1

Marking observer in labeled Petri netswith application to supervisory control

Maria Paola Cabasino, Christoforos N. Hadjicostis, and Carla Seatzu

Abstract—In this paper we consider the problem of markingestimation in labeled Petri nets whose initial marking is knownto belong to a given convex set, in the presence of silenttransitions (i.e., transitions labeled with the empty word) andindistinguishable transitions (i.e., transitions sharing the samelabel with other transitions). First, we demonstrate that all setsof markings consistent with a given sequence of observationscan be described in linear algebraic terms (as a union ofconvex sets); subsequently, this observation is used to construct(off-line) a marking observer under appropriate boundednessassumptions. Using the marking observer we show how to derive,at design time, a state feedback control law under the assumptionthat all transitions sharing a label can be enabled or disabledsimultaneously as a group; this way, the most burdensome partof the computations is performed off-line.Keywords: Labeled Petri nets, marking estimation, supervisorycontrol.

I. INTRODUCTION

The problem of designing a state estimator has been exten-sively investigated in the automatic control literature. The firstresults apply to time-driven systems and date back to the sixties[1], [2]. In the last decades this problem has also attracted theattention of many researchers in the discrete event systemsarea due to its importance in many application domains suchas manufacturing, communication networks and transportationsystems [3], [4], [5], [6], [7], [8], [9], [10]. A survey of themost important contributions in this area is provided in thefollowing section.

In this paper the main focus is on labeled Petri netssince they provide an efficient formalism to model manyrealistic applications [7], [9], [11], [12], [13]. We considera very general setting where we assume both uncertaintyin the initial marking and partial observation of the systemevolution. More specifically, certain transitions are silent, i.e.,

This work has been partially supported by Cyprus Research PromotionFoundation (CRPF) Framework Programme for Research, Technological De-velopment and Innovation 2009–2010 (CRPF’s FP 2009–2010), co-funded bythe Republic of Cyprus and the European Regional Development Fund, andspecifically under Grant TΠE/OPIZO/0609(BE)/08. This work has alsobeen partially supported by Region Sardinia who promoted a series of visitsof C.N. Hadjicostis in Cagliari in 2015-2016, under the Visiting ProfessorsProgram. Any opinions, findings, and conclusions or recommendations ex-pressed in this publication are those of the authors and do not necessarilyreflect the views of CRPF or Region Sardinia.

Maria Paola Cabasino and Carla Seatzu are with the Department ofElectrical and Electronic Engineering at the University of Cagliari, Italy. E-mail: cabasino, seatzu@diee.unica.it

C. N. Hadjicostis is with the Department of Electrical and ComputerEngineering at the University of Cyprus, Nicosia, Cyprus, and also withthe Department of Electrical and Computer Engineering at the Univer-sity of Illinois at Urbana-Champaign, Urbana, IL 61801, USA. E-mail:chadjic@ucy.ac.cy

their firing produces no output signal, while other transitionsare indistinguishable, i.e., the output signal they produce whilefiring is shared by other transitions that may be simultaneouslyenabled.

Then we focus on a second problem that has also beenextensively discussed in the literature due to its occurrence inmany practical situations [14], [15], namely that of controllinga discrete event system under partial state estimation. Again,labeled Petri nets are used as a modeling tool and the observerdesigned in the first part of the paper is used to compute theset of states in which the system can be, based on the currentobservation.

Note that we assume that both the set of possible initialmarkings and the set of states in which the system is forcedto evolve are convex sets. This assumption does not cover allpossible cases, but it is nevertheless interesting and applicableto many practical situations. What is perhaps more importantis that this assumption allows us to take advantage of the mainfeatures of Petri nets (in particular, the fact that the state is avector) and to represent interesting real problems (as witnessedby the huge amount of application papers published in the lastdecades that work under such a hypothesis [6], [7], [16]).

A more detailed description of the contributions of the paperis provided in the remainder of this section, while the positionof such contributions with respect to the state of the art isdiscussed in the next section.

The paper starts by establishing that, if the initial marking isknown to belong to a given convex set, then the set of markingsconsistent with any observation (sequence of labels), thoughgenerally not convex, is given by the union of a finite numberof convex sets. Under the assumption that the net is boundedfor all possible initial markings, we define an extended versionof the reachability graph that we call Extended ReachabilityGraph (ERG). The initial node of the ERG is associated withthe convex set describing the set of possible initial markings;subsequently, a different node is associated with each differentconvex set of markings that describes the set of markingsconsistent with a given sequence of transitions. Edges in theERG are labeled with transitions.

Starting from the ERG, we introduce the Marking Observer(MO), that is a deterministic automaton that allows us tocompute the set of markings in which the system can be, givena certain sequence of observations. This is accomplished bysimply following a directed path whose labels coincide withthe labels in the given sequence of observations. The MO iscomputed by merging all nodes of the ERG that are connectedby edges labeled with silent transitions and all nodes that exitfrom the same node and whose output edges are transitions

2

sharing the same label. Obviously, the resulting sets associatedwith the nodes of the marking observer generally form a nonconvex set, but they can be described as unions of convexsets. Specifically, they can be described in linear algebraicterms using quite standard approaches based on the big-Mtechnique [17].

By exploiting the ERG, we provide an approach to computea state feedback controller when the specifications are given interms of Generalized Mutual Exclusion Constraints (GMECs).We assume that only a subset of the observable transitions iscontrollable, i.e., their firing can be forbidden by the controllerwhen it may potentially lead to a violation of the constraints.We show that the problem of deriving a control strategyassociated with controllable transitions (i.e., to determine if atransition should be enabled or disabled by the controller) mayeither be solved on-line, using linear integer programming,or using a procedure based on the MO. The advantage ofthe second approach is that the most burdensome part ofthe computations is moved off-line thanks to the constructionof a deterministic automaton that describes the closed-loopbehavior of the observer for the system. However, such aprocedure only applies under the assumption that transitionssharing the same label also share the same control pattern (i.e.,they can be enabled and disabled simultaneously). In this way,the problem of computing control strategies reduces to theproblem of following a directed path in the MO graph; underthis assumption, the resulting control strategy is easily seen tobe maximally permissive.

The paper is structured as follows. Section II summarizesthe state of the art for the problems of state estimation and statefeedback control using Petri nets. Section III provides somebackground on labeled Petri nets and Section IV establishessome convexity properties that are useful for our developmentlater on. The results on marking estimation and the construc-tion of the marking observer are presented in Section V.The procedure for state feedback control is illustrated inSection VI. Finally, conclusions are drawn in Section VIIwhere future lines of research are also illustrated.

We conclude this section mentioning the two conferencemanuscripts on which this paper is based, namely [18] and[19]. There are two main differences between this paper andthe union of [18] and [19]. First, a more exhaustive literaturereview is provided; second, the computational complexity ofthe proposed approach is explicitly discussed, including amethod to systematically compare convex regions, using thebig-M technique, in order to establish if two nodes in themarking observer are coincident.

II. LITERATURE REVIEW

The problem of state estimation is that of determiningefficient ways of reconstructing the state of a system basedon observed event occurrences and/or partial marking observa-tion. The problem of estimating the state of a dynamic systemhas attracted the attention of several researchers both in theautomata [20], [21], [22], [23] and in the Petri net community[15], [24], [25], [26], [27], [28], [29]. In this section we firstdiscuss previous works on marking (state) estimation in Petri

nets. Our discussion is by no means exhaustive and a goodsurvey on state estimation of Petri nets can be found in [30].

In [24], [25] the observability problem has been addressedunder the assumptions that (i) the initial state of the Petri netis completely unknown, or at most known to belong to a givenconvex set, and (ii) all transitions are observable. Later on, in[26], [27] a different problem statement has been considered:the initial marking is assumed to be known but only a subsetof transitions is assumed to be observable. In particular, someof them may be silent and others may be indistinguishable,i.e., their firing leads to the same observation.

In [15] Jiroveanu et al. present an approach that deals withthe on-line monitoring of large systems modeled as Petri netsunder partial observation. The plant observation is given bya subset of transitions whose occurrence is acknowledged byemitting a label received by the monitoring agent at the time ofthe occurrence; other transitions not in this subset are silent.This approach can also deal with Petri nets with uncertaininitial marking.

