Codiagnosability of Networked Discrete Event Systems With Timing Structure

IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 67, NO.
8, AUGUST 2022 3933
Codiagnosability of Networked Discrete Event

Systems With Timing Structure
Gustavo S. Viana , Member, IEEE, Marcos V. S. Alves ,
and João Carlos Basilio , Senior Member, IEEE
Abstract—We address, in this article, the problem of co- through the channels. An indirect approach to reduce communi-
diagnosability of networked discrete event systems with cation frequency between LD and MS is by minimizing sensor
timing structure (NDESWTS) subject to delays and loss activation [4], and expect that such a reduction is effective in
of observations of events between the measurement sites avoiding communication delays. If communication delays still
(MS) and local diagnosers (LD). To this end, we first in- persist to exist even after sensor activation minimization, the
troduce a new timed model that represents the dynamic
behavior of the plant based on the, a priori, knowledge of
diagnoser will be likely to observe events with some delay after
the minimal activation time for each transition of the plant its occurrence, and also in a different order from their actual
and on the maximal delays in the communication channels order of occurrence in the plant when multiple communication
that connect MS and LD. We then convert this timed model channels are deployed [5]; therefore diagnosers, unless designed
into an equivalent untimed one, and add possible intermit- to take into account such delays and changes in the order of event
tent packet loss in the communication network. Based on observations, are likely to make wrong decisions regarding fault
this untimed model, we present necessary and sufficient occurrences. In addition, in the sending of information, packet
conditions for NDESWTS codiagnosability and propose two loss may occur.
tests for its verification: one that deploys diagnosers and The problem of fault diagnosis of DES with delays in com-
another one that uses verifiers. munication networks was first addressed in [6] and [7]. In [6], no
Index Terms—Automata, discrete event systems, fault delay between the MS and the diagnoser is assumed, and in [7],
diagnosis, networked systems. it is assumed that the communication delay between two local
diagnosers is equal and also that local diagnosers can exchange
information between them to infer the fault occurrence. As
I. INTRODUCTION in [6], it is assumed that there is no delay between the MS and
diagnosers. The problem of DES subject to unreliable obser-
OST of the works in the area of fault diagnosis of DES
M assume that all information is received by the diagnoser
without any delay [1], [2]. However, due to the complexity of in-
vations of events was addressed in [8] and [9] (in the context
of fault diagnosis and detectability) without considering com-
munication delays. The definition of network codiagnosability
dustrial plants, diagnosers are often implemented in a distributed
of DES subject to event communication delays was introduced
way, which requires that the communication channels between
in [5], in which communication delays are measured in terms of
the measurement sites (MS) and the local diagnoser (LD) be
steps, i.e., k ∈ N steps accounts for the occurrence of, at most,
performed through networks [3].
k events until the information of the occurrence of an event
With the development of network technology, it has become
arrives at the local diagnoser. An important restriction of this
more common in industrial plants to implement communication
approach is that every event occurrence is counted as one step,
systems that share communication channels to transmit different
and so, no information regarding the time elapsed between event
kinds of data. This has led to the so-called networked discrete
occurrences is taken into account.
event systems. As a consequence, intense data traffic in the
The problem of networked discrete event systems with com-
communication channels together with long distances between
munication delays has also been addressed in the context of
MS and diagnosers may delay the information communicated
supervisory control of DES by [10]–[12]. Those works assume
that no change occurs in the order of event observations by
the supervisor. Such a problem is not relevant in the context
Manuscript received 25 March 2020; revised 15 September 2020 and of codiagnosability, which is not time critical, i.e., the diagnoser
14 May 2021; accepted 22 August 2021. Date of publication 30 August
2021; date of current version 29 July 2022. This work was supported
may detect the fault after an arbitrarily large number of event
in part by the Coordenação de Aperfeiçoamento de Pessoal de Nível occurrences, and thus, bounded communication delays that can-
Superior (CAPES), Finance Code 001, and in part by the Brazilian not change the order of event observation only implies that the
Research Council (CNPq) under Grant 309.652/2017-0. Recommended diagnoser takes longer to detect the fault occurrence. Still in
by Associate Editor J. Komenda. (Corresponding author: João Carlos the context of supervisory control, the authors in [13] and [14]
Basilio.)
The authors are with the Department of Electrical Engineering, Uni- assume that communication delays may change the order of
versidade Federal do Rio de Janeiro, Rio de Janeiro, RJ 21941- event observation, but the same delay upper bound is assumed for
901, Brazil (e-mail: gustavo.viana@poli.ufrj.br; mvalves@poli.ufrj.br; all communication channels. In addition, in [14], it is assumed
basilio@dee.ufrj.br). that the automaton model of the original system has no loops of
Color versions of one or more figures in this article are available at
https://doi.org/10.1109/TAC.2021.3108518.
events that are subject to communication delays. None of these
Digital Object Identifier 10.1109/TAC.2021.3108518 assumptions are made here.
0018-9286 © 2021 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information.
Authorized licensed use limited to: UNIVERSIDADE FEDERAL DO RIO DE JANEIRO. Downloaded on July 12,2023 at 15:07:58 UTC from IEEE Xplore. Restrictions apply.
3934 IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 67, NO. 8, AUGUST 2022
In this article, we address the network codiagnosability prob- is defined, that is, there exists y ∈ X such that f (x, σ) = y),
lem assuming that the communication between MS and LD is x0 is the initial state, and Xm is the set of marked states.
performed through a network that can have several channels, The transition function when extended to f : X × Σ∗ → X,
so that, communication delays can cause changes in the or- where Σ∗ is the Kleene-closure of Σ, allows us to define the lan-
der of event observations. We assume a priori knowledge of guages generated and marked by G, (L(G), and Lm (G), respec-
minimal activation times of the plant transitions and maximum tively) as follows: L(G) = {s ∈ Σ∗ : f (x0 , s)!} and Lm (G) =
observation delays between the event occurrence and its actual {s ∈ Σ∗ : f (x0 , s) ∈ Xm }. Let L denote the prefix closure of
observation by the LD, which depends on the communication L. If L = L, then L is said to be prefix-closed.
channel used to transmit the event. We also take into account loss Given a trace s ∈ L, we denote as |s|, the length of s, i.e.,
of observations. Such a class of networked DES will be referred the number of events in s, and define the postlanguage of L
here to as networked discrete event systems with timing structure after s as L/s = {t ∈ Σ∗ : st ∈ L}. We can assume that the
(NDESWTS). language generated by G is always live.2 The natural pro-
The main contributions of this article are as follows: 1) we jection P : Σ∗a → Σ∗b , where Σb ⊂ Σa is defined in the usual
present a methodology to construct equivalent untimed automata way [18], i .e., P (ε) = ε, P (σ) = σ, if σ ∈ Σb , P (σ) = ε, if
that model the behavior of a NDESWTS from the point of view σ ∈ Σa \ Σb , and P (sσ) = P (s)P (σ), ∀s∗ ∈ Σ∗a and σ ∈ Σa .
of the LD; 2) a necessary and sufficient condition for codiag- The inverse projection is P −1 : Σ∗b → 2Σa , where, for every
nosability of NDESWTS based solely on the equivalent untimed s ∈ Σ∗b , P −1 (s) = {t ∈ Σ∗a : P (t) = s}. For a language L ⊂
models; 3) two tests for the verification of codiagnosability of Σ∗a , P (L) = {s ∈ Σ∗b : (∃t ∈ L)[P (t) = s]} and similarly for
NDESWTS, one based on diagnosers1 and another one that em- P −1 (M ), where M ⊂ Σ∗b .
ploys verifiers. It is worth remarking that, since the NDESWTS The T rim operation is defined as T rim(G) = Coac
leads to several untimed automata, each one representing the [Ac(G)] = Ac[Coac(G)], where Coac and Ac denote coac-
effects of communication delays and loss of observation for each cessible and accessible part of an automaton, respec-
local diagnoser, the usual tests for codiagnosability verification tively [18, p. 75]. Let G1 = (X1 , Σ1 , f1 , Γ1 , x01 , Xm1 ) and
cannot be applied to the problem addressed here, being therefore G2 = (X2 , Σ2 , f2 , Γ2 , x02 , Xm2 ) denote two deterministic au-
necessary to propose new verification algorithms. tomata whose generated languages are L1 and L2 , respectively.
We remark that the timed discrete event system (TDES) model The parallel composition between G1 and G2 , as defined in [18],
proposed in [16], where an event called tick is introduced to will be denoted as G1 G2 . If we denote, P1 : Σ∗ → Σ∗1 and P2 :
represent the “tick of the global clock,” could also be used to Σ∗ → Σ∗2 , where Σ = Σ1 ∪ Σ2 , then L(G1 G2 ) = P1−1 (L1 ) ∩
model the effects of communication delays, as done in [14], to
P2−1 (L2 ). The observable behavior of a deterministic automaton
verify the robustness of synchronous communication protocols ˙ uo , can be described by a deterministic
G, where Σ = Σo ∪Σ
with delay for decentralized discrete-event control. The main
automaton called observer, here denoted as Obs(G, Σo ).
limitation of the approaches in [14] and [16] appears when the
Given an automaton G, a strongly connected component
system has both fast and slow dynamics: due to fast system
(SCC) is a maximal set of states XC ⊆ X such that ∀xi , xj ∈
behavior, tick will be associated with a small time interval,
XC , ∃s ∈ Σ∗ : f (xi , s) = xj . In this article, singletons without
and, as a consequence, it may have a large number of states
self-loops are not considered SCCs.
to represent slow dynamics in the model.
The structure of this article is as follows. In Section II, we
present some preliminary concepts. In Section III, we introduce B. Fault Diagnosis of DES
the concept of NDESWTS. In Section IV, we present the model Let Σf = {σf } ⊆ Σuo denote the set of fault events of G,
of the plant subject to communication delays and intermittent and assume that the occurrence of σf must be diagnosed. A
loss of observations. In Section V, we present necessary and faulty trace is a sequence of events s such that σf is one of
sufficient conditions for codiagnosability of NDESWTS and its events. A normal trace, on the other hand, does not contain
propose two tests for its verification: the first one based on event σf . The set of all normal traces generated by the system is
diagnosers, and a second one, based on verifiers. Section VI the prefix-closed language LN ⊂ L. Thus, the set of all faulty
concludes this article. A preliminary version of this article has traces is given by L \ LN . When all information available about
appeared in [17]. Besides presenting here formal proofs of all the system evolution is centralized, we have the diagnosability
results contained in [17], we also include a new section on problem [1]. However, when the information is distributed, the
verification of NDESWTS codiagnosability using diagnosers. use of decentralized diagnosis architectures is more appropriate.
Debouk et al. [2] proposed a decentralized diagnosis scheme in
II. BACKGROUND which sites Si , i ∈ INs = {1, 2, . . . , Ns }, process information
based on signals from sensors connected to them (thus, forming
A. Discrete Event Systems sets Σoi , i ∈ INs , of observable events for each site, which
Throughout this article G = (X, Σ, f, Γ, x0 , Xm ) denotes a implies that all events σ ∈ Σ \ Σoi are considered unobservable
deterministic automaton, where X is the finite state space, Σ for site Si ) and communicate their diagnosis decision to the
is the set of events, f : X × Σ → X is the transition function, coordinator, which processes this information according to a
partially defined over its domain, Γ is the active event function, predetermined rule and makes a decision regarding the fault
i.e., Γ(x) = {σ ∈ Σ : f (x, σ)!} (f (x, σ)! means that f (x, σ) occurrence (fault/non fault). The coordinator declares fault when
at least one of the sites declares fault. Language codiagnosability
1 This is motivated by a recent result [15] that suggests, based on a rigorous can be formally defined as follows [2].
statistical analysis, that the average size of the states of diagnosers and verifiers
is, respectively, Θ(n0.77 log k+0.63 ) and Θ(n2 ), where k (resp.n) is the number 2 Every nonlive language can be made live by adding self-loops labeled by
of events (resp. states) of the plant automaton. unobservable events at the states x for which Γ(x) = ∅.
VIANA et al.: CODIAGNOSABILITY OF NETWORKED DISCRETE EVENT SYSTEMS WITH TIMING STRUCTURE 3935
Definition 1: (Codiagnosability) A live and prefix-closed lan-

