Presentation is loading. Please wait.

Presentation is loading. Please wait.

Liveness-Enforcing Supervision of Sequential Resource Allocation Systems Spyros Reveliotis School of Industrial & Systems Eng. Georgia Institute of Technology.

Published byMiles Hawkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Liveness-Enforcing Supervision of Sequential Resource Allocation Systems Spyros Reveliotis School of Industrial & Systems Eng. Georgia Institute of Technology."— Presentation transcript:

1 Liveness-Enforcing Supervision of Sequential Resource Allocation Systems Spyros Reveliotis School of Industrial & Systems Eng. Georgia Institute of Technology

2 Talk Outline Problem motivation and the abstraction of the Resource Allocation System (RAS) Formal characterization of the considered problem, its optimal solution, and the involved complexity The current State of Art – Special RAS structure admitting optimal liveness- enforcing supervision of polynomial complexity w.r.t. the RAS size – Suboptimal, polynomial-complexity liveness-enforcing supervisors for many of the remaining cases – A generic methodology for verification and design of efficient suboptimal liveness-enforcing supervisors

3 A motivational example: Part flow control in an FMS R3R3 R2R2 R1R1 J 1 : R 1  R 2  R 3 J 2 : R 3  R 2  R 1

4 Another example: Traffic Management in an AGV System

5 The current state of art: Dealing with the considered problem in the 300mm FAB

6 A Transportation example

7 Internet-based business workflow management

8 A modeling abstraction: Sequential Resource Allocation Systems (RAS) A set of (re-usable) resource types R = {R i, i = 1,...,m}. Finite capacity C i for each resource type R i. a set of job types J = {J j, j = 1,...,n}. An (partially) ordered set of job stages for each job type, {p jk, k = 1,..., j }. A resource requirements vector for each job stage p, a p [i], i = 1,...,m. Jobs release their currently held resources only upon allocation of the resources requested for their next stage Sequential RAS deadlock: A RAS state in which there exists a subset of jobs s.t. every job in this subset in order to proceed requires some resource(s) currently allocated to some other job in this subset.

9 Logical vs Performance Control of Sequential RAS Resource Allocation System Behavioral Correctness Efficiency

10 An Event-Driven RAS Control Scheme RAS Domain Logical Control System State Model Performance Control Configuration Data Feasible Actions Admissible Actions EventCommanded Action

11 The RAS Logical Control Problem: Characterization of the optimal solution and its complexity

12 q 0 q 16 12 J 21 J q 17 11 J 22 J q 1 11 J q 2 21 J q 3 12 J q 4 22 J q 15 11 J 21 J q 18 11 J 12 J 21 J q 19 11 J 21 J 22 J Finite State Automata (FSA)-based modeling of RAS behavior

13 Safe vs. Unsafe Region and the Optimal Logical Control Policy q 0 q 16 12 J 21 J q 17 11 J 22 J q 1 11 J q 2 21 J q 3 12 J q 4 22 J q 15 11 J 21 J q 18 11 J 12 J 21 J q 19 11 J 21 J 22 J q 6 13 J q 5 11 J 12 J q 7 23 J q 8 21 J 22 J q 9 11 J 13 J q 11 12 J 13 J q 11 J 12 J 13 J q 10 21 J 23 J q 12 22 J 23 J q 14 21 J 22 J 23 J

14 Complexity Considerations State Safety is an NP-complete problem in sequential RAS (by reduction of the 3SAT problem) State Transition Diagram (STD) size: where: C = max resource capacity Q = max number of stages supported by a resource m = number of resource types

15 Dealing with the non-polynomial complexity Special RAS structure admitting an optimal logical control policy of polynomial complexity w.r.t the RAS size Polynomial-Kernel (PK-) RAS logical control policies: Sub-optimal one-step- lookahead policies based on state properties that are polynomially verifiable, e.g., – RUN (Resource Upstream Neighborhood) – RO (Resource Ordering) – Banker’s algorithm An analytical framework for – interpreting the correctness of the above policies, and – enabling the “automatic” validation and synthesis of new members from this class of policies

16 Some Major Contributors and Research Groups in this Area The first attempts, primarily in the computer system context (60’s and 70’s) – Dijkstra, Havender, Habermann, Coffman, Holt – Gold, Araki, Sugiyama, Kasami, Okui The problem revival in the manufacturing context (late 80’s / early 90’s) – Banaszak & Krogh – Viswanadham, Narahari & Johnson – Wysk, Joshi & Smith The current DES-based community (mid-90’s to present) – Colom, Ezpeleta & Tricas – Xie & Jeng – Zhou and his colleagues – Fanti & her colleagues – Roszkowska – Hsieh – Reveliotis, Lawley, Ferreira, Park and Choi

