2015 American Control Conference
Palmer House Hilton
July 1-3, 2015. Chicago, IL, USA
Computation of the maximum time for failure diagnosis of
discrete-event systems
Gustavo S. Viana, João C. Basilio, Marcos V. Moreira
Abstract— Although the theory of failure diagnosis of
discrete-event systems has been proved effective, one question
remains open: assuming that the generated language is diag-
nosable, how long does the diagnosis system take to detect the
failure occurrence? In this paper, although we still consider
the DES as a dynamic system whose evolution is determined
by the asynchronous occurrence of events, we add to each
transition a weight that corresponds to the maximum time that
takes for the event to occur since the moment it fires (the so-
called time-weighted model), to propose an effective algorithm
to determining the maximum time for failure diagnosis. This
result was only possible because we derive a new necessary
and sufficient condition for diagnosability verification and by
the use of max-plus algebra to obtain a matrix representation
for time-weighted automata.
I. I NTRODUCTION
One approach to fault diagnosis is by constructing a
discrete-event model of the system whose fault occurrence
must be diagnosed [1]. In practice, this is usually carried
out by means of a deterministic automaton called diagnoser,
whose states are sets formed with the states of the automaton
the models plant together with labels that indicate if the trace
occurred so far possesses or not the fault event; diagnosers
are also used offline for diagnosability verification. In the
design of a failure diagnosis system for DES, the first step is
to check whether the language generated by an automaton is
diagnosable, i.e., whether the system is able to diagnose the
failure occurrence in a finite number of events occurrences.
Another aspect that is not analysed and is equally im-
portant is that, given that a language is diagnosable, how
long it takes the diagnoser to reach a certain failure state;
or better still, what is the maximum time required for the
system to be sure that the failure has occurred? In a real
system, a failure can impair an entire production line. But
just being sure that the failure has occurred is not enough;
for example, components may burn or parts may misalign
before the failure occurrence is detected. So, it is important
to analyse the detection time as a parameter to characterize
the diagnosability; possibly based on this parameter, we can
establish safety measures.
The problem related to the computation of the time the
diagnosis system takes to inform with certainty the failure
occurrence becomes more involved due to the existence
of unobservable events since the decision on the failure
*This work has been partially supported by the Brazilian Research
Council (CNPq) and by the Ministry of Education (CAPES).
The authors are with COPPE - Programa de Engenharia Elétrica,
Universidade Federal do Rio de Janeiro, 21949-900, Rio de Janeiro,
RJ, Brazil. gustavo.viana@poli.ufrj.br, basilio@dee.ufrj.br,
moreira.mv@poli.ufrj.br
978-1-4799-8684-2/$31.00 ©2015 AACC
Authorized licensed use limited to: UNIVERSIDADE FEDERAL DO RIO DE JANEIRO. Downloaded on July 12,2023 at 15:07:35 UTC from IEEE Xplore. Restrictions apply.
occurrence (diagnosis) is taken based on observed events
only, i.e., those events whose occurrence can be recorded by
sensors. Therefore, when using diagnosers offline in order to
predict the time spent to diagnose the failure, it is impossible
to take into account the time interval between occurrences of
observable events that have unobservable events in-between.
In order to overcome this apparent diagnoser deficiency we
propose in this paper a new test for verification of language
diagnosability of DES, also based on diagnosers, which has
the following advantages over the usual diagnosability tests
based on diagnosers: (i) the verification diagnoser event set
has both, observable and unobservable events; (ii) it does not
require the usual assumptions on language liveness and non-
existence of cycles of states connected with unobservable
events [1], [2]; (iii) it is based on the search for strongly
connected components, as opposed to cycles in the usual
tests using diagnosers [1], [3]; it is worth noting that search
for cycles has computational complexity that is worse than
exponential [4], [5], whereas the search for strongly con-
nected components is linear.
Although the diagnosability verification test proposed here
provides all information regarding occurrences of both ob-
servable and unobservable events, it is also necessary to have
the information on the time interval between two consecutive
event occurrences. In this paper, this information will be
provided by modeling the DES by time-weighted automata
[6]. The calculation of the time the diagnosis system takes
to detect the failure diagnosis can then be obtained by
using the so-called max-plus matrix [7] associated with the
time-weighted verification diagnoser, a verification diagnoser
computed by using time-weighted automata as opposed to
untimed automata.
Diagnosability of timed DES has also been considered in
[8] using the model proposed in [9], but without computing
the maximum time for failure diagnosis. This paper, on the
other hand, not only provides a systematic way of computing
the maximum time for diagnosability but also extends the
diagnosability condition to timed DES modeled by time-
weighted automaton.
This paper is structured as follows. In Section II, we
present the necessary background on DES, failure diagnosis
of DES, max-plus algebra, time-weighted systems and max-
plus representation of time-weighted automata. In Section III,
we present a new necessary and sufficient condition for
diagnosability of discrete-event systems and a test based
on the search of strongly connected components. In Sec-
tion IV we present an algorithm for computing the maxi-