guage L is codiagnosable with respect to Poi :Σ∗ →Σ∗oi (i∈INs )
and Σf if
(∃n ∈ N)(∀sY ∈ L \ LN )(∀t ∈ L/sY )
(|t| ≥ n ⇒ (∃i ∈ INs )[Poi (sY t) = Poi (w), ∀w ∈ LN ]).
Codiagnosability verification for regular languages can be
performed using diagnosers [2], [19] or verifiers [20]–[24].
Codiagnosability verification using diagnosers requires, ini-
tially, the construction of the diagnoser automaton
Gd = Obs(G , Σo ) = (Xd , Σo , fd , Γd , x0d ) (1)
where G = G||A = (X , Σ, f , Γ , x0, ), being A =
(XA , ΣA , fA , ΓA , x0,A ) the label automaton, with Fig. 1. NDESWTS architecture.
XA = {N, Y }, ΣA = {σf }, fA (N, σf ) = fA (Y, σf ) = Y
and x0,A = N . The states of G are of form x = (x, ) = x,
for short, where x ∈ X and ∈ {Y, N }, and, thus, the states of
Gd have the form xd = {x1 1 , x2 2 , . . . , xn n }. Of particular communicated to local diagnoser LDi , through communication
interest are the states xd ∈ Xd for which there exist xi i , xj j , channel chij , as Σoij ⊆ ΣMSj . If the communication channel
i = j, i, j ∈ {1, 2, . . . , n}, xi not necessarily distinct from xj , chkl , between a measurement site MSl and a local diagnoser
such that i = Y and j = N , which are referred to as uncertain LDk , does not exist, then Σokl = ∅. Thus, the set of observable
states. The following test automaton is defined in [19]: events of LDi , Σoi , is given by

m
scc = (||i=1 Gdi )||G
Ns
GN s
(2)
Σoi = Σoij (3)
where Gdi = Obs(G , Σoi ) and Ns is the number of sites. j=1
A necessary and sufficient condition for codiagnosability is
and, the set of observable events of the whole system is Σo =
given by the following theorem. Ns
Theorem 1 (see [19]): The language L generated by au- i=1 Σoi . Fig. 1 illustrates the NDESWTS architecture pro-
tomaton G is codiagnosable with respect to Poi : Σ∗ → Σ∗oi , posed in this article for a system with three MS and two LD.
i = 1, 2, . . . , Ns and Σf = {σf }, if, and only if, GN Notice that measurement site MS1 communicates to local diag-
scc does
s
not have any SCCs formed with states (x1d1 , x1d2 , . . . , x1dNs , x1 ), noser LD1 through channel ch11 , those events in Σo11 ⊆ ΣMS1 ,
and has a maximal delay equal T11 , and measurement site MS2
(x2d1 , x2d2 , . . . , x2dNs , x2 ), . . ., (xkd1 , xkd2 , . . . , xkdNs , xk ), such communicates the events in Σo12 ⊆ ΣMS2 and Σo22 ⊆ ΣMS2 to
that, ∀j ∈ {1, 2, . . . , k}, xjdi , i = 1, 2, . . . , Ns , is uncertain, and local diagnosers LD1 and LD2 , respectively, through commu-
xj is an Y-labeled state. nication channels ch12 and ch22 with maximal delays T12 and
Codiagnosability verification using verifiers can be performed T22 . Finally, MS3 communicates to LD2 , through channel ch23
by using the verifier automaton GV = (||i∈INs GN,i )||GF , pro- with maximal delay T23 , those events in Σo23 ⊆ ΣMS3 .
posed in [21], where GN,i models the normal behavior of G It is worth remarking that the difference between Σoij and
from the point of view of local diagnoser LD i and GF models ΣMSj is imposed by diagnosability requirement, namely the need
the fault behavior of G. According to [21], language L is not for a minimal set of observable events that ensure codiagnosabil-
codiagnosable if, and only if, there exists a cycle in GV , whose ity, which is still an open problem, as opposed to the problem
states have the last component labeled with Y and its trace has of minimal diagnosis bases has been addressed in [25] and [26].
at least one event belonging to Σ. This is an important issue since the fewer events are transmitted
on a communication channel, the shorter the communication
delay is likely to be.
III. PROBLEM FORMULATION We make the following assumptions.
In this article, we consider the networked architecture for a A1. L(G) is codiagnosable with respect to Poi , i =
distributed plant introduced in [5] that is formed with m MS 1, . . . , Ns and Σf , where G is the automaton that models
MSj , j = 1, . . . , m, and Ns LD LDi , for i = 1, . . . , Ns . Each the plant.
measurement site MSj records event occurrences of a subset A2. There is only one communication channel chij between
ΣMSj ⊂ Σo of the observable events of the system. In this measurement site MSj and local diagnoser LDi , com-
configuration, only the events detected by measurement site MSj
municating the events in Σoij .
can be communicated through channel chij to local diagnoser
LDi . A3. Each channel chij , is modeled by a first-in first-out
Differently from the approach adopted in [5], where commu- (FIFO) queue, and is subject to a maximal communi-
nication delays were represented by steps, we consider that each cation delay, Tij ∈ R∗+ , with Tij finite and known in
channel chij has a maximal delay Tij ∈ R∗+ , where R∗+ denotes advance.
the set of positive real numbers.3 We denote the set of events A4. ΣMSj ∩ ΣMSk = ∅, j, k ∈ {1, 2, . . . , m}, j = k.
A5. Σoi = Σi,lo ∪Σ ˙ i,nlo , where Σi,lo (resp. Σi,nlo ) denotes
3 This means that T = 0, i = 1, . . . , N , j = 1, 2, . . . , m, i.e., there are no
ij s
the set of events subject (resp. not subject) to commu-
instantaneous transmissions, although they can be made arbitrarily small. nication loss, for local diagnoser LDi .
Assumption A1 ensures that the only cases of interest are

those where the language is codiagnosable by assuming neither
delay nor loss in the transmission of the signals that correspond
to event observations. In accordance with Assumption A2, an
observable event occurrence is transmitted through a unique
channel to a local diagnoser; however, there may exist two
channels to transmit an event occurrence to two different LD.
Assumption A3 imposes that the maximal communication de-
lays are strictly different from zero for all channels, and that there
is no change of order of observation among events transmitted
through the same channel. According to Assumption A4, two Fig. 2. NDESWTS G = (G, tmin , T ) for Example 1: communication
different measurement sites cannot record the occurrence of delay structure (a) and automaton G with minimal time function tmin
the same event. This is so because decentralized diagnosis is (b).
supposed to be applied to distributed systems, in which, events
are locally recorded, as formulated in [2], following the principle
that sensors must be placed as near as possible to where the
events they record occur. Finally, according to Assumption A5,
the observation of the events in Σi,lo is subject to loss due
to package loss or defective sensors. Notice that the loss of
observation of an event does not change the plant behavior, only
its observation.
The consequences of transmission delays in diagnosis sys-
tems depend on the dynamic behavior of the plant, since if the
dynamic of the plant is sufficiently slow, transmission delays
may generate no adverse consequences. In order to take such Fig. 3. Time line after occurrence of event a in state x1 (a) and state
x4 (b) of NDESWTS G from Example 1.
effects into account, we introduce the partial function tmin :
X × Σ → R+ , where tmin (x, σ) = τ , for σ ∈ Γ(x), meaning
that event σ can only occur at state x if the time elapsed since
the last transition occurrence is greater than (but not equal to) between measurement site M Sj and local diagnoser LDi , and
τ . In words, tmin assigns a minimal time to the firing of each Tij = ∞, otherwise.
transition of G and is defined, over a pair (x, σ) ∈ X × Σ if, and Example 1: Consider the NDESWTS G = (G, tmin , T )
only if, transition f (x, σ) is defined. We assume that, according shown in Fig. 2(a) and (b). In Fig. 2(a), we show the
to [18], event is an instantaneous action that changes the state communication delay structure of the NDESWTS architecture,
of the system, and so, if some time is required for the event to consisting of two measurement sites and only one local
be concluded, such a time interval must be taken into account diagnoser. Notice that measurement site MS1 (resp. MS2 )
in order to compute the minimal activation time. For example, communicates only event a (resp. events b and c) to
suppose that, after reaching the end of a conveyor belt, parts local diagnoser LD1 through channel ch11 (resp. ch12 ),
must be sucked by a robotic arm and taken to some specified with maximal delay T11 = 2 time units (resp. T12 = 0.1
place. When some part reaches the end of the conveyor, the event t.u.), and thus, T = [T11 T12 ] = [2 0.1]. Fig. 2(b) depicts
associated with the sensor reading changes the system state. automaton G together with the minimal activation time function
Thus, the activation time of the next event, “robotic arm takes the tmin , which is given as: tmin (x0 , σf ) = 0.1, tmin (x0 , b) =
part to some specified place” will be determined by the minimal tmin (x1 , a) = tmin (x3 , c) = tmin (x4 , a) = tmin (x5 , c) = 1
time the arm takes to move parts from the conveyor end to the and tmin (x2 , b) = 3; the label over transition f (x4 , a) = x5
specified point. We also assume that, ∀x ∈ X and σ ∈ Γ(x), means that tmin (x4 , a) = 1, i.e., event a only occurs at least 1
tmin (x, σ) > 0. The need for excluding τ = 0 is imposed by t.u. after G enters in state x4 . Finally, assume that no event is
a technical constraint necessary to allow the NDESWTS to be subject to loss of observation, i.e., Σ1,lo = ∅.
converted into an untimed finite-state automaton. Notice that When the system generates traces s1 = σf abcp , where p ∈
this assumption is reasonable, and is equivalent to consider that N, event a will always be observed by the local diagnoser LD1
a state transition cannot occur immediately after a previous one, before the occurrence of event b, since the observation of event
that is, the system needs to remain for some time in a given state a can be delayed by at most T11 = 2 t.u. and event b occurs
before a new transition occurs. We will refer to tmin (x, σ) as at least 3 t.u. after the occurrence of event a, as show in the
the minimal activation time. It is not difficult to see that when time line depicted in Fig. 3(a). The same occurs with respect
the domain of tmin is extended to X × Σ∗ then tmin (x, ε) = to the occurrences of events b and c, since they are transmitted
0, and tmin (x, sσ) = tmin (x, s) + tmin (f (x, s), σ) for s ∈ Σ∗ through the same communication channel. Therefore, after the
and σ ∈ Σ. occurrence of s1 , the diagnoser observes s1s = as bs cps , where
We can now introduce the definition of NDESWTS. as , bs , and cs denote the successful observation of events a, b,
Definition 2 (NDESWTS): A NDESWTS is a triple G = and c, respectively. Assume, now, that the system executes traces
(G, tmin , T ), where G = (X, Σ, f, Γ, x0 , Xm ) is a finite-state s2 = bacq , where q ∈ N. In this case, events b and a are always
automaton, tmin : X × Σ → R∗+ is the minimal activation time observed in the same order as their occurrences in the plant since
function and T : Ns × m is the maximal matrix delay, where tmin (x4 , a) > T12 . However, as show in the time line depicted
each element Tij represents the maximal delay of each channel in Fig. 3(b), it is possible that the diagnoser observes either
chij such that Tij ∈ R∗+ , if there exists a communication channel s2s = bs as cqs or s2s = bs cs as cq−1
s , since tmin (x5 , c) < T11 .
∗
Notice that, if we use steps as proposed in [5] to measure Finally, for a trace wt ∈ (∪N i=1 Σai ) , Pt,i (wt ) returns the trace
s
∗
communication delays in the NDESWTS of Example 1, and in Σai associated with local diagnoser LDi .
assuming that the delays of channels ch11 and ch12 are at most Let wσ(k) denote the prefix of a trace w ∈ Σ∗ai whose last
1 and 0 steps, respectively, then a change in the order of the event is the kth occurrence of σ, and let wσ(k) be either
observation of events a and b after trace s1 = σf abcn must also si
the prefix of w whose last event is the kth occurrence of
be taken into account i .e., the local diagnoser may also observe (k) (k)
s1s = bs as cns , which is equal to one of the possible observations σsi , if σsi ∈ w, or w, if σsi ∈ / w. For instance, let Σa1 =
s2s = bs as cns of a nonfaulty trace s2 = bacn , which implies that {a, b, c, σf , as1 , cs1 } and w = abas1 accs1 as1 c. Then, wa(2) =
LD1 is not be able to diagnose the fault event occurrence. This abas1 a, wc(1) = abas1 accs1 and wc(2) = w. The idea of defining
s1 s1
conclusion is incorrect since, as we saw in Example 1, such an wσ(k) and wσ(k) is to establish a comparison between the event

si
observation is not possible. occurrence and its observation in a given trace. We can now
introduce the notion of delay function.
IV. EQUIVALENT UNTIMED MODEL OF NDESWTS Definition 3 (Delay Function): A delay function associated
In order to propose a model that takes into account the fact with local diagnoser LDi and observable events in Σoij , trans-
that events can be observed in different order from their actual mitted through communication channels chij with maximal
order of occurrence in the system, it is necessary to distinguish communication delay bounds Tij , is the mapping
an occurrence of event σ ∈ Σoij from its observation by the local ∗
Fdi : L(G) → 2Σdi
diagnoser LDi . For this reason, we will create an event σsi that
represents the successful observation of σ by LDi and form the s → Fdi (s)
set of observable events that are successfully communicated to
local diagnoser LDi , as follows: where Σdi = Σ ∪ Σsi and w ∈ Fdi (s) if it satisfies the follow-
ing conditions:
Σsi = ∪m
j=1 Σsij (4) 1) Pai (w) = s.
where Σsij = {σsi : σ ∈ Σoij }. 2) For all σ ∈ Σoij , j = 1, 2, . . . , m, and σ (k) ∈ w
The effects of intermittent loss of observation of events in the tmin (x0 , Pai (wσ(k) )) − tmin (x0 , Pai (wσ(k) )) < Tij .
communication channels will be taken into account by using the si
Dilation operation proposed in [8]. Thus, the system behavior in (6)

