On-the-fly Diagnosability Analysis of Labeled Petri Nets Using T-invariants

Proceedings of the 5th IFAC Workshop on Proceedings of IFAC on Dependable of Discrete Systems ProceedingsControl of the the 5th 5th IFAC Workshop Workshop on ProceedingsControl of the 5th IFAC Workshop on Dependable of Systems Available online at www.sciencedirect.com May 27-29, 2015. Cancun, Mexico Dependable Control of Discrete Discrete Systems Dependable Control of Discrete Systems May May 27-29, 27-29, 2015. 2015. Cancun, Cancun, Mexico Mexico May 27-29, 2015. Cancun, Mexico

ScienceDirect

IFAC-PapersOnLine 48-7 (2015) 064–070

On-the-fly Diagnosability Analysis of Labeled Petri On-the-fly Diagnosability Analysis of Labeled Petri On-the-fly Analysis On-the-fly Diagnosability Diagnosability Analysis of of Labeled Labeled Petri Petri Nets Using T-invariants Nets Using T-invariants Nets Using T-invariants Nets Using T-invariants Ben Li ∗∗ Manel Khlif-Bouassida ∗∗ Armand Toguy´eni ∗∗ ∗ Ben Li ∗∗ Manel Khlif-Bouassida ∗∗ Armand Toguy´eeni Ben Ben Li Li Manel Manel Khlif-Bouassida Khlif-Bouassida Armand Armand Toguy´ Toguy´eni ni ∗ ∗ ∗ Univ. Lille Nord de France, F-59000, Lille, France ∗ Nord de F-59000, Lille, France ´ Lille Univ. Lille Nord France, F-59000, Lille, France ∗ Univ. Ecole Centrale deFrance, Lille, CRIStAL, Univ. Nord de de France, F-59000,UMR Lille,9189 France ´´ Lille Ecole Centrale de Lille, CRIStAL, UMR 9189 Ecole Centrale de Lille, CRIStAL, UMR 9189 59650 Villeneuve d’Ascq, France ´ Ecole 59650 Centrale de Lille, CRIStAL, UMR 9189 Villeneuve d’Ascq, France 59650 d’Ascq, 59650 Villeneuve Villeneuve armand.toguyeni}@ec-lille.fr d’Ascq, France France {ben.li, manel.khlif-bouassida, {ben.li, manel.khlif-bouassida, armand.toguyeni}@ec-lille.fr {ben.li, manel.khlif-bouassida, armand.toguyeni}@ec-lille.fr {ben.li, manel.khlif-bouassida, armand.toguyeni}@ec-lille.fr

Abstract: Diagnosability is a key property at the design stage that refers the ability to indicate Abstract: Diagnosability is a key property at theavailable design stage that refers the ability to indicate Abstract: Diagnosability is property at design that the ability to indicate unambiguously a failure behavior only from system observations in finite after fault Abstract: Diagnosability is aa key key property at the theavailable design stage stage that refers refers the time ability to the indicate unambiguously a failure behavior only from system observations in finite time after the fault unambiguously a failure behavior only from system available observations in finite time after the occurrence. Diagnosability has a significant impact on the reliability of complex automated systems. unambiguously a failure behavior only from system observations in finiteautomated time after systems. the fault fault occurrence. Diagnosability hasdeveloped a significant significant impact available on the the analysis reliability ofdiscrete complex occurrence. Diagnosability has a impact on reliability of complex automated systems. In this paper, an approach is for diagnosability of event systems (DESs) occurrence. Diagnosability hasdeveloped a significant impact on the analysis reliabilityofofdiscrete complex automated systems. In this paper, an approach is for diagnosability event systems (DESs) In this an is developed diagnosability analysis of event (DESs) modeled by labeled Petri nets Ourfor approach, which extends the on-the-fly and incremental In this paper, paper, an approach approach is (LPNs). developed for diagnosability analysisfrom of discrete discrete event systems systems (DESs) modeled by labeled Petri nets (LPNs). Our approach, which extends from the on-the-fly and incremental modeled by labeled Petri nets (LPNs). Our approach, which extends from the on-the-fly and incremental diagnosis technique, aims at improving the efficiency of diagnosability analysis by defining priorities in modeled by labeled Petri nets (LPNs). Our approach, which extends from the on-the-fly and incremental diagnosis technique, aims at improving the efficiency of diagnosability analysis by defining priorities in diagnosis technique, aims at improving the efficiency of diagnosability analysis by defining priorities in the investigation of reachability graph branches based on depth-first search. Using the T-invariant notion, diagnosis technique, aims at improving the efficiency of diagnosability analysis bythe defining priorities in the investigation of reachability graph branches based on depth-first search. Using T-invariant notion, the investigation of reachability graph branches based on depth-first search. Using the T-invariant notion, our improved approach intends to find more quickly the existence of indeterminate cycles so as to reduce the investigation of reachability graph branches basedthe onexistence depth-first search. Using the T-invariant notion, our improved approach intends to find more quickly of indeterminate cycles so as to reduce our improved intends find the the combinatorial explosion forto diagnosability analysis. our improved approach approach intends to find more more quickly quickly the existence existence of of indeterminate indeterminate cycles cycles so so as as to to reduce reduce the combinatorial explosion for diagnosability analysis. the combinatorial explosion for diagnosability analysis. the combinatorial explosion for diagnosability analysis. © 2015, IFAC (International Federation of Automatic Control) Hosting by Elsevier Ltd. All rights reserved. Keywords: Fault diagnosis, Discrete event systems, Labeled Petri nets, Diagnosability analysis, Keywords: Faultincremental diagnosis, Discrete Discrete event systems, Labeled Petri Petri nets, Diagnosability Diagnosability analysis, Keywords: Fault diagnosis, systems, Labeled On-the-fly and diagnosisevent technique, T-invariants Keywords: Faultincremental diagnosis, Discrete event systems, Labeled Petri nets, nets, Diagnosability analysis, analysis, On-the-fly and diagnosis technique, T-invariants On-the-fly On-the-fly and and incremental incremental diagnosis diagnosis technique, technique, T-invariants T-invariants

