- Email: [email protected]
Conjunctive Decentralized Diagnosis of Discrete Event Systems*
4th IFAC Workshop on Dependable Control of Discrete Systems The International Federation of Automatic Control September 4-6, 2013. University of York, York, UK
Conjunctive Decentralized Diagnosis of Discrete Event Systems ⋆ Takashi Yamamoto ∗ Shigemasa Takai ∗ ∗
Osaka University, Suita, Osaka 565-0871, Japan (e-mail:[email protected],[email protected]). Abstract: In this paper, we study conjunctive decentralized diagnosis of discrete event systems. A notion of conjunctive codiagnosability which guarantees that any failure is detected by a conjunctive decentralized diagnoser within a uniformly bounded number of steps has been defined in literature. We propose an algorithm for verifying conjunctive codiagnosability based on a necessary and sufficient condition for the system not to be conjunctively codiagnosable. To construct a conjunctive decentralized diagnoser for a conjunctively codiagnosable system, we need to compute the delay bound within which the occurrence of any failure can be detected by conjunctive decentralized diagnosis. We show how to compute the delay bound. Keywords: Discrete event system, Failure diagnosis, Conjunctive codiagnosability, Delay bound 1. INTRODUCTION
bounded number of steps is defined and an algorithm for verifying disjunctive codiagnosability is proposed (Qiu and Kumar (2006)). Further, an algorithm for computing the delay bound within which any occurrence of a failure can be detected in disjunctive decentralized diagnosis and an scheme for online diagnosis are presented (Qiu and Kumar (2006)). The most existing works on decentralized diagnosis focus on disjunctive decentralized diagnosis.
A language based framework for failure diagnosis of partially observed discrete event systems (DESs) is proposed in Sampath et al. (1995). The failure diagnosis problem formulated in Sampath et al. (1995) requires that any occurrence of a failure should be detected within a uniformly bounded number of steps. The diagnosability property introduced by Sampath et al. (1995) characterizes the class of diagnosable systems. In Jiang et al. (2001) and Yoo and Lafortune (2002), polynomial algorithms for verifying diagnosability are developed.
On the other hand, in Wang et al. (2007), a notion of conjunctive codiagnosability which guarantees that any failure is detected by a conjunctive decentralized diagnoser within a uniformly bounded number of steps is defined. The class of conjunctively codiagnosable systems is incomparable with that of disjunctively codiagnosable systems (Wang et al. (2007)). A condition for the system not to be conjunctively codiagnosable is presented in Wang et al. (2007). However, as shown in this paper, this condition is sufficient but not necessary. Also, to the best of our knowledge, synthesis of conjunctive decentralized diagnosers has not been fully addressed.
The framework of Sampath et al. (1995) has been extended to decentralized/distributed failure diagnosis using multiple diagnosers in Debouk et al. (2000), Kumar and Takai (2009), Qiu and Kumar (2006), Wang et al. (2007). In Debouk et al. (2000), a framework for decentralized/distributed failure diagnosis is proposed. In decentralized failure diagnosis, two kinds of decentralized diagnosers, called disjunctive decentralized diagnosers and conjunctive decentralized diagnosers are defined (Wang et al. (2007)). A disjunctive decentralized diagnoser issues the global failure decision if and only if at least one local diagnoser issues the local failure decision. In disjunctive decentralized diagnosis, each local diagnoser issues the local failure decision when it is certain that a failure has occurred (Qiu and Kumar (2006)). On the other hand, a conjunctive decentralized diagnoser issues the global failure decision if and only if all local diagnosers issue the local failure decisions. In conjunctive decentralized diagnosis, each local diagnoser issues the local failure decision when it is possible that a sufficiently long event string has occurred after the occurrence of a failure (Wang et al. (2007)).
In this paper, we propose an algorithm to verify conjunctive codiagnosability and prove its correctness. This algorithm is based on a necessary and sufficient condition for the system not to be conjunctively codiagnosable. To construct a conjunctive decentralized diagnoser for a conjunctively codiagnosable system, we need to compute the delay bound within which the occurrence of any failure can be detected by conjunctive decentralized diagnosis. We show how to compute the delay bound. Note that recently, the sufficient condition of Wang et al. (2007) has been modified as a necessary and sufficient condition in Wang et al. (2013). The fact that the condition of Wang et al. (2007) is not necessary was firstly pointed out by us (Wang et al. (2013)). Also, the verification algorithm presented in this paper was developed independently from Wang et al. (2013).
By Qui and Kumar, a notion of disjunctive codiagnosability which guarantees that any failure is detected by a disjunctive decentralized diagnoser within a uniformly ⋆ This work was proposed in part by Grant-in-Aid for Scientific Research (No.24560547).
978-3-902823-49-6/2013 © IFAC
67
10.3182/20130904-3-UK-4041.00009
2013 IFAC DCDS September 4-6, 2013. York, UK
Definition 1. (Wang et al. (2007)) Let K ⊆ L(G) be any nonempty closed language. The system G is said to be conjunctively codiagnosable with respect to K if
2. PRELIMINARIES We consider a DES modeled by an automaton G = (Q, Σ, α, q0 ), where Q is the set of states, Σ is the finite set of events, α : Q × Σ → Q is the partial state transition function, and q0 ∈ Q is the initial state. Let Σ∗ be the set of all finite strings of elements of Σ, including the empty string ε. For each s ∈ Σ∗ , |s| denotes its length. For a finite set A, |A| denotes the number of its elements. The state transition function α : Q × Σ → Q can be extended to α : Q × Σ∗ → Q in the usual way.
(∃m ∈ N )(∀s ∈ K)(∃i ∈ I) Ai,m (s) ⊆ K, where N is the set of all nonnegative integers and Ai,m (s) is defined as Ai,m (s) = {t ∈ L(G)|∃u ∈ L(G)/t : |u| ≥ m ∧ Mi (s) = Mi (tu)}.
A subset of Σ∗ is called a language. The generated language of G, denoted by L(G), is defined as L(G) = {s ∈ Σ∗ |α(q0 , s)!}, where the notation α(q, s)! means that α(q, s) is defined for q ∈ Q and s ∈ Σ∗ . The negation of α(q, s)! is denoted by ¬α(q, s)!. For each s ∈ L(G), the postlanguage of L(G) after s is defined as L(G)/s = {t ∈ Σ∗ |st ∈ L(G)}. For each L ⊆ Σ∗ , the set of all prefixes of strings in L is defined as pr(L) = {s ∈ Σ∗ | ∃t ∈ Σ∗ : st ∈ L}. If L = pr(L), L is said to be (prefix-)closed.
Intuitively, conjunctive codiagnosability means that, for any nonfailure string, there exists at least one local diagnoser which can distinguish it from sufficiently long failure strings. As shown in the following proposition, conjunctive codiagnosability characterizes the existence of a desirable conjunctive decentralized diagnoser. Proposition 1. (Wang et al. (2007)) Let K ⊆ L(G) be any nonempty closed language. Then there exists a conjunctive decentralized diagnoser {Di }∧ i∈I : L(G) → {0, 1} that satisfies
3. CONJUNCTIVE CODIAGNOSABILITY
C1) (∃m ∈ N )(∀s ∈ L(G) − K)(∀t ∈ L(G)/s) |t| ≥ m ⇒ {Di }∧ i∈I (st) = 1, C2) (∀s ∈ K){Di }∧ i∈I (s) ̸= 1,
In this paper, we consider decentralized diagnosis where n local diagnosers jointly diagnose a DES G. Let I = {1, 2, · · · , n} be the index set of local diagnosers. Each local diagnoser Di observes the occurrence of an event through a local observation mask Mi : Σ → ∆i ∪{ε} (i ∈ I), where ∆i is the set of symbols observed by Di . An event σ ∈ Σ with Mi (σ) = ε is unobservable to Di . The local observation mask Mi : Σ → ∆i ∪ {ε} (i ∈ I) can be extended to Mi : Σ∗ → ∆∗i in the usual way. If Mi (s) = Mi (s′ ), s ∈ Σ∗ cannot be distinguished from s′ ∈ Σ∗ (under Mi ). Further, for a language L ⊆ Σ∗ , Mi (L) ⊆ ∆∗i is defined as Mi (L) = {Mi (s) ∈ ∆∗i |s ∈ L}. Also, for any τ ∈ ∆∗i , Mi−1 (τ ) ⊆ Σ∗ is defined as Mi−1 (τ ) = {s ∈ Σ∗ |Mi (s) = τ }.
