projection-functions of .

Hence it is then possible to rewrite the initial problem into a 2-equation system to solve

4.5.1. Extrema of a Boolean Formula according to Freely Chosen Members of

Considering the Boolean algebra of -variable switching functions ,(i)let be the projection-functions of ;(ii)let be elements of considered as freely chosen members. Let “” be the corresponding vector.

Any formula for which are freely chosen members of defines a subset of . According to the relation , elements of this subset can be compared. In this specific case, the subset defined by admits a minimal element and a maximal element.

Theorem 15 (minimum and maximum of a Boolean formula). Any formula , ) for which are freely chosen members of admits a minimum and a maximum defined as follows:

Proof. To prove this theorem, it is necessary to establish that (1) is a lower bound of ;(2)It exists at least one specific combination of for which ;(3) is an upper bound of ;(4)It exists at least one specific combination of for which .Details of this proof can be found in [24].

4.5.2. Optimization Problem

Considering the Boolean algebra of -variable switching functions ,(i)let be the projection-functions of . Let “” be the corresponding vector;(ii)Let be elements of considered as unknowns. Let “” be the corresponding vector;(iii)Let be elements of considered as freely chosen members. Let “” be the corresponding vector.;(iv)Let be the Boolean equation to solve;(v)Let be the Boolean formula of the given criterion to optimize (maximization or minimization).

The method we propose, to obtain the parametric form of the -tuple of switching functions solution of according to a given optimization criterion is composed of five steps as follows.(i)The first step is to establish the parametric form of the -tuple solution to only, thanks to Theorem 12.(ii)The second step is to establish the parametric form of the given optimization criterion by substituting for . Let be the result of this substitution.(iii)The third step is to calculate the extremum of according to Theorem 15. Let be the Boolean formula of this extremum.(iv)The fourth step is to replace the given criterion by the equivalent relation (v)The fifth step is to establish the parametric form of the -tuple solution of the equivalent problem

4.5.3. Partial Conclusions

Thanks to theorems presented in this section, it is now possible to obtain a parametric representation of the optimal solutions according to a given criterion, of any set of simultaneously asserted relations with unknowns if a solution exists.

The proposed method also permits to associate simultaneously or sequentially several criteria.(i)When several criteria are treated simultaneously, the optimization problem can admit no solution. That is the case when the given criteria are antagonist.(ii)When several criteria are treated sequentially, the obtained solutions satisfy the criteria with a given priority order. An example of optimization with several criteria treated sequentially is presented in the next section.

5. Algebraic Synthesis of Logical Controllers with Optimization Criteria and Incoherent Requirements

5.1. Control System Specifications

The studied system is the controller of a water supply system composed of two pumps which are working in redundancy (Figure 4). The water distribution is made when it is necessary according to the possible failures of elements (the pumps and the distributing system).

The expected behavior of the control system regarding the application requirements can be expressed by the set of assertions given hereafter:(i)The two pumps never operate simultaneously.(ii)A pump cannot operate if it is out of order.(iii)When a global failure is detected, no pump can operate.(iv)Pumps can operate if and only if a water distribution request is present.(v)Priority is given according to “pr” (pump1 has priority when “pr” is true).(vi)In order to reduce the wear of the pumps, it is necessary to restrict the number of starting of the pumps.

5.1.1. Inputs and Outputs of the Controller

The Boolean inputs and outputs of this controller are given in Figure 5(a). Each pump is controlled thanks to a Boolean output (“p1” and “p2”). The controller is informed of water distribution requests thanks to the input “req.” Inputs “f1” and “f2” inform the controller of a failure of the corresponding pump and “gf” indicates a global failure of the installation. The values o or 1 of input “Pr” decide which pump has priority.

5.1.2. Control Laws to Synthetize

Our approach does not allow identifying automatically which state variables must be used. They are given by the designer according to its interpretation of the specification.

