Diagnosis of Dense-Time Systems using Digital-Clocks

Diagnosis of Dense-Time Systems using Digital-Clocks Shengbing Jiang GM R&D and Planning Mail Code 480-106-390 Warren, MI 48090-9055 Email: shengbing.jiang@gm.com Ratnesh Kumar Dept. of Elec. & Comp. Eng. Iowa State University Ames, IA 50014 Email: rkumar@iastate.edu Abstract We study failure diagnosis of timed discreteevent systems modeled as dense timed-automata for which reachability is decidable [1], [6]. Failure diagnosis of such systems was first studied in [21], assuming that a diagnoser has partial observation of events but can measure (or observe ) time perfectly. In this paper we relax the latter requirement since in practice time cannot be measured precisely. Thus in our setting we have partial observability of events as well as of time. We model the observability of time based on a digitalclock of finite precision and of finite drift, i.e., the clock that a diagnoser uses to measure time ticks every [ ± δ] units of time. We show that the discrete-time behavior observed using such a clock is regular, i.e., can be represented using a finite (untimed) automaton. In our analysis we allow the non-failure behavior to be also represented as a separate dense timedautomaton that is deterministic (also decidable), which can be viewed as another extension. We show that the verification of diagnosability (ability to detect specification violation within a bounded delay) as well as the off-line synthesis of a diagnoser for a diagnosable system is decidable by reducing the problem to the untimed domain. The reduction to the untimed domain also suggests an effective method for an on-line diagnosis. Keywords: Discrete event systems, diagnosis, timed automaton, diagnosability, dense-time, digital-clock I. INTRODUCTION A failure in a system is consider to be its abnormal behavior, i.e., one that violates the specification of a normal behavior. The task of diagnosis of a system requires detecting the occurrence of a failure by observing the system behavior, whereas the diagnosability property requires that the occurrence of a failure be detected within a bounded delay. For untimed discrete-event systems diagnosability has been examined in [17], [25], [8], [24], and a stronger notion of state-observability was examined in [12]. Extensions to decentralized setting can be found in [5], [13], [22] and to distributed setting in [5], [18], [16], [2], [19], [14], [15]. Extensions to diagnosis of repeatable/intermittent-failures can be found in [11], [23], [9], [3], [27], to the temporal logic setting in [10], [9], and to the probabilistic setting in [20]. Above cited work explore diagnosis of untimed discrete event systems. There has also been some research on diagnosis of timed discrete event systems, which includes diagnosis in discrete-time setting [26] and in dense-time setting [7], [4], [21]. It is known that the class of discrete-time systems is a subclass of dense-time ones, and the property of diagnosability of such dense-time systems, modeled as timed automata [1], [6], was first examined in [21] under the assumption that a diagnoser has partial observation of events but it can measure time perfectly. It was shown that the verification of diagnosability in this setting is decidable and on-line diagnosis can be effectively performed. However, no comments were made about the off-line synthesis of a diagnoser. In this paper we generalize the work reported in [21] in two different ways. First, we relax the requirement that a diagnoser be able to measure time precisely since that is not possible in practice. Thus in our setting we have partial observability of events as well as of time. We model the observability of time based on a digital-clock of finite precision and of finite drift, i.e., the clock that the diagnoser uses to measure time ticks every [ ± δ] units of time. ( > δ 0, and both and δ are rationals.) Second, we allow the representation of the non-failure specification