research article design of logic controllers thanks to...
TRANSCRIPT
Research ArticleDesign of Logic Controllers Thanks to Symbolic Computation ofSimultaneously Asserted Boolean Equations
Jean-Marc Roussel and Jean-Jacques Lesage
LURPA ENS Cachan 61 avenue du President Wilson 94230 Cachan France
Correspondence should be addressed to Jean-Marc Roussel jean-marcroussellurpaens-cachanfr
Received 11 December 2013 Revised 6 February 2014 Accepted 7 February 2014 Published 28 May 2014
Academic Editor Hamid R Karimi
Copyright copy 2014 J-M Roussel and J-J LesageThis is an open access article distributed under the Creative Commons AttributionLicense which permits unrestricted use distribution and reproduction in anymedium provided the originalwork is properly cited
Formal methods can strongly contribute to improve dependability of controllers during design by providing means to avoidflaws due to designersrsquo omissions or specifications misinterpretations This paper presents a synthesis method dedicated to logiccontrollers Its goal is to obtain the control laws from specifications given in natural language by symbolic computationThe formalframework that underlies this method is the Boolean algebra of 119899-variable switching functions In this algebra thanks to relationsand theorems presented in this paper it is possible to formally express logical controllers specifications to automatically detectinconsistencies in specifications and to obtain automatically the set of solutions or to choose an optimal solution according togiven optimization criteria The application of this synthesis method to an example allows illustrating its main advantages
1 Introduction
Programmable logic controllers (PLCs) are industrial auto-mation components that receive input signals coming fromsensors and send output signals to actuators in accor-dance with control laws implemented into a user program(Figure 1) The control algorithms that allow the real timecalculation of new output values according to the currentstate of the PLC and the observation of new values of inputsare written in standardized languages such as ladder diagram(LD) structured text (ST) or instruction list (IL) [1] APLC cyclically performs three tasks inputs reading programexecution and outputs updating The period of this task maybe constant (periodic scan) or may vary (cyclic scan)
Because of their reliability even in very severe condi-tions in terms of temperature vibrations electromagneticperturbations and so forth PLCs are frequently used forthe control of safety-critical systems (energy productiontransport chemical industry etc) In this context improvingthe reliability of the user program has been one of the mainchallenges of the past two decades in the field of automa-tion Among the different techniques that can be used inthis aim [2] formal verification and validation and formalsynthesis are the most efficient Verification is the proof that
the internal semantics of a model is correct independentlyfrom the modeled system The searched properties of themodels are stability deadlock existence and so on Thevalidation determines if the model agrees with the designerrsquospurpose [3] Efficient validationverification techniques ofPLC programs [4] most often based on model-checkingtechnique have been proposed by researchers and are nowwidely used in industry [5] despite problems of state-spaceexplosion that arise when treating large scale systems
Contrary to verification techniques that aim at provingafter a PLC program has beenmore or less correctly designedby an expert that control laws are safe automatic synthesismethods aim at systematically generating control laws whichguarantee by construction the respect of expected safetyproperties The avoidance of human errors during the designof controllers is one of the main reasons for which synthesisis a very important subject of research in the field of discreteevent systems (DES) since the end of 80rsquos
Most part of recent works in this area are still based ontothe Supervisory ControlTheory (SCT) [6] and are aiming forthe synthesis of a supervisor and not directly to the controllerof an automated system Furthermore the use of state models(Finite Automata Petri Nets etc) and their compositionfor the construction of the models of the plant and of
Hindawi Publishing CorporationMathematical Problems in EngineeringVolume 2014 Article ID 726246 15 pageshttpdxdoiorg1011552014726246
2 Mathematical Problems in Engineering
Program initialization
Inputs reading
Program execution
Ouputs updading
PLCInputs Outputs
ProgramIF R1 THEN
OFLO = 0 EMPTY= 1 PTR = minus1NI = LIMIT (MN = 1 IN = NMX = 128)OUT = 0
ELSIF POP AND NOT EMPTY THENOFLO = 0 PTR = PTR = minus1EMPTY= PTRlt0IF EMPTY THEN OUT = 0ELSE OUT= STK[PTR]END_IF
END_IF
Figure 1 PLC basic principle
the specifications generates a complexity which remainsproblematic for the synthesis of a supervisor for complexsystems [7] It is therefore interesting to explore other waysfor performing synthesis such as algebraic approaches Inpreviousworks we proposed amethod specifically developedto get the control laws that can be directly implemented intothe controller [8] We have chosen to synthesize these controllaws under the form of recurrent Boolean equations becauseof the wide possibilities they offer for the formalization ofsafety requirements and for implementation
Nevertheless whatever is the used synthesis methodone of the weak links of the automatic generation of thecontrol laws is the step of formal transcription by the designer(within state models or algebraic expressions) of the informalrequirements and safety properties the controller has tosatisfy In the case of SCT some authors have proposed moreor less generic approaches for the construction of the modelsof the plant [9] or of the specifications [10] But in any case thehypothesis that requirements can be inconsistent has neverbeen taken into account Unfortunately in the framework ofindustrial collaborations we have been able to verify that it isalways the case In this paper we show how in considerationof specific hypotheses it is possible to install a correction loopfor helping the designer to formalize these requirements andso improving the synthesis method robustness to the lack ofprecision of the specifications
This paper is organized as follows Some basics of alge-braic synthesis given in Sections 2 and 3 recall the mainsteps of our method Section 4 presents the mathematicalframework of our approach and new results that allow usto accept inconsistencies in specifications The strategy wedeveloped for making the synthesis more robust to the lackof consistency of the specifications is described in Section 5thanks to a case study
2 Problem Statement
Figure 2 proposes a generic representation of a DES whosecontroller has 119901 Boolean inputs (119906
119894) 119902 Boolean outputs (119910
119895)
and 119903 Boolean state variables (119909119897) Plant and controller are
connected through a closed loop exchanging inputs andoutputs signals The state variables needed for expressingsequential behaviors of the controller are represented byinternal variables
Combinationalbehavior
State variablesbehavior
Controller
Plant
p q
r
xl yjui
yj[k] = Fj(u1[k] up[k] x1[k minus 1] xr[k minus 1])
xl[k] = Fq+1(u1[k] up[k] x1[k minus 1] xr[k minus 1])
Figure 2 A sequential DES
The algebraic modeling of the control laws of the con-troller necessitates the definition of (119902+119903) switching functionsof (119901+119903) variables Even if this representation is very compact(the 119903 Boolean state variables allow the representation of 2119903different states) the construction by hands of these switchingfunctions is a very tedious and error-prone task [11] thecontroller of Figure 2 admits 2119901 inputs combinations can send
2119902 outputs combinations and can express (22
(119901+119903)
)
(119902+119903)
sequen-tial behaviors That is the reason why algebraic modelingapproaches have been replaced by methods based on statemodels since the middle of 50rsquos [12 13] Nevertheless thanksto recent mathematical results obtained onto Boolean alge-bras [14 15] the automatic algebraic synthesis of switchingfunctions is now possible
In [16] an interesting approach for the systematic con-struction of a reactive program from its formal specification isproposed In this work the program synthesis is consideredas a theorem proving activity A program with input 119909 andoutput 119910 specified by the formula 120593(119909 119910) is constructedas a byproduct of proving the theorem (forall119909)(exist119910)120593(119909 119910)The specification 120593(119909 119910) characterizes the expected relationbetween the input 119909 and the output 119910 computed by theprogram This approach is based on the observation that
Mathematical Problems in Engineering 3
the formula (forall119909)(exist119910)120593(119909 119910) is equivalent to the second-order formula (exist119891)(forall119909)120593(119909 119891(119909)) stating the existence of afunction 119891 such that 120593(119909 119891(119909)) holds for every 119909
This approach provides a conceptual framework for therigorous derivation of a program from its formal specifica-tion It has also been used to synthesize specifications underthe form of finite automata from their linear temporal logic(LTL) description [17]
The core of our approach is based on this strategy we aimat deducing the (119902+119903) switching functions of (119901+119903) variableswhich define the behavior of the controller from a formula120593(119906119894[119896] 119909119897[119896 minus 1] 119910
119895[119896] 119909119897[119896]) that holds for every 119896 every
119906119894[119896] and every 119909
119897[119896 minus 1]
To cope with combinatorial explosion switching func-tions will be handled through a symbolic representation (andnot their truth-tables which contain 2(119901+119903) Boolean values)Each input 119906
119894(resp output 119910
119895) of the controller will be
represented by a switching function 119880119894(resp 119884
119895) To take
into account the recursive aspect of state variables each statevariable 119909
119897will be represented by two switching functions119883
119897
(for time [119896]) and119901119883119897(for time [119896 minus 1])
According to this representation the synthesis of controllaws of a logical system from its specification can now betransformed into the search of the solutions to themathemat-ical problem as follows
(forall119880119894) (forall119901119883119897) (exist119884119895) (exist119883
119897) 120593 (119880
119894119901119883119897 119884119895 119883119897) (1)
where (119880119894119901119883119897 119884119895 119883119897) are (119901 + 119902+ 2119903) switching functions of
(119901 + 119903) variables
3 Overview of Our Method
The input data of the proposed method (Figure 3) areunformal functional and safety requirements given by thedesigner In practice these requirements are most oftengiven in a textual form andor by using technical Taylor-made languages (Gantt diagrams function blocks diagramsGrafcet etc) or imposed standards
All the steps of our synthesis method are implementedinto a prototype software tool developed in Python (Casestudies are available online httpwwwlurpaens-cachanfr-226050kjsp) The first step is the formalization of require-ments within an algebraic description examples are givenin Section 52 Requirements expressed with a state modelcan directly be translated into recurrent Boolean equationsthanks to the algorithm proposed by Machado et al [18] Incase where the knowhow of the designer enables him to builda priori the global form of the solution (or of a part of thewhole solution) it is also possible to give fragments of solutionas requirements [19]
The second step consists in checking the consistency ofthe set of requirements by symbolic calculationThe sufficientcondition for checking this consistency has been given in [20]but no strategy has been proposed for coping with potentialinconsistencies In this paper we show that thanks to newtheorems the causes of these inconsistencies can be pointedout It is then possible for the designer to fix priority rules
Functional andsafety requirements
Formalization1
Set of formalizedrequirements
Consistency checking2
Priorities betweenrequirements
InconsistencyconditionsSystem of equations
Equation solving3
Parametricsolution
Solution choice4
Control laws
Optimizationcriteria
Figure 3 The algebraic synthesis method step by step
between the concerned requirements that will allow findingif exist solutions despite inconsistencies
The core of the method is the third step which consistsin the synthesis of the control laws This step is performedby solving the system of equations which represents the setof consistent requirementsThemathematical results we haveobtained (Theorem 12 given in Section 43) allow finding aparametric expression of the set of solutions
In the fourth step of the method a particular solution hasto be chosen among the set of solutions For that a specificvalue of each parameter of the general solution has to befixed In a previous work [19] we showed how well chosenheuristics can be used for fixing these parameters In thispaper we show that the choice of a particular solution amongthe set of solutions can be expressed as an optimizationproblemWepropose new theorems that allow calculating themaximum and the minimum of a Boolean formula and weshow how optimal solutions can be automatically found Forergonomic reasons the synthesized control laws can finallybe displayed under the form of a finite automaton [21]
After the mathematical background of the method hasbeen recalled we are going to show how in considerationof specific hypotheses the second step of the method can beimproved by a correction loop helping the designer to formal-ize the requirements and so improving the robustness of oursynthesismethod to the lack of precision of the specificationsThe strategy to find an optimal solution according to givencriteria will be also presented
4 Mathematical Foundations
This section is composed of five subsections Sections 41and 42 recall some classical results about Boolean algebras
4 Mathematical Problems in Engineering
and the Boolean algebra of 119899-variable switching functionsSection 43 presents how to solve Boolean equations Sections44 and 45 present specific results obtained for the algebraicsynthesis of control laws
41 Boolean Algebra Typical Feature
Definition 1 (Boolean algebra) (Definition 155 of [22]) LetB be a nonempty set that contains two special elements 0 (thezero element) and 1 (the unity or one element) and on whichwe define two closed binary operations + sdot and an unaryoperation Then (B + sdot 0 1) is called a Boolean algebraif the following conditions are satisfied for all 119909 119910 119911 isin B
Commutative Laws119909 + 119910 = 119910 + 119909
119909 sdot 119910 = 119910 sdot 119909
Distributive Laws119909 sdot (119910 + 119911) = (119909 sdot 119910) + (119909 sdot 119911)
119909 + (119910 sdot 119911) = (119909 + 119910) sdot (119909 + 119911)
Identity Laws119909 + 0 = 119909
119909 sdot 1 = 119909
Inverse Laws119909 + 119909 = 1
119909 sdot 119909 = 0
0 = 1
(2)
Many Boolean algebras could be defined The mostknown are the two-element Boolean algebra (0 1 or and not0 1) and the algebra of classes (set of subsets of a set 119878)(2119878 cup cap 0 119878)
Definition 2 (Boolean formula) (From Section 36 of [15])A Boolean formula (or a Boolean expression) on B is anyformula which represents a combination of members of Bby the operations + sdot or
By construction any Boolean formula on B representsone and only one member of B Two Boolean formulae areequivalent if and only if they represent the same member ofB Later on a Boolean formula F built with the members(1205721 120572
119899) ofB is denotedF(120572
1 120572
119899)
Theorem 3 (Boolersquos expansion of a Boolean formula) Let(1205721 120572
119899) be 119899members ofB 0 1 Any Boolean Formula
F(1205721 120572
119899) can be expanded as
F (1205721 120572
119899) = F
0(1205722 120572
119899) sdot 1205721+F1(1205722 120572
119899) sdot 1205721
(3)
where F0(1205722 120572
119899) and F
1(1205722 120572
119899) are Boolean for-
mulae of only 1205722 120572
119899 These two formulae can be directly
obtained fromF(1205721 120572
119899) as follows
F0(1205722 120572
119899) = F(120572
1 120572
119899)10038161003816100381610038161205721larr0
= F (0 1205722 120572
119899)
F1(1205722 120572
119899) = F (120572
1 120572
119899)10038161003816100381610038161205721larr1
= F (1 1205722 120572
119899)
(4)
The relation equality is not the only defined relationon a Boolean algebra It is also possible to define a partialorder relation between members ofB This relation is calledInclusion-Relation in [15]
Definition 4 (Inclusion-Relation) (Definition 156 of [22]) If119909 119910 isin B define 119909 le 119910 if and only if 119909 sdot 119910 = 119909
As Relation Inclusion is reflexive (119909 le 119909) antisymmetric(if 119909 le 119910 and 119910 le 119909 then 119909 = 119910) and transitive (if 119909 le 119910
and 119910 le 119911 then 119909 le 119911) this relation defines a partial orderbetween members ofB (Theorem 154 of [22])
Since in any Boolean algebra 119909 sdot 119910 = 119909 hArr 119909 sdot 119910 = 0 wealso have 119909 le 119910 hArr 119909 sdot 119910 = 0
Remark 5 For the algebra of classes (2119878 cup cap 0 119878) theInclusion-Relation is the well-known relation sube and we have119909 sube 119910 hArr 119909 cap 119910 = 119909
Theorem 6 (reduction of a set of relations) (Theorem 531 of[15]) Any set of simultaneously asserted relations built with themembers (120572
1 120572
119899) ofB can be reduced to a single equivalent
relation such asF(1205721 120572
119899) = 0
To obtain this equivalent relation it is necessary
(i) to rewrite each equality according to
F1(1205721 120572
119899) = F
2(1205721 120572
119899)
lArrrArr F1(1205721 120572
119899) sdotF2(1205721 120572
119899)
+F1(1205721 120572
119899) sdotF2(1205721 120572
119899) = 0
(5)
(ii) to rewrite each inclusion according to
F1(1205721 120572
119899) le F
2(1205721 120572
119899)
lArrrArr F1(1205721 120572
119899) sdotF2(1205721 120572
119899) = 0
(6)
(iii) to group together rewritten equalities as follows
F1(1205721 120572
119899) = 0
F2(1205721 120572
119899) = 0
lArrrArr F1(1205721 120572
119899) +F
2(1205721 120572
119899) = 0
(7)
42 The Boolean Algebra of 119899-Variable Switching FunctionsTo avoid confusion between Boolean variables and Booleanfunctions of Boolean variables each Boolean variable 119887
119894is
denoted by119887119887119894 The set of the two Boolean values
1198870 and 1198871is denoted by 119861 =
1198870 1198871
Definition 7 (119873-variable switching functions) (FromSection311 of [15]) An 119899-variable switching function is a mapping ofthe form
119891119861119899 997888rarr 119861
(1198871198871 119887119887119899) ∣997888rarr 119891 (
1198871198871 119887119887119899)
where 119861 = 11988701198871
(8)
Mathematical Problems in Engineering 5
The domain of a 119899-variable switching function has 2119899elements and the codomain has 2 elements hence there are22119899
119899-variable switching functions Let 119865119899(119861) be the set of the
22119899
119899-variable switching functions119865119899(119861) contains (119899 + 2) specific 119899-variable switching
functions the 2 constant functions (0 1) and the 119899 projection-functions (119891119894Proj) These functions are defined as follows
0119861119899 997888rarr 119861
(1198871198871 119887119887119899) ∣997888rarr
1198870
1119861119899 997888rarr 119861
(1198871198871 119887119887119899) ∣997888rarr
1198871
119891119894
Proj119861119899997888rarr 119861
(1198871198871 119887119887119899) ∣997888rarr
119887119887119894
(9)
119865119899(119861) can be equipped with three closed operations (two
binary and one unary operations)
Op + 119865119899(119861)2997888rarr 119865119899 (119861)
(119891 119892) ∣997888rarr 119891 + 119892
Op sdot 119865119899(119861)2997888rarr 119865119899 (119861)
(119891 119892) ∣997888rarr 119891 sdot 119892
Op 119865119899 (119861) 997888rarr 119865
119899 (119861)
119891 ∣997888rarr 119891
(10)
where forall(1198871198871 119887119887119899) isin 119861119899
(119891 + 119892) (1198871198871 119887119887119899)
= 119891 (1198871198871 119887119887119899) or 119892 (
1198871198871 119887119887119899)
(119891 sdot 119892) (1198871198871 119887119887119899)
= 119891 (1198871198871 119887119887119899) and 119892 (
1198871198871 119887119887119899)
119891 (1198871198871 119887119887119899) = not119891 (
1198871198871 119887119887119899)
(11)
(119865119899(119861) + sdot 0 1) is a Boolean algebra [22] Then it is
possible to write a Boolean formula of 119899-variable switch-ing functions and relations between Boolean formula of119899-variable switching functions In the case of 119899-variableswitching functions relations Equality and Inclusion can alsobe presented as follows
(i) 119891 and 119892 are equal (119891 = 119892) if and only if the columnsof the truth-tables of 119891 119892 are exactly the same thatis forall(
1198871198871 119887119887119899) isin 119861
119899 119891(1198871198871 119887119887119899) = 119892(
1198871198871
119887119887119899)
(ii) 119891 is included into 119892 (119891 le 119892) if and only if the valueof 119892 is always
1198871 when the value of 119891 is
1198871 that
is forall(1198871198871 119887119887119899) isin 119861
119899 [119891(1198871198871 119887119887119899) =
1198870] or[119892(1198871198871 119887119887119899) =1198871]
Remark 8 Each 119899-variable switching function can be ex-pressed as a composition of (1198911Proj 119891
119899
Proj 0 1) by opera-tions + sdot and
Therefore the Boolean algebra (119865119899(119861) + sdot 0 1) is a
mathematical framework which allows composing and tocomparing switching functions Thanks to the results pre-sented in the next subsection this framework allows alsosolving Boolean equations systems of switching functions
43 Solutions of Boolean Equations over Boolean Algebra119865119899(119861) In [15] Brown explains that many problems in the
application of Boolean algebra may be reduced to solving anequation of the form
119891 (119883) = 0 (12)
over a Boolean algebraB Formal procedures for producingsolution of this equationwere developed by Boole himself as away to treat problems of logical inference Boolean equationshave been studied extensively since Boolersquos initial work (abibliography of nearly 400 sources is presented in [14])Theseworks concern essentially the two-element Boolean algebra(1198870 1198871 or and not 1198870 1198871)In our case we focus on the Boolean algebra of 119899-
variable switching functions 119865119899(119861) We consider a Boolean
system composed of 119898 relations among members of 119865119899(119861)
for which 119896 of them are considered as unknowns Theoremspresented in this section permit to solve any system ofBoolean equations as it exists in a canonic form of a Booleansystem of 119896 unknowns and we are able to calculate solutionsfor this form
431 Canonic Form of a Boolean System of 119896 Unknowns overBoolean Algebra 119865
119899(119861) Consider the Boolean algebra of 119899-
variable switching functions (119865119899(119861) + sdot 0 1)
(i) Let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861)
(ii) Let (1199091 119909
119896) be 119896 elements of 119865
119899(119861) considered as
unknowns
For notational convenience we note ldquo119883119896rdquo as the vector
(1199091 119909
119896) of the 119896 unknowns and ldquoProjrdquo as the vector
(1198911
Proj 119891119899
Proj) of the 119899 projection-functions of 119865119899(119861)
Theorem 9 (reduction of a set of relations between 119899-variableswitching functions) Any set of simultaneously asserted rela-tions of switching functions can be reduced to a single equiva-lent relation such as
F (119883119896 Proj) = 0 (13)
This theorem comes fromTheorem 6In order to be able to write a canonic form for a Boolean
system of 119896 unknowns over Boolean algebra 119865119899(119861) we
introduce the following notation for 119909 isin 119865119899(119861) and 119886 isin 0 1
119909119886 is defined by
1199090= 119909 119909
1= 119909 (14)
6 Mathematical Problems in Engineering
This notation is extended to vectors as follows for 119883119896=
(1199091 119909
119896) isin 119865
119899(119861)119896 and 119860
119896= (1198861 119886
119896) isin 0 1
119896 119883119860119896119896
is defined by
119883119860119896
119896=
119894=119896
prod
119894=1
119909119886119894
119894= 1199091198861
119894sdot sdot sdot sdot sdot 119909
119886119896
119896 (15)
Theorem 10 (canonic form of a Boolean equation) AnyBoolean equation 119864119902(119883
119896 119875119903119900119895) = 0 can be expressed within
the canonic form
sum
119860119896isin01119896
Eq (119860119896 Proj) sdot 119883119860119896
119896= 0 (16)
where 119864119902(119860119896 119875119903119900119895) (with 119860
119896isin 0 1
119896) are the2119896119889119894119904119888119903119894119898119894119899119886119899119905119904 of 119864119902(119883
119896 119875119903119900119895) = 0 according to 119883
119896
(the term of ldquodiscriminantrdquo comes from [15])
This canonic form is obtained by expanding Eq(119883119896Proj)
according to the 119896 unknowns (1199091 119909
119896) For example we
haveEq (119909Proj) = Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909
Eq (1199091 1199092Proj) = Eq (0 0Proj) sdot 119909
1sdot 1199092
+ Eq (0 1Proj) sdot 1199091sdot 1199092
+ Eq (1 0Proj) sdot 1199091sdot 1199092
+ Eq (1 1Proj) sdot 1199091sdot 1199092
(17)
432 Solution of a Single-Unknown Equation over 119865119899(119861)
The following theorem has initially been demonstrated forthe two-element Boolean algebra [14] A generalization forall Boolean algebras can be found in [15] but no detaileddemonstration is given A new formalization of this theoremand its full demonstration are given below
Theorem 11 (solution of a single-unknown equation) TheBoolean equation over 119865
119899(119861)
119864119902 (119909 119875119903119900119895) = 0 (18)
for which the canonic form is
119864119902 (0 119875119903119900119895) sdot 119909 + 119864119902 (1 119875119903119900119895) sdot 119909 = 0 (19)
is consistent (ie has at least one solution) if and only if thefollowing condition is satisfied
119864119902 (0 119875119903119900119895) sdot 119864119902 (1 119875119903119900119895) = 0 (20)
In this case a general form of the solutions is
119909 = 119864119902 (0 119875119903119900119895) + 119901 sdot 119864119902 (1 119875119903119900119895) (21)
where 119901 is an arbitrary parameter that is a freely-chosenmember of 119865
119899(119861)
This solution can also be expressed as
119909 = 119864119902 (1 119875119903119900119895) sdot (119864119902 (0 119875119903119900119895) + 119901)
= 119901 sdot 119864119902 (0 119875119903119900119895) + 119901 sdot 119864119902 (1 119875119903119900119895)
(22)
Proof This theorem can be proved in four steps as follows
(a) Equation (18) is consistent if and only if (20) issatisfied
(b) Equation (21) is a solution of (18) if (20) is satisfied(c) each solution of (18) can be expressed as (21)(d) if (20) is satisfied the three parametric forms pro-
posed are equivalent
Step (a) can be proved as follows Equation (20) is asufficient condition for (18) to admit solutions since 119909 =
Eq(0Proj) is an obvious solution of (18) Equation (20) isalso a necessary condition as if (18) admits a solution then(18) can be also expressed thanks to the consensus theoremas Eq(0Proj) sdot119909+Eq(1Proj) sdot119909+Eq(0Proj) sdotEq(1Proj) = 0and we have necessarily Eq(0Proj) sdot Eq(1Proj) = 0
To prove Step (b) it is sufficient to substitute the expres-sion for 119909 from (21) into (18) and to use (20) as follows
Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909
= Eq (0Proj) sdot (Eq (0Proj) + 119901 sdot Eq(1Proj))
+ Eq (1Proj) sdot (Eq (0Proj) + 119901 sdot Eq(1Proj))
= Eq (0Proj) sdot Eq (0Proj) sdot (119901 sdot Eq (1Proj))
+ Eq (0Proj) sdot Eq (1Proj)
+ 119901 sdot Eq (1Proj) sdot Eq (1Proj)
= 0 + 0 + 0 = 0
(23)
To prove Step (c) it is sufficient to find one element 119901 of119865119899(119861) for each solution for 119909 of (18) Let us consider 119901 defined
by ldquo119901 = Eq(0Proj) sdot Eq(1Proj) sdot 119909rdquo where 119909 is a solution to(18) Then we have
Eq (0Proj) sdot Eq (1Proj) = 0Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909 = 0119901 = Eq(0Proj) sdot Eq(1Proj) sdot 119909
997904rArr 119909 = Eq (0Proj) + 119901 sdot Eq(1Proj)
(24)
as
119909 = 1 sdot 119909 = (Eq (0Proj) + Eq (1Proj)
+Eq (0Proj) sdot Eq (1Proj)) sdot 119909
= Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909
+ Eq (0Proj) sdot Eq (1Proj) sdot 119909
= Eq (0Proj) sdot 119909 + 0 + Eq (1Proj)
sdot (Eq (0Proj) sdot Eq (1Proj) sdot 119909)
as Eq (1Proj) sdot 119909 = 0
Mathematical Problems in Engineering 7
= Eq (0Proj) sdot 119909 + Eq (0Proj) sdot 119909
+ Eq (1Proj) sdot 119901 as Eq (0Proj) sdot 119909 = 0
= Eq (0Proj) sdot (119909 + 119909) + 119901 sdot Eq (1Proj)
= Eq (0Proj) + 119901 sdot Eq (1Proj)(25)
To prove Step (d) it is sufficient to rewrite (21) in the twoother forms by using (20) as follows
119909 = 1 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= (Eq (1Proj) + Eq (1Proj)) sdot Eq (0Proj)
+ 119901 sdot Eq (1Proj)
= Eq (0Proj) sdot Eq (1Proj) + (Eq (0Proj) + 119901)
sdot Eq(1Proj)
= 0 + Eq(1Proj) sdot (Eq (0Proj) + 119901)
= Eq (1Proj) sdot (Eq (0Proj) + 119901)
119909 = 1 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= (119901 + 119901) sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= 119901 sdot Eq (0Proj) + 119901 sdot (Eq (0Proj) + Eq (1Proj))
= 119901 sdot Eq (0Proj)
+ 119901 sdot (Eq (0Proj) sdot Eq (1Proj) + Eq (1Proj))
= 119901 sdot Eq (0Proj) + 119901 sdot (0 + Eq (1Proj))
= 119901 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)(26)
433 Solution of 119896-Unknown Equations over 119865119899(119861) The
global result presented in the following theorem can be foundin [14] or [15] However in these works the solution is notexpressed with a parametric form but with intervals onlyThe formulation presented in this paper is more adaptedto symbolic computation and is mandatory for practiceoptimization
A 119896-unknown equation can be solved by solving suc-cessively 119896 single-unknown equations If we consider the 119896-unknown equation as a single-unknown equation of 119909
119896 its
consistence condition corresponds to a (119896 minus 1)-unknownequationThe process can be iterated until 119909
1 After substitut-
ing 119878(1199091) for 119909
1in the last equation it is possible to find the
solution for 1199092 Then it is sufficient to apply this procedure
again (119896 minus 2) times to obtain successively the solutions 119878(1199093)
to 119878(119909119896)
Theorem 12 (solution of a 119896-unknown equation) TheBoolean equation over 119865
119899(119861)
1198641199020(119883119896 119875119903119900119895) = 0 (27)
is consistent (ie has at least one solution) if and only if thefollowing condition is satisfied
prod
119860119896isin01119896
1198641199020(119860119896 119875119903119900119895) = 0 (28)
If (28) is satisfied (27) admits one or more 119896-tuple solutions(119878(1199091) 119878(119909
119896)) such each component 119878(119909
119894) is defined by
119878 (119909119894) = prod
119860119896minus119894isin01119896minus119894
119864119902119894minus1
(0 119860119896minus119894 119875119903119900119895)
+ 119901119894sdot prod
119860119896minus119894isin01119896minus119894
119864119902119894minus1
(1 119860119896minus119894 119875119903119900119895)
(29)
with
(i) 119864119902119894(119909119894+1 119909
119896 119875119903119900119895) = 119864119902
119894minus1(119909119894 119909119894+1 119909
119896
119875119903119900119895)|119909119894larr119878(119909119894)
(ii) 119901119894is an arbitrary parameter that is a freely-chosen
member of 119865119899(119861)
The full demonstration of this theorem cannot be givenin this paper because of lack of space (a full demonstration bymathematical induction can be found in [8]) A description ofthe different steps of the proof and the detail of the principalsteps are given below
Proof (elements of Proof) Equation (27) can be solved byapplying Theorems 3 and 11 119896 times according to theunknowns 119909
119896to 1199091as follows
According toTheorem 3 (27) is equivalent to
Eq0(119883119896minus1
0Proj) sdot 119909119896+ Eq0(119883119896minus1
1Proj) sdot 119909119896= 0 (30)
According to Theorem 11 (30) admits solutions in 119909119896if and
only if
Eq0(119883119896minus1
0Proj) sdot Eq0(119883119896minus1
1Proj) = 0 (31)
Equation (31) is an equationwith (119896minus1)unknowns Each termof (31) can be expanded according to 119909
119896minus1and (31) can be
written in the form
(Eq0(119883119896minus2
0 0Proj) sdot Eq0(119883119896minus2
0 1Proj)) sdot 119909119896minus1
+ (Eq0(119883119896minus2
1 0Proj) sdot Eq0(119883119896minus2
1 1Proj)) sdot 119909119896minus1
= 0
(32)
According toTheorem 11 (32) admits solutions in 119909119896minus1
if andonly if
prod
1198602isin012
Eq0(119883119896minus2
1198602Proj) = 0 (33)
8 Mathematical Problems in Engineering
Equation (33) is an equation with (119896 minus 2) unknowns Eachterm of (33) can be expanded according to 119909
119896minus2and (33) can
be written in the form
( prod
1198602isin012
Eq0(119883119896minus3
0 1198602Proj)) sdot 119909
119896minus2
+ ( prod
1198602isin012
Eq0(119883119896minus3
1 1198602Proj)) sdot 119909
119896minus2= 0
(34)
In the end we obtain an equation of only one unknown1199091defined by
( prod
119860119896minus1isin01119896minus1
Eq0(0 119860119896minus1
Proj)) sdot 1199091
+ ( prod
119860119896minus1isin01119896minus1
Eq0(1 119860119896minus1
Proj)) sdot 1199091= 0
(35)
According to Theorem 11 (35) admits solutions if andonly if
prod
119860119896isin01119896
Eq0(119860119896Proj) = 0 (36)
When (36) is satisfied the 119896 equations for 1199091to 119909119896
admit solutions Equation (27) is then coherent and admitssolutions
When (36) is satisfied solutions of (35) for 1199091are
119878 (1199091) = prod
119860119896minus1isin01119896minus1
Eq0(0 119860119896minus1
Proj)
+ 1199011sdot prod
119860119896minus1isin01119896minus1
Eq0(1 119860119896minus1
Proj)(37)
After substituting 119878(1199091) for 119909
1into (27) we obtain a new
equation Eq1(1199092 119909
119896Proj) = 0 involving the (119896 minus 1)
unknowns (1199092 119909
119896) where
Eq1(1199092 119909
119896Proj) = Eq
0(1199091 1199092 119909
119896Proj) |
1199091larr119878(1199091)
(38)
By applying the previous procedure we can obtain 119878(1199092)
and Eq2(1199093 119909
119896Proj)Then it suffices to apply this proce-
dure again (119896minus2) times to obtain successively solutions 119878(1199093)
to 119878(119909119896)
It is important to note that the order in which unknownsare treated affects only the parametric form of the 119896-tuplesolutionThis is due to the fact that the same 119896-tuple solutioncan be represented with several distinct parametric forms
434 Partial Conclusions Thanks to theorems presentedabove it is possible to obtain a parametric representationof all the solutions of any set of simultaneously assertedrelations with 119896 unknowns if a solution exists In practicedue to the complexity of systems to be designed proposedset of simultaneously asserted relations is generally incon-sistent [23] To simplify the work of the designer we haveproved complementary theorems to improve the robustnessof our method to the lack of precision of the specifications(Section 44)
When several solutions exist the comparison of solutionsaccording to a given criterion can be envisaged since theBoolean algebra 119865
119899(119861) is equipped with a partial order To
simplify the work of the designer too we have developed amethod to calculate the best solutions according to one orseveral criteria (Section 45)
44Theorems toCopewith Inconsistencies of Specifications Inpractice it is very difficult for a designer to specify the wholerequirements of a complex system without inconsistencies Itis the reasonwhy requirements given by the designer are oftendeclared as inconsistent according to Theorem 12 Since theinconsistency condition is a Boolean formula it is possible touse it for the detection of the origin of inconsistencies Twocases have to be considered as follows
(i) Several requirements cannot be simultaneouslyrespected In this case a hierarchy between require-ments can be proposed in order to find a solutionThe requirements which have the lower priority haveto be corrected for becoming consistent with therequirements which have the higher priority Thisstrategy is based onTheorem 14
(ii) Thedetected inconsistency refers to specific combina-tions of projection-functions for which the designerknows that they are impossible blocking the synthesisprocess it is necessary to introduce new assumptionsand to use Theorem 13
Theorem 13 (solution of a Boolean equation according to anassumption among the projection-functions) The followingproblem
Equationtosolve
1198641199020(119883119896 119875119903119900119895) = 0
Assumptions
A (119875119903119900119895) = 0
(39)
admits the same solutions as the following equation
1198641199020(119883119896 119875119903119900119895) le A (119875119903119900119895) (40)
Mathematical Problems in Engineering 9
Proof According to A(Proj) = 0 Eq0(119883119896Proj) = 0 can be
rewritten as
Eq0(119883119896Proj) = 0
A (Proj) = 0
lArrrArr A (Proj) + Eq0(119883119896Proj) = 0
lArrrArr A (Proj) +A (Proj) sdot Eq0(119883119896Proj) = 0
lArrrArr A(Proj) sdot Eq
0(119883119896Proj) = 0
A (Proj) = 0
lArrrArr Eq0(119883119896Proj) le A (Proj)
A (Proj) = 0
(41)
EquationA(Proj) sdot Eq0(119883119896Proj) = 0 is consistent if and
only if the following condition is true (Theorem 12)
A (Proj) sdot prod
119860119896isin01119896
Eq0(119860119896Proj) = 0 (42)
By construction this new condition is the subset of theinitial condition (prod
119860119896isin01119896Eq0(119860119896Proj) = 0) for which the
proposed assumption is satisfied All the other terms havebeen removed
If (42) is satisfied (40) admits one or more 119896-tuplesolutions where each component 119878(119909
119894) is defined by
119878 (119909119894) = A(Proj)
sdot ( prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(0 119860119896minus119894Proj)
+ 119901119894sdot prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(1 119860119896minus119894Proj))
+A (Proj) sdot 119901119894
(43)
AsA(Proj) = 0 119878(119909119894) can also be expressed as
119878 (119909119894) = prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(0 119860119896minus119894Proj) + 119901
119894
sdot prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(1 119860119896minus119894Proj)
(44)
When A(Proj) = 0 is satisfied the solutions of (40) are alsosolution to Eq
0(119883119896Proj) = 0
Theorem 14 (Solution of a Boolean equation system accord-ing to a priority rule between requirements) The followingproblem
119864119902119906119886119905119894119900119899119904119904119910119904119905119890119898119905119900solve
119867119877 FH (119883119896 119875119903119900119895) = 0
119871119877 FL (119883119896 119875119903119900119895) = 0
119874119877 FO (119883119896 119875119903119900119895) = 0
119875119903119894119900119903119894119905119910119903119906119897119890119887119890119905119908119890119890119899requirements
119867119877 ≫ 119871119877
(45)
where
(i) FH(119883119896 119875119903119900119895) = 0 is the formal expression of therequirements which have the higher priority (HR)
(ii) FL(119883119896 119875119903119900119895) = 0 is the formal expression of therequirements which have the lower priority (LR)
(iii) FO(119883119896 119875119903119900119895) = 0 is the formal expression of the othersrequirements (OR)
(iv) 119867119877 ≫ 119871119877 is the priority rule between inconsistentrequirements
admits the same solutions as the system of equations as follows
FH (119883119896 119875119903119900119895) = 0
FL (119883119896 119875119903119900119895) le I (119875119903119900119895)
FO (119883119896 119875119903119900119895) = 0
(46)
whereI(119875119903119900119895) is the inconsistency condition between require-ments ldquoHRrdquo and ldquoLRrdquo
I (119875119903119900119895) = prod
119860119896isin01119896
(FH (119860119896 119875119903119900119895) +FL (119860
119896 119875119903119900119895))
(47)
Proof Thanks to Theorem 12 the inconsistency conditionI(Proj) between requirements ldquoHRrdquo and ldquoLRrdquo can be foundby solving equation FH(119883119896Proj) + FL(119883119896Proj) = 0 Wehave
I (Proj) = prod
119860119896isin01119896
(FH (119860119896Proj) +FL (119860
119896Proj))
(48)
To remove the inconsistency between requirements ldquoHRrdquo andldquoLRrdquo according to the priority rule ldquoHR≫ LRrdquo it is necessaryto restrict the range of requirement ldquoLRrdquo to the part for whichthere is no inconsistency that is I(Proj) = 0 That is thecase whenFL(119883119896Proj) = 0 is replaced byFL(119883119896Proj) leI (Proj)
Thanks to Theorem 12 (49) admits always one or more119896-tuple solutions and it is impossible to find a less restrictivecondition over requirement ldquoLRrdquo
FH (119883119896Proj) = 0
FL (119883119896Proj) le I (Proj)
(49)
10 Mathematical Problems in Engineering
45 Optimal Solutions of Boolean Equations over 119865119899(119861) The
goal of this step is to be able to obtain automatically theparametric form of the 119896-tuples solutions of 119865
119899(119861) which
satisfy not only a given equation (Eq(119883119896Proj) = 0) of
Boolean functions but also which maximize (or minimize) aBoolean formula of these Boolean functions (F
119862(119883119896Proj))
corresponding to the desired optimization criterionGenerally speaking the search of the best solution tuples
according to a given criterion when the space of solutions iscomposed of discrete values is a complex mathematical issueIt is sometimes necessary to make a side-by-side comparisonof each solution in order to identify the best one In our casethis exhaustive method which cannot be used as 119865
119899(119861) is only
provided by a partial order two particular solutions cannotalways be ordered between themselves
Nevertheless it is possible to obtain the researchedparametric form of the 119896-tuples thanks to the followingresults
(i) When an equation between Boolean functions hasone or more solution tuples in 119865
119899(119861) every Boolean
formula onto these Boolean functions can be rewrit-ten thanks to only projection-functions of 119865
119899(119861) and
free parameters of 119865119899(119861) which are describing these
solution tuples(ii) Every Boolean formula expressed as a composition
of projection-functions of 119865119899(119861) and free parameters
of 119865119899(119861) has a unique maximum and a unique
minimumThese extrema can be expressed thanks toonly projection-functions of 119865
119899(119861)
Hence it is then possible to rewrite the initial problem
Problem to solve
Eq (119883119896Proj) = 0
Optimization Criterion
Maximization of FC (119883119896Proj)
(50)
into a 2-equation system to solve
Eq (119883119896Proj) = 0
F119862(119883119896Proj) = Max
119883119896|Eq(119883119896 Proj)=0(F119862(119883119896Proj)) (51)
451 Extrema of a Boolean Formula according to FreelyChosen Members of 119865
119899(119861) Considering the Boolean algebra
of 119899-variable switching functions (119865119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861)
(ii) let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector
Any formula F(119875119896Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) defines a subset of 119865
119899(119861) According to
the relation le elements of this subset can be compared
In this specific case the subset defined byF(119875119896Proj) admits
a minimal element and a maximal element
Theorem 15 (minimum and maximum of a Boolean for-mula) Any formulaF(119875
119896 Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) admits a minimum and amaximum defined
as follows
Min119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = prod
119860119896isin01119896
F (119860119896 Proj)
Max119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = sum
119860119896isin01119896
F (119860119896 Proj)
(52)
Proof To prove this theorem it is necessary to establish that
(1) prod119860119896isin01
119896F(119860119896Proj) is a lower bound of F(119875
119896
Proj)(2) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = prod
119860119896isin01119896F(119860
119896Proj)
(3) sum119860119896isin01
119896F(119860119896Proj) is an upper bound of F(119875
119896
Proj)(4) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = sum
119860119896isin01119896F(119860
119896Proj)
Details of this proof can be found in [24]
452 Optimization Problem Considering the Boolean alge-bra of 119899-variable switching functions (119865
119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861) Let ldquoProjrdquo be the corresponding vector
(ii) Let (1199091 119909
119896) be 119896 elements of 119865
119899(119861) considered as
unknowns Let ldquo119883119896rdquo be the corresponding vector
(iii) Let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector(iv) Let Eq(119883
119896Proj) = 0 be the Boolean equation to solve
(v) LetFC(119883119896Proj) be the Boolean formula of the givencriterion to optimize (maximization or minimiza-tion)
Themethod we propose to obtain the parametric form ofthe 119896-tuple of switching functions solution of Eq(119883
119896Proj) =
0 according to a given optimization criterionFC(119883119896Proj) iscomposed of five steps as follows
(i) The first step is to establish the parametric form of the119896-tuple solution to Eq(119883
119896Proj) = 0 only thanks to
Theorem 12(ii) The second step is to establish the parametric form
of the given optimization criterion FC(119883119896Proj) bysubstituting 119878(119909
119894) for 119909
119894 Let FSC(119875119896Proj) be the
result of this substitution(iii) The third step is to calculate the extremum
of FSC(119875119896Proj) according to Theorem 15 LetFEC(Proj) be the Boolean formula of this extremum
Mathematical Problems in Engineering 11
Pump1
Pump2
To the distributing system
Tank
Figure 4 Structure of the water supply system
(iv) The fourth step is to replace the given criterion by theequivalent relation
F119862(119883119896Proj) = FEC (Proj) (53)
(v) The fifth step is to establish the parametric form of the119896-tuple solution of the equivalent problem
Eq (119883119896Proj) = 0
FCrit (119883119896Proj) = FExtCrit (Proj) (54)
453 Partial Conclusions Thanks to theorems presentedin this section it is now possible to obtain a parametricrepresentation of the optimal solutions according to a givencriterion of any set of simultaneously asserted relations with119896 unknowns if a solution exists
The proposed method also permits to associate simulta-neously or sequentially several criteria
(i) When several criteria are treated simultaneously theoptimization problem can admit no solution That isthe case when the given criteria are antagonist
(ii) When several criteria are treated sequentially theobtained solutions satisfy the criteria with a givenpriority order An example of optimization withseveral criteria treated sequentially is presented in thenext section
5 Algebraic Synthesis of LogicalControllers with Optimization Criteriaand Incoherent Requirements
51 Control System Specifications The studied system is thecontroller of a water supply system composed of two pumpswhich are working in redundancy (Figure 4) The waterdistribution is made when it is necessary according to thepossible failures of elements (the pumps and the distributingsystem)
The expected behavior of the control system regardingthe application requirements can be expressed by the set ofassertions given hereafter
(i) The two pumps never operate simultaneously(ii) A pump cannot operate if it is out of order
(iii) When a global failure is detected no pump canoperate
(iv) Pumps can operate if and only if a water distributionrequest is present
(v) Priority is given according to ldquoprrdquo (pump1 has prioritywhen ldquoprrdquo is true)
(vi) In order to reduce the wear of the pumps it isnecessary to restrict the number of starting of thepumps
511 Inputs and Outputs of the Controller The Booleaninputs and outputs of this controller are given in Figure 5(a)Each pump is controlled thanks to a Boolean output (ldquop1rdquoand ldquop2rdquo) The controller is informed of water distributionrequests thanks to the input ldquoreqrdquo Inputs ldquof1rdquo and ldquof2rdquo informthe controller of a failure of the corresponding pump and ldquogf rdquoindicates a global failure of the installation The values o or 1of input ldquoPrrdquo decide which pump has priority
512 Control Laws to Synthetize Our approach does notallow identifying automatically which state variables mustbe used They are given by the designer according to itsinterpretation of the specification
For the water distribution system we propose to use 2state variables one for each output According to this choice2 7-variable switching functions (1198751 and 1198752) have to besynthesized (Figure 5(b)) They represent the unknowns ofour problem For this case study the 7 projection-functionsof 1198657(119861) are therefore as follows
(i) The 5 switching functions (Rq F1 F2 GF and Pr)which characterize the behavior of the inputs of thecontroller and are defined as follows
Rq1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr rq [119896] (55)
(ii) The 2 switching functions (1199011198751 and
1199011198752) which char-
acterize the previous behavior of the state variables ofthe controller and are defined as follows
1199011198751 1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr p1 [119896 minus 1] (56)
52 Algebraic Formalization of Requirements The completeformalization of the behavior of the water distribution systemis given in Figure 5(c) In order to illustrate the powerof expression of relations Equality and Inclusion severalexamples (generic assertions and equivalent formal relationsillustrated in the case study) are given hereafter It is impor-tant to note that the relation Inclusion permits to expressdistinctly necessary conditions and sufficient conditionsThisrelation is the cornerstone of our approach
(i) Pump1 and Pump2 never operate simultaneously1198751sdot1198752 = 0
(ii) If Pump1 operates Pump2 cannot operate 1198751 le 1198752
12 Mathematical Problems in Engineering
(a) Inputs and Outputs of the Controller
Control ofthe water
distributionsystem
(Request of water) rq(Pump1 failure) f1(Pump2 failure) f2(Global failure) gf
(Priority to Pump1) pr
p1 (Command of Pump1)
p2 (Command of Pump2)
(b) General form of the Expected Control Laws
p1 [119896] = P1 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p2 [119896] = P2 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
(c) Formal Specification
Requirements
R1 P1 sdot P2 = 0 (lowastThe two pumps never operate simultaneouslylowast)R2 F1 le P1 (lowastPump 1 cannot operate if it is out of order (F1)lowast)R3 F2 le P2 (lowastPump2 cannot operate if it is out of order (F2)lowast)R4 GF le (P1 sdot P2) (lowastWhen a global failure is detected (GF) no pump can operatelowast)R5 (P1 + P2) le Rq (lowastIt is necessary to have are quest for pumps operatelowast)R6 Rq le (P1 + P2) (lowastIt is sufficient to have a request for pumps operatelowast)
Priority rules
R4 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)R2R3 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)
Optimization criteria
(1) Minimization of ((P1 sdot1199011198751) + (P2 sdot
1199011198752)) (lowastMinimization of the possibility to start a pumplowast)
(2) Maximization of ((Pr sdot P1) + (Pr sdot P2)) (lowastMaximization of the priority order between the two pumpslowast)
(d) Solution obtained by symbolic calculation
P1 = Rq sdot GF sdot F1 sdot (F2 + Pr sdot (1199011198751+1199011198752) +
119901P 1 sdot1199011198752)
P2 = Rq sdot GF sdot F2 sdot (F1 + Pr sdot (1199011198752+1199011198751) +
119901P 2 sdot1199011198751)
(e) Control laws of the water distribution system
p1 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f2 [119896] or pr [119896] and (p1 [119896 minus 1] or notp2 [119896 minus 1]) or p1 [119896 minus 1] and notp2 [119896 minus 1])
p2 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f1 [119896] or pr [119896] and (p2 [119896 minus 1] or notp1 [119896 minus 1]) or p2 [119896 minus 1] and notp1 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
Figure 5 Details of the case study
Mathematical Problems in Engineering 13
(iii) It is necessary to have a request for pumps operate(1198751 + 1198752) le Rq
(iv) It is sufficient to have a request for pumps operateRq le (1198751 + 1198752)
(v) When Pump1 is failed it is sufficient to have a requestfor Pump2 operate F1 sdot Rq le 1198752
(vi) When Pump1 is failed it is necessary to have a requestfor Pump2 operate F1 sdot 1198752 le Rq
It is possible to prove that some of these formal expres-sions are equivalent (eg the first two) When a designerhesitates between two forms he has the possibility by usingsymbolic calculation to check if the proposed relations areequivalent or not
As 1198751 and1199011198751 represent the behavior of pump1 at
respectively times [119896] and [119896minus1] it is also possible to expressrelations about starts and stops of this pump as follows
(i) It is necessary to have a request to start pump1 (1198751 sdot1199011198751) le Rq
(ii) When pump1 operates it is sufficient to have a globalfailure to stop pump1 (
1199011198751 sdot GF) le (1198751 sdot
1199011198751)
53 Synthesis Process In traditional design methods thedesign procedure of a logic controller is not a linear processbut an iterative one converging to an acceptable solution Atthe beginning of the design requirements are neither com-plete nor without errors Most often new requirements areadded during the search of solutions and others are cor-rected This complementary information is given by thedesigner after analysis of the partial solutions he foundor when inconsistencies have been detected If we do notmake the hypothesis that the specifications are complete andconsistent designing a controller with a synthesis techniqueis also an iterative process in which the designer plays animportant role
531 Analysis of Requirements For this case study we chooseto start with requirements R1 to R6 For this subset ofrequirements the result given by your software tool was thefollowing inconsistency conditionI = Rq sdotGF+Rq sdotF1 sdotF2
Since requirements are declared inconsistent we have togive complementary information to precise our specificationBy analyzing each term of this formula it is possible to detectthe origin of the inconsistency
(i) Rq sdot GF what happens if we have simultaneouslya request and a global failure We consider thatrequirement R4 is more important than requirementR6 (R4 ≫ R6) as no pump can operate for thisconfiguration
(ii) Rq sdot F1 sdot F2 what happens if we have simultaneouslya request and a failure of each pump We considerthat requirements R2 and R3 aremore important thanrequirement R6 (R2R3 ≫ R6)
With these priority rules all the requirements are nowcoherent and the set of all the solutions can be computed
532 Optimal Solutions For choosing a control law of thewater supply system among this set of possible solutions wewill now take into account the given optimization criteriaThe first criterion aims at minimizing the number of startingof each pump in order to reduce its wearThe second criterionaims atmaximizing the use of the pump indicated by the valueof parameter Pr The method we propose allows proving thatproposed criteria cannot be treated simultaneously since theyare antagonist (to strictly the priority use of the pump fixedby parameter Pr it is necessary to permute pumps when Prchanges of value implying a supplementary start of a pump)Details can be found in [25]
All the priorities rules and optimization criteria used forthis case study are given in Figure 5(c)The solutionwe obtainis proposed in Figure 5(d)
533 Implementing Control Laws The synthesized controllaws presented in Figure 5(e) have been obtained by trans-lating the expression of the two unknowns according tothe projection-functions into relations between recurrentBoolean equations These control laws can be automaticallytranslated in the syntax of the ladder diagram language [1]before being implemented into a PLCThe code is composedof only 4 rungs (Figure 6)
The synthesized control laws can be given under theform of an automatically built inputoutput automaton withguarded transitions [21] (Figure 7)
6 Discussion
In our approach the synthesis of control laws is based onthe symbolic calculation a prototype software tool has beendeveloped to avoid tedious calculus and to aid the designerduring the different steps of the synthesis This tool (thatcan be obtained on request by the authors) performs all thecomputations required for inconsistencies detection betweenrequirements and for control laws generation In this toolall the Boolean formulas are stored in the form of reducedordered binary decision diagrams which allows efficientcalculations For example the computations for synthesizinga controller for the water supply system that we developedabove have been made in less than 10ms onto a classicallaptop
Our approach has been tested on several studies cases(some of them are available online httpwwwlurpaens-cachanfr-226050kjsp) The feedbacks of these experiencesallowed us to identify some of its limits and its possibilitiesthe most important are given below
We have first to recall that our method can only be usedfor binary systems (systems whose inputs and outputs of theircontroller are Boolean values)Nevertheless in practicemanysystems like manufacturing systems transport systems andso on are fully or partially binary
In our opinion the main advantage of our approachis that contrary to traditional engineering approaches thesynthesized control laws are not depending on designerrsquos skillor of his correct interpretation of the system requirementsOn the other hand the quality of the synthesis results highly
14 Mathematical Problems in Engineering
|+--| |-------------------------------( )--+| |
|
|+--| |-------------------------------( )--+| |
|
Rung 1 command of pump 1
rq gf p1
rq gf p2f1
f1
f2
f2
pr
pr
pp1
pp1
pp1
pp1
pp2
pp2
pp2
pp2
Rung 2 command of pump 2
Rung 3 update previous value of pump 1
Rung 4 update previous value of pump 2
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|
|
|
|
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
p1
p2
pp1
pp2
Figure 6 Ladder diagram of the code to implement into the PLC
Table 1 Futures concerning a same case study
Formal requirements Synthesized controller PLC program (structured text)
Supervisory Control TheoryPlant behavior 11 finite automata(481 states and 1330 transitions)Specifications 11 finite automata
Finite automaton of 45states and 70 transitions 130 lines
Algebraic synthesis 8 equations and 2 priority rules 2 6-variable switchingfunctions 4 lines
E0-1 = rq and notgf and notf1and (f2 or pr)E0-2 = rq and notgf and notf2 and (f1or notpr)
E1-0 = notrq or gf or f1 and f2
E2-0 = notrq or gf or f1 and f2E2-1 = rq and notgf and f2 and notf1E2-1 = rq and notgf and f2 and notf1
E2-0 E0-2
E0-1
E1-0
E 2-1
E 1-2
0 1
2
p1
p2
E1-2 = rq and notgf and f1 and notf2Figure 7 State model of the obtained control law
depends on the relevance of the requirements proposed bythe designerThis step of formalization by the designer of theinformal requirements of the system to be controlled is theAchilles heel of all synthesis methods including the Supervi-sory Control Theory (SCT) and cannot be automated
The objective comparison of our approach with othersynthesis methods and more especially with SCT is verydifficult because the models used and the theoretical basicsare very different Nevertheless we tested both approaches onsame study cases One of them the control of an automaticparking gate has been published in [26]The results obtainedin this case are summarized in Table 1
Furthermore one may note that the supervisor thatis synthesized by SCT is optimal in the sense where it
is the most permissive that is the one that reduces theless the plant behavior in order to force it to respect thespecifications As shown in this paper our method allowsto cope with inconsistencies in specifications what is notpossible with SCT and also allows to find optimal controllersby choosing different optimization criteria (most permissivemost restrictive most safe controller etc)
7 Conclusion
Many research works in the field of DES aim at formalizingsteps of the systems life cycle Since 20 years significantprogresses have been obtained for the synthesis verificationperformance evaluation and diagnosis of DESs Neverthe-less one of the common difficulties of these works is thetranslation of informal expression of the knowledge of asystem into formal requirements Few works have paidattention to this important task which is very error prone Inthis paper we proposed an iterative process that allows copingwith inconsistencies of the requirements during the synthesisof the controller The framework in which we proposed thisapproach is an algebraic synthesis method Since the problemis located in the frontier between formal and informalintervention of the designer is necessary Nevertheless wehave shown that this intervention can be guided by the resultsof the formal method provides
Mathematical Problems in Engineering 15
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] International Electrotechnical Commission IEC 61131-3 IEC61131-3 Standard Programmable Controllers-Part 3 Program-ming Languages International Electrotechnical Commission2nd edition 2003
[2] G Frey and L Litz ldquoFormal methods in PLC programmingrdquoin Proceedings of the IEEE International Conference on SystemsMan and Cybernetics vol 4 pp 2431ndash2436 October 2000
[3] B Berard M Bidoit A Finkel et al Systems and Software Ver-ification Model-Checking Techniques and Tools Springer NewYork NY USA 1st edition 1999
[4] H Bel Mokadem B Berard V Gourcuff O De Smet andJ Roussel ldquoVerification of a timed multitask system withUPPAALrdquo IEEE Transactions on Automation Science and Engi-neering vol 7 no 4 pp 921ndash932 2010
[5] J L Boulanger Ed Industrial Use of Formal Methods FormalVerification (ISTE) Wiley-ISTE New York NY USA 2012
[6] P J G Ramadge andWMWonham ldquoControl of discrete eventsystemsrdquo Proceedings of the IEEE vol 77 no 1 pp 81ndash98 1989
[7] P Gohari and W M Wonham ldquoOn the complexity of supervi-sory control design in the RW frameworkrdquo IEEE Transactionson Systems Man and Cybernetics B vol 30 no 5 pp 643ndash6522000
[8] Y Hietter Synthese algebrique de lois de commande pour lessystemes a evenements discrets logiques [PhD thesis] ENSCachan Cachan France 2009
[9] H-M Hanisch A Lueder and J Thieme ldquoModular plantmodeling technique and related controller synthesis problemsrdquoin Proceedings of the 1998 IEEE International Conference onSystems Man and Cybernetics pp 686ndash691 October 1998
[10] J-M Roussel and A Giua ldquoDesigning dependable logic con-trollers using the supervisory control theoryrdquo in Proceedings ofthe 16th IFACWorld Congress cDRom paper 4427 p 6 PrahaCzech Republic 2005
[11] D A Huffman ldquoThe synthesis of sequential switching circuitsrdquoJournal of the Franklin Institute vol 257 no 3-4 pp 161ndash3031954
[12] G H Mealy ldquoA method for synthesizing sequential circuitsrdquoBell System Technical Journal vol 34 no 5 pp 1045ndash1079 1955
[13] E F Moore ldquoGedanken-experiments on sequential machinesrdquoin Automata Studies pp 129ndash153 Princeton University PressPrinceton NJ USA 1956
[14] S Rudeanu Lattice Functions and Equations (Discrete Mathe-matics and Theoretical Computer Science) Springer New YorkNY USA 2001
[15] FM Brown Boolean Reasoning the Logic of Boolean EquationsDover Mineola NY USA 2003
[16] A Pnueli andR Rosner ldquoOn the synthesis of a reactivemodulerdquoin Proceedings of the 16th ACM symposium on Principles ofprogramming languages (POPL rsquo89) pp 179ndash190 ACM NewYork NY USA 1989
[17] E Filiot N Jin and J Raskin ldquoAntichains and compositionalalgorithms for LTL synthesisrdquoFormalMethods in SystemDesignvol 39 no 3 pp 261ndash296 2011