(k)
the presence of delays and intermittent loss of observation will 3) For all σsi ∈ Σsij , j = 1, 2, . . . , m, and σsi ∈ w
be modeled by a language defined over the following augmented
set of events: σ (k) ∈ wσ(k) (7)
si
Σai := Σ ∪ Σsi ∪ Σli (5) and

where Σli = {σli : σ ∈ Σi,lo } is the set that represents the ob- |Pai ,oij (wσ(k) )| = |Pai ,sij (wσ(k) )|. (8)
si
servations that have been lost, and thus, not observed by local
diagnoser LDi .
of Fdi to the domain 2
L(G)
The extension is defined as
In order to obtain all possible observations of a trace s ∈ L(G) Fdi (L(G)) = t∈L(G) Fdi (t).
by a local diagnoser LDi , we introduce a function that inserts Condition 1 ensures that w must be obtained from s by
events belonging to Σsi based on the maximal communication inserting events in Σsi only. Condition 2 ensures that the delay
delay bounds Tij , the minimal activation time function tmin between the occurrence of event σ ∈ Σoij , and its observation
and event sets Σoij . To this end, let us first define the bijective σsi ∈ Σsij is not larger than the maximal delay bound Tij [see
function ψi , i = 1, . . . , Ns , as follows: (6)]. Finally, Condition 3 ensures that the observation σsi of
ψi : Σoi → Σsi an event σ only occurs after event σ has occurred in trace
w ([see (7)], and that the observation of events transmitted
σ → ψi (σ) = σsi . through the same communication channel is in the same order
The definition of ψi can be extended to sets of events as as their occurrence in trace s [see (8)]. It is worth noting that the
maximum delay bound Tij limits the number of possible changes
ψi (Σoi ) = {ψi (σ) : σ ∈ Σoi }. in the order of the event observations that can occur under
Assumption A3. In addition, as will become clear later in the
The inverse function of ψi will be denoted by ψi−1 throughout text, the diagnosability problem becomes intractable assuming
the text. Let us now define the following projections: unbound delays. The following example illustrates the delay
1) Psi : Σ∗ai → Σ∗si function Fdi .
2) Pai : Σ∗ai → Σ∗ Example 2: Consider the NDESWTS G = (G, tmin , T )
3) Pai ,oij : Σ∗ai → Σ∗oij shown in Fig. 2(a) and (b), and assume that trace s1 = σf abcp ,
4) Pai ,sij : Σ∗ai → Σ∗sij p ∈ N, has been executed by the system. Let us consider
5) Pt,i : (∪N ∗ ∗ traces4 w1 , w2 , w3 , w4 ∈ Σ∗a1 , where w1 = σf aabbs as (ccs )p ,
i=1 Σai ) → Σai .
s
Notice that, for a trace w ∈ Σ∗ai , Psi (w) returns the trace w2 = σf abas bs (ccs )p , w3 = σf aas bs b(ccs )p and w4 = σf a
observed by local diagnoser LDi , Pai (w) recovers the trace as bccs bs (ccs )p−1 . Notice that none of these traces belongs to
generated by the plant, and Pai ,oij (w) [resp. Pai ,sij (w)] returns
the trace formed by the events generated by the plant (resp. 4 Since, in this example, there exists one local diagnoser only, we omit the
succesfully observed by LDi ) transmitted through channel chij . subscript associated with the local diagnoser and replace σs1 with σs .
Fd1 (s1 ), since 1) Pa1 (w1 ) = σf aabcp = s1 (w1 violates Con- obtained by removing the event from the second component of
dition 1 of Definition 3); 2) tmin (x0 , Pa1 (w2,a(1) ) − tmin (x0 , the previous state of Gai . The minimal times elapsed between the
s
Pa1 (w2,a(1) ) = tmin (x0 , Pa1 (σf abas ) − tmin (x0 , Pa1 (σf a)) observable event occurrences stored in the second component of
= tmin (x0 , σf ab) − tmin (x0 , σf a) = (0.1 + 1 + 3) − (0.1 + the state of Gai are updated whenever a new event occurs in the
1) = 3 > T11 = 2 (w2 violates Condition 2 of Definition 3); plant through function tmin . For instance, state (x, a 0.5 b 0.2 c)
(1) of Gai corresponds to the case when the plant has reached state
3) bs ∈ w3 , but b(1) ∈ / w3,b(1) [w3 violates Condition 3, x after the execution of a trace s ∈ L(G) that contains, in that
s
Equation (7), of Definition 3]; 4) the first occurrence of event order, the observable events a, b, and c, whose observations
c is observed before the observation of b in trace w4 , which are still being transmitted to the local diagnoser, and the time
is not possible since these events are transmitted through the elapsed between the occurrence of event a and b (resp. b and
same communication channel and b has occurred first; this is c) is, at least, equal to 0.5 (resp. 0.2) t.u. It is worth remarking
recognized by Condition 3, Eq. (8), of Definition 3, as follows: that trace s can have other observable events whose observations
|Pa1 ,o12 (σf aas b)| = |b| = 1 = |Pa1 ,s12 (σf aas bccs bs )| = have ended before state (x, a 0.5 b 0.2 c) was reached.
|cs bs | = 2, it is worth remarking that w4 also violates The construction of Gai is carried out by manipulat-
Condition 2. As we are going to see later on in this section, the ing traces composed by events and real numbers that form
set of traces in Σ∗a1 associated with all possible observations of the second components of the states of Gai . To this end,
trace s1 by local diagnoser LD1 due to communication delays we define set Qi := {q = q1 q2 · · · qz : (qw ∈ Σoi ) ∨ (qw ∈
will be given by R+ ), ∀w ∈ {1, 2, . . ., z}}, i = 1, 2, . . . , Ns , where R+ denotes
Fd1 (s1 ) = {σf aas bbs (ccs )p , σf aas bbs (ccs )p−1 c}. the set of nonnegative real numbers. Notice that, the elements of
Qi are traces formed by observable events in Σoi and numbers
Notice that, as expected, the projections in Σs1 of the traces in R+ . We now define the following operations.
belonging to Fd1 (s1 ) are as bs cps and as bs cp−1
s , where the last Definition 6:
one corresponds to the transient observation obtained while the (a) The function link : Qi × Qi → Qi is a mapping where,
pth occurrence of c is still being transmitted. for every q = q1 · · · qz and p = p1 · · · pk belonging to Qi
Let us now model the effects of loss of observations. To this
end, we modify the dilation operation [8] for Σ∗di = (Σ ∪ Σsi )∗ , q1 · · · qz−1 (qz + p1 ) p2 · · · pk , if qz , p1 ∈ R+
link(q, p) =
so as, if an event σ ∈ Σi,lo occurs, either σsi or σli will occur. q1 · · · qz p1 · · · pk , otherwise.
Definition 4 (Loss of Observation Function [8]): The (b) The function cut : Qi → Qi is a mapping where, for all
∗
loss of observation function Fi,lo : Σ∗di → 2Σai is de- q = q1 q 2 · · · q z ∈ Q i
fined in a recursive way as: Fi,lo (ε) = {ε}; Fi,lo (σ) =
{σ}, ∀σ ∈ Σ; Fi,lo (σsi ) = {σsi , σli }, if σsi ∈ ψi (Σi,lo ), qw qw+1 · · · qz , if (∃w ≤ z)[(qw ∈ Σoi ) ∧
and, Fi,lo (σsi ) = {σsi }, if σsi ∈ Σsi \ ψi (Σi,lo ); Fi,lo (wσ) = cut(q) = ∧ (qj ∈ R+ , ∀j ∈ {1, . . ., w − 1})]
Fi,lo (w)Fi,lo (σ), ∀w ∈ Σ∗di , ∀σ ∈Σdi . Its extension to lan- 0, if qj ∈ R+ , ∀j ∈ {1, 2, . . ., z}.
guages is as follows: Fi,lo (L) = w∈L Fi,lo (w). (c) The function add : Qi × X × Σ → Qi is a mapping
Notice that, for a trace w ∈ Σ∗di , Fi,lo (w) returns the set of where, for all q = q1 q2 · · · qz ∈ Qi , x ∈ X and σ ∈ Σ
traces created from w by replacing events in w subject to loss of ⎧
observations with their corresponding events in Σli ; therefore, ⎪
⎪ cut(link(q, tmin (x, σ)σ)), if (σ ∈ Σoi )∧
⎪
⎨ ∧(f (x, σ)!)
accounting for all possible combinations of observation losses.
Finally, in order to represent the joint effects of delays and loss add(q, x, σ) = cut(link(q, tmin (x, σ))), if (σ ∈ Σuoi )∧
⎪
⎪ ∧(f (x, σ)!)
of observations, we define the augmentation function, which is ⎪
⎩
the composition of the delay function with the loss of observation undefined, otherwise.
function, as follows. (d) The removal function, rem : Qi × N → Qi is a mapping
Definition 5 (Augmentation Function): Given G = where, for all q = q1 q2 · · · qz ∈ Qi
(G, tmin , T ), the augmentation function is the mapping ⎧
∗ ⎪
⎪ cut(q2 · · · qz ), if (k = 1) ∧ (z = 1)
Fai : 2L(G) → 2Σai ⎪ link(q1 · · · qk−1 , qk+1 · · · qz ), if (1 < k < z)
⎨
L(G) → Fai (L) = Fi,lo (Fdi (L)). rem(q, k) = cut(q1 · · · qz−1 ), if (k = z) ∧ (z = 1)
⎪
⎪
⎩ 0, if (k = z) ∧ (z = 1)
⎪
In order to characterize the behavior of NDESWTS in the undefined, otherwise.
presence of delays of observations and loss of observation of
events, we will present an algorithm for the computation of an (e) The measurement site index function, ms : Σoi →
automaton, Gai = (Xai , Σai , fai , Γai , x0,ai , ∅), formed from {1, 2, . . . , m} is a mapping where, for all σ ∈ Σoi ,

the NDESWTS , whose states have two components, as follows: j, if σ ∈ Σoij for some i ∈ {1, . . . , Ns }
1) the first component accounts for the corresponding state of ms(σ) =
undefined, otherwise.
G, and 2) the second component accounts for the observable
events that were generated by G in order to reach state x and (f ) The function li : Σi,lo → Σli is a mapping where, ∀σ ∈
whose observations are still being transmitted to local diagnoser Σi,lo , li (σ) = σli .
LDi together with the minimal time elapsed between the oc- According to Definition 6, function link(q, p) simply
currences of these observable events. In this regard, when an concatenates two traces q and p in the usual way except when the
observable event belonging to Σoi occurs, the state reached by last component of q and the first component of p are numbers, in
Gai is obtained by adding this event to the right of the second which case they are added. Function cut(q) eliminates the prefix
component of the previous state of Gai . On the other hand, when of q formed only by numbers before the first observable event, or
an event is successfully observed, the state reached by Gai is returns 0 if q is formed only by numbers. Function add(q, x, σ)
concatenates q with a sequence and adds elements in q that