mum time the diagnosis system takes to detect the failure
396
 occurrence; assuming, of course, language diagnosability.
An example is presented in Section V to illustrate the
results of the paper. Finally, conclusions and an outline of
future works are presented in Section VI. Due to length
constraints, all proofs have been omitted and can be found
in http://www.dee.ufrj.br/lca/artigos/acc2015full.pdf.
II. BACKGROUND
Let G = (X, Σ, f, Γ, x0 , Xm ) denote a deterministic
automaton, where X is the finite state space, Σ is the set
of events, f is the transition function, assumed here to be
partially defined in the event set, Γ is the active event set, i. e.,
Γ(x) = {σ ∈ Σ : (∃y ∈ X)[f (x, σ) = y]}, x0 is the initial
state, and Xm is the set of marked states. We will assume
that the event set is partitioned as Σ = Σo ∪Σ ˙ uo , where Σo
(resp. Σuo ) denotes the set of observable (resp. unobservable)
events. The languages generated and marked by G will be
denoted as L(G) = L and Lm (G) = Lm , respectively.
Given a trace s ∈ L, we define the post-language of L
after s as L/s = {t ∈ Σ∗ : st ∈ L}. The assumption
usually made in the literature [1], [2] that G does not possess
cyclic paths formed with unobservable events only is not
required here. As a consequence, we can also assume that
the language generated by G is always live, since any non-
live language can be made live by adding self-loops labeled
by unobservable events at the states x for which Γ(x) = ∅.
The natural projection Po : Σ∗ → Σ∗o is defined in the
usual way [10]. Its extension to a language L is carried out
in a straightforward way by applying Po to all traces of L,
i.e., Po (L) = {t ∈ Σ∗o : (∃s ∈ L)[Po (s) = t]}. The inverse
∗
projection is the mapping Po−1 : Σ∗o → 2Σ , where, for any
s ∈ Σ∗o , Po−1 (s) = {t ∈ Σ∗ : Po (t) = s}.
Let G1 = (X1 , Σ1 , f1 , Γ1 , x01 , Xm1 ) and G2 =
(X2 , Σ2 , f2 , Γ2 , x02 , Xm2 ) denote two automata whose gen-
erated languages are L1 and L2 , respectively. The parallel
composition between G1 and G2 as defined in [11] will be
denoted as G1 kG2 . If we define Σ = Σ1 ∪Σ2 , P1 : Σ∗ → Σ1
and P2 : Σ∗ → Σ2 , then, it is not difficult to prove that
L(G1 kG2 ) = P1−1 (L1 ) ∩ P2−1 (L2 ).
The dynamic behavior of a deterministic automaton G
with unobservable events can be described by a deterministic
automaton called observer, here denoted as Obs(G) =
(Xobs , Σo , fobs , Γobs , x0obs , Xmobs ). The states of Xobs in-
dicate where automaton G can be after observable events
are recorded, and for this reason Xobs ∈ 2X (2X denotes
the power set of X). An algorithm for computing all the
states and transitions of Obs(G) can be seen in [11, p. 89].
A. Failure diagnosis of DES
Let Σf = {σf } ⊆ Σuo denote the set of failure events of
G and assume that the occurrence of σf must be diagnosed,
i.e, we must somehow be sure, after a finite number of steps
of the occurrence of σf that it has actually occurred. This
language property is called diagnosability.
Let us assume that Ψ(Σf ) denote the set of all traces of
L that ends with the failure event σf . With a slight abuse
of notation, we use Σf ∈ s to denote that s ∩ Ψ(Σf ) 6= ∅,
397
Authorized licensed use limited to: UNIVERSIDADE FEDERAL DO RIO DE JANEIRO. Downloaded on July 12,2023 at 15:07:35 UTC from IEEE Xplore. Restrictions apply.
where s = {u ∈ Σ∗ : (∃v ∈ Σ∗ )[uv = s]}. Therefore, s ∈ L
is a trace that has the failure event σf if Σf ∈ s. Language
diagnosability can be formally defined as follows [1].
Definition 1: A live and prefix-closed language L is diag-
nosable with respect to Po : Σ∗ → Σ∗o and Σf if
(∃n ∈ N)(∀s ∈ Ψ(Σf ))(∀t ∈ L/s, |t| ≥ n) ⇒
(∀ω ∈ Po−1 [Po (st)] ∩ L)(Σf ∈ ω).
One way to verify diagnosability is by means of an
automaton called diagnoser [1], [3] which is given by
Gd = (Xd , Σo , fd , Γd , x0d ) = Obs(GkA` ),
where A` = (X` , Σ` , f` , Γ` , x0` ) is the so-called label
automaton, with X` = {N, Y }, Σ` = {σf }, f` (N, σf ) =
f` (Y, σf ) = Y , Γ` (N ) = Γ` (Y ) = Σ` and x0` = N . It is not
difficult to see that L(Gd ) = Po (GkA` ) = Po (L). A state
xd ∈ Xd is called certain (or faulty), if ` = Y for all (x, `) ∈
xd , and normal (or non-faulty) if ` = N for all (x, `) ∈ xd . If
there exist (x, `), (y, `) ˜ ∈ xd , x not necessarily distinct from
y such that ` = Y and `˜ = N , then xd is an uncertain state
of Gd . When the diagnoser is in a certain (normal) state, it
is certain that a fault has (resp. has not) occurred. However,
if the diagnoser is in an uncertain state, it is not sure if the
fault event has occurred or not. As a consequence, if there
exists a cycle formed with uncertain states, only, where the
diagnoser can remain forever, then it will never be able to
diagnose the fault occurrence; on the other hand if somehow
it always leaves this cycle of uncertain states, then this cycle
is not indeterminate. Therefore, it is important to distinguish
between cycles of uncertain states that are indeterminate (in
the sense that the diagnoser is not able to determine if the
fault has occurred) and those cycles of uncertain states that
are not indeterminate.
Definition 2: [1] (Indeterminate observed cycles of Gd )
A set of uncertain states {xd1 , xd2 , . . . , xdp } ⊂ Xd forms
an indeterminate observed cycle if the following conditions
hold true:
IOC.1) xd1 , xd2 , . . . , xdp form a cycle in Gd ;
IOC.2) ∃(xkl l , Y ), (x̃rl l , N ) ∈ xdl , xkl l not necessarily
distinct from x̃rl l , l = 1, 2, . . . , p, kl = 1, 2, . . . , ml ,
and rl = 1, 2, . . . , m̃l in such a way that the
sequence of states {xkl l }, l = 1, 2, . . . , p, kl =
1, 2, . . . , ml and {x̃rl l }, l = 1, 2, . . . , p, rl =
1, 2, . . . , m̃l form cycles in G;
IOC.3) there exist s = s1 s2 . . . sp ∈ Σ∗ and s̃ =
s̃1 s̃2 . . . s̃p ∈ Σ∗ such that Po (s) = Po (s̃) 6=
, where sl = σl,1 σl,2 . . . σl,ml −1 , f (xjl , σl,j ) =
xj+1 , j = 1, 2, . . . , ml − 1, f (xm l , σl+1,0 ) = xl+1 ,
l 1
l
mp
and f (xp , σ1,0 ) = x1 , and similarly for s˜l .
1

