Technical Report: NUS-ACT-11-003-Ver.1:
Communicate only when necessary:
Cooperative tasking for multi-agent systems
New advances in large scale distributed systems have amazingly offered complex functionalities through parallelism of simple and rudimentary components. The key issue in cooperative control of multi-agent systems is the synthesis of local control and interaction rules among the agents such that the entire controlled system achieves a desired global behavior. For this purpose, three fundamental problems have to be addressed: (1) task decomposition for top-down design, such that the fulfillment of local tasks guarantees the satisfaction of the global task, by the team; (2) fault-tolerant top-down design, such that the global task remain decomposable and achievable, in spite of some failures, and (3) design of interactions among agents to make an undecomposable task decomposable and achievable in a top-down framework. The first two problems have been addressed in our previous works, by identifying necessary and sufficient conditions for task automaton decomposition, and fault-tolerant task decomposability, based on decision making on the orders and selections of transitions, interleaving of synchronized strings and determinism of bisimulation quotient of local task automata. This paper deals with the third problem and proposes a procedure to redistribute the events among agents in order to enforce decomposability of an undecomposable task automaton. The decomposability conditions are used to identify the root causes of undecomposability which are found to be due to over-communications that have to be deleted, while respecting the fault-tolerant decomposability conditions; or because of the lack of communications that require new sharing of events, while considering new violations of decomposability conditions. This result provides a sufficient condition to make any undecomposable deterministic task automaton decomposable in order to facilitate cooperative tasking. Illustrative examples are presented to show the concept of task automaton decomposabilization.
With new advances in technology and emergence of large scale complex systems [Lesser1999, Lima2005], there is an ever-increasing demand for cooperative control of distributed systems with sophisticated specifications [Choi2009, Kazeroon2009], [Georgios2009], [Ji2009] which impose new challenges that fall beyond the traditional methods [Tabuada2006, Belta2007, Kloetzer2010, Georgios2009]. Conventional approaches either consider the team of agents as a monolithic plant to be controlled by a centralized unit, or design and iteratively adjust local controllers, in a bottom-up structure, to generate a behavior closed to a desired global behavior. Although the latter approache offers more flexibility, scalability and functionality with lower cost, due to local actuation and communications of agents [Hinchey2005, Truszkowski2006, Kloetzer2007], they fail to guarantee a given global specification [Crespi2008]. For this purpose, top-down cooperative control aims at formal design of local controllers in order to collectively achieve the global specification, by design [Willner1991, cai2010supervisor].
To address the top-down cooperative control, three fundamental questions are evoked: The first question is the task decomposition problem that is interested in understanding of whether all tasks are decomposable, and if not, what are the conditions for task decomposability. It furthermore asks that if the task is decomposable and local controllers are designed to satisfy local tasks, whether the whole closed loop system satisfies the global specification. Subsequently, the second question refers to the cooperative control under event failures, and would like to know if after the task decomposition and local controller designs for global satisfaction, some events fail in some agents, then whether the task still remains decomposable and globally satisfied, in spite of event failures. As another follow-up direction, the third question investigates the way to make an undecomposable task decomposable through modification of local agents in order to accomplish the proposed cooperative control.
For cooperative control of logical behaviors [Koutsoukos2000], represented in automata [Cassandras2008, Kumar1999], the first question (task decomposability for cooperative tasking) was addressed in our previous work [Automatica2010-2-agents-decomposability], by decomposing a given global task automaton into two local task automata such that their parallel composition bisimulates the original task automaton. By using the notion of shared events, instead of common events and incorporating the concept of global decision making on the orders and selections between the transitions, the decomposability result was generalized in [TAC2011-n-agents-decomposability] to an arbitrary finite number of agents. Given a deterministic task automaton, and a set of local event sets, necessary and sufficient conditions were identified for task automaton decomposability based on decision making on the orders and selections of transitions, interleaving of synchronized strings and determinism of bisimulation quotient of local automata. It was also proven that the fulfillment of local task automata guarantees the satisfaction of the global specification, by design.
