Supervision Patterns in Discrete Event Systems Diagnosis

Transcription

1 Supervision Patterns in Discrete Event Systems Diagnosis Thierry Jéron, Hervé Marchand, Sophie Pinchinat, Marie-Odile Cordier IRISA, Campus Universitaire de Beaulieu, Rennes, rance Abstract In this paper, we are interested in the diagnosis o discrete event systems modeled by inite transition systems. We propose a model o supervision patterns general enough to capture past occurrences o particular trajectories o the system. Modeling the diagnosis objective by a supervision pattern allows us to generalize the properties to be diagnosed and to render them independent o the description o the system. We irst ormally deine the diagnosis problem in this context. We then derive techniques or the construction o a diagnoser and or the veriication o the diagnosticability based on standard operations on transition systems. We show that these techniques are general enough to express and solve in a uniied way a broad class o diagnosis problems ound in the literature, e.g. diagnosing permanent aults, multiple aults, ault sequences and some problems o intermittent aults. I. ITRODUCTIO Diagnosing and monitoring dynamical systems is an increasingly active research domain and model-based approaches have been proposed which dier according to the kind o models they use [13], [1], [11], [10], [3], [4]. The general diagnosis problem consists in detecting or identiying patterns o particular events on a partially observable system. This paper ocuses on discrete-event systems modeled as inite state machines. In this context, patterns usually describe the occurrence o a ault [12], [13], multiple occurrences o a ault [7], the repair o a system ater the occurrence o a ault [2]. The aim o diagnosis is to decide, by means o a diagnoser, whether or not such a pattern occurred in the system. Even i such a decision cannot be taken immediately ater the occurrence o the pattern, one requires that this decision has to be taken in a bounded delay. This property is usually called diagnosability. This property can be checked a priori rom the system model, and depends on both its observability and the supervision pattern. However, the approaches in the literature suer rom some deiciencies. One observes many dierent notions o diagnosability and ad hoc algorithms or the construction o the diagnoser, and or the veriication o diagnosability. As a consequence, these results are diicult to reuse or new but similar diagnosis problems. We believe that the main reason is the absence o a clear deinition o the involved patterns, which would clariy the separation between the diagnosis objective and the speciication o the system. In this paper, we ormally introduce the notion o supervision pattern as a means to deine the diagnosis objectives: a supervision pattern is an automaton which language is the set o trajectories one wants to diagnose. The proposal is general enough to cover an important class o diagnosis objectives, including detection o permanent aults, but also transient aults, multiple aults, repeating aults, as well as quite complex sequences o events. We then propose a ormal deinition o the Diagnosis Problem in this context. The essential point is a clear deinition o the set o trajectories compatible with an observed trace. ow, the Diagnosis Problem is expressed as the problem o synthesizing a unction over traces, the diagnoser, which decrees on the possible/certain occurrence o the pattern on trajectories compatible with the trace. The diagnoser is required to ulil two undamental properties: Correctness and Bounded Diagnosability. Correctness expresses that the diagnoser answers accurately and Bounded Diagnosability guarantees that only a bounded number o observations is needed to eventually answer with certainty that the pattern has occurred. Bounded Diagnosability is ormally deined as the Ω-diagnosability o the system (where Ω is the supervision pattern), which compares to standard diagnosability by [13]. Relying on the ormal ramework we have developed, we then propose algorithms or both the synthesis o a diagnoser, and the veriication o Ω-diagnosability. We believe that these generic algorithms as well as their correctness proos are a lot more simple than the ones proposed in the literature. The paper is organized as ollows. In section II, we recall standard deinitions and notations on labeled transition systems, as well as the notion a compatible trajectories o an observable trace. Supervision patterns are introduced in section III. The diagnosis problem and the Ω-diagnosability are then deined. Section IV is dedicated to algorithms and their associated proos, or the construction o a correct diagnoser as well as the veriication o Ω-diagnosability. inally, Section V illustrates the approach with an example. II. LABELLED TRASITIO SYSTEMS AD RELATED OTIOS We irst recall useul standard notations: We assume given an alphabet, that is a inite set {σ 0, σ 1,... }. The set o

