Bridging the Gap between Reactive Synthesis and Supervisory Control

Similar documents
Temporal Logic. Stavros Tripakis University of California, Berkeley. We have designed a system. We want to check that it is correct.

Optimal Non-blocking Decentralized Supervisory Control Using G-Control Consistency

Synthesis of Maximally Permissive Non-blocking Supervisors for Partially Observed Discrete Event Systems

A look at the control of asynchronous automata

State-Space Exploration. Stavros Tripakis University of California, Berkeley

Supervisory control under partial observation is an important problem

The State Explosion Problem

Supervisory Control: Advanced Theory and Applications

Synthesis of Designs from Property Specifications

Finite-State Model Checking

Decentralized Control of Discrete Event Systems with Bounded or Unbounded Delay Communication 1

Alan Bundy. Automated Reasoning LTL Model Checking

EECS 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization

Asynchronous Games over Tree Architectures

On the Design of Adaptive Supervisors for Discrete Event Systems

Games and Synthesis. Nir Piterman University of Leicester Telč, July-Autugst 2014

Bisimulation, the Supervisory Control Problem and Strong Model Matching for Finite State Machines

Semi-Automatic Distributed Synthesis

FORMULAS FOR CALCULATING SUPREMAL CONTROLLABLE AND NORMAL SUBLANGUAGES 1 R. D. Brandt 2,V.Garg 3,R.Kumar 3,F.Lin 2,S.I.Marcus 3, and W. M.

On Controllability and Normality of Discrete Event. Dynamical Systems. Ratnesh Kumar Vijay Garg Steven I. Marcus

Decentralized Control of Discrete Event Systems with Multiple Local Specializations 1

Representation of Supervisory Controls using State Tree Structures, Binary Decision Diagrams, Automata, and Supervisor Reduction

A Symbolic Approach to Safety LTL Synthesis

DECENTRALIZED DIAGNOSIS OF EVENT-DRIVEN SYSTEMS FOR SAFELY REACTING TO FAILURES. Wenbin Qiu and Ratnesh Kumar

Stéphane Lafortune. August 2006

Failure Diagnosis of Discrete Event Systems With Linear-Time Temporal Logic Specifications

Decentralized Control of Discrete Event Systems with Bounded or Unbounded Delay Communication

Linear Time Logic Control of Discrete-Time Linear Systems

A Logic Primer. Stavros Tripakis University of California, Berkeley. Stavros Tripakis (UC Berkeley) EE 144/244, Fall 2014 A Logic Primer 1 / 35

Achieving Fault-tolerance and Safety of Discrete-event Systems through Learning

Bounded Synthesis. Sven Schewe and Bernd Finkbeiner. Universität des Saarlandes, Saarbrücken, Germany

Robust Supervisory Control of a Spacecraft Propulsion System

On Supervisory Control of Concurrent Discrete-Event Systems

Language Stability and Stabilizability of Discrete Event Dynamical Systems 1

Timo Latvala. March 7, 2004

of Kentucky, Lexington, KY USA,

SUPERVISORY CONTROL AND FAILURE DIAGNOSIS OF DISCRETE EVENT SYSTEMS: A TEMPORAL LOGIC APPROACH

A Learning-based Active Fault-tolerant Control Framework of Discrete-event Systems

Alternating Time Temporal Logics*

Distributed games with causal memory are decidable for series-parallel systems

CDS 270 (Fall 09) - Lecture Notes for Assignment 8.

CS256/Spring 2008 Lecture #11 Zohar Manna. Beyond Temporal Logics

Introduction to Embedded Systems

Sanjit A. Seshia EECS, UC Berkeley

Symbolic Decentralized Supervisory Control

Guest lecturer: Prof. Mark Reynolds, The University of Western Australia

Model Checking: An Introduction

Introduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either

Relational Interfaces and Refinement Calculus for Compositional System Reasoning

Integrating Induction and Deduction for Verification and Synthesis

Automatic Synthesis of Distributed Protocols

Strategy Logic. 1 Introduction. Krishnendu Chatterjee 1, Thomas A. Henzinger 1,2, and Nir Piterman 2

