- Email: [email protected]
Observability and diagnosability of finite state systems: A unifying framework
Automatica 81 (2017) 115–122
Contents lists available at ScienceDirect
Automatica journal homepage: www.elsevier.com/locate/automatica
Brief paper
Observability and diagnosability of finite state systems: A unifying framework✩ Elena De Santis, Maria Domenica Di Benedetto University of L’Aquila, DISIM, Department of Information Engineering, Computer Science and Mathematics, Center of Excellence DEWS, 67100 L’Aquila, Italy
article
info
Article history: Received 22 December 2014 Received in revised form 8 February 2017 Accepted 10 February 2017
Keywords: Observability Diagnosability Finite state systems
abstract In this paper, a general framework is proposed for the analysis and characterization of observability and diagnosability of finite state systems. Observability corresponds to the reconstruction of the system’s discrete state, while diagnosability corresponds to the possibility of determining the past occurrence of some particular states, for example faulty states. A unifying framework is proposed where observability and diagnosability properties are defined with respect to a critical set, i.e. a set of discrete states representing a set of faults, or more generally a set of interest. These properties are characterized and the involved conditions provide an estimation of the delay required for the detection of a critical state, of the precision of the delay estimation and of the duration of a possible initial transient where the diagnosis is not possible or not required. Our framework makes it possible to precisely compare some of the observability and diagnosability notions existing in the literature with the ones introduced in our paper, and this comparison is presented. © 2017 Elsevier Ltd. All rights reserved.
1. Introduction Reconstructing the internal behavior of a dynamical system on the basis of the available measurements is a central problem in control theory. Starting from the seminal paper (Kalman, 1959), state observability has been investigated both in the continuous domain (see e.g. the fundamental papers Luenberger, 1971 for the linear case and Griffith & Kumar, 1971 for the nonlinear case), in the discrete state domain (see e.g. Ozveren & Willsky, 1990 and Ramadge, 1986), and more recently for hybrid systems (see e.g. the special issue (De Santis, 2009) on observability and observerbased control of hybrid systems and the references therein, Babaali & Pappas, 2005; Balluchi, Benvenuti, Di Benedetto, & Sangiovanni-Vincentelli, 2002; Balluchi, Benvenuti, Di Benedetto, & Sangiovanni-Vincentelli, 2013; Bemporad, Ferrari-Trecate, & Morari, 2000; Collins & van Schuppen, 2007; De Santis, Di Benedetto, & Pola, 2003; Tanwani, Shim, & Liberzon, 2013; Vidal, Chiuso, Soatto, & Sastry, 2003). In some references dealing with discrete event systems, e.g. in Lafortune (2007), the notion of
✩ The material in this paper was not presented at any conference. This paper was recommended for publication in revised form by Associate Editor Jan Komenda under the direction of Editor Ian R. Petersen. E-mail addresses: [email protected] (E. De Santis), [email protected] (M.D. Di Benedetto).
http://dx.doi.org/10.1016/j.automatica.2017.02.042 0005-1098/© 2017 Elsevier Ltd. All rights reserved.
observability is related to state disambiguation, which is the property of distinguishing unambiguously among certain pairs of states in the state space. We will use here the term observability in the traditional meaning used in Zaytoon and Lafortune (2013) where observability corresponds to the reconstruction of the system’s discrete state. Diagnosability, a property that is closely related to observability but is more general, corresponds to the possibility of detecting the occurrence of some particular state, for example a faulty state, on the basis of the observations. An excellent survey of recent advances on diagnosis methods for discrete systems can be found in Zaytoon and Lafortune (2013). The formal definition and analysis of observability and diagnosability depend on the model, on the available output information, and on the objective for which state reconstruction is needed, e.g. for control purposes, for detection of critical situations, and for diagnosis of past system evolutions. It is therefore hard, in general, to understand the precise relationships that exist between the different notions that exist in the literature. In this paper, we propose a unifying framework where observability and diagnosability are defined with respect to a subset of the state space, called critical set. A state belonging to the critical set is called critical state. This idea comes from safety critical applications, e.g. Air Traffic Management (De Santis, Di Benedetto, Di Gennaro, D’Innocenzo, & Pola, 2006; Di Benedetto, Di Gennaro, & D’Innocenzo, 2005b), where the critical set of discrete states represents dangerous situations that must be
116
E. De Santis, M.D. Di Benedetto / Automatica 81 (2017) 115–122
detected to avoid unsafe or even catastrophic behavior of the system. However, the critical set can represent a set of faults, or more generally any set of interest. We define and characterize observability and diagnosability in a uniform set-membershipbased formalism. The set-membership formalism and the derived algorithms are very simple and intuitive, and allow checking the properties without constructing an observer, thereby avoiding the exponential complexity of the observer design. The definitions of observability and diagnosability are given in a general form that is parametric with respect to the delay required for the detection of a critical state, and the precision of the delay estimation. Using the proposed conditions that characterize those properties, we can check diagnosability of a critical event, such as a faulty event, and at the same time compute the delay of the diagnosis with respect to the occurrence of the event, the uncertainty about the time at which that event occurred, and the duration of a possible initial transient where the diagnosis is not possible or not required. These evaluations are useful to better understand the characteristics of the system and can be used in the implementation of the diagnoser. While in the literature on discrete event systems a transitionbased model is used, we adopt a state-based approach, similarly to what was done in Lin (1994) where an on-line diagnosability problem for a deterministic Moore automaton with partial state observation was solved, in Hashtrudi Zad, Kwong, and Wonham (1971) where the focus was on the complexity reduction in the diagnoser design, and in Takai and Ushio (2012) where verification of codiagnosability is performed. Because of the different formalism used in the transition-based and state-based approaches, a comparison between our definitions and those existing in the literature on discrete event systems is very hard to achieve without a unifying framework where the different notions can all be formulated and compared. We show that, using our formalism, we are able to understand the precise relationships that exist between the properties we analyze and some of the many diagnosability concepts that exist in the literature. The paper is organized as follows. After introducing the main definitions in Section 2, Section 3 is devoted to establishing some geometrical tools that are instrumental in proving our results. In Section 4, observability and diagnosability properties are completely characterized. The proofs are omitted for space reason and are available in De Santis and Di Benedetto (2016), where also examples are provided to better understand our results. The proofs of the main theorems are constructive and show how a diagnoser can be determined. Notations: The symbol Z denotes the set of nonnegative integer numbers. For a, b ∈ Z, [a, b] = {x ∈ Z : a ≤ x ≤ b}. For a set X , the symbol |X | denotes its cardinality. For a set Y ⊂ X , where the symbol ⊂ has to be understood as ‘‘subset’’, not necessarily strict, the symbol Y denotes the complement of Y in X , i.e. Y = {x ∈ X : x ̸∈ Y }. For W ⊂ X × X , the symbol W − denotes the symmetric closure of W , i.e. W − = {(x1 , x2 ) : (x1 , x2 ) ∈ W or (x2 , x1 ) ∈ W }. The null event is denoted by ϵ . For a string σ , |σ | denotes its length, σ (i), i ∈ {1, 2, . . . , |σ |}, denotes the ith element, and |σ |[a,b] is the string σ (a)σ (a + 1) . . . σ (b). P (σ ) is the projection of the string σ , i.e. the string obtained from σ by erasing the symbol ϵ (see e.g. Ramadge & Wonham, 1989). 2. Diagnosability properties and their relationships We consider a Finite State Machine (FSM) M = (X , X0 , Y , H , ∆) where X is the finite set of states; X0 ⊂ X is the set of initial states; Y is the finite set of outputs; H : X → Y is the output function; ∆ ⊂ X × X is the transition relation.
For i ∈ X , define succ (i) = {j ∈ X : (i, j) ∈ ∆} and pre (i) = {j ∈ X : (j, i) ∈ ∆}. We make the following standard assumption: Assumption 1 (Liveness). succ (i) ̸= ∅, ∀i ∈ X . Any finite or infinite string x with symbols in X that satisfies the condition x (1) ∈ X and x (k + 1) ∈ succ (x (k)) , k = 1, 2, . . . , |x| − 1 is called a state execution (or state trajectory or state evolution) of the FSM M. The singleton {i ∈ X } is an execution. Let X∗ be the set of all the state executions of M. Then, for a given Ψ ⊂ X , we can define the following subsets of X∗ : – XΨ is the set of state executions x ∈ X∗ with x (1) ∈ Ψ – XΨ ,∞ is the set of infinite state executions x ∈ X∗ with x (1) ∈ Ψ . For simplicity, the set XX0 ,∞ will be denoted by X – XΨ is the set of finite state executions x ∈ X∗ with last symbol in Ψ . Obviously, XX = X∗ and XΨ ,∞ ⊂ XΨ ⊂ X∗ . Let Y be the set of strings with symbols in Y = {y ∈ Y : y ̸= ϵ}. Define y : X∗ → Y, the function that associates to a state execution the corresponding output execution, as y (x) = P (σ ) where σ = H (x(1)) . . . H (x(n)) , n = |x| if |x| is finite. Otherwise y (x) = P (σ∞ ) where σ∞ is an infinite string recursively defined as σ1 = H (x(1)), σk+1 = σk H (x(k + 1)) , k = 1, 2, . . . . Finally, y−1 (y (x)) = x ∈ XX0 : y ( x) = y (x) , x ∈ XX0 . We now propose a framework where observability and diagnosability are defined with respect to a subset of the state space Ω ⊂ X called critical set. The set Ω may represent unsafe states, faulty states, or more generally any set of states of interest. For a string x ∈ X, two cases are possible: x (k) ̸∈ Ω , ∀k ∈ Z or x (k) ∈ Ω , for some k ∈ Z. If the second condition holds, let kx be the minimum value of k such that x (k) ∈ Ω . Otherwise set kx = ∞. The next definition describes the capability of inferring, from the output execution, that the state belongs to the set Ω , at some step during the execution, after a finite transient or after a finite delay or with some uncertainty in the determination of the step. The precise meaning of the parameters used to describe those characteristics will be discussed after the definition. Definition 1. The FSM M is parametrically diagnosable with respect to a set Ω ⊂ X (shortly parametrically Ω -diag) if there exist τ and δ ∈ Z, and T ∈ Z ∪ {∞} such that for any string x ∈ X with finite kx , whenever x (k) ∈ Ω and k ∈ [max {kx ,(τ + 1)} , kx + T ], it follows that for any string x ∈ y−1 y x|[1,k+δ ] , x (h) ∈ Ω , for some h ∈ [max {1, (k − γ1 )} , k + γ2 ] and for some γ1 , γ2 ∈ Z, γ2 ≤ δ . If x (k) ∈ Ω for some k ∈ Z, in what follows the condition x (k) ∈ Ω is called crossing event, and k is the step at which the crossing event occurs. The value γ = max {γ1 , γ2 } is the uncertainty radius in the reconstruction of the step at which the crossing event occurred. The parameter δ corresponds to the delay of the crossing event detection while τ corresponds to an initial time interval where the crossing event is not required to be detected. The detection of the crossing event is required whenever it occurs in the interval defined by the parameter T . To better understand the role of these parameters, consider the examples in Fig. 1. For fixed values τ , T , δ and γ , we have represented three possible cases, corresponding to three different executions, and hence with different values for kx . In the first case max {kx , (τ + 1)} = (τ + 1). Hence, any crossing event occurring in [(τ + 1) , kx + T ] has to be detected, with maximum delay δ and with maximum uncertainty γ . Crossing events occurring in [1, τ ] are not needed to be detected. In the second case,
E. De Santis, M.D. Di Benedetto / Automatica 81 (2017) 115–122
117
case d. T = ∞, τ = 0, δ > 0: the meaning is the same as in case b, but with τ = 0. In this case, the FSM M is said to be critically diagnosable with respect to Ω (critical Ω -diag). Critical diagnosability is an ‘‘always’’ property. case e. T = ∞, τ = 0, δ = 0: the meaning is the same as in case c, but with τ = 0. The FSM M is said to be critically observable with respect to Ω (critical Ω -obs). It is again an ‘‘always’’ property. The notion of critical observability for an FSM was introduced in Di Benedetto, Di Gennaro, and D’Innocenzo (2005a); Di Benedetto, et al. (2005b). In De Santis et al. (2006) the same notion was extended to linear switching systems with minimum and maximum dwell time. Finally, in Pezzuti, Pola, De Santis, and Di Benedetto (2017) the analysis of critical observability was extended to the case of networks of Finite State Machines.
