A multiple-fault diagnoser based on coverability and invariants

Proceedings of the 14th IFAC Symposium on Information Control Problems in Manufacturing Bucharest, Romania, May 23-25, 2012

A multiple-fault diagnoser based on coverability and invariants Imtiez Fliss* and Moncef Tagina* 

*SOIE Laboratory, National School of Computer Sciences, University Campus of Manouba, 2010 La Manouba, University of Tunis, Tunisia; e-mails:{Imtiez.Fliss, Moncef.Tagina}@ensi.rnu.tn . Abstract: In this paper, a novel approach to diagnose multiple faults in case of Discrete Event Systems (DES) modeled by Petri nets is presented. The proposed multiple faults diagnoser consists in combining the use of coverability and invariant (T-invariant and P-invariant) notions in order to check the system state. The considered system faults are those affecting both places and transitions. To test the effectiveness of the proposed approach, a diagnosis benchmark: the three- tank hydraulic system is taken as an example. Keywords: Multiple faults diagnosis; Petri Nets; Discrete-Event Systems (DES); Coverability; TInvariants; P-invariant. 

1.

INTRODUCTION

This paper addresses the problem of model-based-diagnosis of discrete-event systems that represent a class of dynamic systems, which evolution is characterized by asynchronous occurrences of discrete events. The complexity of these systems is important. This complexity can make faults appear very often. Discrete event systems could be modelled by several tools: GRAFCET, state charts, finite state automata, Petri Nets, etc. Petri Nets are particularly useful as they are intuitive graphical modelling language and advanced formal analysis method. Nowadays, they are considered as one of the main formalisms for modelling, analysis and control of discrete event systems (DES). Thus, we consider, in this paper, Petri Nets for modelling and diagnosis purposes. Diagnosis is the process of detecting an abnormality in the system behaviour and isolating the cause or the source of this abnormality. This process should also take into account the possibility of simultaneous occurrence of multiple faults. Within discrete event systems context, a fault is either modelled as the result of the execution of one or more events, or it is modelled as the reachability of a failure state or by combining the two models considering both event and state faults. In case of Petri nets models, the model-based diagnosis problem can be reformulated as a reachability problem. In this case, reachability graphs or algebraic analysis techniques, known also as invariant analysis can be used to solve it (Portinale, 1996). In this context, we extend our previous work (Fliss and Tagina, 2011) in which a multiple faults diagnosis approach is proposed. In such a work, the diagnosis scheme is based on the reasoning on what we have called a diagnosis coverability tree and invariants notions. The construction of the diagnosis

978-3-902661-98-2/12/$20.00 © 2012 IFAC

coverability tree is based on Karp and Miller (Karp and Millet, 1969) algorithm. The previous approach is efficient to diagnose multiple faults (Fliss and Tagina, 2011). However, the generated Coverability trees are generally big even for small nets. They cause consequently, a storage complexity problem (Ganty et al., 2009). Thus, we introduce in this paper a solution to solve the problems of diagnosis of multiple faults in discrete±event systems modelled by Petri nets and the storage complexity presented in our previous work. In this context, we refer to (Geeraerts et al., 2007) and (Geeraerts et al., 2010) to generate coverability sets instead of coverability trees. The novel proposed approach consists in diagnosing multiple transitions and places faults. It defines a system state vector announcing for each component (either transition or place) if it is faulty or not. The system state vector is the result of reasoning on the coverability sets combined to algebraic analysis techniques (T-invariants and P-invariants). To illustrate the applicability of the proposed approach and to test its effectiveness, a diagnosis benchmark is used: the three-tank hydraulic system. The remainder of this paper is organized as follows: section 2 outlines briefly some notions and notations related to Petri nets. In the third section, we recall a state of art of fault diagnosis approaches; then, we introduce in the fourth section the original approach we propose. The fifth section presents and discusses the simulation results we get. Finally, some concluding remarks are made. 2.

BACKGROUNDS

This section outlines briefly some basic definitions on which we will relay throughout the paper. An interested reader can find more details in (Murata, 1989), (Geeraerts et al., 2007) and (Geeraerts et al., 2010).

