See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/226172996

Hierarchical control of timed discrete-event systems

Article in Discrete Event Dynamic Systems · July 1996

DOI: 10.1007/BF01797155

CITATIONS READS

41 128

2 authors, including:

Walter Wonham
University of Toronto
343 PUBLICATIONS 39,619 CITATIONS

SEE PROFILE

All content following this page was uploaded by Walter Wonham on 09 December 2014.

The user has requested enhancement of the downloaded file.

 DiscreteEventDynamicSystems,6, 275-306 (1996)
O 1996KluwerAcademicPublishers,Boston. Manufacturedin The Netherlands.

Hierarchical Control of Timed Discrete-Event

Systems
K.C. WONG AND W.M. WONHAM kcwong, wonham@control.utoronto.ca
Dept. of Electrical and Computer Engineering, University of Toronto

Received November 21, 1994; Revised September 5, 1995

Abstract. An abstract hierarchical control theory is developed lbr a class of timed discrete-event systems (TDES)
within the discrete-event control architectural framework proposed earlier by the authors. For this development, a
control theory for TDES is introduced in the spirit of a prior theory of Brandin. A notion of time control structures
is introduced, and on its basis a general property of hierarchical consistency is achieved by establishing control
consistency - namely preservation of time control structures through the aggregation mapping in a two-level
hierarchy.

Keywords: timed discrete-event systems, time control structures, hierarchical consistency

1. Introduction

A control theory (RW) for a general class of discrete-event systems (DES) - systems or
processes that are discrete in time and state space, generative, and possibly nondetermin-
istic - was initiated by Ramadge and Wonham (1982,1983) (for a review see Ramadge
and Wonham (1989)). Within this framework, architectural concepts such as modular, de-
centralized, and hierarchical control have been investigated by a number of workers. In
Ramadge and Wonham (1987), Wonham and Ramadge (1988), Lin and Wonham (1988),
Cieslak et al. (1988), Willner and Heymann (1990), Inan (1992), and Rudie and Wonham
(1992), the authors investigate horizontal decomposition in supervisory control through no-
tions of modular and decentralized control. Dually, Zhong and Wonham (1990,1992) study
vertical modularity in supervisory control. They consider a two-level hierarchy, in which
the high-level system is an abstract, simplified model of a low-level process and is driven
by it through an information channel, and introduce the concept of hierarchical consistency
to ensure that tasks of the high-level supervisor are realized through implementation by the
low-level agent.

For greater modelling capacity and realism, the original RW framework has been extended
to incorporate additional features such as time. A control theory of timed discrete-event
systems (TDES) with its own control technology - the specific manner in which control is
exercised - is developed in the spirit of the original RW theory in Brandin (1993) and Brandin
and Wonham (1994). Within this theory, time is modelled with the special event tick, as the
tick of a clock. As in RW, certain events can be disabled and hence prevented from occur-
ring; in addition, a class of forcible events is available for the supervisor to preempt a tick
276 K.C. W O N G AND W.M. WONHAM

event, modelling the situation in which an event is forced to occur before a given time bound.

To achieve a more unified development of the control architectural ideas independent of

any specific control technology, a framework was proposed in Wong and Wonham (1992),
and further developed in Wong (1994). This framework is based on the concepts of control
structures and observers. A control structure is an abstract generalization of families of
controllable languages in the RW setting. With this, we obtain a general version of Zhong's
hierarchical consistency by first establishing control consistency, namely the preservation
of control structures through the information channel (mapping). Since the development is
independent of any specific technology, it can be adapted to different extensions of the RW
theory such as the control theory of TDES (Brandin and Wonham 1994). Within the frame-
work of Wong (1994), a finer notion of hierarchical consistency in which the nonblocking
property is preserved is investigated on the basis of observers, or congruences of suitably
defined dynamics, along the lines of Wonham (1976). Hierarchical control of (untimed)
DES based on the notions of control structures and observers is presented in Wong and
Wonham (1996).

In this paper we adapt the abstract hierarchical control of Wong and Wonham (1996) to
(a variation of) the timed setting of Brandin and Wonham (1994). It is found that the class
of TDES there with its timing semantics is not closed under control (at least the control
proposed in Brandin and Wonham (1994)). Thus an alternative definition of TDES and a
more refined timed control technology are introduced, for which the latter induces a control
structure in our sense. Next, the abstract concept of time control structure, one with the
additional requirement that time be not stopped by control, is introduced. Then as in the
standard case, hierarchical consistency in the timed setting is achieved by establishing con-
trol consistency, the preservation of time control structures through the information channel
(mapping).

An earlier version of this work was reported in Wong and Wonham (1993); the ideas are
more fully developed in Wong (1994). The rest of the paper is organized as follows: In
section 2, we recall the concept of control structures and the general schema of Zhong's two-
level hierarchy (Zhong and Wonham 1990), and give a brief overview of the relevant ideas
in Wong and Wonham (1996). In Section 3, an alternative definition of TDES is proposed,
leading to a framework that refines the control technology of Brandin and Wonham (1994).
Then the notion of time control structures is defined. On its basis hierarchical control of
TDES is developed in Section 4; as in the untimed case we achieve hierarchical consistency
by establishing control consistency. In Section 5 we present conclusions and topics for
future research.

2. Preliminaries

Let ~ be an alphabet of event labels and ~* be the set of all finite sequences of event
labels, including the empty string e (~ ~). A subset of ~* is called a language over ~. Let
s, u E ~*. Then s is a prefix of u, written s <_ u, if there exists v E ~* such that sv = u.
HIERARCHICAL CONTROL OF TIMED DISCRETE-EVENT SYSTEMS 277

Write s < u for s < u and s ¢ u. Let H _ 2". The prefix closure of H, written H or
pro(H), is

A language H is prefix closed if H = H. In the RW framework, a DES is modelled as

an automaton and its behaviour as the prefix-closed language generated by the automaton.
We use the same notation as in Ramadge and Wonham (1989); for an automaton G, L(G)
denotes its closed behaviour. As in Wong and Wonham (1996), the prefix closure can also
be viewed as an operator on 7~(L) for a prefix-closed L C_ Z~*, where 7~(-) denotes the
power set. For any prefix-closed L C_ ~* let 5eL := {H C L [ H is prefix closed }.

Let L E .7-~., representing the behaviour of a discrete-event process. A map C : f L ----+

7~2(L)(= 7'7~(L)) is a control structure on 5r:L(or simply on L) (Wong and Wonham 1996)
if
(1) For every H E f L , C(H) C_7~(H) is a complete upper semilattice
with respect to U in 7~(H)
(2) For every H E -~L, O, H E C(H)
(3) For every H E .TL, K C C(H) ~ K E C(H)
(4) For every H, f C -UL with H C F, C(F) N ~P(H) C_C(H),
with equality i f H c C(F) := f F N C(F)
Intuitively, considering L as the behaviour of a system G and a prefix-closed sublanguage
of L as the behaviour of a "subsystem" of G, the map C can be thought of as the action of
attaching, to every prefix-closed language or "subsystem" of G, the set of "controllable"
sublanguages, the behaviours to which the system can be restricted with the intervention
of "control" in an appropriate technology. We refer to C(H) as the set of controllable
sublanguages of H , for every H E f c . The first, or join closure, axiom states that the
family of controllable sublanguages of any subsystem is closed under arbitrary union; the
second or nontriviality axiom ensures that the family of controllable sublanguages of any
subsystem is always nonempty: the empty language and the behaviour of the subsystem are
always controllable (with respect to the subsystem). The first two axioms together imply
that the largest or °'minimally restrictive" controllable sublanguage of a given language in
any subsystem always exists. The family of controllable sublanguages of any subsystem
is closed under prefix closure as stated by the third or prefix closure axiom. The last or
inheritance axiom ensures that the assignments of controllable.sublanguages of a system
and its subsystems are done harmoniously. Given two systems H and F with H being a
subsystem of F, all the controllable sublanguages of F that are sublanguages of H are also
controllable sublanguages of H, i.e., H inherits all the controllable sublanguages of F. If
in addition H is a "controllable subsystem" of F, then all the controllable sublanguages of
H are inherited from F.