Fig. 1. Illustration of parameters kx , τ and T .
max {kx , (τ + 1)} = kx , and therefore any crossing event up to step kx + T has to be detected, with maximum delay δ and with maximum uncertainty γ . Finally in the last case no detection is required. Obviously T = 0 and τ = 0 mean that only the first crossing event has to be detected. Moreover, δ = 0 implies γ = 0, but γ = 0 does not imply in general δ = 0. By definition of parametric diagnosability, the following monotonicity property holds: Proposition 2. If M is parametrically Ω -diag with parameters τ , δ , T , γ1 , γ2 then it is parametrically Ω -diag with parameters τ ′ , δ ′ , T ′ , γ1′ , γ2′ , where τ ′ ≥ τ , δ ′ ≥ δ , T ′ ≤ T , γ1′ ≥ γ1 , γ2′ ≥ γ2 , γ2′ ≤ δ ′ . Depending on the values taken by τ , δ and T , special instances of Definition 1 are obtained. We consider the following cases, which highlight the role of these parameters: case a. T = 0, τ = 0, δ ≥ 0: since T = 0 the crossing event can be detected the first time it occurs, immediately or with some delay. If Ω ⊂ X0 , and γ1 = γ2 = 0, case a becomes an extension of the definition of initial state observability property, as given e.g. in Ramadge (1986), which we call here Ω -initial state observability. case b. T = ∞, τ > 0, δ > 0: the crossing event can be detected with a maximum delay of δ steps whenever it occurs for k ≥ τ + 1. However, since τ ≥ 1, the event x (k) ∈ Ω , k ∈ [1, τ ] may not be detected (in this case, parametric diagnosability is an ‘‘eventual’’ property). The notion of (k1 , k2 )-detectability, as introduced in Shu and Lin (2013) can be retrieved as a special case. In fact it corresponds to parametric {x}-diagnosability, ∀x ∈ X , with parameters T = ∞, τ = k1 , δ = k2 and γ = 0. case c. T = ∞, τ > 0, δ = 0: with respect to case b, in this case the crossing event can be detected without any delay, and the FSM M is said to be Ω -current state observable. It is again an eventual property. Moreover, M is said to be current state observable if it is {x}-current state observable, ∀x ∈ X . The notion of current state observability coincides with the one studied in Balluchi et al. (2013) and with the notion of Strong Detectability as defined in Shu, Lin, and Ying (2007). Finally, if Ω = {x} and M is Ω -current state observable, then the state x is always observable, as defined in Ozveren and Willsky (1990).
For an exhaustive analysis, in addition to the cases above, let us consider also the case when T is finite and nonzero. This case deserves some attention only if we require the exact reconstruction of the step at which the crossing event occurs, i.e. γ = 0. In fact, if M is parametrically Ω -diag with parameters τ , δ , T = 0, γ1 , γ2 , then, by Definition 1 and by Proposition 2 it is parametrically Ω -diag also with parameters τ + T, δ + T, T = T, γ1 + T , γ2 + T , for any finite T ∈ Z. Conversely, by Definition 1, if M is parametrically Ω -diag with parameters τ , δ , T = T , γ1 , γ2 then it is Ω -diag also with parameters τ , δ , T = 0, γ1 , γ2 . The characterization of the property in the case T finite and nonzero and γ = 0 is a generalization of case a, which is not explicitly addressed in this paper. For simplicity of exposition, we now define three properties that correspond to case a, cases b and c, cases d and e, respectively. Definition 3 (Case a.). The FSM M is diagnosable with respect to a set Ω ⊂ X (Ω -diag) if there exists δ ∈ Z, such that for any x ∈ X for x ̸= ∞, it follows that for any which k x (h) ∈ Ω , for some h ∈ string x ∈ y−1 y x|[1,kx +δ ] , [max {1, kx − γ1 } , kx + γ2 ] and for some γ1 , γ2 ∈ Z, γ2 ≤ δ . If the property holds with δ = 0, M will be called observable with respect to a set Ω ⊂ X (Ω -obs). If Ω ⊂ X0 and the property holds with γ1 = γ2 = 0, M will be called Ω -initial state observable. The Ω -diag property of Definition 3 corresponds to the one given in Sampath, Sengupta, Lafortune, Sinnamohideen, and Teneketzis (1995), where only the detection of the condition x (h) ∈ Ω , for some h ∈ [1, kx + δ ], is required but not the refinement of the identification of the step at which the crossing event occurs. However, we will show in Section 4.2 that these two properties are equivalent, i.e. an FSM enjoys the property in Sampath et al. (1995) if and only if the requirements of Definition 3 hold. Definition 4 (Cases b and c.). The FSM M is eventually diagnosable with respect to a set Ω ⊂ X (eventually Ω -diag) if there exist τ and δ ∈ Z such that for any string x ∈ X with finite kx , whenever x (k) ∈ Ω and k ≥ max {kx , (τ + 1)}, it follows that for any string x ∈ y−1 y x|[1,k+δ ] , x (h) ∈ Ω , for some h ∈ [max {1, k − γ1 } , k + γ2 ] and for some γ1 , γ2 ∈ Z, γ2 ≤ δ . If the condition holds with δ = 0, M will be called eventually observable with respect to a set Ω ⊂ X (eventually Ω -obs). Finally, we state the following definition Definition 5 (Cases d and e.). The FSM M is critically diagnosable with respect to a set Ω ⊂ X (critically Ω -diag) if there exists δ ∈ Z, such that for any string x ∈ X with finite kx , whenever x (k) ∈ Ω , it follows that for any string x ∈ y−1 y x|[1,k+δ ] , x (h) ∈ Ω , for some h ∈ [max {1, k − γ1 } , k + γ2 ], and for some γ1 , γ2 ∈ Z, γ2 ≤ δ . If the condition holds with δ = 0, the FSM M is called critically observable with respect to Ω ⊂ X (critically Ω -obs).
118
E. De Santis, M.D. Di Benedetto / Automatica 81 (2017) 115–122
The following relationship can be established between the diagnosability properties introduced above. Proposition 6. M is critically Ω -diag if and only if it is Ω -diag and eventually Ω -diag. We will characterize the properties in Definitions 1, 3 and 4. The characterization of the property in Definition 5 will follow by Proposition 6 as a simple corollary. 3. Indistinguishability notions In what follows, we will assume that the set of outputs does not contain the null event ϵ . Assumption 2. ϵ ̸∈ Y . If an FSM M with ϵ ∈ Y is such that any cycle has at least a with ϵ ̸∈ Y state i with H (i) ̸= ϵ , then we can define an FSM M such that checking the parametric diagnosability property for M is equivalent to checking the parametric diagnosability property for The parameters for which the two properties are satisfied will M. Details about this equivalence in general be different for M and M. can be found in the extended version of this paper (De Santis & Di Benedetto, 2016). Given the FSM M = (X , X0 , Y , H , ∆) and the set Ω , define the sets
Π = {(i, j) ∈ X × X : H (i) = H (j)} and
Θ = {(i, j) ∈ X × X : i = j} ⊂ Π . By definition, the set Π and all its subsets are symmetric. We will refer to the following indistinguishability notions. Definition 7. Two state trajectories x1 and x2 in X∗ are called indistinguishable if y (x1 ) = y (x2 ). The pair (i, j) ∈ Π is k-forward indistinguishable if there exist x1 ∈ X{i} and x2 ∈ X{j} , such that |x1 | = |x2 | = k and y (x1 ) = y (x2 ). The pair (i, j) ∈ Σ ⊂ Π is k-backward indistinguishable in Σ if there exist x1 ∈ X{i} and x2 ∈ X{j} , such that |x1 | = |x2 | = k, x1 (h) ∈ Σ , x2 (h) ∈ Σ , ∀h ∈ [1, k], and y (x1 ) = y (x2 ). The following subsets of Π will be instrumental in characterizing the diagnosability properties described in Definitions 1 and 3–5.
• S ∗ ⊂ Π : set of pairs of states reachable from X0 with two indistinguishable state evolutions.
• F ∗ ⊂ Π : set of forward indistinguishable pairs of states. • B∗ (Σ ) ⊂ Σ ⊂ Π : set of backward indistinguishable pairs of states that belong to a given set Σ . • Λ∗ ⊂ (F ∗ ∩ S ∗ ): the set of pairs (i, j) ∈ Π , with i ∈ Ω and j ∈ Ω (or vice-versa i ∈ Ω and j ∈ Ω ) for which there exist two indistinguishable infinite state trajectories starting from {i} and {j}, respectively, such that the latter is contained in Ω (or viceversa the former is contained in Ω ). • Γ ∗ ⊂ B∗ (S ∗ ) ⊂ S ∗ : set of pairs (i, j) ∈ Π , with i ∈ Ω and j ∈ Ω (or vice-versa i ∈ Ω and j ∈ Ω ) for which there exist two indistinguishable finite state trajectories of arbitrary length ending in {i} and in {j}, respectively, both contained in S ∗ , such that the latter is contained in Ω (or vice-versa the former is contained in Ω ). In the following subsections, we will formally define the above sets and give algorithms for their computation. We will show that the computation of these sets has polynomial complexity in the state cardinality |X |. In fact the sets S ∗ , B∗ (Σ ), F ∗ , Γ ∗ and Λ∗ are computed as fixed points of appropriate recursions, whose convergence is assured after a number of steps denoted by s∗ , b∗ , f ∗ , g ∗ and l∗ , all upper bounded by |X |2 .
3.1. The set S ∗ Definition 8. The set S ∗ is the maximal set of pairs (i, j) ∈ Π such that there exist two indistinguishable state executions x1 ∈ X{i} ∩ XX0 and x2 ∈ X{j} ∩ XX0 . The pair of states in S ∗ is indistinguishable in the sense of Wang, Lafortune, and Lin (2007) and of Sears and Rudie (2014), where algorithms were studied, in the framework of Mealy automata with partially observable transitions.1 In our framework, the set S ∗ can be computed as follows. Define the recursion, with S1 = (X0 × X0 ) ∩ Π and k = 1, 2, . . . Sk+1 = {(i, j) ∈ Π : (pre(i) × pre(j)) ∩ Sk ̸= ∅} ∪ Sk .
(1)
Lemma 9. Consider Eq. (1). Then, (i) the least fixed point of the recursion, containing (X0 × X0 ) ∩ Π , exists, is unique and is equal to S ∗ ; (ii) the recursion reaches the fixed point S ∗ in at most s∗ < |X |2 steps. Let nk = |Sk |, p = |Π | and ν = maxi∈N |pre (i)|. Then at step k + 1 the algorithm involves at most ν 2 (p − nk ) nk elementary computations, where an elementary computation is: given (i, j) ∈ Π \ Sk and the pair i′ , j′ ∈ pre (i) × pre (j) check whether i′ , j′ ∈ Sk . Since ν 2 (p − nk ) nk ≤ ν 2 |X |4 , then the algorithm will stop after at most 2ν 2 |X |4 ln |X | elementary computations. Hence the spatial complexity is O |X |2 and the time complexity is O |X |5 . Similar observations on complexity hold for all the algorithms we will describe in the following sections. 3.2. The sets F ∗ and B∗ (Σ ) Definition 10. The set F ∗ is the maximal set of pairs (i, j) ∈ Π which are k-forward indistinguishable, ∀k ∈ Z, k ≥ 1. Define the recursion, with F1 = Π and k = 1, 2, . . . , Fk+1 = {(i, j) ∈ Fk : (succ (i) × succ (j)) ∩ Fk ̸= ∅} .
(2)
Lemma 11. Consider Eq. (2). Then, (i) Fk is the set of all k-forward indistinguishable pairs; (ii) the maximal fixed point of the recursion, contained in Π , is unique, nonempty and is equal to F ∗ ; (iii) the recursion reaches its maximal fixed point F ∗ in f ∗ < |X |2 steps. In a similar way, given Σ ⊂ Π , we can introduce the following Definition 12. The set B∗ (Σ ) is the maximal set of pairs (i, j) ∈ Σ which are k-backward indistinguishable in Σ , ∀k ∈ Z, k ≥ 1. Define the recursion, with B1 (Σ ) = Σ and k = 1, 2, . . . , Bk+1 (Σ ) =
(i, j) ∈ Bk (Σ ) : . (pre(i) × pre(j)) ∩ Bk (Σ ) ̸= ∅
(3)
Lemma 13. Consider Eq. (3). Then, (i) Bk (Σ ) is the set of all k-backward indistinguishable pairs in Σ ; (ii) if B∗ (Σ ) ̸= ∅, then the maximal fixed point of the recursion (3), contained in Σ , is unique, nonempty and is equal to B∗ (Σ ). Otherwise ∃k < |X |2 such that Bk (Σ ) = ∅; (iii) If B∗ (Σ ) ̸= ∅, the recursion reaches its maximal fixed point in b∗ < |X |2 steps.
1 In Wang et al. (2007) the relation between indistinguishability and the observability notion introduced in Lin and Wonham (1988) is also established.
E. De Santis, M.D. Di Benedetto / Automatica 81 (2017) 115–122
119
3.3. The sets Λ∗ and Γ ∗
4. Main results
Given S ∗ and Ω ⊂ X , we now define the sets Λk and Λ∗ that are subsets of Fk and F ∗ , i.e. the sets of forward indistinguishable pairs, for finite and infinite steps, respectively.
In this section we characterize the properties introduced in Definitions 1 and 3–5. We first derive necessary and sufficient conditions for each of those properties to hold. Then, some equivalent conditions are given in terms of simple set inclusions depending on the existence of some suitable parameters. The values of these parameters allow the computation of an upper bound for the delay of the diagnosis, and of a lower bound for the uncertainty radius of the diagnosis. = Given the FSM M = (X , X0 , Y , H , ∆), define the FSM M ), where (i, j) ∈ ∆ if and only if (i, j) ∈ ∆ (X , X0 , Y , H , ∆ and i ̸∈ Ω . Let S ∗ be the set of pairs reachable from X0 with Obviously two indistinguishable state evolutions, computed for M. S∗ ⊂ S∗. is not alive in general. However, as pointed out in The FSM M Section 3, the algorithm for the computation of S ∗ does not depend on the liveness assumption, so the set S ∗ can be computed by means of the same algorithm as S ∗ . The finite nonnegative values b∗ , b∗ , f ∗ , g ∗ and l∗ are well ∗ ∗ ∗ ∗ ∗ defined: b = min b : B (S ) = Bb (S ), b = min b : B∗ ( S∗) = Bb ( S ∗ ), f ∗ = min f : F ∗ = Ff , g ∗ = min g : Γ ∗ = Γg , l∗ = min l : Λ∗ = Λl .
