An algorithm of linear complexity for the diagnosis of discrete event systems

7th IFAC Conference on Manufacturing Modelling, Management, and Control International Federation of Automatic Control June 19-21, 2013. Saint Petersburg, Russia

An algorithm of linear complexity for the diagnosis of discrete event systems D. Lefebvre GREAH – University Le Havre, 25 rue P. Lebon, 76058 Le Havre France, (e-mail: [email protected]) Abstract: This paper concerns fault detection and diagnosis for discrete event systems modeled with partially observed Petri nets. The proposed method provides a decision via the analysis of observation sequences that include some observable events and the partial measurement of the successive states visited by the system. To this end, the observation sequences are decomposed into elementary observation sequences, linear matrix inequalities are used to compute the firing sequences consistent with each elementary observation sequence and an algorithm of linear complexity with respect to the length of the observation sequences is proposed to return on-line diagnosis decisions. Keywords: Discrete event systems, Fault detection and diagnosis, Petri nets, Partially observed Petri nets, on-line applications and has encouraged the authors to propose off-line solutions in case of bounded PNs. Finally, recent approaches consider behaviors with both events and states that are partially observable. Interpreted PNs (Ramirez - Trevino et al. 2007) and partially observed Petri nets (POPNs) (Ru and Hadjicostis, 2009) that represent such behaviors have been investigated. POPNs and linear matrix inequalities have been also used to characterize the set of firing sequences consistent with a given observation (Lefebvre, 2012).

1. INTRODUCTION In the domain of discrete event systems (DES), fault detection and diagnosis (FDI) has been often formulated with labeled Petri nets (Peterson, 1981). The main reason for developing FDI methods with PNs is that such models include graphical representations that can be disseminated widely in numerous application domains. They also offer mathematical supports that are consistent with standard tools. FDI with PNs has been first introduced by monitoring the marking in P-invariants (Prock, 1991): faults are detected when the number of tokens inside P-invariants changes. Then, redundancies and additional P-invariants have been considered to detect and isolate faulty markings (Hadjicostis and Veghese, 1999). These approaches are based on the marking measurements and have been improved with algebraic decoding techniques (Lefebvre et al. 2007, Wu et al. 2005). Several papers are based on the different assumption that faults are represented by silent transitions and that places are not observable at all. Directly inspired from diagnosis with automata (Lin, 1994; Sampath et al., 1998), a state-based method that explores the reachability graph has been proposed in (Ushio et al., 1998). A modular approach is developed in (Genc and Lafortune, 2007): diagnosis is performed for each module and the modules are coupled through common places. In (Dotoli et al., 2009), Integer Linear Programming (ILP) problems are defined to compute the minimal sequences of unobservable transitions containing the faults that may have occurred. ILP problems are also addressed in (Basile et al., 2009), combined with the PN state equation to detect faults in unobservable sequences. Then basis markings and justifications have been proposed for fault diagnosis of free-labeled (Cabasino et al., 2010) and labeled (Cabasino et al., 2011) PNs. In the previous approaches, the computational effort is generally too high for 978-3-902823-35-9/2013 © IFAC

In comparison with numerous existing approaches, the present work (i) considers both partial event and marking measurements that are collected in observation sequences; (ii) does not require a complete measurement of the initial marking of observation sequences; (iii) detects and isolates the faults with an algorithm of linear complexity with respect to (wrt) the observation sequence length. This algorithm is suitable for on-line applications. 2. PROBLEM FORMULATION 2.1 Definitions and notations A marked Petri net (PN) is defined as , where P = {Pi} is a set of n places and T = {Tj} is a set of q transitions, WPO ∈ (N)n×q and WPR ∈ (N) n×q are the post and pre incidence matrices (N is the set of non-negative integer numbers), and W = WPO – WPR is the incidence matrix. M ∈ (N) n is the PN marking vector and MI represents the PN initial marking. A transition Tj is enabled at marking M if and only if (iff) M ≥ WPR(:, j), where WPR(:, j) is the column j of pre incidence matrix; this is denoted M [Tj >. When Tj is enabled, it may fire, and when Tj fires once, the marking varies according to ∆M = M’ – M = W(:, j). This is denoted M [Tj > M’. A firing sequence of size h = |σ| enabled at 275

