Modular Supervisory Control for the Coordination of a Manufacturing Cell with Observable Faults

In the present paper, a manufacturing cell in the presence of faults, coming from the devices of the process, is considered. The modular modeling of the subsystems of the cell is accomplished using of appropriate finite deterministic automata. The desired functionality of the cell as well as appropriate safety specifications are formulated as eleven desired languages. The desired languages are expressed as regular expressions in analytic forms. The languages are realized in the form of appropriate general type supervisor forms. Using these forms, a modular supervisory design scheme is accomplished providing satisfactory performance in the presence of faults as well guaranteeing the safety requirements. The aim of the present supervisor control scheme is to achieve tolerance of basic characteristics of the process coordination to upper-level faults, despite the presence of low-level faults in the devices of the process. The complexity of the supervisor scheme is computed.


Introduction
In flexible manufacturing systems (FMS), the infrastructure is composed of basic components (robots, computer numerical control (CNC), assembling machines, and storing systems) or islands of components, where each island of components is unreconfigurable. This consideration requires a two-layer control design. In the first layer, the components and/or the islands of components are controlled using the respective local sensors and actuators. The control objective of this layer is to perform specific activities of the subsystem [1]. In the second layer, the control objective is the synchronization/coordination of the individual subsystems to satisfy safety and functionality specifications of the overall manufacturing process [1]. The flexibility of the process results from modification of the second layer controller. Advances in the controller hardware contribute toward this scheme see [2,3]. However, as the Programmable Logic Controllers (PLCs) is one of the main architectures of manufacturing system control the use of formal methods for controller synthesis and PLC program design (with standardized languages, e.g., International Electrotechnical Commission (IEC) 61131-3) is crucial, see [2][3][4][5]. Supervisory control theory (SCT) [6] is a formal method that tackles the above problems crossing the bridge between the event-based automation and the synchronous signal-based PLC world, see [1,7]. Most commonly, Ladder Diagrams (for PLCs) are used to implement monolithic or modular supervisors. For the definition of monolithic and modular supervisors, see [6,8]. Monolithic supervisors suffer from state explosion as the models grow. The implementation of a single supervisor with many states could make the control program unreliable and/or even unstable [1]. Modular supervisor design requires on-the-fly synchronization of the plant and the controller [5]. However, it reduces computational complexity by reducing the total number of states [1].
The supervisory control design in the presence of faults of the manufacturing process is of particular importance. Indicatively, see [9,10] and the references therein. In the present In [1,3,11], the subsystems of the manufacturing cell are presented without considering the presence of faults, except the drilling subsystem where the possibility of the presence of fault has been considered. Here, the possibility of the presence of faults, in all subsystems, is considered. Also here, each subsystem of the manufacturing cell with possible faults will be modelled, in the form of discrete event systems (DES) in the class of finite deterministic automata (see [21][22][23]), i.e., in six tuples of the form 0 ( , , , , , ) . denotes the set of the states of G . denotes the event set (alphabet) of G . denotes the map from each state of G to the respective set of active events.
f denotes the transition function of G . 0 x denotes the initial state of G . m denotes the set of the marked states of G . The closed and the marked behavior of G (see [10]) are denoted by () G and () m G , respectively. For the two behaviors of G , it holds that , where  denotes the Kleene Star of , see [6,8]. The set In [1,3,11], the subsystems of the manufacturing cell are presented without considering the presence of faults, except the drilling subsystem where the possibility of the presence of fault has been considered. Here, the possibility of the presence of faults, in all subsystems, is considered. Also here, each subsystem of the manufacturing cell with possible faults will be modelled, in the form of discrete event systems (DES) in the class of finite deterministic automata (see [21][22][23]), i.e., in six tuples of the form G = (Q, E, f , H, x 0 , Q m ). Q denotes the set of the states of G. E denotes the event set (alphabet) of G. H denotes the map from each state of G to the respective set of active events. f denotes the transition function of G.
x 0 denotes the initial state of G. Q m denotes the set of the marked states of G. The closed and the marked behavior of G (see [10]) are denoted by L(G) and L m (G), respectively. For the two behaviors of G, it holds that L m (G) ⊆ L(G) ⊆ E * , where E * denotes the Kleene Star of E, see [6,8]. The set of the uncontrollable events of each subsystem is denoted in the form: E uc ⊆ E. According to [6,8], if L m (G) = L(G) then G is a nonblocking automaton, where · denotes the prefix closure of the argument language, see [6,8].