Definition 14. Λk is the set of pairs (i, j) ∈ S ∗ , with i ∈ Ω and j ∈ Ω (or vice-versa i ∈ Ω and j ∈ Ω ) for which there exist two indistinguishable executions x1 ∈ X{i} and x2 ∈ X{j} , |x1 | = |x2 | = k, such that x2 (h) ∈ Ω , ∀h ∈ [1, k] (x1 (h) ∈ Ω , ∀h ∈ [1, k], respectively). Λ∗ is the set of pairs (i, j) ∈ S ∗ such that
∀k ∈ Z, ∃k ≥ k : (i, j) ∈ Λk . The setsΛk and Λ∗ can be computed by defining the recursion, with Ψ1 = X × Ω ∩ S ∗ and k = 1, 2, . . .
Ψk+1 = {(i, j) ∈ Ψk : (succ (i) × succ (j)) ∩ Ψk ̸= ∅} .
(4)
In fact, we can state the following: Lemma 15. Consider Eq. (4). Then,
−
; (i) Λk = Ψk ∩ Ω × Ω (ii) If Ψk ̸= ∅, ∀k = 1, 2, . . . , the maximal fixed point Ψ ∗ of the recursion defined in (4), contained in X × Ω , is nonempty and unique. Otherwise ∃k < |X |2 such that Ψk = ∅ and Ψ ∗ = ∅; (iii) If Ψ ∗ ̸= ∅ the recursion defined in (4) reaches this maximal fixed 2 ∗ point in l < |X | steps; − (iv) Λ∗ = Ψ ∗ ∩ Ω × Ω .
It can be easily verified that:
Λ1 =
Ω × Ω ∪ Ω × Ω ∩ S∗ Λk+1 ⊂ Λk ⊂ Fk ∩ S ∗ Λk ⊂ F ∗ ∩ S ∗ . Λ∗ =
(5)
k∈Z
The sets Γk and Γ ∗ take into account the ‘‘backward executions’’ of the FSM. In fact they are subsets of Bk (S ∗ ) and of B∗ (S ∗ ), respectively, and are defined as follows: Definition 16. Γk is the set of pairs (i, j) ∈ S ∗ , with i ∈ Ω and j ∈ Ω (or vice-versa i ∈ Ω and j ∈ Ω ) for which there exist two indistinguishable executions x1 ∈ X{i} and x2 ∈ X{j} , |x1 | = |x2 | = k, such that (x1 (h) , x2 (h)) ∈ S ∗ ∩ X × Ω , ∀h ∈ [1, k] (vice-versa
(x1 (h) , x2 (h)) ∈ S ∗ ∩ Ω × X ∀h ∈ [1, k], respectively). Γ ∗ is the ∗ set of pairs (i, j) ∈ S such that ∀k ∈ Z, ∃k ≥ k : (i, j) ∈ Γk . Define the recursion, with Ξ1 = X × Ω ∩ S and k = 1, 2, . . .
∗
Ξk+1 = {(i, j) ∈ Ξk : (prec (i) × prec (j)) ∩ Ξk ̸= ∅} .
(6)
Lemma 17. Consider Eq. (6). Then,
∃k < |X | such that Ξk = ∅ and Ξ = ∅. (iii) If Ξ ∗ ̸= ∅, the recursion reaches this maximal fixed point in g ∗ < |X |2 steps. − (iv) Γ ∗ = Ξ ∗ ∩ Ω × Ω . 2
∗
It can be easily verified that:
Γ1 = Ω × Ω ∪ Ω × Ω ∩ S ∗ Γk+1 ⊂ Γk ⊂ Bk S ∗ Γ∗ = Γk ⊂ B∗ S ∗ ⊂ S ∗ . k∈Z
Theorem 18. M is parametrically Ω -diag if and only if B∗ S ∗ ∩ Λ∗ = ∅.
(8)
As a consequence of the result above, the following equivalent condition can be obtained Corollary 19. If there exist b ∈ 1, b∗ , f ∈ [1, f ∗ ] and l ∈ [1, l∗ ] such that
−
(i) Γk = Ξk ∩ Ω × Ω . (ii) If Ξk ̸= ∅∀k, then the fixed point Ξ ∗ of the recursion, maximal contained in X × Ω ∩ S ∗ , is unique and nonempty. Otherwise
Consider the set B∗ S ∗ ∩ Λ∗ . On the basis of the definition of the setsgiven in the previous section, a pair of states (i, j) in the set B∗ S ∗ ∩ Λ∗ is such that only one of the two states i or j belongs to Ω . Such i and j are the ending states of a pair of arbitrarily long indistinguishable state executions of the system M (which are also executions of M) with initial states in X0 , with one of these executions which never crosses the set Ω . Moreover, i and j are the initial states of a pair of arbitrarily long indistinguishable state executions of the system M, with one of these executions which never crosses the set Ω . Therefore, given these executions, however long the transient and the delay are, and however loose is the required accuracy, it will not be possible to decide whether the critical set Ω has been crossed or not. As a consequence, bearing in and the equivalence between parametric mind the definition of M Ω -diag and parametric Ω -diag with T = 0, we can establish the following necessary and sufficient condition for an FSM to be parametrically Ω -diag.
4.1. Parametric Ω -diagnosability
(7)
Bb S ∗ ∩ F f ⊂ Λl
(9)
then M is parametrically Ω -diag with T = 0, τ = b − 1, δ = max {f , l} − 1, γ1 = γ2 = l − if M is parametrically 1. ∗Conversely, Ω -diag, then there exist b ∈ 1, b , f ∈ [1, f ∗ ] and l ∈ [1, l∗ ] such that inclusion (9) holds. In the statement of the previous corollary, the parameters b, f and l appear explicitly. Note that Λ∗ ⊂ F ∗ but in general Λl is not a subset of Ff , for l ̸= l∗ or f ̸= f ∗ . Therefore the inclusion (9) defines the set of all the values b, f and l such that M is parametrically Ω -diag. Given this set, an upper bound for the delay and a lower bound for the uncertainty radius can be evaluated. Let us explain how this can be done, in particular how the condition (9) allows the
120
E. De Santis, M.D. Di Benedetto / Automatica 81 (2017) 115–122
determination of the delay of the diagnosis of the crossing event, of the uncertainty about the time at which the event occurred and of the duration of the transient where the diagnosis is not possible or not required. This description gives also the tools for the design of the online diagnoser. Suppose (9) holds for some b, f and l. Given an infinite execution x and the output string up to current step k ≥ b + max {f , l} − 1, let x (k) ∈ 2X be the set of discrete states at step k−(max {f , l}−1) that are compatible with the observations up to step k. Suppose that kx ≥ b. Then at k = kx + max {f , l} − 1, x (k) ∩ Ω ̸= ∅. If x (k) ⊂ Ω , then we can deduce that the set Ω was crossed at step kx = k − (max {f , l} − 1). Otherwise suppose that x (k) = {i, j, h}, with only the state i belonging to Ω . Then each pair (i, j), ∗ S ∩ Ff , because they have not (i, h) and (j, h) belongs to Bb been distinguished at step k. Since the inclusion (9) holds, then at step k we are sure that the actual execution x of M is such that x(h) ∈ Ω , for some h ∈ [kx , kx + l − 1]. Suppose that b >1 and S ∗ , then S ∗ is not in general a subset of Bb kx ≤ b − 1. Since Bkx condition (9) does not allow the detection of the crossing event, based on the information available at step kx + max {f , l} − 1. Hence detection of the first crossing event occurs with a maximum delay δ = max {f , l} − 1, with uncertainty γ = l − 1 and with τ = b − 1. Therefore the system is parametrically diagnosable with T = 0, δ = max {f , l} − 1, γ = l − 1 and 1. τ = b − Finally, since B1 S∗ = S ∗ , F1 = Π , Λ1 = Ω × Ω ∪ Ω × Ω , then if (9) holds in the very special case of b = f = l = 1, then S ∗ ⊂ (Ω × Ω ) ∪ Ω × Ω , and detection occurs with a maximum delay δ = 0, with uncertainty γ = 0 and with τ = 0. 4.2. Ω -diagnosability Consider now Ω -diagnosability as defined in Definition 3. Consider the set S ∗ ∩ Λ∗ . By similar reasoning as in the previous subsection, the set S ∗ ∩ Λ∗ is the set of pairs (i, j), where only one of the two states i or j belongs to Ω , which are the ending states of with a pair of indistinguishable state executions of the system M, initial state in X0 , such that one of these executions never crosses the set Ω , and are the initial states of a pair of arbitrarily long indistinguishable state executions of the system M, such that one of them never crosses Ω . Therefore, recalling the definition of the we can state the following: system M,
(10)
Condition (10) implies diagnosability as defined in Sampath et al. (1995). The proof of the necessity in Theorem 20 (see De Santis & Di Benedetto, 2016) shows that condition (10) is necessary also for the property of Sampath et al. (1995) to hold. Hence, the diagnosability property of Definition 3 and the one defined in Sampath et al. (1995) is equivalent. As in the previous subsection, we obtain the following equivalent condition expressed in terms of the parameters for which Ω -diagnosability holds. Corollary 21. The FSM M is Ω -diag with delay δ and uncertainty radius γ if
∗ S ∩ Ff ⊂ Λl
Corollary 22. M is Ω -initial state observable if and only if
X0 ∩ F ∗ ⊂ (Ω × Ω ) ∪ Ω × Ω .
(11)
where f ≤ δ + 1, l ≤ δ + 1 and l ≤ γ + 1. Conversely, if M is Ω -diag, then there exist f ∈ [1, f ∗ − 1] and l ∈ [1, l∗ − 1] such that inclusion (11) holds.
(12)
4.3. Eventual and critical Ω -diagnosability Consider the eventual Ω -diagnosability property as defined in Definition 4. For simplicity, in this sub-section, the sets B∗ (S ∗ ) and Bk (S ∗ ) will be denoted by B∗ and Bk . A pair (i, j) in the set Γ ∗ ∩ Λ∗ is such that only one state of the pair belongs to Ω . The states i and j are the ending states of a pair of arbitrarily long indistinguishable state executions of the system M, with initial state in X0 , such that one of these executions never crosses the set Ω , and are the initial states of a pair of arbitrarily long indistinguishable state executions of the same system M, such that one of these executions never crosses the set Ω . Therefore we can state the following: Theorem 23. The FSM M is eventually Ω -diag if and only if
Γ ∗ ∩ Λ∗ = ∅.
Theorem 20. M is Ω -diag if and only if
S ∗ ∩ Λ∗ = ∅.
Condition (11) gives the tools for the computation of the delay between the occurrence of the critical event and its detection. More precisely, let us explain how the condition (11) allows the determination of the delay of the diagnosis of the crossing event and the uncertainty about the time at which the event occurred, and how the online detection can be done. ′ Suppose (11) holds for some f and l. Let ′k be the first k ≥ max {f , l} such that x (k) ∩ Ω ̸= ∅. If x k ⊂ Ω , then we can deduce that the set Ω was crossed for the first time at step k′ − (max {f , l} − 1). Otherwise suppose that x k′ = {i, j, h}, with only the state i belonging to Ω . Then each pair (i, j), (i, h) and (j, h) belongs to S ∗ ∩ Ff . Since the inclusion (11) holds, then any pair of indistinguishable state evolution of M starting from S ∗ ∩ Ff is such that both evolutions in the pair cross the set Ω within at most l steps. Therefore at step k′ we are sure that the actual evolution of M is such that x(h) ∈ Ω , for some h ∈ k′ − (max {f , l} − 1), k′ − (max {f , l}) + l . Hence detection occurs with a maximum delay δ = max {f , l} − 1, and with uncertainty γ = l − 1. The next result characterizes Ω -initial state observability (see Definition 3), a special case of Ω -diagnosability.