Algorithm 1: Construction of automaton Gai .
depend on σ being observable or not. Function rem(q, k)
removes from q its kth element and function ms(σ) returns Input G = (G, tmin , T ), Σoij , for all j ∈ Im , and Σi,lo .
the index j, which corresponds to measurement site M Sj that Output Automaton Gai = (Xai , Σai , fai , Γai , x0,ai , ∅).
records the occurrence of event σ. Finally, for σ ∈ Σi,lo , li (σ) is STEP 1. Define initial state x0,ai = (x0 , 0) and Xai = ∅;
equal to event σli that models the loss of observation of event σ. STEP 2. Form sets Σoi , Σsij , for all j ∈ Im , Σsi and Σai
We now present an algorithm (Algorithm 1) for the con- according to Eqs. (3), (4) and (5), respectively;
struction of automaton Gai . The idea behind Algorithm 1 is STEP 3. Create a FIFO queue F and add x0,ai to F ;
to model all changes of order in the observation of events by STEP 4. While F = ∅ do:
local diagnoser LDi , caused by delay in the communication STEP 4.1 (x, q) ← head(F ) and dequeue(F ).
channels chij , for j ∈ {1, . . . , m}, and also model the loss of STEP 4.2 Xai ← Xai ∪ {(x, q)};
observation of events according to Definition 4. Indeed, in Step STEP 4.3 Let q = q1 q2 · · · qz . Define the set of indexes
1 of Algorithm 1, we define the initial state of automaton Gai
Ioi = {k ∈ {1, . . . , z} : qk ∈ Σoi } (9)
as x0,ai = (x0 , 0), where x0 is the initial state of plant G, and
the second component is set equal zero to determine that no STEP 4.4 If Ioi = ∅, then, ∀y ∈ Ioi , define:
observation is being transmitted to the local diagnoser LDi at
state x0,ai . In Step 2, we form set Σsi of observable events that I(y) = {k ∈ {y + 1, . . . , z} : qk ∈ R+ } (10a)
are successfully communicated to local diagnoser LDi and the
k∈I(y) qk , if I(y) = ∅
augmented set Σai of events. In Step 3, in order to define the other M ET (y) = (10b)
0, otherwise.
states and the state transitions of Gai , we create a queue of states
F , which is initially equal to F = [x0,ai ]. In Step 4.1, we set state r(y) = ms(qy ). (10c)
(x, q) as the first state in F and remove this state from F . In Step
4.2, we add it to set Xai and, in Step 4.3, we define a set Ioi STEP 4.5 For each σ ∈ Γ(x):
formed with the indexes of observable events which belong to the If (Ioi = ∅) ∨ (∀y ∈ Ioi , M ET (y) + tmin (x, σ)
second component of (x, q). In Step 4.4, for each index y ∈ Ioi , < Ti r(y) ):
we define three functions: 1) I(y), that returns all indexes of (a) Set x̃ai = fai ((x, q), σ) = (f (x, σ), add
the elements at the right-hand side of qy which are numbers in (q, x, σ));
the sequence q = q1 q2 . . . qy qy+1 . . . qz ; 2) MET(y), that returns (b) If (x̃ai ∈ Xai ) ∧ (x̃ai ∈ F ), then enqueue(F,
the sum of the elements of I(y), and 3) r(y) that returns the x̃ai );
index corresponding to the measurement site from where the STEP 4.6 For each j, j = 1, 2, . . . , m:
observation of the event qy was transmitted. In Steps 4.5 and STEP 4.6.1 Form Yj = {k ∈ Ioi : qk ∈ Σoij };
4.6, we define the transitions from (x, q) and add to F only the STEP 4.6.2 If Yj = ∅, then:
new states reached by these transitions. In order to compute the (a) Compute y = min(Yj ), and set σsi = ψi (qy );
whole accessible part of Gai , we repeat Step 4 until F becomes (b) Set x̂ai = fai ((x, q), σsi ) = (x, rem(q, y));
empty. At each iteration of Step 4, the new transitions, from state (c) If qy ∈ Σi,lo , then set σli = li (qy ) and define
(x, q) are defined as follows. In Step 4.5(a), we define transitions fai ((x, q), σli ) = x̂ai ;
from state (x, q) that correspond to new occurrences of events (d) If (x̂ai ∈ Xai ) ∧ (x̂ai ∈ F ), then enqueue(F,
in the plant, and thus, they are labeled by events that are active at x̂ai );
state x of automaton G. Notice that, an event σ ∈ Γ(x) can occur Step 5. Define Γai (xai ) = {σ ∈ Σai : fai (xai , σ)!}, for
at state (x, q) if either 1) there is no event in q, namely, Ioi = ∅ all xai ∈ Xai .
or 2) there is no observable event inside q whose transmission of
its observation must be finished before the occurrence of σ, i.e.,
MET(y) + tmin (x, σ) < Tir(y) , ∀y ∈ Ioi . We then obtain state
x̃ai reached by the new transitions by means of f (x, q) and add
operation. If x̃ai does not belong to both the set of states Xai
and queue F , we add x̃ai to the end of queue F .
In Step 4.6, we search for the events whose observation
transmission can be successfully observed at state (x, q). Notice
that, for each communication channel, only the first event inside
q whose observation is transmitted through this channel can be Fig. 4. Automaton Ga1 of Example 3.
successfully observed at state (x, q), since the channels are mod-
eled by FIFO queues. Then, in Step 4.6.2(b), we define transi-
tions from state (x, q) that correspond to successful transmission
and observation by the diagnoser, and, thus, they are labeled by Example 3: Let us consider again the NDESWTS G =
events in Σsi . The states reached by these transitions are defined (G, tmin , T ) shown in Fig. 2(a) and (b), where Σ = {σf , a, b, c},
by applying rem operation. In Step 4.6.2(c), if event qy is subject Σo1 = {a, b, c}. Applying Algorithm 1, with input G, Σo11 =
to loss of observation then we define a transition labeled by event {a}, Σo12 = {b, c}, Σ1,lo = ∅, T = [T11 T12 ] = [2 0.1] and
σli from state (x, q) to state x̂ai so as to represent the loss of tmin , defined according to Fig. 2(b), we obtain automaton Gai ,
observation of event qy . Finally, in Step 5, we compute the set i = 1, depicted in Fig. 4 , whose construction can be explained
of active events, for all states of automaton Gai . as follows. In Step 1, we define the initial state of automaton
Remark 1: The observable event set of Gai is Σai ,o = Σsi (x0 , 0), where value 0 for the second component indicates that
and not Σoi , and its unobservable event set is Σai ,uo = Σ ∪ Σli . no observation is being sent to the diagnoser. In Step 2, we
form the sets Σo1 = {a, b, c}, Σs11 = {as }, Σs12 = {bs , cs }, • If q = 0, then q1 ∈ Σoi , and for every y ∈ {1, 2, . . . , z}
Σs1 = {as , bs , cs }, and Σa1 = {σf , a, b, c, as , bs , cs }. In Step such that qy ∈ Σoi , qy is an event whose occurrence is
3, we create a queue of states F = [(x0 , 0)], and thus, we repeat still being transmitted with MET(y), defined by (10b),
Step 4 until F becomes empty. In Steps 4.1 and 4.2, we set equal to the minimal time interval elapsed since the
(x, q) = (x0 , 0), F = [ ] and Xa1 = {(x0 , 0)}. In Step 4.3, we occurrence of qy in the plant.
create the set of indices Io1 that contains the indices of the events, Proof: The proof is done by induction on the length of the
which belongs to Σo1 inside q. Since q = 0, Io1 = ∅ and, as a traces w ∈ L(Gai ).
consequence, Step 4.4 should be skipped. In Step 4.5 (resp. Step Basis Step: According to Step 1 of Algorithm 1, the ini-
4.6), we define the transitions from state (x, q), labeled by events tial state of Gai is equal to x0,ai = (x0 , 0). Thus, for w = ε,
in Σ (resp. Σs1 ) associated with the occurrences of events in the fai (x0,ai , w) = (x0 , 0), which agrees with the facts that: (a)
plant (resp. successful observations). Since Γ(x0 ) = {σf , b}, f (x0 , Pai (ε)) = x0 , and (b) q = 0 and there is no event in w
we define, in Step 4.5, two transitions from state (x0 , 0) labeled whose occurrence has not been transmitted.
by events b and σf , which define new states (x4 , b) and (x1 , 0), Induction Hypothesis: ∀w ∈ L(Gai ), such that |w| ≤ p,
respectively, and, thus F = [(x4 , b), (x1 , 0)]. Notice that, event fai (x0,ai , w) = (f (x0 , Pai (w)), q), where q satisfies Part (b).
b (resp. σf ) is added (resp. not added) to the second component Inductive Step: Consider a trace wσ ∈ L(Gai ) such that |w| =
of the reached state since it is an observable (resp. unobservable) p and σ ∈ Σai , and let (x, q) = fai (x0,ai , w). We will prove
event. Finally, since Io1 = ∅, then sets Yj , to be formed in Step initially item (a) and, after that, item (b).
4.6 for each communication channel chij , for j = 1, 2 are also (a) According to the induction hypothesis, x = f (x0 ,
empty. Therefore, no transition will be defined in Step 4.6. Pai (w)). Let us first consider the case when σ ∈ Σ. Then,
Assume that after some iterations of Step 4, state (x2 , a) according to Step 4.5 of Algorithm 1, σ ∈ Γ(x) and the
is the first state of queue F . Then, in Step 4.3, we obtain first component of the reached state is equal to f (x, σ) =
Io1 = {1} In Step 4.4, we compute I(1) = ∅, M ET (1) = 0 f (x0 , Pai (w)σ) = f (x0 , Pai (wσ)). Let us now consider the
and r(1) = ms(a) = 1. Notice that, although even b ∈ Γ(x2 ), case when σ ∈ Σsi ∪ Σli . Since, according to Step 4.6.2(b)
transition labeled by b is not defined in state (x2 , a). This is so be- of Algorithm 1, the transitions of Gai labeled by events in
cause, in Step 4.5, M ET (1) + tmin (x2 , b) = 3 > T11 = 2. In Σsi ∪ Σli do not modify the first component of the state, we may
Step 4.6, since Io1 = {1} and I(1) = ∅, we define the state to be conclude that the first component of fai (x0,ai , wσ) is equal to
reached by (x2 , a) as fa1 ((x2 , a), ψ1 (a)) = fa1 ((x2 , a), as ) = f (x0 , Pai (w)) = f (x0 , Pai (wσ)), since Pai (w) = Pai (wσ).
(x2 , rem(a, 1)) = (x2 , 0), and thus, transition labeled by as is (b) According to the induction hypothesis, q satisfies Part (b).
defined in state (x2 , a). This means that event b cannot occur According to Algorithm 1 the second component of the state
before the observation of a. reached from state fai (x0,ai , w) by a transition labeled by an
Let us now assume that (x, q) = (x5 , a) at the beginning of event σ ∈ Σai is determined as follows:
Step 4. Then, in Step 4.3, we obtain Io1 = {1}. In Step 4.4, (b1) If σ ∈ Σ, then, according to Step 4.5.1(a), the second
we compute I(1) = ∅, M ET (1) = 0 and r(1) = ms(a) = 1, component of the reached state is add(q, x, σ), where, accord-
respectively. Notice that a transition labeled by c is defined in ing to Definition 6(c), concatenates to the right of q, either
state (x5 , a) in Fig. 4. This is so because, c ∈ Γ(x5 ) and, ac- trace tmin (x, σ)σ, if σ ∈ Σoi , or tmin (x, σ), if σ ∈ Σuoi , and
cording to Step 4.5, (M ET (1) + tmin (x5 , c)) = 1 < T11 = 2. removes the largest prefix formed only with nonnegative real
We define the state to be reached by (x5 , a) due to event c as numbers. In this case, the second component of the state reached
(f (x5 , c), add(a, x5 , c)) = (x5 , a1c). In Step 4.6, since Io1 = from fai (x0,ai , w) by the transition labeled by σ will be formed
{1} and I(1) = ∅, we define the state to be reached by (x5 , a) as follows: tmin (x, σ) is added to the right of q after the
as fa1 ((x5 , a), ψ1 (a)) = fa1 ((x5 , a), as ) = (x5 , rem(a, 1)) = occurrence of σ in the plant to enforce that MET(y), defined
(x5 , 0), and thus, a transition labeled by as is defined in state in (10b), be equal to the minimal time interval elapsed since
(x5 , a). the occurrence of the yth event of the second component of the
To conclude the example, let us consider state (x5 , a1c). reached state, and when σ ∈ Σoi , σ must also be included at the
Then, in Step 4.3, we obtain Io1 = {1, 3}. In Step 4.4, we right of tmin (x, σ).