The Model of the Circular Rotating Table with Faults
The model of the circular rotating table in the presence of faults is developed here to be G T = (Q T , E T , f T , H T , x T,0 , Q T,m ). The set of the states is Q T = {q T,1 , q T,2 , q T,3 }. The initial state is x T,0 = q T,1 . The set of the marked states is Q T,m = {q T,1 }. The states of the circular rotating table are presented in Table 1. The rotating table is in faulty mode when the rotation mechanism is out of order or malfunctions as well as when the rotation is obstructed by obstacles in the workspace. The alphabet is E T = {e T,1 , e T,2 , e T,3 , e T,4 }. In Table 2, the events of the circular rotating table, are presented. The 1st event is a command signal. The 2nd event is a measurable signal. The 3rd event is observable, via an appropriate data acquisition and monitoring system, see [14][15][16]. Clearly, the 1st and the 4th event (repair signal) being produced by the Supervisory Control and Data Acquisition (SCADA) or a button pushed on by the supervising/maintenance personnel, are observable. The set of the controllable events is E T,c = {e T,1 , e T,4 } and the set of the uncontrollable events is E T,uc = {e T,2 , e T,3 }. The sets of the active events are H T (q T,1 ) = {e T,1 }, H T (q T,2 ) = {e T,2 , e T,3 } and H T (q T,3 ) = {e T,4 }. The values of the transition functions are f T (q T,1 , e T,1 ) = q T,2 , f T (q T,2 , e T,2 ) = q T,1 , f T (q T,2 , e T,3 ) = q T,3 and f T (q T,3 , e T,4 ) = q T,1 .
G T is a nonblocking automaton, i.e., L(G T ) = L m (G T ), where L m (G T ) = (e T,1 (e T,2 + e T,3 e T,4 )) * . In Figure 2, the state diagram of G T is presented. If the presence of faults is neglected, then the state diagram is reduced to that in, see [1,3,11].

The Model of the Classifier and Transportation Device with Faults
The model of the C&T device, in the presence of faults, is developed here to be G C = (Q C , E C , f C , H C , x C,0 , Q C,m ). The set of the states is Q C = {q C,1 , q C,2 , q C,3 , q C,4 , q C,5 }. The initial state is x C,0 = q C,1 . The set of the marked states is Q C,m = {q C,1 }. In Table 3, the states of the C&T device are presented. According to [11] the C&T device consist of two linear actuators, a capacitive sensor, an optic sensor, an inductive sensor and an appropriate sensor for the height measurement of the pieces. Regarding the linear actuator, the C&T  . In Figure 2, the state diagram of T G is presented. If the presence of faults is neglected, then the state diagram is reduced to that in, see [1,3,11].

The Model of the Classifier and Transportation Device with Faults
The model of the C&T device, in the presence of faults, is developed here to be ,0 , ( , , , , , ) The set of the marked states is In Table 3, the states of the C&T device are presented. According to [11] the C&T device consist of two linear actuators, a capacitive sensor, an optic sensor, an inductive sensor and an appropriate sensor for the height measurement of the pieces. Regarding the linear actuator, the C&T device is in faulty mode due to an excess of wear, a cracking, a backlash, lubricant related faults, etc., see [24]. Regarding the sensors, the C&T device is in faulty mode due to an external interference to the measurements, very common short-circuit faults, and common sensor drift, see [25]. Table 3. States of the classifier and transportation device.

Symbol State Description
,1

C q
The device is idle  Table 3. States of the classifier and transportation device.

Symbol
State Description The device is idle The device is classifying q C, 3 The device has been paused The device is transporting The device is in faulty mode The alphabet is E C = {e C,1 , e C,2 , e C,3 , e C,4 , e C,5 , e C,6 , e C,7 }. In Table 4, the events of the C&T device are presented. Table 4. Events of the classifier and transportation device.

Symbol
Event Description The device starts classifying e C, 2 The product has been classified and accepted e C, 3 The product has been classified and rejected e C, 4 The device starts transporting.
In Figure 3, the state diagram of G C is presented. In the nonfaulty case, the diagram is reduced to that in [1,3,11]. The values of the transition function of ( , ) ( , ) ( , ) ( , ) ( , ) C G is a nonblocking automaton, i.e., (  Figure 3, the state diagram of C G is presented. In the nonfaulty case, the diagram is reduced to that in [1,3,11].