The second question, cooperative tasking under event failure, was investigated in [Automatica2011-Fault-tolerant], by introducing a notion of passive events to transform the fault-tolerant task decomposability problem to the standard automaton decomposability problem in [TAC2011-n-agents-decomposability]. The passivity was found to reflect the redundancy of communication links, based on which the necessary and sufficient conditions have been then introduced under which a previously decomposable task automaton remains decomposable and achievable, in spite of events failures. The conditions ensure that after passive failures, the team of agents maintains its capability for global decision making on the orders and selections between transitions; no illegal behavior is allowed by the team (no new string emerges in the interleavings of local strings) and no legal behavior is disabled by the team (any string in the global task automaton appears in the parallel composition of local automata). These conditions interestingly guarantee the team of agents to still satisfy its global specification, even if some local agents fail to maintain their local specifications.
This paper deals with the third question to investigate how to make undecomposable task automata decomposable in order for cooperative tasking of multi-agent systems. For a global task automaton that is not decomposable with respect to given local event sets, the problem is particularly interested in finding a way to modify the local task automata such that their parallel composition bisimulates the original global task automaton, to guarantee its satisfaction by fulfilling the local task automata.
Decomposition of different formalisms of logical specification have been reported in the literature. Examples of such methods can be seen for decomposition of a specification given in CSP [Moore1990], decomposition of a LOTOS [Go1999, Arora1998, Hultstrom1994] and decomposition of petri nets [Cao1994, Zaitsev2004]. The problem of automaton decomposabilization has been also studies in computer science literature. For example, [Morin1998] characterized the conditions for decomposition of asynchronous automata in the sense of isomorphism based on the maximal cliques of the dependency graph. The isomorphism equivalence used in [Morin1998] is however a strong condition, in the sense that two isomorphic automata are bisimilar but not vise versa [Cassandras2008]. Moreover, [Morin1998] considers a set of events to be attributed to a number of agents, with no predefinition of local event sets. While event attribution is suitable for parallel computing and synthesis problems in computer science, control applications typically deal with parallel distributed plants [Mukund2002] whose events are predefined by the set of sensors, actuators and communication links across the agents. Therefore, it would be advantageous to find a way to make an undecomposable automaton decomposable with respect to predefined local event sets, by modifying local task automata. Since the global task automaton is fixed, one way to modify the local task automata is through the modification in local event sets, which is the main theme of this paper. Another related work is [Kiyamura2003] that proposes a method for automaton decomposabilization by adding synchronization events such that the parallel composition of local automata is observably bisimilar to the original automaton. The approach in [Kiyamura2003], however, allows to add synchronization events to the event set that will enlarge the size of global event set. Our work deals with those applications with fixed global event sets and predefined distribution of events among local agents, where enforcing the decomposability is not allowed by adding the new synchronization events, but instead by redistribution of the existing events among the agents.
For this purpose, we propose an algorithm that uses previous results on task decomposition [Automatica2010-2-agents-decomposability, TAC2011-n-agents-decomposability] to identify and overcome dissatisfaction of each decomposability condition. The algorithm first removes all redundant communication links using the fault-tolerant result [Automatica2011-Fault-tolerant]. As a result, any violation of decomposability conditions, remained after this stage, is not due to redundant communication links, and hence cannot be removed by means of link deletions. Instead, the algorithm proceeds by establishing new communication links to provide enough information to facilitate the task automaton decomposition. Since each new communication link may overcome several violations of decomposability conditions, the algorithm may offer different options for link addition, leading to the question of optimal decomposability with minimum number of communication links. It is found that if link additions impose no new violations of decomposability conditions, then it is possible to make the automaton decomposable with minimum number of links. However, it is furthermore shown that, in general, addition of new communication links may introduce new violations of decomposability conditions that in turn require establishing new communication links. In such cases, the optimal path depends on the structure of the automaton and requires a dynamic exhaustive search to find the sequence of link additions with minimum number of links. Therefore, in case of new violations, a simple sufficient condition is proposed to provide a feasible suboptimal solution to enforce the decomposability, without checking of decomposability conditions after each link addition. This approach can decompose any deterministic task automaton, after which, according to the previous results, designing local controllers such that local specification are satisfied, guarantees the fulfillment of the global specification, by design.