compute I(1) = {2}, I(3) = ∅, M ET (1) = 1, M ET (3) = 0, (b2) If σ ∈ Σsi ∪ Σli , then, according to Step 4.6.2 of Algo-
r(1) = 1 and r(3) = 2. Notice that even though c ∈ Γ(x5 ), a rithm 1, the second component of the reached state is rem(q, y),
transition labeled by event c is not defined in state (x5 , a1c). where y, computed in Step 4.6.2(a) of Algorithm 1, is such that
This is so because, in Step 4.5, (M ET (1) + tmin (x5 , c)) = either σ = ψ(qy ), if σ ∈ Σsi or σ = li (qy ), if σ ∈ Σli , and so,
2 = T11 = 2 and (M ET (3) + tmin (x5 , c)) = 1 > T12 = according to Definition 6, function rem removes qy from q.
0.1. In Step 4.6, two states can be reached by state Since the occurrence of an event σ ∈ Σsi ∪ Σli represents either
(x5 , a1c): 1) fa1 ((x5 , a1c), ψ1 (a)) = fa1 ((x5 , a1c), as ) = the successful or the loss of the observation of event qy stored
(x5 , rem(a1c, 1)) = (x5 , c), and 2) fa1 ((x5 , a1c), ψ1 (c)) = in q, we can conclude that we must remove qy from q to obtain
fa1 ((x5 , a1c), cs ) = (x5 , rem(a1c, 3)) = (x5 , a1). the second component of the reached state, as done by using
The following results concern automaton Gai obtained by function rem in Algorithm 1.
Algorithm 1. Finally, notice that, functions add and rem are defined using
Lemma 1: For every trace w ∈ L(Gai ), state (x, q) = function cut, which either removes the largest prefix of the
fai (x0,ai , w), where q = q1 q2 · · · qz ∈ Qi is such that original trace composed solely with numbers or returns 0 when
(a) x = f (x0 , Pai (w)); it is solely formed by numbers; thus, functions add and rem
(b) • If q = 0, then for every event σ ∈ Σoi in w, there exists ensure in both cases (b1) and (b2) that the first element of the
either σsi or σli in w, that indicates that either event σ second component of the reached state belongs to Σoi , if the
has been successfully transmitted or lost, respectively; second component of the reached state has at least one element
belonging to Σoi , or that the second component of the reached To this end, notice first that Pai (w)σ = Pai (wσ) ∈ L(G),
state is equal to 0, otherwise. In both cases, the lemma statement which implies that σ ∈ Γ(f (x0 , Pai (w))) = Γ(x). In addition,
holds true. since wσi satisfies Condition 2 of Definition 3 and q satisfies
Based on Algorithm 1, we can state the following theorem Lemma 1, Statement (b), it can be concluded that, (Ioi =
related to the language generated by Gai . ∅) ∨ (∀y ∈ Ioi , M ET (y) + tmin (x, σ) < Ti r(y) ) holds true,
Theorem 2: L(Gai ) = Fai (L(G)). for Ioi , MET(y) and r(y) computed from q according to
Proof: We will first consider the case when Σi,lo = ∅ (no Steps 4.3 and 4.4. As a consequence, transition fai ((x, q), σ)
observable event is subject to loss of observation). Thus, of Gai is created in Step 4.5(a) of Algorithm 1.
Σli = ∅, and so, it suffices to prove that L(Gai ) = Fdi (L(G)). (ii) σi = σsi ∈ Σsi . In this case, since trace wσsi satisfies (7),
The proof is done by induction on the length of the traces there exists at least one occurrence of event ψi−1 (σsi ) that is still
w ∈ Σ∗di . being transmitted to local diagnoser LDi after the occurrence of
Basis Step: Let w = ε. Then, w ∈ Fdi (L(G)) since Pai (ε) = w. Thus, according to Lemma 1, Statement (b), ψi−1 (σsi ) is in
ε ∈ L(G) and ε satisfies Conditions 2 and 3 of Definition 3. In q. Moreover, it can be seen, from (8), that ψi−1 (σsi ) accounts for
addition, w ∈ L(Gai ), since, by construction, (x0 , 0) ∈ Xai . the first event of Σoij , j = ms(ψi−1 (σsi )), in q. Thus, in the jth
Induction Hypothesis: For all traces w ∈ Σ∗di such that |w| ≤ iteration of Step 4.6 of Algorithm 1, transition fai ((x, q), σsi )
p, w ∈ L(Gai ) ⇔ w ∈ Fdi (L(G)). of Gai is defined in Step 4.6.2(b), and so, wσsi ∈ L(Gai ).
Inductive Step: Let wσi ∈ Σ∗di be such that |w| = p and σi ∈ Finally, when Σi,lo = ∅, an automaton that generates
Σdi . Fai (L(G)) = Fi,lo (Fdi (L(G))) can be computed, according
(⊆) Assume that wσi ∈ L(Gai ). Then, w ∈ L(Gai ) since to [8], from an automaton that generates Fdi (L(G)) by adding
L(Gai ) is prefix-closed, by definition. Thus, according to the to all transitions labeled with events in Σsi ∪ ψ(Σi,lo ), parallel
induction hypothesis, w ∈ Fdi (L(G)), which implies, accord- transitions labeled with the corresponding events in Σli . Notice
ing to Condition 1 of Definition 3, that ∃s ∈ L(G) : s = Pai (w). that, according to Step 4.6.2(c), a parallel transition labeled by
Let (x, q) = fai (x0,ai , w), where, according to Lemma 1, State- σli ∈ Σli is defined whenever a transition labeled by an event
ment (a), x = f (x0 , s), and, q satisfies Lemma 1, Statement (b). Σsi ∪ ψ(Σi,lo ) is defined in Step 4.6.2(b).
Consider the following cases: Example 4: Let us revisit the NDESWTS considered in Ex-
(i) σi = σ ∈ Σ. In this case, since wσi ∈ L(Gai ), the transi- ample 3. Notice that the language generated by automaton Ga1 ,
tion from state (x, q) labeled by event σ is obtained according to
depicted in Fig. 4, is L(Ga1 ) = {σf aas bbs (ccs )p , bbs aas (ccs )q ,
Step 4.5 of Algorithm 1 and, so, σ ∈ Γ(x). Thus, it can be con-
cluded that Pai (wσ) = Pai (w)σ = sσ ∈ L(G), and so, trace bbs accs as (ccs )q−1 ,bbs acas cs (ccs )q−1 }, p, q ∈ N, which agrees
wσ satisfies Condition 1 of Definition 3. Regarding Condition 2 with Theorem 2, since Fd1 (L(G)) = Fd1 ({σf abcp , bacq }) =
of Definition 3, since transition fai ((x, q), σ) has been added Fd1 ({σf abcp }) ∪ Fd1 ({bacq }) = {σf aas bbs (ccs )p } ∪
in Step 4.5(a), statement (Ioi = ∅) ∨ (∀y ∈ Ioi , MET(y) + {bbs aas (ccs )q , bbs accs as (ccs )q−1 , bbs acas cs (ccs )q−1 } =
tmin (x, σ) < Ti r(y) ) holds true, where Ioi , MET(y), and r(y) L(Ga1 ).
are computed in Steps 4.3 and 4.4. Notice that, in accordance Remark 2 (Size of the state space of automaton Gai ): Let
with Lemma 1, Statement (b), checking this condition is equiv- us define the following variables for G = (G, tmin , T ) and i =
alent to verify if every event in Σoi , that has occurred in wσ and 1, 2, . . . , Ns : Ti = max{Tr,j ∈ T : r = i ∧ Tr,j is finite} and
whose observation has not occurred in w, satisfies (6). Since, by t = minx∈X,σ∈Γ(x) (tmin (x, σ)), and Ti = max{z ∈ Z : z <
the induction hypothesis, w satisfies Condition 2, every event Ti /t}, where Z is the set of integers. A state of automaton Gai
in w whose occurrence has been observed in w also satisfies can assume one the following forms: (i) (x, 0), where x ∈ X;
(6). Therefore, we can conclude that wσ satisfies Condition 2 (ii) (x, σ), x ∈ X and σ ∈ Σoi , and; (iii) (x, q), where x ∈ X
of Definition 3. Finally, Condition 3 of Definition 3 is trivially and q ∈ (Qi \ ({0} ∪ Σoi )). Notice that, Gai can have, at most,
satisfied for wσ since it is satisfied for w. |X| and |X||Σoi | states with the forms (i) and (ii), respectively.
(ii) σi = σsi ∈ Σsi . In this case, Pai (wσsi ) = Pai (w), Let us now consider the states of Gai with form (iii). Notice
which implies that wσsi satisfies Condition 1 of Definition 3. In that, for these states, q can assume one of the following forms:
addition, wσsi also satisfies Condition 2 of Definition 3 since it
is satisfied for w. Thus, it remains to check if Condition 3 holds (a) q = σ0 (t1,1 + . . . + t1,k1 )σ1 . . . (tn,1 + . . . + tn,kn )σn ;
true for trace wσsi . To do so, notice that, according to Step 4.6 (b) q = σ0 (t1,1 + . . . + t1,k1 )σ1 . . . (tn,1 + . . . + tn,kn )
and Lemma 1, σsi = ψi (qy ), where qy is the first event of Σoij
in q, j ∈ {1, . . . , m}. Thus, according to Lemma 1, Statement where, tj,p is the minimal time associated with the pth event
(b), wσsi satisfies both (8) and the inclusion relation in (7). that occurred after event σj−1 , being tj,kj the minimal activation
Therefore, wσsi ∈ Fdi (L(G)). time associated with σj . In both cases (a) and (b), the number
(⊇) Suppose, now, that wσi ∈ Fdi (L(G)). Then, according of events that have occurred in the plant after σ0 is equal to
to Condition 1 of Definition 3, Pai (wσi ) ∈ L(G), which also k1 + k2 + . . . + kn . In addition, notice that tj,p , for p = kj , are
implies that Pai (w) ∈ L(G) since L(G) is prefix-closed. More- associated either with events in Σuoi or with events in Σoi whose
over, since wσi satisfies Conditions 2 and 3 of Definition 3, w transmission has been completed, and tj,kj is associated with
also satisfies these conditions, and so w ∈ Fdi (L(G)). Thus, event σj ∈ Σoi that is still being transmitted.
according to the induction hypothesis, w ∈ L(Gai ). Set, again, Let us set k = k1 + . . . + kn . Then, each possible q with
(x, q) = fai (x0,ai , w), where x = f (x0 , Pai (w)) (Lemma 1, k event occurrences after σ0 can be associated with a hypo-
Statement (a)) and q satisfies Lemma 1, Statement (b). Consider thetical q = σ0 t1 σ1 t2 . . . tk σk , where σj ∈ Σuoi ∪ Σsi ∪ Σoi ,
the following possibilities: j = 1, . . . , k, represents the jth event occurrence after σ0 and ti
(i) σi = σ ∈ Σ. In this case, wσ ∈ L(Gai ) if a transition is its minimal activation time. In q , the events in Σoi are associ-
labeled by σ can be defined for (x, q) according to Step 4.5. ated with the occurrences that are still being transmitted, and the
events in Σuoi and Σsi are associated with the occurrences of long length trace t, such that there exist traces sai tai ∈ Fai (st),
unobservable events and events whose transmission have been i = 1, 2, . . . , Ns , sai tai not necessarily different from saj taj
completed, respectively. Notice that, in q, those events in Σuoi for i, j ∈ {1, 2, . . . , Ns } and wai ∈ Fai (wi ), with wi ∈ LN ,
and Σsi are omitted and the minimal activation times associated satisfying Psi (sai tai ) = Psi (wai ), for all i ∈ {1, . . . , Ns }. This
with subsequent events in Σuoi and Σsi are added. As a con- is equivalent to saying that there exist a fault trace st, with
sequence, the number of possible q with k event occurrences arbitrarily long length after the occurrence of the fault event,
after σ0 is less than or equal to the number of possible q with and normal traces wi , for i = 1, . . . , Ns , such that, the change
k event occurrences after σ0 . Thus, by analyzing q , we can in the order of observation and the loss of observation of events
infer that the number of different q with k event occurrences in both st and wi create ambiguous observations in all LD.
after σ0 is, at most, equal to |X||Σoi |(|Σ| + |Σoi |)k , where We may state the following facts directly from Definition 7.
the term |X| comes from the fact that the minimal activation Fact 1: If a language L is not NDESWTS codiagnosable with
time associated with each event occurrence depends on the state respect to Fai and Psi , for i = 1, . . . , Ns , and Σf = {σf }, then
reached after the occurrence of σ0 . Notice that the number of L is not NDESWTS diagnosable with respect to Fai , Psi , and
event occurrences after σ0 cannot be greater than Ti since the Σf = {σf } for every i ∈ INs . The converse is not necessarily
maximum communication delay of σ0 is at most Ti and the true.
minimal activation times of the events are, at least, equal to t. As Proof: The proof comes directly from Definition 7, since if L