10.3182/20130619-3-RU-3018.00155

2013 IFAC MIM June 19-21, 2013. Saint Petersburg, Russia

(H1) events do not occur simultaneously. This assumption is required to consider firing sequences with ordered events. (H2) there is a partial measurement of the marking (according to matrix H) when an observable transition fires or when a silent transition fires that changes the observable part of the marking. This assumption means that the system is monitored with a sampling period not larger than the minimal time that separates two consecutive events. (H3) the size of unobservable firing sequences that do not change the observable part of the marking is assumed to be bounded. Assumption H3 is motivated because infinite firing sequences that are unobservable and that do not change the observable part of the marking are obviously not diagnosable.

marking M is a sequence of h transitions σ = T(1)T(2)…T(h), with T(j) ∈ T, j = 1,…,h that successively fire from marking M to marking M’. This is denoted M [σ >M’. The integer xj(σ) is the number of occurrences of transition Tj in σ, and X(σ) = (xj(σ)) ∈ (N) q is the firing count vector for σ. A marking M is said to be reachable from initial marking MI if there exists a firing sequence σ such that MI [σ >M. The set of all reachable markings {MI, M2, M3, …} from initial marking MI is R(PN, MI). In a partially observed Petri net (POPN), the set T is partitioned into the set of observable transitions TO of cardinality qO and the set of unobservable transitions TU of cardinality qU such that T = TO ∪ TU and TO ∩ TU = ∅. The set TU is also partitioned into two sets: the set of fault transitions TF of cardinality qF (all fault are unobservable events) and the set of unobservable normal transitions TN of cardinality qN such that TU = TF ∪ TN and TF ∩ TN = ∅. E = {e1,...,ep} is the set of p labels and L : T → E ∪ {ε} is a labeling function that assigns a label to each transition. For all transitions Tj ∈ TU, the function L provides the null label: L (Tj) = ε. The concatenation of labels obviously satisfies: ε.ε = ε and ε.ek = ek. Each label is represented by a vector Y with dimension p such that Y(ek) = (yj) with yj = 1 if j = k else yj = 0 and Y(ε) = 0p where 0p is the zero vector with dimension p. The function L is represented with the labeling matrix L = (lk p×q such that lk j = 1 if L(Tj) = ek else lk j = 0. Thus L j) ∈ (N) (T) = ε (resp. L (T) = ek) is equivalent to L.X(T) = 0p (resp. L.X(T) = Y(ek)). Similarly F = {f1,...,fs} is the set of s fault classes and F : T → F ∪ {εε} is a function that assigns a fault class fα to each transition in T. Each fault fα corresponds to one or several fault transitions T ∈ TF that satisfy F(T) = fα, and for all transitions T ∈ TO ∪ TN, the function F provides the null symbol: F(T) = ε. The row vector Fα = (fα j) ∈ (N) 1 × q , satisfies fα j = 1 if F(Tj) = fα else fα j = 0 and provides the projection of firing count vector over the fault class fα. The fault class matrix F is defined as F = (FT1 |...| FTs)T. The marking vector M is also partially observed according to a sensor configuration matrix H ∈ (R) no × n (R is the set of real numbers). The observable part of the marking is denoted MO = H.M. As a conclusion, a POPN is defined as , where PN is a Petri net, L is the labeling matrix and H is a sensor configuration matrix. A fault class matrix F is also considered as long as FDI is concerned.

