Diagnosis of Discrete Event Systems

Meir Kalech

Partly based on slides of Gautam Biswass

Outline Last lecture:

1. Optimal CSP2. Conflict-directed A*

Today’s lecture:1. Automata (brief tutorial)

1. Deterministic automata2. Non-deterministic automata

2. Discrete event system3. Observer automata4. Diagnostics approach5. Diagnoser automata6. Diagnosability

0 0,1

00

1

1

1

0111 111

11

1

The machine accepts a string if the process ends in a double circle

Borrowed from CMU / COMPSCI 102

Brief notes on Automata

0 0,1

00

1

1

1

The machine accepts a string if the process ends in a double circle

Anatomy of a Deterministic Finite Automaton

states

states

q0

q1

q2

q3start state (q0)

accept states (F)

Anatomy of a Deterministic Finite Automaton

0 0,1

00

1

1

1

q0

q1

q2

q3

The alphabet of a finite automaton is the set where the symbols come from:The language of a finite automaton is the set of strings that it accepts

{0,1}

0,1q0

L(M) =All strings of 0s and 1s

The Language of Machine M

q0 q1

0 0

1

1

L(M) ={ w | w has an even number of 1s}

An alphabet Σ is a finite set (e.g., Σ = {0,1})

A string over Σ is a finite-length sequence of elements of Σ

For x a string, |x| isthe length of x

Notation

A language over Σ is a set of strings over Σ

Q is the set of statesΣ is the alphabet : Q Σ → Q is the transition functionq0 Q is the start state

F Q is the set of accept states

A finite automaton is a 5-tuple M = (Q, Σ, , q0, F)

L(M) = the language of machine M= set of all strings machine M

accepts

Q = {q0, q1, q2, q3}

Σ = {0,1}

: Q Σ → Q transition function*q0 Q is start state

F = {q1, q2} Q accept states

M = (Q, Σ, , q0, F) where

0 1

q0 q0 q1

q1 q2 q2

q2 q3 q2

q3 q0 q2

*q2

00,1

00

1

1

1

q0

q1

q3

M

q q00

1 0

1q0 q001

0 0 1

0,1

Build an automaton that accepts all and only those strings that contain 001

Outline Last lecture:

1. Optimal CSP2. Conflict-directed A*

Today’s lecture:1. Automata (brief tutorial)

1. Deterministic automata2. Non-deterministic automata

2. Discrete event system3. Observer automata4. Diagnostics approach5. Diagnoser automata6. Diagnosability

1q 2q

3q

a

a

a

0q

}{aAlphabet =

Nondeterministic Finite Accepter (NFA)

1q 2q

3q

a

a

a

0q

Two choices

}{aAlphabet =

Nondeterministic Finite Accepter (NFA)

No transition

1q 2q

3q

a

a

a

0q

Two choices No transition

}{aAlphabet =

Nondeterministic Finite Accepter (NFA)

a a

0q

1q 2q

3q

a

a

First Choice

a

a a

0q

1q 2q

3q

a

a

a

First Choice

a a

0q

1q 2q

3q

a

a

First Choice

a

a a

0q

1q 2q

3q

a

a

a “accept”

First Choice

a a

0q

1q 2q

3q

a

a

Second Choice

a

a a

0q

1q 2qa

a

Second Choice

a

3q

a a

0q

1q 2qa

a

a

3q

Second Choice

No transition:the automaton hangs

a a

0q

1q 2qa

a

a

3q

Second Choice

“reject”

Equivalent automata

}),(:)({)(

}),(:{)(

0

0*

mm XsxfGLsGL

definedissxfEsGL

Automata G1 and G2 are equivalent if

)()()()( 2121 GLGLandGLGL mm

Examples of Equivalent Automata

Outline Last lecture:

1. Optimal CSP2. Conflict-directed A*

Today’s lecture:1. Automata (brief tutorial)2. Discrete event system

3. Observer automata4. Diagnostics approach5. Diagnoser automata6. Diagnosability

What is a Discrete-Event System?

Structure with ‘states’ having duration in time, ‘events’ happening instantaneously

and asynchronously. States: machine is idle, is operating, is broken down, is under repair. Events: machine starts work, breaks down,

completes work or repair. State space discrete in time and space. State transitions ‘labeled’ by events.

DES Example: heating ventilation and air conditioning

DES Example: heating ventilation and air conditioning

Diagnosis goal: given a composite DES including observable and unobservable events (faulty events are part of the unobservable events), find the faulty events.

Outline Last lecture:

1. Optimal CSP2. Conflict-directed A*

Today’s lecture:1. Automata (brief tutorial)2. Discrete event system3. Observer automata

4. Diagnostics approach5. Diagnoser automata6. Diagnosability

Observer Automata In DES we partition the events to observable and

unobservable events. Unobservable events:

absence of sensors event occurred remotely, not communicated fault events

Observer is an equivalent deterministic automata to the original which contains only observable events.

uoo EEE

obsG

Observer - Example

Note: Gnd is non-deterministic, Gobs is deterministicGnd and Gobs are equivalent.

a and b are observable events

Observer example 2: },,{ vueE duo

Outline Last lecture:

1. Optimal CSP2. Conflict-directed A*

Today’s lecture:1. Automata (brief tutorial)2. Discrete event system3. Observer automata4. Diagnostics approach

5. Diagnoser automata6. Diagnosability

Daignostics Determine whether certain events with

certainty are fault events Build new automata like observer, but attach

“labels” to the states of Gdiag To build

Attach N label to states that can be reached from x0 by unobservable strings

Attach Y label to states that can be reached from x0 by unobservable strings that contain at least one occurrence of ed (fault event).

