Elsevier

Automatica

Volume 101, March 2019, Pages 354-364
Automatica

Codiagnosability of discrete event systems revisited: A new necessary and sufficient condition and its applications

https://doi.org/10.1016/j.automatica.2018.12.013Get rights and content

Abstract

It has been argued for some time now, based on classroom, textbook and practical examples that the size of verifiers and diagnosers is comparable. This belief has been corroborated by a recent paper, where it is conjectured, based on a rigorous statistical analysis, that the size of the states of diagnosers is Θ(n0.77logk+0.63), on the average, where k (resp. n) is the number of events (resp. states) of the plant automaton. However, there is another difficulty that hampers the use of diagnosers in diagnosability verification: the search for cycle, which has been proved to be factorial. We present, in this paper, a necessary and sufficient condition for a language codiagnosability of DES and, based on this condition, we propose a new test for its verification that is based on a diagnoser-like automaton that has following advantages: (i) the diagnosability verification test is based on the search for strongly connected components, which is linear in the state size; (ii) it has both observable and unobservable events of the plant in its event set, and so the usual assumptions on language liveness and nonexistence of unobservable cycles of states connected with unobservable events only are no longer required, and; (iii) T-codiagnosability can be computed by adding weights associated with transitions of the plant automaton, and, as a consequence K-codiagnosability, since it is a particular case of T-codiagnosability when all weights are set equal to 1.

Introduction

In the design of a failure diagnosis system for DES, the first step is to check whether the language generated by an automaton is diagnosable, i.e., whether the system is able to diagnose the failure occurrence within a finite number of event occurrences. This verification can be done by using diagnoser (Debouk et al., 2000, Sampath et al., 1995) or verifier automata (Jiang et al., 2001, Moreira et al., 2016, Moreira et al., 2011, Qiu and Kumar, 2006, Yoo and Lafortune, 2002) for centralized and decentralized architectures. Diagnosability is closely associated with other important properties in DES as observability (Yin & Lafortune, 2015) and opacity (Lafortune, Lin, & Hadjicostis, 2018), being still an active field of research (Cassez, 2012, Ran et al., 2018, Takai and Kumar, 2017, Thorsley, 2017, Yin and Lafortune, 2015, Yin and Lafortune, 2017).

Diagnosers are automata whose states are sets formed with the states of the automaton that models the plant together with labels that indicate if the trace that has occurred so far possesses or not the fault event. Verifiers are automata built by performing a parallel composition between normal and failure behavior of the system. It is well known that diagnosers have, in the worst case, exponential complexity in the plant state-space, but has the advantage of being used for both online diagnosis and offline diagnosability verification. Verifiers, on the other hand, have, in the worst case, polynomial computational complexity in the number of the states of the automaton that generates the language (Moreira et al., 2011, Qiu and Kumar, 2006, Yoo and Lafortune, 2002), but can only be used for offline verification. Diagnosability verification using diagnosers requires the search for cycles which has factorial computation complexity (Johnson, 1975) (therefore, higher than exponential), as opposed to verifiers, which require the search for strongly connected components, which is linear in the number of automaton transitions (Cormen et al., 2009, Tarjan, 1972).

It has been argued for some time now, based on classroom, textbook and practical examples that the size of verifiers and diagnosers is comparable. In a recent paper, Clavijo and Basilio (2017) have shown, based on a rigorous statistical analysis, that the size of the states of diagnosers and verifiers is, respectively, Θ(n0.77logk+0.63) and Θ(n2), on the average, where k (resp. n) is the number of events (resp. states) of the plant automaton. Although this result is very encouraging, as far as the state sizes of diagnosers are concerned it is still necessary to tackle the complexity associated with the search for cycles. This issue has been addressed in Viana, Basilio, and Moreira (2015), who proposed a test for verification of language diagnosability of centralized DES which is based on the search for strongly connected components in a diagnoser-like automaton. Here, we extend the results by Viana et al. (2015) to decentralized diagnosability (codiagnosability) of DES, and present a necessary and sufficient condition for language codiagnosability, and, propose a new test for its verification that is based on a diagnoser-like automaton, which like the test proposed in Viana et al. (2015), requires the search for strongly connected components.

