Spyros Reveliotis School of Industrial amp Systems Eng Georgia Institute of Technology Talk Outline Problem motivation and the abstraction of the Resource Allocation System RAS Formal characterization ID: 653913
Download Presentation The PPT/PDF document "Liveness -Enforcing Supervision of Seque..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Liveness-Enforcing Supervision of Sequential Resource Allocation Systems
Spyros Reveliotis
School of Industrial & Systems Eng.
Georgia Institute of TechnologySlide2
Talk Outline
Problem motivation
and the abstraction of the
Resource Allocation System (RAS)
Formal characterization
of the
considered problem
, its
optimal solution
, and the
involved complexity
The
current State of Art
Special RAS structure admitting optimal liveness-enforcing supervision of polynomial complexity w.r.t. the RAS size
Suboptimal, polynomial-complexity liveness-enforcing supervisors for many of the remaining cases
A generic methodology for verification and design of efficient suboptimal liveness-enforcing supervisorsSlide3
A motivational example:Part flow control in an FMS
R
3
R
2
R
1
J
1
:
R
1
®
R
2
®
R
3
J
2
:
R
3
®
R
2
®
R
1Slide4
Another example: Traffic Management in an AGV SystemSlide5
The current state of art:Dealing with the considered problem in
the
300mm
FABSlide6
A Transportation exampleSlide7
Internet-based business workflow management Slide8
A modeling abstraction:
Sequential Resource Allocation Systems (RAS)
A set of (re-usable)
resource types
R = {R
i
, i = 1,...,m}.
Finite
capacity Ci
for each resource type Ri.a set of job types
J = {Jj, j = 1,...,n}.An (partially) ordered set of
job stages for each job type, {pjk, k = 1,...,lj
}.A
resource requirements vector for each job stage p, ap[i], i = 1,...,m.Jobs release their currently held resources only upon allocation of the resources requested for their next stage
Sequential RAS deadlock:
A RAS state in which there exists a subset of jobs s.t. every job in this subset in order to proceed requires some resource(s) currently allocated to some other job in this subset.Slide9
Logical vs Performance Control of Sequential RAS
Resource
Allocation
System
Behavioral
Correctness
EfficiencySlide10
An Event-Driven RAS Control Scheme
RAS Domain
Logical Control
System State Model
Performance Control
Configuration Data
Feasible
Actions
Admissible
Actions
Event
Commanded
ActionSlide11
The RAS Logical Control Problem:Characterization of the
optimal solution
and its
complexitySlide12
q
0
q
16
12
J
21
J
q
17
11
J
22
J
q
1
11
J
q
2
21
J
q
3
12
J
q
4
22
J
q
15
11
J
21
J
q
18
11
J
12
J
21
J
q
19
11
J
21
J
22
J
Finite State Automata (FSA)-
based modeling of RAS behaviorSlide13
Safe vs. Unsafe Region
and
the
Optimal
Logical Control Policy
q
0
q
16
12
J
21
J
q
17
11
J
22
J
q
1
11
J
q
2
21
J
q
3
12
J
q
4
22
J
q
15
11
J
21
J
q
18
11
J
12
J
21
J
q
19
11
J
21
J
22
J
q
6
13
J
q
5
11
J
12
J
q
7
23
J
q
8
21
J
22
J
q
9
11
J
13
J
q
11
12
J
13
J
q
13
11
J
12
J
13
J
q
10
21
J
23
J
q
12
22
J
23
J
q
14
21
J
22
J
23
JSlide14
Complexity Considerations
State Safety
is an NP-complete problem in sequential RAS
(by reduction of the 3SAT problem)
State Transition Diagram (STD) size:
where:
C = max resource capacity
Q = max number of stages supported by a resource
m = number of resource typesSlide15
Dealing with the non-polynomial complexity
Special RAS structure
admitting an
optimal logical control policy of polynomial complexity
w.r.t the RAS size
Polynomial-Kernel (PK-)
RAS logical control policies:
Sub-optimal one-step-lookahead policies based on
state properties that are polynomially verifiable, e.g.,RUN (Resource Upstream Neighborhood)
RO (Resource Ordering)Banker’s algorithmAn
analytical framework for interpreting the correctness of the above policies, andenabling the “automatic” validation and synthesis of new members from this class of policiesSlide16
Some Major Contributors and
Research Groups in this Area
The first attempts, primarily in the computer system context (60’s and 70’s)
Dijkstra
,
Havender
,
Habermann
, Coffman, Holt
Gold, Araki, Sugiyama, Kasami, Okui
The problem revival in the manufacturing context (late 80’s / early 90’s)Banaszak
& KroghViswanadham, Narahari
& JohnsonWysk, Joshi & Smith
The current DES-based community (mid-90’s to present)Colom,
Ezpeleta & Tricas