Later we also consider restrictions of control structures in the following sense: Let C :
fr , "P2(L) be a map, X C J:L, and Cx := C[x. Then Cx is a control structure with
respect to X if Cx is a control structure on X and
278 K.c. W O N G AND W.M. WONHAM

Cx (H) C X

for H E X. The additional condition ensures that X is invariant under control; hence
control syntheses can be carried out in succession on systems in X. In particular if C is a
control structure, then C restricted to C(L) is a control structure with respect to C(L).

In Wong and Wonham (1996), we formalize a two-level hierarchy schema of Zhong and
Wonham (t990), summarized in the informal flow diagram in Figure 1. Here Gto is the

I, Chi t~

COq'th i
---> Gai high-level

COmhilo in flohi

Go I ~ Glo low-level
~[,,
co~lo

Figure I. A two-level hierarchy schema.

actual plant and Gm is a simplified model of Gto. Suppose these two models are endowed
with control. Then Cm could in principle exercise control over Gin. Since the "dynamics"
of Gm is entirely driven by Gzo via the information channel inf~ohi, this control of Gm
is only virtual and is realized by first conveying the intention of Chi to Clo through the
command channel comhao. The actual control is carried out via conto, and the result of
the control action is summarized and reported back to Cm via inftohi and in fro. The
important concept of hierarchical consistency (Zhong and Wonham 1990) is essentially
the requirement that the high-level control conm be consistent with its "implementation",
in from o conto o comhao, through the low level.

This concept of hierarchical consistency is formalized in terms of control structures

and a suitable commutative diagram, and thus provided with a precise algebraic meaning.
Formally, with a prefix-closed language L representing the behaviour of Gto in Figure 1, the
information channel infzohi is modelled via a prefix-preserving (or past-preserving) map
0 :L > T* (Wong and Wonham 1996) (here T is the high-level alphabet), namely

0 opre = preoO

This definition of prefix-preserving map is logically equivalent to the more concrete defi-
nition of Zhong and Wonham (1990). Let M := O(L), representing the closed behaviour
of Gm in Figure 1. To achieve hierarchical consistency, we establish what is called control
HIERARCHICAL CONTROL OF TIMED DISCRETE-EVENT SYSTEMS 279

consistency, the preservation of control structures through 0: Given a control structure Clo
on 3rL, by arranging the following kernel condition

ker 0 <_ ker (0 o Cto)

there is a unique map Chi from YM tO 7~2(M) such that for all H C 5rL we have OCzo(H) =
ChiO(H); furthermoreChi is acontrolstructure on ~M. ]hen we havethe following equation
t~ M = O o IgL O O - 1

where gL and t~M are control operators, assigning the largest controllable sublanguage to
a given language on L and M respectively. This equation captures the notion of hierarchi-
cal consistency: any synthesis/£M can be realized by the following sequence of actions,
command 0 -1, control ~L, and report 0. For more details we refer the reader to Wong and
Wonham (1996).

3. Timed discrete-event systems

A control theory of TDES was developed in the spirit of the original RW theory in Brandin
and Wonham (1994). However, the class of TDES there and its timing semantics (i.e., that
of Ostroff (1990)) are not closed under control (at least the control proposed in Brandin
and Wonham (1994)) as shown in Appendix A. To remedy this shortcoming we propose
an alternative definition of"IDES and develop a control theory of TDES on that basis.

Let East be an alphabet of activity event labels, and tick {[ Ee~t be the event representing
a mark in the flow of global time, It could be the regular tick of a global clock or some
special event marking a significant point in the flow of time. Let

E := Eact 0 {tick}

Now we introduce the notion of time behaviours. Suppose that L is a prefix-closed language
over E. Let

£L := { H E 5eL I (Yu, v e H ) u < v o r v < u}

M L := { H e £L i (VH' e £L) H C H' ~ H = H'}

Here ~ L is the set of prefix-closed chains of elements in L, and .Al L is the set of maximal
elements in/:L- We note that, for two prefix-closed languages H and F with H c F,
£H C_ £ f . It is clear that M L ~ ~. An infinite prefix-closed chain can be viewed as
a finitistic approximation to an infinite string. Let Pt : E* ~ {tick}* be the natural
projection which erases all the event labels except tick, namely:

pt(tick) = tick,
pt(cr) = e, for all a c Eact,
p t ( s J ) = pt(s)pt(J), for all s, s' E E*
280 K.C. W O N G A N D W.M. W O N H A M

Let L be a prefix-closed language over ~. Then L is a time behaviour if

(VII E M L ) pt(H) = tick*

A time behaviour is a prefix-closed language in which the event tick occurs infinitely often.
We notice that (0 is not a time behaviour. For uniformity of treatment, we define ~ as a
special time behaviour, the empty time behaviour. As an illustrative example, consider the
following TDES, borrowed from Ostroff (1990).

Example: Let the automata modelling the behaviours of a train and a gate in a railroad
crossing be given as in Figt~e 2. Let the timing constraints of the events in Figure 2 be

Train Gate

Travelling ~ Up

Otl 6 Otl 6

Approaching a2 In-gate Lowering fl Down

Figure 2. Models of Train and Gate.

given by the following time bounds:

[o, [3, 611,

Here the semantics of time bounds is the same as that in Brandin and Wonham (1994) and
Ostroff (1990), i.e., or[t0, ~ ) means the event cr could occur any time after to or not at
all; or[to, tl], tl < co, means the event ~r must occur with occurrence time within [to, ta]
unless preempted by occurrences of other events. The concept of time bounds will play no
formal role at all in the development of this article. With the timing constraints explicitly
modelled via the tick event, the timed models of T r a i n and Gate are as displayed in Figure
3. The closed behaviours generated by the automata in Figure 3 are time behaviours.
[]

The following lemma will be of use later.

LEMMA 1 Let L be a prefix-closed language over E. lf H E EL and IHI = w , then

H E AAL. Iffurthermore L is a nonempty time behaviour, then the condition H E £L and
IHI = ~ is also necessary.
Here IX I denotes the cardinality of the set X and c~ the cardinality of natural numbers
1%
HIERARCHICAL CONTROL OF TIMED DISCRETE-EVENT SYSTEMS 281

Train Gate

5 t tick

ick

tick lo,
tick
tick tick tick tick

Figure 3. Timedmodels of T r a i n and Gate.

Proof: Let L be a prefix-closed language. Suppose H E £L and IHI = ~ . Let H r E EL

with H _C H r. We need to show H = H r. Suppose otherwise, i.e., H C H ' with strict
inclusion. So there exists s r E H r such that s ~ ¢ H. Since H and H t are prefix-closed
chains, for all s E H we have s < s'. Thus [H l < till, which contradicts that till = ~ .
So H = H ~ after all, i.e., H E AAL.
Assume furthermore that L is a nonempty time behaviour. Let H E A//L. Then H E EL.
Since L is a nonempty time behaviour, Pt (H) = {tick}*. Thus IHI >_ ]Pt (H) I = ttick*l =
INI, i.e., IHI = c~. []

It follows from Lemma 1 that, for two nonempty time behaviours H and F with H C F,
.A/~H ~ .A/~F.

We now consider the composition of time behaviours. Let TL denote the set of time
behaviours that are sublanguages of a given language L. Suppose L1, L2 E Tz*, i.e., L1
and L2 are time behaviours. Then La and L2 are time synchronous if

LIlt~L2 ~ 7-E*

Here ]is is the synchronous product of languages (Ramadge and Wonham 1989), and L111sL2
represents the concurrent behaviour of two TDES governed by the same global clock. If
L1 and L2 are not time synchronous, then the two TDES cannot cooperate under the same
time frame as illustrated by the following example.

Example: Let G1 and G2 be given as in Figure 4. Clearly L(G1) and L(G2) are time
behaviours. Here L(G1)IIsL(G2) = {~} ~ Tz*. In G1 c~ is required to occur before the
first tick of the clock; whereas in G2 c~ must occur after the first tick. Thus G1 and G2
cannot cooperate under the same global clock. []
282 K,C. WONG AND W.M. WONHAM

G2
• )
tick

)
tick ir °~

tick

Figure 4. Non-time synchronous TDES.