The collected information is modeled in observation sequences. Definition 1: An observation sequence for a DES modeled with a marked POPN is defined as: TRO(k1, k2) = MO(k1-1)eO(k1)MO(k1)…eO(k2)MO(k2)

(1)

with k2 ≥ k1 ≥ 1. Labels eO(k) ∈ E ∪ {ε}, k = k1,..,k2, are observable events or null symbols if no observable event occurs between two consecutive but different observable part of the marking vector. Markings MO(k) = H.M(k), k = k1,..,k2, are collected each time when an observable event occurs or when MO(k) changes. In particular, the marking M(k1-1) is assumed to be unknown and only the observed part MO(k1-1) of this marking is measured. k2 - k1 +1 is the length of the observation sequence. TRO(k) = MO(k-1)eO(k)MO(k), k = k1,..,k2, represents an elementary observation sequence and any firing sequence σ(k) consistent with TRO(k) is called an elementary firing sequence (e-firing sequence). According to assumption H3, such e-firing sequences are of finite size and may be written as (2):

σ(k) = T(k, 1) T(k, 2)… T(k, h(k)-1) T(k, h(k))

(2)

with h(k) = |σ(k)|. Any firing sequence σ(k1, k2) consistent with the observation sequence TRO(k1, k2) may be written as σ(k1, k2) = σ(k1)σ(k1+1)…σ(k2) where σ(k) is an e-firing sequence for TRO(k), k = k1,..,k2. σ(k) that satisfies Proposition 1. Proposition 1: Let us consider a DES modeled with a marked POPN. The firing sequence σ = T(1)T(2)…T(h1)T(h) is an e-firing sequence for TRO(k) = MO(k1)eO(k)MO(k) iff the following conditions are satisfied:

2.2 Observation sequences In this study, DESs modeled by marked POPNs are considered. Events are represented by the firing of the transitions, and states correspond to the markings. The events and states are partially observed according to the matrices L and H. Such situations are frequently encountered in supervision systems that store an incomplete history of data collected from a system. In such cases, FDI must be achieved using only some specific alarms and critical sensor measurements. This is the context of the proposed approach. The following assumptions are considered in the following:

(3a) L.X(T(t)) = 0p, t = 1,…,h - 1 L.X(T(h)) = Y(eo(k)) (3b) There exists M(t) ∈ R(PN, MI), t = 0,…,h such that M(0) [T(1) > M(1) …. [T(h) > M(h) with: (3c) H.M(t) = MO(k-1), t = 0,…,h - 1 H.M(h) = MO(k) (3d)

276

2013 IFAC MIM June 19-21, 2013. Saint Petersburg, Russia

Proof: If σ = T(1) T(2)… T(h-1) T(h) satisfies (3a) and (3b), then L (T(t)) = ε, t = 1,..., h-1 and L (T(h)) = eo(k). Thus L (σ) =ε....ε.eo(k) = eo(k) (the h-1 first transitions in σ are unobservable). In addition, if there exists M(t) ∈ R(PN, MI), t = 0,…,h, such that (3c) and (3d) are satisfied, then σ is enabled at a reachable marking M(0) and M(0)[ σ > M(h) is consistent with TRO(k) and the firing of the h-1 first transitions in σ do not change the observable part of the marking vector. Reciprocally, any e-firing sequence σ for TRO(k) = MO(k1)eO(k)MO(k) can be written according to (2) and there exists M(t) ∈ R(PN, MI), t = 0,…,h such that M(0) [T(1) > M(1) …. [T(h) > M(h). Only the last transition T(h) in σ is eventually observable, thus (3a) and (3b) hold. The observable parts of the h- 1 first markings M(t) are identical and satisfy (3c). The marking M(h) satisfies (3d).

firing sequence σ = T(k1,1)…T(k1,hk1)T(k1+1,1)…T(k2,1)… T(k2,hk2) with hk ≤ hmax, k = k1,...,k2, is consistent with observation sequence TRO(k1, k2) iff (i) equality (5) is satisfied for k = k1,...,k2:

 L   0  0   0  H.W   0  0   H.W 

0 0       ⋮ ⋮     0 0   X(T(k,1))       ⋮ Y(eo(k)) 0 L     . =  0 0 0   X(T(k,hk −1))      ⋮ 0 ⋮   X(T(k,hk ))      0 H.W 0      M (k )− M (k −1) H.W H.W  o  o ⋯

⋯ 0 ⋱ 0 ⋯

(5)

(ii) there exists M ∈ R(PN, MI) such that H.M = MO(k1-1) and inequality (6) is satisfied:

To conclude the FDI problem is to check that all firing sequences σ(k1, k2) consistent with a given observation sequence TRO(k1, k2) include or not some faults and to identify the class fα of the faults.