The rest of the paper is organized as follows. Preliminary lemmas, notations, definitions and problem formulation are represented in Section II. This section also establishes the links to previous works on task automaton decomposition and fault-tolerant decomposition results. Section III proposes an algorithm to make any undecomposable deterministic automaton decomposable by modifying its local event sets. Illustrative examples are also given to elaborate the concept of task automaton decomposabilization. Finally, the paper concludes with remarks and discussions in Section LABEL:CONCLUSION. Proofs of the lemmas are readily given in the Appendix.
Ii Problem Formulation
Ii-a Definitions and notations
We first recall the definitions and notations used in this paper.
A deterministic automaton is a tuple consisting of a set of states ; an initial state ; a set of events that causes transitions between the states, and a transition relation , with partial map , such that if and only if state is transited to state by event , denoted by (or ). A nondeterministic automaton is a tuple with a partial transition map , and if hidden transitions (-moves) are also possible, then a nondeterministic automaton with hidden moves is defined as with a partial map . For a nondeterministic automaton the initial state can be generally from a set . Given a nondeterministic automaton , with hidden moves, the -closure of , denoted by , is recursively defined as: ; . The transition relation can be extended to a finite string of events, , where stands for of (the set of all finite strings over elements of ). For an automaton without hidden moves, , and the transition on string is inductively defined as (empty move or silent transition), and for and . For an automaton , with hidden moves, the extension of transition relation on string, denoted by , is inductively defined as: : and [Kumar1999].
The operator [Cassandras2008] is then defined by excluding the states and their attached transitions that are not reachable from the initial state as with and , restricting to the smaller domain of . Since has no effect on the behavior of the automaton, from now on we take .
We focus on deterministic global task automata that are simpler to be characterized, and cover a wide class of specifications. The qualitative behavior of a deterministic system is described by the set of all possible sequences of events starting from the initial state. Each such a sequence is called a string, and the collection of strings represents the language generated by the automaton, denoted by . The existence of a transition over a string from a state is denoted by . Considering a language , by we mean that . For , , means that such that . In this sense, the intersection of two strings is defined as . Likewise, is defined as . For , is called a sub-string of , denoted by , when , . Two events and are called successive events if or . Two events and are called adjacent events if .
To compare the task automaton and its decomposed automata, we use the bisimulation relations. Consider two automata , , . A relation is said to be a simulation relation from to if , and , then such that . If is defined for all states and all events in , then is said to be similar to (or simulates ), denoted by [Cassandras2008]. If , , with a symmetric relation, then and are said to be bisimilar (bisimulate each other), denoted by [Zhou2006]. In general, bisimilarity implies languages equivalence but the converse does not necessarily hold [Alur2000].
In these works natural projection is used to obtain local tasks, as local perspective of agents from the global task. Consider a global event set and its local event sets , , with . Then, the natural projection is inductively defined as , and Accordingly, inverse natural projection is defined on an string as .
The natural projection is also defined on automata as , where, is the set of finite automata and are obtained from by replacing its events that belong to by -moves, and then, merging the -related states. The -related states form equivalent classes defined as follows. Consider an automaton and a local event set . Then, the relation is the equivalence relation on the set of states such that , and denotes the equivalence class of defined on . The set of equivalent classes of states over , is denoted by and defined as [Morin1998]. The natural projection of into is then formally defined as , with if there exist states and such that , , and .
To investigate the interactions of transitions between automata, particularly between , , the synchronized product of languages is defined as follows. Consider a global event set and local event sets , , such that . For a finite set of languages , the synchronized product (language product) of , denoted by , is defined as [Willner1991].
Then, parallel composition (synchronized product) is used to define the composition of local task automata to retrieve the global task automaton, and to model each local closed loop system by compositions of its local plant and local controller automata. Let , be automata. The parallel composition (synchronous composition) of and is the automaton , with defined as , :
The parallel composition of , is called parallel distributed system (or concurrent system), and is defined based on the associativity property of parallel composition [Cassandras2008] as .
The set of labels of local event sets containing an event is called the set of locations of , denoted by and is defined as .
