S. Xu, S. Jiang, and R. Kumar, Fellow, IEEE

Transcription

1 1 Diagnosis o Dense-Time Systems under Event and Timing Masks S. Xu, S. Jiang, and R. Kumar, Fellow, IEEE Abstract We study diagnosis o timed discrete-event systems (TDESs) modeled as timed-automata. Earlier works diagnosis o TDESs assumed that a diagnoser has partial observati o events but can measure (or observe) time with arbitrary precisi. In practice, however, time can ly be measured with inite precisi. We model the inite precisi observability o time using a digital-clock that measures time discretely by executing ticks. For the diagnosis purposes, the set o naulty timed-traces is speciied as another timed-automat that is deterministic, generalizing the orms o naulty speciicatis csidered in the earlier works. We show that the set o timedtraces observed using a digital-clock with inite precisi is regular, i.e., can be represented using a inite (untimed) automat. We show that the veriicati o diagnosability (ability to detect the executi o a aulty timed-trace within a bounded time delay) as well as the o-line synthesis o a diagnoser are decidable by reducing these problems to the untimed setting. The reducti o the diagnosis problem to the untimed setting also suggests an eective method or the o-line computati o a diagnoser as well as its -line implementati or diagnosis. Keywords: Discrete event systems, diagnosis, timedautomat, diagnosability, dense-time systems, digitalclock. NOTE TO PRACTITIONERS Diagnosis is needed to detect the occurrence o a ault so as to enable any corrective actis. For event-driven systems with timing-requirements, diagnosis involves detecting the timing-aults, besides the sequence-aults. This requires mitoring timing and sequence o events, both o which may ly be partially observed in practice. This paper extends the prior work by allowing time to be partially observed (using a digital clock which measures the advancement o time with inite precisi by the executi o ticks), and provides a cditi under which aults can be detected within a bounded time delay. It is The research was supported in part by the Natial Science Foundati under the grants NSF-ECS , NSF-ECCS , NSF- CCF , and NSF-ECCS S. Xu and R. Kumar are with the Department o Electrical and Computer Engineering, Iowa State University, Ames, Iowa, ( syxu,rkumar@iastate.edu) S. Jiang is with GM R&D and Planning, Warren, MI, ( shengbing.jiang@gm.com) shown that the diagnosis problem can be transormed to e o untimed setting, and so the existing techniques rom untimed setting can be applied. I. INTRODUCTION Diagnosis o discrete event systems requires detecting the occurrence o a ault, i.e., the executi o an abnormal behavior, rom the observatis o the system behavior. In [7], [14], the noti o diagnosability, which requires the occurrence o a ault be detected within a bounded time delay, has been examined. A strger noti o state-observability was examined in [11]. Diagnosis o discrete-event systems in the decentralized setting was reported in [4], [12], in the distributed setting in [13], in the Petri Net setting in [5], and in the temporal logic setting in [8]. The above cited works explore diagnosis o untimed discrete event systems. However real-time applicatis possess timing properties (such as latency), and their correctness depend not ly the correctness o the sequence o events executed, but also the correctness o the event occurrence times. There has been some research diagnosis o timed discrete event systems (TDESs), including diagnosis in the discrete-time setting [17] and in the dense-time setting [6], [15], [3]. diagnosis o dense-time models was irst examined in [15]. It was assumed that while a diagnoser has partial observati o events, it is able to measure time perectly. It was shown that the veriicati o diagnosability in this setting is decidable and line diagnosis can be eectively perormed, whereas no comments were made about the o-line synthesis o a diagnoser. The ault diagnosis o timed-automata under partial observati o events and perect observati o time was also studied in [3]. The main ocus was the synthesis o diagnosers which are realizable as deterministic timed-automata. The ollowing example illustrates that a system, that is diagnosable under the assumpti that time is measured precisely, may become undiagnosable when time can ly be measured with some inite precisi.

2 Example 1: Csider the timed automat model G shown in Figure 1, in which is an unobservable aulty event, and u is an unobservable naulty event. It can be checked that this system is diagnosable i time could be measured with arbitrary precisi. Suppose time could be measured with ly a inite precisi, say using a digital clock that ticks every e unit o time. Then G is no lger diagnosable. This is because a aulty trace (, 1.1)(a, 1.6) cannot be distinguished rom a naulty trace (u, 0.1)(a, 1.2), both o which produce the same observati, namely, tick ollowed by a. Fig. 1. G 1 u x 0.5 x > x 1.6 a x = 1.6 a 4 x = 1.2 x 1.2 Timed automat model o a discrete event system This motivates us to study the diagnosis problem o dense-time discrete event systems in which digitalclocks with inite precisi are used to measure the event occurrence times. We show that the set o timedtraces o a dense timed-automat observed using a inite precisi digital-clock is regular, i.e., can be represented using a inite (untimed) automat. We show that the veriicati o diagnosability (ability to detect the executi o a aulty timed-trace within a bounded time delay) as well as the o-line synthesis o a diagnoser are decidable by reducing these problems to the untimed setting. The reducti o the diagnosis problem to the untimed setting also suggests an eective method or the o-line computati o a diagnoser as well as its -line implementati or diagnosis. The diagnosis o dense-time systems using digitalclocks to measure time was irst studied in our earlier cerence paper [9]. The present paper is based the cerence versi and improves by correcting the errors and providing complete proos. The same problem was later independently studied in [1]. The authors o [1] additially studied the existence o a digital-clock that ensures the diagnosability o a dense-time system, whereas we additially study the diagnosis problem where ailure is speciied more generally, namely as the violati o a real-time speciicati language. The other dierences are as below: (i) We explicitly deine the noti o timing-mask, which captures ndeterminism o the untimed observatis o a timed trace as observed using a digital-clock explicitly. (ii) We point out that the set o behaviors o a dense-time discrete event system observed by employing a digital-clock or the 3 5 measurement o time is not preix-closed. This is owing to the act that plant events and digital-clock ticks can occur simultaneously. The n-preix-closure o the set o observed behaviors was not noticed in [1]. (iii) We establish an equivalence between diagnosability o a timed DES employing a digital clock to observe event occurrence times and that o an untimed DES. Thereore the diagnosis problem in the dense-time setting can be solved by reducti to the untimed setting. In particular this suggests an algorithm to cstruct a diagnoser when the given system is diagnosable. In ctrast, no algorithmic method to cstruct a diagnoser when a given system is diagnosable is described in [1]. II. NOTATIONS AND PRELIMINARIES Let R + denote a set o nnegative real numbers, Σ denote a set o events, and ɛ denote the identity o ccatenati. A timed-trace over Σ is a sequence ν = (σ 1, t 1 ) (σ n, t n ) where or i = 1,, n, t i R + ; or i = 1,, n 1, t i t i+1 and σ i Σ; and σ n Σ := Σ {ɛ}. Its correspding untimed-trace is denoted as ν untime = σ 1 σ n. We use T (ν) := t n to denote the inal time instant in ν. For ν = ɛ, T (ν) := 0. We denote the set o all timed-traces as T. A subset o T is called a timed-language. For a timed-language K T we use pr(k) T to denote the set o all preixes o the timed-traces belging to K. K T is said to be closed (relative to H T ) i pr(k) = K (pr(k) H = K). Given Σ Σ, the operati Π bσ ( ) is used to deine the projecti o a timed-trace over Σ, and is inductively deined as ollows: Π bσ (ɛ) := ɛ { ΠbΣ (ν)(σ, t) i σ Π bσ (ν(σ, t)) := Σ Π bσ (ν)(ɛ, t) otherwise where ν T, σ Σ, t R +. Note that the ccatenati (ɛ, t)(σ, t ) equals (σ, t ) or any t t R + and σ Σ, and so it can be ccluded that Π bσ (ν) T. A timed-automat A = (Q, Σ, Ξ, Υ, I, Q 0, Q m ) is a tuple, where Q is a inite set o discrete states; Σ is a inite set o events; Ξ is a inite set o clocks; Υ Q Σ Φ 2 Ξ Q is a set o transitis. Here Φ is the set o clock cstraints. A clock cstraint φ Φ is a Boolean ormula over atomic cstraints o the orm ξ c or ξ 1 ξ 2 c, where ξ, ξ 1, ξ 2 Ξ, {, <, =, >, }, and c is a ratial cstant. Each transiti υ Υ is a tuple (q, σ, φ, r, q ) with q being the source discrete state, σ being the event associated with the 2

3 transiti, φ being a clock cstraint representing the guard cditi o the transiti, r being the set o clocks to be reset by the transiti, and q being the destinati discrete state. I : Q Φ is the invariant uncti, which assigns invariant cditis (belging to Φ) to discrete states; Q 0 Q is the set o initial states; Q m Q is the set o inal states. A time assignment is a uncti v : Ξ R + assigning a nnegative real value to each clock. Cstants may be added to a time assignment: (v +c)(ξ) := v(ξ)+c. [r 0]v deines a time assignment which maps each clock in r Ξ to 0 and keeps all other clocks unchanged. Under this assignment we say that the clocks in r are reset. We use 0 v to denote the time assignment which maps every clock to 0. A run o a timed-automat A over a timed-trace ν = (σ 1, t 1 ) (σ n, t n ) is a sequence o the orm < q 0, v 0 > (σi,ti) < q i, v i > (σn,tn) < q n, v n > with {q i Q} and the time assignments {v i } satisying the ollowing requirements: Initializati: q 0 Q 0 and v 0 = 0 v. Invariance: i = 0, n 1, t [0, t i+1 t i ], v i + t satisies I(q i ), where t 0 = 0. Csecuti: i = 1, n 1, (q i 1, σ i, φ i, r i, q i ) Υ such that v i 1 + t i t i 1 satisies φ i and v i = [r i 0](v i 1 + t i t i 1 ); i σ n ɛ then there is a tuple (q n 1, σ n, φ n, r n, q n ) Υ such that v n 1 + t n t n 1 satisies φ n and v n = [r n 0](v n 1 + t n t n 1 ), otherwise q n = q n 1 and v n = v n 1 + t n t n 1. A timed-automat A generates a inite timed-trace ν i A has a run over ν; it generates an ininite timed-trace ν i it generates all inite preixes o ν. A generated inite timed-trace ν is accepted by A i a correspding run over ν ends in a inal state in Q m ; an ininite timedtrace is accepted by ν i a correspding run over ν visits the set o inal states ininitely oten. The timed language generated (marked) by A, denoted by L(A), (resp., L m (A)) is the set o all the timed-traces generated (marked) by A. The generated untimed language o A is denoted by L untime (A) = {ν untime ν L(A)}. Similarly, the marked untimed language o A is denoted by L untime m (A) = {ν untime ν L m (A)}. Given timed-automata A and R, R is said to be closed relative to A i pr(l m (R)) L m (A) = L m (R). From [2], we have the ollowing result. Theorem 1: [2] The marked untimed language L untime m (A) o a timed-automat A is regular. An untimed-automat can be csidered as a special timed-automat in which all the clock cstraints and invariants are always true. An untimedautomat S over an event set Σ can be represented as (Q, Σ, Υ, Q 0, Q m ) where Q, Σ, Q 0, and Q m have the same meanings as in a timed-automat, and the set o transitis satisies: Υ Q Σ Q. Let A 1 = (Q 1, Σ 1, Ξ 1, Υ 1, I 1, Q 10, Q 1m ) and A 2 = (Q 2, Σ 2, Ξ 2, Υ 2, I 2, Q 20, Q 2m ) be two timed-automata. Assume without loss o generality that the clock sets Ξ 1 and Ξ 2 are disjoint. Their product is a timed-automat A 1 A 2 = (Q 1 Q 2, Σ 1 Σ 2, Ξ 1 Ξ 2, Υ, I, Q 10 Q 20, Q 1m Q 2m ), where I(q 1, q 2 ) = I 1 (q 1 ) I 2 (q 2 ) and the transiti set Υ is deined by: 1) σ Σ 1 Σ 2, (q 1, σ, φ 1, r 1, q 1) Υ 1, (q 2, σ, φ 2, r 2, q 2) Υ 2, we have ((q 1, q 2 ), σ, φ 1 φ 2, r 1 r 2, (q 1, q 2)) Υ. 2) σ Σ 1 Σ 2, (q 1, σ, φ 1, r 1, q 1) Υ 1, q 2 Q 2, we have ((q 1, q 2 ), σ, φ 1, r 1, (q 1, q 2 )) Υ. 3) σ Σ 2 Σ 1, (q 2, σ, φ 2, r 2, q 2) Υ 2, q 1 Q 1, we have ((q 1, q 2 ), σ, φ 2, r 2, (q 1, q 2)) Υ. Next we introduce the notis o n-speedingness (also called n-zeness) and n-slowingness. The ormer requires that too many transitis shall not occur in a short time interval, whereas the latter requires that too ew transitis shall not occur in a lg time interval. Deiniti 1: An ininite timed-trace ν = (σ 1, t 1 ) (σ n, t n ) is said to be n-speeding or n-zeno i or every interval [t, t + T ] R + exists a count N t,t > 0 such that i < j : [t i, t j ] [t, t + T ] j i < N t,t. ν is said to be uniormly n-speeding i N t,t is independent o t. A timed language is said to be (uniormly) nspeeding i all its ininite timed-traces are (uniormly) n-speeding. A timed-automat is (uniormly) nspeeding i its generated timed-language is (uniormly) n-speeding. Let N be a set o natural numbers. An ininite timedtrace ν = (σ 1, t 1 ) (σ n, t n ) is said to be nslowing i or every count set [n, n + N] := {n + k 0 k N} N exists an interval T n,n R + such that i < j : [i, j] [n, n + N] t j t i < T n,n. ν is said to be uniormly n-slowing i T n,n is independent o n. A timed language is said to be (uniormly) n-slowing i its each inite timed-trace possesses an ininite timed-trace extensi, and its each ininite timedtrace is (uniormly) n-slowing. A timed-automat is (uniormly) n-slowing i its generated timed-language is (uniormly) n-slowing. 3

4 For a n-slowing timed-language K, it holds that or each ν K, exists t > T (ν) such that ν(ɛ, t) K. In the ollowing, we assume that a system model is nspeeding by deault. Next we introduce the noti o partial observati o events. Let M : Σ {ɛ} Λ {ɛ} be an event observati mask with M(ɛ) = ɛ, where Λ is the set o observed symbols. An untimed-trace s = σ 1 σ n is observed through the event-mask M as M(s) = M(σ 1 ) M(σ n ). Given an untimed language H Σ, where Σ is the set o all inite length event-traces including the zero-length event-trace ɛ, the event-masked language M(H) is deined by M(H) := {M(s) s H}. Note that time is ully observable under an event mask, thereore a timed-trace ν = (σ 1, t 1 ) (σ n, t n ) is observed through an event-mask M as M(ν) = (M(σ 1 ), t 1 ) (M(σ n ), t n ). Given a timed language K T, the event-masked language M(K) is deined by M(K) := {M(ν) ν K}. To introduce the aults, let F = {F 1, F 2,, F m } be the set o ault types, ψ : Σ 2 F be the ault-type assignment uncti or each event, where ψ(σ) = means σ is a naulty event, otherwise σ is a aulty event and ψ(σ) is the set o ault types associated with σ. Hereater, when we write that a ault o type F i has occurred, it will mean that some aulty event σ with F i ψ(σ) has occurred. For an untimed-trace s = σ 1 σ n, i or some event σ k (1 k n) in the trace, F i ψ(σ k ), then we say that a ault o type F i has occurred in s, and denote it as F i s. The deiniti o diagnosability or untimed discrete event systems is given below. Deiniti 2: A language H Σ is said to be diagnosable with respect to an event mask M and a ault assignment uncti ψ i the ollowing holds: ( F i F)( N i > 0) ( s = σ 1 σ j H : F i s) ( s = sσ j+1 σ j+n H : n N i or s deadlocks) ( w H : M(w) = M(s ))(F i w) A discrete event system is said to be diagnosable i its marked language is diagnosable. Deiniti 2 states that an untimed system is diagnosable i the executi o any aulty event can be detected within a bounded delay (bounded number o transitis) rom the observatis o the system behavior (i.e., no naulty behavior can produce the same observati). Polynomial algorithms or the test o the above diagnosability and the synthesis o the -line diagnoser can be ound in [7], [16], and in [10] respectively. In the ollowing we deine the behavior o a dense timed-automat when the event occurrence times are measured using a digital-clock o inite precisi that measures time discretely by generating ticks. We irst give the deiniti o a digital-clock. Deiniti 3: A digital-clock is modeled by a nspeeding and n-slowing timed-automat C = (Q c, {}, Ξ c, Υ c, I c, Q c0, Q c ) in which at any given time at most e tick event can occur. Next we introduce the noti o timing-mask associated with a digital-clock. Deiniti 4: Given a digital-clock C, the timingmask M C associated with C is deined as ollows: or a timed-trace ν = (σ 1, t 1 ) (σ n, t n ), M C (ν) := { k1 σ 1 kn σ n b ν 1... ν n+1 L(C) s.t. i n + 1, ν i = (, t 1 i ) (, t ki i ), i n : t i [t ki i, t1 i+1], b {0, 1}, (b = 1 t n = t 1 n+1} where 0 := ɛ and i+1 := i or all i 0. The timing-masked generated (marked) language o a timedautomat A, denoted by M C (L(A)) = {M C (ν) ν L(A)}) (M C (L m (A)) = {M C (ν) ν L m (A)})), csists o all the timing-masked observatis o the timed-traces generated (marked) by A. In the deiniti above, ki, i = 1,..., n denotes the number o ticks that can occur in the interval [t i 1, t i ] (where t 0 := 0). Note it is possible that the occurrence o a tick coincides with that o an event σ i o the timedtrace ν. Then according to the interleaving semantics, this is observed either as σ i ollowed by the tick, or as the tick ollowed by σ i. The timing-mask uncti includes the both possibilities. In particular it is possible that a tick transiti occurs at the last event occurrence time t n, and so (ollowing the interleaving semantics) the observati o ν can csist o a single tick ater the last event σ n. Remark 1: M C (ν) csists o all the untimed observatis o a timed-trace ν in which dense-time is measured using a digital-clock C. Since the number o ticks generated in any time interval can vary rom executi to executi, timing-mask M C ( ) is in general ndeterministic. Note a tick event may occur simultaneously with an event σ Σ. Thereby a timing-masked language M C (L) need not be preix-closed (although L is preixclosed). For instance, given L = pr((a, 1)) and a digitalclock which ticks every e time unit, then M C (L) = {ɛ, a, a}, whereas a pr(m C (L)) M C (L). In light o Theorem 1, it can be shown that the preix 4