If state z can be reached both with and without executing ed then create two entries in the initial state set of Gdiag: zN and zY.

Diagnoser Automata

Diagnosability

eventsleunobservabofcyclehavenotdoeslive;issystemofoperationfailedandnormalmodels:

occurredhaseventsomeFailureuniquelyeventfaulteveryisolateto

requiredbenotmay(ii)sensors,inadequate(i):representPartitions

.......:FailuresPartition

fromtracesobservingbyofelementsIdentify:Goal

:eventsFailure;),,,(

1

0

GL(G)G

E

EEE

EE

EEEEExEXG

fi

fmff

of

fuoo

Diagnosability: informal definition Let s be any trace generated by the system that ends in a

failure event from set Efi and t is a sufficiently long continuation of s

DiagnosabilityDiagnosability implies that every trace that belongs to the language that produces the same record of observable events as st should contain in it a failure event from Efi

Along every continuation t of s, one can detect the failure of type Fi with finite delay, specifically in at most ni transitions of the system after s

Alternately, diagnosability requires that every failure event leads to observations distinct enough to enable unique identification of failure type with a finite delay

Diagnosability: example

},,,{ oE

}{ iuoE events failurefi

3f

1f 2fuo

. and failuresbetween h distinguis torequirednot isit i.e.

}{},,{ :partition failure :IF

21

32211

ff

fffff

The system is diagnosable

1f

21, ff

Diagnosability: example

},,,{ oE

}{ iuoE events failurefi

3f

1f 2fuo

}{},{},{ :partition Failure :IF 332211 ffffff

The system is not diagnosable

? ?2 uof

31, ff

Outline Last lecture:

1. Optimal CSP2. Conflict-directed A*

Today’s lecture:1. Automata (brief tutorial)2. Discrete event system3. Observer automata4. Diagnostics approach5. Diagnoser automata

6. Diagnosability

Diagnosability by Diagnoser

To determine diagnosability of a system we use a diagnoser:

1. The diagnoser traces all possible trajectories of the system.

2. The diagnoser records the possible failures in each state.

3. If a state contains an ambiguity failure: “Fi occurs or Fi not occurs”

then the system is not diagnosable.

Diagnoser: example

2f

}{ iuoE

'2f

2f

2f1f

1f

}{ iuoE events failurefi

},{},{ :partition Failure '22211 fffff

Diagnoser: example

Diagnoser: example

2f

}{ iuoE

'2f

2f

2f1f

1f

}{ iuoE events failurefi

},{},{ :partition Failure '22211 fffff

Diagnoser: example

Diagnoser: example

2f

}{ iuoE

'2f

2f

2f1f

1f

}{ iuoE events failurefi

},{},{ :partition Failure '22211 fffff

Diagnoser: example

Diagnoser: example

2f

}{ iuoE

'2f

2f

2f1f

1f

}{ iuoE events failurefi

},{},{ :partition Failure '22211 fffff

Diagnoser: example

Diagnoser: example

2f

}{ iuoE

'2f

2f

2f1f

1f

}{ iuoE events failurefi

},{},{ :partition Failure '22211 fffff

Diagnoser: example

Diagnoser: example

2f

}{ iuoE

'2f

2f

2f1f

1f

}{ iuoE events failurefi

},{},{ :partition Failure '22211 fffff

F1 is indicated anywayF2 only for the bottom path

Therefore there is ambiguity ‘A’

Outline Last lecture:

1. Optimal CSP2. Conflict-directed A*

Today’s lecture:1. Automata (brief tutorial)2. Discrete event system3. Observer automata4. Diagnostics approach5. Diagnoser automata6. Diagnosability

Diagnosability: necessary and sufficient conditions

Theorem: A language L is diagnosable if and only if its

diagnoser Gdiag satisfies the following two conditions:

1. No state in Gdiag is ambiguous.2. There are no Fi-indeterminate cycles in Gdiag,

for all failure types Fi.

Certain and uncertain failures

Meaning – if a state contains only failure Fi label then this failure will occur in certain.

State id label

Meaning – if a state contains failure Fi and another failure or N label, then this failure will occur with uncertain.

Fi-indeterminate cycle in Gdiag

Meaning – an Fi-indeterminate cycle in Gdiag indicates the presence of two cycled traces s1 and s2 with the same observable projection, where s1 contains Fi and s2 does not.

Example: Fi-indeterminate cycle

Example: Fi-uncertain cycle but not Fi-indeterminate cycle

This is an Fi-uncertain cycle

BUT: it is not Fi-indeterminate cycle since the cycles are not corresponding

Diagnosability: necessary and sufficient conditions

Theorem: A language L is diagnosable if and only if its

diagnoser Gdiag satisfies the following two conditions:

1. No state in Gdiag is ambiguous.2. There are no Fi-indeterminate cycles in Gdiag,

for all failure types Fi.