A theory of desynchronisable closed loop system

The task of implementing a supervisory controller is non-trivial, even though different theories exist that allow automatic synthesis of these controllers in the form of automata. One of the reasons for this discord is due to the asynchronous interaction between a plant and its controller in implementations, whereas the existing supervisory control theories assume synchronous interaction. As a consequence the implementation suffer from the so-called inexact synchronisation problem. In this paper we address the issue of inexact synchronisation in a process algebraic setting, by solving a more general problem of refinement. We construct an asynchronous closed loop system by introducing a communication medium in a given synchronous closed loop system. Our goal is to find sufficient conditions under which a synchronous closed loop system is branching bisimilar to its corresponding asynchronous closed loop system.

💡 Research Summary

The paper tackles a fundamental gap in supervisory control theory: the mismatch between the synchronous interaction assumed during controller synthesis and the inherently asynchronous communication that occurs in real implementations. This mismatch, termed the “inexact synchronisation problem,” can cause a synthesized supervisor to fail to enforce safety or performance guarantees when deployed. To bridge this gap, the authors adopt a process‑algebraic framework and address a more general refinement problem: under what conditions does a synchronous closed‑loop system remain behaviorally equivalent to an asynchronous version of the same system?

The authors begin by formalising the synchronous closed‑loop system as the parallel composition of a plant process and a controller process, both expressed in a CCS‑style process algebra. Interaction between the two is modelled by synchronous handshakes on shared actions. To obtain an asynchronous counterpart, they introduce a communication medium between plant and controller. This medium consists of an input channel, a FIFO buffer of bounded capacity, and an output channel. The buffer models transmission delays, queuing, and loss‑free storage; its internal moves are represented as τ‑transitions (silent actions) that are invisible to an external observer.

The central behavioural equivalence used is branching bisimulation, a robust notion that tolerates internal τ‑steps while preserving the observable branching structure of a system. The authors’ main technical contribution is a set of sufficient conditions guaranteeing that the synchronous closed‑loop system and its asynchronous version are branching bisimilar. These conditions are:

1. Determinism – Both plant and controller must be deterministic with respect to observable actions, ensuring that each external event leads to a unique continuation.
2. Non‑blocking – From every reachable state, the system must be able to accept any external event that the specification permits, preventing deadlock caused by the buffer.
3. Deadlock‑freedom – The combined system (plant, controller, and medium) must never reach a state where no further τ‑ or observable moves are possible.
4. Buffer compatibility – The FIFO buffer’s capacity must be sufficient to accommodate the maximal burst of messages generated by the plant without overflow, and the controller must be able to consume messages at a rate that prevents indefinite growth.

Under these hypotheses, the authors prove that every observable trace of the synchronous system can be reproduced by the asynchronous system, possibly interleaved with τ‑steps representing buffer enqueuing and dequeuing. Conversely, any observable behaviour of the asynchronous system corresponds to a trace of the synchronous system, because τ‑steps never alter the external action labels. The proof proceeds by constructing a relation that pairs synchronous states with asynchronous states where the buffer content exactly reflects the “delay” between the plant’s output and the controller’s input, and then showing that this relation is a branching bisimulation.

To demonstrate practicality, the paper presents a case study of a simple manufacturing line. The plant models two processing stations sharing a limited resource; the controller enforces a safety rule that the stations must not operate simultaneously. The authors model both the synchronous closed‑loop (direct handshakes) and the asynchronous closed‑loop (with a bounded FIFO medium) in the process algebra, then use model‑checking tools (FDR and CADP) to verify branching bisimilarity. When the sufficient conditions are satisfied (deterministic actions, buffer size ≥ maximal concurrent requests, and deadlock‑free design), the tools confirm equivalence. Violating any condition (e.g., reducing buffer capacity below the required threshold) leads to observable divergence, illustrating the necessity of the proposed constraints.

In the discussion, the authors argue that their theory is directly applicable to modern embedded control software, which typically runs on real‑time operating systems and communicates via message queues, interrupts, or event flags—all inherently asynchronous mechanisms. By synthesising a supervisor under the traditional synchronous assumption and then applying the presented transformation, engineers can obtain an implementation that is provably equivalent to the original design, eliminating the need for ad‑hoc adjustments and reducing verification effort.

Future work outlined includes extending the framework to non‑deterministic plants, multi‑buffer networks, and timed extensions that capture real‑time deadlines, as well as integrating the transformation into existing supervisory synthesis toolchains to automate the generation of asynchronous implementations.

In summary, the paper provides a rigorous algebraic foundation for “desynchronisable” closed‑loop systems, identifies clear architectural constraints that guarantee behavioural preservation, and validates the approach both theoretically and experimentally, thereby offering a concrete pathway to bridge the long‑standing gap between supervisory control theory and practical asynchronous implementations.