Polynomial-Time Veriﬁcation of Decentralized Fault Pattern Diagnosability for Discrete-Event Systems

: This paper considers the veriﬁcation of decentralized fault pattern diagnosability for discrete event systems, where the pattern is modeled as a ﬁnite automaton whose accepted language is the objective to be diagnosed. We introduce a notion of codiagnosability to formalize the decentralized fault pattern diagnosability, which requires the pattern to be detected by one of the external local observers within a bounded delay. To this end, a structure, namely a veriﬁer, is proposed to verify the codiagnosability of the system and the fault pattern. By studying an indeterminate cycle of the veriﬁer, sufﬁcient and necessary conditions are provided to test the codiagnosability. It is shown that the proposed method requires polynomial time at most. In addition, we present an approach to extend the proposed veriﬁer structure so that it can be applied to centralized cases.


Introduction
A discrete-event system (DES) [1][2][3] is an event-driven system whose state space is a discrete set and transitions from one state to another are triggered by the occurrence of events.The state of such a system may have logical or symbolic values that change in response to the event.In the context of DESs [2], fault diagnosis involves determining whether or not a fault has occurred with certainty [4,5].The problem of diagnosis has been extensively studied [6][7][8][9][10].Its formal description is located in [7].The purpose of diagnosability is to determine whether any predetermined failure can be diagnosed within a finite delay (steps) after its occurrence.Experience with monitoring dynamic systems shows that there is a large spectrum of faulty situations in practical systems [11], such as multiple faults, intermittent faults [12], and temporary faults [13] that are not consistent with single-event faults.In order to consider these complex situations, such as temporary and/or intermittent faults, fault pattern diagnosis simultaneously emerges as a promising research area, which provides a general way to solve the diagnosis problems by capturing the occurrences of particular strings in a system and gains extensive attention from both researchers and practitioners, leading to a bulk of documented results [14][15][16][17][18][19][20].
As known, Petri nets (PNs) and finite state automata are two major tools to treat various problems in DESs.Specifically, finite state automata have been investigated for that purpose.In [14], the authors provide the ground foundations for the fault pattern diagnosis that relies on the synchronous product of a system with the pattern and the computation of the determinization of the resulting structure.Then, in [15], the same authors improve the complexity of the approach proposed in [14] by successively using the unobservable closure and a pair verifier to replace the determinization.This also introduces fault patterns in the problem of prediction.The authors of [16] address the fault pattern diagnosis by means of state isolation.In contrast to the approach in [14], which builds a diagnoser with potentially exponential complexity, the method proposed in [16] performs state estimation in a recursive manner.This approach offers the advantage of lower complexity for fault pattern detection.In [17], the authors introduce different notions of diagnosability, namely S-type and T-type pattern diagnosability, depending on whether interweaving events are accepted in the pattern.Note that this work also focuses on S-type patterns (but the Ttype patterns are viewed as a particular subclass of S-type patterns, as mentioned in [17]).Moreover, in comparison to existing works, the main contribution of this paper is not only on the centralized systems but also on the decentralized frameworks, which expands the use of fault patterns.
Some contributions also consider the fault pattern diagnosis issues in PNs.On the one hand, the authors in [21] work on the diagnosability analysis of PNs by transforming the diagnosis problem into model checking.Using a particular class of PNs, the diagnosis of fault patterns has been studied according to the matching operator in [22].With a similar approach, the same authors extended their results to the diagnosability analysis in [23].On the other hand, stochastic PNs, endowed with Markovian semantics, have been studied to extract weak diagnosability properties for fault patterns [24].A few researchers also consider fault patterns from the time aspects [25,26].
For the purpose of diagnosability verification, a systematic structure, namely a diagnoser, is proposed in [7], which provides the necessary and sufficient conditions for diagnosability offline.It also can be used for online fault detection based on the observations of system behaviors.The state space of a diagnoser is in the worst case exponential with respect to the size of a system model.To overcome the potential state explosion problem, a so-called "twin machine" technique [9,10], is introduced to provide a worst-case polynomial test with respect to the number of states of a system for diagnosability, without constructing a diagnoser.A state-based method for DES diagnosability is proposed in [6], which provides an algorithm for computing a sequence of test commands to detect faults.
All aforementioned works are centralized fault diagnosis, in which a centralized diagnoser is responsible for the diagnosis in a system.However, many large-sized and complex systems are physically decentralized, where diagnosis information collected by decentralized local sites will be sent to a centralized site for analysis.In this case, a variable communication delay needs to be introduced, which makes the diagnosis technique more complicated.Although all diagnosis information can be collected centrally, due to the data delay, a centralized fault diagnosis method may not always be suitable for decentralized systems.
This work focuses on the decentralized diagnosis of the DESs with multiple local observers, each of which possesses its own sensor without involving any communication among diagnosers, so as to make up for the defects of the centralized diagnosis.The authors in [27] propose a coordinated decentralized architecture with a coordinator, which extends the notion of diagnosability from centralized systems [7] to decentralized cases.In [28], a failure is characterized as a violation of a specification represented by a language, and codiagnosability is studied in a specification language framework, which is later specialized to the failure event framework.In [29], a hierarchical paradigm is developed by incorporating the protocol in [28], which leads to a hierarchy of architectures and encompasses many existing structures for decentralized diagnosis.Considering global consistency conditions, the authors in [30] discuss the diagnosis problem of the distributed setting with fault pattern and define local pattern recognizers for that purpose.
This paper deals with the decentralized fault pattern diagnosability verification of DESs, where the fault patterns are modeled by finite automata.We develop a codiagnosability notion to formalize the decentralized pattern diagnosability of the system and provide an algorithm for its verification.We first compute a synchronous product structure, which encodes a system and a pattern.A failure diagnoser structure is constructed based on the synchronous product by considering the faulty behaviors of the system, and a non-failure diagnoser is calculated based on the normal behaviors.Then, we present a local non-failure diagnoser based on the local projection.In order to verify the codiagnosability of the system and the pattern, a verifier structure is derived by taking the product of failure diagnoser and local non-failure diagnoser.By studying the indeterminate cycles of the verifier, we establish necessary and sufficient verification conditions of codiagnosability.The successive steps of the proposed approach are visualized in Figure 1.The first contribution of the paper focuses on the construction of failure and nonfailure diagnosers, which track the normal and faulty behaviors of the system, separately.The second contribution is the computation of the local diagnoser with respect to the local projection.The third contribution is to extend the necessary and sufficient conditions stated for pattern diagnosability [14] to a decentralized setting.This is achieved by constructing a verifier structure, which is the product of the failure and local non-failure diagnosers.The proposed method is shown to be of polynomial complexity.We also present a method to extend the proposed verifier so that it can be applied to centralized cases.
The rest of the paper is organized as follows.Section 2 reviews finite state automata.Section 3 begins with the notions of fault patterns and then touches upon decentralized fault pattern diagnosis in DESs.Section 4 provides an algorithm for fault pattern codiagnosability with the local diagnosers.Section 5 analyses the complexity of the proposed method.Section 6 concludes this research.

