SCALABLE DEADLOCK AVOIDANCE ALGORITHMS FOR FLEXIBLE MANUFACTURING SYSTEMS. A Dissertation Presented to. The Faculty of the

Transcription

1 SCALABLE DEADLOCK AVOIDANCE ALGORITHMS FOR FLEXIBLE MANUFACTURING SYSTEMS A Dissertation Presented to The Faculty of the Fritz J. and Dolores H. Russ College of Engineering and Technology Ohio University In Partial Fulfillment of the Requirement for the Degree Doctor of Philosophy Wenle Zhang June, 2000 OHIO UNIVERSITY LIBRARY

2 Wenle Zhang All Rights Reserved

3 Acknowledgement 1V The years with the School of Electrical Engineering and Computer Science at Ohio University have given me a lot intellectual inspiration. The faculty and staff members are always kind and helpful. First of all I would like to thank my advisor Dr. Robert Judd for his excellent guidance. He has been a source of constant encouragement and he has always been willing to share his time in creative discussions during the progress of my work. Second, I want to thank Paul Deering for the helpful discussions we have held and the literature sharing. I am also thankful to several people who have read and commented the manuscript. In addition, I would like to thank my parents and my grandpa for their nurture. Finally, I would like to thank my wife Jinfen and my son Tiancheng for all their love and support.

4 Contents Acknowledgements... iv... List of Figures... VIII.. List of Tables... x~i CHAPTER 1 INTRODUCTION DEADLOCK PHENOMENA Deadlock in Our Daily Life Deadlock in Computer Systems Deadlock in Flexible Manufacturing Systems SYSTE MODELING The Petri Net Model The Graph Theoretic Model DEADLOCK HANDLING METHODS FOR MANIJFAC'TURING SYSTEMS Deadlock Handling Methods Based on Petri Nets... I Deadlock Handling Methods Based On Digraphs DEADLOCK HANDLING METHODS TO BE DEVELOPED CHAPTER 2 MODELING SYSTEM FOR DEADLOCK ANALYSIS THE FLEXIBLE MANUFACTURING SYSTE MODEL The FMS Model Representation of Process Plans with Choices The Graph Theoretic Model SYSTEM STATE SPACE ANALYSIS The Resource State System State Space System Event Space Reachability Analysis DEADLOCK AND DEADLOCK AVOIDANCE... 53

5 vi FMS Deadlock State Space Partition Deadlock Avoidance Optimal Deadlock Avoidance Policy CHAPTER 3 DEADLOCK AVOIDANCE ALGORITHMS FOR FLEXIBLE MANUFACTURING SYSTEMS WITH FREE CHOICES IN PART ROUTING PROPERTIES OF THE SYSTEM GRAPH Basic Concepts on the WRG Structural Properties Dynamic Properties Dynamic Path (Subgraph) Construction ANALYSIS OF POTENTIAL MOVES Basic Safe Moves Moves Based on the Construction of a Dynamic Subgraph TIE DEADLOCK DETECTION ALGORIT'I-IM The OR Tree Dynamic Path Status The Stop-Check-and-Go The Algorithm Dynamo Explanation of Algorithms Analysis of Algorithm Dynamo Algorithm Empty-system Algorithm Live EXAMPLES AND DISCUSSION CHAPTER 4 DEADLOCK AVOIDANCE ALGORITHMS FOR FLEXIBLE MANUFACTURING SYSTEMS WITH MIXED CHOICES IN PART ROUTING CONDITIONAL CHOICE CLASSIFICATION C)F PART MOVEMENTS ENABLED PATH AND RATC~TING

6 vii Enabled Path Finding an Enabled Path and the Path Tree ALGORITHMS TO FIND AN ENABLED PATH AND TO RATCHET Listing of Algorithms Explanations of Algorithms Analysis of Algorithms THE DEADLOCK DETECTION ALGORITHM Dynamic Path and Statuses The AND-OR Tree The Algorithm Dynamo Algorithm Listing Explanation of Algorithms Analysis of Algorithm dynamo Algorithm Empty-system Algorithm Live EXAMPLES AND DISCUSSION CHAPTER 5 COMPARISONS AND CASE STUDIES COMPARISONS BETWEEN PETRI NET AND DIGRAPH WITH OTHER METHODS COMPARISONS Brief Review of Selected Methods Comparisons by Case Studies CONCLUSIONS REFERENCES ABSTRACT

7 List of Figures Figure 1.1 Traffic jam. deadlock in daily life... 2 Figure 1.2 Deadlock in computer systems... 3 Figure 1.3 Deadlock in manufacturing system... 3 Figure 1.4 A simple PN example... 7 Figure 1.5 An example graph model... 9 Figure 1.6 Reachability graph Figure 1.7 Production Petri Net example Figure 1.8 A CPPN example... I6 3 Figure 1.9 Example of a corltrolled S PR Figure A controlled Petri net Figure 1.11 Simple example of PME Figure 1.12 An example WRG Figure 1.13 Illustration of part flow deadlock Figure 1.14 Illustration of system status graph Figure 1.15 An example WRG Figure 2.1 Example process plan with choice Figure 2.2 WRG for example Figure 2.3 WRG for example Figure 2.4 Deadlock demonstration Figure 2.5 State space partitions Figure 2.6 WRG for example Figure 2.7 Reachability graph 63 Figure 3.1 Classification of moves Figure 3.2 Three types of branches at a multiple capacity resource Figure 3.3 Dynamic sub-graph with free choices Figure 3.4 A canonical semi-closed path example Figure 3.5 A multiple CSC example Figure 3.6 A parallel CSC example Figure 3.7 A multi-level CSC example... 70

8 1X Figure 3.8 A serial CSC example Figure 3.9 An iterative CSC example Figure 3.10 A complicated CSC example Figure 3.11 CSC reduction illustration example Figure 3.12 Example for class 6 - undetermined move Figure 3.13 Example for class 7. undetermined move Figure 3.14 Example for class 8. undetermined move Figure 3.15 An OR tree example Figure 3.16 Stop-check-and-go example Figure 3.17 Sub tree and status/space back propagation Figure Stop-check-and-go and the OR tree Figure 3.19 Multiple undetermined-0 moves Figure 3.20 System graph and the OR tree for example Figure 3.21 System graph and the OR tree for example Figure 3.22 System graph and the OR tree for example Figure 4.1 Part splitting example Figure 4.2 Part fully merging example Figure 4.3 Part partially merging example Figure 4.4 Part splitting and merging example Figure 4.5 Conditional deadlock examples Figure 4.6 Classification of part movements Figure 4.7 Class 5 and class 5b examples Figure 4.8 Serial enabled path and ratcheting Figure 4.9 Parallel enabled path and ratcheting Figure 4.10 Conditional choice part on an enabled path Figure A diverging point on an enabled path Figure 4.12 Conditional choice part X and A are in conflict requesting resource r Figure 4.13 Rule 1 for finding an enabled path Figure 4.14 Rule 2 for finding an enabled path Figure 4.15 Advantage of pairing a parent's next step with a child node Figure 4.16 An example path tree

9 S Figure 4.17 Two types of parallel enabled paths Figure 4.18 Two types of closed paths Figure 4.19 Example serial enabled paths Figure 4.20 Example parallel enabled paths Figure P and T in Stage 1) for example Figure 4.22 P and T in Stage 2) for example Figure 4.23 P and T in Stage 3) for example Figure 4.24 P and T in Stage 4) for example Figure 4.25 P and T in Stage 5) for example Figure 4.26 Simple conditional choice example Figure 4.27 Con~plicated conditional choice example Figure 4.28 An AND-OR tree example Figure 4.29 Sub tree and statuslspace back propagation Figure 4.30 WRG for Example Figure The AND-OR tree for example Figure 4.32 Enabled path example Figure 4.33 Enabled path and broken path example Figure 4.34 No qualifying enabled path Figure 5.1 Petri net for example Figure 5.2 WRG for example Figure 5.3 Petri net for example Figure 5.4 WRG for example Figure 5.5 Petri net for example Figure 5.6 The WRG for example Figure 5.7 Petri net example for SIPHON Figure 5.8 Impending deadlock without a bounded circuit Figure 5.9 Petri net & WRG for Case Study Figure PME with only rl for Case Study Figure PME with r 1 and r2 for Case Study Figure 5.12 PME synthesis for Case Study Figure 5.13 Control places for SIPHON

10 XI Figure 5.14 The WRG for Case Study Figure 5.15 Control places for SIPHON Figure 5.16 The manufacturing cell for Case Study Figure 5.17 The Petri net & WRG for Case Study

11 List of Tables... Table 1.1 Example WRG Analysis 29 Table 2.1 Process plan representation example Table 2.2 State enumeration of a resource Table 2.3 Process plan of product type p2 for example Table 2.4 Enumeration of states for example Table 3.1 Status and value Table 3.2 Process plan of product p5 for example Table 3.3 State table for example Table 3.4 State table for example Table 4.1 Status values and order Table 4.2 Process plan for example Table 4.3 State table for example Table 5.1 Siphons for Case Study Table 5.2 Control place configuration of SIPHON1 for Case Study Table 5.3 Control place configuration of SIPHON2 for Case Study Table 5.4 Summary of comparison results

12 Chapter 1 Introduction In recent years, Automated Manufacturing Systems--including Flexible Manufacturing Systems (FMS), which belong to the class of discrete event dynamic systems (DEDS)--have been extensively studied in various applications such as design, scheduling, operation, performance analysis, and so on. One of the major topics is system deadlock handling. In a typical FMS, raw parts of various types enter the system at discrete points of time and are processed concurrently, sharing a limited number of resources, such as machines, buffers, robots, AGVs' etc. In such resource sharing systems, a highly undesirable situation may occur in which each of a set of two or more parts waits indefinitely for the other parts in the set to release resources. This situation is called deadlock. The occurrence of deadlock can stall the operation of a portion of the system--even the entire system. The only solution is to manually roll the system back to a known safe state. This may cause a loss of half-finished parts, a waste of time and cost of machinesllabor, thus reduce productivity. By proper system design andlor controlled system operations, both the lost production and machinellabor cost in the recovery of the system can be avoided. This dissertation will study how to appropriately control system operations to efficiently avoid system deadlock.