254

10.3182/20120523-3-RO-2023.00158

INCOM 2012, May 23-25, 2012 Bucharest, Romania

2.1. Petri nets analysis methods There are three main methods for analyzing a Petri net: the coverability (reachability) computation method, linear algebra methods, and reduction techniques. According to (Portinale, 1996) the first two methods namely: coverability method and algebraic analysis (particularly the computation of invariants of the net models) are very suitable to solve diagnosis problem. As we focus in this paper in diagnosing system faults, those two methods will be presented. 2.2. Coverability According to (Murata, 1989), a marking M in a Petri net (N, 0  LV WR VDLG FRYHUDEOH LI WKHUH H[LVWV D PDUNLQJ 0¶ LQ 5 0 VXFKWKDW0¶S ! 0S IRUHDFKSLQWKHQHW Knowing that R (M0) or also called R (N, M0) denotes the set of all possible markings reachable from M0 in net (N, M0). For a bounded Petri net, the coverability tree is called a reachability tree as it contains all possible reachable markings. A well-known solution to compute a Coverability set of a Petri net relies on building a finite Coverability tree based on Karp-Miller algorithm (Karp and Miller, 1969). This approach is efficient to calculate the Coverability trees. However, in real-world examples it often does not terminate in reasonable time since the generated Coverability trees cause a storage complexity problem (Ganty et al., 2009). In (Geeraerts et al., 2007) and (Geeraerts et al., 2010) a solution to solve the storage complexity is proposed. This solution is based on novel ideas: not building a Coverability tree but handling sets of pairs of markings. It constructs a sequence of sets of pairs of markings on which a variant of the Post operator and a variant of the acceleration function are systematically applied. By defining an adequate order ÷ on pairs of markings, this solution concentrates on maximal elements for ÷ . Let us define formally the notions on which this solution is based: &RQVLGHULQJD3HWULQHW1 370!$Q&-marking m is a function m: P p N ë ^&` WKDW DVVRFLDWHV D QXPEHU RI WRNHQV WR HDFK SODFH & PHDQLQJ DQ\ QDWXUDO QXPEer). Its downward-closure is the set of markings ;” (m) = {mÐ N|P| | m” m}. Given a set R of pairs of &markings, we let Flatten (R) = {m |˜m (m, m) n R}. The Post function is used to define the notion of successor of a pair of &-markings (m1, m2): Post ((m1, m2)) = {(m1, m), (m2, m) | m n Post (m2)}. Given two &-PDUNLQJV P DQG P VW P ” P ZH OHW AccelPair (m1, m2) = m& s.t. for any place p, m & (p) = m1 (p) if m1 (p) = m2 (p); m & (p) = & otherwise. Similarly to Post, we use Accel to define the notion of acceleration of a pair of &-markings (m1, m2): Accel ((m1, m2)) = {(m2, AccelPair (m1, m2))} if m1< m2; and Accel ((m1, m2)) is undefined otherwise. To handle the semantics of the PN in terms of pairs, the ordering ÷ is defined to reduce the size of the manipulated