1. INTRODUCTION 1. INTRODUCTION INTRODUCTION 1. 1. INTRODUCTION Diagnosability analysis of DESs has received a lot of attention Diagnosability analysis of DESs DESs has received in lot of attention attention Diagnosability analysis of received aaa lot of in the past decades. One of the has challenges diagnosability Diagnosability analysis of DESs has received in lot of attention in the past decades. One of the challenges diagnosability in the past decades. One of the challenges in diagnosability analysis is the combinatorial problem, huge state in the past decades. One ofexplosion the challenges in i.e., diagnosability analysis is the the combinatorial explosion problem, i.e., huge state state analysis is combinatorial problem, i.e., huge space has to be built when explosion dealing with complex automated analysis is the combinatorial explosion problem, i.e., huge state space has to be built when dealing with complex automated space has systems. space has to to be be built built when when dealing dealing with with complex complex automated automated systems. systems. systems. In (Wen and Jeng, 2005), an approach was proposed to anaIn (Wen (Wen and Jeng, Jeng, 2005), an approach approach was proposed proposed to anaanaIn and an was to lyze diagnosability by checking T-invariants and a sufficient In (Wen and Jeng, 2005), 2005), an approach was proposed to analyze diagnosability by checking T-invariants and a sufficient lyze diagnosability by T-invariants and condition for diagnosability was given. For a system modeled lyze diagnosability by checking checking T-invariants and aa sufficient sufficient condition for live diagnosability was do given. For system modeled condition for diagnosability was given. modeled by safe and LPN, if there not For existaaa system two minimal Tcondition for diagnosability was given. For system modeled by safe safe and and live LPN, ifsetthere there do not not exist exist twothe minimal Tby live LPN, if do two minimal Tinvariants with the same of observable labels, system is by safe and live LPN, if there do not exist two minimal Tinvariants with the same set of observable labels, the system is invariants with the same set of observable labels, the system is diagnosable because there do not exist two cycles with the same invariants with the same set ofnot observable labels,with the system is diagnosable because there do exist two cycles the same diagnosable because there do not two cycles same observation. This approach has itsexist restriction, butwith somethe heurisdiagnosable because there do not exist two cycles with the same observation. This approach approach has its restriction, restriction, but some heurisobservation. This its some tics were proposed to find has cycles in the statebut space byheurisusing observation. This approach has its restriction, but some tics were were proposed proposed to this find article cycles in the the state state space byheurisusing tics to find cycles in space by using T-invariants. However, focuses on the diagnosability tics were proposed to find cycles in the state space by using T-invariants. However, this article focuses on the diagnosability T-invariants. However, this article focuses on the of bounded and live LPN rather than safe and livediagnosability LPN. T-invariants. However, this article focuses on the diagnosability of bounded bounded and and live live LPN LPN rather rather than than safe safe and and live live LPN. of of bounded and2014), live LPN rather thanand safeincremental and live LPN. LPN. In (Liu et al., the on-the-fly diagnosis In (Liu (Liu et et (hereafter al., 2014), 2014),called the on-the-fly on-the-fly and incremental diagnosis In al., the and incremental diagnosis technique “on-the-fly approach” for short) was In (Liu et (hereafter al., 2014),called the on-the-fly and incremental diagnosis technique “on-the-fly approach” for short) was technique (hereafter called “on-the-fly approach” for short) was proposed. This approach generally does not build the whole technique (hereafter calledgenerally “on-the-flydoes approach” for short) was proposed. This approach notsystem build theundiagwhole proposed. This approach generally does not build the whole state space a priori, particularly when the is proposed. This approach generally doesthe notsystem build is theundiagwhole state space a priori, particularly when state space aa priori, when system is nosable. However, theparticularly on-the-fly approach not define pristate space priori, when the thedoes system is undiagundiagnosable. However, theparticularly on-the-fly approach does not define prinosable. However, the on-the-fly approach does not define orities in the investigation of branches so that the efficiency for nosable. However, the on-the-fly approach does not define pripriorities in the investigation of branches so that the efficiency for orities in the investigation of branches so that the efficiency for checking diagnosability depends extremely on the LPN model. orities in the investigation of branches so that for checking diagnosability depends extremely onthe theefficiency LPN model. model. checking diagnosability depends extremely on the LPN checking diagnosability depends extremely on the LPN model. In this paper, the on-the-fly approach is improved by using TIn this this paper, paper, the on-the-fly approach is improved improved by using TIn on-the-fly is Tinvariants. Thethe priorities for approach investigating branches by areusing defined In this paper, the on-the-fly approach is improved by using Tinvariants. The priorities for investigating investigating branches are defined defined invariants. The priorities for branches are in order to find more quickly an existent indeterminate cycle. invariants. The priorities for investigating branches are defined in order order to find find more quickly an an existent indeterminate cycle. in to quickly existent indeterminate cycle. Our approach ofmore diagnosability analysis reduces computational in order to find more quickly an existent indeterminate cycle. Our approach of diagnosability analysis reduces computational Our approach diagnosability reduces computational cost by savingof time and memory.analysis Our approach of diagnosability analysis reduces computational cost by by saving saving time time and and memory. memory. cost cost by saving time and as memory. This paper is structured follows. In Section 2, a brief discusThis paper is structured as follows. In Section 2, aa brief brief discusdiscusThis paper is structured as 2, sion relative to the state of the art In onSection diagnosability DESs This paper is to structured asoffollows. follows. In Section 2, a briefof discussion relative the state the art on diagnosability of DESs sion relative to the state of the art on diagnosability of DESs is presented. Section 3 introduces some preliminary notations sion relative to the state of the art on diagnosability of DESs is presented. presented. Section 3 introduces introduces some preliminary notations is Section 3 some preliminary notations and concepts used in our approach. The on-the-fly approach is is presented. Section 3 introduces some preliminary notations and concepts concepts used used in in our our approach. approach. The The on-the-fly on-the-fly approach approach is is and and concepts used in our approach. The on-the-fly approach is