2 inite sequences over is denoted by, with ɛ or the empty sequence. In the paper, typical elements o are s, t, u,... or s = σ 1... σ n and t = σ 1... σ m in, s.t = σ 1... σ n σσ 1... σ m denotes the concatenation o s and t. The length o s is denoted s. We now come to the models o systems: Deinition 1 (LTS): An LTS over is deined by a 4-tuple M = (Q,,, q 0 ) where Q is a inite set o states, q 0 Q is the initial state, is the alphabet o events, and Q Q is the transition relation. In the rest o the section, we assume given an LTS M = (Q,,, q 0 ). We write q σ q or (q, σ, q ). Let q s mean that q s q or some q Q. The event set o a state q Q is (q) {σ q }. σ We extend to arbitrary sequences by setting : q ɛ q always holds, and q sσ q whenever q s q and q σ q, or some q Q. A state q is reachable i s s, q 0 q. We set M (q, s) {q Q q s q }. In particular M (q, ɛ) {q}. By abuse o notation, or any language L M (q, L) {q Q q s q or some s L}, and or any Q Q, M (Q, L) = q Q M (q, L). We say that M is deterministic i whenever q σ q and q σ q, then q = q, or each q Q and each σ. A subset Q Q is stable whenever M (Q, ) Q. M is alive i (q), or each q Q. It is complete whenever (q) =, or each q Q. The language generated by the system M is the set L(M) {s s q o } which elements are called trajectories o M. Given a trajectory s L(M), we write L(M)/s {t s.t L(M)} or the set o trajectories that extend s in M. Rapidly in the paper, we will need to distinguish a subset Q m Q to denote inal states. The notions above are extended in this setting by letting L Qm (M) = {σ M (q 0, σ) Q m }. A useul operation on LTS is the synchronous product that allows to intersect languages o two LTSs. Deinition 2: Let M i = (Q i, q0 i, i, i ), i = 1, 2, be two LTSs. Their synchronous product is M 1 M 2 = (Q 1 Q 2, (q0 1, q2 0 ), 1 2, ), where Q 1 Q 2 satisies (q 1, q 2 ) σ (q 1, q 2 ) whenever q 1 σ 1 q 1 and q 2 σ 2 q 2. Clearly L(M 1 M 2 ) = L(M 1 ) L(M 2 ) and or Q 1 Q 1 and Q 2 Q 2, we also have L Q1 Q 2 (M 1 M 2 ) = L Q1 (M 1 ) L Q2 (M 2 ). Moreover, i two sets Q 1 Q 1 and Q 2 Q 2 are stable, Q 1 Q 2 is stable in M 1 M 2. As we are interested in diagnosing systems - this will be ormalized in the next section -, partial observation plays a central rôle. In this regard, the set o events is partitioned into o and uo (i.e. = o uo, and o uo = ), where o represents the set o observable events - elements o uo are then unobservable events. Typical elements o o will be denoted by µ, µ. We say that M is o -alive i q Q, s. o, q, s meaning that there is no terminal loop o unobservable events. otice that when M has no loop o unobservable events, M is alive i and only i M is o -alive. Let P : o be the natural projection o trajectories onto o deined by: P (ɛ) = ɛ and P (sσ) = P (s).σ i σ o, and P (s) otherwise. The projection P simply erases the unobservable events rom a trajectory. P extends to languages by deining, or L, P (L) = {P (s) s L}. The inverse projection o L is deined by P 1 (L) = {s P (s) L}. ow, the language o traces o M is T races(m) P (L(M)) It is the set o observable sequences o its trajectories. rom the projection P, we derive an equivalence relation between trajectories o M, written M, called the Delay-Observation equivalence in reerence to the delaybisimulation o [9]: Deinition 3 (Delay-Observation Equivalence, M ): Let M L(M) L(M) be the binary relation deined by s M s whenever P (s) = P (s ) and s. o i and only i s. o. One easily veriies that M is an equivalence relation, and we take the convention to write [s] or the equivalence class o s. Given s L(M), s naturally maps onto a trace o M, namely P (s). ow, given a non empty trace µ o M, µ does not uniquely determine a Delay-Observation equivalence class as in general µ can be brought back in M in two dierent manners: µ can be associated with the class [s] with P (s) = µ and s o, or µ can be associated with the class [s ] with P (s ) = µ and s uo (notice that by Deinition 3, [s] and [s ] are dierent). Henceorth, we take the convention that the equivalence class denoted by a trace µ is [µ] M P 1 (µ) L(M). o i µ ɛ [ɛ] otherwise. We say that [µ] M is the set o trajectories compatible with the trace µ. When clear rom the context, we will use [µ] or [µ] M. This notion o compatible trajectory will be a central notion or diagnosis as the aim will be to iner properties on the set o trajectories [µ] M compatible with the observation o the trace µ. The reason or choosing this deinition o [µ] is that in the case o online diagnosis, it is natural to assume that the diagnoser is reactive to an observable move o the system. III. SUPERVISIO PATTERS AD THE DIAGOSIS PROBLEM In this section, we introduce the notion o supervision patterns, which are means to deine languages we are interested in or diagnosis purpose. We then give some examples o such patterns. inally, we introduce the diagnosis problem or such patterns.

