Next Article in Journal
Numerical Aspects of Data Reconciliation in Industrial Applications
Next Article in Special Issue
Using Simulation for Scheduling and Rescheduling of Batch Processes
Previous Article in Journal
Radical Copolymerization Kinetics of Bio-Renewable Butyrolactone Monomer in Aqueous Solution
Article Menu
Issue 4 (December) cover image

Export Article

Processes 2017, 5(4), 54;

Dynamical Scheduling and Robust Control in Uncertain Environments with Petri Nets for DESs
GREAH Research Group, UNIHAVRE, Normandie University, 76600 Le Havre, France
Received: 3 September 2017 / Accepted: 21 September 2017 / Published: 1 October 2017


This paper is about the incremental computation of control sequences for discrete event systems in uncertain environments where uncontrollable events may occur. Timed Petri nets are used for this purpose. The aim is to drive the marking of the net from an initial value to a reference one, in minimal or near-minimal time, by avoiding forbidden markings, deadlocks, and dead branches. The approach is similar to model predictive control with a finite set of control actions. At each step only a small area of the reachability graph is explored: this leads to a reasonable computational complexity. The robustness of the resulting trajectory is also evaluated according to a risk probability. A sufficient condition is provided to compute robust trajectories. The proposed results are applicable to a large class of discrete event systems, in particular in the domains of flexible manufacturing. However, they are also applicable to other domains as communication, computer science, transportation, and traffic as long as the considered systems admit Petri Nets (PNs) models. They are suitable for dynamical deadlock-free scheduling and reconfiguration problems in uncertain environments.
discrete event systems; timed Petri nets; stochastic Petri nets; model predictive control; scheduling problems

1. Introduction

The design of controllers that optimize a cost function is an important objective in many control problems, in particular in scheduling problems that aim to allocate a limited number of resources within several users or servers according to the optimization of a given cost function. In the domains of flexible manufacturing, communication, computer science, transportation, and traffic, the makespan is commonly used as an effective cost function because it leads directly to minimal cycle times. However, due to multi-layer resource sharing and routing flexibility of the jobs, scheduling problems are often NP-hard problems. Many recent works in operations research, automatic control, and computer science communities have studied such problems. In operations research community, flow-shop, and job-shop problem have been investigated from a long time [1,2] and a lot of contributions have been proposed, based either on heuristic methods (like Nawaz, Enscore and Ham or Campbell, Dudek, and Smith heuristics) or artificial intelligence and evolutionary theory [3,4,5]. In the automatic control community, automata, Petri nets (PNs), and max-plus algebra have been used to solve scheduling problems for discrete event systems (DESs) [6,7]. In particular, with PNs, the pioneer contributions for scheduling problems are based on the Dijkstra and A* algorithms [8,9]. Such algorithms explore the reachability graph of the net, in order to generate schedules. Numerous improvements have been proposed: pruning of non-promising branches [10,11], backtracking limitation [12], determination of lower bounds for the makespan [13], best first search with backtracking, and heuristic [14] or dynamic programming [15]. By combining scheduling and supervisory control in the same approach, one can also avoid deadlocks. Some approaches have been proposed: search in the partial reachability graph [16], genetic algorithms [17], and heuristic functions based on the firing vector [13,18]. The performance of operations research approaches are good, in general, compared to the automatic control approaches as long as static scheduling problems are considered. The advantage to solving scheduling problems with PNs or other tools issued from the control theory is to use a common formalism to describe a large class of problems and to facilitate the representation from one problem to another. In particular, PNs are suitable to represent many systems in various domains as flexible manufacturing, communication, computer science, transportation, and traffic [6,7]. This makes such approaches more suitable for dynamic and robust scheduling in uncertain environments. However, modularity and genericity usually suffer from a large computational effort that disqualifies the approaches for numerous large systems.
This work aims to propose a modular and generic approach of weak complexity. It details a method for timed PNs that incrementally computes control sequences in uncertain environments. Uncertainties are assumed to result from system failures or other unexpected events, and robustness with respect to such uncertainties is obtained thanks to a model predictive control (MPC) approach. The computed control sequences aim to reach a reference state from an initial one. The forbidden states, as deadlocks and dead-branches are avoided. The trajectory duration approaches its minimal value. Thanks to its robustness, the proposed approach generates dynamical and reconfigurable schedules. Consequently, it can be used in a real-time context. Resource allocation and operation scheduling for manufacturing systems are considered as the main applications. The robustness of the resulting trajectory is evaluated as a risk belief or probability. For that purpose structural and behavioral models of the uncertainties are considered. Finally, robust trajectories are computed. Compared to our previous works [19,20,21,22], the main contributions are: including, explicitly, uncertainties by means of uncontrollable stochastic transitions in the PNs model; evaluating the risk of the computed control sequences; proposing a sufficient condition for the existence of robust trajectories.
The paper is organized as follows. In Section 2, the preliminary notions and the proposed method are developed: timed PNs with uncontrollable transitions are presented, non-robust and robust control sequences are introduced, and the approach to compute non-robust and robust control sequences with minimal duration is developed. Section 3 illustrates the method on a simple example and then presents the performance for a case study. Section 4 is a discussion about the method and the results. Section 5 sums up the conclusions and perspectives.