Assume now that there exists a set of states
{xi1 , xi2 , . . . , xik } ⊂ X that form a cycle of states
connected with unobservable events. Consider a trace
s = so (σi1 , σi2 , . . . , σik )n ∈ L (n ∈ N), where
(σi1 , σi2 , . . . , σik )n ∈ Σ∗uo and assume, without loss
of generality, that the last event of so is observable.
Let us suppose, initially, that σf ∈ / s and that there
 is no faulty trace1 s0 such that Po (s) = Po (s0 ). In
this case there will exist in Gd a state xN d such that
{xi1 N, xi2 N, . . . , xik N } ⊆ xN d . On the other hand,
if Σf ∈ so and f` (x0,` , so ) = xY` , where f` is the
transition function of G` = GkA` , x0,` and xY` are,
respectively, the initial and a certain state of G` , and if
there is no normal trace s00 such that Po (s) = Po (s00 ),
then, there will exist a certain state xYd of Gd such
that (xY` ∪ {xi1 Y, xi2 Y, . . . , xik Y }) ⊆ xYd . It is still
possible that a normal trace s00 (bounded length or not)
such that f` (x0,` , so ) = xN ` , where x`
N
is a normal
state of G` , and Po (s) = Po (s ), exists. In this case,
00
there will exist an uncertain state xYd N in Gd such that
(xY` ∪ {xi1 Y, xi2 Y, . . . , xik Y } ∪ xN ` ) ⊆ xd . In all the
YN
above cases, Gd halts when it reaches the corresponding
normal, faulty and uncertain states, in spite of the plant
evolution. We say, in this case, that there exist hidden cycles
in the above states.
Definition 3: [3] (Hidden cycles and indeterminate hidden
cycles of Gd ) Let xd = {x1 `1 , x2 `2 , . . . , xn `n } be a state
of Gd . There exists a hidden cycle in xd if for some
{i1 , i2 , . . . , ik } ⊆ {1, 2, . . . , n}, the following conditions
hold true:
HC.1) xi1 , xi2 , . . . , xik form a cycle in G;
HC.2) {σi1 , σi2 , . . . , σik } ⊆ Σuo , where σi1 , σi2 , . . . , σik
are such that f (xij , σij ) = xij+1 , j = 1, 2, . . . , k −
1, and f (xik , σik ) = xi1 .
If xd is an uncertain state of Gd and besides conditions HC.1)
and HC.2), the following condition is also satisfied,
HC.3) `ij = Y , j = 1, 2, . . . , k,
then xd has an indeterminate hidden cycle.
In accordance with Definition 3, there exist hidden cycles
in states xN d and xd of Gd and an indeterminate hidden
Y
cycle in xd . Notice that in the verification of language
YN
diagnosability, state xYd (xN d ) ensures that the fault has
(resp. has not) occurred, and so, the existence of hidden
cycles in normal or certain states of Gd does not affect the
language diagnosability. On the other hand, the existence
of indeterminate hidden cycles implies that the language is
not diagnosable since there exist two traces, a faulty one
(unbounded), s, and a normal one bounded, s00 , such that
Po (s) = Po (s00 ). The following necessary and sufficient
condition for diagnosability can be stated.
Theorem 1: [1], [3] The language L generated by automa-
ton G is diagnosable with respect to projection Po : Σ∗ →
Σ∗o and Σf = {σf } if, and only if, its diagnoser Gd has no
indeterminate (observed or hidden) cycles.
B. Time-weighted systems
In this section, we will review the main concepts of time-
weighted systems. For a more complete treatment, the reader
is referred to the seminal paper by Su et al. [6].
A finite-weighted automaton is a two-tuple (G, w), where
G = (X, Σ, f, Γ, x0 , Xm ) and w : X × Σ → R+ is the
weighting function which assigns a positive weight to each
1A trace s is said to be faulty (normal) if Σf ∈ s (resp. Σf ∈
/ s).
Authorized licensed use limited to: UNIVERSIDADE FEDERAL DO RIO DE JANEIRO. Downloaded on July 12,2023 at 15:07:35 UTC from IEEE Xplore. Restrictions apply.
transition of G and is defined over a pair (x, σ) ∈ X × Σ
if, and only if, transition f (x, σ) is defined. The weights
denote the duration required for the corresponding transition
to be completed. A time-weighted automaton is a three-tuple
G = ((G, w), h) where (G, w) is a finite-weighted automaton
and h ⊆ Σ × Σ is a reflexive and symmetric binary relation
called intrinsic mutual exclusion relation. A pair (σ, σ 0 ) ∈ h
if the firings of σ and σ 0 are mutually exclusive, i.e., if one
event is under execution, the other event will not be initiated;
otherwise, (σ, σ 0 ) ∈
/ h. The term “intrinsic” means that the
mutual exclusion relation imposed by h is a property of the
system. In each automaton G, the order of events in a string
s ∈ L(G) denotes the order of the corresponding starting
moments of event firings, and it is possible that the starting
moments of two consecutive firings in s are identical. For
example, suppose s = ab ∈ L(G) and let ta , tb ∈ R+ ∪ {0}
be the corresponding starting moments of events a and b.
Thus, ta ≤ tb . On the other hand, if (a, b) ∈ h, then
necessarily, tb ≥ ta + w(x0 , a). As in the definition of ordi-
nary finite-state automata, if an event σ is shared by several
component automata, then the starting moments of the firings
of σ in all automata must be synchronized. Figure 1 depicts
time-weighted automaton G. Notice that label “a/2” over
transition f (1, a) = 2 means that w(1, a) = 2; the remain-
ing labels are interpreted similarly. Given two finite-state
a/2 b/1, c/3
1 2 3
d/1 a/2
4