Another aspect regarding diagnosis is that liveness and nonexistence of unobservable cycles in the plant automaton are assumed for both diagnosability and codiagnosability verification using the diagnoser automata proposed in Sampath et al. (1995) and Debouk et al. (2000). This is so because the proposed diagnosability verification tests are based on diagnosers, which have only observable events in their event sets. This limitation prevents the existence of cycles of states connected only with unobservable events — this assumption has been recently removed in Carvalho, Basilio, and Moreira (2012) with the so-called hidden cycles, but the search for cycles in the plant automaton that correspond to indeterminate hidden cycles in the diagnoser is still required. The diagnoser-like automaton we propose here has both observable and unobservable events, and so, it can also deal with cycles of unobservable events only. As a consequence, we may remove the language nonliveness assumption, and, in the case of a non-live language, changing it to a live one with the same diagnoser, by adding self-loops labeled with unobservable events to the final states. As far as the authors know, this is the first time these two assumptions are removed in diagnosability verification using diagnosers.

Although the diagnosis of a failure is an important issue regarding safety of industrial automation systems, it is also important to know how much time the diagnosis system takes to detect the failure occurrence (T-diagnosability), or, in the context of untimed DES, how many events must occur after the occurrence of the failure event in order for the diagnosis system to be sure of its occurrence (K-diagnosability). Notice that the diagnoser proposed by Sampath et al. (1995) provides information on the failure occurrence based solely on observable events, and so, when diagnosers are used offline to predict the time spent to diagnose the failure, it is not possible to take into account the time interval between occurrences of observable events that have unobservable events in-between. For this reason, K-diagnosability was defined by Sampath et al. (1995) and Zaytoon and Lafortune (2013) as the number of observables events that must occur after the failure occurrence in order for the diagnoser to be sure about the failure occurrence. Since the diagnoser-like automaton we propose here has both observable and unobservable events, we will also be able to take into account unobservable event occurrences.

In summary, the main advantages of the approach proposed here are as follows: (i) it is based on the search for strongly connected components, as opposed to cycles in all previous tests using diagnosers; (ii) it does not require the usual assumptions on language liveness and non-existence of cycles of states connected with unobservable events; (iii) we can address T-codiagnosability by adding weights associated with transitions of the automaton forming therefore the so-called weighted automaton; (iv) the approach proposed here reduces to the step counting by replacing all transition weights with unity weight, and therefore, K-codiagnosability analysis becomes a particular case of T-codiagnosability. It is also important to remark that, at present, there is no verifier-based method for T-codiagnosability analysis, and so, it is worthwhile to use diagnoser automaton for that matter.

The remainder of this paper is structured as follows. In Section 2, we present a brief review of diagnosability. In Section 3, we propose a diagnoser-like automaton, and based on this automaton, we generalize the necessary and sufficient condition for diagnosability to codiagnosability, and present a diagnosability verification algorithm which relies solely on the search for strongly connected components. In Section 4, we apply the diagnoser-like automaton to compute T- and K-codiagnosability. We also present in Section 4 a comparison with previously published related works. Finally, in Section 5, we draw some conclusions. All proofs of the results presented in the paper are in the Appendix.

Section snippets

Background

Let G=(X,Σ,f,Γ,x0,Xm) denote a deterministic automaton, where X is the finite state space, Σ is the set of events, f:X×ΣX is the transition function, assumed to be partially defined in the event set, Γ is the active event function, i.e., Γ(x)={σΣ:(yX)[f(x,σ)=y]}, x0 is the initial state, and Xm is the set of marked states. We will assume that the event set is partitioned as Σ=ΣȯΣuo, where Σo (resp. Σuo) denotes the set of observable (resp. unobservable) events. The transition function,

New results on codiagnosability verification

In this section, we extend existing results on codiagnosability tests based on diagnoser automata. The motivation for proposing a new test is as follows: (a) since it is also necessary to perform a search for cycles in G, diagnosers Gd and Gtest do not carry enough information to determine if cycles of uncertain states (observed or hidden) are also indeterminate cycles; (b) the search for cycles, as pointed out in Johnson (1975), is higher than exponential in the number of states; (c) since

Applications to T- and K-codiagnosability analysis

In a decentralized architecture, codiagnosability ensures that at least one local site detects and diagnoses the failure occurrence within a bounded number of event occurrences. However, just being sure that the failure has occurred is not enough; for example, components may burn or parts may misalign before the failure occurrence is detected. So, it is important to also incorporate the time elapsed or the number of events that occurred since the failure occurrence as a performance index the

Conclusions

We have presented here a new necessary and sufficient condition for language codiagnosability, and leveraged this condition to propose a new test for verification of language codiagnosability that takes into account the time intervals due to unobservable event occurrences, does not require the usual assumptions on language liveness and nonexistence of cycles of states connected with unobservable events. In addition, the test for codiagnosability verification is based on the search for strongly

Gustavo S. Viana was born on July, 9, 1990 in Rio de Janeiro, Brazil. He received the Electrical Engineer, the M.Sc. and the D.Sc. degrees in Control from the Federal University of Rio de Janeiro, Rio de Janeiro, Brazil, in 2012, 2014 and 2018, respectively. Since 2018, he has been an Associate Professor at the Department of Electrical Engineering at the Federal University of Rio de Janeiro. His main interests are fault diagnosis of discrete-event systems, cyber–physical system security and

References (32)

  • ChoH. et al.