Extension based Limited Lookahead Supervision of Discrete Event Systems

Priority Scheduling of Distributed Systems Based on Model Checking

Temporal Logic Model Checking

PSPACE-completeness of Modular Supervisory Control Problems

Supervisor Localization of Discrete-Event. Systems with Infinite Behavior

Supervisory Control of Manufacturing Systems with Time Specifications

EE 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization Fall 2016

Synthesis of Asynchronous Systems

Reasoning about Strategies: From module checking to strategy logic

Computation Tree Logic (CTL) & Basic Model Checking Algorithms

An Introduction to Temporal Logics

DES. 4. Petri Nets. Introduction. Different Classes of Petri Net. Petri net properties. Analysis of Petri net models

Synthesis of Winning Strategies for Interaction under Partial Information

Towards Decentralized Synthesis: Decomposable Sublanguage and Joint Observability Problems

The MSO Theory of Connectedly Communicating Processes

A Logic Primer. Stavros Tripakis University of California, Berkeley

Lecture 9 Synthesis of Reactive Control Protocols

T Reactive Systems: Temporal Logic LTL

Lecture 16: Computation Tree Logic (CTL)

Finitary Winning in ω-regular Games

Minimising Deterministic Büchi Automata Precisely using SAT Solving

Symbolic Hierarchical Interface-based Supervisory Control

Automata, Logic and Games: Theory and Application

Chapter 4: Computation tree logic

Computer-Aided Program Design

Linear Temporal Logic and Büchi Automata

Supervisory control for collision avoidance in vehicular networks with imperfect measurements

Model Checking. Temporal Logic. Fifth International Symposium in Programming, volume. of concurrent systems in CESAR. In Proceedings of the

From Liveness to Promptness

Industrial Automation (Automação de Processos Industriais)

Decentralized vs. Monolithic Control of Automata and Weighted Automata

Recent results on Timed Systems

Control Synthesis of Discrete Manufacturing Systems using Timed Finite Automata

Lecture 7 Synthesis of Reactive Control Protocols

MOST OF the published research on control of discreteevent

Extending Supervisory Controller Synthesis to Deterministic Pushdown Automata Enforcing Controllability Least Restrictively

Formal Verification Techniques. Riccardo Sisto, Politecnico di Torino

CS256/Winter 2009 Lecture #1. Zohar Manna. Instructor: Zohar Manna Office hours: by appointment

Reactive Synthesis. Swen Jacobs VTSA 2013 Nancy, France u

Fault Tolerance, State Estimation and Fault Diagnosis in Petri Net Models

MODULAR MULTITASKING SUPERVISORY CONTROL OF COMPOSITE DISCRETE-EVENT SYSTEMS. Max H. de Queiroz*, José E. R. Cury**

Resilient Supervisory Control of Autonomous Intersections in the Presence of Sensor Attacks

On simulations and bisimulations of general flow systems

Decentralized Diagnosis of Discrete Event Systems using Unconditional and Conditional Decisions

Reducing the Supervisory Control of Discrete- Event Systems under Partial Observation

Weak Alternating Automata and Tree Automata Emptiness

Decentralized Modular Control of Concurrent Fuzzy Discrete Event Systems

Overview. Discrete Event Systems Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?

Transcription:

Bridging the Gap between Reactive Synthesis and Supervisory Control Stavros Tripakis University of California, Berkeley Joint work with Ruediger Ehlers (Berkeley, Cornell), Stéphane Lafortune (Michigan) and Moshe Vardi (Rice) ExCAPE PI Meeting June 2013 ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 1 / 26

Classic Synthesis Frameworks Reactive synthesis: From declarative specifications (e.g., LTL formulas) to implementations (e.g., Mealy or Moore state machines). On the Synthesis of a Reactive Module [Pnueli-Rosner, POPL 89], but also earlier, e.g., [Church 63]. See Moshe s summer school tutorial for details. Supervisory control: Feedback control for discrete-event systems (DES). Supervisory control of a class of discrete event processes and On the supremal controllable sublanguage of a given language [Ramadge-Wonham, SIAM J. Control Optim. 87]. See Stéphane s textbook for more [Cassandras & Lafortune 08]. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 2 / 26

This Work Bridge the gap: how are the two frameworks related in theory? in practice? Bridge the communities. Pedagogical, although results are new to our knowledge. Work in progress. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 3 / 26