The Model of the Drilling Machine with Faults
The model of the drilling machine, in the presence of faults, is expressed as 1 . The set of the marked states is Q D,m = {q D,1 }. In Table 5, the states of the drilling machine are presented. The drilling machine is in faulty mode in cases of tool wear (see [26] and the references therein) or if the drilling tool is broken or one of the three linear actuators of the drilling machine is in faulty mode (see [11]), as well as if the drilling motor malfunctions, indicatively see [27,28]. The signals indicating the presence of such faults are derived through appropriate soft sensors that use the outputs of electric, speed and/or torque sensors, indicatively, see [26][27][28]. Table 5. States of the drilling machine.

Symbol
State Description The drilling machine is idle The drilling machine is working (drilling) The drill is in faulty mode The alphabet is E D = {e D,1 , e D,2 , e D,3 , e D,4 }. In Table 6, the events of the drilling machine are presented. Table 6. Events of the drilling machine.

Symbol
Event Description The drilling machine starts drilling.
Drilling has been successfully completed The machine is in faulty mode e D, 4 The machine has been repaired.
The 1st event is a command signal. The rest are appropriate observable signals.  In Figure 4, the state diagram of the automaton of the drilling machine is presented. This diagram has first been presented in [1,3,11]. events is   In Figure 4, the state diagram of the automaton of the drilling machine is presented. This diagram has first been presented in [1,3,11].

The Model of the Testing Device with Faults
The model of the testing device, in the presence of faults, is developed to be of the six The initial state is x B,0 = q B,1 . The set of the marked states is Q B,m = {q B,1 }. In Table 7, the states of the testing device are presented. According to [11], the testing device consist of a linear actuator and a vacuum generator, as well as appropriate sensors. The testing device is in faulty mode for the reasons analogous to those presented for the C&T device, see also [24,25]. The repair signal can be produced in the same way to the previous subsystems and so is observable.

Symbol
State Description The testing device is idle The testing device is working The testing device is in faulty mode The alphabet is E B = {e B,1 , e B,2 , e B,3 , e B,4 , e B,5 }. In Table 8, the events of the testing device are presented.
The values of the transition function are The automaton G B is nonblocking, i.e., L m ( In Figure 5, the state diagram of the automaton of the testing device is presented. In the nonfaulty case, the diagram is reduced to that in, see [1,3,11].
The automaton B G is nonblocking, i.e., e e e e e = + + G .
In Figure 5, the state diagram of the automaton of the testing device is presented. In the nonfaulty case, the diagram is reduced to that in, see [1,3,11].

The Model of the Robotic Manipulator with Faults
The model of the robotic manipulator, in the presence of faults, is developed to be ,0 , ( , , , , , ) The set of the marked states is In Table 9, the states of the robotic manipulator are presented. The robotic manipulator can be in faulty mode for various reasons, indicatively see [29][30][31]. Table 9. States of the robotic manipulator.

Symbol
State Description The manipulator is retrieving a product from the table The manipulator is storing a product

The Model of the Robotic Manipulator with Faults
The model of the robotic manipulator, in the presence of faults, is developed to be Table 9, the states of the robotic manipulator are presented. The robotic manipulator can be in faulty mode for various reasons, indicatively see [29][30][31]. Table 9. States of the robotic manipulator.

Symbol
State Description The manipulator is idle The manipulator is retrieving a product from the table The manipulator is storing a product The manipulator is in faulty mode The alphabet is E R = {e R,1 , e R,2 , e R,3 , e R,4 , e R,5 }. In Table 10, the events of the robotic manipulator are presented. Table 10. Events of the robotic manipulator.

Symbol
Event Description The manipulator starts retrieving and storing a product.
The manipulator has retrieved a product from the table The manipulator has stored a product e R,4 A fault of the manipulator took place e R,5 A fault of the manipulator has been repaired The 1st event is a command signal. The rest are observable signals. The controllable events set is E R,c = {e R,1 , e R,5 } and the set of the uncontrollable events is E R,uc = {e R,2 , e R,3 , e R,4 }. The sets of the active events of G R are The values of the transition function of G R are In Figure 6, the state diagram of G R is presented. In the nonfaulty case, the diagram is reduced to that in [1,3,11].
e e e e e e e = + + G .
In Figure 6, the state diagram of R G is presented. In the nonfaulty case, the diagram is reduced to that in [1,3,11].