recalled in Section 4. In Section 5, the on-the-fly approach using recalled in in Section Section 4. In In Section 5, the the on-the-fly approach using recalled 4. 5, on-the-fly using T-invariants is proposed. Finally, in Section 6, approach the conclusion recalled in Section 4. In Section Section 5, the on-the-fly approach using T-invariants is proposed. Finally, in Section 6, the conclusion T-invariants is proposed. Finally, Section the conclusion and some perspectives of this workin are given.6, T-invariants is proposed. Finally, in Section 6, the conclusion and some some perspectives of of this work work are given. given. and and some perspectives perspectives of this this work are are given. 2. STATE OF THE ART 2. STATE STATE OF THE THE ART 2. 2. STATE OF OF THE ART ART When dealing with the diagnosability of DESs, the first forWhen and dealing with the diagnosability diagnosability of DESs, DESs, the first forforWhen dealing with the of first mally widely accepted analysis method is the the “Diagnoser” When dealing with the diagnosability of DESs, first formally and and widely accepted analysis method is built the the “Diagnoser” mally widely accepted analysis method is the “Diagnoser” approach (Sampath et al., 1995). The authors an automamally and (Sampath widely accepted analysis method is built the “Diagnoser” approach ettoal., al.,perform 1995). The authors an automaautomaapproach 1995). The built an ton called (Sampath diagnoseret bothauthors diagnosability analysis approach (Sampath et al., 1995). The authors built an automaton called diagnoser to perform both diagnosability analysis ton called diagnoser to perform both diagnosability analysis and online diagnosis. Following this work, twin-plant and veriton called diagnosis. diagnoser Following to performthis both diagnosability analysis and online work, twin-plant and veriand online diagnosis. Following this work, twin-plant and verifier (Jiang et al., 2001;Following Yoo and Lafortune, 2002) wereand created. and online diagnosis. this work, twin-plant verifier (Jiang (Jiang et al., al., 2001; 2001; Yoo Yoo and Lafortune, Lafortune, 2002)the were created. fier et and 2002) were created. These automata-based structures have reduced computing fier (Jiang et al., 2001; Yoo and Lafortune, 2002) were created. These automata-based automata-based structures have reduced reduced theproblem computing These structures have the computing complexity. However, the combinatorial explosion still These automata-based structures have reduced theproblem computing complexity. However, the combinatorial explosion still complexity. However, the combinatorial explosion problem still exists because of the generation of the whole state space (aucomplexity. However, the combinatorial explosion problem still exists because of the generation of the whole state space (auexists because of the generation of the whole state space (automaton). Particularly, a lot of of time memory resources exists because of the generation theand whole state space (automaton). Particularly, a lot of time and memory resources tomaton). lot memory resources are costed Particularly, for checking aadiagnosability of complex in tomaton). Particularly, lot of of time time and and memorysystems resources are costed costedapplications. for checking checking diagnosability diagnosability of complex complex systems in are for of systems practical are costedapplications. for checking diagnosability of complex systems in in practical practical practical applications. applications. Afterwards, researchers concentrate on Petri nets (PNs), which Afterwards, researchers concentrateofon on Petrimodels, nets (PNs), (PNs), which Afterwards, researchers concentrate Petri nets which provide a compact representation DES in order to Afterwards, researchers concentrateofon Petrimodels, nets (PNs), which provide a compact representation DES in order to provide a compact representation of DES models, in order to overcome the combinatorial explosion problem. In (Ushio et al., provide a the compact representation of DES models, in order to overcome combinatorial explosion problem. Into (Ushio et al., al., overcome the combinatorial explosion problem. In (Ushio et 1998), diagnosability analysis was first extended the frameovercome the combinatorial explosion problem. Into (Ushio et al., 1998), diagnosability analysis was first extended the frame1998), was first to framework ofdiagnosability PNs. In (Wenanalysis and Jeng, a sufficient condition 1998), analysis was2005), first extended extended to the the framework ofdiagnosability PNs. In In (Wen (Wen and Jeng, Jeng, 2005), a sufficient sufficient condition work of PNs. and 2005), a condition of diagnosability was proposed by checking T-invariants of the work of PNs. In (Wen and Jeng, 2005), a sufficient condition of diagnosability diagnosability was proposed by checking T-invariants of the the of was proposed by checking T-invariants of LPN. In (Cabasino et al., 2009), the modified basis reachability of diagnosability was proposed by T-invariants of the LPN. In (Cabasino etbasis al., 2009), thechecking modified basis(BRD) reachability LPN. In (Cabasino et al., 2009), the modified basis reachability graph (MBRG) and reachability diagnoser were LPN. (Cabasino etbasis al., 2009), the modified basis(BRD) reachability graph In (MBRG) and reachability diagnoser were graph (MBRG) basis diagnoser (BRD) were developed, whichand provide areachability compact manner for the construcgraph (MBRG) and basis reachability diagnoser (BRD) were developed, which provide a compact manner for the construcdeveloped, which provide aa compact manner construction of the state space. In (Basile et al., 2012),for an the approach for developed, which provide compact manner for the construction of of the theK-diagnosability state space. space. In In (Basile (Basile et al., al., 2012), 2012), an approach approach for tion state et an for checking was proposed by using the integer tion of the state space. In (Basile et al., 2012), an approach for checking K-diagnosability was proposed proposed by using usingetthe the integer checking K-diagnosability was by integer linear programming (ILP) technique. In (Cabasino al., 2012), checking K-diagnosability was proposed by using the integer linear programming (ILP) technique. technique. In (Cabasino (Cabasino et al., al., 2012), programming (ILP) In et 2012), alinear structure called Verifier Net (VN) was developed to discuss linear programming (ILP) technique. In (Cabasino et al., 2012), athe structure called Verifier Net (VN) was developed to discuss aa structure called Verifier (VN) was discuss diagnosability for bothNet bounded and developed unboundedto PNs and structure called Verifier Net (VN) was developed to discuss the K-diagnosability diagnosability for forofboth both boundedPNs. and In unbounded PNs and the diagnosability bounded and unbounded PNs and unbounded (Liu et al., 2014), the diagnosability for both bounded and unbounded PNs and the on-the-fly K-diagnosability of unbounded unbounded PNs.technique In (Liu (Liu et etisal., al., 2014), K-diagnosability of PNs. In 2014), the and incremental diagnosis proposed the K-diagnosability of unbounded PNs. In (Liu et al., 2014), the on-the-fly on-the-fly and incremental incremental diagnosis technique technique is proposed proposed the the on-the-fly and and incremental diagnosis diagnosis technique is is proposed

Copyright 2015 IFAC 64 Hosting by Elsevier Ltd. All rights reserved. 2405-8963 © 2015, IFAC (International Federation of Automatic Control) Copyright 2015 64 Copyright ©under 2015 IFAC IFAC 64 Control. Peer review© of International Federation of Automatic Copyright © 2015 responsibility IFAC 64 10.1016/j.ifacol.2015.06.474

DCDS 2015 May 27-29, 2015. Cancun, Mexico

Ben Li et al. / IFAC-PapersOnLine 48-7 (2015) 064–070

65

T-invariants are positive integer solutions of homogenous equa→ − → − tion: C · Ω = 0. Ω is a firing vector as was defined before. → − → − A T-invariant Ω min is a minimal T-invariant, if ∀ Ω : C · → − → − → − → − Ω = 0 ⇒ (sub( Ω )  sub( Ω min )), where sub( Ω ) = {ti ∈ → − T | Ω (ti ) > 0}.

to analyze both the diagnosability and K-diagnosability of live and bounded DESs modeled by LPNs. Only a part of the FMgraph (Fault Marking Graph) and the FM-set tree (Fault Marking Set Tree) are built on the fly and in parallel, instead of building the whole state space a priori. In this paper, the on-the-fly approach is improved by using Tinvariants in order to define priorities in the investigation of branches. In theory, comparing to the VN approach, the on-thefly approach using T-invariants cannot reduce the complexity for the diagnosability analysis of bounded and live LPN. It has the same complexity with the on-the-fly approach (as well as the diagnoser approach). However, this approach can save time and memory as well as the MBRG/BRD approach, but from a different point of view. The MBRG/BRD approach needs to build the whole state space a priori, but in a compact manner. The on-the-fly approach using T-invariants builds on the fly the state space with the help of stopping conditions and it can find more quickly one existent indeterminate cycle so as to reduce the combinatorial explosion.