Fig. 1. A time-weighted automaton G.
weighted automata ((Gi = Xi , Σi , fi , xi,0 , Xi,m ), wi )(i =
1, 2), the parallel composition of (G1 , w1 ) and (G2 , w2 ),
denoted as (G1 , w1 )||(G2 , w2 ), is a weighted automaton
((G = X, Σ, f, x0 , Xm ), w), where X = X1 × X2 , Σ :=
Σ1 ∪ Σ2 , x0 := (x1,0 , x2,0 ), Xm = X1,m × X2,m , and
w : X1 × X2 × (Σ1 ∪ Σ2 ) → X1 × X2 is defined as
follows: (i) f ((x1 , x2 ), σ) is defined according to the parallel
composition rules presented in [11]; (ii) w : X1 ×X2 ×(Σ1 ∪
Σ2 ) → R+ is defined as follow: w((x1 , x2 ), σ) = w(x1 , σ),
if σ ∈ Γ1 \ Σ2 , w((x1 , x2 ), σ) = w(x2 , σ), if σ ∈ Γ2 \ Σ1 ,
w((x1 , x2 ), σ) = max{w(x1 , σ), w(x2 , σ)}, if σ ∈ Γ1 ∩ Γ2 ,
and undefined, otherwise.
C. Max-plus matrix representation of time-weighted au-
tomata
Let us define ε := −∞, e := 0 and Rmax = R ∪ {ε},
where R denotes the set of real numbers. For two elements
a, b ∈ Rmax , the ⊕ and ⊗ operations are defined as follows:
a ⊕ b := max(a, b) and a ⊗ b := a + b. (1)
It is not difficult to see that a ⊕ ε = ε ⊕ a = a and a ⊗ ε =
ε ⊗ a = ε. The five-tuple (Rmax , ⊕, ⊗, ε, e) is called a max-
plus algebra. As in the conventional algebra, ⊗ operation has
398
 priority over ⊕ and distributes over ⊕. Powers are defined
in max-plus algebra in the usual way as follows:
x⊗n := x ⊗ x ⊗ x . . . ⊗ x = n × x.
| {z } A+ :=
n times
The set of m × n max-plus matrices is denoted as Rmaxm×n
. Then, the maximum weight sum of all paths from state j to
The element aij of a matrix A ∈ Rmax is sometimes denoted
as [A]ij . The sum of two matrices A, B ∈ Rm×nmax is denoted
as [A ⊕ B]ij = aij ⊕ bij = max(aij , bij ). Clearly, A ⊕ B =
B ⊕ A. In addition, for α ∈ Rmax , then [α ⊗ A]ij = α ⊗ aij .
For two matrices C ∈ Rm×l max and B ∈ Rmax the product
l×n
matrix A ⊗ B is defined as follows:
l
M ε ε ε ε
[A ⊗ B]ik = aij ⊗ bjk = max{aij + bjk }, i ∈ m, k ∈ n,
j=1
j∈l
where m = {1, 2, . . . , m} and n = {1, 2, . . . , n}. The
m × n matrices ε(m, n) and E(m, n) whose elements as
defined as [E(m, n)]ij = e, if i = j and ε, satisfy the
following relationships: A ⊕ ε(n, m) = A = ε(m, n) ⊕ A
and A ⊗ E(n, n) = A = E(m, m) ⊗ A. In addition,
for k ≥ 1, we have that A ⊗ ε(n, k) = ε(m, k) and
ε(k, m) ⊗ A = ε(k, n). For Rm×nmax , the matrix addition ⊕ is
associative, commutative, and has zero element ε(m, n) and
the matrix product ⊗ is associative, distributive with respect
to ⊕, possesses the unit element E(n, n), and is absorbing
for ε(n, n). As in the conventional algebra, ⊗ is not, in
general, commutative. In the addition and multiplication of
scalars, the matrix product ⊗ has priority over ⊕. For a
matrix A ∈ Rn×nmax , a k-th power of A is defined as:
A⊗k := A ⊗ A ⊗ ... ⊗ A .
| {z }
k times
By definition, A := E(n, n).
⊗0
Let G denote a time-weighted automaton with n states and
assume that the states of G have been renamed in a such way
that X = {1, 2, . . . , n}. The max-plus matrix that represents
G is a square matrix A(n, n) whose i, j-th element is defined
as follows:
 L
 σk ∈Γ(j) w(j, σk ),
[A(n, n)]ij = if f (j, i) is defined, (4)
ε, otherwise.