Based on these definitions, a task automaton with event set and local event sets , , , is said to be decomposable with respect to parallel composition and natural projections , , when .
Ii-B Problem formulation
In [Automatica2010-2-agents-decomposability], we have shown that not all automata are decomposable with respect to parallel composition and natural projections, and subsequently necessary and sufficient conditions were proposed for decomposability of a task automaton with respect to parallel composition and natural projections into two local event sets. These necessary and sufficient conditions were then generalized to an arbitrary finite number of agents, in [TAC2011-n-agents-decomposability], as
(Corollary in [TAC2011-n-agents-decomposability]) A deterministic automaton is decomposable with respect to parallel composition and natural projections , such that if and only if satisfies the following decomposability conditions ():
: : ;
: , : ;
: , , , , where, is the largest subset of such that and start with the same event, and
: , , , , , , : .
The first two decomposability conditions require the team to be capable of decision on choice/order of events, by which for any such decision there exists at least one agent that knows both events, or the decision is not important. Moreover, the third and fourth conditions, guarantee that the cooperative perspective of agents from the tasks (parallel composition of local task automata) neither allows a string that is prohibited by the global task automaton, nor disables a string that is allowed in the global task automaton.
It was furthermore shown that once the task automaton is decomposed into local task automata and local controllers are designed for local plants to satisfy the local specifications, then the global specification is guaranteed, by design.
The next question was the reliability of task decomposability to understand whether a previously decomposable and achievable global task automaton, can still remain decomposable and achievable by the team, after experiencing some event failures. For this purpose, in [Automatica2011-Fault-tolerant], a class of failures was investigated as follows to defined a notion of passivity. Consider an automaton . An event is said to be failed in (or ), if , where, , and denote the post-failure event set, post-failure transition relation and post-failure automaton, respectively. A set of events is then said to be failed in , when for , is failed in , i.e., . Considering a parallel distributed plant with local agents , . Failure of in is said to be passive in (or ) with respect to , if . An event whose failure in is a passive failure is called a passive event in .
The passivity was found to reflect the redundancy of communication links and shown to be a necessary condition for preserving the automaton decomposability. It was furthermore shown that when all failed events are passive in the corresponding local event sets, the problem of decomposability under event failure can be transformed into the standard decomposability problem to find the conditions under which , as follows.
(Theorem in [Automatica2011-Fault-tolerant]) Consider a deterministic task automaton . Assume that is decomposable, i.e., , and furthermore, assume that fail in , , and are passive for . Then, remains decomposable, in spite of event failures, i.e., if and only if
: : ;
: , : ;
: , , , , where, is the largest subset of such that , and start with the same event, and
: , , , , , , : , for some , such that .
- are respectively the decomposability conditions -, after event failures with respect to parallel composition and natural projections into refined local event sets , , provided passivity of , .
In this paper we are interested in the case that a task automaton is not decomposable and would like to ask whether it is possible to make it decomposable, and if so, whether the automaton can be made decomposable with minimum number of communication links. This problem is formally stated as
Consider a deterministic task automaton with event set for agents with local event sets , . If is not decomposable, can we modify the sets of private and shared events between local event sets such that becomes decomposable with respect to parallel composition and natural projections , with the minimum number of communication links?
One trivial way to make an automaton decomposable, is to share all events among all agents, i.e., , . This method , however, is equivalent to centralized control. In general, in distributed large scale systems, one of the objectives is to sustain the systems functionalities over as few number of communication links as possible, as will be addressed in the next section.
Iii Task Automaton Decomposabilization
Iii-a Motivating Examples
This section is devoted to Problem 1 and proposes an approach to redefine the set of private and shared events among agents in order to make an undecomposable task automaton decomposable. For more elaboration, let us to start with a motivating examples.
Consider two sequential belt conveyors feeding a bin, as depicted in Figure 1. To avoid the overaccumulation of materials on Belt B, when the bin needs to be charged, at first Belt B and then (after a few seconds), Belt A should be started. After filling the bin, to stop the charge, first Belt A and then after a few seconds Belt B is stopped to get completely emptied. The global task automaton, showing the order of events in this plant, is shown in Figure LABEL:Belts_Task_Automaton.