2. Materials and Methods

2.1. Petri Nets

A PN structure is defined as G = <P, T, WPR, WPO>, where P = {P1, …, Pn} is a set of n places and T = {T1, …, Tq} is a set of q transitions with indices {1, ...,q} WPO ∈ (N) n×q and WPR ∈ (N) n×q are the post- and pre- incidence matrices (N is the set of non-negative integer numbers), and W = WPO − WPR ∈ (Z) n×q (Z is the set of positive and negative integer numbers) is the incidence matrix. <G, MI > is a PN system with initial marking MI and M ∈ (N) n represents the PN marking vector. The enabling degree of transition Tj at marking M is given by nj(M):
nj(M) = min{⌊mk/wPRkj⌋: Pk°Tj}
where °Tj stands for the preset of Tj, mk is the marking of place Pk, wPRkj is the entry of matrix WPR in row k and column j. A transition Tj is enabled at marking M if and only if (iff) nj(M) > 0, this is denoted as M [Tj >. When Tj fires once, the marking varies according to ∆M = M’ − M = W(:, j), where W(:, j) is the column j of incidence matrix. This is denoted by M [Tj > M’ or equivalently by M’ = M + W.Xj where Xj denotes the firing count vector of transition Tj [7]. A firing sequence σ is defined as σ = T(j1)T(j2)T(jh) where j1,... jh are the indices of the transitions. X(σ) ∈ (N) q is the firing count vector associated to σ, |σ| = ||X(σ)||1 = h is the length of σ (|| ||1 stands for the 1-norm), and σ = ε stands for the empty sequence. The firing sequence σ fired at M leads to the trajectory , M):
(σ, M) = M(0) [T(j1) > M(1)…. M(h − 1) [T(jh) > M(h)
where M(0) = M is the marking from which the trajectory is issued, M(1), ..., M(h − 1) are the intermediate markings and M(h) is the final marking (in the next, we write M(k), M), k = 0, …h). A marking M is said to be reachable from initial marking MI if there exists a firing sequence σ such that MI [σ > M and σ is said to be feasible at MI. R(G, MI) is the set of all reachable markings from MI.

2.2. Forbidden, Dangerous and Robust Legal Markings

For control issues, the set of transitions T is divided into two disjoint subsets TC, and TNC such that T = TC TNC. TC is the subset of qC controllable transitions, and TNC the subset of qNC uncontrollable transitions. Without loss of generality TC = {T1, …, TqC} and TNC = {TqC+1, …, TqC+qNC}. The firings of enabled controllable transitions are enforced or avoided by the controller, whereas the firings of uncontrollable transitions are not, and uncontrollable transitions fire spontaneously according to some unknown random processes. A set of marking specifications is also defined with the function SPEC: for any marking MR(G, MI), SPEC(M) = 1 if M satisfies the marking specifications, otherwise SPEC(M) = 0. When no specification is considered, SPEC(M) = 1 for all MR(G, MI). The two disjoint sets F(G, MI, Mref) and L(G, MI, Mref) of forbidden and legal markings respectively are introduced:
L(G, MI, Mref) = {MR(G, MI) at Ǝ σ ∈ (TC)* with M [σ > Mref with (SPEC(M’) = 1)
for all M’(σ, M)}
F(G, MI, Mref) = R(G, MI)/L(G, MI, Mref)
In other words, a marking MR(G, MI) is legal with respect to Mref if a trajectory exists from M to Mref that contains only controllable transitions and intermediate markings that satisfy the specifications. In addition, a legal marking M is robust with respect to TC if TC, where stands for the set of transitions enabled at M, otherwise M is dangerous (Figure 1) With this definition of robust and dangerous markings, a marking that satisfies TC but that has only dangerous markings as successors in R(G, MI) is considered as robust. Note that a finer partition of the legal markings in three classes (strong robust, weak robust, and dangerous) could be used for some problems. On the contrary, a forbidden marking is a marking from which no controllable trajectory exists to the reference. Examples of forbidden markings are deadlocks or markings that do not satisfy the system specifications or markings that enable only uncontrollable transitions (Figure 1).
The previous definitions are extended to trajectories. A robust trajectory is a legal trajectory that visits only robust markings. On the contrary a dangerous trajectory is a legal trajectory that visits at least one dangerous marking.

2.3. Timed Petri Nets with Uncontrollable Transitions

Timed Petri nets are PNs whose behaviors are constrained by temporal specifications [7]. For this reason, timed PNs have been intensively used to describe DESs like production systems [6]. This paper concerns partially-controlled timed PNs under and infinite server semantic where the firing of controllable transitions behaves according to an earliest firing preselection policy (transitions fire earliest in the order computed by the controller) and time specifications similar to the one used for T-timed PNs [23]: if TjTC, the firing of Tj occurs at earliest after a minimal delay dmin j from the date it has been enabled (dmin j = 0 if no time specification exists for Tj). On the contrary, the firings of uncontrollable transitions are unpredictable: if TjTNC, the firings of Tj occur according to an unknown arbitrarily random process at any time from the date it has been enabled. Consequently, partially-controlled timed PNs (PCont-TPNs) are defined as <G, MI, Dmin> where Dmin = (dmin j) ∈ (R+)qC and R+ is the set of non-negative real numbers. If in addition, the stochastic dynamics of the uncontrollable transitions are driven by exponential probability density functions (pdfs) of parameters μ = (μj) ∈ (R+)qNC, with a race policy and a resampling memory [24], then partially controlled stochastic timed PNs (PCont-SPNs) defined as <G, MI, Dmin, μ> will be used instead of PCont-TPNs. The parameters dmin j are set in an arbitrary time unit (TU) and the parameters μj are set in TU-1.
A timed firing sequence σ of length |σ| = h and of duration th is defined as σ = T(j1, t1)T(j2, t2)T(jh, th) where j1, ... jh are the indices of the transitions, and t1, ..., th represent the dates of the firings that satisfy 0 ≤ t1t2 ≤ … ≤ th. The timed firing sequence σ fired at M leads to the timed trajectory , M):
(σ, M) = M(0) [T(j1, t1) > M(1)…. M(h-1) [T(jh, th) > M(h)
with M(0) = M. Note that, under earliest firing policy, an untimed trajectory of the form of Equation (2) that contains only controllable transitions can be transformed in a straightforward way into a timed trajectory of the form of Equation (5) of minimal duration [20,21] using Algorithm 1. This algorithm also returns DURATION(σ, M) = th.
Algorithm 1. Transformation of an untimed trajectory ,M) into timed one (σ’,M).
(Inputs: σ, M, G, Dmin,; Output: σ’, τ)
  • initialization: τ ← 0; CAL ← {(Tj, dmin j) at M [ Tj >}, σ’ ← (ε,0), h ← | σ |
  • for k from 1 to h
  •  find in CAL the date τk of the earliest occurrence of the kth transition T(jk) in σ
  • ττk, remove entry (T(jk), τk) in CAL
  • CALnew ← Ø, M’M’ − WPR.X(T(jk))
  •  for all T’ at M’ [ T’ >
  •   compute the enabling degree n’(T’, M’) of T’ at M’
  •   for j from 1 to n(T’, M’)
  •    find the jth occurrence (T’, τ’j) of T’ in CAL
  •    CALnewCALnew ∪ (T,’ max(τ’j, τ))
  •   end for
  •  end for
  • M”M’ + WPO.X(T(jk))
  •  for all t” at M” [ T” >
  •   compute the enabling degree n”(T”, M”) of T” at M”
  •   for j from 1 to n”(T”, M”) − n’(T”, M’)
  •    CALnewCALnew ∪ (T”, τ + dmin(T”))
  •   end for
  •  end for
  • CALCALnew, σ’σ’ (T(jk), τk)
  • end for
  • ττh