Preliminaries
In this paper, we use N to denote the set of strictly positive integers.In what follows, we consider the model of finite automaton and its related notions.Definition 1.A deterministic finite automaton (DFA) is a four-tuple G = (L, Σ, δ, l 0 ), where L is the set of states, Σ is the set of events, l 0 is the initial state, and δ : L × Σ → L is the partial transition function: l = δ(l, σ) means that there is a transition labeled with event σ ∈ Σ from state l to state l .Let Σ * be the set of all finite strings defined over Σ, including the empty string λ.Transition function δ can be extended to L × Σ * → L in an usual way: given l ∈ L, w ∈ Σ * , and For a DFA G with partial observation, the events set Σ can be partitioned into two disjoint subsets Σ = Σ o ∪ Σ uo , where Σ o and Σ uo represent the set of observable events and the set of unobservable events, respectively.Given two strings w , w ∈ Σ * , the concatenation of the two strings is a string w = w w ∈ Σ * , where the string w is followed by w .
For a state l ∈ L, the set of active events at l is defined as Λ(l) = {σ ∈ Σ|∃l ∈ L : l = δ(l, σ)}.Given a string w ∈ Σ * , its length is defined as the number of items in w, denoted by |w|.A string w ∈ Σ * is said to be a prefix of w ∈ Σ * if there exists w ∈ Σ * , such that w = w w .The language generated by the DFA G is defined as L(G) = {s ∈ Σ * |δ(l 0 , s)!}, where δ(l 0 , s)! means that "δ(l 0 , s) is defined".Given a string w ∈ L(G), L(G)/w denotes the post-language of L(G) after w, defined as L(G)/w = {w ∈ Σ * | ww ∈ L(G)}.A run that begins with the initial state l 0 has the form: where l i , l i+1 ∈ L, σ i ∈ Σ, and l i+1 = δ(l i , σ i ) for i ∈ {0, 1, . . ., n}.In this case, we say that the run ρ is associated with the string w = σ 0 . . .
For a decentralized system G, we use Σ o i to denote the set of events observed by the local observer, simply called the local observable event set, and use Σ uo i to denote the set of local unobservable event set, where Without loss of generality, we assume that there is no cycle composed only of silent events in the system G.Note that in the decentralized architecture, different sites may have events in common, i.e., for all i, j ∈ {1, . . ., m} and i = j, the set of Σ o i ∩ Σ o j is not necessarily an empty set.Given a site i, i = 1, . . ., m, the local projection P i : Σ * → Σ * o i is defined as follows: for w ∈ Σ * and σ ∈ Σ, and P i (λ) = λ.In other words, a local projection function P i tracks only its corresponding local observable events.For i = 1, . . ., m, a site i has its own set of observable events and does not communicate with each other.For a string w ∈ Σ * o i , the inverse of the local projection Example 1.Consider a DFA G 1 shown in Figure 2 with respect to the local projection P i , i = 1, 2, where L = {0, 1, 2, 3, 4, 5, 6, 7} is the set of states, 0 is the initial state, Σ = {a, b, c, u, f 1 , f 2 } is the set of events, and Σ o = {a, b, c} is the set of observable events with Σ o 1 = {a, b} and (5, a) = 6, and δ(6, u) = 6.The local projection P 1 of system G 1 is defined as , and P 2 is defined as P 2 (a) = a, P 2 (c) = c, and A possible run generated by system G 1 from the initial state is where the associated string of ρ is w = a f 1 f 2 bca.The local projection P 1 of w with respect to Σ o 1 is P 1 (w) = aba, and P 2 with respect to Σ o 2 is P 2 (w) = aca.