if and only if G is conjunctively codiagnosable with respect to K. The condition C1) means that there exists m ∈ N such that the occurrence of any failure is detected within msteps. Also, the condition C2) means that the failure decision “1” is issued only after the occurrence of a failure. 4. VERIFICATION OF CONJUNCTIVE CODIAGNOSABILITY
Each local diagnoser Di is formally defined as Di : Mi (L(G)) → {0, 1}, where “0” represents a nonfailure decision, and “1” represents a failure decision. Di issues a local decision “0” or “1” based on a locally observed event string in Mi (L(G)). In this paper, we consider a conjunctive decentralized diagnoser that issues the global failure decision “1” if and only if all local diagnosers issue the local failure decision “1”. A conjunctive decentralized diagnoser is formally defined as {Di }∧ i∈I : L(G) → {0, 1} such that {Di }∧ i∈I (s) =
{
In this section, we study how to verify conjunctive codiagnosability. Hereafter, we assume that G is a finite automaton and K is a regular language. For verifying conjunctive codiagnosability, we propose the following algorithm. Algorithm 1. We consider a finite automaton G and a nonempty closed regular language K ⊆ L(G). Let GK = (QK , Σ, αK , qK,0 ) be a finite automaton such that L(GK ) = K.
1, if ∀i ∈ I : Di (Mi (s)) = 1 0, otherwise.
˜K : Step 1. Construct the synchronous composition G∥G We augment the automaton GK by adding a dump state d∈ / QK . Formally, the augmented automaton is defined as
Let K ⊆ L(G) be a nonempty closed sublanguage that describes the nonfailure behavior of the system G. The failure behavior of G is represented by L(G) − K. In this paper, for the sake of simplicity, we assume that there exists no deadlock state in G, that is, for any q ∈ Q, there exists σ ∈ Σ such that α(q, σ)!.
˜ K = (Q ˜ K , Σ, α G ˜ K , qK,0 ), ˜ K = QK ∪ {d}, and the state transition function where Q ˜K × Σ → Q ˜ K is defined as follows: α ˜K : Q
A notion of conjunctive codiagnosability which guarantees that any failure is detected by a conjunctive decentralized diagnoser within a uniformly bounded number of steps is defined as follows:
α ˜ K (˜ qK , σ) =
{
αK (˜ qK , σ), if q˜K ∈ QK and αK (˜ qK , σ)! d, otherwise.
˜ K ) = Σ∗ . Then, we have L(G 68
2013 IFAC DCDS September 4-6, 2013. York, UK
To extract each component of a string in Σ∗T , projection functions P : Σ∗T → Σ∗ and Pj : Σ∗T → Σ∗ (j ∈ I) are defined as follows:
˜ K of G and G ˜ K is The synchronous composition G∥G defined as follows: ˜ K = (Q × Q ˜ K , Σ, β, (q0 , qK,0 )), G∥G
• P (ε) = ε, Pj (ε) = ε, • (∀sT ∈ Σ∗T )(∀σT = (σ, σ1 , σ2 , · · · , σn ) ∈ ΣT ) P (sT σT ) = P (sT )σ, Pj (sT σT ) = Pj (sT )σj .
˜ K )×Σ → Q× where the state transition function β : (Q×Q ˜ QK is defined as β((q, q˜K ), σ) =
{
By the definition of αT , we have, for any sT ∈ L(T ),
(α(q, σ), α ˜ K (˜ qK , σ)), if α(q, σ)! undefined, otherwise.
αT (r0 , sT ) = (qK , (q1 , q˜1K ), (q2 , q˜2K ), · · · , (qn , q˜nK )), where qK = αK (qK,0 , P (sT )) and
˜ K ) = L(G) ∩ L(G ˜ K ) = L(G) ∩ Then, we have L(G∥G Σ∗ = L(G).
(qi , q˜iK ) = β((q0 , qK,0 ), Pi (sT )) (i ∈ I). Also, for any s ∈ K and si ∈ L(G) (i ∈ I) that satisfy Mi (s) = Mi (si ), there exists sT ∈ L(T ) such that P (sT ) = s and Pi (sT ) = si (i ∈ I).
Step 2. Construct a testing automaton T : A testing automaton T = (R, ΣT , αT , r0 ) is defined as follows: ˜ K ) × (Q × Q ˜ K ) × · · · × (Q × Q ˜ K ). • R = QK × (Q × Q | {z }
The following theorem states the correctness of Algorithm 1 for verifying conjunctive codiagnosability. Theorem 2. The system G is not conjunctively codiagnosable with respect to a nonempty closed regular language K ⊆ L(G) if and only if, in the testing automaton T , there
n times
• r0 = (qK,0 , (q0 , qK,0 ), (q0 , qK,0 ), · · · , (q0 , qK,0 )). | {z } n times
• ΣT = (Σ ∪ {ε}) × (Σ ∪ {ε}) × · · · × (Σ ∪ {ε}) | {z } (n+1) times
σ
σ
σ
σ
(1)
σ
σ
(1)
(∀i ∈ I)(∃ji , hi , ki ∈ N : 0 ≤ ji ≤ hi < ki ≤ l) (hi )
= r(ki ) ∧ r(hi ) (2i + 1) = d ∧ σT
(j+1)
σ
(k−1)
→
···
(ki −1)
σT
→
r(ki ) such that
(h )
σ
(j+1)
σ
(k−1)
(h )
r (2i + 1) = d ∧ σT i (i + 1) ̸= ε. (2) However, as shown in the following example, this condition is not a necessary condition for G not to be conjunctively condiagnosable. Example 4. We consider automata G and GK shown in Fig. 1 and Fig. 2, respectively. The set of events is Σ = {a, b, c, d, e, σf }, where σf denotes a failure event. Let I = {1, 2}, that is, there are two local diagnosers. Let ∆1 = {a, d} and ∆2 = {b, e}. We assume that local observation masks Mi : Σ → ∆i ∪ {ε} (i = 1, 2) are given as follows: { σ, if σ ∈ {a, d} M1 (σ) = ε, otherwise, { σ, if σ ∈ {b, e} M2 (σ) = ε, otherwise.
(l−1)
r
σ
(∀i ∈ I)(∃hi ∈ N : j ≤ hi < k)
· · · T→ r(l) such that
(ji )
(j)
(hi )
T T to K if and only if there exists a path r0 = r(0) → r(1) →
σ
(j)
T cycle r(j) → r(j+1) T→ · · · T→ r(k) from r0 such that
Then, G is not conjunctively codiagnosable with respect σ
(l−1)
r (2i + 1) = d ∧ σT i (i + 1) ̸= ε for each i ∈ I. Remark 3. According to Theorem 9 in Wang et al. (2007), the system G is not conjunctively codiagnosable with respect to a nonempty closed regular language K ⊆ L(G) if, in the testing automaton T , there exists a reachable
(l−1)
(0)
σ
(∃hi ∈ N : ji ≤ hi < ki )
T T sition sequence r(0) → r(1) → · · · T→ r(l) (l ≥ 1) in the testing automaton T such that for any j ∈ {0, 1, · · · , l − (j) 1}, αT (r(j) , σT ) = r(j+1) is called a path. The j-th elements of any r = (qK , (q1 , q˜1K ), (q2 , q˜2K ), · · · , (qn , q˜nK )) ∈ R and σT = (σ, σ1 , σ2 , · · · , σn ) ∈ ΣT are denoted by r(j) and σT (j), respectively. That is, { qK , if j = 1 r(j) = qi , if j = 2i (1 ≤ i ≤ n), q ˜ , if j = 2i + 1 iK { σ, if j = 1 σT (j) = (1 ≤ i ≤ n). σi , if j = i + 1
σ
(j +1)
σT i
(hi )
Step 3. Verify conjunctive codiagnosability: A state tran(0)
(ji )
T a cycle r(ji ) → r(ji +1)
{
σ
(1)
T A state transition sequence r(j) → r(j+1) T→ · · · T→ (k) (j) (k) r in T such that r = r (j, k ∈ N ) is called a cycle. By Algorithm 1, G is not conjunctively codiagnosable with respect to K if and only if there exists a path that contains
αK (qK , σ), if σ ̸= ε = qK , otherwise, { β((qi , q˜iK ), σi ), if σi ̸= ε ′ (∀i ∈ I). (qi′ , q˜iK )= (qi , q˜iK ), otherwise ′ qK
σ
The condition of Theorem 2 can be explained as follows.