(13)
The following equivalent characterization of eventual Ω diagnosability is obtained: Corollary 24. If there exist b ∈ [1, b∗ ], f ∈ [1, f ∗ ], g ∈ [1, g ∗ ] and l ∈ [1, l∗ ] such that
Bb ∩ Ff ⊂ Γg ∩ Λl
(14)
then M is eventually Ω -diag with τ = max {b, g } − 1, δ = max {f , l} − 1, γ1 = g − 1, γ2 = l − 1. Conversely, if M is eventually Ω -diag, then there exist b ∈ [1, b∗ ], f ∈ [1, f ∗ ], g ∈ [1, g ∗ ] and l ∈ [1, l∗ ] such that inclusion (14) holds. We now show how the condition (14) allows the determination of the delay of the diagnosis of the crossing event, of the uncertainty about the time at which the event occurred and of the duration of the transient where the diagnosis is not possible or not required. Suppose (14) holds for some b, f , g and l. Let k′ beany k ≥ max {b, g } + max {f , l} − 1 such that x (k) ∩ Ω ̸= ∅. If x k′ ⊂ Ω , ′′ then we can deduce that the set Ω was crossed at step k = ′ ′ k − (max {f , l} − 1). Otherwise suppose that x k = { i , j , h} ,
E. De Santis, M.D. Di Benedetto / Automatica 81 (2017) 115–122
with only the state i belonging to Ω . Then each pair (i, j), (i, h) and (j, h) belongs to Bb ∩ Ff . Since the inclusion (14) holds, then each pair of state evolutions x1 and x2, compatible with the observations up to step k, and such that x1 k′′ = i and x2 k′′ = j has the property that both evolutions crossed the set Ω in the interval ′′ k − g + 1, k′′ , if (i, j) ∈ Γg , or in the interval k′′ , k′′ + l − 1 , if
(i, j) ∈ Λl . Therefore at step k′ the actual evolution of M is such that x(h) ∈ Ω , for some h ∈ k′′ − (g − 1), k′ + l − 1 . Hence detection occurs with a maximum delay δ = max {f , l} − 1, with uncertainty γ = max {g , l} − 1 and with 1. {b, g } − τ = max Since B1 = S ∗ , F1 = Π , Γ1 = Λ1 = Ω ×Ω ∪ Ω ×Ω , then if (14) holds in the very special case of b = g = f = l = 1, then S ∗ ⊂ (Ω × Ω ) ∪ Ω × Ω , and detection occurs with a maximum delay δ = 0, with uncertainty γ = 0 and with τ = 0. As a consequence of Theorem 23, we also obtain the following characterizations of diagnosability in two interesting special cases. The first one requires no delay in the detection (Case δ = 0). Corollary 25 (Case Ω -diag with δ = 0 if δ = 0). M is eventually and only if B∗ ⊂ (Ω × Ω ) ∪ Ω × Ω . The second special case requires the exact detection of the step at which the crossing event occurred (Case γ = 0). Corollary 26 (Case γ = 0). M is eventually Ω -diag with γ = 0 if and only if condition with g = 1and l = 1, i.e. there exist (14) holds b and f such that Bb ∩ Ff ⊂ (Ω × Ω ) ∪ Ω × Ω . Finally, we characterize the property in Definition 5. By Proposition 6, a characterization of critical Ω -diagnosability is obtained as simple consequence of Theorems 20 and 23: Corollary 27. M is critically Ω -diag if and only if S ∗ ∩ Λ∗ = ∅ and ∗ ∗ Γ ∩ Λ = ∅. The value max {b, g }−1 in the statement of Corollary 24 is not in general the minimum value of τ such that M is eventually Ω -diag. Hence critical Ω -diag cannot be deduced by setting b = g = 1 in condition (14). The next proposition characterizes critical Ω -observability. Proposition 28 (Case δ = 0and τ = 0). M is critically Ω -obs if and only if S ∗ ⊂ (Ω × Ω ) ∪ Ω × Ω . 5. Conclusions In this paper, we proposed a general framework for the analysis and characterization of observability and diagnosability of finite state systems. Observability and diagnosability were defined with respect to a subset of the state space, called critical set, i.e. a set of discrete states representing a set of faults, or more generally any set of interest. Using the proposed framework, it is possible to check diagnosability of a critical event and at the same time compute the delay of the diagnosis with respect to the occurrence of the event, the uncertainty about the time at which that event occurred, and the duration of a possible initial transient where the diagnosis is not possible or nor required. Moreover, in the unifying framework we propose, it was possible to precisely compare some of observability and diagnosability notions existing in the literature and the ones we introduced in our paper. For discrete event systems, some effort in the direction of a decentralized approach to observability and diagnosability has been made e.g. in Cieslak, Desclaux, Fawaz, and Varaiya (1988) and in Rudie and Wonham (1989) where the observability with respect to a language (Lin & Wonham, 1988) was generalized to the case of decentralized systems by introducing the notion of coobservability. In Wang, Girard, and Lafortune (2011) and in
121
Yin and Lafortune (2015) it was proven that coobservability and codiagnosability can be mapped from one to the other. Extending our approach to a decentralized framework and comparing our results with the ones above will be the subject of future investigation. References Babaali, M., & Pappas, G. (2005). Observability of switched linear systems in continuous time. In L. T. M. Morari, & F. Rossi (Eds.), Lecture notes in computer science: Vol. 3414. Hybrid systems: Computation and control 2005 (pp. 103–117). Springer–Verlag. Balluchi, A., Benvenuti, L., Di Benedetto, M. D., & Sangiovanni-Vincentelli, A. (2002). Design of observers for hybrid systems. In C. Tomlin, & M. Greensreet (Eds.), Lecture notes in computer science: Vol. 2289. Hybrid systems: Computation and control (pp. 76–89). Springer Verlag. Balluchi, A., Benvenuti, L., Di Benedetto, M. D., & Sangiovanni-Vincentelli, A. (2013). The design of dynamical observers for hybrid systems: Theory and application to an automotive control problem. Automatica, 49, 915–925. Bemporad, A., Ferrari-Trecate, G., & Morari, M. (2000). Observability and controllability of piecewise affine and hybrid systems. IEEE Transactions on Automatic Control, 45(10), 1864–1876. Cieslak, R., Desclaux, C., Fawaz, A., & Varaiya, P. (1988). Supervisory control of discrete-event processes with partial observations. IEEE Transactions on Automatic Control, 33(3), 249–260. Collins, P., & van Schuppen, J. (2007). Observability of piecewise-affine hybrid systems. In R. Alur, & G. Pappas (Eds.), Lecture notes in computer science: Vol. 2993. Hybrid systems: Computation and control, (HSCC’04), (pp. 265–279). Springer. De Santis, E., & Di Benedetto, M. D. (Eds.) (2009). Special issue on observability and observer-based control of hybrid systems. International Journal of Robust and Nonlinear Control, 19, 1519–1520. De Santis, E., & Di Benedetto, M.D. (2016). Observability and diagnosability of finite state systems: a unifying framework (extended version), arXiv:1608.03195v2. De Santis, E., Di Benedetto, M. D., Di Gennaro, S., D’Innocenzo, A., & Pola, G. (2006). In H. A. Blom, & J. Lygeros (Eds.), Lecture notes in control and information sciences: Vol. 337. Critical observability of a class of hybrid systems and application to air traffic management (pp. 141–170). Springer–Verlag. De Santis, E., Di Benedetto, M.D., & Pola, G. (2003). On observability and detectability of continuous–time linear switching systems. In Proceedings of the42nd IEEE conference on decision and control, CDC 03, Maui, Hawaii, USA, December (pp. 5777–5782). Di Benedetto, M.D., Di Gennaro, S., & D’Innocenzo, A. (2005a). Critical observability and hybrid observers for error detection in air traffic management. In Proceedings of 13th Mediterranean conference on control and automation, Limassol, Cyprus. Di Benedetto, M.D., Di Gennaro, S., & D’Innocenzo, A. (2005b). Error detection within a specific time horizon and application to air traffic management. In Proceedings of the joint44th IEEE conference on decision and control and European control conference (CDC–ECC’05), Seville, Spain, December, (pp. 7472–7477). Griffith, E. W., & Kumar, K. S. P. (1971). On the observability of nonlinear systems. Journal of Mathematical Analysis and Applications,. Hashtrudi Zad, S., Kwong, R. H., & Wonham, W. M. (1971). On the observability of nonlinear systems. Journal of Mathematical Analysis and Applications,. Kalman, R. E. (1959). On the general theory of control systems. IRE Transactions on Automatic Control, 4(3), 481–492. Lafortune, S. (2007). On decentralized and distributed control of partially-observed discrete event systems. In C. Bonivento, L. Marconi, C. Rossi, & A. Isidori (Eds.), Lecture notes in control and information sciences: 353. Adv. in control theory and applications (pp. 171–184). Springer. Lin, F. (1994). Diagnosability of discrete event systems and its applications. Discrete Event Dynamic Systems, 4(1), 197–212. Lin, F., & Wonham, W. (1988). On observability of discrete-event systems. Information Sciences, 44, 173–198. Luenberger, D. (1971). An introduction to observers. IEEE Transactions on Automatic Control, 16(6), 596–602. Ozveren, C., & Willsky, A. (1990). Observability of discrete event dynamic systems. IEEE Transactions on Automatic Control, 35(7), 797–806. Pezzuti, D., Pola, G., De Santis, E., & Di Benedetto, M.D. (2017). Decentralized Critical Observers of Networks of Finite State Machines and Model Reduction, arXiv:1412.1784v2. Ramadge, P. (1986). Observability of discrete event systems. In Proceedings of the25th IEEE conference on decision and control, Athens, Greece, December (pp. 1108–1112). Ramadge, P., & Wonham, W. (1989). The control of discrete-event systems. Proceedings of the IEEE, 77(1), 81–98. Rudie, K., & Wonham, W. (1989). Think globally, act locally: decentralized supervisor control. IEEE Transactions on Automatic Control, 37(11), 1692–1708. Sampath, M., Sengupta, R., Lafortune, S., Sinnamohideen, K., & Teneketzis, D. (1995). Diagnosability of discrete-event systems. IEEE Transactions on Automatic Control, 40(9), 1555–1575. Sears, D., & Rudie, K. (2014). On computing indistinguishable states of nondeterministic finite automata with partially observable transitions. In Proceedings of the 53rd IEEE conference on decision and control, Los Angeles, California, USA, (pp. 6731–6736). Shu, S., & Lin, F. (2013). Delayed detectability of discrete event systems. IEEE Transactions on Automatic Control, 58(4), 862–875.
122
E. De Santis, M.D. Di Benedetto / Automatica 81 (2017) 115–122
Shu, S., Lin, F., & Ying, H. (2007). Detectability of discrete event systems. IEEE Transactions on Automatic Control, 52(12), 2356–2359. Takai, S., & Ushio, T. (2012). Verification of codiagnosability for discrete event systems modeled by mealy automata with nondeterministic output functions. IEEE Transactions on Automatic Control, 57(3), 798–804. Tanwani, A., Shim, H., & Liberzon, D. (2013). Observability for switched linear systems: Characterization and observer design. IEEE Transactions on Automatic Control, 58(4), 891–904. Vidal, R., Chiuso, A., Soatto, S., & Sastry, S. (2003). Observability of linear hybrid systems. In A. Pnueli, & O. Maler (Eds.), Lecture notes in computer science: Vol. 2623. Hybrid systems: Computation and control (pp. 526–539). Springer Verlag. Wang, W., Girard, A., & Lafortune, S. (2011). On codiagnosability and coobservability with dynamic observations. IEEE Transactions on Automatic Control, 56(7), 1551–1566. Wang, W., Lafortune, S., & Lin, F. (2007). An algorithm for calculating indistinguishable states and clusters in finite-state automata with partially observed transitions. Systems & Control Letters, 656–661. Yin, X., & Lafortune, S. (2015). Codiagnosability and coobservability under dynamic observations: Transformations and verifications. Automatica, 61, 241–252. Zaytoon, J., & Lafortune, S. (2013). Overview of fault diagnosis methods for discrete event systems. Annual Reviews in Control, 37, 308–320. Elena De Santis received the degree in Electrical Engineering (summa cum laude) from the University of L’Aquila, L’Aquila, Italy, in 1983. From 1987 to 1998, she was an Assistant Professor with the University of L’Aquila. Since 1998 she is teaching Optimal Control in the same University, as Associate Professor. Elena De Santis has published papers in archival journals, conferences proceedings, and book series in analysis control and optimization of constrained and uncertain dynamic systems, dynamic-model management for decision support systems, positive systems, dynamic games, hybrid and switching systems. Ms. De Santis received the Outstanding Reviewer Honorable Mention from the editorial board of IEEE Trans. on Automatic Control for 2004 and 2013.
She is a member of the Executive Committee of the Center of Excellence DEWS (Architectures and design methodologies for embedded controllers, wireless interconnected and system-on-chip) of the University of L’Aquila. Member of IEEE since 1999, she has been elected at the grade of Senior Member, in 2006. She is member of IFAC Technical Committee TC 1.3 on Discrete Event and Hybrid Systems. She has been the chair and/or organizer of a number of sessions and member of the program committee in the main international conferences. She is member of the Editorial Board of European Journal of Control.
Maria Domenica Di Benedetto obtained the ‘‘Dr. Ing’’. degree (summa cum laude) of Electrical Engineering and Computer Science, University of Roma ‘‘La Sapienza’’, in 1976. In 1981, she obtained the ‘‘Docteur-Ingénieur’’ degree and in 1987 the ‘‘Doctora d’Etat ès Sciences’’ degree, Université de Paris-Sud (Orsay, France). Since 1994, she has been Professor of Automatic Control at University of l’Aquila. Since 2002, she has been IEEE Fellow. She has been Associate Editor of the IEEE Transactions of Automatic Control from 1995 to 1999, and Associate Editor at Large of the IEEE Transactions on Automatic Control from 2006 to 2009. Since 1995 she is Subject Editor of the International Journal of Robust and Nonlinear Control. From 2016 she is Associate Editor of the IFAC Journal Nonlinear Analysis: Hybrid Systems. She is the PI and Director of the Center of Excellence for Research DEWS ‘‘Architectures and Design methodologies for Embedded controllers, Wireless interconnect and System-on-Chip’’ of the University of L’Aquila. She is co-founder and member of the Governing Boar of WEST Aquila S.r.L. Since 2009, she has been the President of the European Embedded Control Institute. Since 2010, she has been a Member of the International Advisory Board of the Lund Center for the Control of Complex engineering systems (LCCC). Since 2013, she has been the President of the Italian Society of researchers in Automatic Control (SIDRA). Her research interests are centered about analysis and control of hybrid systems and networked control systems.