i
a consequence, there are, at most, |X||Σoi | Tk=1 (|Σoi | + |Σ|)k is not NDESWTS codiagnosable, then, there exist s ∈ L \ LN
possible q, and the number of states of Gai with form (iii) is, and t ∈ L/s such that, for every i ∈ INs , there exists a trace

i w ∈ LN with [Psi [Fai (st)] ∩ Psi [Fai (w)] = ∅.
at most, |X|2 |Σoi | Tk=1 (|Σoi | + |Σ|)k . We can conclude that,
in the worst case, the number of states of Gai is given by |X| + The converse of Fact 1 is not true because, when L is not

i NDESWTS diagnosable for every local diagnoser LDi , it can
|X||Σoi | + |X|2 |Σoi | Tk=1 (|Σoi | + |Σ|)k , which implies that
be NDESWTS codiagnosable since an ambiguity that exists in
|Xai | = O(|X| |Σoi |(|Σoi | + |Σ|)Ti ).
2

one local diagnoser can be resolved by another one.
It is worth noting that, since Ti is the ratio between the
Fact 2: The language L generated by automaton G is
maximal delay Ti,j and the minimal firing time tmin (x, σ), one
NDESWTS diagnosable with respect to Fai , Psi , and Σf =
may infer, from the computational complexity analysis carried
{σf }, for some i ∈ INs , if, and only if, language L(Gai ) is
out above, that when max{Ti,j } >> min(tmin (x, σ)), the size
diagnosable with respect to Psi and Σf .
of |Xai | may become huge, due to the exponential growth in
Proof: The proof is straightforward from Definition 1 and
Ti , which could make the construction of augmented automaton
Theorem 2.
Gai nonviable. However, this is the case only when the plant
Facts 1 and 2 suggest that the verification of NDESWTS
dynamic is much faster than the observation delays in the com-
codiagnosability can be done by using automata Gai . How-
munication network, which ultimately implies that, in practice,
ever, since for each local diagnoser, a monolithic model Gai ,
not only the NDESWTS is unlikely to be codiagnosable, but
i = 1, . . . , Ns , is created, i.e., a different untimed automaton
also the supervisory control system would not work properly;
Gai having different event sets Σai to represent the monolithic
for example, a disabling control action would be issued, due to
plant from the point of view of each local diagnoser, the usual
large delay and fast plant dynamics, after the occurrence of the
tests for codiagnosability verification using diagnosers [2], [19]
event the supervisor is disabling.
and verifiers [20], [21], [27], [28] cannot be applied directly to
the augmented untimed automata Gai , i = 1, . . . , Ns . In order
V. NDESWTS CODIAGNOSABILITY to overcome this difficulty, instead of checking if all fault traces
As shown in the previous section, when a trace s ∈ L(G) are diagnosable, we follow the opposite direction approach,
occurs in the plant in the presence of communication delays and i.e., we check if any of the new introduced sequences in Gai ,
loss of observations, the trace observed by local diagnoser LDi is i = 1, . . . , Ns , remains ambiguous. This is the idea behind the
no longer Poi (s), but some trace in Psi (Fai (s)), being function NDESWTS codiagnosability verification algorithms proposed
Fai defined in accordance with the minimal activation time in the following sections.
function tmin , the maximal matrix delay T , and the set of events
subject to communication loss Σi,lo . Such a change may affect A. Using Diagnoser to Verify NDESWTS
the codiagnosability decision since each local diagnoser infers Codiagnosability
fault occurrences from its observed trace. As a consequence,
codiagnosability must be redefined for NDESWTS by taking The first approach to verify NDESWTS codiagnosability
into account all possible observations that can be generated in deploys the diagnoser-like automaton revised in Section II [19].
the presence of communication delays and loss of observations. To this end, let us first consider each augmented automaton Gai ,
This is formalized as follows. i ∈ INs . According to (2), we may write
Definition 7 (NDESWTS Codiagnosability): A prefix-closed Gscci = Gai ,d ||Gai , (11)
language L, generated by G, is NDESWTS codiagnosable
with respect to Fai , and Psi , for i = 1, . . . , Ns , and Σf where Gai ,d = Obs(Gai , , Σsi ) and Gai , = Gai ||A . No-
if tice that L(Gscci ) = L(Gai , ) = L(Gai ), and for every state
(xdi , xi ) of Gscci , xi ∈ xdi .
(∃n ∈ N)(∀s ∈ L \ LN )(∀t ∈ L/s) (t| ≥ n ⇒ We will now present an algorithm for the verification of
(∃i ∈ INs ) [Psi (Fai (st)) ∩ Psi (Fai (w)) = ∅, ∀w ∈ LN ]) . NDESWTS codiagnosability, whose idea is to check if some
SCC of Gscci for some i ∈ {1, 2, . . . , Ns } that makes L(Gai )
According to Definition 7, language L is not NDESWTS non diagnosable with respect to Psi and Σf survives when all
codiagnosable if there exists a fault trace s and an arbitrarily LD LDi are working together.
Algorithm 2: NDESWTS codiagnosability using diagnoser.

Input Automaton Gai = (Xai , Σai , fai , Γai , x0,ai ), for
i = 1, . . . , Ns .
Output NDESWTS codiagnosability decision: Yes or No.
STEP 1. Compute automata Gscci = Gai ,d ||Gai , , for
i ∈ {1, . . . , Ns } according to (11).
STEP 2. Mark all strongly connected components of
Gscci , i ∈ {1, . . . , Ns }, formed with states
(xdi , xi ), such that xdi is uncertain and xi is
an Y-labeled state.
STEP 3. Compute automaton GN scc
ET
= ||N
i=1 Gscci .
s
STEP 4. Verify if there exists at least one strongly

Fig. 5. NDESWTS G = (G, tmin , T ) for Example 5: communication
connected component formed with marked states delay structure (a) and automaton G with minimal activation time func-
in GN ET
scc . tion tmin (b).
STEP 5. If the answer is yes, then language L generated
by automaton G is not NDESWTS codiagnosable
with respect to Fai , Psi , i = 1, . . . , Ns and
Σf = {σf }. Otherwise, L is NDESWTS
codiagnosable. implies, according to Fact 2, that language L(Gai ) is not diag-
nosable with respect to Psi and Σf , for each i = 1, 2, . . . , Ns ,
i.e., there exist sai tai ∈ L(Gai ) and wai ∈ L(Gai ) such that
From Algorithm 2, the following theorem may be stated. sai tai ∈ Fai (st), wai ∈ Fai (wi ) and Psi (sai tai ) = Psi (wai ).
Theorem 3: The language L generated by automaton G It can be seen, with the help of Theorem 1, that automaton
is NDESWTS codiagnosable with respect to Fai , Psi , i = Gscci has a SCC Ci reached through trace sai tai and formed with
1, . . . , Ns , and Σf = {σf } if, and only if, automaton GNET states (xdi , xi ), such that xdi is uncertain and xi is an Y-labeled
scc =
scc = ||i=1 Gscci , the parallel
Ns
||N s
G has no SCCs formed with marked states. state. Thus, when we compute GNET
i=1 scci
composition synchronizes the traces sai tai and the SCCs SCCi ,
Proof: (⇒) Assume that there exists a SCC C in GNET scc formed whose states are marked in Step 2 of Algorithm 2. Therefore,
with marked states. Then, by construction: (i) the states in C
automaton GNET scc has a SCC C formed with marked states.
have the form ((xd1 , x1 ), (xd2 , x2 ), . . . , (xdNs , xNs )), such
Example 5: Consider NDESWTS G = (G, tmin , T ) depicted
that, ∀i ∈ {1, . . . , Ns }, xdi is uncertain and xi is an Y-labeled
in Fig. 5, with the communication delay structure shown in
state, and; (ii) there exists an arbitrarily long faulty augmented
Fig. 5(a) and the plant automaton with the minimal activation
trace sa ta ∈ L(GNET scc ) that reaches a state of C. time function in Fig. 5(b). From Fig. 5(a), it can be seen that there
As a consequence, each Gscci has a SCC Ci formed
are two LD, LD1 and LD2 , and three measurement sites, MS1 ,
with marked states (xdi , xi ), such that xdi is uncertain
MS2 and MS3 , whose sets of recorded events are ΣMS1 = {b},
and x is an Y-labeled state. In addition, since L(GNET
Ns i −1 Ns scc ) = ΣMS2 = {c} and ΣMS3 = {a}. The occurrence of events b and
∗ ∗
i=1 Pt,i [L(Gscci )], where Pt,i : ( i=1 Σai ) → Σai for i ∈ a are transmitted through channels ch11 and ch23 , respectively,
{1, 2, . . . , Ns }, there exist traces sai tai ∈ L(Gscci ), i = (thus, Σo11 = {b} and Σo23 = {a}) and the occurrence of
1, 2, . . . , Ns , that reach a state of Ci , such that sa ta ∈ event c is transmitted through channels ch12 and ch22 (thus
Ns −1
i=1 Pt,i (sai tai ). Thus, according to Theorem 1, L(Gai ) Σo12 = Σo22 = {c}). As a consequence, the set of observable
is not diagnosable with respect to Psi and Σf , for each events of LD1 and LD2 are Σo1 = Σo11 ∪ Σo12 = {b, c}
i = 1, 2, . . . , Ns , which implies, according to Definition 1, and Σo2 = Σo22 ∪ Σo23 = {a, c}, respectively. In addition,
that there exist normal augmented traces wai ∈ L(Gai ), for from Fig. 5(a), we see that the maximal delay matrix is
i = 1, 2, . . . , Ns , such that Psi (sai tai ) = Psi (wai ), i.e., traces T = [T11 T12 T13 ; T21 T22 T23 ], where T11 = 0.3, T12 = 0.9,
sai tai are not detected by LD LDi . T13 = ∞, T21 = ∞, T22 = 0.5, and T23 = 0.1. From Fig. 5(b),
Since the parallel composition between all Gscci is synchro- we can see that Σ = {a, b, c, σf }, and tmin (x0 , σf ) = 0.1,
nized by the events in Σ of the plant, there exists st ∈ L \ LN tmin (x1 , a) = tmin (x2 , c) = tmin (x4 , c) = tmin (x0 , b) = tmin
such that st = Pai (sai tai ), for i = 1, 2, . . . , Ns . In addition, (x5 , a) = tmin (x6 , c) = tmin (x7 , a) = tmin (x8 , c) = 1, tmin
wi = Pai (wai ) ∈ LN for all i = 1, 2, . . . , Ns . Notice, from (x2 , b) = 2, and tmin (x3 , b) = 0.5. Let us assume that events
Definition 5, that sai tai ∈ Fai (st) and wai ∈ Fai (wi ), for all b and a are subject to intermittent loss of observation. As
i = 1, 2, . . . , Ns . Therefore, no local diagnoser LDi can di- a consequence: (i) for LD1 , Σ1,lo = {b}, Σ1,nlo = {c} and
agnose the arbitrarily long faulty trace st, and thus, it can be Σl1 = {bl1 }, and; (ii) for LD2 , Σ2,lo = {a}, Σ2,nlo = {c}
concluded that L is not NDESWTS codiagnosable with respect and Σl2 = {al2 }. We want to verify if L(G) is NDESWTS
to Fai , Psi , i = 1, . . . , Ns , and Σf = {σf }. codiagnosable.
(⇐) Assume, now, that language L is not NDESWTS codiag- Initially, it is worth noting that L(G) is codiagnosable with
nosable with respect to Fai , Psi , i = 1, . . . , Ns , and Σf = {σf }. respect to Poi and Σf , i = 1, 2. Now, in order to address
Then, according to Definition 7, for all n ∈ N, there exist NDESWTS codiagnosability, we first compute, in accordance
s ∈ L \ LN , t ∈ L/s and wi ∈ LN , i = 1, 2, . . . , INs , such with Algorithm 1, automata Ga1 and Ga2 , which are shown
that |t| ≥ n and [Psi [Fai (st)] ∩ Psi [Fai (w)] = ∅. In addition, in Figs. 6 and 7 , respectively. Notice that, the sets of observ-
according to Fact 1, L is not NDESWTS diagnosable with able and unobservable events of local diagnoser LD1 (resp.
respect to Fai , Psi , and Σf = {σf } for each i ∈ INs , which also LD2 ) are Σa1 ,o = {bs1 , cs1 } and Σa1 ,uo = {a, b, c, σf , bl1 }
Fig. 10. Two paths that reach SCCs with marked states in Gscc1 of
Example 5.
Fig. 6. Automaton Ga1 of Example 5.
Fig. 7. Automaton Ga2 of Example 5.