13 1.1 Deadlock Phenomena Automated manufacturing systems are not the only systems in which deadlock situation may occur. Early in the GO'S, researchers found deadlock in computer systems. Even in our daily life, deadlock may occur, a good example is the traffic jam Deadlock in Our Daily Life A traffic jam in our daily life is a simple example of deadlock. Consider the situation of traffic flow shown in Figure 1.1. Cars move in four directions indicated by the four arrows. Since there are four cars blocking the traffic at each of the four comers, we have a traffic deadlock. In this case, we can think of the space occupied by a car as a resource Figure 1.1 Traffic jam, deadlock in daily life

14 3 for which other cars are competing. Cars represent tasks that request the next space (resource) before they can move out of (release) the current space (resource). This is a simple example of deadlock in traffic control Deadlock in Computer Systems In a modern operating system, many processes are allowed to run simultaneously. Each process, which basically can be seen as a program in execution, may require several resources to complete its task in its lifetime. Thus, several processes may compete for a finite number of resources, such as memory space, CPU, files, diswtape drives, printers, etc. A set of processes is in a deadlock state when every process in the set is waiting for a resource that is held by another process in the set. To illustrate a deadlock state, consider a simple system with one tape drive and one printer, see Figure 1.2. Suppose that process PI is holding the tape drive and process P2 is holding the printer. If P1 firther requests the printer and PZ requests the tape drive, a deadlock occurs. Figure 1.2 Deadlock in computer systems

15 1.1.3 Deadlock in Flexible Manufacturing Systems 4 In a typical FMS, a limited number of resources, such as NC machines, buffers, robots, fixtures, etc., are shared among several jobs--the processes during which raw parts undergo a sequence of operations by visiting appropriate resources and become finished parts eventually. If at a given time, each of a set of two or more parts is waiting indefinitely for other parts in the set to release resources, then the system is deadlocked. Consider a manufacturing cell consisting of a NC machine, a robot, a load conveyor, and an unload conveyor (Figure 1.3). \ /-\\ NC Machine Controller Robot Controller Robot Figure 1.3 Deadlock in manufacturing system Suppose 1) raw parts are loaded from the load conveyor into the NC machine by the robot, 2) finished parts are unloaded from the NC machine onto the unload conveyor by the robot, and 3) raw parts are always available. A trivial deadlock can occur when the system is initially started, i.e., there is no part in the system. The scenario is: after the system is started, the robot can be assigned either to

16 i) pick up a raw part or to ii) unload the machine. If the robot were assigned to unload the machine, a deadlock would occur in which the robot is waiting on the machine to unload a finished part while the machine is waiting for the robot to load a raw part. Deadlock may also occur after a raw part is loaded into the machine. The scenario is: once a part is loaded into the machine, the robot can either i) wait for the inachine to unload the finished part, or ii) pick up another raw part without waiting. If it does pick up a raw part, the system enters a deadlock state in which the robot is waiting for the machine to load the raw part, while the machine is waiting for the robot to unload the finished part, as illustrated in Figure System Modeling An FMS consists of a set of resources R. Each resource has a capacity (>O) which indicates the total number of units of the resource available. A set of products (or types of products) P can be mallufactiired by the FMS. Each product has a process plan (also called operation sequence) which specifies resources and the order needed to produce the product. A process plan is usually fixed and sequential and has a finite length. Each process plan can be divided into steps, where each step usually requires one resource. Each part (also referred to as job in the literature) in the FMS corresponds to a product that is being produced.

17 6 For the purpose of characterizing deadlocks in manufacturing systems, two major formalisms have been extensively studied, i.e., the Petri net and the directed graph The Petri Net Model A Petri net (PN) is a quintuple G = {P, T, I, 0, mo}, where P is a finite set ofplaces with cardinality n = IPI, T is a finite set of transitions with cardinality r = /q, I c P x T is a set of transition input arcs, 0 c T x P is a set of transition output arcs, and mo : P -+ N Pi is the initial marking of the PN with N as the set of nonnegative integers. The marking of a place p E P is equal to the number of tokens in the place, denoted as mb). The marking of a PN indicates the number of tokens in each place, which represents the current state of the system. A transition is ertablecl if all the input places have m@)>o. An enabled transition may or may not fire. A system state evolves with transition firing. If a represents a sequence of transition firings, named transition jring vector where each of its element a, (i = 1,2,...,r) represents the number of times transition t, will fire, and nt ' is the new marking after firing o at mo, then m' is reachable from mo. The reachability set of Petri net G with initial marking mo contains all the markings that are reachable fi-om mo, denoted as R(G, mo). The incidence matri.~ A of G is defined as an (rxn) matrix of integers: and A = [aij], a,, = acij - where the elements indicates the number of arcs from transition ti to its output (input) placepj. The state equation can then be represented as

18 A nonnegative solution x of Ax = 0 is called a P-invariant. A P-invariant corresponds to a set of places that has a constant number of tokens, that is mx = mg for any m E R(G,rno). Similarly, the nonnegative solution y of y r ~ = 0 is called a T- invariant. If y is a firing vector for marking m ~, then y T = ~ O implies that the marking is unchanged after firing y, that is rn = mo. Refer to Murata[23] and Peterson[24] for detailed information on Petri net. Also refer to Desrochers and Al-Jaar[5] for modeling manufacturing systems with Petri nets. To model manufacturing systems, the set of places P is usually categorized into two types: process places and resource places. Process places correspond to job steps and a token in a process place indicates a job at this step, while resource places correspond to resource types and a token in a resource place indicates a unit of the resource available. A PN model of the simple manufacturing cell shown in Figure 1.3 is illustrated in Figure 1.4. Robot Raw Machine Figure 1.4 A simple PN example

19 1.2.2 The Graph Theoretic Model The graph theoretic model is based on a directed graph. A directed graph (or simply digraph) G is defined to be a pair (V, A), where V is a non-empty finite set of n elements called vertices or nodes, and A is a finite set of ordered pairs of elements of V called arcs or edges. The out-degree of a vertex v is defined to be the number of arcs of the form vw, v E V, V w E V. The in-degree of a vertex v is defined to be the number of arcs of the form wv. The incidence matrix of G is defined as the nxn matrix A = [aij], where aij is the number of arcs from vi to vj (i, j = 1, 2,..., n). Apath in G is a finite sequence of arcs: VoV,, V1 VZ,..., Vm.l Vm Or simply, VO, V1, V2, Vm A path is closed if vo = v,. If, in addition, the vertices vo, vl,..., v, are distinct, then the closed path is called a simple circuit, or simply circuit or cycle. Further information on more definitions and properties of graphs is referred to in Wilson[29]. To model a manufacturing system, the vertex set V represents the set of resources R in the system; a vertex is graphically represented as a circle, while the arc set A represents all possible step transitions for all products in P. Two special vertices should be added to V--a source vertex to indicate the raw material supply and a sink vertex to represent finished product storage. The digraph model of the simple manufacturing cell in Figure 1.3 is shown in Figure 1.5. Where each product goes through:

20 Robot, Source n load unload Machine Robot " Sink x - > Robot ~ a c h i n e n Figure 1.5 An example graph model 1.3 Deadlock Handling Methods for Manufacturing Systems The study of deadlocks was initiated in the field of computer systems in the late 60's and early 70's in an attempt to provide efficient and robust operating systems. Dijkstra[26] first studied the deadlock problem as "deadly embrace" and introduced the banker's algorithm to avoid this problem. The following are the four necessary conditions for deadlocks to occur in a computer operating system, given by Coffman et al. [4]: i) Mutual exclusion: A resource cannot be used by two or more processes simultaneously. ii) Hold and wait: Processes hold previously acquired resources while waiting for additional resources. iii) No preemption: A resource, once granted to a process, cannot be taken away from the process before the process finishes using it.

21 11 bounds on the total number of resources required by each process are known and not the specific sequence in which they will be used. Thus, direct application of existing deadlock prevention and avoidance algorithms to FMS would be unduly conservative. And the slower dynamics of manufacturing systems will encourage the use of deadlock avoidance algorithms. Many deadlock-handling methods have been introduced in the context of FMS. The methods can be roughly categorized into three classes: i) deadlock detection and recovery [3][10][17][18][20][28][30] [311; ii) deadlock prevention [2][7][16][21][28][32][33][34]; and iii) deadlock avoidance [1][9][11][12] [14][15][18][22][28][3 1][32]. Some prevention methods are closely related to a Petri net structural element called siphons. Several approaches for finding siphons of a Petri net have been developed. Among them are [6][23][8]. In the following, major methods based on the formalisms used (Petri nets and digraphs) will be reviewed Deadlock Handling Methods Based on Petri Nets Viswanadham et al. [28] investigated the prevention and avoidance of deadlocks in Flexible Manufacturing Systems (FMS) by using the Petri Net (PN) models. For deadlock prevention, they suggested an exhaustive path analysis of the reachability graph of the PN model to arrive at static resource allocation policies. For deadlock avoidance, they proposed a PN-based on-line controller, which is basically a look-ahead mechanism with possible recovery. To illustrate their method, consider the simple manufacturing cell example in Figure 1.4. The reachability graph is given in Figure 1.6. The dead marking can be immediately

22 12 identified as Mj. According to their prevention method, the system should be designed as follows: once the marking M2 is reached, only transition t would be allowed to fire. The drawback is the reachability analysis technique can become infeasible if the state space is very large. It is not unusual that there are thousands of states in a typical manufacturing system. The idea of their deadlock avoidance policy is that before making a resource allocation decision under the current marking, the controller first looks ahead a number of steps to the future evolution of the system by computing all reachable markings. Then by identifying deadlocks in this set of markings, the controller can disable transitions which lead to these deadlocks. If a deadlock is detected, i.e., no safe markings are in the set, then initiate deadlock recovery. Otherwise, pick an appropriate transition leading to one of the safe markings in the set to fire. Figure 1.6 Reachability graph Apply avoidance policy to the above example. At marking Mz, by looking ahead one step, M3 is immediately identified as a dead marking while M4 is a safe marking. The policy would allow transition t2 to fire while holding transition to. Thus the deadlock state can be successfully avoided.