17 A RAS taxonomy Structure of the process sequential logic Linear: each process is defined by a linear sequence of stages Disjunctive: A number of alternative process plans encoded by an acyclic digraph Merge-Split or Fork-Join: each process is a fork-join network Complex: a combination of the above behaviors Structure of the stage resource requirement vectors Single-unit: each stage requires a single unit from a single resource Single-type: each stage requires an arbitrary number of units, but all from a single resource Conjunctive: Arbitrary number of units from different resources

18 RAS admitting optimal logical control of polynomial complexity Type 1: The search for a process terminating sequence can be organized in a way that backtracking is not necessary: Process advancing events can be selected in such a manner that the resource slack capacity is increased monotonically – e.g., under “nested” resource allocation: resources are released by a process in a sequence that is reverse to that followed for their acquisition Type 2: Unsafety  Deadlock  deadlock is polynomially identifiable. This kind of results are available for sub-classes of DIS-SU-RAS only.

19 DC-RAS with “nested” resource allocation 1. Every process transition corresponds either to a pure allocation or a pure de-allocation. 2.Resources allocated as a block are also de-allocated as a block. The “scope” of each such allocation is defined by the processing stages that engage the corresponding resource block. 3.In each path of the process-defining graph that corresponds to a single realization of the process, the “scopes” of two different allocations are either disjoint or one contains the other – this is equivalent to the statement that resource blocks are de-allocated in reverse order of their allocation. R1R1 R 1 +R 2 A(R 1 )A(R 2 )A(R 3 ) R 1 +R 2 +R 3 D(R 3 )D(R 2 )D(R 1 ) R 1 +R 2 R1R1

20 A polynomial algorithm resolving safety in DC-RAS with nested allocations Given a state RAS state s, let: – δ i (s) be the slack capacity of resource R i at s, for all i; – S a (s) be the set of “active” processing stages at s; – be the resource allocation sequence for the resources occupied by a job instance executing proc. stage Ξ jk in S a (s); – Q := { A jk n(jk) | Ξ jk in S a (s) }. While Q is not empty: – Try to find an allocation A jk i in Q that is de-allocateable under the current slack capacities; – If no such allocation exists, declare s as unsafe and exit. – O.w., add the resources corresponding to A jk i to the slack vars δ i (s); remove A jk i from Q and, if i > 1, enter in Q the allocation A jk i-1. Declare state s safe and exit.

21 An Example Result of the 2nd Type Theorem 1: In a DIS-SU-RAS where every resource has at least two units of capacity, the optimal logical control policy is polynomially implementable (through one-step lookahead) Proof: We shall show that for this class of systems, – unsafety  deadlock, and – deadlock is polynomially identifiable.

22 A polynomial deadlock detection algorithm for DIS-SU RAS Given a state s of a DIS-SU RAS, – R := the entire set of the system resources; – DEADLOCK := FALSE; While ( R is not empty AND not DEADLOCK) – Try to identify a resource R in R s.t. R is not allocated to capacity in s or it contains a job requesting advancement to a resource not in R or out of the system. – If successful, R := R \{R} else DEADLOCK:=TRUE; Return DEADLOCK Algorithm complexity: O(| R | 2 C max )

23 Unsafety  Deadlock UNSAFE DEADLOCK RlRl RkRk RjRj The topological relationship of DEADLOCK and UNSAFE spaces / Deadlock-free unsafe states one step away from deadlock The absurdity of the existence of a deadlock-free unsafe state one step away from deadlock for the considered RAS class

24 An alternative mechanism for establishing UNSAFETY= DEADLOCK in various sub-classes of DIS-SU-RAS C=1 Potential Deadlock 1 Potential Deadlock 2 Potential Deadlock i Potential Deadlock n Basic structure of deadlock-free unsafe states one step away from deadlock in DIS-SU-RAS

25 Polynomial-Kernel Policies Search-based: Confine the system operation to those states from which there exists a terminating sequence that completes one process stage at a time. This sub-class of states are called ordered, and the resulting policy is the renowned (Dijkstra’s) Banker’s algorithm. Algebraic: Confine the system operation to those states s that satisfy an inequality of the type: A·s  b Remark: The system state s is a vector with its components indicating how many jobs execute each processing stage of the considered RAS

26 Example: The RUN (Resource Upstream Neighborhood) Policy for SU-RAS A partial resource reservation scheme based on a (partial) ordering of the resource set: A job instance executing on a resource reserves capacity on every downstream resource of order greater than or equal to the order of the currently held resource, unless there is an intermediate resource of higher order than the considered downstream resource. A  s  b R3R3 R2R2 R1R1 J 1 : R 1  R 2  R 3 J 2 : R 3  R 2  R 1 O(R 1 ) = 1, O(R 2 ) = 2, O(R 3 ) = 1