Contents lists available at ScienceDirect
Automatica journal homepage: www.elsevier.com/locate/automatica
Brief paper
Observability and diagnosability of finite state systems: A unifying framework✩ Elena De Santis, Maria Domenica Di Benedetto University of L’Aquila, DISIM, Department of Information Engineering, Computer Science and Mathematics, Center of Excellence DEWS, 67100 L’Aquila, Italy
article
info
Article history: Received 22 December 2014 Received in revised form 8 February 2017 Accepted 10 February 2017
Keywords: Observability Diagnosability Finite state systems
abstract In this paper, a general framework is proposed for the analysis and characterization of observability and diagnosability of finite state systems. Observability corresponds to the reconstruction of the system’s discrete state, while diagnosability corresponds to the possibility of determining the past occurrence of some particular states, for example faulty states. A unifying framework is proposed where observability and diagnosability properties are defined with respect to a critical set, i.e. a set of discrete states representing a set of faults, or more generally a set of interest. These properties are characterized and the involved conditions provide an estimation of the delay required for the detection of a critical state, of the precision of the delay estimation and of the duration of a possible initial transient where the diagnosis is not possible or not required. Our framework makes it possible to precisely compare some of the observability and diagnosability notions existing in the literature with the ones introduced in our paper, and this comparison is presented. © 2017 Elsevier Ltd. All rights reserved.
1. Introduction Reconstructing the internal behavior of a dynamical system on the basis of the available measurements is a central problem in control theory. Starting from the seminal paper (Kalman, 1959), state observability has been investigated both in the continuous domain (see e.g. the fundamental papers Luenberger, 1971 for the linear case and Griffith & Kumar, 1971 for the nonlinear case), in the discrete state domain (see e.g. Ozveren & Willsky, 1990 and Ramadge, 1986), and more recently for hybrid systems (see e.g. the special issue (De Santis, 2009) on observability and observerbased control of hybrid systems and the references therein, Babaali & Pappas, 2005; Balluchi, Benvenuti, Di Benedetto, & Sangiovanni-Vincentelli, 2002; Balluchi, Benvenuti, Di Benedetto, & Sangiovanni-Vincentelli, 2013; Bemporad, Ferrari-Trecate, & Morari, 2000; Collins & van Schuppen, 2007; De Santis, Di Benedetto, & Pola, 2003; Tanwani, Shim, & Liberzon, 2013; Vidal, Chiuso, Soatto, & Sastry, 2003). In some references dealing with discrete event systems, e.g. in Lafortune (2007), the notion of
✩ The material in this paper was not presented at any conference. This paper was recommended for publication in revised form by Associate Editor Jan Komenda under the direction of Editor Ian R. Petersen. E-mail addresses: [email protected] (E. De Santis), [email protected] (M.D. Di Benedetto).
http://dx.doi.org/10.1016/j.automatica.2017.02.042 0005-1098/© 2017 Elsevier Ltd. All rights reserved.
observability is related to state disambiguation, which is the property of distinguishing unambiguously among certain pairs of states in the state space. We will use here the term observability in the traditional meaning used in Zaytoon and Lafortune (2013) where observability corresponds to the reconstruction of the system’s discrete state. Diagnosability, a property that is closely related to observability but is more general, corresponds to the possibility of detecting the occurrence of some particular state, for example a faulty state, on the basis of the observations. An excellent survey of recent advances on diagnosis methods for discrete systems can be found in Zaytoon and Lafortune (2013). The formal definition and analysis of observability and diagnosability depend on the model, on the available output information, and on the objective for which state reconstruction is needed, e.g. for control purposes, for detection of critical situations, and for diagnosis of past system evolutions. It is therefore hard, in general, to understand the precise relationships that exist between the different notions that exist in the literature. In this paper, we propose a unifying framework where observability and diagnosability are defined with respect to a subset of the state space, called critical set. A state belonging to the critical set is called critical state. This idea comes from safety critical applications, e.g. Air Traffic Management (De Santis, Di Benedetto, Di Gennaro, D’Innocenzo, & Pola, 2006; Di Benedetto, Di Gennaro, & D’Innocenzo, 2005b), where the critical set of discrete states represents dangerous situations that must be
116
E. De Santis, M.D. Di Benedetto / Automatica 81 (2017) 115–122
detected to avoid unsafe or even catastrophic behavior of the system. However, the critical set can represent a set of faults, or more generally any set of interest. We define and characterize observability and diagnosability in a uniform set-membershipbased formalism. The set-membership formalism and the derived algorithms are very simple and intuitive, and allow checking the properties without constructing an observer, thereby avoiding the exponential complexity of the observer design. The definitions of observability and diagnosability are given in a general form that is parametric with respect to the delay required for the detection of a critical state, and the precision of the delay estimation. Using the proposed conditions that characterize those properties, we can check diagnosability of a critical event, such as a faulty event, and at the same time compute the delay of the diagnosis with respect to the occurrence of the event, the uncertainty about the time at which that event occurred, and the duration of a possible initial transient where the diagnosis is not possible or not required. These evaluations are useful to better understand the characteristics of the system and can be used in the implementation of the diagnoser. While in the literature on discrete event systems a transitionbased model is used, we adopt a state-based approach, similarly to what was done in Lin (1994) where an on-line diagnosability problem for a deterministic Moore automaton with partial state observation was solved, in Hashtrudi Zad, Kwong, and Wonham (1971) where the focus was on the complexity reduction in the diagnoser design, and in Takai and Ushio (2012) where verification of codiagnosability is performed. Because of the different formalism used in the transition-based and state-based approaches, a comparison between our definitions and those existing in the literature on discrete event systems is very hard to achieve without a unifying framework where the different notions can all be formulated and compared. We show that, using our formalism, we are able to understand the precise relationships that exist between the properties we analyze and some of the many diagnosability concepts that exist in the literature. The paper is organized as follows. After introducing the main definitions in Section 2, Section 3 is devoted to establishing some geometrical tools that are instrumental in proving our results. In Section 4, observability and diagnosability properties are completely characterized. The proofs are omitted for space reason and are available in De Santis and Di Benedetto (2016), where also examples are provided to better understand our results. The proofs of the main theorems are constructive and show how a diagnoser can be determined. Notations: The symbol Z denotes the set of nonnegative integer numbers. For a, b ∈ Z, [a, b] = {x ∈ Z : a ≤ x ≤ b}. For a set X , the symbol |X | denotes its cardinality. For a set Y ⊂ X , where the symbol ⊂ has to be understood as ‘‘subset’’, not necessarily strict, the symbol Y denotes the complement of Y in X , i.e. Y = {x ∈ X : x ̸∈ Y }. For W ⊂ X × X , the symbol W − denotes the symmetric closure of W , i.e. W − = {(x1 , x2 ) : (x1 , x2 ) ∈ W or (x2 , x1 ) ∈ W }. The null event is denoted by ϵ . For a string σ , |σ | denotes its length, σ (i), i ∈ {1, 2, . . . , |σ |}, denotes the ith element, and |σ |[a,b] is the string σ (a)σ (a + 1) . . . σ (b). P (σ ) is the projection of the string σ , i.e. the string obtained from σ by erasing the symbol ϵ (see e.g. Ramadge & Wonham, 1989). 2. Diagnosability properties and their relationships We consider a Finite State Machine (FSM) M = (X , X0 , Y , H , ∆) where X is the finite set of states; X0 ⊂ X is the set of initial states; Y is the finite set of outputs; H : X → Y is the output function; ∆ ⊂ X × X is the transition relation.
For i ∈ X , define succ (i) = {j ∈ X : (i, j) ∈ ∆} and pre (i) = {j ∈ X : (j, i) ∈ ∆}. We make the following standard assumption: Assumption 1 (Liveness). succ (i) ̸= ∅, ∀i ∈ X . Any finite or infinite string x with symbols in X that satisfies the condition x (1) ∈ X and x (k + 1) ∈ succ (x (k)) , k = 1, 2, . . . , |x| − 1 is called a state execution (or state trajectory or state evolution) of the FSM M. The singleton {i ∈ X } is an execution. Let X∗ be the set of all the state executions of M. Then, for a given Ψ ⊂ X , we can define the following subsets of X∗ : – XΨ is the set of state executions x ∈ X∗ with x (1) ∈ Ψ – XΨ ,∞ is the set of infinite state executions x ∈ X∗ with x (1) ∈ Ψ . For simplicity, the set XX0 ,∞ will be denoted by X – XΨ is the set of finite state executions x ∈ X∗ with last symbol in Ψ . Obviously, XX = X∗ and XΨ ,∞ ⊂ XΨ ⊂ X∗ . Let Y be the set of strings with symbols in Y = {y ∈ Y : y ̸= ϵ}. Define y : X∗ → Y, the function that associates to a state execution the corresponding output execution, as y (x) = P (σ ) where σ = H (x(1)) . . . H (x(n)) , n = |x| if |x| is finite. Otherwise y (x) = P (σ∞ ) where σ∞ is an infinite string recursively defined as σ1 = H (x(1)), σk+1 = σk H (x(k + 1)) , k = 1, 2, . . . . Finally, y−1 (y (x)) = x ∈ XX0 : y ( x) = y (x) , x ∈ XX0 . We now propose a framework where observability and diagnosability are defined with respect to a subset of the state space Ω ⊂ X called critical set. The set Ω may represent unsafe states, faulty states, or more generally any set of states of interest. For a string x ∈ X, two cases are possible: x (k) ̸∈ Ω , ∀k ∈ Z or x (k) ∈ Ω , for some k ∈ Z. If the second condition holds, let kx be the minimum value of k such that x (k) ∈ Ω . Otherwise set kx = ∞. The next definition describes the capability of inferring, from the output execution, that the state belongs to the set Ω , at some step during the execution, after a finite transient or after a finite delay or with some uncertainty in the determination of the step. The precise meaning of the parameters used to describe those characteristics will be discussed after the definition. Definition 1. The FSM M is parametrically diagnosable with respect to a set Ω ⊂ X (shortly parametrically Ω -diag) if there exist τ and δ ∈ Z, and T ∈ Z ∪ {∞} such that for any string x ∈ X with finite kx , whenever x (k) ∈ Ω and k ∈ [max {kx ,(τ + 1)} , kx + T ], it follows that for any string x ∈ y−1 y x|[1,k+δ ] , x (h) ∈ Ω , for some h ∈ [max {1, (k − γ1 )} , k + γ2 ] and for some γ1 , γ2 ∈ Z, γ2 ≤ δ . If x (k) ∈ Ω for some k ∈ Z, in what follows the condition x (k) ∈ Ω is called crossing event, and k is the step at which the crossing event occurs. The value γ = max {γ1 , γ2 } is the uncertainty radius in the reconstruction of the step at which the crossing event occurred. The parameter δ corresponds to the delay of the crossing event detection while τ corresponds to an initial time interval where the crossing event is not required to be detected. The detection of the crossing event is required whenever it occurs in the interval defined by the parameter T . To better understand the role of these parameters, consider the examples in Fig. 1. For fixed values τ , T , δ and γ , we have represented three possible cases, corresponding to three different executions, and hence with different values for kx . In the first case max {kx , (τ + 1)} = (τ + 1). Hence, any crossing event occurring in [(τ + 1) , kx + T ] has to be detected, with maximum delay δ and with maximum uncertainty γ . Crossing events occurring in [1, τ ] are not needed to be detected. In the second case,
E. De Santis, M.D. Di Benedetto / Automatica 81 (2017) 115–122
117
case d. T = ∞, τ = 0, δ > 0: the meaning is the same as in case b, but with τ = 0. In this case, the FSM M is said to be critically diagnosable with respect to Ω (critical Ω -diag). Critical diagnosability is an ‘‘always’’ property. case e. T = ∞, τ = 0, δ = 0: the meaning is the same as in case c, but with τ = 0. The FSM M is said to be critically observable with respect to Ω (critical Ω -obs). It is again an ‘‘always’’ property. The notion of critical observability for an FSM was introduced in Di Benedetto, Di Gennaro, and D’Innocenzo (2005a); Di Benedetto, et al. (2005b). In De Santis et al. (2006) the same notion was extended to linear switching systems with minimum and maximum dwell time. Finally, in Pezzuti, Pola, De Santis, and Di Benedetto (2017) the analysis of critical observability was extended to the case of networks of Finite State Machines.