Agenda Supervisory control. Reactive synthesis. Bridging the gap. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 4 / 26

Agenda Supervisory control. Reactive synthesis. Bridging the gap. More details in summer school talk. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 4 / 26

SUPERVISORY CONTROL ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 5 / 26

Supervisory Control: General Framework Supervisory control problems (in general) Given plant G, synthesize (if possible) supervisor S such that the closed-loop system S/G meets a certain specification. Closed-loop system: Supervisor S S/G: Plant G ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 6 / 26

Supervisory Control: General Framework closed-loop system S/G: events Supervisor S disabling actions Plant G Plant generally modeled as discrete event system (DES): regular language, deterministic finite automaton (G). ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 7 / 26

Supervisory Control: General Framework closed-loop system S/G: events Supervisor S disabling actions Plant G Plant generally modeled as discrete event system (DES): regular language, deterministic finite automaton (G). Supervisor (S) can disable controllable events. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 7 / 26

Supervisory Control: General Framework events disabling Supervisor S actions closed-loop system S/G: Plant G Plant generally modeled as discrete event system (DES): regular language, deterministic finite automaton (G). Supervisor (S) can disable controllable events. Specifications vary, but typically: Safety: all behaviors of the closed-loop system must be in some set of good behaviors. Non-blockingness: supervisor must always allow system to reach an accepting (aka marked ) state. Maximal permissiveness: supervisor must not disable more events than strictly necessary. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 7 / 26

Supervisor Synthesis: a basic problem Simple Supervisory Control Problem (SSCP) Given plant G, synthesize (if possible) supervisor S such that: S is non-blocking. S is maximally-permissive, that is, for any other non-blocking supervisor S : L m (S /G) L m (S/G) ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 8 / 26

Supervisor Synthesis: a basic problem Simple Supervisory Control Problem (SSCP) Given plant G, synthesize (if possible) supervisor S such that: S is non-blocking. S is maximally-permissive, that is, for any other non-blocking supervisor S : L m (S /G) L m (S/G) We proved: Can reduce the standard supervisory control problem (safety and non-blocking) to SSCP (non-blocking only). ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 8 / 26

Supervisor Synthesis: a basic problem Simple Supervisory Control Problem (SSCP) Given plant G, synthesize (if possible) supervisor S such that: S is non-blocking. S is maximally-permissive, that is, for any other non-blocking supervisor S : L m (S /G) L m (S/G) We proved: Can reduce the standard supervisory control problem (safety and non-blocking) to SSCP (non-blocking only). Can show that if a non-blocking supervisor exists, then the maximally-permissive non-blocking supervisor is unique and state-based ( memoryless ). ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 8 / 26

Supervisory Control of DES Much more to the story: Partial observability Decentralized, distributed, hierarchical control architectures ω-regular frameworks Supervisory control of DES modeled as Petri nets Not only control: Monitoring, fault diagnosis (partial observation)... Application areas: Automated systems in control engineering: manufacturing, transportation, process control, etc. Recently: Controlling execution of software for avoiding deadlocks in multithreaded programs [Wang et al. POPL 09]. (Cf. summer school lecture of Stéphane.) ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 9 / 26

REACTIVE SYNTHESIS ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 10 / 26

Reactive Synthesis Reactive Synthesis Problem (RSP) Given LTL formula φ with input/output atomic propositions, synthesize (if possible) a controller M (Moore or Mealy machine) such that all behaviors of M (inputs are uncontrollable) satisfy φ. This is the implementability problem [Pnueli-Rosner POPL 1989]. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 11 / 26

RSP Specification: (G: always, X: next) φ := G (c ( Xg XXg XXX(b g) )) ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 12 / 26

RSP Specification: (G: always, X: next) φ := G (c ( Xg XXg XXX(b g) )) g Controller interface: c Controller b ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 12 / 26

RSP Specification: (G: always, X: next) φ := G (c ( Xg XXg XXX(b g) )) g Controller interface: c Controller b Controller generates a computation tree: all its paths must satisfy φ {g false, b false} {c false} {g false, b false} {c true} {g true, b false} {g false, b false} {g true, b false} {g true, b false} {g true, b false}............ {g false, {g false, b true} b true} {g false, {g false, b true} b true}........................ ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 12 / 26