Fig. 11. Two paths that reach SCCs with marked states in Gscc2 of
Example 5, where s21 , s22 ∈ L(Gscc2 ).
s22 = σf aas2 ccs2 b. They have been chosen so as to allow us to

illustrate how the verification algorithm works. Since both Gscc1
and Gscc2 have SCCs with marked states, we may conclude, ac-
cording to Theorem 1 and Fact 2, that L is neither NDESWTS di-
agnosable with respect to projection Ps1 nor with respect to pro-
jection Ps2 . In spite of it, we still have to verify if L is NDESWTS
codiagnosable, by checking if some marked SCC “survives” in
the parallel composition between Gscc1 and Gscc2 . To this end,
Fig. 8. Automaton Ga1 , of Example 5.
in Step 3, we compute automaton GNET scc = Gscc1 ||Gscc2 , which
are shown in Fig. 12 , where sNET1 = σf aas2 ccs2 bbs1 cs1 and
sNET2 = σf aas2 bbs1 aa2 . It is worth remarking that other SCCs
have survived in the computation of GNET scc besides those shown in
Fig. 12. Since GNET scc has SCCs with marked states, we conclude
that L is not NDESWTS codiagnosable with respect to Fai , Psi ,
i = 1, 2 and Σf = {σf }.
Let us now show how the delays introduced by the commu-
nication networks and possible loss of event observation have
led to loss of codiagnosability. Notice that because only SCCs
Fig. 9. Automaton Ga2 , of Example 5. that have the Y -labeled second components, all of the traces in
L(GNET scc ) that lead to surviving SCCs are faulty traces, we may
extract from GNET scc the faulty traces that cannot be networked
codiagnosable. Thus, from Fig. 12, we select the following two
(resp. Σa2 ,o = {as2 , cs2 } and Σa2 ,uo = {a, b, c, σf , al2 }), re-
fault traces: sY = sNET1 (ccs1 cs2 )n and sY = sNET2 (ccs1 cs2 )n ,
spectively.
where n ∈ Z+ . We can see from the definition of sNET1 (resp.
In order to check NDESWTS codiagnosability, we first com-
sNET2 ) that sY (resp. sY ) corresponds to the case when there has
pute, according to Step 1 of Algorithm 2, automata Ga1 , and
been a change in the order of observations of events c and b by
Ga2 , , which are depicted in Figs. 8 and 9 . Notice that the states
LD1 (resp. there has been a loss of observation of event a by
of Ga1 and Ga2 have been renamed, whose correspondence can
LD2 ).
be identified by comparing Figs. 6 with 8 and Figs. 7 with 9,
Let us consider trace sY first. This trace corresponds
respectively. Step 1 is completed with the computation of au-
to traces sY1 = Pt,1 (sY ) = s12 (ccs1 )n and sY2 = Pt,2 (sY ) =
tomata Gscc1 = Ga1 ,d ||Ga1 , and Gscc2 = Ga2 ,d ||Ga2 , accord-
ing to (11). In Step 2, all states of the SCCs of Gscci , i = 1, 2, s22 (ccs2 )n in Gscc1 and Gscc2 , respectively, which implies
formed with states (xdi , xi ), such that xdi is uncertain and xi they that are observed as sY1 ,s = Ps1 (sY1 ) = bs1 cn+1 s1 and
is an Y-labeled state are marked. Due to the size of automata sY2 ,s =Ps2 (sY2 )=as2 cn+1
s2 by LD 1 and LD 2 , respectively. In
Gscc1 and Gscc2 , we present in Figs. 10 and 11 only two paths of addition, it can be inferred by inspection of Fig. 8 (resp. Fig. 9)
Gscc1 and Gscc2 that reach SCCs, with their states marked, where that LD1 (resp. LD2 ) has the same observations as sY1 ,s (resp.
s11 = σf abbs1 a, s12 = σf acbbs1 cs1 , s21 = σf aas2 baa2 , and sY2 ,s ) when normal trace sN1 = bbs1 a(ccs1 )p (resp. sN2 =
Fig. 12. Two paths that reach SCCs with marked states of GNET
scc of Example 5.
baas2 (ccs2 )q ) since sN1 ,s = Ps1 (sN1 ) = bs1 cps1 (resp. sN2 ,s = TABLE I
COMPUTATIONAL COMPLEXITY OF ALGORITHM 2
Ps2 (sN2 ) = as2 cqs2 ). Thus, when there is a change in the order of
observation between events c and b, fault trace σf acbcn ∈ L(G)
is no longer codiagnosable, i.e., not NDESWTS codiagnosable.
Let us consider now trace sY . This trace corresponds
to traces sY1 = Pt,1 (sY ) = s11 (ccs1 )n and sY2 = Pt,2 (sY ) =
s21 (ccs2 )n in Gscc1 and Gscc2 , respectively, and so, being ob-
served as sY1 ,s = Ps1 (sY1 ) = bs1 cns1 and sY2 ,s = Ps2 (sY2 ) =
as2 cns2 by LD1 and LD2 , respectively. In addition, it can be
inferred by inspecting Fig. 8 (resp. Fig. 9) that LD1 (resp.
LD2 ) has the same observations as sY1 ,s (resp. sY2 ,s ) when
normal trace sN1 = bbs1 a(ccs1 )p (resp. sN2 = baas2 (ccs2 )q )
since sN1 ,s = Ps1 (sN1 ) = bs1 cps1 (resp. sN2 ,s = Ps2 (sN2 ) =
as2 cqs2 ). Thus, when there is a loss of observation of event σρi , if σ ∈ (Σ ∪ Σli ) \ Σf
σ → ρi (σ) = (12)
a, trace σf abacn ∈ L(G) is no longer codiagnosable, i.e., not σ, if σ ∈ Σsi
NDESWTS codiagnosable.
Remark 3 (Computational Complexity of Algorithm 2): The where Σai ,N = Σai \ Σf , for i = 1, . . . , n. The domain of func-
computational complexity of Algorithm 2 is based on the com- tion ρi can be extended to Σ∗ai ,N as usual, i .e., ρi (sσ) =
putation of GNET ρi (s)ρi (σ), for all s ∈ Σ∗ai ,N and σ ∈ Σai ,N . Function ρi can
scc which is performed by the parallel composition
between automata Gscci , i = 1, . . . , Ns . Since each Gscci is the also be applied to a language K as ρi (K) = {ρi (s) : s ∈ K}.
parallel composition between Gai ,d and Gai , we can construct We now propose Algorithm 3 that deploys verifier automaton
Table I which shows the maximum number of states and tran- for NDESWTS codiagnosability verification. The idea of Algo-
sitions of all automata that must be computed to obtain GNET scc rithm 3 is the same as Algorithm 2, i.e., to check if the strongly
from Gai . It is worth remarking that the upper bound of |Xai | connected components that exist in verifier Vi , computed in
(the number of states of Gai ) has been determined with respect accordance with [21], survives.
to |X| (number of states of the plant) in Remark 2. Algorithm 3 works as follows. In Step 1, we compute, for
every i = 1, 2, . . . , Ns , verifier automaton V̄i in accordance
B. Using Verifier to Check NDESWTS Codiagnosability with [21]. Notice that V̄i = Gai ,ρ Gai ,F , where automaton
Gai ,F models the faulty behavior of Gai and automaton Gai ,ρ
We will now present an algorithm for the verification of is obtained by applying renaming function ρi to automaton
NDESWTS codiagnosability of DES based on the same idea as Gai ,N that models the normal behavior of Gai . Thus, the set
the verifier proposed in [21], recalled in Section II. To this end, of events of V̄i is ΣVi = Σai ,ρ ∪ Σai , where Σai ,ρ = ρi (Σai \
we first present the definition of the one-to-one event renaming Σf ). In Step 2, we find the cyclic paths in V̄i with uncer-
function, as follows:
tain states (xjai , N, yaj i , Y ) and events not renamed since these
ρi : Σai ,N → Σai ,ρ cycles violate Condition 13. In Step 3, we form Vi from V̄i
wi and wj not necessarily distinct for i, j ∈ {1, . . . , Ns }. Thus,

Algorithm 3: NDESWTS codiagnosability using verifier.
according to Lemma 2, since L is not NDESWTS codiagnos-
Input Automaton Gai = (Xai , Σai , fai , Γai , x0,ai ), event able, there exist traces sai tai ∈ L(Gai ,F ) and wai ∈ L(Gai ,N )
sets Σf , Σsi , for i = 1, . . . , Ns , and renaming function ρi . such that, Psi (sai tai ) = Psi (wai ) for all i ∈ {1, 2, . . . , Ns }.
Output NDESWTS codiagnosability decision: Yes or No. As shown in [21], the existence of traces sai tai and wai ,
STEP 1. For each i ∈ INs , compute verifier V̄i = Gai ,ρ i = 1, . . . , Ns , with Psi (sai tai ) = Psi (wai ), implies that there
Gai ,F = (YVi , ΣVi , fVi , ΓVi , yVi ,0 , ∅), in exists a path pi in Vi , that ends with a cyclic path cli that
accordance with [21], for Gai and function ρi . satisfies Condition (13), whose associated trace vi ∈ L(Vi ) satis-
STEP 2. Find all cyclic paths cli = (yVki , σk , yVk+1 i
, σk+1 , fies PVi ai (vi ) = sai tai and PVi ρ (vi ) = ρi (wai ), where PVi ai :
. . . , σ , yVki ), where ≥ k > 0 in V̄i that satisfy Σ∗Vi → Σ∗ai and PVi ρ : Σ∗Vi → Σ∗ai ,ρ . Notice that, if the states
the following condition: of the cyclic path cli are marked, then vi ∈ Lm (Vi ), where
∃j ∈ {k, k + 1, . . . , } such that Lm (Vi ) denotes the marked language of Vi . Since V = ||N i=1 Vi ,
s
Ns −1
then Lm (V ) = i=1 PV Vi [Lm (Vi )], where PV Vi : ΣV → Σ∗Vi . ∗
yVj i = (xjai , N, yaj i , Y ) ∧ (σj ∈ Σai ) (13) s −1

Thus, N i=1 PV Vi (vi ) ⊆ Lm (V ). Notice that the common events
where xjai , yaj i ∈ Xai . that synchronize the traces vi in automaton V are those in Σ, and,
additionally, PVi ai (vi ) = sai tai and Pai (sai tai ) = st, for all
STEP 3. Compute automata Vi=(YVi , ΣVi , fVi , ΓVi , yVi ,0 ,
i ∈ {1, . . . , Ns }. Therefore, it can be concluded that there exists
YVi ,m ), where YVi ,m is formed by those states of s −1
V̄i that belong to SCCs that contain cyclic paths a cyclic path in V , associated with a trace v ∈ N i=1 PV Vi (vi ),
cli that violate condition (13). such that all states are marked and at least one transition is
STEP 4. Compute the verifier automaton V = V1 . . . labeled with an event σ ∈ Σ.
VNs = (XV , ΣV , fV , xV,0 , XVm ), where ΣV = (⇐) Suppose that there exists a path p in V that ends
with a cyclic path cl that satisfies Condition (14), and let v ∈
∪Ni=1 ΣVi .
s
Lm (V ) be the trace associated with p. Notice that, since V =
STEP 5. Verify the existence of a cyclic path cl = (xkV , Ns −1
Ni=1 Vi , then Lm (V ) =
s
i=1 PV Vi [Lm (Vi )], and PV Vi (v) =
V , σk+1 , . . . , σ , xV ) in V , ≥ k > 0,
σk , xk+1 k
vi ∈ Lm (Vi ), for i = 1, 2, . . . , Ns . Notice also that, the com-
that satisfies the following condition: mon events of traces vi ∈ Lm (Vi ), for i = 1, 2, . . . , Ns , are
(xqV ∈ XVm , ∀q ∈ {k, k + 1, . . . , })∧ those events σ ∈ Σ. Thus, since Condition (14) is verified,
then at least one event in the cyclic path cl belongs to Σ,
((∃q ∈ {k, k + 1, . . . , })[σq ∈ Σ]). which implies that all traces vi are associated with a path pi
If the answer is yes, then L is not NDESWTS that ends with a cyclic path cli , formed with marked states,
codiagnosable with respect to Fai , Psi , for that has an event in Σ. According to Algorithm 3, the states
i = 1, . . . , Ns , and Σf . Otherwise, L is of a cyclic path cli in Vi are marked only if the fault has
NDESWTS codiagnosable. occurred. Thus, associated with the cyclic path cl of V there
exists one cyclic path cli in each verifier Vi , for i = 1, . . . , Ns ,
that satisfies Condition (13), i.e., there exist a faulty trace
sai tai ∈ L(Gai ), with arbitrarily long length, and a normal
by marking the states that form SCCs found in the previous trace wai ∈ L(Gai ), such that Psi (sai tai ) = Psi (wai ), for all
step. Finally, in Steps 4 and 5, we compute the verifier au- i ∈ {1, . . . , Ns }. In addition, since traces sai tai , i = 1, . . . , Ns ,
tomaton V = V1 . . . VNs and check if some marked cyclic are associated with the same path p of V and the events in Σ
path survives in automaton V . If the answer is yes, then L are the common events of all verifiers Vi , it can be concluded
is not NDESWTS codiagnosable. Otherwise, L is NDESWTS that st = Pa1 (sa1 ta1 ) = . . . = PaNs (saNs taNs ) ∈ L(G). This
codiagnosable. implies that, for the arbitrarily long length faulty trace st, there
The following results prove the correctness of Algorithm 3. exist, for every i ∈ {1, . . . , Ns }, sai tai ∈ Fai (st) and wai ∈
Lemma 2: L(Gai ,F ) = Fai (L \ LN ) and L(Gai ,N ) = Fai (wi ), for some wi ∈ LN , such that Psi (sai tai ) = Psi (wai ).
Fai (LN ). Therefore, according to Definition 7, L is not NDESWTS
Proof: The proof is straightforward from the construction of codiagnosable with respect to Fai , Psi , for i = 1, . . . , Ns ,
Gai , Gai ,N , and Gai ,F . and Σf .
Theorem 4: Language L is NDESWTS codiagnosable Example 6: Consider again the NDESWTS G =
with respect to Fai , Psi , for i = 1, . . . , Ns , and Σf if, (G, tmin , T ) of Example 5 depicted in Fig. 5(a) and (b).
and only if, there does not exist any cyclic path cl = We now apply Algorithm 3 to compute V1 and V2 by using,
(xkV , σk , xk+1
V , σk+1 , . . . , xV , σ , xV ), ≥ k > 0 in V satisfy-
k
as input, automata Ga1 and Ga2 depicted in Figs. 6 and 7,
ing the following condition: respectively. In Step 1, automata Ga1 ,ρ and Ga1 ,F , shown in
Figs. 13(a) and (b), respectively, are computed in accordance
(xqV ∈ XVm , ∀q ∈ {k, k + 1, . . . , })∧ with [21]. It is worth remarking that the same renaming of
((∃q ∈ {k, k + 1, . . . , })[σq ∈ Σ]). (14) the states of Ga1 and Ga2 have been carried out here. Notice
that function ρ1 renames every event in Ga1 ,ρ belonging to
Proof: (⇒) Suppose that language L is not NDESWTS co- (Σ \ Σf ) ∪ Σl1 . Continuing Step 1 of Algorithm 3, verifier
diagnosable with respect to Fai , Psi , for i = 1, . . . , Ns , and Σf . V1 = Ga1 ,ρ ||Ga1 ,F is computed, and similarly, V2 is obtained
Thus, according to Definition 7, there exist at least one arbi- by the parallel composition between automata Ga2 ,ρ and Ga2 ,F ,
trarily long length trace st (s ∈ L \ LN ) and traces wi ∈ LN , depicted in Fig. 14(a) and (b). Due to the size of automata V1
i = 1, . . . , Ns , such that Psi [Fai (st)] ∩ Psi [Fai (wi )] = ∅, and and V2 we show in Fig. 15(a) and (b) only two paths that contain
TABLE II
COMPUTATIONAL COMPLEXITY OF ALGORITHM 3
Fig. 13. Automata Ga1 ,ρ and Ga1 ,F of Example 6.
Remark 4 (Computational Complexity of Algorithm 3): The