[18] J Machado B Denis J J Lesage J M Faure and J FereiraldquoLogic controllers dependability verification using a plantmodelrdquo in Proceedings of the 3rd IFAC Workshop on Discrete-Event System Design (DESDes rsquo06) pp 37ndash42 Rydzyna Poland2006
[19] Y Hietter J-M Roussel and J-L Lesage ldquoAlgebraic synthesisof transition conditions of a state modelrdquo in Proceedings of the9th International Workshop on Discrete Event Systems (WODESrsquo08) pp 187ndash192 Goteborg Sweden May 2008
[20] Y Hietter J-M Roussel and J J Lesage ldquoAlgebraic synthesis ofdependable logic controllersrdquo in Proceedings of the 17th WorldCongress International Federation of Automatic Control (IFACrsquo08) pp 4132ndash4137 Seoul South Korea July 2008
[21] A Guignard Symbolic generation of the automaton representingan algebraic description of a logic system [MS thesis] ENSCachan Cachan France 2011
[22] R P Grimaldi Discrete and Combinatorial Mathematics AnApplied Introduction Addison-Wesley Longman Boston MassUSA 5th edition 2004
[23] J-M Roussel and J-J Lesage ldquoAlgebraic synthesis of logicalcontrollers despite inconsistencies in specificationsrdquo in Proceed-ing of the 11th International Workshop on Discrete Event Systems(WODES rsquo12) pp 307ndash314 Guadalajara Mexico 2012
[24] H Leroux Algebraic Synthesis of Logical Controllers with Opti-mization Criteria ENS Cachan Cachan France 2011
[25] H Leroux and J -M Roussel ldquoAlgebraic synthesis of logicalcontrollers with optimization criteriardquo in Proceedings of the6th International Workshop on Verification and Evaluation ofComputer and Communication Systems (VECOS rsquo12) pp 103ndash114 Paris France 2012
[26] M Cantarelli and J Roussel ldquoReactive control system designusing the supervisory control theory evaluation of possibilitiesand limitsrdquo in Proceedings of 9th International Workshop onDiscrete Event Systems (WODES rsquo08) pp 200ndash205 GoteborgSweden May 2008
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
2 Mathematical Problems in Engineering
Program initialization
Inputs reading
Program execution
Ouputs updading
PLCInputs Outputs
ProgramIF R1 THEN
OFLO = 0 EMPTY= 1 PTR = minus1NI = LIMIT (MN = 1 IN = NMX = 128)OUT = 0
ELSIF POP AND NOT EMPTY THENOFLO = 0 PTR = PTR = minus1EMPTY= PTRlt0IF EMPTY THEN OUT = 0ELSE OUT= STK[PTR]END_IF
END_IF
Figure 1 PLC basic principle
the specifications generates a complexity which remainsproblematic for the synthesis of a supervisor for complexsystems [7] It is therefore interesting to explore other waysfor performing synthesis such as algebraic approaches Inpreviousworks we proposed amethod specifically developedto get the control laws that can be directly implemented intothe controller [8] We have chosen to synthesize these controllaws under the form of recurrent Boolean equations becauseof the wide possibilities they offer for the formalization ofsafety requirements and for implementation
Nevertheless whatever is the used synthesis methodone of the weak links of the automatic generation of thecontrol laws is the step of formal transcription by the designer(within state models or algebraic expressions) of the informalrequirements and safety properties the controller has tosatisfy In the case of SCT some authors have proposed moreor less generic approaches for the construction of the modelsof the plant [9] or of the specifications [10] But in any case thehypothesis that requirements can be inconsistent has neverbeen taken into account Unfortunately in the framework ofindustrial collaborations we have been able to verify that it isalways the case In this paper we show how in considerationof specific hypotheses it is possible to install a correction loopfor helping the designer to formalize these requirements andso improving the synthesis method robustness to the lack ofprecision of the specifications
This paper is organized as follows Some basics of alge-braic synthesis given in Sections 2 and 3 recall the mainsteps of our method Section 4 presents the mathematicalframework of our approach and new results that allow usto accept inconsistencies in specifications The strategy wedeveloped for making the synthesis more robust to the lackof consistency of the specifications is described in Section 5thanks to a case study
2 Problem Statement
Figure 2 proposes a generic representation of a DES whosecontroller has 119901 Boolean inputs (119906
119894) 119902 Boolean outputs (119910
119895)
and 119903 Boolean state variables (119909119897) Plant and controller are
connected through a closed loop exchanging inputs andoutputs signals The state variables needed for expressingsequential behaviors of the controller are represented byinternal variables
Combinationalbehavior
State variablesbehavior
Controller
Plant
p q
r
xl yjui
yj[k] = Fj(u1[k] up[k] x1[k minus 1] xr[k minus 1])
xl[k] = Fq+1(u1[k] up[k] x1[k minus 1] xr[k minus 1])
Figure 2 A sequential DES
The algebraic modeling of the control laws of the con-troller necessitates the definition of (119902+119903) switching functionsof (119901+119903) variables Even if this representation is very compact(the 119903 Boolean state variables allow the representation of 2119903different states) the construction by hands of these switchingfunctions is a very tedious and error-prone task [11] thecontroller of Figure 2 admits 2119901 inputs combinations can send
2119902 outputs combinations and can express (22
(119901+119903)
)
(119902+119903)
sequen-tial behaviors That is the reason why algebraic modelingapproaches have been replaced by methods based on statemodels since the middle of 50rsquos [12 13] Nevertheless thanksto recent mathematical results obtained onto Boolean alge-bras [14 15] the automatic algebraic synthesis of switchingfunctions is now possible
In [16] an interesting approach for the systematic con-struction of a reactive program from its formal specification isproposed In this work the program synthesis is consideredas a theorem proving activity A program with input 119909 andoutput 119910 specified by the formula 120593(119909 119910) is constructedas a byproduct of proving the theorem (forall119909)(exist119910)120593(119909 119910)The specification 120593(119909 119910) characterizes the expected relationbetween the input 119909 and the output 119910 computed by theprogram This approach is based on the observation that
Mathematical Problems in Engineering 3
the formula (forall119909)(exist119910)120593(119909 119910) is equivalent to the second-order formula (exist119891)(forall119909)120593(119909 119891(119909)) stating the existence of afunction 119891 such that 120593(119909 119891(119909)) holds for every 119909
This approach provides a conceptual framework for therigorous derivation of a program from its formal specifica-tion It has also been used to synthesize specifications underthe form of finite automata from their linear temporal logic(LTL) description [17]
The core of our approach is based on this strategy we aimat deducing the (119902+119903) switching functions of (119901+119903) variableswhich define the behavior of the controller from a formula120593(119906119894[119896] 119909119897[119896 minus 1] 119910
119895[119896] 119909119897[119896]) that holds for every 119896 every
119906119894[119896] and every 119909
119897[119896 minus 1]
To cope with combinatorial explosion switching func-tions will be handled through a symbolic representation (andnot their truth-tables which contain 2(119901+119903) Boolean values)Each input 119906
119894(resp output 119910
119895) of the controller will be
represented by a switching function 119880119894(resp 119884
119895) To take
into account the recursive aspect of state variables each statevariable 119909
119897will be represented by two switching functions119883
119897
(for time [119896]) and119901119883119897(for time [119896 minus 1])
According to this representation the synthesis of controllaws of a logical system from its specification can now betransformed into the search of the solutions to themathemat-ical problem as follows
(forall119880119894) (forall119901119883119897) (exist119884119895) (exist119883
119897) 120593 (119880
119894119901119883119897 119884119895 119883119897) (1)
where (119880119894119901119883119897 119884119895 119883119897) are (119901 + 119902+ 2119903) switching functions of
(119901 + 119903) variables
3 Overview of Our Method
The input data of the proposed method (Figure 3) areunformal functional and safety requirements given by thedesigner In practice these requirements are most oftengiven in a textual form andor by using technical Taylor-made languages (Gantt diagrams function blocks diagramsGrafcet etc) or imposed standards
All the steps of our synthesis method are implementedinto a prototype software tool developed in Python (Casestudies are available online httpwwwlurpaens-cachanfr-226050kjsp) The first step is the formalization of require-ments within an algebraic description examples are givenin Section 52 Requirements expressed with a state modelcan directly be translated into recurrent Boolean equationsthanks to the algorithm proposed by Machado et al [18] Incase where the knowhow of the designer enables him to builda priori the global form of the solution (or of a part of thewhole solution) it is also possible to give fragments of solutionas requirements [19]
The second step consists in checking the consistency ofthe set of requirements by symbolic calculationThe sufficientcondition for checking this consistency has been given in [20]but no strategy has been proposed for coping with potentialinconsistencies In this paper we show that thanks to newtheorems the causes of these inconsistencies can be pointedout It is then possible for the designer to fix priority rules
Functional andsafety requirements
Formalization1
Set of formalizedrequirements
Consistency checking2
Priorities betweenrequirements
InconsistencyconditionsSystem of equations
Equation solving3
Parametricsolution
Solution choice4
Control laws
Optimizationcriteria
Figure 3 The algebraic synthesis method step by step
between the concerned requirements that will allow findingif exist solutions despite inconsistencies
The core of the method is the third step which consistsin the synthesis of the control laws This step is performedby solving the system of equations which represents the setof consistent requirementsThemathematical results we haveobtained (Theorem 12 given in Section 43) allow finding aparametric expression of the set of solutions
In the fourth step of the method a particular solution hasto be chosen among the set of solutions For that a specificvalue of each parameter of the general solution has to befixed In a previous work [19] we showed how well chosenheuristics can be used for fixing these parameters In thispaper we show that the choice of a particular solution amongthe set of solutions can be expressed as an optimizationproblemWepropose new theorems that allow calculating themaximum and the minimum of a Boolean formula and weshow how optimal solutions can be automatically found Forergonomic reasons the synthesized control laws can finallybe displayed under the form of a finite automaton [21]
After the mathematical background of the method hasbeen recalled we are going to show how in considerationof specific hypotheses the second step of the method can beimproved by a correction loop helping the designer to formal-ize the requirements and so improving the robustness of oursynthesismethod to the lack of precision of the specificationsThe strategy to find an optimal solution according to givencriteria will be also presented
4 Mathematical Foundations
This section is composed of five subsections Sections 41and 42 recall some classical results about Boolean algebras
4 Mathematical Problems in Engineering
and the Boolean algebra of 119899-variable switching functionsSection 43 presents how to solve Boolean equations Sections44 and 45 present specific results obtained for the algebraicsynthesis of control laws
41 Boolean Algebra Typical Feature
Definition 1 (Boolean algebra) (Definition 155 of [22]) LetB be a nonempty set that contains two special elements 0 (thezero element) and 1 (the unity or one element) and on whichwe define two closed binary operations + sdot and an unaryoperation Then (B + sdot 0 1) is called a Boolean algebraif the following conditions are satisfied for all 119909 119910 119911 isin B
Commutative Laws119909 + 119910 = 119910 + 119909
119909 sdot 119910 = 119910 sdot 119909
Distributive Laws119909 sdot (119910 + 119911) = (119909 sdot 119910) + (119909 sdot 119911)
119909 + (119910 sdot 119911) = (119909 + 119910) sdot (119909 + 119911)
Identity Laws119909 + 0 = 119909
119909 sdot 1 = 119909
Inverse Laws119909 + 119909 = 1
119909 sdot 119909 = 0
0 = 1
(2)
Many Boolean algebras could be defined The mostknown are the two-element Boolean algebra (0 1 or and not0 1) and the algebra of classes (set of subsets of a set 119878)(2119878 cup cap 0 119878)
Definition 2 (Boolean formula) (From Section 36 of [15])A Boolean formula (or a Boolean expression) on B is anyformula which represents a combination of members of Bby the operations + sdot or
By construction any Boolean formula on B representsone and only one member of B Two Boolean formulae areequivalent if and only if they represent the same member ofB Later on a Boolean formula F built with the members(1205721 120572
119899) ofB is denotedF(120572
1 120572
119899)
Theorem 3 (Boolersquos expansion of a Boolean formula) Let(1205721 120572
119899) be 119899members ofB 0 1 Any Boolean Formula
F(1205721 120572
119899) can be expanded as
F (1205721 120572
119899) = F
0(1205722 120572
119899) sdot 1205721+F1(1205722 120572
119899) sdot 1205721
(3)
where F0(1205722 120572
119899) and F
1(1205722 120572
119899) are Boolean for-
mulae of only 1205722 120572
119899 These two formulae can be directly
obtained fromF(1205721 120572
119899) as follows
F0(1205722 120572
119899) = F(120572
1 120572
119899)10038161003816100381610038161205721larr0
= F (0 1205722 120572
119899)
F1(1205722 120572
119899) = F (120572
1 120572
119899)10038161003816100381610038161205721larr1
= F (1 1205722 120572
119899)
(4)
The relation equality is not the only defined relationon a Boolean algebra It is also possible to define a partialorder relation between members ofB This relation is calledInclusion-Relation in [15]
Definition 4 (Inclusion-Relation) (Definition 156 of [22]) If119909 119910 isin B define 119909 le 119910 if and only if 119909 sdot 119910 = 119909
As Relation Inclusion is reflexive (119909 le 119909) antisymmetric(if 119909 le 119910 and 119910 le 119909 then 119909 = 119910) and transitive (if 119909 le 119910
and 119910 le 119911 then 119909 le 119911) this relation defines a partial orderbetween members ofB (Theorem 154 of [22])
Since in any Boolean algebra 119909 sdot 119910 = 119909 hArr 119909 sdot 119910 = 0 wealso have 119909 le 119910 hArr 119909 sdot 119910 = 0
Remark 5 For the algebra of classes (2119878 cup cap 0 119878) theInclusion-Relation is the well-known relation sube and we have119909 sube 119910 hArr 119909 cap 119910 = 119909
Theorem 6 (reduction of a set of relations) (Theorem 531 of[15]) Any set of simultaneously asserted relations built with themembers (120572
1 120572
119899) ofB can be reduced to a single equivalent
relation such asF(1205721 120572
119899) = 0
To obtain this equivalent relation it is necessary
(i) to rewrite each equality according to
F1(1205721 120572
119899) = F
2(1205721 120572
119899)
lArrrArr F1(1205721 120572
119899) sdotF2(1205721 120572
119899)
+F1(1205721 120572
119899) sdotF2(1205721 120572
119899) = 0
(5)
(ii) to rewrite each inclusion according to
F1(1205721 120572
119899) le F
2(1205721 120572
119899)
lArrrArr F1(1205721 120572
119899) sdotF2(1205721 120572
119899) = 0
(6)
(iii) to group together rewritten equalities as follows
F1(1205721 120572
119899) = 0
F2(1205721 120572
119899) = 0
lArrrArr F1(1205721 120572
119899) +F
2(1205721 120572
119899) = 0
(7)
42 The Boolean Algebra of 119899-Variable Switching FunctionsTo avoid confusion between Boolean variables and Booleanfunctions of Boolean variables each Boolean variable 119887
119894is
denoted by119887119887119894 The set of the two Boolean values
1198870 and 1198871is denoted by 119861 =
1198870 1198871
Definition 7 (119873-variable switching functions) (FromSection311 of [15]) An 119899-variable switching function is a mapping ofthe form
119891119861119899 997888rarr 119861
(1198871198871 119887119887119899) ∣997888rarr 119891 (
1198871198871 119887119887119899)
where 119861 = 11988701198871
(8)
Mathematical Problems in Engineering 5
The domain of a 119899-variable switching function has 2119899elements and the codomain has 2 elements hence there are22119899
119899-variable switching functions Let 119865119899(119861) be the set of the
22119899
119899-variable switching functions119865119899(119861) contains (119899 + 2) specific 119899-variable switching
functions the 2 constant functions (0 1) and the 119899 projection-functions (119891119894Proj) These functions are defined as follows
0119861119899 997888rarr 119861
(1198871198871 119887119887119899) ∣997888rarr
1198870
1119861119899 997888rarr 119861
(1198871198871 119887119887119899) ∣997888rarr
1198871
119891119894
Proj119861119899997888rarr 119861
(1198871198871 119887119887119899) ∣997888rarr
119887119887119894
(9)
119865119899(119861) can be equipped with three closed operations (two
binary and one unary operations)
Op + 119865119899(119861)2997888rarr 119865119899 (119861)
(119891 119892) ∣997888rarr 119891 + 119892
Op sdot 119865119899(119861)2997888rarr 119865119899 (119861)
(119891 119892) ∣997888rarr 119891 sdot 119892
Op 119865119899 (119861) 997888rarr 119865
119899 (119861)
119891 ∣997888rarr 119891
(10)
where forall(1198871198871 119887119887119899) isin 119861119899
(119891 + 119892) (1198871198871 119887119887119899)
= 119891 (1198871198871 119887119887119899) or 119892 (
1198871198871 119887119887119899)
(119891 sdot 119892) (1198871198871 119887119887119899)
= 119891 (1198871198871 119887119887119899) and 119892 (
1198871198871 119887119887119899)
119891 (1198871198871 119887119887119899) = not119891 (
1198871198871 119887119887119899)
(11)
(119865119899(119861) + sdot 0 1) is a Boolean algebra [22] Then it is
possible to write a Boolean formula of 119899-variable switch-ing functions and relations between Boolean formula of119899-variable switching functions In the case of 119899-variableswitching functions relations Equality and Inclusion can alsobe presented as follows
(i) 119891 and 119892 are equal (119891 = 119892) if and only if the columnsof the truth-tables of 119891 119892 are exactly the same thatis forall(
1198871198871 119887119887119899) isin 119861
119899 119891(1198871198871 119887119887119899) = 119892(
1198871198871
119887119887119899)
(ii) 119891 is included into 119892 (119891 le 119892) if and only if the valueof 119892 is always
1198871 when the value of 119891 is
1198871 that
is forall(1198871198871 119887119887119899) isin 119861
119899 [119891(1198871198871 119887119887119899) =
1198870] or[119892(1198871198871 119887119887119899) =1198871]
Remark 8 Each 119899-variable switching function can be ex-pressed as a composition of (1198911Proj 119891
119899
Proj 0 1) by opera-tions + sdot and
Therefore the Boolean algebra (119865119899(119861) + sdot 0 1) is a
mathematical framework which allows composing and tocomparing switching functions Thanks to the results pre-sented in the next subsection this framework allows alsosolving Boolean equations systems of switching functions
43 Solutions of Boolean Equations over Boolean Algebra119865119899(119861) In [15] Brown explains that many problems in the
application of Boolean algebra may be reduced to solving anequation of the form
119891 (119883) = 0 (12)
over a Boolean algebraB Formal procedures for producingsolution of this equationwere developed by Boole himself as away to treat problems of logical inference Boolean equationshave been studied extensively since Boolersquos initial work (abibliography of nearly 400 sources is presented in [14])Theseworks concern essentially the two-element Boolean algebra(1198870 1198871 or and not 1198870 1198871)In our case we focus on the Boolean algebra of 119899-
variable switching functions 119865119899(119861) We consider a Boolean
system composed of 119898 relations among members of 119865119899(119861)
for which 119896 of them are considered as unknowns Theoremspresented in this section permit to solve any system ofBoolean equations as it exists in a canonic form of a Booleansystem of 119896 unknowns and we are able to calculate solutionsfor this form
431 Canonic Form of a Boolean System of 119896 Unknowns overBoolean Algebra 119865
119899(119861) Consider the Boolean algebra of 119899-
variable switching functions (119865119899(119861) + sdot 0 1)
(i) Let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861)
(ii) Let (1199091 119909
119896) be 119896 elements of 119865
119899(119861) considered as
unknowns
For notational convenience we note ldquo119883119896rdquo as the vector
(1199091 119909
119896) of the 119896 unknowns and ldquoProjrdquo as the vector
(1198911
Proj 119891119899
Proj) of the 119899 projection-functions of 119865119899(119861)
Theorem 9 (reduction of a set of relations between 119899-variableswitching functions) Any set of simultaneously asserted rela-tions of switching functions can be reduced to a single equiva-lent relation such as
F (119883119896 Proj) = 0 (13)
This theorem comes fromTheorem 6In order to be able to write a canonic form for a Boolean
system of 119896 unknowns over Boolean algebra 119865119899(119861) we
introduce the following notation for 119909 isin 119865119899(119861) and 119886 isin 0 1
119909119886 is defined by
1199090= 119909 119909
1= 119909 (14)
6 Mathematical Problems in Engineering
This notation is extended to vectors as follows for 119883119896=
(1199091 119909
119896) isin 119865
119899(119861)119896 and 119860
119896= (1198861 119886
119896) isin 0 1
119896 119883119860119896119896
is defined by
119883119860119896
119896=
119894=119896
prod
119894=1
119909119886119894
119894= 1199091198861
119894sdot sdot sdot sdot sdot 119909
119886119896
119896 (15)
Theorem 10 (canonic form of a Boolean equation) AnyBoolean equation 119864119902(119883
119896 119875119903119900119895) = 0 can be expressed within
the canonic form
sum
119860119896isin01119896
Eq (119860119896 Proj) sdot 119883119860119896
119896= 0 (16)
where 119864119902(119860119896 119875119903119900119895) (with 119860
119896isin 0 1
119896) are the2119896119889119894119904119888119903119894119898119894119899119886119899119905119904 of 119864119902(119883
119896 119875119903119900119895) = 0 according to 119883
119896
(the term of ldquodiscriminantrdquo comes from [15])
This canonic form is obtained by expanding Eq(119883119896Proj)
according to the 119896 unknowns (1199091 119909
119896) For example we
haveEq (119909Proj) = Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909
Eq (1199091 1199092Proj) = Eq (0 0Proj) sdot 119909
1sdot 1199092
+ Eq (0 1Proj) sdot 1199091sdot 1199092
+ Eq (1 0Proj) sdot 1199091sdot 1199092
+ Eq (1 1Proj) sdot 1199091sdot 1199092
(17)
432 Solution of a Single-Unknown Equation over 119865119899(119861)
The following theorem has initially been demonstrated forthe two-element Boolean algebra [14] A generalization forall Boolean algebras can be found in [15] but no detaileddemonstration is given A new formalization of this theoremand its full demonstration are given below
Theorem 11 (solution of a single-unknown equation) TheBoolean equation over 119865
119899(119861)
119864119902 (119909 119875119903119900119895) = 0 (18)
for which the canonic form is
119864119902 (0 119875119903119900119895) sdot 119909 + 119864119902 (1 119875119903119900119895) sdot 119909 = 0 (19)
is consistent (ie has at least one solution) if and only if thefollowing condition is satisfied
119864119902 (0 119875119903119900119895) sdot 119864119902 (1 119875119903119900119895) = 0 (20)
In this case a general form of the solutions is
119909 = 119864119902 (0 119875119903119900119895) + 119901 sdot 119864119902 (1 119875119903119900119895) (21)
where 119901 is an arbitrary parameter that is a freely-chosenmember of 119865
119899(119861)
This solution can also be expressed as
119909 = 119864119902 (1 119875119903119900119895) sdot (119864119902 (0 119875119903119900119895) + 119901)
= 119901 sdot 119864119902 (0 119875119903119900119895) + 119901 sdot 119864119902 (1 119875119903119900119895)
(22)
Proof This theorem can be proved in four steps as follows
(a) Equation (18) is consistent if and only if (20) issatisfied
(b) Equation (21) is a solution of (18) if (20) is satisfied(c) each solution of (18) can be expressed as (21)(d) if (20) is satisfied the three parametric forms pro-
posed are equivalent
Step (a) can be proved as follows Equation (20) is asufficient condition for (18) to admit solutions since 119909 =
Eq(0Proj) is an obvious solution of (18) Equation (20) isalso a necessary condition as if (18) admits a solution then(18) can be also expressed thanks to the consensus theoremas Eq(0Proj) sdot119909+Eq(1Proj) sdot119909+Eq(0Proj) sdotEq(1Proj) = 0and we have necessarily Eq(0Proj) sdot Eq(1Proj) = 0
To prove Step (b) it is sufficient to substitute the expres-sion for 119909 from (21) into (18) and to use (20) as follows
Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909
= Eq (0Proj) sdot (Eq (0Proj) + 119901 sdot Eq(1Proj))
+ Eq (1Proj) sdot (Eq (0Proj) + 119901 sdot Eq(1Proj))
= Eq (0Proj) sdot Eq (0Proj) sdot (119901 sdot Eq (1Proj))
+ Eq (0Proj) sdot Eq (1Proj)
+ 119901 sdot Eq (1Proj) sdot Eq (1Proj)
= 0 + 0 + 0 = 0
(23)
To prove Step (c) it is sufficient to find one element 119901 of119865119899(119861) for each solution for 119909 of (18) Let us consider 119901 defined
by ldquo119901 = Eq(0Proj) sdot Eq(1Proj) sdot 119909rdquo where 119909 is a solution to(18) Then we have
Eq (0Proj) sdot Eq (1Proj) = 0Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909 = 0119901 = Eq(0Proj) sdot Eq(1Proj) sdot 119909
997904rArr 119909 = Eq (0Proj) + 119901 sdot Eq(1Proj)
(24)
as
119909 = 1 sdot 119909 = (Eq (0Proj) + Eq (1Proj)
+Eq (0Proj) sdot Eq (1Proj)) sdot 119909
= Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909
+ Eq (0Proj) sdot Eq (1Proj) sdot 119909
= Eq (0Proj) sdot 119909 + 0 + Eq (1Proj)
sdot (Eq (0Proj) sdot Eq (1Proj) sdot 119909)
as Eq (1Proj) sdot 119909 = 0
Mathematical Problems in Engineering 7
= Eq (0Proj) sdot 119909 + Eq (0Proj) sdot 119909
+ Eq (1Proj) sdot 119901 as Eq (0Proj) sdot 119909 = 0
= Eq (0Proj) sdot (119909 + 119909) + 119901 sdot Eq (1Proj)
= Eq (0Proj) + 119901 sdot Eq (1Proj)(25)
To prove Step (d) it is sufficient to rewrite (21) in the twoother forms by using (20) as follows
119909 = 1 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= (Eq (1Proj) + Eq (1Proj)) sdot Eq (0Proj)
+ 119901 sdot Eq (1Proj)
= Eq (0Proj) sdot Eq (1Proj) + (Eq (0Proj) + 119901)
sdot Eq(1Proj)
= 0 + Eq(1Proj) sdot (Eq (0Proj) + 119901)
= Eq (1Proj) sdot (Eq (0Proj) + 119901)
119909 = 1 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= (119901 + 119901) sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= 119901 sdot Eq (0Proj) + 119901 sdot (Eq (0Proj) + Eq (1Proj))
= 119901 sdot Eq (0Proj)
+ 119901 sdot (Eq (0Proj) sdot Eq (1Proj) + Eq (1Proj))
= 119901 sdot Eq (0Proj) + 119901 sdot (0 + Eq (1Proj))
= 119901 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)(26)
433 Solution of 119896-Unknown Equations over 119865119899(119861) The
global result presented in the following theorem can be foundin [14] or [15] However in these works the solution is notexpressed with a parametric form but with intervals onlyThe formulation presented in this paper is more adaptedto symbolic computation and is mandatory for practiceoptimization
A 119896-unknown equation can be solved by solving suc-cessively 119896 single-unknown equations If we consider the 119896-unknown equation as a single-unknown equation of 119909
119896 its
consistence condition corresponds to a (119896 minus 1)-unknownequationThe process can be iterated until 119909
1 After substitut-
ing 119878(1199091) for 119909
1in the last equation it is possible to find the
solution for 1199092 Then it is sufficient to apply this procedure
again (119896 minus 2) times to obtain successively the solutions 119878(1199093)
to 119878(119909119896)
Theorem 12 (solution of a 119896-unknown equation) TheBoolean equation over 119865
119899(119861)
1198641199020(119883119896 119875119903119900119895) = 0 (27)
is consistent (ie has at least one solution) if and only if thefollowing condition is satisfied
prod
119860119896isin01119896
1198641199020(119860119896 119875119903119900119895) = 0 (28)
If (28) is satisfied (27) admits one or more 119896-tuple solutions(119878(1199091) 119878(119909
119896)) such each component 119878(119909
119894) is defined by
119878 (119909119894) = prod
119860119896minus119894isin01119896minus119894
119864119902119894minus1
(0 119860119896minus119894 119875119903119900119895)
+ 119901119894sdot prod
119860119896minus119894isin01119896minus119894
119864119902119894minus1
(1 119860119896minus119894 119875119903119900119895)
(29)
with
(i) 119864119902119894(119909119894+1 119909
119896 119875119903119900119895) = 119864119902
119894minus1(119909119894 119909119894+1 119909
119896
119875119903119900119895)|119909119894larr119878(119909119894)
(ii) 119901119894is an arbitrary parameter that is a freely-chosen
member of 119865119899(119861)
The full demonstration of this theorem cannot be givenin this paper because of lack of space (a full demonstration bymathematical induction can be found in [8]) A description ofthe different steps of the proof and the detail of the principalsteps are given below
Proof (elements of Proof) Equation (27) can be solved byapplying Theorems 3 and 11 119896 times according to theunknowns 119909
119896to 1199091as follows
According toTheorem 3 (27) is equivalent to
Eq0(119883119896minus1
0Proj) sdot 119909119896+ Eq0(119883119896minus1
1Proj) sdot 119909119896= 0 (30)
According to Theorem 11 (30) admits solutions in 119909119896if and
only if
Eq0(119883119896minus1
0Proj) sdot Eq0(119883119896minus1
1Proj) = 0 (31)
Equation (31) is an equationwith (119896minus1)unknowns Each termof (31) can be expanded according to 119909
119896minus1and (31) can be
written in the form
(Eq0(119883119896minus2
0 0Proj) sdot Eq0(119883119896minus2
0 1Proj)) sdot 119909119896minus1
+ (Eq0(119883119896minus2
1 0Proj) sdot Eq0(119883119896minus2
1 1Proj)) sdot 119909119896minus1
= 0
(32)
According toTheorem 11 (32) admits solutions in 119909119896minus1
if andonly if
prod
1198602isin012
Eq0(119883119896minus2
1198602Proj) = 0 (33)
8 Mathematical Problems in Engineering
Equation (33) is an equation with (119896 minus 2) unknowns Eachterm of (33) can be expanded according to 119909
119896minus2and (33) can
be written in the form
( prod
1198602isin012
Eq0(119883119896minus3
0 1198602Proj)) sdot 119909
119896minus2
+ ( prod
1198602isin012
Eq0(119883119896minus3
1 1198602Proj)) sdot 119909
119896minus2= 0
(34)
In the end we obtain an equation of only one unknown1199091defined by
( prod
119860119896minus1isin01119896minus1
Eq0(0 119860119896minus1
Proj)) sdot 1199091
+ ( prod
119860119896minus1isin01119896minus1
Eq0(1 119860119896minus1
Proj)) sdot 1199091= 0
(35)
According to Theorem 11 (35) admits solutions if andonly if
prod
119860119896isin01119896
Eq0(119860119896Proj) = 0 (36)
When (36) is satisfied the 119896 equations for 1199091to 119909119896
admit solutions Equation (27) is then coherent and admitssolutions
When (36) is satisfied solutions of (35) for 1199091are
119878 (1199091) = prod
119860119896minus1isin01119896minus1
Eq0(0 119860119896minus1
Proj)
+ 1199011sdot prod
119860119896minus1isin01119896minus1
Eq0(1 119860119896minus1
Proj)(37)
After substituting 119878(1199091) for 119909
1into (27) we obtain a new
equation Eq1(1199092 119909
119896Proj) = 0 involving the (119896 minus 1)
unknowns (1199092 119909
119896) where
Eq1(1199092 119909
119896Proj) = Eq
0(1199091 1199092 119909
119896Proj) |
1199091larr119878(1199091)
(38)
By applying the previous procedure we can obtain 119878(1199092)
and Eq2(1199093 119909
119896Proj)Then it suffices to apply this proce-
dure again (119896minus2) times to obtain successively solutions 119878(1199093)
to 119878(119909119896)
It is important to note that the order in which unknownsare treated affects only the parametric form of the 119896-tuplesolutionThis is due to the fact that the same 119896-tuple solutioncan be represented with several distinct parametric forms
434 Partial Conclusions Thanks to theorems presentedabove it is possible to obtain a parametric representationof all the solutions of any set of simultaneously assertedrelations with 119896 unknowns if a solution exists In practicedue to the complexity of systems to be designed proposedset of simultaneously asserted relations is generally incon-sistent [23] To simplify the work of the designer we haveproved complementary theorems to improve the robustnessof our method to the lack of precision of the specifications(Section 44)
When several solutions exist the comparison of solutionsaccording to a given criterion can be envisaged since theBoolean algebra 119865
119899(119861) is equipped with a partial order To
simplify the work of the designer too we have developed amethod to calculate the best solutions according to one orseveral criteria (Section 45)
44Theorems toCopewith Inconsistencies of Specifications Inpractice it is very difficult for a designer to specify the wholerequirements of a complex system without inconsistencies Itis the reasonwhy requirements given by the designer are oftendeclared as inconsistent according to Theorem 12 Since theinconsistency condition is a Boolean formula it is possible touse it for the detection of the origin of inconsistencies Twocases have to be considered as follows
(i) Several requirements cannot be simultaneouslyrespected In this case a hierarchy between require-ments can be proposed in order to find a solutionThe requirements which have the lower priority haveto be corrected for becoming consistent with therequirements which have the higher priority Thisstrategy is based onTheorem 14
(ii) Thedetected inconsistency refers to specific combina-tions of projection-functions for which the designerknows that they are impossible blocking the synthesisprocess it is necessary to introduce new assumptionsand to use Theorem 13
Theorem 13 (solution of a Boolean equation according to anassumption among the projection-functions) The followingproblem
Equationtosolve
1198641199020(119883119896 119875119903119900119895) = 0
Assumptions
A (119875119903119900119895) = 0
(39)
admits the same solutions as the following equation
1198641199020(119883119896 119875119903119900119895) le A (119875119903119900119895) (40)
Mathematical Problems in Engineering 9
Proof According to A(Proj) = 0 Eq0(119883119896Proj) = 0 can be
rewritten as
Eq0(119883119896Proj) = 0
A (Proj) = 0
lArrrArr A (Proj) + Eq0(119883119896Proj) = 0
lArrrArr A (Proj) +A (Proj) sdot Eq0(119883119896Proj) = 0
lArrrArr A(Proj) sdot Eq
0(119883119896Proj) = 0
A (Proj) = 0
lArrrArr Eq0(119883119896Proj) le A (Proj)
A (Proj) = 0
(41)
EquationA(Proj) sdot Eq0(119883119896Proj) = 0 is consistent if and
only if the following condition is true (Theorem 12)
A (Proj) sdot prod
119860119896isin01119896
Eq0(119860119896Proj) = 0 (42)
By construction this new condition is the subset of theinitial condition (prod
119860119896isin01119896Eq0(119860119896Proj) = 0) for which the
proposed assumption is satisfied All the other terms havebeen removed
If (42) is satisfied (40) admits one or more 119896-tuplesolutions where each component 119878(119909
119894) is defined by
119878 (119909119894) = A(Proj)
sdot ( prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(0 119860119896minus119894Proj)
+ 119901119894sdot prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(1 119860119896minus119894Proj))
+A (Proj) sdot 119901119894
(43)
AsA(Proj) = 0 119878(119909119894) can also be expressed as
119878 (119909119894) = prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(0 119860119896minus119894Proj) + 119901
119894
sdot prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(1 119860119896minus119894Proj)
(44)
When A(Proj) = 0 is satisfied the solutions of (40) are alsosolution to Eq
0(119883119896Proj) = 0
Theorem 14 (Solution of a Boolean equation system accord-ing to a priority rule between requirements) The followingproblem
119864119902119906119886119905119894119900119899119904119904119910119904119905119890119898119905119900solve
119867119877 FH (119883119896 119875119903119900119895) = 0
119871119877 FL (119883119896 119875119903119900119895) = 0
119874119877 FO (119883119896 119875119903119900119895) = 0
119875119903119894119900119903119894119905119910119903119906119897119890119887119890119905119908119890119890119899requirements
119867119877 ≫ 119871119877
(45)
where
(i) FH(119883119896 119875119903119900119895) = 0 is the formal expression of therequirements which have the higher priority (HR)
(ii) FL(119883119896 119875119903119900119895) = 0 is the formal expression of therequirements which have the lower priority (LR)
(iii) FO(119883119896 119875119903119900119895) = 0 is the formal expression of the othersrequirements (OR)
(iv) 119867119877 ≫ 119871119877 is the priority rule between inconsistentrequirements
admits the same solutions as the system of equations as follows
FH (119883119896 119875119903119900119895) = 0
FL (119883119896 119875119903119900119895) le I (119875119903119900119895)
FO (119883119896 119875119903119900119895) = 0
(46)
whereI(119875119903119900119895) is the inconsistency condition between require-ments ldquoHRrdquo and ldquoLRrdquo
I (119875119903119900119895) = prod
119860119896isin01119896
(FH (119860119896 119875119903119900119895) +FL (119860
119896 119875119903119900119895))
(47)
Proof Thanks to Theorem 12 the inconsistency conditionI(Proj) between requirements ldquoHRrdquo and ldquoLRrdquo can be foundby solving equation FH(119883119896Proj) + FL(119883119896Proj) = 0 Wehave
I (Proj) = prod
119860119896isin01119896
(FH (119860119896Proj) +FL (119860
119896Proj))
(48)
To remove the inconsistency between requirements ldquoHRrdquo andldquoLRrdquo according to the priority rule ldquoHR≫ LRrdquo it is necessaryto restrict the range of requirement ldquoLRrdquo to the part for whichthere is no inconsistency that is I(Proj) = 0 That is thecase whenFL(119883119896Proj) = 0 is replaced byFL(119883119896Proj) leI (Proj)
Thanks to Theorem 12 (49) admits always one or more119896-tuple solutions and it is impossible to find a less restrictivecondition over requirement ldquoLRrdquo
FH (119883119896Proj) = 0
FL (119883119896Proj) le I (Proj)
(49)
10 Mathematical Problems in Engineering
45 Optimal Solutions of Boolean Equations over 119865119899(119861) The
goal of this step is to be able to obtain automatically theparametric form of the 119896-tuples solutions of 119865
119899(119861) which
satisfy not only a given equation (Eq(119883119896Proj) = 0) of
Boolean functions but also which maximize (or minimize) aBoolean formula of these Boolean functions (F
119862(119883119896Proj))
corresponding to the desired optimization criterionGenerally speaking the search of the best solution tuples
according to a given criterion when the space of solutions iscomposed of discrete values is a complex mathematical issueIt is sometimes necessary to make a side-by-side comparisonof each solution in order to identify the best one In our casethis exhaustive method which cannot be used as 119865
119899(119861) is only
provided by a partial order two particular solutions cannotalways be ordered between themselves
Nevertheless it is possible to obtain the researchedparametric form of the 119896-tuples thanks to the followingresults
(i) When an equation between Boolean functions hasone or more solution tuples in 119865
119899(119861) every Boolean
formula onto these Boolean functions can be rewrit-ten thanks to only projection-functions of 119865
119899(119861) and
free parameters of 119865119899(119861) which are describing these
solution tuples(ii) Every Boolean formula expressed as a composition
of projection-functions of 119865119899(119861) and free parameters
of 119865119899(119861) has a unique maximum and a unique
minimumThese extrema can be expressed thanks toonly projection-functions of 119865
119899(119861)
Hence it is then possible to rewrite the initial problem
Problem to solve
Eq (119883119896Proj) = 0
Optimization Criterion
Maximization of FC (119883119896Proj)
(50)
into a 2-equation system to solve
Eq (119883119896Proj) = 0
F119862(119883119896Proj) = Max
119883119896|Eq(119883119896 Proj)=0(F119862(119883119896Proj)) (51)
451 Extrema of a Boolean Formula according to FreelyChosen Members of 119865
119899(119861) Considering the Boolean algebra
of 119899-variable switching functions (119865119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861)
(ii) let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector
Any formula F(119875119896Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) defines a subset of 119865
119899(119861) According to
the relation le elements of this subset can be compared
In this specific case the subset defined byF(119875119896Proj) admits
a minimal element and a maximal element
Theorem 15 (minimum and maximum of a Boolean for-mula) Any formulaF(119875
119896 Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) admits a minimum and amaximum defined
as follows
Min119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = prod
119860119896isin01119896
F (119860119896 Proj)
Max119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = sum
119860119896isin01119896
F (119860119896 Proj)
(52)
Proof To prove this theorem it is necessary to establish that
(1) prod119860119896isin01
119896F(119860119896Proj) is a lower bound of F(119875
119896
Proj)(2) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = prod
119860119896isin01119896F(119860
119896Proj)
(3) sum119860119896isin01
119896F(119860119896Proj) is an upper bound of F(119875
119896
Proj)(4) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = sum
119860119896isin01119896F(119860
119896Proj)
Details of this proof can be found in [24]
452 Optimization Problem Considering the Boolean alge-bra of 119899-variable switching functions (119865
119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861) Let ldquoProjrdquo be the corresponding vector
(ii) Let (1199091 119909
119896) be 119896 elements of 119865
119899(119861) considered as
unknowns Let ldquo119883119896rdquo be the corresponding vector
(iii) Let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector(iv) Let Eq(119883
119896Proj) = 0 be the Boolean equation to solve
(v) LetFC(119883119896Proj) be the Boolean formula of the givencriterion to optimize (maximization or minimiza-tion)
Themethod we propose to obtain the parametric form ofthe 119896-tuple of switching functions solution of Eq(119883
119896Proj) =
0 according to a given optimization criterionFC(119883119896Proj) iscomposed of five steps as follows
(i) The first step is to establish the parametric form of the119896-tuple solution to Eq(119883
119896Proj) = 0 only thanks to
Theorem 12(ii) The second step is to establish the parametric form
of the given optimization criterion FC(119883119896Proj) bysubstituting 119878(119909
119894) for 119909
119894 Let FSC(119875119896Proj) be the
result of this substitution(iii) The third step is to calculate the extremum
of FSC(119875119896Proj) according to Theorem 15 LetFEC(Proj) be the Boolean formula of this extremum
Mathematical Problems in Engineering 11
Pump1
Pump2
To the distributing system
Tank
Figure 4 Structure of the water supply system
(iv) The fourth step is to replace the given criterion by theequivalent relation
F119862(119883119896Proj) = FEC (Proj) (53)
(v) The fifth step is to establish the parametric form of the119896-tuple solution of the equivalent problem
Eq (119883119896Proj) = 0
FCrit (119883119896Proj) = FExtCrit (Proj) (54)
453 Partial Conclusions Thanks to theorems presentedin this section it is now possible to obtain a parametricrepresentation of the optimal solutions according to a givencriterion of any set of simultaneously asserted relations with119896 unknowns if a solution exists
The proposed method also permits to associate simulta-neously or sequentially several criteria
(i) When several criteria are treated simultaneously theoptimization problem can admit no solution That isthe case when the given criteria are antagonist
(ii) When several criteria are treated sequentially theobtained solutions satisfy the criteria with a givenpriority order An example of optimization withseveral criteria treated sequentially is presented in thenext section
5 Algebraic Synthesis of LogicalControllers with Optimization Criteriaand Incoherent Requirements
51 Control System Specifications The studied system is thecontroller of a water supply system composed of two pumpswhich are working in redundancy (Figure 4) The waterdistribution is made when it is necessary according to thepossible failures of elements (the pumps and the distributingsystem)
The expected behavior of the control system regardingthe application requirements can be expressed by the set ofassertions given hereafter
(i) The two pumps never operate simultaneously(ii) A pump cannot operate if it is out of order
(iii) When a global failure is detected no pump canoperate
(iv) Pumps can operate if and only if a water distributionrequest is present
(v) Priority is given according to ldquoprrdquo (pump1 has prioritywhen ldquoprrdquo is true)
(vi) In order to reduce the wear of the pumps it isnecessary to restrict the number of starting of thepumps
511 Inputs and Outputs of the Controller The Booleaninputs and outputs of this controller are given in Figure 5(a)Each pump is controlled thanks to a Boolean output (ldquop1rdquoand ldquop2rdquo) The controller is informed of water distributionrequests thanks to the input ldquoreqrdquo Inputs ldquof1rdquo and ldquof2rdquo informthe controller of a failure of the corresponding pump and ldquogf rdquoindicates a global failure of the installation The values o or 1of input ldquoPrrdquo decide which pump has priority
512 Control Laws to Synthetize Our approach does notallow identifying automatically which state variables mustbe used They are given by the designer according to itsinterpretation of the specification
For the water distribution system we propose to use 2state variables one for each output According to this choice2 7-variable switching functions (1198751 and 1198752) have to besynthesized (Figure 5(b)) They represent the unknowns ofour problem For this case study the 7 projection-functionsof 1198657(119861) are therefore as follows
(i) The 5 switching functions (Rq F1 F2 GF and Pr)which characterize the behavior of the inputs of thecontroller and are defined as follows
Rq1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr rq [119896] (55)
(ii) The 2 switching functions (1199011198751 and
1199011198752) which char-
acterize the previous behavior of the state variables ofthe controller and are defined as follows
1199011198751 1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr p1 [119896 minus 1] (56)
52 Algebraic Formalization of Requirements The completeformalization of the behavior of the water distribution systemis given in Figure 5(c) In order to illustrate the powerof expression of relations Equality and Inclusion severalexamples (generic assertions and equivalent formal relationsillustrated in the case study) are given hereafter It is impor-tant to note that the relation Inclusion permits to expressdistinctly necessary conditions and sufficient conditionsThisrelation is the cornerstone of our approach
(i) Pump1 and Pump2 never operate simultaneously1198751sdot1198752 = 0
(ii) If Pump1 operates Pump2 cannot operate 1198751 le 1198752
12 Mathematical Problems in Engineering
(a) Inputs and Outputs of the Controller
Control ofthe water
distributionsystem
(Request of water) rq(Pump1 failure) f1(Pump2 failure) f2(Global failure) gf
(Priority to Pump1) pr
p1 (Command of Pump1)
p2 (Command of Pump2)
(b) General form of the Expected Control Laws
p1 [119896] = P1 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p2 [119896] = P2 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
(c) Formal Specification
Requirements
R1 P1 sdot P2 = 0 (lowastThe two pumps never operate simultaneouslylowast)R2 F1 le P1 (lowastPump 1 cannot operate if it is out of order (F1)lowast)R3 F2 le P2 (lowastPump2 cannot operate if it is out of order (F2)lowast)R4 GF le (P1 sdot P2) (lowastWhen a global failure is detected (GF) no pump can operatelowast)R5 (P1 + P2) le Rq (lowastIt is necessary to have are quest for pumps operatelowast)R6 Rq le (P1 + P2) (lowastIt is sufficient to have a request for pumps operatelowast)
Priority rules
R4 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)R2R3 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)
Optimization criteria
(1) Minimization of ((P1 sdot1199011198751) + (P2 sdot
1199011198752)) (lowastMinimization of the possibility to start a pumplowast)
(2) Maximization of ((Pr sdot P1) + (Pr sdot P2)) (lowastMaximization of the priority order between the two pumpslowast)
(d) Solution obtained by symbolic calculation
P1 = Rq sdot GF sdot F1 sdot (F2 + Pr sdot (1199011198751+1199011198752) +
119901P 1 sdot1199011198752)
P2 = Rq sdot GF sdot F2 sdot (F1 + Pr sdot (1199011198752+1199011198751) +
119901P 2 sdot1199011198751)
(e) Control laws of the water distribution system
p1 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f2 [119896] or pr [119896] and (p1 [119896 minus 1] or notp2 [119896 minus 1]) or p1 [119896 minus 1] and notp2 [119896 minus 1])
p2 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f1 [119896] or pr [119896] and (p2 [119896 minus 1] or notp1 [119896 minus 1]) or p2 [119896 minus 1] and notp1 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
Figure 5 Details of the case study
Mathematical Problems in Engineering 13
(iii) It is necessary to have a request for pumps operate(1198751 + 1198752) le Rq
(iv) It is sufficient to have a request for pumps operateRq le (1198751 + 1198752)
(v) When Pump1 is failed it is sufficient to have a requestfor Pump2 operate F1 sdot Rq le 1198752
(vi) When Pump1 is failed it is necessary to have a requestfor Pump2 operate F1 sdot 1198752 le Rq
It is possible to prove that some of these formal expres-sions are equivalent (eg the first two) When a designerhesitates between two forms he has the possibility by usingsymbolic calculation to check if the proposed relations areequivalent or not
As 1198751 and1199011198751 represent the behavior of pump1 at
respectively times [119896] and [119896minus1] it is also possible to expressrelations about starts and stops of this pump as follows
(i) It is necessary to have a request to start pump1 (1198751 sdot1199011198751) le Rq
(ii) When pump1 operates it is sufficient to have a globalfailure to stop pump1 (
1199011198751 sdot GF) le (1198751 sdot
1199011198751)
53 Synthesis Process In traditional design methods thedesign procedure of a logic controller is not a linear processbut an iterative one converging to an acceptable solution Atthe beginning of the design requirements are neither com-plete nor without errors Most often new requirements areadded during the search of solutions and others are cor-rected This complementary information is given by thedesigner after analysis of the partial solutions he foundor when inconsistencies have been detected If we do notmake the hypothesis that the specifications are complete andconsistent designing a controller with a synthesis techniqueis also an iterative process in which the designer plays animportant role
531 Analysis of Requirements For this case study we chooseto start with requirements R1 to R6 For this subset ofrequirements the result given by your software tool was thefollowing inconsistency conditionI = Rq sdotGF+Rq sdotF1 sdotF2
Since requirements are declared inconsistent we have togive complementary information to precise our specificationBy analyzing each term of this formula it is possible to detectthe origin of the inconsistency
(i) Rq sdot GF what happens if we have simultaneouslya request and a global failure We consider thatrequirement R4 is more important than requirementR6 (R4 ≫ R6) as no pump can operate for thisconfiguration
(ii) Rq sdot F1 sdot F2 what happens if we have simultaneouslya request and a failure of each pump We considerthat requirements R2 and R3 aremore important thanrequirement R6 (R2R3 ≫ R6)
With these priority rules all the requirements are nowcoherent and the set of all the solutions can be computed
532 Optimal Solutions For choosing a control law of thewater supply system among this set of possible solutions wewill now take into account the given optimization criteriaThe first criterion aims at minimizing the number of startingof each pump in order to reduce its wearThe second criterionaims atmaximizing the use of the pump indicated by the valueof parameter Pr The method we propose allows proving thatproposed criteria cannot be treated simultaneously since theyare antagonist (to strictly the priority use of the pump fixedby parameter Pr it is necessary to permute pumps when Prchanges of value implying a supplementary start of a pump)Details can be found in [25]
All the priorities rules and optimization criteria used forthis case study are given in Figure 5(c)The solutionwe obtainis proposed in Figure 5(d)
533 Implementing Control Laws The synthesized controllaws presented in Figure 5(e) have been obtained by trans-lating the expression of the two unknowns according tothe projection-functions into relations between recurrentBoolean equations These control laws can be automaticallytranslated in the syntax of the ladder diagram language [1]before being implemented into a PLCThe code is composedof only 4 rungs (Figure 6)
The synthesized control laws can be given under theform of an automatically built inputoutput automaton withguarded transitions [21] (Figure 7)
6 Discussion
In our approach the synthesis of control laws is based onthe symbolic calculation a prototype software tool has beendeveloped to avoid tedious calculus and to aid the designerduring the different steps of the synthesis This tool (thatcan be obtained on request by the authors) performs all thecomputations required for inconsistencies detection betweenrequirements and for control laws generation In this toolall the Boolean formulas are stored in the form of reducedordered binary decision diagrams which allows efficientcalculations For example the computations for synthesizinga controller for the water supply system that we developedabove have been made in less than 10ms onto a classicallaptop
Our approach has been tested on several studies cases(some of them are available online httpwwwlurpaens-cachanfr-226050kjsp) The feedbacks of these experiencesallowed us to identify some of its limits and its possibilitiesthe most important are given below
We have first to recall that our method can only be usedfor binary systems (systems whose inputs and outputs of theircontroller are Boolean values)Nevertheless in practicemanysystems like manufacturing systems transport systems andso on are fully or partially binary
In our opinion the main advantage of our approachis that contrary to traditional engineering approaches thesynthesized control laws are not depending on designerrsquos skillor of his correct interpretation of the system requirementsOn the other hand the quality of the synthesis results highly
14 Mathematical Problems in Engineering
|+--| |-------------------------------( )--+| |
|
|+--| |-------------------------------( )--+| |
|
Rung 1 command of pump 1
rq gf p1
rq gf p2f1
f1
f2
f2
pr
pr
pp1
pp1
pp1
pp1
pp2
pp2
pp2
pp2
Rung 2 command of pump 2
Rung 3 update previous value of pump 1
Rung 4 update previous value of pump 2
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|
|
|
|
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
p1
p2
pp1
pp2
Figure 6 Ladder diagram of the code to implement into the PLC
Table 1 Futures concerning a same case study
Formal requirements Synthesized controller PLC program (structured text)
Supervisory Control TheoryPlant behavior 11 finite automata(481 states and 1330 transitions)Specifications 11 finite automata
Finite automaton of 45states and 70 transitions 130 lines
Algebraic synthesis 8 equations and 2 priority rules 2 6-variable switchingfunctions 4 lines
E0-1 = rq and notgf and notf1and (f2 or pr)E0-2 = rq and notgf and notf2 and (f1or notpr)
E1-0 = notrq or gf or f1 and f2
E2-0 = notrq or gf or f1 and f2E2-1 = rq and notgf and f2 and notf1E2-1 = rq and notgf and f2 and notf1
E2-0 E0-2
E0-1
E1-0
E 2-1
E 1-2
0 1
2
p1
p2
E1-2 = rq and notgf and f1 and notf2Figure 7 State model of the obtained control law
depends on the relevance of the requirements proposed bythe designerThis step of formalization by the designer of theinformal requirements of the system to be controlled is theAchilles heel of all synthesis methods including the Supervi-sory Control Theory (SCT) and cannot be automated
The objective comparison of our approach with othersynthesis methods and more especially with SCT is verydifficult because the models used and the theoretical basicsare very different Nevertheless we tested both approaches onsame study cases One of them the control of an automaticparking gate has been published in [26]The results obtainedin this case are summarized in Table 1
Furthermore one may note that the supervisor thatis synthesized by SCT is optimal in the sense where it
is the most permissive that is the one that reduces theless the plant behavior in order to force it to respect thespecifications As shown in this paper our method allowsto cope with inconsistencies in specifications what is notpossible with SCT and also allows to find optimal controllersby choosing different optimization criteria (most permissivemost restrictive most safe controller etc)
7 Conclusion
Many research works in the field of DES aim at formalizingsteps of the systems life cycle Since 20 years significantprogresses have been obtained for the synthesis verificationperformance evaluation and diagnosis of DESs Neverthe-less one of the common difficulties of these works is thetranslation of informal expression of the knowledge of asystem into formal requirements Few works have paidattention to this important task which is very error prone Inthis paper we proposed an iterative process that allows copingwith inconsistencies of the requirements during the synthesisof the controller The framework in which we proposed thisapproach is an algebraic synthesis method Since the problemis located in the frontier between formal and informalintervention of the designer is necessary Nevertheless wehave shown that this intervention can be guided by the resultsof the formal method provides
Mathematical Problems in Engineering 15
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] International Electrotechnical Commission IEC 61131-3 IEC61131-3 Standard Programmable Controllers-Part 3 Program-ming Languages International Electrotechnical Commission2nd edition 2003
[2] G Frey and L Litz ldquoFormal methods in PLC programmingrdquoin Proceedings of the IEEE International Conference on SystemsMan and Cybernetics vol 4 pp 2431ndash2436 October 2000
[3] B Berard M Bidoit A Finkel et al Systems and Software Ver-ification Model-Checking Techniques and Tools Springer NewYork NY USA 1st edition 1999
[4] H Bel Mokadem B Berard V Gourcuff O De Smet andJ Roussel ldquoVerification of a timed multitask system withUPPAALrdquo IEEE Transactions on Automation Science and Engi-neering vol 7 no 4 pp 921ndash932 2010
[5] J L Boulanger Ed Industrial Use of Formal Methods FormalVerification (ISTE) Wiley-ISTE New York NY USA 2012
[6] P J G Ramadge andWMWonham ldquoControl of discrete eventsystemsrdquo Proceedings of the IEEE vol 77 no 1 pp 81ndash98 1989
[7] P Gohari and W M Wonham ldquoOn the complexity of supervi-sory control design in the RW frameworkrdquo IEEE Transactionson Systems Man and Cybernetics B vol 30 no 5 pp 643ndash6522000
[8] Y Hietter Synthese algebrique de lois de commande pour lessystemes a evenements discrets logiques [PhD thesis] ENSCachan Cachan France 2009
[9] H-M Hanisch A Lueder and J Thieme ldquoModular plantmodeling technique and related controller synthesis problemsrdquoin Proceedings of the 1998 IEEE International Conference onSystems Man and Cybernetics pp 686ndash691 October 1998
[10] J-M Roussel and A Giua ldquoDesigning dependable logic con-trollers using the supervisory control theoryrdquo in Proceedings ofthe 16th IFACWorld Congress cDRom paper 4427 p 6 PrahaCzech Republic 2005
[11] D A Huffman ldquoThe synthesis of sequential switching circuitsrdquoJournal of the Franklin Institute vol 257 no 3-4 pp 161ndash3031954
[12] G H Mealy ldquoA method for synthesizing sequential circuitsrdquoBell System Technical Journal vol 34 no 5 pp 1045ndash1079 1955
[13] E F Moore ldquoGedanken-experiments on sequential machinesrdquoin Automata Studies pp 129ndash153 Princeton University PressPrinceton NJ USA 1956
[14] S Rudeanu Lattice Functions and Equations (Discrete Mathe-matics and Theoretical Computer Science) Springer New YorkNY USA 2001
[15] FM Brown Boolean Reasoning the Logic of Boolean EquationsDover Mineola NY USA 2003
[16] A Pnueli andR Rosner ldquoOn the synthesis of a reactivemodulerdquoin Proceedings of the 16th ACM symposium on Principles ofprogramming languages (POPL rsquo89) pp 179ndash190 ACM NewYork NY USA 1989
[17] E Filiot N Jin and J Raskin ldquoAntichains and compositionalalgorithms for LTL synthesisrdquoFormalMethods in SystemDesignvol 39 no 3 pp 261ndash296 2011
[18] J Machado B Denis J J Lesage J M Faure and J FereiraldquoLogic controllers dependability verification using a plantmodelrdquo in Proceedings of the 3rd IFAC Workshop on Discrete-Event System Design (DESDes rsquo06) pp 37ndash42 Rydzyna Poland2006
[19] Y Hietter J-M Roussel and J-L Lesage ldquoAlgebraic synthesisof transition conditions of a state modelrdquo in Proceedings of the9th International Workshop on Discrete Event Systems (WODESrsquo08) pp 187ndash192 Goteborg Sweden May 2008
[20] Y Hietter J-M Roussel and J J Lesage ldquoAlgebraic synthesis ofdependable logic controllersrdquo in Proceedings of the 17th WorldCongress International Federation of Automatic Control (IFACrsquo08) pp 4132ndash4137 Seoul South Korea July 2008
[21] A Guignard Symbolic generation of the automaton representingan algebraic description of a logic system [MS thesis] ENSCachan Cachan France 2011
[22] R P Grimaldi Discrete and Combinatorial Mathematics AnApplied Introduction Addison-Wesley Longman Boston MassUSA 5th edition 2004
[23] J-M Roussel and J-J Lesage ldquoAlgebraic synthesis of logicalcontrollers despite inconsistencies in specificationsrdquo in Proceed-ing of the 11th International Workshop on Discrete Event Systems(WODES rsquo12) pp 307ndash314 Guadalajara Mexico 2012
[24] H Leroux Algebraic Synthesis of Logical Controllers with Opti-mization Criteria ENS Cachan Cachan France 2011
[25] H Leroux and J -M Roussel ldquoAlgebraic synthesis of logicalcontrollers with optimization criteriardquo in Proceedings of the6th International Workshop on Verification and Evaluation ofComputer and Communication Systems (VECOS rsquo12) pp 103ndash114 Paris France 2012
[26] M Cantarelli and J Roussel ldquoReactive control system designusing the supervisory control theory evaluation of possibilitiesand limitsrdquo in Proceedings of 9th International Workshop onDiscrete Event Systems (WODES rsquo08) pp 200ndash205 GoteborgSweden May 2008
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Mathematical Problems in Engineering 3
the formula (forall119909)(exist119910)120593(119909 119910) is equivalent to the second-order formula (exist119891)(forall119909)120593(119909 119891(119909)) stating the existence of afunction 119891 such that 120593(119909 119891(119909)) holds for every 119909
This approach provides a conceptual framework for therigorous derivation of a program from its formal specifica-tion It has also been used to synthesize specifications underthe form of finite automata from their linear temporal logic(LTL) description [17]