    Supremal and maximal sublanguages arising in supervisor synthesis problems with partial observations

    Theory of Computing Systems

    (1989)
  • ClavijoL.B. et al.

    Empirical studies in the size of diagnosers and verifiers for diagnosability analysis

    Discrete Event Dynamic Systems

    (2017)
  • CormenT.H. et al.

    Introduction to algorithms

    (2009)
  • DeboukR. et al.

    Coordinated decentralized protocols for failure diagnosis of discrete event systems

    Discrete Event Dynamic Systems: Theory and Applications

    (2000)
  • JiangS. et al.

    A polynomial algorithm for testing diagnosability of discrete-event systems

    IEEE Transactions on Automatic Control

    (2001)
  • JohnsonD.B.

    Finding all the elementary circuits of a directed graph

    SIAM Journal on Computing

    (1975)
  • Cited by (32)

    • Disjunctive fault prediction of decentralized discrete event systems: Verification, predictor design and K-copredictability

      2023, Automatica
      Citation Excerpt :

      In this section, we address the problem of copredictability verification for regular languages and, to this end, we propose two different verification strategies: (i) the first one that deploys the test automaton proposed by Viana and Basilio (2019); (ii) the second strategy that is based on the verifier proposed by Moreira et al. (2011). As in Viana and Basilio (2019), we leverage here the test automaton feature for revealing hidden cycles to propose a copredictability verification algorithm (1). Based on 1 and Remark 1, we present a necessary and sufficient conditions for copredictability verification by using the diagnoser-like test automaton.

    • Robust decentralized diagnosability of networked discrete event systems against DoS and deception attacks

      2022, Nonlinear Analysis: Hybrid Systems
      Citation Excerpt :

      The verification of codiagnosability can be carried out using test diagnosers [18,27]. The procedure proposed by Viana and Basilio [27] has advantages over that proposed by Debouk et al. [18], namely it does not require the assumption on the non-existence of cycles of states connected with unobservable events only, and, additionally, it searches for nontrivial strongly connected components, instead of cycles. [27]

    View all citing articles on Scopus

    Gustavo S. Viana was born on July, 9, 1990 in Rio de Janeiro, Brazil. He received the Electrical Engineer, the M.Sc. and the D.Sc. degrees in Control from the Federal University of Rio de Janeiro, Rio de Janeiro, Brazil, in 2012, 2014 and 2018, respectively. Since 2018, he has been an Associate Professor at the Department of Electrical Engineering at the Federal University of Rio de Janeiro. His main interests are fault diagnosis of discrete-event systems, cyber–physical system security and industry 4.0.

    João C. Basilio was born on March 15, 1962 in Juiz de Fora, Brazil. He received the Electrical Engineering degree in 1986 from the Federal University of Juiz de Fora, Juiz de Fora, Brazil, the M.Sc. degree in Control from the Military Institute of Engineering, Rio de Janeiro, Brazil, in 1989, and the Ph.D. degree in Control from Oxford University, Oxford, U.K., in 1995. He began his career in 1990 as an Assistant Professor at the Department of Electrical Engineering of the Federal University of Rio de Janeiro, Rio de Janeiro, Brazil, where he is currently a Full Professor in Control. He was the Dean of Polytechnic School of UFRJ from 2014 to 2018. From September, 2007, to December, 2008, he spent a sabbatical leave at the University of Michigan, Ann Arbor, and was an Invited Professor of École Centrale of Lille, University of Lille, France, during September, 2016, and November/December, 2018. His current interests are fault diagnosis, opacity, and supervisory control of discrete-event systems, from both, the theoretical and application points of view. Prof. Basilio is the recipient of the Correia Lima Medal.

    This work has been supported in part by the Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES), Finance Code 001, and the Brazilian Research Council (CNPq) , grant number 309652/2017-0. The material in this paper was partially presented at the 2015 American Control Conference, July 1-3, 2015, Chicago, IL, USA. This paper was recommended for publication in revised form by Associate Editor Rong Su under the direction of Editor Christos G. Cassandras.

    View full text