sets. Let m1 and m2 be two &-markings. Then, m1 ü m2 is a function P: Z  ^í&, &} s.t. for any place p: (m1 ü m2)(p) is equal to & if m1(p) = &; í& if m2(p) = & and m1(p)  &; m1(p)ím2(p) otherwise. Then, given two pairs of &-markings (m1, m2) and (m1, m¶2), we have (m1, m2) ÷ (m1, m LIIP”P¶P”P2 and for any place p: (m2 ü m1)(p) ”(m¶2 ü m¶1)(p). For any (m1, m2), we let ;÷ ((m1, m2)) = {(m¶1, m¶2) | (m1, m2) ÷ (m1, m2)}. Given a set R of pairs of markings, we let Max÷ (R) = {(m1, m2) nR|× (m1, m2) nR: (m1, m2)  (m¶1, m2)  (m1, m2) ÷ (m1, m2)} The definition of the coverability sequence assumes the existence of an oracle which is defined as a procedure that produces pairs of markings. The oracle can be implemented by a recursive call to the procedure that computes the covering sequence, with a modified initial marking. The formal definition of an oracle is as follows: Given a Petri net N and an initial &-marking m0, an oracle is a function Oracle: N: (N  {0})|P| ™ (N  {0})|P| that returns, for any i Ë 0, a set of pairs of &-markings that satisfies the two following conditions: - ”(Post (Flatten (Oracle (i)))) ì ” (Flatten (Oracle (i))) - ”(Flatten (Oracle (i))) ì Cover (N,m0) Let N = be a PN, m0 be an initial marking, and Oracle be an oracle. Then, the covering sequence of N, noted CovSeq (N, m0, Oracle) is the infinite sequence (Vi, Fi,Oi)i•0, defined as follows: L V0 = k , O0 = k and F0 = {(m0, m0)}; ‡For any i •1: Oi = Max÷ (Oií1  Oracle (i)); L For any i •1: Vi = Max÷ (Vií1  Fií1) \ ÷ (Oi); ‡For any i •1: Fi = Max÷ (Post (Fií1)  Accel (Fií1))\  ÷ (Vi  Oi). Covering sequence is thus a sequence of triples (Vi, Fi,Oi), for any i •0, where all the Vi¶VFi¶VDQGOi¶VDUHVHWVRISDLUs of markings. At step i, Oi is a set of pairs that represents all the information provided by the oracle during steps 0 . . . i. The set Vi represents the visited pairs, i.e. the pairs that are present in some Vj or some Fj , for 0 ”j ”i í 1. However, in order to avoid redundancy, we do not store in Vi the pairs that are smaller than a pair previously provided by the oracle (and is thus in Oi). Finally, Fi is the frontier, i.e., the set of pairs which (i) are obtained by applying either the Post or the Accel operator to some pair in Fií1 and (ii) have not been visited or produced by the oracle before. At each step i, the oracle is implemented as a finite number of recursive calls to CovProc, where the initial &-markings are the results of the accelerations occurring at this step. Note that a recursive call is not applied on all the accelerated &-markings but a nondeterministically chosen subset S. Indeed, in practice, if we have two accelerated markings m1 and m2 with ;” (m2) C ;”3RVW* (m1)) then it is not necessary to apply CovProc on m2 to explore the markings that are reachable from m2. The coverability sets construction algorithm CovProc of (Geeraerts et al., 2007) and (Geeraerts et al., 2010) is then:

255

INCOM 2012, May 23-25, 2012 Bucharest, Romania

transitions cannot be associated to the same event; the subnet induced by the unobservable transitions is acyclic and the prefix-closed language associated with the net is detectable.

Data: A PN N = ÃP, TÄ, an initial &-marking m0 Result: A set of pairs of markings. CovProc (N, m0) begin

In (Ruiz-Beltran, 2007), interpreted Petri nets are employed to model the system behaviour that includes both events and states partially observable. Based on the Interpreted Petri net model derived from an on-line methodology, a scheme utilizing a solution of a programming problem is proposed to solve the diagnosis problem.

i := 0 ; O0 := Î ; V0 := Î ; F0 := {(m0, m0)} ; repeat i := i + 1 ; Ri := ëmÐSCovProc (N, m) where S C Flatten (Accel (Fií1)); Oi := Max÷ (Oií1 ë Ri) ; Vi := Max÷ (Vií1 ë Fií1) \ ;N(Oi) ; Fi := Max÷ (Post (Fií1) ë Accel (Fií1)) \ ;÷ (Oi ë Vi) ; until ; (Flatten (Oi ë Vi)) C ; (Flatten (Oií1 ë Vií1)) ; return (Oi ë Vi) ; end

2.3. Invariants Considering a Petri net with n transition and m places, the corresponding incidence matrix C is a (n*m) matrix.

Interpreted Petri nets are also used in (Cabasino, 2009), in which, some of the transitions of the net are assumed unobservable, including all those transitions that model faulty behaviours. This approach is based on the notion of basis marking and justification, that allow characterizing the set of markings that are consistent with the actual observation, and the set of unobservable transitions whose firing enable it. 4.

t

The solutions of the equation C. y=0 is an m-vector of integers y called a P-invariant (place invariant). A P-invariant indicates that the number of tokens in all reachable markings satisfies some linear invariants. The solutions of the equation x. C=0 is an n-vector of integers x called a T-invariant (transition invariant). The natural solutions indicate (possible) loops. 7KH VXSSRUW 1\ RI 3-invariant y>=0 is the subset of places FRUUHVSRQGLQJWRQRQH]HURHQWULHVRI\DQDORJLFDOO\1[RI7invariant x>=0 is the subset of transitions corresponding to none zero entries of x. 3.