For more details about PNs and LPNs, readers can refer to (Murata, 1989; Cassandras and Lafortune, 2007). 3.2 Diagnosability

In event-based diagnosis of DESs using LPN models, the set of transitions is partitioned into two disjoint sets, T = To  Tu , where To is the set of observable transitions, and Tu is the set of unobservable transitions. The label of an observable transtion can be observed when it fires. The fault transitions are unobservable. The set of unobservable transitions can be partitioned into two disjoint sets, Tu = Tf  Treg , where Tf includes all fault transitions, while Treg = Tu \Tf is the set of regular unobservable transitions. The set Tf can be further partitioned into k different subsets Tfi , where i = 1, · · · , k, which represents different classes of faulty transitions. |T | is the size → of T which indicates − → the number of transitions in T . − ΣT ( Ω ) = {l| ti ∈ sub( Ω ), L(ti ) ∈ Σo } is the set of → − → − observable labels of Ω . Note that ΣT ( Ω ) may contain two same labels. Example 1. Consider the example of LPN in (Cabasino et al., 2009), as shown in Fig. 1, where To = {t1 , t3 , t4 , t5 , t7 }, Treg = {ε2 } and Tf = {f6 }. a, b, c, d, and e are observable events such that L(t1 ) = a, L(t3 ) = b, L(t4 ) = c, L(t5 ) = d, and L(t7 ) = e. The label of all unobservable transitions is ε.

3. PRELIMINARIES 3.1 Labeled Petri nets Petri nets are a mathematical and graphical modeling notation for DESs, which are presented by a 4-tuple N = (P, T, P re, P ost), where P is a finite set of places; T is a finite set of transitions; P re and P ost are the pre- and postincidence matrices. A marking is a vector M ∈ N|P | , which assigns a non-negative integer to each place. The marking of a Petri net represents the state of the system (and the dynamic behaviour). M (p) denotes the number of tokens in place p and M0 is the initial marking of N . (N, M0 ) is a marked PN with initial marking M0 . The incidence matrix is C = P ost − P re.

f6 , ε p5

A transition t is enabled at M iff M ≥ P re(·, t), denoted by M [ t >. M [ σ > denotes that sequence of transitions σ is enabled at M . It is denoted that, for a given sequence σ ∈ T ∗ , π : T ∗ → N|T | is the function that assigns a vector → → − y = π(σ) is called the firing vector of σ, and y ∈ N|T | to σ. − → − y (t) = k means that transition t is contained k times in σ. → y. The reached marking M  is computed by M  = M + C · − A marking M is reachable in (N, M0 ) iff a sequence σ exists such that M0 [ σ > M . The set of all the reachable markings from M0 is denoted by R(N, M0 ) and called the reachability set of (N, M0 ). The ith transition in σ is written by σ i .

p6 t7 , e

t5 , d t4 , c p1

p4

t1 , a

t3 , b ε2 , ε

p2

p3

Fig. 1. An example of LPN The definition of diagnosability of a system modeled by an LPN is given as follows. Definition 1. (Cabasino et al., 2009) Given a live LPN NL = (N, M0 , Σ, L), NL is diagnosable w.r.t fault class Tfi if there are not two sequences σ1 and σ2 , which satisfy the following conditions:

A PN is live if, from any marking in R(N, M0 ), it is possible to fire any transition by progressing through some further firing sequences. A PN (N, M0 ) is said to be bounded if there exists a positive number m such that ∀M ∈ R(N, M0 ), M (p) ≤ m. In other word, boundedness assures that no place will overflow.

/ σ1 ; (1) ∀tf ∈ Tfi , tf ∈ i (2) ∃tf ∈ Tf such that tf ∈ σ2 and σ2 can be arbitrarily long after the occurrence of tf ; (3) L(σ1 ) = L(σ2 ).

An LPN, an extension of PN, is a tuple NL = (N, M0 , Σ, L), where (N, M0 ) is a marked PN; Σ is a finite set of events. L : T → Σ is the transition labeling function which assigns a label to every transition. The set of events is Σ = Σo  {ε}. Σo is the set of observable events that are associated to observable transitions and the label of all unobservable transitions is ε. The same label could be shared by different transitions. The labeling function can be extended to L : T ∗ → Σ∗ . The inverse projection operator L−1 is defined by L−1 (s) = {σ ∈ T ∗ | L(σ) = s}, where s = s1 s2 · · · sn is the concatenation of s1 , s2 , · · · , sn with s1 , s2 , · · · , sn ∈ Σ∗ .

In other terms, for a given live LPN, if two arbitrarily long sequences of transitions with the same observation cannot be found, such that one contains a fault transition and the other does not, the LPN is diagnosable. Moreover, the LPN is never blocked after the occurrence of any fault transition. From a practical point of view, in a bounded PN the infinite sequences 65

DCDS 2015 66 May 27-29, 2015. Cancun, Mexico

Ben Li et al. / IFAC-PapersOnLine 48-7 (2015) 064–070

correspond necessary to cycles in the reachability graph. In Section 4, it can be found out that this definition leads to the search in the PN reachability graph for indeterminate cycles as was defined in (Sampath et al., 1995).

– F M0i = [M0τ , 0 ]τ is the initial node; i – δ i : Qi ×Σo → 2Q is the transition function of FM: given F M1i ∈ Qi and e ∈ Σo , δ i (F M1i , e) = {F M2i | ∃ σ ∈ T ∗ s.t. L(σ) = e, F M1i [ σ > F M2i }. The algorithm of δ i function is illustrated in (Liu, 2014).