We notice that any two time behaviours with disjoint activity event labels are always time
synchronous. Our definition of the composition of TDES differs from that of Brandin and
Wonham (1994) in that here time is global, i.e., all the behaviours are set in a single time
frame and are measured with respect to it; whereas in Brandin and Wonham (1994) time
has a more local meaning as we see in Appendix A. We continue with the train and gate
example.

Example: Let the time behaviours of Train and Gate be given as in Figure 3. In this case
these time behaviours are time synchronous and their synchronous product, TrainGate, is
displayed in Figure 5. []

Next we introduce the time control technology. Let L E 7:~z* - {13}, i.e., L is a nonempty
time behaviour, representing the behaviour of a TDES. We fix the meaning of L for the
remainder of this section. Let H be a prefix-closed language. Define

T+:H~7)(H):s, ~{stick n E H ] n E N +}

Here N + is the set of positive natural numbers and tick n : : tick .~-tick. The set T+(s)
n

represents the time future of s in H, i.e., the tick's that the system can undergo before it
must execute an activity event. Following Brandin and Wonham (1994), let

EligH : 2* ~ 79(E) " s~ , {~ E ~,I.sa e g }

for H c_ Z*. Here EligH(s) is the set of eligible events of s in H.

Now we introduce the set of events at any point in L which can be prevented from
occurring. Define ~m6 : L ~ 7~(2ac~) satisfying

(Vs E L) T+(s) = ~ ~ Emb(S) C EligL(s) (1)

HIERARCHICAL C O N T R O L OF T I M E D D I S C R E T E - E V E N T SYSTEMS 283

tick
tick ... tick

tick

tick

tick
~ick
tick tick
0~2
OL2
tick
tick

tick

Figure 5. TrainGate, the concurrent time behaviour of T r a i n and Gate.

with strict inclusion. The set Ehib(S) denotes the set ofprohibitible events at s in L. If
TL+ (s) = !?, then the events in E l i 9 L (s) are imminent, i.e., one of these events must occur
before the next tick. Thus at least one of the eligible events must not be prohibitible. For
all s E L, let E ~ ( s ) := Eact - E m v ( s ) be the set of uncontrollable events at s in L. The
other means of control in TDES is forcing. Define E for : L ", P ( E ~ t ) with

(2)

The set Efor (s) denotes the set o f forcible events at s in L. We notice that in Brandin and
Wonham (1994) events could be both prohibitible and forcible; but we can remodel such
events so that our disjointness condition is satisfied, as illustrated by the following example.

Example: Let G be given as in Figure 6, in which E for (e) = Emb (e) = {a} and E for (s) =
Emb(S) = 0 for s E L ( G ) - {e}. Since an event cannot be disabled and forced at the same
time, which control option is to be exercised depends on the unmodelled "circumstances".
To recover the disjointness condition, we model those "circumstances" explicitly as in G r
in Figure 6 via/3 and 7- Here E for(/3) -- { a } and E r o s ( s ) = 0 for any s E L ( G ' ) - {/3},
and Emb(7) = {a} and Emb(S) = 0 for s E L ( G ' ) - {7}. []

We now introduce the definition of controllable languages in TDES based on the control
technology defined in the previous paragraph. But first we restrict ourselves to the following
subclass of time behaviours in L. Let
284 K.C. WONG AND W,M. WONHAM

G GI

t i c k / , ~ ¢ 0 ~ tick ~ tick

tick

~0/ tick

tick

Figure 6. Prohibitible and forcible events.

be the set ofpropertimebehavioursof L. Thus a proper time behaviour is a time behaviour

with the property that at any point an uncontrollable event is eligible when tick is not;
intuitively in a proper time behaviour control cannot stop the clock. We remark that ~ and
L are in ~ L trivially. Following the spirit of Brandin and Wonham (1994), we introduce a
notion of controllability. Let H E ~ L and K C_ H . Then K is controllablewithrespect
to H if for all s C K ,
EligH(s) N (Eune(S)U{tick}) ifEligK(s) N Efo~(s) = (3)
EligK(s) D EtigH(s)N Eunc(s) ifEligK(s) n ~~for(8) • 0
Thus K controllable means that, after any string in the closure of K , an event (r that is
eligible in H must occur in the closure of K if: either a is uncontrollable, or a is tick
and no forcible event is eligible in K ; thus tick can be excluded only if a forcible event is
eligible in K (to preempt it).

Example: Let G be given as in Figure 7, where Ehib(Ce)= {a}, Efor(a) = {~}, and

G
~ tick
F "1
! !
!
! a tick !l Controllable
L. .. .t

"~~ tick

Figure 7. A controllable l a n g u a g e in TDES.

Ehib(S) = ~for(S) = 0 for s E L(G) - {a}. The automaton enclosed in the box in Figure
HIERARCHICAL CONTROL O F TIIVIED DISCRETE-EVENT SYSTEMS 285

7 is controllable as the second a can be disabled and the first tick event after the sequence
a can be preempted by the forcible event/3. []

Example: We continue with the train and gate example introduced before. To ensure
that safety can be enforced at the railroad crossing, we equip L(TrainGate) with the
following control, where TrainGate is the automaton given in Figure 5: let Emb(S) = 0

tick (
~ ~ t i c k q tick ,,.. tick

tick

<3
~ick tick t... 1lie a:
~, _,I, -A tick - X ' - . / ;
tick tick\ / 1
".oI .-lJ'].'.
tick

Figure 8. T r a i n G a t e equipped with control.

for s E L(TrainGate), and

{{/3}, ifr/(s, qo) = q

Efo~(s) = O, otherwise

where s E L(TrainGate); r1is the (partial) transition function ofTrainGate; q is the state
in TrainGate as shown in Figure 8; q0 is the initial state. Thus, after the train has been
approaching for two ticks of the clock, the gate can be forced down, if it is not yet down at
this point. Hence the system to the left of the dotted line as in Figure 8 is controllable.
[]

For a proper time behaviour F in L, let

C(F) := { K C F t K is controllable with respect to F}

C(F) : = C(F) n my
286 K.C. W O N G A N D W.M. W O N H A M

Then we have the following important fact which in essence says the class of proper time
behaviours is closed under control.

PROPOSITION 1 Under the foregoing assumptions,-C(F) C_ EL:for F E EL.

Proof: Let F E EL. We only need to show that C(F) - {13} C EL. Suppose the
contrary, i.e., there exists K E C(F) - {13} such that K ¢ E L . In other words there exists
K E C(L) - {0}, and K ~_ TF, or T+(s) = 0 and EligK(s) C_ Emb(S) for some s E K.
We note that F is nonempty. Suppose K is not a time behaviour, i.e., there exists H E 3AK
such that

pt(H) C tick* (4)

Claim 1: IH] < tNt

Suppose otherwise, i.e., IHI = 1NI. Since H E A//K C_ Z;~ and K C_ F, H E /;F.
By Lemma 1 H E .AdF. Since F is a nonempty time behaviour, Pt (H) = tick* which
contradicts (4). So till < INI as claimed.
Let u := max(H). Thus u E H C K. Since H E .MK, for all ~r E E we have u(r ¢ K,
i.e., EligK(u) = 0. Thus Efo~(U) n Elig~(u) = 0. Since K E C(F),

EZig (u) n u {tick}) c Elig (u)

But EligK(u) = 0. Hence EligF(u) M ( E ~ c ( u ) U {tick}) = 0. So we have

tick ¢ EligF(u) (5)

It follows that Eligf(u) C_ Emb(u). Since F E 7"tL, T+ (u) ¢ 13. Therefore utick E F,
i.e., tick E EligF(u) which contradicts tick ¢ Eligv(u) in (5).
Suppose T ~ ( s ) = 0 and EligK(s) C Emb(S) for some s E K .
Claim 2: tick f[ Eliyf(s) - EligK(s).
Suppose otherwise. Then since K E C(F), Elig~:(s) N Efo~(S) ~ 0. By the definition of
Z for, E for(S) N Ehib(S) = O. Thus

0 ¢ Elig :(s) n 2So (S) c h b(S) n ESo (S) = 0

a contradiction. Hence tick ~ EligF(s) - EIigK(s) as claimed.
Since T~. (s) = 0, by Claim 2 T + (s) = 13. Also since K E C(F), Eli9F (s) - Eli9K (s) C
Emb(S). We note that EligK(s) C_ EligF(s), and we have Eli9K(S)_ C_ Emb(S). Thus
Eli9F(S) C Emb(S). But this contradicts the fact that F E EL. So C(F) - {0} C_ E L
after all. []

Thus the class of proper time behaviours is closed under control. Furthermore we have
the following technical result: the classes of time behaviours and proper time behaviours
are closed under arbitrary unions.