Fig. 1. Illustration of parameters kx , τ and T .
max {kx , (τ + 1)} = kx , and therefore any crossing event up to step kx + T has to be detected, with maximum delay δ and with maximum uncertainty γ . Finally in the last case no detection is required. Obviously T = 0 and τ = 0 mean that only the first crossing event has to be detected. Moreover, δ = 0 implies γ = 0, but γ = 0 does not imply in general δ = 0. By definition of parametric diagnosability, the following monotonicity property holds: Proposition 2. If M is parametrically Ω -diag with parameters τ , δ , T , γ1 , γ2 then it is parametrically Ω -diag with parameters τ ′ , δ ′ , T ′ , γ1′ , γ2′ , where τ ′ ≥ τ , δ ′ ≥ δ , T ′ ≤ T , γ1′ ≥ γ1 , γ2′ ≥ γ2 , γ2′ ≤ δ ′ . Depending on the values taken by τ , δ and T , special instances of Definition 1 are obtained. We consider the following cases, which highlight the role of these parameters: case a. T = 0, τ = 0, δ ≥ 0: since T = 0 the crossing event can be detected the first time it occurs, immediately or with some delay. If Ω ⊂ X0 , and γ1 = γ2 = 0, case a becomes an extension of the definition of initial state observability property, as given e.g. in Ramadge (1986), which we call here Ω -initial state observability. case b. T = ∞, τ > 0, δ > 0: the crossing event can be detected with a maximum delay of δ steps whenever it occurs for k ≥ τ + 1. However, since τ ≥ 1, the event x (k) ∈ Ω , k ∈ [1, τ ] may not be detected (in this case, parametric diagnosability is an ‘‘eventual’’ property). The notion of (k1 , k2 )-detectability, as introduced in Shu and Lin (2013) can be retrieved as a special case. In fact it corresponds to parametric {x}-diagnosability, ∀x ∈ X , with parameters T = ∞, τ = k1 , δ = k2 and γ = 0. case c. T = ∞, τ > 0, δ = 0: with respect to case b, in this case the crossing event can be detected without any delay, and the FSM M is said to be Ω -current state observable. It is again an eventual property. Moreover, M is said to be current state observable if it is {x}-current state observable, ∀x ∈ X . The notion of current state observability coincides with the one studied in Balluchi et al. (2013) and with the notion of Strong Detectability as defined in Shu, Lin, and Ying (2007). Finally, if Ω = {x} and M is Ω -current state observable, then the state x is always observable, as defined in Ozveren and Willsky (1990).
For an exhaustive analysis, in addition to the cases above, let us consider also the case when T is finite and nonzero. This case deserves some attention only if we require the exact reconstruction of the step at which the crossing event occurs, i.e. γ = 0. In fact, if M is parametrically Ω -diag with parameters τ , δ , T = 0, γ1 , γ2 , then, by Definition 1 and by Proposition 2 it is parametrically Ω -diag also with parameters τ + T, δ + T, T = T, γ1 + T , γ2 + T , for any finite T ∈ Z. Conversely, by Definition 1, if M is parametrically Ω -diag with parameters τ , δ , T = T , γ1 , γ2 then it is Ω -diag also with parameters τ , δ , T = 0, γ1 , γ2 . The characterization of the property in the case T finite and nonzero and γ = 0 is a generalization of case a, which is not explicitly addressed in this paper. For simplicity of exposition, we now define three properties that correspond to case a, cases b and c, cases d and e, respectively. Definition 3 (Case a.). The FSM M is diagnosable with respect to a set Ω ⊂ X (Ω -diag) if there exists δ ∈ Z, such that for any x ∈ X for x ̸= ∞, it follows that for any which k x (h) ∈ Ω , for some h ∈ string x ∈ y−1 y x|[1,kx +δ ] , [max {1, kx − γ1 } , kx + γ2 ] and for some γ1 , γ2 ∈ Z, γ2 ≤ δ . If the property holds with δ = 0, M will be called observable with respect to a set Ω ⊂ X (Ω -obs). If Ω ⊂ X0 and the property holds with γ1 = γ2 = 0, M will be called Ω -initial state observable. The Ω -diag property of Definition 3 corresponds to the one given in Sampath, Sengupta, Lafortune, Sinnamohideen, and Teneketzis (1995), where only the detection of the condition x (h) ∈ Ω , for some h ∈ [1, kx + δ ], is required but not the refinement of the identification of the step at which the crossing event occurs. However, we will show in Section 4.2 that these two properties are equivalent, i.e. an FSM enjoys the property in Sampath et al. (1995) if and only if the requirements of Definition 3 hold. Definition 4 (Cases b and c.). The FSM M is eventually diagnosable with respect to a set Ω ⊂ X (eventually Ω -diag) if there exist τ and δ ∈ Z such that for any string x ∈ X with finite kx , whenever x (k) ∈ Ω and k ≥ max {kx , (τ + 1)}, it follows that for any string x ∈ y−1 y x|[1,k+δ ] , x (h) ∈ Ω , for some h ∈ [max {1, k − γ1 } , k + γ2 ] and for some γ1 , γ2 ∈ Z, γ2 ≤ δ . If the condition holds with δ = 0, M will be called eventually observable with respect to a set Ω ⊂ X (eventually Ω -obs). Finally, we state the following definition Definition 5 (Cases d and e.). The FSM M is critically diagnosable with respect to a set Ω ⊂ X (critically Ω -diag) if there exists δ ∈ Z, such that for any string x ∈ X with finite kx , whenever x (k) ∈ Ω , it follows that for any string x ∈ y−1 y x|[1,k+δ ] , x (h) ∈ Ω , for some h ∈ [max {1, k − γ1 } , k + γ2 ], and for some γ1 , γ2 ∈ Z, γ2 ≤ δ . If the condition holds with δ = 0, the FSM M is called critically observable with respect to Ω ⊂ X (critically Ω -obs).
118
E. De Santis, M.D. Di Benedetto / Automatica 81 (2017) 115–122
The following relationship can be established between the diagnosability properties introduced above. Proposition 6. M is critically Ω -diag if and only if it is Ω -diag and eventually Ω -diag. We will characterize the properties in Definitions 1, 3 and 4. The characterization of the property in Definition 5 will follow by Proposition 6 as a simple corollary. 3. Indistinguishability notions In what follows, we will assume that the set of outputs does not contain the null event ϵ . Assumption 2. ϵ ̸∈ Y . If an FSM M with ϵ ∈ Y is such that any cycle has at least a with ϵ ̸∈ Y state i with H (i) ̸= ϵ , then we can define an FSM M such that checking the parametric diagnosability property for M is equivalent to checking the parametric diagnosability property for The parameters for which the two properties are satisfied will M. Details about this equivalence in general be different for M and M. can be found in the extended version of this paper (De Santis & Di Benedetto, 2016). Given the FSM M = (X , X0 , Y , H , ∆) and the set Ω , define the sets
Π = {(i, j) ∈ X × X : H (i) = H (j)} and
Θ = {(i, j) ∈ X × X : i = j} ⊂ Π . By definition, the set Π and all its subsets are symmetric. We will refer to the following indistinguishability notions. Definition 7. Two state trajectories x1 and x2 in X∗ are called indistinguishable if y (x1 ) = y (x2 ). The pair (i, j) ∈ Π is k-forward indistinguishable if there exist x1 ∈ X{i} and x2 ∈ X{j} , such that |x1 | = |x2 | = k and y (x1 ) = y (x2 ). The pair (i, j) ∈ Σ ⊂ Π is k-backward indistinguishable in Σ if there exist x1 ∈ X{i} and x2 ∈ X{j} , such that |x1 | = |x2 | = k, x1 (h) ∈ Σ , x2 (h) ∈ Σ , ∀h ∈ [1, k], and y (x1 ) = y (x2 ). The following subsets of Π will be instrumental in characterizing the diagnosability properties described in Definitions 1 and 3–5.
• S ∗ ⊂ Π : set of pairs of states reachable from X0 with two indistinguishable state evolutions.
• F ∗ ⊂ Π : set of forward indistinguishable pairs of states. • B∗ (Σ ) ⊂ Σ ⊂ Π : set of backward indistinguishable pairs of states that belong to a given set Σ . • Λ∗ ⊂ (F ∗ ∩ S ∗ ): the set of pairs (i, j) ∈ Π , with i ∈ Ω and j ∈ Ω (or vice-versa i ∈ Ω and j ∈ Ω ) for which there exist two indistinguishable infinite state trajectories starting from {i} and {j}, respectively, such that the latter is contained in Ω (or viceversa the former is contained in Ω ). • Γ ∗ ⊂ B∗ (S ∗ ) ⊂ S ∗ : set of pairs (i, j) ∈ Π , with i ∈ Ω and j ∈ Ω (or vice-versa i ∈ Ω and j ∈ Ω ) for which there exist two indistinguishable finite state trajectories of arbitrary length ending in {i} and in {j}, respectively, both contained in S ∗ , such that the latter is contained in Ω (or vice-versa the former is contained in Ω ). In the following subsections, we will formally define the above sets and give algorithms for their computation. We will show that the computation of these sets has polynomial complexity in the state cardinality |X |. In fact the sets S ∗ , B∗ (Σ ), F ∗ , Γ ∗ and Λ∗ are computed as fixed points of appropriate recursions, whose convergence is assured after a number of steps denoted by s∗ , b∗ , f ∗ , g ∗ and l∗ , all upper bounded by |X |2 .
3.1. The set S ∗ Definition 8. The set S ∗ is the maximal set of pairs (i, j) ∈ Π such that there exist two indistinguishable state executions x1 ∈ X{i} ∩ XX0 and x2 ∈ X{j} ∩ XX0 . The pair of states in S ∗ is indistinguishable in the sense of Wang, Lafortune, and Lin (2007) and of Sears and Rudie (2014), where algorithms were studied, in the framework of Mealy automata with partially observable transitions.1 In our framework, the set S ∗ can be computed as follows. Define the recursion, with S1 = (X0 × X0 ) ∩ Π and k = 1, 2, . . . Sk+1 = {(i, j) ∈ Π : (pre(i) × pre(j)) ∩ Sk ̸= ∅} ∪ Sk .
(1)
Lemma 9. Consider Eq. (1). Then, (i) the least fixed point of the recursion, containing (X0 × X0 ) ∩ Π , exists, is unique and is equal to S ∗ ; (ii) the recursion reaches the fixed point S ∗ in at most s∗ < |X |2 steps. Let nk = |Sk |, p = |Π | and ν = maxi∈N |pre (i)|. Then at step k + 1 the algorithm involves at most ν 2 (p − nk ) nk elementary computations, where an elementary computation is: given (i, j) ∈ Π \ Sk and the pair i′ , j′ ∈ pre (i) × pre (j) check whether i′ , j′ ∈ Sk . Since ν 2 (p − nk ) nk ≤ ν 2 |X |4 , then the algorithm will stop after at most 2ν 2 |X |4 ln |X | elementary computations. Hence the spatial complexity is O |X |2 and the time complexity is O |X |5 . Similar observations on complexity hold for all the algorithms we will describe in the following sections. 3.2. The sets F ∗ and B∗ (Σ ) Definition 10. The set F ∗ is the maximal set of pairs (i, j) ∈ Π which are k-forward indistinguishable, ∀k ∈ Z, k ≥ 1. Define the recursion, with F1 = Π and k = 1, 2, . . . , Fk+1 = {(i, j) ∈ Fk : (succ (i) × succ (j)) ∩ Fk ̸= ∅} .
(2)
Lemma 11. Consider Eq. (2). Then, (i) Fk is the set of all k-forward indistinguishable pairs; (ii) the maximal fixed point of the recursion, contained in Π , is unique, nonempty and is equal to F ∗ ; (iii) the recursion reaches its maximal fixed point F ∗ in f ∗ < |X |2 steps. In a similar way, given Σ ⊂ Π , we can introduce the following Definition 12. The set B∗ (Σ ) is the maximal set of pairs (i, j) ∈ Σ which are k-backward indistinguishable in Σ , ∀k ∈ Z, k ≥ 1. Define the recursion, with B1 (Σ ) = Σ and k = 1, 2, . . . , Bk+1 (Σ ) =
(i, j) ∈ Bk (Σ ) : . (pre(i) × pre(j)) ∩ Bk (Σ ) ̸= ∅
(3)
Lemma 13. Consider Eq. (3). Then, (i) Bk (Σ ) is the set of all k-backward indistinguishable pairs in Σ ; (ii) if B∗ (Σ ) ̸= ∅, then the maximal fixed point of the recursion (3), contained in Σ , is unique, nonempty and is equal to B∗ (Σ ). Otherwise ∃k < |X |2 such that Bk (Σ ) = ∅; (iii) If B∗ (Σ ) ̸= ∅, the recursion reaches its maximal fixed point in b∗ < |X |2 steps.
1 In Wang et al. (2007) the relation between indistinguishability and the observability notion introduced in Lin and Wonham (1988) is also established.
E. De Santis, M.D. Di Benedetto / Automatica 81 (2017) 115–122
119
3.3. The sets Λ∗ and Γ ∗
4. Main results
Given S ∗ and Ω ⊂ X , we now define the sets Λk and Λ∗ that are subsets of Fk and F ∗ , i.e. the sets of forward indistinguishable pairs, for finite and infinite steps, respectively.
In this section we characterize the properties introduced in Definitions 1 and 3–5. We first derive necessary and sufficient conditions for each of those properties to hold. Then, some equivalent conditions are given in terms of simple set inclusions depending on the existence of some suitable parameters. The values of these parameters allow the computation of an upper bound for the delay of the diagnosis, and of a lower bound for the uncertainty radius of the diagnosis. = Given the FSM M = (X , X0 , Y , H , ∆), define the FSM M ), where (i, j) ∈ ∆ if and only if (i, j) ∈ ∆ (X , X0 , Y , H , ∆ and i ̸∈ Ω . Let S ∗ be the set of pairs reachable from X0 with Obviously two indistinguishable state evolutions, computed for M. S∗ ⊂ S∗. is not alive in general. However, as pointed out in The FSM M Section 3, the algorithm for the computation of S ∗ does not depend on the liveness assumption, so the set S ∗ can be computed by means of the same algorithm as S ∗ . The finite nonnegative values b∗ , b∗ , f ∗ , g ∗ and l∗ are well ∗ ∗ ∗ ∗ ∗ defined: b = min b : B (S ) = Bb (S ), b = min b : B∗ ( S∗) = Bb ( S ∗ ), f ∗ = min f : F ∗ = Ff , g ∗ = min g : Γ ∗ = Γg , l∗ = min l : Λ∗ = Λl .