23 13 Apparently, maintaining a large number of look-ahead steps will make the avoidance policy more effective. However, there can be systems where only infinite look-ahead will guarantee total deadlock avoidance. They suggested their avoidance policy be supplemented by deadlock recovery. Based on the untimed Production Petri Net (PPN) model, Banaszak and Krogh [I] developed a deadlock avoidance algorithm (DM) which is a restriction policy. They defined a job as a request for a particular product belonging to one of a finite set of product types that can be produced by the FMS. In the PPN model, each product type corresponds to a sequence of production places along with some resource places. Resource places are shared among several product types, whereas production places are unique to each product type. It is assumed that each step in a production sequence is associated with exactly one resource, and every transition may be externally disabled. An example is shown in Figure 1.7. With multiple jobs flowing through an FMS, it is possible for deadlock to occur, i.e., when a set of jobs is in a 'circular wait' state. All active jobs may belong to only one product type or several product types. Even if all jobs belong to one product type, deadlock can still occur if the production sequence includes multiple uses of resources. To avoid deadlock, they further partitioned the production sequence into subsequences, or zones consisting of a sequence of steps requiring resources shared with other production sequences or zones, followed by a sequence of steps requiring resources not shared with others. Each zone is treated as a individual production sequence, or pipeline, which will use each resource only once.

24 14 Their DAA consists of two rules DAAl and DAA2. Rule DAAl allows a token to enter a new zone in the production sequence only when the capacity in the non-shared sub-zone of the zone exceeds the number of tokens (jobs) currently in the zone. Rule DAA2 assures that if a shared resource is being requested by the job, all of the shared resources in the remainder of the zone are available at that time. Production sequence Resources Figure 1.7 Production Petri Net example To illustrate the DAA, suppose only one product type is currently in production, as shown in Figure 1.7. The product visits resources in the sequence (I3, 03, I,, 01, 12, 02, I,, 0,). The marking shown in the figure { $ is a dead marking under which transitions t(4) through t(7) will never get enabled. It is evident that this marking is not reachable under the DAA restriction policy. In fact, the total number of tokens in zone z2

25 15 is 20, which is greater than the capacity of the unshared sub-zone u2 = 10. If this PPN were under the DAA restriction policy, no more than 10 jobs would be allowed into zone z2. Then there would be sufficient resource capacity in sub-zone u2 to advance tokens out of place p(3), thereby freeing buffer space in I1 and allowing transition t(7) to fire. If the current marking is redistributed as { }, even though firing transition t3 would not cause a deadlock, the DAA would not allow transition t3 to fire, because otherwise the total number of tokens in z2 would become 11, which exceeds the capacity 10 of unshared resources in sub-zone u2. In a sense, DAA is similar to the banker's algorithm [26], except it takes advantage of product routing information. The main quality of the method is its low complexity. However, it may impose unnecessary constraints on resource allocation, resulting in reduced performance. Note that for the simple case above with one product in the FMS, the DAA restriction policy is conservative, that is, it is sufficient, but not necessary, to prevent deadlock. Hsieh and Chang [15] combined the ideas proposed by Banaszak and Krogh [I] and Viswanadham et al. [28] and formulated a deadlock avoidance controller (DAC) based on a PN model, named Controlled Production Petri Net (CPPN). DAC applies to a slightly more general class of models than the method of Banaszak and Krogh because it allows jobs to request multiple resources at a time. Using a bottom-up approach, their CPPN model is synthesized by first generating resource sub-nets (RSN), then job sub-nets (JSN), and then forming a production Petri net (PPN) by applying a merging operation to RSN and JSN, at last adding a control

26 16 place to each transition of the PPN that corresponds to a controlled operation, to indicate the transition firing can be disabled by an external control. An example CPPN is shown in Figure 1.8, based on Figure 1.3, where two types of products can be manufactured by the cell, one goes through {LC, R, M, UC) and the other goes through {LC, M, R, UC). Qll t2 P?!3&!b ti P7 Pi0 6 6 P3 Ph t7 P7 GRv t4 ts GRR P4 PS a. Resource subnets b. Job subnets c2 c3 c. The CPPN G, Figure 1.8 A CPPN example Their CPPN is first decomposed into controlled production sub-nets ( CPSNs) of individual job types. Each CPSN is then analyzed to determine a minimal number of resources necessary--called Minimal Resource Requirement (MRR)--which is represented by a marking, to complete any job.

27 17 Liveness (hence, deadlock free but not the vice versa) can be guaranteed if the current control action of the given dispatching policy always ensures that MRR is coverable from all subsequent markings. But testing the coverability of MRR for a CPPN is NP in computational complexity. A sufficient validity test (SVT) is then developed instead, to determine if the coverability is maintained by executing a job clearance algorithm (JCA) under a particular dispatching rule (simulation of job flow in the system). If the MRR coverability is verified through SVT, then the control action is valid to keep the CPPN live. If the proposed control does not pass the SVT, then a sequence of more restrictive controls, obtained by modifying the invalid control by reducing, one unit at a time, its concurrently allocated resources to maximize resource utilization, are evaluated until one is found that satisfies the test. They emphasize that the DAC guarantees liveness, which is stronger than deadlock avoidance. The algorithm is shown to have polynomial complexity and more permissive than the DAA of Banaszak and Krogh [I]. Consider the system shown in Figure 1.8. CPSN GJ1 (with GR) corresponds to one product; CPSN GJz (with GR) corresponds to the other. To keep GJ1 live, the MRR marking found is { l), to keep GJ2 live, the MRR marking found is ( ); therefore, the MRR for the whole CPPN Gc is m* = ( ). Consider a control action % = (010010) with the initial marking mo = ( ). If % is executed, both controlled transitions tz and tc will fire and a new marking reached is ml = ( ). No clearing control action can be generated by JCA for this marking; that is, ml does not cover m*, control a0 fails the SVT. In fact, it's easy to see that ZQ leads to a deadlock. Now if according to the dispatching policy, f6's priority is

28 18 lower than t2's, then one resource can be reduced by resetting the token in control place c6 to 0, thereby disabling transition t6. The modified action a1 = {010000). By executing a,, the new marking reached is mz = ( ). JCA can clear the existing jobs with 5 control actions and the new marking is m7 = f ). Obviously, rn7 covers m*, thus, a1 passes SVT. Now consider the system shown in Figure 1.7 under marking mo = ( ). DAC would allow transitions t3, tj, t5 and t6 to fire, while DAA would not allow t3 to fire as previously stated. Although DAC is more permissive than DAA, it is still conservative. Imagine that it will not allow a job to enter a zone with its unshared portion filled to capacity, even though the transition firing may not cause deadlock. Because the job can not be cleared to the last place of the zone together with the jobs in the unshared sub-zone by applying the JCA to the zone only. Xing, Hu, and Chen [32] considered deadlock avoidance (deadlock prevention in nature) policies for PPN (production Petri net) models similar to those considered by Banaszak and Krogh [I J. They introduced the concept of deadlock structure, which is a set of transitions (the initiation transition of each production sequence is excluded by their definition) for which the set of input resource places to the transition set is equal to the set of output resource places of the transition set. It is shown that once the number of resources used by a deadlock structure equals the capacity of the resources, the system will be in deadlock.

29 19 The necessary and sufficient conditions to prevent deadlock were characterized and two control policies named pl and p2 were developed to prevent some enabled transitions from firing for avoiding deadlock in the system. The control policies ensure that each deadlock structure always has fewer resources used than the capacity of the resources. In particular, when the number of any key kind of resources (with capacity > 1) is greater than one, policy pl is minimally restrictive and allows the maximal resource utilization. They also emphasized that the restriction policies can be easily realized by adding an appropriate control place to the deadlock structure with initial tokens of one less than the capacity of the involved resources. The method also has its drawbacks, similar to methods using siphon techniques. Finding all deadlock structures and applying control policies to some of them appropriately (not all of them) is of exponential computation complexity, and the second policy p2 is not least restrictive. Consider the example shown in Figure 1.7, where only one product is manufactured. The product goes through the sequence of resources {I3, 03, I,, 01, IZ, 02, I,, 01), and each resource has a capacity of five. Thus, restriction policy pl should be constructed. The deadlock structures are DL = {t4, ts, tb, t7), D2 = it5, tb, t7, ts) and D3 = Dl u D2 = (t4, t57 t67 t7, t8) since R(D1) = R(D2) = R(D3) = ( 11, 01, ) and Dl c D37 D2 D3. Thus, it is enough to construct for Dj a restriction policy; that is, pl only needs to restrict the number of tokens in the places of OD3 (input process places of D3) within C(R(D3)) - 1, where C(R(D3)) means the total capacity of all resources involved in Ds and is calculated as

30 The precedence transition to Dj is t3; the rear transition after Dg is tg. Therefore, the PN realization of pl can be easily done by adding a control place p, with 19 initial tokens, 1 output arc to t3, and 1 input arc from t8. The total number of products allowed by p, is 19, while only 10 are allowed by DAA of Banaszak and Krogh [I]. Ezpeleta, Colom, and Martinez[7] developed a deadlock prevention policy for FMS based on a particular class of PN models called S'PR, which stands for Systems of Simple Sequential Processes with Resources, which is a generalization of the one used in Banaszak and Krogh [I] by allowing choice in the job sub-nets. They characterized deadlock in terms of siphons. A siphon is a set of places such that every transition that outputs to one of these places also inputs from one of these places. That is, 'P E P*, where 'P is the set of input transitions to these places and P' is the set of output transitions from these places. A siphon has the property that, once it becomes empty (token free), it will remain empty and transitions in the output set P* will never get enabled again. For the class of models considered, liveness of the system can be guaranteed by keeping any siphon from becoming empty. Based on this observation, they developed a deadlock prevention control policy, which can be implemented by adding some control places along with the associated arcs to carefully selected transitions. One place is added for each minimal siphon which is not controlled under any P-invariant, and its initial marking is set to one less than the initial number of tokens in the siphon. The arcs are chosen so that not only the system will be kept live, but new siphons generated by added control places will also be taken care of.