LEMMA 2 Let L be a nonempty time behaviour, equipped with the time control technology
given in (1) and (2). Then TL and EL are closed under arbitrary unions.
HIERARCHICAL CONTROL OF TIMED DISCRETE-EVENT SYSTEMS 287

Proof: First we show TL is closed under arbitrary unions. Let Ha E TL for a E A, an

index set. Let H : = Uc~A H a . Since H,~'s are prefix-closed, so is H. It is sufficient to
consider the case in which all of the H ~ ' s are nonempty. Now let F E AdH. We claim
that IF t = ec. Suppose tFt < oc. Let s = m a x ( F ) . Thus s E F C H = U~EA H~. So
there exists a0 E A such that s E H a o. Since F is a maximal prefix-closed chain in H ,
so- ¢ H = [-JaCA H a for all o. E E. In particular, so- ~ Hc~o for all o. E E. Thus F is a
maximal chain in H , o. From our supposition that IF 1is finite, H~ o is not a time behaviour,
a contradiction. Thus IFI = oc as claimed. Since H C_ L and F E 2tdH C f-.H, F E £L.
By Lemma 1 F E 3AL. Since L is a nonempty time behaviour, pt(F) = tick*.
Next we consider 74L. Let H~ E 74L for c~ C A and H : = [-J~eA Ha. Again we may
consider the H ~ ' s to be nonempty. Now let s E H with T + (s) = 0. Thus s E H~ for some
E A. Since T H(S)
+ = ~), T+ (s) = ~). Thus Ehib(S) C Eli9H ~ (s) with strict inclusion
because H a E 74L. Since Ha C H, Eli9H~ (s) C EligH(s). Hence Emb(S) C Eli9H(S)
with strict inclusion. Therefore H E ~L. I

Next we show that the time control technology we introduced induces a control structure~

PROPOSITION 2 Let L be a nonempty time behaviour, equipped with the time control
technology as given in (1) and (2). Let C : TgL ---+ "P2(L) : F , ~ C(F). Then C is a
control structure with respect to T4L.
First we establish the following lemmas. In Lemma 3 we show that, for any proper time
behaviour F, C(F) is closed under arbitrary unions; in Lemma 4 the inheritance axiom in
the definition of control structures is satisfied for TeL.

LEMMA 3 Under the same assumptions as in Proposition 2, C(F) is a complete upper

semilattice for F E 7¢L.
Proof: Let F E T~L. Let Kc~ c C(F) for a E A, an index set. Let K : = UaEA K~ and
s E K = Uc~EA K a = UaEA K a . We show that K is controllable with respect to F .
First we note that EtigK(s) = UacA EligK, (s). Consider the following cases.
Case (i) EligK(s) n E/o~(s) ¢ 0:

(Uc~EA EligK~ (s)) r~ E for(s) ¢

EligK~ (s) N Eyo~(s) ¢ (~ for some a C A
EligK~ (s) D_ EligF(s) n E ~ ( s ) since Ka E C(F)
EligK(s) 2 EligF(s) N Eunc(S)

Case (ii) EligK(s) N Efo~(S) = O:

(Uc~EAEligK~ (s)) n ESor(s ) =

EligK~(S) n r, fo~(S ) = 0 for all c~ E A
EligKo (s) ~ Elig.(s) n ( 2 ~ ( s ) u { t i c k } ) for all c~ ~ A
since K a E C ( F )
Etig ( ) ZligF( ) n u {tick})
288 K,C. WONG AND W.M. WONHAM

Therefore K is controllable with respect to F.

LEMMA 4 Under the same assumptions as in Proposition 2, let H, F E ~r~L with H C_F.
Then C(F) n P(H) C_C(H). lffurthermore H E C(F), then we have equality.
Proof: L e t H , F E 7~L w i t h H C F. We show t h a t d ( F ) n P ( H ) C_ C(H). Let
K E C(F) n P(H), i.e., K E C(F) and K C H. Let s E K. Consider the following
cases.
Case (i) EligK(s) N Eyor(S) = 0: Since K E C(F), EligF(s) N (Eunc(S) U {tick}) C
EligK(s). Since H C_F, Eligg(s) C_EligF(s). So we have
EligH(s) n (E~nc(s) U {tick}) C_EligF(s) n (Eunc(s) U {tick}) C=EligK(s)
Case (ii) EligK(s) n Efor(S) ¢ O: Since K E C(E), Eligv(s) N Eunc(s) C EligK(s).
Again since H C_ F,

Eligu(s ) N E~n~(s) C EtigF(s) N E~n~(s) C_EtigK(s)

Thus K E C(H).
Assume furthermore H E C(F). We only need to show C(H) C_ C(F) N P ( H ) . Let
K E C(H). Thus K E P ( H ) . To show K E C(F), let s E K . Consider the following
cases.
Case (i) EligK(S) n Esor(S ) = O: Since K E C(H),

Eligs(s) N (Eunc(s) U {tick}) C EligK(s)

Claim: Eligu(s) n ZSor(S ) = 0.
Suppose otherwise, i.e., EligH(s) n E for(S) # 0. Since K C_ H, EligK(s) C EligH(s).
Thus (Eligs(s) - EligK(s)) N Eyo~(s) ~ O. So there exists (r E E such that a E
SlAsH(s) - EligK(s) and ~ E Efor(S) C_ Eact. Since K E C(H), ~ E Emb(S). Thus
Emb(S) n E$o~(s) ~ O. which contradicts the definition of forcible events Eyor(s). Hence
EIigH(s) N Eros(s) = 0 as claimed.
Since H E C(F), EligF(s) n (Eu~(s) U {tick}) C_EligH(s). Hence we have

EligF(s) n (E~c(s) U {tick}) c SlAsH(s) n ( E ~ ( s ) U {tick}) C EligK(s)

Case (ii) EligK(s) n Eyo~(s) # O: Since K E C(H), EIigH(s) n E~nc(s) C EligK(s).
Since K C_H, EligK(s) C EligH(s). Thus EligH(s) N E for(s) ¢ O. Since H E C(F),
EligF(s) n E~nc(s) C EligH(s). Thus we have
EligF(s) n E~c(s) C EligH(s) n E ~ ( s ) C_EligK(s)
Therefore K E C(F). •

Proof of Proposition 2: For H E T~L, from the definition of controllable languages in

(3) we have0, H E C(H) and K E C(H) ." ;. K E C(H). B y L e m m a 3 a n d 4 a n d
Proposition 1 we have that C is a control structure with respect to 7~L. •
HIERARCHICAL CONTROL OF TIMED DISCRETE-EVENT SYSTEMS 289

Thus the time control technology does induce a control structure with respect to ~r2~L; in
fact, it induces a standard, locally definable control structure (Wong 1994) with respect to
the following subclass of proper time behaviours,