Definition 14. Λk is the set of pairs (i, j) ∈ S ∗ , with i ∈ Ω and j ∈ Ω (or vice-versa i ∈ Ω and j ∈ Ω ) for which there exist two indistinguishable executions x1 ∈ X{i} and x2 ∈ X{j} , |x1 | = |x2 | = k, such that x2 (h) ∈ Ω , ∀h ∈ [1, k] (x1 (h) ∈ Ω , ∀h ∈ [1, k], respectively). Λ∗ is the set of pairs (i, j) ∈ S ∗ such that
∀k ∈ Z, ∃k ≥ k : (i, j) ∈ Λk . The setsΛk and Λ∗ can be computed by defining the recursion, with Ψ1 = X × Ω ∩ S ∗ and k = 1, 2, . . .
Ψk+1 = {(i, j) ∈ Ψk : (succ (i) × succ (j)) ∩ Ψk ̸= ∅} .
(4)
In fact, we can state the following: Lemma 15. Consider Eq. (4). Then,
−
; (i) Λk = Ψk ∩ Ω × Ω (ii) If Ψk ̸= ∅, ∀k = 1, 2, . . . , the maximal fixed point Ψ ∗ of the recursion defined in (4), contained in X × Ω , is nonempty and unique. Otherwise ∃k < |X |2 such that Ψk = ∅ and Ψ ∗ = ∅; (iii) If Ψ ∗ ̸= ∅ the recursion defined in (4) reaches this maximal fixed 2 ∗ point in l < |X | steps; − (iv) Λ∗ = Ψ ∗ ∩ Ω × Ω .
It can be easily verified that:
Λ1 =
Ω × Ω ∪ Ω × Ω ∩ S∗ Λk+1 ⊂ Λk ⊂ Fk ∩ S ∗ Λk ⊂ F ∗ ∩ S ∗ . Λ∗ =
(5)
k∈Z
The sets Γk and Γ ∗ take into account the ‘‘backward executions’’ of the FSM. In fact they are subsets of Bk (S ∗ ) and of B∗ (S ∗ ), respectively, and are defined as follows: Definition 16. Γk is the set of pairs (i, j) ∈ S ∗ , with i ∈ Ω and j ∈ Ω (or vice-versa i ∈ Ω and j ∈ Ω ) for which there exist two indistinguishable executions x1 ∈ X{i} and x2 ∈ X{j} , |x1 | = |x2 | = k, such that (x1 (h) , x2 (h)) ∈ S ∗ ∩ X × Ω , ∀h ∈ [1, k] (vice-versa
(x1 (h) , x2 (h)) ∈ S ∗ ∩ Ω × X ∀h ∈ [1, k], respectively). Γ ∗ is the ∗ set of pairs (i, j) ∈ S such that ∀k ∈ Z, ∃k ≥ k : (i, j) ∈ Γk . Define the recursion, with Ξ1 = X × Ω ∩ S and k = 1, 2, . . .
∗
Ξk+1 = {(i, j) ∈ Ξk : (prec (i) × prec (j)) ∩ Ξk ̸= ∅} .
(6)
Lemma 17. Consider Eq. (6). Then,
∃k < |X | such that Ξk = ∅ and Ξ = ∅. (iii) If Ξ ∗ ̸= ∅, the recursion reaches this maximal fixed point in g ∗ < |X |2 steps. − (iv) Γ ∗ = Ξ ∗ ∩ Ω × Ω . 2
∗
It can be easily verified that:
Γ1 = Ω × Ω ∪ Ω × Ω ∩ S ∗ Γk+1 ⊂ Γk ⊂ Bk S ∗ Γ∗ = Γk ⊂ B∗ S ∗ ⊂ S ∗ . k∈Z
Theorem 18. M is parametrically Ω -diag if and only if B∗ S ∗ ∩ Λ∗ = ∅.
(8)
As a consequence of the result above, the following equivalent condition can be obtained Corollary 19. If there exist b ∈ 1, b∗ , f ∈ [1, f ∗ ] and l ∈ [1, l∗ ] such that
−
(i) Γk = Ξk ∩ Ω × Ω . (ii) If Ξk ̸= ∅∀k, then the fixed point Ξ ∗ of the recursion, maximal contained in X × Ω ∩ S ∗ , is unique and nonempty. Otherwise
Consider the set B∗ S ∗ ∩ Λ∗ . On the basis of the definition of the setsgiven in the previous section, a pair of states (i, j) in the set B∗ S ∗ ∩ Λ∗ is such that only one of the two states i or j belongs to Ω . Such i and j are the ending states of a pair of arbitrarily long indistinguishable state executions of the system M (which are also executions of M) with initial states in X0 , with one of these executions which never crosses the set Ω . Moreover, i and j are the initial states of a pair of arbitrarily long indistinguishable state executions of the system M, with one of these executions which never crosses the set Ω . Therefore, given these executions, however long the transient and the delay are, and however loose is the required accuracy, it will not be possible to decide whether the critical set Ω has been crossed or not. As a consequence, bearing in and the equivalence between parametric mind the definition of M Ω -diag and parametric Ω -diag with T = 0, we can establish the following necessary and sufficient condition for an FSM to be parametrically Ω -diag.
4.1. Parametric Ω -diagnosability
(7)
Bb S ∗ ∩ F f ⊂ Λl
(9)
then M is parametrically Ω -diag with T = 0, τ = b − 1, δ = max {f , l} − 1, γ1 = γ2 = l − if M is parametrically 1. ∗Conversely, Ω -diag, then there exist b ∈ 1, b , f ∈ [1, f ∗ ] and l ∈ [1, l∗ ] such that inclusion (9) holds. In the statement of the previous corollary, the parameters b, f and l appear explicitly. Note that Λ∗ ⊂ F ∗ but in general Λl is not a subset of Ff , for l ̸= l∗ or f ̸= f ∗ . Therefore the inclusion (9) defines the set of all the values b, f and l such that M is parametrically Ω -diag. Given this set, an upper bound for the delay and a lower bound for the uncertainty radius can be evaluated. Let us explain how this can be done, in particular how the condition (9) allows the
120
E. De Santis, M.D. Di Benedetto / Automatica 81 (2017) 115–122
determination of the delay of the diagnosis of the crossing event, of the uncertainty about the time at which the event occurred and of the duration of the transient where the diagnosis is not possible or not required. This description gives also the tools for the design of the online diagnoser. Suppose (9) holds for some b, f and l. Given an infinite execution x and the output string up to current step k ≥ b + max {f , l} − 1, let x (k) ∈ 2X be the set of discrete states at step k−(max {f , l}−1) that are compatible with the observations up to step k. Suppose that kx ≥ b. Then at k = kx + max {f , l} − 1, x (k) ∩ Ω ̸= ∅. If x (k) ⊂ Ω , then we can deduce that the set Ω was crossed at step kx = k − (max {f , l} − 1). Otherwise suppose that x (k) = {i, j, h}, with only the state i belonging to Ω . Then each pair (i, j), ∗ S ∩ Ff , because they have not (i, h) and (j, h) belongs to Bb been distinguished at step k. Since the inclusion (9) holds, then at step k we are sure that the actual execution x of M is such that x(h) ∈ Ω , for some h ∈ [kx , kx + l − 1]. Suppose that b >1 and S ∗ , then S ∗ is not in general a subset of Bb kx ≤ b − 1. Since Bkx condition (9) does not allow the detection of the crossing event, based on the information available at step kx + max {f , l} − 1. Hence detection of the first crossing event occurs with a maximum delay δ = max {f , l} − 1, with uncertainty γ = l − 1 and with τ = b − 1. Therefore the system is parametrically diagnosable with T = 0, δ = max {f , l} − 1, γ = l − 1 and 1. τ = b − Finally, since B1 S∗ = S ∗ , F1 = Π , Λ1 = Ω × Ω ∪ Ω × Ω , then if (9) holds in the very special case of b = f = l = 1, then S ∗ ⊂ (Ω × Ω ) ∪ Ω × Ω , and detection occurs with a maximum delay δ = 0, with uncertainty γ = 0 and with τ = 0. 4.2. Ω -diagnosability Consider now Ω -diagnosability as defined in Definition 3. Consider the set S ∗ ∩ Λ∗ . By similar reasoning as in the previous subsection, the set S ∗ ∩ Λ∗ is the set of pairs (i, j), where only one of the two states i or j belongs to Ω , which are the ending states of with a pair of indistinguishable state executions of the system M, initial state in X0 , such that one of these executions never crosses the set Ω , and are the initial states of a pair of arbitrarily long indistinguishable state executions of the system M, such that one of them never crosses Ω . Therefore, recalling the definition of the we can state the following: system M,
(10)
Condition (10) implies diagnosability as defined in Sampath et al. (1995). The proof of the necessity in Theorem 20 (see De Santis & Di Benedetto, 2016) shows that condition (10) is necessary also for the property of Sampath et al. (1995) to hold. Hence, the diagnosability property of Definition 3 and the one defined in Sampath et al. (1995) is equivalent. As in the previous subsection, we obtain the following equivalent condition expressed in terms of the parameters for which Ω -diagnosability holds. Corollary 21. The FSM M is Ω -diag with delay δ and uncertainty radius γ if
∗ S ∩ Ff ⊂ Λl
Corollary 22. M is Ω -initial state observable if and only if
X0 ∩ F ∗ ⊂ (Ω × Ω ) ∪ Ω × Ω .
(11)
where f ≤ δ + 1, l ≤ δ + 1 and l ≤ γ + 1. Conversely, if M is Ω -diag, then there exist f ∈ [1, f ∗ − 1] and l ∈ [1, l∗ − 1] such that inclusion (11) holds.
(12)
4.3. Eventual and critical Ω -diagnosability Consider the eventual Ω -diagnosability property as defined in Definition 4. For simplicity, in this sub-section, the sets B∗ (S ∗ ) and Bk (S ∗ ) will be denoted by B∗ and Bk . A pair (i, j) in the set Γ ∗ ∩ Λ∗ is such that only one state of the pair belongs to Ω . The states i and j are the ending states of a pair of arbitrarily long indistinguishable state executions of the system M, with initial state in X0 , such that one of these executions never crosses the set Ω , and are the initial states of a pair of arbitrarily long indistinguishable state executions of the same system M, such that one of these executions never crosses the set Ω . Therefore we can state the following: Theorem 23. The FSM M is eventually Ω -diag if and only if
Γ ∗ ∩ Λ∗ = ∅.
Theorem 20. M is Ω -diag if and only if
S ∗ ∩ Λ∗ = ∅.
Condition (11) gives the tools for the computation of the delay between the occurrence of the critical event and its detection. More precisely, let us explain how the condition (11) allows the determination of the delay of the diagnosis of the crossing event and the uncertainty about the time at which the event occurred, and how the online detection can be done. ′ Suppose (11) holds for some f and l. Let ′k be the first k ≥ max {f , l} such that x (k) ∩ Ω ̸= ∅. If x k ⊂ Ω , then we can deduce that the set Ω was crossed for the first time at step k′ − (max {f , l} − 1). Otherwise suppose that x k′ = {i, j, h}, with only the state i belonging to Ω . Then each pair (i, j), (i, h) and (j, h) belongs to S ∗ ∩ Ff . Since the inclusion (11) holds, then any pair of indistinguishable state evolution of M starting from S ∗ ∩ Ff is such that both evolutions in the pair cross the set Ω within at most l steps. Therefore at step k′ we are sure that the actual evolution of M is such that x(h) ∈ Ω , for some h ∈ k′ − (max {f , l} − 1), k′ − (max {f , l}) + l . Hence detection occurs with a maximum delay δ = max {f , l} − 1, and with uncertainty γ = l − 1. The next result characterizes Ω -initial state observability (see Definition 3), a special case of Ω -diagnosability.
