Fault Diagnosis with Dynamic Observers
aa r X i v : . [ c s . F L ] A p r Fault Diagnosis with Dynamic Observers ∗ Franck Cassez † CNRS, IRCCyN Laboratory1 rue de la No¨eBP 9210144321 Nantes Cedex 3FranceEmail: [email protected]. Stavros TripakisCadence Research Laboratories2150 Shattuck Avenue, 10th floorBerkeley, CA, 94704USAandCNRS, Verimag LaboratoryCentre Equation2, avenue de Vignate, 38610 Gi`eresFranceEmail: [email protected].
Abstract — In this paper, we review some recent results aboutthe use of dynamic observers for fault diagnosis of discrete eventsystems. Fault diagnosis consists in synthesizing a diagnoserthat observes a given plant and identifies faults in the plant assoon as possible after their occurrence. Existing literature onthis problem has considered the case of fixed static observers,where the set of observable events is fixed and does not changeduring execution of the system. In this paper, we considerdynamic observers: an observer can “switch” sensors on oroff, thus dynamically changing the set of events it wishes toobserve. It is known that checking diagnosability (i.e., whethera given observer is capable of identifying faults) can be solvedin polynomial time for static observers, and we show that thesame is true for dynamic ones. We also solve the problem ofdynamic observers’ synthesis and prove that a most permissiveobserver can be computed in doubly exponential time, using agame-theoretic approach. We further investigate optimizationproblems for dynamic observers and define a notion of cost ofan observer.
I. I
NTRODUCTION
A. Monitoring, Testing, Fault Diagnosis and Control
Many problems concerning the monitoring, testing, faultdiagnosis and control of discrete event systems (DES) canbe formalized using finite automata over a set of observable events Σ , plus a set of unobservable events [3], [4]. Theinvisible actions can often be represented by a single unob-servable event ε . Given a finite automaton over Σ ∪{ ε } whichis a model of a plant (to be monitored, tested, diagnosed orcontrolled) and an objective (good behaviours, what to testfor, faulty behaviours, control objective) we want to check ifa monitor/tester/diagnoser/controller exists that achieves theobjective, and if possible to synthesize one automatically.The usual assumption in this setting is that the set ofobservable events is fixed (and this in turn, determines the setof unobservable events as well). Observing an event usuallyrequires some detection mechanism, i.e., a sensor of somesort. Which sensors to use, how many of them, and where to ∗ Preliminary versions of parts of this paper appeared in [1] and [2]. † Work suported by the French government under grant ANR-06-SETI. place them are some of the design questions that are oftendifficult to answer, especially without knowing what thesesensors are to be used for.In this paper we review some recent results about sensorminimization . These results are interesting since observing anevent can be costly in terms of time or energy: computationtime must be spent to read and process the informationprovided by the sensor, and power is required to operatethe sensor (as well as perform the computations). It isthen essential that the sensors used really provide usefulinformation. It is also important for the computer to discardany information given by a sensor that is not really needed.In the case of a fixed set of observable events, it is not thecase that all sensors always provide useful information andsometimes energy (used for sensor operation and computertreatment) is spent for nothing. For example, to detect a fault f in the system described by the automaton B , Figure 1,page 3, an observer needs to watch only for event a initially,and watch for event b only after a has occurred . If thesequence a.b occurs, for sure f has occurred and the observercan raise an alarm. If, on the other hand, event b is notobserved after a , then f has not occurred. It is then notuseful to switch on sensor b before observing event a . B. Sensor Minimization and Fault Diagnosis
We focus our attention on sensor minimization, withoutlooking at problems related to sensor placement, choosingbetween different types of sensors, and so on. We also focuson a particular observation problem, that of fault diagnosis .We believe, however, that the results we obtain are applicableto other contexts as well.Fault diagnosis consists in observing a plant and detectingwhether a fault has occurred or not. We follow the discrete-event system (DES) setting of [5] where the behavior of theplant is known and a model of it is available as a finite-stateautomaton over Σ ∪ { ε, f } where Σ is the set of potentiallyobservable events, ε represents the unobservable events, and f is a special unobservable event that corresponds to theaults . Checking diagnosability (whether a fault can bedetected) for a given plant and a fixed set of observable eventscan be done in polynomial time [5], [6], [7]. In the generalcase, synthesizing a diagnoser involves determinization andthus cannot be done in polynomial time.In this paper, we focus on dynamic observers. For resultsabout sensor optimizition with static observers, we refer thereader to [2].In the dynamic observers’ framework, we assume that anobserver can decide after each new observation the set ofevents it is going to watch. We first prove that checkingdiagnosability with dynamic observers that are given byfinite automata can be done in polynomial time. As asecond aspect, we focus on the dynamic observer synthesisproblem . We show that computing a dynamic observer for agiven plant, can be reduced to a game problem . We furtherinvestigate optimization problems for dynamic observers anddefine a notion of cost of an observer. Finally we show howto compute an optimal (cost-wise) dynamic observer. C. Related Work
To our knowledge, the problems of synthesizing dynamicobservers for diagnosability, studied in Section III, have notbeen addressed previously in the literature. Consequently, theassociated optimization problems, addressed in section IV, ofcomputing an optimal observer is also original and new.