4. ON-THE-FLY APPROACH In this section, the classic on-the-fly approach (Liu et al., 2014) will be recalled. First, our main assumptions are given:

Without loss of generality, in the current paper, the diagnosis issue is discussed for a single class of faults. For the simplicity of representation, the superscript i will be omitted w.r.t Tfi .

(1) The LPN is bounded and live; (2) No cycle of unobservable transitions exists; (3) Faults are permanent, i.e., when a fault occurs the system remains infinitely faulty; (4) The same label may be associated with different transitions; (5) The structure of LPN and the initial marking M0 are well known.

Let the FM-set power set be FM-sets X = 2Q and the initial FM-set x0 = {F M0 }. Definition 4. The FM-set transition mapping λ : X × Σo → X is defined as follows: given an FM-set x ∈ X and an observable event e ∈ Σo , λ(x, e) = {F M  | ∃ F M ∈ x, u ∈ Tu∗ , t ∈ To , s.t. L(ut) = e, F M [ ut > F M  }. As the state of “Diagnoser” in (Sampath et al., 1995), an FMset can be associated with a tag which indicates the possibility of fault occurrence. Definition 5. The tagging function tag : X → {N, F, U } is defined as follows:  N if ∀ F M ∈ x, f ault(F M ) = 0 tag(x) = F if ∀ F M ∈ x, f ault(F M ) = 1  U otherwise

The on-the-fly approach (Liu et al., 2014) aims at dealing with diagnosability, K-diagnosability, the minimal K to ensure diagnosability and online diagnosis using one formalism. With the help of some stopping conditions, it has been shown that, in general, a part of state space suffices for diagnosability analysis and online diagnosis, particularly when the system is undiagnosable. The on-the-fly approach intends to avoid building the whole state space for checking diagnosability in order to reduce the combinatorial explosion.

An FM-set x is also said to be normal (resp. F -certain, F uncertain) if tag(x) = N (resp. F , U ). For FM-set x reachable from x, if tag(x) ∈ {N, U }, it is possible that tag(x ) ∈ {N, F, U }; whereas if tag(x) = F , then tag(x ) = F , as faults are assumed to be permanent and, therefore, the F -certain tag is propagated to all the successive FM-sets.

First, let us recall some basic notations and definitions (Liu et al., 2014). An FMi -graph is considered as a directed non-deterministic graph relative to the fault class Tfi . Each node indicates a given FM (Fault Marking) and each arc indicates an observable event. An FMi -graph can be treated as an -reduced observer automaton (Cassandras and Lafortune, 2007) with fault tag. For a bounded LPN, the number of states of the complete FMi graph w.r.t Tfi is finite.

An FM-set tree is a tree-like structure. The root node is the initial FM-set x0 = {F M0 }. The subsequent nodes are the FMsets reachable from the previous node by using the idea of state estimation. An FM-set is like a state of diagnoser automaton of (Sampath et al., 1995). In consequence, the Definition 1 that gives the condition of undiagnosability can be assimilated, as in the case of the “Diagnoser” approach, to the existence of indeterminate cycles in the FM-tree. A cycle is said indeterminate if all the states reached by the transition of the sequence in this cycle are F-uncertain. However, the diagnoser automaton must be built a priori, and all the diagnoser states are entirely enumerated. On the contrary, the FM-graph and FM-set are built on the fly. Some conditions are given to stop the investigation of a branch of FM-set tree as follows:

Definition 2. An FM upon a sequence σ ∈ T ∗ and a fault class Tfi , is a vector F M i ∈ N|P |+1 :   mark(F M i ) FMi = f ault(F M i )

where M0 [ σ > mark(F M i ) and f ault(F M i ) = 1 if ∃tf ∈ Tfi , tf ∈ σ, otherwise, f ault(F M i ) = 0.

Given two FMs F M and F M  , F M [ σ > F M  is denoted iff mark(F M ) [ σ > mark(F M  ); and f ault(F M  ) = f ault(F M ) if ∀j, σ j ∈ Tfi , otherwise, f ault(F M  ) = 1.

(1) An F-certain FM-set is generated; (2) A new normal FM-set is equal to an existing one; (3) A new F-uncertain FM-set is equal to an existing one (then checking the existence of indeterminate cycle is necessary).

From the definition of FMs, an FM consists of a marking and a binary tag indicating the occurrence of a fault. Qi is the set of FMs w.r.t Tfi . Then, for a given PN (N, M0 ), the number of FMs is at most twice of the number of markings, i.e., |Qi | ≤ 2|R(N, M0 )|. For the purpose of diagnosis, FM-graph is constructed as the structure of state space and is developed to record the FMs that are reachable just after an observable event. Definition 3. The FM-graph relative to fault class Tfi and called FM i -graph is a tuple (N i , Σo , δ i , F M0 ), where:

The principle of on-the-fly approach is shown in Fig. 2. This approach is based on a depth-first search. The algorithm is developed in (Liu et al., 2014), which is proved to cover all the cases while building the FM-set tree on the fly. The main idea of the algorithm is as follow: (1) For a given FM-set Z (the initial FM-set is {F M0 }), Zcon is computed, which is the set of FMs that are obtained by firing all the possible unobservable transitions from the FMs in Z;

– N i ⊆ Qi is a set of F M i nodes (FMs) (because the FMgraph is built on the fly with stopping conditions that will be introduced after, N i is a subset of Qi ); – Σo is a finite set of observable events; 66