In [28] Ramírez-Trevino et al. study the observability ofdiscrete event systems (DES) modeled by Interpreted Petri nets(IPNs). The authors define IPN observability for IPNs relatingthis property to IPN structure. They also discuss a method fordesigning asymptotic observers.

In [29] the problem of state estimation in labeled Petri netsis considered and upper bounds on the number of system statesthat are consistent with an observed sequence of labels areobtained. The analysis is applicable to Petri nets that mayhave transitions that share the same label and/or unobservabletransitions.

There are several motivations behind state estimation. Themost natural one in a system theory setting is the need toimplement state feedback control. For state feedback con-trol, specifications are given in terms of legal states, so thecontroller computes a control pattern that enables or disablestransitions, based on the set of markings consistent with theobservation, so as to guarantee that the state of the systemremains legal/desirable. For Petri nets, a typical solution isthat of designing a supervisor that disables the firing of sometransitions based on the plant’s observed behavior or state: thecontrolled system (plant and supervisor) is called closed-loopsystem.

In [31] Giua et al. study a class of specifications, calledGMECs, for DES modeled using place/transition nets. Thesespecifications may be easily enforced by a set of placescalled monitors on a net system where all transitions arecontrollable. However, when some of the transitions of thenet are uncontrollable, this technique is not always applicable.For some classes of nets, the authors prove that GMECs mayalways be enforced by monitors, even in the presence ofuncontrollable transitions.

The problem of controlling a timed Petri net whose markingcannot be measured but is estimated using an observer isdiscussed by Giua et al. in [14]. The control objective is thatof enforcing a set of GMECs and all transitions are assumedto be controllable.

In [32] Iordache and Antsaklis describe supervision basedon place invariants (SBPI) and show classes of problems that

3

can be reduced to the SBPI problem. Finally, they presentapplications of the SBPI approach to programming withsemaphores, fault tolerance, and synchronic-distance baseddesigns.

In all above contributions that model the system as a Petrinet, both in the framework of state estimation and supervisorycontrol, authors either assume that the initial marking is known[15], [24], [26], [27], [28], [29], [31], [32], or assume that theinitial marking is only known to belong to a given convex setbut all transitions are observable [14], [25]. The goal of thispaper is that of simultaneously considering uncertainty in theinitial marking and partial observation in the transitions firing.To the best of our knowledge this is the first paper wherethe above two forms of nondeterminism are simultaneouslyconsidered in either a marking estimation or a supervisorycontrol setting. However, some other authors deal with themsimultaneously in the framework of fault diagnosis. In par-ticular, we mention the contributions by Lefebvre [33], [34]where a very general setting was considered, even if differentfrom ours. In particular, the partial knowledge of the marking(both the initial and the current one) is provided in terms ofgeneralized marking measurements, i.e., weighted marking ofsome subsets of places.

III. BACKGROUND ON LABELED PETRI NETS

In this section we recall the formalism used in the paper.For more details on Petri nets we refer to [35].

A Place/Transition net (P/T net) is a structure N =(P, T, Pre, Post), where P is a set of m places; T is a setof n transitions; Pre : P × T → N and Post : P × T → Nare the pre– and post– incidence functions that specify thenonnegative weights on the arcs that connect transitions toplaces and vice-versa (a zero weight is used to indicate theabsence of an arc between a transition to a place or vice versa);C = Post − Pre is the incidence matrix. Pictorially, placesare represented by circles, transitions by bars, and tokens byblack dots, as shown in Fig. 1.

A marking is a vector M : P → N that assigns to eachplace of a P/T net a nonnegative integer number of tokens,represented by black dots. We denote by M(p) the markingof place p. A P/T system or net system 〈N,M0〉 is a net Nwith an initial marking M0. A transition t is enabled at Miff M ≥ Pre(· , t) and may fire yielding the marking M ′ =M+C(·, t) (the notation C(·, t) captures the column of matrixC that corresponds to transition t). We write M [σ〉 to denotethat the sequence of transitions σ = tj1 · · · tjk is enabled atM , and we write M [σ〉 M ′ to denote that the firing of σyields M ′. We also write t ∈ σ to denote that transition t iscontained in σ. The set of all sequences that are enabled at theinitial marking M0 is denoted by L(N,M0), i.e., L(N,M0) =σ ∈ T ∗ | M0[σ〉.

Given a sequence σ ∈ T ∗, we call π : T ∗ → Nn thefunction that associates with σ a vector ~σ ∈ Nn, called thefiring vector of σ. In particular, ~σ = π(σ) is such that ~σ(t) = kif transition t is contained exactly k times in σ.

A marking M is reachable in 〈N,M0〉 iff there existsa firing sequence σ such that M0 [σ〉 M . The set of all

p1

p2

p3

p4

p5 t1

t3

t4 2

a

b

b

ɛ

t2

Fig. 1. Petri net considered in all numerical examples.

markings reachable from M0 defines the reachability set of〈N,M0〉 and is denoted by R(N,M0). A net system 〈N,M0〉is bounded if there exists a positive constant K such that,for M ∈ R(N,M0), M(p) ≤ K. Note that, in general, thereachability set is a function of the initial marking.

A labeling function L : T → E ∪ ε assigns to eachtransition t ∈ T either a symbol from a given alphabet E orthe empty string ε. We denote by Tε the set of transitionslabeled with the empty string ε.

With a slight abuse of notation we also extend the definitionof L to sequences: for σ ∈ T ∗, L(σt) = L(σ)L(t) where L(t)is the label assigned to transition t, that may either be a symbolin E or the empty string.

IV. CONVEXITY PROPERTIES

In this section we first prove that starting from a givenconvex set of initial markings, the set of markings that canbe reached following the firing of a sequence of transitions isconvex as well. We then make the following assumption:• Assumption A1: the net system is bounded for all initial

markings in the starting convex set.We prove that, under such an assumption the number ofdifferent convex sets that can be obtained following a possiblefiring sequence (i.e., a firing sequence enabled at the initial set)is finite as well.

Let

M = M ∈ Nm | AM ≤ ~b, M ≤ ~bu, M ≥ ~bl (1)

be a given convex set of markings, where matrix A ∈ Znc×m

is such that each row contains at least two non zero entries,i.e., it describes a constraint that involves at least two places;nc is the number of such constraints and we assume thatnone of them is redundant. The other two inequalities assign,respectively, an upper and a lower bound to places, that mayalso be equal to zero. Example 5, presented later in the paper,describes practical and interesting situations where such sets

4

of markings arise, as well as ways in which matrix A andvectors ~b,~bu,~bl can be easily computed. Obviously, we have~bu,~bl ∈ Nm and ~bu ≥ ~bl.

It is easy to observe that set M in equation (1) can berewritten in a more compact form as

M = M ∈ Nm | ∆M ≤ ~γ (2)

where

∆ =

AIm−Im

, ~γ =

~b~bu−~bl

, (3)

and Im is the m-th order identity matrix.The following proposition shows that if the set of possible

current markings M is convex, then the set of markings inwhich the system can be after the firing of any transition t isalso convex.

Proposition 1: Let M be a convex set of markings definedas in equation (1). The set of markings R(M, t) reached byfiring any transition t ∈ T starting from any marking in M isconvex and is equal to

R(M, t) = M ∈ Nm | AM ≤ ~b+AC(·, t),M ≤ ~bu + C(·, t),M ≥ max~bl, P re(·, t)+ C(·, t) ,

(4)

where the maximum operator is taken componentwise.Proof: We first observe that the set of markings in M that

enable t ∈ T is convex. In particular, it is equal to

Men(t) = M ∈ Nm | AM ≤ ~b,M ≤ ~bu,M ≥ max~bl, P re(·, t)

(5)

and it holds Men(t) ⊆ M. Now, since by the state equationthe firing of t at a given marking M leads to a marking M ′ =M + C(·, t), replacing M with M ′ − C(·, t) in (5) leads toequation (4).

Note that R(M, t) = ∅ if t is not enabled at any markingin M. Indeed, in such a case, the set Men(t) in equation (5)is empty.

The previous result can be easily generalized to the case ofa sequence of transitions σ ∈ T ∗. In particular, the followingalgorithm shows that the set of markings in which the systemmay be after the firing of σ = ti1ti2 . . . tik ∈ T ∗, assumingthat the evolution starts from any marking in a convex set Mdefined as in equation (1), is convex as well. Such an algorithmfollows from recursively applying Proposition 1.

Algorithm 2: Set of markings consistent with a sequenceσ.

1. Let ~bl,0 = ~bl.2. For all j = 1, . . . , k,

a. let ~bl,j = max~bl,j−1, P re(·, tij )+ C(·, tj).3. Let

~b = ~b+AC~σ~bu = ~bu + C~σ~bl = ~bl,k.

(6)

4. LetR(M, σ) = M ∈ Nm | ∆M ≤ ~γ (7)

where ∆ and ~γ are defined as in equation (3).

The above result has two important practical implicationsthat become evident by looking at equations (2) and (7).• The number of constraints (nc + 2m) necessary to de-

scribe the set of consistent markings in which the systemmay be, starting from any set in the form (1) and firingany sequence σ ∈ T ∗, is constant.

• The structure of such a set of constraints does not dependon σ. Indeed, only the right hand-side vector varies withthe considered sequence.

As a result of the above discussion, the following proposi-tion can be proved.

Proposition 3: Consider a Petri net N whose initial markingbelongs to a given convex set M0 defined as in equation (1).Let

R(M0) = R(M0, σ) ∈ 2Nm | σ ∈ L(N,M0),

M0 ∈M0(8)

be the set of convex marking regions that N can reach when alltransition sequences firable at any M0 ∈M0 are considered1.If 〈N,M0〉 is bounded for any initial marking M0 ∈M0, thenthe cardinality of R(M0) is finite.

Proof: Let us preliminary observe that the vector C~σ, whereσ ∈ L(N,M0) and M0 ∈M0, may only take a finite numberof values if the net is bounded for any initial marking inM0.Indeed, two different cases may occur.• For all M0 ∈ M0 the language L(N,M0) is finite. In

such a case only a finite number of firing vectors ~σmay occur (since only a finite number of sequences σare possible), thus C~σ may obviously take only a finitenumber of values.

• For some M0 ∈ M0 the language L(N,M0) is notfinite. If a language is not finite, it surely containsrepetitive sequences. Repetitive sequences may either beincreasing (their firing increases indefinitely the markingof some place) or stationary (their firing does not increaseindefinitely the marking of some place). In the first case,C~σ ~0; in the second case, C~σ = ~0. However, increas-ing sequences make the marking of at least one placegrow indefinitely, thus they cannot occur in boundedsystems, as in the case at hand. This means that, if thelanguage is not finite, all possible repetitive sequencesare stationary. Therefore, also in this case, the vector C~σmay only take a finite number of values.

Summarizing, only a finite number of vectors ~γ could becomputed when applying Algorithm 2 to define setsR(M0, σ)for all σ ∈ L(N,M0), M0 ∈M0, thus proving the statement.

V. MARKING ESTIMATION

A. Extended Reachability graph

In this subsection we define a particular directed and labeledgraph, called Extended Reachability Graph (ERG) where a

1We use 2Nm

to denote the set of all subsets of Nm, i.e., the set of allsubsets of vectors with m components, where each component in a naturalnumber.

5

different node is associated with each element in R. Arcs arelabeled with transitions. An edge labeled t goes from one nodeto another node if and only if transition t may fire at some (orall) of the markings in the first node and their firing leads to theset of markings in the second node. The following algorithmsummarizes the main steps for the construction of the ERG.

Algorithm 4: Extended Reachability Graph.1. The initial node of the graph is the set of admissible initial

markings in a convex set M0 (as described in (1)). Thisnode is initially unmarked.

2. While there exists an unmarked node M of the graph,do:

a. For each transition t enabled at some marking inM,i.e., such that Men(t) is not empty:i. Compute the convex set of markings M′ =R(M, t) according to equation (4).

ii. If no node associated with the set of markingsM′is on the graph, add a new nodeM′ to the graph.

iii. Add an edge labeled t from nodeM to nodeM′.b. Mark node M “old”.

3. Remove all marks.

The following example clarifies the above algorithm.Example 5: Consider the Petri net in Fig. 1 whose initial

marking is known to belong to the set

M0 = M ∈ Nm | M(p1) +M(p2) ≤ 4,M ≥ [0 0 0 0 0]T ,M ≤ [4 4 0 0 0]T .

(9)

In terms of the notation above, we have A = [1 1 0 0 0],b = 4, ~bl = [0 0 0 0 0]T , ~bu = [4 4 0 0 0]T , and

~γ = [4 | 4 4 0 0 0 | 0 0 0 0 0]T .

Based on Algorithm 4 we obtain the ERG in Fig. 2 contain-ing 26 different states. Table I summarizes the characteristicvalues of all such states, namely ~γ, b, ~bl and ~bu. Note that forconsistency with the notation used in the remaining sections,the generic i-th state of the ERG is denoted by xi.

Remark 6: Step 2.a.ii of Algorithm 4 implicitly requires thecomparison of a node with other nodes in terms of the convexregions they represent. In certain cases, e.g. when all entries ofmatrix A are positive, this is a relatively easy task. Consideras an example the values of the parameters in Table I. Some ofthem are not exactly the same as those computed at Step 2.a.iof Algorithm 4, e.g., this is the case of set R(M0, t1). Basedon Step 2.a.i we compute ~bu = [3 3 1 1 0]T rather than ~bu =[2 2 1 1 0]T as reported in Table I. However, it is trivial toobserve that, since b = 2 (and since the number of tokens ineach place is restricted to have nonnegative integer values),the two different values of the upper bounds provide the sameset of feasible markings. Similar cases may occur and we relyon using such simple rules to reduce the representation of theconvex region to some standard form.

Nevertheless, there are some cases, e.g. in the presence ofnegative entries in matrix A, where additional burdensomecomputations may be required to establish if two sets ofconstraints correspond to exactly the same set of markings.

~γT = [b | ~bTu | −~bTl ]

x0 [4 | 4 4 0 0 0 | 0 0 0 0 0]x1 [2 | 2 2 1 1 0 | 0 0 − 1 − 1 0]x2 [0 | 0 0 2 2 0 | 0 0 − 2 − 2 0]x3 [2 | 2 2 0 1 1 | 0 0 0 − 1 − 1]x4 [2 | 2 2 1 0 1 | 0 0 − 1 0 − 1]x5 [0 | 0 0 1 2 1 | 0 0 − 1 − 2 − 1]x6 [0 | 0 0 2 1 1 | 0 0 − 2 − 1 − 1]x7 [2 | 2 2 0 0 2 | 0 0 0 0 − 2]x8 [0 | 0 0 0 2 2 | 0 0 0 − 2 − 2]x9 [0 | 0 0 1 1 2 | 0 0 − 1 − 1 − 2]x10 [0 | 0 0 2 0 2 | 0 0 − 2 0 − 2]x11 [4 | 3 3 0 0 0 | − 1 − 1 0 0 0]x12 [0 | 0 0 0 1 3 | 0 0 0 − 1 − 3]x13 [2 | 1 1 0 2 0 | − 1 − 1 0 − 2 0]x14 [0 | 0 0 1 0 3 | 0 0 − 1 0 − 3]x15 [2 | 1 1 1 1 0 | − 1 − 1 − 1 − 1 0]x16 [2 | 1 1 2 0 0 | − 1 − 1 − 2 0 0]x17 [0 | 0 0 0 0 4 | 0 0 0 0 − 4]x18 [2 | 1 1 0 1 1 | − 1 − 1 0 − 1 − 1]x19 [0 | 0 0 1 3 0 | 0 0 − 1 − 3 0]x20 [2 | 1 1 1 0 1 | − 1 − 1 − 1 0 − 1]x21 [0 | 0 0 3 1 0 | 0 0 − 3 − 1 0]x22 [2 | 1 1 0 0 2 | − 1 − 1 0 0 − 2]x23 [0 | 0 0 0 3 1 | 0 0 0 − 3 − 1]x24 [0 | 0 0 3 0 1 | 0 0 − 3 0 − 1]x25 [4 | 2 2 0 0 0 | − 2 − 2 0 0 0]

TABLE IVECTORS ~γ DEFINING THE NODES OF THE ERG IN FIG. 2.

One way to achieve this is to utilize the big-M technique [17]as detailed below.

Assume that the set of constraints associated with nodeM′are equal to ∆′M ≤ ~γ′, while the set of constraints associatedwith nodeM are equal to ∆M ≤ ~γ. The two sets contain thesame markings iff none of the two following cases occur: (a)there exists no marking that satisfies the first set of constraintsbut violates at least one constraint in the second set, (b) thereexists no marking that satisfies the second set of constraintsbut violates at least one constraint in the first set. One way toguarantee that neither (a) not (b) hold is to define the followingsets of constraints and verify that they are both infeasible:

∆′M ≤ ~γ′~δ1M − γ1 > Kz1

...~δnc+2mM − γnc+2m > Kznc+2m

z1 + . . . znc+2m ≤ nc + 2m− 1z1, . . . , znc+2m ∈ 0, 1M ∈ Nm

(10)

6

Fig. 2. The Extended Reachability Graph of the Petri net in Fig. 1 assuming that the initial marking belongs to the set in eq. (9). The parameters associatedwith the convex region of each node are provided in Table I.

and

∆M ≤ ~γ~δ′1M − γ′1 > Kz1

...~δ′nc+2mM − γ′nc+2m > Kznc+2m

z1 + . . . znc+2m ≤ nc + 2m− 1z1, . . . , znc+2m ∈ 0, 1M ∈ Nm

(11)

where ~δi (~δ′i) is the ith row of matrix ∆ (∆′), for i =1, . . . , nc + 2m, γi (γ′i) is the ith entry of the vector ~γ (~γ′),and K is a very large constant.

To explain the above claim, let us focus on equation (10), asthe same reasoning applies to the other set. If zi = 0 it meansthat the corresponding constraint is active, so one constraintin the second set is violated. Now, since the sum of all zi’sis at most equal to nc + 2m − 1, this implies that at leastone constraint in the second set is violated by a marking thatbelongs to the first set.

Note that the feasibility issue can also be solved by associat-ing some objective function to the above sets of constraints andsolving the resulting linear programming problems. Obviously,such a computation becomes burdensome since the convexregion of each node needs to be compared against the convexregion of all other nodes. In particular, if N is the number ofnodes in the ERG, O(N2) pairs of sets defined by equations(10) and (11) need to be considered.

Note that, alternatively, we can opt to keep “redundantnodes.” Indeed, using the type of arguments invoked in Propo-sition 3, we can conclude that also in this case the number ofnodes in the ERG is finite. Furthermore, the functionality ofthe proposed algorithm will not be affected, though its numberof nodes will certainly be increased.

B. Marking observer

In this subsection we deal with the problem of computingthe set of markings in which the system may be, given the setof possible initial markings and a sequence of observationsw ∈ E∗. More precisely, if M0 is the convex set of markingsin which the system is known to initially be, and w ∈ E∗ isthe observed sequence of labels, we want to compute the setof markings consistent with the observation w, namely

C(M0, w) = M ∈ Nm | M0[σ〉M, M0 ∈M0,L(σ) = w. (12)

Note that we assume no restriction on the labeling function.In particular, we may have silent transtions, i.e., transitionslabeled with ε, and cycles of silent transitions.

To do this in a systematic way, moving off-line most of thecalculations, we define a Marking Observer (MO). The MOis a deterministic graph whose nodes contain sets of nodesin the ERG and whose edges are labeled with symbols fromthe alphabet E. Given the MO, the problem of computing theset of markings consistent with a given observation simplyreduces to the problem of following a labeled path in adeterministic graph: the set of consistent markings is thengiven by the union of convex sets associated with subsets ofERG nodes captured by the MO node reached.

The approach we propose to compute the MO is basedon the big-M technique [17] that allows us to describe inlinear algebraic terms the union of a finite number of convexsets, which is obviously in general a non convex set. In moredetail, given k sets of constraints of the form ∆1M ≤ ~γ1,. . ., ∆kM ≤ ~γk, The union of such sets can be described as

7

follows, simply introducing k binary variables z1, z2, . . . , zk:

∆1M − ~γ1 ≤ (z1K) ~1,...∆kM − ~γk ≤ (zkK) ~1,z1 + . . .+ zk≤k − 1,z1, . . . , zk ∈ 0, 1

where K is a very large constant and ~1 is a vector of ones ofappropriate dimension.

Indeed, since the sum of all zi’s is less than or equal tok − 1, then at least one zi is null, while all the others areequal to one. As an example, if zi = 0, it means that theith constraint is active. On the contrary, if zi = 1, the ithconstraint is redundant.

We now present an algorithm that summarizes the mainsteps for the construction of the MO. Basically, the main stepsare the same as those required to compute a deterministic finiteautomaton (the MO) equivalent to a given non deterministicone (the ERG) [36]. The only significant difference is thatnow, in each node, instead of having a set of states, we havethe union of a set of linear algebraic constraints.

For simplicity of presentation, in the following we denotethe ERG as a non deterministic automaton G = (X,E ∪ε,∆∗, x0), where X is the set of states (a different stateis associated with each convex subset of R(M0) of theform in (7)); E is the alphabet of the considered Petri net;∆∗ ⊆ X × (E ∪ ε)×X is the transition relation.

The MO is a deterministic automaton Gob =(Xob, E, δob, xob,0) equivalent to G, such that theirlanguages coincide when projected on the set of labelsE according to projection L. More specifically, Gob resultsfrom the determinization of G, taking also into accountthe unobservable reach of each state: the set of statessatisfies Xob ⊆ 2X , xob,0 is the initial state (subset ofX as defined below) and δob is the transition functionδob : Xob × E → Xob, rather than the transition relation.Each state in Xob is associated with a set of linear algebraicconstraints defined as in the following algorithm.

Algorithm 7: Marking Observer.1. For all states x ∈ X compute

D(x) = x ∈ X | (x, ε, x) ∈ ∆∗,

i.e., the set of the states that can be reached from x byexecuting zero or more ε transitions. By definition, wehave x ∈ D(x).

2. For all states x ∈ X and all symbols e ∈ E, compute

De(x) = x ∈ X | (x, e, x) ∈ ∆∗,

i.e., the set of the states reachable from x executing e-transitions.

3. Let xob,0 = D(x0), i.e., the initial state of Gob is given bythe set of states of G reachable from x0 executing zeroor more ε-transitions.

4. Let Xob = ∅ and Xnew = xob,0.At the end of the algorithm Xob ⊆ 2X is the set of statesof Gob, while the set Xnew contains, at each iteration, the

set of states of Gob that still have to be explored.5. Consider a state xob ∈ Xnew.

a. For all e ∈ E:

i. Define the sets A(xob, e) =⋃x∈xob

De(x) and

B(xob, e) =⋃

x∈A(xob,e)

D(x). The first set rep-

resents the states of G reachable from any statein xob executing an e-transition. The second setrepresents the set of states of G reachable fromany state in A(xob, e) executing zero or more ε-transitions.

ii. Consider xob = B(xob, e) as the state of Gobreached from xob executing e, and thus letδob(xob, e) = xob.

iii. If xob 6∈ Xob ∪Xnew let Xnew = Xnew ∪ xob.

b. Let Xob = Xob ∪ xob and Xnew = Xnew \ xob.

6. If Xnew 6= ∅ goto Step 5.7. For all xob ∈ Xob:

a. Let X ⊆ X be the set of states of G belonging toxob. Each state x ∈ X corresponds to a different setin R(M, σ) ∈ R(M0) for some σ ∈ T ∗.

b. Let k = |X|.c. Let σj be the sequence of transitions that leads fromM0 to the generic j-th state of X (j = 1, . . . , k).

d. Let R(M0, σj) be defined as:

R(M0, σj) = M ∈ Nm | ∆M ≤ ~γj

where ∆ is defined as in eq. (3) and ~γj is computedaccording to Algorithm 2.

e. Associate with xob the following set of constraints:

∆M − ~γ1 ≤ (z1K) ~1...∆M − ~γk ≤ (zkK) ~1z1 + . . .+ zk≤k − 1z1, . . . , zk ∈ 0, 1M ∈ Nm,

for some very large constant K.

The following example clarifies the above algorithm.

Example 8: Consider again the labeled Petri net in Fig. 1where L(t1) = a, L(t2) = L(t3) = b, and L(t4) = ε. Its ERGis reported in Fig. 2 and illustrated in Example 5. First, wereplace transitions in Fig. 2 with their labels to obtain the nondeterministic automaton that is the input for Algorithm 7 (thenon deterministic automaton is not reported here for the sakeof brevity).

Using Algorithm 7 we compute the MO in Fig. 3 consistingof 15 states defined as detailed in Table II. As an example,consider state xob,3 that can be reached from an initial markingafter observing the sequence ab; according to Step 7.e ofAlgorithm 7, we obtain that the set of consistent markings

8

xob,0 x0xob,1 x1xob,2 x2xob,3 x3, x4xob,4 x5, x6xob,5 x7, x11xob,6 x8, x9, x10, x13, x15, x16xob,7 x1, x9, x15xob,8 x2, x19, x21xob,9 x12, x14, x18, x20xob,10 x3, x4, x12, x14, x18, x20xob,11 x5, x6, x23, x24xob,12 x17, x22, x25xob,13 x7, x11, x17, x18, x22, x25xob,14 x9, x15

TABLE IITHE NODES OF MO IN FIG. 3.

given the observation ab is:∆M − ~γ1 ≤ (z1K) ~1,

∆M − ~γ2 ≤ (z2K) ~1,z1 + z2≤1,z1, z2 ∈ 0, 1,M ∈ N5,

where K is a large constant,

∆ =

AI5−I5

,~γ1 = [2 | 2 2 0 1 1 | 0 0 0 − 1 − 1]T ,

and~γ2 = [2 | 2 2 1 0 1 | 0 0 − 1 0 − 1]T .

Note that the values of ~γ1 and ~γ2 can be easily deducedlooking at the definition of states x3 and x4 in Table I.

This implies that there are 6 markings consistent with thefiring of ab, namely M1 = [1 1 0 1 1]T , M2 = [2 0 0 1 1]T ,M3 = [0 2 0 1 1]T , M4 = [1 1 1 0 1]T , M5 = [2 0 1 0 1]T ,M6 = [0 2 1 0 1]T .

C. Computational complexityIn this subsection we analyze the complexity of the two

main steps of the proposed procedure.1) Construction of the ERG: The number of nodes of the

ERG (as well as the number of nodes of the ReachabilityGraph) increases exponentially with the system size (netstructure, e.g. number of places), while it is linear withthe number of convex sets involved in the description ofthe set of initial markings.

2) Construction of the MO: The number of nodes of theMO is closely connected to the ERG; in the worst-casescenario, the number of nodes of the MO is exponentialin the number of nodes of the ERG.

Note that although the complexity is exponential, the con-struction of the ERG and the MO can be done off-line. It

is worth pointing out that an alternative (but computationallymore costly) approach to constructing the ERG and the MOfor a given (convex) set of initial markings M0 would beto compute a reachability graph and an observer for each ofthe initial markings in M0. In general, this alternative proce-dure is computationally heavier with respect to the proposedprocedure as shown in the following example. Moreover, thisalternative does not allow us to deal with feedback controlin a compact form, in contrast to the proposed approach, asdiscussed in the following section.

Example 9: Let us consider again the Petri net in Fig. 1.Let M0 = M ∈ N5 | AM ≤ b, M ≤ ~bu, M ≥ ~bl whereA = [1 1 0 0 0], and b, ~bl, and ~bu can assume different values.

Table III reports a comparison between our approach andthe approach that considers for each marking M0 ∈ M0 theconstruction of the reachability graph (RG). All simulationswere run on a PC with a clock frequency of 2 GHz.

— Column 1 shows the value of ~γT = [b | ~bTu | −~bTl ].— Column 2 shows the cardinality of the setM0, i.e., the

number of initial markings in M0.— Column 3 provides the number of nodes |ERG| of the

extended reachability graph.— Column 4 shows the time tERG in seconds we spent to

compute the ERG using a function we developed in Matlab.— Column 5 provides the sum of the number of nodes of

the reachability graphs built for each initial marking in M0.— Column 6 shows the sum of the time tRG in seconds

we spent to compute the reachability graphs for each initialmarking in M0, using a function we developed in Matlab.

As shown in Table III, the efficiency of our approach growswith the number of initial markings M0 ∈M0.

VI. STATE FEEDBACK CONTROL

A. Problem formulation

Assume that a given labeled Petri net, whose initial markingis known to belong to a given convex setM0, needs to evolvewithin a given convex set of markings. In particular,

P(Ω,~k) = M ∈ Nm | ΩTM ≤ ~k (13)

denotes the set of legal markings, where Ω ∈ Zm×q , ~k ∈Zq×1, and q is the number of constraints defining the setP(Ω,~k).

Constraints in the form (13) are well known in the literatureand are called Generalized Mutual Exclusion Constraints(GMECs) [31], [37]; they have been used in several applicationareas, such as manufacturing [14] and transportation [38].

As in the previous section, we assume that only labels maybe observed. Furthermore, we assume that the set of transitionscan be partitioned in three subsets: T = Tc,o ·∪Tuc,o ·∪Tuo,where

— Tc,o is the set of controllable and observable transitions;— Tuc,o is the set of uncontrollable but observable transi-

tions;— Tuo is the set of unobservable transitions, that are also

uncontrollable.

9

a b

b

a

a

b

a

b

b

a

b

a

b

a

a b a

xob,0 xob,1 xob,2 xob,3 xob,4

xob,6 xob,7 xob,8 xob,9 xob,5

xob,11 xob,12 xob,13 xob,14 xob,10

a

b

a

Fig. 3. The MO corresponding to the Petri net in Fig. 2 when the set of initial markings is defined as in eq. (9).

~γT = [b | ~bTu | −~bTl ] |M0| |ERG| tERG [sec] |RG| tRG [sec]

[4 | 1 1 0 0 0 | − 1 − 1 0 0 0] 1 4 0.10s 4 0.10s[4 | 1 1 0 0 0 | 0 0 0 0 0] 4 6 0.10s 6 0.11s[4 | 2 2 0 0 0 | 0 0 0 0 0] 9 26 0.13s 34 0.68s[6 | 4 4 0 0 0 | 0 0 0 0 0] 22 74 0.25s 183 1.39s[8 | 4 4 0 0 0 | 0 0 0 0 0] 25 167 0.47s 368 2.01s[10 | 5 5 0 0 0 | 0 0 0 0 0] 36 326 1.11s 865 3.81s

[20 | 10 10 0 0 0 | 0 0 0 0 0] 121 3126 10.59s 14672 61.76s[30 | 15 15 0 0 0 | 0 0 0 0 0] 256 13025 46.33s 87270 420.00s[40 | 20 20 0 0 0 | 0 0 0 0 0] 441 37151 3547.98s 323293 32851.32s

TABLE IIICOMPARISON BETWEEN THE NUMBER OF STATES OF THE ERG AND THE SUM OF THE NUMBER OF STATES OF EACH REACHABILITY GRAPH BUILT FOR

EACH CONVEX SET OF INITIAL MARKINGS IN M0 .

10

All transitions labeled with the empty word are unobserv-able (and thus also uncontrollable). Therefore, we have Tε =Tuo. Indistinguishable transitions are observable transitionsthat may either belong to Tc,o or to Tuc,o.

The controller should enable or disable transitions in Tc,oso as to guarantee that the system never reaches a markingthat is not legal according to the definition in (13).

Now, if the system state is known to belong to a given setof markings C, for all t ∈ Tc,o we define the control law

f(t, C) : Tc,o × 2Nm

→ 0, 1

as follows.Definition 10: Given a set of legal markings P(Ω,~k) and a

set of consistent (i.e., possible) current markings C ⊆ P(Ω,~k),the firing of a controllable transition t is prevented by amaximally permissive control strategy, if and only if thereexists a legal consistent marking M such that the firing oft from M either leads to a forbidden marking, or leads to alegal marking from which a forbidden marking can be reachedby firing uncontrollable transitions.

If the firing of t needs to be prevented, we set f(t, C) = 0,otherwise we set f(t, C) = 1.

Note that to make the control problem feasible, we assumethat the set of possible initial markings, as well as the set ofall markings that can be reached from any initial marking byfiring one or more uncontrollable transitions, are included inthe set of legal markings, i.e.,

M0

⋃σ∈Tuc,o∪Tuo∗

R(M0, σ) ⊆ P(Ω,~k). (14)

If this requirement does not hold, obviously we have no way ofguaranteeing (13) since uncontrollable transitions may cause aviolation before we even have an opportunity to perform anycontrol.