2.4. Belief and Probability of Trajectory Deviation

The objective of this section is to evaluate the risk that uncontrollable firings may occur during the execution of the trajectory , MI) and deviate the trajectory from the reference. For PCont-TPNs, this risk is evaluated with the belief RB(σ, MI, TC):
RB(σ, MI, TC) = hNC/h
where hNC is the number of intermediate dangerous markings in , MI) and h is the number of markings visited by , MI). For PCont-SPNs, the belief RB(σ, MI, TC) is replaced by the probability RP(σ, MI, TC) that can be computed with Proposition 1:
Proposition 1.
Let <G, MI, Dmin, μ> be a PCont-SPN, under the earliest firing policy, with MI a legal robust marking. Let Mref be a reference marking and (σ, MI) be a legal trajectory to Mref. The probability RP(σ, MI, TC) that (σ, MI) deviates from the reference is given by:
R P ( σ , M I , T C ) = 1 k 1 h π ( k 1 ) 1 k 1 < k 2 h ( π ( k 1 ) . π ( k 2 ) ) + + ( 1 ) h 1 . 1 k 1 < < k h 1 h ( π ( k 1 ) π ( k h 1 ) ) + ( 1 ) h . π ( 1 ) π ( h )
π ( k ) = T j T N C ( M ( k ) ) ° μ j T j T N C ( M ( k ) ) ° μ j + ( d j k ) 1
if djk 0, otherwise π(k) = 0, and djk = tk+1tk is the remaining time to fire T(jk+1, tk+1) at date tk.
RP(σ, MI, TC) is the probability to fire uncontrollable transitions when dangerous markings belong to , MI).
Consider the trajectory of Figure 2. Under earliest firing policy, the probability that the uncontrollable transition TNC1 or TNC2 fires before T(jk+1, tk+1) and that the trajectory deviates from Mref at M(k) is given by:
π ( k ) = P r o b ( T N C 1   or   T N C 2   fires   before   T ( j k + 1 ,   t k + 1 ) ) = μ 1 + μ 2 μ 1 + μ 2 + ( d j k ) 1
if djk 0, otherwise Prob(TNC1 or TNC2 fires before T(jk+1, tk+1)) = 0. Note that if the controllable transition T(jk+1, tk+1) fires earliest after a duration djk, then the probability π(k) is computed by considering the approximation 1/djk of the mean firing rate of T(jk+1, tk+1). Note also that the duration of other controllable transitions enabled at M(k) (for example, TC2 in Figure 2) are not considered because this transition does not belong to , MI). Alternatively the probability that the trajectory continues to M(k+1) at M(k) is given by:
1 π ( k ) = P r o b ( T ( j k + 1 ,   t k + 1 )   fires   before   T N C 1   and   T N C 2 ) = ( d j k ) 1 μ 1 + μ 2 + ( d j k ) 1
Thus, RP(σ,MI,TC) is finally given by:
R P ( σ , M I , T C ) = π ( 0 ) + ( 1 π ( 0 ) ) ( π ( 1 ) + ( 1 π ( 1 ) ) π ( h ) ) )
for which an exhaustive development is easily rewritten as in Equation (7).