Decentralized Fault Pattern Diagnosis of Automata
A fault pattern, simply called a pattern, is defined as a finite-state automaton whose accepted language is the objective to be diagnosed, which represents the occurrence of complex or composite faults.
, where S is the set of states, Σ is the set of events, s 0 ∈ S is the initial state, s Ω ∈ S is the single final state, and δ Ω : S × Σ → S is the transition function.The pattern Ω satisfies a complete condition, i.e., for all s ∈ S, Λ(s) = Σ and the final state s Ω is stable, i.e., for all σ ∈ Σ, δ Ω (s Ω , σ) = s Ω .
We use Σ F to denote the set of target events that lead to the occurrence of the pattern, where Σ F ⊆ Σ uo .The language of pattern Ω, denoted by L(Ω), satisfies L(Ω) = Σ * due to its complete condition.We use L A (Ω) to denote the accepted language of Ω, defined as L A (Ω) = {w ∈ L(Ω)|δ Ω (s 0 , w) = s Ω }, and define the target language of DFA G as Example 2. An example of pattern Ω is shown in Figure 3 with the set of states S = {N 1 , N 2 , F}, the set of target events Σ F = { f 1 , f 2 }, the final state s Ω = F, and the initial state s 0 = N 1 .The accepted language of the pattern In the following, we provide a formal definition, namely codiagnosability, with respect to the decentralized system and the pattern, detailed in Definition 3. Definition 3. Given a DFA G, a pattern Ω, and the local projection P i , i ∈ {1, . . ., m}, G is codiagnosable with regard to Ω and P i if According to Definition 3, the system G is codiagnosable with respect to the local projection P i and the pattern Ω if and only if for any string ww accepted by the pattern Ω, there does not exist a string w , which is not accepted by Ω, such that P i (ww ) = P i (w ).An algorithm of fault pattern codiagnosability test is proposed based on searching for the strings ww ∈ L A (G) and w / ∈ L A (G), such that, for i = 1, . . ., m, the two strings ww and w violate the codiagnosability condition of Definition 3.