BRIDGING THE GAP ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 13 / 26

Summary: Main Differences Supervisory control has explicit plants reactive synthesis does not. Supervisors are parents controllers are... controllers. Supervisory control asks for maximally-permissive controllers these generally don t exist in reactive synthesis. (Most of) supervisory control theory done in a finite-string setting reactive synthesis is about infinite strings. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 14 / 26

Controllers, Plants and Closed-Loop Systems in the Reactive Synthesis Framework inputs Controller outputs ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 15 / 26

Controllers, Plants and Closed-Loop Systems in the Reactive Synthesis Framework inputs outputs? Controller? ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 15 / 26

Controllers, Plants and Closed-Loop Systems in the Reactive Synthesis Framework inputs Controller outputs Plant (Environment) ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 15 / 26

Controllers, Plants and Closed-Loop Systems in the Reactive Synthesis Framework inputs Controller outputs Plant (Environment) How to capture plants in the reactive synthesis framework? ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 15 / 26

Capturing Plants in RSP Instead of asking for a controller implementing φ we can ask for a controller implementing φ plant φ where φ plant models the plant. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 16 / 26

Capturing Plants in RSP Example: plant never issues two p s in a row φ plant := G(p X p) ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 17 / 26

Capturing Plants in RSP Example: plant never issues two p s in a row φ plant := G(p X p) However: Not always natural to capture the plant s behavior: plant typically modeled as an automaton. Inefficient to do so: most synthesis algorithms start by transforming the formula into some automaton form. This typically incurs an exponential blow-up. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 17 / 26

Capturing Plants in RSP Example: plant never issues two p s in a row φ plant := G(p X p) However: Not always natural to capture the plant s behavior: plant typically modeled as an automaton. Inefficient to do so: most synthesis algorithms start by transforming the formula into some automaton form. This typically incurs an exponential blow-up. motivation to define a reactive synthesis problem with plants ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 17 / 26

Reactive Synthesis with Plants Inspired from [Kupferman et al CONCUR 2000]: Reactive Synthesis Control Problem (RSCP) Given plant P and temporal logic formula φ synthesize (if possible) a strategy f such that the closed-loop system satisfies φ. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 18 / 26

Reactive Synthesis with Plants Inspired from [Kupferman et al CONCUR 2000]: Reactive Synthesis Control Problem (RSCP) Given plant P and temporal logic formula φ synthesize (if possible) a strategy f such that the closed-loop system satisfies φ. Plant modeled as a transition system with system states and environment states. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 18 / 26

Reactive Synthesis with Plants Inspired from [Kupferman et al CONCUR 2000]: Reactive Synthesis Control Problem (RSCP) Given plant P and temporal logic formula φ synthesize (if possible) a strategy f such that the closed-loop system satisfies φ. Plant modeled as a transition system with system states and environment states. Strategy disables some successors of system states. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 18 / 26

Reactive Synthesis with Plants Inspired from [Kupferman et al CONCUR 2000]: Reactive Synthesis Control Problem (RSCP) Given plant P and temporal logic formula φ synthesize (if possible) a strategy f such that the closed-loop system satisfies φ. Plant modeled as a transition system with system states and environment states. Strategy disables some successors of system states. Different versions of the problem depending on the temporal logic used: RSCP-LTL, RSCP-CTL, RSCP-CTL*,... ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 18 / 26

Maximal Permissiveness in RSCP Generally no unique maximally-permissive strategy. Example: no unique maximally-permissive strategy to ensure Fp: 1 1 1 0 2 3 p 0 2 3 p 0 2 3 p original plant strategy 1 strategy 2 : system state : environment state ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 19 / 26

Maximal Permissiveness in RSCP Generally no unique maximally-permissive strategy. Example: no unique maximally-permissive strategy to ensure Fp: 1 1 1 0 2 3 p 0 2 3 p 0 2 3 p original plant strategy 1 strategy 2 : system state : environment state Many other (non-state-based) strategies. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 19 / 26

Maximal Permissiveness in RSCP-CTL Yet for some formulas maximally-permissive strategies always exist: Theorem For any CTL formula φ := AG EF p, where p is a state formula, RSCP admits a unique maximally-permissive state-based strategy enforcing φ (if such a strategy exists). ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 20 / 26