Analogously, given an arbitrary observation w ∈ E∗, wecan compute the set of consistent markings C(M0, w). Oncewe have computed the MO, this set can easily be obtained bylooking at the MO. Actually, since the control strategy mayhave already prevented the occurrence of certain transitionsin the past, the MO may report a superset of the set ofpossible states. Thus, the resulting control scheme is notnecessarily maximal permissive (some ideas about how toobtain a maximally permissive scheme are discussed at theend of this section). Then, using the big-M technique wedefine a superset of the set of markings in which the systemmay be after the firing of a controllable transition t ∈ Tc,oplus any sequence of transitions in (Tuc,o ∪ Tuo)

∗. Let’suse Y(M0, w, t) to denote this set of markings. Note thatY(M0, w, t) is not necessarily convex but it is typically givenby the union of a finite number of convex sets (it can bedescribed via a finite number of linear integer constraints).

If Y(M0, w, t) ⊆ P(Ω,~k), the control law should betaken equal to f(t, C(M0, w)) = 1, otherwise it should bef(t, C(M0, w)) = 0. Therefore, an approach based on linearinteger programming can be used to compute the above controllaw, still taking advantage by the big-M technique [17].

More specifically, we characterize the set of forbidden

markings using the big-M technique as follows:

F(Ω,~k) = M ∈ Nm | ~ωT1 M − k1 > −Kz1,...

~ωT1 M − kq > −Kzq,z1 + . . .+ zq ≤ q − 1,z1, . . . , zq ∈ 0, 1

where the constraint z1 + . . . + zq ≤ q − 1 imposes that atleast one zi is equal to 0. Now, if zi = 0 it means that thei-th constraint is active. On the contrary, if zi = 1, the i-thconstraint is redundant. Therefore, the above set of constraintsimplies that at least one constraint is active, i.e., at least oneconstraint defining the set of legal markings is violated. Thecontrol law is taken to be f(t, C(M0, w)) = 1 if and only ifF(Ω,~k) ∩ Y(M0, w, t) = ∅.

Let us finally observe that the assumption that the controlspecifications are given in terms of GMEC is not a requirementfor the proposed procedure. However, such an assumption,which appears frequently in the literature, presents the mainadvantage of allowing us to compute the control law usinginteger linear programming.

B. Computation of the control strategy using MO

An alternative approach for the computation of the controllaw can be proposed using the MO. Basically, the idea consistsin the off-line computation of a deterministic automaton calledClosed-Loop Graph (CLG) that is a subgraph of the MO andexhaustively describes the closed-loop behavior.

In such a case, we make the following additional assump-tion:• Assumption A2: All transitions sharing the same label,

also share the same control pattern.The reason for this assumption is that by simply relying on

the MO, we cannot distinguish among transitions sharing thesame label. This implies that if the control is computed usingthe MO, the control law f is a function of the label e ∈ Eand the set of consistent markings C:

f(e, C) : E × 2Nm

→ 0, 1.

This also implies that, if one indistinguishable transitionis controllable (respectively, uncontrollable), then all transi-tions sharing the same label are controllable (respectively,uncontrollable) as well. Therefore, with no ambiguity in thenotation, in the following we also talk about controllable oruncontrollable labels.

Given the CLG, the control strategy for controllable tran-sitions can be easily computed on-line following a path inthe CLG. More specifically, a transition should be enabledby the controller if and only if following a path in the CLGthat originates from the root node, and that is labeled as thecurrent observation, we reach a node with an output edge withthe same label as the considered transition.

The main ideas behind the computation of the CLG arethe same as those used to define a supervisory controllerfor finite state automata with uncontrollable and unobservabletransitions [39], and may be summarized as follows. Given

11

the set of legal markings, we first compute the set of badnodes, i.e., the nodes that should be forbidden in the MO sincethey contain at least one illegal marking. Then, we define theset of potentially bad nodes, i.e., the nodes that lead to badnodes via uncontrollable (either observable or unobservable)sequences of transitions. Finally, we mark all edges labeledwith a controllable transition that lead to bad nodes or topotentially bad nodes, and we call them disabled edges.

The CLG is obtained from the MO by removing all badand potentially bad nodes, all disabled edges, and all edgesand nodes that, after the above pruning process, cannot bereached from the root node.

The approach to compute the CLG is summarized in thefollowing algorithm.

Algorithm 11: Closed-Loop Graph.1. Let P(Ω,~k) be the set of legal markings and Gob =

(Xob, E, δob, xob,0) the considered MO.2. Let B = ∅ be the current set of bad nodes.3. For each state xob ∈ Xob of the MO, do

3.1. let M(xob) be the set of markings associated withxob.

3.2. if M(xob) * P(Ω,~k), then B = B ∪ xob.4. Let Bp = ∅ be the current set of potentially bad nodes.5. While ∃xob ∈ Xob \ (B ∪ Bp) such that δob(xob, e) ∈

(B ∪ Bp) for some e associated with an uncontrollablelabel, do

let Bp = Bp ∪ xob.6. Let D = ∅ be the set of disabled edges.7. While ∃xob ∈ Xob \ (B ∪ Bp) such that δob(xob, e) ∈

(B∪Bp) for some e associated with a controllable label,do

let D = D ∪ e.8. Remove from Gob all nodes in B ∪ Bp, all edges in D,

and all edges and nodes that, after such a pruning process,cannot be reached from the root node.

In simple words the main steps of the algorithm can beexplained as follows. At Step 3, the set of nodes B containingforbidden markings is computed. At Step 4, a new set Bp isinitialized to the empty set. Its purpose is that of collectingall nodes that are potentially bad. Indeed, at Step 5, all thenodes that can reach a bad node in B with a sequence ofuncontrollable transitions are added to Bp. At Step 7, disablededges are determined, namely all those edges that are labeledwith a controllable transition and that lead either to a bad nodeor to a potentially bad node. Finally, at Step 8, we removeall bad and potentially bad nodes, all disabled edges and allthose nodes and edges that cannot be reached from the initialmarking.

Example 12: Consider again the labeled Petri net in Exam-ples 5 and 8. Assume that the only observable and controllabletransition is t1, i.e., Tc,o = t1, Tuc,o = t2, t3, andTuo = t4. Assume that we want to guarantee that M5 ≤ 2.Thus, according to our notation, we have ΩT = [0 0 0 0 1]and k = 2.

Applying the above algorithm, we find out that theset of bad states B contains xob,9, xob,10, xob,12 andxob,13. Then, the set of potentially bad nodes is Bp =

xob,0 xob,1 xob,3 xob,5 a b b

Fig. 4. The CLG for the Petri net in Example 12.

xob,2, xob,4, xob,6, xob,7, xob,8, xob,11, xob,14. Finally, the setof disabled edges is equal to

D = (xob,1, a, xob,2), (xob,3, a, xob,4),(xob,1, a, xob,2), (xob,5, a, xob,7),(xob,6, a, xob,8), (xob,7, a, xob,2),(xob,9, a, xob,4), (xob,10, a, xob,4),

(xob,12, a, xob,14), (xob,13, a, xob,7),(xob,14, a, xob,2) .

The resulting CLG is reported in Fig. 4. Intuitively, such aresult can be explained considering that, since the control goalis that of guaranteeing that at most two tokens are in p5, thefiring of t1 may only occur once.

Looking at the CLG, the computation of the control strategy

associated with a given observation and a given label is quitetrivial. Assume as an example that no label is observed. Itmeans that the current marking belongs to the set of markingsassociated with the root node of the CLG, that is legal byassumption. Now, assume that we want to compute the controlpattern associated with a given label e. We simply have to lookif in the CLG there exists an edge labeled e exiting from theroot node with label e. In such case, label e is control enabled;otherwise, its control strategy is set equal to 0. The samereasoning applies if the current observation is not the emptystring. The only difference is that in such case, rather thanlooking at the root node, we look at the node of the CLG thatis reached from the root node following a path with the samelabel as the current observation. This approach can be followedrecursively as we observe more and more observations. It isalso not hard to see (following this recursion) that the controlstrategy is maximally permissive under Assumption A2.