Xie & Jeng Zhou and his colleaguesFanti & her colleaguesRoszkowska
HsiehReveliotis, Lawley
, Ferreira, Park and ChoiSlide17
A RAS taxonomy
Structure of the process sequential logic
Linear:
each process is defined by a linear sequence of stages
Disjunctive:
A number of alternative process plans encoded by an acyclic digraph
Merge-Split or Fork-Join:
each process is a fork-join networkComplex: a combination of the above behaviors
Structure of the stage resource requirement vectors
Single-unit: each stage requires a single unit from a single resource
Single-type: each stage requires an arbitrary number of units, but all from a single resourceConjunctive: Arbitrary number of units from different resourcesSlide18
RAS admitting optimal logical control
of
polynomial complexity
Type 1:
The search for a process terminating sequence can
be organized in a way that backtracking is not necessary:
Process advancing events can be selected in such a manner that the resource slack capacity is increased
monotonically e.g., under
“nested” resource allocation: resources are released by a process in a sequence that is reverse to that followed for their acquisition
Type 2: Unsafety Deadlock
deadlock is polynomially identifiable.
This kind of results are available for sub-classes of DIS-SU-RAS only.Slide19
DC-RAS with “nested” resource allocation
Every process transition corresponds either to a
pure allocation
or a
pure de-allocation
.
Resources allocated as a block are also de-allocated as a block. The
“scope” of each such allocation is defined by the processing stages that engage the corresponding resource block.In each path of the process-defining graph that corresponds to a single realization of the process, the “scopes” of two different allocations are either
disjoint or one contains the other – this is equivalent to the statement that resource blocks are de-allocated in reverse order of their allocation.
R
1
R
1
+R
2
A(R
1
)
A(R
2
)
A(R
3)R1
+R2+R3
D(R3)
D(R2)
D(R1
)R1+R
2R1Slide20
A polynomial algorithm resolving safety in DC-RAS with nested allocationsGiven a state RAS state
s
, let:
δ
i
(s
) be the slack
capacity of resource Ri at s, for all i;
Sa(s) be the set of “active” processing stages at s;
<Ajk1, Ajk2, …, A
jkn(jk)> be the resource allocation sequence for the resources occupied by a job instance executing proc. stage Ξ
jk in Sa(s);Q := { A
jkn(jk) | Ξjk in
Sa(s) }.While Q is not empty:Try to find an allocation Ajk
i in Q that is de-allocateable under the current slack capacities;If no such allocation exists, declare s as
unsafe and exit.O.w.,add the resources corresponding to Ajki to the slack vars δi(s);remove Ajki from Q and, if i > 1, enter in Q the allocation Ajki-1. Declare state s
safe and exit.Slide21
An Example Result of the 2nd Type
Theorem 1:
In a DIS-SU-RAS where
every resource has at least two units of capacity
, the optimal logical control policy is polynomially implementable (through one-step lookahead)
Proof: We shall show that for this class of systems, unsafety
deadlock, anddeadlock is polynomially identifiable.Slide22
A polynomial deadlock detection algorithm for DIS-SU RAS
Given a state s of a DIS-SU RAS,
R
:= the entire set of the system resources;
DEADLOCK := FALSE;
While (
R
is not empty AND not DEADLOCK)Try to identify a resource R in
R s.t. R is not allocated to capacity in s or it contains a job requesting advancement to a resource not in R or out of the system.If successful,
R := R\{R} else DEADLOCK:=TRUE;Return DEADLOCK
Algorithm complexity: O(|R|2Cmax)Slide23
Unsafety Deadlock
UNSAFE
DEADLOCK
R
l
R
k
R
j
The topological relationship of DEADLOCK and UNSAFE spaces /
Deadlock-free unsafe states one
step away from deadlock
The
absurdity
of the existence of a deadlock-free unsafe state
one step away from deadlock
for the considered RAS classSlide24
An alternative mechanism for establishing UNSAFETY= DEADLOCK in various sub-classes of DIS-SU-RAS
C=1
Potential
Deadlock 1
Potential
Deadlock 2
Potential
Deadlock i
Potential
Deadlock n
Basic structure of
deadlock-free unsafe states one step away
from deadlock
in DIS-SU-RASSlide25
Polynomial-Kernel Policies
Search-based:
Confine the system operation to those states
from which
there exists a terminating sequence that completes one process stage at a time.