The core of our approach is based on this strategy we aimat deducing the (119902+119903) switching functions of (119901+119903) variableswhich define the behavior of the controller from a formula120593(119906119894[119896] 119909119897[119896 minus 1] 119910
119895[119896] 119909119897[119896]) that holds for every 119896 every
119906119894[119896] and every 119909
119897[119896 minus 1]
To cope with combinatorial explosion switching func-tions will be handled through a symbolic representation (andnot their truth-tables which contain 2(119901+119903) Boolean values)Each input 119906
119894(resp output 119910
119895) of the controller will be
represented by a switching function 119880119894(resp 119884
119895) To take
into account the recursive aspect of state variables each statevariable 119909
119897will be represented by two switching functions119883
119897
(for time [119896]) and119901119883119897(for time [119896 minus 1])
According to this representation the synthesis of controllaws of a logical system from its specification can now betransformed into the search of the solutions to themathemat-ical problem as follows
(forall119880119894) (forall119901119883119897) (exist119884119895) (exist119883
119897) 120593 (119880
119894119901119883119897 119884119895 119883119897) (1)
where (119880119894119901119883119897 119884119895 119883119897) are (119901 + 119902+ 2119903) switching functions of
(119901 + 119903) variables
3 Overview of Our Method
The input data of the proposed method (Figure 3) areunformal functional and safety requirements given by thedesigner In practice these requirements are most oftengiven in a textual form andor by using technical Taylor-made languages (Gantt diagrams function blocks diagramsGrafcet etc) or imposed standards
All the steps of our synthesis method are implementedinto a prototype software tool developed in Python (Casestudies are available online httpwwwlurpaens-cachanfr-226050kjsp) The first step is the formalization of require-ments within an algebraic description examples are givenin Section 52 Requirements expressed with a state modelcan directly be translated into recurrent Boolean equationsthanks to the algorithm proposed by Machado et al [18] Incase where the knowhow of the designer enables him to builda priori the global form of the solution (or of a part of thewhole solution) it is also possible to give fragments of solutionas requirements [19]
The second step consists in checking the consistency ofthe set of requirements by symbolic calculationThe sufficientcondition for checking this consistency has been given in [20]but no strategy has been proposed for coping with potentialinconsistencies In this paper we show that thanks to newtheorems the causes of these inconsistencies can be pointedout It is then possible for the designer to fix priority rules
Functional andsafety requirements
Formalization1
Set of formalizedrequirements
Consistency checking2
Priorities betweenrequirements
InconsistencyconditionsSystem of equations
Equation solving3
Parametricsolution
Solution choice4
Control laws
Optimizationcriteria
Figure 3 The algebraic synthesis method step by step
between the concerned requirements that will allow findingif exist solutions despite inconsistencies
The core of the method is the third step which consistsin the synthesis of the control laws This step is performedby solving the system of equations which represents the setof consistent requirementsThemathematical results we haveobtained (Theorem 12 given in Section 43) allow finding aparametric expression of the set of solutions
In the fourth step of the method a particular solution hasto be chosen among the set of solutions For that a specificvalue of each parameter of the general solution has to befixed In a previous work [19] we showed how well chosenheuristics can be used for fixing these parameters In thispaper we show that the choice of a particular solution amongthe set of solutions can be expressed as an optimizationproblemWepropose new theorems that allow calculating themaximum and the minimum of a Boolean formula and weshow how optimal solutions can be automatically found Forergonomic reasons the synthesized control laws can finallybe displayed under the form of a finite automaton [21]
After the mathematical background of the method hasbeen recalled we are going to show how in considerationof specific hypotheses the second step of the method can beimproved by a correction loop helping the designer to formal-ize the requirements and so improving the robustness of oursynthesismethod to the lack of precision of the specificationsThe strategy to find an optimal solution according to givencriteria will be also presented
4 Mathematical Foundations
This section is composed of five subsections Sections 41and 42 recall some classical results about Boolean algebras
4 Mathematical Problems in Engineering
and the Boolean algebra of 119899-variable switching functionsSection 43 presents how to solve Boolean equations Sections44 and 45 present specific results obtained for the algebraicsynthesis of control laws
41 Boolean Algebra Typical Feature
Definition 1 (Boolean algebra) (Definition 155 of [22]) LetB be a nonempty set that contains two special elements 0 (thezero element) and 1 (the unity or one element) and on whichwe define two closed binary operations + sdot and an unaryoperation Then (B + sdot 0 1) is called a Boolean algebraif the following conditions are satisfied for all 119909 119910 119911 isin B
Commutative Laws119909 + 119910 = 119910 + 119909
119909 sdot 119910 = 119910 sdot 119909
Distributive Laws119909 sdot (119910 + 119911) = (119909 sdot 119910) + (119909 sdot 119911)
119909 + (119910 sdot 119911) = (119909 + 119910) sdot (119909 + 119911)
Identity Laws119909 + 0 = 119909
119909 sdot 1 = 119909
Inverse Laws119909 + 119909 = 1
119909 sdot 119909 = 0
0 = 1
(2)
Many Boolean algebras could be defined The mostknown are the two-element Boolean algebra (0 1 or and not0 1) and the algebra of classes (set of subsets of a set 119878)(2119878 cup cap 0 119878)
Definition 2 (Boolean formula) (From Section 36 of [15])A Boolean formula (or a Boolean expression) on B is anyformula which represents a combination of members of Bby the operations + sdot or
By construction any Boolean formula on B representsone and only one member of B Two Boolean formulae areequivalent if and only if they represent the same member ofB Later on a Boolean formula F built with the members(1205721 120572
119899) ofB is denotedF(120572
1 120572
119899)
Theorem 3 (Boolersquos expansion of a Boolean formula) Let(1205721 120572
119899) be 119899members ofB 0 1 Any Boolean Formula
F(1205721 120572
119899) can be expanded as
F (1205721 120572
119899) = F
0(1205722 120572
119899) sdot 1205721+F1(1205722 120572
119899) sdot 1205721
(3)
where F0(1205722 120572
119899) and F
1(1205722 120572
119899) are Boolean for-
mulae of only 1205722 120572
119899 These two formulae can be directly
obtained fromF(1205721 120572
119899) as follows
F0(1205722 120572
119899) = F(120572
1 120572
119899)10038161003816100381610038161205721larr0
= F (0 1205722 120572
119899)
F1(1205722 120572
119899) = F (120572
1 120572
119899)10038161003816100381610038161205721larr1
= F (1 1205722 120572
119899)
(4)
The relation equality is not the only defined relationon a Boolean algebra It is also possible to define a partialorder relation between members ofB This relation is calledInclusion-Relation in [15]
Definition 4 (Inclusion-Relation) (Definition 156 of [22]) If119909 119910 isin B define 119909 le 119910 if and only if 119909 sdot 119910 = 119909
As Relation Inclusion is reflexive (119909 le 119909) antisymmetric(if 119909 le 119910 and 119910 le 119909 then 119909 = 119910) and transitive (if 119909 le 119910
and 119910 le 119911 then 119909 le 119911) this relation defines a partial orderbetween members ofB (Theorem 154 of [22])
Since in any Boolean algebra 119909 sdot 119910 = 119909 hArr 119909 sdot 119910 = 0 wealso have 119909 le 119910 hArr 119909 sdot 119910 = 0
Remark 5 For the algebra of classes (2119878 cup cap 0 119878) theInclusion-Relation is the well-known relation sube and we have119909 sube 119910 hArr 119909 cap 119910 = 119909
Theorem 6 (reduction of a set of relations) (Theorem 531 of[15]) Any set of simultaneously asserted relations built with themembers (120572
1 120572
119899) ofB can be reduced to a single equivalent
relation such asF(1205721 120572
119899) = 0
To obtain this equivalent relation it is necessary
(i) to rewrite each equality according to
F1(1205721 120572
119899) = F
2(1205721 120572
119899)
lArrrArr F1(1205721 120572
119899) sdotF2(1205721 120572
119899)
+F1(1205721 120572
119899) sdotF2(1205721 120572
119899) = 0
(5)
(ii) to rewrite each inclusion according to
F1(1205721 120572
119899) le F
2(1205721 120572
119899)
lArrrArr F1(1205721 120572
119899) sdotF2(1205721 120572
119899) = 0
(6)
(iii) to group together rewritten equalities as follows
F1(1205721 120572
119899) = 0
F2(1205721 120572
119899) = 0
lArrrArr F1(1205721 120572
119899) +F
2(1205721 120572
119899) = 0
(7)
42 The Boolean Algebra of 119899-Variable Switching FunctionsTo avoid confusion between Boolean variables and Booleanfunctions of Boolean variables each Boolean variable 119887
119894is
denoted by119887119887119894 The set of the two Boolean values
1198870 and 1198871is denoted by 119861 =
1198870 1198871
Definition 7 (119873-variable switching functions) (FromSection311 of [15]) An 119899-variable switching function is a mapping ofthe form
119891119861119899 997888rarr 119861
(1198871198871 119887119887119899) ∣997888rarr 119891 (
1198871198871 119887119887119899)
where 119861 = 11988701198871
(8)
Mathematical Problems in Engineering 5
The domain of a 119899-variable switching function has 2119899elements and the codomain has 2 elements hence there are22119899
119899-variable switching functions Let 119865119899(119861) be the set of the
22119899
119899-variable switching functions119865119899(119861) contains (119899 + 2) specific 119899-variable switching
functions the 2 constant functions (0 1) and the 119899 projection-functions (119891119894Proj) These functions are defined as follows
0119861119899 997888rarr 119861
(1198871198871 119887119887119899) ∣997888rarr
1198870
1119861119899 997888rarr 119861
(1198871198871 119887119887119899) ∣997888rarr
1198871
119891119894
Proj119861119899997888rarr 119861
(1198871198871 119887119887119899) ∣997888rarr
119887119887119894
(9)
119865119899(119861) can be equipped with three closed operations (two
binary and one unary operations)
Op + 119865119899(119861)2997888rarr 119865119899 (119861)
(119891 119892) ∣997888rarr 119891 + 119892
Op sdot 119865119899(119861)2997888rarr 119865119899 (119861)
(119891 119892) ∣997888rarr 119891 sdot 119892
Op 119865119899 (119861) 997888rarr 119865
119899 (119861)
119891 ∣997888rarr 119891
(10)
where forall(1198871198871 119887119887119899) isin 119861119899
(119891 + 119892) (1198871198871 119887119887119899)
= 119891 (1198871198871 119887119887119899) or 119892 (
1198871198871 119887119887119899)
(119891 sdot 119892) (1198871198871 119887119887119899)
= 119891 (1198871198871 119887119887119899) and 119892 (
1198871198871 119887119887119899)
119891 (1198871198871 119887119887119899) = not119891 (
1198871198871 119887119887119899)
(11)
(119865119899(119861) + sdot 0 1) is a Boolean algebra [22] Then it is
possible to write a Boolean formula of 119899-variable switch-ing functions and relations between Boolean formula of119899-variable switching functions In the case of 119899-variableswitching functions relations Equality and Inclusion can alsobe presented as follows
(i) 119891 and 119892 are equal (119891 = 119892) if and only if the columnsof the truth-tables of 119891 119892 are exactly the same thatis forall(
1198871198871 119887119887119899) isin 119861
119899 119891(1198871198871 119887119887119899) = 119892(
1198871198871
119887119887119899)
(ii) 119891 is included into 119892 (119891 le 119892) if and only if the valueof 119892 is always
1198871 when the value of 119891 is
1198871 that
is forall(1198871198871 119887119887119899) isin 119861
119899 [119891(1198871198871 119887119887119899) =
1198870] or[119892(1198871198871 119887119887119899) =1198871]
Remark 8 Each 119899-variable switching function can be ex-pressed as a composition of (1198911Proj 119891
119899
Proj 0 1) by opera-tions + sdot and
Therefore the Boolean algebra (119865119899(119861) + sdot 0 1) is a
mathematical framework which allows composing and tocomparing switching functions Thanks to the results pre-sented in the next subsection this framework allows alsosolving Boolean equations systems of switching functions
43 Solutions of Boolean Equations over Boolean Algebra119865119899(119861) In [15] Brown explains that many problems in the
application of Boolean algebra may be reduced to solving anequation of the form
119891 (119883) = 0 (12)
over a Boolean algebraB Formal procedures for producingsolution of this equationwere developed by Boole himself as away to treat problems of logical inference Boolean equationshave been studied extensively since Boolersquos initial work (abibliography of nearly 400 sources is presented in [14])Theseworks concern essentially the two-element Boolean algebra(1198870 1198871 or and not 1198870 1198871)In our case we focus on the Boolean algebra of 119899-
variable switching functions 119865119899(119861) We consider a Boolean
system composed of 119898 relations among members of 119865119899(119861)
for which 119896 of them are considered as unknowns Theoremspresented in this section permit to solve any system ofBoolean equations as it exists in a canonic form of a Booleansystem of 119896 unknowns and we are able to calculate solutionsfor this form
431 Canonic Form of a Boolean System of 119896 Unknowns overBoolean Algebra 119865
119899(119861) Consider the Boolean algebra of 119899-
variable switching functions (119865119899(119861) + sdot 0 1)
(i) Let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861)
(ii) Let (1199091 119909
119896) be 119896 elements of 119865
119899(119861) considered as
unknowns
For notational convenience we note ldquo119883119896rdquo as the vector
(1199091 119909
119896) of the 119896 unknowns and ldquoProjrdquo as the vector
(1198911
Proj 119891119899
Proj) of the 119899 projection-functions of 119865119899(119861)
Theorem 9 (reduction of a set of relations between 119899-variableswitching functions) Any set of simultaneously asserted rela-tions of switching functions can be reduced to a single equiva-lent relation such as
F (119883119896 Proj) = 0 (13)
This theorem comes fromTheorem 6In order to be able to write a canonic form for a Boolean
system of 119896 unknowns over Boolean algebra 119865119899(119861) we
introduce the following notation for 119909 isin 119865119899(119861) and 119886 isin 0 1
119909119886 is defined by
1199090= 119909 119909
1= 119909 (14)
6 Mathematical Problems in Engineering
This notation is extended to vectors as follows for 119883119896=
(1199091 119909
119896) isin 119865
119899(119861)119896 and 119860
119896= (1198861 119886
119896) isin 0 1
119896 119883119860119896119896
is defined by
119883119860119896
119896=
119894=119896
prod
119894=1
119909119886119894
119894= 1199091198861
119894sdot sdot sdot sdot sdot 119909
119886119896
119896 (15)
Theorem 10 (canonic form of a Boolean equation) AnyBoolean equation 119864119902(119883
119896 119875119903119900119895) = 0 can be expressed within
the canonic form
sum
119860119896isin01119896
Eq (119860119896 Proj) sdot 119883119860119896
119896= 0 (16)
where 119864119902(119860119896 119875119903119900119895) (with 119860
119896isin 0 1
119896) are the2119896119889119894119904119888119903119894119898119894119899119886119899119905119904 of 119864119902(119883
119896 119875119903119900119895) = 0 according to 119883
119896
(the term of ldquodiscriminantrdquo comes from [15])
This canonic form is obtained by expanding Eq(119883119896Proj)
according to the 119896 unknowns (1199091 119909
119896) For example we
haveEq (119909Proj) = Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909
Eq (1199091 1199092Proj) = Eq (0 0Proj) sdot 119909
1sdot 1199092
+ Eq (0 1Proj) sdot 1199091sdot 1199092
+ Eq (1 0Proj) sdot 1199091sdot 1199092
+ Eq (1 1Proj) sdot 1199091sdot 1199092
(17)
432 Solution of a Single-Unknown Equation over 119865119899(119861)
The following theorem has initially been demonstrated forthe two-element Boolean algebra [14] A generalization forall Boolean algebras can be found in [15] but no detaileddemonstration is given A new formalization of this theoremand its full demonstration are given below
Theorem 11 (solution of a single-unknown equation) TheBoolean equation over 119865
119899(119861)
119864119902 (119909 119875119903119900119895) = 0 (18)
for which the canonic form is
119864119902 (0 119875119903119900119895) sdot 119909 + 119864119902 (1 119875119903119900119895) sdot 119909 = 0 (19)
is consistent (ie has at least one solution) if and only if thefollowing condition is satisfied
119864119902 (0 119875119903119900119895) sdot 119864119902 (1 119875119903119900119895) = 0 (20)
In this case a general form of the solutions is
119909 = 119864119902 (0 119875119903119900119895) + 119901 sdot 119864119902 (1 119875119903119900119895) (21)
where 119901 is an arbitrary parameter that is a freely-chosenmember of 119865
119899(119861)
This solution can also be expressed as
119909 = 119864119902 (1 119875119903119900119895) sdot (119864119902 (0 119875119903119900119895) + 119901)
= 119901 sdot 119864119902 (0 119875119903119900119895) + 119901 sdot 119864119902 (1 119875119903119900119895)
(22)
Proof This theorem can be proved in four steps as follows
(a) Equation (18) is consistent if and only if (20) issatisfied
(b) Equation (21) is a solution of (18) if (20) is satisfied(c) each solution of (18) can be expressed as (21)(d) if (20) is satisfied the three parametric forms pro-
posed are equivalent
Step (a) can be proved as follows Equation (20) is asufficient condition for (18) to admit solutions since 119909 =
Eq(0Proj) is an obvious solution of (18) Equation (20) isalso a necessary condition as if (18) admits a solution then(18) can be also expressed thanks to the consensus theoremas Eq(0Proj) sdot119909+Eq(1Proj) sdot119909+Eq(0Proj) sdotEq(1Proj) = 0and we have necessarily Eq(0Proj) sdot Eq(1Proj) = 0
To prove Step (b) it is sufficient to substitute the expres-sion for 119909 from (21) into (18) and to use (20) as follows
Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909
= Eq (0Proj) sdot (Eq (0Proj) + 119901 sdot Eq(1Proj))
+ Eq (1Proj) sdot (Eq (0Proj) + 119901 sdot Eq(1Proj))
= Eq (0Proj) sdot Eq (0Proj) sdot (119901 sdot Eq (1Proj))
+ Eq (0Proj) sdot Eq (1Proj)
+ 119901 sdot Eq (1Proj) sdot Eq (1Proj)
= 0 + 0 + 0 = 0
(23)
To prove Step (c) it is sufficient to find one element 119901 of119865119899(119861) for each solution for 119909 of (18) Let us consider 119901 defined
by ldquo119901 = Eq(0Proj) sdot Eq(1Proj) sdot 119909rdquo where 119909 is a solution to(18) Then we have
Eq (0Proj) sdot Eq (1Proj) = 0Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909 = 0119901 = Eq(0Proj) sdot Eq(1Proj) sdot 119909
997904rArr 119909 = Eq (0Proj) + 119901 sdot Eq(1Proj)
(24)
as
119909 = 1 sdot 119909 = (Eq (0Proj) + Eq (1Proj)
+Eq (0Proj) sdot Eq (1Proj)) sdot 119909
= Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909
+ Eq (0Proj) sdot Eq (1Proj) sdot 119909
= Eq (0Proj) sdot 119909 + 0 + Eq (1Proj)
sdot (Eq (0Proj) sdot Eq (1Proj) sdot 119909)
as Eq (1Proj) sdot 119909 = 0
Mathematical Problems in Engineering 7
= Eq (0Proj) sdot 119909 + Eq (0Proj) sdot 119909
+ Eq (1Proj) sdot 119901 as Eq (0Proj) sdot 119909 = 0
= Eq (0Proj) sdot (119909 + 119909) + 119901 sdot Eq (1Proj)
= Eq (0Proj) + 119901 sdot Eq (1Proj)(25)
To prove Step (d) it is sufficient to rewrite (21) in the twoother forms by using (20) as follows
119909 = 1 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= (Eq (1Proj) + Eq (1Proj)) sdot Eq (0Proj)
+ 119901 sdot Eq (1Proj)
= Eq (0Proj) sdot Eq (1Proj) + (Eq (0Proj) + 119901)
sdot Eq(1Proj)
= 0 + Eq(1Proj) sdot (Eq (0Proj) + 119901)
= Eq (1Proj) sdot (Eq (0Proj) + 119901)
119909 = 1 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= (119901 + 119901) sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= 119901 sdot Eq (0Proj) + 119901 sdot (Eq (0Proj) + Eq (1Proj))
= 119901 sdot Eq (0Proj)
+ 119901 sdot (Eq (0Proj) sdot Eq (1Proj) + Eq (1Proj))
= 119901 sdot Eq (0Proj) + 119901 sdot (0 + Eq (1Proj))
= 119901 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)(26)
433 Solution of 119896-Unknown Equations over 119865119899(119861) The
global result presented in the following theorem can be foundin [14] or [15] However in these works the solution is notexpressed with a parametric form but with intervals onlyThe formulation presented in this paper is more adaptedto symbolic computation and is mandatory for practiceoptimization
A 119896-unknown equation can be solved by solving suc-cessively 119896 single-unknown equations If we consider the 119896-unknown equation as a single-unknown equation of 119909
119896 its
consistence condition corresponds to a (119896 minus 1)-unknownequationThe process can be iterated until 119909
1 After substitut-
ing 119878(1199091) for 119909
1in the last equation it is possible to find the
solution for 1199092 Then it is sufficient to apply this procedure
again (119896 minus 2) times to obtain successively the solutions 119878(1199093)
to 119878(119909119896)
Theorem 12 (solution of a 119896-unknown equation) TheBoolean equation over 119865
119899(119861)
1198641199020(119883119896 119875119903119900119895) = 0 (27)
is consistent (ie has at least one solution) if and only if thefollowing condition is satisfied
prod
119860119896isin01119896
1198641199020(119860119896 119875119903119900119895) = 0 (28)
If (28) is satisfied (27) admits one or more 119896-tuple solutions(119878(1199091) 119878(119909
119896)) such each component 119878(119909
119894) is defined by
119878 (119909119894) = prod
119860119896minus119894isin01119896minus119894
119864119902119894minus1
(0 119860119896minus119894 119875119903119900119895)
+ 119901119894sdot prod
119860119896minus119894isin01119896minus119894
119864119902119894minus1
(1 119860119896minus119894 119875119903119900119895)
(29)
with
(i) 119864119902119894(119909119894+1 119909
119896 119875119903119900119895) = 119864119902
119894minus1(119909119894 119909119894+1 119909
119896
119875119903119900119895)|119909119894larr119878(119909119894)
(ii) 119901119894is an arbitrary parameter that is a freely-chosen
member of 119865119899(119861)
The full demonstration of this theorem cannot be givenin this paper because of lack of space (a full demonstration bymathematical induction can be found in [8]) A description ofthe different steps of the proof and the detail of the principalsteps are given below
Proof (elements of Proof) Equation (27) can be solved byapplying Theorems 3 and 11 119896 times according to theunknowns 119909
119896to 1199091as follows
According toTheorem 3 (27) is equivalent to
Eq0(119883119896minus1
0Proj) sdot 119909119896+ Eq0(119883119896minus1
1Proj) sdot 119909119896= 0 (30)
According to Theorem 11 (30) admits solutions in 119909119896if and
only if
Eq0(119883119896minus1
0Proj) sdot Eq0(119883119896minus1
1Proj) = 0 (31)
Equation (31) is an equationwith (119896minus1)unknowns Each termof (31) can be expanded according to 119909
119896minus1and (31) can be
written in the form
(Eq0(119883119896minus2
0 0Proj) sdot Eq0(119883119896minus2
0 1Proj)) sdot 119909119896minus1
+ (Eq0(119883119896minus2
1 0Proj) sdot Eq0(119883119896minus2
1 1Proj)) sdot 119909119896minus1
= 0
(32)
According toTheorem 11 (32) admits solutions in 119909119896minus1
if andonly if
prod
1198602isin012
Eq0(119883119896minus2
1198602Proj) = 0 (33)
8 Mathematical Problems in Engineering
Equation (33) is an equation with (119896 minus 2) unknowns Eachterm of (33) can be expanded according to 119909
119896minus2and (33) can
be written in the form
( prod
1198602isin012
Eq0(119883119896minus3
0 1198602Proj)) sdot 119909
119896minus2
+ ( prod
1198602isin012
Eq0(119883119896minus3
1 1198602Proj)) sdot 119909
119896minus2= 0
(34)
In the end we obtain an equation of only one unknown1199091defined by
( prod
119860119896minus1isin01119896minus1
Eq0(0 119860119896minus1
Proj)) sdot 1199091
+ ( prod
119860119896minus1isin01119896minus1
Eq0(1 119860119896minus1
Proj)) sdot 1199091= 0
(35)
According to Theorem 11 (35) admits solutions if andonly if
prod
119860119896isin01119896
Eq0(119860119896Proj) = 0 (36)
When (36) is satisfied the 119896 equations for 1199091to 119909119896
admit solutions Equation (27) is then coherent and admitssolutions
When (36) is satisfied solutions of (35) for 1199091are
119878 (1199091) = prod
119860119896minus1isin01119896minus1
Eq0(0 119860119896minus1
Proj)
+ 1199011sdot prod
119860119896minus1isin01119896minus1
Eq0(1 119860119896minus1
Proj)(37)
After substituting 119878(1199091) for 119909
1into (27) we obtain a new
equation Eq1(1199092 119909
119896Proj) = 0 involving the (119896 minus 1)
unknowns (1199092 119909
119896) where
Eq1(1199092 119909
119896Proj) = Eq
0(1199091 1199092 119909
119896Proj) |
1199091larr119878(1199091)
(38)
By applying the previous procedure we can obtain 119878(1199092)
and Eq2(1199093 119909
119896Proj)Then it suffices to apply this proce-
dure again (119896minus2) times to obtain successively solutions 119878(1199093)
to 119878(119909119896)
It is important to note that the order in which unknownsare treated affects only the parametric form of the 119896-tuplesolutionThis is due to the fact that the same 119896-tuple solutioncan be represented with several distinct parametric forms
434 Partial Conclusions Thanks to theorems presentedabove it is possible to obtain a parametric representationof all the solutions of any set of simultaneously assertedrelations with 119896 unknowns if a solution exists In practicedue to the complexity of systems to be designed proposedset of simultaneously asserted relations is generally incon-sistent [23] To simplify the work of the designer we haveproved complementary theorems to improve the robustnessof our method to the lack of precision of the specifications(Section 44)
When several solutions exist the comparison of solutionsaccording to a given criterion can be envisaged since theBoolean algebra 119865
119899(119861) is equipped with a partial order To
simplify the work of the designer too we have developed amethod to calculate the best solutions according to one orseveral criteria (Section 45)
44Theorems toCopewith Inconsistencies of Specifications Inpractice it is very difficult for a designer to specify the wholerequirements of a complex system without inconsistencies Itis the reasonwhy requirements given by the designer are oftendeclared as inconsistent according to Theorem 12 Since theinconsistency condition is a Boolean formula it is possible touse it for the detection of the origin of inconsistencies Twocases have to be considered as follows
(i) Several requirements cannot be simultaneouslyrespected In this case a hierarchy between require-ments can be proposed in order to find a solutionThe requirements which have the lower priority haveto be corrected for becoming consistent with therequirements which have the higher priority Thisstrategy is based onTheorem 14
(ii) Thedetected inconsistency refers to specific combina-tions of projection-functions for which the designerknows that they are impossible blocking the synthesisprocess it is necessary to introduce new assumptionsand to use Theorem 13
Theorem 13 (solution of a Boolean equation according to anassumption among the projection-functions) The followingproblem
Equationtosolve
1198641199020(119883119896 119875119903119900119895) = 0
Assumptions
A (119875119903119900119895) = 0
(39)
admits the same solutions as the following equation
1198641199020(119883119896 119875119903119900119895) le A (119875119903119900119895) (40)
Mathematical Problems in Engineering 9
Proof According to A(Proj) = 0 Eq0(119883119896Proj) = 0 can be
rewritten as
Eq0(119883119896Proj) = 0
A (Proj) = 0
lArrrArr A (Proj) + Eq0(119883119896Proj) = 0
lArrrArr A (Proj) +A (Proj) sdot Eq0(119883119896Proj) = 0
lArrrArr A(Proj) sdot Eq
0(119883119896Proj) = 0
A (Proj) = 0
lArrrArr Eq0(119883119896Proj) le A (Proj)
A (Proj) = 0
(41)
EquationA(Proj) sdot Eq0(119883119896Proj) = 0 is consistent if and
only if the following condition is true (Theorem 12)
A (Proj) sdot prod
119860119896isin01119896
Eq0(119860119896Proj) = 0 (42)
By construction this new condition is the subset of theinitial condition (prod
119860119896isin01119896Eq0(119860119896Proj) = 0) for which the
proposed assumption is satisfied All the other terms havebeen removed
If (42) is satisfied (40) admits one or more 119896-tuplesolutions where each component 119878(119909
119894) is defined by
119878 (119909119894) = A(Proj)
sdot ( prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(0 119860119896minus119894Proj)
+ 119901119894sdot prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(1 119860119896minus119894Proj))
+A (Proj) sdot 119901119894
(43)
AsA(Proj) = 0 119878(119909119894) can also be expressed as
119878 (119909119894) = prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(0 119860119896minus119894Proj) + 119901
119894
sdot prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(1 119860119896minus119894Proj)
(44)
When A(Proj) = 0 is satisfied the solutions of (40) are alsosolution to Eq
0(119883119896Proj) = 0
Theorem 14 (Solution of a Boolean equation system accord-ing to a priority rule between requirements) The followingproblem
119864119902119906119886119905119894119900119899119904119904119910119904119905119890119898119905119900solve
119867119877 FH (119883119896 119875119903119900119895) = 0
119871119877 FL (119883119896 119875119903119900119895) = 0
119874119877 FO (119883119896 119875119903119900119895) = 0
119875119903119894119900119903119894119905119910119903119906119897119890119887119890119905119908119890119890119899requirements
119867119877 ≫ 119871119877
(45)
where
(i) FH(119883119896 119875119903119900119895) = 0 is the formal expression of therequirements which have the higher priority (HR)
(ii) FL(119883119896 119875119903119900119895) = 0 is the formal expression of therequirements which have the lower priority (LR)
(iii) FO(119883119896 119875119903119900119895) = 0 is the formal expression of the othersrequirements (OR)
(iv) 119867119877 ≫ 119871119877 is the priority rule between inconsistentrequirements
admits the same solutions as the system of equations as follows
FH (119883119896 119875119903119900119895) = 0
FL (119883119896 119875119903119900119895) le I (119875119903119900119895)
FO (119883119896 119875119903119900119895) = 0
(46)
whereI(119875119903119900119895) is the inconsistency condition between require-ments ldquoHRrdquo and ldquoLRrdquo
I (119875119903119900119895) = prod
119860119896isin01119896
(FH (119860119896 119875119903119900119895) +FL (119860
119896 119875119903119900119895))
(47)
Proof Thanks to Theorem 12 the inconsistency conditionI(Proj) between requirements ldquoHRrdquo and ldquoLRrdquo can be foundby solving equation FH(119883119896Proj) + FL(119883119896Proj) = 0 Wehave
I (Proj) = prod
119860119896isin01119896
(FH (119860119896Proj) +FL (119860
119896Proj))
(48)
To remove the inconsistency between requirements ldquoHRrdquo andldquoLRrdquo according to the priority rule ldquoHR≫ LRrdquo it is necessaryto restrict the range of requirement ldquoLRrdquo to the part for whichthere is no inconsistency that is I(Proj) = 0 That is thecase whenFL(119883119896Proj) = 0 is replaced byFL(119883119896Proj) leI (Proj)
Thanks to Theorem 12 (49) admits always one or more119896-tuple solutions and it is impossible to find a less restrictivecondition over requirement ldquoLRrdquo
FH (119883119896Proj) = 0
FL (119883119896Proj) le I (Proj)
(49)
10 Mathematical Problems in Engineering
45 Optimal Solutions of Boolean Equations over 119865119899(119861) The
goal of this step is to be able to obtain automatically theparametric form of the 119896-tuples solutions of 119865
119899(119861) which
satisfy not only a given equation (Eq(119883119896Proj) = 0) of
Boolean functions but also which maximize (or minimize) aBoolean formula of these Boolean functions (F
119862(119883119896Proj))
corresponding to the desired optimization criterionGenerally speaking the search of the best solution tuples
according to a given criterion when the space of solutions iscomposed of discrete values is a complex mathematical issueIt is sometimes necessary to make a side-by-side comparisonof each solution in order to identify the best one In our casethis exhaustive method which cannot be used as 119865
119899(119861) is only
provided by a partial order two particular solutions cannotalways be ordered between themselves
Nevertheless it is possible to obtain the researchedparametric form of the 119896-tuples thanks to the followingresults
(i) When an equation between Boolean functions hasone or more solution tuples in 119865
119899(119861) every Boolean
formula onto these Boolean functions can be rewrit-ten thanks to only projection-functions of 119865
119899(119861) and
free parameters of 119865119899(119861) which are describing these
solution tuples(ii) Every Boolean formula expressed as a composition
of projection-functions of 119865119899(119861) and free parameters
of 119865119899(119861) has a unique maximum and a unique
minimumThese extrema can be expressed thanks toonly projection-functions of 119865
119899(119861)
Hence it is then possible to rewrite the initial problem
Problem to solve
Eq (119883119896Proj) = 0
Optimization Criterion
Maximization of FC (119883119896Proj)
(50)
into a 2-equation system to solve
Eq (119883119896Proj) = 0
F119862(119883119896Proj) = Max
119883119896|Eq(119883119896 Proj)=0(F119862(119883119896Proj)) (51)
451 Extrema of a Boolean Formula according to FreelyChosen Members of 119865
119899(119861) Considering the Boolean algebra
of 119899-variable switching functions (119865119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861)
(ii) let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector
Any formula F(119875119896Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) defines a subset of 119865
119899(119861) According to
the relation le elements of this subset can be compared
In this specific case the subset defined byF(119875119896Proj) admits
a minimal element and a maximal element
Theorem 15 (minimum and maximum of a Boolean for-mula) Any formulaF(119875
119896 Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) admits a minimum and amaximum defined
as follows
Min119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = prod
119860119896isin01119896
F (119860119896 Proj)
Max119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = sum
119860119896isin01119896
F (119860119896 Proj)
(52)
Proof To prove this theorem it is necessary to establish that
(1) prod119860119896isin01
119896F(119860119896Proj) is a lower bound of F(119875
119896
Proj)(2) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = prod
119860119896isin01119896F(119860
119896Proj)
(3) sum119860119896isin01
119896F(119860119896Proj) is an upper bound of F(119875
119896
Proj)(4) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = sum
119860119896isin01119896F(119860
119896Proj)
Details of this proof can be found in [24]
452 Optimization Problem Considering the Boolean alge-bra of 119899-variable switching functions (119865
119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861) Let ldquoProjrdquo be the corresponding vector
(ii) Let (1199091 119909
119896) be 119896 elements of 119865
119899(119861) considered as
unknowns Let ldquo119883119896rdquo be the corresponding vector
(iii) Let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector(iv) Let Eq(119883
119896Proj) = 0 be the Boolean equation to solve
(v) LetFC(119883119896Proj) be the Boolean formula of the givencriterion to optimize (maximization or minimiza-tion)
Themethod we propose to obtain the parametric form ofthe 119896-tuple of switching functions solution of Eq(119883
119896Proj) =
0 according to a given optimization criterionFC(119883119896Proj) iscomposed of five steps as follows
(i) The first step is to establish the parametric form of the119896-tuple solution to Eq(119883
119896Proj) = 0 only thanks to
Theorem 12(ii) The second step is to establish the parametric form
of the given optimization criterion FC(119883119896Proj) bysubstituting 119878(119909
119894) for 119909
119894 Let FSC(119875119896Proj) be the
result of this substitution(iii) The third step is to calculate the extremum
of FSC(119875119896Proj) according to Theorem 15 LetFEC(Proj) be the Boolean formula of this extremum
Mathematical Problems in Engineering 11
Pump1
Pump2
To the distributing system
Tank
Figure 4 Structure of the water supply system
(iv) The fourth step is to replace the given criterion by theequivalent relation
F119862(119883119896Proj) = FEC (Proj) (53)
(v) The fifth step is to establish the parametric form of the119896-tuple solution of the equivalent problem
Eq (119883119896Proj) = 0
FCrit (119883119896Proj) = FExtCrit (Proj) (54)
453 Partial Conclusions Thanks to theorems presentedin this section it is now possible to obtain a parametricrepresentation of the optimal solutions according to a givencriterion of any set of simultaneously asserted relations with119896 unknowns if a solution exists
The proposed method also permits to associate simulta-neously or sequentially several criteria
(i) When several criteria are treated simultaneously theoptimization problem can admit no solution That isthe case when the given criteria are antagonist
(ii) When several criteria are treated sequentially theobtained solutions satisfy the criteria with a givenpriority order An example of optimization withseveral criteria treated sequentially is presented in thenext section
5 Algebraic Synthesis of LogicalControllers with Optimization Criteriaand Incoherent Requirements
51 Control System Specifications The studied system is thecontroller of a water supply system composed of two pumpswhich are working in redundancy (Figure 4) The waterdistribution is made when it is necessary according to thepossible failures of elements (the pumps and the distributingsystem)
The expected behavior of the control system regardingthe application requirements can be expressed by the set ofassertions given hereafter
(i) The two pumps never operate simultaneously(ii) A pump cannot operate if it is out of order
(iii) When a global failure is detected no pump canoperate
(iv) Pumps can operate if and only if a water distributionrequest is present
(v) Priority is given according to ldquoprrdquo (pump1 has prioritywhen ldquoprrdquo is true)
(vi) In order to reduce the wear of the pumps it isnecessary to restrict the number of starting of thepumps
511 Inputs and Outputs of the Controller The Booleaninputs and outputs of this controller are given in Figure 5(a)Each pump is controlled thanks to a Boolean output (ldquop1rdquoand ldquop2rdquo) The controller is informed of water distributionrequests thanks to the input ldquoreqrdquo Inputs ldquof1rdquo and ldquof2rdquo informthe controller of a failure of the corresponding pump and ldquogf rdquoindicates a global failure of the installation The values o or 1of input ldquoPrrdquo decide which pump has priority
512 Control Laws to Synthetize Our approach does notallow identifying automatically which state variables mustbe used They are given by the designer according to itsinterpretation of the specification
For the water distribution system we propose to use 2state variables one for each output According to this choice2 7-variable switching functions (1198751 and 1198752) have to besynthesized (Figure 5(b)) They represent the unknowns ofour problem For this case study the 7 projection-functionsof 1198657(119861) are therefore as follows
(i) The 5 switching functions (Rq F1 F2 GF and Pr)which characterize the behavior of the inputs of thecontroller and are defined as follows
Rq1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr rq [119896] (55)
(ii) The 2 switching functions (1199011198751 and
1199011198752) which char-
acterize the previous behavior of the state variables ofthe controller and are defined as follows
1199011198751 1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr p1 [119896 minus 1] (56)
52 Algebraic Formalization of Requirements The completeformalization of the behavior of the water distribution systemis given in Figure 5(c) In order to illustrate the powerof expression of relations Equality and Inclusion severalexamples (generic assertions and equivalent formal relationsillustrated in the case study) are given hereafter It is impor-tant to note that the relation Inclusion permits to expressdistinctly necessary conditions and sufficient conditionsThisrelation is the cornerstone of our approach
(i) Pump1 and Pump2 never operate simultaneously1198751sdot1198752 = 0
(ii) If Pump1 operates Pump2 cannot operate 1198751 le 1198752
12 Mathematical Problems in Engineering
(a) Inputs and Outputs of the Controller
Control ofthe water
distributionsystem
(Request of water) rq(Pump1 failure) f1(Pump2 failure) f2(Global failure) gf
(Priority to Pump1) pr
p1 (Command of Pump1)
p2 (Command of Pump2)
(b) General form of the Expected Control Laws
p1 [119896] = P1 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p2 [119896] = P2 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
(c) Formal Specification
Requirements
R1 P1 sdot P2 = 0 (lowastThe two pumps never operate simultaneouslylowast)R2 F1 le P1 (lowastPump 1 cannot operate if it is out of order (F1)lowast)R3 F2 le P2 (lowastPump2 cannot operate if it is out of order (F2)lowast)R4 GF le (P1 sdot P2) (lowastWhen a global failure is detected (GF) no pump can operatelowast)R5 (P1 + P2) le Rq (lowastIt is necessary to have are quest for pumps operatelowast)R6 Rq le (P1 + P2) (lowastIt is sufficient to have a request for pumps operatelowast)
Priority rules
R4 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)R2R3 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)
Optimization criteria
(1) Minimization of ((P1 sdot1199011198751) + (P2 sdot
1199011198752)) (lowastMinimization of the possibility to start a pumplowast)
(2) Maximization of ((Pr sdot P1) + (Pr sdot P2)) (lowastMaximization of the priority order between the two pumpslowast)
(d) Solution obtained by symbolic calculation
P1 = Rq sdot GF sdot F1 sdot (F2 + Pr sdot (1199011198751+1199011198752) +
119901P 1 sdot1199011198752)
P2 = Rq sdot GF sdot F2 sdot (F1 + Pr sdot (1199011198752+1199011198751) +
119901P 2 sdot1199011198751)
(e) Control laws of the water distribution system
p1 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f2 [119896] or pr [119896] and (p1 [119896 minus 1] or notp2 [119896 minus 1]) or p1 [119896 minus 1] and notp2 [119896 minus 1])
p2 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f1 [119896] or pr [119896] and (p2 [119896 minus 1] or notp1 [119896 minus 1]) or p2 [119896 minus 1] and notp1 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
Figure 5 Details of the case study
Mathematical Problems in Engineering 13
(iii) It is necessary to have a request for pumps operate(1198751 + 1198752) le Rq
(iv) It is sufficient to have a request for pumps operateRq le (1198751 + 1198752)
(v) When Pump1 is failed it is sufficient to have a requestfor Pump2 operate F1 sdot Rq le 1198752
(vi) When Pump1 is failed it is necessary to have a requestfor Pump2 operate F1 sdot 1198752 le Rq
It is possible to prove that some of these formal expres-sions are equivalent (eg the first two) When a designerhesitates between two forms he has the possibility by usingsymbolic calculation to check if the proposed relations areequivalent or not
As 1198751 and1199011198751 represent the behavior of pump1 at
respectively times [119896] and [119896minus1] it is also possible to expressrelations about starts and stops of this pump as follows
(i) It is necessary to have a request to start pump1 (1198751 sdot1199011198751) le Rq
(ii) When pump1 operates it is sufficient to have a globalfailure to stop pump1 (
1199011198751 sdot GF) le (1198751 sdot
1199011198751)
53 Synthesis Process In traditional design methods thedesign procedure of a logic controller is not a linear processbut an iterative one converging to an acceptable solution Atthe beginning of the design requirements are neither com-plete nor without errors Most often new requirements areadded during the search of solutions and others are cor-rected This complementary information is given by thedesigner after analysis of the partial solutions he foundor when inconsistencies have been detected If we do notmake the hypothesis that the specifications are complete andconsistent designing a controller with a synthesis techniqueis also an iterative process in which the designer plays animportant role
531 Analysis of Requirements For this case study we chooseto start with requirements R1 to R6 For this subset ofrequirements the result given by your software tool was thefollowing inconsistency conditionI = Rq sdotGF+Rq sdotF1 sdotF2
Since requirements are declared inconsistent we have togive complementary information to precise our specificationBy analyzing each term of this formula it is possible to detectthe origin of the inconsistency
(i) Rq sdot GF what happens if we have simultaneouslya request and a global failure We consider thatrequirement R4 is more important than requirementR6 (R4 ≫ R6) as no pump can operate for thisconfiguration
(ii) Rq sdot F1 sdot F2 what happens if we have simultaneouslya request and a failure of each pump We considerthat requirements R2 and R3 aremore important thanrequirement R6 (R2R3 ≫ R6)
With these priority rules all the requirements are nowcoherent and the set of all the solutions can be computed
532 Optimal Solutions For choosing a control law of thewater supply system among this set of possible solutions wewill now take into account the given optimization criteriaThe first criterion aims at minimizing the number of startingof each pump in order to reduce its wearThe second criterionaims atmaximizing the use of the pump indicated by the valueof parameter Pr The method we propose allows proving thatproposed criteria cannot be treated simultaneously since theyare antagonist (to strictly the priority use of the pump fixedby parameter Pr it is necessary to permute pumps when Prchanges of value implying a supplementary start of a pump)Details can be found in [25]
All the priorities rules and optimization criteria used forthis case study are given in Figure 5(c)The solutionwe obtainis proposed in Figure 5(d)
533 Implementing Control Laws The synthesized controllaws presented in Figure 5(e) have been obtained by trans-lating the expression of the two unknowns according tothe projection-functions into relations between recurrentBoolean equations These control laws can be automaticallytranslated in the syntax of the ladder diagram language [1]before being implemented into a PLCThe code is composedof only 4 rungs (Figure 6)
The synthesized control laws can be given under theform of an automatically built inputoutput automaton withguarded transitions [21] (Figure 7)
6 Discussion
In our approach the synthesis of control laws is based onthe symbolic calculation a prototype software tool has beendeveloped to avoid tedious calculus and to aid the designerduring the different steps of the synthesis This tool (thatcan be obtained on request by the authors) performs all thecomputations required for inconsistencies detection betweenrequirements and for control laws generation In this toolall the Boolean formulas are stored in the form of reducedordered binary decision diagrams which allows efficientcalculations For example the computations for synthesizinga controller for the water supply system that we developedabove have been made in less than 10ms onto a classicallaptop
Our approach has been tested on several studies cases(some of them are available online httpwwwlurpaens-cachanfr-226050kjsp) The feedbacks of these experiencesallowed us to identify some of its limits and its possibilitiesthe most important are given below
We have first to recall that our method can only be usedfor binary systems (systems whose inputs and outputs of theircontroller are Boolean values)Nevertheless in practicemanysystems like manufacturing systems transport systems andso on are fully or partially binary
In our opinion the main advantage of our approachis that contrary to traditional engineering approaches thesynthesized control laws are not depending on designerrsquos skillor of his correct interpretation of the system requirementsOn the other hand the quality of the synthesis results highly
14 Mathematical Problems in Engineering
|+--| |-------------------------------( )--+| |
|
|+--| |-------------------------------( )--+| |
|
Rung 1 command of pump 1
rq gf p1
rq gf p2f1
f1
f2
f2
pr
pr
pp1
pp1
pp1
pp1
pp2
pp2
pp2
pp2
Rung 2 command of pump 2
Rung 3 update previous value of pump 1
Rung 4 update previous value of pump 2
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|
|
|
|
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
p1
p2
pp1
pp2
Figure 6 Ladder diagram of the code to implement into the PLC
Table 1 Futures concerning a same case study
Formal requirements Synthesized controller PLC program (structured text)
Supervisory Control TheoryPlant behavior 11 finite automata(481 states and 1330 transitions)Specifications 11 finite automata
Finite automaton of 45states and 70 transitions 130 lines
Algebraic synthesis 8 equations and 2 priority rules 2 6-variable switchingfunctions 4 lines
E0-1 = rq and notgf and notf1and (f2 or pr)E0-2 = rq and notgf and notf2 and (f1or notpr)
E1-0 = notrq or gf or f1 and f2
E2-0 = notrq or gf or f1 and f2E2-1 = rq and notgf and f2 and notf1E2-1 = rq and notgf and f2 and notf1
E2-0 E0-2
E0-1
E1-0
E 2-1
E 1-2
0 1
2
p1
p2
E1-2 = rq and notgf and f1 and notf2Figure 7 State model of the obtained control law
depends on the relevance of the requirements proposed bythe designerThis step of formalization by the designer of theinformal requirements of the system to be controlled is theAchilles heel of all synthesis methods including the Supervi-sory Control Theory (SCT) and cannot be automated
The objective comparison of our approach with othersynthesis methods and more especially with SCT is verydifficult because the models used and the theoretical basicsare very different Nevertheless we tested both approaches onsame study cases One of them the control of an automaticparking gate has been published in [26]The results obtainedin this case are summarized in Table 1
Furthermore one may note that the supervisor thatis synthesized by SCT is optimal in the sense where it
is the most permissive that is the one that reduces theless the plant behavior in order to force it to respect thespecifications As shown in this paper our method allowsto cope with inconsistencies in specifications what is notpossible with SCT and also allows to find optimal controllersby choosing different optimization criteria (most permissivemost restrictive most safe controller etc)
7 Conclusion
Many research works in the field of DES aim at formalizingsteps of the systems life cycle Since 20 years significantprogresses have been obtained for the synthesis verificationperformance evaluation and diagnosis of DESs Neverthe-less one of the common difficulties of these works is thetranslation of informal expression of the knowledge of asystem into formal requirements Few works have paidattention to this important task which is very error prone Inthis paper we proposed an iterative process that allows copingwith inconsistencies of the requirements during the synthesisof the controller The framework in which we proposed thisapproach is an algebraic synthesis method Since the problemis located in the frontier between formal and informalintervention of the designer is necessary Nevertheless wehave shown that this intervention can be guided by the resultsof the formal method provides
Mathematical Problems in Engineering 15
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] International Electrotechnical Commission IEC 61131-3 IEC61131-3 Standard Programmable Controllers-Part 3 Program-ming Languages International Electrotechnical Commission2nd edition 2003
[2] G Frey and L Litz ldquoFormal methods in PLC programmingrdquoin Proceedings of the IEEE International Conference on SystemsMan and Cybernetics vol 4 pp 2431ndash2436 October 2000
[3] B Berard M Bidoit A Finkel et al Systems and Software Ver-ification Model-Checking Techniques and Tools Springer NewYork NY USA 1st edition 1999
[4] H Bel Mokadem B Berard V Gourcuff O De Smet andJ Roussel ldquoVerification of a timed multitask system withUPPAALrdquo IEEE Transactions on Automation Science and Engi-neering vol 7 no 4 pp 921ndash932 2010
[5] J L Boulanger Ed Industrial Use of Formal Methods FormalVerification (ISTE) Wiley-ISTE New York NY USA 2012
[6] P J G Ramadge andWMWonham ldquoControl of discrete eventsystemsrdquo Proceedings of the IEEE vol 77 no 1 pp 81ndash98 1989
[7] P Gohari and W M Wonham ldquoOn the complexity of supervi-sory control design in the RW frameworkrdquo IEEE Transactionson Systems Man and Cybernetics B vol 30 no 5 pp 643ndash6522000
[8] Y Hietter Synthese algebrique de lois de commande pour lessystemes a evenements discrets logiques [PhD thesis] ENSCachan Cachan France 2009
[9] H-M Hanisch A Lueder and J Thieme ldquoModular plantmodeling technique and related controller synthesis problemsrdquoin Proceedings of the 1998 IEEE International Conference onSystems Man and Cybernetics pp 686ndash691 October 1998
[10] J-M Roussel and A Giua ldquoDesigning dependable logic con-trollers using the supervisory control theoryrdquo in Proceedings ofthe 16th IFACWorld Congress cDRom paper 4427 p 6 PrahaCzech Republic 2005
[11] D A Huffman ldquoThe synthesis of sequential switching circuitsrdquoJournal of the Franklin Institute vol 257 no 3-4 pp 161ndash3031954
[12] G H Mealy ldquoA method for synthesizing sequential circuitsrdquoBell System Technical Journal vol 34 no 5 pp 1045ndash1079 1955
[13] E F Moore ldquoGedanken-experiments on sequential machinesrdquoin Automata Studies pp 129ndash153 Princeton University PressPrinceton NJ USA 1956
[14] S Rudeanu Lattice Functions and Equations (Discrete Mathe-matics and Theoretical Computer Science) Springer New YorkNY USA 2001
[15] FM Brown Boolean Reasoning the Logic of Boolean EquationsDover Mineola NY USA 2003
[16] A Pnueli andR Rosner ldquoOn the synthesis of a reactivemodulerdquoin Proceedings of the 16th ACM symposium on Principles ofprogramming languages (POPL rsquo89) pp 179ndash190 ACM NewYork NY USA 1989
[17] E Filiot N Jin and J Raskin ldquoAntichains and compositionalalgorithms for LTL synthesisrdquoFormalMethods in SystemDesignvol 39 no 3 pp 261ndash296 2011
[18] J Machado B Denis J J Lesage J M Faure and J FereiraldquoLogic controllers dependability verification using a plantmodelrdquo in Proceedings of the 3rd IFAC Workshop on Discrete-Event System Design (DESDes rsquo06) pp 37ndash42 Rydzyna Poland2006
[19] Y Hietter J-M Roussel and J-L Lesage ldquoAlgebraic synthesisof transition conditions of a state modelrdquo in Proceedings of the9th International Workshop on Discrete Event Systems (WODESrsquo08) pp 187ndash192 Goteborg Sweden May 2008
[20] Y Hietter J-M Roussel and J J Lesage ldquoAlgebraic synthesis ofdependable logic controllersrdquo in Proceedings of the 17th WorldCongress International Federation of Automatic Control (IFACrsquo08) pp 4132ndash4137 Seoul South Korea July 2008
[21] A Guignard Symbolic generation of the automaton representingan algebraic description of a logic system [MS thesis] ENSCachan Cachan France 2011
[22] R P Grimaldi Discrete and Combinatorial Mathematics AnApplied Introduction Addison-Wesley Longman Boston MassUSA 5th edition 2004
[23] J-M Roussel and J-J Lesage ldquoAlgebraic synthesis of logicalcontrollers despite inconsistencies in specificationsrdquo in Proceed-ing of the 11th International Workshop on Discrete Event Systems(WODES rsquo12) pp 307ndash314 Guadalajara Mexico 2012
[24] H Leroux Algebraic Synthesis of Logical Controllers with Opti-mization Criteria ENS Cachan Cachan France 2011
[25] H Leroux and J -M Roussel ldquoAlgebraic synthesis of logicalcontrollers with optimization criteriardquo in Proceedings of the6th International Workshop on Verification and Evaluation ofComputer and Communication Systems (VECOS rsquo12) pp 103ndash114 Paris France 2012
[26] M Cantarelli and J Roussel ldquoReactive control system designusing the supervisory control theory evaluation of possibilitiesand limitsrdquo in Proceedings of 9th International Workshop onDiscrete Event Systems (WODES rsquo08) pp 200ndash205 GoteborgSweden May 2008
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
4 Mathematical Problems in Engineering
and the Boolean algebra of 119899-variable switching functionsSection 43 presents how to solve Boolean equations Sections44 and 45 present specific results obtained for the algebraicsynthesis of control laws
41 Boolean Algebra Typical Feature
Definition 1 (Boolean algebra) (Definition 155 of [22]) LetB be a nonempty set that contains two special elements 0 (thezero element) and 1 (the unity or one element) and on whichwe define two closed binary operations + sdot and an unaryoperation Then (B + sdot 0 1) is called a Boolean algebraif the following conditions are satisfied for all 119909 119910 119911 isin B
Commutative Laws119909 + 119910 = 119910 + 119909
119909 sdot 119910 = 119910 sdot 119909
Distributive Laws119909 sdot (119910 + 119911) = (119909 sdot 119910) + (119909 sdot 119911)
119909 + (119910 sdot 119911) = (119909 + 119910) sdot (119909 + 119911)
Identity Laws119909 + 0 = 119909
119909 sdot 1 = 119909
Inverse Laws119909 + 119909 = 1
119909 sdot 119909 = 0
0 = 1
(2)
Many Boolean algebras could be defined The mostknown are the two-element Boolean algebra (0 1 or and not0 1) and the algebra of classes (set of subsets of a set 119878)(2119878 cup cap 0 119878)
Definition 2 (Boolean formula) (From Section 36 of [15])A Boolean formula (or a Boolean expression) on B is anyformula which represents a combination of members of Bby the operations + sdot or
By construction any Boolean formula on B representsone and only one member of B Two Boolean formulae areequivalent if and only if they represent the same member ofB Later on a Boolean formula F built with the members(1205721 120572
119899) ofB is denotedF(120572
1 120572
119899)
Theorem 3 (Boolersquos expansion of a Boolean formula) Let(1205721 120572
119899) be 119899members ofB 0 1 Any Boolean Formula
F(1205721 120572
119899) can be expanded as
F (1205721 120572
119899) = F
0(1205722 120572
119899) sdot 1205721+F1(1205722 120572
119899) sdot 1205721
(3)
where F0(1205722 120572
119899) and F
1(1205722 120572
119899) are Boolean for-
mulae of only 1205722 120572
119899 These two formulae can be directly
obtained fromF(1205721 120572
119899) as follows
F0(1205722 120572
119899) = F(120572
1 120572
119899)10038161003816100381610038161205721larr0
= F (0 1205722 120572
119899)
F1(1205722 120572
119899) = F (120572
1 120572
119899)10038161003816100381610038161205721larr1
= F (1 1205722 120572
119899)
(4)
The relation equality is not the only defined relationon a Boolean algebra It is also possible to define a partialorder relation between members ofB This relation is calledInclusion-Relation in [15]
Definition 4 (Inclusion-Relation) (Definition 156 of [22]) If119909 119910 isin B define 119909 le 119910 if and only if 119909 sdot 119910 = 119909
As Relation Inclusion is reflexive (119909 le 119909) antisymmetric(if 119909 le 119910 and 119910 le 119909 then 119909 = 119910) and transitive (if 119909 le 119910
and 119910 le 119911 then 119909 le 119911) this relation defines a partial orderbetween members ofB (Theorem 154 of [22])
Since in any Boolean algebra 119909 sdot 119910 = 119909 hArr 119909 sdot 119910 = 0 wealso have 119909 le 119910 hArr 119909 sdot 119910 = 0
Remark 5 For the algebra of classes (2119878 cup cap 0 119878) theInclusion-Relation is the well-known relation sube and we have119909 sube 119910 hArr 119909 cap 119910 = 119909
Theorem 6 (reduction of a set of relations) (Theorem 531 of[15]) Any set of simultaneously asserted relations built with themembers (120572
1 120572
119899) ofB can be reduced to a single equivalent
relation such asF(1205721 120572
119899) = 0
To obtain this equivalent relation it is necessary
(i) to rewrite each equality according to
F1(1205721 120572
119899) = F
2(1205721 120572
119899)
lArrrArr F1(1205721 120572
119899) sdotF2(1205721 120572
119899)
+F1(1205721 120572
119899) sdotF2(1205721 120572
119899) = 0
(5)
(ii) to rewrite each inclusion according to
F1(1205721 120572
119899) le F
2(1205721 120572
119899)
lArrrArr F1(1205721 120572
119899) sdotF2(1205721 120572
119899) = 0
(6)
(iii) to group together rewritten equalities as follows
F1(1205721 120572
119899) = 0
F2(1205721 120572
119899) = 0
lArrrArr F1(1205721 120572
119899) +F
2(1205721 120572
119899) = 0
(7)
42 The Boolean Algebra of 119899-Variable Switching FunctionsTo avoid confusion between Boolean variables and Booleanfunctions of Boolean variables each Boolean variable 119887
119894is
denoted by119887119887119894 The set of the two Boolean values
1198870 and 1198871is denoted by 119861 =
1198870 1198871
Definition 7 (119873-variable switching functions) (FromSection311 of [15]) An 119899-variable switching function is a mapping ofthe form
119891119861119899 997888rarr 119861
(1198871198871 119887119887119899) ∣997888rarr 119891 (
1198871198871 119887119887119899)
where 119861 = 11988701198871
(8)
Mathematical Problems in Engineering 5
The domain of a 119899-variable switching function has 2119899elements and the codomain has 2 elements hence there are22119899
119899-variable switching functions Let 119865119899(119861) be the set of the
22119899
119899-variable switching functions119865119899(119861) contains (119899 + 2) specific 119899-variable switching
functions the 2 constant functions (0 1) and the 119899 projection-functions (119891119894Proj) These functions are defined as follows
0119861119899 997888rarr 119861
(1198871198871 119887119887119899) ∣997888rarr
1198870
1119861119899 997888rarr 119861
(1198871198871 119887119887119899) ∣997888rarr
1198871
119891119894
Proj119861119899997888rarr 119861
(1198871198871 119887119887119899) ∣997888rarr
119887119887119894
(9)
119865119899(119861) can be equipped with three closed operations (two
binary and one unary operations)
Op + 119865119899(119861)2997888rarr 119865119899 (119861)
(119891 119892) ∣997888rarr 119891 + 119892
Op sdot 119865119899(119861)2997888rarr 119865119899 (119861)
(119891 119892) ∣997888rarr 119891 sdot 119892
Op 119865119899 (119861) 997888rarr 119865
119899 (119861)
119891 ∣997888rarr 119891
(10)
where forall(1198871198871 119887119887119899) isin 119861119899
(119891 + 119892) (1198871198871 119887119887119899)
= 119891 (1198871198871 119887119887119899) or 119892 (
1198871198871 119887119887119899)
(119891 sdot 119892) (1198871198871 119887119887119899)
= 119891 (1198871198871 119887119887119899) and 119892 (
1198871198871 119887119887119899)
119891 (1198871198871 119887119887119899) = not119891 (
1198871198871 119887119887119899)
(11)
(119865119899(119861) + sdot 0 1) is a Boolean algebra [22] Then it is
possible to write a Boolean formula of 119899-variable switch-ing functions and relations between Boolean formula of119899-variable switching functions In the case of 119899-variableswitching functions relations Equality and Inclusion can alsobe presented as follows
(i) 119891 and 119892 are equal (119891 = 119892) if and only if the columnsof the truth-tables of 119891 119892 are exactly the same thatis forall(
1198871198871 119887119887119899) isin 119861
119899 119891(1198871198871 119887119887119899) = 119892(
1198871198871
119887119887119899)
(ii) 119891 is included into 119892 (119891 le 119892) if and only if the valueof 119892 is always
1198871 when the value of 119891 is
1198871 that
is forall(1198871198871 119887119887119899) isin 119861
119899 [119891(1198871198871 119887119887119899) =