0  −I q  0 Iq −   ⋮ ⋱  ⋯  0 (1 )T 0  q T 0 1 (  q )  ⋮ ⋱   0 ⋯  0  WPR  −W WPR  ⋱  ⋮  −W ⋯ 

3. FAULT DETECTION AND DIAGNOSIS In this section, the set of firing sequences that are consistent with a given observation sequence is computed. The proposed approach is based on the characterization of the efiring sequences. Then, sufficient conditions to detect and isolate the faults in any observation sequence are provided. 3.1 Set of firing sequences consistent with observation According to assumption H3, the size of e-firing sequence σ(k) is finite and satisfies h(k) ≤ hmax where hmax – 1 is the maximal number of silent transitions that may fire consecutively in any sequence that does not modify the observable part of the marking. Parameter hmax is an input for the proposed approach as long as it is used to limit the search of firing sequences consistent with any given observation sequence. For bounded PNs with N states, parameter hmax can be computed with the reachability graph of the marked POPN. More precisely, the matrix Gε = (gε ik) ∈ {0, 1}N × N of induced unobservable subnet is defined such that gε ik = 1 if there exists T ∈ T and (Mi , Mk) ∈ R(PN, MI) such that (i) Mi [T > Mk, (ii) L.X(T) = 0p, (iii) H.Mi = H.Mk, otherwise gε ik = 0. The e-firing sequences σ(k) consistent with any elementary observation sequence TRO(k) generated by the POPN satisfy h(k) ≤ hmax with: hmax = max{h ≥ 0 such that (Gε)h > 0} + 1

0

⋱ ⋱ ⋱ L

(4)

where the inequalities (Gε)h > 0 are taken componentwise (Lefebvre, 2012). As a consequence, the maximal size of any firing sequence σ(k1, k2) consistent with observation sequence TRO(k1, k2) satisfies: h(k1, k2) ≤ hmax.(k2 – k1 + 1).

⋯ ⋱ ⋱ 0 ⋯ ⋱ ⋱ 0 ⋯ ⋱ ⋱ −W

0  0    ⋮  0 0   X(T( k1 ,1))   ⋮      ⋮ −I q    0 0   X(T( k1 ,hk1 ))   1      ⋮   X(T( k1 +11 , ))   1  . ≤ ⋮  0  ⋮     (1q )T   X(T( k1 +1,hk1+1 ))  1    M  0  ⋮     ⋮   X(T( k2 ,hk 2 ))   M     0  ⋮ M   WPR   

(6)

Proof: Proposition 2 results from the rewritten of σ as σ = σ(k1)…σ(k2) with σ(k) = T(k,1)…T(k,hk)) and from the transformation of conditions (3a) to (3d) according to the firing count vector X(T(k, t)) of the transition T(k, t), t =1,…,h. Let us consider σ(k) = T(k,1)…T(k,hk)) of maximal size hmax that satisfies (5) and (6). According to the rows 1 to 8 of inequality (6), each vector X(T(k, t)), t =1,…,h is positive and has at most a single non zero component: this vector represents either the firing of a single transition or the absence of any firing (if X(T(k, t)) = 0). The rows 9 to 12 of (6) lead to the existence of a marking M ∈ R(PN, MI) that enables the firing sequence σ(k) (Garcıa Valles, 1999). Moreover according to (ii) and the rows 5 to 8 of equality (5), equations (3c) and (3d) are satisfied. Finally, the rows 1 to 3 of (5) lead to (3a) and the row 4 leads to (3b). Reciprocally, if σ(k) = T(k, 1)…T(k, h) is an e-firing sequence for TRO(k), it satisfies (3a) to (3d). These conditions lead trivially to equality (5) and inequality (6). The set of firing sequences that are consistent with TRO(k1, k2) is defined as Σ(k1, k2) = {σ of finite size |σ | ≤ hmax.(k2 – k1 + 1) that satisfy Proposition 2} and Σ(k, k) will be denoted Σ(k). The computation effort to work Σ(k1, k2) is related to the

Proposition 2: Let us consider a DES modeled with a marked POPN and an observation sequence TRO(k1, k2). A

277

2013 IFAC MIM June 19-21, 2013. Saint Petersburg, Russia

resolution of LMI (5) – (6) that includes at most hmax.(k2 – k1 + 1).n inequalities with at most hmax(k2 – k1 + 1).q unknown integer variables. The complexity is exponential wrt the length of the observation sequence and also depends on q.