31 2 1 There are three types of arcs. The first type of arc means that each token leaving the idle state (a job starts) takes a token from the control places related to siphons from which the job will take some tokens during its execution. The second type means that the token is returned to the control place after the job has finished using it from the siphon. And the third means that the token is returned to the control place if an alternative route is taken. Essentially, the first type reserves tokens for a job's future use before the job starts and thus ensures the siphon will never become entirely empty. minimal, c' }. The Figure 1.9 ' J Example of a controlled S~PR control policy will make the system live by adding three new places cl, cz, and c3, with mo(cl) = mo(cz) = 2, mo(c3) = 4, and three sets of arcs:

32 This control policy requires an off-line computation of all minimal siphons, which has the worst case exponential complexity. But once the control policy has been established, the on-line control is rapid and better than deadlock avoidance algorithms, which need more on-line computation. Barkaoui and Abdallah [2] presented an efficient deadlock avoidance method for FMS combining prevention and avoidance approaches using structural theory of Petri nets. The model used is a generic Petri net. The method is achieved in two phases. First is the near prevention phase. From a Petri net model Z of a given FMS, they built an augmented net Z* by adding a "local control place CDi" to each uncontrolled strict minimal siphon Di, Di E Vz--the set of uncontrolled strict minimal siphons of the original net. The corresponding arcs are added according to the following two points: i) The set of transitions controlled by CDi, CDie = (t E Die, where I't ndil > It'nDil) is the set of Di's output transitions such that the number of input places inside Di to each such transition is greater than the number of output places inside Di from the transition, which means that a transition in CDi* takes more tokens away from D, than it puts back into Di. The difference of tokens will be used to weight the associated arc. ii) The set of transitions controlling CDi, *CDi = {t E *Di, where It* ndil > I*tnDil) is the set of Di's input transitions such that the number of output places inside Di from each such transition is greater than the number of input places inside Di to

33 2 3 the transition, which means that a transition in 'CDi releases more tokens to the siphon than it takes away from the siphon. The difference of tokens will be used to weight the associated arc. The initial number of tokens of CD, is one less than the initial tokens of the siphon, mo*(~di) = mo(di) - 1. Under z*, Di is a p-invariant controlled siphon. Let VZ* be the set of not controlled strict minimal siphons of z*. If VZ* = +, then Z* is weakly-live (deadlock free). The augmented net is deadlock free for some classes of FMS, but the occurrence of deadlock remains possible; that is, new uncontrolled strict minimal siphons can be generated in Z* (VZ*# $), thus the name 'near prevention'. Second, with near prevention phase, most deadlocks are structurally avoided. If deadlock freeness is not guaranteed, then there is the second phase--a deadlock avoidance algorithm--which is basically a dynamic resource allocation policy implemented by a Petri net controller with a look ahead equal to 1. The method does not avoid deadlock completely; in case of deadlock occurrence, deadlock recovery should be initiated. Also, the near prevention phase suffers the same complexity problem as Ezpeleta, Colom and Martinez [7]. As an example, consider a more complete PN model that captures the trivial deadlock situation for the simple manufacturing cell of Figure 1.3, shown in Figure 1.lo. There are two uncontrolled strict minimal siphons Vz = {Dl, Dz), where Dl = {PI, Pz, Pq, P5, P7, Pg, P9) and D2 = {PI, P3, Ps, P6, Ps, P9). The Petri net Z is structurally not live. The augmented net Z* is built by adding two local control places CD, and CDZ to Dl and D2,

34 respectively, with cdi* 24 = {t2),*ci>~ = {t4), CD2. = it] ), *CD2 = (f8, t6), mo*(cd,) = o and rnof(cdz) = 1. Since no uncontrolled strict minimal siphon can be found for z*, Vp = +, Z* is weakly-live, deadlock free. Actually, Z* is live. PI (a) The original Petri net (b) The augmented net Figure 1.10 A controlled Petri net Zhou and Dicesare [33] formulated two resource sharing concepts--parallel Mutual Exclusion (PME) and Sequential Mutual Exclusion (SME)--to synthesize deadlock free Petri nets for manufacturing systems by making the resulting nets bounded, live, and reversible. A PME models a resource shared by distinct independent processes, while an SME is a sequential composition of PME, modeling a resource shared by sequentially related processes. Conditions for a Petri net containing a bounded, live and reversible (B.L.R.)

35 2 5 Petri net plus a PME to remain B.L.R. were derived, while conditions under which a Petri net containing SME remains B.L.R. were also derived. To introduce PME and SME, places of Petri nets are categorized into three kinds: i) A-place or operation place, iff mo(p) = 0, ii) B-place or fixed resource place, iff mo(p) is a positive constant, iii) C-place or variable resource place, iff mo(p) > 0 and variable. A-places represent operation (or process) places and mo(p)=o means that initially there is no operation in the system. B-places represent the availability of a fixed number of resources, such as robots and machines, and mo(p) = 1 means the resource is of single capacity, mo(p) > 1 means the resource is of multiple capacity. C-places can represent the availability of raw materials, fixtures, pallets, etc. For example, figure 1.11 (a) is a 1-PME. In Figure 1.11 (b), (p5, ((tl, t3), (t~, tj)}) is a 2-PME, when PAZ(p3, p4], PB=Pc=(ps). However, if PB and PC changed to (p5, p2) and (p,), respectively, and mo(p2) = 0, then it is no longer a 2-PME because it violates the PME conditions. But (p5, ((tl, t3))) is a 1-PME. The Petri net shown in Figure 1.4 is a simple SME. f simple 1-PME (b) A simple 2-PME Figure Simple example of PME

36 2 6 The liveness and reversibility of a Petri net containing an SME can be affected if inappropriate initial tokens are distributed. For example, in Figure 1.4, when mo(po)22, the system can come to a total deadlock. Basically, a deadlock free PME Petri net can be obtained by 1) starting with a B.L.R. 1-PME, 2) adding the next shared resource to the i-pme (i = 1,2,..., k-1) in the way that ensures an (i+l)-pme, if it can't, then modification must be made and 3) repeat step 2). By limiting the number of initial tokens to the token capacity of the SME, which is defined to be the maximum number of times that the first transition of the SME can fire before the last transition has to fire, a B.L.R. SME net can be obtained, if the original net is B.L.R. Detailed synthesis examples of PME and SME can be found in Zhou and Dicesare [34], where they also generalized PME and SME to handle choices in Petri nets. Examples can be constructed to show that their method is also conservative Deadlock Handling Methods Based On Digraphs Wysk et al. [30] developed a deadlock detection method based on a graph formalism of an FMS. Necessary and sufficient conditions for manufacturing system deadlock were defined. Also defined was the Wait Relation Among Resources. If job J, requests resource Mj while holding resource Mk (k # j), it is said that resource Mk is waiting for resource Mj in job Ji. Wait relations can be represented as a digraph with the nodes indicating the machines and the arcs describing part flow. They found a circuit in the graph is a necessary

37 2 7 condition for system deadlock. To detect deadlock, they proposed to use a string manipulation algorithm to identify circuits in the graph. Additional inspection is then used to determine if the circuits satisfy the sufficient conditions of a deadlock. Given a graph G=(V,A), sufficient conditions for a system deadlock can be summarized as i) There exists at least one circuit C=(Vc, Ac). ii) The number ofjobs contributing arcs to C must equal to the number of arcs in C. iii) The number of resources in C must be equal to the number of arcs. A two-part deadlock detection procedure was presented. The graph is dynamically updated once a new part is introduced into the system and circuit detection algorithm will be invoked. The procedure was intended for use in conjunction with deadlock resolution approaches. Yet no such a method was given in the paper. Wysk et al. [3 11 presented two approaches-namely, avoidance and recovery--for the resolution of deadlocks in FMS. Judd and Faiz[l8] expanded upon the original formulation proposed by Wysk et al. [30]. The new formulation created a digraph, called wait relation graph (WRG), which models manufacturing systems containing resources with arbitrary capacities. Also, it was shown that deadlock avoidance can be reduced to satisfy a set of linear inequalities. The inequalities can be derived from an off-line examination of the graph. This avoids the need to perform complicated algorithms at run-time. Several useful concepts were introduced, i) Capacity of a subgraph is the capacity of all resources in the subgraph.