1198870] or[119892(1198871198871 119887119887119899) =1198871]
Remark 8 Each 119899-variable switching function can be ex-pressed as a composition of (1198911Proj 119891
119899
Proj 0 1) by opera-tions + sdot and
Therefore the Boolean algebra (119865119899(119861) + sdot 0 1) is a
mathematical framework which allows composing and tocomparing switching functions Thanks to the results pre-sented in the next subsection this framework allows alsosolving Boolean equations systems of switching functions
43 Solutions of Boolean Equations over Boolean Algebra119865119899(119861) In [15] Brown explains that many problems in the
application of Boolean algebra may be reduced to solving anequation of the form
119891 (119883) = 0 (12)
over a Boolean algebraB Formal procedures for producingsolution of this equationwere developed by Boole himself as away to treat problems of logical inference Boolean equationshave been studied extensively since Boolersquos initial work (abibliography of nearly 400 sources is presented in [14])Theseworks concern essentially the two-element Boolean algebra(1198870 1198871 or and not 1198870 1198871)In our case we focus on the Boolean algebra of 119899-
variable switching functions 119865119899(119861) We consider a Boolean
system composed of 119898 relations among members of 119865119899(119861)
for which 119896 of them are considered as unknowns Theoremspresented in this section permit to solve any system ofBoolean equations as it exists in a canonic form of a Booleansystem of 119896 unknowns and we are able to calculate solutionsfor this form
431 Canonic Form of a Boolean System of 119896 Unknowns overBoolean Algebra 119865
119899(119861) Consider the Boolean algebra of 119899-
variable switching functions (119865119899(119861) + sdot 0 1)
(i) Let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861)
(ii) Let (1199091 119909
119896) be 119896 elements of 119865
119899(119861) considered as
unknowns
For notational convenience we note ldquo119883119896rdquo as the vector
(1199091 119909
119896) of the 119896 unknowns and ldquoProjrdquo as the vector
(1198911
Proj 119891119899
Proj) of the 119899 projection-functions of 119865119899(119861)
Theorem 9 (reduction of a set of relations between 119899-variableswitching functions) Any set of simultaneously asserted rela-tions of switching functions can be reduced to a single equiva-lent relation such as
F (119883119896 Proj) = 0 (13)
This theorem comes fromTheorem 6In order to be able to write a canonic form for a Boolean
system of 119896 unknowns over Boolean algebra 119865119899(119861) we
introduce the following notation for 119909 isin 119865119899(119861) and 119886 isin 0 1
119909119886 is defined by
1199090= 119909 119909
1= 119909 (14)
6 Mathematical Problems in Engineering
This notation is extended to vectors as follows for 119883119896=
(1199091 119909
119896) isin 119865
119899(119861)119896 and 119860
119896= (1198861 119886
119896) isin 0 1
119896 119883119860119896119896
is defined by
119883119860119896
119896=
119894=119896
prod
119894=1
119909119886119894
119894= 1199091198861
119894sdot sdot sdot sdot sdot 119909
119886119896
119896 (15)
Theorem 10 (canonic form of a Boolean equation) AnyBoolean equation 119864119902(119883
119896 119875119903119900119895) = 0 can be expressed within
the canonic form
sum
119860119896isin01119896
Eq (119860119896 Proj) sdot 119883119860119896
119896= 0 (16)
where 119864119902(119860119896 119875119903119900119895) (with 119860
119896isin 0 1
119896) are the2119896119889119894119904119888119903119894119898119894119899119886119899119905119904 of 119864119902(119883
119896 119875119903119900119895) = 0 according to 119883
119896
(the term of ldquodiscriminantrdquo comes from [15])
This canonic form is obtained by expanding Eq(119883119896Proj)
according to the 119896 unknowns (1199091 119909
119896) For example we
haveEq (119909Proj) = Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909
Eq (1199091 1199092Proj) = Eq (0 0Proj) sdot 119909
1sdot 1199092
+ Eq (0 1Proj) sdot 1199091sdot 1199092
+ Eq (1 0Proj) sdot 1199091sdot 1199092
+ Eq (1 1Proj) sdot 1199091sdot 1199092
(17)
432 Solution of a Single-Unknown Equation over 119865119899(119861)
The following theorem has initially been demonstrated forthe two-element Boolean algebra [14] A generalization forall Boolean algebras can be found in [15] but no detaileddemonstration is given A new formalization of this theoremand its full demonstration are given below
Theorem 11 (solution of a single-unknown equation) TheBoolean equation over 119865
119899(119861)
119864119902 (119909 119875119903119900119895) = 0 (18)
for which the canonic form is
119864119902 (0 119875119903119900119895) sdot 119909 + 119864119902 (1 119875119903119900119895) sdot 119909 = 0 (19)
is consistent (ie has at least one solution) if and only if thefollowing condition is satisfied
119864119902 (0 119875119903119900119895) sdot 119864119902 (1 119875119903119900119895) = 0 (20)
In this case a general form of the solutions is
119909 = 119864119902 (0 119875119903119900119895) + 119901 sdot 119864119902 (1 119875119903119900119895) (21)
where 119901 is an arbitrary parameter that is a freely-chosenmember of 119865
119899(119861)
This solution can also be expressed as
119909 = 119864119902 (1 119875119903119900119895) sdot (119864119902 (0 119875119903119900119895) + 119901)
= 119901 sdot 119864119902 (0 119875119903119900119895) + 119901 sdot 119864119902 (1 119875119903119900119895)
(22)
Proof This theorem can be proved in four steps as follows
(a) Equation (18) is consistent if and only if (20) issatisfied
(b) Equation (21) is a solution of (18) if (20) is satisfied(c) each solution of (18) can be expressed as (21)(d) if (20) is satisfied the three parametric forms pro-
posed are equivalent
Step (a) can be proved as follows Equation (20) is asufficient condition for (18) to admit solutions since 119909 =
Eq(0Proj) is an obvious solution of (18) Equation (20) isalso a necessary condition as if (18) admits a solution then(18) can be also expressed thanks to the consensus theoremas Eq(0Proj) sdot119909+Eq(1Proj) sdot119909+Eq(0Proj) sdotEq(1Proj) = 0and we have necessarily Eq(0Proj) sdot Eq(1Proj) = 0
To prove Step (b) it is sufficient to substitute the expres-sion for 119909 from (21) into (18) and to use (20) as follows
Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909
= Eq (0Proj) sdot (Eq (0Proj) + 119901 sdot Eq(1Proj))
+ Eq (1Proj) sdot (Eq (0Proj) + 119901 sdot Eq(1Proj))
= Eq (0Proj) sdot Eq (0Proj) sdot (119901 sdot Eq (1Proj))
+ Eq (0Proj) sdot Eq (1Proj)
+ 119901 sdot Eq (1Proj) sdot Eq (1Proj)
= 0 + 0 + 0 = 0
(23)
To prove Step (c) it is sufficient to find one element 119901 of119865119899(119861) for each solution for 119909 of (18) Let us consider 119901 defined
by ldquo119901 = Eq(0Proj) sdot Eq(1Proj) sdot 119909rdquo where 119909 is a solution to(18) Then we have
Eq (0Proj) sdot Eq (1Proj) = 0Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909 = 0119901 = Eq(0Proj) sdot Eq(1Proj) sdot 119909
997904rArr 119909 = Eq (0Proj) + 119901 sdot Eq(1Proj)
(24)
as
119909 = 1 sdot 119909 = (Eq (0Proj) + Eq (1Proj)
+Eq (0Proj) sdot Eq (1Proj)) sdot 119909
= Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909
+ Eq (0Proj) sdot Eq (1Proj) sdot 119909
= Eq (0Proj) sdot 119909 + 0 + Eq (1Proj)
sdot (Eq (0Proj) sdot Eq (1Proj) sdot 119909)
as Eq (1Proj) sdot 119909 = 0
Mathematical Problems in Engineering 7
= Eq (0Proj) sdot 119909 + Eq (0Proj) sdot 119909
+ Eq (1Proj) sdot 119901 as Eq (0Proj) sdot 119909 = 0
= Eq (0Proj) sdot (119909 + 119909) + 119901 sdot Eq (1Proj)
= Eq (0Proj) + 119901 sdot Eq (1Proj)(25)
To prove Step (d) it is sufficient to rewrite (21) in the twoother forms by using (20) as follows
119909 = 1 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= (Eq (1Proj) + Eq (1Proj)) sdot Eq (0Proj)
+ 119901 sdot Eq (1Proj)
= Eq (0Proj) sdot Eq (1Proj) + (Eq (0Proj) + 119901)
sdot Eq(1Proj)
= 0 + Eq(1Proj) sdot (Eq (0Proj) + 119901)
= Eq (1Proj) sdot (Eq (0Proj) + 119901)
119909 = 1 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= (119901 + 119901) sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= 119901 sdot Eq (0Proj) + 119901 sdot (Eq (0Proj) + Eq (1Proj))
= 119901 sdot Eq (0Proj)
+ 119901 sdot (Eq (0Proj) sdot Eq (1Proj) + Eq (1Proj))
= 119901 sdot Eq (0Proj) + 119901 sdot (0 + Eq (1Proj))
= 119901 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)(26)
433 Solution of 119896-Unknown Equations over 119865119899(119861) The
global result presented in the following theorem can be foundin [14] or [15] However in these works the solution is notexpressed with a parametric form but with intervals onlyThe formulation presented in this paper is more adaptedto symbolic computation and is mandatory for practiceoptimization
A 119896-unknown equation can be solved by solving suc-cessively 119896 single-unknown equations If we consider the 119896-unknown equation as a single-unknown equation of 119909
119896 its
consistence condition corresponds to a (119896 minus 1)-unknownequationThe process can be iterated until 119909
1 After substitut-
ing 119878(1199091) for 119909
1in the last equation it is possible to find the
solution for 1199092 Then it is sufficient to apply this procedure
again (119896 minus 2) times to obtain successively the solutions 119878(1199093)
to 119878(119909119896)
Theorem 12 (solution of a 119896-unknown equation) TheBoolean equation over 119865
119899(119861)
1198641199020(119883119896 119875119903119900119895) = 0 (27)
is consistent (ie has at least one solution) if and only if thefollowing condition is satisfied
prod
119860119896isin01119896
1198641199020(119860119896 119875119903119900119895) = 0 (28)
If (28) is satisfied (27) admits one or more 119896-tuple solutions(119878(1199091) 119878(119909
119896)) such each component 119878(119909
119894) is defined by
119878 (119909119894) = prod
119860119896minus119894isin01119896minus119894
119864119902119894minus1
(0 119860119896minus119894 119875119903119900119895)
+ 119901119894sdot prod
119860119896minus119894isin01119896minus119894
119864119902119894minus1
(1 119860119896minus119894 119875119903119900119895)
(29)
with
(i) 119864119902119894(119909119894+1 119909
119896 119875119903119900119895) = 119864119902
119894minus1(119909119894 119909119894+1 119909
119896
119875119903119900119895)|119909119894larr119878(119909119894)
(ii) 119901119894is an arbitrary parameter that is a freely-chosen
member of 119865119899(119861)
The full demonstration of this theorem cannot be givenin this paper because of lack of space (a full demonstration bymathematical induction can be found in [8]) A description ofthe different steps of the proof and the detail of the principalsteps are given below
Proof (elements of Proof) Equation (27) can be solved byapplying Theorems 3 and 11 119896 times according to theunknowns 119909
119896to 1199091as follows
According toTheorem 3 (27) is equivalent to
Eq0(119883119896minus1
0Proj) sdot 119909119896+ Eq0(119883119896minus1
1Proj) sdot 119909119896= 0 (30)
According to Theorem 11 (30) admits solutions in 119909119896if and
only if
Eq0(119883119896minus1
0Proj) sdot Eq0(119883119896minus1
1Proj) = 0 (31)
Equation (31) is an equationwith (119896minus1)unknowns Each termof (31) can be expanded according to 119909
119896minus1and (31) can be
written in the form
(Eq0(119883119896minus2
0 0Proj) sdot Eq0(119883119896minus2
0 1Proj)) sdot 119909119896minus1
+ (Eq0(119883119896minus2
1 0Proj) sdot Eq0(119883119896minus2
1 1Proj)) sdot 119909119896minus1
= 0
(32)
According toTheorem 11 (32) admits solutions in 119909119896minus1
if andonly if
prod
1198602isin012
Eq0(119883119896minus2
1198602Proj) = 0 (33)
8 Mathematical Problems in Engineering
Equation (33) is an equation with (119896 minus 2) unknowns Eachterm of (33) can be expanded according to 119909
119896minus2and (33) can
be written in the form
( prod
1198602isin012
Eq0(119883119896minus3
0 1198602Proj)) sdot 119909
119896minus2
+ ( prod
1198602isin012
Eq0(119883119896minus3
1 1198602Proj)) sdot 119909
119896minus2= 0
(34)
In the end we obtain an equation of only one unknown1199091defined by
( prod
119860119896minus1isin01119896minus1
Eq0(0 119860119896minus1
Proj)) sdot 1199091
+ ( prod
119860119896minus1isin01119896minus1
Eq0(1 119860119896minus1
Proj)) sdot 1199091= 0
(35)
According to Theorem 11 (35) admits solutions if andonly if
prod
119860119896isin01119896
Eq0(119860119896Proj) = 0 (36)
When (36) is satisfied the 119896 equations for 1199091to 119909119896
admit solutions Equation (27) is then coherent and admitssolutions
When (36) is satisfied solutions of (35) for 1199091are
119878 (1199091) = prod
119860119896minus1isin01119896minus1
Eq0(0 119860119896minus1
Proj)
+ 1199011sdot prod
119860119896minus1isin01119896minus1
Eq0(1 119860119896minus1
Proj)(37)
After substituting 119878(1199091) for 119909
1into (27) we obtain a new
equation Eq1(1199092 119909
119896Proj) = 0 involving the (119896 minus 1)
unknowns (1199092 119909
119896) where
Eq1(1199092 119909
119896Proj) = Eq
0(1199091 1199092 119909
119896Proj) |
1199091larr119878(1199091)
(38)
By applying the previous procedure we can obtain 119878(1199092)
and Eq2(1199093 119909
119896Proj)Then it suffices to apply this proce-
dure again (119896minus2) times to obtain successively solutions 119878(1199093)
to 119878(119909119896)
It is important to note that the order in which unknownsare treated affects only the parametric form of the 119896-tuplesolutionThis is due to the fact that the same 119896-tuple solutioncan be represented with several distinct parametric forms
434 Partial Conclusions Thanks to theorems presentedabove it is possible to obtain a parametric representationof all the solutions of any set of simultaneously assertedrelations with 119896 unknowns if a solution exists In practicedue to the complexity of systems to be designed proposedset of simultaneously asserted relations is generally incon-sistent [23] To simplify the work of the designer we haveproved complementary theorems to improve the robustnessof our method to the lack of precision of the specifications(Section 44)
When several solutions exist the comparison of solutionsaccording to a given criterion can be envisaged since theBoolean algebra 119865
119899(119861) is equipped with a partial order To
simplify the work of the designer too we have developed amethod to calculate the best solutions according to one orseveral criteria (Section 45)
44Theorems toCopewith Inconsistencies of Specifications Inpractice it is very difficult for a designer to specify the wholerequirements of a complex system without inconsistencies Itis the reasonwhy requirements given by the designer are oftendeclared as inconsistent according to Theorem 12 Since theinconsistency condition is a Boolean formula it is possible touse it for the detection of the origin of inconsistencies Twocases have to be considered as follows
(i) Several requirements cannot be simultaneouslyrespected In this case a hierarchy between require-ments can be proposed in order to find a solutionThe requirements which have the lower priority haveto be corrected for becoming consistent with therequirements which have the higher priority Thisstrategy is based onTheorem 14
(ii) Thedetected inconsistency refers to specific combina-tions of projection-functions for which the designerknows that they are impossible blocking the synthesisprocess it is necessary to introduce new assumptionsand to use Theorem 13
Theorem 13 (solution of a Boolean equation according to anassumption among the projection-functions) The followingproblem
Equationtosolve
1198641199020(119883119896 119875119903119900119895) = 0
Assumptions
A (119875119903119900119895) = 0
(39)
admits the same solutions as the following equation
1198641199020(119883119896 119875119903119900119895) le A (119875119903119900119895) (40)
Mathematical Problems in Engineering 9
Proof According to A(Proj) = 0 Eq0(119883119896Proj) = 0 can be
rewritten as
Eq0(119883119896Proj) = 0
A (Proj) = 0
lArrrArr A (Proj) + Eq0(119883119896Proj) = 0
lArrrArr A (Proj) +A (Proj) sdot Eq0(119883119896Proj) = 0
lArrrArr A(Proj) sdot Eq
0(119883119896Proj) = 0
A (Proj) = 0
lArrrArr Eq0(119883119896Proj) le A (Proj)
A (Proj) = 0
(41)
EquationA(Proj) sdot Eq0(119883119896Proj) = 0 is consistent if and
only if the following condition is true (Theorem 12)
A (Proj) sdot prod
119860119896isin01119896
Eq0(119860119896Proj) = 0 (42)
By construction this new condition is the subset of theinitial condition (prod
119860119896isin01119896Eq0(119860119896Proj) = 0) for which the
proposed assumption is satisfied All the other terms havebeen removed
If (42) is satisfied (40) admits one or more 119896-tuplesolutions where each component 119878(119909
119894) is defined by
119878 (119909119894) = A(Proj)
sdot ( prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(0 119860119896minus119894Proj)
+ 119901119894sdot prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(1 119860119896minus119894Proj))
+A (Proj) sdot 119901119894
(43)
AsA(Proj) = 0 119878(119909119894) can also be expressed as
119878 (119909119894) = prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(0 119860119896minus119894Proj) + 119901
119894
sdot prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(1 119860119896minus119894Proj)
(44)
When A(Proj) = 0 is satisfied the solutions of (40) are alsosolution to Eq
0(119883119896Proj) = 0
Theorem 14 (Solution of a Boolean equation system accord-ing to a priority rule between requirements) The followingproblem
119864119902119906119886119905119894119900119899119904119904119910119904119905119890119898119905119900solve
119867119877 FH (119883119896 119875119903119900119895) = 0
119871119877 FL (119883119896 119875119903119900119895) = 0
119874119877 FO (119883119896 119875119903119900119895) = 0
119875119903119894119900119903119894119905119910119903119906119897119890119887119890119905119908119890119890119899requirements
119867119877 ≫ 119871119877
(45)
where
(i) FH(119883119896 119875119903119900119895) = 0 is the formal expression of therequirements which have the higher priority (HR)
(ii) FL(119883119896 119875119903119900119895) = 0 is the formal expression of therequirements which have the lower priority (LR)
(iii) FO(119883119896 119875119903119900119895) = 0 is the formal expression of the othersrequirements (OR)
(iv) 119867119877 ≫ 119871119877 is the priority rule between inconsistentrequirements
admits the same solutions as the system of equations as follows
FH (119883119896 119875119903119900119895) = 0
FL (119883119896 119875119903119900119895) le I (119875119903119900119895)
FO (119883119896 119875119903119900119895) = 0
(46)
whereI(119875119903119900119895) is the inconsistency condition between require-ments ldquoHRrdquo and ldquoLRrdquo
I (119875119903119900119895) = prod
119860119896isin01119896
(FH (119860119896 119875119903119900119895) +FL (119860
119896 119875119903119900119895))
(47)
Proof Thanks to Theorem 12 the inconsistency conditionI(Proj) between requirements ldquoHRrdquo and ldquoLRrdquo can be foundby solving equation FH(119883119896Proj) + FL(119883119896Proj) = 0 Wehave
I (Proj) = prod
119860119896isin01119896
(FH (119860119896Proj) +FL (119860
119896Proj))
(48)
To remove the inconsistency between requirements ldquoHRrdquo andldquoLRrdquo according to the priority rule ldquoHR≫ LRrdquo it is necessaryto restrict the range of requirement ldquoLRrdquo to the part for whichthere is no inconsistency that is I(Proj) = 0 That is thecase whenFL(119883119896Proj) = 0 is replaced byFL(119883119896Proj) leI (Proj)
Thanks to Theorem 12 (49) admits always one or more119896-tuple solutions and it is impossible to find a less restrictivecondition over requirement ldquoLRrdquo
FH (119883119896Proj) = 0
FL (119883119896Proj) le I (Proj)
(49)
10 Mathematical Problems in Engineering
45 Optimal Solutions of Boolean Equations over 119865119899(119861) The
goal of this step is to be able to obtain automatically theparametric form of the 119896-tuples solutions of 119865
119899(119861) which
satisfy not only a given equation (Eq(119883119896Proj) = 0) of
Boolean functions but also which maximize (or minimize) aBoolean formula of these Boolean functions (F
119862(119883119896Proj))
corresponding to the desired optimization criterionGenerally speaking the search of the best solution tuples
according to a given criterion when the space of solutions iscomposed of discrete values is a complex mathematical issueIt is sometimes necessary to make a side-by-side comparisonof each solution in order to identify the best one In our casethis exhaustive method which cannot be used as 119865
119899(119861) is only
provided by a partial order two particular solutions cannotalways be ordered between themselves
Nevertheless it is possible to obtain the researchedparametric form of the 119896-tuples thanks to the followingresults
(i) When an equation between Boolean functions hasone or more solution tuples in 119865
119899(119861) every Boolean
formula onto these Boolean functions can be rewrit-ten thanks to only projection-functions of 119865
119899(119861) and
free parameters of 119865119899(119861) which are describing these
solution tuples(ii) Every Boolean formula expressed as a composition
of projection-functions of 119865119899(119861) and free parameters
of 119865119899(119861) has a unique maximum and a unique
minimumThese extrema can be expressed thanks toonly projection-functions of 119865
119899(119861)
Hence it is then possible to rewrite the initial problem
Problem to solve
Eq (119883119896Proj) = 0
Optimization Criterion
Maximization of FC (119883119896Proj)
(50)
into a 2-equation system to solve
Eq (119883119896Proj) = 0
F119862(119883119896Proj) = Max
119883119896|Eq(119883119896 Proj)=0(F119862(119883119896Proj)) (51)
451 Extrema of a Boolean Formula according to FreelyChosen Members of 119865
119899(119861) Considering the Boolean algebra
of 119899-variable switching functions (119865119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861)
(ii) let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector
Any formula F(119875119896Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) defines a subset of 119865
119899(119861) According to
the relation le elements of this subset can be compared
In this specific case the subset defined byF(119875119896Proj) admits
a minimal element and a maximal element
Theorem 15 (minimum and maximum of a Boolean for-mula) Any formulaF(119875
119896 Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) admits a minimum and amaximum defined
as follows
Min119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = prod
119860119896isin01119896
F (119860119896 Proj)
Max119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = sum
119860119896isin01119896
F (119860119896 Proj)
(52)
Proof To prove this theorem it is necessary to establish that
(1) prod119860119896isin01
119896F(119860119896Proj) is a lower bound of F(119875
119896
Proj)(2) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = prod
119860119896isin01119896F(119860
119896Proj)
(3) sum119860119896isin01
119896F(119860119896Proj) is an upper bound of F(119875
119896
Proj)(4) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = sum
119860119896isin01119896F(119860
119896Proj)
Details of this proof can be found in [24]
452 Optimization Problem Considering the Boolean alge-bra of 119899-variable switching functions (119865
119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861) Let ldquoProjrdquo be the corresponding vector
(ii) Let (1199091 119909
119896) be 119896 elements of 119865
119899(119861) considered as
unknowns Let ldquo119883119896rdquo be the corresponding vector
(iii) Let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector(iv) Let Eq(119883
119896Proj) = 0 be the Boolean equation to solve
(v) LetFC(119883119896Proj) be the Boolean formula of the givencriterion to optimize (maximization or minimiza-tion)
Themethod we propose to obtain the parametric form ofthe 119896-tuple of switching functions solution of Eq(119883
119896Proj) =
0 according to a given optimization criterionFC(119883119896Proj) iscomposed of five steps as follows
(i) The first step is to establish the parametric form of the119896-tuple solution to Eq(119883
119896Proj) = 0 only thanks to
Theorem 12(ii) The second step is to establish the parametric form
of the given optimization criterion FC(119883119896Proj) bysubstituting 119878(119909
119894) for 119909
119894 Let FSC(119875119896Proj) be the
result of this substitution(iii) The third step is to calculate the extremum
of FSC(119875119896Proj) according to Theorem 15 LetFEC(Proj) be the Boolean formula of this extremum
Mathematical Problems in Engineering 11
Pump1
Pump2
To the distributing system
Tank
Figure 4 Structure of the water supply system
(iv) The fourth step is to replace the given criterion by theequivalent relation
F119862(119883119896Proj) = FEC (Proj) (53)
(v) The fifth step is to establish the parametric form of the119896-tuple solution of the equivalent problem
Eq (119883119896Proj) = 0
FCrit (119883119896Proj) = FExtCrit (Proj) (54)
453 Partial Conclusions Thanks to theorems presentedin this section it is now possible to obtain a parametricrepresentation of the optimal solutions according to a givencriterion of any set of simultaneously asserted relations with119896 unknowns if a solution exists
The proposed method also permits to associate simulta-neously or sequentially several criteria
(i) When several criteria are treated simultaneously theoptimization problem can admit no solution That isthe case when the given criteria are antagonist
(ii) When several criteria are treated sequentially theobtained solutions satisfy the criteria with a givenpriority order An example of optimization withseveral criteria treated sequentially is presented in thenext section
5 Algebraic Synthesis of LogicalControllers with Optimization Criteriaand Incoherent Requirements
51 Control System Specifications The studied system is thecontroller of a water supply system composed of two pumpswhich are working in redundancy (Figure 4) The waterdistribution is made when it is necessary according to thepossible failures of elements (the pumps and the distributingsystem)
The expected behavior of the control system regardingthe application requirements can be expressed by the set ofassertions given hereafter
(i) The two pumps never operate simultaneously(ii) A pump cannot operate if it is out of order
(iii) When a global failure is detected no pump canoperate
(iv) Pumps can operate if and only if a water distributionrequest is present
(v) Priority is given according to ldquoprrdquo (pump1 has prioritywhen ldquoprrdquo is true)
(vi) In order to reduce the wear of the pumps it isnecessary to restrict the number of starting of thepumps
511 Inputs and Outputs of the Controller The Booleaninputs and outputs of this controller are given in Figure 5(a)Each pump is controlled thanks to a Boolean output (ldquop1rdquoand ldquop2rdquo) The controller is informed of water distributionrequests thanks to the input ldquoreqrdquo Inputs ldquof1rdquo and ldquof2rdquo informthe controller of a failure of the corresponding pump and ldquogf rdquoindicates a global failure of the installation The values o or 1of input ldquoPrrdquo decide which pump has priority
512 Control Laws to Synthetize Our approach does notallow identifying automatically which state variables mustbe used They are given by the designer according to itsinterpretation of the specification
For the water distribution system we propose to use 2state variables one for each output According to this choice2 7-variable switching functions (1198751 and 1198752) have to besynthesized (Figure 5(b)) They represent the unknowns ofour problem For this case study the 7 projection-functionsof 1198657(119861) are therefore as follows
(i) The 5 switching functions (Rq F1 F2 GF and Pr)which characterize the behavior of the inputs of thecontroller and are defined as follows
Rq1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr rq [119896] (55)
(ii) The 2 switching functions (1199011198751 and
1199011198752) which char-
acterize the previous behavior of the state variables ofthe controller and are defined as follows
1199011198751 1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr p1 [119896 minus 1] (56)
52 Algebraic Formalization of Requirements The completeformalization of the behavior of the water distribution systemis given in Figure 5(c) In order to illustrate the powerof expression of relations Equality and Inclusion severalexamples (generic assertions and equivalent formal relationsillustrated in the case study) are given hereafter It is impor-tant to note that the relation Inclusion permits to expressdistinctly necessary conditions and sufficient conditionsThisrelation is the cornerstone of our approach
(i) Pump1 and Pump2 never operate simultaneously1198751sdot1198752 = 0
(ii) If Pump1 operates Pump2 cannot operate 1198751 le 1198752
12 Mathematical Problems in Engineering
(a) Inputs and Outputs of the Controller
Control ofthe water
distributionsystem
(Request of water) rq(Pump1 failure) f1(Pump2 failure) f2(Global failure) gf
(Priority to Pump1) pr
p1 (Command of Pump1)
p2 (Command of Pump2)
(b) General form of the Expected Control Laws
p1 [119896] = P1 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p2 [119896] = P2 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
(c) Formal Specification
Requirements
R1 P1 sdot P2 = 0 (lowastThe two pumps never operate simultaneouslylowast)R2 F1 le P1 (lowastPump 1 cannot operate if it is out of order (F1)lowast)R3 F2 le P2 (lowastPump2 cannot operate if it is out of order (F2)lowast)R4 GF le (P1 sdot P2) (lowastWhen a global failure is detected (GF) no pump can operatelowast)R5 (P1 + P2) le Rq (lowastIt is necessary to have are quest for pumps operatelowast)R6 Rq le (P1 + P2) (lowastIt is sufficient to have a request for pumps operatelowast)
Priority rules
R4 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)R2R3 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)
Optimization criteria
(1) Minimization of ((P1 sdot1199011198751) + (P2 sdot
1199011198752)) (lowastMinimization of the possibility to start a pumplowast)
(2) Maximization of ((Pr sdot P1) + (Pr sdot P2)) (lowastMaximization of the priority order between the two pumpslowast)
(d) Solution obtained by symbolic calculation
P1 = Rq sdot GF sdot F1 sdot (F2 + Pr sdot (1199011198751+1199011198752) +
119901P 1 sdot1199011198752)
P2 = Rq sdot GF sdot F2 sdot (F1 + Pr sdot (1199011198752+1199011198751) +
119901P 2 sdot1199011198751)
(e) Control laws of the water distribution system
p1 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f2 [119896] or pr [119896] and (p1 [119896 minus 1] or notp2 [119896 minus 1]) or p1 [119896 minus 1] and notp2 [119896 minus 1])
p2 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f1 [119896] or pr [119896] and (p2 [119896 minus 1] or notp1 [119896 minus 1]) or p2 [119896 minus 1] and notp1 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
Figure 5 Details of the case study
Mathematical Problems in Engineering 13
(iii) It is necessary to have a request for pumps operate(1198751 + 1198752) le Rq
(iv) It is sufficient to have a request for pumps operateRq le (1198751 + 1198752)
(v) When Pump1 is failed it is sufficient to have a requestfor Pump2 operate F1 sdot Rq le 1198752
(vi) When Pump1 is failed it is necessary to have a requestfor Pump2 operate F1 sdot 1198752 le Rq
It is possible to prove that some of these formal expres-sions are equivalent (eg the first two) When a designerhesitates between two forms he has the possibility by usingsymbolic calculation to check if the proposed relations areequivalent or not
As 1198751 and1199011198751 represent the behavior of pump1 at
respectively times [119896] and [119896minus1] it is also possible to expressrelations about starts and stops of this pump as follows
(i) It is necessary to have a request to start pump1 (1198751 sdot1199011198751) le Rq
(ii) When pump1 operates it is sufficient to have a globalfailure to stop pump1 (
1199011198751 sdot GF) le (1198751 sdot
1199011198751)
53 Synthesis Process In traditional design methods thedesign procedure of a logic controller is not a linear processbut an iterative one converging to an acceptable solution Atthe beginning of the design requirements are neither com-plete nor without errors Most often new requirements areadded during the search of solutions and others are cor-rected This complementary information is given by thedesigner after analysis of the partial solutions he foundor when inconsistencies have been detected If we do notmake the hypothesis that the specifications are complete andconsistent designing a controller with a synthesis techniqueis also an iterative process in which the designer plays animportant role
531 Analysis of Requirements For this case study we chooseto start with requirements R1 to R6 For this subset ofrequirements the result given by your software tool was thefollowing inconsistency conditionI = Rq sdotGF+Rq sdotF1 sdotF2
Since requirements are declared inconsistent we have togive complementary information to precise our specificationBy analyzing each term of this formula it is possible to detectthe origin of the inconsistency
(i) Rq sdot GF what happens if we have simultaneouslya request and a global failure We consider thatrequirement R4 is more important than requirementR6 (R4 ≫ R6) as no pump can operate for thisconfiguration
(ii) Rq sdot F1 sdot F2 what happens if we have simultaneouslya request and a failure of each pump We considerthat requirements R2 and R3 aremore important thanrequirement R6 (R2R3 ≫ R6)
With these priority rules all the requirements are nowcoherent and the set of all the solutions can be computed
532 Optimal Solutions For choosing a control law of thewater supply system among this set of possible solutions wewill now take into account the given optimization criteriaThe first criterion aims at minimizing the number of startingof each pump in order to reduce its wearThe second criterionaims atmaximizing the use of the pump indicated by the valueof parameter Pr The method we propose allows proving thatproposed criteria cannot be treated simultaneously since theyare antagonist (to strictly the priority use of the pump fixedby parameter Pr it is necessary to permute pumps when Prchanges of value implying a supplementary start of a pump)Details can be found in [25]
All the priorities rules and optimization criteria used forthis case study are given in Figure 5(c)The solutionwe obtainis proposed in Figure 5(d)
533 Implementing Control Laws The synthesized controllaws presented in Figure 5(e) have been obtained by trans-lating the expression of the two unknowns according tothe projection-functions into relations between recurrentBoolean equations These control laws can be automaticallytranslated in the syntax of the ladder diagram language [1]before being implemented into a PLCThe code is composedof only 4 rungs (Figure 6)
The synthesized control laws can be given under theform of an automatically built inputoutput automaton withguarded transitions [21] (Figure 7)
6 Discussion
In our approach the synthesis of control laws is based onthe symbolic calculation a prototype software tool has beendeveloped to avoid tedious calculus and to aid the designerduring the different steps of the synthesis This tool (thatcan be obtained on request by the authors) performs all thecomputations required for inconsistencies detection betweenrequirements and for control laws generation In this toolall the Boolean formulas are stored in the form of reducedordered binary decision diagrams which allows efficientcalculations For example the computations for synthesizinga controller for the water supply system that we developedabove have been made in less than 10ms onto a classicallaptop
Our approach has been tested on several studies cases(some of them are available online httpwwwlurpaens-cachanfr-226050kjsp) The feedbacks of these experiencesallowed us to identify some of its limits and its possibilitiesthe most important are given below
We have first to recall that our method can only be usedfor binary systems (systems whose inputs and outputs of theircontroller are Boolean values)Nevertheless in practicemanysystems like manufacturing systems transport systems andso on are fully or partially binary
In our opinion the main advantage of our approachis that contrary to traditional engineering approaches thesynthesized control laws are not depending on designerrsquos skillor of his correct interpretation of the system requirementsOn the other hand the quality of the synthesis results highly
14 Mathematical Problems in Engineering
|+--| |-------------------------------( )--+| |
|
|+--| |-------------------------------( )--+| |
|
Rung 1 command of pump 1
rq gf p1
rq gf p2f1
f1
f2
f2
pr
pr
pp1
pp1
pp1
pp1
pp2
pp2
pp2
pp2
Rung 2 command of pump 2
Rung 3 update previous value of pump 1
Rung 4 update previous value of pump 2
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|
|
|
|
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
p1
p2
pp1
pp2
Figure 6 Ladder diagram of the code to implement into the PLC
Table 1 Futures concerning a same case study
Formal requirements Synthesized controller PLC program (structured text)
Supervisory Control TheoryPlant behavior 11 finite automata(481 states and 1330 transitions)Specifications 11 finite automata
Finite automaton of 45states and 70 transitions 130 lines
Algebraic synthesis 8 equations and 2 priority rules 2 6-variable switchingfunctions 4 lines
E0-1 = rq and notgf and notf1and (f2 or pr)E0-2 = rq and notgf and notf2 and (f1or notpr)
E1-0 = notrq or gf or f1 and f2
E2-0 = notrq or gf or f1 and f2E2-1 = rq and notgf and f2 and notf1E2-1 = rq and notgf and f2 and notf1
E2-0 E0-2
E0-1
E1-0
E 2-1
E 1-2
0 1
2
p1
p2
E1-2 = rq and notgf and f1 and notf2Figure 7 State model of the obtained control law
depends on the relevance of the requirements proposed bythe designerThis step of formalization by the designer of theinformal requirements of the system to be controlled is theAchilles heel of all synthesis methods including the Supervi-sory Control Theory (SCT) and cannot be automated
The objective comparison of our approach with othersynthesis methods and more especially with SCT is verydifficult because the models used and the theoretical basicsare very different Nevertheless we tested both approaches onsame study cases One of them the control of an automaticparking gate has been published in [26]The results obtainedin this case are summarized in Table 1
Furthermore one may note that the supervisor thatis synthesized by SCT is optimal in the sense where it
is the most permissive that is the one that reduces theless the plant behavior in order to force it to respect thespecifications As shown in this paper our method allowsto cope with inconsistencies in specifications what is notpossible with SCT and also allows to find optimal controllersby choosing different optimization criteria (most permissivemost restrictive most safe controller etc)
7 Conclusion
Many research works in the field of DES aim at formalizingsteps of the systems life cycle Since 20 years significantprogresses have been obtained for the synthesis verificationperformance evaluation and diagnosis of DESs Neverthe-less one of the common difficulties of these works is thetranslation of informal expression of the knowledge of asystem into formal requirements Few works have paidattention to this important task which is very error prone Inthis paper we proposed an iterative process that allows copingwith inconsistencies of the requirements during the synthesisof the controller The framework in which we proposed thisapproach is an algebraic synthesis method Since the problemis located in the frontier between formal and informalintervention of the designer is necessary Nevertheless wehave shown that this intervention can be guided by the resultsof the formal method provides
Mathematical Problems in Engineering 15
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] International Electrotechnical Commission IEC 61131-3 IEC61131-3 Standard Programmable Controllers-Part 3 Program-ming Languages International Electrotechnical Commission2nd edition 2003
[2] G Frey and L Litz ldquoFormal methods in PLC programmingrdquoin Proceedings of the IEEE International Conference on SystemsMan and Cybernetics vol 4 pp 2431ndash2436 October 2000
[3] B Berard M Bidoit A Finkel et al Systems and Software Ver-ification Model-Checking Techniques and Tools Springer NewYork NY USA 1st edition 1999
[4] H Bel Mokadem B Berard V Gourcuff O De Smet andJ Roussel ldquoVerification of a timed multitask system withUPPAALrdquo IEEE Transactions on Automation Science and Engi-neering vol 7 no 4 pp 921ndash932 2010
[5] J L Boulanger Ed Industrial Use of Formal Methods FormalVerification (ISTE) Wiley-ISTE New York NY USA 2012
[6] P J G Ramadge andWMWonham ldquoControl of discrete eventsystemsrdquo Proceedings of the IEEE vol 77 no 1 pp 81ndash98 1989
[7] P Gohari and W M Wonham ldquoOn the complexity of supervi-sory control design in the RW frameworkrdquo IEEE Transactionson Systems Man and Cybernetics B vol 30 no 5 pp 643ndash6522000
[8] Y Hietter Synthese algebrique de lois de commande pour lessystemes a evenements discrets logiques [PhD thesis] ENSCachan Cachan France 2009
[9] H-M Hanisch A Lueder and J Thieme ldquoModular plantmodeling technique and related controller synthesis problemsrdquoin Proceedings of the 1998 IEEE International Conference onSystems Man and Cybernetics pp 686ndash691 October 1998
[10] J-M Roussel and A Giua ldquoDesigning dependable logic con-trollers using the supervisory control theoryrdquo in Proceedings ofthe 16th IFACWorld Congress cDRom paper 4427 p 6 PrahaCzech Republic 2005
[11] D A Huffman ldquoThe synthesis of sequential switching circuitsrdquoJournal of the Franklin Institute vol 257 no 3-4 pp 161ndash3031954
[12] G H Mealy ldquoA method for synthesizing sequential circuitsrdquoBell System Technical Journal vol 34 no 5 pp 1045ndash1079 1955
[13] E F Moore ldquoGedanken-experiments on sequential machinesrdquoin Automata Studies pp 129ndash153 Princeton University PressPrinceton NJ USA 1956
[14] S Rudeanu Lattice Functions and Equations (Discrete Mathe-matics and Theoretical Computer Science) Springer New YorkNY USA 2001
[15] FM Brown Boolean Reasoning the Logic of Boolean EquationsDover Mineola NY USA 2003
[16] A Pnueli andR Rosner ldquoOn the synthesis of a reactivemodulerdquoin Proceedings of the 16th ACM symposium on Principles ofprogramming languages (POPL rsquo89) pp 179ndash190 ACM NewYork NY USA 1989
[17] E Filiot N Jin and J Raskin ldquoAntichains and compositionalalgorithms for LTL synthesisrdquoFormalMethods in SystemDesignvol 39 no 3 pp 261ndash296 2011
[18] J Machado B Denis J J Lesage J M Faure and J FereiraldquoLogic controllers dependability verification using a plantmodelrdquo in Proceedings of the 3rd IFAC Workshop on Discrete-Event System Design (DESDes rsquo06) pp 37ndash42 Rydzyna Poland2006
[19] Y Hietter J-M Roussel and J-L Lesage ldquoAlgebraic synthesisof transition conditions of a state modelrdquo in Proceedings of the9th International Workshop on Discrete Event Systems (WODESrsquo08) pp 187ndash192 Goteborg Sweden May 2008
[20] Y Hietter J-M Roussel and J J Lesage ldquoAlgebraic synthesis ofdependable logic controllersrdquo in Proceedings of the 17th WorldCongress International Federation of Automatic Control (IFACrsquo08) pp 4132ndash4137 Seoul South Korea July 2008
[21] A Guignard Symbolic generation of the automaton representingan algebraic description of a logic system [MS thesis] ENSCachan Cachan France 2011
[22] R P Grimaldi Discrete and Combinatorial Mathematics AnApplied Introduction Addison-Wesley Longman Boston MassUSA 5th edition 2004
[23] J-M Roussel and J-J Lesage ldquoAlgebraic synthesis of logicalcontrollers despite inconsistencies in specificationsrdquo in Proceed-ing of the 11th International Workshop on Discrete Event Systems(WODES rsquo12) pp 307ndash314 Guadalajara Mexico 2012
[24] H Leroux Algebraic Synthesis of Logical Controllers with Opti-mization Criteria ENS Cachan Cachan France 2011
[25] H Leroux and J -M Roussel ldquoAlgebraic synthesis of logicalcontrollers with optimization criteriardquo in Proceedings of the6th International Workshop on Verification and Evaluation ofComputer and Communication Systems (VECOS rsquo12) pp 103ndash114 Paris France 2012
[26] M Cantarelli and J Roussel ldquoReactive control system designusing the supervisory control theory evaluation of possibilitiesand limitsrdquo in Proceedings of 9th International Workshop onDiscrete Event Systems (WODES rsquo08) pp 200ndash205 GoteborgSweden May 2008
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Mathematical Problems in Engineering 5
The domain of a 119899-variable switching function has 2119899elements and the codomain has 2 elements hence there are22119899
119899-variable switching functions Let 119865119899(119861) be the set of the
22119899
119899-variable switching functions119865119899(119861) contains (119899 + 2) specific 119899-variable switching
functions the 2 constant functions (0 1) and the 119899 projection-functions (119891119894Proj) These functions are defined as follows
0119861119899 997888rarr 119861
(1198871198871 119887119887119899) ∣997888rarr
1198870
1119861119899 997888rarr 119861
(1198871198871 119887119887119899) ∣997888rarr
1198871
119891119894
Proj119861119899997888rarr 119861
(1198871198871 119887119887119899) ∣997888rarr
119887119887119894
(9)
119865119899(119861) can be equipped with three closed operations (two
binary and one unary operations)
Op + 119865119899(119861)2997888rarr 119865119899 (119861)
(119891 119892) ∣997888rarr 119891 + 119892
Op sdot 119865119899(119861)2997888rarr 119865119899 (119861)
(119891 119892) ∣997888rarr 119891 sdot 119892
Op 119865119899 (119861) 997888rarr 119865
119899 (119861)
119891 ∣997888rarr 119891
(10)
where forall(1198871198871 119887119887119899) isin 119861119899
(119891 + 119892) (1198871198871 119887119887119899)
= 119891 (1198871198871 119887119887119899) or 119892 (
1198871198871 119887119887119899)
(119891 sdot 119892) (1198871198871 119887119887119899)
= 119891 (1198871198871 119887119887119899) and 119892 (
1198871198871 119887119887119899)
119891 (1198871198871 119887119887119899) = not119891 (
1198871198871 119887119887119899)
(11)
(119865119899(119861) + sdot 0 1) is a Boolean algebra [22] Then it is
possible to write a Boolean formula of 119899-variable switch-ing functions and relations between Boolean formula of119899-variable switching functions In the case of 119899-variableswitching functions relations Equality and Inclusion can alsobe presented as follows
(i) 119891 and 119892 are equal (119891 = 119892) if and only if the columnsof the truth-tables of 119891 119892 are exactly the same thatis forall(
1198871198871 119887119887119899) isin 119861
119899 119891(1198871198871 119887119887119899) = 119892(
1198871198871
119887119887119899)
(ii) 119891 is included into 119892 (119891 le 119892) if and only if the valueof 119892 is always
1198871 when the value of 119891 is
1198871 that
is forall(1198871198871 119887119887119899) isin 119861
119899 [119891(1198871198871 119887119887119899) =
1198870] or[119892(1198871198871 119887119887119899) =1198871]
Remark 8 Each 119899-variable switching function can be ex-pressed as a composition of (1198911Proj 119891
119899
Proj 0 1) by opera-tions + sdot and
Therefore the Boolean algebra (119865119899(119861) + sdot 0 1) is a
mathematical framework which allows composing and tocomparing switching functions Thanks to the results pre-sented in the next subsection this framework allows alsosolving Boolean equations systems of switching functions
43 Solutions of Boolean Equations over Boolean Algebra119865119899(119861) In [15] Brown explains that many problems in the
application of Boolean algebra may be reduced to solving anequation of the form
119891 (119883) = 0 (12)
over a Boolean algebraB Formal procedures for producingsolution of this equationwere developed by Boole himself as away to treat problems of logical inference Boolean equationshave been studied extensively since Boolersquos initial work (abibliography of nearly 400 sources is presented in [14])Theseworks concern essentially the two-element Boolean algebra(1198870 1198871 or and not 1198870 1198871)In our case we focus on the Boolean algebra of 119899-
variable switching functions 119865119899(119861) We consider a Boolean
system composed of 119898 relations among members of 119865119899(119861)
for which 119896 of them are considered as unknowns Theoremspresented in this section permit to solve any system ofBoolean equations as it exists in a canonic form of a Booleansystem of 119896 unknowns and we are able to calculate solutionsfor this form
431 Canonic Form of a Boolean System of 119896 Unknowns overBoolean Algebra 119865
119899(119861) Consider the Boolean algebra of 119899-
variable switching functions (119865119899(119861) + sdot 0 1)
(i) Let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861)
(ii) Let (1199091 119909
119896) be 119896 elements of 119865
119899(119861) considered as
unknowns
For notational convenience we note ldquo119883119896rdquo as the vector
(1199091 119909
119896) of the 119896 unknowns and ldquoProjrdquo as the vector
(1198911
Proj 119891119899
Proj) of the 119899 projection-functions of 119865119899(119861)
Theorem 9 (reduction of a set of relations between 119899-variableswitching functions) Any set of simultaneously asserted rela-tions of switching functions can be reduced to a single equiva-lent relation such as
F (119883119896 Proj) = 0 (13)
This theorem comes fromTheorem 6In order to be able to write a canonic form for a Boolean
system of 119896 unknowns over Boolean algebra 119865119899(119861) we
introduce the following notation for 119909 isin 119865119899(119861) and 119886 isin 0 1
119909119886 is defined by
1199090= 119909 119909
1= 119909 (14)
6 Mathematical Problems in Engineering
This notation is extended to vectors as follows for 119883119896=
(1199091 119909
119896) isin 119865
119899(119861)119896 and 119860
119896= (1198861 119886
119896) isin 0 1
119896 119883119860119896119896
is defined by
119883119860119896
119896=
119894=119896
prod
119894=1
119909119886119894
119894= 1199091198861
119894sdot sdot sdot sdot sdot 119909
119886119896
119896 (15)
Theorem 10 (canonic form of a Boolean equation) AnyBoolean equation 119864119902(119883
119896 119875119903119900119895) = 0 can be expressed within
the canonic form
sum
119860119896isin01119896
Eq (119860119896 Proj) sdot 119883119860119896
119896= 0 (16)
where 119864119902(119860119896 119875119903119900119895) (with 119860
119896isin 0 1
119896) are the2119896119889119894119904119888119903119894119898119894119899119886119899119905119904 of 119864119902(119883
119896 119875119903119900119895) = 0 according to 119883
119896
(the term of ldquodiscriminantrdquo comes from [15])
This canonic form is obtained by expanding Eq(119883119896Proj)
according to the 119896 unknowns (1199091 119909
119896) For example we
haveEq (119909Proj) = Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909
Eq (1199091 1199092Proj) = Eq (0 0Proj) sdot 119909
1sdot 1199092
+ Eq (0 1Proj) sdot 1199091sdot 1199092
+ Eq (1 0Proj) sdot 1199091sdot 1199092
+ Eq (1 1Proj) sdot 1199091sdot 1199092
(17)
432 Solution of a Single-Unknown Equation over 119865119899(119861)
The following theorem has initially been demonstrated forthe two-element Boolean algebra [14] A generalization forall Boolean algebras can be found in [15] but no detaileddemonstration is given A new formalization of this theoremand its full demonstration are given below
Theorem 11 (solution of a single-unknown equation) TheBoolean equation over 119865
119899(119861)
119864119902 (119909 119875119903119900119895) = 0 (18)
for which the canonic form is
119864119902 (0 119875119903119900119895) sdot 119909 + 119864119902 (1 119875119903119900119895) sdot 119909 = 0 (19)
is consistent (ie has at least one solution) if and only if thefollowing condition is satisfied
119864119902 (0 119875119903119900119895) sdot 119864119902 (1 119875119903119900119895) = 0 (20)
In this case a general form of the solutions is
119909 = 119864119902 (0 119875119903119900119895) + 119901 sdot 119864119902 (1 119875119903119900119895) (21)
where 119901 is an arbitrary parameter that is a freely-chosenmember of 119865
119899(119861)
This solution can also be expressed as
119909 = 119864119902 (1 119875119903119900119895) sdot (119864119902 (0 119875119903119900119895) + 119901)
= 119901 sdot 119864119902 (0 119875119903119900119895) + 119901 sdot 119864119902 (1 119875119903119900119895)
(22)
Proof This theorem can be proved in four steps as follows
(a) Equation (18) is consistent if and only if (20) issatisfied
(b) Equation (21) is a solution of (18) if (20) is satisfied(c) each solution of (18) can be expressed as (21)(d) if (20) is satisfied the three parametric forms pro-
posed are equivalent
Step (a) can be proved as follows Equation (20) is asufficient condition for (18) to admit solutions since 119909 =
Eq(0Proj) is an obvious solution of (18) Equation (20) isalso a necessary condition as if (18) admits a solution then(18) can be also expressed thanks to the consensus theoremas Eq(0Proj) sdot119909+Eq(1Proj) sdot119909+Eq(0Proj) sdotEq(1Proj) = 0and we have necessarily Eq(0Proj) sdot Eq(1Proj) = 0
To prove Step (b) it is sufficient to substitute the expres-sion for 119909 from (21) into (18) and to use (20) as follows
Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909
= Eq (0Proj) sdot (Eq (0Proj) + 119901 sdot Eq(1Proj))
+ Eq (1Proj) sdot (Eq (0Proj) + 119901 sdot Eq(1Proj))
= Eq (0Proj) sdot Eq (0Proj) sdot (119901 sdot Eq (1Proj))
+ Eq (0Proj) sdot Eq (1Proj)
+ 119901 sdot Eq (1Proj) sdot Eq (1Proj)
= 0 + 0 + 0 = 0
(23)
To prove Step (c) it is sufficient to find one element 119901 of119865119899(119861) for each solution for 119909 of (18) Let us consider 119901 defined
by ldquo119901 = Eq(0Proj) sdot Eq(1Proj) sdot 119909rdquo where 119909 is a solution to(18) Then we have
Eq (0Proj) sdot Eq (1Proj) = 0Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909 = 0119901 = Eq(0Proj) sdot Eq(1Proj) sdot 119909
997904rArr 119909 = Eq (0Proj) + 119901 sdot Eq(1Proj)
(24)
as
119909 = 1 sdot 119909 = (Eq (0Proj) + Eq (1Proj)
+Eq (0Proj) sdot Eq (1Proj)) sdot 119909
= Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909
+ Eq (0Proj) sdot Eq (1Proj) sdot 119909
= Eq (0Proj) sdot 119909 + 0 + Eq (1Proj)
sdot (Eq (0Proj) sdot Eq (1Proj) sdot 119909)
as Eq (1Proj) sdot 119909 = 0
Mathematical Problems in Engineering 7
= Eq (0Proj) sdot 119909 + Eq (0Proj) sdot 119909
+ Eq (1Proj) sdot 119901 as Eq (0Proj) sdot 119909 = 0
= Eq (0Proj) sdot (119909 + 119909) + 119901 sdot Eq (1Proj)
= Eq (0Proj) + 119901 sdot Eq (1Proj)(25)
To prove Step (d) it is sufficient to rewrite (21) in the twoother forms by using (20) as follows
119909 = 1 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= (Eq (1Proj) + Eq (1Proj)) sdot Eq (0Proj)
+ 119901 sdot Eq (1Proj)
= Eq (0Proj) sdot Eq (1Proj) + (Eq (0Proj) + 119901)
sdot Eq(1Proj)
= 0 + Eq(1Proj) sdot (Eq (0Proj) + 119901)
= Eq (1Proj) sdot (Eq (0Proj) + 119901)
119909 = 1 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= (119901 + 119901) sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= 119901 sdot Eq (0Proj) + 119901 sdot (Eq (0Proj) + Eq (1Proj))
= 119901 sdot Eq (0Proj)
+ 119901 sdot (Eq (0Proj) sdot Eq (1Proj) + Eq (1Proj))
= 119901 sdot Eq (0Proj) + 119901 sdot (0 + Eq (1Proj))
= 119901 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)(26)
433 Solution of 119896-Unknown Equations over 119865119899(119861) The
global result presented in the following theorem can be foundin [14] or [15] However in these works the solution is notexpressed with a parametric form but with intervals onlyThe formulation presented in this paper is more adaptedto symbolic computation and is mandatory for practiceoptimization
A 119896-unknown equation can be solved by solving suc-cessively 119896 single-unknown equations If we consider the 119896-unknown equation as a single-unknown equation of 119909
119896 its
consistence condition corresponds to a (119896 minus 1)-unknownequationThe process can be iterated until 119909
1 After substitut-
ing 119878(1199091) for 119909
1in the last equation it is possible to find the
solution for 1199092 Then it is sufficient to apply this procedure
again (119896 minus 2) times to obtain successively the solutions 119878(1199093)
to 119878(119909119896)
Theorem 12 (solution of a 119896-unknown equation) TheBoolean equation over 119865
119899(119861)
1198641199020(119883119896 119875119903119900119895) = 0 (27)
is consistent (ie has at least one solution) if and only if thefollowing condition is satisfied
prod
119860119896isin01119896
1198641199020(119860119896 119875119903119900119895) = 0 (28)
If (28) is satisfied (27) admits one or more 119896-tuple solutions(119878(1199091) 119878(119909
119896)) such each component 119878(119909
119894) is defined by
119878 (119909119894) = prod
119860119896minus119894isin01119896minus119894
119864119902119894minus1
(0 119860119896minus119894 119875119903119900119895)
+ 119901119894sdot prod
119860119896minus119894isin01119896minus119894
119864119902119894minus1
(1 119860119896minus119894 119875119903119900119895)
(29)
with
(i) 119864119902119894(119909119894+1 119909
119896 119875119903119900119895) = 119864119902
119894minus1(119909119894 119909119894+1 119909
119896
119875119903119900119895)|119909119894larr119878(119909119894)
(ii) 119901119894is an arbitrary parameter that is a freely-chosen
member of 119865119899(119861)
The full demonstration of this theorem cannot be givenin this paper because of lack of space (a full demonstration bymathematical induction can be found in [8]) A description ofthe different steps of the proof and the detail of the principalsteps are given below
Proof (elements of Proof) Equation (27) can be solved byapplying Theorems 3 and 11 119896 times according to theunknowns 119909
119896to 1199091as follows
According toTheorem 3 (27) is equivalent to
Eq0(119883119896minus1
0Proj) sdot 119909119896+ Eq0(119883119896minus1
1Proj) sdot 119909119896= 0 (30)
According to Theorem 11 (30) admits solutions in 119909119896if and
only if
Eq0(119883119896minus1
0Proj) sdot Eq0(119883119896minus1
1Proj) = 0 (31)
Equation (31) is an equationwith (119896minus1)unknowns Each termof (31) can be expanded according to 119909
119896minus1and (31) can be
written in the form
(Eq0(119883119896minus2
0 0Proj) sdot Eq0(119883119896minus2
0 1Proj)) sdot 119909119896minus1
+ (Eq0(119883119896minus2
1 0Proj) sdot Eq0(119883119896minus2
1 1Proj)) sdot 119909119896minus1
= 0
(32)
According toTheorem 11 (32) admits solutions in 119909119896minus1
if andonly if
prod
1198602isin012
Eq0(119883119896minus2
1198602Proj) = 0 (33)
8 Mathematical Problems in Engineering
Equation (33) is an equation with (119896 minus 2) unknowns Eachterm of (33) can be expanded according to 119909
119896minus2and (33) can
be written in the form
( prod
1198602isin012
Eq0(119883119896minus3
0 1198602Proj)) sdot 119909
119896minus2
+ ( prod
1198602isin012
Eq0(119883119896minus3
1 1198602Proj)) sdot 119909
119896minus2= 0
(34)
In the end we obtain an equation of only one unknown1199091defined by
( prod
119860119896minus1isin01119896minus1
Eq0(0 119860119896minus1
Proj)) sdot 1199091
+ ( prod
119860119896minus1isin01119896minus1
Eq0(1 119860119896minus1
Proj)) sdot 1199091= 0
(35)
According to Theorem 11 (35) admits solutions if andonly if
prod
119860119896isin01119896
Eq0(119860119896Proj) = 0 (36)
When (36) is satisfied the 119896 equations for 1199091to 119909119896
admit solutions Equation (27) is then coherent and admitssolutions
When (36) is satisfied solutions of (35) for 1199091are
119878 (1199091) = prod
119860119896minus1isin01119896minus1
Eq0(0 119860119896minus1
Proj)
+ 1199011sdot prod
119860119896minus1isin01119896minus1
Eq0(1 119860119896minus1
Proj)(37)
After substituting 119878(1199091) for 119909
1into (27) we obtain a new
equation Eq1(1199092 119909
119896Proj) = 0 involving the (119896 minus 1)
unknowns (1199092 119909
119896) where
Eq1(1199092 119909
119896Proj) = Eq
0(1199091 1199092 119909
119896Proj) |
1199091larr119878(1199091)
(38)
By applying the previous procedure we can obtain 119878(1199092)
and Eq2(1199093 119909
119896Proj)Then it suffices to apply this proce-
dure again (119896minus2) times to obtain successively solutions 119878(1199093)
to 119878(119909119896)
It is important to note that the order in which unknownsare treated affects only the parametric form of the 119896-tuplesolutionThis is due to the fact that the same 119896-tuple solutioncan be represented with several distinct parametric forms
434 Partial Conclusions Thanks to theorems presentedabove it is possible to obtain a parametric representationof all the solutions of any set of simultaneously assertedrelations with 119896 unknowns if a solution exists In practicedue to the complexity of systems to be designed proposedset of simultaneously asserted relations is generally incon-sistent [23] To simplify the work of the designer we haveproved complementary theorems to improve the robustnessof our method to the lack of precision of the specifications(Section 44)
When several solutions exist the comparison of solutionsaccording to a given criterion can be envisaged since theBoolean algebra 119865
119899(119861) is equipped with a partial order To
simplify the work of the designer too we have developed amethod to calculate the best solutions according to one orseveral criteria (Section 45)
44Theorems toCopewith Inconsistencies of Specifications Inpractice it is very difficult for a designer to specify the wholerequirements of a complex system without inconsistencies Itis the reasonwhy requirements given by the designer are oftendeclared as inconsistent according to Theorem 12 Since theinconsistency condition is a Boolean formula it is possible touse it for the detection of the origin of inconsistencies Twocases have to be considered as follows
(i) Several requirements cannot be simultaneouslyrespected In this case a hierarchy between require-ments can be proposed in order to find a solutionThe requirements which have the lower priority haveto be corrected for becoming consistent with therequirements which have the higher priority Thisstrategy is based onTheorem 14
(ii) Thedetected inconsistency refers to specific combina-tions of projection-functions for which the designerknows that they are impossible blocking the synthesisprocess it is necessary to introduce new assumptionsand to use Theorem 13
Theorem 13 (solution of a Boolean equation according to anassumption among the projection-functions) The followingproblem
Equationtosolve
1198641199020(119883119896 119875119903119900119895) = 0
Assumptions
A (119875119903119900119895) = 0
(39)
admits the same solutions as the following equation
1198641199020(119883119896 119875119903119900119895) le A (119875119903119900119895) (40)
Mathematical Problems in Engineering 9
Proof According to A(Proj) = 0 Eq0(119883119896Proj) = 0 can be
rewritten as
Eq0(119883119896Proj) = 0
A (Proj) = 0
lArrrArr A (Proj) + Eq0(119883119896Proj) = 0
lArrrArr A (Proj) +A (Proj) sdot Eq0(119883119896Proj) = 0
lArrrArr A(Proj) sdot Eq
0(119883119896Proj) = 0
A (Proj) = 0
lArrrArr Eq0(119883119896Proj) le A (Proj)
A (Proj) = 0
(41)
EquationA(Proj) sdot Eq0(119883119896Proj) = 0 is consistent if and
only if the following condition is true (Theorem 12)
A (Proj) sdot prod
119860119896isin01119896
Eq0(119860119896Proj) = 0 (42)
By construction this new condition is the subset of theinitial condition (prod
119860119896isin01119896Eq0(119860119896Proj) = 0) for which the
proposed assumption is satisfied All the other terms havebeen removed
If (42) is satisfied (40) admits one or more 119896-tuplesolutions where each component 119878(119909
119894) is defined by
119878 (119909119894) = A(Proj)
sdot ( prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(0 119860119896minus119894Proj)
+ 119901119894sdot prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(1 119860119896minus119894Proj))
+A (Proj) sdot 119901119894