′ ′ ′ ′ αT (r, σT ) = (qK , (q1′ , q˜1K ), (q2′ , q˜2K ), · · · , (qn′ , q˜nK )),
where
(0)
T T exists a path r0 = r(0) → r(1) → · · · T→ r(l) satisfying (1).
− {(ε, ε, · · · , ε)}. • αT : R × ΣT → R is defined as follows: For each r = (qK , (q1 , q˜1K ), (q2 , q˜2K ), · · · , (qn , q˜nK )) ∈ R and σT = (σ, σ1 , σ2 , · · · , σn ) ∈ ΣT , αT (r, σT )! if and only if the following three conditions are satisfied: · σ ̸= ε ⇒ αK (qK , σ)!, · ∀i ∈ I : σi ̸= ε ⇒ α(qi , σi )!, · ∀i ∈ I : Mi (σ) = Mi (σi ). If αT (r, σT )!, then
(i + 1) ̸= ε. (1) 69
2013 IFAC DCDS September 4-6, 2013. York, UK
˜ K is shown in Fig. 3. Using The augmented automaton G ˜ the automata G, GK , and GK , we construct the testing automaton T by Algorithm 1. A part of T is shown in Fig. 4. We consider a path obtained by executing the event sequence (ε, σf , σf )(a, a, ε)(b, b, b)(ε, b, a)(d, d, a) (d, d, ε)m (c, ε, ε)(e, ε, e)m ∈ L(T ) (m ≥ 1). (d,d,ε)
For i = 1, this path contains a cycle (2, 7, d, 10, d) → (2, 7, d, 10, d) and for i = 2, it also contains a cycle
Fig. 1. An automaton G of Example 4.
(e,ε,e)
(3, 7, d, 10, d) → (3, 7, d, 10, d). Therefore, this path satisfies (1). By Theorem 2, G is not conjunctively codiagnosable with respect to K. For example, for any m ∈ N , we consider a string s = abdm cem ∈ K. For i = 1, let t1 = σf and u1 = abbdm . Then, we have t1 ∈ / K, |u1 | ≥ m, and M1 (s) = M1 (t1 u1 ) = adm . Also, for i = 2, let t2 = σf and u2 = baaem . Then, we have t2 ∈ / K, |u2 | ≥ m, and M2 (s) = M2 (t2 u2 ) = bem . Therefore,
Fig. 2. An automaton GK of Example 4.
(∀m ∈ N )(∃s ∈ K)(∀i ∈ I) Ai,m (s) ̸⊆ K holds. Thus, we can also confirm that G is not conjunctively codiagnosable with respect to K from Definition 1. σ
(j)
˜ K of Example 4. Fig. 3. An automaton G
T Now, we assume that there exists a reachable cycle r(j) →
σ
(j+1)
σ
(k−1)
r(j+1) T→ · · · T→ r(k) from r0 in T such that (2) is satisfied. Then, by (2), either r(j) (2i) = r(j+1) (2i) = · · · (hi )
= r(k) (2i) = 7 ∧ σT
(i + 1) = d
or r(j) (2i) = r(j+1) (2i) = · · · (h )
= r(k) (2i) = 10 ∧ σT i (i + 1) = e must hold for any i ∈ I. Since this cycle is reachable from r0 , there exists sT ∈ L(T ) such that r(j) = αT (r0 , sT ). We consider the case that i = 1. If r(j) (2) = r(j+1) (2) = (h ) · · · = r(k) (2) = 7, then σT 1 (2) = d. Since M1 (d) = d, (h ) we have σT 1 (1) = d. Therefore, we have r(j) (1) = (h ) r(j+1) (1) = · · · = r(k) (1) = 2. Assume that σT 2 (3) = (h ) e. Then, since M2 (e) = e, σT 2 (1) = e must hold. (h ) However, since ¬α(2, e)!, σT 2 (3) = e does not hold. Since (h2 ) (h2 ) σT (3) ̸= ε, we have σT (3) = d. Then, the cycle must satisfy r(j) (4) = r(j+1) (4) = · · · = r(k) (4) = 7. Since r(j) (4) = 7, the event b appears in P2 (sT ) twice. Further, since M2 (b) = b, the event b must also appear in P (sT ) twice. This contradicts with αK (0, P (sT )) = r(j) (1) = 2.
Fig. 4. A part of the testing automaton T of Example 4. Remark 5. It is known that the violation of disjunctive codiagnosability is characterized by the existence of a certain cycle in the testing automaton (Qiu and Kumar (2006)). On the other hand, as shown in Theorem 2, a certain path with multiple cycles is involved to characterize the violation of conjunctive codiagnosability. Therefore, verification of conjunctive codiagnosability is more complicated than that of disjunctive codiagnosability. Remark 6. The number of states of the testing automaton T is at most |QK |×|Q|n ×(|QK |+1)n . Since |ΣT | = (|Σ|+ 1)n+1 − 1, the number of transitions of T is at most |QK | × |Q|n × (|QK | + 1)n × {(|Σ| + 1)n+1 − 1}. Therefore, the complexity of constructing T is O(|Q|n × |QK |n+1 × |Σ|n+1 ).
If r(j) (2) = r(j+1) (2) = · · · = r(k) (2) = 10, the event a appears in P1 (sT ) twice. Since M1 (a) = a, the event a must also appear in P (sT ) twice. However, the event a cannot occur twice in GK . This is a contradiction.
In Step 3 of Algorithm 1, we need to search for a path satisfying (1) in the testing automaton T . Note that the number of paths is not necessarily finite. To perform Step 3 of Algorithm 1, we construct a nondeterministic acyclic
Therefore, even if G is not conjunctively codiagnosable with respect to K, there exists no reachable cycle satisfying (2) in general. 70
2013 IFAC DCDS September 4-6, 2013. York, UK
automaton, denoted by T ′ , whose states are maximal strongly connected components of T . Then, the number of paths of T ′ is finite. Since each cycle of T is included in a strongly connected component, Step 3 of Algorithm 1 can be performed by the following algorithm based on T ′ . Algorithm 2. Let T = (R, ΣT , αT , r0 ) be the testing automaton.
By Theorem 8, when G is conjunctively codiagnosable with respect to a nonempty closed language K ⊆ L(G), there exists m ∈ N such that
Step 1. Construct a nondeterministic acyclic automaton T ′ = (V, ΣT , αT′ , V0 ): The state set V is V = {V0 , V1 , · · · , Vh }, where Vi ∩ Vj = ∅ (i ̸= j), and for any j ∈ {0, 1, · · · , h}, Vj is a maximal strongly connected component of T . Without loss of generality, we assume that r0 ∈ V0 . The nondeterministic state transition function αT′ : V × ΣT → 2V is defined as
m∗ = min{m ∈ N |(∀s ∈ K)(∃i ∈ I)
(∀s ∈ K)(∃i ∈ I) Mi−1 Mi (s) ∩ L(G) ⊆ KΣ≤m . Then, let m∗ be such a minimal integer m. That is,
Mi−1 Mi (s) ∩ L(G) ⊆ KΣ≤m }. For each i ∈ I, we consider a local diagnoser given as { 0, if Mi−1 (τ ) ∩ L(G) ⊆ KΣ≤m Di (τ ) = (3) 1, otherwise,
where m ∈ N . Then, the following propositions hold. Proposition 2. We assume that G is conjunctively codiagnosable with respect to a nonempty closed language K ⊆ L(G). For any m ∈ N such that m ≥ m∗ , the conjunctive decentralized diagnoser {Di }∧ i∈I : L(G) → {0, 1} consisting of local diagnosers given by (3) satisfies
αT′ (Vj , σT ) = {Vk ∈ V | [j ̸= k] ∧[(∃r ∈ Vj )(∃r′ ∈ Vk ) αT (r, σT ) = r′ ]}. Step 2. Verify conjunctive codiagnosability: A labeling function J : V → 2I is defined for each Vj ∈ V (j ∈ {0, 1, · · · , h}) as follows:
C1’) (∀s ∈ L(G) − K)(∀t ∈ L(G)/s) |t| ≥ m ⇒ {Di }∧ i∈I (st) = 1, C2) (∀s ∈ K) {Di }∧ i∈I (s) ̸= 1. Proposition 3. We assume that G is conjunctively codiagnosable with respect to K. For any m ∈ N such that m < m∗ , there does not exist a conjunctive decentralized diagnoser {Di }∧ i∈I : L(G) → {0, 1} satisfying C1’) and C2).