also to be a dense timed-automaton. Since the computation of the failure-specification from a non-failure specification requires complementation, we assume the non-failure specification to be accepted by a deterministic dense timed-automaton. We show the decidability of the diagnosis problem in this general setting. This decidability result we obtain is based on two main results reported in this paper: (i) We show that the discretetime behavior observed using a digital-clock of the type mentioned above is regular, i.e., can be represented using a finite (untimed) automaton. (ii) Diagnosability of a pair of dense-timed system and a deterministic dense-time specification is reducible to the diagnosability of a single untimed system in which failures are represented through faulty events. With these two observations we are able to reduce the problem of diagnosis in the dense-time setting to that of diagnosis in the untimed setting. It then follows from the results in the untimed setting that even in the dense-time setting the verification of diagnosability as well as the offline synthesis of a diagnoser is decidable, and the on-line diagnosis can be effectively performed. The rest of the paper is organized as follows. Section 2 gives the notations and preliminaries. Section 3 shows that that the discrete-time behavior of a dense timed-automaton as observed through a digital clock of finite precision and finite drift is an untimed regular language. Section 4 formulates and studies diagnosability in the dense time setting for sys-

tems in which faults are specified using faulty events. Section 5 looks at the extension where non-failure specification is given, a violation of which corresponds to the occurrence of a fault. Conclusion is presented in Section 6. II. NOTATIONS AND PRELIMINARIES A timed automaton A is a tuple (Q, Σ, Ξ, Υ, Q 0, I), where Q is a finite set of discrete states; Σ is a finite set of events; Ξ is a finite set of clocks; Υ Q Q Σ Φ 2 Ξ is a set of transitions. Here Φ is the set of clock constraints. A clock constraint φ Φ is a boolean formula with atomic constraints of the form ξ c or ξ 1 ξ 2 c, where ξ 1, ξ 2 Ξ, {, <, =, >, }, and c is a rational constant. Each transition υ Υ is a tuple (q, q, σ, φ, r) with q is the source discrete state, q is the destination discrete state, σ is the event associated with the transition, φ is a clock constraint representing the guard condition of the transition, r is the set of clocks to be reset by the transition when entering the destination discrete state q. Q 0 Q is the set of initial states; I : Q Φ is the invariant function, which assigns invariants to discrete states. Let R + be the set of nonnegative real numbers. A timed trace over Σ is a sequence ν =< σ 0, t 0 >< σ 1, t 1 > < σ i, t i > < σ n, t n > with t i R + for all i = 0, 1,, n, t i t i+1 and σ i Σ for all i = 0, 1,, n 1, and σ n Σ {ɛ}, where ɛ is the null event. The corresponding untimed trace of ν is ν untime = σ 0 σ n. A time assignment is a function v : Ξ R + assigning a nonnegative real value to every clock. Constants may be added to time assignments, where (v + c)(ξ) = v(ξ) + c. [r 0]v is the time assignment that maps every clock in r Ξ to time 0 and keeps all other clocks same as in v. We say that the clocks in r are reset. The time assignment 0 v maps every clock to 0. A run of A over a timed trace ν =< σ 0, t 0 >< σ 1, t 1 > < σ i, t i > < σ n, t n > is a sequence of the form (q 0, v 0 ) <σi,ti> (q i+1, v i+1 ) <σn,tn> (q n+1, v n+1 ) with q i Q and v i being the time assignments, satisfying the following requirements: Initialization: q 0 Q 0 and v 0 = 0 v Invariance: i = 0, 1, n, t [0, t i t i 1 ], v i + t satisfies I(q i ), where t 1 = 0 Consecution: i = 0, 1, n 1, (q i, q i+1, σ i, φ i, r i ) Υ such that v i + t i t i 1 satisfies φ i and v i+1 = [r i 0](v i + t i t i 1 ), where t 1 = 0; if σ n ɛ then there is a tuple (q n, q n+1, σ n, φ n, r n ) Υ such that v n + t n t n 1 satisfies φ n and v n+1 = [r