Mark Lawford

Hierarchical interface-based supervisory control-part II: parallel case

In this paper, we present a hierarchical method that decomposes a system into two subsystems, and restricts the interaction of the subsystems by means of an interface. We present definitions for two types of interfaces [represented as discrete-event systems (DESs)], and define a set of interface consistency properties that can be used to verify if a DES is nonblocking and controllable. Each clause of the definitions can be verified using only one of the two subsystems; thus, the complete system model never needs to be constructed, offering potentially significant savings in computational effort. Additionally, the development of clean interfaces facilitates reuse of the component subsystems. Finally, we examine a simple example to illustrate the method.

Making the Case for Electrified Transportation

In order to achieve lower fuel consumption and less greenhouse gas (GHG) emissions, we need higher efficiency vehicles with improved performance. Electrification is the most promising solution to enable a more sustainable and environmentally friendly transportation system. Electrified transportation vision includes utilizing more electrical energy to power traction and nontraction loads in the vehicle. In electrified powertrain applications, the efficiency of the electrical path, and the power and energy density of the components play important roles to improve the electric range of the vehicle to run the engine close to its peak efficiency point and to maintain lower energy consumption with less emissions. In general, the electrified powertrain architecture, design and control of the powertrain components, and software development are coupled to facilitate an efficient, high-performance, and reliable powertrain. In this paper, enabling technologies and solutions for the electrified transportation are discussed in terms of power electronics, electric machines, electrified powertrain architectures, energy storage systems (ESSs), and controls and software.

Lessons Learned from a Successful Implementation of Formal Methods in an Industrial Project

This paper describes the lessons we learned over a thirteen year period while helping to develop the shutdown systems for the nuclear generating station at Darlington, Ontario, Canada. We begin with a brief description of the project and then show how we modified processes and notations developed in the academic community so that they are acceptable for use in industry. We highlight some of the topics that proved to be particularly challenging and that would benefit from more in-depth study without the pressure of project deadlines.

Hierarchical interface-based supervisory control of a flexible manufacturing system

Flexible manufacturing systems have long been touted as an application area for supervisory control theory. Unfortunately, due to the typical exponential growth of state space with the number of interacting subsystems, concurrent systems such as manufacturing applications have, for the most part, remained beyond the reach of existing supervisory control theory tools. This paper demonstrates how, by imposing a hierarchical, modular, interface-based architecture on the system, significant gains can be made in the size of applications that can be handled by supervisory control theory. We first review hierarchical interface-based supervisory control, providing the theory necessary to motivate the creation of well-defined automata-based interfaces between components. This architecture permits the verification of global safety (controllability) and nonblocking properties to be decomposed into a set of local checks, each of which only involves an individual component subsystem and its interface automata. The paper then provides a detailed description of how the theory can be applied to the design and verification of a flexible manufacturing system work cell. The work cell model is based on the Atelier Intere/spl acute/tablissement de Productique flexible manufacturing workcell, a system that has been previously studied in the literature with limited success.

Supervisory control of probabilistic discrete event systems

In this paper the Supervisory Control Problem (SCP) for discrete event systems (DES) is generalized to a class of probabilistic discrete event systems (PDES). Necessary and sufficient conditions for the existence of a solution to the probabilistic SCP for a class of nonterminating PDES are developed. Methods of representing probabilistic supervisors for PDES are described and the computation of supervisors is briefly discussed. Finally, we discuss how the results may be extended to terminating probabilistic languages.<<ETX>>

Software certification: is there a case against safety cases?

Safety cases have become popular, even mandated, in a number of jurisdictions that develop products that have to be safe. Prior to their use in software certification, safety cases were already in use in domains like aviation, military applications, and the nuclear industry. Argument based methodologies/approaches have recently become the cornerstone for structuring justification and evidence to support safety claims. We believe that the safety case methodology is useful for the software certification domain, but needs to be tailored, more clearly defined, and more appropriately structured in analogy with regulatory regimes in classical engineering disciplines. This paper presents a number of reasons as to why current approaches to safety cases do not satisfy essential attributes for an effective software certification process and proposes improvements based on lessons learned from other engineering disciplines. In particular, the safety case approach lacks the highly prescriptive and domain specific nature that can be seen in other engineering specialities, in terms of engineering and analysis methods to be applied in generating the relevant evidence. Safety case approaches and corresponding methods should aim to achieve the levels of precision and effectiveness of engineering methods underpinning regulatory regimes in other engineering disciplines.

Probabilistic Supervisory Control of Probabilistic Discrete Event Systems

This paper considers supervisory control of probabilistic discrete event systems (PDESs). PDESs are modeled as generators of probabilistic languages. The supervisory control problem considered is to find, if possible, a supervisor under whose control the behavior of a plant is identical to a given probabilistic specification. The probabilistic supervisors we employ are a generalization of the deterministic ones previously employed in the literature. At any state, the supervisor enables/disables events with certain probabilities. Necessary and sufficient conditions for the existence of such a supervisor, and an algorithm for its computation are presented.

Hierarchical interface-based supervisory control: serial case

We present a hierarchical method that decomposes a system into two subsystems, and restricts the interaction of the subsystems by means of an interface. We present a definition for an interface, and define a set of interface consistency properties that can be used to verify if a discrete-event system is nonblocking and controllable. Each clause of the definition can be verified using only one of the two subsystems; thus the complete system model never needs to be constructed, offering significant savings in computational effort. Additionally, the development of clean interfaces facilitates re-use of the component subsystems.

Practical Application of Functional and Relational Methods for the Specification and Verification of Safety Critical Software

In this paper we describe how a functional version of the 4-variable model can be decomposed to improve its practical application to industrial software verification problems. An example is then used to illustrate the limitations of the functional model and motivate a modest extension of the 4-variable model to an 8-variable relational model. The 8-variable model is designed to allow the system requirements to be specified as functions with input and output tolerance relations, as is typically done in practice. The goal is to create a relational method of specification and verification that models engineering intuition and hence is easy to use and understand.

Software tools for safety-critical software development

We briefly present a software methodology for safety-critical software, developed over many years to cope with industrial safety-critical applications in the Canadian nuclear industry. Following this we present discussion on software tools that have been used to support this methodology, and software tools that could be used, but have not been used for a variety of reasons. Based on our experience, we also present and motivate a list of high-level requirements for tools that would facilitate the development of safety-critical software using the presented methods, together with a small number of tools that we believe are worth developing in the future.