Example 13: Consider again the control problem in Ex-ample 12. If the current observation is equal to the emptystring, then only transitions with label a are control enabled.In the case at hand, transition t1 is labeled a and is the onlycontrollable transition. Therefore, only the control strategyassociated with a should be computed. Using the notationintroduced earlier, we have f(a, C(M0, ε)) = 1.

Now, assume that the current observation is equal to a. Theset of markings consistent with the given observation is equalto xob,1. However, since there is no edge exiting from xob,1with label a, even if t1 is marking enabled at xob,1, as it can beseen by looking at the MO, the controller prevents its firing.Therefore, it holds f(a, C(M0, a)) = 0.

Note that the proposed control strategy does not necessarilyguarantee that a deadlock will not be reached (this is alsotrue even when all transitions are controllable). If deadlockavoidance is an issue, then the controller we propose shouldbe used in conjunction with deadlock avoidance strategies [40],[41], [42].

12

We conclude this section observing that the limitation thatthe control simultaneously enables/disables all transitions shar-ing the same label can be overcome by redefining the markingobserver, and specifically, its set of transitions. In particular,we need to explicitly enumerate all possible enabling scenariosrelative to transitions sharing the same label. This comes ofcourse at the cost of higher complexity.

As an example, let us suppose to have label a beingshared by transitions t1, t2, and t3, which can be enabledand disabled separately. The redefined marking observer willhave transitions of the form: at1,t2,t3 (representing the factthat all transitions are enabled), at2,t3 (representing the factthat transitions t2, t3 are enabled), at1,t3 (representing the factthat transitions t1, t3 are enabled), at1,t2 (representing the factthat transitions t1, t2 are enabled), and so on. This way, wecan build an enhanced MO which also accounts for scenarioswhere different labels can be observed with only a subset oftheir corresponding transitions being control enabled.

VII. CONCLUSIONS AND FUTURE WORK

This paper addressed the problem of state estimation inlabeled Petri nets under partial observation and uncertainty inthe initial marking, as well as applications to state feedbackcontrol and current state opacity. Assuming that the initialmarking of the considered labeled Petri net belongs to a givenconvex set, we first proved that the set of markings that canbe reached by firing a sequence of transitions, starting fromthe given initial convex set of markings, is also convex and,under certain assumptions, is bounded. Second, we presentedthe Extended Reachability Graph, that is an extended versionof the reachability graph. Third, starting from such a graph weillustrated an algorithm for the construction of a deterministicgraph called Marking Observer. Finally, we showed ways todesign a state feedback controller when the specifications aregiven in the form of GMECs.

Our future research in this framework will focus on severalinteresting problems. First, we plan to consider the case wherethe set of possible initial markings is given by the union ofa finite number of convex sets. We plan to investigate twodifferent possibilities: one based on the construction of a finitenumber of ERGs that can be then merged; the second onebased on a new (more general) definition of the ERG thattakes this into account from the very beginning. Second, wewill attempt to provide a more compact representation of thenet system behavior, e.g. generalizing the notions of basismarkings and justifications in [26] to the current framework,i.e., when the initial marking is only known to belong to agiven convex set. Third, we plan to find a relaxed version ofAssumption A2 that attempts to take advantage of (structural)observability properties for sets of states. Finally, we plan tostudy, and if possible to adapt, the proposed marking observerto verify initial and current state opacity [43], [44], [45], [46].

REFERENCES

[1] H. Khalil, Nonlinear Systems, Third Edition. Prentice Hall, 2002.[2] E. Sontag, Mathematical Control Theory: Deterministic Finite Dimen-

sional Systems, Second Edition. Springer, 1998.

[3] P. R. Kumar and P. Varaiya, Discrete event systems, manufacturingsystems, and communication networks. Springer, 1995.

[4] Y. Ru and C. N. Hadjicostis, “State estimation in discrete event systemsmodeled by labeled Petri nets,” in 45th IEEE Conf. on Decision andControl, San Diego, California USA, Dec. 2006.

[5] F. Arichi, B. Cherki, and M. Djemai, “State and firing sequence esti-mation of Petri net application to manufacturing systems,” in IEEE Int.Conf. on Control, Decision and Information Technologies, Hammamet,Tunisia, May 2013.

[6] C. Seatzu, M. Silva, and J. van Schuppen (Eds), Control of Discrete-Event Systems. Automata and Petri Net Perspectives. in Lecture Notesin Control and Information Science, Springer, 2012, vol. 433.

[7] J. Campos, C. Seatzu, and X. Xie (Eds), Formal Methods in Manufac-turing. CRC Press, Taylor and Francis, 2014.

[8] H. Sutarto and E. Joelianto, “Modeling, identification, estimation, andsimulation of urban traffic flow in Jakarta and Bandung,” J. of Mecha-tronics, Electrical Power, and Vehicular Technology, vol. 6, no. 1, pp.57–66, 2015.

[9] M. Dotoli, M. Fanti, A. Mangini, and W. Ukovich, “Identification of theunobservable behaviour of industrial automation systems by Petri nets,”Control Engineering Practice, vol. 19, pp. 958–966, 2011.

[10] C. G. Cassandras and S. Lafortune, Introduction to Discrete EventSystems - Second Edition. Springer, 2007.

[11] M. Cabasino, A. Giua, M. Pocci, and C. Seatzu, “Discrete eventdiagnosis using labeled Petri nets. An application to manufacturingsystems,” Control Engineering Practice, vol. 19, no. 9, pp. 989–1001,2011.

[12] M. Cabasino, A. Giua, A. Solinas, C. Seatzu, and K. Zedda, “Faultdiagnosis of an ABS system using Petri nets,” in Proc. IEEE 7th Int.Conf. on Automation Science and Engineering, Trieste, Italy, 2011.

[13] F. Basile, P. Chiacchio, and G. D. Tommasi, “An efficient approach foronline diagnosis of discrete event systems,” IEEE Trans. on AutomaticControl, vol. 54, no. 4, pp. 748–759, 2009.

[14] A. Giua, C. Seatzu, and F. Basile, “Observer based state-feedback controlof timed Petri nets with deadlock recovery,” IEEE Trans. on AutomaticControl, vol. 49, no. 1, pp. 17–29, 2004.

[15] G. Jiroveanu, R. Boel, and B. Bordbar, “On-line monitoring of largePetri net models under partial observation,” Discrete Event DynamicSystems, vol. 18, no. 3, pp. 323–354, 2008.

[16] J. Moody and P. Antsaklis, Supervisory Control of Discrete EventSystems Using Petri Nets. Kluwer, 1998.

[17] A. Bemporad and M. Morari, “Control of systems integrating logic,dynamics and constraints,” Automatica, vol. 35, no. 3, pp. 407–429,1999.

[18] M. Cabasino, C. N. Hadjicostis, and C. Seatzu, “Marking observer oflabeled Petri nets with uncertainty in the initial marking,” in 2013 IEEEConference on Systems, Man and Cybernetics, Manchester, UK, 2013.

[19] M. Cabasino, C. Hadjicostis, and C. Seatzu, “State feedback control oflabeled Petri nets with uncertainty in the initial marking,” in IEEE 19thConference on Emerging Technologies Factory Automation, Barcelona,Spain, 2014.

[20] P. Ramadge, “Observability of discrete-event systems,” in 25th IEEEConf. on Decision and Control, Athens, Greece, 1986.

[21] P. Caines, R. Greiner, and S. Wang, “Dynamical logic observers forfinite automata,” in 27th IEEE Conf. on Decision and Control, Austin,Texas, 1988.

[22] C. Ozveren and A. Willsky, “Observability of discrete event dynamicsystems,” IEEE Trans. on Automatic Control, vol. 35, no. 7, pp. 797–806, 1990.

[23] R. Kumar, V. Garg, and S. Markus, “Predicates and predicate transform-ers for supervisory control of discrete event dynamical systems,” IEEETrans. on Automatic Control, vol. 38, no. 2, pp. 232–247, 1993.

[24] A. Giua, “Petri net state estimators based on event observation,” in Proc.36th IEEE Conf. on Decision and Control, San Diego, California, USA,1997.

[25] A. Giua and C. Seatzu, “Observability of Place/Transition nets,” IEEETrans. on Automatic Control, vol. 47, no. 9, pp. 1424–1437, 2002.