As an example, the max-plus matrix for the time weighted
automaton G of Figure 1 can be obtained using equation (4),
being given as:
 
ε ε ε ε
 2 ε ε ε 
A=  a parallel composition between Gd and G` , its states are
 ε 3 ε ε 
ε 1 2 ε
Notice that element a32 = 3, because it is the maximum
weight among all transitions from state 2 to state 3.
Lemma 1: [7] Let A ∈ Rn×n max be the max-plus
matrix associated with an acyclic automaton2 G =
2 An acyclic automaton is an automaton that has no cycle of states.
Authorized licensed use limited to: UNIVERSIDADE FEDERAL DO RIO DE JANEIRO. Downloaded on July 12,2023 at 15:07:35 UTC from IEEE Xplore. Restrictions apply.
((X, Σ, f, Γ, x0 , Xm ), w), where X = {1, 2, . . . , n}. Define
the following matrix:
n
(2) M
A⊗k = A ⊕ A⊗2 ⊕ A⊗3 ⊕ . . . ⊕ A⊗n . (5)
k=1
state i is equal to element [A+ ]ij . Moreover, if L
we truncate
p
the above sum to p (p < n) and define A+ p := k=1 A
⊗k
,
then [Ap ]ij will represent the maximum weight of all paths
+
from j to i of length p.
Matrix A+ is called maximum weight matrix. For automaton
G of Figure 1, the maximum weight matrix A+ is given by:
 