n 0](v n + t n t n 1 ), otherwise q n+1 = q n and v n+1 = v n + t n t n 1. A timed automaton A accepts a timed trace ν if A has a run over ν. The timed language accepted by A is the set of all timed traces accepted by A, which is denoted by L(A). It is obvious that L(A) is prefix closed. The untimed language of A is L untime (A) = {ν untime ν L(A)}. It is required that in a timed automaton, when the invariant of a discrete state is violated, some outgoing transition must be enabled; and the automaton is non-zeno, i.e., there does not exist any run of the automaton that contains infinite transitions in a finite interval of time. The product of two timed automata is defined as follows. Let A 1 = (Q 1, Σ 1, Ξ 1, Υ 1, Q 1 0, I 1 ) and A 2 = (Q 2, Σ 2, Ξ 2, Υ 2, Q 2 0, I 2 ) be two timed automata. Assume that the clock sets Ξ 1 and Ξ 2 are disjoint. Then, the product is the timed automaton A 1 A 2 = (Q 1 Q 2, Σ 1 Σ 2, Ξ 1 Ξ 2, Υ, Q 1 0 Q 2 0, I), where I(q 1, q 2 ) = I 1 (q 1 ) I 2 (q 2 ) and the transition set Υ is defined by: 1) σ Σ 1 Σ 2, (q 1, q 1, σ, φ 1, r 1 ) Υ 1, (q 2, q 2, σ, φ 2, r 2 ) Υ 2, we have ((q 1, q 2 ), (q 1, q 2), σ, φ 1 φ 2, r 1 r 2 ) Υ. 2) σ Σ 1 Σ 2, (q 1, q 1, σ, φ 1, r 1 ) Υ 1, q 2 Q 2, we have ((q 1, q 2 ), (q 1, q 2 ), σ, φ 1, r 1 ) Υ. 3) σ Σ 2 Σ 1, (q 2, q 2, σ, φ 2, r 2 ) Υ 2, q 1 Q 1, we have ((q 1, q 2 ), (q 1, q 2), σ, φ 2, r 2 ) Υ. From [1], [6], we have the following result. Theorem 1: The untimed language L untime (A) of a timed automaton A is regular. To introduce partial observation of events, let M : Σ {ɛ} Λ {ɛ} be an event observation mask with M(ɛ) = ɛ, where Λ is the set of output symbols. An untimed trace s = σ 0 σ 1 σ i is observed through the mask M as M(s) = M(σ 0 )M(σ 1 ) M(σ i ). Given an untimed closed language K Σ, the event masked language M(K) is given by, M(K) := {M(s) Λ s K}. To introduce the faults, let F = {F 1, F 2,, F m } be the set of failure types, ψ : Σ 2 F be the fault assignment function for each event, where ψ(σ) = means σ is a good event otherwise σ is a faulty event and ψ(σ) is the set of fault types that σ is associated with. Hereafter, when we write that a fault of type F i has occurred, we will mean that some faulty event σ has occurred such that F i ψ(σ). For an untimed trace s = σ 0 σ 1 σ i, if F i ψ(σ i ) for some event σ i in the trace, then we say that a fault of type F i has occurred in s, which is denoted as F i s. The definition of diagnosability for untimed discrete event systems is given below ([17]). Definition 1: A prefix-closed language K Σ is said to be diagnosable with respect to the event mask M and the fault assignment function ψ if the following holds: ( F i F)( N i > 0) ( s = σ 0 σ j K, F i s) ( t = sσ j+1 σ j+n K, n N i ) ( w L, M(w) = M(t) (F i w) A discrete event system is diagnosable if its generated language is diagnosable.

Polynomial algorithms for the test of the above diagnosability and the synthesis of the on-line diagnoser can be found in [8], [24], [11]. III. TIMING MASKED LANGUAGE AND ITS REGULARITY In this section we define the discrete-time behavior of a dense timed-automaton as observed using a digital clock of finite precision and finite drift. We show that such as a discrete-time behavior is a regular language, i.e., can be accepted by a (untimed) automaton. To introduce the observation mask for the time, suppose we have a digital-clock with the precision of and the clock drift of δ with > δ 0 and both and δ are rational numbers, then for every T [ δ, + δ] time units the clock will generate a special tick event τ Σ. We will denote such a digital clock by clock (,δ). Definition 2: Given a clock clock (,δ), the timing mask function M (,δ) for timed traces is defined as: for every timed trace ν =< σ 0, t 0 >< σ 1, t 1 > < σ i, t i >, M (,δ) (ν) := τ t0/t0 σ 0 τ t1/t1 t0/t0 σ 1 τ ti/ti ti 1/Ti 1 σ i where τ 0 = ɛ, τ i+1 = τ τ i and T i [ δ, + δ] for all i 0. The timing masked language of A under clock (,δ) is M (,δ) (L(A)) = {M (,δ) (ν) ν L(A)}. It is obvious that M (,δ) (L(A)) is prefix closed and is a language over Σ {τ}, i.e., M (,δ) (L(A)) (Σ {τ}). Since τ is just another symbol (a tick symbol), this implies that the timing masked language is an untimed language. We show below that when A is a dense timed-automaton, its timing masked language is a regular untimed language. Theorem 2: Given a timed automaton A, let L(A) be its timed language, then its timing masked language M (,δ) (L(A)) is regular. Sketch of Proof: Let C = (Q c, Σ c, Ξ c, Υ c, Q c 0, I c ) be the timed automaton model for the digital clock clock (,δ) with Q c = Q c 0 = {q 0 }, Σ c = {τ}, Ξ = {ξ c }, Υ c = {(q 0, q 0, τ, [ξ c δ] [ξ c + δ], {ξ c })}, and I c (q 0 ) = [ξ c 0] [ξ c + δ]; and let P = A C be the product timed automaton of A and C. It can be proved that M (,δ) (L(A)) = L untime (P ). Then the result follows directly from Theorem 1. IV. FAILURE DIAGNOSIS WITH EVENT AND TIMING MASKS In this section we study the failure diagnosis problem of timed discrete event systems modeled by timed automata with both timing and event observation masks. Let A = (Q, Σ, Ξ, Υ, Q 0, I) be the timed automata model of the system, M (,δ) be the timing mask, M : Σ {ɛ} Λ {ɛ} be the event observation mask, F = {F 1, F 2,, F m } be the set of failure types, ψ : Σ 2 F be the fault assignment function for each event. For a timed trace ν =< σ 0, t 0 >< σ 1, t 1 > < σ i, t i >, if F i ψ(σ i ) for some event σ i in the trace, then we say that a fault of type F i has occurred in ν, which is denoted as F i ν. A timed trace ν =< σ 0, t 0 >< σ 1, t 1 > < σ i, t i > observed through the event observation mask M is M(ν) = < M(σ i ) ɛ, t i >. The trace ν observed through both timing and event masks is M M (,δ) (ν) = τ t0/ M(σ 0 )τ t1/ t0/ M(σ 1 ) τ ti/ ti 1/ M(σ i ) It is not difficult to verify that M M (,δ) (ν) = M (,δ) M(ν). The event and timing masked language of A is M M (,δ) (L(G)) = {M M (,δ) (ν) ν L(A)}. Now we give the definition of diagnosability. Definition 3: A prefix-closed timed language L is said to be diagnosable with respect to the timing mask M (,δ), the event mask M, and the fault assignment function ψ if the following holds: ( F i F)( B i R + ) ( µ =< σ 0, t 0 > < σ j, t j > L, F i µ) ( µ = µ < σ j+1, t j+1 > < σ n, t n > L, t n (t j + B i )) ( ν L, M M (,δ) (ν) = M M (,δ) (µ )) (F i ν) A dense-time system A is said to be diagnosable if its timed language L(A) is diagnosable. The diagnosis problem of dense-time systems with both timing and event masks can be reduced to the diagnosis problem of untimed systems with only event observation mask. In the following, we first show that the timing masked language of a timed automaton is regular, and next establish the equivalence of the diagnosabilities of a timed language and its timing masked language. Theorem 3: A prefix-closed timed language L is diagnosable with respect to the timing mask M (,δ), the event mask M, and the fault assignment function ψ if and only if its timing masked language M (,δ) (L) is diagnosable with respect to the event mask M and the fault assignment function ψ. Sketch of Proof: For the sufficiency, suppose M (,δ) (L) is diagnosable, i.e., for any F i there exists a N i such that the conditions in Definition 1 are satisfied. Then by picking B i = N i ( + δ) for the parameter B i in Definition 3, we can directly prove the diagnosability of L based on the following two facts. Fact 1: for any segment of a timed trace, if the time duration of the segment is longer than N i ( +δ) then the timing mask of the segment contains at least N i tick events. Fact 2: for any timed trace µ L, F i µ if and only if F i M (,δ) (µ). For the necessity, Suppose the timed language L is diagnosable, i.e., for any F i there exists a B i such that the conditions in Definition 3 are satisfied. From the assumption that the system is non-zeno, we know that given a T R +, there exists an integer K T such that for any segment of a timed trace in L, if the segment contains more than K T events then the time duration of the segment is longer than T. Let K Bi denote the above bound for the number

of events within a time duration of B i, then by picking N i = K Bi + B i /( δ) + 1 for the parameter N i in Definition 1, we can directly prove the diagnosability of M (,δ) (L) based on the following facts. Fact 1: for any segment of a timing mask trace in M (,δ) (L), if it contains more than N i events, then it either contains more than K Bi events in Σ or contains more than B i /( δ) tick events, and in either case the duration of the segment is longer than B i. Fact 2: for any timing mask of a timed trace µ L, F i M (,δ) (µ) if and only if F i µ. From Theorems 2 and 3, the diagnosis problem of densetime systems with both timing and event observation masks can be reduced to the diagnosis problem of untimed discrete event systems with event observation mask. Thus, the results for the diagnosis of untimed discrete event systems like [8], [24], [11] can be applied for the test of diagnosability and the synthesis of on-line as well as off-line diagnoser. V. DIAGNOSIS WITH DENSE TIME SPECIFICATION We study the diagnosis problem where one dense timedautomaton is given as the system model and another dense timed-automaton as the specification model which specifies the non-failure behavior. The task of diagnosis is to diagnose any faulty behavior of the system (with respect to the specification) within a bounded delay of its occurrence in the presence of both timing and event masks. In other words, the fault is not specified as faulty events directly. This notion of diagnosability is captured by the following definition. Definition 4: Given a system with a timed automaton model G = (Q, Σ, Ξ, Υ, Q 0, I), a specification with a timed automaton model R = (Q R, Σ, Ξ R, Υ R, Q R 0, I R ), the timing mask M (,δ), and the event mask M, (G, R) is said to be diagnosable with respect to M (,δ) and M if the following holds: ( B R + ) ( µ =< σ 0, t 0 > < σ j, t j > L(G) L(R)) ( µ = µ < σ j+1, t j+1 > < σ n, t n > L(G), t n (t j + B)) ( ν L(G), M M (,δ) (ν) = M M (,δ) (µ )) (ν L(R)) For any deterministic specification R, the above diagnosis problem for a pair of timed automata can be transferred to the diagnosis problem of a single timed automaton with faulty event as defined in Definition 3. For this, we first complete the specification R by adding a dump state and all the missing transitions. Let R denote the automaton derived; it is constructed as follows: R = (Q R {dump}, Σ, Ξ R, Υ R Υ add, Q R 0, I R ), where q Q R, I R (q) = I R (q), I R (dump) = true, and the set of added transitions Υ add is defined as q Q R, σ Σ, suppose there are n 0 out-going transitions from q labeled with σ, and let {φ 1 σ,, φ n σ} be the set of guard conditions associated with those n transitions, then (q, dump, ( n i=1 φi σ), σ, ) Υ add. σ Σ, (dump, dump, true, σ, ) Υ add. It is obvious that R accepts any timed trace over the event set Σ, if a timed trace leads to the state dump, then the trace is not accepted by R, and in which case it indicates a fault. In order to represent such a fault using a faulty event, next we split the dump state into dump 1 and dump 2 states; make all self-loop transitions of dump as self-loop transitions of dump 2 ; make all incoming non-selfloop transitions of dump as incoming transitions of dump 1 ; add an outgoing transition on f from dump 1 to dump 2. The automaton obtained is denoted as R f and it is defined as follows. R f = (Q R {dump 1, dump 2 }, Σ {f}, Ξ R {ξ f }, Υ R Υ f add, QR 0, I f R ), where q Q R, I f R (q) = I R(q), I f R (dump 1) = (ξ f = 0), I f R (dump 2) = true, and the set of transitions Υ f add is defined as q Q R, σ Σ, suppose there are n 0 out-going transitions from q labeled with σ, and let {φ 1 σ,, φ n σ} be the set of guard conditions associated with those n transitions, then (q, dump 1, ( n i=1 φi σ), σ, {ξ f }) Υ f add. σ Σ, (dump 2, dump 2, true, σ, ) Υ f add. (dump 