For the water distribution system, we propose to use state variables, one for each output. According to this choice, -variable switching functions ( and ) have to be synthesized (Figure 5(b)). They represent the unknowns of our problem. For this case study, the projection-functions of are therefore as follows.(i)The switching functions (, , , , and ) which characterize the behavior of the inputs of the controller and are defined as follows: (ii)The switching functions ( and ) which characterize the previous behavior of the state variables of the controller and are defined as follows:

5.2. Algebraic Formalization of Requirements

The complete formalization of the behavior of the water distribution system is given in Figure 5(c). In order to illustrate the power of expression of relations Equality and Inclusion, several examples (generic assertions and equivalent formal relations illustrated in the case study) are given hereafter. It is important to note that the relation Inclusion permits to express distinctly necessary conditions and sufficient conditions. This relation is the cornerstone of our approach.(i)Pump1 and Pump2 never operate simultaneously: ;(ii)If Pump1 operates, Pump2 cannot operate: ;(iii)It is necessary to have a request for pumps operate: ;(iv)It is sufficient to have a request for pumps operate: ;(v)When Pump1 is failed, it is sufficient to have a request for Pump2 operate: ;(vi)When Pump1 is failed, it is necessary to have a request for Pump2 operate: .

It is possible to prove that some of these formal expressions are equivalent (e.g., the first two). When a designer hesitates between two forms, he has the possibility, by using symbolic calculation, to check if the proposed relations are equivalent or not.

As and represent the behavior of pump1 at, respectively, times and , it is also possible to express relations about starts and stops of this pump as follows.(i)It is necessary to have a request to start pump1: .(ii)When pump1 operates, it is sufficient to have a global failure to stop pump1: .

5.3. Synthesis Process

In traditional design methods, the design procedure of a logic controller is not a linear process, but an iterative one converging to an acceptable solution. At the beginning of the design, requirements are neither complete nor without errors. Most often, new requirements are added during the search of solutions, and others are corrected. This complementary information is given by the designer after analysis of the partial solutions he found or when inconsistencies have been detected. If we do not make the hypothesis that the specifications are complete and consistent, designing a controller with a synthesis technique is also an iterative process in which the designer plays an important role.

5.3.1. Analysis of Requirements

For this case study, we choose to start with requirements R1 to R6. For this subset of requirements, the result given by your software tool was the following inconsistency condition: .

Since requirements are declared inconsistent, we have to give complementary information to precise our specification. By analyzing each term of this formula, it is possible to detect the origin of the inconsistency:(i): what happens if we have simultaneously a request and a global failure? We consider that requirement R4 is more important than requirement R6 (R4 R6) as no pump can operate for this configuration.(ii): what happens if we have simultaneously a request and a failure of each pump? We consider that requirements R2 and R3 are more important than requirement R6 .

With these priority rules, all the requirements are now coherent and the set of all the solutions can be computed.

5.3.2. Optimal Solutions

For choosing a control law of the water supply system among this set of possible solutions, we will now take into account the given optimization criteria. The first criterion aims at minimizing the number of starting of each pump in order to reduce its wear. The second criterion aims at maximizing the use of the pump indicated by the value of parameter . The method we propose allows proving that proposed criteria cannot be treated simultaneously since they are antagonist (to strictly the priority use of the pump fixed by parameter , it is necessary to permute pumps when Pr changes of value, implying a supplementary start of a pump). Details can be found in [25].

All the priorities rules and optimization criteria used for this case study are given in Figure 5(c). The solution we obtain is proposed in Figure 5(d).

5.3.3. Implementing Control Laws

The synthesized control laws presented in Figure 5(e) have been obtained by translating the expression of the two unknowns according to the projection-functions into relations between recurrent Boolean equations. These control laws can be automatically translated in the syntax of the ladder diagram language [1] before being implemented into a PLC. The code is composed of only 4 rungs (Figure 6).

The synthesized control laws can be given under the form of an automatically built input/output automaton with guarded transitions [21] (Figure 7).

6. Discussion

In our approach, the synthesis of control laws is based on the symbolic calculation, a prototype software tool has been developed to avoid tedious calculus and to aid the designer during the different steps of the synthesis. This tool (that can be obtained on request by the authors) performs all the computations required for inconsistencies detection between requirements and for control laws generation. In this tool, all the Boolean formulas are stored in the form of reduced ordered binary decision diagrams, which allows efficient calculations. For example, the computations for synthesizing a controller for the water supply system that we developed above have been made in less than 10 ms onto a classical laptop.