?Z~ := {H E 7~L I(V~ e H ) Eyor(S) n EligL(S) ¢ 0

Efor(S) N EligH(s ) ¢ O}

Within this subclass, the forcing mechanism is also inherited. The class of standard, locally
definable control structures (Wong 1994) is a proper subclass of control structures, to which
we can naturally associate a "control technology", namely a specification of which sets of
events can be selected to extend a given string. The languages 0 and L are in ~), trivially.
This subclass of proper time behaviours is also closed under control as stated in Proposition
3.
PROPOSITION 3 Under the same assumptions as in Proposition 2, -C(H) C_ 7Z~Lfor
H ET4ti .
Proof: Let H E 7 ~ . We only need to show that C(H) - {0} C n~L. Let H E n ~
and K E C ( H ) - {0}. S i n c e ~ C_ 74L, H E 74L. Thus K E 7~L by Proposition
1. L e t s E K s u c h t h a t E f o r ( s ) N E l i g L ( s ) 7~ O. S i n c e H E ~ a n d s E K C H,
E for(s) n EligH(s) ~: O. Also since E/or(S) N Zhib(s) = O, EligK(s) C_ EligH(s), and
K is controllable in H, EligK(s) N Efor(S) 7£ O. Thus [ ( E 7"~. •

It is easy to see that 7 ~ is also closed under union. We show in Wong (1994) that C is
standard and locally definable with respect to ~ ; . For s E L, define

Zc(8 ) = { 7)(~hib(8)) ifZfor(S) n EligL(s) = 0

7)(2hib(S) U {tick}) otherwise

The map Ec, hence the time control technology, can be viewed as a control technology in
the sense we defined in Wong (1994).

Now we turn to the general situation. Taking a cue from the results above, we introduce
a general notion of time control structures. Let L E T~., i.e., L is a time behaviour, and
C : Tc ~ P2(L) be a map. Let ~ L be an arbitrary subset of Tr with the property that it
is closed under unions. Then the map d is a time control structure with respect to 7~z if C
is a control structure on 7ZL and

-C(H) C n L

for H E 7Zc. Thus a time control structure is a control structure with the additional property
that the class 7~L is invariant under control; as a consequence control never stops the clock.

4. Hierarchical control of TDES

Now we are in position to consider hierarchical control of TDES. Let Eact and Tact be
the alphabets representing respectively the activity events of a low-level system Glo and a
290 K.C. WONG AND W.M. WONHAM

high-level system Ghi as in Figure 1. Let tickto q{ Eact and tickhi ~ Tact be the events
representing respectively the ticking of the low-level and high-level clocks. Let

Let L E Tz. - {t3}, i.e., L is a nonempty time behaviour, modelling the closed behaviour
of the low-level system. To represent the information channel from the low-level system to
the high-level system, infloh i in Figure 1, we postulate a map 0 : L > T*, called time
prefix-preserving, with the following properties:

0 o pre = pre o O, O(TL) = TM

where M : = O(L). We note that M = O(L) E O(TL) = TM; hence M is a time behaviour,
representing the closed behaviour of the high-level system. Thus a time prefix-preserving
map is a prefix-preserving map which also preserves time behaviours. To have a more
concrete description of time prefix-preserving maps, we give the following characterization
of the property O(TL ) = TM.
PROPOSITION 4 Let 0 be a prefix-preserving map on a nonempty time behaviour L, and
let Pto and Phi be the natural projections which erase all the event labels except the event
ticklo and tickm respectively. Then
= TM
~=~ (VH E M L ) p m O ( H ) = tick;~ and.hdM C_ 0(34c)

Proof: ( ~ ) From the hypothesis we have that M = O(L) is a time behaviour. We now
show O(TL) :
(C_) Let N E O(Tc). It is sufficient to consider the case in which N is nonempty. There
exists H E TL such that N = O(H). Let R E .MN.
Claim: IRI = c¢.
Suppose otherwise, i.e., IR[ < c¢. Then let t = max(R). Since R C_ N = 0(H), there
exists s E H such that t = O(s). Hence there exists H ~ E AAH such that s E H q Since H
and L are time behaviours and H C_ L, H ' E AlL. Hence by hypothesis

phiO( H ~) = tick*m (6)

Since H ~ C H, O(H ~) C_ O(H) = N. Since 0 is prefix-preserving and H ~is a prefix-closed

chain, so is O(H'). It follows that R = 7 = O(s) = O('g) C O(H') with strict inclusion
because of (6). Thus R ~ .MN, a contradiction. Hence tRI = o,z after all. This proves the
claim.
Since N C M , R E /:M- But IRI = oc. Thus R E .A/~Mby Lemma 1. Since
.A'~MC 0(ML), there exists F C 3all such that R = O(F). Then we have
= ph 0(F) = ick;.

Therefore N is also a time behaviour.

(D) Let N E TM - {13} and R E AAN. Since N and M are time behaviours, R C .MM.
Since AdM C_ 0(A//L), there exists F E AdL such that R = O(F). Let
HIERARCHICAL C O N T R O L OF T I M E D D I S C R E T E - E V E N T SYSTEMS 291

H := U { F E filL ] R = O(F) for some R E f i l N }

We have O(H) = N and by Lemma 2 H E TL since each element in filL is itself a time
behaviour in L. Therefore TM C_ O(TL).
( = : * ) We observe that M = O(L) E O(TL) = TM, i.e., M is a time behaviour. Let
H E filL. Then since L is a time behaviour, pro(H) = tiCk[o. We note that f i l H = {H}.
Thus H E TL. Hence O(H) E O(TL) = TM. Observe that filO(H) = {0(H)}. Thus
pmO(H) = tick~.
Let N E filM- Since M is a time behaviour, so is N. Thus N E TM = O(TL). So there
exists H E TL such that O(H) = N. Let H ~ E filH. Thus H ' E JVIL since H and L
are time behaviours and H C_ L. By the above argument, we have pmO(H ~) = tick~i.
Thus O(H') E filM. Also we have O(H') C_ O(H) = N . Hence O(H') = N. Therefore
N ~ 0(filL). "

The first condition in the characterization ensures that every "run" of the low-level system
must be "vocalized" with tickm infinitely often, i.e., the timing information must be sent
up infinitely often; whereas the second condition requires that every maximal chain in the
high level must be the image of a maximal chain in the low level. It is well to note that in
general it need not be the case in which only strings ending with ticklo are vocalized with
tickhi; and no fixed period between the "vocal" nodes with tickm in a "run", i.e., no fixed
sampling period, is assumed. A time prefix-preserving map with fixed sampling period
n E 1N+ can be described as follows: 0 : L ~ T* with

0 o pre = pre o 0
M M C_ O(filD
tiCkhi if ~7 = tickzo and n divides Is tickzolt~Ck, o
~(~) = ~o if ~ = tick~o and n does not divide Is tiCk~oltick~o
7 or7"o if ~ ¢ tick~o

where -r E Tact, s E E*, cr E N, and scr E L. Here a~ is the corresponding tail map (Zhong
and Wonham 1990), ~-0 ¢ T is the silent transition symbol, and ]sItickto gives the number
of tickzo in s.

Now we consider control consistency in TDES. Let Czo : ~ L ~ 792 (L) be a time control
structure with respect to 7ZL. As in Wong and Wonham (1996) we assume the following
kernel condition

ker (0l~,~) _< ker (0 o Czo) (7)

If two proper time behaviours have the same image in the high level, so do their sets of
controllable sublanguages. We achieve this by appropriate design of T and 0.