3 A. Supervision Patterns Supervision patterns are represented by particular LTSs: Deinition 4: A supervision pattern is a 5-tuple Ω = (Q Ω,, Ω, q 0Ω, Q ), where (Q Ω,, Ω, q 0Ω ) is a deterministic and complete LTS, and Q Q is a distinguished stable subset o states. As Ω is complete we get L(Ω) =. Also notice that the assumption that Q is stable means that its accepted language is extension-closed, i.e. satisies L Q (Ω). = L Q (Ω). Otherwise said, L Q (Ω) is a language violating a saety property. This choice is natural since we want to diagnose whether all trajectories compatible with an observed trace have a preix recognized by the pattern. In the next subsection we give some examples o supervision patterns which rephrase standard properties o interest or diagnosis. B. Examples o supervision patterns a) occurrence o one ault: Le be a ault and consider that we are interested in diagnosing the occurrence o this ault. A trajectory s is aulty i s... The supervision pattern Ω o igure 1 exactly recognizes this language, L(Ω ) =... ig. 1. \ {} Supervision pattern or one ault b) occurrence o multiple aults: Let 1 and 2 be two aults that may occur in the system. Diagnosing the occurrence o these two aults in an trajectory means deciding the membership o this trajectory in = L 1 (Ω 1 ) L 2 (Ω 2 ), where Ω i, i {1, 2} are isomorphic to the supervision pattern Ω described in igure 1. The supervision pattern is then the product Ω 1 Ω 2 which accepted language in 1 2 is L 1 2 (Ω 1 Ω 2 ) = L 1 (Ω 1 ) L 2 (Ω 2 ). \ {1, 2} \ {1}, 1, 2 ig ,, 2 \ {2} Supervision pattern or two aults More generally, the supervision pattern or the occurrence o a set o aults { 1,, l } is the product i=1,...,l Ω i, considering i=1,...,l i as inal state set. c) ordered occurence o events: I one is interested in diagnosing dierent aults in a precise order, or example, 2 ater 1, the supervision pattern should recognize the trajactories in , which corresponds to the concatenation o the two languages L 1 (Ω 1 ).L (Ω 2 ) as described by the supervision pattern given in igure ig. 3. \ {1} \ {2} Ordered occurrence o events I 1 corresponds to a ault event and 2 to the reparation o this ault in the system, then we actually diagnose the reparation o the ault 1. With this pattern, the aim is to match the I-diagnosability in [2]. d) multiple occurrences o the same ault: Another interesting problem is to diagnose the multiple occurrences o the same ault event, say k times. The supervision pattern is given in igure 4 which accepted language is L (Ω ) k. The aim is to match the k-diagnosability o [7]. \ {} \ {} \ {} ig k 1 \ {} k occurrences o the same ault e) Intermittent ault: The supervision pattern given in igure 5 describes the act that a ault (occurrence o ) occurred twice without repair (occurrence o r). ig. 5. \ {} r 1 \ {, r} Intermittent ault with repair It is worthwhile noting that this can be generalized to a pattern recognizing the occurrence o k aults (identical or not) without repair. C. The Diagnosis Problem In the remainder o the paper, we consider a system whose behavior is modeled by an LTS G = (Q,,, q 0 ). The only assumption made on G is that G is o -alive. otice that G can be non-deterministic. We also consider a supervision pattern Ω = (Q Ω,, Ω, q 0Ω, Q ) denoting the language L Q (Ω) that we want to diagnose. We deine the Diagnosis Problem as the problem o deining a unction Diag Ω on traces, whose intention is to answer the question whether trajectories compatible with observed traces are recognized or not by the supervision pattern. We do require some properties or Diag Ω : Correctness means that Yes and o answers should be accurate, while Bounded Diagnosability means that trajectories in L Q (Ω) should be diagnosed with initely many observations. The Diagnosis problem can be stated as ollows: given an LTS G and a supervisory pattern Ω, decide whether there exists (and compute i any) a three valued unction Diag Ω : T races(g) { YES, O,? } decreeing, or