′
J(Vj ) = {i ∈ I|[(∃r ∈ Vj ) r(2i + 1) = d] ∧ [(∃r, r ∈ Vj ) (∃σT ∈ ΣT ) αT (r, σT ) = r′ ∧ σT (i + 1) ̸= ε]}. The system G is not conjunctively codiagnosable with respect to a nonempty closed regular language K if and only if, in the acyclic automaton T ′ , there exists a path σ
(k0 )
σ
(k1 )
σ
(kh−1 )
T T V0 = Vk0 → Vk1 → · · · T→ Vkh from the initial node V0 such that ∪ J(Vj ) = {1, 2, · · · , n} = I.
By Propositions 2 and 3, m∗ represents the delay bound within which the occurrence of any failure is detected. The conjunctive decentralized diagnoser consisting of local diagnosers given by { −1 ≤m∗ Di (τ ) = 0, if Mi (τ ) ∩ L(G) ⊆ KΣ (4) 1, otherwise
j∈{k0 ,k1 ,···,kh }
Remark 7. To construct the nondeterministic automaton T ′ , we have to identify all maximal strongly connected components of T . It is well known that its complexity is O(|R|+|R|×|ΣT |) = O(|Q|n ×|QK |n+1 ×|Σ|n+1 ). Since T ′ is acyclic and event labels of a path are not relevant, the number of paths to be exploited in Step 2 ofn Algorithm 2 n is {|QK | × |Q|n × (|QK | + 1)n − 1}|QK |×|Q| ×(|QK |+1) −1 in the worst case.
detects the occurrence of any failure within m∗ steps. To synthesize this decentralized diagnoser, we compute m∗ as follows.
In this section, we assume that the system G is conjunctively codiagnosable with respect to a nonempty closed language K ⊆ L(G). To construct a conjunctive decentralized diagnoser for a conjunctively codiagnosable system, we compute the delay bound within which the occurrence of any failure can be detected by conjunctive decentralized diagnosis.
We consider the nondeterministic acyclic automaton T ′ = (V, ΣT , αT′ , V0 ), defined in Step 1 of Algorithm 2. For each i ∈ I, a weight function wi : V ×ΣT ×V → {1, 0} is defined as 1, if [j ̸= k] ∧ [(∃r ∈ Vj )(∃r′ ∈ Vk ) αT (r, σT ) = r′ ∧ σT (i + 1) ̸= ε wi (Vj , σT , Vk ) = ′ ∧r (2i + 1) = d] 0, otherwise.
First, we show an equivalent condition of conjunctive codiagnosability with respect to K. Theorem 8. Let K ⊆ L(G) be any nonempty closed language. The system G is conjunctively codiagnosable with respect to K if and only if
· · · T→ Vkh in T ′ . Since G is conjunctively codiagnosable ∪ with respect to K, there exists i such that i ∈ I − j∈{k0 ,k1 ,···,kh } J(Vj ). For each of these indices i, let
5. COMPUTATION OF DELAY BOUND
(k0 )
We consider any path pk : V0 = Vk0 σ
where Σ
(k1 )
Vk1
σT
→
h ∑
(kj−1 )
wi (Vkj−1 , σT
, Vkj ).
j=1
Mi−1 Mi (s) ∩ L(G) ⊆ KΣ≤m , ≤m
→
(kh−1 )
wi (pk ) =
(∃m ∈ N )(∀s ∈ K)(∃i ∈ I)
σT
Since T ′ is acyclic, we have wi (pk ) ≤ |V | − 1. The weight w(pk ) of pk is defined as
∗
:= {s ∈ Σ ||s| ≤ m} for any m ∈ N . 71
2013 IFAC DCDS September 4-6, 2013. York, UK
Fig. 5. An Automaton G of Example 11.
Fig. 7. The testing automaton T of Example 11. Fig. 6. An Automaton GK of Example 11. w(pk ) = i∈I−
∪
min
j∈{k0 ,···,kh }
wi (pk ). J(Vj )
Then, let P be the set of all paths from the initial state V0 to deadlock states in the nondeterministic automaton T ′ , and let Fig. 8. The nondeterministic automaton T ′ of Example 11. w = max w(p).
6. CONCLUSIONS
p∈P
Since P is finite, the value w is effectively computable. The following theorem shows that the delay bound can be computed as m∗ = w. Theorem 9. When the system G is conjunctively codiagnosable with respect to a nonempty closed regular language K ⊆ L(G), m∗ = w holds. Remark 10. The number of states of the nondeterministic automaton T ′ is at most |QK | × |Q|n × (|QK | + 1)n . Since |ΣT | = (|Σ| + 1)n+1 − 1 and T ′ is acyclic, the number of paths in T ′ is [{(|Σ| + 1)n+1 − 1} × {|QK | × |Q|n × (|QK | + n n 1)n − 1}]|QK |×|Q| ×(|QK |+1) −1 in the worst case. Example 11. We consider automata G and GK shown in Fig. 5 and Fig. 6, respectively. The set of events is Σ = {a, b, c, σf }, where σf denotes a failure event. Let I = {1, 2}, that is, there are two local diagnosers. Let ∆1 = {a, c} and ∆2 = {b}. We assume that local observation masks Mi : Σ → ∆i ∪ {ε} (i = 1, 2) are given as follows: { σ, if σ ∈ {a, c} M1 (σ) = ε, otherwise, { σ, if σ ∈ {b} M2 (σ) = ε, otherwise.
In this paper, we studied decentralized diagnosis of DESs using the conjunctive architecture. First, we proposed an algorithm to verify conjunctive codiagnosability and proved its correctness. Then, we computed the delay bound to construct a conjunctive decentralized diagnoser. REFERENCES Debouk, R., Lafortune, S., and Teneketzis, D. (2000). Coordinated decentralized protocols for failure diagnosis of discrete event systems. Discrete Event Dyna. Syst.: Theory and Appl., 10 (1&2), 33–86. Jiang, S., Huang, Z., Chandra, V., and Kumar, R. (2001). A polynomial algorithm for testing diagnosability of discrete-event systems. IEEE Trans. Autom. Control, 46 (8), 1318–1321. Kumar, R., and Takai, S. (2009). Inference-based ambiguity management in decentralized decision-making: Decentralized diagnosis of discrete-event systems. IEEE Trans. Autom. Sci. Eng., 6 (3), 479–491. Qiu, W., and Kumar, R. (2006). Decentralized failure diagnosis of discrete event systems. IEEE Trans. Syst., Man, Cybern., Part A: Syst. Humans, 36 (2), 384–395. Sampath, M., Sengupta, R., Lafortune, S., Sinnamohideen K., and Teneketzis, D. (1995). Diagnosability of discrete-event systems. IEEE Trans. Autom. Control, 40 (9), 1555–1575. Wang, Y., Yoo, T.-S., and Lafortune, S. (2007). Diagnosis of discrete event systems using decentralized architectures. Discrete Event Dyna. Syst.: Theory and Appl., 17 (2), 233–263. Wang, Y., Yoo, T.-S., and Lafortune, S. (2013). Erratum to: Diagnosis of discrete event systems using decentralized architectures. Discrete Event Dyna. Syst.: Theory and Appl., 23. Yoo, T.-S., and Lafortune, S. (2002). Polynomial-time verification of partially observed discrete-event systems. IEEE Trans. Autom. Control, 47 (9), 1491–1495.