TRO(k-1,k+1),…, TRO(1,k+1),…,TRO(1,k+2),.... In order to limit the computational effort, observation sequences with a maximal number K of successive EOS are considered. At each step k, Algorithm 1 returns 3 variables: bw(k) ∈ {0,…,K}, fw(k) ∈ {0,…,K} such that fw(k) + bw(k) ≤ K, and prob(TRO(Ik), fα) = b(fα, k-bw(k), k+fw(k)) with Ik = (k-bw(k), k+fw(k)). The following cases may arise: • There exists bw(k) ∈ {0,…,K} and fw(k) ∈ {0,…,K} with fw(k) + bw(k) ≤ K such that Fα.X(σ) > 0 for all σ ∈ Σ(TRO(Ik)). In that case prob(TRO(Ik), fα) = 1. • There exists bw(k) ∈ {0,…,K} and fw(k) ∈ {0,…,K} with fw(k) + bw(k) ≤ K such that Fα.X(σ) = 0 for all σ ∈ Σ(TRO(Ik)). In that case prob(TRO(Ik), fα) = 0. • The fault fα cannot be diagnosed with observation sequences TRO(Ik) whatever bw(k) ∈ {0,…,K} and fw(k) ∈ {0,…,K} with fw(k) + bw(k) ≤ K. In that case prob(TRO(Ik), fα) ∈ ]0 : 1[.

3.2 Algorithm for Fault detection and diagnosis Let us consider a marked POPN and a fault class fα ∈ F. Proposition 3: Let us consider a DES modeled with a marked POPN and an observation sequence TRO(k1, k2). A fault of class fα occurs without ambiguity (resp. does not occur) during the observation of TRO(k1, k2) if min{Fα.X(σ) for all σ ∈ Σ(k1, k2)} > 0 (resp. max{Fα.X(σ) for all σ ∈ Σ(k1, k2)} = 0). Proof: If min{Fα.X(σ) for all σ ∈ Σ(k1, k2)} > 0 then the projections over the fault class fa of the firing count vectors of the firing sequences in Σ(k1, k2) are non-zero. Thus, each firing sequence in Σ(k1, k2) contains at least one fault transition of class fa and a fault of class fa occurs without ambiguity during the observation of TRO(k1, k2). Similarly, no fault of class fa occurs during the observation of TRO(k1, k2) if max{Fα.X(σ) for all σ ∈ Σ(k1, k2)} = 0.