D. Organisation of the paper.
In Section II we fix notation and introduce finite automatawith faults to model DES.In Section III we introduce and study dynamic observersand show that the most permissive dynamic observer can becomputed as the strategy in a safety 2-player game.We also define a notion of cost for dynamic observers inSection IV and show that the cost of a given observer canbe computed using Karp’s algorithm. Finally, we define theoptimal-cost observer synthesis problem and show it can besolved using Zwick and Paterson’s result on graph games.This paper contains no proofs and the interested readermay refer to [1], [2], [8] for the details.II. P
RELIMINARIES
A. Words and Languages
Let Σ be a finite alphabet and Σ ε = Σ ∪ { ε } . Σ ∗ is theset of finite words over Σ and contains ε which is also theempty word and Σ + = Σ ∗ \ { ε } . A language L is anysubset of Σ ∗ . Given two words ρ, ρ ′ we denote ρ.ρ ′ theconcatenation of ρ and ρ ′ which is defined in the usual way. | ρ | stands for the length of the word ρ (the length of theempty word is zero) and | ρ | λ with λ ∈ Σ stands for thenumber of occurrences of λ in ρ . We also use the notation | S | to denote the cardinality of a set S . Given Σ ⊆ Σ , wedefine the projection operator on words, π / Σ : Σ ∗ → Σ ∗ , Different types of faults could also be considered, by having differentfault events f , f , and so on. Our methods can be extended in a straight-forward way to deal with multiple faults. We restrict our presentation to asingle fault event for the sake of simplicity. recursively as follows: π / Σ ( ε ) = ε and for a ∈ Σ , ρ ∈ Σ ∗ , π / Σ ( a.ρ ) = a. π / Σ ( ρ ) if a ∈ Σ and π / Σ ( ρ ) otherwise. B. Finite Automata
Definition 1 (Finite Automaton) An automaton A is a tu-ple ( Q, q , Σ ε , δ ) with Q a set of states , q ∈ Q is the initialstate, δ ⊆ Q × Σ ε × Q is the transition relation. We write q λ −→ q ′ if q ′ ∈ δ ( q, λ ) . For q ∈ Q , en ( q ) is the set of actionsenabled at q .If Q is finite, A is a finite automaton . An automaton is deterministic if for any q ∈ Q , | δ ( q, ε ) | = 0 and forany λ = ε , | δ ( q, λ ) | ≤ . A labeled automaton A is atuple ( Q, q , Σ , δ, L ) where ( Q, q , Σ , δ ) is an automaton and L : Q → P where P is a finite set of observations . (cid:4) A run ρ from state s in A is a finite or infinite sequenceof transitions s λ −−→ s λ −−→ s · · · s n − λ n −−→ s n · · · s.t. λ i ∈ Σ ε and s = s . If ρ is finite and ends in s n we let tgt ( ρ ) = s n . The set of finite runs from s in A isdenoted Runs ( s, A ) and we define Runs ( A ) = Runs ( q , A ) .The trace of the run ρ , denoted tr ( ρ ) , is the word obtainedby concatenating the symbols λ i appearing in ρ , for those λ i different from ε . A word w is accepted by A if w = tr ( ρ ) for some ρ ∈ Runs ( A ) . The language L ( A ) of A is the setof words accepted by A .Let f Σ ε be a fresh letter that corresponds to the faultaction, Σ ε,f = Σ ε ∪ { f } and A = ( Q, q , Σ ε,f , δ ) . Given R ⊆ Runs ( A ) , Tr ( R ) = { tr ( ρ ) for ρ ∈ R } is the set of tracesof the runs in R . A run ρ is k -faulty if there is some ≤ i ≤ n s.t. λ i = f and n − i ≥ k . Notice that ρ can be either finiteor infinite: if it is infinite, n = ∞ and n − i ≥ k always holds. Faulty ≥ k ( A ) is the set of k -faulty runs of A . A run is faulty ifit is k -faulty for some k ∈ N and Faulty ( A ) denotes the set offaulty runs. It follows that Faulty ≥ k +1 ( A ) ⊆ Faulty ≥ k ( A ) ⊆· · · ⊆ Faulty ≥ ( A ) = Faulty ( A ) . Finally, NonFaulty ( A ) = Runs ( A ) \ Faulty ( A ) is the set on non-faulty runs of A . Welet Faulty tr ≥ k ( A ) = Tr ( Faulty ≥ k ( A )) and NonFaulty tr ( A ) = Tr ( NonFaulty ( A )) be the sets of traces of faulty and non-faulty runs.We assume that each faulty run of A of length n can beextended into a run of length n + 1 . This is required fortechnical reasons (in order to guarantee that the set of faultyruns where sufficient time has elapsed after the fault is well-defined) and can be achieved by adding ε loop-transitions toeach deadlock state of A . Notice that this transformation doesnot change the observations produced by the plant, thus, anyobserver synthesized for the transformed plant also appliesto the original one. C. Product of Automata
The product of automata with ε -transitions is defined in theusual way: the automata synchronize on common labels ex-cept for ε . Let A = ( Q , q , Σ ε , → ) and A = ( Q , q , Σ ε , In this paper we often use finite automata that generate prefix-closedlanguages, hence we do not need to use a set of final or accepting states. ) . The product of A and A is the automaton A × A =( Q, q , Σ , → ) where: • Q = Q × Q , • q = ( q , q ) , • Σ = Σ ∪ Σ , • →⊆ Q × Σ × Q is defined by ( q , q ) σ −→ ( q ′ , q ′ ) if: – either σ ∈ Σ ∩ Σ and q k σ −→ k q ′ k , for k = 1 , , – or σ ∈ (Σ i \ Σ − i ) ∪ { ε } and q i σ −→ i q ′ i and q ′ − i = q − i , for i = 1 or i = 2 .III. F AULT D IAGNOSIS WITH D YNAMIC O BSERVERS
In this section we introduce dynamic observers . They canchoose after each new observation the set of events they aregoing to watch for. To illustrate why dynamic observers canbe useful consider the following example.