4 each trace µ o G, on the membership in L Q (Ω) o any trajectory in [µ]. ormally, (Diagnosis Correctness) The unction should veriy YES i [µ] L Q (Ω) Diag Ω (µ) = O i [µ] L Q (Ω) =? otherwise. (Bounded Diagnosability) As G is only partially observed, we expect in general situations where Diag Ω (µ) =? (as neither [µ] L Q (Ω) nor [µ] L Q (Ω) = hold). However, we require this undetermined situation not to last in the ollowing sense: There must exist n, the bound, such that whenever s [µ] L Q (Ω), or all t L(G)/s. o, i P (t) n then Diag Ω (P (s.t)) = YES. Diagnosis Correctness means that the diagnosis o a trace µ is Yes i all trajectories in [µ] lie in L Q (Ω), while it is o i no trajectory in [µ] lies in L Q (Ω). Bounded Diagnosability means that when observing a trajectory in L Q (Ω), a Yes answer should be produced ater initely many observable events. The ollowing igure gives an intuitive explanation o these notions when Ω = Ω. Compatible trajectories [[P (s.t)]] P (.) s P (s) o o o o???? Yes t P (t) P (t) n ow, i Diag Ω provides a Correct Diagnosis, Bounded Diagnosability can be rephrased, by replacing Diag Ω (P (s.t)) = YES with [P (s.t)] L Q (Ω). We obtain what we call the Ω-diagnosability. otice that this is now a property o G with respect to Ω. Deinition 5: An LTS G is Ω(n)-diagnosable, where n, whenever s L Q (Ω) L(G). o, t L(G)/s. o, i P (t) n then [P (s.t)] L Q (Ω). G is said Ω-diagnosable i it is Ω(n)-diagnosable or some n. Ω-diagnosability says that when a trajectory s ending with an observable event is recognized by the supervision pattern Ω, or any extension t with enough observable events, any trajectory s compatible with the observation P (s.t) is also recognized by Ω. The remark beore Deinition 5 is ormalized by : Proposition 1: I Diag Ω computes a Correct Diagnosis, then G is Ω-diagnosable i and only i the Bounded Diagnosability Property holds or Diag Ω. As to show the uniying ramework based on supervision patterns, we here consider the very particular supervision pattern Ω o Section III-B, originally considered by [12], [13] with the associated notion o -diagnosability. Let us irst recall this notion. Let G be an LTS which is alive and has no loop o unobservable event. G is -diagnosable whenever, s., t L(G)/s, i t, then u L(G), P (u) = P (s.t) u.. (1) The ollowing proposition relates -diagnosability with Ω -diagnosability: Proposition 2: Let G be an LTS and assume that G is alive and has no loop o internal events. Then G is - diagnosable i and only i G is Ω -diagnosable. Proo We irst make the ollowing remarks: (a) u.. is equivalent to u L Q (Ω ); (b) s. implies s L Q (Ω ); Assume G is -diagnosable, and that ulills (1). We prove that G is Ω ()-diagnosable: consider s L Q (Ω ) o and let t L(G)/s. o with P (t) ; note that thereore t. It is easy to show that s decomposes into s = s.s where s., with additionally s.t L(G)/s. ow, t implies s.t, which, by (1), entails that or any u L(G) with P (u) = P (s.t), we have u.. = L Q (Ω ). This implies in particular that [P (s.t)] L Q (Ω ). Reciprocally, assume G is Ω (n)-diagnosable, or some n. Let m be the length o the longest unobservable trajectory in G (which exists by assumption), and consider = (n + 1) m. Consider s. and t L(G)/s with t (thus P (t) n + 1). We have to prove that or any u L(G) with P (u) = P (s.t), we have u... Let t = t 1.t 2.t 3 with t 1 uo. o, t 2. o, and t 3 uo. Let s = s.t 1. As Q is stable and s L Q (Ω ), s L Q (Ω ). o. We have t 2 L(G)/s. o with P (t 2 ) n. By Ω (n)-diagnosability, or all u L(G) with P (u) = P (s.t), we have u.. = L Q (Ω ). IV. ALGORITHMS OR THE DIAGOSIS PROBLEM We now propose algorithms or the Diagnosis Problem based on standard operations on LTSs. In a irst stage we base the construction o the Diag Ω unction on the synchronous product o G and Ω and its determinisation, and prove that the unction Diag Ω computes a Correct Diagnosis. ext, we propose an algorithm allowing to check or the Ω-diagnosability o an LTS, thus ensuring the Bounded Diagnosis Property o the unction Diag Ω. Hence achieving the decision o the Diagnosis Problem. A. Computing a candidate or the unction Diag Ω We propose a computation o the unction Diag Ω : given an LTS G and a supervision pattern Ω, we irst consider the synchronous product G Ω o G and Ω (see Deinition 2). ext we perorm on G Ω a second operation (see Deinition 6) which associates to G Ω a deterministic LTS written Det(G Ω ). We then show how Det(G Ω ) provides a unction Diag Ω delivering a Correct Diagnosis.