? R O P O S I T I O N 5 Let L be a time behaviour, ~ L C_ TL be closed under union, and Cto

be a time control structure with respect to 7~L. Let 0 be a time prefix-preserving map
and M := O(L). Assume the condition in (7). Let Cm : O(7~L) ~ P 2 ( M ) such that
CmO(H ) = OC~o(H ), for H E ~ L, and TZM : = O(~ L ). Then Cm is a time control structure
with respect to 7~m.
292 K.C, WONG AND W.M. WONHAM

Proof: First we note that

n M = O(nL) C_ 0(72) = 7M

We show that J'~M is closed under unions. Let N1, N2 E 7~M = 0(~"~L)- Then there exist
H1,//2 c 7gL such that N1 = O(H1) and N½ = O(Hz). Thus

N1 U N2 = 0(H1) U O(H2) -= O(H1 U H2) E O(T~L) = 77~M

since ~ z is closed under unions. The extension of the argument to arbitrary unions is clear.
Next we show that Cm is a control structure.
(1)join closure: Let N E ~M. Then there exists J E 7"4z such that N = O(J). Hence

ch,( x ) = ch~o( J) = otto(J)

Let R~ E Cm(N) with ~ 6 A. Then for all c~ E A there exists H~ 6 Clo(J) such that
Ra = O(Hc~). Thus

U R,~= U O(H,~)=o( U H,~)

c~EA ~EA e~EA

Since Clo(J) is a complete upper semilattice, Uo~eAHo~ e Clo(J). Hence Uc~EARo~ E

Ore(N). Therefore Cm(N) is a complete upper semilattice.
(2) nontriviality: Let N E ~ M . Then there exists J E 7~L such that N = O(J). Hence
Chi( N) = ChiO(J) = Otto(J). Since 0, J E Qo( J), 0 = 0(0) E Chi( N) and N = O(J) E
din(N).
(3) prefix closure: Let N E 7"4M. There exists J E 7~L such that N = O(J). Hence
Cm(N) = CmO(J) = OCto(J). Let R E Cm(N). Then there exists H E Cto(J) such that
R = O(H). Thus

R = O(H) = O(H)

Since Cto is a control structure and H E CZo(J), -H E dto(J). Therefore R E Cm(N).

(4) inheritance: Let N, T E ~'~-M with N C_ T. Then there exist H r, jr E ~ r such that
N = O(H') and T = O(Jr). Let J = H ' U jr E ~C. Then

O(J) = O(H' U J') = O(H') U O(J') = N U T = T

Hence

Ch,(T) = C~,O( J) = OCzo(J)

Let R E Cm(T) A79(N). Since R E Cm(T), there exists K E Czo(J) such that R = O(K).
Since Cto is a time control structure, K E Cto(J) C_ ~L. Let H := K U H ' E 7~L. Clearly
H _C K U J = J. Also

O(H) = O(K u H') = O(K) u O(H') = R U N = N

HIERARCHICALCONTROL OF TIMED DISCRETE-EVENT SYSTEMS 293

and

Cm(N) = CmO(H) = OCto(H)

Clearly K C_ H C_ J. So K E Clo(J) n P(H) C_Clo(H). Hence R E Cm(N).
Let N, T E T~M with N ECm (T) N UT. We only need to show

Ch,(N) c Ch~(T) n ~(N)

Let J E 7~L such that T = O(J). Thus Cm(T) = CmO(J) = OClo(J). So there exists
H c CZo(J) such that N = O(H). Also N = N = 0(H) = O(H). Since CZo is a control
structure and H E Clo(J), H E Clo(J). Since Cto is a time control structure, H E 7P,.L.
Hence

Czo(7i) c C~o(J) n p(-#)

D _ _

Let R E Chi(N) = CmO(H) = OClo(H). Then there exists K E Czo(H) such that R =
0(K). But K E Clo(-H) C Clo(J) N 7~(H). Thus K E CZo(J). So R = O(K) E Cm(Y).
Hence R E Chi(T) N 7)(N). Therefore Cm is a control structure on 7~M.
It only remains to check that

for R E T~M. Let R E 7~M = O(7~L). Then there exists H E "~L such that R = O(H).
Let N E Cm(R). Thus N E Cm(R) C Cm(R) = CmO(H) = OCto(H). Thus there exists
K E Czo(H) such that N = O(K). We note K c Czo(H) and X = N = O(K) = O(-K).
Since H E 7~L and Cto is a time control structure, we have
m

Cto(H) c_ r~L
Thus
m

N = O(K) E O(Cto(H)) C O(nL) = ~ M

Therefore Cm is a time control structure with respect to 7~M.

To digress, we can in fact achieve control consistency restricted to any X C 5rL with Czo
being a control structure with respect to X and X being closed under union, by establishing
ker (OIx) <_ker (0 o CZolX). In particular by establishing the appropriate kernel condition
we can achieve control consistency restricted to Cto(L), where Czo is a control structure
with respect to f L - In the present case, let

t~L:P(L) >Cto(L):H, ~U{JC_HtJEClo(L)}

,~.: ~(M) ~ Ch~(M) : N , ~ U { R c N IR e Ch~(M)} (S)
be the control operators. The maps are well defined because Clo and Cm are control
structures. Intuitively they represent the process of synthesizing the largest controllable
behaviour satisfying a given specification. Then hierarchical consistency is achieved in the
time setting, as stated in the following corollary.
294 K.c. WONG AND W.M. WONHAM

COROLLARY 1 Let t~L and ~M be definedas in (8), and 0 - I : P ( M ) --+ P( L ). Then

EM : O ° N L ° O - 1

Any synthesis t~M in the high level can be achieved by sending the specification down to
the low level by 0-1, synthesizing in the low level by nL, and summarizing and reporting
back to the high level by 0. As an illustration, consider again the train and gate example.

Example: We continue with the timed models of T r a i n and Gate given in Figure 3; their
concurrent behaviour L(TrainGate) = L(Train)IisL(Gate ) is represented by the au-
tomaton in Figure 5. Let L(TrainGate) be equipped with control as in Figure 8. In this
example we consider three different hierarchies with L(TrainGate) as the low-level sys-
tem behaviour.

We introduce a time prefix-preserving map on L(TrainGate). Given a prefix-preserving

map on a closed language L, we recall that the pair (L, 0) can be concretely represented
by a Moore automaton (Zhong and Wonham 1990). We remark that, to obtain the Moore
automaton representing (L, 0) from the automaton generating L, "state splitting" might
be necessary. For details we refer the reader to Zhong and Wonham (1990). Let 0 be a
prefix-preserving map on L(TrainGate) projecting out only timing information and be
given as in Figure 9, where h := ticklo and th := tickh~, and the silent transition symbol
~-o is not displayed. The entrance state of the event c~2 and/3 in Figure 5 is split into two
states in Figure 9 as strings ending with c~2 and/3 as vocalized with different high-level
symbols. The activity events are relabelled by 0: (Yl is relabelled as "q; ~2 as ~-2; i3 as T3;
5 as ~'4. The high-level event ~1 signals the train's approaching; ~-2 the train's entrance into
the crossing; ~'a the lowering of the gate; 74 the raising of the gate and the exiting of the
train from the crossing.

Since the event/3 is forcible at the state q in Figure 9, the system to the left of the dotted
line (let H be the closed language which generates) is controllable. Let 7~L := Czo(L) =
{0, H, L}. Clearly T4L is a subset of the time behaviours in L and is closed under unions.
Also the map Clo assigning {0} to 0, {9, H } to H, and {13,H, L} to L is a control structure
with :respect to 7~c. By inspection, 0 is time prefix-preserving and satisfies the kernel
condition, when restricted to 7-4c. Thus control consistency for 74c is achieved, and the
corresponding high-level system is as given in Figure 10, in which the system to the left
of the dotted line is controllable in the high level as induced through control consistency.
Hence "ra at qt is forcible. Thus for the operator in the high level, the gate will be forced
down if it is not yet down after the train has been approaching for one tick of the clock. In the
low level, the system is at q. To implement the command from the high level,/3 is forced at q.

As pointed out earlier, our time prefix-preserving map in general assumes no fixed sam-
pling period. In this example, the important timing information is the number of ticks we
can wait before bringing the gate down, while still maintaining safety. However, once the
gate is down, there is no need to keep track of the ticks for the task at hand. Our first
hierarchy for this train and gate example reflects this view. In other words we focus on the
HIERARCHICAL CONTROL OF TIMED D I S C R E T E - E V E N T SYSTEMS 295

tt q
I

tl

tz

0:2
tt I tt 1 tt

Ot2

t~

tt

Figure 9. A Moore automaton representing the pair (L(TrainGate), 0).

th
( ) q!
7"1

r4
th

th

Figure 10. The high-level system, O(L(TrainGate) ).

296 K.C. W O N G AND W.M, WONHAM

important timing information and constraint only when it is necessary for the task at hand;
otherwise we let the lower level process do the routine bookkeeping of time. This agrees
with our general decision-making practice.