Verification Algorithm
For the purpose of codiagnosability verification, we propose an algorithm and a theorem in this section.Definition 4 introduces a structure that will be used later, namely synchronous product, which encodes the system G and the pattern Ω.
Hereafter, we propose a structure, called a verifier, which is used to test the codiagnosability of the decentralized system and the fault pattern.The successive steps of the construction are provided in Algorithm 1.Without loss of generality, we assume that m = 2, i.e., there are two local sites with their corresponding local projections and local observable event sets.

Algorithm 1: Construction of the verifier.
Input: A pattern Ω and a DFA G = (L, Σ, δ, l 0 ) with two local sites, where the set of the local observable events is Construct the synchronous product G Ω of G and Ω according to Definition 4.

2.
Compute a failure diagnoser G F that models the faulty behaviors of the system: The initial state is , and undefined otherwise.

3.
For l F , l F ∈ L F , define the transition function δ F : Define the even set of G F as Compute a non-failure diagnoser G N that captures the normal behaviors of the system: The initial state is l N 0 = (l 0 , s 0 ).

3.
For l N , l N ∈ L N , define the transition function δ N : Define the set of events of G N by Note that for a state (l N 1 , l N 2 , l F ) of L v , it includes three components: l N 1 , l N 2 , and l F , where l N 1 is a state of G N 1 , l N 2 is a state of G N 2 , and l F is a state of G F .The verifier G v is constructed by tracking the strings of the local non-failure diagnosers and the failure diagnoser that have the same observation with respect to the local projection P i , i = 1, 2. In other words, the transition relation δ v of G v tracks three sequences: one in the local non-failure diagnoser G N 1 , one in the local non-failure diagnoser G N 2 , and another in the failure diagnoser G F , which generate the same sequence of observed labels.
In Step 1 of Algorithm 1, we construct a synchronous product of a system G and a pattern Ω, which encodes the system and the pattern.Then, a failure diagnoser G F is computed to track the faulty behavior of the system, which is the co-accessible part of the synchronous product with respect to the faulty strings.By Step 3, we build a nonfailure diagnoser structure G N that is the accessible part of the synchronous product by considering the normal behavior of the system.In Step 4, we establish a local non-failure diagnoser G N i based on the local projection.In this way, the event set Σ uo i \ Σ f can be renamed with respect to the local projection and the set of faulty events.Finally, by taking the product of the local non-failure diagnosers and the failure diagnoser, a verifier G v of the system G and pattern Ω can be set up, which is used to test the codiagnosability of the decentralized system.