STATE OF THE ART OF PETRI NETS BASED DIAGNOSER

Several diagnosis works are based on Petri Nets. Among the first pioneer works dealing with Petri Nets, we recall the work of Prock (Prock, 1991). In his work, Prock proposed an on-line technique for fault detection based on monitoring the number of tokens residing into P-invariants. When the number of tokens inside P-invariants changes a fault is then detected. The considered faults are marking faults. But due to the simplicity of the fault detection criterion no failure localization can be provided (Prock, 1991). Reference (Ghazel et al., 2005) proposes a monitoring approach for DES with unobservable events. It represents the ³DSULRUL´NQRZQEHKDYLRXURIWKHV\VWHPDQGWUDFNVRQ-line its state to identify the events that occur. In (Basile et al., 2009), the diagnoser is built on-line by defining and solving Integer Linear Programming (ILP) problems. Assuming that the fault transitions are not observable, the net marking is computed by the state equation and, if the marking has negative components, an unobservable sequence is occurred. The linear programming solution provides the sequence and detects the fault occurrences. Moreover, an offline analysis of the Petri Net structure reduces the computational complexity of the ILP problem. Through this approach two different observable

THE PROPOSED DIAGNOSIS APPROACH

The aim of the process of diagnosing faults is first of all to detect if there are eventual faults and then to identify the candidates responsible for these faults (single or multiples). Thus, in order to successfully achieve the diagnosis task, there must be in addition to description of the nominal EHKDYLRXUDV\VWHP¶VPRGHOGHVFULELQJWKHEHKDYLRXURIWKH system in fault cases. Considering actual cases where events and state faults affect at the same time discrete event systems, we propose to diagnose multiple event and state faults. To fulfil this task, indeed, we begin by modelling the monitored systems using Petri nets. Then, we proceed to detection and identification of transition (modelling the events in the Petri net) faults and marking faults (modelling states in Petri nets context) especially when the number of tokens in one or more places can grow indefinitely what are called unbounded places. 4.1. Study assumptions We consider systems modelled by marked Place/ Transition Petri nets (which may be bounded or unbounded) whose transitions set is partitioned into the set of observable (To) and unobservable transitions Tu, i.e., T = To U Tu and whose places set is partitioned into the set of observable places Po and unobservable places Pu, i.e, P= Po U Pu; with card (T) = n and card (P) = m. We assume that multiple faulty behaviours may occur in the system. The occurrence of fault behaviour corresponds to the firing of an unobservable transition and/or the firing of observable transition leading to unobservable state and/or to marking faults due to some unbounded states. When an unobservable transition fires, it could lead to an observable state or unobservable one. 4.2. The proposed approach Our new approach to diagnose multiple failures in discrete event systems modelled by Petri nets, concerned the

256

INCOM 2012, May 23-25, 2012 Bucharest, Romania

presentation of the status of various system components (events and states) as a state vector (S).

The algorithm DIAG of the proposed approach can now be sketched as follows:

The components of this vector correspond to different net transitions and states. Each vector component has a value which is equal to 0 or 1 depending on its normal or faulty functioning mode. In case of normal functioning mode of the system all vector components are null.

Data: A PN N = ÃP, TÄ with T = To U Tu and P= Po U Pu, an initial marking m0, card (T) = n and card (P) = m.

As we consider a general case of Petri nets which could be bounded or unbounded, we propose first to use the coverability method (not reachability) to check the system state. Thus, to obtain this state vector (S), we proceed to the construction of the Coverability set according to the approach given in (Geeraerts et al., 2007) and (Geeraerts et al., 2010). This approach pURGXFHVVHWVRI&-markings pairs knowing the initial marking M0 and optimizing the result obtained by the algorithm of Karp and Miller (Karp and Miller, 1969).

