This article was downloaded by: [Carnegie Mellon University]On: 09 November 2014, At: 02:30Publisher: Taylor & FrancisInforma Ltd Registered in England and Wales Registered Number: 1072954 Registeredoffice: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK

International Journal of ProductionResearchPublication details, including instructions for authors andsubscription information:http://www.tandfonline.com/loi/tprs20

Guidelines for implementing robustsupervisors in flexible manufacturingsystemsShengyong Wang a , Song Foh Chew b & Mark Lawley ca Department of Systems Science and Industrial Engineering ,State University of New York at Binghamton , Binghamton, USAb Department of Mathematics and Statistics , Southern IllinoisUniversity , Edwardsville, USAc Weldon School of Biomedical Engineering , Purdue University ,West Lafayette, USAPublished online: 13 Oct 2009.

To cite this article: Shengyong Wang , Song Foh Chew & Mark Lawley (2009) Guidelines forimplementing robust supervisors in flexible manufacturing systems, International Journal ofProduction Research, 47:23, 6499-6524

To link to this article: http://dx.doi.org/10.1080/00207540802225991

PLEASE SCROLL DOWN FOR ARTICLE

Taylor & Francis makes every effort to ensure the accuracy of all the information (the“Content”) contained in the publications on our platform. However, Taylor & Francis,our agents, and our licensors make no representations or warranties whatsoever as tothe accuracy, completeness, or suitability for any purpose of the Content. Any opinionsand views expressed in this publication are the opinions and views of the authors,and are not the views of or endorsed by Taylor & Francis. The accuracy of the Contentshould not be relied upon and should be independently verified with primary sourcesof information. Taylor and Francis shall not be liable for any losses, actions, claims,proceedings, demands, costs, expenses, damages, and other liabilities whatsoever orhowsoever caused arising directly or indirectly in connection with, in relation to or arisingout of the use of the Content.

This article may be used for research, teaching, and private study purposes. Anysubstantial or systematic reproduction, redistribution, reselling, loan, sub-licensing,systematic supply, or distribution in any form to anyone is expressly forbidden. Terms &

Conditions of access and use can be found at http://www.tandfonline.com/page/terms-and-conditions

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

International Journal of Production ResearchVol. 47, No. 23, 1 December 2009, 6499–6524

Guidelines for implementing robust supervisors in flexible

manufacturing systems

Shengyong Wanga, Song Foh Chewb and Mark Lawleyc*

aDepartment of Systems Science and Industrial Engineering, State University of New Yorkat Binghamton, Binghamton, USA; bDepartment of Mathematics and Statistics,

Southern Illinois University, Edwardsville, USA; cWeldon School of Biomedical Engineering,Purdue University, West Lafayette, USA

(Received 4 August 2006; final version received 16 May 2008)

Over the past several years, researchers have developed numerous control policiesthat assure deadlock-free operation for flexible manufacturing systems. Using thisresearch base as a foundation, we have developed several supervisory policies thatassure robust operation in the face of resource failure. Along with deadlock-freeoperation, these policies guarantee that failure of unreliable resources doesnot block production of part types not requiring failed resources. In our previouswork, we developed two types of robust policies, those that ‘absorb’ all partsrequiring failed resources into the buffer space of failure-dependent resources(resources that support only parts requiring failed resources), and those that‘distribute’ parts requiring failed resources among the buffer space of sharedresources (resources shared by parts requiring and parts not requiring failedresources). These two types of robust controllers assure different levels of robustsystem operation and impose very different operating dynamics on the system,thus affecting system performance in different ways. In this research, we useextensive simulation and experimentation on a highly complex and configurablesystem to develop guidelines for choosing the best robust supervisor basedon manufacturing system characteristics and performance objectives. We validatethese guidelines using seven randomly generated complex systems and finda better than 88% agreement.

Keywords: deadlock avoidance; robust supervisory control; fault tolerance;flexible manufacturing systems

1. Introduction

Many manufacturing businesses invest heavily in computer-based manufacturingautomation to compete in markets characterised by mass customisation, shortenedproduct life cycles, stringent product specifications, and global supply and distribution.As effective computer control of these systems has proven to be both difficult and vital forbusiness profitability, significant research has been directed to adapting rigorous discreteevent models such as Petri nets, finite state automata, language theory, and resourceallocation digraphs to the manufacturing control problem. These types of models cannaturally capture manufacturing system operating dynamics and are easily converted intocontrol software. They are also essential for ensuring certain types of operational

*Corresponding author. Email: malawley@purdue.edu

ISSN 0020–7543 print/ISSN 1366–588X online

� 2009 Taylor & Francis

DOI: 10.1080/00207540802225991

http://www.informaworld.com

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

and structural properties, such as ‘liveness’, ‘boundedness’, ‘fairness’, and ‘reversibility’,and important in manufacturing systems control.

One of the most important properties for a manufacturing system controller toguarantee is deadlock-free operation. Deadlock avoidance policies (DAP) are real-timeresource allocation methods that allocate system resources to processing parts so thatthere is always a feasible sequence of resource allocations that completes every part andempties the system. In the manufacturing literature, the resource types are generallyassumed to be work stations with finite capacity buffers. The resource unit allocated toa part is a unit of the work station’s buffer space that the part must have to be able tomove to and be processed at that work station (for example, a single work station withbuffer size 10 would compose a single resource type with capacity to hold 10 parts,note that this includes any ‘service’ location). Deadlock-free operation essentiallyguarantees that continuing production of all part types is possible; in other words, thatthe system never reaches a state where it is impossible to continue producing some parttype.

Over the past decade, the theory of deadlock avoidance in manufacturing has beenextensively developed, with many researchers contributing to the knowledge base.(Rather than providing a long citation list for this work, we refer the reader to Fantiand Zhou 2004, who provide an extensive review.) Unfortunately, almost none of thiswork considers the implications of resource failure on system operation. That is, if thework station experiences a sensor failure, a tool failure, a spindle failure, a hydraulic orelectrical failure, or if parts go out of specification, then the work station will have to ceaseoperation until repair or adjustment occurs. Clearly, none of the parts in the system thatrequire that failed resource in their future processing can be completed until the repairoccurs. Such parts can be left where they are (occupying buffer space of some workstation), they can be moved to a central buffer area, or they can be allowed to continuealong their respective routes until they are stalled. In any case, the system controlleroversees and executes this through its resource allocation logic. Problems arise whenthese stalled parts block the production of parts that do not require the failed resource.This happens when parts requiring the failed resource fill and are stalled in the buffer spaceof a shared resource (the buffer space of a work station that processes parts requiring thefailed resource and parts that do not).