Using the automata G and GK , we construct the testing automaton T by Algorithm 1. T is shown in Fig. 7. Using T , we construct the nondeterministic automaton T ′ . T ′ is shown in Fig. 8. By Theorem 2, G is conjunctively codiagnosable with respect to K. We compute the delay bound m∗ . To obtain w, we need to compute w(p) for all paths p from the initial state V0 = {(0, 0, 0, 0, 0)} to the deadlock state {(0, 2, d, 1, d)} in T ′ . For example, we consider such a path p : V0 = (ε,σf ,σf )
(ε,b,ε)
{(0, 0, 0, 0, 0)} → {(0, 1, d, 1, d)} → {(0, 2, d, 1, d)} in T ′ . For i = 1, we have w1 (p) = 2. Also, for i = 2, we have w2 (p) = 1. Therefore, the weight of p is w(p) = 1. Then, we have w = 1. By Theorem 9, we have m∗ = w = 1. 72
Conjunctive Decentralized Diagnosis of Discrete Event Systems ⋆ Takashi Yamamoto ∗ Shigemasa Takai ∗ ∗
Osaka University, Suita, Osaka 565-0871, Japan (e-mail:[email protected],[email protected]). Abstract: In this paper, we study conjunctive decentralized diagnosis of discrete event systems. A notion of conjunctive codiagnosability which guarantees that any failure is detected by a conjunctive decentralized diagnoser within a uniformly bounded number of steps has been defined in literature. We propose an algorithm for verifying conjunctive codiagnosability based on a necessary and sufficient condition for the system not to be conjunctively codiagnosable. To construct a conjunctive decentralized diagnoser for a conjunctively codiagnosable system, we need to compute the delay bound within which the occurrence of any failure can be detected by conjunctive decentralized diagnosis. We show how to compute the delay bound. Keywords: Discrete event system, Failure diagnosis, Conjunctive codiagnosability, Delay bound 1. INTRODUCTION
bounded number of steps is defined and an algorithm for verifying disjunctive codiagnosability is proposed (Qiu and Kumar (2006)). Further, an algorithm for computing the delay bound within which any occurrence of a failure can be detected in disjunctive decentralized diagnosis and an scheme for online diagnosis are presented (Qiu and Kumar (2006)). The most existing works on decentralized diagnosis focus on disjunctive decentralized diagnosis.
A language based framework for failure diagnosis of partially observed discrete event systems (DESs) is proposed in Sampath et al. (1995). The failure diagnosis problem formulated in Sampath et al. (1995) requires that any occurrence of a failure should be detected within a uniformly bounded number of steps. The diagnosability property introduced by Sampath et al. (1995) characterizes the class of diagnosable systems. In Jiang et al. (2001) and Yoo and Lafortune (2002), polynomial algorithms for verifying diagnosability are developed.
On the other hand, in Wang et al. (2007), a notion of conjunctive codiagnosability which guarantees that any failure is detected by a conjunctive decentralized diagnoser within a uniformly bounded number of steps is defined. The class of conjunctively codiagnosable systems is incomparable with that of disjunctively codiagnosable systems (Wang et al. (2007)). A condition for the system not to be conjunctively codiagnosable is presented in Wang et al. (2007). However, as shown in this paper, this condition is sufficient but not necessary. Also, to the best of our knowledge, synthesis of conjunctive decentralized diagnosers has not been fully addressed.
The framework of Sampath et al. (1995) has been extended to decentralized/distributed failure diagnosis using multiple diagnosers in Debouk et al. (2000), Kumar and Takai (2009), Qiu and Kumar (2006), Wang et al. (2007). In Debouk et al. (2000), a framework for decentralized/distributed failure diagnosis is proposed. In decentralized failure diagnosis, two kinds of decentralized diagnosers, called disjunctive decentralized diagnosers and conjunctive decentralized diagnosers are defined (Wang et al. (2007)). A disjunctive decentralized diagnoser issues the global failure decision if and only if at least one local diagnoser issues the local failure decision. In disjunctive decentralized diagnosis, each local diagnoser issues the local failure decision when it is certain that a failure has occurred (Qiu and Kumar (2006)). On the other hand, a conjunctive decentralized diagnoser issues the global failure decision if and only if all local diagnosers issue the local failure decisions. In conjunctive decentralized diagnosis, each local diagnoser issues the local failure decision when it is possible that a sufficiently long event string has occurred after the occurrence of a failure (Wang et al. (2007)).
In this paper, we propose an algorithm to verify conjunctive codiagnosability and prove its correctness. This algorithm is based on a necessary and sufficient condition for the system not to be conjunctively codiagnosable. To construct a conjunctive decentralized diagnoser for a conjunctively codiagnosable system, we need to compute the delay bound within which the occurrence of any failure can be detected by conjunctive decentralized diagnosis. We show how to compute the delay bound. Note that recently, the sufficient condition of Wang et al. (2007) has been modified as a necessary and sufficient condition in Wang et al. (2013). The fact that the condition of Wang et al. (2007) is not necessary was firstly pointed out by us (Wang et al. (2013)). Also, the verification algorithm presented in this paper was developed independently from Wang et al. (2013).
By Qui and Kumar, a notion of disjunctive codiagnosability which guarantees that any failure is detected by a disjunctive decentralized diagnoser within a uniformly ⋆ This work was proposed in part by Grant-in-Aid for Scientific Research (No.24560547).
978-3-902823-49-6/2013 © IFAC
67
10.3182/20130904-3-UK-4041.00009
2013 IFAC DCDS September 4-6, 2013. York, UK
Definition 1. (Wang et al. (2007)) Let K ⊆ L(G) be any nonempty closed language. The system G is said to be conjunctively codiagnosable with respect to K if
2. PRELIMINARIES We consider a DES modeled by an automaton G = (Q, Σ, α, q0 ), where Q is the set of states, Σ is the finite set of events, α : Q × Σ → Q is the partial state transition function, and q0 ∈ Q is the initial state. Let Σ∗ be the set of all finite strings of elements of Σ, including the empty string ε. For each s ∈ Σ∗ , |s| denotes its length. For a finite set A, |A| denotes the number of its elements. The state transition function α : Q × Σ → Q can be extended to α : Q × Σ∗ → Q in the usual way.
(∃m ∈ N )(∀s ∈ K)(∃i ∈ I) Ai,m (s) ⊆ K, where N is the set of all nonnegative integers and Ai,m (s) is defined as Ai,m (s) = {t ∈ L(G)|∃u ∈ L(G)/t : |u| ≥ m ∧ Mi (s) = Mi (tu)}.
A subset of Σ∗ is called a language. The generated language of G, denoted by L(G), is defined as L(G) = {s ∈ Σ∗ |α(q0 , s)!}, where the notation α(q, s)! means that α(q, s) is defined for q ∈ Q and s ∈ Σ∗ . The negation of α(q, s)! is denoted by ¬α(q, s)!. For each s ∈ L(G), the postlanguage of L(G) after s is defined as L(G)/s = {t ∈ Σ∗ |st ∈ L(G)}. For each L ⊆ Σ∗ , the set of all prefixes of strings in L is defined as pr(L) = {s ∈ Σ∗ | ∃t ∈ Σ∗ : st ∈ L}. If L = pr(L), L is said to be (prefix-)closed.
Intuitively, conjunctive codiagnosability means that, for any nonfailure string, there exists at least one local diagnoser which can distinguish it from sufficiently long failure strings. As shown in the following proposition, conjunctive codiagnosability characterizes the existence of a desirable conjunctive decentralized diagnoser. Proposition 1. (Wang et al. (2007)) Let K ⊆ L(G) be any nonempty closed language. Then there exists a conjunctive decentralized diagnoser {Di }∧ i∈I : L(G) → {0, 1} that satisfies
3. CONJUNCTIVE CODIAGNOSABILITY
C1) (∃m ∈ N )(∀s ∈ L(G) − K)(∀t ∈ L(G)/s) |t| ≥ m ⇒ {Di }∧ i∈I (st) = 1, C2) (∀s ∈ K){Di }∧ i∈I (s) ̸= 1,
In this paper, we consider decentralized diagnosis where n local diagnosers jointly diagnose a DES G. Let I = {1, 2, · · · , n} be the index set of local diagnosers. Each local diagnoser Di observes the occurrence of an event through a local observation mask Mi : Σ → ∆i ∪{ε} (i ∈ I), where ∆i is the set of symbols observed by Di . An event σ ∈ Σ with Mi (σ) = ε is unobservable to Di . The local observation mask Mi : Σ → ∆i ∪ {ε} (i ∈ I) can be extended to Mi : Σ∗ → ∆∗i in the usual way. If Mi (s) = Mi (s′ ), s ∈ Σ∗ cannot be distinguished from s′ ∈ Σ∗ (under Mi ). Further, for a language L ⊆ Σ∗ , Mi (L) ⊆ ∆∗i is defined as Mi (L) = {Mi (s) ∈ ∆∗i |s ∈ L}. Also, for any τ ∈ ∆∗i , Mi−1 (τ ) ⊆ Σ∗ is defined as Mi−1 (τ ) = {s ∈ Σ∗ |Mi (s) = τ }.
if and only if G is conjunctively codiagnosable with respect to K. The condition C1) means that there exists m ∈ N such that the occurrence of any failure is detected within msteps. Also, the condition C2) means that the failure decision “1” is issued only after the occurrence of a failure. 4. VERIFICATION OF CONJUNCTIVE CODIAGNOSABILITY
Each local diagnoser Di is formally defined as Di : Mi (L(G)) → {0, 1}, where “0” represents a nonfailure decision, and “1” represents a failure decision. Di issues a local decision “0” or “1” based on a locally observed event string in Mi (L(G)). In this paper, we consider a conjunctive decentralized diagnoser that issues the global failure decision “1” if and only if all local diagnosers issue the local failure decision “1”. A conjunctive decentralized diagnoser is formally defined as {Di }∧ i∈I : L(G) → {0, 1} such that {Di }∧ i∈I (s) =
{
In this section, we study how to verify conjunctive codiagnosability. Hereafter, we assume that G is a finite automaton and K is a regular language. For verifying conjunctive codiagnosability, we propose the following algorithm. Algorithm 1. We consider a finite automaton G and a nonempty closed regular language K ⊆ L(G). Let GK = (QK , Σ, αK , qK,0 ) be a finite automaton such that L(GK ) = K.