Example 1 (Dynamic Observation)
Assume we want todetect faults in automaton B of Figure 1. A static diagnoserthat observes Σ = { a, b } can detect faults. However, noproper subset of Σ can be used to detect faults in B . Thusthe minimum cardinality of the set of observable events fordiagnosing B is i.e., a static observer will have to monitortwo events during the execution of the DES.This means thatan observer will have to be receptive to at least two inputsat each point in time to detect a fault in B . One can think ofbeing receptive as switching on a device to sense an event.This consumes energy. We can be more efficient using adynamic observer, that only turns on sensors when needed,thus saving energy. In the case of B , this can be done asfollows: in the beginning we only switch on the a -sensor;once an a occurs the a -sensor is switched off and the b -sensor is switched on. Compared to the previous diagnoserswe use half as much energy. • • • ••• ε εf a bb a Fig. 1. The automaton B A. Dynamic Observers
We formalize the above notion of dynamic observationusing observers . The choice of the events to observe candepend on the choices the observer has made before andon the observations it has made. Moreover an observer mayhave unbounded memory.
Definition 2 (Observer) An observer Obs over Σ is a de-terministic labeled automaton Obs = (
S, s , Σ , δ, L ) , where S is a (possibly infinite) set of states, s ∈ S is the initialstate, Σ is the set of observable events, δ : S × Σ → S isthe transition function (a total function), and L : S → Σ is a labeling function that specifies the set of events that theobserver wishes to observe when it is at state s . We requirefor any state s and any a ∈ Σ , if a L ( s ) then δ ( s, a ) = s : this means the observer does not change its state when anevent it has chosen not to observe occurs. (cid:4) As an observer is deterministic we use the notation δ ( s , w ) to denote the state s reached after reading the word w and L ( δ ( s , w )) is the set of events Obs observes after w .An observer implicitly defines a transducer that consumesan input event a ∈ Σ and, depending on the current state s , either outputs a (when a ∈ L ( s ) ) and moves to a newstate δ ( s, a ) , or outputs ε , (when a L ( s ) ) and remains inthe same state waiting for a new event. Thus, an observerdefines a mapping Obs from Σ ∗ to Σ ∗ (we use the samename “Obs” for the automaton and the mapping). Given arun ρ , Obs ( π / Σ ( tr ( ρ ))) is the output of the transducer on ρ .It is called the observation of ρ by Obs. We next providean example of a particular case of observer which can berepresented by a finite-state machine. L (0) = { a } L (1) = { b } L (2) = ∅ ab ba a b Fig. 2. A finite-state observer Obs
Example 2
Let Obs be the observer of Figure 2. Obsmaps the following inputs as follows: Obs ( baab ) = ab ,Obs ( bababbaab ) = ab , Obs ( bbbbba ) = a and Obs ( bbaaa ) = a . If Obs operates on the DES B of Figure 1 and B generates f.a.b , Obs will have as input π / Σ ( f.a.b ) = a.b with Σ = { a, b } . Consequently the observation of Obs isObs ( π / Σ ( f.a.b )) = a.b .B. Fault Diagnosis with Dynamic Diagnosers Definition 3 ( ( Obs , k ) -diagnoser) Let A be a finite automa-ton over Σ ε,f and Obs be an observer over Σ . D : Σ ∗ →{ , } is an ( Obs , k ) -diagnoser for A if • ∀ ρ ∈ NonFaulty ( A ) , D ( Obs ( π / Σ ( tr ( ρ )))) = 0 and • ∀ ρ ∈ Faulty ≥ k ( A ) , D ( Obs ( π / Σ ( tr ( ρ )))) = 1 . (cid:4) A is ( Obs , k ) -diagnosable if there is an ( Obs , k ) -diagnoserfor A . A is Obs-diagnosable if there is some k such that A is ( Obs , k ) -diagnosable.If a diagnoser always selects Σ as the set of observableevents, it is a static observer and ( Obs , k ) -diagnosabilityamounts to the standard (Σ , k ) -diagnosis problem [5].As for Σ -diagnosability, we have the following equiva-lence for dynamic observers: A is ( Obs , k ) -diagnosable iffObs ( π / Σ ( Faulty tr ≥ k ( A ))) ∩ Obs ( π / Σ ( NonFaulty tr ( A ))) = ∅ . Problem 1 (Finite-State Obs-Diagnosability) I NPUT : A , Obs a finite-state observer. P ROBLEM : (A) Is A Obs -diagnosable?(B) If the answer to (A) is “yes”, compute the minimum k such that A is ( Obs , k ) -diagnosable. heorem 1 Problem 1 is in P.
To prove Theorem 1 we build a product automaton A ⊗ Obssuch that: A is ( Obs , k ) -diagnosable ⇐⇒ A ⊗ Obs is (Σ , k ) -diagnosable. Given two finite automata A = ( Q, q , Σ ε,f , → ) and Obs = ( S, s , Σ , δ, L ) , the automaton A ⊗ Obs = ( Q × S, ( q , s ) , Σ ε,f , → ) is defined as follows: • ( q, s ) β −→ ( q ′ , s ′ ) iff ∃ λ ∈ Σ s.t. q λ −→ q ′ , s ′ = δ ( s, λ ) and β = λ if λ ∈ L ( s ) , β = ε otherwise; • ( q, s ) λ −→ ( q ′ , s ) iff ∃ λ ∈ { ε, f } s.t. q λ −→ q ′ .The number of states of A ⊗ Obs is at most | Q | × | S | and thenumber of transitions is bounded by the number of transitionsof A . Hence the size of the product is polynomial in the sizeof the input | A | + | Obs | . Checking that A ⊗ Obs is diagnosablecan be done in polynomial time and Problem 1.(A) is in P.