Algorithm 1: On-line fault diagnosis Input: fα and K Output: bw(k), fw(k) and prob(TRO(Ik), fα) Start Capture observation TRO(k) Initialization: bw(k) ← 0, fw(k) ← 0 and Ik ← (k-bw(k), k+fw(k)) Compute prob(TRO(Ik), fα) for TRO(k) While (prob(TRO(Ik), fα) ∈ ]0 : 1[)&(bw(k)
The conditions in Proposition 3 are formulated as an ILP problem with cost function Fα.X(σ) that can be solved with a branch and bound algorithm (Vanderbei, 2007). In the general case, ILP problems have non polynomial complexity, but branch and bound algorithms limit the computational effort in many practical situations. A condition similar to Proposition 3 can be stated for fault detection by considering matrix F instead of Fα. Proposition 3 is a sufficient but not necessary condition: in case Fα.X(σ) > 0 for some σ ∈ Σ(k1, k2) and Fα.X(σ) = 0 for other σ ∈ Σ(k1, k2), an ambiguous decision is returned. Such situation occurs if the sensor configuration is too poor or if the observation sequence is too short. In these cases, the belief b(fα, k1, k2) ∈ [0 : 1] of the fault fα after observing TRO(k1, k2) can be computed (Ru and Hadjicostis, 2009): b(fα, k1, k2) = card({σ ∈ Σ(k1, k2) such that Fα.X(σ) > 0}) / card(Σ(k1, k2)) (7) where card(Σ(k1, k2)) stand for the cardinality of Σ(k1, k2). To overcome non detections, it could be necessary to change the position and number of transition and marking sensors (i.e. the matrices L and H) and also to capture longer observation sequences. In this last case, the computation effort increases and the method is no longer suitable for on-line applications. Thus, in order to limit the computational effort, the forward – backward Algorithm 1 is proposed and a maximal number K of successive elementary observation sequences is considered at each step k. This algorithm captures successive elementary observation sequences and refines progressively the ambiguous decisions. For each observation k, the algorithm first uses a backward procedure (bw) and checks Proposition 4 with observation sequences TRO(k), TRO(k-1,k),…, TRO(1,k) (past observations). If an ambiguous decision remains, it uses a forward (fw) procedure, waits for the next observations and checks Proposition 4 with observation sequences TRO(k,k+1),

Proposition 4: Let us consider a DES modeled with a marked POPN and an observation sequence TRO(k1, k2). A fault of class fα occurs without ambiguity during observation if there exists K > 0 and k, k1 ≥ k ≥ k2 such that Algorithm 1 returns prob(TRO(Ik), fα) = 1. Proof: Let us consider an observation sequence TRO and k, k1 ≥ k ≥ k2 such that Algorithm 1 returns prob(TRO(Ik), fα) = 1. This means that there exists bw(k) ∈ {0,…,K} and fw(k) ∈ {0,…,K} with fw(k) + bw(k) ≤ K, k + fw(k) ≤ k2 and k - bw(k) ≥ k1 such that Fα.X(σ) > 0 for all σ ∈ Σ(TRO(Ik)). Proposition 4 is satisfied for TRO(Ik) and a fault of class fα occurs without ambiguity during observation sequence TRO(Ik).

278

2013 IFAC MIM June 19-21, 2013. Saint Petersburg, Russia

At each step k, Algorithm 1 returns a decision by treating a subsequence of maximal length K. Thus, the complexity, at each step, does not depend on the length L of observation sequence. As a consequence the computation effort for the whole observation sequence is linear wrt L (it is exponential wrt K, but K is a constant input for Algorithm 1). In addition, Algorithm 1 provides the information that the fault of class fα occurs in interval [k-bw(k) : k+fw(k)] and this interval provides an information about the order of the fault in the sequence. Finally, the belief of the fault is computed when ambiguous decisions are returned.

observation sequence TRO(1, 3) leads to the decision f1(2) = 1 and h1(2) = 0. The delay to detection is 1 and the fault f1 is isolated in interval [1 : 3]. The algorithm continues in a similar way. In the present case, the belief of fault f1 is either 0 or 1 as long as the decisions have no ambiguity. But if Algorithm 1 is applied with K = 1, then the fault f1 is no longer detectable and belief can be interpreted to as the probability of fault occurrence (Table 2). In order to illustrate the gain in complexity resulting from the use of Algorithm 1, the same example is considered with several observable sequences of lengths L in range [6 : 20] and the computational time (Intel Core 2 Duo 2,4 GHz) required to diagnose the fault f1 in TRO(1, L) is compared with Propositions 3 and 4 for different values of parameter K. As expected, one can notice that the computation time required by the complete analysis of TRO(1, L) increases exponentially wrt L (tested firing sequences are of size up to 80). In comparison the computation time required to run Algorithm 1 increases linearly wrt L (tested firing sequences are of size not larger than 4.K).