Now suppose the timing information sent up becomes coarser, i.e., the state q is no longer
vocalized, as shown in Figure 11. In this case, 73 is forcible right after the train moves into
the approaching state. The gate will be forced down when the train starts approaching since,
if not, the next clock tick will bring the system into a dangerous state, i.e., the train can cross
before the gate comes down. Now in the low level, the train just moves into the approaching
state and the command from the high level, to lower the gate at this point, made without the
benefit of the detailed timing information, seems conservative. This simply captures the
intuition that one must act more conservatively when given less information. To implement
this command, the gate is forced down after two ticks of the clock if it is not down already.

To aggregate one step further, suppose no timing information is sent up as displayed in

Figure 12. Now ~-2 becomes a prohibitible event after the train moves into the approaching
state. With no timing information at all, the only way to ensure the gate is lowered before the
train moves into the crossing is to stop the train until the gate is lowered. However, in the low
level, with the benefit of the timing information, there is no need to stop the train, i.e., forcing
the gate down at q is sufficient to guarantee that the high level specification is satisfied.
[]

It is apparent from this example that the control status (i.e., prohibitible and forcible prop-
erties) of events need not be preserved between levels. The following example illustrates
this situation more clearly.
Example: Let (L,O) be given as in Figure 13. Here Emb(e) = {/3} and there is no
forcible event. Thus the language c~t~' is controllable. It is clear that 0 is a time prefix-
preserving map and control consistency for 7~c(:= C(L)) is achieved. Then in the high
level the language ~-t~ is also controllable; hence 7- becomes forcible, i.e., Trot(e) = {7-}.
Consider the reverse situation. Let (L, 0) be given as in Figure 14. Here E]or(e) = {c~}
and there is no prohibitible event. Thus the language cd~" is controllable. Again 0 is a
time prefix-preserving map and control consistency is achieved for ~ c := C(L). The
corresponding controllable language in the high level is 7-1t~; hence Tmb(C) = {T}.
[]

5. Conclusions

In this paper, we have developed a control theory for a class of discrete time TDES in the style
of RW theory and Brandin and Wonham (1994), and shown that our time control technology
induces a control structure, specifically a time control structure. On this basis a hierarchical
control theory is developed; and, provided the information channel (mapping) preserves
history, time behaviours, and time control structures, we establish the central property of
hierarchical consistency. Among possible directions for future research, we could consider
the finer notion of hierarchical consistency in which the nonblocking property is preserved
HIERARCHICAL CONTROL OF TIMED D I S C R E T E - E V E N T SYSTEMS 297

I
q !
I
!

I I '
! tl
I

i I
I
!
'! I
i ' ~2
tl I tt I tt

~ ' /-
( t, ~,

( ),
?
~\ ",,, ) \

t~

Figure 11. The train and gate hierarchy with coarser timing information in the high level.
298 K.C. W O N G AND W.M. W O N H A M

St
!

/3

St

O~2 ¢v 2 f tt

St

th

~d
~t

)
th

Figure 12. The train and gate hierarchy with no timing information in the high level.
HIERARCHICAL CONTROL OF TIMED DISCRETE-EVENT SYSTEMS 299

( L , O) O(L)

'f'- - - - - --7

(
(

tl tt th
th

tZ tl th
L- .J L -.J

Figure 13. Prohibitible events in the low level induce forcible events in the high level.

( L , O) O(L)

t, I t th th

tt
() (
tt th th
k._ -I

tt

Figure 14. Forcible events in the low level induce prohibitible events in the high level.
300 K.C. WONG AND W.M, WONHAM

in the time setting, and also explore how to accommodate dense time. Finally, as infinite
strings are implicit here, the development might benefit from a more explicit formulation
in the setting of infinite strings, as in Thistle (1991).

Appendix
Brandin's Timed Discrete-Event Systems

In this appendix, we recall the control theory of timed discrete-event systems (TDES)
introduced in Brandin and Wonham (1994) and show that in general the class of TDES there
and its timing semantics (i.e., that of Ostroff (1990)) are not closed under control (at least
the control proposed in Brandin and Wonham (1994)). Through examples we also show
that the time control technology in Brandin and Wonham (1994) does not induce a control
structure in our sense. In order to rectify this situation we bring in a suitable refinement
of the time control technology in Brandin and Wonham (1994). Finally we show that in
Brandin and Wonham (1994) time has a more local meaning when compared to our setting.

Following Brandin and Wonham (1994), let ~ = ~spe 0 2 ~ m 0 {tick} = 2 ~ t 0

{tick}, where ~sp¢ is a set of prospective events (events with finite upper time bounds),
Z~¢m is a set of remote events (events with infinite upper time bounds), and tick represents
the tick of a global digital clock; and let G be a TDES as defined in Brandin and Wonham
(1994) with L(G) C_ ~*. In Brandin and Wonham (1994) the control technology is intro-
duced as follows: let ~hib ~ ~rem be the set of prohibitible events (i.e., events that can
be prevented from occurring by an external agent) and ~fo,~ c 2~ct be the set of forcible
events (i.e., events that can preempt a tick of the clock). In Brandin and Wonham (1994)
there is no particular relation postulated a priori between E;fo~ and any of ~hib, ~rerrt or
~spe. In particular an event in ~rem might be both forcible and prohibitible. Define the
set of uncontrollable events ~unc := 2act - 2hib ---- ~spe U (Zrerr~ -- ~hib) and the set of
controllable events Neon := E - Eunc = Eh~b U {tick}. Let s E L(G). Write

Etiga(s) := {(7 ¢ N Is(7 ¢ L(G)}

Here Eliga(s ) is the set of "eligible" events in G. Let K C_ L(G). Write

Ezig (s) := e Z e K}, e r:

Then K is controllable (with respect to G) (Brandin and Wonham 1994) if, for all s E K,

Eliga(s) N (N~,nc U {tick}) ifEligK(S) N ~for = 0

EligK (s) ~_ Eligc(s) n ~,,nc if EligK (s) O Nfo,. ¢ 0

Let L be the behaviour of a TDES G. Then it can be verified that !3 and L are controllable
with respect to G, and the class of controllable sublanguages of L is a complete upper
semilattice. Thus this control technology defines a unique control operator. Now we
examine whether this control technology is a control structure in our sense. But first we
note that the class of TDES is not closed under the control operator defined by the above
control technology as shown by the following two examples.
HIERARCHICAL C O N T R O L OF TIMED D I S C R E T E - E V E N T SYSTEMS 301

Example: Let

Gact = (E~ct , A, ~act, ao, An)

with

E ~ t = {a}, A : {0,1,2}, ao : 0,

A n = {2}, 6 ~ t ( a , 0 ) : 1, 6 ~ t ( a , 1) : 2

and the timed event (a, 0, 1). The activity transition graph (ATG) of Gact and the timed
transition graph (TYG) of the corresponding TDES G are displayed in Figure A. 1. We

ATG TTG <~ . . . . . . . . . . ]

( o
C~

( 1
I
C~ ick '
i
J
2
tiUI ~

Og °6 tick
tick
5'
tick
i
I
I
t
i
I
L_ .3

tick

Figure A. 1. An example of TDES not closed under control.

further assume that E/o~ = {a}. Then the language indicated by the dotted-line box is a
controllable language, But it is not the behaviour of any TDES since the time bounds for
the first a are different from that of the second. Hence the class of TDES is not closed
under control. []

Example: Let

Gact = ( E a a , A, ~act, ao, A m )

with
302 K.C. WONG AND W.M. WONHAM

E~ct = {o!}, A = {0, 1}, ao = O,

Am = {1}, 5act(oh 0) = 1

and the timed event (a, 0, oc). The ATG of G~ct and the TTG of the corresponding TDES
G are as displayed in Figure A.2. Also we assume that Emb = {c@ Then the language

ATG 0
C~
zz (.~ ,, ~_ I
1

51
ff /U\ ff ,~.~, ",tick l
r"
O (ff~ ,0" ' % , tick
1
JI tick
I
L .... .J

Figure A.2. Another example of TDES not closed under control.