In our research, we have developed controllers that guarantee what we call ‘robust’operation (see Lawley 2002, Lawley and Sulistyono 2002, Chew and Lawley 2006, Wanget al. 2008, Chew et al. 2008). These controllers guarantee three independent properties,informally stated as follows:

(1) Before resource failure, continuing production for all part types (deadlock-freeoperation).

(2) After resource failure, continuing production for all part types not requiring thefailed resource.

(3) After resource repair, continuing production for all part types.

Chew and Lawley (2006) state these requirements rigorously in a general form andprovide examples. These properties imply that the system must be constrained to bufferallocation states that serve as feasible initial states for both a reduced system resultingfrom resource failure and an augmented system resulting from resource repair.

We have developed two types of robust control policies. The first type limits thenumber of ‘failure-dependent’ parts in the system (parts requiring unreliable resources)

6500 S. Wang et al.

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

so that, should an unreliable resource fail, all parts requiring that failed resource in theirfuture processing can be advanced into the buffer space of work stations that processonly parts requiring that failed work station (we say that such a resource is ‘failure-dependent’ on the unreliable resource). In other words, every part in the system thatrequires an unreliable resource in its future processing must have buffer space reservedon an associated failure-dependent resource. The controller guarantees that, should theunreliable resource fail, a sequence of resource allocations exists that will advance eachpart requiring the failed resource along its route and into the buffer space of the associatedfailure-dependent resource. The controller also guarantees that this advancement leavesthe system in a safe state.

We refer to this type of controller as ‘absorbing’ since it absorbs all parts requiring thefailed resource into the associated failure-dependent resource’s buffer space. This clears allshared buffer space of these parts so that production of other part types is not inhibited.

We note that an unreliable resource is failure-dependent on itself, and thus eachunreliable resource has at least one associated failure-dependent resource. Thus, in themost restrictive case, the number of parts requiring a given unreliable resource that couldbe allowed in the system at one time would be equal to that resource’s capacity, again,so that if the resource fails, all such parts could be moved into its buffer space. Absorbingpolicies are presented in Lawley (2002), Lawley and Sulistyono (2002), Chew and Lawley(2006), Chew et al. (2008).

Our second type of robust control policy uses both failure-dependent and shared buffercapacity to accommodate parts that require failed resources. This allows the system tohandle much heavier loads of failure-dependent part types and thus enhances theirproduction rates. The policy controls the number and distribution of these failure-dependent parts so that, when an unreliable resource fails, there will be a feasible sequenceof resource allocations that distributes the parts so that no shared resource has its buffercapacity filled with parts requiring the failed resource. Further, the resulting state will besafe. Since, in that state, no shared resource is filled with parts stalled by a failed resource,production of part types not requiring the failed resource can continue. We refer to thistype of controller as ‘distributing’.

From the above discussion, we hope it is clear that absorbing policies achieve robustoperation by strictly limiting the number of failure-dependent parts allowed in the system,which can depress their production rate. However, this assumes that the maximum amountof shared buffer space will be available for non-failure-dependent parts should unreliableresources fail, thus helping enhance their production rate. On the other hand, thedistributing policies achieve robustness by using the buffer space of shared resourcestogether with that of failure-dependent resources to strategically locate parts requiringfailed resources. This allows the system to be much more heavily loaded with failure-dependent parts, which can enhance their production rate. However, it might limit theshared buffer space available for production of non-failure-dependent parts, and thuscould limit their production rate.

The two policy types also differ in the level of robustness they guarantee. In Chew andLawley (2006) we prove that the absorbing policies guarantee that if any subset ofunreliable resources fail, the system can continue to produce all part types not requiringa failed resource. Thus, such a policy could be very useful if multiple resources werelikely to be down at the same time. On the other hand, as is proven in Wang et al. (2008),the distributing policies guarantee robust operation for only one resource failure at a time.In other words, if all resources are working and then one fails, the system can continue

International Journal of Production Research 6501

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

producing all part types not requiring the failed resource. However, if one additional

resource fails, system operation could stall until repairs occur.Our objective in this paper is to present guidelines to help the systems engineer choose

between these two types of policies for implementation in a specific system with given

performance objectives. These guidelines are based on extensive experimentation and

simulation of a highly complex and configurable system. We also validate the guidelines

with seven randomly generated systems and find close agreement with the guidelines.

The remainder of the paper is structured as follows. Section 2 provides a brief overview ofour robust controllers. Section 3 presents the details of our designed experiment and

simulation study, while Section 4 presents experimental results. Section 5 then presents our

guidelines and our validation experiments. Finally, Section 6 summarises our contributions.

2. Overview of robust supervisory controllers

This section provides a brief overview of three controllers that we experiment with in our

simulation study. The resource order policy (RO) (Lawley et al. 1998) is a sub-optimalDAP based on the intuition that parts flowing in opposite directions through the same set

of work stations must at some point be able to pass. In this policy, the work stations are

ordered and each part is categorised according to how it flows with respect to that order.

Resource allocation is constrained so that a work station never simultaneously exists low

in the order filled with parts moving up the order and a work station high in the order

filled with parts moving down the order (this negates a necessary condition for both

deadlock and unsafeness). RO is expressible as a set of linear inequalities that defines

a deadlock-free region of system operation. Lawley et al. (1998) provides a detailed

development and proves the correctness and scalability of RO for systems with no

unreliable resources. Although a correct DAP, RO is not robust to resource failure.The second controller, a robust absorbing controller developed in Lawley and

Sulistyono (2002) and extended in Chew and Lawley (2006), is the conjunction of a set of

neighbourhood constraints (NHC) and a modified version of the Banker’s algorithm (BA)(Lawley et al. 1998). By ‘conjunction’ we mean that a state is allowed only if it satisfies both

NHC and BA. We refer to this supervisor as NHCþBA. NHC is a set of linear inequalities

that restricts the number of failure-dependent parts so that, in any admissible state, every

such part can be absorbed into failure-dependent buffer space. BA is an algorithm

that guarantees for any admissible state a sequence of resource allocations that advances

failure-dependent parts into failure-dependent buffer space and non-failure-dependent

parts out of the system (these are completed). Chew and Lawley (2006) provide a detailed

development of this policy for systems with multiple unreliable resources. The paper

provides examples, formal definitions, and detailed proofs for correctness and robustness.The last controller is a robust distributing controller developed in Wang et al. (2008).