(13)
The following equivalent characterization of eventual Ω diagnosability is obtained: Corollary 24. If there exist b ∈ [1, b∗ ], f ∈ [1, f ∗ ], g ∈ [1, g ∗ ] and l ∈ [1, l∗ ] such that
Bb ∩ Ff ⊂ Γg ∩ Λl
(14)
then M is eventually Ω -diag with τ = max {b, g } − 1, δ = max {f , l} − 1, γ1 = g − 1, γ2 = l − 1. Conversely, if M is eventually Ω -diag, then there exist b ∈ [1, b∗ ], f ∈ [1, f ∗ ], g ∈ [1, g ∗ ] and l ∈ [1, l∗ ] such that inclusion (14) holds. We now show how the condition (14) allows the determination of the delay of the diagnosis of the crossing event, of the uncertainty about the time at which the event occurred and of the duration of the transient where the diagnosis is not possible or not required. Suppose (14) holds for some b, f , g and l. Let k′ beany k ≥ max {b, g } + max {f , l} − 1 such that x (k) ∩ Ω ̸= ∅. If x k′ ⊂ Ω , ′′ then we can deduce that the set Ω was crossed at step k = ′ ′ k − (max {f , l} − 1). Otherwise suppose that x k = { i , j , h} ,
E. De Santis, M.D. Di Benedetto / Automatica 81 (2017) 115–122
with only the state i belonging to Ω . Then each pair (i, j), (i, h) and (j, h) belongs to Bb ∩ Ff . Since the inclusion (14) holds, then each pair of state evolutions x1 and x2, compatible with the observations up to step k, and such that x1 k′′ = i and x2 k′′ = j has the property that both evolutions crossed the set Ω in the interval ′′ k − g + 1, k′′ , if (i, j) ∈ Γg , or in the interval k′′ , k′′ + l − 1 , if
(i, j) ∈ Λl . Therefore at step k′ the actual evolution of M is such that x(h) ∈ Ω , for some h ∈ k′′ − (g − 1), k′ + l − 1 . Hence detection occurs with a maximum delay δ = max {f , l} − 1, with uncertainty γ = max {g , l} − 1 and with 1. {b, g } − τ = max Since B1 = S ∗ , F1 = Π , Γ1 = Λ1 = Ω ×Ω ∪ Ω ×Ω , then if (14) holds in the very special case of b = g = f = l = 1, then S ∗ ⊂ (Ω × Ω ) ∪ Ω × Ω , and detection occurs with a maximum delay δ = 0, with uncertainty γ = 0 and with τ = 0. As a consequence of Theorem 23, we also obtain the following characterizations of diagnosability in two interesting special cases. The first one requires no delay in the detection (Case δ = 0). Corollary 25 (Case Ω -diag with δ = 0 if δ = 0). M is eventually and only if B∗ ⊂ (Ω × Ω ) ∪ Ω × Ω . The second special case requires the exact detection of the step at which the crossing event occurred (Case γ = 0). Corollary 26 (Case γ = 0). M is eventually Ω -diag with γ = 0 if and only if condition with g = 1and l = 1, i.e. there exist (14) holds b and f such that Bb ∩ Ff ⊂ (Ω × Ω ) ∪ Ω × Ω . Finally, we characterize the property in Definition 5. By Proposition 6, a characterization of critical Ω -diagnosability is obtained as simple consequence of Theorems 20 and 23: Corollary 27. M is critically Ω -diag if and only if S ∗ ∩ Λ∗ = ∅ and ∗ ∗ Γ ∩ Λ = ∅. The value max {b, g }−1 in the statement of Corollary 24 is not in general the minimum value of τ such that M is eventually Ω -diag. Hence critical Ω -diag cannot be deduced by setting b = g = 1 in condition (14). The next proposition characterizes critical Ω -observability. Proposition 28 (Case δ = 0and τ = 0). M is critically Ω -obs if and only if S ∗ ⊂ (Ω × Ω ) ∪ Ω × Ω . 5. Conclusions In this paper, we proposed a general framework for the analysis and characterization of observability and diagnosability of finite state systems. Observability and diagnosability were defined with respect to a subset of the state space, called critical set, i.e. a set of discrete states representing a set of faults, or more generally any set of interest. Using the proposed framework, it is possible to check diagnosability of a critical event and at the same time compute the delay of the diagnosis with respect to the occurrence of the event, the uncertainty about the time at which that event occurred, and the duration of a possible initial transient where the diagnosis is not possible or nor required. Moreover, in the unifying framework we propose, it was possible to precisely compare some of observability and diagnosability notions existing in the literature and the ones we introduced in our paper. For discrete event systems, some effort in the direction of a decentralized approach to observability and diagnosability has been made e.g. in Cieslak, Desclaux, Fawaz, and Varaiya (1988) and in Rudie and Wonham (1989) where the observability with respect to a language (Lin & Wonham, 1988) was generalized to the case of decentralized systems by introducing the notion of coobservability. In Wang, Girard, and Lafortune (2011) and in
121
Yin and Lafortune (2015) it was proven that coobservability and codiagnosability can be mapped from one to the other. Extending our approach to a decentralized framework and comparing our results with the ones above will be the subject of future investigation. References Babaali, M., & Pappas, G. (2005). Observability of switched linear systems in continuous time. In L. T. M. Morari, & F. Rossi (Eds.), Lecture notes in computer science: Vol. 3414. Hybrid systems: Computation and control 2005 (pp. 103–117). Springer–Verlag. Balluchi, A., Benvenuti, L., Di Benedetto, M. D., & Sangiovanni-Vincentelli, A. (2002). Design of observers for hybrid systems. In C. Tomlin, & M. Greensreet (Eds.), Lecture notes in computer science: Vol. 2289. Hybrid systems: Computation and control (pp. 76–89). Springer Verlag. Balluchi, A., Benvenuti, L., Di Benedetto, M. D., & Sangiovanni-Vincentelli, A. (2013). The design of dynamical observers for hybrid systems: Theory and application to an automotive control problem. Automatica, 49, 915–925. Bemporad, A., Ferrari-Trecate, G., & Morari, M. (2000). Observability and controllability of piecewise affine and hybrid systems. IEEE Transactions on Automatic Control, 45(10), 1864–1876. Cieslak, R., Desclaux, C., Fawaz, A., & Varaiya, P. (1988). Supervisory control of discrete-event processes with partial observations. IEEE Transactions on Automatic Control, 33(3), 249–260. Collins, P., & van Schuppen, J. (2007). Observability of piecewise-affine hybrid systems. In R. Alur, & G. Pappas (Eds.), Lecture notes in computer science: Vol. 2993. Hybrid systems: Computation and control, (HSCC’04), (pp. 265–279). Springer. De Santis, E., & Di Benedetto, M. D. (Eds.) (2009). Special issue on observability and observer-based control of hybrid systems. International Journal of Robust and Nonlinear Control, 19, 1519–1520. De Santis, E., & Di Benedetto, M.D. (2016). Observability and diagnosability of finite state systems: a unifying framework (extended version), arXiv:1608.03195v2. De Santis, E., Di Benedetto, M. D., Di Gennaro, S., D’Innocenzo, A., & Pola, G. (2006). In H. A. Blom, & J. Lygeros (Eds.), Lecture notes in control and information sciences: Vol. 337. Critical observability of a class of hybrid systems and application to air traffic management (pp. 141–170). Springer–Verlag. De Santis, E., Di Benedetto, M.D., & Pola, G. (2003). On observability and detectability of continuous–time linear switching systems. In Proceedings of the42nd IEEE conference on decision and control, CDC 03, Maui, Hawaii, USA, December (pp. 5777–5782). Di Benedetto, M.D., Di Gennaro, S., & D’Innocenzo, A. (2005a). Critical observability and hybrid observers for error detection in air traffic management. In Proceedings of 13th Mediterranean conference on control and automation, Limassol, Cyprus. Di Benedetto, M.D., Di Gennaro, S., & D’Innocenzo, A. (2005b). Error detection within a specific time horizon and application to air traffic management. In Proceedings of the joint44th IEEE conference on decision and control and European control conference (CDC–ECC’05), Seville, Spain, December, (pp. 7472–7477). Griffith, E. W., & Kumar, K. S. P. (1971). On the observability of nonlinear systems. Journal of Mathematical Analysis and Applications,. Hashtrudi Zad, S., Kwong, R. H., & Wonham, W. M. (1971). On the observability of nonlinear systems. Journal of Mathematical Analysis and Applications,. Kalman, R. E. (1959). On the general theory of control systems. IRE Transactions on Automatic Control, 4(3), 481–492. Lafortune, S. (2007). On decentralized and distributed control of partially-observed discrete event systems. In C. Bonivento, L. Marconi, C. Rossi, & A. Isidori (Eds.), Lecture notes in control and information sciences: 353. Adv. in control theory and applications (pp. 171–184). Springer. Lin, F. (1994). Diagnosability of discrete event systems and its applications. Discrete Event Dynamic Systems, 4(1), 197–212. Lin, F., & Wonham, W. (1988). On observability of discrete-event systems. Information Sciences, 44, 173–198. Luenberger, D. (1971). An introduction to observers. IEEE Transactions on Automatic Control, 16(6), 596–602. Ozveren, C., & Willsky, A. (1990). Observability of discrete event dynamic systems. IEEE Transactions on Automatic Control, 35(7), 797–806. Pezzuti, D., Pola, G., De Santis, E., & Di Benedetto, M.D. (2017). Decentralized Critical Observers of Networks of Finite State Machines and Model Reduction, arXiv:1412.1784v2. Ramadge, P. (1986). Observability of discrete event systems. In Proceedings of the25th IEEE conference on decision and control, Athens, Greece, December (pp. 1108–1112). Ramadge, P., & Wonham, W. (1989). The control of discrete-event systems. Proceedings of the IEEE, 77(1), 81–98. Rudie, K., & Wonham, W. (1989). Think globally, act locally: decentralized supervisor control. IEEE Transactions on Automatic Control, 37(11), 1692–1708. Sampath, M., Sengupta, R., Lafortune, S., Sinnamohideen, K., & Teneketzis, D. (1995). Diagnosability of discrete-event systems. IEEE Transactions on Automatic Control, 40(9), 1555–1575. Sears, D., & Rudie, K. (2014). On computing indistinguishable states of nondeterministic finite automata with partially observable transitions. In Proceedings of the 53rd IEEE conference on decision and control, Los Angeles, California, USA, (pp. 6731–6736). Shu, S., & Lin, F. (2013). Delayed detectability of discrete event systems. IEEE Transactions on Automatic Control, 58(4), 862–875.
122
E. De Santis, M.D. Di Benedetto / Automatica 81 (2017) 115–122
Shu, S., Lin, F., & Ying, H. (2007). Detectability of discrete event systems. IEEE Transactions on Automatic Control, 52(12), 2356–2359. Takai, S., & Ushio, T. (2012). Verification of codiagnosability for discrete event systems modeled by mealy automata with nondeterministic output functions. IEEE Transactions on Automatic Control, 57(3), 798–804. Tanwani, A., Shim, H., & Liberzon, D. (2013). Observability for switched linear systems: Characterization and observer design. IEEE Transactions on Automatic Control, 58(4), 891–904. Vidal, R., Chiuso, A., Soatto, S., & Sastry, S. (2003). Observability of linear hybrid systems. In A. Pnueli, & O. Maler (Eds.), Lecture notes in computer science: Vol. 2623. Hybrid systems: Computation and control (pp. 526–539). Springer Verlag. Wang, W., Girard, A., & Lafortune, S. (2011). On codiagnosability and coobservability with dynamic observations. IEEE Transactions on Automatic Control, 56(7), 1551–1566. Wang, W., Lafortune, S., & Lin, F. (2007). An algorithm for calculating indistinguishable states and clusters in finite-state automata with partially observed transitions. Systems & Control Letters, 656–661. Yin, X., & Lafortune, S. (2015). Codiagnosability and coobservability under dynamic observations: Transformations and verifications. Automatica, 61, 241–252. Zaytoon, J., & Lafortune, S. (2013). Overview of fault diagnosis methods for discrete event systems. Annual Reviews in Control, 37, 308–320. Elena De Santis received the degree in Electrical Engineering (summa cum laude) from the University of L’Aquila, L’Aquila, Italy, in 1983. From 1987 to 1998, she was an Assistant Professor with the University of L’Aquila. Since 1998 she is teaching Optimal Control in the same University, as Associate Professor. Elena De Santis has published papers in archival journals, conferences proceedings, and book series in analysis control and optimization of constrained and uncertain dynamic systems, dynamic-model management for decision support systems, positive systems, dynamic games, hybrid and switching systems. Ms. De Santis received the Outstanding Reviewer Honorable Mention from the editorial board of IEEE Trans. on Automatic Control for 2004 and 2013.
She is a member of the Executive Committee of the Center of Excellence DEWS (Architectures and design methodologies for embedded controllers, wireless interconnected and system-on-chip) of the University of L’Aquila. Member of IEEE since 1999, she has been elected at the grade of Senior Member, in 2006. She is member of IFAC Technical Committee TC 1.3 on Discrete Event and Hybrid Systems. She has been the chair and/or organizer of a number of sessions and member of the program committee in the main international conferences. She is member of the Editorial Board of European Journal of Control.
Maria Domenica Di Benedetto obtained the ‘‘Dr. Ing’’. degree (summa cum laude) of Electrical Engineering and Computer Science, University of Roma ‘‘La Sapienza’’, in 1976. In 1981, she obtained the ‘‘Docteur-Ingénieur’’ degree and in 1987 the ‘‘Doctora d’Etat ès Sciences’’ degree, Université de Paris-Sud (Orsay, France). Since 1994, she has been Professor of Automatic Control at University of l’Aquila. Since 2002, she has been IEEE Fellow. She has been Associate Editor of the IEEE Transactions of Automatic Control from 1995 to 1999, and Associate Editor at Large of the IEEE Transactions on Automatic Control from 2006 to 2009. Since 1995 she is Subject Editor of the International Journal of Robust and Nonlinear Control. From 2016 she is Associate Editor of the IFAC Journal Nonlinear Analysis: Hybrid Systems. She is the PI and Director of the Center of Excellence for Research DEWS ‘‘Architectures and Design methodologies for Embedded controllers, Wireless interconnect and System-on-Chip’’ of the University of L’Aquila. She is co-founder and member of the Governing Boar of WEST Aquila S.r.L. Since 2009, she has been the President of the European Embedded Control Institute. Since 2010, she has been a Member of the International Advisory Board of the Lund Center for the Control of Complex engineering systems (LCCC). Since 2013, she has been the President of the Italian Society of researchers in Automatic Control (SIDRA). Her research interests are centered about analysis and control of hybrid systems and networked control systems.