5 Let us irst introduce a determinisation unction. Deinition 6: Let M = (Q,,, q 0 ) be an LTS with = uo o. The determinisation o M is the LTS Det(M) = (X, o, d, X 0 ) where X = 2 Q (the set o subsets o Q called macro-states), X 0 = {q 0 } and d = {(X, σ, M (X, uo.σ) X X and σ o }. otice that or this deinition the target macro-state X o a transition X σ d X is only composed o states q o M which are targets o sequences o transitions q s.σ q ending with an observable event σ. The reason or this deinition is the coherency with [.]. In act, rom the deinition o d in Det(M), we iner that Det(M) (X 0, µ) = { M (q 0, [µ])}, which means that the macro-state reached rom X 0 by µ in Det(M) is composed o the set o states that are reached rom q 0 by trajectories o [µ] in M. inally, determinisation preserves traces, so we have L(Det(M)) = Traces(Det(M)) = Traces(M). We now explain the construction o the diagnoser rom G and Ω. Let us irst consider the synchronous product G Ω = G Ω (see Deinition 2). We then get L(G Ω ) = L(G) L(Ω) = L(G) as Ω is complete (thus L(Ω) = ). We also get L Q Q (G Ω ) = L(G) L Q (Ω) meaning that the trajectories o G accepted by Ω are exactly the accepted trajectories o G Ω. inally note that Q Q is stable in G Ω as both Q and Q are stable by assumption. We now apply determinisation to G Ω. We have Traces(Det(G Ω )) = Traces(G Ω ) = T races(g) thus or all µ T races(g), Det(GΩ)(X 0, µ) = { GΩ (q 0, [µ]}. We now establish the ollowing undamental results on the construction Det(G Ω ): Proposition 3: or any µ T races(g) = T races(g Ω ), Det(GΩ)(X 0, µ) Q Q [µ] L Q (Ω) (2) Det(GΩ)(X 0, µ) Q Q = (3) [µ] L Q (Ω) = (2) means that all trajectories compatible with a trace µ are accepted by Ω i and only µ leads to a macro-state only composed o marked states in G Ω. (3) means that all trajectories compatible with µ are not accepted by Ω i and only i µ leads to a macro-state only composed o unmarked states in G Ω. Proo The proo o (2) is established by the ollowing sequence o equivalences Det(GΩ)(X 0, µ) Q Q { GΩ (q 0, [µ]} Q Q [µ] L Q Q (G Ω ) [µ] L(G) L Q (Ω) Similarly, or the proo o (3) we have Det(GΩ)(X 0, µ) Q Q = { GΩ (q 0, [µ]} Q Q = [µ] L Q Q (G Ω ) = [µ] L(G) L Q (Ω) = [µ] L Q (Ω) = as [µ] L(G) We have now the material to deine the unction Diag Ω and to obtain the Correctness Diagnosis Property, ollowing directly rom Proposition 3. Theorem 1: Let Det(G Ω ) be the LTS built as above, and let Diag Ω (µ) be: YES, i Det(GΩ)(X 0, µ) Q Q O, i Det(GΩ)(X 0, µ) Q Q =?, otherwise. Diag Ω computes a Correct Diagnosis. B. Veriying the Bounded Diagnosis Property o Diag Ω As we have established the Correctness o Diag Ω, according to Proposition 1, the Bounded Diagnosability Property o Diag Ω is provided by the Ω-diagnosability o G. We now propose an algorithm or deciding Ω-diagnosability (Deinition 5). This algorithm is adapted rom [5], [14]. The idea is that G is not Ω-diagnosable i there exists an arbitrarily long trace µ, such that two trajectories compatible with µ disagree on L Q (Ω) membership. We irst introduce the Delay-Observational-Closure OBS(G Ω ) that preserves the inormation about L Q (Ω) membership while abstracting away unobservable events. ext, a sel-product OBS(G Ω ) OBS(G Ω ) allows to extract rom a trace µ pairs o trajectories o G Ω and to check their L Q (Ω) membership agreement. Deinition 7: or an LTS M = (Q,,, q 0 ), the Delay- Observational-Closure o M is OBS(M) = (Q, o, o, q 0 ) σ where q o q whenever q sσ q in M or some s uo and σ o. µ By deinition, or all µ T races(m), q 0 o q in OBS(G Ω ) i and only s [µ] s.t. q s q in M. Consider now OBS(G Ω ) = (Q, o, o, q 0 ) and let Γ = OBS(G Ω ) OBS(G Ω ) be the LTS (Q Q, o, Γ, (q 0, q 0 ). By deinition o OBS and synchronous product, i µ µ T races(g) and (q 0, q 0 ) Γ (q, q ) there exists s, s [µ] s s s.t. q 0 q and q0 q in G Ω. We say that (q, q ) Q Q is Ω-determined whenever q Q Q q Q Q. Otherwise, (q, q ) is said undetermined. A path in Γ is called an n-undetermined path i it contains n + 1 consecutive Ω-undetermined states (thus n events between them). A path in Γ is an undetermined cycle i it is a cycle which states are all undetermined. We now show the relation between Ω(n)-diagnosability and the existence o n-undetermined paths. Lemma 1: G is Ω(n)-diagnosable i and only i there is no reachable n-undetermined path in Γ. Proo Suppose there is no reachable n-undetermined path. Let s L Q (Ω). o and t L(G)/s. o with P (t) n. We should prove that or all u [P (s.t)], µ u L Q (Ω). Let µ = P (s.t). Any path (q 0, q 0 ) Γ (q, q ) in Γ can be decomposed into a path (q 0, q 0 ) µ1 Γ (r, r ) µ2 Γ (q, q ) with µ 1 = P (s) and µ 2 = P (t). We have µ 2 = P (t) n thus (r, r ) µ2 Γ (q, q ) is a path with at least n events. By hypothesis, one o the states along this path, say (4)

6 (q d, q d ) is determined, and as s L Q (Ω), (q d, q d ) is surely in (Q Q ) 2. ow as Q Q is stable, (q, q ) (Q Q ) 2. It is then clear that or all u [P (s.t)], u L Q (Ω). Conversely, suppose that there exists an n-undetermined path p = (r, r ) µ2 Γ (q, q ) in Γ with µ 2 = n (i.e. all states on the path are undetermined). I this path is reachable there is also a path (q 0, q 0 ) µ1 Γ (r, r ). As (r, r ) is undetermined, there exists s, s [µ 1 ] with s L Q (Ω). o, and s / L Q (Ω). There also exists t L(G)/s o with P (t) = µ 2. As all states in path p are undetermined, there exists t L(G)/s. o with P (t ) = µ 2, but s.t / L Q (Ω). We thus have s L Q (Ω). o and t L(G)/s. o with P (t) n, and s.t [P (s.t)] with s. t / L Q (Ω). This proves that G is not Ω(n)- diagnosable. Theorem 2: G is Ω-diagnosable i and only i there exists n such that Γ contains no reachable n-undetermined path. Based on theorem 2 and on the act that Γ is inite state, we conclude that Corollary 1: G is not Ω-diagnosable i and only i Γ contains a reachable undetermined cycle. Using Proposition 1 and the construction o Γ, veriying diagnosability amounts to check the existence o reachable undetermined cycles in Γ, retrieving the idea o the algorithm o [14], [5]. By Corollary 1 and Lemma 1, we get Corollary 2: I G is Ω-diagnosable, then G is Ω(n + 1)- diagnosable, and not Ω(n)-diagnosable where n is the length o the longest undetermined path o Γ. We now summarize the procedure to determine whether G is Ω-diagnosable: We perorm a depth irst search on Γ which either exhibits an undetermined cycle or ends by having computed the length o the longest undetermined sequence. Obviously, this has linear cost in the size o Γ. V. SUPERVISIO EXAMPLE The example we discuss here and given in igure 6 illustrates the approach presented above. In this example, we simply model the moves o a person in a building composed o an oice (I), a library (B), a reception (A) and a coee-shop (C). The doors rom one part o the building to another can be taken in only one direction. Transitions t i model the crossings o the doors. Some doors are secured by access-cards, possibly allowing the observation that a person crosses the door. We consider the supervision pattern Ω (igure 6) which expresses the act that going twice to the coee-shop without going to the library is a behaviour that has to be supervised. ollowing the dierent steps described in the previous sections, the product G Ω = G Ω is used to label the states o G with respect to the supervision pattern Ω. The corresponding LTS is described in igure 7. Let us irst assume that only the access-cards, corresponding to the events t 1, t 2 are activated and thus observable i.e. o = {t 1, t 2 }. otice that the system then has internal