This controller, which we refer to as RO4, is the conjunction of four RO policies,

each being applied to a specific subset of system resources. The four RO policies are as

follows. The first, RORCO, rejects states that exhibit more than one capacitated resource

in the system’s ‘region of continuous operation’. (Note that a capacitated resource isa resource allocated to capacity, that is, whose buffer space is full.) The region of

continuous operation is the set of reliable resources (resources assumed never to fail) that

support at least one non-failure-dependent part. Some of these resources may support

only non-failure-dependent part types, while others may be shared with failure-dependent

6502 S. Wang et al.

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

part types. The region of continuous operation is the set of resources that will continue toproduce part types not requiring the failed resource.

The second policy, RORFD, consists of a constraint set for each unreliable resource(resource that can fail), and it rejects states that exhibit more than one resource in the‘region of failure dependency’ filled with failure-dependent parts that require the sameunreliable resource in their future processing. The region of failure dependency is the set ofall resources that support at least one failure-dependent part. Some of these resources maybe dedicated to only failure-dependent part types, while others may be shared with non-failure-dependent part types. Note that RORFD does not place any constraint on the totalnumber of capacitated resources in the region of failure dependency, only on the numberfilled with parts requiring the same unreliable resource in their future processing. Thus, itwill accept states that exhibit several resources filled with failure-dependent parts, whichcan cause problems. Thus, the third policy, RORFD2, rejects states that exhibit more thantwo resources in the region of failure dependency that are capacitated with failure-dependent parts. It places no constraint on the total number of capacitated resources in theregion of failure dependency.

The fourth, ROROD, rejects states that exhibit more than one capacitated resource inthe ‘region of distribution’. The region of distribution is the set of all reliable resources thatsupport at least one failure-dependent part. This is the set of reliable resources that will beused to ‘distribute’ parts requiring a failed resource. ROROD places no constraint on thenumber of unreliable resources that are capacitated.

A resource allocation state will be allowed by RO4 only if it satisfies all four of thesepolicies. Robust, deadlock-free operation is achieved through the subtle interactions ofthese four policies. Wang et al. (2008) fully develop the RO4 policy by providing examples,formal definitions, and detailed proof that the policy provides the level of robustnessdiscussed earlier. The policy basically assures that for every admissible state there exists asequence of admissible states leading to an admissible, deadlock-free, safe state, in whichno resource in the region of continuous operation is capacitated with failure-dependentparts. For a more detailed look at any of these policies, we refer the reader to theappropriate reference.

In the following sections, we use simulation to study and compare the performancecharacteristics of systems supervised by these policies. This experimentation culminateswith guidelines that indicate when each is best applied.

3. Design of experiments

In this section, we discuss the experimental approach that we used to develop ourimplementation guidelines. Figure 1 depicts the production system that we used in thesimulation study. It produces 20 part types using 16 resources and has elements of counterflow, re-entrant flow, highly complex opportunities for circular wait, the possibility formultiple resource failures, and high potential for failure induced blocking. The resourcescan be classified as follows:

. (NFD) Non-failure-dependent resources (r1, r2, r3 and r4): these are reliableresources (do not fail) that support no parts requiring unreliable resources.

. (PFD) Partially failure-dependent resources (r5, r6, r7 and r8): these are reliableresources that support at least one failure-dependent part and at least one non-failure-dependent part.

International Journal of Production Research 6503

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

. (RU) Unreliable resources (r9, r10, r11 and r12): these are resources that can fail(these are outlined in bold).

. (FD�RU) Reliable failure-dependent resources (r13, r14, r15 and r16): these arefailure-dependent resources that are not unreliable, i.e. reliable resources thatsupport only parts requiring unreliable resources in their future processing.

We use the above categories to define four capacity ratios that we can experimentallyadjust to configure the system for emphasising mostly failure-dependent production,mostly non-failure-dependent production, or high levels of both. These are as follows:

(1) NFD ratio, the total buffer size of NFD resources divided by the total buffer sizeof the system. As NFD ratio increases, more system capacity is dedicated to nonfailure-dependent parts.

(2) PFD ratio, the total buffer size of PFD resources divided by the total buffer size ofthe system. As PFD ratio increases, more system capacity is dedicated to resourcesthat are shared by failure-dependent and non-failure-dependent parts.

(3) RU ratio, the total buffer size of unreliable resources divided by the total buffersize of the system. As RU ratio increases, more system capacity is dedicated tofailure-dependent parts. This will increase the number of failure-dependent partsallowed in the system.

P2

P4

P1

P3

r1 r2 r3 r4

r5 r6 r7 r8

r9 r10 r11 r12

P5

P6

P7

P8

P9

P10

P11 P12

P13

r13 r14 r15 r16

P14

P15P16

P17

P18

P19 P20

Figure 1. An example production system for experimentation.

6504 S. Wang et al.

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

(4) (FD�RU) ratio, the total buffer size of reliable failure-dependent resourcesdivided by the total buffer size of the system. As (FD�RU) ratio increases, moresystem capacity is dedicated to failure-dependent parts, which will increase thenumber of failure-dependent parts allowed in the system.

We influence these ratios by adjusting the capacity of system resources (by adjustingthe buffer space dedicated to each system work station). Our experiment has four levels ofbuffer size for each category of resources. For NFD and PFD resources, we use thenumber of part type stages supported by the resource as the baseline level of the buffersize, and the other three levels of the buffer size are set to: (1) 50% of the baseline level(if it is a fractional number, we take the floor function of that number), (2) three timesthe baseline level, and (3) 10 times the baseline level. Specifically, NFD resources (r1, r2, r3and r4) support four part type stages each. Thus, the buffer size factor levels for NFDresources are two, four, 12 and 40 for the four levels, respectively. Similarly PFD resources(r5, r6, r7 and r8) support six part type stages each; thus, 3, 6, 18 and 60 are thecorresponding factor levels. For FD resources, we take the maximum value of the numberof part type stages supported for two resource categories: RU and (FD�RU). Unreliableresources (r9, r10, r11 and r12) support four part type stages each, and (FD�RU) resources(r13, r14, r15 and r16) support two part type stages each. Taking the maximum value of thesupported part type stages of RU and (FD�RU), the corresponding factor levels are 2, 4,12 and 40.

To capture the failure characteristics of unreliable resources, we consider two factors,percent downtime and failure cycle. We test percent downtime at six different levels,0%, 10%, 30%, 50%, 70%, 90%, and failure cycle at three levels, 60 minutes, 600 minutes,and 6000 minutes. We take a complete ‘failure cycle’ (uptimeþ downtime) to be the sumof two exponential random variables, with parameters that add up to the failure cycle.For example, at 10% downtime and 6000 minute failure cycle, the time to failure isexponentially distributed with mean of 5400 minutes and the downtime is exponentiallydistributed with mean of 600minutes. Thus, at 10% downtime, the time to failure is longerand the downtime is shorter; while at 90% downtime, the time to failure is shorter and thedowntime is longer.