(43)
AsA(Proj) = 0 119878(119909119894) can also be expressed as
119878 (119909119894) = prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(0 119860119896minus119894Proj) + 119901
119894
sdot prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(1 119860119896minus119894Proj)
(44)
When A(Proj) = 0 is satisfied the solutions of (40) are alsosolution to Eq
0(119883119896Proj) = 0
Theorem 14 (Solution of a Boolean equation system accord-ing to a priority rule between requirements) The followingproblem
119864119902119906119886119905119894119900119899119904119904119910119904119905119890119898119905119900solve
119867119877 FH (119883119896 119875119903119900119895) = 0
119871119877 FL (119883119896 119875119903119900119895) = 0
119874119877 FO (119883119896 119875119903119900119895) = 0
119875119903119894119900119903119894119905119910119903119906119897119890119887119890119905119908119890119890119899requirements
119867119877 ≫ 119871119877
(45)
where
(i) FH(119883119896 119875119903119900119895) = 0 is the formal expression of therequirements which have the higher priority (HR)
(ii) FL(119883119896 119875119903119900119895) = 0 is the formal expression of therequirements which have the lower priority (LR)
(iii) FO(119883119896 119875119903119900119895) = 0 is the formal expression of the othersrequirements (OR)
(iv) 119867119877 ≫ 119871119877 is the priority rule between inconsistentrequirements
admits the same solutions as the system of equations as follows
FH (119883119896 119875119903119900119895) = 0
FL (119883119896 119875119903119900119895) le I (119875119903119900119895)
FO (119883119896 119875119903119900119895) = 0
(46)
whereI(119875119903119900119895) is the inconsistency condition between require-ments ldquoHRrdquo and ldquoLRrdquo
I (119875119903119900119895) = prod
119860119896isin01119896
(FH (119860119896 119875119903119900119895) +FL (119860
119896 119875119903119900119895))
(47)
Proof Thanks to Theorem 12 the inconsistency conditionI(Proj) between requirements ldquoHRrdquo and ldquoLRrdquo can be foundby solving equation FH(119883119896Proj) + FL(119883119896Proj) = 0 Wehave
I (Proj) = prod
119860119896isin01119896
(FH (119860119896Proj) +FL (119860
119896Proj))
(48)
To remove the inconsistency between requirements ldquoHRrdquo andldquoLRrdquo according to the priority rule ldquoHR≫ LRrdquo it is necessaryto restrict the range of requirement ldquoLRrdquo to the part for whichthere is no inconsistency that is I(Proj) = 0 That is thecase whenFL(119883119896Proj) = 0 is replaced byFL(119883119896Proj) leI (Proj)
Thanks to Theorem 12 (49) admits always one or more119896-tuple solutions and it is impossible to find a less restrictivecondition over requirement ldquoLRrdquo
FH (119883119896Proj) = 0
FL (119883119896Proj) le I (Proj)
(49)
10 Mathematical Problems in Engineering
45 Optimal Solutions of Boolean Equations over 119865119899(119861) The
goal of this step is to be able to obtain automatically theparametric form of the 119896-tuples solutions of 119865
119899(119861) which
satisfy not only a given equation (Eq(119883119896Proj) = 0) of
Boolean functions but also which maximize (or minimize) aBoolean formula of these Boolean functions (F
119862(119883119896Proj))
corresponding to the desired optimization criterionGenerally speaking the search of the best solution tuples
according to a given criterion when the space of solutions iscomposed of discrete values is a complex mathematical issueIt is sometimes necessary to make a side-by-side comparisonof each solution in order to identify the best one In our casethis exhaustive method which cannot be used as 119865
119899(119861) is only
provided by a partial order two particular solutions cannotalways be ordered between themselves
Nevertheless it is possible to obtain the researchedparametric form of the 119896-tuples thanks to the followingresults
(i) When an equation between Boolean functions hasone or more solution tuples in 119865
119899(119861) every Boolean
formula onto these Boolean functions can be rewrit-ten thanks to only projection-functions of 119865
119899(119861) and
free parameters of 119865119899(119861) which are describing these
solution tuples(ii) Every Boolean formula expressed as a composition
of projection-functions of 119865119899(119861) and free parameters
of 119865119899(119861) has a unique maximum and a unique
minimumThese extrema can be expressed thanks toonly projection-functions of 119865
119899(119861)
Hence it is then possible to rewrite the initial problem
Problem to solve
Eq (119883119896Proj) = 0
Optimization Criterion
Maximization of FC (119883119896Proj)
(50)
into a 2-equation system to solve
Eq (119883119896Proj) = 0
F119862(119883119896Proj) = Max
119883119896|Eq(119883119896 Proj)=0(F119862(119883119896Proj)) (51)
451 Extrema of a Boolean Formula according to FreelyChosen Members of 119865
119899(119861) Considering the Boolean algebra
of 119899-variable switching functions (119865119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861)
(ii) let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector
Any formula F(119875119896Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) defines a subset of 119865
119899(119861) According to
the relation le elements of this subset can be compared
In this specific case the subset defined byF(119875119896Proj) admits
a minimal element and a maximal element
Theorem 15 (minimum and maximum of a Boolean for-mula) Any formulaF(119875
119896 Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) admits a minimum and amaximum defined
as follows
Min119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = prod
119860119896isin01119896
F (119860119896 Proj)
Max119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = sum
119860119896isin01119896
F (119860119896 Proj)
(52)
Proof To prove this theorem it is necessary to establish that
(1) prod119860119896isin01
119896F(119860119896Proj) is a lower bound of F(119875
119896
Proj)(2) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = prod
119860119896isin01119896F(119860
119896Proj)
(3) sum119860119896isin01
119896F(119860119896Proj) is an upper bound of F(119875
119896
Proj)(4) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = sum
119860119896isin01119896F(119860
119896Proj)
Details of this proof can be found in [24]
452 Optimization Problem Considering the Boolean alge-bra of 119899-variable switching functions (119865
119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861) Let ldquoProjrdquo be the corresponding vector
(ii) Let (1199091 119909
119896) be 119896 elements of 119865
119899(119861) considered as
unknowns Let ldquo119883119896rdquo be the corresponding vector
(iii) Let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector(iv) Let Eq(119883
119896Proj) = 0 be the Boolean equation to solve
(v) LetFC(119883119896Proj) be the Boolean formula of the givencriterion to optimize (maximization or minimiza-tion)
Themethod we propose to obtain the parametric form ofthe 119896-tuple of switching functions solution of Eq(119883
119896Proj) =
0 according to a given optimization criterionFC(119883119896Proj) iscomposed of five steps as follows
(i) The first step is to establish the parametric form of the119896-tuple solution to Eq(119883
119896Proj) = 0 only thanks to
Theorem 12(ii) The second step is to establish the parametric form
of the given optimization criterion FC(119883119896Proj) bysubstituting 119878(119909
119894) for 119909
119894 Let FSC(119875119896Proj) be the
result of this substitution(iii) The third step is to calculate the extremum
of FSC(119875119896Proj) according to Theorem 15 LetFEC(Proj) be the Boolean formula of this extremum
Mathematical Problems in Engineering 11
Pump1
Pump2
To the distributing system
Tank
Figure 4 Structure of the water supply system
(iv) The fourth step is to replace the given criterion by theequivalent relation
F119862(119883119896Proj) = FEC (Proj) (53)
(v) The fifth step is to establish the parametric form of the119896-tuple solution of the equivalent problem
Eq (119883119896Proj) = 0
FCrit (119883119896Proj) = FExtCrit (Proj) (54)
453 Partial Conclusions Thanks to theorems presentedin this section it is now possible to obtain a parametricrepresentation of the optimal solutions according to a givencriterion of any set of simultaneously asserted relations with119896 unknowns if a solution exists
The proposed method also permits to associate simulta-neously or sequentially several criteria
(i) When several criteria are treated simultaneously theoptimization problem can admit no solution That isthe case when the given criteria are antagonist
(ii) When several criteria are treated sequentially theobtained solutions satisfy the criteria with a givenpriority order An example of optimization withseveral criteria treated sequentially is presented in thenext section
5 Algebraic Synthesis of LogicalControllers with Optimization Criteriaand Incoherent Requirements
51 Control System Specifications The studied system is thecontroller of a water supply system composed of two pumpswhich are working in redundancy (Figure 4) The waterdistribution is made when it is necessary according to thepossible failures of elements (the pumps and the distributingsystem)
The expected behavior of the control system regardingthe application requirements can be expressed by the set ofassertions given hereafter
(i) The two pumps never operate simultaneously(ii) A pump cannot operate if it is out of order
(iii) When a global failure is detected no pump canoperate
(iv) Pumps can operate if and only if a water distributionrequest is present
(v) Priority is given according to ldquoprrdquo (pump1 has prioritywhen ldquoprrdquo is true)
(vi) In order to reduce the wear of the pumps it isnecessary to restrict the number of starting of thepumps
511 Inputs and Outputs of the Controller The Booleaninputs and outputs of this controller are given in Figure 5(a)Each pump is controlled thanks to a Boolean output (ldquop1rdquoand ldquop2rdquo) The controller is informed of water distributionrequests thanks to the input ldquoreqrdquo Inputs ldquof1rdquo and ldquof2rdquo informthe controller of a failure of the corresponding pump and ldquogf rdquoindicates a global failure of the installation The values o or 1of input ldquoPrrdquo decide which pump has priority
512 Control Laws to Synthetize Our approach does notallow identifying automatically which state variables mustbe used They are given by the designer according to itsinterpretation of the specification
For the water distribution system we propose to use 2state variables one for each output According to this choice2 7-variable switching functions (1198751 and 1198752) have to besynthesized (Figure 5(b)) They represent the unknowns ofour problem For this case study the 7 projection-functionsof 1198657(119861) are therefore as follows
(i) The 5 switching functions (Rq F1 F2 GF and Pr)which characterize the behavior of the inputs of thecontroller and are defined as follows
Rq1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr rq [119896] (55)
(ii) The 2 switching functions (1199011198751 and
1199011198752) which char-
acterize the previous behavior of the state variables ofthe controller and are defined as follows
1199011198751 1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr p1 [119896 minus 1] (56)
52 Algebraic Formalization of Requirements The completeformalization of the behavior of the water distribution systemis given in Figure 5(c) In order to illustrate the powerof expression of relations Equality and Inclusion severalexamples (generic assertions and equivalent formal relationsillustrated in the case study) are given hereafter It is impor-tant to note that the relation Inclusion permits to expressdistinctly necessary conditions and sufficient conditionsThisrelation is the cornerstone of our approach
(i) Pump1 and Pump2 never operate simultaneously1198751sdot1198752 = 0
(ii) If Pump1 operates Pump2 cannot operate 1198751 le 1198752
12 Mathematical Problems in Engineering
(a) Inputs and Outputs of the Controller
Control ofthe water
distributionsystem
(Request of water) rq(Pump1 failure) f1(Pump2 failure) f2(Global failure) gf
(Priority to Pump1) pr
p1 (Command of Pump1)
p2 (Command of Pump2)
(b) General form of the Expected Control Laws
p1 [119896] = P1 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p2 [119896] = P2 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
(c) Formal Specification
Requirements
R1 P1 sdot P2 = 0 (lowastThe two pumps never operate simultaneouslylowast)R2 F1 le P1 (lowastPump 1 cannot operate if it is out of order (F1)lowast)R3 F2 le P2 (lowastPump2 cannot operate if it is out of order (F2)lowast)R4 GF le (P1 sdot P2) (lowastWhen a global failure is detected (GF) no pump can operatelowast)R5 (P1 + P2) le Rq (lowastIt is necessary to have are quest for pumps operatelowast)R6 Rq le (P1 + P2) (lowastIt is sufficient to have a request for pumps operatelowast)
Priority rules
R4 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)R2R3 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)
Optimization criteria
(1) Minimization of ((P1 sdot1199011198751) + (P2 sdot
1199011198752)) (lowastMinimization of the possibility to start a pumplowast)
(2) Maximization of ((Pr sdot P1) + (Pr sdot P2)) (lowastMaximization of the priority order between the two pumpslowast)
(d) Solution obtained by symbolic calculation
P1 = Rq sdot GF sdot F1 sdot (F2 + Pr sdot (1199011198751+1199011198752) +
119901P 1 sdot1199011198752)
P2 = Rq sdot GF sdot F2 sdot (F1 + Pr sdot (1199011198752+1199011198751) +
119901P 2 sdot1199011198751)
(e) Control laws of the water distribution system
p1 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f2 [119896] or pr [119896] and (p1 [119896 minus 1] or notp2 [119896 minus 1]) or p1 [119896 minus 1] and notp2 [119896 minus 1])
p2 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f1 [119896] or pr [119896] and (p2 [119896 minus 1] or notp1 [119896 minus 1]) or p2 [119896 minus 1] and notp1 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
Figure 5 Details of the case study
Mathematical Problems in Engineering 13
(iii) It is necessary to have a request for pumps operate(1198751 + 1198752) le Rq
(iv) It is sufficient to have a request for pumps operateRq le (1198751 + 1198752)
(v) When Pump1 is failed it is sufficient to have a requestfor Pump2 operate F1 sdot Rq le 1198752
(vi) When Pump1 is failed it is necessary to have a requestfor Pump2 operate F1 sdot 1198752 le Rq
It is possible to prove that some of these formal expres-sions are equivalent (eg the first two) When a designerhesitates between two forms he has the possibility by usingsymbolic calculation to check if the proposed relations areequivalent or not
As 1198751 and1199011198751 represent the behavior of pump1 at
respectively times [119896] and [119896minus1] it is also possible to expressrelations about starts and stops of this pump as follows
(i) It is necessary to have a request to start pump1 (1198751 sdot1199011198751) le Rq
(ii) When pump1 operates it is sufficient to have a globalfailure to stop pump1 (
1199011198751 sdot GF) le (1198751 sdot
1199011198751)
53 Synthesis Process In traditional design methods thedesign procedure of a logic controller is not a linear processbut an iterative one converging to an acceptable solution Atthe beginning of the design requirements are neither com-plete nor without errors Most often new requirements areadded during the search of solutions and others are cor-rected This complementary information is given by thedesigner after analysis of the partial solutions he foundor when inconsistencies have been detected If we do notmake the hypothesis that the specifications are complete andconsistent designing a controller with a synthesis techniqueis also an iterative process in which the designer plays animportant role
531 Analysis of Requirements For this case study we chooseto start with requirements R1 to R6 For this subset ofrequirements the result given by your software tool was thefollowing inconsistency conditionI = Rq sdotGF+Rq sdotF1 sdotF2
Since requirements are declared inconsistent we have togive complementary information to precise our specificationBy analyzing each term of this formula it is possible to detectthe origin of the inconsistency
(i) Rq sdot GF what happens if we have simultaneouslya request and a global failure We consider thatrequirement R4 is more important than requirementR6 (R4 ≫ R6) as no pump can operate for thisconfiguration
(ii) Rq sdot F1 sdot F2 what happens if we have simultaneouslya request and a failure of each pump We considerthat requirements R2 and R3 aremore important thanrequirement R6 (R2R3 ≫ R6)
With these priority rules all the requirements are nowcoherent and the set of all the solutions can be computed
532 Optimal Solutions For choosing a control law of thewater supply system among this set of possible solutions wewill now take into account the given optimization criteriaThe first criterion aims at minimizing the number of startingof each pump in order to reduce its wearThe second criterionaims atmaximizing the use of the pump indicated by the valueof parameter Pr The method we propose allows proving thatproposed criteria cannot be treated simultaneously since theyare antagonist (to strictly the priority use of the pump fixedby parameter Pr it is necessary to permute pumps when Prchanges of value implying a supplementary start of a pump)Details can be found in [25]
All the priorities rules and optimization criteria used forthis case study are given in Figure 5(c)The solutionwe obtainis proposed in Figure 5(d)
533 Implementing Control Laws The synthesized controllaws presented in Figure 5(e) have been obtained by trans-lating the expression of the two unknowns according tothe projection-functions into relations between recurrentBoolean equations These control laws can be automaticallytranslated in the syntax of the ladder diagram language [1]before being implemented into a PLCThe code is composedof only 4 rungs (Figure 6)
The synthesized control laws can be given under theform of an automatically built inputoutput automaton withguarded transitions [21] (Figure 7)
6 Discussion
In our approach the synthesis of control laws is based onthe symbolic calculation a prototype software tool has beendeveloped to avoid tedious calculus and to aid the designerduring the different steps of the synthesis This tool (thatcan be obtained on request by the authors) performs all thecomputations required for inconsistencies detection betweenrequirements and for control laws generation In this toolall the Boolean formulas are stored in the form of reducedordered binary decision diagrams which allows efficientcalculations For example the computations for synthesizinga controller for the water supply system that we developedabove have been made in less than 10ms onto a classicallaptop
Our approach has been tested on several studies cases(some of them are available online httpwwwlurpaens-cachanfr-226050kjsp) The feedbacks of these experiencesallowed us to identify some of its limits and its possibilitiesthe most important are given below
We have first to recall that our method can only be usedfor binary systems (systems whose inputs and outputs of theircontroller are Boolean values)Nevertheless in practicemanysystems like manufacturing systems transport systems andso on are fully or partially binary
In our opinion the main advantage of our approachis that contrary to traditional engineering approaches thesynthesized control laws are not depending on designerrsquos skillor of his correct interpretation of the system requirementsOn the other hand the quality of the synthesis results highly
14 Mathematical Problems in Engineering
|+--| |-------------------------------( )--+| |
|
|+--| |-------------------------------( )--+| |
|
Rung 1 command of pump 1
rq gf p1
rq gf p2f1
f1
f2
f2
pr
pr
pp1
pp1
pp1
pp1
pp2
pp2
pp2
pp2
Rung 2 command of pump 2
Rung 3 update previous value of pump 1
Rung 4 update previous value of pump 2
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|
|
|
|
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
p1
p2
pp1
pp2
Figure 6 Ladder diagram of the code to implement into the PLC
Table 1 Futures concerning a same case study
Formal requirements Synthesized controller PLC program (structured text)
Supervisory Control TheoryPlant behavior 11 finite automata(481 states and 1330 transitions)Specifications 11 finite automata
Finite automaton of 45states and 70 transitions 130 lines
Algebraic synthesis 8 equations and 2 priority rules 2 6-variable switchingfunctions 4 lines
E0-1 = rq and notgf and notf1and (f2 or pr)E0-2 = rq and notgf and notf2 and (f1or notpr)
E1-0 = notrq or gf or f1 and f2
E2-0 = notrq or gf or f1 and f2E2-1 = rq and notgf and f2 and notf1E2-1 = rq and notgf and f2 and notf1
E2-0 E0-2
E0-1
E1-0
E 2-1
E 1-2
0 1
2
p1
p2
E1-2 = rq and notgf and f1 and notf2Figure 7 State model of the obtained control law
depends on the relevance of the requirements proposed bythe designerThis step of formalization by the designer of theinformal requirements of the system to be controlled is theAchilles heel of all synthesis methods including the Supervi-sory Control Theory (SCT) and cannot be automated
The objective comparison of our approach with othersynthesis methods and more especially with SCT is verydifficult because the models used and the theoretical basicsare very different Nevertheless we tested both approaches onsame study cases One of them the control of an automaticparking gate has been published in [26]The results obtainedin this case are summarized in Table 1
Furthermore one may note that the supervisor thatis synthesized by SCT is optimal in the sense where it
is the most permissive that is the one that reduces theless the plant behavior in order to force it to respect thespecifications As shown in this paper our method allowsto cope with inconsistencies in specifications what is notpossible with SCT and also allows to find optimal controllersby choosing different optimization criteria (most permissivemost restrictive most safe controller etc)
7 Conclusion
Many research works in the field of DES aim at formalizingsteps of the systems life cycle Since 20 years significantprogresses have been obtained for the synthesis verificationperformance evaluation and diagnosis of DESs Neverthe-less one of the common difficulties of these works is thetranslation of informal expression of the knowledge of asystem into formal requirements Few works have paidattention to this important task which is very error prone Inthis paper we proposed an iterative process that allows copingwith inconsistencies of the requirements during the synthesisof the controller The framework in which we proposed thisapproach is an algebraic synthesis method Since the problemis located in the frontier between formal and informalintervention of the designer is necessary Nevertheless wehave shown that this intervention can be guided by the resultsof the formal method provides
Mathematical Problems in Engineering 15
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] International Electrotechnical Commission IEC 61131-3 IEC61131-3 Standard Programmable Controllers-Part 3 Program-ming Languages International Electrotechnical Commission2nd edition 2003
[2] G Frey and L Litz ldquoFormal methods in PLC programmingrdquoin Proceedings of the IEEE International Conference on SystemsMan and Cybernetics vol 4 pp 2431ndash2436 October 2000
[3] B Berard M Bidoit A Finkel et al Systems and Software Ver-ification Model-Checking Techniques and Tools Springer NewYork NY USA 1st edition 1999
[4] H Bel Mokadem B Berard V Gourcuff O De Smet andJ Roussel ldquoVerification of a timed multitask system withUPPAALrdquo IEEE Transactions on Automation Science and Engi-neering vol 7 no 4 pp 921ndash932 2010
[5] J L Boulanger Ed Industrial Use of Formal Methods FormalVerification (ISTE) Wiley-ISTE New York NY USA 2012
[6] P J G Ramadge andWMWonham ldquoControl of discrete eventsystemsrdquo Proceedings of the IEEE vol 77 no 1 pp 81ndash98 1989
[7] P Gohari and W M Wonham ldquoOn the complexity of supervi-sory control design in the RW frameworkrdquo IEEE Transactionson Systems Man and Cybernetics B vol 30 no 5 pp 643ndash6522000
[8] Y Hietter Synthese algebrique de lois de commande pour lessystemes a evenements discrets logiques [PhD thesis] ENSCachan Cachan France 2009
[9] H-M Hanisch A Lueder and J Thieme ldquoModular plantmodeling technique and related controller synthesis problemsrdquoin Proceedings of the 1998 IEEE International Conference onSystems Man and Cybernetics pp 686ndash691 October 1998
[10] J-M Roussel and A Giua ldquoDesigning dependable logic con-trollers using the supervisory control theoryrdquo in Proceedings ofthe 16th IFACWorld Congress cDRom paper 4427 p 6 PrahaCzech Republic 2005
[11] D A Huffman ldquoThe synthesis of sequential switching circuitsrdquoJournal of the Franklin Institute vol 257 no 3-4 pp 161ndash3031954
[12] G H Mealy ldquoA method for synthesizing sequential circuitsrdquoBell System Technical Journal vol 34 no 5 pp 1045ndash1079 1955
[13] E F Moore ldquoGedanken-experiments on sequential machinesrdquoin Automata Studies pp 129ndash153 Princeton University PressPrinceton NJ USA 1956
[14] S Rudeanu Lattice Functions and Equations (Discrete Mathe-matics and Theoretical Computer Science) Springer New YorkNY USA 2001
[15] FM Brown Boolean Reasoning the Logic of Boolean EquationsDover Mineola NY USA 2003
[16] A Pnueli andR Rosner ldquoOn the synthesis of a reactivemodulerdquoin Proceedings of the 16th ACM symposium on Principles ofprogramming languages (POPL rsquo89) pp 179ndash190 ACM NewYork NY USA 1989
[17] E Filiot N Jin and J Raskin ldquoAntichains and compositionalalgorithms for LTL synthesisrdquoFormalMethods in SystemDesignvol 39 no 3 pp 261ndash296 2011
[18] J Machado B Denis J J Lesage J M Faure and J FereiraldquoLogic controllers dependability verification using a plantmodelrdquo in Proceedings of the 3rd IFAC Workshop on Discrete-Event System Design (DESDes rsquo06) pp 37ndash42 Rydzyna Poland2006
[19] Y Hietter J-M Roussel and J-L Lesage ldquoAlgebraic synthesisof transition conditions of a state modelrdquo in Proceedings of the9th International Workshop on Discrete Event Systems (WODESrsquo08) pp 187ndash192 Goteborg Sweden May 2008
[20] Y Hietter J-M Roussel and J J Lesage ldquoAlgebraic synthesis ofdependable logic controllersrdquo in Proceedings of the 17th WorldCongress International Federation of Automatic Control (IFACrsquo08) pp 4132ndash4137 Seoul South Korea July 2008
[21] A Guignard Symbolic generation of the automaton representingan algebraic description of a logic system [MS thesis] ENSCachan Cachan France 2011
[22] R P Grimaldi Discrete and Combinatorial Mathematics AnApplied Introduction Addison-Wesley Longman Boston MassUSA 5th edition 2004
[23] J-M Roussel and J-J Lesage ldquoAlgebraic synthesis of logicalcontrollers despite inconsistencies in specificationsrdquo in Proceed-ing of the 11th International Workshop on Discrete Event Systems(WODES rsquo12) pp 307ndash314 Guadalajara Mexico 2012
[24] H Leroux Algebraic Synthesis of Logical Controllers with Opti-mization Criteria ENS Cachan Cachan France 2011
[25] H Leroux and J -M Roussel ldquoAlgebraic synthesis of logicalcontrollers with optimization criteriardquo in Proceedings of the6th International Workshop on Verification and Evaluation ofComputer and Communication Systems (VECOS rsquo12) pp 103ndash114 Paris France 2012
[26] M Cantarelli and J Roussel ldquoReactive control system designusing the supervisory control theory evaluation of possibilitiesand limitsrdquo in Proceedings of 9th International Workshop onDiscrete Event Systems (WODES rsquo08) pp 200ndash205 GoteborgSweden May 2008
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
6 Mathematical Problems in Engineering
This notation is extended to vectors as follows for 119883119896=
(1199091 119909
119896) isin 119865
119899(119861)119896 and 119860
119896= (1198861 119886
119896) isin 0 1
119896 119883119860119896119896
is defined by
119883119860119896
119896=
119894=119896
prod
119894=1
119909119886119894
119894= 1199091198861
119894sdot sdot sdot sdot sdot 119909
119886119896
119896 (15)
Theorem 10 (canonic form of a Boolean equation) AnyBoolean equation 119864119902(119883
119896 119875119903119900119895) = 0 can be expressed within
the canonic form
sum
119860119896isin01119896
Eq (119860119896 Proj) sdot 119883119860119896
119896= 0 (16)
where 119864119902(119860119896 119875119903119900119895) (with 119860
119896isin 0 1
119896) are the2119896119889119894119904119888119903119894119898119894119899119886119899119905119904 of 119864119902(119883
119896 119875119903119900119895) = 0 according to 119883
119896
(the term of ldquodiscriminantrdquo comes from [15])
This canonic form is obtained by expanding Eq(119883119896Proj)
according to the 119896 unknowns (1199091 119909
119896) For example we
haveEq (119909Proj) = Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909
Eq (1199091 1199092Proj) = Eq (0 0Proj) sdot 119909
1sdot 1199092
+ Eq (0 1Proj) sdot 1199091sdot 1199092
+ Eq (1 0Proj) sdot 1199091sdot 1199092
+ Eq (1 1Proj) sdot 1199091sdot 1199092
(17)
432 Solution of a Single-Unknown Equation over 119865119899(119861)
The following theorem has initially been demonstrated forthe two-element Boolean algebra [14] A generalization forall Boolean algebras can be found in [15] but no detaileddemonstration is given A new formalization of this theoremand its full demonstration are given below
Theorem 11 (solution of a single-unknown equation) TheBoolean equation over 119865
119899(119861)
119864119902 (119909 119875119903119900119895) = 0 (18)
for which the canonic form is
119864119902 (0 119875119903119900119895) sdot 119909 + 119864119902 (1 119875119903119900119895) sdot 119909 = 0 (19)
is consistent (ie has at least one solution) if and only if thefollowing condition is satisfied
119864119902 (0 119875119903119900119895) sdot 119864119902 (1 119875119903119900119895) = 0 (20)
In this case a general form of the solutions is
119909 = 119864119902 (0 119875119903119900119895) + 119901 sdot 119864119902 (1 119875119903119900119895) (21)
where 119901 is an arbitrary parameter that is a freely-chosenmember of 119865
119899(119861)
This solution can also be expressed as
119909 = 119864119902 (1 119875119903119900119895) sdot (119864119902 (0 119875119903119900119895) + 119901)
= 119901 sdot 119864119902 (0 119875119903119900119895) + 119901 sdot 119864119902 (1 119875119903119900119895)
(22)
Proof This theorem can be proved in four steps as follows
(a) Equation (18) is consistent if and only if (20) issatisfied
(b) Equation (21) is a solution of (18) if (20) is satisfied(c) each solution of (18) can be expressed as (21)(d) if (20) is satisfied the three parametric forms pro-
posed are equivalent
Step (a) can be proved as follows Equation (20) is asufficient condition for (18) to admit solutions since 119909 =
Eq(0Proj) is an obvious solution of (18) Equation (20) isalso a necessary condition as if (18) admits a solution then(18) can be also expressed thanks to the consensus theoremas Eq(0Proj) sdot119909+Eq(1Proj) sdot119909+Eq(0Proj) sdotEq(1Proj) = 0and we have necessarily Eq(0Proj) sdot Eq(1Proj) = 0
To prove Step (b) it is sufficient to substitute the expres-sion for 119909 from (21) into (18) and to use (20) as follows
Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909
= Eq (0Proj) sdot (Eq (0Proj) + 119901 sdot Eq(1Proj))
+ Eq (1Proj) sdot (Eq (0Proj) + 119901 sdot Eq(1Proj))
= Eq (0Proj) sdot Eq (0Proj) sdot (119901 sdot Eq (1Proj))
+ Eq (0Proj) sdot Eq (1Proj)
+ 119901 sdot Eq (1Proj) sdot Eq (1Proj)
= 0 + 0 + 0 = 0
(23)
To prove Step (c) it is sufficient to find one element 119901 of119865119899(119861) for each solution for 119909 of (18) Let us consider 119901 defined
by ldquo119901 = Eq(0Proj) sdot Eq(1Proj) sdot 119909rdquo where 119909 is a solution to(18) Then we have
Eq (0Proj) sdot Eq (1Proj) = 0Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909 = 0119901 = Eq(0Proj) sdot Eq(1Proj) sdot 119909
997904rArr 119909 = Eq (0Proj) + 119901 sdot Eq(1Proj)
(24)
as
119909 = 1 sdot 119909 = (Eq (0Proj) + Eq (1Proj)
+Eq (0Proj) sdot Eq (1Proj)) sdot 119909
= Eq (0Proj) sdot 119909 + Eq (1Proj) sdot 119909
+ Eq (0Proj) sdot Eq (1Proj) sdot 119909
= Eq (0Proj) sdot 119909 + 0 + Eq (1Proj)
sdot (Eq (0Proj) sdot Eq (1Proj) sdot 119909)
as Eq (1Proj) sdot 119909 = 0
Mathematical Problems in Engineering 7
= Eq (0Proj) sdot 119909 + Eq (0Proj) sdot 119909
+ Eq (1Proj) sdot 119901 as Eq (0Proj) sdot 119909 = 0
= Eq (0Proj) sdot (119909 + 119909) + 119901 sdot Eq (1Proj)
= Eq (0Proj) + 119901 sdot Eq (1Proj)(25)
To prove Step (d) it is sufficient to rewrite (21) in the twoother forms by using (20) as follows
119909 = 1 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= (Eq (1Proj) + Eq (1Proj)) sdot Eq (0Proj)
+ 119901 sdot Eq (1Proj)
= Eq (0Proj) sdot Eq (1Proj) + (Eq (0Proj) + 119901)
sdot Eq(1Proj)
= 0 + Eq(1Proj) sdot (Eq (0Proj) + 119901)
= Eq (1Proj) sdot (Eq (0Proj) + 119901)
119909 = 1 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= (119901 + 119901) sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= 119901 sdot Eq (0Proj) + 119901 sdot (Eq (0Proj) + Eq (1Proj))
= 119901 sdot Eq (0Proj)
+ 119901 sdot (Eq (0Proj) sdot Eq (1Proj) + Eq (1Proj))
= 119901 sdot Eq (0Proj) + 119901 sdot (0 + Eq (1Proj))
= 119901 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)(26)
433 Solution of 119896-Unknown Equations over 119865119899(119861) The
global result presented in the following theorem can be foundin [14] or [15] However in these works the solution is notexpressed with a parametric form but with intervals onlyThe formulation presented in this paper is more adaptedto symbolic computation and is mandatory for practiceoptimization
A 119896-unknown equation can be solved by solving suc-cessively 119896 single-unknown equations If we consider the 119896-unknown equation as a single-unknown equation of 119909
119896 its
consistence condition corresponds to a (119896 minus 1)-unknownequationThe process can be iterated until 119909
1 After substitut-
ing 119878(1199091) for 119909
1in the last equation it is possible to find the
solution for 1199092 Then it is sufficient to apply this procedure
again (119896 minus 2) times to obtain successively the solutions 119878(1199093)
to 119878(119909119896)
Theorem 12 (solution of a 119896-unknown equation) TheBoolean equation over 119865
119899(119861)
1198641199020(119883119896 119875119903119900119895) = 0 (27)
is consistent (ie has at least one solution) if and only if thefollowing condition is satisfied
prod
119860119896isin01119896
1198641199020(119860119896 119875119903119900119895) = 0 (28)
If (28) is satisfied (27) admits one or more 119896-tuple solutions(119878(1199091) 119878(119909
119896)) such each component 119878(119909
119894) is defined by
119878 (119909119894) = prod
119860119896minus119894isin01119896minus119894
119864119902119894minus1
(0 119860119896minus119894 119875119903119900119895)
+ 119901119894sdot prod
119860119896minus119894isin01119896minus119894
119864119902119894minus1
(1 119860119896minus119894 119875119903119900119895)
(29)
with
(i) 119864119902119894(119909119894+1 119909
119896 119875119903119900119895) = 119864119902
119894minus1(119909119894 119909119894+1 119909
119896
119875119903119900119895)|119909119894larr119878(119909119894)
(ii) 119901119894is an arbitrary parameter that is a freely-chosen
member of 119865119899(119861)
The full demonstration of this theorem cannot be givenin this paper because of lack of space (a full demonstration bymathematical induction can be found in [8]) A description ofthe different steps of the proof and the detail of the principalsteps are given below
Proof (elements of Proof) Equation (27) can be solved byapplying Theorems 3 and 11 119896 times according to theunknowns 119909
119896to 1199091as follows
According toTheorem 3 (27) is equivalent to
Eq0(119883119896minus1
0Proj) sdot 119909119896+ Eq0(119883119896minus1
1Proj) sdot 119909119896= 0 (30)
According to Theorem 11 (30) admits solutions in 119909119896if and
only if
Eq0(119883119896minus1
0Proj) sdot Eq0(119883119896minus1
1Proj) = 0 (31)
Equation (31) is an equationwith (119896minus1)unknowns Each termof (31) can be expanded according to 119909
119896minus1and (31) can be
written in the form
(Eq0(119883119896minus2
0 0Proj) sdot Eq0(119883119896minus2
0 1Proj)) sdot 119909119896minus1
+ (Eq0(119883119896minus2
1 0Proj) sdot Eq0(119883119896minus2
1 1Proj)) sdot 119909119896minus1
= 0
(32)
According toTheorem 11 (32) admits solutions in 119909119896minus1
if andonly if
prod
1198602isin012
Eq0(119883119896minus2
1198602Proj) = 0 (33)
8 Mathematical Problems in Engineering
Equation (33) is an equation with (119896 minus 2) unknowns Eachterm of (33) can be expanded according to 119909
119896minus2and (33) can
be written in the form
( prod
1198602isin012
Eq0(119883119896minus3
0 1198602Proj)) sdot 119909
119896minus2
+ ( prod
1198602isin012
Eq0(119883119896minus3
1 1198602Proj)) sdot 119909
119896minus2= 0
(34)
In the end we obtain an equation of only one unknown1199091defined by
( prod
119860119896minus1isin01119896minus1
Eq0(0 119860119896minus1
Proj)) sdot 1199091
+ ( prod
119860119896minus1isin01119896minus1
Eq0(1 119860119896minus1
Proj)) sdot 1199091= 0
(35)
According to Theorem 11 (35) admits solutions if andonly if
prod
119860119896isin01119896
Eq0(119860119896Proj) = 0 (36)
When (36) is satisfied the 119896 equations for 1199091to 119909119896
admit solutions Equation (27) is then coherent and admitssolutions
When (36) is satisfied solutions of (35) for 1199091are
119878 (1199091) = prod
119860119896minus1isin01119896minus1
Eq0(0 119860119896minus1
Proj)
+ 1199011sdot prod
119860119896minus1isin01119896minus1
Eq0(1 119860119896minus1
Proj)(37)
After substituting 119878(1199091) for 119909
1into (27) we obtain a new
equation Eq1(1199092 119909
119896Proj) = 0 involving the (119896 minus 1)
unknowns (1199092 119909
119896) where
Eq1(1199092 119909
119896Proj) = Eq
0(1199091 1199092 119909
119896Proj) |
1199091larr119878(1199091)
(38)
By applying the previous procedure we can obtain 119878(1199092)
and Eq2(1199093 119909
119896Proj)Then it suffices to apply this proce-
dure again (119896minus2) times to obtain successively solutions 119878(1199093)
to 119878(119909119896)
It is important to note that the order in which unknownsare treated affects only the parametric form of the 119896-tuplesolutionThis is due to the fact that the same 119896-tuple solutioncan be represented with several distinct parametric forms
434 Partial Conclusions Thanks to theorems presentedabove it is possible to obtain a parametric representationof all the solutions of any set of simultaneously assertedrelations with 119896 unknowns if a solution exists In practicedue to the complexity of systems to be designed proposedset of simultaneously asserted relations is generally incon-sistent [23] To simplify the work of the designer we haveproved complementary theorems to improve the robustnessof our method to the lack of precision of the specifications(Section 44)
When several solutions exist the comparison of solutionsaccording to a given criterion can be envisaged since theBoolean algebra 119865
119899(119861) is equipped with a partial order To
simplify the work of the designer too we have developed amethod to calculate the best solutions according to one orseveral criteria (Section 45)
44Theorems toCopewith Inconsistencies of Specifications Inpractice it is very difficult for a designer to specify the wholerequirements of a complex system without inconsistencies Itis the reasonwhy requirements given by the designer are oftendeclared as inconsistent according to Theorem 12 Since theinconsistency condition is a Boolean formula it is possible touse it for the detection of the origin of inconsistencies Twocases have to be considered as follows
(i) Several requirements cannot be simultaneouslyrespected In this case a hierarchy between require-ments can be proposed in order to find a solutionThe requirements which have the lower priority haveto be corrected for becoming consistent with therequirements which have the higher priority Thisstrategy is based onTheorem 14
(ii) Thedetected inconsistency refers to specific combina-tions of projection-functions for which the designerknows that they are impossible blocking the synthesisprocess it is necessary to introduce new assumptionsand to use Theorem 13
Theorem 13 (solution of a Boolean equation according to anassumption among the projection-functions) The followingproblem
Equationtosolve
1198641199020(119883119896 119875119903119900119895) = 0
Assumptions
A (119875119903119900119895) = 0
(39)
admits the same solutions as the following equation
1198641199020(119883119896 119875119903119900119895) le A (119875119903119900119895) (40)
Mathematical Problems in Engineering 9
Proof According to A(Proj) = 0 Eq0(119883119896Proj) = 0 can be
rewritten as
Eq0(119883119896Proj) = 0
A (Proj) = 0
lArrrArr A (Proj) + Eq0(119883119896Proj) = 0
lArrrArr A (Proj) +A (Proj) sdot Eq0(119883119896Proj) = 0
lArrrArr A(Proj) sdot Eq
0(119883119896Proj) = 0
A (Proj) = 0
lArrrArr Eq0(119883119896Proj) le A (Proj)
A (Proj) = 0
(41)
EquationA(Proj) sdot Eq0(119883119896Proj) = 0 is consistent if and
only if the following condition is true (Theorem 12)
A (Proj) sdot prod
119860119896isin01119896
Eq0(119860119896Proj) = 0 (42)
By construction this new condition is the subset of theinitial condition (prod
119860119896isin01119896Eq0(119860119896Proj) = 0) for which the
proposed assumption is satisfied All the other terms havebeen removed
If (42) is satisfied (40) admits one or more 119896-tuplesolutions where each component 119878(119909
119894) is defined by
119878 (119909119894) = A(Proj)
sdot ( prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(0 119860119896minus119894Proj)
+ 119901119894sdot prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(1 119860119896minus119894Proj))
+A (Proj) sdot 119901119894
(43)
AsA(Proj) = 0 119878(119909119894) can also be expressed as
119878 (119909119894) = prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(0 119860119896minus119894Proj) + 119901
119894
sdot prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(1 119860119896minus119894Proj)
(44)
When A(Proj) = 0 is satisfied the solutions of (40) are alsosolution to Eq
0(119883119896Proj) = 0
Theorem 14 (Solution of a Boolean equation system accord-ing to a priority rule between requirements) The followingproblem
119864119902119906119886119905119894119900119899119904119904119910119904119905119890119898119905119900solve
119867119877 FH (119883119896 119875119903119900119895) = 0
119871119877 FL (119883119896 119875119903119900119895) = 0
119874119877 FO (119883119896 119875119903119900119895) = 0
119875119903119894119900119903119894119905119910119903119906119897119890119887119890119905119908119890119890119899requirements
119867119877 ≫ 119871119877
(45)
where
(i) FH(119883119896 119875119903119900119895) = 0 is the formal expression of therequirements which have the higher priority (HR)
(ii) FL(119883119896 119875119903119900119895) = 0 is the formal expression of therequirements which have the lower priority (LR)
(iii) FO(119883119896 119875119903119900119895) = 0 is the formal expression of the othersrequirements (OR)
(iv) 119867119877 ≫ 119871119877 is the priority rule between inconsistentrequirements
admits the same solutions as the system of equations as follows
FH (119883119896 119875119903119900119895) = 0
FL (119883119896 119875119903119900119895) le I (119875119903119900119895)
FO (119883119896 119875119903119900119895) = 0
(46)
whereI(119875119903119900119895) is the inconsistency condition between require-ments ldquoHRrdquo and ldquoLRrdquo
I (119875119903119900119895) = prod
119860119896isin01119896
(FH (119860119896 119875119903119900119895) +FL (119860
119896 119875119903119900119895))
(47)
Proof Thanks to Theorem 12 the inconsistency conditionI(Proj) between requirements ldquoHRrdquo and ldquoLRrdquo can be foundby solving equation FH(119883119896Proj) + FL(119883119896Proj) = 0 Wehave
I (Proj) = prod
119860119896isin01119896
(FH (119860119896Proj) +FL (119860
119896Proj))
(48)
To remove the inconsistency between requirements ldquoHRrdquo andldquoLRrdquo according to the priority rule ldquoHR≫ LRrdquo it is necessaryto restrict the range of requirement ldquoLRrdquo to the part for whichthere is no inconsistency that is I(Proj) = 0 That is thecase whenFL(119883119896Proj) = 0 is replaced byFL(119883119896Proj) leI (Proj)
Thanks to Theorem 12 (49) admits always one or more119896-tuple solutions and it is impossible to find a less restrictivecondition over requirement ldquoLRrdquo
FH (119883119896Proj) = 0
FL (119883119896Proj) le I (Proj)
(49)
10 Mathematical Problems in Engineering
45 Optimal Solutions of Boolean Equations over 119865119899(119861) The
goal of this step is to be able to obtain automatically theparametric form of the 119896-tuples solutions of 119865
119899(119861) which
satisfy not only a given equation (Eq(119883119896Proj) = 0) of
Boolean functions but also which maximize (or minimize) aBoolean formula of these Boolean functions (F
119862(119883119896Proj))
corresponding to the desired optimization criterionGenerally speaking the search of the best solution tuples
according to a given criterion when the space of solutions iscomposed of discrete values is a complex mathematical issueIt is sometimes necessary to make a side-by-side comparisonof each solution in order to identify the best one In our casethis exhaustive method which cannot be used as 119865
119899(119861) is only
provided by a partial order two particular solutions cannotalways be ordered between themselves
Nevertheless it is possible to obtain the researchedparametric form of the 119896-tuples thanks to the followingresults
(i) When an equation between Boolean functions hasone or more solution tuples in 119865
119899(119861) every Boolean
formula onto these Boolean functions can be rewrit-ten thanks to only projection-functions of 119865
119899(119861) and
free parameters of 119865119899(119861) which are describing these
solution tuples(ii) Every Boolean formula expressed as a composition
of projection-functions of 119865119899(119861) and free parameters
of 119865119899(119861) has a unique maximum and a unique
minimumThese extrema can be expressed thanks toonly projection-functions of 119865
119899(119861)
Hence it is then possible to rewrite the initial problem
Problem to solve
Eq (119883119896Proj) = 0
Optimization Criterion
Maximization of FC (119883119896Proj)
(50)
into a 2-equation system to solve
Eq (119883119896Proj) = 0
F119862(119883119896Proj) = Max
119883119896|Eq(119883119896 Proj)=0(F119862(119883119896Proj)) (51)
451 Extrema of a Boolean Formula according to FreelyChosen Members of 119865
119899(119861) Considering the Boolean algebra
of 119899-variable switching functions (119865119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861)
(ii) let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector
Any formula F(119875119896Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) defines a subset of 119865
119899(119861) According to
the relation le elements of this subset can be compared
In this specific case the subset defined byF(119875119896Proj) admits
a minimal element and a maximal element
Theorem 15 (minimum and maximum of a Boolean for-mula) Any formulaF(119875
119896 Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) admits a minimum and amaximum defined
as follows
Min119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = prod
119860119896isin01119896
F (119860119896 Proj)
Max119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = sum
119860119896isin01119896
F (119860119896 Proj)
(52)
Proof To prove this theorem it is necessary to establish that
(1) prod119860119896isin01
119896F(119860119896Proj) is a lower bound of F(119875
119896
Proj)(2) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = prod
119860119896isin01119896F(119860
119896Proj)
(3) sum119860119896isin01
119896F(119860119896Proj) is an upper bound of F(119875
119896
Proj)(4) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = sum
119860119896isin01119896F(119860
119896Proj)
Details of this proof can be found in [24]
452 Optimization Problem Considering the Boolean alge-bra of 119899-variable switching functions (119865
119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861) Let ldquoProjrdquo be the corresponding vector
(ii) Let (1199091 119909
119896) be 119896 elements of 119865
119899(119861) considered as
unknowns Let ldquo119883119896rdquo be the corresponding vector
(iii) Let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector(iv) Let Eq(119883
119896Proj) = 0 be the Boolean equation to solve
(v) LetFC(119883119896Proj) be the Boolean formula of the givencriterion to optimize (maximization or minimiza-tion)
Themethod we propose to obtain the parametric form ofthe 119896-tuple of switching functions solution of Eq(119883
119896Proj) =
0 according to a given optimization criterionFC(119883119896Proj) iscomposed of five steps as follows
(i) The first step is to establish the parametric form of the119896-tuple solution to Eq(119883
119896Proj) = 0 only thanks to
Theorem 12(ii) The second step is to establish the parametric form
of the given optimization criterion FC(119883119896Proj) bysubstituting 119878(119909
119894) for 119909
119894 Let FSC(119875119896Proj) be the
result of this substitution(iii) The third step is to calculate the extremum
of FSC(119875119896Proj) according to Theorem 15 LetFEC(Proj) be the Boolean formula of this extremum
Mathematical Problems in Engineering 11
Pump1
Pump2
To the distributing system
Tank
Figure 4 Structure of the water supply system
(iv) The fourth step is to replace the given criterion by theequivalent relation
F119862(119883119896Proj) = FEC (Proj) (53)
(v) The fifth step is to establish the parametric form of the119896-tuple solution of the equivalent problem
Eq (119883119896Proj) = 0
FCrit (119883119896Proj) = FExtCrit (Proj) (54)
453 Partial Conclusions Thanks to theorems presentedin this section it is now possible to obtain a parametricrepresentation of the optimal solutions according to a givencriterion of any set of simultaneously asserted relations with119896 unknowns if a solution exists
The proposed method also permits to associate simulta-neously or sequentially several criteria
(i) When several criteria are treated simultaneously theoptimization problem can admit no solution That isthe case when the given criteria are antagonist
(ii) When several criteria are treated sequentially theobtained solutions satisfy the criteria with a givenpriority order An example of optimization withseveral criteria treated sequentially is presented in thenext section
5 Algebraic Synthesis of LogicalControllers with Optimization Criteriaand Incoherent Requirements
51 Control System Specifications The studied system is thecontroller of a water supply system composed of two pumpswhich are working in redundancy (Figure 4) The waterdistribution is made when it is necessary according to thepossible failures of elements (the pumps and the distributingsystem)
The expected behavior of the control system regardingthe application requirements can be expressed by the set ofassertions given hereafter
(i) The two pumps never operate simultaneously(ii) A pump cannot operate if it is out of order
(iii) When a global failure is detected no pump canoperate
(iv) Pumps can operate if and only if a water distributionrequest is present
(v) Priority is given according to ldquoprrdquo (pump1 has prioritywhen ldquoprrdquo is true)
(vi) In order to reduce the wear of the pumps it isnecessary to restrict the number of starting of thepumps
511 Inputs and Outputs of the Controller The Booleaninputs and outputs of this controller are given in Figure 5(a)Each pump is controlled thanks to a Boolean output (ldquop1rdquoand ldquop2rdquo) The controller is informed of water distributionrequests thanks to the input ldquoreqrdquo Inputs ldquof1rdquo and ldquof2rdquo informthe controller of a failure of the corresponding pump and ldquogf rdquoindicates a global failure of the installation The values o or 1of input ldquoPrrdquo decide which pump has priority
512 Control Laws to Synthetize Our approach does notallow identifying automatically which state variables mustbe used They are given by the designer according to itsinterpretation of the specification
For the water distribution system we propose to use 2state variables one for each output According to this choice2 7-variable switching functions (1198751 and 1198752) have to besynthesized (Figure 5(b)) They represent the unknowns ofour problem For this case study the 7 projection-functionsof 1198657(119861) are therefore as follows
(i) The 5 switching functions (Rq F1 F2 GF and Pr)which characterize the behavior of the inputs of thecontroller and are defined as follows
Rq1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr rq [119896] (55)
(ii) The 2 switching functions (1199011198751 and
1199011198752) which char-
acterize the previous behavior of the state variables ofthe controller and are defined as follows
1199011198751 1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr p1 [119896 minus 1] (56)
52 Algebraic Formalization of Requirements The completeformalization of the behavior of the water distribution systemis given in Figure 5(c) In order to illustrate the powerof expression of relations Equality and Inclusion severalexamples (generic assertions and equivalent formal relationsillustrated in the case study) are given hereafter It is impor-tant to note that the relation Inclusion permits to expressdistinctly necessary conditions and sufficient conditionsThisrelation is the cornerstone of our approach
(i) Pump1 and Pump2 never operate simultaneously1198751sdot1198752 = 0
(ii) If Pump1 operates Pump2 cannot operate 1198751 le 1198752
12 Mathematical Problems in Engineering
(a) Inputs and Outputs of the Controller
Control ofthe water
distributionsystem
(Request of water) rq(Pump1 failure) f1(Pump2 failure) f2(Global failure) gf
(Priority to Pump1) pr
p1 (Command of Pump1)
p2 (Command of Pump2)
(b) General form of the Expected Control Laws
p1 [119896] = P1 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p2 [119896] = P2 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
(c) Formal Specification
Requirements
R1 P1 sdot P2 = 0 (lowastThe two pumps never operate simultaneouslylowast)R2 F1 le P1 (lowastPump 1 cannot operate if it is out of order (F1)lowast)R3 F2 le P2 (lowastPump2 cannot operate if it is out of order (F2)lowast)R4 GF le (P1 sdot P2) (lowastWhen a global failure is detected (GF) no pump can operatelowast)R5 (P1 + P2) le Rq (lowastIt is necessary to have are quest for pumps operatelowast)R6 Rq le (P1 + P2) (lowastIt is sufficient to have a request for pumps operatelowast)
Priority rules
R4 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)R2R3 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)
Optimization criteria
(1) Minimization of ((P1 sdot1199011198751) + (P2 sdot
1199011198752)) (lowastMinimization of the possibility to start a pumplowast)
(2) Maximization of ((Pr sdot P1) + (Pr sdot P2)) (lowastMaximization of the priority order between the two pumpslowast)
(d) Solution obtained by symbolic calculation
P1 = Rq sdot GF sdot F1 sdot (F2 + Pr sdot (1199011198751+1199011198752) +
119901P 1 sdot1199011198752)
P2 = Rq sdot GF sdot F2 sdot (F1 + Pr sdot (1199011198752+1199011198751) +
119901P 2 sdot1199011198751)
(e) Control laws of the water distribution system
p1 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f2 [119896] or pr [119896] and (p1 [119896 minus 1] or notp2 [119896 minus 1]) or p1 [119896 minus 1] and notp2 [119896 minus 1])
p2 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f1 [119896] or pr [119896] and (p2 [119896 minus 1] or notp1 [119896 minus 1]) or p2 [119896 minus 1] and notp1 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
Figure 5 Details of the case study
Mathematical Problems in Engineering 13
(iii) It is necessary to have a request for pumps operate(1198751 + 1198752) le Rq
(iv) It is sufficient to have a request for pumps operateRq le (1198751 + 1198752)
(v) When Pump1 is failed it is sufficient to have a requestfor Pump2 operate F1 sdot Rq le 1198752
(vi) When Pump1 is failed it is necessary to have a requestfor Pump2 operate F1 sdot 1198752 le Rq
It is possible to prove that some of these formal expres-sions are equivalent (eg the first two) When a designerhesitates between two forms he has the possibility by usingsymbolic calculation to check if the proposed relations areequivalent or not
As 1198751 and1199011198751 represent the behavior of pump1 at
respectively times [119896] and [119896minus1] it is also possible to expressrelations about starts and stops of this pump as follows
(i) It is necessary to have a request to start pump1 (1198751 sdot1199011198751) le Rq
(ii) When pump1 operates it is sufficient to have a globalfailure to stop pump1 (
1199011198751 sdot GF) le (1198751 sdot
1199011198751)
53 Synthesis Process In traditional design methods thedesign procedure of a logic controller is not a linear processbut an iterative one converging to an acceptable solution Atthe beginning of the design requirements are neither com-plete nor without errors Most often new requirements areadded during the search of solutions and others are cor-rected This complementary information is given by thedesigner after analysis of the partial solutions he foundor when inconsistencies have been detected If we do notmake the hypothesis that the specifications are complete andconsistent designing a controller with a synthesis techniqueis also an iterative process in which the designer plays animportant role
531 Analysis of Requirements For this case study we chooseto start with requirements R1 to R6 For this subset ofrequirements the result given by your software tool was thefollowing inconsistency conditionI = Rq sdotGF+Rq sdotF1 sdotF2
Since requirements are declared inconsistent we have togive complementary information to precise our specificationBy analyzing each term of this formula it is possible to detectthe origin of the inconsistency
(i) Rq sdot GF what happens if we have simultaneouslya request and a global failure We consider thatrequirement R4 is more important than requirementR6 (R4 ≫ R6) as no pump can operate for thisconfiguration
(ii) Rq sdot F1 sdot F2 what happens if we have simultaneouslya request and a failure of each pump We considerthat requirements R2 and R3 aremore important thanrequirement R6 (R2R3 ≫ R6)
With these priority rules all the requirements are nowcoherent and the set of all the solutions can be computed
532 Optimal Solutions For choosing a control law of thewater supply system among this set of possible solutions wewill now take into account the given optimization criteriaThe first criterion aims at minimizing the number of startingof each pump in order to reduce its wearThe second criterionaims atmaximizing the use of the pump indicated by the valueof parameter Pr The method we propose allows proving thatproposed criteria cannot be treated simultaneously since theyare antagonist (to strictly the priority use of the pump fixedby parameter Pr it is necessary to permute pumps when Prchanges of value implying a supplementary start of a pump)Details can be found in [25]
All the priorities rules and optimization criteria used forthis case study are given in Figure 5(c)The solutionwe obtainis proposed in Figure 5(d)
533 Implementing Control Laws The synthesized controllaws presented in Figure 5(e) have been obtained by trans-lating the expression of the two unknowns according tothe projection-functions into relations between recurrentBoolean equations These control laws can be automaticallytranslated in the syntax of the ladder diagram language [1]before being implemented into a PLCThe code is composedof only 4 rungs (Figure 6)
The synthesized control laws can be given under theform of an automatically built inputoutput automaton withguarded transitions [21] (Figure 7)
6 Discussion
In our approach the synthesis of control laws is based onthe symbolic calculation a prototype software tool has beendeveloped to avoid tedious calculus and to aid the designerduring the different steps of the synthesis This tool (thatcan be obtained on request by the authors) performs all thecomputations required for inconsistencies detection betweenrequirements and for control laws generation In this toolall the Boolean formulas are stored in the form of reducedordered binary decision diagrams which allows efficientcalculations For example the computations for synthesizinga controller for the water supply system that we developedabove have been made in less than 10ms onto a classicallaptop
Our approach has been tested on several studies cases(some of them are available online httpwwwlurpaens-cachanfr-226050kjsp) The feedbacks of these experiencesallowed us to identify some of its limits and its possibilitiesthe most important are given below
We have first to recall that our method can only be usedfor binary systems (systems whose inputs and outputs of theircontroller are Boolean values)Nevertheless in practicemanysystems like manufacturing systems transport systems andso on are fully or partially binary
In our opinion the main advantage of our approachis that contrary to traditional engineering approaches thesynthesized control laws are not depending on designerrsquos skillor of his correct interpretation of the system requirementsOn the other hand the quality of the synthesis results highly
14 Mathematical Problems in Engineering
|+--| |-------------------------------( )--+| |
|
|+--| |-------------------------------( )--+| |
|
Rung 1 command of pump 1
rq gf p1
rq gf p2f1
f1
f2
f2
pr
pr
pp1
pp1
pp1
pp1
pp2
pp2
pp2
pp2
Rung 2 command of pump 2
Rung 3 update previous value of pump 1
Rung 4 update previous value of pump 2
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|
|
|
|
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
p1
p2
pp1
pp2
Figure 6 Ladder diagram of the code to implement into the PLC
Table 1 Futures concerning a same case study
Formal requirements Synthesized controller PLC program (structured text)
Supervisory Control TheoryPlant behavior 11 finite automata(481 states and 1330 transitions)Specifications 11 finite automata
Finite automaton of 45states and 70 transitions 130 lines
Algebraic synthesis 8 equations and 2 priority rules 2 6-variable switchingfunctions 4 lines
E0-1 = rq and notgf and notf1and (f2 or pr)E0-2 = rq and notgf and notf2 and (f1or notpr)
E1-0 = notrq or gf or f1 and f2
E2-0 = notrq or gf or f1 and f2E2-1 = rq and notgf and f2 and notf1E2-1 = rq and notgf and f2 and notf1
E2-0 E0-2
E0-1
E1-0
E 2-1
E 1-2
0 1
2
p1
p2
E1-2 = rq and notgf and f1 and notf2Figure 7 State model of the obtained control law
depends on the relevance of the requirements proposed bythe designerThis step of formalization by the designer of theinformal requirements of the system to be controlled is theAchilles heel of all synthesis methods including the Supervi-sory Control Theory (SCT) and cannot be automated
The objective comparison of our approach with othersynthesis methods and more especially with SCT is verydifficult because the models used and the theoretical basicsare very different Nevertheless we tested both approaches onsame study cases One of them the control of an automaticparking gate has been published in [26]The results obtainedin this case are summarized in Table 1
Furthermore one may note that the supervisor thatis synthesized by SCT is optimal in the sense where it
is the most permissive that is the one that reduces theless the plant behavior in order to force it to respect thespecifications As shown in this paper our method allowsto cope with inconsistencies in specifications what is notpossible with SCT and also allows to find optimal controllersby choosing different optimization criteria (most permissivemost restrictive most safe controller etc)
7 Conclusion