DCDS 2015 May 27-29, 2015. Cancun, Mexico

Ben Li et al. / IFAC-PapersOnLine 48-7 (2015) 064–070

67

c b

F M2 a F M0

a

F M1

F M8

a

F M9

b

Fig. 2. Principle of on-the-fly approach

b

F M7

a

F M5

b

F M11

a

a F M10

b

c

F M6

c

F M3

c

b

b

a d

F M4

b

b

F M12

c

F M13

Fig. 3. FM-graph of the LPN in Fig. 1

(2) For a given observable event e (e is given randomly because the priorities in the investigation of branches are not defined. Moreover, if e has been already fired, another event will be selected), Y is computed, which is the next FM-set after firing e. The corresponding nodes in FMgraph and FM-set tree are built; (3) (a) if Y is F-certain, let Z be equal to the FM-set just before Y and go to (1); (b) if Y is normal and equal to an existing one, let Z be equal to Y and go to (1); (c) if Y is F-uncertain and equal to an existing one, check the existence of indeterminate cycle. If there exists an indeterminate cycle, return “the system is undiagnosable”. If there does not exist an indeterminate cycle, let Z be equal to Y and go to (1); (4) If the whole FM-graph and FM-set tree are built and there does not exist an indeterminate cycle, return “the system is diagnosable” Example 2. For the LPN in Fig. 1, the on-the-fly approach is used for checking diagnosability. For the priorities of investigating the branch of FM-set tree, the transition labeled a is chosen a priori before the transition labeled b, then c, d and e. The FM-graph (Fig. 3) and FM-set tree (Fig. 4) are constructed on the fly in parallel. In Fig. 4, the tag of each FM-set is indicated beside. The FMs are shown in Table. 1. It is worth noticing that only ”observable” marking are represented in these models. Markings reached by unobservable transitions are not integrated, but they are exploited to compute the next FMset that will be reached after an observable event occurrence. The construction of FM-set tree is stopped because a cycle is detected: a new F-uncertain FM-set is equal to an existing one (the FM-set which contains F M9 , F M10 ). With the help of FM-graph, it is identified that the cycle detected is indeterminate. Therefore, there is no need to continue the construction of FM-graph and FM-set tree, and it can be concluded that the system is not diagnosable. The numbering of FM in Fig. 3 and Fig. 4 corresponds to the order of construction of states by the depth-first analysis algorithm. The depth-first analysis is based on the construction of the FM-set tree. For example, in Fig. 4, it can be observed that after the FM-set consisting of the single F M8 , one builds a FM-set containing F M9 and F M10 . These two states are built in parallel in the FM-graph of Fig. 3. This explains why during the construction of the two cycles of the FM-graph (F M8 - F M9 - F M11 - F M8 and F M10 - F M12 F M13 - F M10 ) the F Mj are not numbered continuously.

c b N

a

F M0

N F M1

N a

F M2 F M3

N b

F M4 F M5

b

N F M6

N

c

F M7 a

b d

c N

F M8

U a

F M9 F M10

F M5 N

U b

F M11 F M12

U c

F M8 F M13

U a

F M9 F M10

Fig. 4. FM-set tree of LPN in Fig. 1 Table 1. Fault markings in Fig. 3 and Fig. 4 j 0 1 2 3 4 5 6

F Mj [2 0 0 0 0 0 | 0]τ [1 1 0 0 0 0 | 0]τ [0 2 0 0 0 0 | 0]τ [0 1 1 0 0 0 | 0]τ [0 0 1 1 0 0 | 0]τ [0 1 0 1 0 0 | 0]τ [0 0 0 2 0 0 | 0]τ

j 7 8 9 10 11 12 13

F Mj [1 0 0 1 0 0 | 0]τ [1 0 0 0 1 0 | 0]τ [0 1 0 0 1 0 | 0]τ [0 1 0 0 0 1 | 1]τ [0 0 0 1 1 0 | 0]τ [0 0 0 1 0 1 | 1]τ [1 0 0 0 0 1 | 1]τ

set tree. There are some FMs that will be built in the whole state space but not in the on-the-fly construction of FM-graph such as [0 0 0 0 2 0 | 0]τ and [0 0 0 2 0 0 | 1]τ . It is obvious that there are less FM-sets in the on-the-fly construction of FM-set tree than those in the entire construction of state space. The FM-graph and FM-set tree are built on the fly in order to make an efficient diagnosability analysis with the help of stopping conditions. In particular, for an undiagnosable LPN, its diagnosability can be identified immediately after an indeterminate cycle is found, rather than continuing generating other branches. Moreover, if an F-certain node is found, it is unnecessary to continue the construction of this branch because all the subsequent nodes will also be faulty, and will be meaningless for diagnosability analysis. However, for the on-the-fly approach, there exist the worst cases that are indicated as follows: (1) The LPN is diagnosable and every F-certain FM-set is found at the end of one FM-set tree branch; (2) The LPN is undiagnosable but the indeterminate cycle is found at the end of the on-the-fly construction of state space. Moreover, every F-certain FM-set is found at the end of one FM-set tree branch.

From Example 2, it can be observed that the main advantage of this approach is to avoid building the whole FM-graph and FM67

DCDS 2015 68 May 27-29, 2015. Cancun, Mexico

Ben Li et al. / IFAC-PapersOnLine 48-7 (2015) 064–070

Proof : For ∀ti ∈ T , assume that Mj is the marking when ti fires. Since N is live, every transition in T can always be fireable. Besides, N is bounded so that the number of marking is bounded. Therefore, it is certain that after the firing of ti , the marking of N can be Mi by firing certain sequence → − of transitions. It proves that there exists a T-invariant Ω s.t. → − Ω (ti ) > 0.

In these cases, it is necessary to build the entire FM-graph and FM-set tree for diagnosability analysis. Therefore, in theory, the complexity of on-the-fly approach in terms of memory is equal to the diagnoser approach, because the entire state space is enumerated in the worst cases. Moreover, it is worth noticing that the priorities in the investigation of branches are not defined. The efficiency of onthe-fly approach depends extremely on the LPN models. For Example 2, most of the state space is constructed before finding the indeterminate cycle. The situation would not be different if the static priorities are assigned randomly to the different observable events. For example, decide to process events in the order b, a, c, d would lead to a similar result. Therefore, some heuristics need to be developed in terms of priority between the branches to be investigated in order to improve the efficiency of on-the-fly approach. These heuristics must be based on structural properties of the PN model so the priorities do not depend on the hazard.

The Theorem 1 proves that every transition of a bounded and live LPN belongs to at least one T-invariant. Furthermore, it is obvious that every transition belongs to at least one minimal T-invariant. Therefore, the Theorem 1 guarantees that the next observable event can be chosen from the set of observable labels of minimal T-invariants without loss of situations. As it is well known, the core problem of checking diagnosability for a bounded and live LPN is to find the indeterminate cycles. If there exists an indeterminate cycle, the system is not diagnosable. By using the on-the-fly approach, the main purpose is to find the existent indeterminate cycle as fast as possible. It can be observed that all the FM-sets that construct one indeterminate cycle are F-uncertain and the sequence of → − events in the indeterminate cycle is sn where s ∈ S( Ω N ) → − → − and Ω N ∈ IN (it is possible that there exist Ω 1 ∈ IN and → − → − → − Ω 2 ∈ IF , s.t. s ∈ S( Ω 1 ) ∧ s ∈ S( Ω 2 ) and the sequence of events in the indeterminate cycle is sn ), e.g the indeterminate cycle of Example 2. The inderderminate cycle in Fig. 4 can be observed in Fig. 3. In this figure, a first cycle is s1 = abc (corresponding to markings F M8 - F M9 - F M11 - F M8 ) and a second cycle is s2 = bca (corresponding to markings → − F M10 - F M12 - F M13 - F M10 ) s.t. s1 , s2 ∈ S( Ω N 1 ) with → − → − Ω N 1 ∈ IN , where Ω N 1 = [1 1 1 1 0 0 0]τ .