The last experimental factor is the control policy. We use three policies, RO, RO4 andNHCþBA. Note that RO is not robust to resource failure and thus comparing it with RO4

and NHCþBA will give us some sense of the overall importance of robust control to goodsystem performance. As discussed earlier, NHCþBA is an absorbing policy that providesrobustness to any number of resource failures, while RO4 is a distributing policy thatprovides robust operation to one resource failure at a time. Comparing these two undera variety of resource capacity and failure characteristic conditions will give us some sense ofwhen each helps the system perform its best. Table 1 summarises all experimental factors.

Final details are as follows. For order release, we load new part types into the systemwith equal probability. If the control policy will admit the state that would result fromloading the new part, this new part is allowed to move into the system. If the control policywill not admit the resulting state and there are no failed resources in the route of thenew part, other attempts are initiated after short periods until the new part is loadedinto the system or until a resource failure occurs in its route. When resources requiredin the new part’s route are failed and the resulting state is not admitted by control policy,the part will be delayed outside the system and another new part will be selected forloading.

International Journal of Production Research 6505

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

For performance measures, we use the production rates of non-failure-dependent

parts (NFD production rate) and failure-dependent parts (FD production rate) during

a simulation run of 1000 hours. We set the processing time of all part stages to be

exponentially distributed with mean of five minutes and perform three replicationsfor each of the 4� 4� 4� 6� 3� 3¼ 3456 combinations. Section 4 will present our

experimental results.

4. Experimental results

After running the complete experiment, we used ANOVA for FD and NFD production to

identify significant factors. We will concentrate our discussion on the main effects andinteractions involving policy factors.

4.1 Experimental results for FD production

Figures 2 to 4 illustrate the significant interactions between system attributes and policy

for FD production rate. In Figure 2, note that with 0% downtime (no failure), FD

production under RO is marginally higher than RO4 and NHCþBA. As the percentdowntime increases, RO is outperformed by RO4 and NHCþBA significantly, which

indicates that robust control enables higher FD production. When the percent downtime is

less than 30%, RO4 enables higher FD production than NHCþBA, while NHCþBA

enables higher production when percent downtime exceeds 30%. Figure 3 illustrates

the interaction between policy and failure cycle. In this case, we see that FD production

under RO is dominated by FD production under the other two policies, again reflecting

the advantages of robust control. With a short failure cycle, RO4 enables a better FD

production rate, and, with a longer failure cycle, NHCþBA is a better choice to enhance

FD production.These results can be explained as follows. Resource failures cause blocking that can

propagate to stall production in large portions of the system. RO does not consider robust

supervision under resource failures, and thus when resources fail, the whole system can

stall. RO4 guarantees continuous production under single resource failure but cannot

handle multiple resource failures. Thus, when multiple resources fail, RO4 may notprevent the propagation of blocking due to resource failures. NHCþBA guarantees

continuous production under multiple resource failures and thus will avoid propagation of

blocking due to resource failures regardless of the number of resources that are in a failed

state. Thus, NHCþBA will allow better FD production rates when the likelihood

Table 1. A summary of experimental factors.

Factor Levels

Buffer size of NFD 2, 4, 12, 40Buffer size of PFD 3, 6, 18, 60Buffer size of FD 2, 4, 12, 40Percentage downtime 0%, 10%, 30%, 50%, 70%, 90%Failure cycle 60min, 600min, 6000minPolicy RO, RO4, NHCþBA

6506 S. Wang et al.

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

of simultaneous failures is high (that is, when percent downtime is higher and failure cyclesare longer). When percent downtime is smaller and failure cycles are shorter,the likelihood of simultaneous resource failures is smaller, and RO4 enables better FDproduction since it permits greater FD work-in-process in the system. When there is nofailure in the system, FD production rate is higher under RO, since RO places lessrestriction on the number of FD parts allowed in the system, while guaranteeinga deadlock-free operation.

Figure 4 illustrates the interaction between the buffer sizes of resources (NFD, PFDand FD) and policy. From the ANOVA results, the buffer size of NFD resources is nota significant factor. Thus, we only examine the interactions between the buffer sizesof PFD and FD resources against the different control polices. One result is thatFD production under RO is almost always dominated by that under other policies,except when both PFD and FD buffer sizes are low (buffer sizes of 3 and 2 respectively).

0.90.70.50.30.10.0

14000

12000

10000

8000

6000

4000

2000

Downtime %

F1D

par

ts p

rodu

ced

NHCBARORO4

Policy

Data means

Figure 2. Interaction plot (policy vs. percent downtime) for FD production.

6000 min600 min60 min

9500

9000

8500

8000

7500

7000

6500

6000

5500

Failure cycle

FD

par

ts p

rodu

ced

NHCBARORO4

Policy

Data means

Figure 3. Interaction plot (policy vs. failure cycle) for FD production.

International Journal of Production Research 6507

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

We also note that NHCþBA enables higher FD production except for cases where (1) FDbuffer size is 2 (low level), (2) FD buffer size is 4 (medium level) and PFD buffer size is 18or 60 (high level and extremely high level), and (3) FD buffer size is 12 (high level) andPFD buffer size is 60 (extremely high level).

To understand this, recall that NHCþBA restricts the number of FD parts so that theycan be absorbed into the buffer space of FD resources in case of system failure. Thus,when FD is low, NHCþBA will severely restrict the number of FD parts in the system. Onthe other hand, RO4 allows more FD parts in the system by allowing them to bedistributed throughout the buffer space of both FD and PFD resources in case ofa resource failure. Thus, the combination of larger PFD buffer size and smaller FD makesRO4 the better choice. In terms of the ratios defined earlier, when the PFD ratio is highand the RU and (FD�RU) ratios are low, RO4 enables higher FD production thanNHCþBA.

On a practical note, if the system is given along with failure characteristic of unreliableresources and FD production is desired, the choice of supervisory controllers should bebased on the above-mentioned criteria. If the objective is to design a system to achievehigher FD production with a pre-selected control policy, then the corresponding PFD andFD ratios should be adjusted to reach the production goal.