Many research works in the field of DES aim at formalizingsteps of the systems life cycle Since 20 years significantprogresses have been obtained for the synthesis verificationperformance evaluation and diagnosis of DESs Neverthe-less one of the common difficulties of these works is thetranslation of informal expression of the knowledge of asystem into formal requirements Few works have paidattention to this important task which is very error prone Inthis paper we proposed an iterative process that allows copingwith inconsistencies of the requirements during the synthesisof the controller The framework in which we proposed thisapproach is an algebraic synthesis method Since the problemis located in the frontier between formal and informalintervention of the designer is necessary Nevertheless wehave shown that this intervention can be guided by the resultsof the formal method provides
Mathematical Problems in Engineering 15
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] International Electrotechnical Commission IEC 61131-3 IEC61131-3 Standard Programmable Controllers-Part 3 Program-ming Languages International Electrotechnical Commission2nd edition 2003
[2] G Frey and L Litz ldquoFormal methods in PLC programmingrdquoin Proceedings of the IEEE International Conference on SystemsMan and Cybernetics vol 4 pp 2431ndash2436 October 2000
[3] B Berard M Bidoit A Finkel et al Systems and Software Ver-ification Model-Checking Techniques and Tools Springer NewYork NY USA 1st edition 1999
[4] H Bel Mokadem B Berard V Gourcuff O De Smet andJ Roussel ldquoVerification of a timed multitask system withUPPAALrdquo IEEE Transactions on Automation Science and Engi-neering vol 7 no 4 pp 921ndash932 2010
[5] J L Boulanger Ed Industrial Use of Formal Methods FormalVerification (ISTE) Wiley-ISTE New York NY USA 2012
[6] P J G Ramadge andWMWonham ldquoControl of discrete eventsystemsrdquo Proceedings of the IEEE vol 77 no 1 pp 81ndash98 1989
[7] P Gohari and W M Wonham ldquoOn the complexity of supervi-sory control design in the RW frameworkrdquo IEEE Transactionson Systems Man and Cybernetics B vol 30 no 5 pp 643ndash6522000
[8] Y Hietter Synthese algebrique de lois de commande pour lessystemes a evenements discrets logiques [PhD thesis] ENSCachan Cachan France 2009
[9] H-M Hanisch A Lueder and J Thieme ldquoModular plantmodeling technique and related controller synthesis problemsrdquoin Proceedings of the 1998 IEEE International Conference onSystems Man and Cybernetics pp 686ndash691 October 1998
[10] J-M Roussel and A Giua ldquoDesigning dependable logic con-trollers using the supervisory control theoryrdquo in Proceedings ofthe 16th IFACWorld Congress cDRom paper 4427 p 6 PrahaCzech Republic 2005
[11] D A Huffman ldquoThe synthesis of sequential switching circuitsrdquoJournal of the Franklin Institute vol 257 no 3-4 pp 161ndash3031954
[12] G H Mealy ldquoA method for synthesizing sequential circuitsrdquoBell System Technical Journal vol 34 no 5 pp 1045ndash1079 1955
[13] E F Moore ldquoGedanken-experiments on sequential machinesrdquoin Automata Studies pp 129ndash153 Princeton University PressPrinceton NJ USA 1956
[14] S Rudeanu Lattice Functions and Equations (Discrete Mathe-matics and Theoretical Computer Science) Springer New YorkNY USA 2001
[15] FM Brown Boolean Reasoning the Logic of Boolean EquationsDover Mineola NY USA 2003
[16] A Pnueli andR Rosner ldquoOn the synthesis of a reactivemodulerdquoin Proceedings of the 16th ACM symposium on Principles ofprogramming languages (POPL rsquo89) pp 179ndash190 ACM NewYork NY USA 1989
[17] E Filiot N Jin and J Raskin ldquoAntichains and compositionalalgorithms for LTL synthesisrdquoFormalMethods in SystemDesignvol 39 no 3 pp 261ndash296 2011
[18] J Machado B Denis J J Lesage J M Faure and J FereiraldquoLogic controllers dependability verification using a plantmodelrdquo in Proceedings of the 3rd IFAC Workshop on Discrete-Event System Design (DESDes rsquo06) pp 37ndash42 Rydzyna Poland2006
[19] Y Hietter J-M Roussel and J-L Lesage ldquoAlgebraic synthesisof transition conditions of a state modelrdquo in Proceedings of the9th International Workshop on Discrete Event Systems (WODESrsquo08) pp 187ndash192 Goteborg Sweden May 2008
[20] Y Hietter J-M Roussel and J J Lesage ldquoAlgebraic synthesis ofdependable logic controllersrdquo in Proceedings of the 17th WorldCongress International Federation of Automatic Control (IFACrsquo08) pp 4132ndash4137 Seoul South Korea July 2008
[21] A Guignard Symbolic generation of the automaton representingan algebraic description of a logic system [MS thesis] ENSCachan Cachan France 2011
[22] R P Grimaldi Discrete and Combinatorial Mathematics AnApplied Introduction Addison-Wesley Longman Boston MassUSA 5th edition 2004
[23] J-M Roussel and J-J Lesage ldquoAlgebraic synthesis of logicalcontrollers despite inconsistencies in specificationsrdquo in Proceed-ing of the 11th International Workshop on Discrete Event Systems(WODES rsquo12) pp 307ndash314 Guadalajara Mexico 2012
[24] H Leroux Algebraic Synthesis of Logical Controllers with Opti-mization Criteria ENS Cachan Cachan France 2011
[25] H Leroux and J -M Roussel ldquoAlgebraic synthesis of logicalcontrollers with optimization criteriardquo in Proceedings of the6th International Workshop on Verification and Evaluation ofComputer and Communication Systems (VECOS rsquo12) pp 103ndash114 Paris France 2012
[26] M Cantarelli and J Roussel ldquoReactive control system designusing the supervisory control theory evaluation of possibilitiesand limitsrdquo in Proceedings of 9th International Workshop onDiscrete Event Systems (WODES rsquo08) pp 200ndash205 GoteborgSweden May 2008
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Mathematical Problems in Engineering 7
= Eq (0Proj) sdot 119909 + Eq (0Proj) sdot 119909
+ Eq (1Proj) sdot 119901 as Eq (0Proj) sdot 119909 = 0
= Eq (0Proj) sdot (119909 + 119909) + 119901 sdot Eq (1Proj)
= Eq (0Proj) + 119901 sdot Eq (1Proj)(25)
To prove Step (d) it is sufficient to rewrite (21) in the twoother forms by using (20) as follows
119909 = 1 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= (Eq (1Proj) + Eq (1Proj)) sdot Eq (0Proj)
+ 119901 sdot Eq (1Proj)
= Eq (0Proj) sdot Eq (1Proj) + (Eq (0Proj) + 119901)
sdot Eq(1Proj)
= 0 + Eq(1Proj) sdot (Eq (0Proj) + 119901)
= Eq (1Proj) sdot (Eq (0Proj) + 119901)
119909 = 1 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= (119901 + 119901) sdot Eq (0Proj) + 119901 sdot Eq (1Proj)
= 119901 sdot Eq (0Proj) + 119901 sdot (Eq (0Proj) + Eq (1Proj))
= 119901 sdot Eq (0Proj)
+ 119901 sdot (Eq (0Proj) sdot Eq (1Proj) + Eq (1Proj))
= 119901 sdot Eq (0Proj) + 119901 sdot (0 + Eq (1Proj))
= 119901 sdot Eq (0Proj) + 119901 sdot Eq (1Proj)(26)
433 Solution of 119896-Unknown Equations over 119865119899(119861) The
global result presented in the following theorem can be foundin [14] or [15] However in these works the solution is notexpressed with a parametric form but with intervals onlyThe formulation presented in this paper is more adaptedto symbolic computation and is mandatory for practiceoptimization
A 119896-unknown equation can be solved by solving suc-cessively 119896 single-unknown equations If we consider the 119896-unknown equation as a single-unknown equation of 119909
119896 its
consistence condition corresponds to a (119896 minus 1)-unknownequationThe process can be iterated until 119909
1 After substitut-
ing 119878(1199091) for 119909
1in the last equation it is possible to find the
solution for 1199092 Then it is sufficient to apply this procedure
again (119896 minus 2) times to obtain successively the solutions 119878(1199093)
to 119878(119909119896)
Theorem 12 (solution of a 119896-unknown equation) TheBoolean equation over 119865
119899(119861)
1198641199020(119883119896 119875119903119900119895) = 0 (27)
is consistent (ie has at least one solution) if and only if thefollowing condition is satisfied
prod
119860119896isin01119896
1198641199020(119860119896 119875119903119900119895) = 0 (28)
If (28) is satisfied (27) admits one or more 119896-tuple solutions(119878(1199091) 119878(119909
119896)) such each component 119878(119909
119894) is defined by
119878 (119909119894) = prod
119860119896minus119894isin01119896minus119894
119864119902119894minus1
(0 119860119896minus119894 119875119903119900119895)
+ 119901119894sdot prod
119860119896minus119894isin01119896minus119894
119864119902119894minus1
(1 119860119896minus119894 119875119903119900119895)
(29)
with
(i) 119864119902119894(119909119894+1 119909
119896 119875119903119900119895) = 119864119902
119894minus1(119909119894 119909119894+1 119909
119896
119875119903119900119895)|119909119894larr119878(119909119894)
(ii) 119901119894is an arbitrary parameter that is a freely-chosen
member of 119865119899(119861)
The full demonstration of this theorem cannot be givenin this paper because of lack of space (a full demonstration bymathematical induction can be found in [8]) A description ofthe different steps of the proof and the detail of the principalsteps are given below
Proof (elements of Proof) Equation (27) can be solved byapplying Theorems 3 and 11 119896 times according to theunknowns 119909
119896to 1199091as follows
According toTheorem 3 (27) is equivalent to
Eq0(119883119896minus1
0Proj) sdot 119909119896+ Eq0(119883119896minus1
1Proj) sdot 119909119896= 0 (30)
According to Theorem 11 (30) admits solutions in 119909119896if and
only if
Eq0(119883119896minus1
0Proj) sdot Eq0(119883119896minus1
1Proj) = 0 (31)
Equation (31) is an equationwith (119896minus1)unknowns Each termof (31) can be expanded according to 119909
119896minus1and (31) can be
written in the form
(Eq0(119883119896minus2
0 0Proj) sdot Eq0(119883119896minus2
0 1Proj)) sdot 119909119896minus1
+ (Eq0(119883119896minus2
1 0Proj) sdot Eq0(119883119896minus2
1 1Proj)) sdot 119909119896minus1
= 0
(32)
According toTheorem 11 (32) admits solutions in 119909119896minus1
if andonly if
prod
1198602isin012
Eq0(119883119896minus2
1198602Proj) = 0 (33)
8 Mathematical Problems in Engineering
Equation (33) is an equation with (119896 minus 2) unknowns Eachterm of (33) can be expanded according to 119909
119896minus2and (33) can
be written in the form
( prod
1198602isin012
Eq0(119883119896minus3
0 1198602Proj)) sdot 119909
119896minus2
+ ( prod
1198602isin012
Eq0(119883119896minus3
1 1198602Proj)) sdot 119909
119896minus2= 0
(34)
In the end we obtain an equation of only one unknown1199091defined by
( prod
119860119896minus1isin01119896minus1
Eq0(0 119860119896minus1
Proj)) sdot 1199091
+ ( prod
119860119896minus1isin01119896minus1
Eq0(1 119860119896minus1
Proj)) sdot 1199091= 0
(35)
According to Theorem 11 (35) admits solutions if andonly if
prod
119860119896isin01119896
Eq0(119860119896Proj) = 0 (36)
When (36) is satisfied the 119896 equations for 1199091to 119909119896
admit solutions Equation (27) is then coherent and admitssolutions
When (36) is satisfied solutions of (35) for 1199091are
119878 (1199091) = prod
119860119896minus1isin01119896minus1
Eq0(0 119860119896minus1
Proj)
+ 1199011sdot prod
119860119896minus1isin01119896minus1
Eq0(1 119860119896minus1
Proj)(37)
After substituting 119878(1199091) for 119909
1into (27) we obtain a new
equation Eq1(1199092 119909
119896Proj) = 0 involving the (119896 minus 1)
unknowns (1199092 119909
119896) where
Eq1(1199092 119909
119896Proj) = Eq
0(1199091 1199092 119909
119896Proj) |
1199091larr119878(1199091)
(38)
By applying the previous procedure we can obtain 119878(1199092)
and Eq2(1199093 119909
119896Proj)Then it suffices to apply this proce-
dure again (119896minus2) times to obtain successively solutions 119878(1199093)
to 119878(119909119896)
It is important to note that the order in which unknownsare treated affects only the parametric form of the 119896-tuplesolutionThis is due to the fact that the same 119896-tuple solutioncan be represented with several distinct parametric forms
434 Partial Conclusions Thanks to theorems presentedabove it is possible to obtain a parametric representationof all the solutions of any set of simultaneously assertedrelations with 119896 unknowns if a solution exists In practicedue to the complexity of systems to be designed proposedset of simultaneously asserted relations is generally incon-sistent [23] To simplify the work of the designer we haveproved complementary theorems to improve the robustnessof our method to the lack of precision of the specifications(Section 44)
When several solutions exist the comparison of solutionsaccording to a given criterion can be envisaged since theBoolean algebra 119865
119899(119861) is equipped with a partial order To
simplify the work of the designer too we have developed amethod to calculate the best solutions according to one orseveral criteria (Section 45)
44Theorems toCopewith Inconsistencies of Specifications Inpractice it is very difficult for a designer to specify the wholerequirements of a complex system without inconsistencies Itis the reasonwhy requirements given by the designer are oftendeclared as inconsistent according to Theorem 12 Since theinconsistency condition is a Boolean formula it is possible touse it for the detection of the origin of inconsistencies Twocases have to be considered as follows
(i) Several requirements cannot be simultaneouslyrespected In this case a hierarchy between require-ments can be proposed in order to find a solutionThe requirements which have the lower priority haveto be corrected for becoming consistent with therequirements which have the higher priority Thisstrategy is based onTheorem 14
(ii) Thedetected inconsistency refers to specific combina-tions of projection-functions for which the designerknows that they are impossible blocking the synthesisprocess it is necessary to introduce new assumptionsand to use Theorem 13
Theorem 13 (solution of a Boolean equation according to anassumption among the projection-functions) The followingproblem
Equationtosolve
1198641199020(119883119896 119875119903119900119895) = 0
Assumptions
A (119875119903119900119895) = 0
(39)
admits the same solutions as the following equation
1198641199020(119883119896 119875119903119900119895) le A (119875119903119900119895) (40)
Mathematical Problems in Engineering 9
Proof According to A(Proj) = 0 Eq0(119883119896Proj) = 0 can be
rewritten as
Eq0(119883119896Proj) = 0
A (Proj) = 0
lArrrArr A (Proj) + Eq0(119883119896Proj) = 0
lArrrArr A (Proj) +A (Proj) sdot Eq0(119883119896Proj) = 0
lArrrArr A(Proj) sdot Eq
0(119883119896Proj) = 0
A (Proj) = 0
lArrrArr Eq0(119883119896Proj) le A (Proj)
A (Proj) = 0
(41)
EquationA(Proj) sdot Eq0(119883119896Proj) = 0 is consistent if and
only if the following condition is true (Theorem 12)
A (Proj) sdot prod
119860119896isin01119896
Eq0(119860119896Proj) = 0 (42)
By construction this new condition is the subset of theinitial condition (prod
119860119896isin01119896Eq0(119860119896Proj) = 0) for which the
proposed assumption is satisfied All the other terms havebeen removed
If (42) is satisfied (40) admits one or more 119896-tuplesolutions where each component 119878(119909
119894) is defined by
119878 (119909119894) = A(Proj)
sdot ( prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(0 119860119896minus119894Proj)
+ 119901119894sdot prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(1 119860119896minus119894Proj))
+A (Proj) sdot 119901119894
(43)
AsA(Proj) = 0 119878(119909119894) can also be expressed as
119878 (119909119894) = prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(0 119860119896minus119894Proj) + 119901
119894
sdot prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(1 119860119896minus119894Proj)
(44)
When A(Proj) = 0 is satisfied the solutions of (40) are alsosolution to Eq
0(119883119896Proj) = 0
Theorem 14 (Solution of a Boolean equation system accord-ing to a priority rule between requirements) The followingproblem
119864119902119906119886119905119894119900119899119904119904119910119904119905119890119898119905119900solve
119867119877 FH (119883119896 119875119903119900119895) = 0
119871119877 FL (119883119896 119875119903119900119895) = 0
119874119877 FO (119883119896 119875119903119900119895) = 0
119875119903119894119900119903119894119905119910119903119906119897119890119887119890119905119908119890119890119899requirements
119867119877 ≫ 119871119877
(45)
where
(i) FH(119883119896 119875119903119900119895) = 0 is the formal expression of therequirements which have the higher priority (HR)
(ii) FL(119883119896 119875119903119900119895) = 0 is the formal expression of therequirements which have the lower priority (LR)
(iii) FO(119883119896 119875119903119900119895) = 0 is the formal expression of the othersrequirements (OR)
(iv) 119867119877 ≫ 119871119877 is the priority rule between inconsistentrequirements
admits the same solutions as the system of equations as follows
FH (119883119896 119875119903119900119895) = 0
FL (119883119896 119875119903119900119895) le I (119875119903119900119895)
FO (119883119896 119875119903119900119895) = 0
(46)
whereI(119875119903119900119895) is the inconsistency condition between require-ments ldquoHRrdquo and ldquoLRrdquo
I (119875119903119900119895) = prod
119860119896isin01119896
(FH (119860119896 119875119903119900119895) +FL (119860
119896 119875119903119900119895))
(47)
Proof Thanks to Theorem 12 the inconsistency conditionI(Proj) between requirements ldquoHRrdquo and ldquoLRrdquo can be foundby solving equation FH(119883119896Proj) + FL(119883119896Proj) = 0 Wehave
I (Proj) = prod
119860119896isin01119896
(FH (119860119896Proj) +FL (119860
119896Proj))
(48)
To remove the inconsistency between requirements ldquoHRrdquo andldquoLRrdquo according to the priority rule ldquoHR≫ LRrdquo it is necessaryto restrict the range of requirement ldquoLRrdquo to the part for whichthere is no inconsistency that is I(Proj) = 0 That is thecase whenFL(119883119896Proj) = 0 is replaced byFL(119883119896Proj) leI (Proj)
Thanks to Theorem 12 (49) admits always one or more119896-tuple solutions and it is impossible to find a less restrictivecondition over requirement ldquoLRrdquo
FH (119883119896Proj) = 0
FL (119883119896Proj) le I (Proj)
(49)
10 Mathematical Problems in Engineering
45 Optimal Solutions of Boolean Equations over 119865119899(119861) The
goal of this step is to be able to obtain automatically theparametric form of the 119896-tuples solutions of 119865
119899(119861) which
satisfy not only a given equation (Eq(119883119896Proj) = 0) of
Boolean functions but also which maximize (or minimize) aBoolean formula of these Boolean functions (F
119862(119883119896Proj))
corresponding to the desired optimization criterionGenerally speaking the search of the best solution tuples
according to a given criterion when the space of solutions iscomposed of discrete values is a complex mathematical issueIt is sometimes necessary to make a side-by-side comparisonof each solution in order to identify the best one In our casethis exhaustive method which cannot be used as 119865
119899(119861) is only
provided by a partial order two particular solutions cannotalways be ordered between themselves
Nevertheless it is possible to obtain the researchedparametric form of the 119896-tuples thanks to the followingresults
(i) When an equation between Boolean functions hasone or more solution tuples in 119865
119899(119861) every Boolean
formula onto these Boolean functions can be rewrit-ten thanks to only projection-functions of 119865
119899(119861) and
free parameters of 119865119899(119861) which are describing these
solution tuples(ii) Every Boolean formula expressed as a composition
of projection-functions of 119865119899(119861) and free parameters
of 119865119899(119861) has a unique maximum and a unique
minimumThese extrema can be expressed thanks toonly projection-functions of 119865
119899(119861)
Hence it is then possible to rewrite the initial problem
Problem to solve
Eq (119883119896Proj) = 0
Optimization Criterion
Maximization of FC (119883119896Proj)
(50)
into a 2-equation system to solve
Eq (119883119896Proj) = 0
F119862(119883119896Proj) = Max
119883119896|Eq(119883119896 Proj)=0(F119862(119883119896Proj)) (51)
451 Extrema of a Boolean Formula according to FreelyChosen Members of 119865
119899(119861) Considering the Boolean algebra
of 119899-variable switching functions (119865119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861)
(ii) let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector
Any formula F(119875119896Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) defines a subset of 119865
119899(119861) According to
the relation le elements of this subset can be compared
In this specific case the subset defined byF(119875119896Proj) admits
a minimal element and a maximal element
Theorem 15 (minimum and maximum of a Boolean for-mula) Any formulaF(119875
119896 Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) admits a minimum and amaximum defined
as follows
Min119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = prod
119860119896isin01119896
F (119860119896 Proj)
Max119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = sum
119860119896isin01119896
F (119860119896 Proj)
(52)
Proof To prove this theorem it is necessary to establish that
(1) prod119860119896isin01
119896F(119860119896Proj) is a lower bound of F(119875
119896
Proj)(2) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = prod
119860119896isin01119896F(119860
119896Proj)
(3) sum119860119896isin01
119896F(119860119896Proj) is an upper bound of F(119875
119896
Proj)(4) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = sum
119860119896isin01119896F(119860
119896Proj)
Details of this proof can be found in [24]
452 Optimization Problem Considering the Boolean alge-bra of 119899-variable switching functions (119865
119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861) Let ldquoProjrdquo be the corresponding vector
(ii) Let (1199091 119909
119896) be 119896 elements of 119865
119899(119861) considered as
unknowns Let ldquo119883119896rdquo be the corresponding vector
(iii) Let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector(iv) Let Eq(119883
119896Proj) = 0 be the Boolean equation to solve
(v) LetFC(119883119896Proj) be the Boolean formula of the givencriterion to optimize (maximization or minimiza-tion)
Themethod we propose to obtain the parametric form ofthe 119896-tuple of switching functions solution of Eq(119883
119896Proj) =
0 according to a given optimization criterionFC(119883119896Proj) iscomposed of five steps as follows
(i) The first step is to establish the parametric form of the119896-tuple solution to Eq(119883
119896Proj) = 0 only thanks to
Theorem 12(ii) The second step is to establish the parametric form
of the given optimization criterion FC(119883119896Proj) bysubstituting 119878(119909
119894) for 119909
119894 Let FSC(119875119896Proj) be the
result of this substitution(iii) The third step is to calculate the extremum
of FSC(119875119896Proj) according to Theorem 15 LetFEC(Proj) be the Boolean formula of this extremum
Mathematical Problems in Engineering 11
Pump1
Pump2
To the distributing system
Tank
Figure 4 Structure of the water supply system
(iv) The fourth step is to replace the given criterion by theequivalent relation
F119862(119883119896Proj) = FEC (Proj) (53)
(v) The fifth step is to establish the parametric form of the119896-tuple solution of the equivalent problem
Eq (119883119896Proj) = 0
FCrit (119883119896Proj) = FExtCrit (Proj) (54)
453 Partial Conclusions Thanks to theorems presentedin this section it is now possible to obtain a parametricrepresentation of the optimal solutions according to a givencriterion of any set of simultaneously asserted relations with119896 unknowns if a solution exists
The proposed method also permits to associate simulta-neously or sequentially several criteria
(i) When several criteria are treated simultaneously theoptimization problem can admit no solution That isthe case when the given criteria are antagonist
(ii) When several criteria are treated sequentially theobtained solutions satisfy the criteria with a givenpriority order An example of optimization withseveral criteria treated sequentially is presented in thenext section
5 Algebraic Synthesis of LogicalControllers with Optimization Criteriaand Incoherent Requirements
51 Control System Specifications The studied system is thecontroller of a water supply system composed of two pumpswhich are working in redundancy (Figure 4) The waterdistribution is made when it is necessary according to thepossible failures of elements (the pumps and the distributingsystem)
The expected behavior of the control system regardingthe application requirements can be expressed by the set ofassertions given hereafter
(i) The two pumps never operate simultaneously(ii) A pump cannot operate if it is out of order
(iii) When a global failure is detected no pump canoperate
(iv) Pumps can operate if and only if a water distributionrequest is present
(v) Priority is given according to ldquoprrdquo (pump1 has prioritywhen ldquoprrdquo is true)
(vi) In order to reduce the wear of the pumps it isnecessary to restrict the number of starting of thepumps
511 Inputs and Outputs of the Controller The Booleaninputs and outputs of this controller are given in Figure 5(a)Each pump is controlled thanks to a Boolean output (ldquop1rdquoand ldquop2rdquo) The controller is informed of water distributionrequests thanks to the input ldquoreqrdquo Inputs ldquof1rdquo and ldquof2rdquo informthe controller of a failure of the corresponding pump and ldquogf rdquoindicates a global failure of the installation The values o or 1of input ldquoPrrdquo decide which pump has priority
512 Control Laws to Synthetize Our approach does notallow identifying automatically which state variables mustbe used They are given by the designer according to itsinterpretation of the specification
For the water distribution system we propose to use 2state variables one for each output According to this choice2 7-variable switching functions (1198751 and 1198752) have to besynthesized (Figure 5(b)) They represent the unknowns ofour problem For this case study the 7 projection-functionsof 1198657(119861) are therefore as follows
(i) The 5 switching functions (Rq F1 F2 GF and Pr)which characterize the behavior of the inputs of thecontroller and are defined as follows
Rq1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr rq [119896] (55)
(ii) The 2 switching functions (1199011198751 and
1199011198752) which char-
acterize the previous behavior of the state variables ofthe controller and are defined as follows
1199011198751 1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr p1 [119896 minus 1] (56)
52 Algebraic Formalization of Requirements The completeformalization of the behavior of the water distribution systemis given in Figure 5(c) In order to illustrate the powerof expression of relations Equality and Inclusion severalexamples (generic assertions and equivalent formal relationsillustrated in the case study) are given hereafter It is impor-tant to note that the relation Inclusion permits to expressdistinctly necessary conditions and sufficient conditionsThisrelation is the cornerstone of our approach
(i) Pump1 and Pump2 never operate simultaneously1198751sdot1198752 = 0
(ii) If Pump1 operates Pump2 cannot operate 1198751 le 1198752
12 Mathematical Problems in Engineering
(a) Inputs and Outputs of the Controller
Control ofthe water
distributionsystem
(Request of water) rq(Pump1 failure) f1(Pump2 failure) f2(Global failure) gf
(Priority to Pump1) pr
p1 (Command of Pump1)
p2 (Command of Pump2)
(b) General form of the Expected Control Laws
p1 [119896] = P1 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p2 [119896] = P2 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
(c) Formal Specification
Requirements
R1 P1 sdot P2 = 0 (lowastThe two pumps never operate simultaneouslylowast)R2 F1 le P1 (lowastPump 1 cannot operate if it is out of order (F1)lowast)R3 F2 le P2 (lowastPump2 cannot operate if it is out of order (F2)lowast)R4 GF le (P1 sdot P2) (lowastWhen a global failure is detected (GF) no pump can operatelowast)R5 (P1 + P2) le Rq (lowastIt is necessary to have are quest for pumps operatelowast)R6 Rq le (P1 + P2) (lowastIt is sufficient to have a request for pumps operatelowast)
Priority rules
R4 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)R2R3 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)
Optimization criteria
(1) Minimization of ((P1 sdot1199011198751) + (P2 sdot
1199011198752)) (lowastMinimization of the possibility to start a pumplowast)
(2) Maximization of ((Pr sdot P1) + (Pr sdot P2)) (lowastMaximization of the priority order between the two pumpslowast)
(d) Solution obtained by symbolic calculation
P1 = Rq sdot GF sdot F1 sdot (F2 + Pr sdot (1199011198751+1199011198752) +
119901P 1 sdot1199011198752)
P2 = Rq sdot GF sdot F2 sdot (F1 + Pr sdot (1199011198752+1199011198751) +
119901P 2 sdot1199011198751)
(e) Control laws of the water distribution system
p1 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f2 [119896] or pr [119896] and (p1 [119896 minus 1] or notp2 [119896 minus 1]) or p1 [119896 minus 1] and notp2 [119896 minus 1])
p2 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f1 [119896] or pr [119896] and (p2 [119896 minus 1] or notp1 [119896 minus 1]) or p2 [119896 minus 1] and notp1 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
Figure 5 Details of the case study
Mathematical Problems in Engineering 13
(iii) It is necessary to have a request for pumps operate(1198751 + 1198752) le Rq
(iv) It is sufficient to have a request for pumps operateRq le (1198751 + 1198752)
(v) When Pump1 is failed it is sufficient to have a requestfor Pump2 operate F1 sdot Rq le 1198752
(vi) When Pump1 is failed it is necessary to have a requestfor Pump2 operate F1 sdot 1198752 le Rq
It is possible to prove that some of these formal expres-sions are equivalent (eg the first two) When a designerhesitates between two forms he has the possibility by usingsymbolic calculation to check if the proposed relations areequivalent or not
As 1198751 and1199011198751 represent the behavior of pump1 at
respectively times [119896] and [119896minus1] it is also possible to expressrelations about starts and stops of this pump as follows
(i) It is necessary to have a request to start pump1 (1198751 sdot1199011198751) le Rq
(ii) When pump1 operates it is sufficient to have a globalfailure to stop pump1 (
1199011198751 sdot GF) le (1198751 sdot
1199011198751)
53 Synthesis Process In traditional design methods thedesign procedure of a logic controller is not a linear processbut an iterative one converging to an acceptable solution Atthe beginning of the design requirements are neither com-plete nor without errors Most often new requirements areadded during the search of solutions and others are cor-rected This complementary information is given by thedesigner after analysis of the partial solutions he foundor when inconsistencies have been detected If we do notmake the hypothesis that the specifications are complete andconsistent designing a controller with a synthesis techniqueis also an iterative process in which the designer plays animportant role
531 Analysis of Requirements For this case study we chooseto start with requirements R1 to R6 For this subset ofrequirements the result given by your software tool was thefollowing inconsistency conditionI = Rq sdotGF+Rq sdotF1 sdotF2
Since requirements are declared inconsistent we have togive complementary information to precise our specificationBy analyzing each term of this formula it is possible to detectthe origin of the inconsistency
(i) Rq sdot GF what happens if we have simultaneouslya request and a global failure We consider thatrequirement R4 is more important than requirementR6 (R4 ≫ R6) as no pump can operate for thisconfiguration
(ii) Rq sdot F1 sdot F2 what happens if we have simultaneouslya request and a failure of each pump We considerthat requirements R2 and R3 aremore important thanrequirement R6 (R2R3 ≫ R6)
With these priority rules all the requirements are nowcoherent and the set of all the solutions can be computed
532 Optimal Solutions For choosing a control law of thewater supply system among this set of possible solutions wewill now take into account the given optimization criteriaThe first criterion aims at minimizing the number of startingof each pump in order to reduce its wearThe second criterionaims atmaximizing the use of the pump indicated by the valueof parameter Pr The method we propose allows proving thatproposed criteria cannot be treated simultaneously since theyare antagonist (to strictly the priority use of the pump fixedby parameter Pr it is necessary to permute pumps when Prchanges of value implying a supplementary start of a pump)Details can be found in [25]
All the priorities rules and optimization criteria used forthis case study are given in Figure 5(c)The solutionwe obtainis proposed in Figure 5(d)
533 Implementing Control Laws The synthesized controllaws presented in Figure 5(e) have been obtained by trans-lating the expression of the two unknowns according tothe projection-functions into relations between recurrentBoolean equations These control laws can be automaticallytranslated in the syntax of the ladder diagram language [1]before being implemented into a PLCThe code is composedof only 4 rungs (Figure 6)
The synthesized control laws can be given under theform of an automatically built inputoutput automaton withguarded transitions [21] (Figure 7)
6 Discussion
In our approach the synthesis of control laws is based onthe symbolic calculation a prototype software tool has beendeveloped to avoid tedious calculus and to aid the designerduring the different steps of the synthesis This tool (thatcan be obtained on request by the authors) performs all thecomputations required for inconsistencies detection betweenrequirements and for control laws generation In this toolall the Boolean formulas are stored in the form of reducedordered binary decision diagrams which allows efficientcalculations For example the computations for synthesizinga controller for the water supply system that we developedabove have been made in less than 10ms onto a classicallaptop
Our approach has been tested on several studies cases(some of them are available online httpwwwlurpaens-cachanfr-226050kjsp) The feedbacks of these experiencesallowed us to identify some of its limits and its possibilitiesthe most important are given below
We have first to recall that our method can only be usedfor binary systems (systems whose inputs and outputs of theircontroller are Boolean values)Nevertheless in practicemanysystems like manufacturing systems transport systems andso on are fully or partially binary
In our opinion the main advantage of our approachis that contrary to traditional engineering approaches thesynthesized control laws are not depending on designerrsquos skillor of his correct interpretation of the system requirementsOn the other hand the quality of the synthesis results highly
14 Mathematical Problems in Engineering
|+--| |-------------------------------( )--+| |
|
|+--| |-------------------------------( )--+| |
|
Rung 1 command of pump 1
rq gf p1
rq gf p2f1
f1
f2
f2
pr
pr
pp1
pp1
pp1
pp1
pp2
pp2
pp2
pp2
Rung 2 command of pump 2
Rung 3 update previous value of pump 1
Rung 4 update previous value of pump 2
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|
|
|
|
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
p1
p2
pp1
pp2
Figure 6 Ladder diagram of the code to implement into the PLC
Table 1 Futures concerning a same case study
Formal requirements Synthesized controller PLC program (structured text)
Supervisory Control TheoryPlant behavior 11 finite automata(481 states and 1330 transitions)Specifications 11 finite automata
Finite automaton of 45states and 70 transitions 130 lines
Algebraic synthesis 8 equations and 2 priority rules 2 6-variable switchingfunctions 4 lines
E0-1 = rq and notgf and notf1and (f2 or pr)E0-2 = rq and notgf and notf2 and (f1or notpr)
E1-0 = notrq or gf or f1 and f2
E2-0 = notrq or gf or f1 and f2E2-1 = rq and notgf and f2 and notf1E2-1 = rq and notgf and f2 and notf1
E2-0 E0-2
E0-1
E1-0
E 2-1
E 1-2
0 1
2
p1
p2
E1-2 = rq and notgf and f1 and notf2Figure 7 State model of the obtained control law
depends on the relevance of the requirements proposed bythe designerThis step of formalization by the designer of theinformal requirements of the system to be controlled is theAchilles heel of all synthesis methods including the Supervi-sory Control Theory (SCT) and cannot be automated
The objective comparison of our approach with othersynthesis methods and more especially with SCT is verydifficult because the models used and the theoretical basicsare very different Nevertheless we tested both approaches onsame study cases One of them the control of an automaticparking gate has been published in [26]The results obtainedin this case are summarized in Table 1
Furthermore one may note that the supervisor thatis synthesized by SCT is optimal in the sense where it
is the most permissive that is the one that reduces theless the plant behavior in order to force it to respect thespecifications As shown in this paper our method allowsto cope with inconsistencies in specifications what is notpossible with SCT and also allows to find optimal controllersby choosing different optimization criteria (most permissivemost restrictive most safe controller etc)
7 Conclusion
Many research works in the field of DES aim at formalizingsteps of the systems life cycle Since 20 years significantprogresses have been obtained for the synthesis verificationperformance evaluation and diagnosis of DESs Neverthe-less one of the common difficulties of these works is thetranslation of informal expression of the knowledge of asystem into formal requirements Few works have paidattention to this important task which is very error prone Inthis paper we proposed an iterative process that allows copingwith inconsistencies of the requirements during the synthesisof the controller The framework in which we proposed thisapproach is an algebraic synthesis method Since the problemis located in the frontier between formal and informalintervention of the designer is necessary Nevertheless wehave shown that this intervention can be guided by the resultsof the formal method provides
Mathematical Problems in Engineering 15
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] International Electrotechnical Commission IEC 61131-3 IEC61131-3 Standard Programmable Controllers-Part 3 Program-ming Languages International Electrotechnical Commission2nd edition 2003
[2] G Frey and L Litz ldquoFormal methods in PLC programmingrdquoin Proceedings of the IEEE International Conference on SystemsMan and Cybernetics vol 4 pp 2431ndash2436 October 2000
[3] B Berard M Bidoit A Finkel et al Systems and Software Ver-ification Model-Checking Techniques and Tools Springer NewYork NY USA 1st edition 1999
[4] H Bel Mokadem B Berard V Gourcuff O De Smet andJ Roussel ldquoVerification of a timed multitask system withUPPAALrdquo IEEE Transactions on Automation Science and Engi-neering vol 7 no 4 pp 921ndash932 2010
[5] J L Boulanger Ed Industrial Use of Formal Methods FormalVerification (ISTE) Wiley-ISTE New York NY USA 2012
[6] P J G Ramadge andWMWonham ldquoControl of discrete eventsystemsrdquo Proceedings of the IEEE vol 77 no 1 pp 81ndash98 1989
[7] P Gohari and W M Wonham ldquoOn the complexity of supervi-sory control design in the RW frameworkrdquo IEEE Transactionson Systems Man and Cybernetics B vol 30 no 5 pp 643ndash6522000
[8] Y Hietter Synthese algebrique de lois de commande pour lessystemes a evenements discrets logiques [PhD thesis] ENSCachan Cachan France 2009
[9] H-M Hanisch A Lueder and J Thieme ldquoModular plantmodeling technique and related controller synthesis problemsrdquoin Proceedings of the 1998 IEEE International Conference onSystems Man and Cybernetics pp 686ndash691 October 1998
[10] J-M Roussel and A Giua ldquoDesigning dependable logic con-trollers using the supervisory control theoryrdquo in Proceedings ofthe 16th IFACWorld Congress cDRom paper 4427 p 6 PrahaCzech Republic 2005
[11] D A Huffman ldquoThe synthesis of sequential switching circuitsrdquoJournal of the Franklin Institute vol 257 no 3-4 pp 161ndash3031954
[12] G H Mealy ldquoA method for synthesizing sequential circuitsrdquoBell System Technical Journal vol 34 no 5 pp 1045ndash1079 1955
[13] E F Moore ldquoGedanken-experiments on sequential machinesrdquoin Automata Studies pp 129ndash153 Princeton University PressPrinceton NJ USA 1956
[14] S Rudeanu Lattice Functions and Equations (Discrete Mathe-matics and Theoretical Computer Science) Springer New YorkNY USA 2001
[15] FM Brown Boolean Reasoning the Logic of Boolean EquationsDover Mineola NY USA 2003
[16] A Pnueli andR Rosner ldquoOn the synthesis of a reactivemodulerdquoin Proceedings of the 16th ACM symposium on Principles ofprogramming languages (POPL rsquo89) pp 179ndash190 ACM NewYork NY USA 1989
[17] E Filiot N Jin and J Raskin ldquoAntichains and compositionalalgorithms for LTL synthesisrdquoFormalMethods in SystemDesignvol 39 no 3 pp 261ndash296 2011
[18] J Machado B Denis J J Lesage J M Faure and J FereiraldquoLogic controllers dependability verification using a plantmodelrdquo in Proceedings of the 3rd IFAC Workshop on Discrete-Event System Design (DESDes rsquo06) pp 37ndash42 Rydzyna Poland2006
[19] Y Hietter J-M Roussel and J-L Lesage ldquoAlgebraic synthesisof transition conditions of a state modelrdquo in Proceedings of the9th International Workshop on Discrete Event Systems (WODESrsquo08) pp 187ndash192 Goteborg Sweden May 2008
[20] Y Hietter J-M Roussel and J J Lesage ldquoAlgebraic synthesis ofdependable logic controllersrdquo in Proceedings of the 17th WorldCongress International Federation of Automatic Control (IFACrsquo08) pp 4132ndash4137 Seoul South Korea July 2008
[21] A Guignard Symbolic generation of the automaton representingan algebraic description of a logic system [MS thesis] ENSCachan Cachan France 2011
[22] R P Grimaldi Discrete and Combinatorial Mathematics AnApplied Introduction Addison-Wesley Longman Boston MassUSA 5th edition 2004
[23] J-M Roussel and J-J Lesage ldquoAlgebraic synthesis of logicalcontrollers despite inconsistencies in specificationsrdquo in Proceed-ing of the 11th International Workshop on Discrete Event Systems(WODES rsquo12) pp 307ndash314 Guadalajara Mexico 2012
[24] H Leroux Algebraic Synthesis of Logical Controllers with Opti-mization Criteria ENS Cachan Cachan France 2011
[25] H Leroux and J -M Roussel ldquoAlgebraic synthesis of logicalcontrollers with optimization criteriardquo in Proceedings of the6th International Workshop on Verification and Evaluation ofComputer and Communication Systems (VECOS rsquo12) pp 103ndash114 Paris France 2012
[26] M Cantarelli and J Roussel ldquoReactive control system designusing the supervisory control theory evaluation of possibilitiesand limitsrdquo in Proceedings of 9th International Workshop onDiscrete Event Systems (WODES rsquo08) pp 200ndash205 GoteborgSweden May 2008
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
8 Mathematical Problems in Engineering
Equation (33) is an equation with (119896 minus 2) unknowns Eachterm of (33) can be expanded according to 119909
119896minus2and (33) can
be written in the form
( prod
1198602isin012
Eq0(119883119896minus3
0 1198602Proj)) sdot 119909
119896minus2
+ ( prod
1198602isin012
Eq0(119883119896minus3
1 1198602Proj)) sdot 119909
119896minus2= 0
(34)
In the end we obtain an equation of only one unknown1199091defined by
( prod
119860119896minus1isin01119896minus1
Eq0(0 119860119896minus1
Proj)) sdot 1199091
+ ( prod
119860119896minus1isin01119896minus1
Eq0(1 119860119896minus1
Proj)) sdot 1199091= 0
(35)
According to Theorem 11 (35) admits solutions if andonly if
prod
119860119896isin01119896
Eq0(119860119896Proj) = 0 (36)
When (36) is satisfied the 119896 equations for 1199091to 119909119896
admit solutions Equation (27) is then coherent and admitssolutions
When (36) is satisfied solutions of (35) for 1199091are
119878 (1199091) = prod
119860119896minus1isin01119896minus1
Eq0(0 119860119896minus1
Proj)
+ 1199011sdot prod
119860119896minus1isin01119896minus1
Eq0(1 119860119896minus1
Proj)(37)
After substituting 119878(1199091) for 119909
1into (27) we obtain a new
equation Eq1(1199092 119909
119896Proj) = 0 involving the (119896 minus 1)
unknowns (1199092 119909
119896) where
Eq1(1199092 119909
119896Proj) = Eq
0(1199091 1199092 119909
119896Proj) |
1199091larr119878(1199091)
(38)
By applying the previous procedure we can obtain 119878(1199092)
and Eq2(1199093 119909
119896Proj)Then it suffices to apply this proce-
dure again (119896minus2) times to obtain successively solutions 119878(1199093)
to 119878(119909119896)
It is important to note that the order in which unknownsare treated affects only the parametric form of the 119896-tuplesolutionThis is due to the fact that the same 119896-tuple solutioncan be represented with several distinct parametric forms
434 Partial Conclusions Thanks to theorems presentedabove it is possible to obtain a parametric representationof all the solutions of any set of simultaneously assertedrelations with 119896 unknowns if a solution exists In practicedue to the complexity of systems to be designed proposedset of simultaneously asserted relations is generally incon-sistent [23] To simplify the work of the designer we haveproved complementary theorems to improve the robustnessof our method to the lack of precision of the specifications(Section 44)
When several solutions exist the comparison of solutionsaccording to a given criterion can be envisaged since theBoolean algebra 119865
119899(119861) is equipped with a partial order To
simplify the work of the designer too we have developed amethod to calculate the best solutions according to one orseveral criteria (Section 45)
44Theorems toCopewith Inconsistencies of Specifications Inpractice it is very difficult for a designer to specify the wholerequirements of a complex system without inconsistencies Itis the reasonwhy requirements given by the designer are oftendeclared as inconsistent according to Theorem 12 Since theinconsistency condition is a Boolean formula it is possible touse it for the detection of the origin of inconsistencies Twocases have to be considered as follows
(i) Several requirements cannot be simultaneouslyrespected In this case a hierarchy between require-ments can be proposed in order to find a solutionThe requirements which have the lower priority haveto be corrected for becoming consistent with therequirements which have the higher priority Thisstrategy is based onTheorem 14
(ii) Thedetected inconsistency refers to specific combina-tions of projection-functions for which the designerknows that they are impossible blocking the synthesisprocess it is necessary to introduce new assumptionsand to use Theorem 13
Theorem 13 (solution of a Boolean equation according to anassumption among the projection-functions) The followingproblem
Equationtosolve
1198641199020(119883119896 119875119903119900119895) = 0
Assumptions
A (119875119903119900119895) = 0
(39)
admits the same solutions as the following equation
1198641199020(119883119896 119875119903119900119895) le A (119875119903119900119895) (40)
Mathematical Problems in Engineering 9
Proof According to A(Proj) = 0 Eq0(119883119896Proj) = 0 can be
rewritten as
Eq0(119883119896Proj) = 0
A (Proj) = 0
lArrrArr A (Proj) + Eq0(119883119896Proj) = 0
lArrrArr A (Proj) +A (Proj) sdot Eq0(119883119896Proj) = 0
lArrrArr A(Proj) sdot Eq
0(119883119896Proj) = 0
A (Proj) = 0
lArrrArr Eq0(119883119896Proj) le A (Proj)
A (Proj) = 0
(41)
EquationA(Proj) sdot Eq0(119883119896Proj) = 0 is consistent if and
only if the following condition is true (Theorem 12)
A (Proj) sdot prod
119860119896isin01119896
Eq0(119860119896Proj) = 0 (42)
By construction this new condition is the subset of theinitial condition (prod
119860119896isin01119896Eq0(119860119896Proj) = 0) for which the
proposed assumption is satisfied All the other terms havebeen removed
If (42) is satisfied (40) admits one or more 119896-tuplesolutions where each component 119878(119909
119894) is defined by
119878 (119909119894) = A(Proj)
sdot ( prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(0 119860119896minus119894Proj)
+ 119901119894sdot prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(1 119860119896minus119894Proj))
+A (Proj) sdot 119901119894
(43)
AsA(Proj) = 0 119878(119909119894) can also be expressed as
119878 (119909119894) = prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(0 119860119896minus119894Proj) + 119901
119894
sdot prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(1 119860119896minus119894Proj)
(44)
When A(Proj) = 0 is satisfied the solutions of (40) are alsosolution to Eq
0(119883119896Proj) = 0
Theorem 14 (Solution of a Boolean equation system accord-ing to a priority rule between requirements) The followingproblem
119864119902119906119886119905119894119900119899119904119904119910119904119905119890119898119905119900solve
119867119877 FH (119883119896 119875119903119900119895) = 0
119871119877 FL (119883119896 119875119903119900119895) = 0
119874119877 FO (119883119896 119875119903119900119895) = 0
119875119903119894119900119903119894119905119910119903119906119897119890119887119890119905119908119890119890119899requirements
119867119877 ≫ 119871119877
(45)
where
(i) FH(119883119896 119875119903119900119895) = 0 is the formal expression of therequirements which have the higher priority (HR)
(ii) FL(119883119896 119875119903119900119895) = 0 is the formal expression of therequirements which have the lower priority (LR)
(iii) FO(119883119896 119875119903119900119895) = 0 is the formal expression of the othersrequirements (OR)
(iv) 119867119877 ≫ 119871119877 is the priority rule between inconsistentrequirements
admits the same solutions as the system of equations as follows
FH (119883119896 119875119903119900119895) = 0
FL (119883119896 119875119903119900119895) le I (119875119903119900119895)
FO (119883119896 119875119903119900119895) = 0
(46)
whereI(119875119903119900119895) is the inconsistency condition between require-ments ldquoHRrdquo and ldquoLRrdquo
I (119875119903119900119895) = prod
119860119896isin01119896
(FH (119860119896 119875119903119900119895) +FL (119860
119896 119875119903119900119895))
(47)
Proof Thanks to Theorem 12 the inconsistency conditionI(Proj) between requirements ldquoHRrdquo and ldquoLRrdquo can be foundby solving equation FH(119883119896Proj) + FL(119883119896Proj) = 0 Wehave
I (Proj) = prod
119860119896isin01119896
(FH (119860119896Proj) +FL (119860
119896Proj))
(48)
To remove the inconsistency between requirements ldquoHRrdquo andldquoLRrdquo according to the priority rule ldquoHR≫ LRrdquo it is necessaryto restrict the range of requirement ldquoLRrdquo to the part for whichthere is no inconsistency that is I(Proj) = 0 That is thecase whenFL(119883119896Proj) = 0 is replaced byFL(119883119896Proj) leI (Proj)
Thanks to Theorem 12 (49) admits always one or more119896-tuple solutions and it is impossible to find a less restrictivecondition over requirement ldquoLRrdquo
FH (119883119896Proj) = 0
FL (119883119896Proj) le I (Proj)
(49)
10 Mathematical Problems in Engineering
45 Optimal Solutions of Boolean Equations over 119865119899(119861) The
goal of this step is to be able to obtain automatically theparametric form of the 119896-tuples solutions of 119865
119899(119861) which
satisfy not only a given equation (Eq(119883119896Proj) = 0) of
Boolean functions but also which maximize (or minimize) aBoolean formula of these Boolean functions (F
119862(119883119896Proj))
corresponding to the desired optimization criterionGenerally speaking the search of the best solution tuples
according to a given criterion when the space of solutions iscomposed of discrete values is a complex mathematical issueIt is sometimes necessary to make a side-by-side comparisonof each solution in order to identify the best one In our casethis exhaustive method which cannot be used as 119865
119899(119861) is only
provided by a partial order two particular solutions cannotalways be ordered between themselves
Nevertheless it is possible to obtain the researchedparametric form of the 119896-tuples thanks to the followingresults
(i) When an equation between Boolean functions hasone or more solution tuples in 119865
119899(119861) every Boolean
formula onto these Boolean functions can be rewrit-ten thanks to only projection-functions of 119865
119899(119861) and
free parameters of 119865119899(119861) which are describing these
solution tuples(ii) Every Boolean formula expressed as a composition
of projection-functions of 119865119899(119861) and free parameters
of 119865119899(119861) has a unique maximum and a unique
minimumThese extrema can be expressed thanks toonly projection-functions of 119865
119899(119861)
Hence it is then possible to rewrite the initial problem
Problem to solve
Eq (119883119896Proj) = 0
Optimization Criterion
Maximization of FC (119883119896Proj)
(50)
into a 2-equation system to solve
Eq (119883119896Proj) = 0
F119862(119883119896Proj) = Max
119883119896|Eq(119883119896 Proj)=0(F119862(119883119896Proj)) (51)
451 Extrema of a Boolean Formula according to FreelyChosen Members of 119865
119899(119861) Considering the Boolean algebra
of 119899-variable switching functions (119865119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861)
(ii) let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector
Any formula F(119875119896Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) defines a subset of 119865
119899(119861) According to
the relation le elements of this subset can be compared
In this specific case the subset defined byF(119875119896Proj) admits
a minimal element and a maximal element
Theorem 15 (minimum and maximum of a Boolean for-mula) Any formulaF(119875
119896 Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) admits a minimum and amaximum defined
as follows
Min119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = prod
119860119896isin01119896
F (119860119896 Proj)
Max119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = sum
119860119896isin01119896
F (119860119896 Proj)
(52)
Proof To prove this theorem it is necessary to establish that
(1) prod119860119896isin01
119896F(119860119896Proj) is a lower bound of F(119875
119896
Proj)(2) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = prod
119860119896isin01119896F(119860
119896Proj)
(3) sum119860119896isin01
119896F(119860119896Proj) is an upper bound of F(119875
119896
Proj)(4) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = sum
119860119896isin01119896F(119860
119896Proj)
Details of this proof can be found in [24]
452 Optimization Problem Considering the Boolean alge-bra of 119899-variable switching functions (119865
119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861) Let ldquoProjrdquo be the corresponding vector
(ii) Let (1199091 119909
119896) be 119896 elements of 119865
119899(119861) considered as
unknowns Let ldquo119883119896rdquo be the corresponding vector
(iii) Let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector(iv) Let Eq(119883
119896Proj) = 0 be the Boolean equation to solve
(v) LetFC(119883119896Proj) be the Boolean formula of the givencriterion to optimize (maximization or minimiza-tion)
Themethod we propose to obtain the parametric form ofthe 119896-tuple of switching functions solution of Eq(119883
119896Proj) =
0 according to a given optimization criterionFC(119883119896Proj) iscomposed of five steps as follows
(i) The first step is to establish the parametric form of the119896-tuple solution to Eq(119883
119896Proj) = 0 only thanks to
Theorem 12(ii) The second step is to establish the parametric form
of the given optimization criterion FC(119883119896Proj) bysubstituting 119878(119909
119894) for 119909
119894 Let FSC(119875119896Proj) be the
result of this substitution(iii) The third step is to calculate the extremum
of FSC(119875119896Proj) according to Theorem 15 LetFEC(Proj) be the Boolean formula of this extremum
Mathematical Problems in Engineering 11
Pump1
Pump2
To the distributing system
Tank
Figure 4 Structure of the water supply system
(iv) The fourth step is to replace the given criterion by theequivalent relation
F119862(119883119896Proj) = FEC (Proj) (53)
(v) The fifth step is to establish the parametric form of the119896-tuple solution of the equivalent problem
Eq (119883119896Proj) = 0
FCrit (119883119896Proj) = FExtCrit (Proj) (54)
453 Partial Conclusions Thanks to theorems presentedin this section it is now possible to obtain a parametricrepresentation of the optimal solutions according to a givencriterion of any set of simultaneously asserted relations with119896 unknowns if a solution exists
The proposed method also permits to associate simulta-neously or sequentially several criteria
(i) When several criteria are treated simultaneously theoptimization problem can admit no solution That isthe case when the given criteria are antagonist
(ii) When several criteria are treated sequentially theobtained solutions satisfy the criteria with a givenpriority order An example of optimization withseveral criteria treated sequentially is presented in thenext section
5 Algebraic Synthesis of LogicalControllers with Optimization Criteriaand Incoherent Requirements
51 Control System Specifications The studied system is thecontroller of a water supply system composed of two pumpswhich are working in redundancy (Figure 4) The waterdistribution is made when it is necessary according to thepossible failures of elements (the pumps and the distributingsystem)
The expected behavior of the control system regardingthe application requirements can be expressed by the set ofassertions given hereafter
(i) The two pumps never operate simultaneously(ii) A pump cannot operate if it is out of order
(iii) When a global failure is detected no pump canoperate
(iv) Pumps can operate if and only if a water distributionrequest is present
(v) Priority is given according to ldquoprrdquo (pump1 has prioritywhen ldquoprrdquo is true)
(vi) In order to reduce the wear of the pumps it isnecessary to restrict the number of starting of thepumps
511 Inputs and Outputs of the Controller The Booleaninputs and outputs of this controller are given in Figure 5(a)Each pump is controlled thanks to a Boolean output (ldquop1rdquoand ldquop2rdquo) The controller is informed of water distributionrequests thanks to the input ldquoreqrdquo Inputs ldquof1rdquo and ldquof2rdquo informthe controller of a failure of the corresponding pump and ldquogf rdquoindicates a global failure of the installation The values o or 1of input ldquoPrrdquo decide which pump has priority
512 Control Laws to Synthetize Our approach does notallow identifying automatically which state variables mustbe used They are given by the designer according to itsinterpretation of the specification
For the water distribution system we propose to use 2state variables one for each output According to this choice2 7-variable switching functions (1198751 and 1198752) have to besynthesized (Figure 5(b)) They represent the unknowns ofour problem For this case study the 7 projection-functionsof 1198657(119861) are therefore as follows
(i) The 5 switching functions (Rq F1 F2 GF and Pr)which characterize the behavior of the inputs of thecontroller and are defined as follows
Rq1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr rq [119896] (55)
(ii) The 2 switching functions (1199011198751 and
1199011198752) which char-
acterize the previous behavior of the state variables ofthe controller and are defined as follows
1199011198751 1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr p1 [119896 minus 1] (56)
52 Algebraic Formalization of Requirements The completeformalization of the behavior of the water distribution systemis given in Figure 5(c) In order to illustrate the powerof expression of relations Equality and Inclusion severalexamples (generic assertions and equivalent formal relationsillustrated in the case study) are given hereafter It is impor-tant to note that the relation Inclusion permits to expressdistinctly necessary conditions and sufficient conditionsThisrelation is the cornerstone of our approach
(i) Pump1 and Pump2 never operate simultaneously1198751sdot1198752 = 0
(ii) If Pump1 operates Pump2 cannot operate 1198751 le 1198752
12 Mathematical Problems in Engineering
(a) Inputs and Outputs of the Controller
Control ofthe water
distributionsystem
(Request of water) rq(Pump1 failure) f1(Pump2 failure) f2(Global failure) gf
(Priority to Pump1) pr
p1 (Command of Pump1)
p2 (Command of Pump2)
(b) General form of the Expected Control Laws
p1 [119896] = P1 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p2 [119896] = P2 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
(c) Formal Specification
Requirements
R1 P1 sdot P2 = 0 (lowastThe two pumps never operate simultaneouslylowast)R2 F1 le P1 (lowastPump 1 cannot operate if it is out of order (F1)lowast)R3 F2 le P2 (lowastPump2 cannot operate if it is out of order (F2)lowast)R4 GF le (P1 sdot P2) (lowastWhen a global failure is detected (GF) no pump can operatelowast)R5 (P1 + P2) le Rq (lowastIt is necessary to have are quest for pumps operatelowast)R6 Rq le (P1 + P2) (lowastIt is sufficient to have a request for pumps operatelowast)
Priority rules
R4 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)R2R3 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)
Optimization criteria
(1) Minimization of ((P1 sdot1199011198751) + (P2 sdot
1199011198752)) (lowastMinimization of the possibility to start a pumplowast)
(2) Maximization of ((Pr sdot P1) + (Pr sdot P2)) (lowastMaximization of the priority order between the two pumpslowast)
(d) Solution obtained by symbolic calculation
P1 = Rq sdot GF sdot F1 sdot (F2 + Pr sdot (1199011198751+1199011198752) +
119901P 1 sdot1199011198752)
P2 = Rq sdot GF sdot F2 sdot (F1 + Pr sdot (1199011198752+1199011198751) +
119901P 2 sdot1199011198751)
(e) Control laws of the water distribution system
p1 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f2 [119896] or pr [119896] and (p1 [119896 minus 1] or notp2 [119896 minus 1]) or p1 [119896 minus 1] and notp2 [119896 minus 1])
p2 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f1 [119896] or pr [119896] and (p2 [119896 minus 1] or notp1 [119896 minus 1]) or p2 [119896 minus 1] and notp1 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
Figure 5 Details of the case study
Mathematical Problems in Engineering 13
(iii) It is necessary to have a request for pumps operate(1198751 + 1198752) le Rq
(iv) It is sufficient to have a request for pumps operateRq le (1198751 + 1198752)
(v) When Pump1 is failed it is sufficient to have a requestfor Pump2 operate F1 sdot Rq le 1198752
(vi) When Pump1 is failed it is necessary to have a requestfor Pump2 operate F1 sdot 1198752 le Rq
It is possible to prove that some of these formal expres-sions are equivalent (eg the first two) When a designerhesitates between two forms he has the possibility by usingsymbolic calculation to check if the proposed relations areequivalent or not
As 1198751 and1199011198751 represent the behavior of pump1 at
respectively times [119896] and [119896minus1] it is also possible to expressrelations about starts and stops of this pump as follows
(i) It is necessary to have a request to start pump1 (1198751 sdot1199011198751) le Rq
(ii) When pump1 operates it is sufficient to have a globalfailure to stop pump1 (
1199011198751 sdot GF) le (1198751 sdot
1199011198751)
53 Synthesis Process In traditional design methods thedesign procedure of a logic controller is not a linear processbut an iterative one converging to an acceptable solution Atthe beginning of the design requirements are neither com-plete nor without errors Most often new requirements areadded during the search of solutions and others are cor-rected This complementary information is given by thedesigner after analysis of the partial solutions he foundor when inconsistencies have been detected If we do notmake the hypothesis that the specifications are complete andconsistent designing a controller with a synthesis techniqueis also an iterative process in which the designer plays animportant role
531 Analysis of Requirements For this case study we chooseto start with requirements R1 to R6 For this subset ofrequirements the result given by your software tool was thefollowing inconsistency conditionI = Rq sdotGF+Rq sdotF1 sdotF2