1, dump 2, ξ f = 0, f, ) Υ f add. Then we can compose G with R f and obtain the product timed automaton G R f with the faulty event f. Since f Σ, the event f occurs asynchronously in the composition (i.e., without the participation of G), whereas all other events occur synchronously. For the automaton G R f, we have only one failure type, i.e., F = {F 1 }, and the corresponding fault assignment function ψ f is defined as ψ f (f) = {F 1 } and ψ f (σ) = for any σ Σ. From the construction of G R f it can be proved that (G, R) is diagnosable according to Definition 4 if and only if G R f is diagnosable according to Definition 3. Also the problem can be further reduced to the diagnosis of untimed systems as established above. We have the following theorem. Theorem 4: Given a system G, a deterministic specification R, the timing mask M (,δ), and the event mask M, (G, R) is diagnosable with respect to M (,δ) and M if and only if G R f is diagnosable with respect to M (,δ), M, and ψ f. Sketch of Proof: The result follows directly from the facts that there is a one-to-one mapping between the timed languages of G and G R f ; and for any timed trace ν L(G), ν L(R) if and only if ν f, which is the corresponding trace of ν in L(G R f ), contains the faulty event f, i.e., F 1 ν f. VI. CONCLUSION The paper considered the diagnosis of timed discrete event systems where the model of the system as well as of the non-failure specification is allowed to be dense timedautomaton [1], [6]. (The non-failure specification model is deterministic.) While it is meaningful for a system as well as its specification of non-failure behavior to have a densetime semantics, it is not practical for a diagnoser to be

able to measure dense-time precisely. An imprecision in measurement of time can be viewed as partial observability of time, just as the presence of imprecise sensors leads to a partial observability of events. A main observation is that for a diagnoser with access to a digital-clock, the discrete-time behavior as observed by the diagnoser is regular as long as the digital-clock can be modeled as a dense timed-automaton. (This for example is the case for a digital-clock with finite precision and a bounded drift.) Another observation is that the diagnosability property is preserved under timing masking. Based on these two observations it was shown that the problem of diagnosis of dense-time systems can be reduced to one of untimed systems. Consequently, results from the untimed setting such as those reported in [11] can be applied to perform the diagnosis of a dense-time system against a dense-time specification in the presence of partial observation of events as well as imprecise measurement of time. ACKNOWLEDGMENT The research was supported in part by the National Science Foundation under the grants NSF-ECS-0218207, NSF- ECS-0244732, NSF-EPNES-0323379, and NSF-0424048. REFERENCES [1] R. Alur and D. Dill. A theory of timed automata. Theoretical Computer Science, 126:183 235, 1994. [2] R. K. Boel and J. H. van Schuppen. Decentralized failure diagnosis for discrete-event systems with constrained communication between diagnosers. In Proceedings of International Workshop on Discrete Event Systems, 2002. [3] O. Contant, S. Lafortune, and D. Teneketzis. Diagnosis of intermittent faults. Discrete Event Dynamical Systems: Theory and Application, 14:171 202, 2004. [4] S. R. Das and L. E. Holloway. Characterizing a confidence space for discrete event timings for fault monitoring using discrete sensing and actuation signals. IEEE Transactions on Systems, Man, and Cybernetics Part A: Systems and Humans, 30(1):52 66, 2000. [5] R. Debouk, S. Lafortune, and D. Teneketzis. Coordinated decentralized protocols for failure diagnosis of discrete event systems. Discrete Event Dynamical Systems: Theory and Applications, 10:33 79, 2000. [6] T. A. Henzinger, X. Nicollin, J. Sifakis, and S. Yovine. Symbolic model-checking for real-time systems. Information and Computation, 