4.2 Experimental results for NFD production

Figures 5 to 7 illustrate the important interactions between system attributes and policy forNFD production rate. In Figures 5 and 6, NHCþBA enables higher NFD productionthan RO or RO4, especially if the likelihood of simultaneous resource failures increases(as percent downtime and failure cycle increase). Further, Figure 7 indicates thatNHCþBA supports significantly higher NFD production for all levels of NFD, PFD, andFD buffer space. These results are due to the fact that RO4 uses PFD buffer spaceto manage the distribution of FD parts during a failure, which restricts the amount ofNFD work-in-process that the system can carry. This is true regardless of system failurecharacteristics.

601863

1200011000100009000800070006000500040003000

601863

2

3 6 18 60 3 6 18 60

Buffer size of PFD

FD

par

ts p

rodu

ced

4 12 40

RORO4NHCBA

Policy

Panel variable: buffer size of FD

Figure 4. Interaction plot (policy vs. system structure) for FD production.

6508 S. Wang et al.

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

In a few cases, under single resource failure, RO4 is the preferable policy for NFDproduction. This happens when (1) PFD ratio is low and (2) PFD ratio is not at low level,but greater than the higher value of RU and (FD�RU) ratios. The higher NFDproduction under RO4 can be explained by the less restrictive nature of distributing parts(both FD and NFD parts) along its respective routes under RO4 policy. Compared withRO4, NHCþBA has a more restrictive part advancing strategy, in which every NFD parthas to find a sequence of advancing out of the system under Banker’s algorithm. WhenPFD ratio is low or RU and (FD-RU) ratios are less than PFD ratio (at its medium, high,or extremely high level), NHCþBA places more restrictions on the number of NFD partsallowed in the system than other system settings, thus resulting in a decreased NFDthroughput and making RO4 a more desirable policy.

In summary, if NFD production is desired, we should choose NHCþBA. In thefollowing section, we use the experimental results and observations given above to develop

0.90.70.50.30.10.0

25000

20000

15000

10000

5000

0

Downtime %

NF

D p

arts

pro

duce

d

NHCBARORO4

Policy

Data means

Figure 5. Interaction plot (policy vs. percent downtime) for NFD production.

6000 min600 min60 min

26000

24000

22000

20000

18000

16000

14000

12000

10000

Failure cycle

NF

D p

arts

pro

duce

d

NHCBARORO4

Policy

Data means

Figure 6. Interaction plot (policy vs. failure cycle) for NFD production.

International Journal of Production Research 6509

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

a set of implementation guidelines that uses the system’s configuration and performanceobjectives to determine the best policy choice.

5. Implementation guidelines

In the first part of this section, we create an implementation table which providesguidelines for control policy selection. Then, we verify the guidelines using seven randomlygenerated experimental systems.

5.1 Guideline table

In this section, we develop an implementation table (Tables 2(a)–2(d)) that allows us tochoose the best control policy based on system characteristics and objectives.Tables 2(a)–2(d) are constructed using the experimental results and observations fromthe previous section. To apply Tables 2(a)–2(d), we first compute the four buffer spaceratios {NFD, PFD, RU, (FD�RU)} and determine the system failure characteristics (thatis, determine how likely it is that multiple resources will be failed simultaneously). Then,using this information together with our priorities for FD, NFD, or overall production, wefind the appropriate cell and apply the policy given there.

5.2 Guideline verification

As mentioned above, Tables 2(a)–2(d) are constructed based on the experimental resultsdeveloped using the system of Figure 1. As the systems have different operating dynamicsand part interactions, we want to verify that Tables 2(a)–2(d) will be valid for other

4012

42 401242

2400016000

800024000160008000

24000160008000

401242 401242

24000160008000

2, 3

Buffer size for NFD

NF

D p

arts

pro

duce

d

4 ,3

12, 3

40, 3

2, 6

4, 6

12, 6

40, 6

2, 18

4, 18

12, 18

40, 18

2, 60

4, 60

12, 60

40, 60

1

4

RORO4NHCBA

Policy

Panel variables: buffer size for FD, buffer size for PFD

Figure 7. Interaction plot (policy vs. system structure) for NFD production.

6510 S. Wang et al.

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

Table

2(a).

Implementationguidelinetable.

Failure

characteristics

Ratios

Single

failure

Sim

ultaneousfailure

NFD

PFD

RU

FD

FD

production

NFD

production

Total

production

FD

production

NFD

production

Total

production

Low

Low

Low

Low

RO

RO

RO

RO

NHCþBA

NHCþBA

Low

Low

Low

Medium

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Low

Low

High

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Low

Low

Extrem

eyHigh

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Low

Medium

Low

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Low

Medium

Medium

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Low

Medium

High

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Low

Medium

Extrem

eyHigh

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Low

High

Low

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Low

High

Medium

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Low

High

High

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Low

High

Extrem

eyHigh

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Low

Extrem

elyHigh

Low

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Low

Extrem

elyHigh

Medium

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Low

Extrem

elyHigh

High

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Low

Extrem

elyHigh

Extrem

elyHigh

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Medium

Low

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Low

Medium

Low

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Medium

Low

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Medium

Low

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Medium

Medium

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Medium

Medium

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Medium

Medium

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Medium

Medium

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Medium

High

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Medium

High

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Medium

High

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

(continued

)

International Journal of Production Research 6511

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

Table

2(a).

Continued.

Failure

characteristics

Ratios

Single

failure

Sim

ultaneousfailure

NFD

PFD

RU

FD

FD

production

NFD

production

Total

production

FD

production

NFD

production

Total

production

Low

Medium

High

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Medium

Extrem

elyHigh

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Medium

Extrem

elyHigh

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Medium

Extrem

elyHigh

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Medium

Extrem

elyHigh

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

High

Low

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Low

High

Low

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Low

High

Low

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

High

Low

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

High

Medium

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Low

High

Medium

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Low

High

Medium

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

High

Medium

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

High

High

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

High

High

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

High

High

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

High

High

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

High

Extrem

elyHigh

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

6512 S. Wang et al.

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

Low

High

Extrem

elyHigh

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

High

Extrem

elyHigh

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

High

Extrem

elyHigh

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Extrem

elyHigh

Low

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Low

Extrem

elyHigh

Low

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Low

Extrem

elyHigh

Low

High

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Low

Extrem

elyHigh

Low

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Extrem

elyHigh

Medium

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Low

Extrem

elyHigh

Medium

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Low

Extrem

elyHigh

Medium

High

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Low

Extrem

elyHigh

Medium

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Extrem

elyHigh

High

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Low

Extrem

elyHigh

High

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Low

Extrem

elyHigh

High

High

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Low

Extrem

elyHigh

High

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Extrem

elyHigh

Extrem

elyHigh

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Extrem

elyHigh

Extrem

elyHigh

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Extrem

elyHigh

Extrem

elyHigh

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Low

Extrem

elyHigh

Extrem

elyHigh

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

International Journal of Production Research 6513

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

Table

2(b).