Maximal Permissiveness in RSCP-CTL Yet for some formulas maximally-permissive strategies always exist: Theorem For any CTL formula φ := AG EF p, where p is a state formula, RSCP admits a unique maximally-permissive state-based strategy enforcing φ (if such a strategy exists). We therefore define a variant of RSCP-CTL: RSCP-CTL max Given plant P and CTL φ := AG EF p compute (if it exists) the unique maximally-permissive state-based strategy enforcing φ. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 20 / 26

Results Relations between different synthesis problems: Section 3.4 Corollary 1 Theorem 5 RSCP-LTL BSCP-NB SSCP RSCP-CTL max RSP special case Section 3.5 supervisory control problems reactive synthesis problems Cf. technical report under preparation. : work in progress ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 21 / 26

Results Relations between different synthesis problems: Section 3.4 Corollary 1 Theorem 5 RSCP-LTL BSCP-NB SSCP RSCP-CTL max RSP special case Section 3.5 supervisory control problems reactive synthesis problems Cf. technical report under preparation. : work in progress ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 21 / 26

Reducing SSCP to RSCP-CTL max Main idea: DES can be transformed to a transition system. Marked states labeled with atomic proposition acc. Non-blockingness can be expressed in CTL: φ nb := AG EF acc i.e., from any reachable state, there exists a path to an accepting state. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 22 / 26

Reducing SSCP to RSCP-CTL max : Example x 1, u x 1 x 1 x 0, c 1 x 3, c 2 x 0 c 1 c 2 x 2 u c 1 c 2 x 3 x0 x0, u x 0, c 2 x 3 x 2 x 3, u x 3, c 1 DES G x 2, u Transition system P G : system state : environment state ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 23 / 26

Reducing SSCP to RSCP-CTL max Theorem Let G be a DES plant and P G its transformation. 1. A non-blocking supervisor exists for G iff a strategy enforcing φ nb := AG EF acc exists for P G. 2. Assuming supervisor/strategy exist, there is a 1-1 computable mapping between the unique non-blocking maximally-permissive state-based supervisor for G, and the unique maximally-permissive state-based strategy enforcing φ nb on P G. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 24 / 26

Conclusions and Perspectives First (to our knowledge) bridge between the reactive synthesis and DES/supervisory control problems and communities. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 25 / 26

Conclusions and Perspectives First (to our knowledge) bridge between the reactive synthesis and DES/supervisory control problems and communities. This work would not have happened without ExCAPE! ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 25 / 26

Conclusions and Perspectives First (to our knowledge) bridge between the reactive synthesis and DES/supervisory control problems and communities. This work would not have happened without ExCAPE! Merely scratched the surface; expand bridge to: Partial observability. Modular, decentralized, hierarchical control architectures. Algorithmic procedures. ω-regular supervisory control theory (cf. [Thistle 96]). Supervisory control of Petri nets. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 25 / 26

Bibliography C. Cassandras and S. Lafortune. Introduction to Discrete Event Systems. Springer, Boston, MA, 2nd edition, 2008. A. Church. Logic, arithmetic and automata. In Proceedings of the International Congress of Mathematics, 1963. O. Kupferman, P. Madhusudan, P. S. Thiagarajan, and M. Y. Vardi. Open systems in reactive environments: Control and synthesis. In 11th Intl. Conf. on Concurrency Theory, CONCUR 00, pages 92 107. Springer, 2000. A. Pnueli and R. Rosner. On the synthesis of a reactive module. In ACM Symp. POPL, 1989. P. Ramadge and W. Wonham. Supervisory control of a class of discrete event processes. SIAM J. Control Optim., 25(1):206 230, 1987. J.G. Thistle. Supervisory control of discrete event systems. Mathl. Comput. Modelling, 23(11/12):25 53, 1996. Y. Wang, S. Lafortune, T. Kelly, M. Kudlur, and S. Mahlke. The theory of deadlock avoidance via discrete control. In ACM Symp. POPL, pages 252 263, 2009. W. Wonham and P. Ramadge. On the supremal controllable sublanguage of a given language. SIAM J. Control Optim., 25(3):637 659, 1987. ExCAPE PI Meeting June 2013 Stavros Tripakis (UC Berkeley) Bridging the Gap 26 / 26

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback