Decentralized K-Diagnosability of Petri Nets

Decentralized K-Diagnosability of Petri Nets F. Basile ∗ P. Chiacchio ∗ G. De Tommasi ∗∗ ∗

Dipartimento di Ingegneria Elettronica ed Ingegneria Informatica, Universit`a di Salerno, Via Ponte don Melillo, 84084 Fisciano (Salerno), Italy (email: {fbasile,pchiacchio}@unisa.it). ∗∗ Dipartimento di Informatica e Sistemistica, Universit`a di Napoli Federico II, Via Claudio, 21, 80125, Napoli, Italy (e-mail: [email protected]). Abstract: The problem of K–diagnosability of a fault in a decentralized framework for Petri Net models is tackled in this paper. K–diagnosability deals with the diagnosability of a fault after the firing of a finite number of observable events. An essential role is played by the observable sequences that can be explained without the firing of a given fault in the decentralized case, but they are faulty in the centralized case. The absence of these sequences is formulated as an Integer Linear Programming Problem. Exploiting such a characterization a sufficient condition is given for the decentralized K– diagnosability of a fault. Keywords: Decentralized Diagnosability, Discrete Event Systems, Petri Nets, Integer Linear Programming 1. INTRODUCTION Modern automated manufacturing systems, as well as distributed plants such as modern communication systems, public utilities or railway networks, are so large in scale leading to the request of decentralized solutions for different control and supervisory problems. Diagnosability of Discrete Event Systems (DESs) deals with the possibility of detecting, within a finite delay, the occurrences of unobservable fault events using the record of observed events. The formal definition of diagnosability has been given in the framework of finite state automata and regular languages (Sampath et al., 1995; Zad et al., 2005). Necessary and sufficient conditions for diagnosability of DES modeled as automata have been given in Sampath et al. (1995). The diagnosability test is based on another automaton called diagnoser which gives, after each observed event, a set of faults that could have happened (Sampath et al., 1995), or a set of fault states that the system could have reached (Zad et al., 2005). The diagnoser approach has been used to extend the diagnosability concept to stochastic automata (Lunze and Schr¨oder, 2001), and to the decentralized case (Debouk et al., 2000). K–diagnosability corresponds to the diagnosability of a fault within a finite delay (i.e., in K steps). This paper addresses the problem of K–diagnosability of a fault in a DES modeled as a Petri Net (PN) in a decentralized framework. The concept of K–diagnosability has been originally formulated in Sampath et al. (1995) in the context of fault detection with automata. By definition, if a fault transition is diagnos¯ such that it also K– ¯ able then it exists a minimum value K diagnosable. In the automata context, given an integer K, K– diagnosability can be checked by means of a path search on the diagnoser (see (Sampath et al., 1995, Corollary 1)); furthermore the related concept of k-diagnoser has been recently adopted

also to study the sensor minimization problem (Cassez et al., 2007). K–diagnosability allows to check practical diagnosability, specifying a quantitative bound for the number of events in the continuation of u, i.e., it specifies an upper bound for the number of events that are needed to detect a fault. Given an integer K, we provide a set of conditions that need to be satisfied if all the possible faults are diagnosable at most after K firings after their occurrence. This practical diagnosability permits to verify if the fault can be detected within a specified maximum time delay. Hence the concept of K-diagnosability is useful during the design phase, in order to check if the designed system fulfills the constraints in terms of maximum time needed to detect the faults. Although the concept of K–diagnosability has been firstly extended to PNs by Cabasino et al. (2009a), the present paper is one of the few that deal with this subject within the PNs context without relying on a graph–based approach. Indeed, the proposed approach extends to the decentralized case the one proposed in Basile et al. (2012), where a necessary and sufficient condition for K–diagnosability of bounded nets has been presented. In order to do that the mathematical representation of PNs and the Integer Linear Programming (ILP) standard optimization tool are exploited. The main idea behind the approach is the representation of suitable set of firing count vectors as linear constraints. Every sequence u that enables a fault f from the initial marking, and every sequence v that continues the system evolution after the fault occurrence, are characterized in terms of two sets of firing count vectors satisfying a set of linear constraints. A second set of linear constraints is used to characterize, in terms of firing count vectors, the sequences of unobservable transitions which enable, and thus explain, the firing of the projection of u and v over the set of observable transitions. These two sets of

constraints allow the formulate of the K-diagnosability of f as an ILP problem. The use of a standard tool to check diagnosability avoids to compute a graph. Moreover, it does not require any specific assumption on the structure of the net induced by the unobservable transitions, while this net is supposed to be acyclic in Cabasino et al. (2009b) and Cabasino et al. (2009a); in literature such an assumption is usually exploited in order to being able to build the diagnoser, which is then used to check diagnosability. However, it can be applied only to bounded net systems. The decentralized architecture considered in this paper is composed by a set of sites communicating their diagnosis information with a coordinator. Each local diagnoser has a complete knowledge of the net structure and of its initial marking, but it observes only a subset of the observable events. The definition of failure ambiguous sequences is exploited. In Cabasino et al. (2011a) it has been proved that the absence of such a type of sequences is a sufficient condition for the diagnosability of a DES system in decentralized framework, regardless of the communication protocol between the coordinator and the local diagnosers. Without loss of generality, in this paper we consider the most elementary communication protocol, i.e., a coordinator communicates a fault as soon as one site communicates the detection. The absence of failure ambiguous sequences is here formulated in terms of linear constraints. A sufficient condition for the decentralized K-diagnosability of bounded net systems is presented. The use of ILP to test decentralized Kdiagnosability could be a promising approach to formulate as an optimization problem the choice of the locally observable transitions for each site in such a way to assure the decentralized K-diagnosability. The present paper is organized as follows: the background and the notation are introduced in the next section, together with the definition of K–diagnosability. The considered decentralized framework is presented in Section 3, while the main contribution of the paper is discussed in Section 4. Eventually some conclusive remarks are given. 2. PRELIMINARIES The PN basics, together with some additional notations are introduced at the beginning of this section. The definitions of diagnosability and K–diagnosability are then recalled, together with a preliminary result that will be exploited in Section 4. For a complete review on PNs the reader is referred to Murata (1989). 2.1 Background and notation A Place/Transition net is a 4-tuple N = (P, T, Pre, Post), where P is a set of m places (represented by circles), T is a set of n transitions (represented by empty boxes and each one associated to an event), Pre : P × T 7→ N (Post : P × T 7→ N) is the pre- (post-) incidence matrix. Pre(p, t) = w (Post(p, t) = w) means that there is an arc with weight w from p to t (from t to p); C = Post − Pre is the incidence matrix. The symbols • p (• t) and p • (t • ) are used for the pre-set and post-set of a place p ∈ P (transition t ∈ T ), respectively, e.g.  • t = p ∈ P | Pre(p, t) 6= 0 .

A marking is a function m : P 7→ N that assigns to each place of a net a nonnegative integer number of tokens, drawn as black dots. It is useful to represent the marking of a net with a vector m ∈ Nm . A net system S = hN, m0 i is a net N with an initial marking m0 . A transition t is enabled at m if and only if m ≥ Pre(·, t) and this is denoted as m[ti. An enabled transition t may fire, yielding the marking m′ = m + C(·, t), and this is denoted as m[tim′ . If a transition is not enabled at m is denoted as m¬ ti.

A firing sequence from m  is a sequence of transitions  σ = t1 t2 . . . tk such that m t1 im1 t2 im2 . . . tk imk , and  this is denoted as m[σimk . The notations m σi and m¬ σi denote an enabled and a disabled sequence under a marking m, respectively. Furthermore, ti ∈ σ denotes that the transition ti belongs to the sequence σ. The length of a sequence σ is denoted by |σ|. Furthermore, given T¯ ⊆ T , T¯∗ denotes the Kleene closure of T¯, that is T¯∗ is the set of all finite sequence of elements of T¯, including the empty sequence ν. The empty sequence ν is such that σν = νσ = σ and |ν| = 0 (more details can be found in (Cassandras and Lafortune, 1999, p. 55)). A marking m′ is said to be reachable from m0 iff there exists a sequence σ such that m0 [σim′ . R(N, m0 ) denotes the set of reachable markings of the net system hN, m0 i. The function σ : T 7→ N, where σ(t) represents the number of occurrences of t in σ, is called firing count vector of the firing sequence σ. As it has been done for the marking of a net, the firing count vector is often denoted as a vector σ ∈ Nn . The notation σ = π(σ) is used to denote that σ is the firing count vector of σ. Given a sequence σ the 1-norm of the related firing count vector 1 σ = π(σ) is equal to the length of the sequence, i.e., kσk1 = |σ|. If m0 [σim, then it is possible to write the vector equation m = m0 + C · σ ,

(1)

which is called the state equation of the net system. Given a firing count vector σ ∈ Nn , in this paper we are often interested to consider only the firings of either the observable or the unobservable transitions. For this reason we introduce the following notations:  σ(t) if t ∈ To σ |To ∈ Nn , with σ |To (t) = 0 ift ∈ / To  σ(t) if t ∈ Tuo σ |Tuo ∈ Nn , with σ |Tuo (t) = 0 ift ∈ / Tuo It is straightforward that given a firing count vector σ it holds that σ = σ |To + σ |Tuo .

We now introduce the following definition of unobservable explanations of a given sequence σ enabled from the initial marking m0 , which is related to the one given in Basile et al. (2009). Definition 1. (Unobservable explanations). Consider a net sys tem S = hN , m0 i and a sequence σ ∈ T ∗ such that m0 σi and 1 1 2 2 k k σ = σuo to σuo to . . . σuo to , i ∗ i with σuo ∈ Tuo and to ∈ To , i = 1 , . . . , k. The following set 1

Given a vector σ, the 1-norm kσk1 is equal to the sum of the absolute values of the vector elements.

n ∗ 1 2 k+1 Σ(N , σ) , σ ¯ ∈ Tuo |σ ¯=σ ¯uo σ ¯uo ...σ ¯uo and o  1 1 2 2 k k k+1 m0 σ ¯uo to σ ¯uo to . . . σ ¯uo to σ ¯uo i ,

contains the unobservable explanations of σ, and n o ¯ ∈ Nn s.t. σ ¯ = π(¯ Σ(N , σ) , σ ¯ ∈ Σ(N , σ) and σ σ) , is the corresponding set of firing count vectors.

In simple words, the unobservable explanations of σ are all the sequences of unobservable transitions that can explain the firing of the observable transitions in σ. The notation Σ(N , σ) makes clear the dependence of the unobservable explanations on the net structure. Example 1. Given the net shown in Fig. 1, let σ = t 1 t 2 t4 ,  with m0 σi. Taking into account that the following sequences σ ¯ 1 = t2 t1 t4 , σ ¯2 = t1 t3 t2 t4 , σ ¯ 3 = t1 t2 t3 t 4 , σ ¯ 4 = t1 t2 t4 t3 , σ ¯5 = t2 t1 t3 t4 , σ ¯ 6 = t2 t1 t4 t 3 , are all enabled starting from m0 , it follows that the set of unobservable explanations of σ is Σ(N , σ) = {t2 , t3 t2 , t2 t3 } , and o n T T . Σ(N , σ) = [0 1 0 0 0] , [0 1 1 0 0] N

p1 '

t1

p2

t2

p3

2

t4

'

t3 = t f

p4 2

t5

Fig. 1. Example net. 2.2 Diagnosability and K–diagnosability The assumption stated below will be exploited throughout the paper, in order to assure that after a fault occurrence the net does not enter a deadlock which could prevent the diagnosis of the fault itself. To this purpose, liveness of the net system is commonly assumed when dealing with diagnosability of DES; however we prefer to rely on the following and less conservative assumption, as it has been done in Cabasino et al. (2011a). Assumption 1. The net system S = hN , m0 i does not enter a deadlock after firing any fault transition. ✸ Let us now extend to the PNs the classical definition of diagnosability for DES given in the seminal work Sampath et al. (1995). Without loss of generality we will focus our attention on the diagnosability of a single fault tf , rather than on diagnosability of class of faults.

Consider a net system hN , m0 i with T = Tuo ∪ To , and Tf ⊆ Tuo . Let L be the live and prefix-close language generated by hN , m0 i. We denote by L/σ the post-language of L after the sequence of transitions σ, i.e.  L/σ = v ∈ T ∗ s.t. σv ∈ L . A sequence v ∈ L/σ is called continuation of σ. Denoting by P r(·) : T ∗ 7→ To∗ the natural projection which “erases” the unobservable transitions in a sequence σ, it is also possible to define the inverse projection operator extended to the language L as follows (see also (Cassandras and Lafortune, 1999, pg. 58))  −1 P rL (r) = σ ∈ L s.t. P r(σ) = r . The following definition of diagnosability can be now given. Definition 2. (Diagnosable fault). A fault transition tf ∈ Tf is said to be diagnosable if ∃ h ∈ N such that ∀ σ = utf with tf ∈ / u, and ∀ v ∈ L/σ with |v| ≥ h , it is
−1 r ∈ P rL P r(σv) ⇒ tf ∈ r .

✸

The above definition of diagnosability of a fault can be explained as follows. Let σ = utf be any sequence generated by the system that ends in a failure event tf , and let v be any sufficiently long continuation of σ. Diagnosability of tf implies that along every continuation v of σ it is possible to detect the occurrence of the fault with a finite delay. Given a fault tf and a positive integer K, it is now possible to give the following definition of K–diagnosable fault tf , which turns out to be a practical notion of diagnosability. Definition 3. (K–diagnosable fault). Given tf ∈ Tf and K ∈ N, tf is said to be K–diagnosable if ∀ σ = utf with tf ∈ / u and ∀ v ∈ L/σ such that |v| ≥ K , it is
−1 r ∈ P rL P r(σv) ⇒ tf ∈ r . (2) ✸ If σ = utf is any sequence generated by the system that ends in a failure event tf , then K–diagnosability of tf implies that it is possible to detect its occurrence within a finite delay, specifically after the firing of at most K transitions after its occurrence. Indeed, given an integer K, condition (2) must be satisfied for all the continuations v of σ which contain at least K transitions. The definition of K–diagnosability follows straightforwardly from the original definition given in Sampath et al. (1995). It is worth to notice that while diagnosability requires the existence of an upper bound for the continuation of σ, K– diagnosability specifies a quantitative bound for the number of events in the continuation of σ. It turns out that with K– diagnosability it is possible to specify an upper bound for the number of events that are needed to detect a fault. In this sense we claim that K–diagnosability is a practical diagnosability. Indeed, given an integer K, K–diagnosability of a fault always implies its diagnosability, while the converse is not necessarily true. However, by definition, it follows that if a fault transition ¯ such that it also is diagnosable then it will exist an integer K ¯ K–diagnosable.

Example 2. For the net in Fig. 1 let t3 ∈ Tf and consider the sequence σ = t1 t3 , i.e., σ is a sequence that ends with the fault transition t3 . Given the definition of K–diagnosability, it turns out that t3 is not 2-diagnosable. Indeed v = t2 t4 belongs to the post-language L/σ with P r (t1 t3 t2 t4 ) = t1 t4 , 
 −1 and t1 t2 t4 ∈ P rL P r σv , with t3 ∈ / t1 t2 t4 . Hence there exists one sequence σ that ends with t3 and one sequence v ∈ L/σ with |v| = 2, such that
r ∈ P r−1 P r(σv) ; t3 ∈ r , which, by definition, implies that t3 cannot be 2-diagnosable. Exploiting similar arguments and by exhaustively searching for all possibilities, it follows that t3 is 3-diagnosable. N Dealing with K–diagnosability of a fault tf , given a sequence that ends with tf , we are interested to characterize all the possible continuations of that sequence which hold at least K firings. In order to do that we first need to characterize all the markings reachable from m0 that enable tf , and which are reached by the firing of a sequence that does not contain tf . We denote the set of these markings as  ^  ^  o n   m M(tf ) =

m∈N

| m0 uim

tf ∈ /u

m tf i

,

V

where denotes the logical and operator. Furthermore, given a marking m ∈ M(tf ), we are interested to the sequences that belong to the set n   ^   S(tf , K) =

∗

σ ∈ T | σ = utf v

^



 ^

m0 uim

m0 σi

 ^

m ∈ M(tf )

|v| ≥ K

o

,

that is to all the possible continuations of the sequence utf holding at least K firings. We now recall the following necessary and sufficient condition to check K–diagnosability of tf in a centralized framework for bounded net systems 2 . This result has been originally proposed in Basile et al. (2010) and Basile et al. (2012). Theorem 4. (Basile et al. (2012)). Consider a bounded net system S = hN, m0 i and a fault transition tf , let J be a positive integer such that J ≥ Jmin . Given a positive integer
K, tf is K–diagnosable if and only if there exist 3 J + K vectors u1 , . . . , uJ , v 1 , . . . , v K , ǫ1 , . . . , ǫJ +K , s1 , . . . , sJ +K ∈ Nn such that JX +K min ǫr (tf ) = 6 0.
s.t. D m0 ,tf ,J ,K

r=1


The set of constraints D m0 , tf , J , K is equal to
 F m0 , tf , J , K      J K   X X    E m0 , ui|To + v j|To     i=1 j=1 
 s1|To = u1|To D m0 , t f , J , K :  ...    sJ|T = uJ|T  o o    sJ +1|T = v 1|To  o    ...  

(3a) (3b)

(3c)

sJ +K|T = v K|T o

2

o

A net system S = hN , m0 i is said to be bounded if the number of tokens in each place does not exceed a finite number M for any marking reachable from m0 .

where F (m0 , tf , J , K) denotes the following constraints used to describe the set M(tf )  m0 ≥ Pre · u1    m0 + C · u1 ≥ Pre · u2    (4a) ...     J −1  X    m0 + C · ui ≥ Pre · uJ     i=1    J  X
   m + C · ui ≥ Pre · , tf (4b) 0     i=1    J  X
   m0 + C · ui + C · , tf ≥ Pre · v 1     i=1 J X
  m0 + C · ui + C · , tf + C · v 1 ≥ Pre · v 2     i=1    ... (4c)    K−1 J  X X 
  ui + C · , tf + C · v j ≥ Pre · v K m0 + C ·     i=1 j=1     J  X   u(tf ) = 0 (4d)     i=1  

X

 

K  

 v (4e) j ≥ K  j=1

1

 PK while E m0 , i=1 ui|To + j=1 v j|To denotes  m0 + C · ǫ1|T ≥ Pre · s1 uo |To    2 X     m0 + C · ǫi|Tuo + C · s1|To ≥ Pre · s2|To     i=1    ...    J +K−1 J +K  X X    sj|To ≥ Pre · sJ +K|T + C · ǫ m + C · 0 i|Tuo  o    j=1 i=1  

PJ

(5a)

m0 ≥ Pre · ǫ1|Tuo


  m0 + C · ǫ1|Tuo + s1|To ≥ Pre · ǫ2|Tuo     ...     J +K−1   X     m + C · ǫ + s ≥ Pre · ǫJ +K|T 0 i i |Tuo |To  uo    i=1    K J J +K  X X X    v j|To + u = s i i  |To |To i=1

i=1

(5b)

(5c)

j=1

The integer Jmin is the minimum positive integer such that the constraints (4) fully describe the set M(tf ) (a comprehensive discussion on this point is given in Basile et al. (2012)).  3. DECENTRALIZED FRAMEWORK FOR K–DIAGNOSABILITY In this section we introduce the framework for decentralized diagnosability we deal with in this paper. This framework has been originally introduced in Debouk et al. (2000), and recently adopted in the context of DES modeled as PNs in Cabasino et al. (2011a). It is worth to remark, although the a decentralized approach has been originally proposed for classical diagnosability, it can be straightforwardly applied also to K– diagnosability.

set of locally observable transitions Toh , with h = 1 , . . . , δ. Given a fault tf ∈ Tf , a sequence σ such that tf ∈ σ is said to be failure ambiguous wrt the above set of local diagnosers and wrt tf , if the following two conditions are verified:

Global diagnosis

Coordinator

∗

Local diagnosis #1

Local diagnosis #2

Local diagnoser #1

Local diagnoser #2

P r1(σ)

P r2(σ)

P r1(·) σ

...

Local diagnosis #δ

Local diagnoser #δ P rδ (σ)

P r2(·)

...

σ

P rδ (·) σ

Net system S = hN , m0i Fig. 2. Reference architecture for the decentralized diagnosis. The reference architecture for decentralized diagnosis is shown in the block diagram in Fig. 2, where δ local diagnosers monitor the considered net system. Each diagnoser has a complete knowledge of the net structure and of the initial marking, while it observes the behavior of the net system through its own projection mask. Hence, for each local diagnoser it is possible to define a set of locally observable transitions Toh , with h = 1 , . . . , δ, such that δ [

i) P rh−1,L (P rh (σ)) ∩ (T \ {tf }) 6= ∅ for all h ∈ {1 , . . . , δ} ∗ −1 ii) P rL (P r(σ)) ∩ (T \ {tf }) = ∅

Toh = To ,

h=1

that is any observable transition is observed by at least one local diagnoser. Given the set Toh it is also possible to define the set h of locally unobservable transitions as Tuo = T \ Toh . Furthermore, for each local diagnoser it is possible
∗to define the correspondent projection P rh (·) : T ∗ 7→ Toh and inverse
∗ projection P rh−1,L (·) : Toh 7→ T ∗ , similarly to what has been done in Section 2.2. In this paper we assume that each local diagnoser adopts its own algorithm to perform the local diagnosis (some possible approaches in the context of PNs are given in Dotoli et al. (2009); Basile et al. (2009) and in Cabasino et al. (2011b)). These local diagnosis are sent to the Coordinator in order to perform the global diagnosis in accordance with the chosen approach. The simplest way to perform the global diagnosis could be to diagnoses a fault as soon as one local diagnoser does it. Obviously more complex protocols can be adopted to exchange information between the local diangosers and the Coordinator (the interested reader can refer to Debouk et al. (2000) and in Cabasino et al. (2010)). However, in this paper we are interested on conditions that assures that the system is K–diagnosable for a given value of K, whatever diagnosis approach and communication protocol is adopted. In Cabasino et al. (2011a) it has been shown that a sufficient condition to perform decentralized diagnosis regardless of the adopted communication protocol is the absence of failure ambiguous sequences, which are defined as follows. Definition 5. (Failure ambiguous sequence). Consider a net system S = hN , m0 i, δ local diagnosers and the correspondent

✸ Hence, given a set of local diagnosers and a fault transition tf , a sequence is said fault ambiguous if, for each local diagnoser, there exists at least one local unobservable explanations which does not include the fault, while the fault is included in all the centralized unobservable explanations. Example 3. Let us suppose that net in Fig. 1 is monitored by δ = 3 local diagnosers, with To1 = {t1 }, To2 = {t4 } and To3 = {t5 }. According to Definition 5 it turns out that the sequence σ = t1 t3 t2 t4 t5 is failure ambiguous wrt to the three considered local diagnosers and wrt to the fault t3 . Indeed, it is ∗

t1 ∈ P r1−1 ,L (P r1 (σ)) ∩ (T \ {t3 }) , ∗

t2 t4 ∈ P r2−1 ,L (P r2 (σ)) ∩ (T \ {t3 }) , ∗

t2 t4 t2 t4 t5 ∈ P r3−1 ,L (P r3 (σ)) ∩ (T \ {t3 }) , ∗

−1 while P rL (P r(σ)) ∩ (T \ {t3 }) is equal to the empty set. N

In order to state a sufficient condition to perform decentralized diagnosis of a fault tf in K steps, we should be able to check the existence of fault ambiguous sequences in S(tf , K). Indeed, the following proposition holds. Proposition 1. Consider a net system S = hN , m0 i monitored by δ ∈ N local diagnosers. Let suppose that tf ∈ Tf is K– diagnosable in a centralized framework. Regardless of the communication protocol used to perform the decentralized diagnosis, if all the sequences in S(tf , K) are not failure ambiguous wrt to the considered set of local diagnosers and wrt tf , then tf is K–diagnosable in a decentralized framework. Proof. Given the considered set of local diagnosers, if none of the sequences in S(tf , K) is failure ambiguous wrt tf , then it means that at least one local diagnoser is able to detect the occurrence of tf at most after K firings. This imply that tf is K–diagnosable in a decentralized framework.  4. MAIN RESULTS In this section we present necessary and sufficient condition to check the existence of failure ambiguous sequences by solving ILP problems. The proposed result holds for bounded net systems. In order to prove the main result of the paper, we first introduce the next lemma. For a given local diagnoser, given a sequence σ and the firing count vector b, corresponding to the locally observable transitions in σ, this lemma presents a set of linear constraints that must be fulfilled by a set of firing count vectors corresponding to the locally unobservable explanations of b. Lemma 1. Consider a net system S = hN, m0 i, δ local diagnosers with the correspondent set of locally observable transitions Toh . Let σ be a sequence enabled under the initial marking m0 . The sequence σ is such that

Note that (7) corresponds to (5) when To and Tuo are reh placed by Toh and Tuo , respectively. Hence, the set of constraints Eh (m0 , b) refers to the h-th local diagnoser. Moreover, a different set of unknown variables ǫhi is considered for the silent firings of each local diagnoser, while the unknown for the observable firings is common to all the sites.

  π P r1 (σ) = b1 ,   π P r2 (σ) = b2 , ...  π P rδ (σ) = bδ , 

if and only if there exist (δ + 1)ρ vectors s1 , . . . , sρ , ǫ11 , . . . , ǫ1ρ ,. . . , ǫδ1 , . . . , ǫδρ with ρ ≤ kσk, that fulfill the following set of constraints   J K X X E1 m0 , ui|T 1 + v j|T 1  i=1



E2 m0 ,

...



Eδ m0 ,

J X i=1

J X i=1

o

ui|T 2 + o

ui|T δ + o

o

j=1

K X j=1

K X j=1



v j|T 2  o

h=1 r=1

min

v j|T δ  , o

s.t. H(m0 ,tf ,J ,K)

(7a)

F

(9)

where the set of constraints H (m0 , tf , J , K) is equal to
 D m0 , tf , J , K (10a)   " !  K J  X X    vj 1 E1 m0 , ui 1 +   |To |T o   j=1 i=1   " !
 K J X X H m0 , tf , J , K : (10b) vj 2 ui 2 +  |To |To  E2 m0 ,   j=1 i=1   . . .!  "   K J  X X    ui δ + vj δ .  Eδ m0 , |To |To i=1

h

|Tuo 
 h h   m + C · ǫ 0 1 h + s1|T h ≥ Pre · ǫ2 h  |Tuo |Tuo  o    ...    J +K−1   X    m0 + C · ǫh + s ≥ Pre · ǫh i  i J +K h h h |To  |Tuo |Tuo   i=1    J +K  X    si h = b  |To

q=1

Consider the ILP problem



where Eh (m0 , b) denotes  m0 + C · ǫh h ≥ Pre · s1|T h 1|Tuo  o    2  X    m0 + C · ǫh  i h + C · s1|T h ≥ Pre · s2|T h  |Tuo o o   i=1    . . .    J +K J +K−1  X X   h  m + C · ǫ sj h ≥ Pre · sJ +K h + C ·  0 i h  |To |To |Tuo   j=1 i=1   m0 ≥ Pre · ǫh 1

(6)

Given Theorem 4 and the definition given above, the following result holds. Theorem 6. Let S = hN , m0 i be a bounded net system monitored by δ local diagnosers, and tf ∈ Tf . Given K ∈ N let u1 , . . . , uJ , v 1 , . . . , v K , s1 , . . ., sJ +K , ǫ1 , . . . , ǫJ +K , ǫ11 , . . . , ǫ1J +K , . . . , ǫδ1 , . . . , ǫδJ +K be (δ + 3) (J + K) vectors in Nn , with J be a positive integer such that J ≥ Jmin , and let ! δ J +K " JX +K X X h F = ǫr (tf ) + ǫq (tf ) .

j=1

∗

Denoting by F the the optimal valuse of the objective function, the following statements hold:

(7b)

(7c)

i=1

with h = 1 , . . . , δ, and b1 , . . . , bδ ∈ Nn .

Proof. In Garc´ıa Vall´es (1999) it has been proved that there exists a set of ρ integer vectors y 1 , . . . , y ρ with ρ ≤ |σ| such that the following linear constraints are fulfilled  m0 ≥ Pre · y 1     m0 + C · y 1 ≥ Pre · y 2    ...    ρ−1 X (8) m + C · y i ≥ Pre · y ρ 0    i=1   ρ  X    y i = π(σ)  i=1

iff there exists at least one sequence σ, which is enabled under m0 and such that π(σ) = σ.

The proof of Lemma 1 readily follows from the result stated above, when the transitions set is partitioned in the locally observable and locally unobservable transitions subsets for each local diagnoser. 

i) If F ∗ is equal to 0, then tf is K–undiagnosable. ii) If F ∗ is greater than 0 and δ JX +K X

ǫ∗h r (tf ) = 0 ,

h=1 r=1

then tf is K–diagnosable in a centralized framework, while it could be not in a decentralized framework. iii) If F ∗ is greater than 0 and δ JX +K X

ǫ∗h r (tf ) > 0 ,

h=1 r=1

then tf is K–diagnosable both in centralized and decentralized frameworks, regardless of the communication protocol. Proof. Statements i) and ii) readily follow from Theorem 4. In order to prove the last statement let suppose, ad absurdum, that tf is K–diagnosable in a decentralized framework regardless of the communication protocol and δ JX +K X

ǫ∗h r (tf ) = 0 .

h=1 r=1

The equality above implies that there exists at least one failure ambiguous sequence in S (tf , K) wrt tf and wrt the considered set of local diagnosers. It follows that there exists at least one communication protocol that does not permit to perform the decentralized diagnosis in K steps. Indeed, the global diagnosis

cannot be performed by simply diagnosing tf as soon as one local diagnoser does it, contradicting the initial assumption.  Example 4. Consider the live and bounded net system shown in Fig. 1, let J = Jmin = 2. Given the set of three local diagnosers considered in Example 3, we let K = 2 and we get ! 3 4 " 4 XX X h min ǫr (t3 ) + ǫq (t3 ) = 0 , s.t. H(m0 ,t3 ,2 ,2)

h=1 r=1

q=1

indeed t3 is not 2–diagnosable.

If we set K equal to 3 it is ! 3 5 " 5 XX X h ǫr (t3 ) + ǫq (t3 ) = 1 , min s.t. H(m0 ,t3 ,2 ,3)

h=1 r=1

q=1

with

3 X 5 X

ǫhr (t3 ) = 0 ,

h=1 r=1

hence, according to Theorem 6, t3 is 3-diagnosable in a centralized framework, while it may be not in a decentralized one, since there exists at least one failure ambiguous sequence wrt to the considered set of local diagnosers. Finally let us consider the following set of local diagnosers, with δ = 2 To1 = {t1 , t5 } , To2 = {t4 } . Given the above choice for the local diagnosers and letting K = 3 it is " ! 2 5 5 X XX h min ǫr (t3 ) + ǫq (t3 ) = 2 , s.t. H(m0 ,t3 ,2 ,3)

h=1 r=1

q=1

with

2 X 5 X

ǫhr (t3 ) = 1 ,

h=1 r=1

which implies the 3–diagnosability of t3 in both the centralized and the decentralized frameworks. N CONCLUSIONS This paper provides a sufficient condition to check K–diagnosability of a fault transition of a bounded PNs in a decentralized framework. The concept of K–diagnosability corresponds to the diagnosability within a finite delay. The proposed approach does not require neither any explicit estimation of the reachability set, nor any search of paths in graphs. The results are expressed in terms of ILP problems, that can be easily solved by using off-the-shelf tools. The use of ILP to test decentralized K-diagnosability could be a promising approach to formulate as an optimization problem the choice of locally observable transitions for each site. REFERENCES Basile, F., Chiacchio, P., and De Tommasi, G. (2009). An efficient approach for online diagnosis of discrete event systems. IEEE Trans. Aut. Contr., 54(4), 748–759. Basile, F., Chiacchio, P., and De Tommasi, G. (2010). Diagnosability of Labeled Petri Nets via Integer Linear Programming. In Proc. of the 10th International Workshop on Discrete Event Systems (WODES’10), 81–87. Berlin, Germany.

Basile, F., Chiacchio, P., and De Tommasi, G. (2012). On Kdiagnosability of Petri nets via integer linear programming. Automatica. doi:10.1016/j.automatica.2012.06.039. Cabasino, M.P., Giua, A., Lafortune, S., and Seatzu, C. (2009a). Diagnosability analysis of unbounded Petri nets. Proc. of the 48th IEEE Conf. on Decision and Control, Shangai, China, 1267–1272. Cabasino, M., Giua, A., Paoli, A., and Seatzu, C. (2010). A new protocol for the decentralized diagnosis of labeled Petri nets. In Proc. of the 10th International Workshop on Discrete Event Systems (WODES’10). Berlin, Germany. Cabasino, M., Giua, A., Paoli, A., and Seatzu, C. (2011a). Decentralized diagnosability analysis of discrete event systems using Petri nets. In Proc. of 18th IFAC World Congress, 6060–6066. Milano, Italy. Cabasino, M., Giua, A., Pocci, M., and Seatzu, C. (2011b). Discrete event diagnosis using labeled Petri nets. An application to manufacturing systems. Control Engineering Practice, 19(9), 989–1001. Cabasino, M.P., Giua, A., and Seatzu, C. (2009b). Diagnosability analysis of bounded Petri nets. Proc. of the 48th IEEE Conf. on Decision and Control, Shangai, China, 1254–1260. Cassandras, C. and Lafortune, S. (1999). Introduction to Discrete Event Systems. Springer. Cassez, F., Tripakis, S., and Altisen, K. (2007). Sensor minimization problems with static or dynamic observers for fault diagnosis. In 7th Int. Conf. Application of Concurrency to System Design. Bratislava, Slovak Republic. Debouk, R., Lafortune, S., and Teneketzis, D. (2000). Coordinated decentralized protocols for failure diagnosis of discrete event systems. Discrete Event Dynamic Systems, 10(1), 33– 86. Dotoli, M., Fanti, M.P., and Mangini, A.M. (2009). Fault Detection of Discrete Event Systems by Petri Nets and Integer Linear Programming. Automatica, 45(11), 2665–2672. Garc´ıa Vall´es, F. (1999). Contributions to the Structural and Symbolic Analysis of Place/Transition Nets with Applications to Flexible Manufacturing Systems and Asynchronous Circuits. Ph.D. thesis, Universidad de Zaragoza. Lunze, J. and Schr¨oder, J. (2001). State Observation and Diagnosis of Discrete-Event Systems Described by Stochastic Automata. Discrete Event Dynamic Systems, 11(4), 319– 369. Murata, T. (1989). Petri nets: Properties, analysis and applications. Proc. of IEEE, 77(4), 541–580. Sampath, M., Sengupta, R., Lafortune, S., Sinnamohideen, K., and Teneketzis, D. (1995). Diagnosability of Discrete Event Systems. IEEE Trans. Aut. Contr., 40(9), 1555–1575. Zad, S.H., Kwong, R.H., and Wonham, W.M. (2005). Fault diagnosis in discrete-event systems: Incorporating timing information. IEEE Trans. Aut. Contr., 50(7), 1010–1015.