1, if ∀i ∈ I : Di (Mi (s)) = 1 0, otherwise.
˜K : Step 1. Construct the synchronous composition G∥G We augment the automaton GK by adding a dump state d∈ / QK . Formally, the augmented automaton is defined as
Let K ⊆ L(G) be a nonempty closed sublanguage that describes the nonfailure behavior of the system G. The failure behavior of G is represented by L(G) − K. In this paper, for the sake of simplicity, we assume that there exists no deadlock state in G, that is, for any q ∈ Q, there exists σ ∈ Σ such that α(q, σ)!.
˜ K = (Q ˜ K , Σ, α G ˜ K , qK,0 ), ˜ K = QK ∪ {d}, and the state transition function where Q ˜K × Σ → Q ˜ K is defined as follows: α ˜K : Q
A notion of conjunctive codiagnosability which guarantees that any failure is detected by a conjunctive decentralized diagnoser within a uniformly bounded number of steps is defined as follows:
α ˜ K (˜ qK , σ) =
{
αK (˜ qK , σ), if q˜K ∈ QK and αK (˜ qK , σ)! d, otherwise.
˜ K ) = Σ∗ . Then, we have L(G 68
2013 IFAC DCDS September 4-6, 2013. York, UK
To extract each component of a string in Σ∗T , projection functions P : Σ∗T → Σ∗ and Pj : Σ∗T → Σ∗ (j ∈ I) are defined as follows:
˜ K of G and G ˜ K is The synchronous composition G∥G defined as follows: ˜ K = (Q × Q ˜ K , Σ, β, (q0 , qK,0 )), G∥G
• P (ε) = ε, Pj (ε) = ε, • (∀sT ∈ Σ∗T )(∀σT = (σ, σ1 , σ2 , · · · , σn ) ∈ ΣT ) P (sT σT ) = P (sT )σ, Pj (sT σT ) = Pj (sT )σj .
˜ K )×Σ → Q× where the state transition function β : (Q×Q ˜ QK is defined as β((q, q˜K ), σ) =
{
By the definition of αT , we have, for any sT ∈ L(T ),
(α(q, σ), α ˜ K (˜ qK , σ)), if α(q, σ)! undefined, otherwise.
αT (r0 , sT ) = (qK , (q1 , q˜1K ), (q2 , q˜2K ), · · · , (qn , q˜nK )), where qK = αK (qK,0 , P (sT )) and
˜ K ) = L(G) ∩ L(G ˜ K ) = L(G) ∩ Then, we have L(G∥G Σ∗ = L(G).
(qi , q˜iK ) = β((q0 , qK,0 ), Pi (sT )) (i ∈ I). Also, for any s ∈ K and si ∈ L(G) (i ∈ I) that satisfy Mi (s) = Mi (si ), there exists sT ∈ L(T ) such that P (sT ) = s and Pi (sT ) = si (i ∈ I).
Step 2. Construct a testing automaton T : A testing automaton T = (R, ΣT , αT , r0 ) is defined as follows: ˜ K ) × (Q × Q ˜ K ) × · · · × (Q × Q ˜ K ). • R = QK × (Q × Q | {z }
The following theorem states the correctness of Algorithm 1 for verifying conjunctive codiagnosability. Theorem 2. The system G is not conjunctively codiagnosable with respect to a nonempty closed regular language K ⊆ L(G) if and only if, in the testing automaton T , there
n times
• r0 = (qK,0 , (q0 , qK,0 ), (q0 , qK,0 ), · · · , (q0 , qK,0 )). | {z } n times
• ΣT = (Σ ∪ {ε}) × (Σ ∪ {ε}) × · · · × (Σ ∪ {ε}) | {z } (n+1) times
σ
σ
σ
σ
(1)
σ
σ
(1)
(∀i ∈ I)(∃ji , hi , ki ∈ N : 0 ≤ ji ≤ hi < ki ≤ l) (hi )
= r(ki ) ∧ r(hi ) (2i + 1) = d ∧ σT
(j+1)
σ
(k−1)
→
···
(ki −1)
σT
→
r(ki ) such that
(h )
σ
(j+1)
σ
(k−1)
(h )
r (2i + 1) = d ∧ σT i (i + 1) ̸= ε. (2) However, as shown in the following example, this condition is not a necessary condition for G not to be conjunctively condiagnosable. Example 4. We consider automata G and GK shown in Fig. 1 and Fig. 2, respectively. The set of events is Σ = {a, b, c, d, e, σf }, where σf denotes a failure event. Let I = {1, 2}, that is, there are two local diagnosers. Let ∆1 = {a, d} and ∆2 = {b, e}. We assume that local observation masks Mi : Σ → ∆i ∪ {ε} (i = 1, 2) are given as follows: { σ, if σ ∈ {a, d} M1 (σ) = ε, otherwise, { σ, if σ ∈ {b, e} M2 (σ) = ε, otherwise.
(l−1)
r
σ
(∀i ∈ I)(∃hi ∈ N : j ≤ hi < k)
· · · T→ r(l) such that
(ji )
(j)
(hi )
T T to K if and only if there exists a path r0 = r(0) → r(1) →
σ
(j)
T cycle r(j) → r(j+1) T→ · · · T→ r(k) from r0 such that
Then, G is not conjunctively codiagnosable with respect σ
(l−1)
r (2i + 1) = d ∧ σT i (i + 1) ̸= ε for each i ∈ I. Remark 3. According to Theorem 9 in Wang et al. (2007), the system G is not conjunctively codiagnosable with respect to a nonempty closed regular language K ⊆ L(G) if, in the testing automaton T , there exists a reachable
(l−1)
(0)
σ
(∃hi ∈ N : ji ≤ hi < ki )
T T sition sequence r(0) → r(1) → · · · T→ r(l) (l ≥ 1) in the testing automaton T such that for any j ∈ {0, 1, · · · , l − (j) 1}, αT (r(j) , σT ) = r(j+1) is called a path. The j-th elements of any r = (qK , (q1 , q˜1K ), (q2 , q˜2K ), · · · , (qn , q˜nK )) ∈ R and σT = (σ, σ1 , σ2 , · · · , σn ) ∈ ΣT are denoted by r(j) and σT (j), respectively. That is, { qK , if j = 1 r(j) = qi , if j = 2i (1 ≤ i ≤ n), q ˜ , if j = 2i + 1 iK { σ, if j = 1 σT (j) = (1 ≤ i ≤ n). σi , if j = i + 1
σ
(j +1)
σT i
(hi )
Step 3. Verify conjunctive codiagnosability: A state tran(0)
(ji )
T a cycle r(ji ) → r(ji +1)
{
σ
(1)
T A state transition sequence r(j) → r(j+1) T→ · · · T→ (k) (j) (k) r in T such that r = r (j, k ∈ N ) is called a cycle. By Algorithm 1, G is not conjunctively codiagnosable with respect to K if and only if there exists a path that contains
αK (qK , σ), if σ ̸= ε = qK , otherwise, { β((qi , q˜iK ), σi ), if σi ̸= ε ′ (∀i ∈ I). (qi′ , q˜iK )= (qi , q˜iK ), otherwise ′ qK
σ
The condition of Theorem 2 can be explained as follows.