38 2 8 ii) Commitment of arcs. Arc rirj is committed if r, is currently processing a product q and q's next resource in its operation sequence is rj. Commitment of a subgraph is extended naturally. iii) Slack of a subgraph, is defined to be the capacity minus the commitment of the subgraph in a particular state. iv) Knot is defined to capture the interaction of two circuits CI and C2 in a WRG. If CI n C2 contains exactly one resource with unit capacity, then the resource is called a knot. The order of a knot is also defined. v) The free space (or simply space) on a circuit is defined to be the difference of the slack and the order of the circuit. If the space of every circuit in the WRG is greater than zero, then deadlock cannot exist in the system. It was shown that this is a sufficient condition to avoid deadlock. For example, consider the WRG shown in Figure 1.12 modeling an FMS which has four resources ro, rl, r2, rj, all with capacity one, and manufactures two products pl and p2, specified by resource sequences: res(pl)=rorlr2rl and res(p2)=r3r2r3, respectively. Two Figure 1.12 An example WRG simple circuits can be identified as C1= rlrzrl and C2=r2r3r2 Assurnep] andp2 are both at their first step. It is obvious that resource r2 is a knot. The orders of C1 and C2 are all zero, and the order of the union circuit CluC2 is 1. Since every circuit has space greater than zero, the system is not in deadlock. Refer to Table 1.1.

39 Table 1.1 Example WRG Analysis But under this avoidance method, product pl will not be allowed to move into CI, because otherwise space(clucz)=o, even though advancing p, will not put the system into deadlock. The example shows that the method is too conservative because the order calculation is conservative. In fact, the order of CluCz is calculated as 1, even though there is no part flow crossing the knot. Cho et al. [3] presented graph-theoretic deadlock detection and resolution procedures. To detect deadlock, a directed graph--called system status graph which is a labeled WRG--was used to represent part routing. The node is labeled as a resource and status pair (a, b), where n represents the resource identifier and b represents the resource status (b = i if resource a is occupied by part i, h = 0 if the resource is empty). The arc is labeled as a part and step pair (i, j), where i represents the part identifier and j represents the step number of part i. An example is shown in Figure The system status graph is virtually updated for every part movement before parts move physically to the next destination. Two types of deadlocks--i.e., part flow deadlock and impending part flow deadlock--are detected using the updated system status graph.

40 3 0 A part flow deadlock is a circular wait situation in which no part movement is possible. A simple example is illustrated in Figure 1.13(a). An impending part Jlow deadlock is a situation in which immediate part movement is possible, but the system will eventually terminate in a part flow deadlock after a finite number of part movements. A simple example is shown in Figure 1.13(b). Machine 3 Ihl Machine 1 Machine 2 (a) A part flow deadlock (b) An impending part flow deadlock Figure 1.13 Illustration of part flow deadlock If buffer storage is available for deadlock recovery, then only part flow deadlocks must be detected. On the other hand, if no buffer is available, deadlock avoidance must be used to resolve deadlock, and both part flow deadlocks and impending part flow deadlocks must be detected. The concept of bounded circuits was introduced to detect deadlocks. In general, a bounded circuit can be obtained by traversing the routing of the part on the reference node (the node corresponding to the resource just entered by a part) until a non-empty node is found. The routing of the part on the non-empty node just found can be traversed again until another non-empty node is found. If this traversing process continues until the reference node is met, a bounded circuit is obtained. Figure 1.14 illustrated a bounded circuit: v(d,3)e(3,l)v(c,o)e(3,2)v(b,2)e(2,l)v(c,o)e(2,2)v(d,3).

41 Current system Reference node Figure 1.14 Illustration of system status graph A bounded circuit is simple if no node other than the reference node appears twice; it is non-simple otherwise. Simple bounded circuits were used to detect part flow deadlocks, while non-simple bounded circuits were used to detect impending part flow deadlocks. The method is conservative; i.e., there are cases in which the method yields 'deadlock', when, in fact, the system is not in deadlock. Reveliotis et al. [25] developed a deadlock avoidance policy named RUN. The defining logic of this deadlock avoidance policy emerges from the idea that resources with a higher capacity should be able to function as buffers for parts moving into or heading towards them. Hence, the policy associates with each resource an upstream neighborhood (UN), i.e., a set of process steps defined according to the following rule: The upstream neighborhood of resource r, consists of all process steps pi, need resource v,, plus all the process steps belonging to the maximal sub plans immediately preceding each of the aforementioned pi,, and including only steps pik that satisfy with ctap(res(pi, k)) < cap(ri). A part is in the neighborhood of resource ri if its current

42 3 2 processing step is in the neighborhood of Ti. Given this definition, RUN is expressed by the requirement that the number of parts in the upstream neighborhood of a resource never exceeds its capacity. Let's illustrate this avoidance policy and the resource neighborhood construction through an example. Consider a small system consisting of four resources rl, r2, r3 and r4, rl has capacity 2 and all other resources have unit capacity. Suppose that the system manufacture three types of products, their process plans are pl = r~+r~+r~, p2 = r3+r4+r3 and p3 = rl+r2. By applying the definition to this system, we obtain the neighborhood in the following, ( I ) = } m(r2) = ( ~12(r2), ~32(~2) }, UN(r3) = { p12(~2), ~13(r3), ~21(~3), ~22(~4), ~23(~3) 1, IJN(~I) = { PZI(~~), pzz(r4) 1. Notepll is not in UN(r2) and UN(t-3) because cap(rl) is greater than cap(r2) and cap(r3). The RUN policy constraints can be expressed by a system of linear inequalities, lpart(un(ri))l <= cap(ri), i = 1, 2, 3, 4, in a given system state. Apparently, under RUN parts can be freely introduced into rl. No part is allowed to move to r3 as long as there is a part in r4. This is ok for part of type p~, but too restrictive for part of type pi. Also no part is allowed to move to r2 as long as there is a part in r3 disregard what type of part it is. Again, this method is too conservative. The work of Judd and Faiz[l8] was expanded by Lipset et al.[19]. The concept of a knot resource was refined to cover the case in which more than two circuits might be involved. The order was also redefined to allow more deadlock-free states to be detected.

43 33 Thus the set of deadlock free states was made larger. Both necessary and sufficient conditions for deadlock to occur in manufacturing systems were precisely quantified. The approach was to put the system into an evaluation state and then calculate the space on all the closed paths to determine if deadlock exists. A closed path c is said to be in an evnluation strzte N with respect to an order-one knot k, if i) k is either empty, or the part in k is not committed to any arc on c, and ii) the next part to leave c,, i = 1,2 must pass through k. A closed path c is in an evaluation state if, for every order one knot k on c, c is in an evaluation state with respect to k. The space, or free space on a closed path c in an evaluation state N is defined to be the difference between the slack and the order; that is, space(c, N) = slack(c, N) -- order(c, N). The main result is: let G be the graph of a manufacturing system and C be the set of all closed paths in G. Then G is deadlocked in state N if, and only if, space(c, N) = 0 for some closed path CE C. For example, let a manufacturing system be composed of five resources rl, rz, r3, r4 and rj, all with capacity one. Suppose the system manufactures three parts a, h and c specified by the following process plans: plan(a) =?-1r2; plan(b) = r2rqr5; and plan(c) = r5r4rjr2r1. The WRG for this system is illustrated in Figure It is easy to verify that resource rz is a knot with order zero for all closed paths, and r4 is a knot with order one. Since rq is empty, the current state of the system is an evaluation

44 state. And since all circuits have space greater than zero, the system is not in deadlock. 34 Figure 1.15 An example WRG The main obstacle with this approach is to compute the evaluation state. 1.4 Deadlock Handling Methods to Be Developed Major contributing papers in the study of deadlock for manufacturing systems (especially flexible manufacturing systems) have been summarized in the previous sections. It was shown in Gold [13] that verifying a system state is safe, in general, is an NP-complete problem. Because of this and as the review shows, the majority of the effort has been to either: i) restrict the class of systems such that necessary and sufficient conditions can be determined in polynomial time, or ii) allow the approach to be conservative, that is, the system will not be allowed to enter certain safe states which contribute to high resource utilization. Also, there is a class of methods that allow deadlock to occur and then resolve by a recovery mechanism. According to the literature, among existing methods based on Petri net formalism, many allow multiple capacity resources in the system. But only a few can handle choices in the process plans. While little research has been done based on digraph formalism, which addresses deadlock avoidance for FMS with either multiple capacity resources or choices in the process plans. Lawley[35] developed a method using a Resource Allocation Graph (RAG) to address deadlock avoidance problems allowing both single

45 3 5 and multiple capacity resources and alternative routing, with the restriction that the number of alternative resources for every step of every process plan is a constant. Of the two major formalisms presented in Section 1.2--i.e., Petri nets and digraphs-- digraphs will be chosen as our modeling tool due to the following two facts: i) Petri nets have been more thoroughly studied than digraph but infeasible for large systems, ii) Digraph is simpler, clearer, yet of great modeling power in this particular field. As mentioned before, the slower dynamics of manufacturing systems make avoidance the most promising and effective approach to tackle deadlock problems. In this dissertation, we will present a new deadlock avoidance approach based on digraph formalism that will allow both multiple capacity resources and choices in the process plans. The goal is to solve the following problem: Given a system state that is not already in deadlock, it is possible to put the system into a deadlock state by introducing a new part into the system or advancing a part that is already in the system. By applying our deadlock avoidance algorithms, the system controller can decide whether a specific part move should be allowed or not. If the given deadlock avoidance algorithm deems that the part move is going to cause deadlock, then the system controller should prohibit such a move. Otherwise, the system controller should allow the part move. Furthermore, i) the running time of the deadlock avoidance algorithms should be a polynomial of the system size, and ii) the deadlock avoidance,ilgorithms should allow the system to enter as many live states as possible-i.e. maintain the least conservativeness.

46 The following chapters will present various answers. 36 The next chapter presents detailed system modeling, state space analysis and deadlock concepts. Chapter 3 presents our deadlock avoidance method for systems that allow both single and multiple capacity resource and allow free choice in part routing. Chapter 4 presents our deadlock avoidance method for system with both free choice and conditional choice in part routing. The last chapter presents comparisons made between the two modeling formalisms and among nine carefully chosen representative deadlock avoidance/prevention methods based on methodology analysis and simulation nlns.