Definition 5. Given the verifier G v of a DFA G and a pattern
F , and there exists σ j , j ∈ {m, m + 1, . . ., n}, such that σ j ∈ Σ.
Theorem 1.Let G be a DFA with the local projection P i , i = 1, 2, and a pattern Ω. G is not codiagnosable with respect to P i and Ω if and only if there exists an indeterminate cycle in G v .
Proof.(if) Suppose that there exists an indeterminate cycle cl : l m v , σ m , l m+1 v , . . ., l n v , σ n , l m v .Then, there exists a string s v t v generating a run l v 0 , σ 0 , . . ., By and G F , respectively.Consequently, there exists a string st There exists a string s 1 in G N , such that P Σ (s R 1 ) = s 1 and With a slight abuse of notation, we have P 1 (s 1 ) = P 1 (st).Similar to s R 1 , there exists a string s R 2 in G N 2 and s 2 in G N , such that s 2 = P Σ (s R 2 ).For the same reason, we have P 2 (s 2 ) = P 2 (st), where st ∈ L A (G), and s 1 , s 2 / ∈ L A (G) (see Step 3 of Algorithm 1).For the string s v t v with arbitrary length, the strings s 1 and s 2 can also be extended long enough.This implies that G is not codiagnosable with respect to pattern Ω and local projection P i .
(only if) Suppose that G is not codiagnosable with respect to Ω and P i .Then, there exists a string s ∈ L A (G), t ∈ L A (G)/s, and strings s 1 , s 2 / ∈ L A (G), such that P 1 (s 1 ) = P 1 (st), P 2 (s 2 ) = P 2 (st).
According to Steps 3 and 4 of Algorithm 1, there exists a string s R 1 in G N 1 and a string s R 2 in G N 2 , such that s R 1 = R 1 (s 1 ) and s R 2 = R 1 (s 2 ), where R can be extended from Σ to Σ * as the usual way.Consider two prefixes s R 1 of s R 1 and s R 2 of s R 2 , such that P 1 (P Σ (s R 1 )) = P 1 (s) and holds.As a result, there exist two runs in G N 1 and G N 2 , beginning from l N 0 and generated by s R 1 , s R 2 , respectively, with the forms In addition, since s ∈ L A (G), according to Step 2 of Algorithm 1, there exists a run in G F beginning from l F 0 generated by s with the form of ρ s : such that P 1 (P Σ (s R 1 )) = P 1 (st) and P 2 (P Σ (s R 2 )) = P 1 (st).Then, there exists a run in G v of the form The strings s R 1 and s R 1 are extended from the string st to be as large as possible.
Then, there eventually exist two states . For r = i, i + 1, . . ., j, the set of states {l r v } of G V form an indeterminate cycle.This contradicts the assumption and ends the proof.
Theorem 1 provides an approach to verify codiagnosability by searching for the existence of indeterminate cycles.In the case of at least one indeterminate cycle, there are at least three strings s 1 , s 2 , and s 3 with arbitrary length in non-failure diagnosers G N 1 , G N 2 , and the failure diagnoser G F , respectively, where s 1 and s 3 have the same observation with respect to the projection P 1 , and s 2 and s 3 have the same observation with respect to the projection P 2 , violating the codiagnosability.
Example 3. Consider a DFA G 1 shown in Figure 2 with the local observable event set Σ o i , i = 1, 2, and a pattern Ω shown in Figure 3.According to the first step of Algorithm 1, we construct the synchronous product G 1Ω , as shown in Figure 4, which encodes the information of the system G 1 and the fault pattern Ω.The second step is to obtain the failure diagnoser G 1F , which is the co-accessible part of G 1Ω with respect to the set of the faulty states L G 1Ω F , as shown in Figure 5a.It should be noted that all accepted behaviors of the failure diagnoser G 1F are faulty behaviors.Continuing Algorithm 1, we compute a non-failure diagnoser G 1N by taking the accessible part of G 1Ω regarding the set of normal states L G 1Ω \ L G 1Ω F , as shown in Figure 5b.Note that all generated behaviors of the non-failure diagnoser G 1N are normal behaviors.Based on Step 4, we can calculate the local non-failure diagnosers G 1N 1 and G 1N 2 , respectively, by renaming the unobservable event sets Σ uo 1 \ Σ f = {c} and Σ uo 2 \ Σ f = {b} based on function R i , as shown in Figure 5c,d.It shows that the sets of the events of the local non-failure diagnosers as shown in Figure 6.
According to Theorem 1, one can know that the verification of the fault pattern codiagnosability is to search for the indeterminate cycles in G 1v .The verifier of Figure 6 has several cycles (for example, ).Notice that only the cycle 7N 2 7N 2 6F u − → 7N 2 7N 2 6F is an indeterminate cycle (Definition 5).The existence of the indeterminate cycle 7N 2 7N 2 6F u − → 7N 2 7N 2 6F implies that the system G 1 is not codiagnosable with respect to the local projection P i , i = 1, 2, and the pattern Ω (Theorem 1).
Example 4. Consider a DFA G 2 shown in Figure 7a with the local projection P i , i = 1, 2 and a pattern Ω in Figure 3, where Σ = {a, b, c, f 1 , f 2 } is the set of events, Σ o 1 = {a, b}, and Σ o 2 = {a, c}.According to the first step of Algorithm 1, we can construct the synchronous product G 2Ω , as shown in Figure 7b.Continuing Algorithm 1, the failure diagnoser G 2F can be computed accordingly, as shown in Figure 8a.By Steps 3 and 4 of Algorithm 1, we can obtain the non-failure diagnosers and the local non-failure diagnosers successively.For the sake of simplicity, we keep the local non-failure diagnosers G 2N 1 and G 1N 2 , which will be used later, as shown in Figure 8b,c.Continuing Step 5 of Algorithm 1, we can calculate the verifier G 2v with respect to the local projections, as shown in Figure 8d.
Observe that there exist three cycles in the verifier G 2v , i.e., 5N 2 2N 2 4F ).As a consequence, the system G 2 is not codiagnosable with respect to the local projection P i , i = 1, 2, and the pattern Ω (Theorem 1).Example 5.In order to compare the codiagnosability with the system G 2 , we consider a DFA G 3 , as shown in Figure 9a, and the pattern Ω in Figure 3.The local projection of G 3 is P i , i = 1, 2, where Σ = {a, b, c, d, f 1 , f 2 } is the set of events, Σ o 1 = {a, b, d}, and Σ o 2 = {a, c, d}.Following Algorithm 1, the resulting structure can be obtained step by step.For simplicity, we detail the verifier G 3v , as shown in Figure 9b.Note that there is no indeterminate cycle (Definition 5).This implies that the system G 3 is codiagnosable with respect to the local projection and the pattern Ω (Theorem 1).Note that the pattern diagnosability verification in the centralized case can be easily obtained by marking m = 1 of Algorithm 1, i.e., the number of the local site is 1.Therefore, the verifier automaton for the centralized case is given as G v c = G N 1 ||G F , and the necessary and sufficient condition for the non-diagnosability of G is the existence of an indeterminate cycle in G v c , such that at least one event in the cycle is an event of Σ.