Implementationguidelinetable

(continued).

Failure

characteristics

Ratios

Single

failure

Sim

ultaneousfailure

NFD

PFD

RU

FD

FD

production

NFD

production

Total

production

FD

production

NFD

production

Total

production

Medium

Low

Low

Low

RO

RO

RO

RO

NHCþBA

NHCþBA

Medium

Low

Low

Medium

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Low

Low

High

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Low

Low

Extrem

eyHigh

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Low

Medium

Low

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Low

Medium

Medium

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Low

Medium

High

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Low

Medium

Extrem

eyHigh

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Low

High

Low

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Low

High

Medium

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Low

High

High

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Low

High

Extrem

eyHigh

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Low

Extrem

elyHigh

Low

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Low

Extrem

elyHigh

Medium

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Low

Extrem

elyHigh

High

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Low

Extrem

elyHigh

Extrem

elyHigh

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Medium

Low

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Medium

Medium

Low

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Medium

Low

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Medium

Low

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Medium

Medium

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Medium

Medium

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Medium

Medium

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Medium

Medium

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Medium

High

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Medium

High

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Medium

High

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Medium

High

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

6514 S. Wang et al.

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

Medium

Medium

Extrem

elyHigh

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Medium

Extrem

elyHigh

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Medium

Extrem

elyHigh

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Medium

Extrem

elyHigh

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

High

Low

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Medium

High

Low

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Medium

High

Low

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

High

Low

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

High

Medium

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Medium

High

Medium

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Medium

High

Medium

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

High

Medium

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

High

High

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

High

High

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

High

High

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

High

High

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

High

Extrem

elyHigh

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

High

Extrem

elyHigh

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

High

Extrem

elyHigh

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

High

Extrem

elyHigh

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Extrem

elyHigh

Low

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Medium

Extrem

elyHigh

Low

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Medium

Extrem

elyHigh

Low

High

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Medium

Extrem

elyHigh

Low

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Extrem

elyHigh

Medium

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Medium

Extrem

elyHigh

Medium

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Medium

Extrem

elyHigh

Medium

High

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Medium

Extrem

elyHigh

Medium

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Extrem

elyHigh

High

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Medium

Extrem

elyHigh

High

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Medium

Extrem

elyHigh

High

High

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Medium

Extrem

elyHigh

High

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Extrem

elyHigh

Extrem

elyHigh

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Extrem

elyHigh

Extrem

elyHigh

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Extrem

elyHigh

Extrem

elyHigh

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Medium

Extrem

elyHigh

Extrem

elyHigh

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

International Journal of Production Research 6515

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

Table

2(c).

Implementationguidelinetable

(continued).

Failure

characteristics

Ratios

Single

failure

Sim

ultaneousfailure

NFD

PFD

RU

FD

FD

production

NFD

production

Total

production

FD

production

NFD

production

Total

production

High

Low

Low

Low

RO

RO

RO

RO

NHCþBA

NHCþBA

High

Low

Low

Medium

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Low

Low

High

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Low

Low

Extrem

eyHigh

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Low

Medium

Low

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Low

Medium

Medium

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Low

Medium

High

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Low

Medium

Extrem

eyHigh

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Low

High

Low

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Low

High

Medium

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Low

High

High

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Low

High

Extrem

eyHigh

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Low

Extrem

elyHigh

Low

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Low

Extrem

elyHigh

Medium

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Low

Extrem

elyHigh

High

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Low

Extrem

elyHigh

Extrem

elyHigh

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Medium

Low

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

High

Medium

Low

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Medium

Low

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Medium

Low

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Medium

Medium

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Medium

Medium

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Medium

Medium

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Medium

Medium

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Medium

High

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Medium

High

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Medium

High

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Medium

High

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

6516 S. Wang et al.

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

High

Medium

Extrem

elyHigh

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Medium

Extrem

elyHigh

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Medium

Extrem

elyHigh

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Medium

Extrem

elyHigh

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

High

Low

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

High

High

Low

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

High

High

Low

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

High

Low

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

High

Medium

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

High

High

Medium

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

High

High

Medium

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

High

Medium

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

High

High

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

High

High

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

High

High

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

High

High

Extrem

eyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

High

Extrem

elyHigh

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

High

Extrem

elyHigh

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

High

Extrem

elyHigh

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

High

Extrem

elyHigh

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Extrem

elyHigh

Low

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

High

Extrem

elyHigh

Low

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

High

Extrem

elyHigh

Low

High

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

High

Extrem

elyHigh

Low

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Extrem

elyHigh

Medium

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

High

Extrem

elyHigh

Medium

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

High

Extrem

elyHigh

Medium

High

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

High

Extrem

elyHigh

Medium

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Extrem

elyHigh

High

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

High

Extrem

elyHigh

High

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

High

Extrem

elyHigh

High

High

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

High

Extrem

elyHigh

High

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Extrem

elyHigh

Extrem

elyHigh

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Extrem

elyHigh

Extrem

elyHigh

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Extrem

elyHigh

Extrem

elyHigh

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

High

Extrem

elyHigh

Extrem

elyHigh

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

International Journal of Production Research 6517

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

Table

2(d).

Implementationguidelinetable

(continued).