indicated by the dotted-line box is a controllable language. But it is not the behaviour of
any" TDES since c~ is neither a prospective event nor a remote event. Again we see that the
class of TDES is not closed under control. Furthermore, the timing semantics of Brandin
and Wonham (1994)(i.e., that of Ostroff (1990)) is no longer applicable to the resultant
controllable language since c~ is not forced to occur before the first tick. In other words, the
timing semantics in Brandin and Wonham (1994)(hence also in Ostroff (1990)) is not closed
under control (at least the control proposed in Brandin and Wonham (1994)). Intuitively,
the "window of opportunity" for o~ is (0, 0), i.e., c~ can occur before the first tick but it is
not forced to. If a tick has occurred before an ct, then the window of opportunity for c~
has been missed and c~ can never happen again. The resultant behaviour certainly captures
some physically realistic situations such as the timing constraint of catching a flight:
[]

Thus it does not make sense to consider the controllable sublanguages of H where H c C(L)
with L being the behaviour of a TDES since H might not be the behaviour of any TDES.
However, even if H is the behaviour of a TDES, there might still be problems in showing
HIERARCHICALCONTROL OF TIMED DISCRETE-EVENT SYSTEMS 303

that this control technology induces a control structure in our sense, as shown by the next
example.

Example: Let

Gact = (East, A, 5~t, ao, An)

with

E ~ t = {c~,/3}, A = {0, 1,2}, ao = 0,

A n = {1,2}, 5~t(c~,0) = 1, 5act(C7,0) = 2

and timed events (c~, 0, oc) and (/3, 0, oo), both remote. The ATG of G~ct is given in Figure
A.3. We construct the corresponding TDES G with its TI'G as displayed in'Figure A.4.

t0
1 i / ~ @ 2

FigureA.3. Activitytransitiongraphof Gact.

We further assume that E for = {c~} and Emb = {c@ Then H := {e,c~tiek*,13tick*} is
controllable since c~ E E/or, i.e., H E C(L(G)). It is clear that H is the behaviour of some
TDES, thus C(H) is well defined. Within H, K := {e, f3tick*} is also controllable since
E Ehib, i.e., K C C(H). However, K is not controllable in L(G), i.e., K ~ d(L(G)).
This situation violates the inheritance axiom in the definition of control structure; hence the
TDES control technology does not induce a control structure in our sense. []

A closer examination reveals the following ambiguity: once the event c~ is forced (to make
H controllable in L(G)), both c~ and ,L/become prospective (in H). Hence ct should not
be prohibitible with respect to H. However, the original definition makes no provision for
relativizing the control status of an event. Thus c~ is still assumed to be prohibitible, hence
the counterexample. In our setting, we avoid this difficulty by assuming that an event cannot
be both prohibitible and forcible. Indeed, with this additional restriction we can show that
the refined control technology does induce a control structure.

We conclude this appendix by considering the next example which suggests that time has
"a more local meaning in Brandin and Wonham (t994) with respect to composition.
304 K,C. WONG AND W.M. WONHAM

or

tick tick
tzck

oyeZ' tick tick

'
Figure A.4. Timed transition graph of G.

L1
~0 0 ~ ~0 "Y -~D
~S
L2
~0

Figure A.5. Time composition in TDES.

HIERARCHICAL CONTROL OF TIMED DISCRETE-EVENT SYSTEMS 305

Exampie: Let L1 and Lz be the behaviours of two ATG given as in Figure A.5, for which
the time bounds are

c~[1, 1], ~[t, 1], 2/[1, 1]

Then the composition of L1 and L2 is the same as L1 (Brandin and Wonham 1994). Now
we see that the composition of L1 and L2 cannot be clone within a single global time
frame since 7 will occur at two clock ticks in the time frame of L2; whereas in L1 "7
occurs at r~ + 2 clock ticks with r~ > 1. Hence time has only local meaning here.
[]

References

B. A. Brandin. Real-Time Supervisory Control of Automated Manu/acturing Systems. Ph.D. thesis, Department
of Electrical Engineering, University of Toronto, 1993, Also appears as Technical Report 9302, Systems Control
Group, Department of Electrical Engineering, University of Toronto, February, 1993.
B. A. Brandin and W. M. Wonharn. Supervisory control of timed discrete-event systems. IEEE Transactions on
Automatic Control, 39(2):329-342, 1994.
R. Cieslak, C. Desclaux, A. S. Fawaz, and R Varaiya. Supervisory control of discrete-event processes with partial
observations, 1EEE Transactions on Automatic Control, 33(3):249-260, March 1988.
K. Inan. An algebraic approach to supervisory control. Mathematics of Control, Signals, and Systems, 5: t51-164,
t992.
F. Lin and W. M. Wonham. Decentralized supervisory control of discrete-event systems. Information Sciences,
44:199-224, 1988.
J. S. Ostroff. Deciding properties of timed transition models. IEEE Trans. on Parallel and Distributed Systems,
1(2):170-183, April 1990.
P. J. Ramadge. Control and Supervision of Discrete Event Processes. Ph.D. thesis, Department of Electrical
Engineering, University of Toronto, 1983.
P. J. Ramadge and W. M. Wonham. Supervision of discrete event processes. In Proc. of 21st Conf. on Decision
and Control, pages 1228-1229, 1982.
R J. Rarnadge and W. M. Wonham. Modular feedback logic for discrete event systems. SIAM J. Control and
Optimization, 25(5):1202-I218, 1987.
R L Ramadge and W. M. Wonham. The control of discrete event systems. Proc. 1EEE, Special Issue on Discrete
Event Dynamic Systems, 77(1):81-98, January 1989.
K. Rudie and W. M. Wonham. Think globally, act locally: decentralized supervisory control. IEEE Transactions
on Automatic Control, 37(11): 1692-1708, 1992.
J. G. Thistle. Control of Infinite Behaviour of Discrete-Event Systems. Ph.D. thesis, Department of Electrical
Engineering, University of Toronto, 1991, Also appears as Technical Report 9012, Systems Control Group,
Department of Electrical Engineering, University of Toronto, January, 1991.
Y. Willner and M. Heymann. On supervisory control of concurrent discrete-event systems. Technical Report
9009, Computer Science Department, Israel Institute of Technology, Technion, 1990.
K, C. Wong. Discrete-Event Control Architecture: An Algebraic Approach. Ph.D. thesis, Department of
Electrical Engineering, University of Toronto, t 994, Also appears as Technical Report 9407, Systems Control
Group, Department of Electrical Engineering, University of Toronto, July, 1994.
K. C. Wong and W. M. Wonham. Hierarchical control of discrete-event systems. Discrete Event Dynamic
Systems: Theory and Applications, 6:241-273, 1996.
K. C. Wong and W. M. Wonham. Hierarchica! and modular control of discrete-event systems. In Proc. of
Thirtieth Annual AIlerton Conference on Communication, Control, and Computing, pages 614-623, Monticello,
~Ilinois, September-October 1992.
K. C. Wong and W. M. Wonbam. Hierarchical control of timed discrete-event systems. In Proc. of Second
European Control Conference, pages 50%512, Groningen, The Netherlands, lune-July 1993.
306 K.C, WONG AND W.M. WONHAM

W. M. Wonham. Towards an abstract imernal model principle, tEEE Transactions on Systems, Man, and
Cybernetics, SMC-6(11):735-740, November 1976.
W. M. Wonham and P. J. Ramadge. Modular supervisory control of discrete event systems. Mathematics of
Control, Signal and Systems, l(1): 13-30, 1988.
H. Zhong. Hierarchical control of discrete-event systems. Ph.D. thesis, Department of Electrical Engineering,
University of Toronto, 1992, Also appears as Technical Report 9208, Systems Control Group, Department of
Electrical Engineering, University of Toronto, July, 1992.
H. Zhong and W. M. Wonham. On the consistency of hierarchical supervision in discrete-event systems. IEEE
Transactions on Automatic Control, 35(10):1125-1134, October 1990.

View publication stats