Our approach has been tested on several studies cases (some of them are available online: http://www.lurpa.ens-cachan.fr/-226050.kjsp). The feedbacks of these experiences allowed us to identify some of its limits and its possibilities; the most important are given below.

We have first to recall that our method can only be used for binary systems (systems whose inputs and outputs of their controller are Boolean values). Nevertheless, in practice many systems, like manufacturing systems, transport systems, and so on, are fully or partially binary.

In our opinion the main advantage of our approach is that, contrary to traditional engineering approaches, the synthesized control laws are not depending on designer’s skill or of his correct interpretation of the system requirements. On the other hand, the quality of the synthesis results highly depends on the relevance of the requirements proposed by the designer. This step of formalization, by the designer, of the informal requirements of the system to be controlled is the Achilles heel of all synthesis methods, including the Supervisory Control Theory (SCT), and cannot be automated.

The objective comparison of our approach with other synthesis methods, and more especially with SCT, is very difficult because the models used and the theoretical basics are very different. Nevertheless, we tested both approaches on same study cases. One of them, the control of an automatic parking gate, has been published in [26]. The results obtained in this case are summarized in Table 1.

Furthermore, one may note that the supervisor that is synthesized by SCT is optimal in the sense where it is the most permissive; that is, the one that reduces the less the plant behavior in order to force it to respect the specifications. As shown in this paper our method allows to cope with inconsistencies in specifications, what is not possible with SCT, and also allows to find optimal controllers by choosing different optimization criteria (most permissive, most restrictive, most safe controller, etc.).

7. Conclusion

Many research works in the field of DES aim at formalizing steps of the systems life cycle. Since 20 years, significant progresses have been obtained for the synthesis, verification, performance evaluation, and diagnosis of DESs. Nevertheless, one of the common difficulties of these works is the translation of informal expression of the knowledge of a system into formal requirements. Few works have paid attention to this important task which is very error prone. In this paper, we proposed an iterative process that allows coping with inconsistencies of the requirements during the synthesis of the controller. The framework in which we proposed this approach is an algebraic synthesis method. Since the problem is located in the frontier between formal and informal, intervention of the designer is necessary. Nevertheless, we have shown that this intervention can be guided by the results of the formal method provides.