Failure

characteristics

Ratios

Single

failure

Sim

ultaneousfailure

NFD

PFD

RU

FD

FD

production

NFD

production

Total

production

FD

production

NFD

production

Total

production

Extrem

elyHigh

Low

Low

Low

RO

RO

RO

RO

NHCþBA

NHCþBA

Extrem

elyHigh

Low

Low

Medium

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Low

Low

High

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Low

Low

Extrem

elyHigh

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Low

Medium

Low

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Low

Medium

Medium

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Low

Medium

High

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Low

Medium

Extrem

elyHigh

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Low

High

Low

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Low

High

Medium

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Low

High

High

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Low

High

Extrem

elyHigh

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Low

Extrem

elyHigh

Low

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Low

Extrem

elyHigh

Medium

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Low

Extrem

elyHigh

High

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Low

Extrem

elyHigh

Extrem

elyHigh

NHCþBA

RO4

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Medium

Low

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Extrem

elyHigh

Medium

Low

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Medium

Low

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Medium

Low

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Medium

Medium

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Medium

Medium

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Medium

Medium

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Medium

Medium

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Medium

High

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Medium

High

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Medium

High

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Medium

High

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Medium

Extrem

elyHigh

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

6518 S. Wang et al.

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

Extrem

elyHigh

Medium

Extrem

elyHigh

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Medium

Extrem

elyHigh

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Medium

Extrem

elyHigh

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

High

Low

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Extrem

elyHigh

High

Low

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Extrem

elyHigh

High

Low

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

High

Low

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

High

Medium

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Extrem

elyHigh

High

Medium

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Extrem

elyHigh

High

Medium

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

High

Medium

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

High

High

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

High

High

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

High

High

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

High

High

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

High

Extrem

elyHigh

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

High

Extrem

elyHigh

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

High

Extrem

elyHigh

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

High

Extrem

elyHigh

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Extrem

elyHigh

Low

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Extrem

elyHigh

Extrem

elyHigh

Low

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Extrem

elyHigh

Extrem

elyHigh

Low

High

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Extrem

elyHigh

Extrem

elyHigh

Low

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Extrem

elyHigh

Medium

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Extrem

elyHigh

Extrem

elyHigh

Medium

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Extrem

elyHigh

Extrem

elyHigh

Medium

High

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Extrem

elyHigh

Extrem

elyHigh

Medium

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Extrem

elyHigh

High

Low

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Extrem

elyHigh

Extrem

elyHigh

High

Medium

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Extrem

elyHigh

Extrem

elyHigh

High

High

RO4

RO4

RO4

RO4

NHCþBA

NHCþBA

Extrem

elyHigh

Extrem

elyHigh

High

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Extrem

elyHigh

Extrem

elyHigh

Low

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Extrem

elyHigh

Extrem

elyHigh

Medium

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Extrem

elyHigh

Extrem

elyHigh

High

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

Extrem

elyHigh

Extrem

elyHigh

Extrem

elyHigh

Extrem

elyHigh

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

NHCþBA

International Journal of Production Research 6519

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

complex systems. In order to test the validity of the implementation guidelines, we firstrandomly generated seven complex systems. Subsequently, we performed seven validationexperiments using the generated systems. The design of these validation experiments is thesame as in the original experiment of Section 3. The experiment run time is 1000 hourswith three replications for each design point.

The first two systems are presented in Figures 8 and 9. For the sake of limited space,the system structures of all the seven systems are summarised in Table 3. Table 4 presents

r2

r4

r1

P1

P3

P4

P7

P8

r3

r5 r6

P5 P6P2

Figure 9. Example system 2 for verification experiment.

P1

P2

P3P4

r1 r2 r3

r4 r5

r6

r7 r8

P5 P6

Figure 8. Example system 1 for verification experiment.

6520 S. Wang et al.

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

Table

3.Verificationsystem

structures.

VerificationSystem

1VerificationSystem

2VerificationSystem

3VerificationSystem

4

Unreliable

resources

{r4,r

6,r

8}

{r1,r

6}

{r2,r

4,r

5,r

7,r

8,r

9,r

12,r

13}

{r1,r

5}

Reliable

resources

{r1,r

2,r

3,r

5,r

7}

{r2,r

3,r

4,r

5}

{r1,r

3,r

6,r

10,r

11}

{r2,r

3,r

4,r

6}

#ofpart

types

68

15

6

Productionroutes

T1¼hr1,r

2,r

3i

T1¼hr

4,r

5,r

2i

T1¼hr4,r

11,r

6i

T1¼hr

2,r

3,r

2,r

6,r

4,r

5,r

4,r

5i

T2¼hr2,r

5,r

4,r

3i

T2¼hr

2,r

5,r

4i

T2¼hr3,r

13,r

6,r

10i

T2¼hr

3,r

5,r

2,r

4,r

2,r

4i

T3¼hr5,r

7,r

8i

T3¼hr

5,r

2,r

3i

T3¼hr4,r

10,r

6,r

3,r

4,r

1,r

11,r

1,r

3i

T3¼hr

5,r

3,r

4,r

6,r

5,r

4,r

3i

T4¼hr5,r

6,r

3i

T4¼hr

3,r

2,r

5i

T4¼hr10,r

3,r

2,r

1,r

6,r

11,r

6,r

1,r

6,

r 1,r

6,r

10,r

6,r

3i

T4¼hr

2,r

1,r

6,r

2,r

4i

T5¼hr3,r

2,r

1i

T5¼hr

2,r

1,r

4i

T5¼hr11,r

2,r

1,r

11,r

10,r

3,r

10,r

3,

r 11,r

1,r

11,r

1,r

11,r

1,r

10i

T5¼hr

4,r

1,r

3,r

1,r

6,

r 3,r

4,r

3,r

6,r

3i

T6¼hr3,r

1i

T6¼hr

2,r

3,r

6i

T6¼hr2,r

10,r

11,r

3,r

6,r

3i

T6¼hr

1,r

4,r

1,r

4,r

1i

T7¼hr

5,r

6,r

3i

T7¼hr10,r

11,r

8,r

3,r

11,r

10,r

1,r

3,r

6,r

8i

T8¼hr

5,r

2,r

1i

T8¼hr13,r

1i

T9¼hr1,r

5,r

10,r

1,r

6,r

5,r

10,r

6,r

11i

T10¼hr

5,r

11,r

3,r

6,r

1,r

6,r

3i

T11¼hr

12,r

6,r

12,r

10,r

6,r

1,r

3,r

10,

r 11,r

10,r

11,r

10i

T12¼hr

2,r

10i

T13¼hr

12,r

11,r

3,r

10,r

11,r

6,r

1,r

6,

r 12,r

1,r

6,r

12,r

6,r

12i

T14¼hr

10,r

2,r

1,r

2,r

6,r

3,r

1,r

6,

r 10,r

3,r

2,r

6,r

3i

T15¼hr

7,r

6,r

11,r

10,r

3,r

11,r

10i

(continued

)

International Journal of Production Research 6521

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

Table

3.Continued.