111:193 244, 1994. [7] L. E. Holloway and S. Chand. Distributed fault monitoring in manufacturing systems using concurrent discrete-event observations. Integrated Computer-Aided Engineering, 3(4):244 254, 1996. [8] S. Jiang, Z. Huang, V. Chandra, and R. Kumar. A polynomial time algorithm for diagnosability of discrete event systems. IEEE Transactions on Automatic Control, 46(8):1318 1321, 2001. [9] S. Jiang and R. Kumar. Diagnosis of repeated failures for discrete event systems with linear-time temporal logic specifications. In Proceedings of IEEE Conference on Decision and Control, pages 3221 3226, Maui, Hawaii, 2003. [10] S. Jiang and R. Kumar. Failure diagnosis of discrete event systems with linear-time temporal logic fault specifications. IEEE Transactions on Automatic Control, 49(6):934 945, 2004. [11] S. Jiang, R. Kumar, and H. E. Garcia. Diagnosis of repeated/intermittent failures in discrete event systems. IEEE Transactions on Robotics and Automation, 19(2):310 323, 2003. [12] C. M. Ozveren and A. S. Willsky. Observability of discrete event dynamical systems. IEEE Transactions on Automatic Control, 35(7):797 806, 1990. [13] W. Qiu and R. Kumar. Decentralized failure diagnosis of discrete event systems. In Proceedings of 2004 International Workshop on Discrete Event Systems, Reim, France, September 2004. [14] W. Qiu and R. Kumar. Distributed failure diagnosis under bounded delay using immediate observation passing protocol. In Proceedings of 2005 American Control Conference, Portland, OR, June 2005. [15] W. Qiu, R. Kumar, and S. Jiang. Decidability of distributed diagnosis under unbounded-delay communication. IEEE Transactions on Automatic Control, 2004. Submitted. [16] S. L. Ricker and J. H. van Schuppen. Decentralized failure diagnosis with asynchronous communication between supervisors. In Proceedings of the European Control Conference, pages 1002 1006, 2001. [17] M. Sampath, R. Sengupta, S. Lafortune, K. Sinaamohideen, and D. Teneketzis. Diagnosability of discrete event systems. IEEE Transactions on Automatic Control, 40(9):1555 1575, September 1995. [18] R. Sengupta and S. Tripakis. Decentralized diagnosis of regular language is undecidable. In Proceedings of IEEE Conference on Decision and Control, pages 423 428, Las Vegas, NV, December 2002. [19] R. Su, W. M. Wonham, J. Kurien, and X. Koutsoukos. Distributed diagnosis for qualitative systems. In Proceedings of International Workshop on Discrete Event Systems, 2002. [20] D. Thorsley and D. Teneketzis. Diagnosability of stochastic discreteevent systems. IEEE Transactions on Automatic Control, 50(4):476 498, 2005. [21] S. Tripakis. Fault diagnosis for timed automata. In Formal Techniques in Real Time and Fault Tolerant Systems, volume 2469 of Lecture Notes in Computer Science. Springer Verlag, 2002. [22] Y. Wang, T.-S. Yoo, and S. Lafortune. New results on decentralized diagnosis of discrete-event systems. In Proceedings of 2004 Annual Allerton Conference, 2004. [23] T. Yoo and H. E. Garcia. Event diagnosis of discrete-event systems with uniformly and nonuniformly bounded diagnosis delays. In Proceedings of 2004 American Control Conference, pages 5102 5107, Boston, MA, June 2004. [24] T. S. Yoo and S. Lafortune. Polynomial-time verification of diagnosability of partially observed discrete-event systems. IEEE Transactions on Automatic Control, 47(9):1491 1495, 2002. [25] S. H. Zad, R. H. Kwong, and W. M. Wonham. Fault diagnosis in discrete-event systems: Framework and model reduction. IEEE Transactions on Automatic Control, 48(7):1199 1212, 2003. [26] S. H. Zad, R. H. Kwong, and W. M. Wonham. Fault diagnosis in discrete-event systems: Incorporating timing information. IEEE Transactions on Automatic Control, 50(7):1010 1015, 2005. [27] C. Zhou and R. Kumar. Computation of diagnosable fault-occurrence indices for systems with repeatable-faults. In Proceeding of 2005 IEEE Conference on Decision and Control and European Control Conference, Seville, Spain, December 2005.