47 Chapter 2 Modeling System for Deadlock Analysis In this chapter, we will first present system models used for the purpose of characterizing deadlock handling in the context of manufacturing systems. Section 2.2 will cover state space analysis on the model, while section 2.3 will provide deadlock concepts and discuss deadlock avoidance policies. 2.1 The Flexible Manufacturing System Model In this section, we will first describe our flexible manufacturing system model in detail and then present a systematic process plan representation that can model choices in process plans. The graph theoretic model for a flexible manufacturing system will be given in subsection The FMS Model In this study, we consider a Flexible Manufacturing System consisting of a set of n resources (NC machines, robots, buffers, etc.) R = (r,, r2,..., r,), a set of m product (or part) types P = Cpl, p*,..., p,). Each product type pi is assigned a process plan which is a finite sequence of Li operations to be performed on the product, denoted as pi = 0i1+0i i~i. An operation is also called a (process) step. Assume each operation oij, j = 1, 2,..., L,, can be performed on only one of the n resources, thus pi can

48 alternatively be represented 38 as a sequence of resource requests, denoted as Each resource r, has a capacity C, > 0 and thus is capable of performing C, operations simultaneously. If a resource's C, equals 1, the resource is called a single cnpacit~, or unit capacity resource. If a resource's C, is greater than 1, the resource is called a nzultiple cnpacitj) resource and this can be considered as multiple identical units of the resource and/or buffer spaces. That is, in our model, single capacity resources and multiple capacity resources are allowed to co-exist. The following functions are defined for resources: i) cap(r,): R-+Z returns the capacity C, of resource r,; ii) empty(?,): iii) free(ri): iv) part(ri): R+B returns true if resource r, holds no part; R+Z returns the number of free units of resource ri; R+Q " returns a set of parts currently held in resource ri. Where Z is the set of non-negative integers, B is the set of the two logical values and Q will be introduced later in this section. Our model further allows choices in process plans (also called choices in part routings). That is, there can be several resources to choose from for the part to go next at any step of a process plan and process plans might not be sequential and fixed but are still finite. Two types of choices will be considered, one is called free choice and the other c-onditional choice.

49 39 i) By free choice in part routing, we mean that the part's next step can be any one of a set of resources and the system controller has the right to arbitrarily dispatch the part to one of the set of resources. ii) By conditional choice, we mean that the part's next step can only be the one chosen from a set of resources according to some external condition. Examples of the external conditions can be inspection result of the current operation, priority of the part, or availability of resources (for example, machine breakdown). Each choice corresponds to a branch path. Without choice, process plans are simply represented as sequences of resources, since process plans are assumed to be sequential and fixed. With choices added, this representation method is no longer applicable. A systematic representation method is presented in the following section Representation of Process Plans with Choices The basic idea of representing a process plan with choices is to straighten up the plan. Steps that have no choices are listed resource by resource sequentially, and steps that have choices are listed branch by branch sequentially. Each branch further consists of sequences of resources and other branches in an iterative manner. In this way, each process plan can again be represented as a sequence of resources. However, this is not complete. Our method associates each process plan with two additional data structures. One is choices, a vector that counts the number of choices for each step. The other is branches, a matrix that identifies the next step(s) for every step; each step corresponds to :t column of the matrix. With choices, a process plan can have more than one loading point and more than one terminal step. In our method, all terminal steps are given the

50 40 same next step number, which is the length of the actual plan plus one. The representation method is demonstrated in the following example. Example 2.1. A process plan p is illustrated in Figure 2.1, and its representation is shown in Table 2.1. step No. resourcelist choices branches Figure 2.1. Example process plan with choice Table 2.1. New process plan representation example ro r, r2 r4 r3 r5 r6 rj r, rj rj r Step 0 is added to represent part loading. This step can also have choices to represent multiple loading points and ro is added for raw parts supply. Step 12 is used for part unloading. The following functions are defined for process plans: i) lenb): P -+ Z returns the size of process plan p's resource list. ii) resb, n): PxZ -+ Z returns the resource needed at step n of process planp. iii) choicesb, n): PxZ + Z returns the number of choices at step n of process planp. iv) choice-type@, n): PxZ -+ Z returns the type of choice at step n of process planp. v) next@, n, i): PxZxZ -+ Z returns the next step number of plan p after step n on branch i.

51 For example, for process plan p in example 2.1, we have, choices(p, 2) = 2, choices(p, 5) = 1, next@, 2,2) = 7, next@, 6, 1) = 12. Once the system is in operation, there will exist a set of I parts (products or product instances) Q = (91, 92,..., ql) in the sytem at any given time and 1 can vary from 0 to CkCk (k = 1 - n). We often use pi, to describe a part q E Q such that it is of type pi and its current process step is j. Specially, pi0 is used to describe a part outside of the system and waiting to be loaded into the system. Part pij that is held in resource rk is denoted as, pij-)rk. A part pi, is enabled if the resource r k needed by its next step in the process plan has available unit, that is, free(rk) > 0, Pij+l+rk. A part at a free choice step can be enabled by any resource in the set of choice resources. If a part is ready to be dispatched at a conditional choice step, then the external condition (thus the next resource) is known and the part can only be enabled by this resource. Later in Chapter 4, we will see that once in the virtual system to simulate the system operation (looking into the part's future routing), a part at a conditional choice step can only be enabled by all resources in the set at the same time. This is because the external condition, thus the choice to be chosen, is not known yet and each choice has certain probability for being chosen.

52 42 The current step of a part is unique and can be considered as its state. The following functions are defined for parts: i) step(q): Q -+ Z returns the current step of part y. ii) class(q): Q -+ P returns the process plan or product type that part y belongs. All functions defined for process plans can be naturally extended to parts. For example, choices(9, n) is equivalent to choices(class(y), n) and returns the number of choices at step n of process plan that part q belongs The Graph Theoretic Model A flexible manufacturing system can be modeled by a directed graph, also called a digraph. The graph theoretic model for our purpose is called a wait relation graph (WRG), denoted as G, which is defined based on all process plans. Nodes of the graph are graphically represented as ovals and represent resources. The units of a resource are graphically represented as small boxes inside the node oval. Small boxes filled with different letters will be used to represent units of a resource occupied by different parts. Directed arcs represent the order that the resources are used by various types of products. The out-going arcs of a multiple capacity resource are labeled with parts in it, respectively. A part with choice is labeled on each choice arc, a prefixed plus sign (+) for free choice and a prefixed dot sign (a) for conditional choice. Exanzple 2.2. A FMS consists of 4 resources rl, r2, r3 and rj. r2 is of capacity 2. All other resources have unit capacity. The system makes two types of products pl and pl. Their process plans are rl+r2+r3 and r3+r2/r4+r1+r3. The WRG is shown in Figure 2.2.

53 1'3 (a) Without parts Figure 2.2 WRG for example 2.2 (b) With parts 2.2 System State Space Analysis In this section, we will first define the state and state space of a resource and the state and state space of the system. We will then define the system event space. Reachability analysis will also be performed The Resource State The state of a resource can be defined to reflect the various combinations of parts held in the resource at any given time. Suppose resource r E R has capacity Cr = cap(r) and is shared among a set of Mr process steps Or = lok, k = 1, 2,..., Mr), where ok can be any o,,, i = 1, 2,..., m andj = 1, 2,..., L,. Let e represent an empty unit of the resource. Then the states of resource r can be enumerated in alphabetical order as in the Table 2.2, Definition 2.3. The state of a resource r E R at any given time can be represented by a scalar variable sr which takes one of the Nr integer values in the set (0, 1, 2,..., N,-1) and corresponds to one of the Nr combinations of e, o,,oz,..., oblr.

54 Order Mr+ 1 Mr+2 Mr+2... Nr-2* Table 2.2 State enumeration of a resource State ee... ee ee... eo,... ee... e OM, ee... 0, 0, ee... ol 01.., OLI~OM~~..OM~OM~-I Comment Every unit is empty Only one unit (any one) is filled Only one unit(any one) is filled Two units (any two) are filled Two units (any two) are filled Every unit is filled i 44 * N, is the total number of states The following proposition gives a method to calculate the total number of states N, of resource r from its capacity C, and number of process steps sharing the resource Mr. Proposition 2.4. The number of states of resource r E R with capacity C, and shared among M, process steps is, Proof: The state enumeration is a combinatorial problem of using elements of a multiset to fill several slots (A multiset is a set whose elements can be repeated, e.g. (1, 1, 2, 3, 3, 3). To be exact, our problem multiset {e, ol,o2,..., omr) has the same repetition number for every element to be the number of slots which is our resource capacity. We will use induction to prove the result. 1) If resource r is used by only one process step 01, the states can be easily enumerated as,

55 There are C,+l states in total. We call this stage combo of olfilling Cr units of r ) Resource r is shared by two process steps 01, and 02. In this stage, we still have, combo of ol filling C, units which has C;+1 states plus we have, 02 occupies 1 unit + combo of ol filling Cr-1 units C, states 02 occupies 2 units + combo of ol filling Cr-2 units Cr-1 states 02 occupies Cr-1 units + combo of ol filling 1 unit 2 states 02 occupies Cr units 1 state The number of states in this stage is = c; + c: c,, 1 + CZ,, Here, we applied the binomial formula c:, = c:,., + c:,:: We call this stage combo of ol and ozfilling C, units. 3) Assume resource r is shared among k process steps ol,o2,..., ok, and the number of states is

56 Nr = c;,+, We need to show that when the resource is shared among k+l process steps 01,02,..., 46 ok+, the number of states is to finish the proof. First, we still have, plus we have, k combo of 01, 02,..., ox filling C, units which has CCr+, states k occupies 1 unit + combo of 01, 02,..., ox filling C,- 1 units Cc,1 +k states ok+l occupies 2 units + combo ofol, 02,..., ok filling c,-2 units CLn2rk states occupies Crl units + combo of o ~,o~,..., ok filling 1 unit + states occupies C, units C: state So, the number of states of resource r with k+l process steps is,