 2 ε ε ε 
A+ =  5 3 ε ε 

7 5 2 ε
Notice that element a+ 41 = 7, which is equal to the maximum
weight of the paths from initial state 1 to marked state 4.
Remark 1: Notice that the max-plus matrix A above is
strictly lower triangular (the elements on the main diagonal
and above are all equal ε, which implies that all powers of A
are also strictly lower triangular). This is true for all max-plus
matrices associated with acyclic time-weighted automata.
Using this fact, it is possible to develop a procedure to
obtain the maximum weight of all paths from j to i of length
p without computing max-plus powers of A. The resulting
procedure is similar (regarding computational complexity) to
that proposed in [12]. 
III. A NEW NECESSARY AND SUFFICIENT CONDITION
(3) FOR DIAGNOSABILITY OF DISCRETE EVENT SYSTEM
In this section, we will present a different approach to
the verification of language diagnosability that leads to a
new necessary and sufficient condition. The idea behind the
proposed approach is motivated by the following reasons:
(i) diagnoser Gd does not carry enough information to
determine if an observed cycle of uncertain states is an
indeterminate cycle; (ii) in order to determine the nature of
a hidden cycle in G, it is necessary to search for cycles
of states connected with unobservable events in G; (iii) as
pointed out in [4], the problem of finding cycles is worse
than exponential is the number of states.
Let us define Gscc = Gd ||G` , where G` = G||A` , and,
Gd = Obs(G` ) according to Section II. We may state the
following result.
Lemma 2: L(Gscc ) = L(G` ) = L(G).
Notice that, since automaton Gscc is obtained by performing
of the type (xd , x` ). Moreover, there exists the following
inclusion relationship between x` and xd .
Lemma 3: All states (xd , x` ) of Gscc satisfies the follow-
ing inclusion: x` ⊆ xd .
We will now present a necessary and sufficient condition
for language diagnosability that replaces the search for cycles
with the search for strongly connected components. Strongly
connected components, although being also cycles, are less
399
 computationally demanding since in the worst case are linear Remark 2: Note that automata formed in algorithm 1 are
in the number of transitions [5], [13]. obtained by unary operations with input automata. Therefore,
We may now state the following result. in the worst case, the computational complexity of forming
Theorem 2: The language L generated by automaton G all automata Gf i , i = 1, 2, . . . , p is O(|Xd ||X|2 ).
is diagnosable with respect to projection Po : Σ∗ → Σ∗o and We may state the following results.
Σf = {σf } if, and only if, Gscc has no strongly connected Lemma 4: Let L(Gfi ) denote the language generated by
components formed with states (xd , x` ), such that xd is Gfi , i = 1, 2, . . . , p. Then
uncertain and x` certain.
∪pi=1 L(Gfi ) = {t ∈ Σ∗ : (∃s ∈ Ψ(Σf ) ∩ L(Gscc m
)∧
IV. C OMPUTING THE MAXIMUM TIME TO DIAGNOSE m
(∃xm ∈ Xscc,m )[(st ∈ L(Gscc ))∧ m
m
FAILURE OCCURRENCES (fscc (xiscc,0 , t) = xm )]}
In this section we will address the problem of finding the Lemma 5: Automaton Gfi , i = 1, 2, . . . , p does not have
maximum time the diagnosis system takes to diagnose a fault strongly connected components.
occurrence. In order to do so, we make two assumptions. Lemma 4 shows that all language continuation of all traces
A1. The language L is diagnosable with respect to projection of G that end with a failure event and leads to certain
Po and Σf . states of Gd are covered by automaton Gfi , i = 1, 2, . . . , p,
A2. The time-weighted automaton G = ((G, w), h) is such whereas Lemmas 5 ensures that Gfi , i = 1, 2, . . . , p has
that h = Σ × Σ. no strongly connected components. Therefore, the maximum
Assumption A1. is necessary since the problem addressed time necessary to diagnose the fault occurrence can be
here would not make sense if L were not diagnosable. calculated according to the following result.
Assumption A2. implies that any event cannot start firing Theorem 3: Let the states of Gfi , i = 1, 2, . . . , m be
if there is another one that is under execution, which makes renamed such that Xfi = {1, 2, . . . , qi }, where qi = |Xfi |,
sense since we are interested in computing the maximum x0,fi = 1 and Xfi ,m = {i1 , i2 , . . . , iki } ⊆ {1, 2, . . . , qi }.
time for diagnosis. Let Ai denote the max-plus matrix associated with Gfi ,
Let G denote the time-weighted automaton that models the i = 1, 2, . . . , m. Then
plant and A` the time-weighted label automaton. In addition, (a) The time tfi the diagnoser takes to diagnose the failure
let us denote G` = GkA` and Gd = Obs(G` ) with respect to occurrence due to the paths existing in automaton Gfi
Po . We start by calculating a new automaton Gfi according is given by:
to the following algorithm.  
Algorithm 1:
M
tfi =  [A+i ]i,1
 ⊗ tσf ,i
Input Time-weighted automata G, G` , and Gd . i∈{i1 ,i2 ,...,iki }
Output Automaton Gfi .
S TEP 1. Compute G`m from G` by marking all states of where tσf ,i is the weight associated with the failure
G` with label Y. event that formed Gfi .
S TEP 2. Compute Gdm from Gd by marking all certain states (b) The maximum time tf to diagnose the failure occur-
of Gd . rence is m
S TEP 3. Compute
M
tf = tfi .
m i=1
Gscc = Gdm kG`m = (Xscc
m m
, Σ, fscc , Γm m m
scc , xscc,0 , Xscc,m )
V. E XAMPLE
.
In order to illustrate the results of the paper, let us consider
S TEP 4. Set Γ(xm ) = ∅ for all marked states xm of Gscc m
,
automaton G depicted in Figure 2, where Σuo = {σf }.
i.e., remove all output transitions from the marked
states xm of Gscc
m
, and compute
σf /1 a/9
m
Gscc,t = m
trim(Gscc ) 11 1 2 3
m m g/1 b/3 d/4 b/3
= (Xscc,t , Σ, fscc,t , Γm m m
scc,t , xscc,t,0 , Xscc,t,m ) a/9
g/1
12 7 9 10 4
S TEP 5. Find all states xi of Gscc,t
m
that satisty σf ∈ Γ(xi ). d/4
σf /1 d/4
t/2 g/1
Suppose that there exist p states that satisfy this
b/3 t/2
requirement. For each i = 1, 2, . . . , p: 8 6 5
t/2
S TEP 5.1 Construct an automaton
i i
Gscc,i = (Xscc , Σ, fscc , Γiscc , xiscc,0 , Xscc,m
i
), Fig. 2. Time-weighted automaton G.