2.5. Model Predictive Control for PCont-TPNs

The determination of control sequences for untimed and timed PNs that contain only controllable transitions has been considered in our previous works [19,20] with a model predictive control (MPC) approach adapted for DESs. In this section, this approach is extended to PCont-TPNs (and consecutively to PCont-SPNs). At each step, the future trajectory is predicted from the current state. A sequence of control actions is computed by minimizing and the first action of the sequence is applied. Then prediction starts again from the new state reached by the system [25,26]. The cost function JFC(M, Mref) = (Dmin)T. X based on the temporal specification and on the evaluation X of the firing count vector, that leads to the reference Mref from the marking M, has been introduced in our previous work [21] to estimate the time to the reference. In this section, this cost function is rewritten for PCont-TPNs. For this purpose let us define GC and WC ∈ (Z) n×qC as the restrictions of G and W to the set of controllable transitions TC. The controllable firing count vector XC that satisfies Mref − M = WC.XC and minimizes JFC(M, Mref) = (Dmin)T.XC is obtained by solving an optimization problem with integer variables of reduced size qC-r where r is the rank of WC. A regular matrix PL ∈ (Z) n×n and a regular permutation matrix PR ∈ {0,1} qC×qC exists at:
W C = P L . W C . P R = ( W 11 W 12 W 21 W 22 )
with W11 ∈ (Z) r×r a regular upper triangular matrix with integer entries, and W21 = 0(n-r)×r, W22 = 0(n-r)×(qC-r) zero matrices of appropriate dimensions. For each MR(G, MI), solving Equation(10):
Min {(Dmin)T.XC : XC ∈ (N) qC at WC.XC = (Mref − M)}
is equivalent to solving Equation (11) and this leads to reduce the number of variables by r:
Min {F2.XC2 : XC2∈(N)qC−r at (W11)−1.W12.XC2(W11)−1.∆M1}
with F2 = (Dmin)T.(PR2 − PR1.(W11)−1.W12), PR = (PR1 | PR2), PL = ((PL1)T | (PL2)T)T and ∆M1 = PL1.(Mref − M). This reformulation results from the rewriting (∆M1T ∆M2T)T = PL.(Mref − M) and (XC1T XC2T)T = (PR)−1.XC with XC1 = (W11)−1.∆M1 (W11)−1.W12.XC2. The linear optimization problem (Equation (11)) has a solution with integer values as long as MrefR(GC, M) and the cost function JFC(M, Mref) based on firing count vector XC2 and on Dmin is defined by Equation (12):
JFC(M, Mref) = (Dmin)T.(PR1.(W11)−1.∆M1 + PR2.XC2 PR1.(W11)−1.W12.XC2)
As long as XC2 corresponds to a feasible and legal firing sequence σ to the reference (i.e., XC2 does not encode a spurious solution for Equation (11)), JFC(M, Mref) provides an upper bound of the duration of σ as proved with Proposition 2.
Proposition 2.
Let us consider a PCont-TPN (resp. PCont-SPN) of parameter Dmin (with respect to the parameters Dmin and μ), under the earliest firing policy. Let Mref be a reference marking and (σ, MI) a legal trajectory to Mref with σ ∈ TC* and minimal duration DURATION(σ, MI). Let XC(σ) ∈ (N) qC be the firing count vector of σ. Then:
DURATION(σ,MI) ≤ (Dmin)T.XC(σ)
, MI) is written as in Equation (5). T(j1, t1) is enabled at date 0 and fires at date t1 = dmin j1 to result in marking M(1). T(j2, t2) is enabled at date 0 or t1 and fires not later than t1 + dmin j2. Thus t2dmin j1 + dmin j2. The same reasoning is repeated h times. T(jh, th) is enabled at latest at date th-1 and fires not later than th-1 + dmin jh. Thus thdmin j1 + … + dmin jh. The minimal duration of , MI) is th, thus, Equation (13) holds.
The basic idea is to use JFC(M, Mref) to iteratively drive the search of the controllable firing sequence of minimal duration that leads to the reference. At each step (i.e., for each intermediate marking), a part of the controllable reachability graph is explored and a prediction of the remaining duration to the reference is obtained with cost function JFC(M, Mref) computed for each marking M of the explored graph. Then the first control action is applied (i.e., the next controllable transition fires). If an uncontrollable firing occurs, the trajectory deviates from the predicted one and the system enters in an unexpected state. However, the deviation is immediately taken into account by the controller that updates the control sequence at the next step. For this reason the proposed strategy leads to a dynamical and robust scheduling. Two algorithms already developed in our previous works [21,22] are used for that purpose.
Algorithm 2 similar to the one developed in [21,22] encodes as a tree Tree(M, H) a small part of the reachability graph rooted at M (Figure 3). The tree is limited in depth with parameter H and in duration with parameter Hτ.
Each node S = {m(S), σ(S), s(S), l(S), e(S)} ∈ Tree(M, H) is tagged with a marking m(S), the firing sequence σ(S) at M [σ(S) > m(S), and the sequence of nodes s(S) in the tree from M to m(S). In addition, the flags l(S) and e(S) are introduced at l(S) = 0 if S is forbidden, otherwise l(S) = 1 and e(S) = 1 if S is a terminal node of the tree, otherwise e(S) = 0. At each intermediate marking, Algorithm 2 returns the next transition T* to fire.
Algorithm 2. Computation of T* for PCont-TPNs.
(Inputs: M, Mref, GC, SPEC, F, H, Hτ ; Outputs: F, converge, exhaustive, T*)
  • if MF, S0 ← {M, ε, S0, 0, 1}, converge ← −2, else S0 ← {M, ε, S0, 1, 0}, end if
  • if M = Mref, S0 ← {M, ε, S0, 1, 1}, converge ← 1,  else S0 ← {M, ε, S0, 1, 0}, end if
  • TreeS0, S0, T*ε, exhaustive← 1
  • while Ǝ STree at l(S) = 1 and e(S) = 0,
  •  for each TTC at m(S) [T >
  •   compute the successor S’ of S by firing T, M’ at m(S) [t > M’, σ’σ(S) T, s’s(S) S’
  •   if (SPEC(M’) = 0) ∨ ((M’)°TC = Ø), FF∪{m(S)}, end if
  •   if (M’F) ∨ (S’s(S)),l ← 0, else l ← 1, end if
  •   if (l = 0) ∨ (M’ = Mref) ∨ (|σ’| = H) ∨ (DURATION(σ, M)> Hτ), e ← 1, else e←0, end if
  •   TreeTree ∪ { M’, σ’, s’, l, e}
  •  end for
  • end while
  • for h from H-1 to 0
  •  for each STree at |σ(S)| = h
  •   if (l(S’) = 0 for all direct successors S’ of S in Tree), l(S) ← 0, e(S) ← 1, end if
  •  end for
  • end for
  • for each STree at (l(S) = 0) ∧ (e(S) = 0)
  •  if Ǝ⏊ S’Tree at (S’ ≠ S) ∧ (m(S’) = m(S)) ∧ (l(S’) = 1), FF ∪ {m(S)}, end if
  • end for
  • for each STree st e(S) = 1, ∪ {S}, end if
  • *←{S* at JFC(m(S*), Mref) = min(JFC(m(S), Mref), for all S}
  • **←{S* at DURATION(σ(S*),M) = min(DURATION(σ(S),M)) for all S∑*}
  • if {S0} = **, converge ← −1, T*ε, else select T* as the first transition of σ(S*) with S***,
      converge ← 0, end if
  • for each S
  •  if (l(S) = 1) ∧ (e(S) = 1) ∧ (DURATION(σ(S),M) < Hτ), exhaustive ← 0, end if
  • end for
The complete control sequence σ* is obtained with Algorithm 3 similar to the one developed in [21,22] that adapts the parameter H in range [ 1   : H ¯ ] where H ¯ is an input parameter (Figure 4) that limits the maximal depth of the search in steps. This algorithm starts at initial marking MI, with no forbidden marking (i.e., F = Ø) and with minimal depth (i.e., H = 1). As long as convergence is ensured, T* is added to σ* and the current marking M is updated. Finally Algorithm 3 also evaluates the risk RP of the computed trajectory.
Algorithm 3. Control sequence computation for PCont-TPNs.
(Inputs: MI, Mref, G, TC, TNC, SPEC, Dmin, μ, H ¯ ,Hτ ; Outputs: σ*, success, RP)
  • MMI, converge ← 0, σ*ε, H ← 1, F ← Ø, success ← 1
  • while (converge < 1)
  •  compute converge, exhaustive and T*TC and update F  with Algorithm 2
  •  if (converge = 0)^((exhaustive = 1) ∨ (( exhaustive = 0)^(H = H ¯ ))),
  •   compute σ*σ* T* and M at MI [σ* > M
  •   H ← max( 1 , H-1)
  •  end if
  •  if ((converge = −1) ∧ (H = H ¯ )) ∨ ( converge = −2),
  •   if (MMI),
  •    remove last transition in σ* and compute M at MI[σ* > M
  •   else
  •   if (converge = −2), success ← −2, else success ← −1,end if
  •   break
  •   end if
  •  end if
  •  if ((H = H ¯ ) ∧ (converge = 0) ∧ (exhaustive = 0)), success ← 0, end if
  •  if (H < H ¯ ) ∧ ((converge = −1) ∨ ((converge = 0) ∧ (exhaustive = 0)),  HH + 1, end if
  • end while
  • compute RP with (7)
Note that the complexity of Algorithm 3 is at most O(h. q C H ¯ ) where h = |σ*|.
Example 1.
PCont-SPN1 is considered with TC = {T1, T2, T3, T4, T5, T6}, TNC = {T7}, Dmin = (1, 1, 1, 1, 1, 5)T and μ = μ7 = 1 (Figure 5). The control objective is to reach Mref = (5 0 0 0)T from MI = (1 0 0 0)T and no additional marking constraint is considered. The cycles {P1, T1, P2, T2} and {P1, T3, P3, T4} are both token producers due to the weighted arcs: the execution of {P1, T3, P3, T4} multiplies each token by 5 compared to {P1, T1, P2, T2} that multiplies it by 2 only. Thus, sequences with cycle {P1, T3, P3, T4} will reach the reference more rapidly. However, the uncontrollable transition T7 may fire during execution of this cycle which leads to an excessive production of tokens. The cycle {P1, T5, P4, T6} which is a token consumer, is then used to correct the excessive number of tokens. Note that the execution of this last cycle is slow compared to the two other ones due (a) to the firing duration of T6 that is five times larger than the duration of the other transitions; and (b) to the presence of the selfloop {T5, P8} that limits the number of simultaneous firings of T5 to one (whereas the other transitions may fire several times simultaneously according to the infinite server semantic).
The optimal timed sequence to reach Mref is given by σ1 = T(3, 1)(T(4, 2))5 with duration DURATION(σ1, MI) = 2 time units (TUs). If no unexpected firing of T7 occurs, Algorithm 3 applied with TC leads to σ1. However, if unexpected firings of T7 occur, the trajectory is disturbed and requires more time to reach the reference. Figure 6 is an example of trajectory including one firing of T7 at date 1.6 TUs. The rest of the control sequence is updated in order to compensate the deviation so that the marking finally reaches Mref in 48.6 TUs instead of 2 TUs.
Figure 6 illustrates the systematic updating of the optimization process at each step (i.e., for each new firing). Consequently the firing of an uncontrollable transition at a given step k changes the future predictions, and the control actions computed at steps k + 1, k + 2, ... compensate the deviation as long as a controllable trajectory exists from the current marking to Mref.