57 47 Therefore, the number of states of resource r with capacity Cr that is shared among Mr process steps is, The above method generates states row by row. States can also be generated column by column. By applying similar induction we can alternatively obtain, Therefore. The integer set {0, 1, 2,..., Nr-1) is the state space of resource r E R, denote as S,. Each element (an integer) of Sr corresponds to a particular combination of e, o,, 02,..., 0~~ filling Cr units of resource r. That is, Sr = {O, 1, 2,..., Nr-1) and, sr E Sr System State Space With state defined for a resource, we can then define the state of a FMS to be a certain combination of parts of all resources in the system. Parts can be grouped by resources or product types. The state of a FMS at any given time can be simply represented as an n-element vector variable s whose elements are state variables of all system resources s,i, i=l, 2,..., n. That is, S = [S~I Sr2...srn] T The system state space S, is therefore the set of combinations of every state of every system resources. That is,

58 The size of the system state space is given by, For convenience, S, can be arranged in the order such that, Example 2.5. Consider the system in example 2.2. plls process plan is straight forward. p2's process plan can be expressed as in Table 2.3. Table 2.3 Process plan for product typepz 1 step No. I resource list 1 ro r3 r2 r4 r, r3 choices branches Resource rl is shared by 011 and 024, Orl = (01 1, o~~), N,, = C,+,= 3; resource r2 is shared by 012 and 022, Or2 = { 012, o~~), 2 N,, = C,+,= 6; resource r3 is shared by 013, 021 and 025, Or, = { 013, 021, 02~)~ 3 jvr3 = c I+3= resource r4 is used only by 023, Or4 = ( 0231, 1 Nr4 = C = 2. 4;

59 srl = (0, 1, 2 1, 0 = empty, 1 =pl 1,2 =p24 Srz= (0, 1,2, 3,4, 5 ), ()=empty, 1 =p12, 2=p22, 3 = ~PIZ'S,~=PIZ &p22, 5 =2~2~'~; Sr3 = (0, l,2, 3 1, srl= (0, 1 1, O = empty, 1 =P13, 2 =p21, 3 =p25; 0 = empty, 1 =p23. The number of system states, and the system state space, where, s = (SO, s1, s2,..., s142, s143 ) so=[oooo]t s,=[0001]~ ~ ~ = [ ] ~ s3=[00i llt The above simple definition for a system state (grouping parts by resources) is good for the size calculation of system state space and the state ordering. For later analysis purpose, we will use the following system state definition (grouping parts by products). And states by this definition have one to one correspondence to states defined by grouping parts by resources.

60 5 0 Definition 2.6. Let L be the sum of lengths of all process plans, i.e., L = C, L,. 'Then the state of a FMS at any given time can be defined to be a L-element vector variable s whose elements are number of parts of different types at each step, p,, i=l, 2,..., rn, j=1,2,..., L,. That is, System Event Space The system state can be changed by the following three types of events: i) Load product event: A new product p,o is introduced into the system, if there is a free unit in the resource that the product's first process step must vlsit. That IS, if the product type is p, and o,, = rk, then free(rk) > 0. ii) Unload product event: A finished product p,~, is leaving the system. This product can always leave the system after its last process step o,~, is finished. iii) Advance product event: A product p,, in the middle of its process plan is moving to its next process step, if its next process step o,, = r k and free(rk) > 0. Note that with choice, a product can also have multiple loading points and unloading points. We call an event of one of the above three types a (state) transition. Each product type has a fixed number of state transitions. If the process plan has a length of L,, then the total number of transitions is the sum of the number of choices at each step (including step 0 for loading) of the process plan, that is, Ntl = C, choices[i], i = 0 - L,. Therefore, a system of rn product types can have

61 transitions. The system event space is defined to be the set of all the Nt state transitions, E={t,,, i=l,2,..., nz, j =l,2,..., N,,) A transition, t E E, of a given system state is enablecl if, i) t is a load product event and the resource needed by the product's first process step is free, or ii) t is an advance product event and the system has the product to be advanced and the resource needed by the product's next process step is free, or iii) t is an unload product event and the system has the product to be unloaded, A system state can have no enabled transition, only one enabled transition or more than one enabled transition. An enabled transition can be fired immediately or suspended by the system controller. Definition 2.7. State transition vector is defined as an Nt-element vector t. Its elements consist of 0 and 1 only, where 1 s' correspond to transitions to be fired and 0s' corresponds to transitions not to be fired. Assume enabled system transitions can only be fired one at a time. If state sold has an enabled transition and firing the transition causes the system state change to state,, s, then we have the following state equation, Snea = Sold + At where A is the LxNt incidence matrix, which is m x?ti block matrix and all non-diagonal hlocks are zero blocks. A column of a diagonal block A,, (L, x N,,) consists of i) all 0s' and only one 1 corresponding to a loading transition; or

62 ii) all 0s' and only one -1 corresponding to an unloading transition; or iii) all Os', one -1 corresponding to an advance transition's from step and one 1 corresponding to the transition's to step. The incidence matrix for Example 2.5 is, where, A12 =A?, = 0, A22 corresponds the p2's plan listed in Table 2.3. Its first column corresponds to loading a product; the second column corresponds to advancing a product at step 1 to step 2; the third column corresponds to advancing a product at step 1 to step 3; the fourth column corresponds to advancing a product at step 2 to step 4; the fifth column corresponds to advancing a product at step 3 to step 4; the sixth column corresponds to advancing a product at step 4 to step 5 and the seventh column corresponds to unloading a product. If the current state is, Sold = [l O] and, t1 = [O ] T, (loading of product of typep:) tz = [ (advancing product of typepl at step 2 to step 3) then Sne,l = Soid + Atl = [I O] T, silen,2 = sold + AtZ = [l ] T.

63 2.2.4 Reachability Analysis 5 3 State sj is reachable from another state s, iff there is at least one sequence of state transitions t~+tl+... +tk that brings the system from state si to state sj after all the transitions have been made. Let R(si) be the set of states reachable from state si, R(sI) c Ss. Let RfrOm(si) be the set of states immediately reachable from state si, RfrOm(s,) c R(si). By immediately reachable, we mean that the reachable state is one transition away from state si. We can also define the set of states from which state si is immediately reachable, denoted as Rt0(si), Rto(s1) c Ss. State sj is llnreachable from state si iff there does not exist such a sequence of state transitions that can bring the system from state si to state sj. Let R(si) denote the set of unreachable states from state si. Reachability graphs can be constructed for relatively small systems to help perform reachability analysis and the following deadlock analysis. The node of the graph represents a system state. So, there are a total number of Ns nodes in the graph. An arc is drawn from state si to state s, if state sj is immediately reachable from state si. 2.3 Deadlock and Deadlock Avoidance In this section, we will first give the definition of deadlock for our flexible manufacturing system model and then discuss deadlock avoidance. Deadlock avoidance policy and its related concepts will also be defined.

64 2.3.1 FMS Deadlock Normally a FMS system needs to start from an idle state that is empty of products, i.e. start from state so. We call a state s, in the set of reachable states from so, i.e., s, E R(so), an operational state. so is also an operational state. The set of all operational states is - R(so) u so, denoted as So,, Sop c S,. All states in R(so) = SsEo, are unreachable system - states, they are called non-operational states, denoted as So,. In this study, we are mainly interested in analyzing operational states. A state s, is enabled iff further enabled state transition exists, that is, a system in this state can either load in a new product or advance an existing product in the system (including product at its last process step, advancing this product will make it leave the system). This concept can be naturally extended to a resource state. A resource state is enabled iff it has either a free unit or a product in it which can exit the system or leave for another resource that has a free unit. A resource state is self-enabled if it has either a free unit or a product in it which can exit the system. Otherwise it is enabled by another resource. When a resource state is enabled, it does not necessarily means the system state is also enabled. A state is zinenahled iff no further enabled state transition exists. Definition 2.8. A state s, is a deacllock state iff state so is unreachable from state s,, i.e., so e R(s,). The set of all deadlock states is denoted as Sd, Sd c Sop. Proposition 2.9. If state s, is a deadlock state, then every state of R(s,) is a deadlock state, i.e., R(s,) Sd.

65 ProoJ Let s, be a state of R(s,), then R(s,) c R(s,). Since so G R(s,), so so E R(sj), that is 55 state so is unreachable from state s,. Therefore sj is a deadlock state and we have R(si) G Sd. Definition A state s, is live iff state so is reachable from state s,, i.e., so E R(s,). The set of all live states is denoted as, S,, SI c So,. There are such live states that whatever transitions you make the resulting state stays live. Other live states can become deadlock states after some transitions are made. DeJinition A state s, is strongly live if it is live and any state in Sd is unreachable from it, in other words, Sd n R(s,) = $. Definition A state s, is weakly live if it is live and a state in Sd is reachable from it, i.e., Sd n R(s,) + 4. Deadlock states can be further categorized into primary deadlock, impending deadlock, partial deadlock, and total deadlock. A state is in total deadlock if the state is unenabled. A state is in primary deadlock if in this state there exists a set of filled to capacity resources Rd c R whose states can only be enabled by resources in Rd, i.e., p,,+rk, p,j+~-+rl, VpIJ E part(rd), rk, rl E Rd. Resources in the set Rd are in a circular wait situation. Total deadlock is a primary deadlock but not vice versa. A total deadlock state might still have free resources. If a primary deadlock state is enabled, then the state is called a partial deadlock state.