5. ON-THE-FLY APPROACH USING T-INVARIANTS The on-the-fly approach intends to avoid building the whole state space. The FM-graph and FM-set tree are built on the fly and the construction is stopped when a stop condition is satisfied. Therefore, the on-the-fly approach can be more efficient and save more memory comparing to the diagnoser approach of (Sampath et al., 1995), particularly for an undiagnosable LPN. In this section, an approach will be developed to define priorities in the investigation of branches by using T-invariants. The T-invariant of PN is an important property. In this paper, only minimal T-invariants are taken into account, because the set of all minimal T-invariants is a basis for all the T-invariants. Every T-invariant can be represented by a linear combination of minimal T-invariants. Moreover, the cycles in reachability graph corresponding to minimal T-invariants are elementary cycles. Therefore, only minimal T-invariants are studied for the same reason in (Wen and Jeng, 2005). An algorithm for computing minimal T-invariants of PNs is proposed in (Lin et al., 1996). The complexity for computing minimal T-invariants is only polynomial (David and Alla, 2005). If there exists a cycle in the reachability graph of a PN, there exists a T-invariant in the PN. The cycle in the reachability graph is really significant for the diagnosability analysis of system. Therefore, T-invariants of LPNs are likely to be used to give priorities in the investigation of branches in order to improve the on-the-fly approach and find more quickly the existent indeterminate cycles.

Therefore, the principle idea of the on-the-fly approach using Tinvariants is to find first an F-uncertain FM-set and then verify → − if there exists a firable sequence sn where s ∈ S( Ω N ) and → − Ω N ∈ IN .

The core of improvement is the α (Algorithm.1) and β (Algorithm.2) functions which are used to given the firing sequence while constructing on-the-fly the FM-graph and FM-set tree in order to define priorities in the investigation of branches using T-invariants.

From a given FM-set, all the possible unobservable transitions are fired first (lines 4 to 11 of Algorithm 1). Then (1) If the obtained set of FMs is F-uncertain, the sequence sn → − → − will be tried to fire where s ∈ S( Ω N ) and Ω N ∈ IN in order to find the possible indeterminate cycle (lines 12 to 18 of Algorithm 1); (2) If the obtained set of FMs is still normal, the sequence s → − → − will be tried to fire where s ∈ S( Ω F ) and Ω F ∈ IF in order to get an F-uncertain FM-set (call of Algorithm 2 in line 20 of Algorithm 1). Once an F-uncertain FM-set is got, then go to step (1) to find the possible indeterminate cycle. Example 3. For the LPN in Fig. 1, the on-the-fly approach using T-invariant is applied for checking diagnosability. Here, → − → − IN = { Ω N 1 = [1 1 1 1 0 0 0]τ } and IF = { Ω F 1 = τ [0 0 0 1 1 1 1] }. At F M0 , an F-uncertain set of FMs cannot be obtained. Since the observable transition t5 is enable at F M0 → − and Ω F 1 (t5 ) > 0, the next chosen observable event is d (line

Let us give some notations of our approach. IF is defined as the set of minimal T-invariants that contain a fault transition and IN the set of minimal T-invariants that do not contain → − any fault transition. S( Ω ) is defined as the imply trace of → − minimal T-invariant Ω (Wen and Jeng, 2005), which is the set of all the possible firing sequences constructed by the labels in → − ΣT . For example, Ω = [1 1 1 1 0 0 0]τ is a T-invariant of → − → − the LPN in Fig. 1, ΣT ( Ω ) = {1a, 1b, 1c}, then S( Ω ) = → − {∅, abc, acb, bac, bca, cab, cba}. For s ∈ S( Ω ), sn denotes the n times concatenation of s where n is a large enough positive integer. Theorem 1. Given a bounded and live LPN (N, M0 ). ∀ti ∈ T , → − → − there exists at least a T-invariant Ω s.t. Ω (ti ) > 0. 68

DCDS 2015 May 27-29, 2015. Cancun, Mexico

Ben Li et al. / IFAC-PapersOnLine 48-7 (2015) 064–070

69

Algorithm 1 Algorithm for α function

N

1: Input: an FM-set x, the set of minimal T-invariants without fault transitions IN and

F M0

d

N F M1

U a

F M2 F M3

the set of minimal T-invariants with fault transitions IF ;

2: Output: a firing sequence of events sn ; 3: function α(x, IN , IF ) 4: Fcon ← {F M |F M ∈ x};  Fcon is the set of FMs under consideration. 5: for all y ∈ Fcon do 6: if (mark(y)[ t >) ∧ (t ∈ Tu ) then 7: mark(z) ← mark(y)[ t >; 8: if t ∈ Tf then 9: f ault(z) = 1; 10: else 11: f ault(z) = f ault(y); 12: Fcon ← Fcon ∪ {z} 13: if Fcon is F-uncertain then → − 14: for all Ω N ∈ IN do → − 15: for all s ∈ S( Ω N ) do 16: if there does not exist a firable σ s.t L(σ) = s then 17: continue; 18: else 19: return sn ; 20: else 21: go to β(x, IN , IF );

U F M2 F M3

j 0 1 2 3

is computed in α(x, IN , IF ). T ← ∅; for all y ∈ Fcon do if (mark(y)[ t >) ∧ (t ∈ To ) then T ← T ∪ {t};

for all t ∈ T do → − → − if there exists (t ∈ T ) ∧ (∃ Ω F ∈ IF , Ω F (t) > 0) then → − for all t and the corresponding Ω F do → − for all (s ∈ S( Ω F ))∧(the first label of s is L(t)) do if there does not exist a firable σ s.t L(σ) = s then continue; else return s (s = L(σ  ) where σ  is the sequence of transitions before the first fault transition); 16: else 17: for all t ∈ T do 18: return s = L(t);

F M4

F M1 a b

F M5

c

F Mj [0 0 0 1 1 0 | 0]τ [0 0 0 1 0 1 | 1]τ [1 0 0 0 0 1 | 1]τ

In this paper, the main contribution is the on-the-fly approach using T-invariants, which improves the on-the-fly and incremental technique for checking diagnosability. Thanks to this approach, FM-graph and FM-set tree can be constructed on the fly and it can find more quickly an existent indeterminate cycles. Our approach takes a lower computational cost for diagnosability analysis, by saving time and memory, particularly for an undiagnosable LPN. However, when the system is diagnosable, the state space of the built FM-graph can be important if stopping conditions are not quickly reached. However, this space is always less than or equal (equal in the worst case) to that of the diagnoser that can be built using the reachability graph by applying Sampath’s technique (Sampath et al., 1995).

a

F M3

j 4 5 6

6. CONCLUSION

c

a

F Mj [2 0 0 0 0 0 | 0]τ [1 0 0 0 1 0 | 0]τ [0 1 0 0 1 0 | 0]τ [0 1 0 0 0 1 | 1]τ

However, in general, the whole FM-graph and FM-set tree are not entirely constructed since they are built on the fly with stopping conditions. In particular, for an undiagnosable LPN, our approach can find more quickly the existent indeterminate cycle, so it can be more efficient with lower memory cost for diagnosability analysis.