Example 3
Let B be the DES given in Figure 1 and Obs the observer of Figure 2. The product
A ⊗
Obs used in theabove proof is given in Figure 3. • • • ••• ε εf a bε a
Fig. 3. The product
A ⊗
Obs
For Problem 1, we have assumed that an observer wasgiven. It would be even better if we could synthesize anobserver Obs such that the plant is Obs-diagnosable. Beforeattempting to synthesize such an observer, we should firstcheck that the plant is Σ -diagnosable: if it is not, then obvi-ously no such observer exists; if the plant is Σ -diagnosable,then the trivial observer that observes all events in Σ at alltimes works . As a first step towards synthesizing non-trivialobservers, we can attempt to compute the set of all validobservers, which includes the trivial one but also non-trivialones (if they exist). Problem 2 (Dynamic-Diagnosability) I NPUT : A . P ROBLEM : Compute the set O of all observers such that A is Obs -diagnosable iff
Obs ∈ O . We do not have a solution to the above general problem.Instead, we introduce a restricted variant:
Problem 3 (Dynamic- k -Diagnosability) I NPUT : A , k ∈ N . P ROBLEM : Compute the set O of all observers such that A is ( Obs , k ) -diagnosable iff Obs ∈ O . We use ⊗ to clearly distinguish this product from the usual synchronousproduct × . Notice that this also shows that existence of an observer impliesexistence of a finite-state observer, since the trivial observer is finite-state.
C. Problem 3 as a Game Problem
To solve Problem 3 we reduce it to a safety • Player 1 chooses the set of events it wishes to observe,then it hands over to Player 2; • Player 2 chooses an event and tries to produce a runwhich is the observation of a k -faulty run and a non-faulty run.Player 2 wins if he can produce such a run. Other-wise Player 1 wins. Player 2 has complete information ofPlayer 1’s moves (i.e., it can observe the sets that Player 1chooses to observe). Player 1, on the other hand, only haspartial information of Player 2’s moves because not all eventsare observable (details follow). Let A = ( Q, q , Σ ε,f , → ) bea finite automaton. To define the game, we use two copiesof automaton A : A k and A . The accepting states of A k are those corresponding to runs of A which are faulty andwhere more than k steps occurred after the fault. A is acopy of A where the f -transitions have been removed. Thegame we are going to play is the following (see Figure 4,Player 1 states are depicted with square boxes and Player 2states with round shapes):1) the game starts in an state ( q , q ) corresponding to theinitial state of the product of A k and A . Initially, it isPlayer 1’s turn to play. Player 1 chooses a set of eventshe is going to observe i.e., a subset X of Σ and handsit over to Player 2;2) assume the automata A k and A are in states ( q , q ) .Player 2 can change the state of A k and A by:a) firing an action (like λ , λ , λ , λ in Figure 4) whichis not in X in either A k or A (no synchronization).In this case a new state ( q, q ′ ) is reached and Player 2can play again from this state;b) firing an action in X (like σ , σ in Figure 4): to dothis both A k and A must be in a state where λ ispossible (synchronization); after the action is fired anew state ( q ′ , q ′ ) is reached: now it is Player 1’s turnto play, and the game continues as in step 1 abovefrom the new state ( q ′ , q ′ ) .Player 2 wins if he can reach a state ( q , q ) in A k × A where q is an accepting state of A k (this means that Player 1 winsif it can avoid ad infinitum this set of states). In this sensethis is a safety game for Player 1 (and a reachability game forPlayer 2). Formally, the game G A = ( S ⊎ S , s , Σ ⊎ Σ , δ ) is defined as follows ( ⊎ denotes union of disjoint sets): • S = ( Q × {− , · · · , k } ) × Q is the set of Player 1states; a state (( q , j ) , q ) ∈ S indicates that A k is instate q , j steps have occurred after a fault, and q isthe current state of A . If no fault has occurred, j = − and if more than k steps occurred after the fault, we use j = k . • S = ( Q × {− , · · · , k } ) × Q × Σ is the set ofPlayer 2 states. For a state (( q , j ) , q , X ) ∈ S , thetriple (( q , j ) , q ) has the same meaning as for S , and X is the set of moves Player 1 has chosen to observeon its last move.4 q , q ) ( q , q ) · · · ( q, q ′ ) · · · ( q ′ , q ′ )( q ′′ , q ′′ ) Player 1 chooses X ⊆ Σ λ X σ ∈ Xλ Xλ X σ ∈ Xλ X Fig. 4. Game reduction for problem 3 • s = (( q , − , q ) is the initial state of the gamebelonging to Player 1; • Σ = 2 Σ is the set of moves of Player 1; Σ = Σ ε isthe set of moves of Player 2 (as we encode the faultinto the state, we do not need to distinguish f from ε ). • the transition relation δ ⊆ ( S × Σ × S ) ∪ ( S × { ε } × S ) ∪ ( S × Σ × S ) is defined by: – Player 1 moves: let σ ∈ Σ and s ∈ S . Then ( s , σ, ( s , σ )) ∈ δ . – Player 2 moves: a move of Player 2 is eithera silent move ( ε ) i.e., a move of A k or A ora joint move of A k and A with an observ-able action in X . Consequently, a silent move (( q , i ) , q , X ) , ε, ( q ′ , j ) , q ′ , X )) is in δ if one ofthe following conditions holds:1) either q ′ = q , q ℓ −→ q ′ is a step of A k , ℓ X ,and if i ≥ then j = min( i + 1 , k ) ; if i = − and ℓ = f j = 0 otherwise j = i .2) either q ′ = q , q ℓ −→ q ′ is a step of A , ℓ X (and ℓ = f ), and if i ≥ then j = min( i +1 , k ) ,otherwise j = i .A visible move can be taken by Player 2 if both