66 56 A state is in impendirzg deadlock if the state must terminate in a primary deadlock after a finite number of state transitions. The more transitions needed for it to evolve into a primary deadlock, the more difficult it is to find it. Example In this example we will demonstrate the various deadlock concepts. Refer to Figure 2.3. Suppose the system consists of 4 resources rl, r?, r3 and rq, all with unit capacity and the system manufactures 3 types of products, pi, pz and p3. Their process plans are rl+r2+r3, r3+r2+rl and rj+rl, respectively. Figure 2.3 WRG for example 2.13 Resource rl can have product pll, p23 or p32, resource r2 can have product p12 or p22, resource r3 can have product p13 orp21, and resource r4 can only have product p31. Figure 2.4(a) illustrates a total deadlock; (b) illustrates a primary and partial deadlock, where r2 and r3 are in circular wait, but p3l can advance; and (c) illustrates an impending deadlock, advancing eitherpl 1 orpzl will put the system into primary deadlock. "$33 (a) Total deadlock "@ (b) Primary and partial deadlock '*& (c) Impending deadlock Figure 2.4 Deadlock demonstration

67 2.3.2 State Space Partition The state space of a FMS system can be divided into several portions. First, the space can be divided into reachable (operational) states and unreachable states. Second, the reachable sub state space can be divided into live and deadlock states. Third, the deadlock sub state space can be divided into primary and impending deadlock states. And fourth, the primary deadlock sub state space can be further divided into total and partial deadlock states. Also, the live sub state space can be divided into strongly live and weakly live states. Figure 2.5 illustrates this partition. In this study, we are mainly interested in studying the interactions between weakly live sub state space and deadlock sub state space. - Primary I Deadlock Figure 2.5 State space partitions

68 2.3.3 Deadlock Avoidance Strongly live state is not a very useful concept in practice because only linear transfer line or systems with no circuits in their WRG can have this property. Also, we don't need to worry about them when we develop our control policy to avoid deadlock. Another concept is controlled strongl~y live state. A weakly live state might get into deadlock if it is not controlled. One method to avoid a weakly live state evolving into a deadlock is to let the system controller disable immediate transitions leading to deadlock. If every weakly live state which has a immediate transition to deadlock has this restriction applied to all their immediate transitions that lead to deadlock, then all weakly live states are controlled strongly live under this restriction. This type of restriction actually defines an optimal deadlock avoidance policy. There are other types of restrictions that avoid deadlocks but might also avoid some live states and thus are not optimal. The following presents formal definitions. Definition A deadlock avoidance policy (DAP) is an algorithm which prevents the system from firing a certain sub set of events in a given live state so that the system can only operate within a live sub state space Sdap, Sdap c sop%, and so E Sdap. Let Rdap(si) be the set of states reachable from state s, under DM. Two types of DAPs have been developed in the literature. One can be expressed as a set of algebraic inequalities. The other can be a search-based algorithm. In other words, a DAP partitions the system's operational state space into two sub spaces, Sdap and,ydap= Sop&.p. Sdap is called the allowable sub spuce and id., is called the disallowable sub space of Sop.

69 59 A DAP is correct iff every state in Sdap is controlled strongly live (called DAP controlled strongly live), i.e., Rdap(si) = Sdap, Sd n Sdap = 4, v~i E &ap. A correct DAP is conservative iff there exist live states inidap, i.e.,s,,,& L $. The conservativeness can be measured by an optirnalij~~,fc2ctor-, defined as the number of live states allowed by the DAP over the number of live states in the system, that is, A correct DAP is optimal (or complete) iff Sdap contains all live states of So,, or Sdap = S,, that is, p = 1, or 100%. A DAP is scalable if the time and space required to execute the algorithm are bounded by a polynomial of the system size, which can be measured by L - the sum of lengths of all process plans C, L, (i = 1 - m). An optimal DAP allows all live states and disallows all deadlock states of Sop. Unfortunately, optimal DAPs are hard to obtain (NP-complete) because of the existence of impending deadlock states [13]. This is also why researchers of the related field turned to find scalable sub optimal policies instead Optimal Deadlock Avoidance Policy search. The following presents an optimal deadlock avoidance algorithm based on exhaustive Algorithm Optimal Deadlock Avoidance Algorithm. 1) Generate the set of operational states Sop, 2) Find from So, the set of deadlock states Sd, Sd c Sop,

70 60 3) Find from So, the set of all weakly live states whose immediate reachable set of states intersect Sd, denoted as Swd, Swd G Sop, 4) Find the set of transitions from states in Skd to states in Sd, denoted as TNd, till E E, v tl, E Twd. 5) Disable transitions in Tb\d. The good property of this algorithm is steps 1) through 4) can be calculated off-line and at run-time the system controller needs only to keep the set Tud. The shortcomings of the algorithm are: i) Whenever the system needs to be reconfigured, such as adding a new product type or removing an existing product type, the set Twd needs to be updated and steps 1) through 4) of the algorithm need to be recalculated. ii) And unfortunately, recalculation of steps 1) through 4) of the algorithm is not trivial, but is of exponential complexity. From the state space size calculation, we know that the state space will increase at an explosive speed. To get an idea of the state space explosion, let's take a look at a system with 10 resources. If on the average, each resource has capacity 2 and is shared among 3 process steps, that is, Cr = 2 and Mr = 3, then and, 3 N,= C 2+,= 10 N, = Nr'0 = 10'0 that is, the system has a state space of 10 billion states. Imagine the time and space requirements for this system. Even with today's computer technology, it is still hard to calculate the optimal DAP.

71 6 1 Example In this example, we use our classic bow-tie graph (it is representative and has a small state space) to demonstrate reachability and deadlock analysis. Suppose the system consists of 3 resources rl, r2 and r3, all with capacity 1 and manufactures 2 types of products pl and pz. Their process plans are rl--+r2-+rj and r3--+rz--+rl, respectively. Figure 2.6 WRG for example 2.16 Resource rl is shared by products pl, and P23, r2 is shared by products p12 and p22, and r3 is shared by products p13 and p21. For resource rl, Nrl = 3, Srl = ( 0, 1, 2 ), and state 0 means resource is empty, 1 means resource has product pl 1 and 2 means resource has product p23. For resource r2, Nr2 = 3, Sr2 = ( 0, I, 2 ), and state 0 means resource is empty, 1 means resource has product p12 and 2 means resource has prod~ctp~~. For resource r3, Nr3 = 3, Srj = { 0, 1, 2 }, and state 0 means resource is empty, 1 means resource has product p13 and 2 means resource has product pz1. And the system state space S, = { so, sl,..., ~ 2 }. 6 Table 2.4 lists all the states and their corresponding immediate reachable set Rti,,, and Rt,. The reachability graph drawn in Figure 2.7 is based on the table. From the table (or more easily and visually from the graph), we found the set of operational states, sop = { SO, s1, s2, s3, s4, $5, s6, s8, s9, SIO, s1 I, sl2, sl3, SIJ, sl5, s17, s18, s20, s24, s26 ),

72 Table 2.4 Enumeration of states for example State s, Rfrom(sl> Rto(sl) i=o-13 SO =[OOOI s, = [ o 0 11 S, =[002] s3 = [ Sq =[o 111 Sj =[o 121 S6 = [ S7 = [ Sg =[022] ~9 =[loo] Slo = [ sll=[l sl2 = [ S13 = [ ( ~ 2 ~, 9 ) {SO, ~ 1 0 ) Cs6, SI 11 {si, sj, ~ 1 2 ) {s3, ~ 1 3 ) (~14) {sg, S lj, ~ 1 8 ) { ~ 6 S16,, sl9) {s17, ~ 2 0 ) (~3, SII) {s4, s9) {sj, S I ~ ) {SIO, ~ (~12) {SI, ~ 1 8 ) {s3, ~ 1 9 ) {SO, ~ {SJ, s9, SII / {sl0,~22} {s3, sll, ~ 2 3 ) {s!, s7, ~ 11) {srjl {s63 ~ {so, SIO) (~1, ~ 1 2 ) {s2, s9> ( ~ 3 ~, 1 3 Cs'll State s, Rfrom(sl) Rto(s,) i = ~ 1= 4 [ 1121 { 1 {sj, ~ 1 2 ) slj= [ 1201 Cs17) --- {s6, sl 1, s10) S16 = [ Csljl ( ~ ~ 1 s17 = --- [ 1221 C 1 {SS~ S I ~ J. {SO, ~ 2 0 ) {s6, ~ 1 9 ) {s7, ~ 2 1 ) s18=[200] s19 = [ s20 = [ s21 = [ S22 = [ ~ 2= 3 [ SN = [ 2201 S2j = [ S26 = [ {sl, ~ 1 8 ) {s2, ~ {s3, s19, s23$ is'!, ~ 2 1 ) (sj ( ~ 6 ~, 2 6 ) (~20, ~ 2 5 ) -- (~7, ~ 2 4 ) ( ~ 8 ) ( ~ 8 ~, 1 8 ) { ~ 2 2 ) { 1 Is21 1 C > ( ~ 2 4 ) the set of deadlock states, sd = { s5, s117 s14, s15, s17 ), where sll is an impending deadlock, s~ and s15 are partial deadlocks and s14 and S17 are total deadlocks; the set of weakly live states with transitions to states in Sd, Swd = { S2, S3, S6, SS, S9, Sl2 ), and the set of transitions of Swd leading to states in Sd, Tud = { t2,11, t3,5, t6,15, t8,17, t9,ll, t12,14 1. Therefore, the optimal DAP will disable state transitions from s2 to sll, s3 to s ~, s6 to s15,.s.8 to ~17, sg to SII, and sl2 to ~14. Under this DAP the system will be strongly live, or cieadlock free, and the allowable sub space Sdap = Sop&

73 Gre, Red Blac Figure 2.7 Reachability graph An example of conservative (non-optimal) but correct DAP for this example can be an algorithm that only allows the system to operate within, Sdap = SopDd\{ S13, ~26) Under this DAP, live states sl3 and S26 are disallowed. The optimality factor is, p= 11/13 =84% An example of incorrect DAP for this example can be a DAP which performs one step look ahead to avoid deadlock. It is incorrect because sll is an impending deadlock state that is allowed by the DAP.