such that Xscc

i m
= Xscc,t , fscc
i m
= fscc,t , In order to compute the maximum time to diagnose the
Γscc = Γscc,t , xscc,0 = fscc,t (xi , σf ) e
i m i m
occurrence of σf , the first step is to form the time-weighted
i
Xscc,m m
= Xscc,t . diagnoser Gdm = Obs(G m kG`m ), which is shown in Figure 3.
S TEP 5.2 Gfi = trim(Gscci )

400
Authorized licensed use limited to: UNIVERSIDADE FEDERAL DO RIO DE JANEIRO. Downloaded on July 12,2023 at 15:07:35 UTC from IEEE Xplore. Restrictions apply.
 {11N, 9Y, 4Y} d/4
b/3 b/3
a/9 ({3Y, 8Y, 7N}, 8Y) ({11N, 9Y, 4Y}, 9Y)
{2Y, 1N} {3Y, 8Y, 7N} g/1
t/2 {6Y}
g/1
d/4 d/4
{10Y, 12N, 5Y} t/2 ({3Y, 8Y, 7N}, 3Y) ({10Y, 12N, 5Y}, 10Y)
b/3 t/2
d/4
Fig. 3. Time-weighted diagnoser automaton Gdm . ({11N, 9Y, 4Y}, 4Y) ({ 6Y}, 6Y)
g/1 t/2
({10Y, 12N, 5Y}, 5Y)
({2Y, 1N}, 1N) ({3N, 4N, 6Y}, 4N)
σf /1 a/9 d/4 g/1 Fig. 5. Time-weighted automaton Gf1 .
b/3
({2Y, 1N}, 2Y) ({3Y, 8Y, 7N}, 7N) ({11N, 9Y, 4Y}, 11N)
σf /1 VI. C ONCLUSIONS
a/9
({11N, 9Y, 4Y}, 9Y) b/3 ({3Y, 8Y, 7N}, 8Y) In this paper the problem of finding the maximum time
d/4
g/1 for failure diagnosis of DES has been addressed. In order
({3Y, 8Y, 7N}, 3Y) ({10Y, 12N, 5Y}, 10Y)
b/3 t/2
to do so, the DES has been modeled using time-weighted
({11N, 9Y, 4Y}, 4Y)
d/4
({ 6Y}, 6Y)
automaton, recently introduced in the literature. In order to
g/1 t/2 take into account the time interval between occurrences of
({10Y, 12N, 5Y}, 5Y)
t/2
observable events that have unobservable events in between,
a new test for verification of language diagnosability of
Fig. 4. Time-weighted test diagnoser automaton Gscc
m .
DES, also based on diagnosers has been proposed. Besides
incorporating unobservable events to its event set, the diag-
nosability test based on verification diagnosers, also has the
The next step is to compute Gscc m
= Gdm kG`m , which is following advantages: it does not require the usual assump-
depicted in Figure 4. Notice that since Gsccm
has no strongly tions on language liveness and cycles of states connected
connected components formed with states (xd , x` ), xd uncer- with unobservable events and it is based on the search for
tain and x` certain, the language is diagnosable with respect strongly connected components, as opposed to cycles as the
to Po e Σf . In addition, notice that Gscc
m
has only one marked usual diagnoser tests. With the new test, the computation
state ({{6Y }, 6Y }) and there are two states xscc such that of the maximum time for diagnosing failure occurrences
σf ∈ Γm scc (xscc ). As a consequence, according to Step 5 of can be carried out in a straightforward by using either the
Algorithm 1, two automata, Gf1 and Gf2 , must be formed; automaton max-plus matrix (as done in the paper) or the
for conciseness reasons, only automaton Gf1 , depicted in iterative algorithm [12] recently proposed in the literature.
Figure 5, will be analyzed here.
The max-plus matrix A1 that corresponds to Gf1 , as well as R EFERENCES
its maximal weight matrix A+ 1 are given by: [1] M. Sampath, R. Sengupta, S. Lafortune, K. Sinnamohideen, and
  D. Teneketzis, “Diagnosability of discrete-event systems,” IEEE Trans-
ε ε ε ε ε ε ε actions on Automatic Control, vol. 40, no. 9, pp. 1555–1575, 1995.
 3 ε ε ε ε ε ε  [2] R. Debouk, S. Lafortune, and D. Teneketzis, “Coordinated decentral-
ized protocols for failure diagnosis of discrete event systems,” Discrete
 