[26] M. Cabasino, A. Giua, and C. Seatzu, “Fault detection for discrete eventsystems using Petri nets with unobservable transitions,” Automatica,vol. 46, no. 9, pp. 1531–1539, 2010.

[27] D. Corona, A. Giua, and C. Seatzu, “Marking estimation of Petri netswith silent transitions,” IEEE Trans. on Automatic Control, vol. 52, no. 9,pp. 1695–1699, 2007.

[28] A. Ramírez-Trevino, I. Rivera-Rangel, and E. Lopez-Mellado, “Observerdesign for discrete event systems modeled by interpreted Petri nets,” inIEEE Int. Conf. on Robotics and Automation, San Francisco, California,USA, 2000.

13

[29] Y. Ru and C. N. Hadjicostis, “Bounds on the number of markings con-sistent with label observations in Petri nets,” IEEE Trans. on AutomationScience and Engineering, vol. 6, no. 2, pp. 334–344, 2009.

[30] A. Giua, “State estimation and fault detection using Petri nets,” in 32ndInt. Conf. on Applications and Theory of Petri Nets, Newcastle, UK,2011.

[31] A. Giua, F. DiCesare, and M. Silva, “Generalized mutual exclusionconstraints for nets with uncontrollable transitions,” in IEEE Conf. onSystems, Man and Cybernetics, Chicago, Illinois, 1992.

[32] M. Iordache and P. Antsaklis, “Supervision based on place invariants: asurvey,” Discrete Event Dynamic Systems, vol. 16, no. 4, pp. 451–492,2006.

[33] D. Lefebvre, “On-line fault diagnosis with partially observed Petri nets,”IEEE Trans. on Automatic Control, vol. 59, no. 7, pp. 1919–1924, 2014.

[34] ——, “Fault diagnosis and prognosis with partially observed Petri nets,”IEEE Trans. on Systems, Man and Cybernetics, Part A, vol. 44, no. 10,pp. 1413–1424, 2014.

[35] T. Murata, “Petri nets: Properties, analysis and applications,” Proc. ofthe IEEE, vol. 77, no. 4, pp. 541–580, Apr. 1989.

[36] A. D. Febbraro and A. Giua, Discrete Event Systems. Mc Graw Hill,2002, (in Italian).

[37] J. Moody, K. Yamalidou, M. Lemmon, and P. Antsaklis, “Feedbackcontrol of Petri nets based on place invariants,” Automatica, vol. 32,no. 1, pp. 15–28, 1996.

[38] A. Giua and C. Seatzu, “Modeling and supervisory control of railwaynetworks using Petri nets,” IEEE Trans. on Automation Science andEngineering, vol. 5, no. 3, pp. 431–45, 2008.

[39] P. J. Ramadge and W. M. Wonham, “The control of discrete eventsystems,” Proc. of the IEEE, vol. 77, no. 1, pp. 81–98, 1989.

[40] J. Ezpeleta, J. Colom, and J. Martinez, “A Petri net based deadlockprevention policy for flexible manufacturing systems,” IEEE Trans. onRobotics and Automation, vol. 11, no. 2, pp. 173–184, 1995.

[41] Z. Li, M. Zhou, and N. Wu, “A survey and comparison of Petri net-based deadlock prevention policies for flexible manufacturing systems,”IEEE Trans. on Automatic Control, vol. 38, no. 2, pp. 172–188, 2008.

[42] J. Park and S. Reveliotis, “Deadlock avoidance in sequential resourceallocation systems with multiple resource acquisitions and flexibleroutings,” IEEE Trans. on Automatic Control, vol. 46, no. 10, pp. 1572–1583, 2001.

[43] J. Dubreil, P. Darondeau, and H. Marchand, “Supervisory control foropacity,” IEEE Trans. on Automatic Control, vol. 55, no. 5, pp. 1089–1100, 2010.

[44] A. Saboori and C. Hadjicostis, “Verification of K-step opacity andanalysis of its complexity,” IEEE Trans. on Automation Science andEngineering, vol. 8, no. 3, pp. 549–559, 2011.

[45] Y.-C. Wu and S. Lafortune, “Comparative analysis of related notionsof opacity in centralized and coordinated architectures,” Discrete EventDynamic Systems, vol. 23, no. 3, pp. 307–339, 2013.

[46] J. Bryans, M. Koutny, and P. Ryan, “Modeling opacity using Petri nets,”Electronic Notes in Theoretical Computer Science, vol. 121, pp. 101–115, 2005.

Maria Paola Cabasino received the Laurea degreein electronic engineering and the Ph.D. degree inelectronic and computer engineering, both from theUniversity of Cagliari, Cagliari, Italy, in 2005 and2009, respectively. She is a Post doctoral researcherof Automatic Control at the Department of Elec-trical and Electronic Engineering of the Universityof Cagliari. She has been a visiting researcher atthe University of Illinois (Urbana-Champaign, IL,USA), University of Michigan (Ann Arbor, MI,USA), Universidad de Zaragoza (Spain) and Indiana

University Purdue University Indianapolis (Indianapolis, IN, US). She wasan instructor at Indiana University Purdue University Indianapolis duringthe Spring semester 2014. Her research interests are based on discreteevent systems, automata, Petri nets, state estimation, diagnosis, identification,supervisory control. She has been the quality manager of the European projectFP7-ICT2-3.7 DISC - Distributed Supervisory Control of Large Plants (2008-11). She has been member of the International Program Committee of the2nd IFAC Conf. on the Analysis and Design of Hybrid Systems (ADHS’06)and of the 18th IEEE Int. Conf. on Emerging Technology and FactoryAutomation (ETFA2013). She has published 14 international journal papers,7 book chapters and 35 international conference papers.

Christoforos N. Hadjicostis (M’99, SM’05) re-ceived the S.B. degrees in electrical engineering,computer science and engineering, and in mathemat-ics, the M.Eng. degree in electrical engineering andcomputer science in 1995, and the Ph.D. degree inelectrical engineering and computer science in 1999,all from the Massachusetts Institute of Technology,Cambridge. In 1999, he joined the Faculty at theUniversity of Illinois at Urbana-Champaign, wherehe served as Assistant and then Associate Professorwith the Department of Electrical and Computer

Engineering, the Coordinated Science Laboratory, and the Information TrustInstitute. Since 2007, he has been with the Department of Electrical andComputer Engineering. University of Cyprus, where he is currently Professorand Dean of Engineering. His research focuses on fault diagnosis andtolerance in distributed dynamic systems, error control coding, monitoring,diagnosis and control of large-scale discrete-event systems, and applicationsto network security, anomaly detection, energy distribution systems, medicaldiagnosis, biosequencing, and genetic regulatory models. He currently servesas Associate Editor of IEEE Transactions on Automatic Control, and IEEETransactions on Automation Science and Engineering; he has also served asAssociate Editor of IEEE Transactions on Control Systems Technology, andIEEE Transactions on Circuits and Systems I.

14

Carla Seatzu (M’02,SM’16) received the Laureadegree in Electrical Engineering and her Ph.D. de-gree in Electronic and Computer Engineering fromthe University of Cagliari, Italy, in 1996 and 2000,respectively. Since 2011 she is Associate Professorof Automatic Control at the Department of Electricaland Electronic Engineering of the University ofCagliari, which she joined in 2002 as an AssistantProfessor. In 2013 she got the Italian National Abil-itation to Full Professor of Automatic Control.

She is Vice-President of the Faculty Committeeof Engineering and Architecture and Vice-Coordinator of the Ph.D. Programin Electronic and Computer Engineering at the University of Cagliari.

Carla Seatzu’s research interests include discrete-event systems, Petri nets,hybrid systems, networked control systems, manufacturing and mechanicalsystems. She is author of almost 220 publications, including 60+ papers ininternational journals, 10+ chapters in international books, and one textbook.She is editor of two international books and the proceedings of two interna-tional conferences. Her h-index in Scopus is equal to 23.

Actually she is Associate Editor of 4 international journals: IEEE Trans.on Automatic Control, IEEE Trans. on Automation Science, Discrete EventDynamic Systems, and Nonlinear Analysis: Hybrid Systems. She has alsointensively collaborated to the organization of international events. In partic-ular, she is Workshop Chair of the 55th IEEE Conf. on Decision and Control(2015), and was General Co-chair of the 18th IEEE Int. Conf. on EmergingTechnologies and Factory Automation (2013).