′ ′ ′ ′ αT (r, σT ) = (qK , (q1′ , q˜1K ), (q2′ , q˜2K ), · · · , (qn′ , q˜nK )),
where
(0)
T T exists a path r0 = r(0) → r(1) → · · · T→ r(l) satisfying (1).
− {(ε, ε, · · · , ε)}. • αT : R × ΣT → R is defined as follows: For each r = (qK , (q1 , q˜1K ), (q2 , q˜2K ), · · · , (qn , q˜nK )) ∈ R and σT = (σ, σ1 , σ2 , · · · , σn ) ∈ ΣT , αT (r, σT )! if and only if the following three conditions are satisfied: · σ ̸= ε ⇒ αK (qK , σ)!, · ∀i ∈ I : σi ̸= ε ⇒ α(qi , σi )!, · ∀i ∈ I : Mi (σ) = Mi (σi ). If αT (r, σT )!, then
(i + 1) ̸= ε. (1) 69
2013 IFAC DCDS September 4-6, 2013. York, UK
˜ K is shown in Fig. 3. Using The augmented automaton G ˜ the automata G, GK , and GK , we construct the testing automaton T by Algorithm 1. A part of T is shown in Fig. 4. We consider a path obtained by executing the event sequence (ε, σf , σf )(a, a, ε)(b, b, b)(ε, b, a)(d, d, a) (d, d, ε)m (c, ε, ε)(e, ε, e)m ∈ L(T ) (m ≥ 1). (d,d,ε)
For i = 1, this path contains a cycle (2, 7, d, 10, d) → (2, 7, d, 10, d) and for i = 2, it also contains a cycle
Fig. 1. An automaton G of Example 4.
(e,ε,e)
(3, 7, d, 10, d) → (3, 7, d, 10, d). Therefore, this path satisfies (1). By Theorem 2, G is not conjunctively codiagnosable with respect to K. For example, for any m ∈ N , we consider a string s = abdm cem ∈ K. For i = 1, let t1 = σf and u1 = abbdm . Then, we have t1 ∈ / K, |u1 | ≥ m, and M1 (s) = M1 (t1 u1 ) = adm . Also, for i = 2, let t2 = σf and u2 = baaem . Then, we have t2 ∈ / K, |u2 | ≥ m, and M2 (s) = M2 (t2 u2 ) = bem . Therefore,
Fig. 2. An automaton GK of Example 4.
(∀m ∈ N )(∃s ∈ K)(∀i ∈ I) Ai,m (s) ̸⊆ K holds. Thus, we can also confirm that G is not conjunctively codiagnosable with respect to K from Definition 1. σ
(j)
˜ K of Example 4. Fig. 3. An automaton G
T Now, we assume that there exists a reachable cycle r(j) →
σ
(j+1)
σ
(k−1)
r(j+1) T→ · · · T→ r(k) from r0 in T such that (2) is satisfied. Then, by (2), either r(j) (2i) = r(j+1) (2i) = · · · (hi )
= r(k) (2i) = 7 ∧ σT
(i + 1) = d
or r(j) (2i) = r(j+1) (2i) = · · · (h )
= r(k) (2i) = 10 ∧ σT i (i + 1) = e must hold for any i ∈ I. Since this cycle is reachable from r0 , there exists sT ∈ L(T ) such that r(j) = αT (r0 , sT ). We consider the case that i = 1. If r(j) (2) = r(j+1) (2) = (h ) · · · = r(k) (2) = 7, then σT 1 (2) = d. Since M1 (d) = d, (h ) we have σT 1 (1) = d. Therefore, we have r(j) (1) = (h ) r(j+1) (1) = · · · = r(k) (1) = 2. Assume that σT 2 (3) = (h ) e. Then, since M2 (e) = e, σT 2 (1) = e must hold. (h ) However, since ¬α(2, e)!, σT 2 (3) = e does not hold. Since (h2 ) (h2 ) σT (3) ̸= ε, we have σT (3) = d. Then, the cycle must satisfy r(j) (4) = r(j+1) (4) = · · · = r(k) (4) = 7. Since r(j) (4) = 7, the event b appears in P2 (sT ) twice. Further, since M2 (b) = b, the event b must also appear in P (sT ) twice. This contradicts with αK (0, P (sT )) = r(j) (1) = 2.
Fig. 4. A part of the testing automaton T of Example 4. Remark 5. It is known that the violation of disjunctive codiagnosability is characterized by the existence of a certain cycle in the testing automaton (Qiu and Kumar (2006)). On the other hand, as shown in Theorem 2, a certain path with multiple cycles is involved to characterize the violation of conjunctive codiagnosability. Therefore, verification of conjunctive codiagnosability is more complicated than that of disjunctive codiagnosability. Remark 6. The number of states of the testing automaton T is at most |QK |×|Q|n ×(|QK |+1)n . Since |ΣT | = (|Σ|+ 1)n+1 − 1, the number of transitions of T is at most |QK | × |Q|n × (|QK | + 1)n × {(|Σ| + 1)n+1 − 1}. Therefore, the complexity of constructing T is O(|Q|n × |QK |n+1 × |Σ|n+1 ).
If r(j) (2) = r(j+1) (2) = · · · = r(k) (2) = 10, the event a appears in P1 (sT ) twice. Since M1 (a) = a, the event a must also appear in P (sT ) twice. However, the event a cannot occur twice in GK . This is a contradiction.
In Step 3 of Algorithm 1, we need to search for a path satisfying (1) in the testing automaton T . Note that the number of paths is not necessarily finite. To perform Step 3 of Algorithm 1, we construct a nondeterministic acyclic
Therefore, even if G is not conjunctively codiagnosable with respect to K, there exists no reachable cycle satisfying (2) in general. 70
2013 IFAC DCDS September 4-6, 2013. York, UK
automaton, denoted by T ′ , whose states are maximal strongly connected components of T . Then, the number of paths of T ′ is finite. Since each cycle of T is included in a strongly connected component, Step 3 of Algorithm 1 can be performed by the following algorithm based on T ′ . Algorithm 2. Let T = (R, ΣT , αT , r0 ) be the testing automaton.
By Theorem 8, when G is conjunctively codiagnosable with respect to a nonempty closed language K ⊆ L(G), there exists m ∈ N such that
Step 1. Construct a nondeterministic acyclic automaton T ′ = (V, ΣT , αT′ , V0 ): The state set V is V = {V0 , V1 , · · · , Vh }, where Vi ∩ Vj = ∅ (i ̸= j), and for any j ∈ {0, 1, · · · , h}, Vj is a maximal strongly connected component of T . Without loss of generality, we assume that r0 ∈ V0 . The nondeterministic state transition function αT′ : V × ΣT → 2V is defined as
m∗ = min{m ∈ N |(∀s ∈ K)(∃i ∈ I)
(∀s ∈ K)(∃i ∈ I) Mi−1 Mi (s) ∩ L(G) ⊆ KΣ≤m . Then, let m∗ be such a minimal integer m. That is,
Mi−1 Mi (s) ∩ L(G) ⊆ KΣ≤m }. For each i ∈ I, we consider a local diagnoser given as { 0, if Mi−1 (τ ) ∩ L(G) ⊆ KΣ≤m Di (τ ) = (3) 1, otherwise,
where m ∈ N . Then, the following propositions hold. Proposition 2. We assume that G is conjunctively codiagnosable with respect to a nonempty closed language K ⊆ L(G). For any m ∈ N such that m ≥ m∗ , the conjunctive decentralized diagnoser {Di }∧ i∈I : L(G) → {0, 1} consisting of local diagnosers given by (3) satisfies
αT′ (Vj , σT ) = {Vk ∈ V | [j ̸= k] ∧[(∃r ∈ Vj )(∃r′ ∈ Vk ) αT (r, σT ) = r′ ]}. Step 2. Verify conjunctive codiagnosability: A labeling function J : V → 2I is defined for each Vj ∈ V (j ∈ {0, 1, · · · , h}) as follows:
C1’) (∀s ∈ L(G) − K)(∀t ∈ L(G)/s) |t| ≥ m ⇒ {Di }∧ i∈I (st) = 1, C2) (∀s ∈ K) {Di }∧ i∈I (s) ̸= 1. Proposition 3. We assume that G is conjunctively codiagnosable with respect to K. For any m ∈ N such that m < m∗ , there does not exist a conjunctive decentralized diagnoser {Di }∧ i∈I : L(G) → {0, 1} satisfying C1’) and C2).