27 q 0 q 16 12 J 21 J q 17 11 J 22 J q 1 11 J q 2 21 J q 3 12 J q 4 22 J q 15 11 J 21 J q 18 11 J 12 J 21 J q 19 11 J 21 J 22 J q 6 13 J q 5 11 J 12 J q 7 23 J q 8 21 J 22 J q 9 11 J 13 J q 11 12 J 13 J q 11 J 12 J 13 J q 10 21 J 23 J q 12 22 J 23 J q 14 21 J 22 J 23 J Example: The Policy-Admissible Region

28 Proving RUN Correctness It suffices to show that for every policy-admissible state, other than the empty state, there is at least one loaded job that can advance. If there exists a job that needs to advance to a resource of order higher than or equal to the order of the currently held resource, then, this job does not enter a new resource neighborhood upon its advancement. Therefore, (i) it has already reserved capacity on the requested resource and (ii) it can advance without violating the policy. If every loaded job requests advancement to a resource of lower order than the order of the currently held resource, consider a minimal order resource containing jobs. Then, (i) the resource requested by any of these jobs has free capacity. Furthermore, (ii) any new neighborhoods entered by these jobs upon their advancement, are empty (since they must belong to even lower-order resources). Therefore, any of these jobs can advance without violating the policy.

29 Case 1 in the proof of RUN correctness RcRc RnRn RhRh NH(R h ) o(R c )  o(R n )  o(R i )  o(R h ) RiRi

30 Case 2 in the proof of RUN correctness R c is a minimum-order resource containing jobs Then,by case assumptions, o(R n ) < o(R c )  R n empty Also, for any resource R h such that st(R n )  NH(R h ) and o( R h )  o( R c ) : st(R n )  NH(R h )  st(R c )  NH(R h ) for any resource R l such that st(R n )  NH(R l ) and o(R l ) < o(R c ):  R i, R i  NH(R l )  o(R i )  o(R l ) < o(R c )  R i empty  NH(R l ) empty RcRc RnRn RlRl RhRh NH(R h ) NH(R l )

31 Automatic Correctness Verification of Algebraic PK Policies

32 Petri Net-based modeling of RAS P20 R3R3 R2R2 R1R1 J 1 : R 1  R 2  R 3 J 2 : R 3  R 2  R 1 O(R 1 ) = 1, O(R 2 ) = 2, O(R 3 ) = 1

33 Siphon-based characterization of RAS liveness: Single Unit-RAS S = {R1, R2, P12, P23} S* = {T10, T22, T11, T21, T12, T23} *S = {T11, T23, T12, T22} *S  S*

34 Siphon-based characterization of RAS liveness: Conjunctive RAS t 20 Generalizing empty siphon: Siphon S is deadly marked iff  t  *S, t is disabled by some p  S 2 3 p 10 t 10 t 11 p 11 r1r1 t 20 p 20 t 21 t 22 p 21 p 22 2 3 p 10 t 10 t 11 p 11 r1r1 p 20 t 21 t 22 p 21 p 22 Modified marking Resource- induced

35 A key result Theorem 2: Consider a process-resource net N where: I. every process subnet N i is – quasi-live for M 0 (p i0 ) = 1, – reversible for every initial marking M 0 (p i0 ), and – “acyclic”, i.e., strongly connected with every cycle containing p i0; II. Resources are re-usable, i.e., for every resource R k,  p-semiflow y Rk s.t. – y Rk (r k ) = 1, –  p  sup(R k ), y Rk (p) = # units of R k required for the execution of stage p, – y Rk (p) = 0, o.w. III. Each process sub-net when augmented with the required resource places is quasi-live (i.e., the process-resource net is “well-marked”). Then, 1.N is live iff ~  resource-induced deadly marked siphon in the modified reachability space. 2.Liveness  Reversibility 3.If N is PT-ordinary, liveness  ~  empty siphon in the reachability space.

36 Modeling an algebraic PK policy as a set of fictitious resources P10 P11 P12 P13 P21 P22 P23 P20 T10 T11 T12 T13 T20 T21 T22 T23 R1 R2 R3 W1 W2 W3

37 Computing the maximal empty siphon P12 P13 P21 P23 T10 T11 T12 T13 T20 T21 T22 T23 R1 R2 Remove Marked Places

38 Computing the maximal empty siphon (cont.) P12 P13 P23 T10 T11 T12 T13 T21 T22 T23 R1 R2 Remove enabled transitions and places that will be marked by their firing.; repeat. P12 P13 P21 P23 T10 T11 T12 T13 T20 T21 T22 T23 R1 R2

39 A sufficiency condition for non-existence of reachable empty siphons in structurally bounded Petri nets Theorem 3: A structurally bounded Petri net N=(P,T,F, M 0 ) has no reachable empty siphons if C(N) = |P|, where s.t.