The Model of the Feeding Device with Faults
The model of the feeding device in the presence of faults is developed to be ,0 , The set of the marked states is In Table 11 the description of the states of the feeding device are presented. According to [11] the feeding device consist of a linear actuator, a rotary actuator and appropriate sensors. The feeding device is in faulty mode for the same reasons to those presented for the C&T device, see [24,25,32]. The repair signal can be produced in the same way to the previous subsystems and so is observable.

The Model of the Feeding Device with Faults
The model of the feeding device in the presence of faults is developed to be Table 11 the description of the states of the feeding device are presented. According to [11] the feeding device consist of a linear actuator, a rotary actuator and appropriate sensors. The feeding device is in faulty mode for the same reasons to those presented for the C&T device, see [24,25,32]. The repair signal can be produced in the same way to the previous subsystems and so is observable. Table 11. States of the feeding device.

Symbol
State Description The device is idle The device is working The device is out of rough pieces The device is in faulty mode The alphabet is E F = {e F,1 , e F,2 , e F,3 , e F,4 , e F,5 , e F,6 }. In Table 12, the events of the feeding device are presented.
The device is out of rough products e F, 4 The device has been refilled with rough products e F,5 A fault took place at the device. e F, 6 A fault has been repaired at the device.
The event e F,1 is a command signal and the events e F,2 , e F,3 , e F,4 , e F,5 and e F,6 are observable signals. Thus, the set of the controllable events is E F,c = {e F,1 , e F,6 } and the set of the uncontrollable events is E F,uc = {e F,2 , e F,3 , e F,4 , e F,5 }. The sets of the active events of 1 (e F,2 + e F,5 e F,6 + e F,3 (e F,4 + e F,5 e F,6 ))) * In Figure 7, the state diagram of G F is presented. In the nonfaulty case, the diagram is reduced to that in [1,3,11].
The values of the transition function are  Figure 7, the state diagram of F G is presented. In the nonfaulty case, the diagram is reduced to that in [1,3,11].

The Cell Model as a Shuffle
Since the event sets of the subsystems presented in Section 2 are disjoint sets, the model G of the manufacturing cell can be expressed as the shuffle [6] of the of the subsystems and can be expressed in the synchronous product form In [6,8], the definition and the properties of the synchronous product [6], or alternatively the parallel connection [8], are presented. The set of its states is Q Clearly, all transitions of the subsystems are feasible. The active event sets of G satisfy the following property ) and the set of the marked states is Q m = {(q T,1 , q C,1 , q D,1 , q B,1 , q R,1 , q F,1 )}.

Desired Languages
In [11], a set of safety and functionality specifications has been presented. Here, the above specifications are enriched with requirements considering the possibility of the presence of the faults. Note that in the faulty case of the drilling machine the product is tested to be accepted or rejected. Here, except the drilling machine, after the detection of a fault to another subsystem and its repair, the process of the subsystem will reinitiate to complete the task with respect to the current product.
In particular, the desired specifications, in the eventual presence of faults, are formulated, here, as follows:

1.
When a fault takes place in the table or in the robotic manipulator, then the commands to leave from the idle state of the rest of the cell's systems are deactivated until the fault's repair.

2.
The circular table is allowed to start rotating only if there is raw product in the appropriate position or a drilled piece in the drilling machine or a tested product in the testing device. 3. Table's rotation and raw product transportation to the cell do not take place simultaneously. 4. Table's rotation and drilling do not take place simultaneously.