I, A, A G ig. 6. B, C,1 t7 I C B \ {} 1 \ {,, } G and the corresponding supervision pattern Ω t7 I,1 ig. 7. events loops. The observable system OBS(G Ω ) is given in igure 8. A, I, I,1 A,1 G Ω A,1 C, A, ig. 8. OBS(G Ω ) or o = {t 1, t 2 } It is easy to check that the LTS Γ = OBS(G Ω ) OBS(G Ω ) (not represented here) has an undetermined reachable cycle: t 2 t 2 t 2 ((A,),(A,)) Γ ((A,),(A,1)) Γ ((A,),(A,)) Γ ((A,),(A,)), thus G is not Ω-diagnosable when the set o observable events is o = {t 1, t 2 }. However, i the access-card t 4 is activated (i.e. o = {t 1, t 2, t 4 }), the observable system OBS(G Ω ) is given by the LTS represented in igure 9. I, I,,, A, I,1 A,1 A, ig. 9. OBS(G Ω ) or o = {t 1, t 2, t 4 } One can check that OBS(G Ω ) is deterministic. Thus Γ = OBS(G Ω ) OBS(G Ω ) is isomorphic to OBS(G Ω ), and has no undetermined cycle. Consequently, G is Ω- diagnosable or o = {t 1, t 2, t 4 }. ote that we also have that Det(G Ω ) = OBS(G Ω ). Thus OBS(G Ω ) actually corresponds to the diagnoser. VI. COCLUSIO The present paper advocates the use o supervision patterns or the description o diagnosis objectives. A supervision pattern is an automaton, like the ones used in many dierent domains (veriication, model-based testing, pattern Ω B, t7 A, I, I,

7 matching, etc), in order to unambiguously denote a ormal language. As illustrated in the paper, the ault-occurrence diagnosis is a particular case o pattern diagnosis, but patterns are also useul to describe more general objectives, as shown in subsections III-A and section V. The concept o supervision pattern is even more attractive in the sense that patterns can be composed using usual combinators inherited rom language theory (union, intersection, concatenation, etc.). We are interested in diagnosing the occurrence o trajectories violating a saety property, which by deinition can be violated on a inite preix. It is then natural to assume that patterns recognize extension-closed languages, in the sense that i a trajectory o the system belongs to the language, so does any extension o this trajectory. This is technically achieved by the stability assumption on the automaton Ω. Adopting the behavioral properties point o view on the patterns leads to the attempt to diagnose any linear time pure past temporal ormulas [8]. It is clear that the properties we consider do not meet the LTL deinable properties handled by [6]. In the worry o exposing a airly general ramework or diagnosis issues, the Diagnosis Problem is presented in a rather denotational spirit, as opposed to the operational spirit we ind in the literature: we put the emphasis on the diagnosis unction Diag Ω with its correctness and boundedness diagnosability property. Correctness is an essential property that ensures the accuracy o the diagnosis. Moreover, veriying the diagnosability property o the system with respect to the supervision pattern guarantees that when using Diag Ω online, an occurrence o the pattern will eventually be diagnosed, and that this eventuality can be quantiied. It is the standard notion o Diagnosability, but seen here as a mere mean to achieve a satisactory diagnosis unction; we are aware that this point o view diers rom other classical approaches. The deinition o diagnosability as proposed here is automata-based, with G and Ω, but could as well be expressed in a language-based ramework. We now turn to technical aspects o the approach. We have insisted on what the semantics o a trace is: a trace denotes the set o trajectories which project onto this trace and that necessarily end up with an observable event. Consequences o this choice are maniold in the deinitions o Ω-diagnosability, Det(G Ω ) and OBS(G). We could have chosen another semantics, impacting on the related deinitions accordingly: or example we could have considered the set o trajectories which project onto this trace. What is mostly important is the accurate match between the semantics or traces and the other deinitions: hence we avoid displeasing discrepancies to determine precisely the Diagnosability Bound, and even better, we have a clear proo or the correctness o the synthesis algorithm. However, we believe our choice is the most natural when admitting that the diagnosis unction implemented online as an output verdict is reactive to an observable move o the system. A more sophisticated diagnosis than the one explained here can be derived rom our construction - this is airly standard: or example, we can take advantage o knowing that the Diagnosability bound is exactly n. Assume that, ater a trace µ, the unction Diag Ω produces? on n + 2 consecutive events, then necessarily the trajectories compatible with µ cannot have met the pattern. We terminate the discussion with uture work perspectives aiming two independent objectives. The irst objective is to extend the algorithms to more expressive classes o systems, such as ininite systems where data inormations is exploited; this would enlarge signiicantly the applicability o the methods. The second objective is to relax the stability assumption, or equivalently to turn to languages which are not extension-closed, intending to encompass rameworks like [2] or intermittent aults. REERECES [1] P. Baroni, G. Lamperti, P. Pogliano, and M. Zanella. Diagnosis o active systems. In Proceedings o the European Conerence on Artiicial Intelligence (ECAI), pages , [2] O. Contant, S. Laortune, and D. Teneketzis. Diagnosis o intermittent aults. Discrete Event Dynamic Systems: Theory and Applications, 14(2): , [3] R. Debouk, S. Laortune, and D. Teneketzis. Coordinated decentralized protocols or ailure diagnosis o discrete-event systems. Discrete Event Dynamic System : Theory and Applications, 10(1/2):33 86, January [4] E. abre, A. Benveniste, C. Jard, L. Ricker, and M. Smith. Distributed state reconstruction or discrete event systems. In IEEE Control and Decision Conerence (CDC), Sydney, [5] S. Jiang, Z. Huang, V. Chandra, and R. Kumar. A polynomial time algorithm or diagnosability o discrete event systems. IEEE Transactions on Automatic Control, 46(8): , [6] S. Jiang and R. Kumar. ailure diagnosis o discrete event systems with linear-time temporal logic ault speciications. IEEE Transactions on Automatic Control, 49(6): , [7] S. Jiang, R. Kumar, and H.E. Garcia. Diagnosis o repeated/intermittent ailures in discrete event systems. IEEE Transactions on Robotics and Automation, 19(2): , April [8]. Laroussinie and Ph. Schnoebelen. A hierarchy o temporal logics with past. Theoretical Computer Science, 148(2): , September [9] R. Milner. A modal characterisation o observable machinebehaviour. In CAAP, pages 25 34, [10] Y. Pencolé and M-O. Cordier. A ormal ramework or the decentralised diagnosis o large scale discrete event systems and its application to telecommunication networks. Artiicial Intelligence Journal, 164(1-2): , [11] L. Rozé and M.-O. Cordier. Diagnosing discrete-event systems : an experiment in telecommunication networks. In 4th International Workshop on Discrete Event Systems, pages , [12] M. Sampath, R. Sengupta, S. Laortune, K. Sinaamohideen, and D. Teneketzis. Diagnosability o discrete event systems. IEEE Transactions on Automatic Control, 40(9): , [13] M. Sampath, R. Sengupta, S. Laortune, K. Sinaamohideen, and D. Teneketzis. ailure diagnosis using discrete event models. IEEE Transactions on Control Systems Technology, 4(2): , March [14] T. Yoo and S. Laortune. Polynomial-time veriication o diagnosability o partially-observed discrete-event systems. IEEE Trans. on Automatic Control, 47(9): , September 2002.