5 o the timing-masked generated language o a dense timed-automat is regular, i.e., given a timed-automat A and a digital-clock timed-automat C, it holds that pr(m C (L(A))) = L untime (A C). When plant-events and ticks d t coincide, M C (L(A)) is the same as L untime (A C)), and thus is regular. The more general case, where plant-events and ticks can occur simultaneously, requires urther reinement o A C by introducing certain marked locatis since simultaneous events are represented using their interleaving in a languagebased semantics, which implies that the timing-masked language M C (L(A)) is not preix-closed generally. This reinement is presented in the appendix at the end o this paper. The regularity o a timing-masked generated/marked language is established below. Theorem 2: Given a timed-automat A and a digitalclock timed-automat C, let M C be the timing-mask associated with C. Then pr(m C (L(A))), M C (L(A) (Σ ) are regular untimed languages. III. DIAGNOSIS UNDER EVENT AND TIMING MASKS In this secti we study the ault diagnosis problem o timed discrete event systems modeled by timedautomata with both timing and event observati masks. Recall that the timed-language to be diagnosed is generated by a plant and hence is preix-closed. Similarly, a naulty speciicati language is also preix-closed. Let M C be the timing-mask associated with a digitalclock C. The observati o trace ν through both timing and event masks is denoted as M M C (ν) = {M(ν c ) ν c M C (ν)} where M(ν c ) has the orm o k1 M(σ 1 ) kn M(σ n ) b since tick event is observable through the event observati mask M, i.e., M() =. And we have M M C (ν) = M C M(ν). The event and timing masked (generated) language o a timed-automat A is denoted by M M C (L(A)) = {M M C (ν) ν L(A)}. Now we give the deiniti o diagnosability in the timed setting. Deiniti 5: A timed language L is said to be diagnosable with respect to the timing-mask M C, the eventmask M and the ault assignment uncti ψ i the ollowing holds: ( F i F)( B i R + ) ( ν = (σ 1, t 1 ) (σ j, t j ) L : F i ν) ( ν = ν(σ j+1, t j+1 ) (σ n, t n ) L : t n (t j + B i )) ( µ L : M M C (ν ) M M C (µ)) )(F i µ) A dense-time system A is said to be diagnosable i its marked timed language L m (A) is diagnosable. Deiniti 5 states that a timed system is diagnosable i the executi o any aulty event can be detected within a bounded time delay rom the event and timingmask observatis o the system (i.e., no naulty behavior can produce the same observati). In the ollowing we show that the diagnosis problem o dense-time systems with both timing and event observati masks can be reduced to the diagnosis problem o untimed systems with ly event observati mask. To establish the equivalence between the diagnosabilities o a timed language and its timing-masked language, the ollowing simple lemma is needed. Lemma 1: For any timed-trace ν L, F i ν i and ly i F i ν c where ν c M C (ν). Lemma 1 can be obtained by ollowing rom the act that a timing mask does not mask the the events (rather their timings). Next we show that the diagnosability o a timed language is equivalent to the diagnosability o its timingmasked language. Theorem 3: Let L be a preix closed and uniormly n-speeding timed language, C be a uniormly nspeeding and n-slowing digital-clock, M C be the timing-mask associated with digital-clock C, M be the event-mask, and ψ be the ault assignment uncti. L is diagnosable with respect to timing-mask M C, eventmask M and ault assignment uncti ψ i and ly i its timing-masked language M C (L) is diagnosable with respect to the event mask M and the ault assignment uncti ψ. Proo: For the suiciency, suppose M C (L) is diagnosable, i.e., or any F i, there exists a N i s.t. Deiniti 2 is satisied. Since C is uniormly n-slowing, there exists an interval TN C i+1 > 0 s.t. the number o ticks generated during the interval TN C is at least N i+1 i + 1. Pick a aulty trace ν = (σ 1, t 1 ) (σ l, t l ) L with F i ν, an extended trace ν = ν(σ l+1, t l+1 ) (σ m, t m ) L with t m t l TN C i+1 and a trace µ L s.t. M M C (ν ) M M C (µ), we need show F i µ. From ν, ν, µ L and M M C (ν ) M M C (µ), there exist ν c = k1 σ 1 k l σ l b1 M C (ν), ν c = ν c k l+1 b 1 l+1 km σ m b2 M C (ν ), ρ = (, t 1 1) (, t k l l ) (, t km m )(, t 1 m+1)(, t 2 m+1) L(C) and µ c M C (µ) s.t. M(ν c) = M(µ c ) and t i [t ki i, t1 i+1 ] or i m, b 1, b 2 {0, 1}. Also ν c ν c m i=l+1 k i + b 2 b 1. The ollowing our cases need to be csidered. Case 1: b 1 = b 2 = 0. Then t l [t k l l, t 1 l+1 ), t m [t km m, t 1 m+1) and t 1 m+1 t k l l > t m t l TN C i+1. Note that C is uniormly n-slowing, m i=l+1 k i + 1 N i + 1. And so ν c ν c m i=l+1 k i N i. 5

6 Similarly, or Case 2: b 1 = b 2 = 1, Case 3: b 1 = 0, b 2 = 1, and Case 4: b 1 = 1, b 2 = 0, it can obtained that ν c ν c m i=l+1 k i N i. In each case, ν c, ν c, µ c M C (L), F i ν c (rom Lemma 1), ν c ν c N i and M(µ c ) = M(ν c). Note that M C (L) is diagnosable, F i µ c. And so we have F i µ, as desired. For the necessity, suppose L is diagnosable, i.e., or any F i, there exists a B i s.t. Deiniti 5 is satisied. Since L and C are uniormly n-speeding, there exist NB L i and NB C i s.t. the interval or generating NB L i (resp., NB C i ) number o events by L (resp., C) is at least B i. Pick a aulty trace ν c = k1 σ 1 k l σ l b1 M C (L) with F i ν c, an extended trace ν c = ν c k l+1 b1 km σ m b2 M C (L) with ν c ν c NB L i + NB C i + 1 and a trace µ c M C (L) s.t. M(µ c ) = M(ν c). We need show F i µ c. From ν c, ν c, µ c M C (L), there exist ν = (σ 1, t 1 ) (σ l, t l ) L, ν = ν(σ l+1, t l+1 ) (σ m, t m ) L and µ L s.t. ν c M C (ν), ν c M C (ν ), µ c M C (µ) and M M C (ν ) M M C (µ). And there exists ρ = (, t 1 1) (, t km m ) (, t 1 m+1) L(C) s.t. t i [t ki i, t1 i+1 ] or i m. Also we have ν c ν c = (m l)+( m i=l+1 k i+b 2 b 1 ) i σ l, σ m (m l 1) + ( m i=l+1 k i + b 2 b 1 ) i σ l ɛ, σ m = ɛ or σ l = ɛ, σ m (m l 2) + ( m i=l+1 k i + b 2 b 1 ) i σ l, σ m = ɛ. Note b 1, b 2 {0, 1}. The ollowing our cases need be csidered. Case 1: b 1 = b 2 = 0. Then t l [t k l l, t 1 l+1 ), t m [t km l, t 1 m+1). From ν c ν c NB L i + NB C i + 1, either m l NB L i (resp., m l 1 NB L i, m l 2 NB L i ) i σ l, σ m ɛ (resp., σ l ɛ, σ m = ɛ or σ l = ɛ, σ m ɛ, σ l, σ m = ɛ) or m i=l+1 k i NB C i + 1. Note that L is uniormly n-speeding, m l NB L i (i σ l, σ m ɛ) implies t m t l B i ; similarly, m l 1 NB L i (i σ l ɛ, σ m = ɛ or σ l = ɛ, σ m ɛ) implies t m t l t m 1 t l B i or t m t l t m t l+1 B i ; m l 2 NB L i (i σ l, σ m = ɛ) implies t m t l t m 1 t l+1 B i ; Note that C is uniormly n-speeding, m i=l+1 k i 1 N C B i implies t m t l > t km m t 1 l+1 B i. Similarly, or Case 2: b 1 = b 2 = 1, Case 3: b 1 = 0, b 2 = 1, and Case 4: b 1 = 1, b 2 = 0, it can obtained that t m t l B i. In each case, ν, ν, µ L, F i ν (rom Lemma 1), T (ν ) T (ν) = t m t l B i and M M C (ν ) M M C (µ). Note that L is diagnosable, F i µ. And so we have F i µ c, as desired. Remark 2: It ollows rom Theorems 3 that the diagnosis problem o dense-time systems with respect to both timing and event observati masks can be reduced to the diagnosis problem o untimed discrete event systems. Thus, the results or the diagnosis o untimed discrete event systems like [7], [16], [10] can be applied or the test o diagnosability and the synthesis o -line as well as o-line diagnoser. Example 2: Csider the model o an air cditiing (AC) unit G alg with its envirment as shown in Figure 2 (a). When the envirment temperature is Hot, the AC unit is switched within e unit o time, transmitting to state. From this state either a transiti to state occurs within e unit o time, or the AC unit ails. In the ormer case, the AC unit is switched o ater it has been running or e unit o time. When the AC unit is o, it can be switched ater the occurrence o the transiti hot. A diagnoser can observe all events except the event, which represents the ault o the AC unit. Figure 2(b) depicts the model o a digital clock C that generates the tick events observed by the diagnoser to keep track o the passing o time. The durati between two successive tick events is e unit o time. The correspding clock regis are shown in Figure 2(c). Figure 2(d) shows the composed automat G C. It can be checked that the AC unit G is uniormly n-speeding and the clock C is uniormly n-speeding and n-slowing. From Theorem 3, the diagnosability o the AC unit G under the event and timing masks can be checked by checking the diagnosability o its (untimed) timingmasked language M C (L(G)) under ly the event mask. We irst obtain the acceptor or the language M C (L(G)) by cstructing the reined regi-automat R ɛ (G C) according to Algorithm 1. Next, we check the diagnosability o the untimed language M C (L(G)) using a known algorithm (see Remark 2). A partial reined regi-automat, suicient to check the diagnosability o M C (L(G)) is shown in Figure 2(e). (The sequence o transitis starting rom the AC unit state O is omitted since it is not relevant to diagnosability analysis.) From Figure 2(e), it can be veriied that i a ault () occurs ater the occurrence o, then all uture transitis are tick transitis (since no event is executable at the state). the other hand i a ault does not occur ater the occurrence o, then the event is observed ollowing at most e tick transiti. It ollows that M C (L(G)) is diagnosable with delay bound N = 2. So rom Theorem 3, L(G) is also diagnosable. This can be independently veriied by choosing delaybound B = 1: I ollowing the observati o, the event is not observed within 1 unit o time, then we can cclude that a ault has occurred. 6

7 G hot, x:=0 _ R (G C) Hot x 1 x:=0 x<1 x<1 x 1 o x=1 O Hot Hot 0<x=y<1 x=0,0<y<1,0 0<x<1,y=1 Hot x=y=1,0 x=0, y=1 Hot,0 x=1,y=0 C, y=1, y:=0 (a) y 1 0<x=y<1 0<x=y<1 0<x=y<1 x=0,0<y<1 0<x<y<1 0<x<y<1 0<x<y<1 0<x<1,y=1,0 0<x<1,y=1,0,0 x=0,y=1,0 x=0,y=1 y x, 0 x=1,y=0 x=y=1 x=y=1 0<x<1,y=1 0<x<1,y=1 0<y<x<1 (b) (c) o o G C Hot x 1 x:=0, y=1, y:=0 x<1 hot, x:=0 x<1, y=1, y:=0 x 1 o x=1 O O x=1,y=0 O,0 x=y=1 x=1,y=0 x>1,0<y<1 0<y<x<1 0<y<x<1 0<y<x<1 0<y<x<1, y=1, y:=0, y=1, y:=0 x>1,y=1 x=1,0<y<1 x=1,0<y<1 o, y=1, y:=0 x>1,y=0 x>1,0<y<1 O x=1,0<y<1 (d) (e) Fig. 2. Models o the AC unit and digital-clock IV. DIAGNOSIS WITH DENSE TIME SPECIFICATION In this secti we study the diagnosis problem where e dense timed-automat is given as the system model and another dense timed-automat as the speciicati model which speciies the nailure behavior. The task o diagnosis is to diagnose any aulty behavior o the system (with respect to the speciicati) within a bounded delay o its occurrence in the presence o both timing and event masks. This noti o diagnosability is captured by the ollowing deiniti. Deiniti 6: Given a timed system G = (Q, Σ, Ξ, Υ, I, Q 0, Q m ), a speciicati R = (Q R, Σ, Ξ R, Υ R, I R, Q R0, Q Rm ) closed relative to G, the timing mask M C, and the event mask M, (G, R) is said to be diagnosable with respect to M C and M i the ollowing holds: ( B R + ) ( ν = (σ 1, t 1 ) (σ j, t j ) L m (G) L m (R)) ( ν = ν(σ j+1, t j+1 ) (σ n, t n ) L m (G) : t n (t j + B)) ( µ L m (G) : M M C (ν ) M M C (µ)) ) (µ L m (R)) Deiniti 6 states that a timed system and a speciicati o its naulty behaviors are diagnosable i any violati o the given speciicati can be detected within a bounded time delay rom the event and timing-mask observatis o the system behavior (i.e., no naulty behavior can produce the same observati). For any deterministic speciicati R, the above diagnosis problem o a pair o timed-automata can be cverted to the diagnosis