2.6. Robust Scheduling

In order to compute robust trajectories that cannot deviate from the reference, the controller should avoid dangerous intermediate markings and consider only legal trajectories with robust markings (i.e., with zero-risk belief or probability). The difficulty in this computation is that the intermediate markings are computed step-by-step and these markings are known in advance only within a small time window provided by the part of the reachability graph, of depth H, explored at each step. During the prediction phase of MPC, only the remaining firing count vector to the reference is determined and this vector does not provide the risk belief or risk probability of the future trajectory. Proposition 3 provides a sufficient condition to ensure that the computed trajectory visits only robust markings. For this purpose, let us define TRC = {TjTC at (Tj°)° ⊆ TC} where (Tj°)° = ∪ {Pi°:PiTj°}.
Proposition 3.
Let us consider a Pcont-TPN (or Pcont-SPN). Let (σ, MI) be a trajectory such that (MI)° ⊆ TC. If σ ∈ TRC* then (σ, MI) is a robust legal trajectory.
Note at first that (MITC implies that the net has no uncontrollable source transition (i.e., °Tj ≠ Ø for all TjTNC). Then, , MI) is written as in Equation (5): σ = MI [T(j1, t1) > M(1)…. > M(h). Assume that there exists Tj ∈ (M(1))° such that TjTNC. Tj is necessarily enabled by the firing of T(j1, t1) because Tj is not enabled at MI. As Tj is not a source transition, there exists a place Pi ∈ °Tj whose marking increases by firing T(j1, t1) and consequently Pi ∈ (T(j1, t1))°. As TjPi°, Tj ∈ ((T(j1, t1))°)°. Thus TjTC that is contradictory with assumption and (M(1))° ⊆ TC. Repeating successively the same reasoning up to M(h), one can conclude that (M(k))° ⊆ TC, k = 0,…,h, and that , MI) is a robust legal trajectory.
Note that robust legal trajectories are computed with Algorithms 2 and 3 by replacing WC ∈ (Z) n×qC with WRC ∈ (Z) n×qRC (i.e., the restriction of W to the set of robust controllable transitions TRC) in the determination of JFC(M, Mref).
Note also that the set TRC is easy to obtain by checking for each transition Tj if the condition Xj.(WPO)T.WPR.(0 | IqNC)T = 0 is satisfied or not, with Xj the firing count vector of Tj and IqNC the identity matrix of size qNC:
TRC = {TjTC at Xj.(WPO)T.WPR.(0 | IqNC)T = 0 }
Example 2.
Let us consider again Pcont-SPN1 of Figure 5. In order to avoid any deviation, TRC = {T1, T2, T4, T5, T6} is considered instead of TC. Algorithm 3 applied with WRC ∈ (Z) n×qRC leads to σ2 = T(1, 1)(T(2, 2))2(T(1, 3))2(T(2, 4))4T(1, 5)(T(2, 6))2 that has a duration DURATION(σ2, MI) = 6 TUs larger than DURATION(σ1, MI).
The decision to prefer the control sequence σ2 instead of σ1 depends on the risk of both control strategies. Table 1 reports the values of RB and RP for both sequences σ1 and σ2 with respect to several values of μ. From Table 1, one can notice that the sequence σ2 that is non-optimal in time has the advantage to be robust compared to σ1. It cannot be perturbed by any unexpected firing. Note also that the risk probability of σ1 depends strongly on the dynamic of the random firing of uncontrollable transition T7. Note finally that computing RP instead of RB provides a better evaluation of that risk.
Table 2 reports the mean duration d of control sequences depending on μ7 for three scenarios. All sequences are computed with MI = (1 0 0 0)T and Mref = (5 0 0 0)T and parameters H ¯ = 1, Hτ = 1. In scenario 1 all transitions are assumed to be controllable. In scenarios 2 and 3, TC = {T1, T2, T3, T4, T5, T6}. Algorithm 3 is applied with TC in scenario 2 whereas it is applied with TRC = {T1, T2, T4, T5, T6} in scenario 3. Simulations with scenario 2 are repeated 10 times to obtain a significant average duration. One can notice the advantage to compute a robust sub-optimal trajectory with scenario 3, which provides better result from μ7 = 0.5. When μ7 increases, the mean duration of T7 firings decreases and the probability to fire T7 before T4 increases; consequently, the number of perturbations increases and the mean duration of the global trajectory also increases due to the execution of the cycle {P1, T5, P4, T6}.