This sub-class of states are called
ordered
, and the resulting policy is the renowned (Dijkstra’s)
Banker’s algorithm.Algebraic:
Confine the system operation to those states s that
satisfy an inequality of the type: A
·s
b
Remark: The
system state s
is a vector with its components indicating how many jobs execute each processing stage of the considered RASSlide26
Example: The RUN (Resource Upstream Neighborhood)
Policy for SU-RAS
A
partial resource reservation scheme
based on a
(partial) ordering of the resource set:
A job instance executing on a resource reserves capacity on every downstream resource of order greater than or equal to the order of the currently held resource, unless there is an intermediate resource of higher order than the considered downstream resource.
A
×
s £ b
R
3
R
2
R
1
J
1
:
R
1
®
R
2
®
R
3
J
2
:
R
3
®
R
2
®
R
1
O(R
1
) = 1, O(R
2
) = 2, O(R
3
) = 1 Slide27
q
0
q
16
12
J
21
J
q
17
11
J
22
J
q
1
11
J
q
2
21
J
q
3
12
J
q
4
22
J
q
15
11
J
21
J
q
18
11
J
12
J
21
J
q
19
11
J
21
J
22
J
q
6
13
J
q
5
11
J
12
J
q
7
23
J
q
8
21
J
22
J
q
9
11
J
13
J
q
11
12
J
13
J
q
13
11
J
12
J
13
J
q
10
21
J
23
J
q
12
22
J
23
J
q
14
21
J
22
J
23
J
Example: The Policy-Admissible RegionSlide28
Proving RUN CorrectnessIt suffices to show that for every policy-admissible state, other than the empty state, there is at least one
loaded
job that can advance.
If there exists
a job that needs to advance to a resource of order higher than or equal to the order of the currently held resource
, then, this job does not enter a new resource neighborhood upon its advancement. Therefore, (i) it has already reserved capacity on the requested resource and (ii) it can advance without violating the policy.
If
every loaded job requests advancement to a resource of lower order than the order of the currently held resource, consider a minimal order resource containing jobs
. Then, (i) the resource requested by any of these jobs has free capacity. Furthermore, (ii) any new neighborhoods entered by these jobs upon their advancement, are empty (since they must belong to even lower-order resources). Therefore, any of these jobs can advance without violating the policy.Slide29
Case 1 in the proof of RUN correctness
R
c
R
n
R
h
NH(R
h
)
o(R
c
)
o(R
n
) o(Ri) o(Rh)RiSlide30
Case 2 in the proof of RUN correctness
R
c
is a
minimum-order
resource containing jobs
Then,by case assumptions, o(Rn)
< o(Rc) Rn emptyAlso,
for any resource Rh such that st(Rn) NH(Rh
) and o(Rh) o(
Rc): st(R
n) NH(Rh) st(Rc) NH(R
h) for any resource Rl such that
st(Rn) NH(Rl) and
o(Rl) < o(Rc): Ri, Ri NH(Rl) o(Ri) o(Rl) < o(Rc) Ri empty NH(Rl
) empty
R
c
R
n
R
l
R
h
NH(R
h
)
NH(R
l
)Slide31
Automatic Correctness Verification of
Algebraic PK
PoliciesSlide32
Petri Net-based modeling of RAS
P20
P11
P12
P13
P21
P22
P23
P10
T10
T11
T12
T13
T20
T21
T22
T23
R1
R2
R3
R
3
R
2
R
1
J
1
:
R
1
®
R
2
®
R
3
J
2
:
R
3
®
R
2
®
R
1
O(R
1
) = 1, O(R
2
) = 2, O(R
3
) = 1 Slide33
Siphon-based characterization of RAS liveness: Single Unit-RAS
P11
P12
P13
P21
P22
P23
P10
P20
T10
T11
T12
T13
T20
T21
T22
T23
R1
R2
R3
S = {R1, R2, P12, P23}
S* = {T10, T22, T11, T21,
T12, T23}
*S = {T11, T23, T12, T22}
*S
S*Slide34
Siphon-based characterization of RAS
liveness
:
Conjunctive
RAS
t
20
Generalizing