5.
Table's rotation and testing do not take place simultaneously. 6.
Table's rotation and product retrieving, through the robotic manipulator, do not take place simultaneously. 7.
The C&T device is not allowed to have two or more raw products in its output and the drilling machine is not allowed to start working without a product. 8.
The drilling machine is not allowed to drill a product twice and the testing processes A and B of the testing device can begin only after the successful completion of the respective drilling process. The goal of the above rules is to protect the system from undesirable and/or malicious situations such as the ones described in the Section 1. Some possible malfunctions that may take place, are prevented by the following measures, being imposed by the nine specification rules, The 1st specification can be decomposed to two prefixed closed regular languages. The first regular language is for the table of the system, while the second regular language is for the robotic manipulator 1 K 1 = (e C,1 + e D,1 + e B,1 + e R,1 + e F,1 + e T,4 ) * e T,3 (e T,3 ) * e T,4 * , 1 K 2 = (e T,1 + e C,1 + e D,1 + e B,1 + e F,1 + e R,5 ) * e R,4 (e R,4 ) * e R,5 * The 2nd specification is expressed by the following prefixed closed regular language: 2 K = (e C,5 + e D,2 + e D,3 + e B,3 )(e C,5 + e D,2 + e D,3 + e B,3 ) * e T,1 * The 3rd specification is expressed by the following prefixed closed regular language: 3 K = (e T,2 + e T,4 + e C,5 + e C,6 ) * (e T,1 + e C,4 )(e T,2 + e T,4 + e C,5 + e C,6 ) * .
The 6th specification is expressed by the following prefixed closed regular language: 6 K = (e T,2 + e T,4 + e R,2 + e R,5 ) * (e T,1 + e R,1 )(e T,2 + e T,4 + e R,2 + e R,5 ) * The 7th specification is expressed by the following prefixed closed regular language: 7 K = (e T,1 + e C,4 ) * e C,5 (e C,5 ) * e T,1 (e C,5 ) * e C,4 (e C,5 ) * + ε * e D,1 * The 8th specification can be analyzed to the following two prefixed closed regular languages: To satisfy the specifications 1-9, the automaton G will be controlled by appropriate supervisors. To this end, similarly to [18,33] and because the specifications are expressed by prefixed closed languages, the performance of the resulting controlled automaton is proposed to be described by the following 11 desired languages 9 K D = 9 P −1 9 K ∩ L m (G) = 9 P −1 9 K ∩ L m (G) (11) where 1 P 1 and 1 P 2 denote the projections of E * to 1 E * S,1 and 1 E * S,2 , respectively. 8 P 1 and 8 P 2 denote the projections of E * to 8 E * S,1 and 8 E * S,2 , respectively. 2 P till 7 P denote the projections of E * to 2 E * S till 7 E * S , respectively. 9 P denotes the projection of E * to 9 E * S .

Notation and Properties of Supervisory Design
In order to control an automaton, let G, a finite deterministic automaton, called supervisor and denoted by S = (Q S , E S , f S , H S , x S,0 , Q S,m ), will be used. The closed and the marked behavior of the controlled automaton by the aforementioned supervisor are equal to the closed and the marked behavior of the synchronous product [6] (or parallel composition [8]) of S and G, denoted by S||G. The complexity of S (indicatively see [13,34]) is the triad including the number of the states, the number of the events and the number of the transitions of S.

A Two-State Supervisor form Realizing the First Six and The 8th Specifications
The automaton 1 ,1 The cardinality of the set of the states of 1 S is equal to 2, i.e., For the definition and properties of regular expressions, see [6,8] S is depicted in Figure 8.  Table 13, the supervisor's symbol derived, using 1 S , the respective languages and their complexity triad, are presented. According to Table   13, the alphabets of the regular expressions are uniquely determined. {} cT e = .   S 1 will be used for the realization of seven automata, where their closed and the marked behaviors will be equal to the prefixed closed regular languages 1 K 1 , 1 K 2 , 2 K, 3 K, 4 K, 5 K and 6 K, respectively. In Table 13, the supervisor's symbol derived, using S 1 , the respective languages and their complexity triad, are presented. According to Table 13, the alphabets of the regular expressions are uniquely determined. Indicatively, for 1 S 1,1 it holds that 1 E c,1 = {e C,1 , e D,1 , e B,1 , e R,1 , e F,1 }, 1 E c,2 = 1 E c,3 = {e T,3 } and 1 E c,4 = {e T,4 }.
The complexity triad of 2 S is ( ) 3,3, 6 . Its state diagram is presented in Figure 9.

A Four-State Supervisor Realizing the 7th Specification
The values of the transition function of  Figure 10.

The Performance of the Controlled Automaton
The supervisors proposed in Section 4, are interconnected to the automaton G of the manufacturing cell through the following multi argument synchronous product Automaton c G is the controlled automaton. In this section, the performance of the controlled automaton c G will be investigated. It will be proven that c G satisfies the desired specifications 1-9, presented in Section III. To this end and using the properties of the multi argument synchronous product (see [9,10]) and the property that the closed and the marked behaviors of the supervisors, are equal to the prefixed closed regular languages 1 1 , 1 2 , 2 , 3 , 4 , 5 , 6 , 7 , 8 1 , 8 2 and 9 , respectively, the closed behavior and the marked behavior of c G will first be computed From (14), it is observed that the performance of the controlled automaton GG . This property will be proven in Proposition 2. In Figure 11, the operational flow of the present modular supervisory scheme is presented. The symbols 1 S to 11 S represent the eleven supervisors of the present control scheme (see Section 4). All commands (controllable events) are generated by the Generator/Scheduler and inputted to the eleven supervisors. All sensors' signals (uncontrollable events) are produced by the sensors and inputted to the eleven supervisors. The indications of faults (uncontrollable events) are produced by Fault Detectors. The outputs of all supervisors are connected to an "AND" block. An event is outputted by this block only if it is outputted by all eleven supervisors. The above algorithm is the main idea of modular supervising control.