3. Results

Pcont-SPN2 (Figure 7) is the timed model of a production system that processes a single type of products according to two possible jobs [27,28]. The first job is composed of the transitions t1 to t8, and the second one by the transitions t9 to t14. In the first job the transitions T1, T3, T4, T6, T7, T8 represent the operations in successive machines and the places P1, P2, P4, P6, P7, T8 are intermediate buffers where products are temporarily stored. The initial marking of place P1 represents the maximal number of products that can be simultaneously processed by the Job 1. In the second job the transitions T9, T10, T11, T12, T13, T14 represent the operations in successive machines and the places P8, P9, P10, P11, P12, T13 are intermediate buffers. The initial marking of place P8 represents the maximal number of products that can be simultaneously processed by the Job 2. Job 1 could be altered by a server failure whereas Job 2 could not. The occurrence of this failure is represented by the firing of the subsequence T2T5 instead of T3T4. Note that the faults under consideration are not blocking the system, but they delay the cycle time. Consequently the nominal sequence T1 T3 T4 T6 T7 T8 may be altered when an unexpected firing of T2 occurs that leads to the perturbed behavior T1 T2 T5 T6 T7 T8 with an excessive global duration. The six resources p14 to p19 have limited capacities: m(p14) = m(p15) = m(p16) = m(p17) = m(p18) = m(p19) = 1. The places p20 and p21 represent the input and output buffers, respectively, that contain the number of products to be processed either by Job 1 or Job 2. The temporal specifications are given by Dmin = (1 1 2 20 1 1 1 3 3 3 3 3 3)T for TC = T/{T2} and by μ2 = 1.
Control sequences are computed with MI = 3P1 + 3P8 + 1P14 + 1P15 + 1P16 + 1P17 + 1P18 + 1P19 + kP20 and Mref = 3P1 + 3P8 + 1P14 + 1P15 + 1P16 + 1P17 + 1P18 + 1P19 + kP21 where k is a varying parameter. The results are reported in Table 3 for H ¯ = 5 and Hτ = 20.
Another time, three scenarios are considered: in scenario 1 all transitions, including T2, are assumed to be controllable with dmin 2 = 1. In scenario 2, TC = T/{T2} and Algorithm 3 is applied with TC. In scenario 3 Algorithm 3 is applied with TRC = T/{T1, T2}. Note, at first, that due to the numerical values of the firing parameters, the cost function prefers Job 1 that has a global duration of 7 TUs to process one product compared to Job 2, which has a global duration of 18 TUs (without considering the constraints due to the limited resources). Thus scenario 1 corresponds to the iterated execution of Job 1. For scenario 2, μ2 = 1 and dmin 3 = 1: consequently the probability that an unexpected firing of T2 occurs is 0.5. When such a firing occurs the long firing duration dmin 5 = 20 of T5 compared to dmin 4 = 2 alters the global duration required to process the product. This explains that scenario 2 leads to longer sequences compared to scenario 1. Scenario 3 is also tested in a stochastic context with the same value of parameters μ2 = 1 and dmin 3 = 1. However, the restriction of the control actions in set TRC prefers systematically Job 2 that is robust to the perturbations. Note also that the global duration for k = 15 and k = 20 is better with scenario 3 than with scenario 2. This is due to the partial exploration of the reachability graph and to the approximation of the remaining sequence duration with cost function JFC that provide solutions with no warranty of optimality.

4. Discussion

As mentioned in the previous section, the solutions returned by Algorithm 3 are not optimal solutions in a systematic way. The performance of the algorithm depends on the two input parameters: H ¯ , which limits the exploration in depth, and Hτ, which limits the search in duration. If the depth H is too small, Algorithm 2 returns the flag converge = −1 or exhaustive = 0 and Algorithm 3 increases H in the range [1: H ¯ ]. On the contrary, if H is too large, then the iterative use of Algorithm 2 certainly reaches Mref but the computational effort is uselessly high. In that case, Algorithm 3 decreases H in the range [1: H ¯ ]. Consequently, the aim of Algorithm 3 is to adapt at each step the depth of the search to maintain converge = 0 and exhaustive = 1 or converge = 1. Table 4 reports the performance in function of the parameters H ¯ and Hτ for Pcont-SPN2 with MI = 3P1 + 3P8 + 1P14 + 1P15 + 1P16 + 1P17 + 1P18 + 1P19 + 5P20, Mref = 3P1 + 3P8 + 1P14 + 1P15 + 1P16 + 1P17 + 1P18 + 1P19 + 5P21, and TC = T. The duration of the control sequences and the computational time required to compute the sequences with Algorithm 3 are reported for an Intel Core i7-46000 CPU at 2.1–2.7 GHz.
Note that optimal solutions can be searched in a systematic way instead of using Algorithm 3 considering the extended timed reachability graph [29,30,31]. Such a graph contains not only the different markings but also the different timed sequences (a given marking can be reached by several sequences with different durations). Table 5 illustrates the rapid increase of the complexity to build such a graph depending on the initial marking MI = 3P1 + 3P8 + 1P14 + 1P15 + 1P16 + 1P17 + 1P18 + 1P19 + kP20 when k increases. For each value of k, the number of nodes as the computational time required to compute the graph, are reported for the usual reachability graph and for the timed reachability graph. Table 5 shows that such a method is no longer suitable for large systems. This motivates the proposed approach.