′
J(Vj ) = {i ∈ I|[(∃r ∈ Vj ) r(2i + 1) = d] ∧ [(∃r, r ∈ Vj ) (∃σT ∈ ΣT ) αT (r, σT ) = r′ ∧ σT (i + 1) ̸= ε]}. The system G is not conjunctively codiagnosable with respect to a nonempty closed regular language K if and only if, in the acyclic automaton T ′ , there exists a path σ
(k0 )
σ
(k1 )
σ
(kh−1 )
T T V0 = Vk0 → Vk1 → · · · T→ Vkh from the initial node V0 such that ∪ J(Vj ) = {1, 2, · · · , n} = I.
By Propositions 2 and 3, m∗ represents the delay bound within which the occurrence of any failure is detected. The conjunctive decentralized diagnoser consisting of local diagnosers given by { −1 ≤m∗ Di (τ ) = 0, if Mi (τ ) ∩ L(G) ⊆ KΣ (4) 1, otherwise
j∈{k0 ,k1 ,···,kh }
Remark 7. To construct the nondeterministic automaton T ′ , we have to identify all maximal strongly connected components of T . It is well known that its complexity is O(|R|+|R|×|ΣT |) = O(|Q|n ×|QK |n+1 ×|Σ|n+1 ). Since T ′ is acyclic and event labels of a path are not relevant, the number of paths to be exploited in Step 2 ofn Algorithm 2 n is {|QK | × |Q|n × (|QK | + 1)n − 1}|QK |×|Q| ×(|QK |+1) −1 in the worst case.
detects the occurrence of any failure within m∗ steps. To synthesize this decentralized diagnoser, we compute m∗ as follows.
In this section, we assume that the system G is conjunctively codiagnosable with respect to a nonempty closed language K ⊆ L(G). To construct a conjunctive decentralized diagnoser for a conjunctively codiagnosable system, we compute the delay bound within which the occurrence of any failure can be detected by conjunctive decentralized diagnosis.
We consider the nondeterministic acyclic automaton T ′ = (V, ΣT , αT′ , V0 ), defined in Step 1 of Algorithm 2. For each i ∈ I, a weight function wi : V ×ΣT ×V → {1, 0} is defined as 1, if [j ̸= k] ∧ [(∃r ∈ Vj )(∃r′ ∈ Vk ) αT (r, σT ) = r′ ∧ σT (i + 1) ̸= ε wi (Vj , σT , Vk ) = ′ ∧r (2i + 1) = d] 0, otherwise.
First, we show an equivalent condition of conjunctive codiagnosability with respect to K. Theorem 8. Let K ⊆ L(G) be any nonempty closed language. The system G is conjunctively codiagnosable with respect to K if and only if
· · · T→ Vkh in T ′ . Since G is conjunctively codiagnosable ∪ with respect to K, there exists i such that i ∈ I − j∈{k0 ,k1 ,···,kh } J(Vj ). For each of these indices i, let
5. COMPUTATION OF DELAY BOUND
(k0 )
We consider any path pk : V0 = Vk0 σ
where Σ
(k1 )
Vk1
σT
→
h ∑
(kj−1 )
wi (Vkj−1 , σT
, Vkj ).
j=1
Mi−1 Mi (s) ∩ L(G) ⊆ KΣ≤m , ≤m
→
(kh−1 )
wi (pk ) =
(∃m ∈ N )(∀s ∈ K)(∃i ∈ I)
σT
Since T ′ is acyclic, we have wi (pk ) ≤ |V | − 1. The weight w(pk ) of pk is defined as
∗
:= {s ∈ Σ ||s| ≤ m} for any m ∈ N . 71
2013 IFAC DCDS September 4-6, 2013. York, UK
Fig. 5. An Automaton G of Example 11.
Fig. 7. The testing automaton T of Example 11. Fig. 6. An Automaton GK of Example 11. w(pk ) = i∈I−
∪
min
j∈{k0 ,···,kh }
wi (pk ). J(Vj )
Then, let P be the set of all paths from the initial state V0 to deadlock states in the nondeterministic automaton T ′ , and let Fig. 8. The nondeterministic automaton T ′ of Example 11. w = max w(p).
6. CONCLUSIONS
p∈P
Since P is finite, the value w is effectively computable. The following theorem shows that the delay bound can be computed as m∗ = w. Theorem 9. When the system G is conjunctively codiagnosable with respect to a nonempty closed regular language K ⊆ L(G), m∗ = w holds. Remark 10. The number of states of the nondeterministic automaton T ′ is at most |QK | × |Q|n × (|QK | + 1)n . Since |ΣT | = (|Σ| + 1)n+1 − 1 and T ′ is acyclic, the number of paths in T ′ is [{(|Σ| + 1)n+1 − 1} × {|QK | × |Q|n × (|QK | + n n 1)n − 1}]|QK |×|Q| ×(|QK |+1) −1 in the worst case. Example 11. We consider automata G and GK shown in Fig. 5 and Fig. 6, respectively. The set of events is Σ = {a, b, c, σf }, where σf denotes a failure event. Let I = {1, 2}, that is, there are two local diagnosers. Let ∆1 = {a, c} and ∆2 = {b}. We assume that local observation masks Mi : Σ → ∆i ∪ {ε} (i = 1, 2) are given as follows: { σ, if σ ∈ {a, c} M1 (σ) = ε, otherwise, { σ, if σ ∈ {b} M2 (σ) = ε, otherwise.
In this paper, we studied decentralized diagnosis of DESs using the conjunctive architecture. First, we proposed an algorithm to verify conjunctive codiagnosability and proved its correctness. Then, we computed the delay bound to construct a conjunctive decentralized diagnoser. REFERENCES Debouk, R., Lafortune, S., and Teneketzis, D. (2000). Coordinated decentralized protocols for failure diagnosis of discrete event systems. Discrete Event Dyna. Syst.: Theory and Appl., 10 (1&2), 33–86. Jiang, S., Huang, Z., Chandra, V., and Kumar, R. (2001). A polynomial algorithm for testing diagnosability of discrete-event systems. IEEE Trans. Autom. Control, 46 (8), 1318–1321. Kumar, R., and Takai, S. (2009). Inference-based ambiguity management in decentralized decision-making: Decentralized diagnosis of discrete-event systems. IEEE Trans. Autom. Sci. Eng., 6 (3), 479–491. Qiu, W., and Kumar, R. (2006). Decentralized failure diagnosis of discrete event systems. IEEE Trans. Syst., Man, Cybern., Part A: Syst. Humans, 36 (2), 384–395. Sampath, M., Sengupta, R., Lafortune, S., Sinnamohideen K., and Teneketzis, D. (1995). Diagnosability of discrete-event systems. IEEE Trans. Autom. Control, 40 (9), 1555–1575. Wang, Y., Yoo, T.-S., and Lafortune, S. (2007). Diagnosis of discrete event systems using decentralized architectures. Discrete Event Dyna. Syst.: Theory and Appl., 17 (2), 233–263. Wang, Y., Yoo, T.-S., and Lafortune, S. (2013). Erratum to: Diagnosis of discrete event systems using decentralized architectures. Discrete Event Dyna. Syst.: Theory and Appl., 23. Yoo, T.-S., and Lafortune, S. (2002). Polynomial-time verification of partially observed discrete-event systems. IEEE Trans. Autom. Control, 47 (9), 1491–1495.
Using the automata G and GK , we construct the testing automaton T by Algorithm 1. T is shown in Fig. 7. Using T , we construct the nondeterministic automaton T ′ . T ′ is shown in Fig. 8. By Theorem 2, G is conjunctively codiagnosable with respect to K. We compute the delay bound m∗ . To obtain w, we need to compute w(p) for all paths p from the initial state V0 = {(0, 0, 0, 0, 0)} to the deadlock state {(0, 2, d, 1, d)} in T ′ . For example, we consider such a path p : V0 = (ε,σf ,σf )
(ε,b,ε)
{(0, 0, 0, 0, 0)} → {(0, 1, d, 1, d)} → {(0, 2, d, 1, d)} in T ′ . For i = 1, we have w1 (p) = 2. Also, for i = 2, we have w2 (p) = 1. Therefore, the weight of p is w(p) = 1. Then, we have w = 1. By Theorem 9, we have m∗ = w = 1. 72