The Performance of the Controlled Automaton
The supervisors proposed in Section 4, are interconnected to the automaton G of the manufacturing cell through the following multi argument synchronous product Automaton G c is the controlled automaton. In this section, the performance of the controlled automaton G c will be investigated. It will be proven that G c satisfies the desired specifications 1-9, presented in Section 3. To this end and using the properties of the multi argument synchronous product (see [9,10]) and the property that the closed and the marked behaviors of the supervisors, are equal to the prefixed closed regular languages 1 K 1 , 1 K 2 , 2 K, 3 K, 4 K, 5 K, 6 K, 7 K, 8 K 1 , and 9 K, respectively, the closed behavior and the marked behavior of G c will first be computed From (14), it is observed that the performance of the controlled automaton G c , regarding its marked behavior, is satisfactory. Regarding the closed behavior of G c , it is mentioned that in order to be satisfactory it is necessary and sufficient that G c is nonblocking, i.e., L m (G c ) = L(G c ). This property will be proven in Proposition 2.
In Figure 11, the operational flow of the present modular supervisory scheme is presented. The symbols S 1 to S 11 represent the eleven supervisors of the present control scheme (see Section 4). All commands (controllable events) are generated by the Generator/Scheduler and inputted to the eleven supervisors. Before examining the closed behavior of the controlled automaton, it is necessary to examine the physical realizability (PR) of the synchronous product in Relation (12). The physical realizability (see [35,36]) is translated into the condition that the transitions of G , activated by uncontrollable events, must not obstructed by the twelve supervisors.

Proposition 1:
The synchronous product of the designed supervisor scheme is PR, with respect to G , through (12).

Sensors Manufacturing Cell
The event is outputted from the supervisor only if it belongs to the active event set of the current state of the supervisor or it does not belong to the alphabet of the supervisor The event is outputted only if it is outputted from all supervisors Figure 11. Operational flow chart of the supervisory control scheme.
Before examining the closed behavior of the controlled automaton, it is necessary to examine the physical realizability (PR) of the synchronous product in Relation (12). The physical realizability (see [35,36]) is translated into the condition that the transitions of G, activated by uncontrollable events, must not obstructed by the twelve supervisors.

Proposition 1:
The synchronous product of the designed supervisor scheme is PR, with respect to G, through (12).

Proposition 2:
The controlled automaton G c is a nonblocking automaton.
Proof of Proposition 2: Next, the six automata of the corresponding subsystems under the influence of the twelve supervisors will be examined regarding the nonblocking property. It is important to mention that all supervisors are physical realizable regarding G, i.e., all desired languages are controllable regarding G. In what follows, it will be investigated if there are direct (single step) or indirect (more than one steps) transitions from the nonmarked states of G c to marked states of G c . Since all states of the supervisors are marked, all non-marked states of G c include as a component at least one non-marked state of the subsystems of G. To this end, for all non-marked states of each subsystem of G, it will be investigated if there is a direct or indirect transition, not obstructed by the supervisor and the rest subsystems, that moves the subsystem to a marked state. Since G is the shuffle of its subsystems, this transition will not be related to any transition of the rest subsystems of G. Thus, the aforementioned investigation will form a procedure, where upon checking one subsystem of G, after the appropriate transition, the number of the non-marked state components of a non-marked state of G c will be decreased by one. So, at the end of the procedure G c will arrive at a marked state and the proof will be completed.
Starting the investigation with G T , it is observed that it has two non-marked states, namely, the states q T,2 and q T,3 . Regarding q T,2 , it is recalled that H T (q T,2 ) = E T,uc = {e T,2 , e T,3 }, f T (q T,2 , e T,2 ) = q T,1 . Since all supervisors are physical realizable, with respect to G, it is observed that they are also PR, with respect to G T . Using this observation and the property that G is a shuffle, it is concluded that the transition from q T,2 to the marked state q T,1 , is always feasible using the uncontrollable event e T,2 . Regarding q T,3 , it holds that H T (q T,3 ) = {e T,4 } and f T (q T,3 , e T,4 ) = q T,1 . It is observed that only the supervisors