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

References

International Electrotechnical Commission, IEC 61131-3, IEC 61131-3 Standard: Programmable Controllers-Part 3: Programming Languages, International Electrotechnical Commission, 2nd edition, 2003.
G. Frey and L. Litz, “Formal methods in PLC programming,” in Proceedings of the IEEE International Conference on Systems, Man and Cybernetics, vol. 4, pp. 2431–2436, October 2000.
View at: Google Scholar
B. Berard, M. Bidoit, A. Finkel et al., Systems and Software Verification: Model-Checking Techniques and Tools, Springer, New York, NY, USA, 1st edition, 1999.
H. Bel Mokadem, B. Bérard, V. Gourcuff, O. De Smet, and J. Roussel, “Verification of a timed multitask system with UPPAAL,” IEEE Transactions on Automation Science and Engineering, vol. 7, no. 4, pp. 921–932, 2010.
View at: Publisher Site | Google Scholar
J. L. Boulanger, Ed., Industrial Use of Formal Methods: Formal Verification (ISTE), Wiley-ISTE, New York, NY, USA, 2012.
P. J. G. Ramadge and W. M. Wonham, “Control of discrete event systems,” Proceedings of the IEEE, vol. 77, no. 1, pp. 81–98, 1989.
View at: Publisher Site | Google Scholar
P. Gohari and W. M. Wonham, “On the complexity of supervisory control design in the RW framework,” IEEE Transactions on Systems, Man, and Cybernetics B, vol. 30, no. 5, pp. 643–652, 2000.
View at: Publisher Site | Google Scholar
Y. Hietter, Synthése algèbrique de lois de commande pour les systemes a évènements discrets logiques [Ph.D. thesis], ENS Cachan, Cachan, France, 2009.
H.-M. Hanisch, A. Lueder, and J. Thieme, “Modular plant modeling technique and related controller synthesis problems,” in Proceedings of the 1998 IEEE International Conference on Systems, Man, and Cybernetics, pp. 686–691, October 1998.
View at: Google Scholar
J.-M. Roussel and A. Giua, “Designing dependable logic controllers using the supervisory control theory,” in Proceedings of the 16th IFACWorld Congress, cDRom paper 4427, p. 6, Praha, Czech Republic, 2005.
View at: Google Scholar
D. A. Huffman, “The synthesis of sequential switching circuits,” Journal of the Franklin Institute, vol. 257, no. 3-4, pp. 161–303, 1954.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
G. H. Mealy, “A method for synthesizing sequential circuits,” Bell System Technical Journal, vol. 34, no. 5, pp. 1045–1079, 1955.
View at: Google Scholar
E. F. Moore, “Gedanken-experiments on sequential machines,” in Automata Studies, pp. 129–153, Princeton University Press, Princeton, NJ, USA, 1956.
View at: Google Scholar
S. Rudeanu, Lattice Functions and Equations (Discrete Mathematics and Theoretical Computer Science), Springer, New York, NY, USA, 2001.
F. M. Brown, Boolean Reasoning: the Logic of Boolean Equations, Dover, Mineola, NY, USA, 2003.
A. Pnueli and R. Rosner, “On the synthesis of a reactive module,” in Proceedings of the 16th ACM symposium on Principles of programming languages (POPL '89), pp. 179–190, ACM, New York, NY, USA, 1989.
View at: Google Scholar
E. Filiot, N. Jin, and J. Raskin, “Antichains and compositional algorithms for LTL synthesis,” Formal Methods in System Design, vol. 39, no. 3, pp. 261–296, 2011.
View at: Publisher Site | Google Scholar | Zentralblatt MATH
J. Machado, B. Denis, J. J. Lesage, J. M. Faure, and J. Fereira, “Logic controllers dependability verification using a plant model,” in Proceedings of the 3rd IFAC Workshop on Discrete-Event System Design (DESDes '06), pp. 37–42, Rydzyna, Poland, 2006.
View at: Google Scholar
Y. Hietter, J.-M. Roussel, and J.-L. Lesage, “Algebraic synthesis of transition conditions of a state model,” in Proceedings of the 9th International Workshop on Discrete Event Systems (WODES '08), pp. 187–192, Göteborg, Sweden, May 2008.
View at: Publisher Site | Google Scholar
Y. Hietter, J.-M. Roussel, and J. J. Lesage, “Algebraic synthesis of dependable logic controllers,” in Proceedings of the 17th World Congress, International Federation of Automatic Control (IFAC '08), pp. 4132–4137, Seoul, South Korea, July 2008.
View at: Publisher Site | Google Scholar
A. Guignard, Symbolic generation of the automaton representing an algebraic description of a logic system [M.S. thesis], ENS Cachan, Cachan, France, 2011.
R. P. Grimaldi, Discrete and Combinatorial Mathematics: An Applied Introduction, Addison-Wesley Longman, Boston, Mass, USA, 5th edition, 2004.
J.-M. Roussel and J.-J. Lesage, “Algebraic synthesis of logical controllers despite inconsistencies in specifications,” in Proceeding of the 11th International Workshop on Discrete Event Systems (WODES '12), pp. 307–314, Guadalajara, Mexico, 2012.
View at: Google Scholar
H. Leroux, Algebraic Synthesis of Logical Controllers with Optimization Criteria, ENS Cachan, Cachan, France, 2011.
H. Leroux and J. -M. Roussel, “Algebraic synthesis of logical controllers with optimization criteria,” in Proceedings of the 6th International Workshop on Verification and Evaluation of Computer and Communication Systems (VECOS '12), pp. 103–114, Paris, France, 2012.
View at: Google Scholar
M. Cantarelli and J. Roussel, “Reactive control system design using the supervisory control theory: evaluation of possibilities and limits,” in Proceedings of 9th International Workshop on Discrete Event Systems (WODES '08), pp. 200–205, Göteborg, Sweden, May 2008.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2014 Jean-Marc Roussel and Jean-Jacques Lesage. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

1030

Downloads

872

Citations