A k and A agree on doing such a move. Inthis case the game proceeds to a Player 1 state: (( q , i ) , q , X ) , ℓ, (( q ′ , j ) , q ′ )) ∈ δ if ℓ ∈ X , q ℓ −→ q ′ is a step of A k , q ℓ −→ q ′ is a step of A , andif i ≥ then j = min( i + 1 , k ) , otherwise j = i .We can show that for any observer O s.t. A is ( O, k ) -diagnosable, there is a strategy f ( O ) for Player 1 in G A s.t. f ( O ) is trace-based and winning. A strategy for Player 1is a mapping f : Runs ( G A ) → Σ that associates a move f ( ρ ) in Σ to each run ρ in G A that ends in an S -state. A strategy f is trace-based if given two runs ρ, ρ ′ ,if tr ( ρ ) = tr ( ρ ′ ) then f ( ρ ) = f ( ρ ′ ) . Conversely, for anytrace-based winning strategy f (for Player 1), we can buildan observer O ( f ) s.t. A is ( O ( f ) , k ) -diagnosable.Let O = ( S, s , Σ , δ, L ) be an observer for A . We definethe strategy f ( O ) on finite runs of G A ending in a Player 1state by: f ( O )( ρ ) = L ( δ ( s , π / Σ ( tr ( ρ )))) . The intuition isthat we take the run ρ in G A , take the trace of ρ (choices ofPlayer 1 and moves of Player 2) and remove the choices ofPlayer 1. This gives a word in Σ ∗ . The strategy for Player 1for ρ is the set of events the observer O chooses to observe after reading π / Σ ( tr ( ρ )) i.e., L ( δ ( s , π / Σ ( tr ( ρ )))) .Conversely, with each trace-based strategy f of the game G A we can associate an automaton O ( f ) = ( S, s , Σ , δ, L ) defined by: • S = { π / Σ ( tr ( ρ )) | ρ ∈ Out ( G A , f ) and tgt ( ρ ) ∈ S } ; • s = ε ; • δ ( v, ℓ ) = v ′ if v ∈ S , v ′ = v.ℓ and there is a run ρ ∈ Out ( G A , f ) with ρ = q X −−→ q ε ∗ −→ q n λ −→ q X −−→ q ε ∗ −→ q n λ −→ q · · · q k ε ∗ −→ q n k − k − λ k −→ q k with each q i ∈ S , q ji ∈ S , v = π / Σ ( tr ( ρ )) , and ρ X k −−→ q k ε ∗ −→ q n k k ℓ −→ q k +1 with q k +1 ∈ S , ℓ ∈ X k . δ ( v, l ) = v if v ∈ S and ℓ f ( ρ ) ; • L ( v ) = f ( ρ ) if v = π / Σ ( tr ( ρ )) .Using the previous definitions and constructions we obtainthe following theorems: Theorem 2
Let O be an observer s.t. A is ( O, k ) -diagno-sable. Then f ( O ) is a trace-based winning strategy in G A . Theorem 3
Let f be a trace-based winning strategy in G A .Then O ( f ) is an observer and A is ( O ( f ) , k ) -diagnosable. The result on a game like G A is that, if there is awinning trace-based strategy for Player 1, then there is a mostpermissive strategy F A which has finite memory. It can berepresented by a finite automaton S F A = ( W ⊎ W , s , Σ ∪ Σ , ∆ A ) s.t. ∆ A ⊆ ( W × Σ × W ) ∪ ( W × Σ × W ) which has size exponential in the size of G A . For a givenrun ρ ∈ (Σ ∪ Σ ) ∗ ending in a W -state, we have F A ( w ) = en (∆ A ( s , w )) . D. Most Permissive Observer
We now define the notion of a most permissive observerand show the existence of a most permissive observer for asystem in case A is diagnosable. F A is the mapping definedat the end of the previous section.For an observer O = ( S, s , Σ , δ, L ) and w ∈ Σ ∗ we let L ( w ) be the set L ( δ ( s , w )) : this is the set ofevents O chooses to observe on input w . Given a word ρ ∈ π / Σ ( L ( A )) , we recall that O ( ρ ) is the observa-tion of ρ by O . Assume O ( ρ ) = a · · · a k . Let ρ = L ( ε ) .ε.L ( a ) .a . · · · L ( O ( ρ )( k )) .a k i.e., ρ contains the his-tory of what O has chosen to observe at each step and theevents that occurred after each choice.5et O : (2 Σ × Σ ε ) + → Σ . By definition O is the mostpermissive observer for ( A, k ) if the following holds: O = ( S, s , Σ , δ, L ) is an observer andand A is ( O, k ) -diagnosable ⇐⇒ ∀ w ∈ Σ ∗ , L ( δ ( s , w )) ∈ O ( w ) The definition of the most permissive observer states that: • any good observer O (one such that A is ( O, k ) -diagnosable) must choose a set of observable events in O ( w ) on input w ; • if an observer chooses its set of observable events in O ( w ) on input w , then it is a good observer.Assume A is (Σ , k ) -diagnosable. Then there is an observer O s.t. A is ( O, k ) -diagnosable because the constant observerthat observes Σ is a solution. By Theorem 2, there is a trace-based winning strategy for Player 1 in G A . Theorem 4 F A is the most permissive observer. This enables us to solve Problem 3 and compute a finiterepresentation of the set O of all observers such that A is ( O, k ) -diagnosable iff O ∈ O . Computing F A can be donein O (2 | G A | ) . The size of G A is quadratic in | A | , linear inthe size of k , and exponential in the size of Σ i.e., | G A | = O ( | A | × | Σ | × | k | ) . This means that computing F A can bedone in exponential time in the size of A and k and doublyexponential time in the size of Σ .The computation of a generic diagnoser associated withthe most permissive observer can de done as well. Thisdiagnoser is the most permissive dynamic diagnoser andcontains all the choices a dynamic diagnoser can make tobe able to diagnose a plant.IV. O PTIMAL D YNAMIC O BSERVERS
In this section we define a notion of cost for observers.This will allow us to compare observers w.r.t. to this criterionand later on to synthesize an optimal observer. The notion ofcost we are going to use is inspired by weighted automata . A. Weighted Automata & Karp’s Algorithm
The notion of cost for automata has already been definedand algorithms to compute some optimal values related tothis model are described in many papers. We recall here theresults of [9] which will be used later.