Begin //initialization of S vector For i=1 to n+m S[i] =0; //all transitions and places are initially non faulty End for; //calculating the covering sets according to CovProc CovProc(N, m0) //Proceeding to diagnosis //Diagnosing transitions For each ti in Tu if ti fires S[i] =1 //firing of unobservable transition End for; For each ti in To if ti fires //firing of observable transition if ti leads to unobservable state pi (pi  Pu) S[i] =1; End if; End for; // If there are a ti where S[i] =1 //proceeding to T-invariant support calculation // if a transition fault is detected herein, // we affect to the ti, S[i] =1 else S[i] =0; //Diagnosing places For each pi in P if pi is unbounded S[n+i]=1; End for; // If there are a pi where S[i+n]=1 //proceeding to P-invariant support calculation // if a marking fault is detected herein, we affect to the P i, S[i+n]=1 else S[i+n]=0; Return S; /* the first n components reveal the state of the n transitions and the last m components reveal the state of the m places */ End

Then, we characterize the status of various net transitions using the net Coverability and reachability of the different transitions. In the case where events are in normal IXQFWLRQLQJPRGHZHDVVLJQWKHYDOXH³´WRHDFKREVHUYDEOH transition leading to its corresponding observable state. On WKH RWKHU KDQG ZH DVVLJQ WKH YDOXH ³´ WR HDFK WUDQVLWLRn which firing leads to unobservable state. However, it is possible to get a false alarm or a compensation phenomenon that can be noted in case of several unobservable transitions leading to observable states or in case numerous marking faults (corresponding to place faults) or several observable transitions leading to unobservable states. In this case, we need to check the state vector previously generated. Thus, in order to get more efficient result and to avoid the compensation phenomena, we propose to use at a second step algebraic techniques (invariants). We then compute supports of T-invariants and P-invariants to check the state of each component of the vector state. The reasoning of the proposed approach is given in fig. 1.

Result: A vector S indicating the state of each PN component DIAG (N, m0)

4.3. Contribution to the literature

Fig. 1. The proposed approach Meaning that, to diagnose marking (place) faults, we combine the use of the Coverability and the analysis of Pinvariants and to diagnose transitions we proceed in addition to the use of the Coverability of the net to the notion of Tinvariant and algebraic verification of the considered net. In WKLV FDVH ZH DVVLJQ WKH YDOXH ³´ WR WKH SODFHV SUHVHQWLQJ marking faults and to faulty transitions. Otherwise, we assign WKH YDOXH ³´ WR WKH SODFHV and transitions in normal functioning mode.

If the use of Petri Nets to on-line diagnose faults in discrete event systems has already been presented elsewhere, the main contribution of the present work consists in addressing two main problems: the proper multiple faults diagnosis and the storage complexity. Thus, we propose to combine the use of coverability sets generated throughout the application of the CovProc presented in (Geeraerts et al., 2007) and (Geeraerts et al., 2010) and the algebraic analysis by the use of T and P invariant supports. In this new diagnosing technique, we consider Petri nets that could be as well bounded or unbounded unlike the (Wu and Hadjicostis, 2005) work which requires that the Petri Net model is bounded. There are no assumption that the Petri net model is acyclic, unlike references (Cabasino, 2009) and (Basile and al, 2008) which necessitate that the unobservable portion of the PN model

257

INCOM 2012, May 23-25, 2012 Bucharest, Romania

258

INCOM 2012, May 23-25, 2012 Bucharest, Romania

otherwise). According to simulation results (fig. 4), the proposed approach gives very interesting results localizing perfectly single transitions and places faults. The results of multiple faults show that the proposed approach detects and localizes at least 90% of multiple faults. On the other hand, the second chart sums up the time response of the proposed diagnosis module which allows, detecting and localizing properly faulty events and actions, in most cases with a detection duration average equal to 223, 84 ms. The detection duration varies according to the type of injected faults: it has averages of about 166 ms in case of injecting single faults, about 206 ms in case of injecting multiple faults affecting transitions only, about 224ms in case of injecting multiple faults affecting places only and about 359 ms in case of multiple places and transitions faults. This variation is justified here by the execution of all or a part of the instructions of the proposed approach. In fact, in case of multiple faults affecting both transitions and places all instructions are executed. Indeed, such is the example shown in fig. 5, in which Tank 1 is completely filled and the measured liquid volume is greater than the estimated value causing a fault in p13 (The number of tokens within p13 is increasing indefinitely) and Tank 2 is empty since V6 leads is blocked causing a fault in t12 (in this case t12 lead to unobservable places UP11 as it is shown in fig. 5), we calculate first of all the vector state S due the application of coverability notion.