VerificationSystem

5VerificationSystem

6VerificationSystem

7

Unreliable

resources

{r2,r

5,r

6,r

8,r

9}

{r2,r

8}

{r3,r

4,r

7,r

9,r

11,r

14}

Reliable

resources

{r1,r

3,r

4,r

7,r

10,r

11}

{r1,r

3,r

4,r

5,r

6,r

7,r

9,r

10}

{r1,r

2,r

5,r

6,r

8,r

10,r

12,r

13,r

15,r

16,r

17}

#ofpart

types

910

8

Productionroutes

T1¼hr1,r

2,r

10,r

1i

T1¼hr8i

T1¼hr

13,r

12,r

5,r

11,r

10i

T2¼hr9,r

11,r

3,r

11,r

7,

r 3,r

11,r

10,r

7i

T2¼hr5,r

7,r

8,r

10,r

3,r

10,

r 9,r

7,r

5,r

9,r

6,r

5,r

1i

T2¼hr

15,r

8,r

6,r

12,r

4,r

6,r

2,r

1,r

12,r

4,

r 2,r

15,r

13,r

16i

T3¼hr4i

T3¼hr7i

T3¼hr

6,r

16,r

17,r

4,r

17,r

10,r

4,r

5,r

16,

r 10,r

16,r

6i

T4¼hr10i

T4¼hr6,r

10,r

4,r

2i

T4¼hr

1,r

13,r

17,r

16,r

7,r

12,r

6,r

12,r

10,

r 15,r

17,r

13,r

15i

T5¼hr6,r

4,r

1,r

11,r

3,r

11,r

4i

T5¼hr1,r

10,r

5,r

7,r

4,r

6,

r 4,r

6,r

2,r

3,r

7i

T5¼hr

9,r

16,r

17,r

1,r

9,r

12,r

10i

T6¼hr7,r

5,r

3,r

11,r

1i

T6¼hr3,r

6,r

3,r

10,r

1,r

4i

T6¼hr

17,r

5,r

12,r

13,r

2,r

12,r

8,r

12,

r 17,r

10,r

6,r

17,r

7,r

12,r

8i

T7¼hr5,r

1,r

4,r

1,r

4,r

3,

r 4,r

10,r

3,r

1i

T7¼hrl0,r

1i

T7¼hr

3i

T8¼hr11,r

6,r

3,r

4,r

11,r

4,

r 3,r

7,r

1,r

4,r

11,r

10i

T8¼hr4,r

3,r

6,r

8,r

9i

T8¼hr

6,r4,r

10,r

6,r

10,r

8,r

5,r

12,r

13,

r 10,r

17,r

16i

T9¼hr8,r

3,r

7,r

4,r

3,r

11,r

3i

T9¼hr1,r

5i

T10¼hr

7,r

2,r

9,r

1,r

5,r

10,r

3,

r 4,r

3,r

5,r

1,r

9,r

3,r

1i

6522 S. Wang et al.

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

the verification results. For a specific system setting and failure characteristic, we collectthe data for each performance measure (FD, NFD, and total parts produced) underspecific control policies, and choose the policy which returns the highest production rate.Then, we compare this selected policy with the policy in the corresponding cell ofthe implementation guidelines tables, Tables 2(a)–2(d). Finally, we count the number ofmatched policies and get the percentage of agreement. Due to their special structures,some verification systems have no (FD�RU) resources or NFD resources, which makethe (FD�RU) ratio or NFD ratio zero. Consequently, the scenarios of some of theverification experiments correspond to a subset of the cells in the guidelines table.

Examining the verification results in Table 4, we find that the example systems 1�7match the guidelines table in terms of policy selection with 88.02% to 94.53% agreement.These results support our belief that Tables 2(a)–2(d) are applicable for policy choice forgeneral systems.

6. Conclusion

We conducted a simulation study on system performance under three supervisorycontrollers, RO, NHCþBA and RO4. We identified four system ratios, which can be usedto describe the buffer space system structure. Using these ratios, system failurecharacteristics, and performance objectives, we developed a policy selection guidelinetable that indicates which of the policies is best for a given system configuration.We validated these implementation guidelines by conducting a simulation study of sevenrandomly generated manufacturing systems. The verification results substantiated theproposed guidelines. Future research will address robust supervisors for systems withflexible routing and for systems where the failure characteristics of resources aredynamically evolving and can be estimated through sensor monitoring and degradationmodelling. Additional research will address comparing and unifying this work withdifferent perspectives on robust control such as those presented by Hsieh (2003, 2004) andYalcin (2004).

References

Chew, S. and Lawley, M., 2006. Robust supervisory control for production systems with multiple

resource failures. IEEE Transactions on Automation and Science Engineering, 3 (3), 309–323.

Table 4. Verification result.

Verificationsystem

Percentageof scenarios

Percentage of matchedpolicy selections

Agreement with implementationguideline table

1 1536 1416 92.19%2 1536 1452 94.53%3 96 90 93.75%4 96 87 90.63%5 384 345 89.84%6 384 338 88.02%7 96 90 93.75%

International Journal of Production Research 6523

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014

Chew, S., Wang. S., and Lawley, M., 2008. Robust supervisory control for product routings withmultiple unreliable resources. IEEE Transactions on Automation Science and Engineering,in press.

Fanti, M. and Zhou, M., 2004. Deadlock control methods in automated manufacturing systems.

IEEE Transactions on Systems, Man and Cybernetics, Part A, 34 (1), 5–22.Hsieh, F., 2003. Robustness of deadlock avoidance algorithms for sequential processes. Automatica,

3 (10), 1695–1706.

Hsieh, F., 2004. Fault-tolerant deadlock avoidance algorithm for assembly processes. IEEETransactions on Systems, Man, and Cybernetics, Part A, 34 (1), 65–79.

Lawley, M., Reveliotis, S., and Ferreira, P., 1998. A correct and scalable deadlock avoidance

policy for flexible manufacturing systems. IEEE Transactions on Robotics and Automation, 14,796–809.

Lawley, M., Reveliotis, S., and Ferreira, P., 1998. Application and evaluation of Banker’s algorithm

for deadlock-free buffer space allocation in flexible manufacturing systems. InternationalJournal of Flexible Manufacturing Systems, 10, 73–100.

Lawley, M., 2002. Control of deadlock and blocking for production systems with unreliableresources. International Journal of Production Research, 40, 4563–4582.

Lawley, M. and Sulistyono, W., 2002. Robust supervisory control policies for manufacturingsystems with unreliable resources. IEEE Transactions on Robotics and Automation, 18,346–359.

Wang, S., Chew, S., and Lawley, M., 2008. Using shared resource capacity for robust control offailure prone manufacturing systems. IEEE Transactions on Systems, Man, and Cybernetics,Part A, 38, 605–627.

Yalcin, A., 2004. Supervisory control of automated manufacturing cells with resource failures.Robotics and Computer-Integrated Manufacturing, 20 (2), 111–119.

6524 S. Wang et al.

Dow

nloa

ded

by [

Car

negi

e M

ello

n U

nive

rsity

] at

02:

30 0

9 N

ovem

ber

2014