Definition 4 (Weighted Automaton) A weighted automa-ton is a pair ( A, w ) s.t. A = ( Q, q , Σ , δ ) is a finiteautomaton and w : Q → N associates a weight with eachstate. (cid:4) Definition 5 (Mean Cost)
Let ρ = q a −→ q a −→ · · · a n −−→ q n be a run of A . The mean cost of ρ is µ ( ρ ) = 1 n + 1 × n X i =0 w ( q i ) . (cid:4) We remind that the length of ρ = q a −→ q a −→ · · · a n −−→ q n is | ρ | = n . We assume that A is complete w.r.t. Σ (and Σ = ∅ ) and thus contains at least one run for any arbitrarylength n . Let Runs n ( A ) be the set of runs of length n in Runs ( A ) . The maximum mean-weight of the runs of length n for A is ν ( A, n ) = max { µ ( ρ ) for ρ ∈ Runs n ( A ) } . The maximum mean weight of A is ν ( A ) = lim sup n →∞ ν ( A, n ) .Actually the value ν ( A ) can be computed using Karp’smaximum mean-weight cycle algorithm [9] on weightedgraphs. If c = s a −→ s a −→ · · · a n −−→ s n is a cycle of A i.e., s = s n , the mean weight of the cycle c is µ ( c ) = n +1 · P ni =0 w ( s i ) . The maximum mean-weight cycle of A is the value ν ∗ ( A ) = max { µ ( c ) for c a cycle of A } . Asstated in [10], for weighted automata, the mean-weight cyclevalue is the value that determines the mean-weight value: ν ( A ) = lim sup n →∞ ν ( A, n ) = lim n →∞ ν ( A, n ) = ν ∗ ( A ) . B. Cost of a Dynamic Observer
Let Obs = (
S, s , Σ , δ, L ) be an observer and A = ( Q,q , Σ ε,f , → ) . We would like to define a notion of cost forobservers in order to select an optimal one among all ofthose which are valid, i.e., s.t. A is ( Obs , k ) -diagnosable.Intuitively this notion of cost should imply that the moreevents we observe at each time, the more expensive it is.There is not one way of defining a notion of cost and thereader is referred to [1] for a discussion on this subject.The cost of a word w is given by: Cost ( w ) = P i = ni =0 | L ( δ ( s , w ( i ))) | n + 1 with n = | w | .We now show how to define and compute the cost of anobserver Obs that observes a DES A .Given a run ρ ∈ Runs ( A ) , the observer only processes π / Σ ( tr ( ρ )) ( ε and f -transitions are not processed). To havea consistent notion of costs that takes into account thelogical time elapsed from the beginning, we need to takeinto account one way or another the number of steps of ρ (the length of ρ ) even if some of them are non observable.A simple way to do this is to consider that ε and f are nowobservable events, let’s say u , but that the observer neverchooses to observe them. Indeed we assume we have alreadychecked that A is ( Obs , k ) -diagnosable, and the problem isnow to compute the cost of the observer we have used. Definition 6 (Cost of a Run)
Given a run ρ = q a −−−→ q a −−−→ · · · q n − a n −−−→ q n ∈ Runs ( A ) , let w i = Obs ( π / Σ ( tr ( ρ ( i )))) , ≤ i ≤ n . The cost of ρ ∈ Runs ( A ) is defined by:Cost ( ρ, A, Obs ) = 1 n + 1 · n X i =0 | L ( δ ( s , w i ) | . (cid:4) We recall that
Runs n ( A ) is the set of runs of length n in Runs ( A ) . The cost of the runs of length n of A is Cost ( n, A, Obs ) = max { Cost ( ρ, A, Obs ) for ρ ∈ Runs n ( A ) } . ( Obs , A ) is Cost ( A, Obs ) = lim sup n →∞ Cost ( n, A, ρ ) . Notice that
Cost ( n, A, Obs ) is defined for each n becausewe have assumed A generates runs of arbitrary large length.As emphasised previously, in order to compute Cost ( n, A, Obs ) we consider that ε and f are nowobservable events, say u , but that the observer neverchooses to observe them. Let Obs + = ( S, s , Σ u , δ ′ , L ) where δ ′ is δ augmented with u -transitions that loop oneach state s ∈ S . Let A + be A where ε and f transitionsare renamed u . Let A + × Obs + be the synchronizedproduct of A + and Obs + . A + × Obs + = ( Z, z , Σ u , ∆) is complete w.r.t. Σ u and we let w ( q, s ) = | L ( s ) | so that ( A + × Obs + , w ) is a weighted automaton. Theorem 5
Cost ( A, Obs ) = ν ∗ ( A + × Obs + ) . Thus we can compute the cost of a given pair ( A, Obs ) :this can be done using Karp’s maximum mean weightcycle algorithm [9] on weighted graphs. This algorithm ispolynomial in the size of the weighted graph and thus: Theorem 6
Computing the cost of ( A, Obs ) is in P. Remark 1
Notice that instead of the values | L ( s ) | we coulduse any mapping from states of Obs to Z and consider thatthe cost of observing { a, b } is less than observing a .C. Optimal Dynamic Diagnosers In this section, we focus on the problem of computing abest observer in the sense that diagnosing the DES with ithas minimal cost. We address the following problem:
Problem 4 (Bounded Cost Observer) I NPUT : A , k ∈ N and c ∈ N . P ROBLEM : (A). Is there an observer Obs s.t. A is ( Obs ,k)-diagnosableand Cost ( Obs ) ≤ c ?(B). If the answer to (A) is “yes”, compute a witness optimalobserver Obs with Cost ( Obs ) ≤ c . Theorem 4, page 6 establishes that there is a mostpermissive observer F A in case A is (Σ , k ) -diagnosable andit can be computed in exponential time in the size of A and k , doubly exponential time in | Σ | , and has size exponentialin A and k , and doubly exponential in | Σ | . Moreover themost permissive observer F A can be represented by a finitestate machine S F A = ( { , · · · , l } ∪ ( { , , · · · , l ′ + 1 } × Σ ) , , Σ ∪ Σ , δ ) which has the following properties: • even states are states where the observer chooses a setof events to observe; • odd states (2 i + 1 , X ) are states where the observerwaits for an observable event in X to occur; • if δ (2 i, X ) = (2 i ′ + 1 , X ) with X ∈ Σ , it means thatfrom an even state i , the automaton S F A can select aset X of events to observe. The successor state is an odd state together with the set X of events that are beingobserved; • if δ ((2 i +1 , X ) , a ) = 2 i ′ with a ∈ X , it means that from (2 i + 1 , X ) , S F A is waiting for an observable event tooccur. When some occurs it switches to an even state.By definition of F A , any observer O s.t. A is ( O, k ) -diagnosable must select a set of observable events in F A ( tr ( w )) after having observed w ∈ π / Σ ( L ( A )) .To compute an optimal observer, we use a result by Zwickand Paterson [10] on weighted graph games . Definition 7 (Weighted Graph) A weighted directed graph is a pair ( G, w ) s.t. G = ( V, E ) is a directed graph and w : E → {− W, · · · , , · · · , W } assigns an integral weightto each edge of G with W ∈ N . We assume that each vertex v ∈ V is reachable from a unique source vertex v and hasat least one outgoing transition. (cid:4) Definition 8 (Weighted Graph Game) A weighted graphgame G = ( V, E ) is a bipartite weighted graph with V = V ∪ V and E = E ∪ E , E ⊆ V × V and E ⊆ E × E .We assume the initial vertex v of G belongs to V . (cid:4) Vertices V i are Player i’s vertex. A weighted graph gameis a turn based game in which the turn alternates betweenPlayer 1 and Player 2. The game starts at a vertex v ∈ V .Player 1 chooses an edge e = ( v , v ) and then Player 2chooses an edge e = ( v , v ) and so on and they buildan infinite sequence of edges. Player 1 wants to maximise lim inf n →∞ n · P ni =1 w ( e i ) and Player 2 wants to minimize lim sup n →∞ n · P ni =1 w ( e i ) .One of the result of [10] is that there is a rational value ν ∈ Q s.t. Player 1 has a strategy to ensure lim inf n →∞ n · P ni =1 w ( e i ) ≥ ν and Player 2 has a strategy to ensure that lim sup n →∞ n · P ni =1 w ( e i ) ≤ ν . ν is called the value ofthe game.In summary the results by Zwick and Paterson [10] weare going to use are: • there is a value ν ∈ Q , called the value of thegame s.t. Player 1 has a strategy to ensure that lim inf n →∞ n P ni =1 w ( e i ) ≥ ν and Player 2 has astrategy to ensure that lim sup n →∞ n P ni =1 w ( e i ) ≤ ν ;this value can be computed in O ( | V | ×| E |× W ) where W is the range of the weight function (assuming theweights are in the interval [ − W..W ] ). Note that decidingwhether this value satisfies ν ⊲⊳ c for ⊲⊳ ∈ { = , <, > } for c ∈ Q can be done in O ( | V | × | E | × W ) . • there are optimal memoryless strategies for both playersthat can be computed in O ( | V | × | E | × log( | E | / | V | ) × W ) .To solve Problem 4, we use the most permissive observer F A we computed in section III-D. Given A and F A , we builda weighted graph game G ( A, F A ) s.t. the value of the gameis the optimal cost for the set of all observers. Moreoveran optimal observer can be obtained by taking an optimalmemoryless strategy in G ( A, F A ) .7o build G ( A, F A ) we use the same idea as in sec-tion IV-B: we replace ε and f transitions in A by u obtaining A + . We also modify F A to obtain a weighted graph game ( F + A , w ) by adding transitions so that each state k + 1 iscomplete w.r.t. Σ u . This is done as follows: • from each (2 i + 1 , X ) state, create a new even statei.e., pick some i ′ that has not already been used. Addtransitions ((2 i +1 , X ) , σ, i ′ ) for each σ ∈ Σ u \ en (2 i +1 , X ) . Add also a transition (2 i ′ , X, (2 i + 1 , X )) . Thisstep means that if a A produces an event and it is notobservable, F + A just reads the event and makes the samechoice again. • the weight of a transition (2 i, X, (2 i ′ + 1 , X )) is | X | .The game G ( A, F A ) is then A + × F + A . This way we canobtain a weighted graph game W G ( A, F A ) by abstractingaway