5. Conclusions

A method has been proposed to compute control sequences for discrete events systems in uncertain environments. The method uses timed PNs under an earliest firing policy with controllable and uncontrollable transitions as a modeling formalism that is easy to adapt to various problems. The obtained solutions are minimal or near-minimal in duration. Moreover, for each returned solution, the risk to fire uncontrollable transitions is evaluated. Another advantage of the proposed approach is to limit the computational complexity of the algorithm by limiting the part of the reachability graph that is expanded even if the initial marking and reference marking are far from each other, and if deadlocks and dead branches are a priori unknown for the controller. Thanks to the risk evaluation, a robust scheduling becomes computable under some additional assumptions.
In our next works, the research effort will concern, at first, the definition of the cost function that will be improved to provide a more accurate approximation of the remaining time to the reference. The sensitivity of the performance with respect to H will be also studied. We will also include the risk evaluation in the cost function to obtain trajectories of low risk level.


The Project MRT MADNESS 2016-2019 has been funded with the support from the European Union with the European Regional Development Fund (ERDF) and from the Regional Council of Normandie.

Conflicts of Interest

The authors declare no conflict of interest.


  1. Garey, M.R.; Johnson, D.S.; Sethi, R. The complexity of flowshop and jobshop scheduling. Math. Oper. Res. 1976, 1, 117–129. [Google Scholar] [CrossRef]
  2. Johnson, S.M. Optimal two-and three-stage production schedules with setup times included. Nav. Res. Logist. Q. 1954, 1, 61–68. [Google Scholar] [CrossRef]
  3. Baker, K.R.; Trietsch, D. Principles of Sequencing and Scheduling; John Wiley & Sons: Hoboken, NJ, USA, 2009. [Google Scholar]
  4. Lopez, P.; Roubellat, F. Production Scheduling; ISTE: Arlington, VA, USA, 2008. [Google Scholar]
  5. Leung, J.Y. Handbook of Scheduling: Algorithms, Models, and Performance Analysis; Chapman & Hall/CRC Computer & Information Science Series: New Delhi, India, 2004; ISBN 9781584883975. [Google Scholar]
  6. Cassandras, C. Discrete Event Systems: Modeling and Performances Analysis; Aksen Ass. Inc. Pub.: Homewood, IL, USA, 1993. [Google Scholar]
  7. David, R.; Alla, H. Petri Nets and Grafcet—Tools for Modelling Discrete Events Systems; Prentice Hall: London, UK, 1992. [Google Scholar]
  8. Chretienne, P. Timed Petri nets: A solution to the minimum-time-reachability problem between two states of a timed-event-graph. J. Syst. Softw. 1986, 6, 95–101. [Google Scholar] [CrossRef]
  9. Lee, D.Y.; DiCesare, F. Scheduling flexible manufacturing systems using Petri nets and heuristic search. IEEE Trans. Robot. Autom. 1994, 10, 123–133. [Google Scholar] [CrossRef]
  10. Sun, T.H.; Cheng, C.W.; Fu, L.C. Petri net based approach to modeling and scheduling for an FMS and a case study. IEEE Trans. Ind. Electron. 1994, 41, 593–601. [Google Scholar]
  11. Reyes-Moro, A.; Kelleher, H.H.G. Hybrid Heuristic Search for the Scheduling of Flexible Manufacturing Systems Using Petri Nets. IEEE Trans. Robot. Autom. 2002, 18, 240–245. [Google Scholar] [CrossRef]
  12. Xiong, H.H.; Zhou, M.C. Scheduling of semiconductor test facility via Petri nets and hybrid heuristic search. IEEE Trans. Semicond. Manuf. 1998, 11, 384–393. [Google Scholar] [CrossRef]
  13. Jeng, M.D.; Chen, S.C. Heuristic search approach using approximate solutions to Petri net state equations for scheduling flexible manufacturing systems. Int. J. FMS 1998, 10, 139–162. [Google Scholar]
  14. Wang, Q.; Wang, Z. Hybrid Heuristic Search Based on Petri Net for FMS Scheduling. Energy Proced. 2012, 17, 506–512. [Google Scholar] [CrossRef]
  15. Zhang, W.; Freiheit, T.; Yang, H. Dynamic scheduling in flexible assembly system based on timed Petri nets model. Robot. Comput. Integr. Manuf. 2005, 21, 550–558. [Google Scholar] [CrossRef]
  16. Hu, H.; Li, Z. Local and global deadlock prevention policies for resource allocation systems using partially generated reachability graphs. Comput. Ind. Eng. 2009, 57, 1168–1181. [Google Scholar] [CrossRef]
  17. Abdallah, B.; ElMaraghy, H.A.; ElMekkawy, T. Deadlock-free scheduling in flexible manufacturing systems. Int J. Prod. Res. Vol. 2002, 40, 2733–2756. [Google Scholar] [CrossRef]
  18. Lei, H.; Xing, K.; Han, L.; Xiong, F.; Ge, Z. Deadlock-free scheduling for flexible manufacturing systems using Petri nets and heuristic search. Comput. Ind. Eng. 2014, 72, 297–305. [Google Scholar] [CrossRef]
  19. Lefebvre, D.; Leclercq, E. Control design for trajectory tracking with untimed Petri nets. IEEE Trans. Autom. Control 2015, 60, 1921–1926. [Google Scholar] [CrossRef]
  20. Lefebvre, D. Approaching minimal time control sequences for timed Petri nets. IEEE Trans. Autom. Sci. Eng. 2016, 13, 1215–1221. [Google Scholar] [CrossRef]
  21. Lefebvre, D. Deadlock-free scheduling for Timed Petri Net models combined with MPC and backtracking. In Proceedings of the IEEE WODES 2016, Invited Session “Control, Observation, Estimation and Diagnosis with Timed PNs”, Xi’an, China, 30 May–1 June 2016; pp. 466–471. [Google Scholar]