Since requirements are declared inconsistent we have togive complementary information to precise our specificationBy analyzing each term of this formula it is possible to detectthe origin of the inconsistency
(i) Rq sdot GF what happens if we have simultaneouslya request and a global failure We consider thatrequirement R4 is more important than requirementR6 (R4 ≫ R6) as no pump can operate for thisconfiguration
(ii) Rq sdot F1 sdot F2 what happens if we have simultaneouslya request and a failure of each pump We considerthat requirements R2 and R3 aremore important thanrequirement R6 (R2R3 ≫ R6)
With these priority rules all the requirements are nowcoherent and the set of all the solutions can be computed
532 Optimal Solutions For choosing a control law of thewater supply system among this set of possible solutions wewill now take into account the given optimization criteriaThe first criterion aims at minimizing the number of startingof each pump in order to reduce its wearThe second criterionaims atmaximizing the use of the pump indicated by the valueof parameter Pr The method we propose allows proving thatproposed criteria cannot be treated simultaneously since theyare antagonist (to strictly the priority use of the pump fixedby parameter Pr it is necessary to permute pumps when Prchanges of value implying a supplementary start of a pump)Details can be found in [25]
All the priorities rules and optimization criteria used forthis case study are given in Figure 5(c)The solutionwe obtainis proposed in Figure 5(d)
533 Implementing Control Laws The synthesized controllaws presented in Figure 5(e) have been obtained by trans-lating the expression of the two unknowns according tothe projection-functions into relations between recurrentBoolean equations These control laws can be automaticallytranslated in the syntax of the ladder diagram language [1]before being implemented into a PLCThe code is composedof only 4 rungs (Figure 6)
The synthesized control laws can be given under theform of an automatically built inputoutput automaton withguarded transitions [21] (Figure 7)
6 Discussion
In our approach the synthesis of control laws is based onthe symbolic calculation a prototype software tool has beendeveloped to avoid tedious calculus and to aid the designerduring the different steps of the synthesis This tool (thatcan be obtained on request by the authors) performs all thecomputations required for inconsistencies detection betweenrequirements and for control laws generation In this toolall the Boolean formulas are stored in the form of reducedordered binary decision diagrams which allows efficientcalculations For example the computations for synthesizinga controller for the water supply system that we developedabove have been made in less than 10ms onto a classicallaptop
Our approach has been tested on several studies cases(some of them are available online httpwwwlurpaens-cachanfr-226050kjsp) The feedbacks of these experiencesallowed us to identify some of its limits and its possibilitiesthe most important are given below
We have first to recall that our method can only be usedfor binary systems (systems whose inputs and outputs of theircontroller are Boolean values)Nevertheless in practicemanysystems like manufacturing systems transport systems andso on are fully or partially binary
In our opinion the main advantage of our approachis that contrary to traditional engineering approaches thesynthesized control laws are not depending on designerrsquos skillor of his correct interpretation of the system requirementsOn the other hand the quality of the synthesis results highly
14 Mathematical Problems in Engineering
|+--| |-------------------------------( )--+| |
|
|+--| |-------------------------------( )--+| |
|
Rung 1 command of pump 1
rq gf p1
rq gf p2f1
f1
f2
f2
pr
pr
pp1
pp1
pp1
pp1
pp2
pp2
pp2
pp2
Rung 2 command of pump 2
Rung 3 update previous value of pump 1
Rung 4 update previous value of pump 2
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|
|
|
|
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
p1
p2
pp1
pp2
Figure 6 Ladder diagram of the code to implement into the PLC
Table 1 Futures concerning a same case study
Formal requirements Synthesized controller PLC program (structured text)
Supervisory Control TheoryPlant behavior 11 finite automata(481 states and 1330 transitions)Specifications 11 finite automata
Finite automaton of 45states and 70 transitions 130 lines
Algebraic synthesis 8 equations and 2 priority rules 2 6-variable switchingfunctions 4 lines
E0-1 = rq and notgf and notf1and (f2 or pr)E0-2 = rq and notgf and notf2 and (f1or notpr)
E1-0 = notrq or gf or f1 and f2
E2-0 = notrq or gf or f1 and f2E2-1 = rq and notgf and f2 and notf1E2-1 = rq and notgf and f2 and notf1
E2-0 E0-2
E0-1
E1-0
E 2-1
E 1-2
0 1
2
p1
p2
E1-2 = rq and notgf and f1 and notf2Figure 7 State model of the obtained control law
depends on the relevance of the requirements proposed bythe designerThis step of formalization by the designer of theinformal requirements of the system to be controlled is theAchilles heel of all synthesis methods including the Supervi-sory Control Theory (SCT) and cannot be automated
The objective comparison of our approach with othersynthesis methods and more especially with SCT is verydifficult because the models used and the theoretical basicsare very different Nevertheless we tested both approaches onsame study cases One of them the control of an automaticparking gate has been published in [26]The results obtainedin this case are summarized in Table 1
Furthermore one may note that the supervisor thatis synthesized by SCT is optimal in the sense where it
is the most permissive that is the one that reduces theless the plant behavior in order to force it to respect thespecifications As shown in this paper our method allowsto cope with inconsistencies in specifications what is notpossible with SCT and also allows to find optimal controllersby choosing different optimization criteria (most permissivemost restrictive most safe controller etc)
7 Conclusion
Many research works in the field of DES aim at formalizingsteps of the systems life cycle Since 20 years significantprogresses have been obtained for the synthesis verificationperformance evaluation and diagnosis of DESs Neverthe-less one of the common difficulties of these works is thetranslation of informal expression of the knowledge of asystem into formal requirements Few works have paidattention to this important task which is very error prone Inthis paper we proposed an iterative process that allows copingwith inconsistencies of the requirements during the synthesisof the controller The framework in which we proposed thisapproach is an algebraic synthesis method Since the problemis located in the frontier between formal and informalintervention of the designer is necessary Nevertheless wehave shown that this intervention can be guided by the resultsof the formal method provides
Mathematical Problems in Engineering 15
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] International Electrotechnical Commission IEC 61131-3 IEC61131-3 Standard Programmable Controllers-Part 3 Program-ming Languages International Electrotechnical Commission2nd edition 2003
[2] G Frey and L Litz ldquoFormal methods in PLC programmingrdquoin Proceedings of the IEEE International Conference on SystemsMan and Cybernetics vol 4 pp 2431ndash2436 October 2000
[3] B Berard M Bidoit A Finkel et al Systems and Software Ver-ification Model-Checking Techniques and Tools Springer NewYork NY USA 1st edition 1999
[4] H Bel Mokadem B Berard V Gourcuff O De Smet andJ Roussel ldquoVerification of a timed multitask system withUPPAALrdquo IEEE Transactions on Automation Science and Engi-neering vol 7 no 4 pp 921ndash932 2010
[5] J L Boulanger Ed Industrial Use of Formal Methods FormalVerification (ISTE) Wiley-ISTE New York NY USA 2012
[6] P J G Ramadge andWMWonham ldquoControl of discrete eventsystemsrdquo Proceedings of the IEEE vol 77 no 1 pp 81ndash98 1989
[7] P Gohari and W M Wonham ldquoOn the complexity of supervi-sory control design in the RW frameworkrdquo IEEE Transactionson Systems Man and Cybernetics B vol 30 no 5 pp 643ndash6522000
[8] Y Hietter Synthese algebrique de lois de commande pour lessystemes a evenements discrets logiques [PhD thesis] ENSCachan Cachan France 2009
[9] H-M Hanisch A Lueder and J Thieme ldquoModular plantmodeling technique and related controller synthesis problemsrdquoin Proceedings of the 1998 IEEE International Conference onSystems Man and Cybernetics pp 686ndash691 October 1998
[10] J-M Roussel and A Giua ldquoDesigning dependable logic con-trollers using the supervisory control theoryrdquo in Proceedings ofthe 16th IFACWorld Congress cDRom paper 4427 p 6 PrahaCzech Republic 2005
[11] D A Huffman ldquoThe synthesis of sequential switching circuitsrdquoJournal of the Franklin Institute vol 257 no 3-4 pp 161ndash3031954
[12] G H Mealy ldquoA method for synthesizing sequential circuitsrdquoBell System Technical Journal vol 34 no 5 pp 1045ndash1079 1955
[13] E F Moore ldquoGedanken-experiments on sequential machinesrdquoin Automata Studies pp 129ndash153 Princeton University PressPrinceton NJ USA 1956
[14] S Rudeanu Lattice Functions and Equations (Discrete Mathe-matics and Theoretical Computer Science) Springer New YorkNY USA 2001
[15] FM Brown Boolean Reasoning the Logic of Boolean EquationsDover Mineola NY USA 2003
[16] A Pnueli andR Rosner ldquoOn the synthesis of a reactivemodulerdquoin Proceedings of the 16th ACM symposium on Principles ofprogramming languages (POPL rsquo89) pp 179ndash190 ACM NewYork NY USA 1989
[17] E Filiot N Jin and J Raskin ldquoAntichains and compositionalalgorithms for LTL synthesisrdquoFormalMethods in SystemDesignvol 39 no 3 pp 261ndash296 2011
[18] J Machado B Denis J J Lesage J M Faure and J FereiraldquoLogic controllers dependability verification using a plantmodelrdquo in Proceedings of the 3rd IFAC Workshop on Discrete-Event System Design (DESDes rsquo06) pp 37ndash42 Rydzyna Poland2006
[19] Y Hietter J-M Roussel and J-L Lesage ldquoAlgebraic synthesisof transition conditions of a state modelrdquo in Proceedings of the9th International Workshop on Discrete Event Systems (WODESrsquo08) pp 187ndash192 Goteborg Sweden May 2008
[20] Y Hietter J-M Roussel and J J Lesage ldquoAlgebraic synthesis ofdependable logic controllersrdquo in Proceedings of the 17th WorldCongress International Federation of Automatic Control (IFACrsquo08) pp 4132ndash4137 Seoul South Korea July 2008
[21] A Guignard Symbolic generation of the automaton representingan algebraic description of a logic system [MS thesis] ENSCachan Cachan France 2011
[22] R P Grimaldi Discrete and Combinatorial Mathematics AnApplied Introduction Addison-Wesley Longman Boston MassUSA 5th edition 2004
[23] J-M Roussel and J-J Lesage ldquoAlgebraic synthesis of logicalcontrollers despite inconsistencies in specificationsrdquo in Proceed-ing of the 11th International Workshop on Discrete Event Systems(WODES rsquo12) pp 307ndash314 Guadalajara Mexico 2012
[24] H Leroux Algebraic Synthesis of Logical Controllers with Opti-mization Criteria ENS Cachan Cachan France 2011
[25] H Leroux and J -M Roussel ldquoAlgebraic synthesis of logicalcontrollers with optimization criteriardquo in Proceedings of the6th International Workshop on Verification and Evaluation ofComputer and Communication Systems (VECOS rsquo12) pp 103ndash114 Paris France 2012
[26] M Cantarelli and J Roussel ldquoReactive control system designusing the supervisory control theory evaluation of possibilitiesand limitsrdquo in Proceedings of 9th International Workshop onDiscrete Event Systems (WODES rsquo08) pp 200ndash205 GoteborgSweden May 2008
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Mathematical Problems in Engineering 9
Proof According to A(Proj) = 0 Eq0(119883119896Proj) = 0 can be
rewritten as
Eq0(119883119896Proj) = 0
A (Proj) = 0
lArrrArr A (Proj) + Eq0(119883119896Proj) = 0
lArrrArr A (Proj) +A (Proj) sdot Eq0(119883119896Proj) = 0
lArrrArr A(Proj) sdot Eq
0(119883119896Proj) = 0
A (Proj) = 0
lArrrArr Eq0(119883119896Proj) le A (Proj)
A (Proj) = 0
(41)
EquationA(Proj) sdot Eq0(119883119896Proj) = 0 is consistent if and
only if the following condition is true (Theorem 12)
A (Proj) sdot prod
119860119896isin01119896
Eq0(119860119896Proj) = 0 (42)
By construction this new condition is the subset of theinitial condition (prod
119860119896isin01119896Eq0(119860119896Proj) = 0) for which the
proposed assumption is satisfied All the other terms havebeen removed
If (42) is satisfied (40) admits one or more 119896-tuplesolutions where each component 119878(119909
119894) is defined by
119878 (119909119894) = A(Proj)
sdot ( prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(0 119860119896minus119894Proj)
+ 119901119894sdot prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(1 119860119896minus119894Proj))
+A (Proj) sdot 119901119894
(43)
AsA(Proj) = 0 119878(119909119894) can also be expressed as
119878 (119909119894) = prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(0 119860119896minus119894Proj) + 119901
119894
sdot prod
119860119896minus119894isin01119896minus119894
Eq119894minus1
(1 119860119896minus119894Proj)
(44)
When A(Proj) = 0 is satisfied the solutions of (40) are alsosolution to Eq
0(119883119896Proj) = 0
Theorem 14 (Solution of a Boolean equation system accord-ing to a priority rule between requirements) The followingproblem
119864119902119906119886119905119894119900119899119904119904119910119904119905119890119898119905119900solve
119867119877 FH (119883119896 119875119903119900119895) = 0
119871119877 FL (119883119896 119875119903119900119895) = 0
119874119877 FO (119883119896 119875119903119900119895) = 0
119875119903119894119900119903119894119905119910119903119906119897119890119887119890119905119908119890119890119899requirements
119867119877 ≫ 119871119877
(45)
where
(i) FH(119883119896 119875119903119900119895) = 0 is the formal expression of therequirements which have the higher priority (HR)
(ii) FL(119883119896 119875119903119900119895) = 0 is the formal expression of therequirements which have the lower priority (LR)
(iii) FO(119883119896 119875119903119900119895) = 0 is the formal expression of the othersrequirements (OR)
(iv) 119867119877 ≫ 119871119877 is the priority rule between inconsistentrequirements
admits the same solutions as the system of equations as follows
FH (119883119896 119875119903119900119895) = 0
FL (119883119896 119875119903119900119895) le I (119875119903119900119895)
FO (119883119896 119875119903119900119895) = 0
(46)
whereI(119875119903119900119895) is the inconsistency condition between require-ments ldquoHRrdquo and ldquoLRrdquo
I (119875119903119900119895) = prod
119860119896isin01119896
(FH (119860119896 119875119903119900119895) +FL (119860
119896 119875119903119900119895))
(47)
Proof Thanks to Theorem 12 the inconsistency conditionI(Proj) between requirements ldquoHRrdquo and ldquoLRrdquo can be foundby solving equation FH(119883119896Proj) + FL(119883119896Proj) = 0 Wehave
I (Proj) = prod
119860119896isin01119896
(FH (119860119896Proj) +FL (119860
119896Proj))
(48)
To remove the inconsistency between requirements ldquoHRrdquo andldquoLRrdquo according to the priority rule ldquoHR≫ LRrdquo it is necessaryto restrict the range of requirement ldquoLRrdquo to the part for whichthere is no inconsistency that is I(Proj) = 0 That is thecase whenFL(119883119896Proj) = 0 is replaced byFL(119883119896Proj) leI (Proj)
Thanks to Theorem 12 (49) admits always one or more119896-tuple solutions and it is impossible to find a less restrictivecondition over requirement ldquoLRrdquo
FH (119883119896Proj) = 0
FL (119883119896Proj) le I (Proj)
(49)
10 Mathematical Problems in Engineering
45 Optimal Solutions of Boolean Equations over 119865119899(119861) The
goal of this step is to be able to obtain automatically theparametric form of the 119896-tuples solutions of 119865
119899(119861) which
satisfy not only a given equation (Eq(119883119896Proj) = 0) of
Boolean functions but also which maximize (or minimize) aBoolean formula of these Boolean functions (F
119862(119883119896Proj))
corresponding to the desired optimization criterionGenerally speaking the search of the best solution tuples
according to a given criterion when the space of solutions iscomposed of discrete values is a complex mathematical issueIt is sometimes necessary to make a side-by-side comparisonof each solution in order to identify the best one In our casethis exhaustive method which cannot be used as 119865
119899(119861) is only
provided by a partial order two particular solutions cannotalways be ordered between themselves
Nevertheless it is possible to obtain the researchedparametric form of the 119896-tuples thanks to the followingresults
(i) When an equation between Boolean functions hasone or more solution tuples in 119865
119899(119861) every Boolean
formula onto these Boolean functions can be rewrit-ten thanks to only projection-functions of 119865
119899(119861) and
free parameters of 119865119899(119861) which are describing these
solution tuples(ii) Every Boolean formula expressed as a composition
of projection-functions of 119865119899(119861) and free parameters
of 119865119899(119861) has a unique maximum and a unique
minimumThese extrema can be expressed thanks toonly projection-functions of 119865
119899(119861)
Hence it is then possible to rewrite the initial problem
Problem to solve
Eq (119883119896Proj) = 0
Optimization Criterion
Maximization of FC (119883119896Proj)
(50)
into a 2-equation system to solve
Eq (119883119896Proj) = 0
F119862(119883119896Proj) = Max
119883119896|Eq(119883119896 Proj)=0(F119862(119883119896Proj)) (51)
451 Extrema of a Boolean Formula according to FreelyChosen Members of 119865
119899(119861) Considering the Boolean algebra
of 119899-variable switching functions (119865119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861)
(ii) let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector
Any formula F(119875119896Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) defines a subset of 119865
119899(119861) According to
the relation le elements of this subset can be compared
In this specific case the subset defined byF(119875119896Proj) admits
a minimal element and a maximal element
Theorem 15 (minimum and maximum of a Boolean for-mula) Any formulaF(119875
119896 Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) admits a minimum and amaximum defined
as follows
Min119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = prod
119860119896isin01119896
F (119860119896 Proj)
Max119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = sum
119860119896isin01119896
F (119860119896 Proj)
(52)
Proof To prove this theorem it is necessary to establish that
(1) prod119860119896isin01
119896F(119860119896Proj) is a lower bound of F(119875
119896
Proj)(2) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = prod
119860119896isin01119896F(119860
119896Proj)
(3) sum119860119896isin01
119896F(119860119896Proj) is an upper bound of F(119875
119896
Proj)(4) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = sum
119860119896isin01119896F(119860
119896Proj)
Details of this proof can be found in [24]
452 Optimization Problem Considering the Boolean alge-bra of 119899-variable switching functions (119865
119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861) Let ldquoProjrdquo be the corresponding vector
(ii) Let (1199091 119909
119896) be 119896 elements of 119865
119899(119861) considered as
unknowns Let ldquo119883119896rdquo be the corresponding vector
(iii) Let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector(iv) Let Eq(119883
119896Proj) = 0 be the Boolean equation to solve
(v) LetFC(119883119896Proj) be the Boolean formula of the givencriterion to optimize (maximization or minimiza-tion)
Themethod we propose to obtain the parametric form ofthe 119896-tuple of switching functions solution of Eq(119883
119896Proj) =
0 according to a given optimization criterionFC(119883119896Proj) iscomposed of five steps as follows
(i) The first step is to establish the parametric form of the119896-tuple solution to Eq(119883
119896Proj) = 0 only thanks to
Theorem 12(ii) The second step is to establish the parametric form
of the given optimization criterion FC(119883119896Proj) bysubstituting 119878(119909
119894) for 119909
119894 Let FSC(119875119896Proj) be the
result of this substitution(iii) The third step is to calculate the extremum
of FSC(119875119896Proj) according to Theorem 15 LetFEC(Proj) be the Boolean formula of this extremum
Mathematical Problems in Engineering 11
Pump1
Pump2
To the distributing system
Tank
Figure 4 Structure of the water supply system
(iv) The fourth step is to replace the given criterion by theequivalent relation
F119862(119883119896Proj) = FEC (Proj) (53)
(v) The fifth step is to establish the parametric form of the119896-tuple solution of the equivalent problem
Eq (119883119896Proj) = 0
FCrit (119883119896Proj) = FExtCrit (Proj) (54)
453 Partial Conclusions Thanks to theorems presentedin this section it is now possible to obtain a parametricrepresentation of the optimal solutions according to a givencriterion of any set of simultaneously asserted relations with119896 unknowns if a solution exists
The proposed method also permits to associate simulta-neously or sequentially several criteria
(i) When several criteria are treated simultaneously theoptimization problem can admit no solution That isthe case when the given criteria are antagonist
(ii) When several criteria are treated sequentially theobtained solutions satisfy the criteria with a givenpriority order An example of optimization withseveral criteria treated sequentially is presented in thenext section
5 Algebraic Synthesis of LogicalControllers with Optimization Criteriaand Incoherent Requirements
51 Control System Specifications The studied system is thecontroller of a water supply system composed of two pumpswhich are working in redundancy (Figure 4) The waterdistribution is made when it is necessary according to thepossible failures of elements (the pumps and the distributingsystem)
The expected behavior of the control system regardingthe application requirements can be expressed by the set ofassertions given hereafter
(i) The two pumps never operate simultaneously(ii) A pump cannot operate if it is out of order
(iii) When a global failure is detected no pump canoperate
(iv) Pumps can operate if and only if a water distributionrequest is present
(v) Priority is given according to ldquoprrdquo (pump1 has prioritywhen ldquoprrdquo is true)
(vi) In order to reduce the wear of the pumps it isnecessary to restrict the number of starting of thepumps
511 Inputs and Outputs of the Controller The Booleaninputs and outputs of this controller are given in Figure 5(a)Each pump is controlled thanks to a Boolean output (ldquop1rdquoand ldquop2rdquo) The controller is informed of water distributionrequests thanks to the input ldquoreqrdquo Inputs ldquof1rdquo and ldquof2rdquo informthe controller of a failure of the corresponding pump and ldquogf rdquoindicates a global failure of the installation The values o or 1of input ldquoPrrdquo decide which pump has priority
512 Control Laws to Synthetize Our approach does notallow identifying automatically which state variables mustbe used They are given by the designer according to itsinterpretation of the specification
For the water distribution system we propose to use 2state variables one for each output According to this choice2 7-variable switching functions (1198751 and 1198752) have to besynthesized (Figure 5(b)) They represent the unknowns ofour problem For this case study the 7 projection-functionsof 1198657(119861) are therefore as follows
(i) The 5 switching functions (Rq F1 F2 GF and Pr)which characterize the behavior of the inputs of thecontroller and are defined as follows
Rq1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr rq [119896] (55)
(ii) The 2 switching functions (1199011198751 and
1199011198752) which char-
acterize the previous behavior of the state variables ofthe controller and are defined as follows
1199011198751 1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr p1 [119896 minus 1] (56)
52 Algebraic Formalization of Requirements The completeformalization of the behavior of the water distribution systemis given in Figure 5(c) In order to illustrate the powerof expression of relations Equality and Inclusion severalexamples (generic assertions and equivalent formal relationsillustrated in the case study) are given hereafter It is impor-tant to note that the relation Inclusion permits to expressdistinctly necessary conditions and sufficient conditionsThisrelation is the cornerstone of our approach
(i) Pump1 and Pump2 never operate simultaneously1198751sdot1198752 = 0
(ii) If Pump1 operates Pump2 cannot operate 1198751 le 1198752
12 Mathematical Problems in Engineering
(a) Inputs and Outputs of the Controller
Control ofthe water
distributionsystem
(Request of water) rq(Pump1 failure) f1(Pump2 failure) f2(Global failure) gf
(Priority to Pump1) pr
p1 (Command of Pump1)
p2 (Command of Pump2)
(b) General form of the Expected Control Laws
p1 [119896] = P1 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p2 [119896] = P2 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
(c) Formal Specification
Requirements
R1 P1 sdot P2 = 0 (lowastThe two pumps never operate simultaneouslylowast)R2 F1 le P1 (lowastPump 1 cannot operate if it is out of order (F1)lowast)R3 F2 le P2 (lowastPump2 cannot operate if it is out of order (F2)lowast)R4 GF le (P1 sdot P2) (lowastWhen a global failure is detected (GF) no pump can operatelowast)R5 (P1 + P2) le Rq (lowastIt is necessary to have are quest for pumps operatelowast)R6 Rq le (P1 + P2) (lowastIt is sufficient to have a request for pumps operatelowast)
Priority rules
R4 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)R2R3 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)
Optimization criteria
(1) Minimization of ((P1 sdot1199011198751) + (P2 sdot
1199011198752)) (lowastMinimization of the possibility to start a pumplowast)
(2) Maximization of ((Pr sdot P1) + (Pr sdot P2)) (lowastMaximization of the priority order between the two pumpslowast)
(d) Solution obtained by symbolic calculation
P1 = Rq sdot GF sdot F1 sdot (F2 + Pr sdot (1199011198751+1199011198752) +
119901P 1 sdot1199011198752)
P2 = Rq sdot GF sdot F2 sdot (F1 + Pr sdot (1199011198752+1199011198751) +
119901P 2 sdot1199011198751)
(e) Control laws of the water distribution system
p1 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f2 [119896] or pr [119896] and (p1 [119896 minus 1] or notp2 [119896 minus 1]) or p1 [119896 minus 1] and notp2 [119896 minus 1])
p2 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f1 [119896] or pr [119896] and (p2 [119896 minus 1] or notp1 [119896 minus 1]) or p2 [119896 minus 1] and notp1 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
Figure 5 Details of the case study
Mathematical Problems in Engineering 13
(iii) It is necessary to have a request for pumps operate(1198751 + 1198752) le Rq
(iv) It is sufficient to have a request for pumps operateRq le (1198751 + 1198752)
(v) When Pump1 is failed it is sufficient to have a requestfor Pump2 operate F1 sdot Rq le 1198752
(vi) When Pump1 is failed it is necessary to have a requestfor Pump2 operate F1 sdot 1198752 le Rq
It is possible to prove that some of these formal expres-sions are equivalent (eg the first two) When a designerhesitates between two forms he has the possibility by usingsymbolic calculation to check if the proposed relations areequivalent or not
As 1198751 and1199011198751 represent the behavior of pump1 at
respectively times [119896] and [119896minus1] it is also possible to expressrelations about starts and stops of this pump as follows
(i) It is necessary to have a request to start pump1 (1198751 sdot1199011198751) le Rq
(ii) When pump1 operates it is sufficient to have a globalfailure to stop pump1 (
1199011198751 sdot GF) le (1198751 sdot
1199011198751)
53 Synthesis Process In traditional design methods thedesign procedure of a logic controller is not a linear processbut an iterative one converging to an acceptable solution Atthe beginning of the design requirements are neither com-plete nor without errors Most often new requirements areadded during the search of solutions and others are cor-rected This complementary information is given by thedesigner after analysis of the partial solutions he foundor when inconsistencies have been detected If we do notmake the hypothesis that the specifications are complete andconsistent designing a controller with a synthesis techniqueis also an iterative process in which the designer plays animportant role
531 Analysis of Requirements For this case study we chooseto start with requirements R1 to R6 For this subset ofrequirements the result given by your software tool was thefollowing inconsistency conditionI = Rq sdotGF+Rq sdotF1 sdotF2
Since requirements are declared inconsistent we have togive complementary information to precise our specificationBy analyzing each term of this formula it is possible to detectthe origin of the inconsistency
(i) Rq sdot GF what happens if we have simultaneouslya request and a global failure We consider thatrequirement R4 is more important than requirementR6 (R4 ≫ R6) as no pump can operate for thisconfiguration
(ii) Rq sdot F1 sdot F2 what happens if we have simultaneouslya request and a failure of each pump We considerthat requirements R2 and R3 aremore important thanrequirement R6 (R2R3 ≫ R6)
With these priority rules all the requirements are nowcoherent and the set of all the solutions can be computed
532 Optimal Solutions For choosing a control law of thewater supply system among this set of possible solutions wewill now take into account the given optimization criteriaThe first criterion aims at minimizing the number of startingof each pump in order to reduce its wearThe second criterionaims atmaximizing the use of the pump indicated by the valueof parameter Pr The method we propose allows proving thatproposed criteria cannot be treated simultaneously since theyare antagonist (to strictly the priority use of the pump fixedby parameter Pr it is necessary to permute pumps when Prchanges of value implying a supplementary start of a pump)Details can be found in [25]
All the priorities rules and optimization criteria used forthis case study are given in Figure 5(c)The solutionwe obtainis proposed in Figure 5(d)
533 Implementing Control Laws The synthesized controllaws presented in Figure 5(e) have been obtained by trans-lating the expression of the two unknowns according tothe projection-functions into relations between recurrentBoolean equations These control laws can be automaticallytranslated in the syntax of the ladder diagram language [1]before being implemented into a PLCThe code is composedof only 4 rungs (Figure 6)
The synthesized control laws can be given under theform of an automatically built inputoutput automaton withguarded transitions [21] (Figure 7)
6 Discussion
In our approach the synthesis of control laws is based onthe symbolic calculation a prototype software tool has beendeveloped to avoid tedious calculus and to aid the designerduring the different steps of the synthesis This tool (thatcan be obtained on request by the authors) performs all thecomputations required for inconsistencies detection betweenrequirements and for control laws generation In this toolall the Boolean formulas are stored in the form of reducedordered binary decision diagrams which allows efficientcalculations For example the computations for synthesizinga controller for the water supply system that we developedabove have been made in less than 10ms onto a classicallaptop
Our approach has been tested on several studies cases(some of them are available online httpwwwlurpaens-cachanfr-226050kjsp) The feedbacks of these experiencesallowed us to identify some of its limits and its possibilitiesthe most important are given below
We have first to recall that our method can only be usedfor binary systems (systems whose inputs and outputs of theircontroller are Boolean values)Nevertheless in practicemanysystems like manufacturing systems transport systems andso on are fully or partially binary
In our opinion the main advantage of our approachis that contrary to traditional engineering approaches thesynthesized control laws are not depending on designerrsquos skillor of his correct interpretation of the system requirementsOn the other hand the quality of the synthesis results highly
14 Mathematical Problems in Engineering
|+--| |-------------------------------( )--+| |
|
|+--| |-------------------------------( )--+| |
|
Rung 1 command of pump 1
rq gf p1
rq gf p2f1
f1
f2
f2
pr
pr
pp1
pp1
pp1
pp1
pp2
pp2
pp2
pp2
Rung 2 command of pump 2
Rung 3 update previous value of pump 1
Rung 4 update previous value of pump 2
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|
|
|
|
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
p1
p2
pp1
pp2
Figure 6 Ladder diagram of the code to implement into the PLC
Table 1 Futures concerning a same case study
Formal requirements Synthesized controller PLC program (structured text)
Supervisory Control TheoryPlant behavior 11 finite automata(481 states and 1330 transitions)Specifications 11 finite automata
Finite automaton of 45states and 70 transitions 130 lines
Algebraic synthesis 8 equations and 2 priority rules 2 6-variable switchingfunctions 4 lines
E0-1 = rq and notgf and notf1and (f2 or pr)E0-2 = rq and notgf and notf2 and (f1or notpr)
E1-0 = notrq or gf or f1 and f2
E2-0 = notrq or gf or f1 and f2E2-1 = rq and notgf and f2 and notf1E2-1 = rq and notgf and f2 and notf1
E2-0 E0-2
E0-1
E1-0
E 2-1
E 1-2
0 1
2
p1
p2
E1-2 = rq and notgf and f1 and notf2Figure 7 State model of the obtained control law
depends on the relevance of the requirements proposed bythe designerThis step of formalization by the designer of theinformal requirements of the system to be controlled is theAchilles heel of all synthesis methods including the Supervi-sory Control Theory (SCT) and cannot be automated
The objective comparison of our approach with othersynthesis methods and more especially with SCT is verydifficult because the models used and the theoretical basicsare very different Nevertheless we tested both approaches onsame study cases One of them the control of an automaticparking gate has been published in [26]The results obtainedin this case are summarized in Table 1
Furthermore one may note that the supervisor thatis synthesized by SCT is optimal in the sense where it
is the most permissive that is the one that reduces theless the plant behavior in order to force it to respect thespecifications As shown in this paper our method allowsto cope with inconsistencies in specifications what is notpossible with SCT and also allows to find optimal controllersby choosing different optimization criteria (most permissivemost restrictive most safe controller etc)
7 Conclusion
Many research works in the field of DES aim at formalizingsteps of the systems life cycle Since 20 years significantprogresses have been obtained for the synthesis verificationperformance evaluation and diagnosis of DESs Neverthe-less one of the common difficulties of these works is thetranslation of informal expression of the knowledge of asystem into formal requirements Few works have paidattention to this important task which is very error prone Inthis paper we proposed an iterative process that allows copingwith inconsistencies of the requirements during the synthesisof the controller The framework in which we proposed thisapproach is an algebraic synthesis method Since the problemis located in the frontier between formal and informalintervention of the designer is necessary Nevertheless wehave shown that this intervention can be guided by the resultsof the formal method provides
Mathematical Problems in Engineering 15
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] International Electrotechnical Commission IEC 61131-3 IEC61131-3 Standard Programmable Controllers-Part 3 Program-ming Languages International Electrotechnical Commission2nd edition 2003
[2] G Frey and L Litz ldquoFormal methods in PLC programmingrdquoin Proceedings of the IEEE International Conference on SystemsMan and Cybernetics vol 4 pp 2431ndash2436 October 2000
[3] B Berard M Bidoit A Finkel et al Systems and Software Ver-ification Model-Checking Techniques and Tools Springer NewYork NY USA 1st edition 1999
[4] H Bel Mokadem B Berard V Gourcuff O De Smet andJ Roussel ldquoVerification of a timed multitask system withUPPAALrdquo IEEE Transactions on Automation Science and Engi-neering vol 7 no 4 pp 921ndash932 2010
[5] J L Boulanger Ed Industrial Use of Formal Methods FormalVerification (ISTE) Wiley-ISTE New York NY USA 2012
[6] P J G Ramadge andWMWonham ldquoControl of discrete eventsystemsrdquo Proceedings of the IEEE vol 77 no 1 pp 81ndash98 1989
[7] P Gohari and W M Wonham ldquoOn the complexity of supervi-sory control design in the RW frameworkrdquo IEEE Transactionson Systems Man and Cybernetics B vol 30 no 5 pp 643ndash6522000
[8] Y Hietter Synthese algebrique de lois de commande pour lessystemes a evenements discrets logiques [PhD thesis] ENSCachan Cachan France 2009
[9] H-M Hanisch A Lueder and J Thieme ldquoModular plantmodeling technique and related controller synthesis problemsrdquoin Proceedings of the 1998 IEEE International Conference onSystems Man and Cybernetics pp 686ndash691 October 1998
[10] J-M Roussel and A Giua ldquoDesigning dependable logic con-trollers using the supervisory control theoryrdquo in Proceedings ofthe 16th IFACWorld Congress cDRom paper 4427 p 6 PrahaCzech Republic 2005
[11] D A Huffman ldquoThe synthesis of sequential switching circuitsrdquoJournal of the Franklin Institute vol 257 no 3-4 pp 161ndash3031954
[12] G H Mealy ldquoA method for synthesizing sequential circuitsrdquoBell System Technical Journal vol 34 no 5 pp 1045ndash1079 1955
[13] E F Moore ldquoGedanken-experiments on sequential machinesrdquoin Automata Studies pp 129ndash153 Princeton University PressPrinceton NJ USA 1956
[14] S Rudeanu Lattice Functions and Equations (Discrete Mathe-matics and Theoretical Computer Science) Springer New YorkNY USA 2001
[15] FM Brown Boolean Reasoning the Logic of Boolean EquationsDover Mineola NY USA 2003
[16] A Pnueli andR Rosner ldquoOn the synthesis of a reactivemodulerdquoin Proceedings of the 16th ACM symposium on Principles ofprogramming languages (POPL rsquo89) pp 179ndash190 ACM NewYork NY USA 1989
[17] E Filiot N Jin and J Raskin ldquoAntichains and compositionalalgorithms for LTL synthesisrdquoFormalMethods in SystemDesignvol 39 no 3 pp 261ndash296 2011
[18] J Machado B Denis J J Lesage J M Faure and J FereiraldquoLogic controllers dependability verification using a plantmodelrdquo in Proceedings of the 3rd IFAC Workshop on Discrete-Event System Design (DESDes rsquo06) pp 37ndash42 Rydzyna Poland2006
[19] Y Hietter J-M Roussel and J-L Lesage ldquoAlgebraic synthesisof transition conditions of a state modelrdquo in Proceedings of the9th International Workshop on Discrete Event Systems (WODESrsquo08) pp 187ndash192 Goteborg Sweden May 2008
[20] Y Hietter J-M Roussel and J J Lesage ldquoAlgebraic synthesis ofdependable logic controllersrdquo in Proceedings of the 17th WorldCongress International Federation of Automatic Control (IFACrsquo08) pp 4132ndash4137 Seoul South Korea July 2008
[21] A Guignard Symbolic generation of the automaton representingan algebraic description of a logic system [MS thesis] ENSCachan Cachan France 2011
[22] R P Grimaldi Discrete and Combinatorial Mathematics AnApplied Introduction Addison-Wesley Longman Boston MassUSA 5th edition 2004
[23] J-M Roussel and J-J Lesage ldquoAlgebraic synthesis of logicalcontrollers despite inconsistencies in specificationsrdquo in Proceed-ing of the 11th International Workshop on Discrete Event Systems(WODES rsquo12) pp 307ndash314 Guadalajara Mexico 2012
[24] H Leroux Algebraic Synthesis of Logical Controllers with Opti-mization Criteria ENS Cachan Cachan France 2011
[25] H Leroux and J -M Roussel ldquoAlgebraic synthesis of logicalcontrollers with optimization criteriardquo in Proceedings of the6th International Workshop on Verification and Evaluation ofComputer and Communication Systems (VECOS rsquo12) pp 103ndash114 Paris France 2012
[26] M Cantarelli and J Roussel ldquoReactive control system designusing the supervisory control theory evaluation of possibilitiesand limitsrdquo in Proceedings of 9th International Workshop onDiscrete Event Systems (WODES rsquo08) pp 200ndash205 GoteborgSweden May 2008
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
10 Mathematical Problems in Engineering
45 Optimal Solutions of Boolean Equations over 119865119899(119861) The
goal of this step is to be able to obtain automatically theparametric form of the 119896-tuples solutions of 119865
119899(119861) which
satisfy not only a given equation (Eq(119883119896Proj) = 0) of
Boolean functions but also which maximize (or minimize) aBoolean formula of these Boolean functions (F
119862(119883119896Proj))
corresponding to the desired optimization criterionGenerally speaking the search of the best solution tuples
according to a given criterion when the space of solutions iscomposed of discrete values is a complex mathematical issueIt is sometimes necessary to make a side-by-side comparisonof each solution in order to identify the best one In our casethis exhaustive method which cannot be used as 119865
119899(119861) is only
provided by a partial order two particular solutions cannotalways be ordered between themselves
Nevertheless it is possible to obtain the researchedparametric form of the 119896-tuples thanks to the followingresults
(i) When an equation between Boolean functions hasone or more solution tuples in 119865
119899(119861) every Boolean
formula onto these Boolean functions can be rewrit-ten thanks to only projection-functions of 119865
119899(119861) and
free parameters of 119865119899(119861) which are describing these
solution tuples(ii) Every Boolean formula expressed as a composition
of projection-functions of 119865119899(119861) and free parameters
of 119865119899(119861) has a unique maximum and a unique
minimumThese extrema can be expressed thanks toonly projection-functions of 119865
119899(119861)
Hence it is then possible to rewrite the initial problem
Problem to solve
Eq (119883119896Proj) = 0
Optimization Criterion
Maximization of FC (119883119896Proj)
(50)
into a 2-equation system to solve
Eq (119883119896Proj) = 0
F119862(119883119896Proj) = Max
119883119896|Eq(119883119896 Proj)=0(F119862(119883119896Proj)) (51)
451 Extrema of a Boolean Formula according to FreelyChosen Members of 119865
119899(119861) Considering the Boolean algebra
of 119899-variable switching functions (119865119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861)
(ii) let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector
Any formula F(119875119896Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) defines a subset of 119865
119899(119861) According to
the relation le elements of this subset can be compared
In this specific case the subset defined byF(119875119896Proj) admits
a minimal element and a maximal element
Theorem 15 (minimum and maximum of a Boolean for-mula) Any formulaF(119875
119896 Proj) for which 119875
119896are freely chosen
members of 119865119899(119861) admits a minimum and amaximum defined
as follows
Min119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = prod
119860119896isin01119896
F (119860119896 Proj)
Max119875119896isin119865119899(119861)
119896(F (119875
119896 Proj)) = sum
119860119896isin01119896
F (119860119896 Proj)
(52)
Proof To prove this theorem it is necessary to establish that
(1) prod119860119896isin01
119896F(119860119896Proj) is a lower bound of F(119875
119896
Proj)(2) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = prod
119860119896isin01119896F(119860
119896Proj)
(3) sum119860119896isin01
119896F(119860119896Proj) is an upper bound of F(119875
119896
Proj)(4) It exists at least one specific combination of 119875
119896for
whichF(119875119896Proj) = sum
119860119896isin01119896F(119860
119896Proj)
Details of this proof can be found in [24]
452 Optimization Problem Considering the Boolean alge-bra of 119899-variable switching functions (119865
119899(119861) + sdot 0 1)
(i) let (1198911Proj 119891119899
Proj) be the 119899 projection-functions of119865119899(119861) Let ldquoProjrdquo be the corresponding vector
(ii) Let (1199091 119909
119896) be 119896 elements of 119865
119899(119861) considered as
unknowns Let ldquo119883119896rdquo be the corresponding vector
(iii) Let (1199011 119901
119896) be 119896 elements of 119865
119899(119861) considered as
freely chosen members Let ldquo119875119896rdquo be the corresponding
vector(iv) Let Eq(119883
119896Proj) = 0 be the Boolean equation to solve
(v) LetFC(119883119896Proj) be the Boolean formula of the givencriterion to optimize (maximization or minimiza-tion)
Themethod we propose to obtain the parametric form ofthe 119896-tuple of switching functions solution of Eq(119883
119896Proj) =
0 according to a given optimization criterionFC(119883119896Proj) iscomposed of five steps as follows
(i) The first step is to establish the parametric form of the119896-tuple solution to Eq(119883
119896Proj) = 0 only thanks to
Theorem 12(ii) The second step is to establish the parametric form
of the given optimization criterion FC(119883119896Proj) bysubstituting 119878(119909
119894) for 119909
119894 Let FSC(119875119896Proj) be the
result of this substitution(iii) The third step is to calculate the extremum
of FSC(119875119896Proj) according to Theorem 15 LetFEC(Proj) be the Boolean formula of this extremum
Mathematical Problems in Engineering 11
Pump1
Pump2
To the distributing system
Tank
Figure 4 Structure of the water supply system
(iv) The fourth step is to replace the given criterion by theequivalent relation
F119862(119883119896Proj) = FEC (Proj) (53)
(v) The fifth step is to establish the parametric form of the119896-tuple solution of the equivalent problem
Eq (119883119896Proj) = 0
FCrit (119883119896Proj) = FExtCrit (Proj) (54)
453 Partial Conclusions Thanks to theorems presentedin this section it is now possible to obtain a parametricrepresentation of the optimal solutions according to a givencriterion of any set of simultaneously asserted relations with119896 unknowns if a solution exists
The proposed method also permits to associate simulta-neously or sequentially several criteria
(i) When several criteria are treated simultaneously theoptimization problem can admit no solution That isthe case when the given criteria are antagonist
(ii) When several criteria are treated sequentially theobtained solutions satisfy the criteria with a givenpriority order An example of optimization withseveral criteria treated sequentially is presented in thenext section
5 Algebraic Synthesis of LogicalControllers with Optimization Criteriaand Incoherent Requirements
51 Control System Specifications The studied system is thecontroller of a water supply system composed of two pumpswhich are working in redundancy (Figure 4) The waterdistribution is made when it is necessary according to thepossible failures of elements (the pumps and the distributingsystem)
The expected behavior of the control system regardingthe application requirements can be expressed by the set ofassertions given hereafter
(i) The two pumps never operate simultaneously(ii) A pump cannot operate if it is out of order
(iii) When a global failure is detected no pump canoperate
(iv) Pumps can operate if and only if a water distributionrequest is present
(v) Priority is given according to ldquoprrdquo (pump1 has prioritywhen ldquoprrdquo is true)
(vi) In order to reduce the wear of the pumps it isnecessary to restrict the number of starting of thepumps
511 Inputs and Outputs of the Controller The Booleaninputs and outputs of this controller are given in Figure 5(a)Each pump is controlled thanks to a Boolean output (ldquop1rdquoand ldquop2rdquo) The controller is informed of water distributionrequests thanks to the input ldquoreqrdquo Inputs ldquof1rdquo and ldquof2rdquo informthe controller of a failure of the corresponding pump and ldquogf rdquoindicates a global failure of the installation The values o or 1of input ldquoPrrdquo decide which pump has priority
512 Control Laws to Synthetize Our approach does notallow identifying automatically which state variables mustbe used They are given by the designer according to itsinterpretation of the specification
For the water distribution system we propose to use 2state variables one for each output According to this choice2 7-variable switching functions (1198751 and 1198752) have to besynthesized (Figure 5(b)) They represent the unknowns ofour problem For this case study the 7 projection-functionsof 1198657(119861) are therefore as follows
(i) The 5 switching functions (Rq F1 F2 GF and Pr)which characterize the behavior of the inputs of thecontroller and are defined as follows
Rq1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr rq [119896] (55)
(ii) The 2 switching functions (1199011198751 and
1199011198752) which char-
acterize the previous behavior of the state variables ofthe controller and are defined as follows
1199011198751 1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr p1 [119896 minus 1] (56)
52 Algebraic Formalization of Requirements The completeformalization of the behavior of the water distribution systemis given in Figure 5(c) In order to illustrate the powerof expression of relations Equality and Inclusion severalexamples (generic assertions and equivalent formal relationsillustrated in the case study) are given hereafter It is impor-tant to note that the relation Inclusion permits to expressdistinctly necessary conditions and sufficient conditionsThisrelation is the cornerstone of our approach
(i) Pump1 and Pump2 never operate simultaneously1198751sdot1198752 = 0
(ii) If Pump1 operates Pump2 cannot operate 1198751 le 1198752
12 Mathematical Problems in Engineering
(a) Inputs and Outputs of the Controller
Control ofthe water
distributionsystem
(Request of water) rq(Pump1 failure) f1(Pump2 failure) f2(Global failure) gf
(Priority to Pump1) pr
p1 (Command of Pump1)
p2 (Command of Pump2)
(b) General form of the Expected Control Laws
p1 [119896] = P1 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p2 [119896] = P2 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
(c) Formal Specification
Requirements
R1 P1 sdot P2 = 0 (lowastThe two pumps never operate simultaneouslylowast)R2 F1 le P1 (lowastPump 1 cannot operate if it is out of order (F1)lowast)R3 F2 le P2 (lowastPump2 cannot operate if it is out of order (F2)lowast)R4 GF le (P1 sdot P2) (lowastWhen a global failure is detected (GF) no pump can operatelowast)R5 (P1 + P2) le Rq (lowastIt is necessary to have are quest for pumps operatelowast)R6 Rq le (P1 + P2) (lowastIt is sufficient to have a request for pumps operatelowast)
Priority rules
R4 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)R2R3 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)
Optimization criteria
(1) Minimization of ((P1 sdot1199011198751) + (P2 sdot
1199011198752)) (lowastMinimization of the possibility to start a pumplowast)
(2) Maximization of ((Pr sdot P1) + (Pr sdot P2)) (lowastMaximization of the priority order between the two pumpslowast)
(d) Solution obtained by symbolic calculation
P1 = Rq sdot GF sdot F1 sdot (F2 + Pr sdot (1199011198751+1199011198752) +
119901P 1 sdot1199011198752)
P2 = Rq sdot GF sdot F2 sdot (F1 + Pr sdot (1199011198752+1199011198751) +
119901P 2 sdot1199011198751)
(e) Control laws of the water distribution system
p1 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f2 [119896] or pr [119896] and (p1 [119896 minus 1] or notp2 [119896 minus 1]) or p1 [119896 minus 1] and notp2 [119896 minus 1])
p2 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f1 [119896] or pr [119896] and (p2 [119896 minus 1] or notp1 [119896 minus 1]) or p2 [119896 minus 1] and notp1 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
Figure 5 Details of the case study
Mathematical Problems in Engineering 13
(iii) It is necessary to have a request for pumps operate(1198751 + 1198752) le Rq
(iv) It is sufficient to have a request for pumps operateRq le (1198751 + 1198752)
(v) When Pump1 is failed it is sufficient to have a requestfor Pump2 operate F1 sdot Rq le 1198752
(vi) When Pump1 is failed it is necessary to have a requestfor Pump2 operate F1 sdot 1198752 le Rq
It is possible to prove that some of these formal expres-sions are equivalent (eg the first two) When a designerhesitates between two forms he has the possibility by usingsymbolic calculation to check if the proposed relations areequivalent or not
As 1198751 and1199011198751 represent the behavior of pump1 at
respectively times [119896] and [119896minus1] it is also possible to expressrelations about starts and stops of this pump as follows
(i) It is necessary to have a request to start pump1 (1198751 sdot1199011198751) le Rq
(ii) When pump1 operates it is sufficient to have a globalfailure to stop pump1 (
1199011198751 sdot GF) le (1198751 sdot
1199011198751)
53 Synthesis Process In traditional design methods thedesign procedure of a logic controller is not a linear processbut an iterative one converging to an acceptable solution Atthe beginning of the design requirements are neither com-plete nor without errors Most often new requirements areadded during the search of solutions and others are cor-rected This complementary information is given by thedesigner after analysis of the partial solutions he foundor when inconsistencies have been detected If we do notmake the hypothesis that the specifications are complete andconsistent designing a controller with a synthesis techniqueis also an iterative process in which the designer plays animportant role
531 Analysis of Requirements For this case study we chooseto start with requirements R1 to R6 For this subset ofrequirements the result given by your software tool was thefollowing inconsistency conditionI = Rq sdotGF+Rq sdotF1 sdotF2
Since requirements are declared inconsistent we have togive complementary information to precise our specificationBy analyzing each term of this formula it is possible to detectthe origin of the inconsistency
(i) Rq sdot GF what happens if we have simultaneouslya request and a global failure We consider thatrequirement R4 is more important than requirementR6 (R4 ≫ R6) as no pump can operate for thisconfiguration
(ii) Rq sdot F1 sdot F2 what happens if we have simultaneouslya request and a failure of each pump We considerthat requirements R2 and R3 aremore important thanrequirement R6 (R2R3 ≫ R6)
With these priority rules all the requirements are nowcoherent and the set of all the solutions can be computed
532 Optimal Solutions For choosing a control law of thewater supply system among this set of possible solutions wewill now take into account the given optimization criteriaThe first criterion aims at minimizing the number of startingof each pump in order to reduce its wearThe second criterionaims atmaximizing the use of the pump indicated by the valueof parameter Pr The method we propose allows proving thatproposed criteria cannot be treated simultaneously since theyare antagonist (to strictly the priority use of the pump fixedby parameter Pr it is necessary to permute pumps when Prchanges of value implying a supplementary start of a pump)Details can be found in [25]
All the priorities rules and optimization criteria used forthis case study are given in Figure 5(c)The solutionwe obtainis proposed in Figure 5(d)
533 Implementing Control Laws The synthesized controllaws presented in Figure 5(e) have been obtained by trans-lating the expression of the two unknowns according tothe projection-functions into relations between recurrentBoolean equations These control laws can be automaticallytranslated in the syntax of the ladder diagram language [1]before being implemented into a PLCThe code is composedof only 4 rungs (Figure 6)
The synthesized control laws can be given under theform of an automatically built inputoutput automaton withguarded transitions [21] (Figure 7)
6 Discussion
In our approach the synthesis of control laws is based onthe symbolic calculation a prototype software tool has beendeveloped to avoid tedious calculus and to aid the designerduring the different steps of the synthesis This tool (thatcan be obtained on request by the authors) performs all thecomputations required for inconsistencies detection betweenrequirements and for control laws generation In this toolall the Boolean formulas are stored in the form of reducedordered binary decision diagrams which allows efficientcalculations For example the computations for synthesizinga controller for the water supply system that we developedabove have been made in less than 10ms onto a classicallaptop
Our approach has been tested on several studies cases(some of them are available online httpwwwlurpaens-cachanfr-226050kjsp) The feedbacks of these experiencesallowed us to identify some of its limits and its possibilitiesthe most important are given below
We have first to recall that our method can only be usedfor binary systems (systems whose inputs and outputs of theircontroller are Boolean values)Nevertheless in practicemanysystems like manufacturing systems transport systems andso on are fully or partially binary
In our opinion the main advantage of our approachis that contrary to traditional engineering approaches thesynthesized control laws are not depending on designerrsquos skillor of his correct interpretation of the system requirementsOn the other hand the quality of the synthesis results highly
14 Mathematical Problems in Engineering
|+--| |-------------------------------( )--+| |
|
|+--| |-------------------------------( )--+| |
|
Rung 1 command of pump 1
rq gf p1
rq gf p2f1
f1
f2
f2
pr
pr
pp1
pp1
pp1
pp1
pp2
pp2
pp2
pp2
Rung 2 command of pump 2
Rung 3 update previous value of pump 1
Rung 4 update previous value of pump 2
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|
|
|
|
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
p1
p2
pp1
pp2
Figure 6 Ladder diagram of the code to implement into the PLC
Table 1 Futures concerning a same case study
Formal requirements Synthesized controller PLC program (structured text)
Supervisory Control TheoryPlant behavior 11 finite automata(481 states and 1330 transitions)Specifications 11 finite automata
Finite automaton of 45states and 70 transitions 130 lines
Algebraic synthesis 8 equations and 2 priority rules 2 6-variable switchingfunctions 4 lines
E0-1 = rq and notgf and notf1and (f2 or pr)E0-2 = rq and notgf and notf2 and (f1or notpr)
E1-0 = notrq or gf or f1 and f2
E2-0 = notrq or gf or f1 and f2E2-1 = rq and notgf and f2 and notf1E2-1 = rq and notgf and f2 and notf1
E2-0 E0-2
E0-1
E1-0
E 2-1
E 1-2
0 1
2
p1
p2
E1-2 = rq and notgf and f1 and notf2Figure 7 State model of the obtained control law
depends on the relevance of the requirements proposed bythe designerThis step of formalization by the designer of theinformal requirements of the system to be controlled is theAchilles heel of all synthesis methods including the Supervi-sory Control Theory (SCT) and cannot be automated
The objective comparison of our approach with othersynthesis methods and more especially with SCT is verydifficult because the models used and the theoretical basicsare very different Nevertheless we tested both approaches onsame study cases One of them the control of an automaticparking gate has been published in [26]The results obtainedin this case are summarized in Table 1
Furthermore one may note that the supervisor thatis synthesized by SCT is optimal in the sense where it
is the most permissive that is the one that reduces theless the plant behavior in order to force it to respect thespecifications As shown in this paper our method allowsto cope with inconsistencies in specifications what is notpossible with SCT and also allows to find optimal controllersby choosing different optimization criteria (most permissivemost restrictive most safe controller etc)
7 Conclusion
Many research works in the field of DES aim at formalizingsteps of the systems life cycle Since 20 years significantprogresses have been obtained for the synthesis verificationperformance evaluation and diagnosis of DESs Neverthe-less one of the common difficulties of these works is thetranslation of informal expression of the knowledge of asystem into formal requirements Few works have paidattention to this important task which is very error prone Inthis paper we proposed an iterative process that allows copingwith inconsistencies of the requirements during the synthesisof the controller The framework in which we proposed thisapproach is an algebraic synthesis method Since the problemis located in the frontier between formal and informalintervention of the designer is necessary Nevertheless wehave shown that this intervention can be guided by the resultsof the formal method provides
Mathematical Problems in Engineering 15
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] International Electrotechnical Commission IEC 61131-3 IEC61131-3 Standard Programmable Controllers-Part 3 Program-ming Languages International Electrotechnical Commission2nd edition 2003
[2] G Frey and L Litz ldquoFormal methods in PLC programmingrdquoin Proceedings of the IEEE International Conference on SystemsMan and Cybernetics vol 4 pp 2431ndash2436 October 2000
[3] B Berard M Bidoit A Finkel et al Systems and Software Ver-ification Model-Checking Techniques and Tools Springer NewYork NY USA 1st edition 1999
[4] H Bel Mokadem B Berard V Gourcuff O De Smet andJ Roussel ldquoVerification of a timed multitask system withUPPAALrdquo IEEE Transactions on Automation Science and Engi-neering vol 7 no 4 pp 921ndash932 2010
[5] J L Boulanger Ed Industrial Use of Formal Methods FormalVerification (ISTE) Wiley-ISTE New York NY USA 2012
[6] P J G Ramadge andWMWonham ldquoControl of discrete eventsystemsrdquo Proceedings of the IEEE vol 77 no 1 pp 81ndash98 1989
[7] P Gohari and W M Wonham ldquoOn the complexity of supervi-sory control design in the RW frameworkrdquo IEEE Transactionson Systems Man and Cybernetics B vol 30 no 5 pp 643ndash6522000
[8] Y Hietter Synthese algebrique de lois de commande pour lessystemes a evenements discrets logiques [PhD thesis] ENSCachan Cachan France 2009
[9] H-M Hanisch A Lueder and J Thieme ldquoModular plantmodeling technique and related controller synthesis problemsrdquoin Proceedings of the 1998 IEEE International Conference onSystems Man and Cybernetics pp 686ndash691 October 1998
[10] J-M Roussel and A Giua ldquoDesigning dependable logic con-trollers using the supervisory control theoryrdquo in Proceedings ofthe 16th IFACWorld Congress cDRom paper 4427 p 6 PrahaCzech Republic 2005
[11] D A Huffman ldquoThe synthesis of sequential switching circuitsrdquoJournal of the Franklin Institute vol 257 no 3-4 pp 161ndash3031954
[12] G H Mealy ldquoA method for synthesizing sequential circuitsrdquoBell System Technical Journal vol 34 no 5 pp 1045ndash1079 1955
[13] E F Moore ldquoGedanken-experiments on sequential machinesrdquoin Automata Studies pp 129ndash153 Princeton University PressPrinceton NJ USA 1956
[14] S Rudeanu Lattice Functions and Equations (Discrete Mathe-matics and Theoretical Computer Science) Springer New YorkNY USA 2001
[15] FM Brown Boolean Reasoning the Logic of Boolean EquationsDover Mineola NY USA 2003
[16] A Pnueli andR Rosner ldquoOn the synthesis of a reactivemodulerdquoin Proceedings of the 16th ACM symposium on Principles ofprogramming languages (POPL rsquo89) pp 179ndash190 ACM NewYork NY USA 1989
[17] E Filiot N Jin and J Raskin ldquoAntichains and compositionalalgorithms for LTL synthesisrdquoFormalMethods in SystemDesignvol 39 no 3 pp 261ndash296 2011
[18] J Machado B Denis J J Lesage J M Faure and J FereiraldquoLogic controllers dependability verification using a plantmodelrdquo in Proceedings of the 3rd IFAC Workshop on Discrete-Event System Design (DESDes rsquo06) pp 37ndash42 Rydzyna Poland2006
[19] Y Hietter J-M Roussel and J-L Lesage ldquoAlgebraic synthesisof transition conditions of a state modelrdquo in Proceedings of the9th International Workshop on Discrete Event Systems (WODESrsquo08) pp 187ndash192 Goteborg Sweden May 2008