problem o a single timedautomat with a aulty event as deined in Deiniti 5. For this, we irst complete the speciicati R by adding a dump state and all the missing transitis. The resulting completed speciicati model is denoted as R. Next, we introduce in R a aulty event, whose occurrence indicates the executi o a behavior violating the given speciicati. The resulting reined completed speciicati is denoted as R. Then, we reduce the diagnosis problem o the pair (G, R) to that o the system G R. Note a naulty speciicati can always be accepted by a trim automat, and we assume without loss o generality that R is trim, so that pr(l m (R)) = L(R). The completed speciicati R is cstructed as ollows. R = (Q R {dump}, Σ, Ξ R, Υ R Υ add, I R, Q R0, Q Rm ), where q Q R, I R (q) = I R (q), I R (dump) = true, and the set o added transitis Υ add is deined as q Q R, σ Σ, i there are n 1 out-going transitis rom q labeled with σ, and let {φ 1 σ,, φ n σ} be the set o guard cdi- 7

8 tis associated with those n transitis, then (q, σ, ( n i=1 φi σ),, dump) Υ add ; otherwise (q, σ, true,, dump) Υ add. σ Σ, (dump, σ, true,, dump) Υ add. It is obvious that R accepts any timed-trace over the event set Σ and i a timed-trace leads to the state dump, then that trace is not marked by R (when R is deterministic), in which case it indicates a ault. In order to represent such ault using a aulty event, we (i) split the dump state into dump 1 and dump 2 states, (ii) make all sel-loop transitis o dump as sel-loop transitis o dump 2, (iii) make all incoming n-selloop transitis o dump as incoming transitis o dump 1, and (iv) add an outgoing transiti rom dump 1 to dump 2. The reined complete speciicati R is deined as ollows. R = (Q R {dump 1, dump 2 }, Σ {}, Ξ R {ξ }, Υ R Υ add, I R, Q R0, Q Rm {dump 2 }), where q Q R, I R (q) = I R(q), I R (dump 1) = (ξ = 0), I R (dump 2) = true, and the set o transitis Υ add is deined as: q Q R, σ Σ, i there are n 1 out-going transitis rom q labeled with σ, and let {φ 1 σ,, φ n σ} be the set o guard cditis associated with those n transitis, then (q, σ, ( n i=1 φi σ), {ξ }, dump 1 ) Υ add ; otherwise (q, σ, true, {ξ }, dump 1 ) Υ add σ Σ, (dump 2, σ, true,, dump 2 ) Υ add (dump 1,, ξ = 0,, dump 2 ) Υ add In the composed automat G R, we have ly e ault type, i.e., F = {F 1 }, and the correspding ault assignment uncti ψ is deined as ψ () = {F 1 } and ψ (σ) = or any σ Σ. The aulty event is unobservable, i.e., M() = ɛ. Also note Σ, and so the aulty event occurs asynchrously in the compositi G R (i.e., without the participati o G, whereas all other events occur synchrously) and immediately ater the occurrence a violati o the speciicati. From the cstructi o G R, it can be proved that (G, R) is diagnosable according to Deiniti 6 i and ly i G R is diagnosable according to Deiniti 5. To show this, we need the ollowing lemmas. Lemma 2: Given G and deterministic and relativeclosed R, it holds that Π Σ (L(G R )) = L(G) and Π Σ (L m (G R )) = L m (G). Proo: The irst cclusi ollows rom the act L(G) Π Σ (L(R )) = (Σ R + ). Next we show the secd cclusi. It ollows rom the deiniti o synchrous compositi that Π Σ (L m (G R )) L m (G). To show the cverse ctainment L m (G) Π Σ (L m (G R )), pick ν L m (G). I ν L m (R), then ν L m (G R ). the other hand i ν L m (G) L m (R), then rom the relativeclosure o R and the act pr(l m (R)) = L(R) (since R is trim), we have ν L m (G) pr(l m (R)) L m (G) = L m (G) L(R). Thereore ν must reach the dump state in R (since R is deterministic). This implies that there exists µ L(R ) such that Π(µ) = ν, and µ. Then µ reaches the state dump 2, which is a marked state o R. Further since Π(µ) = ν L m (G), we have that µ L m (G R ). Thus it can be ccluded that ν Π Σ (L m (G R )). Lemma 3: Given G and deterministic relative-closed R, any µ L m (G R ) ctains the aulty event i and ly i Π Σ (µ) L m (G) L m (R). Proo: Pick µ L m (G R ) with µ. From Lemma 2, Π Σ (µ) L m (G). Since µ ctains the aulty event, the executi o µ in R reaches state dump 2. Since the projected trace Π Σ (µ) ly erases the aulty event, the executi o Π Σ (µ) reaches the dump state in R. Thereore µ L m (G R ) ctains the aulty event i and ly i Π Σ (µ) L m (G) and its executi reaches the dump state in R (i.e., Π Σ (µ) L(R) = pr(l m (R)), or R is deterministic). Note Π Σ (µ) L m (G), then rom the relative-closure property o R, we have Π Σ (µ) L m (R), as desired. With Lemmas 2 and 3 in hand, we are ready to establish the ollowing theorem. Theorem 4: Given a system G, a deterministic relative closed speciicati R, a timing mask M C, and an event mask M, (G, R) is diagnosable with respect to M C and M i and ly i G R is diagnosable with respect to M C, M, and ψ. Proo: For the suiciency, suppose G R is diagnosable, i.e., there exists B R + such that Deiniti 5 is satisied. Pick a trace ν = (σ 1, t 1 ) (σ j, t j ) L m (G) L m (R), an extended trace ν = ν(σ j+1, t j+1 ) (σ n, t n ) L m (G) with t n t j + B, and µ L m (G) such that M M C (ν ) M M C (µ). We need show µ L m (G) L m (R). Since ν L m (G) L m (R), ν, µ L m (G), rom Lemma 2 and 3, there exist ν, ν, µ L m (G R ) s.t. Π Σ ( ν) = ν, Π Σ ( ν ) = ν, Π Σ ( µ) = µ, and ν ctains the aulty event. Since the aulty transiti occurs instantaneously (see the cstructi o R ), the last events in ν and ν occur at the same times as the last events in ν and ν, i.e., T ( ν) = T (ν) and T ( ν ) = T (ν ). Thus the last events ν and ν are separated by at least the 8