Fig. 5. The Petri net of the three-tank system in case of faulty t12 and p13. In this case the result, we get is S= [000000000001000000000000100]. Then, the process of

calculating T-invariants and P-invariants is done confirming the obtained result and finally announcing the following vector state S= [000000000001000000000000100] and the result is got in 0.322 s. According to the findings on the tested system, we can conclude then, that the results of the proposed approach are promising. 6. CONCLUSION In the present paper, we introduce a novel approach to diagnose multiple places and transitions faults in discrete event systems using Petri net formalism. This new approach is based on the use of Coverability sets proposed in (Geeraerts et al., 2007) and (Geeraerts et al., 2010) and invariants notions to detect and localize multiple event and state faults. Experiments based on the case of the three-tank hydraulic system show the effectiveness and the promising results of this approach. It is expected that the achieved

results can also be extended to detecting and localizing multiple faults in hybrid systems. In fact, we intend in future works to highlight the potential of using such a diagnosis solution for hybrid systems. 7. REFERENCES Basile, F., Chiacchio, P. and De Tommasi, G. (2009) An efficient approach for on-line diagnosis of discrete event systems. IEEE Transaction on Automatic Control, volume (54), 748-759. Cabasino, M.P. (2009) Diagnosis and Identification of Discrete Event Systems using Petri Nets, Ph.D. in Electronic and Computer Engineering, University of Cagliari. Dotoli, M., Fanti, M. P., and Mangini, A. M. (2006) On-line identification of discrete event systems: a case study. In Proceedings of the IEEE International Conference on Automation Science and Engineering (CASE '06), Shangai, China, 8-10 October, 405±410, Fliss, I. and Tagina, M. (2011) Multiple Fault Diagnosis of Discrete Event Systems using Petri Nets. In Proceedings of the International Conference on Communications, Computing and Control Applications - &&&$¶, Hammamet, Tunisia, 3-5 March. Ganty, P., Geeraerts, G., Raskin J-F. and Van Begin L . (2009) Le problème de couverture pour les réseaux de Petri: résultats classiques et développements récents. Technique et Science Informatiques, volume (28), 1-36. Geeraerts, G., Raskin, J-F. and Van Begin L. (2007) On the efficient Computation of the Minimal Coverability set of Petri nets. In proceeding of 5th Int. Symp. on Automated 7HFKQRORJ\ IRU 9HULILFDWLRQ DQG $QDO\VLV $79$ ¶ , LNCS, 4762, Springer, 98-113. Geeraerts, G., Raskin, J-F. and Van Begin L. (2010) On the efficient Computation of the Minimal Coverability set of Petri nets. International Journal of Foundations of Computer Science (IJFCS), volume (21), n° 2, 135-165. Ghazel, M., Togueni, A., and Bigang, M. (2005). A monitoring approach for discrete events systems based on a time Petri net model. In proceeding of 16th IFAC World Congress, Prague, Czech Republic, 4-8 July. Karp, R. M. and Miller, R-E. (1969) Parallel Program Schemata. Journal of Computer and System Sciences, volume (3), 147-195. Portinale L., (1996) Improving Model-Based Diagnosis through Algebraic Analysis: the Petri Net Challenge, Proceedings of the 13th National Conference on Artificial Intelligence (AAAI'96), 952-958. Prock, J. (1991) A new technique for fault detection using Petri nets. Automatica, volume (27), n° 2, 239±245. Ruiz-Beltran, A. R.-T. E., Rivera-Rangel, I., and LopezMellado, E. (2007) Online fault diagnosis of discrete event systems: A Petri net-based approach. IEEE Trans. on Automation Science and Engineering, volume (4), n°1, 31±39. Murata, T. (1989) Petri nets: properties, analysis and application. Proceeding of the IEEE, volume (77), n° 4, 541-580.

259