[20] Y Hietter J-M Roussel and J J Lesage ldquoAlgebraic synthesis ofdependable logic controllersrdquo in Proceedings of the 17th WorldCongress International Federation of Automatic Control (IFACrsquo08) pp 4132ndash4137 Seoul South Korea July 2008
[21] A Guignard Symbolic generation of the automaton representingan algebraic description of a logic system [MS thesis] ENSCachan Cachan France 2011
[22] R P Grimaldi Discrete and Combinatorial Mathematics AnApplied Introduction Addison-Wesley Longman Boston MassUSA 5th edition 2004
[23] J-M Roussel and J-J Lesage ldquoAlgebraic synthesis of logicalcontrollers despite inconsistencies in specificationsrdquo in Proceed-ing of the 11th International Workshop on Discrete Event Systems(WODES rsquo12) pp 307ndash314 Guadalajara Mexico 2012
[24] H Leroux Algebraic Synthesis of Logical Controllers with Opti-mization Criteria ENS Cachan Cachan France 2011
[25] H Leroux and J -M Roussel ldquoAlgebraic synthesis of logicalcontrollers with optimization criteriardquo in Proceedings of the6th International Workshop on Verification and Evaluation ofComputer and Communication Systems (VECOS rsquo12) pp 103ndash114 Paris France 2012
[26] M Cantarelli and J Roussel ldquoReactive control system designusing the supervisory control theory evaluation of possibilitiesand limitsrdquo in Proceedings of 9th International Workshop onDiscrete Event Systems (WODES rsquo08) pp 200ndash205 GoteborgSweden May 2008
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Mathematical Problems in Engineering 11
Pump1
Pump2
To the distributing system
Tank
Figure 4 Structure of the water supply system
(iv) The fourth step is to replace the given criterion by theequivalent relation
F119862(119883119896Proj) = FEC (Proj) (53)
(v) The fifth step is to establish the parametric form of the119896-tuple solution of the equivalent problem
Eq (119883119896Proj) = 0
FCrit (119883119896Proj) = FExtCrit (Proj) (54)
453 Partial Conclusions Thanks to theorems presentedin this section it is now possible to obtain a parametricrepresentation of the optimal solutions according to a givencriterion of any set of simultaneously asserted relations with119896 unknowns if a solution exists
The proposed method also permits to associate simulta-neously or sequentially several criteria
(i) When several criteria are treated simultaneously theoptimization problem can admit no solution That isthe case when the given criteria are antagonist
(ii) When several criteria are treated sequentially theobtained solutions satisfy the criteria with a givenpriority order An example of optimization withseveral criteria treated sequentially is presented in thenext section
5 Algebraic Synthesis of LogicalControllers with Optimization Criteriaand Incoherent Requirements
51 Control System Specifications The studied system is thecontroller of a water supply system composed of two pumpswhich are working in redundancy (Figure 4) The waterdistribution is made when it is necessary according to thepossible failures of elements (the pumps and the distributingsystem)
The expected behavior of the control system regardingthe application requirements can be expressed by the set ofassertions given hereafter
(i) The two pumps never operate simultaneously(ii) A pump cannot operate if it is out of order
(iii) When a global failure is detected no pump canoperate
(iv) Pumps can operate if and only if a water distributionrequest is present
(v) Priority is given according to ldquoprrdquo (pump1 has prioritywhen ldquoprrdquo is true)
(vi) In order to reduce the wear of the pumps it isnecessary to restrict the number of starting of thepumps
511 Inputs and Outputs of the Controller The Booleaninputs and outputs of this controller are given in Figure 5(a)Each pump is controlled thanks to a Boolean output (ldquop1rdquoand ldquop2rdquo) The controller is informed of water distributionrequests thanks to the input ldquoreqrdquo Inputs ldquof1rdquo and ldquof2rdquo informthe controller of a failure of the corresponding pump and ldquogf rdquoindicates a global failure of the installation The values o or 1of input ldquoPrrdquo decide which pump has priority
512 Control Laws to Synthetize Our approach does notallow identifying automatically which state variables mustbe used They are given by the designer according to itsinterpretation of the specification
For the water distribution system we propose to use 2state variables one for each output According to this choice2 7-variable switching functions (1198751 and 1198752) have to besynthesized (Figure 5(b)) They represent the unknowns ofour problem For this case study the 7 projection-functionsof 1198657(119861) are therefore as follows
(i) The 5 switching functions (Rq F1 F2 GF and Pr)which characterize the behavior of the inputs of thecontroller and are defined as follows
Rq1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr rq [119896] (55)
(ii) The 2 switching functions (1199011198751 and
1199011198752) which char-
acterize the previous behavior of the state variables ofthe controller and are defined as follows
1199011198751 1198617 997888rarr 119861
(rq [119896] p2 [119896 minus 1]) ∣997888rarr p1 [119896 minus 1] (56)
52 Algebraic Formalization of Requirements The completeformalization of the behavior of the water distribution systemis given in Figure 5(c) In order to illustrate the powerof expression of relations Equality and Inclusion severalexamples (generic assertions and equivalent formal relationsillustrated in the case study) are given hereafter It is impor-tant to note that the relation Inclusion permits to expressdistinctly necessary conditions and sufficient conditionsThisrelation is the cornerstone of our approach
(i) Pump1 and Pump2 never operate simultaneously1198751sdot1198752 = 0
(ii) If Pump1 operates Pump2 cannot operate 1198751 le 1198752
12 Mathematical Problems in Engineering
(a) Inputs and Outputs of the Controller
Control ofthe water
distributionsystem
(Request of water) rq(Pump1 failure) f1(Pump2 failure) f2(Global failure) gf
(Priority to Pump1) pr
p1 (Command of Pump1)
p2 (Command of Pump2)
(b) General form of the Expected Control Laws
p1 [119896] = P1 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p2 [119896] = P2 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
(c) Formal Specification
Requirements
R1 P1 sdot P2 = 0 (lowastThe two pumps never operate simultaneouslylowast)R2 F1 le P1 (lowastPump 1 cannot operate if it is out of order (F1)lowast)R3 F2 le P2 (lowastPump2 cannot operate if it is out of order (F2)lowast)R4 GF le (P1 sdot P2) (lowastWhen a global failure is detected (GF) no pump can operatelowast)R5 (P1 + P2) le Rq (lowastIt is necessary to have are quest for pumps operatelowast)R6 Rq le (P1 + P2) (lowastIt is sufficient to have a request for pumps operatelowast)
Priority rules
R4 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)R2R3 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)
Optimization criteria
(1) Minimization of ((P1 sdot1199011198751) + (P2 sdot
1199011198752)) (lowastMinimization of the possibility to start a pumplowast)
(2) Maximization of ((Pr sdot P1) + (Pr sdot P2)) (lowastMaximization of the priority order between the two pumpslowast)
(d) Solution obtained by symbolic calculation
P1 = Rq sdot GF sdot F1 sdot (F2 + Pr sdot (1199011198751+1199011198752) +
119901P 1 sdot1199011198752)
P2 = Rq sdot GF sdot F2 sdot (F1 + Pr sdot (1199011198752+1199011198751) +
119901P 2 sdot1199011198751)
(e) Control laws of the water distribution system
p1 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f2 [119896] or pr [119896] and (p1 [119896 minus 1] or notp2 [119896 minus 1]) or p1 [119896 minus 1] and notp2 [119896 minus 1])
p2 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f1 [119896] or pr [119896] and (p2 [119896 minus 1] or notp1 [119896 minus 1]) or p2 [119896 minus 1] and notp1 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
Figure 5 Details of the case study
Mathematical Problems in Engineering 13
(iii) It is necessary to have a request for pumps operate(1198751 + 1198752) le Rq
(iv) It is sufficient to have a request for pumps operateRq le (1198751 + 1198752)
(v) When Pump1 is failed it is sufficient to have a requestfor Pump2 operate F1 sdot Rq le 1198752
(vi) When Pump1 is failed it is necessary to have a requestfor Pump2 operate F1 sdot 1198752 le Rq
It is possible to prove that some of these formal expres-sions are equivalent (eg the first two) When a designerhesitates between two forms he has the possibility by usingsymbolic calculation to check if the proposed relations areequivalent or not
As 1198751 and1199011198751 represent the behavior of pump1 at
respectively times [119896] and [119896minus1] it is also possible to expressrelations about starts and stops of this pump as follows
(i) It is necessary to have a request to start pump1 (1198751 sdot1199011198751) le Rq
(ii) When pump1 operates it is sufficient to have a globalfailure to stop pump1 (
1199011198751 sdot GF) le (1198751 sdot
1199011198751)
53 Synthesis Process In traditional design methods thedesign procedure of a logic controller is not a linear processbut an iterative one converging to an acceptable solution Atthe beginning of the design requirements are neither com-plete nor without errors Most often new requirements areadded during the search of solutions and others are cor-rected This complementary information is given by thedesigner after analysis of the partial solutions he foundor when inconsistencies have been detected If we do notmake the hypothesis that the specifications are complete andconsistent designing a controller with a synthesis techniqueis also an iterative process in which the designer plays animportant role
531 Analysis of Requirements For this case study we chooseto start with requirements R1 to R6 For this subset ofrequirements the result given by your software tool was thefollowing inconsistency conditionI = Rq sdotGF+Rq sdotF1 sdotF2
Since requirements are declared inconsistent we have togive complementary information to precise our specificationBy analyzing each term of this formula it is possible to detectthe origin of the inconsistency
(i) Rq sdot GF what happens if we have simultaneouslya request and a global failure We consider thatrequirement R4 is more important than requirementR6 (R4 ≫ R6) as no pump can operate for thisconfiguration
(ii) Rq sdot F1 sdot F2 what happens if we have simultaneouslya request and a failure of each pump We considerthat requirements R2 and R3 aremore important thanrequirement R6 (R2R3 ≫ R6)
With these priority rules all the requirements are nowcoherent and the set of all the solutions can be computed
532 Optimal Solutions For choosing a control law of thewater supply system among this set of possible solutions wewill now take into account the given optimization criteriaThe first criterion aims at minimizing the number of startingof each pump in order to reduce its wearThe second criterionaims atmaximizing the use of the pump indicated by the valueof parameter Pr The method we propose allows proving thatproposed criteria cannot be treated simultaneously since theyare antagonist (to strictly the priority use of the pump fixedby parameter Pr it is necessary to permute pumps when Prchanges of value implying a supplementary start of a pump)Details can be found in [25]
All the priorities rules and optimization criteria used forthis case study are given in Figure 5(c)The solutionwe obtainis proposed in Figure 5(d)
533 Implementing Control Laws The synthesized controllaws presented in Figure 5(e) have been obtained by trans-lating the expression of the two unknowns according tothe projection-functions into relations between recurrentBoolean equations These control laws can be automaticallytranslated in the syntax of the ladder diagram language [1]before being implemented into a PLCThe code is composedof only 4 rungs (Figure 6)
The synthesized control laws can be given under theform of an automatically built inputoutput automaton withguarded transitions [21] (Figure 7)
6 Discussion
In our approach the synthesis of control laws is based onthe symbolic calculation a prototype software tool has beendeveloped to avoid tedious calculus and to aid the designerduring the different steps of the synthesis This tool (thatcan be obtained on request by the authors) performs all thecomputations required for inconsistencies detection betweenrequirements and for control laws generation In this toolall the Boolean formulas are stored in the form of reducedordered binary decision diagrams which allows efficientcalculations For example the computations for synthesizinga controller for the water supply system that we developedabove have been made in less than 10ms onto a classicallaptop
Our approach has been tested on several studies cases(some of them are available online httpwwwlurpaens-cachanfr-226050kjsp) The feedbacks of these experiencesallowed us to identify some of its limits and its possibilitiesthe most important are given below
We have first to recall that our method can only be usedfor binary systems (systems whose inputs and outputs of theircontroller are Boolean values)Nevertheless in practicemanysystems like manufacturing systems transport systems andso on are fully or partially binary
In our opinion the main advantage of our approachis that contrary to traditional engineering approaches thesynthesized control laws are not depending on designerrsquos skillor of his correct interpretation of the system requirementsOn the other hand the quality of the synthesis results highly
14 Mathematical Problems in Engineering
|+--| |-------------------------------( )--+| |
|
|+--| |-------------------------------( )--+| |
|
Rung 1 command of pump 1
rq gf p1
rq gf p2f1
f1
f2
f2
pr
pr
pp1
pp1
pp1
pp1
pp2
pp2
pp2
pp2
Rung 2 command of pump 2
Rung 3 update previous value of pump 1
Rung 4 update previous value of pump 2
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|
|
|
|
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
p1
p2
pp1
pp2
Figure 6 Ladder diagram of the code to implement into the PLC
Table 1 Futures concerning a same case study
Formal requirements Synthesized controller PLC program (structured text)
Supervisory Control TheoryPlant behavior 11 finite automata(481 states and 1330 transitions)Specifications 11 finite automata
Finite automaton of 45states and 70 transitions 130 lines
Algebraic synthesis 8 equations and 2 priority rules 2 6-variable switchingfunctions 4 lines
E0-1 = rq and notgf and notf1and (f2 or pr)E0-2 = rq and notgf and notf2 and (f1or notpr)
E1-0 = notrq or gf or f1 and f2
E2-0 = notrq or gf or f1 and f2E2-1 = rq and notgf and f2 and notf1E2-1 = rq and notgf and f2 and notf1
E2-0 E0-2
E0-1
E1-0
E 2-1
E 1-2
0 1
2
p1
p2
E1-2 = rq and notgf and f1 and notf2Figure 7 State model of the obtained control law
depends on the relevance of the requirements proposed bythe designerThis step of formalization by the designer of theinformal requirements of the system to be controlled is theAchilles heel of all synthesis methods including the Supervi-sory Control Theory (SCT) and cannot be automated
The objective comparison of our approach with othersynthesis methods and more especially with SCT is verydifficult because the models used and the theoretical basicsare very different Nevertheless we tested both approaches onsame study cases One of them the control of an automaticparking gate has been published in [26]The results obtainedin this case are summarized in Table 1
Furthermore one may note that the supervisor thatis synthesized by SCT is optimal in the sense where it
is the most permissive that is the one that reduces theless the plant behavior in order to force it to respect thespecifications As shown in this paper our method allowsto cope with inconsistencies in specifications what is notpossible with SCT and also allows to find optimal controllersby choosing different optimization criteria (most permissivemost restrictive most safe controller etc)
7 Conclusion
Many research works in the field of DES aim at formalizingsteps of the systems life cycle Since 20 years significantprogresses have been obtained for the synthesis verificationperformance evaluation and diagnosis of DESs Neverthe-less one of the common difficulties of these works is thetranslation of informal expression of the knowledge of asystem into formal requirements Few works have paidattention to this important task which is very error prone Inthis paper we proposed an iterative process that allows copingwith inconsistencies of the requirements during the synthesisof the controller The framework in which we proposed thisapproach is an algebraic synthesis method Since the problemis located in the frontier between formal and informalintervention of the designer is necessary Nevertheless wehave shown that this intervention can be guided by the resultsof the formal method provides
Mathematical Problems in Engineering 15
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] International Electrotechnical Commission IEC 61131-3 IEC61131-3 Standard Programmable Controllers-Part 3 Program-ming Languages International Electrotechnical Commission2nd edition 2003
[2] G Frey and L Litz ldquoFormal methods in PLC programmingrdquoin Proceedings of the IEEE International Conference on SystemsMan and Cybernetics vol 4 pp 2431ndash2436 October 2000
[3] B Berard M Bidoit A Finkel et al Systems and Software Ver-ification Model-Checking Techniques and Tools Springer NewYork NY USA 1st edition 1999
[4] H Bel Mokadem B Berard V Gourcuff O De Smet andJ Roussel ldquoVerification of a timed multitask system withUPPAALrdquo IEEE Transactions on Automation Science and Engi-neering vol 7 no 4 pp 921ndash932 2010
[5] J L Boulanger Ed Industrial Use of Formal Methods FormalVerification (ISTE) Wiley-ISTE New York NY USA 2012
[6] P J G Ramadge andWMWonham ldquoControl of discrete eventsystemsrdquo Proceedings of the IEEE vol 77 no 1 pp 81ndash98 1989
[7] P Gohari and W M Wonham ldquoOn the complexity of supervi-sory control design in the RW frameworkrdquo IEEE Transactionson Systems Man and Cybernetics B vol 30 no 5 pp 643ndash6522000
[8] Y Hietter Synthese algebrique de lois de commande pour lessystemes a evenements discrets logiques [PhD thesis] ENSCachan Cachan France 2009
[9] H-M Hanisch A Lueder and J Thieme ldquoModular plantmodeling technique and related controller synthesis problemsrdquoin Proceedings of the 1998 IEEE International Conference onSystems Man and Cybernetics pp 686ndash691 October 1998
[10] J-M Roussel and A Giua ldquoDesigning dependable logic con-trollers using the supervisory control theoryrdquo in Proceedings ofthe 16th IFACWorld Congress cDRom paper 4427 p 6 PrahaCzech Republic 2005
[11] D A Huffman ldquoThe synthesis of sequential switching circuitsrdquoJournal of the Franklin Institute vol 257 no 3-4 pp 161ndash3031954
[12] G H Mealy ldquoA method for synthesizing sequential circuitsrdquoBell System Technical Journal vol 34 no 5 pp 1045ndash1079 1955
[13] E F Moore ldquoGedanken-experiments on sequential machinesrdquoin Automata Studies pp 129ndash153 Princeton University PressPrinceton NJ USA 1956
[14] S Rudeanu Lattice Functions and Equations (Discrete Mathe-matics and Theoretical Computer Science) Springer New YorkNY USA 2001
[15] FM Brown Boolean Reasoning the Logic of Boolean EquationsDover Mineola NY USA 2003
[16] A Pnueli andR Rosner ldquoOn the synthesis of a reactivemodulerdquoin Proceedings of the 16th ACM symposium on Principles ofprogramming languages (POPL rsquo89) pp 179ndash190 ACM NewYork NY USA 1989
[17] E Filiot N Jin and J Raskin ldquoAntichains and compositionalalgorithms for LTL synthesisrdquoFormalMethods in SystemDesignvol 39 no 3 pp 261ndash296 2011
[18] J Machado B Denis J J Lesage J M Faure and J FereiraldquoLogic controllers dependability verification using a plantmodelrdquo in Proceedings of the 3rd IFAC Workshop on Discrete-Event System Design (DESDes rsquo06) pp 37ndash42 Rydzyna Poland2006
[19] Y Hietter J-M Roussel and J-L Lesage ldquoAlgebraic synthesisof transition conditions of a state modelrdquo in Proceedings of the9th International Workshop on Discrete Event Systems (WODESrsquo08) pp 187ndash192 Goteborg Sweden May 2008
[20] Y Hietter J-M Roussel and J J Lesage ldquoAlgebraic synthesis ofdependable logic controllersrdquo in Proceedings of the 17th WorldCongress International Federation of Automatic Control (IFACrsquo08) pp 4132ndash4137 Seoul South Korea July 2008
[21] A Guignard Symbolic generation of the automaton representingan algebraic description of a logic system [MS thesis] ENSCachan Cachan France 2011
[22] R P Grimaldi Discrete and Combinatorial Mathematics AnApplied Introduction Addison-Wesley Longman Boston MassUSA 5th edition 2004
[23] J-M Roussel and J-J Lesage ldquoAlgebraic synthesis of logicalcontrollers despite inconsistencies in specificationsrdquo in Proceed-ing of the 11th International Workshop on Discrete Event Systems(WODES rsquo12) pp 307ndash314 Guadalajara Mexico 2012
[24] H Leroux Algebraic Synthesis of Logical Controllers with Opti-mization Criteria ENS Cachan Cachan France 2011
[25] H Leroux and J -M Roussel ldquoAlgebraic synthesis of logicalcontrollers with optimization criteriardquo in Proceedings of the6th International Workshop on Verification and Evaluation ofComputer and Communication Systems (VECOS rsquo12) pp 103ndash114 Paris France 2012
[26] M Cantarelli and J Roussel ldquoReactive control system designusing the supervisory control theory evaluation of possibilitiesand limitsrdquo in Proceedings of 9th International Workshop onDiscrete Event Systems (WODES rsquo08) pp 200ndash205 GoteborgSweden May 2008
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
12 Mathematical Problems in Engineering
(a) Inputs and Outputs of the Controller
Control ofthe water
distributionsystem
(Request of water) rq(Pump1 failure) f1(Pump2 failure) f2(Global failure) gf
(Priority to Pump1) pr
p1 (Command of Pump1)
p2 (Command of Pump2)
(b) General form of the Expected Control Laws
p1 [119896] = P1 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p2 [119896] = P2 (rq [119896] f1 [119896] f2 [119896] gf [119896] pr [119896] p1 [119896 minus 1] p2 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
(c) Formal Specification
Requirements
R1 P1 sdot P2 = 0 (lowastThe two pumps never operate simultaneouslylowast)R2 F1 le P1 (lowastPump 1 cannot operate if it is out of order (F1)lowast)R3 F2 le P2 (lowastPump2 cannot operate if it is out of order (F2)lowast)R4 GF le (P1 sdot P2) (lowastWhen a global failure is detected (GF) no pump can operatelowast)R5 (P1 + P2) le Rq (lowastIt is necessary to have are quest for pumps operatelowast)R6 Rq le (P1 + P2) (lowastIt is sufficient to have a request for pumps operatelowast)
Priority rules
R4 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)R2R3 ≫ R6 (lowastFailure requirements has priority on a functional requirementlowast)
Optimization criteria
(1) Minimization of ((P1 sdot1199011198751) + (P2 sdot
1199011198752)) (lowastMinimization of the possibility to start a pumplowast)
(2) Maximization of ((Pr sdot P1) + (Pr sdot P2)) (lowastMaximization of the priority order between the two pumpslowast)
(d) Solution obtained by symbolic calculation
P1 = Rq sdot GF sdot F1 sdot (F2 + Pr sdot (1199011198751+1199011198752) +
119901P 1 sdot1199011198752)
P2 = Rq sdot GF sdot F2 sdot (F1 + Pr sdot (1199011198752+1199011198751) +
119901P 2 sdot1199011198751)
(e) Control laws of the water distribution system
p1 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f2 [119896] or pr [119896] and (p1 [119896 minus 1] or notp2 [119896 minus 1]) or p1 [119896 minus 1] and notp2 [119896 minus 1])
p2 [119896] = rq [119896] and notgf [119896] and notf1 [119896] and (f1 [119896] or pr [119896] and (p2 [119896 minus 1] or notp1 [119896 minus 1]) or p2 [119896 minus 1] and notp1 [119896 minus 1])
p1 [0] =1198870 p2 [0] =
1198870
Figure 5 Details of the case study
Mathematical Problems in Engineering 13
(iii) It is necessary to have a request for pumps operate(1198751 + 1198752) le Rq
(iv) It is sufficient to have a request for pumps operateRq le (1198751 + 1198752)
(v) When Pump1 is failed it is sufficient to have a requestfor Pump2 operate F1 sdot Rq le 1198752
(vi) When Pump1 is failed it is necessary to have a requestfor Pump2 operate F1 sdot 1198752 le Rq
It is possible to prove that some of these formal expres-sions are equivalent (eg the first two) When a designerhesitates between two forms he has the possibility by usingsymbolic calculation to check if the proposed relations areequivalent or not
As 1198751 and1199011198751 represent the behavior of pump1 at
respectively times [119896] and [119896minus1] it is also possible to expressrelations about starts and stops of this pump as follows
(i) It is necessary to have a request to start pump1 (1198751 sdot1199011198751) le Rq
(ii) When pump1 operates it is sufficient to have a globalfailure to stop pump1 (
1199011198751 sdot GF) le (1198751 sdot
1199011198751)
53 Synthesis Process In traditional design methods thedesign procedure of a logic controller is not a linear processbut an iterative one converging to an acceptable solution Atthe beginning of the design requirements are neither com-plete nor without errors Most often new requirements areadded during the search of solutions and others are cor-rected This complementary information is given by thedesigner after analysis of the partial solutions he foundor when inconsistencies have been detected If we do notmake the hypothesis that the specifications are complete andconsistent designing a controller with a synthesis techniqueis also an iterative process in which the designer plays animportant role
531 Analysis of Requirements For this case study we chooseto start with requirements R1 to R6 For this subset ofrequirements the result given by your software tool was thefollowing inconsistency conditionI = Rq sdotGF+Rq sdotF1 sdotF2
Since requirements are declared inconsistent we have togive complementary information to precise our specificationBy analyzing each term of this formula it is possible to detectthe origin of the inconsistency
(i) Rq sdot GF what happens if we have simultaneouslya request and a global failure We consider thatrequirement R4 is more important than requirementR6 (R4 ≫ R6) as no pump can operate for thisconfiguration
(ii) Rq sdot F1 sdot F2 what happens if we have simultaneouslya request and a failure of each pump We considerthat requirements R2 and R3 aremore important thanrequirement R6 (R2R3 ≫ R6)
With these priority rules all the requirements are nowcoherent and the set of all the solutions can be computed
532 Optimal Solutions For choosing a control law of thewater supply system among this set of possible solutions wewill now take into account the given optimization criteriaThe first criterion aims at minimizing the number of startingof each pump in order to reduce its wearThe second criterionaims atmaximizing the use of the pump indicated by the valueof parameter Pr The method we propose allows proving thatproposed criteria cannot be treated simultaneously since theyare antagonist (to strictly the priority use of the pump fixedby parameter Pr it is necessary to permute pumps when Prchanges of value implying a supplementary start of a pump)Details can be found in [25]
All the priorities rules and optimization criteria used forthis case study are given in Figure 5(c)The solutionwe obtainis proposed in Figure 5(d)
533 Implementing Control Laws The synthesized controllaws presented in Figure 5(e) have been obtained by trans-lating the expression of the two unknowns according tothe projection-functions into relations between recurrentBoolean equations These control laws can be automaticallytranslated in the syntax of the ladder diagram language [1]before being implemented into a PLCThe code is composedof only 4 rungs (Figure 6)
The synthesized control laws can be given under theform of an automatically built inputoutput automaton withguarded transitions [21] (Figure 7)
6 Discussion
In our approach the synthesis of control laws is based onthe symbolic calculation a prototype software tool has beendeveloped to avoid tedious calculus and to aid the designerduring the different steps of the synthesis This tool (thatcan be obtained on request by the authors) performs all thecomputations required for inconsistencies detection betweenrequirements and for control laws generation In this toolall the Boolean formulas are stored in the form of reducedordered binary decision diagrams which allows efficientcalculations For example the computations for synthesizinga controller for the water supply system that we developedabove have been made in less than 10ms onto a classicallaptop
Our approach has been tested on several studies cases(some of them are available online httpwwwlurpaens-cachanfr-226050kjsp) The feedbacks of these experiencesallowed us to identify some of its limits and its possibilitiesthe most important are given below
We have first to recall that our method can only be usedfor binary systems (systems whose inputs and outputs of theircontroller are Boolean values)Nevertheless in practicemanysystems like manufacturing systems transport systems andso on are fully or partially binary
In our opinion the main advantage of our approachis that contrary to traditional engineering approaches thesynthesized control laws are not depending on designerrsquos skillor of his correct interpretation of the system requirementsOn the other hand the quality of the synthesis results highly
14 Mathematical Problems in Engineering
|+--| |-------------------------------( )--+| |
|
|+--| |-------------------------------( )--+| |
|
Rung 1 command of pump 1
rq gf p1
rq gf p2f1
f1
f2
f2
pr
pr
pp1
pp1
pp1
pp1
pp2
pp2
pp2
pp2
Rung 2 command of pump 2
Rung 3 update previous value of pump 1
Rung 4 update previous value of pump 2
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|
|
|
|
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
p1
p2
pp1
pp2
Figure 6 Ladder diagram of the code to implement into the PLC
Table 1 Futures concerning a same case study
Formal requirements Synthesized controller PLC program (structured text)
Supervisory Control TheoryPlant behavior 11 finite automata(481 states and 1330 transitions)Specifications 11 finite automata
Finite automaton of 45states and 70 transitions 130 lines
Algebraic synthesis 8 equations and 2 priority rules 2 6-variable switchingfunctions 4 lines
E0-1 = rq and notgf and notf1and (f2 or pr)E0-2 = rq and notgf and notf2 and (f1or notpr)
E1-0 = notrq or gf or f1 and f2
E2-0 = notrq or gf or f1 and f2E2-1 = rq and notgf and f2 and notf1E2-1 = rq and notgf and f2 and notf1
E2-0 E0-2
E0-1
E1-0
E 2-1
E 1-2
0 1
2
p1
p2
E1-2 = rq and notgf and f1 and notf2Figure 7 State model of the obtained control law
depends on the relevance of the requirements proposed bythe designerThis step of formalization by the designer of theinformal requirements of the system to be controlled is theAchilles heel of all synthesis methods including the Supervi-sory Control Theory (SCT) and cannot be automated
The objective comparison of our approach with othersynthesis methods and more especially with SCT is verydifficult because the models used and the theoretical basicsare very different Nevertheless we tested both approaches onsame study cases One of them the control of an automaticparking gate has been published in [26]The results obtainedin this case are summarized in Table 1
Furthermore one may note that the supervisor thatis synthesized by SCT is optimal in the sense where it
is the most permissive that is the one that reduces theless the plant behavior in order to force it to respect thespecifications As shown in this paper our method allowsto cope with inconsistencies in specifications what is notpossible with SCT and also allows to find optimal controllersby choosing different optimization criteria (most permissivemost restrictive most safe controller etc)
7 Conclusion
Many research works in the field of DES aim at formalizingsteps of the systems life cycle Since 20 years significantprogresses have been obtained for the synthesis verificationperformance evaluation and diagnosis of DESs Neverthe-less one of the common difficulties of these works is thetranslation of informal expression of the knowledge of asystem into formal requirements Few works have paidattention to this important task which is very error prone Inthis paper we proposed an iterative process that allows copingwith inconsistencies of the requirements during the synthesisof the controller The framework in which we proposed thisapproach is an algebraic synthesis method Since the problemis located in the frontier between formal and informalintervention of the designer is necessary Nevertheless wehave shown that this intervention can be guided by the resultsof the formal method provides
Mathematical Problems in Engineering 15
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] International Electrotechnical Commission IEC 61131-3 IEC61131-3 Standard Programmable Controllers-Part 3 Program-ming Languages International Electrotechnical Commission2nd edition 2003
[2] G Frey and L Litz ldquoFormal methods in PLC programmingrdquoin Proceedings of the IEEE International Conference on SystemsMan and Cybernetics vol 4 pp 2431ndash2436 October 2000
[3] B Berard M Bidoit A Finkel et al Systems and Software Ver-ification Model-Checking Techniques and Tools Springer NewYork NY USA 1st edition 1999
[4] H Bel Mokadem B Berard V Gourcuff O De Smet andJ Roussel ldquoVerification of a timed multitask system withUPPAALrdquo IEEE Transactions on Automation Science and Engi-neering vol 7 no 4 pp 921ndash932 2010
[5] J L Boulanger Ed Industrial Use of Formal Methods FormalVerification (ISTE) Wiley-ISTE New York NY USA 2012
[6] P J G Ramadge andWMWonham ldquoControl of discrete eventsystemsrdquo Proceedings of the IEEE vol 77 no 1 pp 81ndash98 1989
[7] P Gohari and W M Wonham ldquoOn the complexity of supervi-sory control design in the RW frameworkrdquo IEEE Transactionson Systems Man and Cybernetics B vol 30 no 5 pp 643ndash6522000
[8] Y Hietter Synthese algebrique de lois de commande pour lessystemes a evenements discrets logiques [PhD thesis] ENSCachan Cachan France 2009
[9] H-M Hanisch A Lueder and J Thieme ldquoModular plantmodeling technique and related controller synthesis problemsrdquoin Proceedings of the 1998 IEEE International Conference onSystems Man and Cybernetics pp 686ndash691 October 1998
[10] J-M Roussel and A Giua ldquoDesigning dependable logic con-trollers using the supervisory control theoryrdquo in Proceedings ofthe 16th IFACWorld Congress cDRom paper 4427 p 6 PrahaCzech Republic 2005
[11] D A Huffman ldquoThe synthesis of sequential switching circuitsrdquoJournal of the Franklin Institute vol 257 no 3-4 pp 161ndash3031954
[12] G H Mealy ldquoA method for synthesizing sequential circuitsrdquoBell System Technical Journal vol 34 no 5 pp 1045ndash1079 1955
[13] E F Moore ldquoGedanken-experiments on sequential machinesrdquoin Automata Studies pp 129ndash153 Princeton University PressPrinceton NJ USA 1956
[14] S Rudeanu Lattice Functions and Equations (Discrete Mathe-matics and Theoretical Computer Science) Springer New YorkNY USA 2001
[15] FM Brown Boolean Reasoning the Logic of Boolean EquationsDover Mineola NY USA 2003
[16] A Pnueli andR Rosner ldquoOn the synthesis of a reactivemodulerdquoin Proceedings of the 16th ACM symposium on Principles ofprogramming languages (POPL rsquo89) pp 179ndash190 ACM NewYork NY USA 1989
[17] E Filiot N Jin and J Raskin ldquoAntichains and compositionalalgorithms for LTL synthesisrdquoFormalMethods in SystemDesignvol 39 no 3 pp 261ndash296 2011
[18] J Machado B Denis J J Lesage J M Faure and J FereiraldquoLogic controllers dependability verification using a plantmodelrdquo in Proceedings of the 3rd IFAC Workshop on Discrete-Event System Design (DESDes rsquo06) pp 37ndash42 Rydzyna Poland2006
[19] Y Hietter J-M Roussel and J-L Lesage ldquoAlgebraic synthesisof transition conditions of a state modelrdquo in Proceedings of the9th International Workshop on Discrete Event Systems (WODESrsquo08) pp 187ndash192 Goteborg Sweden May 2008
[20] Y Hietter J-M Roussel and J J Lesage ldquoAlgebraic synthesis ofdependable logic controllersrdquo in Proceedings of the 17th WorldCongress International Federation of Automatic Control (IFACrsquo08) pp 4132ndash4137 Seoul South Korea July 2008
[21] A Guignard Symbolic generation of the automaton representingan algebraic description of a logic system [MS thesis] ENSCachan Cachan France 2011
[22] R P Grimaldi Discrete and Combinatorial Mathematics AnApplied Introduction Addison-Wesley Longman Boston MassUSA 5th edition 2004
[23] J-M Roussel and J-J Lesage ldquoAlgebraic synthesis of logicalcontrollers despite inconsistencies in specificationsrdquo in Proceed-ing of the 11th International Workshop on Discrete Event Systems(WODES rsquo12) pp 307ndash314 Guadalajara Mexico 2012
[24] H Leroux Algebraic Synthesis of Logical Controllers with Opti-mization Criteria ENS Cachan Cachan France 2011
[25] H Leroux and J -M Roussel ldquoAlgebraic synthesis of logicalcontrollers with optimization criteriardquo in Proceedings of the6th International Workshop on Verification and Evaluation ofComputer and Communication Systems (VECOS rsquo12) pp 103ndash114 Paris France 2012
[26] M Cantarelli and J Roussel ldquoReactive control system designusing the supervisory control theory evaluation of possibilitiesand limitsrdquo in Proceedings of 9th International Workshop onDiscrete Event Systems (WODES rsquo08) pp 200ndash205 GoteborgSweden May 2008
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Mathematical Problems in Engineering 13
(iii) It is necessary to have a request for pumps operate(1198751 + 1198752) le Rq
(iv) It is sufficient to have a request for pumps operateRq le (1198751 + 1198752)
(v) When Pump1 is failed it is sufficient to have a requestfor Pump2 operate F1 sdot Rq le 1198752
(vi) When Pump1 is failed it is necessary to have a requestfor Pump2 operate F1 sdot 1198752 le Rq
It is possible to prove that some of these formal expres-sions are equivalent (eg the first two) When a designerhesitates between two forms he has the possibility by usingsymbolic calculation to check if the proposed relations areequivalent or not
As 1198751 and1199011198751 represent the behavior of pump1 at
respectively times [119896] and [119896minus1] it is also possible to expressrelations about starts and stops of this pump as follows
(i) It is necessary to have a request to start pump1 (1198751 sdot1199011198751) le Rq
(ii) When pump1 operates it is sufficient to have a globalfailure to stop pump1 (
1199011198751 sdot GF) le (1198751 sdot
1199011198751)
53 Synthesis Process In traditional design methods thedesign procedure of a logic controller is not a linear processbut an iterative one converging to an acceptable solution Atthe beginning of the design requirements are neither com-plete nor without errors Most often new requirements areadded during the search of solutions and others are cor-rected This complementary information is given by thedesigner after analysis of the partial solutions he foundor when inconsistencies have been detected If we do notmake the hypothesis that the specifications are complete andconsistent designing a controller with a synthesis techniqueis also an iterative process in which the designer plays animportant role
531 Analysis of Requirements For this case study we chooseto start with requirements R1 to R6 For this subset ofrequirements the result given by your software tool was thefollowing inconsistency conditionI = Rq sdotGF+Rq sdotF1 sdotF2
Since requirements are declared inconsistent we have togive complementary information to precise our specificationBy analyzing each term of this formula it is possible to detectthe origin of the inconsistency
(i) Rq sdot GF what happens if we have simultaneouslya request and a global failure We consider thatrequirement R4 is more important than requirementR6 (R4 ≫ R6) as no pump can operate for thisconfiguration
(ii) Rq sdot F1 sdot F2 what happens if we have simultaneouslya request and a failure of each pump We considerthat requirements R2 and R3 aremore important thanrequirement R6 (R2R3 ≫ R6)
With these priority rules all the requirements are nowcoherent and the set of all the solutions can be computed
532 Optimal Solutions For choosing a control law of thewater supply system among this set of possible solutions wewill now take into account the given optimization criteriaThe first criterion aims at minimizing the number of startingof each pump in order to reduce its wearThe second criterionaims atmaximizing the use of the pump indicated by the valueof parameter Pr The method we propose allows proving thatproposed criteria cannot be treated simultaneously since theyare antagonist (to strictly the priority use of the pump fixedby parameter Pr it is necessary to permute pumps when Prchanges of value implying a supplementary start of a pump)Details can be found in [25]
All the priorities rules and optimization criteria used forthis case study are given in Figure 5(c)The solutionwe obtainis proposed in Figure 5(d)
533 Implementing Control Laws The synthesized controllaws presented in Figure 5(e) have been obtained by trans-lating the expression of the two unknowns according tothe projection-functions into relations between recurrentBoolean equations These control laws can be automaticallytranslated in the syntax of the ladder diagram language [1]before being implemented into a PLCThe code is composedof only 4 rungs (Figure 6)
The synthesized control laws can be given under theform of an automatically built inputoutput automaton withguarded transitions [21] (Figure 7)
6 Discussion
In our approach the synthesis of control laws is based onthe symbolic calculation a prototype software tool has beendeveloped to avoid tedious calculus and to aid the designerduring the different steps of the synthesis This tool (thatcan be obtained on request by the authors) performs all thecomputations required for inconsistencies detection betweenrequirements and for control laws generation In this toolall the Boolean formulas are stored in the form of reducedordered binary decision diagrams which allows efficientcalculations For example the computations for synthesizinga controller for the water supply system that we developedabove have been made in less than 10ms onto a classicallaptop
Our approach has been tested on several studies cases(some of them are available online httpwwwlurpaens-cachanfr-226050kjsp) The feedbacks of these experiencesallowed us to identify some of its limits and its possibilitiesthe most important are given below
We have first to recall that our method can only be usedfor binary systems (systems whose inputs and outputs of theircontroller are Boolean values)Nevertheless in practicemanysystems like manufacturing systems transport systems andso on are fully or partially binary
In our opinion the main advantage of our approachis that contrary to traditional engineering approaches thesynthesized control laws are not depending on designerrsquos skillor of his correct interpretation of the system requirementsOn the other hand the quality of the synthesis results highly
14 Mathematical Problems in Engineering
|+--| |-------------------------------( )--+| |
|
|+--| |-------------------------------( )--+| |
|
Rung 1 command of pump 1
rq gf p1
rq gf p2f1
f1
f2
f2
pr
pr
pp1
pp1
pp1
pp1
pp2
pp2
pp2
pp2
Rung 2 command of pump 2
Rung 3 update previous value of pump 1
Rung 4 update previous value of pump 2
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|
|
|
|
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
p1
p2
pp1
pp2
Figure 6 Ladder diagram of the code to implement into the PLC
Table 1 Futures concerning a same case study
Formal requirements Synthesized controller PLC program (structured text)
Supervisory Control TheoryPlant behavior 11 finite automata(481 states and 1330 transitions)Specifications 11 finite automata
Finite automaton of 45states and 70 transitions 130 lines
Algebraic synthesis 8 equations and 2 priority rules 2 6-variable switchingfunctions 4 lines
E0-1 = rq and notgf and notf1and (f2 or pr)E0-2 = rq and notgf and notf2 and (f1or notpr)
E1-0 = notrq or gf or f1 and f2
E2-0 = notrq or gf or f1 and f2E2-1 = rq and notgf and f2 and notf1E2-1 = rq and notgf and f2 and notf1
E2-0 E0-2
E0-1
E1-0
E 2-1
E 1-2
0 1
2
p1
p2
E1-2 = rq and notgf and f1 and notf2Figure 7 State model of the obtained control law
depends on the relevance of the requirements proposed bythe designerThis step of formalization by the designer of theinformal requirements of the system to be controlled is theAchilles heel of all synthesis methods including the Supervi-sory Control Theory (SCT) and cannot be automated
The objective comparison of our approach with othersynthesis methods and more especially with SCT is verydifficult because the models used and the theoretical basicsare very different Nevertheless we tested both approaches onsame study cases One of them the control of an automaticparking gate has been published in [26]The results obtainedin this case are summarized in Table 1
Furthermore one may note that the supervisor thatis synthesized by SCT is optimal in the sense where it
is the most permissive that is the one that reduces theless the plant behavior in order to force it to respect thespecifications As shown in this paper our method allowsto cope with inconsistencies in specifications what is notpossible with SCT and also allows to find optimal controllersby choosing different optimization criteria (most permissivemost restrictive most safe controller etc)
7 Conclusion
Many research works in the field of DES aim at formalizingsteps of the systems life cycle Since 20 years significantprogresses have been obtained for the synthesis verificationperformance evaluation and diagnosis of DESs Neverthe-less one of the common difficulties of these works is thetranslation of informal expression of the knowledge of asystem into formal requirements Few works have paidattention to this important task which is very error prone Inthis paper we proposed an iterative process that allows copingwith inconsistencies of the requirements during the synthesisof the controller The framework in which we proposed thisapproach is an algebraic synthesis method Since the problemis located in the frontier between formal and informalintervention of the designer is necessary Nevertheless wehave shown that this intervention can be guided by the resultsof the formal method provides
Mathematical Problems in Engineering 15
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] International Electrotechnical Commission IEC 61131-3 IEC61131-3 Standard Programmable Controllers-Part 3 Program-ming Languages International Electrotechnical Commission2nd edition 2003
[2] G Frey and L Litz ldquoFormal methods in PLC programmingrdquoin Proceedings of the IEEE International Conference on SystemsMan and Cybernetics vol 4 pp 2431ndash2436 October 2000
[3] B Berard M Bidoit A Finkel et al Systems and Software Ver-ification Model-Checking Techniques and Tools Springer NewYork NY USA 1st edition 1999
[4] H Bel Mokadem B Berard V Gourcuff O De Smet andJ Roussel ldquoVerification of a timed multitask system withUPPAALrdquo IEEE Transactions on Automation Science and Engi-neering vol 7 no 4 pp 921ndash932 2010
[5] J L Boulanger Ed Industrial Use of Formal Methods FormalVerification (ISTE) Wiley-ISTE New York NY USA 2012
[6] P J G Ramadge andWMWonham ldquoControl of discrete eventsystemsrdquo Proceedings of the IEEE vol 77 no 1 pp 81ndash98 1989
[7] P Gohari and W M Wonham ldquoOn the complexity of supervi-sory control design in the RW frameworkrdquo IEEE Transactionson Systems Man and Cybernetics B vol 30 no 5 pp 643ndash6522000
[8] Y Hietter Synthese algebrique de lois de commande pour lessystemes a evenements discrets logiques [PhD thesis] ENSCachan Cachan France 2009
[9] H-M Hanisch A Lueder and J Thieme ldquoModular plantmodeling technique and related controller synthesis problemsrdquoin Proceedings of the 1998 IEEE International Conference onSystems Man and Cybernetics pp 686ndash691 October 1998
[10] J-M Roussel and A Giua ldquoDesigning dependable logic con-trollers using the supervisory control theoryrdquo in Proceedings ofthe 16th IFACWorld Congress cDRom paper 4427 p 6 PrahaCzech Republic 2005
[11] D A Huffman ldquoThe synthesis of sequential switching circuitsrdquoJournal of the Franklin Institute vol 257 no 3-4 pp 161ndash3031954
[12] G H Mealy ldquoA method for synthesizing sequential circuitsrdquoBell System Technical Journal vol 34 no 5 pp 1045ndash1079 1955
[13] E F Moore ldquoGedanken-experiments on sequential machinesrdquoin Automata Studies pp 129ndash153 Princeton University PressPrinceton NJ USA 1956
[14] S Rudeanu Lattice Functions and Equations (Discrete Mathe-matics and Theoretical Computer Science) Springer New YorkNY USA 2001
[15] FM Brown Boolean Reasoning the Logic of Boolean EquationsDover Mineola NY USA 2003
[16] A Pnueli andR Rosner ldquoOn the synthesis of a reactivemodulerdquoin Proceedings of the 16th ACM symposium on Principles ofprogramming languages (POPL rsquo89) pp 179ndash190 ACM NewYork NY USA 1989
[17] E Filiot N Jin and J Raskin ldquoAntichains and compositionalalgorithms for LTL synthesisrdquoFormalMethods in SystemDesignvol 39 no 3 pp 261ndash296 2011
[18] J Machado B Denis J J Lesage J M Faure and J FereiraldquoLogic controllers dependability verification using a plantmodelrdquo in Proceedings of the 3rd IFAC Workshop on Discrete-Event System Design (DESDes rsquo06) pp 37ndash42 Rydzyna Poland2006
[19] Y Hietter J-M Roussel and J-L Lesage ldquoAlgebraic synthesisof transition conditions of a state modelrdquo in Proceedings of the9th International Workshop on Discrete Event Systems (WODESrsquo08) pp 187ndash192 Goteborg Sweden May 2008
[20] Y Hietter J-M Roussel and J J Lesage ldquoAlgebraic synthesis ofdependable logic controllersrdquo in Proceedings of the 17th WorldCongress International Federation of Automatic Control (IFACrsquo08) pp 4132ndash4137 Seoul South Korea July 2008
[21] A Guignard Symbolic generation of the automaton representingan algebraic description of a logic system [MS thesis] ENSCachan Cachan France 2011
[22] R P Grimaldi Discrete and Combinatorial Mathematics AnApplied Introduction Addison-Wesley Longman Boston MassUSA 5th edition 2004
[23] J-M Roussel and J-J Lesage ldquoAlgebraic synthesis of logicalcontrollers despite inconsistencies in specificationsrdquo in Proceed-ing of the 11th International Workshop on Discrete Event Systems(WODES rsquo12) pp 307ndash314 Guadalajara Mexico 2012
[24] H Leroux Algebraic Synthesis of Logical Controllers with Opti-mization Criteria ENS Cachan Cachan France 2011
[25] H Leroux and J -M Roussel ldquoAlgebraic synthesis of logicalcontrollers with optimization criteriardquo in Proceedings of the6th International Workshop on Verification and Evaluation ofComputer and Communication Systems (VECOS rsquo12) pp 103ndash114 Paris France 2012
[26] M Cantarelli and J Roussel ldquoReactive control system designusing the supervisory control theory evaluation of possibilitiesand limitsrdquo in Proceedings of 9th International Workshop onDiscrete Event Systems (WODES rsquo08) pp 200ndash205 GoteborgSweden May 2008
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
14 Mathematical Problems in Engineering
|+--| |-------------------------------( )--+| |
|
|+--| |-------------------------------( )--+| |
|
Rung 1 command of pump 1
rq gf p1
rq gf p2f1
f1
f2
f2
pr
pr
pp1
pp1
pp1
pp1
pp2
pp2
pp2
pp2
Rung 2 command of pump 2
Rung 3 update previous value of pump 1
Rung 4 update previous value of pump 2
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
|+--| |--||--||--+--| |----------+--( )--+|||||||
|
|||||||
|
| ||| |
|
|
|
|
|-----||--+ |--+
+--| |--+
|--+--||--+ |--+
p1
p2
pp1
pp2
Figure 6 Ladder diagram of the code to implement into the PLC
Table 1 Futures concerning a same case study
Formal requirements Synthesized controller PLC program (structured text)
Supervisory Control TheoryPlant behavior 11 finite automata(481 states and 1330 transitions)Specifications 11 finite automata
Finite automaton of 45states and 70 transitions 130 lines
Algebraic synthesis 8 equations and 2 priority rules 2 6-variable switchingfunctions 4 lines
E0-1 = rq and notgf and notf1and (f2 or pr)E0-2 = rq and notgf and notf2 and (f1or notpr)
E1-0 = notrq or gf or f1 and f2
E2-0 = notrq or gf or f1 and f2E2-1 = rq and notgf and f2 and notf1E2-1 = rq and notgf and f2 and notf1
E2-0 E0-2
E0-1
E1-0
E 2-1
E 1-2
0 1
2
p1
p2
E1-2 = rq and notgf and f1 and notf2Figure 7 State model of the obtained control law
depends on the relevance of the requirements proposed bythe designerThis step of formalization by the designer of theinformal requirements of the system to be controlled is theAchilles heel of all synthesis methods including the Supervi-sory Control Theory (SCT) and cannot be automated
The objective comparison of our approach with othersynthesis methods and more especially with SCT is verydifficult because the models used and the theoretical basicsare very different Nevertheless we tested both approaches onsame study cases One of them the control of an automaticparking gate has been published in [26]The results obtainedin this case are summarized in Table 1
Furthermore one may note that the supervisor thatis synthesized by SCT is optimal in the sense where it
is the most permissive that is the one that reduces theless the plant behavior in order to force it to respect thespecifications As shown in this paper our method allowsto cope with inconsistencies in specifications what is notpossible with SCT and also allows to find optimal controllersby choosing different optimization criteria (most permissivemost restrictive most safe controller etc)
7 Conclusion
Many research works in the field of DES aim at formalizingsteps of the systems life cycle Since 20 years significantprogresses have been obtained for the synthesis verificationperformance evaluation and diagnosis of DESs Neverthe-less one of the common difficulties of these works is thetranslation of informal expression of the knowledge of asystem into formal requirements Few works have paidattention to this important task which is very error prone Inthis paper we proposed an iterative process that allows copingwith inconsistencies of the requirements during the synthesisof the controller The framework in which we proposed thisapproach is an algebraic synthesis method Since the problemis located in the frontier between formal and informalintervention of the designer is necessary Nevertheless wehave shown that this intervention can be guided by the resultsof the formal method provides
Mathematical Problems in Engineering 15
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] International Electrotechnical Commission IEC 61131-3 IEC61131-3 Standard Programmable Controllers-Part 3 Program-ming Languages International Electrotechnical Commission2nd edition 2003
[2] G Frey and L Litz ldquoFormal methods in PLC programmingrdquoin Proceedings of the IEEE International Conference on SystemsMan and Cybernetics vol 4 pp 2431ndash2436 October 2000
[3] B Berard M Bidoit A Finkel et al Systems and Software Ver-ification Model-Checking Techniques and Tools Springer NewYork NY USA 1st edition 1999
[4] H Bel Mokadem B Berard V Gourcuff O De Smet andJ Roussel ldquoVerification of a timed multitask system withUPPAALrdquo IEEE Transactions on Automation Science and Engi-neering vol 7 no 4 pp 921ndash932 2010
[5] J L Boulanger Ed Industrial Use of Formal Methods FormalVerification (ISTE) Wiley-ISTE New York NY USA 2012
[6] P J G Ramadge andWMWonham ldquoControl of discrete eventsystemsrdquo Proceedings of the IEEE vol 77 no 1 pp 81ndash98 1989
[7] P Gohari and W M Wonham ldquoOn the complexity of supervi-sory control design in the RW frameworkrdquo IEEE Transactionson Systems Man and Cybernetics B vol 30 no 5 pp 643ndash6522000
[8] Y Hietter Synthese algebrique de lois de commande pour lessystemes a evenements discrets logiques [PhD thesis] ENSCachan Cachan France 2009
[9] H-M Hanisch A Lueder and J Thieme ldquoModular plantmodeling technique and related controller synthesis problemsrdquoin Proceedings of the 1998 IEEE International Conference onSystems Man and Cybernetics pp 686ndash691 October 1998
[10] J-M Roussel and A Giua ldquoDesigning dependable logic con-trollers using the supervisory control theoryrdquo in Proceedings ofthe 16th IFACWorld Congress cDRom paper 4427 p 6 PrahaCzech Republic 2005
[11] D A Huffman ldquoThe synthesis of sequential switching circuitsrdquoJournal of the Franklin Institute vol 257 no 3-4 pp 161ndash3031954
[12] G H Mealy ldquoA method for synthesizing sequential circuitsrdquoBell System Technical Journal vol 34 no 5 pp 1045ndash1079 1955
[13] E F Moore ldquoGedanken-experiments on sequential machinesrdquoin Automata Studies pp 129ndash153 Princeton University PressPrinceton NJ USA 1956
[14] S Rudeanu Lattice Functions and Equations (Discrete Mathe-matics and Theoretical Computer Science) Springer New YorkNY USA 2001
[15] FM Brown Boolean Reasoning the Logic of Boolean EquationsDover Mineola NY USA 2003
[16] A Pnueli andR Rosner ldquoOn the synthesis of a reactivemodulerdquoin Proceedings of the 16th ACM symposium on Principles ofprogramming languages (POPL rsquo89) pp 179ndash190 ACM NewYork NY USA 1989
[17] E Filiot N Jin and J Raskin ldquoAntichains and compositionalalgorithms for LTL synthesisrdquoFormalMethods in SystemDesignvol 39 no 3 pp 261ndash296 2011
[18] J Machado B Denis J J Lesage J M Faure and J FereiraldquoLogic controllers dependability verification using a plantmodelrdquo in Proceedings of the 3rd IFAC Workshop on Discrete-Event System Design (DESDes rsquo06) pp 37ndash42 Rydzyna Poland2006
[19] Y Hietter J-M Roussel and J-L Lesage ldquoAlgebraic synthesisof transition conditions of a state modelrdquo in Proceedings of the9th International Workshop on Discrete Event Systems (WODESrsquo08) pp 187ndash192 Goteborg Sweden May 2008
[20] Y Hietter J-M Roussel and J J Lesage ldquoAlgebraic synthesis ofdependable logic controllersrdquo in Proceedings of the 17th WorldCongress International Federation of Automatic Control (IFACrsquo08) pp 4132ndash4137 Seoul South Korea July 2008
[21] A Guignard Symbolic generation of the automaton representingan algebraic description of a logic system [MS thesis] ENSCachan Cachan France 2011
[22] R P Grimaldi Discrete and Combinatorial Mathematics AnApplied Introduction Addison-Wesley Longman Boston MassUSA 5th edition 2004
[23] J-M Roussel and J-J Lesage ldquoAlgebraic synthesis of logicalcontrollers despite inconsistencies in specificationsrdquo in Proceed-ing of the 11th International Workshop on Discrete Event Systems(WODES rsquo12) pp 307ndash314 Guadalajara Mexico 2012
[24] H Leroux Algebraic Synthesis of Logical Controllers with Opti-mization Criteria ENS Cachan Cachan France 2011
[25] H Leroux and J -M Roussel ldquoAlgebraic synthesis of logicalcontrollers with optimization criteriardquo in Proceedings of the6th International Workshop on Verification and Evaluation ofComputer and Communication Systems (VECOS rsquo12) pp 103ndash114 Paris France 2012
[26] M Cantarelli and J Roussel ldquoReactive control system designusing the supervisory control theory evaluation of possibilitiesand limitsrdquo in Proceedings of 9th International Workshop onDiscrete Event Systems (WODES rsquo08) pp 200ndash205 GoteborgSweden May 2008
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Mathematical Problems in Engineering 15
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] International Electrotechnical Commission IEC 61131-3 IEC61131-3 Standard Programmable Controllers-Part 3 Program-ming Languages International Electrotechnical Commission2nd edition 2003
[2] G Frey and L Litz ldquoFormal methods in PLC programmingrdquoin Proceedings of the IEEE International Conference on SystemsMan and Cybernetics vol 4 pp 2431ndash2436 October 2000
[3] B Berard M Bidoit A Finkel et al Systems and Software Ver-ification Model-Checking Techniques and Tools Springer NewYork NY USA 1st edition 1999
[4] H Bel Mokadem B Berard V Gourcuff O De Smet andJ Roussel ldquoVerification of a timed multitask system withUPPAALrdquo IEEE Transactions on Automation Science and Engi-neering vol 7 no 4 pp 921ndash932 2010
[5] J L Boulanger Ed Industrial Use of Formal Methods FormalVerification (ISTE) Wiley-ISTE New York NY USA 2012
[6] P J G Ramadge andWMWonham ldquoControl of discrete eventsystemsrdquo Proceedings of the IEEE vol 77 no 1 pp 81ndash98 1989
[7] P Gohari and W M Wonham ldquoOn the complexity of supervi-sory control design in the RW frameworkrdquo IEEE Transactionson Systems Man and Cybernetics B vol 30 no 5 pp 643ndash6522000
[8] Y Hietter Synthese algebrique de lois de commande pour lessystemes a evenements discrets logiques [PhD thesis] ENSCachan Cachan France 2009
[9] H-M Hanisch A Lueder and J Thieme ldquoModular plantmodeling technique and related controller synthesis problemsrdquoin Proceedings of the 1998 IEEE International Conference onSystems Man and Cybernetics pp 686ndash691 October 1998
[10] J-M Roussel and A Giua ldquoDesigning dependable logic con-trollers using the supervisory control theoryrdquo in Proceedings ofthe 16th IFACWorld Congress cDRom paper 4427 p 6 PrahaCzech Republic 2005
[11] D A Huffman ldquoThe synthesis of sequential switching circuitsrdquoJournal of the Franklin Institute vol 257 no 3-4 pp 161ndash3031954
[12] G H Mealy ldquoA method for synthesizing sequential circuitsrdquoBell System Technical Journal vol 34 no 5 pp 1045ndash1079 1955
[13] E F Moore ldquoGedanken-experiments on sequential machinesrdquoin Automata Studies pp 129ndash153 Princeton University PressPrinceton NJ USA 1956
[14] S Rudeanu Lattice Functions and Equations (Discrete Mathe-matics and Theoretical Computer Science) Springer New YorkNY USA 2001
[15] FM Brown Boolean Reasoning the Logic of Boolean EquationsDover Mineola NY USA 2003
[16] A Pnueli andR Rosner ldquoOn the synthesis of a reactivemodulerdquoin Proceedings of the 16th ACM symposium on Principles ofprogramming languages (POPL rsquo89) pp 179ndash190 ACM NewYork NY USA 1989
[17] E Filiot N Jin and J Raskin ldquoAntichains and compositionalalgorithms for LTL synthesisrdquoFormalMethods in SystemDesignvol 39 no 3 pp 261ndash296 2011
[18] J Machado B Denis J J Lesage J M Faure and J FereiraldquoLogic controllers dependability verification using a plantmodelrdquo in Proceedings of the 3rd IFAC Workshop on Discrete-Event System Design (DESDes rsquo06) pp 37ndash42 Rydzyna Poland2006
[19] Y Hietter J-M Roussel and J-L Lesage ldquoAlgebraic synthesisof transition conditions of a state modelrdquo in Proceedings of the9th International Workshop on Discrete Event Systems (WODESrsquo08) pp 187ndash192 Goteborg Sweden May 2008
[20] Y Hietter J-M Roussel and J J Lesage ldquoAlgebraic synthesis ofdependable logic controllersrdquo in Proceedings of the 17th WorldCongress International Federation of Automatic Control (IFACrsquo08) pp 4132ndash4137 Seoul South Korea July 2008
[21] A Guignard Symbolic generation of the automaton representingan algebraic description of a logic system [MS thesis] ENSCachan Cachan France 2011
[22] R P Grimaldi Discrete and Combinatorial Mathematics AnApplied Introduction Addison-Wesley Longman Boston MassUSA 5th edition 2004
[23] J-M Roussel and J-J Lesage ldquoAlgebraic synthesis of logicalcontrollers despite inconsistencies in specificationsrdquo in Proceed-ing of the 11th International Workshop on Discrete Event Systems(WODES rsquo12) pp 307ndash314 Guadalajara Mexico 2012
[24] H Leroux Algebraic Synthesis of Logical Controllers with Opti-mization Criteria ENS Cachan Cachan France 2011
[25] H Leroux and J -M Roussel ldquoAlgebraic synthesis of logicalcontrollers with optimization criteriardquo in Proceedings of the6th International Workshop on Verification and Evaluation ofComputer and Communication Systems (VECOS rsquo12) pp 103ndash114 Paris France 2012
[26] M Cantarelli and J Roussel ldquoReactive control system designusing the supervisory control theory evaluation of possibilitiesand limitsrdquo in Proceedings of 9th International Workshop onDiscrete Event Systems (WODES rsquo08) pp 200ndash205 GoteborgSweden May 2008
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of