Complexity Analysis
From Definitions 1 and 2, we know that the number of states of the system G is |L|, and the number of states of the pattern Ω is |S|.Assume that the number of the local sites is m. The Thus, the complexity of Algorithm 1 is O(|L| m+1 × |S \ {s Ω }| m × |S|), which is polynomial with respect to the number of the states of G and Ω, i.e., O((|L||S|) m+1 ).

Conclusions
The objective of this work is the verification of pattern diagnosability for decentralized DESs.In particular, the fault patterns are modeled by finite automata, providing a general way to formalize different types of failures.This improves the method in [29,31], which only targets single fault scenarios.To this end, we introduce a codiagnosability notion to encapsulate decentralized fault pattern diagnosability, and present an algorithm to test this property.In detail, we first compute a synchronous product structure to encode the system and the pattern.A failure diagnoser and a non-failure diagnoser are calculated based on the synchronous product, where the two structures are obtained by considering the normal and faulty behaviors, respectively.Then, we present a local non-failure diagnoser based on the local projection of the system.A verifier for codiagnosability verification is derived by taking the product of the failure diagnoser with the local non-failure diagnoser.Consequently, the verifier structure can track the strings of the failure and local non-failure diagnosers that have the same observations.The proposed method boasts polynomial complexity, marking an improvement over methods in [17,21].Moreover, the approach proposed in this paper can be used for decentralized systems as well as centralized systems, enhancing the method presented in [14,15] for centralized systems.
Our future work will consider decentralized diagnosis issues of timed fault patterns, which are characterized by a sequence of events that occur in a given order at specific values of time or within specific time intervals.In certain cases, the time value of the system is compulsory.For example, in some flexible manufacturing systems, the operation of the robot must be finished in a specified time.At this point, a time value needs to be assigned to each event of the system, and the diagnoser should be calculated based on not only the event but also the time value.Another limitation of the algorithm is that an external attack is not considered in the system.With this in mind, we will consider different types of attack forms in future work, including insertion, deletion, and replacement of observations.These observations refer to sequences of observable events observed by external observers as well as intruders (aliases of attackers).Such tampering with system-generated observations may mislead system operators to make inexact, conservative, or even incorrect state estimations that are critical for many problems in the context of DESs, such as supervisory control, opacity verification, enforcement, detectability analysis, and fault diagnosis.Certainly, these problems can be addressed under the framework of centralized and/or decentralized system architectures.
complexity of performing Step 1 of Algorithm 1, which constructs the synchronous product G Ω , is O(|L| × |S|), and that of Step 2 of Algorithm 1, which constructs the failure diagnoser G F , is O(|L| × |S|).The complexity of performing Step 3 of Algorithm 1, which computes the non-failure diagnoser G N by deleting all the final states of G Ω , is O(|L| × |S \ {s Ω }|).The complexity of obtaining the local non-failure diagnoser G N i in Step 4 of Algorithm 1, i = 1, . . ., m, is O(|L| × |S \ {s Ω }|).By Step 5, the complexity of verifier