Supervisor Implementation
An interesting issue, on the implementation of a supervisor control scheme, is the transition from event-based supervisors, built in the form of automata models, to standard signal-based PLC's operation, see [1,3,11]. To demonstrate the ease implementation of the proposed, here, supervisory control scheme, in real time industrial controllers such as PLCs, PACs etc., the present supervisors are implemented in the international standard IEC 61131-3 (2013). Industry 4.0 trends for real time industrial controller implementation, can be found in [33] and the references therein. Also, details regarding programming for the implementation of supervisor automata can be found in [1,5] and the refences therein.
In Figures 12-14, the supervisors realized in Section 4, are implemented using the IEC 61131-3 (2013) Ladder Diagrams. The implementation, through Ladder Diagrams, has been preferred, as the Ladder Diagrams provide a good overview and are offered for engineer inspection. Figures 12-14, illustrate the ease implementability of the realized supervisors. As already mentioned in Section 4, the supervisors realized in the class of supervisors determined by 1 S , are also offered for implementation in the event-driven architecture of the IEC 61499 function blocks.
Regarding communication protocols, it is important to mention that the modern communication standard OPC UA as well as the Modbus protocol, being the typical PLC communication protocol, can be used through simple parametrization of the declared variables and the parameters of the default timers and the alarms of the PLC, see also [37]. Regarding further trends, imposed by Industry 4.0, see [33,[37][38][39]. Finally, regarding the robotic manipulator, it is mentioned that the supervisor of the manipulator, implemented in PLC (see Figure 12), is interconnected to the robotic operations system (ROS2) following the directions presented in [40], providing an efficient framework.

Conclusions
In the present paper the model of manufacturing cell, in the presence of faults, has been developed through appropriate models of its subsystems. The DES models of all the system's components have been presented considering possible actuator/sensor faults. The total automaton of the manufacturing cell has also been presented. The desired behavior of the manufacturing cell has firstly been presented analytically, in the form of nine desired specifications. The desired specifications have been translated to appropriate eleven prefixed closed regular languages. The desired languages have been determined from the eleven regular languages in combination to the marked behavior of the total system. The regular languages have been realized by a set of eleven supervisors. The supervisors have been developed upon realizing a two-state class of automata and two other automata. The supervisors have been designed to be as possible maximally permissive without losing necessary performance properties, while guaranteeing PR regarding the total automaton of the manufacturing cell. The performance of the controlled automaton has been proven to have satisfactory closed behavior and marked behavior. The controllability of the eleven proposed languages and the nonblocking property of the controlled

Conclusions
In the present paper the model of manufacturing cell, in the presence of faults, has been developed through appropriate models of its subsystems. The DES models of all the system's components have been presented considering possible actuator/sensor faults. The total automaton of the manufacturing cell has also been presented. The desired behavior of the manufacturing cell has firstly been presented analytically, in the form of nine desired specifications. The desired specifications have been translated to appropriate eleven prefixed closed regular languages. The desired languages have been determined from the eleven regular languages in combination to the marked behavior of the total system. The regular languages have been realized by a set of eleven supervisors. The supervisors have been developed upon realizing a two-state class of automata and two other automata. The supervisors have been designed to be as possible maximally permissive without losing necessary performance properties, while guaranteeing PR regarding the total automaton of the manufacturing cell. The performance of the controlled automaton has been proven to have satisfactory closed behavior and marked behavior. The controllability of the eleven proposed languages and the nonblocking property of the controlled automaton have been proven. The complexity of the proposed supervisory scheme has been computed. Finally, implementability issues to modern industrial control devices have been figured out and the ladder diagrams of the three automata classes have been developed.
The feasibility of the results of the paper lies on two directions. The first direction is that the present supervisory control design is developed for a well-established and fully experimentally tested manufacturing cell with several applications, indicatively see [1,3,11]. The second is the implementation of the proposed supervisor scheme using Ladder diagrams (see Section 7).
The extension of the present supervisory control scheme, achieving tolerance to upperlevel faults of a manufacturing process, to the case of partially observable lower-level faults in the devices of the process is currently under investigation.