empty siphon: Siphon S is
deadly marked iff
t*S,
t is disabled by some pS
2
3
p
10
t
10
t
11
p
11
r
1
t
20
p
20
t
21
t
22
p
21
p
22
2
3
p
10
t
10
t
11
p
11
r
1
p
20
t
21
t
22
p
21
p
22
Modified
marking
Resource-
inducedSlide35
A key result
Theorem 2:
Consider a
process-resource net
N where:
I
. every process subnet N
i
isquasi-live for M0
(pi0) = 1,reversible for every initial marking M
0(pi0), and“acyclic”
, i.e., strongly connected with every cycle containing pi0;II. Resources are re-usable
, i.e., for every resource Rk, p-semiflow yRk
s.t.yRk(r
k) = 1,p sup(Rk
), yRk(p) = # units of Rk required for the execution of stage p,yRk(p) = 0, o.w.III. Each process sub-net when augmented with the required resource places is quasi-live (i.e., the process-resource net is “well-marked”).
Then, N is live
iff ~
resource-induced deadly marked siphon in the modified reachability space.
Liveness Reversibility
If N is PT-ordinary, liveness
~ empty siphon in the reachability space.
Slide36
Modeling an algebraic PK policy as a set of
fictitious
resources
P10
P11
P12
P13
P21
P22
P23
P20
T10
T11
T12
T13
T20
T21
T22
T23
R1
R2
R3
W1
W2
W3Slide37
Computing the maximal empty siphon
P12
P13
P21
P23
T10
T11
T12
T13
T20
T21
T22
T23
R1
R2
Remove Marked Places
P11
P12
P13
P21
P22
P23
P10
P20
T10
T11
T12
T13
T20
T21
T22
T23
R1
R2
R3Slide38
Computing the maximal empty siphon (cont.)
P12
P13
P23
T10
T11
T12
T13
T21
T22
T23
R1
R2
Remove enabled transitions and places that will be marked by their firing.; repeat.
P12
P13
P21
P23
T10
T11
T12
T13
T20
T21
T22
T23
R1
R2Slide39
A sufficiency
condition for
non-existence of reachable empty siphons
in structurally bounded Petri nets
Theorem 3:
A structurally bounded Petri net
N=(P,T,F, M
0
) has no reachable empty siphons if
C(N) = |P|, where
s.t.Slide40
Practical Implications
Theorems 2 and 3 provide the basis for the development of
verification tests
for
RAS liveness and
algebraic PK policy correctness
that take the form of a
Mixed Integer Programming formulation with polynomial
number of variables and constraints in terms of the size of the underlying RAS.Embedded in a search process
, these tests can support the design of optimized algebraic PK policies – This is essentially a combinatorial optimization problem and constitutes ongoing research.Slide41
Some Additional Developments and Future Work
An
algebraic theory for interpreting the functionality of algebraic PK policies
through siphon dependencies and the notion of
“basic” / “elementary”
siphons.
A
methodology for designing optimized (maximally permissive)
algebraic PK policies through non-blocking supervisory control theory and the theory of regions
for Petri net synthesis from their reachability space.
A generalization of the concept of algebraic PK policy in order to encompass the potential nonlinearity
of the maximally permissive supervisor, based on results from pattern recognition / classification theory, and extension of the correctness verification tests to these policies.
Future work: Integrate the presented results on the RAS logical control problem with
the time-based performance control / scheduling problems arising in these environments.The proposed framework:
Markov Decision Processes and Approximate Dynamic Programming.Slide42
Thank You!