the labels of the transitions. Notice that it still enablesus to convert any strategy in W G ( A, F A ) to a strategy in F A . A strategy in W G ( A, F A ) will define an edge (2 i, (2 i ′ +1 , X )) to take. As the target vertex contains the set of eventswe chose to observe we can define a corresponding strategyin F A .By construction of G ( A, F A ) and the definition of thevalue of a weighted graph game, the value of the game isthe optimal cost for the set of all observers O s.t. A is ( O, k ) -diagnosable.Assume A has n states and m transitions. From Theorem 4we know that F A has at most O (2 n × k × | Σ | ) statesand O (2 n × k × | Σ | × n × k × m ) transitions. Hence G ( A, F A ) has at most O ( n × n × k × | Σ | ) vertices and O ( m × n × k × | Σ | ) edges. To make the game completewe may add at most half the number of states and hence W G ( A, F A ) has the same size. We thus obtain the followingresults: Theorem 7
Problem 4 can be solved in time O ( | Σ | × m × n × k × | Σ | ) . We can even solve the optimal cost computation problem:
Problem 5 (Optimal Cost Observer) I NPUT : A , k ∈ N . P ROBLEM : Compute the least value m s.t. there exists anobserver Obs s.t. A is ( Obs ,k)-diagnosable and Cost ( Obs ) ≤ m . Theorem 8
Problem 5 can be solved in time O ( | Σ | × m × n × k × | Σ | ) . A consequence of Theorem 8 and Zwick and Paterson’sresults is that the cost of the optimal observer is a rationalnumber. V. C
ONCLUSIONS
In this paper we have addressed sensor minimizationproblems in the context of fault diagnosis, using dynamicobservers. We proved that, for an observer given by a finiteautomaton, diagnosability can be checked in polynomial time (as in the case of static observers). We also solved a synthesisproblem of dynamic observers and showed that a most-permissive dynamic observer can be computed in doubly-exponential time, provided an upper bound on the delayneeded to detect a fault is given. Finally we have defineda notion of cost for dynamic obervers and shown how tocompute the minimal-cost observer that can be used to detectfaults within a given delay.There are several directions we are currently investigating.Problem 2 has not been solved so far. The major impedi-ment to solve it is that the reduction we propose in section IIIyields a B¨uchi game in this case. More generally we plan toextend the framework we have introduced for fault diagnosisto control under dynamic partial observation and this willenable us to solve Problem 2.Problem 3 is solved in doubly exponential time. Neverthe-less to reduce the number of states of the most permissiveobserver, we point out that only minimal sets of eventsneed to be observed. Indeed, if we can diagnose a systemby observing only Σ from some point on, we surely candiagnose it using any superset Σ ′ ⊇ Σ . So far we keepall the sets that can be used to diagnose the system. Wecould possibly take advantage of the previous property usingtechniques described in [11].R EFERENCES[1] F. Cassez, S. Tripakis, and K. Altisen, “Synthesis of optimal dynamicobservers for fault diagnosis of discrete-event systems,” in .IEEE Computer Society, 2007, pp. 316–325.[2] ——, “Sensor minimization problems with static or dynamic observersfor fault diagnosis,” in . IEEE Computer Society, 2007, pp.90–99.[3] P. Ramadge and W. Wonham, “Supervisory control of a class ofdiscrete event processes,”
SIAM J. Control Optim. , vol. 25, no. 1, Jan.1987.[4] J. Tsitsiklis, “On the control of discrete event dynamical systems,”
Mathematics of Control, Signals and Systems , vol. 2, no. 2, 1989.[5] M. Sampath, R. Sengupta, S. Lafortune, K. Sinnamohideen, andD. Teneketzis, “Diagnosability of discrete event systems,”
IEEE Trans-actions on Automatic Control , vol. 40, no. 9, Sept. 1995.[6] T.-S. Yoo and S. Lafortune, “On the computational complexity ofsome problems arising in partially-observed discrete event systems,”in
American Control Conference (ACC’01) , 2001, arlington, VA.[7] S. Jiang, Z. Huang, V. Chandra, and R. Kumar, “A polynomialalgorithm for testing diagnosability of discrete event systems,”
IEEETransactions on Automatic Control
Discrete Mathematics , vol. 23, pp. 309–311, 1978.[10] U. Zwick and M. Paterson, “The complexity of mean payoff gameson graphs,”
Theoretical Computer Science , vol. 158, no. 1–2, pp. 343–359, 1996.[11] L. Doyen, K. Chatterjee, T. Henzinger, and J.-F. Raskin, “Algorithmsfor omega-regular games with imperfect information,” in
CSL: Com-puter Science Logic , ser. Lecture Notes in Computer Science 4207.Springer, 2006, pp. 287–302., ser. Lecture Notes in Computer Science 4207.Springer, 2006, pp. 287–302.