40 Practical Implications Theorems 2 and 3 provide the basis for the development of verification tests for – RAS liveness and – algebraic PK policy correctness that take the form of a Mixed Integer Programming formulation with polynomial number of variables and constraints in terms of the size of the underlying RAS. Embedded in a search process, these tests can support the design of optimized algebraic PK policies – This is essentially a combinatorial optimization problem and constitutes ongoing research.

41 Some Additional Developments and Future Work An algebraic theory for interpreting the functionality of algebraic PK policies through siphon dependencies and the notion of “basic” / “elementary” siphons. A methodology for designing optimized (maximally permissive) algebraic PK policies through non-blocking supervisory control theory and the theory of regions for Petri net synthesis from their reachability space. A generalization of the concept of algebraic PK policy in order to encompass the potential nonlinearity of the maximally permissive supervisor, based on results from pattern recognition / classification theory, and extension of the correctness verification tests to these policies. Future work: Integrate the presented results on the RAS logical control problem with the time-based performance control / scheduling problems arising in these environments. The proposed framework: Markov Decision Processes and Approximate Dynamic Programming.

42 Thank You!

Download ppt "Liveness-Enforcing Supervision of Sequential Resource Allocation Systems Spyros Reveliotis School of Industrial & Systems Eng. Georgia Institute of Technology."

Similar presentations

Lecture 7. Network Flows We consider a network with directed edges. Every edge has a capacity. If there is an edge from i to j, there is an edge from.

Lecture 7. Network Flows We consider a network with directed edges. Every edge has a capacity. If there is an edge from i to j, there is an edge from.
On 1-soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and Lü Jian Department of Computer Science Nanjing University

On 1-soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and Lü Jian Department of Computer Science Nanjing University
ECE 667 Synthesis and Verification of Digital Circuits

ECE 667 Synthesis and Verification of Digital Circuits
1 Concurrency: Deadlock and Starvation Chapter 6.

1 Concurrency: Deadlock and Starvation Chapter 6.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Timed Automata.

Timed Automata.
26 September 2003U. Buy -- SEES 2003 Sidestepping verification complexity with supervisory control Ugo Buy Department of Computer Science Houshang Darabi.

26 September 2003U. Buy -- SEES 2003 Sidestepping verification complexity with supervisory control Ugo Buy Department of Computer Science Houshang Darabi.
1 EE5900 Advanced Embedded System For Smart Infrastructure Static Scheduling.

1 EE5900 Advanced Embedded System For Smart Infrastructure Static Scheduling.
Techniques for Dealing with Hard Problems Backtrack: –Systematically enumerates all potential solutions by continually trying to extend a partial solution.

Techniques for Dealing with Hard Problems Backtrack: –Systematically enumerates all potential solutions by continually trying to extend a partial solution.
The Theory of NP-Completeness

The Theory of NP-Completeness
1 NP-Complete Problems. 2 We discuss some hard problems:  how hard? (computational complexity)  what makes them hard?  any solutions? Definitions 

1 NP-Complete Problems. 2 We discuss some hard problems:  how hard? (computational complexity)  what makes them hard?  any solutions? Definitions 
Chapter 3 Petri nets Learning objectives : Introduce Petri nets

Chapter 3 Petri nets Learning objectives : Introduce Petri nets
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
Basic Feasible Solutions: Recap MS&E 211. WILL FOLLOW A CELEBRATED INTELLECTUAL TEACHING TRADITION.

Basic Feasible Solutions: Recap MS&E 211. WILL FOLLOW A CELEBRATED INTELLECTUAL TEACHING TRADITION.
1 Chapter 7 Network Flow Slides by Kevin Wayne. Copyright © 2005 Pearson-Addison Wesley. All rights reserved.

1 Chapter 7 Network Flow Slides by Kevin Wayne. Copyright © 2005 Pearson-Addison Wesley. All rights reserved.
Lectures on Network Flows

Lectures on Network Flows
Banker’s Algorithm Implementation in CPN Tools Michal Žarnay Department of Transportation Networks University of Žilina, Slovakia.

Banker’s Algorithm Implementation in CPN Tools Michal Žarnay Department of Transportation Networks University of Žilina, Slovakia.
1 Wednesday, June 28, 2006 Command, n.: Statement presented by a human and accepted by a computer in such a manner as to make the human feel that he is.

1 Wednesday, June 28, 2006 Command, n.: Statement presented by a human and accepted by a computer in such a manner as to make the human feel that he is.
The Theory of NP-Completeness

The Theory of NP-Completeness

Similar presentations

Ads by Google