9 durati B. Note that is unobservable under the eventmask M, M M C ( µ) = M M C (Π Σ ( µ)) = M M C (µ) and M M C ( ν ) = M M C (ν ). Note G R is diagnosable, µ. Then rom Lemma 3, we have µ L m (G) L m (R). For the necessity, suppose (G, R) is diagnosable, i.e., there exists B R + such that Deiniti 6 is satisied. Pick a aulty trace ν = (σ 1, t 1 ) (σ j, t j) L m (G R ) where σ i Σ {} and σ k = or some k, an extended trace ν = ν(σ j+1, t j+1)... (σ n, t n ) L m (G R ) with t n t j +B, and µ L m (G R ) such that M M C ( µ) M M C ( ν ). We need show µ. Since ν, ν, µ L m (G R ) and ν, rom Lemma 2 and 3, there exist ν, ν, µ L m (G) s.t. ν = Π Σ ( ν), ν = Π Σ ( ν ), µ = Π Σ ( µ) L m (G) and ν L m (G) L m (R). Since the projecti Π Σ ly erases the aculty event which occurs instantaneously, the last events in ν and ν are separated by the same durati as the last events in ν and ν, namely by at least the durati B. Note that is unobservable under event-mask M, M M C (µ) = M M C ( µ) and M M C (ν ) = M M C ( ν ). Note (G, R) is diagnosable, µ L m (G) L m (R). Then rom Lemma 3, we have µ. The ollowing example illustrates the equivalence between the diagnosability o (G, R) and that o G R. Example 3: Csider the system G and the deterministic relative-closed speciicati R as shown in Figure 3. Suppose the digital clock C ticks with interval o e. From the speciicati R, we cstruct R, R and G R, which are shown in Figure 3. Suppose M(a) = a, M(b) = b, then (G, R) is diagnosable. This is because the trace in L m (G), which violates the speciicati L m (R), must be o the orm (a, t)(ɛ, t ) with t < 1. Such a trace is observed as a. the other hand, the trace with the same event observati and which satisies the speciicati is o the orm (a, t)(ɛ, t ) with t > 1. Such a trace is observed as k a or some k 1. The cclusi about diagnosability o G R can be drawn as well by comparing a aulty trace (a, t)(, t) with t < 1 and a naulty trace (a, t ) with t > 1. Now suppose M(a) = M(b) = a, then (G, R) becomes undiagnosable. This is because a aulty trace (a, 0.5) can not be distinguished rom a naulty trace (b, 0.7). Both produce the same observati, a. Similarly, G R is also undiagnosable since a aulty trace (a, 0.5)(, 0.5) can not be distinguished rom a naulty trace (b, 0.7) (both produce the same observati, a). V. CONCLUSION This paper csidered the diagnosis problem o timed discrete event systems where the system as well as the naulty speciicati is modeled by a dense timed-automat [2]. While it is meaningul or a system as well as its speciicati o naulty behavior to have a dense-time semantics, it is not practical or a diagnoser to be able to measure dense-time precisely. An imprecisi in measurement o time can be viewed as partial observability o time just as the presence o imprecise sensors leading to a partial observability o events. e observati we make is that or a diagnoser with access to a digital-clock modeled by a dense-time automat, the timing-masked behavior is regular. (This or example is the case or a digital-clock with initeprecisi and a inite-drit.) Another key observati we make is that diagnosis o dense-time systems can be reduced to e o untimed systems. REFERENCES [1] K. Altisen, F. Cassez, and S. Tripakis. Mitoring and aultdiagnosis with digital clocks. In Applicati o Ccurrency to System Design (ACSD 06), [2] R. Alur and D. Dill. A theory o timed automata. Theoretical Computer Science, 126: , [3] P. Bouyer, F. Chevalier, and D. D Souza. diagnosis using timed automata. In Proceeding o the 8th Internatial Cerence Foundatis o Sotware Science and Computati Structures (FoSSaCS 05), Edinburgh, [4] R. Debouk, S. Laortune, and D. Teneketzis. Coordinated decentralized protocols or ailure diagnosis o discrete event systems. Discrete Event Dynamical Systems: Theory and Applicatis, 10:33 79, [5] M. Dotoli, M.P. Fanti, A.M. Mangini, and W. Ukovich. -line ault detecti in discrete event systems by petri nets and integer linear programming. Automatica, 45: , [6] L. E. Holloway and S. Chand. Distributed ault mitoring in manuacturing systems using ccurrent discrete-event observatis. Integrated Computer-Aided Engineering, 3(4): , [7] S. Jiang, Z. Huang, V. Chandra, and R. Kumar. A polynomial time algorithm or diagnosability o discrete event systems. IEEE Transactis Automatic Ctrol, 46(8): , [8] S. Jiang and R. Kumar. Failure diagnosis o discrete event systems with linear-time temporal logic ault speciicatis. IEEE Transactis Automatic Ctrol, 49(6): , [9] S. Jiang and R. Kumar. Diagnosis o dense-time systems using digital-clocks. In Proceedings o the 25th American Ctrol Cerence, pages , Minneapolis, MN, June [10] S. Jiang, R. Kumar, and H. E. Garcia. Diagnosis o repeated/intermittent ailures in discrete event systems. IEEE Transactis Robotics and Automati, 19(2): , [11] C. M. Özveren and A. S. Willsky. Observability o discrete event dynamical systems. IEEE Transactis Automatic Ctrol, 35(7): , [12] W. Qiu and R. Kumar. Decentralized ailure diagnosis o discrete event systems. IEEE Transactis Systems, Man, and Cybernetics A, 36(2): , [13] W. Qiu, R. Kumar, and S. Jiang. decidability o distributed diagnosis under unbounded-delay communicati. IEEE Transactis Automatic Ctrol, 52: , January

10 G a, 0<x<1 x> R b a, y> b C, z=1, z:=0 z 1 _ R 3 a,b, ξ :=0 b a, y>1 1 2 a, y 1, ξ :=0 dump a,b a,b, ξ :=0 _ R a,b, ξ :=0 3 b a, y 1, ξ :=0 a, y>1 1 2 dump1 ξ=0, ξ =0 dump2 a,b, ξ :=0 _ G R a, y x>1 2,2 1,1 3,3 b a, y 1 0<x<1, ξ :=0 2,dump1 ξ=0, ξ =0 2,dump2 a,b (a) (b) (c) (d) (e) () Fig. 3. Automata o G, R, C, R, R and G R [14] M. Sampath, R. Sengupta, S. Laortune, K. Sinaamohideen, and D. Teneketzis. Diagnosability o discrete event systems. IEEE Transactis Automatic Ctrol, 40(9): , September [15] S. Tripakis. diagnosis or timed automata. In Formal Techniques in Real Time and Tolerant Systems, volume 2469 o Lecture Notes in Computer Science. Springer Verlag, [16] T. S. Yoo and S. Laortune. Polynomial-time veriicati o diagnosability o partially observed discrete-event systems. IEEE Transactis Automatic Ctrol, 47(9): , [17] S. H. Zad, R. H. Kwg, and W. M. Wham. diagnosis in discrete-event systems: Incorporating timing inormati. IEEE Transactis Automatic Ctrol, 50(7): , APPENDIX Given a plant A and a digital-clock C, the regi automat R(A C) := (Q R, Σ, Υ R, Q R0, Q Rm ) can be reined to accept the n preix-closed language M C (L m (A)). This is de in two steps. First, the transitis o R(A