8 of Algorithm 2). After firing event d, an F-uncertain set of FMs can be obtained by firing the unobservable fault transition f6 . Then it needs to search if there exists a firable sequence −−→ sn where s ∈ S(ΩN 1 ) (lines 12 to 18 of Algorithm 1). Here, the only possible s = abc so that the order for next events is a → b → c → a · · · . An F-uncertain cycle is found in FM-set tree in Fig. 6. With the help of FM-graph in Fig. 5, it is identified that there exists an indeterminate cycle. Therefore, there is no need to continue the construction of FM-graph and FM-set tree, and it can be concluded that the system is not diagnosable.

d

U

F M4 F M5

The on-the-fly approach using T-invariants improves the efficiency of classic on-the-fly approach. T-invariants are used to define priorities in the investigation of branches. For an undiagnosable LPN model, the on-the-fly approach using Tinvariants likely find more quickly one existent indeterminate cycle. In the best case, the existent indeterminate cycle is found directly by firing the sequence that is generated by using Tinvariants. In the worst case, the result of diagnosability analysis is obtained after the construction of the entire state space. Therefore, in theory, the complexity of the on-the-fly approach using T-invariants is equal to the complexity of the classic onthe-fly approach (as well as to the complexity of the diagnoser approach), because all the FM-sets are enumerated in the worst case.

the set of minimal T-invariants with fault transitions IF ;

F M0

c

Comparing to Example 2, our approach define priorities in the investigation of branches by producing the next firing event using T-invariants. The number of FMs in Fig. 5 is much smaller than that in Fig. 3. The FM-set tree in Fig. 6 also contains less FM-sets. Therefore, for the undiagnosable LPN model in Fig. 1, the on-the-fly approach using T-invariants has a lower memory cost.

2: Output: a firing sequence of events s ; 3: function β(x, IN , IF ) 4: Fcon ← {F M |F M ∈ x};  Fcon is the set of FMs under consideration that

b

F M1 F M6

Table 2. Fault markings in Fig. 5 and Fig. 6

1: Input: an FM-set x, the set of minimal T-invariants without fault transitions IN and

F M2

a

Fig. 6. FM-set tree of the LPN in Fig. 1 by using T-invariants

Algorithm 2 Algorithm for β function

5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15:

b

U

In the future research, an approach needs to be proposed to relax the strict assumption that the LPN is live. A new approach need to be developed for checking diagnosability of LPN model that is bounded and does not deadlock after firing any fault

F M6

Fig. 5. FM-graph of the LPN in Fig. 1 by using T-invariants 69

DCDS 2015 70 May 27-29, 2015. Cancun, Mexico

Ben Li et al. / IFAC-PapersOnLine 48-7 (2015) 064–070

transition. Besides, the on-the-fly approach will be improved by using minimal explanations which are used in the approach of MBRG and BRD (Cabasino et al., 2009) in order to reduce the number of states even for a diagnosable system. REFERENCES Basile, F., Chiacchio, P., and De Tommasi, G. (2012). On Kdiagnosability of Petri Nets via Integer Linear Programming. Automatica, 48(9), 2047–2058. Cabasino, M., Giua, A., Lafortune, S., and Seatzu, C. (2012). A New Approach for Diagnosability Analysis of Petri Nets Using Verifier Nets. IEEE Transactions Automatic Control, 57(12), 3104–3117. Cabasino, M., Giua, A., and Seatzu, C. (2009). Diagnosability of Bounded Petri Nets. In Proc. of the 48th IEEE conf. on decision and control. Shanghai, China. December, 1254– 1260. Cassandras, C. and Lafortune, S. (2007). Introduction to Discrete Event Systems. Spring. David, R. and Alla, H. (2005). Discrete, Continuous,and Hybrid Petri Nets. Springer. Jiang, S., Huang, Z., Chandra, V., and Kumar, R. (2001). A polynomial Algorithm for Testing Diagnosability of Discrete Event Systems. IEEE Transactions Automatic Control, 46(8), 1318–1321. Lin, C., T.Chanson, S., and Murata, T. (1996). Petri Net Models and Efficient T-invariant Analysis for Logical Inference of Clauses. In Procs. of the 1996 IEEE International Conference on Systems, Man, and Cybernetics, 3174–3179. Liu, B. (2014). An Efficient Approach for Diagnosability and Diagnosis of DES Based on Labeled Petri Nets - Untimed and Timed Contexts. Phd thesis, Ecole Centrale de Lille. Liu, B., Ghazel, M., and Toguy´eni, A. (2014). Toward an Efficient Approach for Diagnosability Analysis of DES Modeled by Labeled Petri Nets. In 13th European Control Conference - ECC’2014. Murata, T. (1989). Petri Nets: Properties, Analysis and Applications. Proceedings of the IEEE, 77(4), 541–580. Sampath, M., Sengupta, R., and Lafortune, S. (1995). Diagnosability of Discrete-Event Systems. IEEE Transactions Automatic Control, 40(9), 1555–1575. Ushio, T., Onishi, I., and Okuda, K. (1998). Fault Detection Based on Petri Net Models. In Proc. of the 1998 IEEE conf. on systems, man, and cybernetics. San Diego, CA, USA. October, 113–118. Wen, Y. and Jeng, M. (2005). Diagnosability Analysis Based on T-invariants of Petri Nets. In Networking, Sensing and Control, 371–376. Yoo, T. and Lafortune, S. (2002). Polynomial-Time Verification of Diagnosability of Partially Observed Discrete-Event Systems. IEEE Transactions Automatic Control, 47(9), 1491– 1495.

70