 ε 1 ε ε ε ε ε 
  Event Dynamic Systems: Theory and Applications, vol. 10, no. 1, pp.
A1 =   ε ε 4 ε ε ε ε  33–86, 2000.

 ε ε ε 3 ε ε ε  [3] L. K. Carvalho, J. C. Basilio, and M. V. Moreira, “Robust diagnosis
of discrete event systems against intermittent loss of observations,”
 
 ε ε ε ε 1 ε ε 
Automatica, vol. 48, no. 9, pp. 2068–2078, 2012.
ε ε 2 ε 4 2 ε [4] D. B. Johnson, “Finding all the elementary circuits of a directed
graph,” SIAM Journal of Computing, vol. 4, no. 1, pp. 77–84, 1975.
and [5] T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein, Introduction
to Algorithms. Cambridge, MA: MIT Press, 2007.
 
ε ε ε ε ε ε ε
[6] R. Su, J. van Schuppen, and J. E. Rooda., “The synthesis of time

 3 ε ε ε ε ε ε 
 optimal supervisors by using heaps-of-pieces,” IEEE Transactions on
 4 1 ε ε ε ε ε  Automatic Control, vol. 57, no. 1, pp. 105–118, 2012.
A+ [7] B. Heidergott, G. J. Olsder, , and J. W. van der Woude, Max Plus at
 
1 =  8 5 4 ε ε ε ε 
.
 Work. New Jersey, NJ: Princeton University Press, 2006.

 11 8 7 3 ε ε ε 
 [8] S. Tripakis, “Fault diagnosis for timed automata,” In Proc. Int. Conf. on
 12 9 8 4 1 ε ε  Formal Techniques in Real Time and Fault Tolerant Systems., vol. 24,
15 12 11 7 4 2 ε no. 3, pp. 205–224, 2002.
[9] R. Alur and D. L. Dill, “Optimal paths in weighted timed automata,”
Notice that element a71 = 15, and thus, the maximum Theoret. Comput. Sci., vol. 126, no. 2, pp. 183–235, 1994.
weight from initial state ({3Y, 8Y, 7N }, 8Y ) to marked state [10] P. J. Ramadge and W. M. Wonham, “The control of discrete-event
systems,” Proceedings of the IEEE, vol. 77, no. 1, pp. 81–98, 1989.
({6Y }, 6Y ) is equal to 15. Since the failure weight is ts = 1, [11] C. G. Cassandras and S. Lafortune, Introduction to Discrete Events
then tf1 = 15 + 1 = 16. Proceeding the same way, the Systems, 2nd ed. New York, NY : USA: Springer, 2008.
maximum time to diagnose σf following the paths given in [12] R. Su and G. Woeginger, “String execution time for finite languages:
Max is easy, min is hard,” Automatica, vol. 47, no. 10, 2011.
Gf2 is tf2 = 17. Therefore, the maximal time to diagnose the [13] R. Tarjan, “Depth first search and linear graph algorithms,” SIAM
occurrence of σf is tf = tf1 ⊕ tf2 = max(tf1 , tf2 ) = 17. Journal of Computer, vol. 1, no. 2, pp. 146–160, 1972.

401
Authorized licensed use limited to: UNIVERSIDADE FEDERAL DO RIO DE JANEIRO. Downloaded on July 12,2023 at 15:07:35 UTC from IEEE Xplore. Restrictions apply.