C) are extended to include ɛ-labeled transitis to track the passing o time. The resulting automat is called an extended regi-automat, denoted R ɛ (A C), and csists o a tuple (Q R, Σ, Υ R ɛ, Q R0, Q Rm ), where ((q A, q C, α), σ, (q A, q C, α )) Υ R : ((q A, q C, α), ɛ, (q A, q C, α 0 )),, ((q A, q C, α i ), ɛ, (q A, q C, α i+1 )),, ((q A, q C, α k ), σ, (q A, q C, α )) Υ R ɛ, where α i R (R denotes the clock regis), α i+1 is the immediate time-successor o α i or i = 0,, k 1 and α 0 (resp., α ) is the immediate time-successor o α (resp., α k ). In the secd step, an extended regi automat is urther reined to identiy event-pending states and tick-pending states. Next we introduce the notis o orcing, tick-ccurrent and pending states. Deiniti 7: Csider the extended regi automat R ɛ (A C). Let Σ (q) Σ denote the set o events deined at state q o R ɛ (A C). q is said to be orcing i ɛ Σ (q); tick-ccurrent i orcing and exists σ Σ such that {, σ} Σ (q); tick-pending with respect to its predecessor q i orcing and (q, σ, q) Υ R ɛ such that q is tickccurrent and either all predecessors o q are orcing, or (q1, σ 1, q), (q2, ɛ, q) Υ R ɛ with q 1 orcing and q2 norcing; event-pending with respect to its predecessor q i orcing and (q,, q) Υ R ɛ such that q is tickccurrent and either or any predecessor q o q, (q, ɛ, q ) Υ R ɛ, or (q1, σ 1, q ), (q2, ɛ, q ) Υ R ɛ with q2 norcing. Note any tick/event-pending state cannot be a inal state i it is reached alg predecessors which render it a pending state (since some ccurrently enabled transiti is still pending to occur). And so, each tick/eventpending state may be duplicated to make another copy, which cannot be marked. This is ormalized in the ollowing algorithm. Algorithm 1: Given a plant A and a digital-clock C, the algorithm or cstructing the reined regiautomat R ɛ (A C) := (Q R ɛ, Σ, Υ R ɛ, Q ɛ R 0, Q ɛ R m ), is presented as ollows. 1) Obtain the regi-automat R(A C). 2) Obtain the extended regi-automat R ɛ (A C). 3) Cstruct the states Q R ɛ. q Q R ɛ: i q Q R ɛ m and tick-pending, then: i all predecessors o q are orcing, (q, 0) Q R otherwise, q, (q, 0) Q R i q Q R ɛ m and event-pending such that (q,, q) Υ R ɛ with q being tickccurrent, then: i or any predecessor q o q, 10

11 (q, ɛ, q ) Υ R ɛ, then (q, 0) Q R otherwise, q, (q, 0) Q R otherwise, q Q R 4) Cstruct the transitis Υ R ɛ. q Q R ɛ: i q Q R ɛ m and tick-pending such that (q, σ, q) Υ R ɛ with q tick-ccurrent, then: i all predecessors o q are orcing, then: (q, σ, (q, 0)) Υ ɛ R (resp., ((q, 0), σ, (q, 0)) Υ R ɛ) i q Q ɛ R (resp., (q, 0) Q R ɛ); i (q1, σ 1, q), (q2, ɛ, q) Υ R ɛ with q 1 orcing and q2 norcing, then: (q1, σ 1, (q, 0)) Υ ɛ R (resp., ((q1, 0), σ 1, (q, 0)) Υ R ɛ) i q1 Q ɛ R (resp., (q1, 0) and (q2, ɛ, q) Υ R Q ɛ), R i q Q R ɛ m and event-pending such that (q,, q) Υ R ɛ with q being tickccurrent, then: i or any predecessor q o q, (q, ɛ, q ) Υ R ɛ, then: (q,, (q, 0)) Υ R i (q1, σ 1, q ), (q2, ɛ, q ) Υ R ɛ with q1 orcing (resp. norcing) and q2 norcing, then: ((q, 0),, q)(resp. (q,, q)), (q,, (q, 0)) Υ R otherwise, (q, σ, q) Υ ɛ R (resp., ((q, 0), σ, q) Υ R ɛ) i (q, σ, q) Υ R ɛ and q Q ɛ R (resp., (q, 0) Q R ɛ); 5) Cstruct the marked states Q ɛ R m. q Q ɛ R m i q Q R ɛ m Q R ɛ. Sgyan Xu (S 07) received the B.Tech. degree and M.S. degree rom the Harbin Institute o Technology, Harbin, China, in 2000 and 2002, respectively, and is currently pursuing the Ph.D. degree in Electrical and Computer Engineering rom Iowa State University, Ames, Iowa. Her research interests include diagnosis, supervisory ctrol and state estimati o discrete event systems. Shengbing Jiang received the B.S. degree in electrical engineering rom the University o Science and Technology o China, Heei, China, in 1987, the M.S. degree in electrical engineering rom East China Institute o Technology, Nanjing, China, in 1990, and the Ph.D. degree in electrical engineering rom the University o Kentucky, Lexingt, in He joined General Motors R&D, Warren, MI, in His research interests include ormal methods, ormal veriicati, supervisory ctrol, and ailure diagnosis o discrete event and hybrid systems, and their applicatis in embedded sotware design. Ratnesh Kumar (S 87-M 90-SM 00-F 07) received the B.Tech. degree in Electrical Engineering rom the Indian Institute o Technology at Kanpur, India, in 1987, and the M.S. and the Ph.D. degree in Electrical and Computer Engineering rom the University o Texas at Austin, Texas, in 1989 and 1991, respectively. From he was the aculty o University o Kentucky, and since 2002 he is the aculty o the Iowa State University. He has held visiting positi at the Institute o Systems Research at the University o Maryland at College Park, the Applied Research Laboratory at the Pennsylvania State University, the NASA Ames Research Center, the Argne Natial Laboratory West, and the United Technology Research Center. His primary research interest is in Reactive, Real-time, and Hybrid Systems and their applicatis to Embedded Sotware, Web Services, Power Systems, and Automous Systems. He was a recipient o the Microelectrics and Computer Development (MCD) Fellowship rom the University o Texas at Austin, and was awarded the Lalit Narain Das Memorial Gold Medal or the Best EE Student and the Ratan Swarup Memorial Gold Medal or the Best All-rounder Student rom the Indian Institute o Technology at Kanpur, India. He is a recipient o the NSF Research Initiati Award, NASA-ASEE summer aculty ellowship award, and coauthor o the book Modeling and Ctrol o Logical Discrete Event Systems, Kluwer Academic Publishers, He serves the program committee or the IEEE Ctrol Systems Society, the Internatial Workshop Discrete Event Systems, and the IEEE Workshop Sotware Cybernetics. He is or has been an associate editor o SIAM Journal Ctrol and Optimizati, IEEE Transactis Robotics and Automati, Journal o Discrete Event Dynamical Systems, and IEEE Ctrol Systems Society. He is a Fellow o the IEEE. 11