4. EXAMPLE Let us consider the marked POPN of Figure 1 (Ru and Hadjicostis, 2009). The set of labels is E = {e1, e2}. The matrices L = ((1 0 0 0 0 0 0 0)T (0 0 0 0 0 0 1 1)T)T and H = (0 0 0 1 0 0 0) define the sensor configuration and F = (0 0 0 0 0 1 0 0) defines a single fault class F= {f1}. Let us also consider the first elementary observation sequences of a given observation TRO = (0) e1 (0) ε (1) ε (2) e2 (0) e1 (0) ε (1) e2 (0) e1 (0)...

3

10

P3 P1

P7

T3

T5

P5

T1 

2

T7 

10

Proposition 3

T6 1

P2

T2

P6

T4

10

T8 

P4

Proposition 4 with K =2

2

Proposition 4 with K =3

0

10

Proposition 4 with K =1

-1

10

Figure 1: Example of marked POPN with TO = {T1, T7, T8}, PO = {P4}, TF = {T6} (unobservable places and transitions are colored in grey)

-2

10

6

The application of Proposition 2 provides the maximal size of e-firing sequences consistent with any elementary observation sequences: hmax = 4. Then, application of Propositions 3 and 4 leads to the determination of the sets Σ(k1, k2), for k2 = 1,..,8 and k1 = 1,…,k2. For example, Σ(3) = {T4, T2T4, T6T4, T3T6T4} and Σ(1, 3) = {T1T3T6T2T4T4, T1T3T2T6T4T4, T1T2T3T6T4T4, T1T3T6T4T2T4, T1T3T2T4T6T4, T1T2T3T4T6T4, T1T2T4T3T6T4,}. From Σ(3), it is not possible to conclude if the fault f1 occurs or does not during observation TRO(3), but considering Σ(1, 3), one can notice that all firing sequence in Σ(1, 3) include the fault transition T6, thus the fault f1 is detected and diagnosed with Proposition 3. The difficulty is that the computation time increases exponentially with the length of the observation sequence. Algorithm 1 applied with K = 2 can be used to provide faster decisions suitable for on-line diagnosis (Table 1). When the first elementary observation sequence TRO(1) = (0)e1(0) is captured (i.e. k = 1), Algorithm 1 checks that the behavior is healthy. The decision is immediate. Then for the second elementary observation sequence (i.e. k = 2), the observation sequences TRO(2) = (0)ε(1) and TRO(1, 2) = (0)e1(0)ε(1) do not provide enough information to detect the fault, but

7

8

9

10

11

12

13

14

15

16

Figure 2: Computational effort for FDI with Propositions 3 and 4 (X-label: observation sequence length L, Y-label: computational time (s) in log scale). 5. CONCLUSION FDI with POPNs is investigated according to the capture and analysis of observation sequences that include the sequence of observable events and the partial measurement of the successive states reached by the system. The computation of the set of firing sequences consistent with successive elementary observation sequences is used to formulate sufficient conditions for detection and diagnosis as ILP problems. In order to provide on-line diagnosis, a forwardbackward algorithm is proposed that analyses sub-sequences of bounded length. As a consequence the proposed contribution extends numerous recent papers that do not consider simultaneously event and state measurements. The method is also applicable without any modification when only the states (L = 0) or the events (H = 0) are observable. In comparison with (Ru and Hadjicostis, 2009), that is the most 279