  22. Lefebvre, D. Deadlock-free scheduling for flexible manufacturing systems using untimed Petri nets and model predictive control. In Proceedings of the IFAC—MIM, Invited Session “DES for Manufacturing Systems”, Troyes, France, 28–30 June 2016. [Google Scholar]
  23. Ramchandani, C. Analysis of Asynchronous Concurrent Systems by Timed Petri Nets. Ph.D. Thesis, MIT, Cambridge, MA, USA, 1973. [Google Scholar]
  24. Molloy, M.K. Performance analysis using stochastic Petri nets. IEEE Trans. Comput. C 1982, 31, 913–917. [Google Scholar] [CrossRef]
  25. Richalet, J.; Rault, A.; Testud, J.; Papon, J. Model predictive heuristic control: Applications to industrial processes. Automatica 1978, 14, 413–428. [Google Scholar] [CrossRef]
  26. Camacho, E.; Bordons, A. Model Predictive Control; Springer: London, UK, 2007. [Google Scholar]
  27. Uzam, M. An optimal deadlock prevention policy for flexible manufacturing systems using Petri net models with resources and the theory of regions. Int. J. Adv. Manuf. Technol. 2002, 19, 192–208. [Google Scholar] [CrossRef]
  28. Chen, Y.; Li, Z.; Khalgui, M.; Mosbahi, O. Design of a Maximally Permissive Liveness-Enforcing Petri Net Supervisor for Flexible Manufacturing Systems. IEEE Trans. Aut. Science and Eng. 2011, 8, 374–393. [Google Scholar] [CrossRef]
  29. Berthomieu, B.; Vernadat, F. State Class Constructions for Branching Analysis of Time Petri Nets. In Proceedings of the Ninth International Conference on Tools and Algorithms for the Construction and Analysis of Systems TACAS 2003, Warsaw, Poland, 7–11 April 2003; Springer: New York, NY, USA, 2003; Volume 2619, pp. 442–457. [Google Scholar]
  30. Gardey, G.; Roux, O.H.; Roux, O.F. Using Zone Graph Method for Computing the State Space of a Time Petri Net. In Proceedings of the International Conference on Formal Modeling and Analysis of Timed Systems FORMATS 2003, Marseille, France, 6–7 September 2003; Springer: Berlin/Heidelberg, Germany, 2003; Volume 2791, pp. 246–259. [Google Scholar]
  31. Klai, K.; Aber, N.; Petrucci, L. A New Approach to Abstract Reachability State Space of Time Petri Nets. In Proceedings of the 20th International Symposium on Temporal Representation and Reasoning, Pensacola, FL, USA, 26–28 September 2013. [Google Scholar]
Figure 1. Examples of robust (R), dangerous (D) and forbidden (F) markings in R(G, MI) depending on the controllable (TC) and uncontrollable transitions (TNC).
Figure 1. Examples of robust (R), dangerous (D) and forbidden (F) markings in R(G, MI) depending on the controllable (TC) and uncontrollable transitions (TNC).
Processes 05 00054 g001
Figure 2. An example of dangerous trajectory: M(k) enables two controllable transitions T(k + 1) and TC2 and two uncontrollable ones TNC1 and TNC2.
Figure 2. An example of dangerous trajectory: M(k) enables two controllable transitions T(k + 1) and TC2 and two uncontrollable ones TNC1 and TNC2.
Processes 05 00054 g002
Figure 3. Computation of the next transition to fire with Algorithm 2.
Figure 3. Computation of the next transition to fire with Algorithm 2.
Processes 05 00054 g003
Figure 4. MPC global schema with Algorithm 3.
Figure 4. MPC global schema with Algorithm 3.
Processes 05 00054 g004
Figure 5. Example PCont-SPN1.
Figure 5. Example PCont-SPN1.
Processes 05 00054 g005
Figure 6. Cost function JFC for a controlled sequence disturbed by an unexpected firing of T7 with respect to time (TUs).
Figure 6. Cost function JFC for a controlled sequence disturbed by an unexpected firing of T7 with respect to time (TUs).
Processes 05 00054 g006
Figure 7. Pcont-SPN2 model of a manufacturing system [28].
Figure 7. Pcont-SPN2 model of a manufacturing system [28].
Processes 05 00054 g007
Table 1. Deviation risk for σ1 and σ2.
Table 1. Deviation risk for σ1 and σ2.
μ7 = 0.1μ7 = 1μ7 = 10
σ15/6 = 0.831/3 = 0.335/6 = 0.8350/51 = 0.98
Table 2. Performance of Algorithm 3 with Pcont-SPN1: average sequence duration (TUs).
Table 2. Performance of Algorithm 3 with Pcont-SPN1: average sequence duration (TUs).
Scenario 122222
Scenario 22.020.357.2125.4228.5
Scenario 366666
Table 3. Performance of Algorithm 3 with Pcont-SPN2: average sequence duration (TUs).
Table 3. Performance of Algorithm 3 with Pcont-SPN2: average sequence duration (TUs).
kScenario 1Scenario 2Scenario 3
Table 4. Performance of Algorithm 3 with respect to parameters H ¯ and Hτ for PCont-SPN2, sequence duration (TUs) and computational time (s).
Table 4. Performance of Algorithm 3 with respect to parameters H ¯ and Hτ for PCont-SPN2, sequence duration (TUs) and computational time (s).
H ¯ /Hτ123456
582 (0.9 s)86 (0.8 s)68 (1 s)68 (1.2 s)68 (1.3 s)68 (1.3 s)
1082 (0.9 s)86 (0.8 s)76 (1.5 s)76 (2.5 s)76 (4.7 s)76 (7.9 s)
1582 (1 s)86 (0.9 s)63 (2.1 s)63 (3.5 s)63 (9.4 s)63 (16.1 s)
2082 (1 s)86 (0.8 s)45 (2.6 s)45 (4.7 s)45 (10.7 s)45 (20.6 s)
Table 5. Complexity of the exhaustive exploration of control sequences for PCont-SPN2, the number of nodes and the computation time (s).
Table 5. Complexity of the exhaustive exploration of control sequences for PCont-SPN2, the number of nodes and the computation time (s).
k Usual Reachability GraphExtended Reachability Graph
5698 (1.4 s)2208 (106 s)
101963 (11 s)6848 (1827 s)
153268 (29 s)

© 2017 by the author. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (
Processes EISSN 2227-9717 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top