2013 IFAC MIM June 19-21, 2013. Saint Petersburg, Russia

C.N. Hadjicostis, G.C. Veghese, Monitoring discrete event systems using Petri net embeddings, Lecture notes in computer science, vol. 1639, pp. 188–207, 1999. D. Lefebvre and C. Delherm, Diagnosis of DES with Petri net models, IEEE Trans. Aut. Science and Eng., 4(1): 114– 118, 2007. D. Lefebvre, Diagnosis with Petri nets according to partial events and states observation, Proc. IFAC Safeprocess12, Mexico City, Mexico, 2012. F. Lin, Diagnosability of discrete event systems and its applications, Discrete Event Dynamic Systems, 4(2): 197– 212, 1994 J.L. Peterson, Petri net theory and the modelling of systems, Prentice Hall, New Jersey, 1981. A. Ramirez - Trevino, E. Ruiz-Beltran, I. Rivera-Rangel and E. Lopez-Mellado, Online fault diagnosis of discrete event systems. A Petri net-based approach, IEEE Trans. Aut. Science and Eng., 4(1):31–39, 2007. Prock, J., A new technique for fault detection using Petri nets, Automatica, 27(2), 239–245, 1991. Y. Ru, H. Hadjiscotis, Fault diagnosis in discrete event systems modelled by partially observed Petri nets, Discrete Event Dynamic Systems, vol. 19, pp. 551-575, 2009. M. Sampath, R. Sengupta, S. Lafortune, K. Sinnamohideen, & D.Teneketzis, Diagnosability of Discrete Event Systems. IEEE Trans. Aut. Contr. , 40 (9), 1555–1575, 1995. T. Ushio, L. Onishi, and K. Okuda, Fault detection based on Petri net models with faulty behaviors, Proc. of the 1998 IEEE Conf. on Systems, Man, and Cybernetics, San Diego, CA, USA, pages 113–118, 1998. R. Vanderbei, Linear Programming: Foundations and Extension, Springer, 2007.

relevant work, the proposed algorithm is suitable to deliver fast decisions compatible with real-time requirements. In addition no refinement of the transition labels is needed and the measurement of initial marking of observation sequence is not required. In our future works, the problems of diagnosability, predictability and sensors selection with POPNs will be considered. ACKNOWLEDGEMENTS The author thanks the Region Haute-Normandie for its financial support (Projet SER-MRT DDSMRI 2007 - 2013). REFERENCES F. Basile, P. Chiacchio, and G. De Tommasi, An efficient approach for online diagnosis of discrete event systems, IEEE Trans. Aut. Contr., 54(4): 748–759, 2009. M. P. Cabasino, A. Giua, and C. Seatzu, Fault detection for discrete event systems using Petri nets with unobservable transitions, Automatica, 46(9): 1531–1539, 2010. M. P. Cabasino, A. Giua, M. Pocci, and C. Seatzu, Discrete event diagnosis using labeled Petri nets. An application to manufacturing systems, Control Engineering Practice, 19: 989–1001, 2011. M. Dotoli, M. P. Fanti, and A. M. Mangini, W. Ukovich, Online Fault Detection in Discrete Event Systems by Petri Nets and Integer Linear Programming, Automatica, 45: 2665– 2672, 2009. F. Garcıa Valles, Contributions to the Structural and Symbolic Analysis of Place/Transition Nets with Applications to Flexible Manufacturing Systems and Asynchronous Circuits, PhD thesis, Universidad de Zaragoza, 1999. S. Genc, & S. Lafortune, Distributed diagnosis of placebordered Petri nets. IEEE Trans. on Automation Science and Engineering, 4(2): 206–219, 2007.

Y. Wu and C. N. Hadjicostis. Algebraic approaches for fault identification in discrete-event systems, IEEE Trans. Aut. Contr., 50(12):2048–2053, 2005.

TRO (0) e1 (0) ε (1) (1) e2 (0) e1 ε (2) e2 (0) e1 (0) ε k 1 2 3 4 5 6 7 8 k-bw(k):k+fw(k)] [1 : 1] [1 : 3] [1 : 3] [4 : 4] [5 : 5] [6 : 7] [7 : 7] [8 : 8] 0 1 1 0 0 0 0 0 prob(TRO(Ik), fα) Table 1: Diagnosis with Algorithm 1 for the first elementary observation sequences of TRO with K = 2

(0)… 9 … …

TRO (0) e1 (0) ε (1) (2) e2 (0) e1 (0) (1) e2 (0) e1 ε ε k 1 2 3 4 5 6 7 8 k-bw(k):k+fw(k)] [1 : 1] [1 : 2] [2 : 3] [4 : 4] [5 : 5] [6 : 7] [7 : 7] [8 : 8] 0 0.84 0.5 0 0 0 0 0 prob(TRO(Ik), fα) Table 2: Diagnosis with Algorithm 1 for the first elementary observation sequences of TRO with K = 1

(0)… 9 … …

280