computational complexity of Algorithm 3 is based on the com-
putation of automaton V , which is the parallel composition
between each V1 , . . ., VNs . Table II shows the maximum number
of states and transitions of all automata that must be computed
in order to obtain the verifier automaton V for Ns local sites
Fig. 14. Automata Ga2 ,ρ and Ga2 ,F of Example 6.
according to Algorithm 3.
VI. CONCLUSION
We addressed, in this article, the problem of codiagnosability
of DES subject to event communication delays and intermit-
tent loss of observations, by adding temporal features of the
dynamic behavior of the plant to better represent the effects of
communication delays. The resulting model has been termed
Fig. 15. Path of V1 with cyclic path cl1 (a) and path of V2 with cyclic NDESWTS. We present necessary and sufficient conditions for
path cl2 (b). the NDESWTS codiagnosability of the language generated by
the system, and, based on these conditions, propose two tests
to verify this property: one that deploys diagnosers and another
one that uses verifiers.
Fig. 16. Path of V with cycle path cl Example 6. REFERENCES

[1] M. Sampath, R. Sengupta, S. Lafortune, K. Sinnamohideen, and D.
Teneketzis, “Diagnosability of discrete-event systems,” IEEE Trans.
the cyclic paths cl1 = (ccρ1 cs1 )p and cl2 = (ccs2 cρ2 )q that Autom. Control, vol. 40, no. 9, pp. 1555–1575, Sep. 1995.
satisfy Condition (13), where p, q ∈ N, being the sequences [2] R. Debouk, S. Lafortune, and D. Teneketzis, “Coordinated decentralized
that reach them given by sV1 = σf bρ1 acbbs1 aρ1 cρ1 cs1 and protocols for fault diagnosis of discrete event systems,” Discrete Event
sV2 = σf bρ2 aρ2 aas2 cρ2 ccs2 cρ2 b, respectively. After the Dyn. Syst., vol. 10, no. 1, pp. 33–86, 2000.
computation of V1 and V2 , we compute automaton V = V1 ||V2 , [3] A. Seuret, L. Hetel, J. Daafouz, and K. H. Johansson, Eds., Delays and
Networked Control Systems. Switzerland: Springer, 2016.
which, as illustrated in Fig. 16, has a path that contains [4] X. Yin and S. Lafortune, “Minimization of sensor activation in decentral-
a cyclic path cl = (ccs2 cρ2 cρ1 cs1 )k , where k ∈ N, and ized discrete-event systems,” IEEE Trans. Autom. Control, vol. 63, no. 11,
sV = σf bρ1 bρ2 aρ2 aas2 cρ2 ccs2 cρ2 bbs1 aρ1 cρ1 cs1 . Therefore, pp. 3705–3718, Nov. 2018.
we can conclude, from Theorem 4, that language L is not [5] C. E. V. Nunes, M. V. Moreira, M. V. S. Alves, L. K. Carvalho, and J.
C. Basilio, “Codiagnosability of networked discrete event systems subject
NDESWTS codiagnosable with respect to Fai , Psi , i = 1, 2 to communication delays and intermittent loss of observation,” Discrete
and Σf , which is the same result obtained by using diagnosers, Event Dyn. Syst., vol. 28, no. 2, pp. 215–246, 2018.
as expected. [6] R. Debouk, S. Lafortune, and D. Teneketzis, “On the effect of communi-
It is worth remarking that the same analysis as that performed cation delays in fault diagnosis of decentralized discrete event systems,”
in Example 5 could be carried out here to identify, based on the Discrete Event Dyn. Syst., vol. 13, no. 3, pp. 263–289, 2003.
[7] W. Qiu and R. Kumar, “Distributed diagnosis under bounded-delay com-
above paths, the faulty path that has led to loss of NDESWTS munication of immediately forwarded local observations,” IEEE Trans.
codiagnosability and the conditions that made the language to Syst., Man, Cybern.-Part A, Syst. Humans, vol. 38, no. 3, pp. 628–643,
become not NDESWTS, leading to identical conclusions. May 2008.
[8] L. K. Carvalho, J. C. Basilio, and M. V. Moreira, “Robust diagnosis of dis- [27] T.-S. Yoo and S. Lafortune, “Polynomial-time verification of diagnos-
crete event systems against intermittent loss of observations,” Automatica, ability of partially observed discrete-event systems,” IEEE Trans. Autom.
vol. 48, no. 9, pp. 2068–2078, 2012. Control, vol. 47, no. 9, pp. 1491–1495, Sep. 2002.
[9] X. Yin, “Initial-state detectability of stochastic discrete-event systems with [28] M. V. Moreira, J. C. Basilio, and F. G. Cabral, “Polynomial time verification
probabilistic sensor failures,” Automatica, vol. 80, pp. 127–134, 2017. of decentralized diagnosability of discrete event systems’ versus decen-
[10] S.-J. Park and K.-H. Cho, “Delay-robust supervisory control of discrete- tralized fault diagnosis of discrete event systems: A critical appraisal,”
event systems with bounded communication delays,” IEEE Trans. Autom. IEEE Trans. Autom. Control, vol. 61, no. 1, pp. 178–181, Jan. 2016.
Control, vol. 51, no. 5, pp. 911–915, May 2006.
[11] F. Lin, “Control of networked discrete event systems: Dealing with com- Gustavo S. Viana was born on July, 9, 1990 in
munication delays and losses,” SIAM J. Control Optim., vol. 52, no. 2, Rio de Janeiro, Brazil. He received the Electrical
pp. 1276–1298, 2014. Engineer, M.Sc., and D.Sc. degrees in control
[12] S. Shu and F. Lin, “Decentralized control of networked discrete event from the Federal University of Rio de Janeiro,
systems with communication delays,” Automatica, vol. 50, no. 8, pp. 2108– Rio de Janeiro, Brazil, in 2012, 2014, and 2018,
2112, 2014. respectively.
[13] S. Tripakis, “Decentralized control of discrete-event systems with bounded Since 2018, he has been an Associate Pro-
or unbounded delay communication,” IEEE Trans. Autom. Control, vol. 49, fessor with the Department of Electrical Engi-
no. 9, pp. 1489–1501, Sep. 2004. neering, Federal University of Rio de Janeiro.
[14] W. H. Sadid, L. Ricker, and S. Hashtrudi-Zad, “Robustness of synchronous His research interests include fault diagnosis
communication protocols with delay for decentralized discrete-event con- and identification of discrete-event systems,
trol,” Discrete Event Dyn. Syst., vol. 25, no. 1–2, pp. 159–176, 2015. cyber-physical system security, and industry 4.0.
[15] L. B. Clavijo and J. C. Basilio, “Empirical studies in the size of diagnosers
and verifiers for diagnosability analysis,” Discrete Event Dyn. Syst., vol. 27,
no. 4, pp. 701–739, 2017. Marcos V. S. Alves was born on March, 5th
[16] B. A. Brandin and W. M. Wonham, “Supervisory control of timed discrete- 1988 in Aracaju, Sergipe, Brazil. He received
event systems,” IEEE Trans. Autom. Control, vol. 39, no. 2, pp. 329–342, the Electronic Engineer degree suffices from the
Feb. 1994. Federal University of Sergipe, Sergipe, Brazil
[17] G. S. Viana, M. S. Alves, and J. C. Basilio, “Codiagnosability of timed in 2011, and the M.Sc. and D.Sc. degrees in
networked discrete-event systems subject to event communication delays control from the Federal University of Rio de
and intermittent loss of observation,” in Proc. 56th IEEE Annu. Conf. Janeiro, Rio de Janeiro, Brazil, in 2014 and
Decis. Control, Melbourne, Australia, 2017, pp. 4211–4216. 2017, respectively.
[18] C. G. Cassandras and S. Lafortune, Introduction to Discrete Events Sys- He is currently a Postdoctoral Researcher
tems, 2nd ed. New York, NY: USA: Springer, 2008. with Federal University of Rio de Janeiro. His re-
[19] G. S. Viana and J. C. Basilio, “Codiagnosability of discrete event systems search interests include supervisory control and
revisited: A new necessary and sufficient condition and its applications,” fault diagnosis of discrete event systems, and cyber-physical system
Automatica, vol. 101, pp. 354–364, 2019. security.
[20] W. Qiu and R. Kumar, “Decentralized fault diagnosis of discrete event
systems,” IEEE Trans. Syst., Man, Cybern. - Part A, Syst. Humans, vol. 36, João Carlos Basilio (Senior Member, IEEE)
no. 2, pp. 384–395, Mar. 2006. was born on March 15, 1962 in Juiz de Fora,
[21] M. V. Moreira, T. C. Jesus, and J. C. Basilio, “Polynomial time verification Brazil. He received the Electrical Engineer de-
of decentralized diagnosability of discrete event systems,” IEEE Trans. gree suffices from the Federal University of Juiz
Autom. Control, vol. 56, no. 7, pp. 1679–1684, Jul. 2011. de Fora, Juiz de Fora, Brazil, in 1986, the M.Sc.
[22] S. Takai and T. Ushio, “Verification of codiagnosability for discrete degree in control from the Military Institute of
event systems modeled by mealy automata with nondeterministic output Engineering, Rio de Janeiro, Brazil, in 1989, and
functions,” IEEE Trans. Autom. Control, vol. 57, no. 3, pp. 798–804, the Ph.D. degree in control from Oxford Univer-
Mar. 2012. sity, Oxford, U.K., in 1995.
[23] M. P. Cabasino, A. Giua, S. Lafortune, and C. Seatzu, “A new approach He began his career in 1990 as an Assistant
for diagnosability analysis of petri nets using verifier nets,” IEEE Trans. Lecturer with the Department of Electrical En-
Autom. Control, vol. 57, no. 12, pp. 3104–3117, Dec. 2012. gineering of the Federal University of Rio de Janeiro, Rio de Janeiro,
[24] G. S. Viana, M. V. Moreira, and J. C. Basilio, “Codiagnosability analysis Brazil, where he is currently a Full Professor in control. Since February,
of discrete-event systems modeled by weighted automata,” IEEE Trans. 2014, he has been the Dean with Polytechnic School, UFRJ. From
Autom. Control, vol. 64, no. 10, pp. 4361–4368, Oct. 2019. September 2007 to December 2008, he spent a sabbatical leave at
[25] J. C. Basilio, S. T. S. Lima, S. Lafortune, and M. V. Moreira, “Computation the University of Michigan, Ann Arbor, MI, USA, and was an Invited
of minimal event bases that ensure diagnosability,” Discrete Event Dyn. Professor with École Centrale of Lille, University of Lille, France, during
Syst., vol. 22, no. 3, pp. 249–292, 2012. September, 2016. His research interests include fault diagnosis and
[26] L. P. Santoro, M. V. Moreira, and J. C. Basilio, “Computation of minimal supervisory control of discrete-event systems.
diagnosis bases of discrete-event systems using verifiers,” Automatica, Prof. Basilio is the recipient of the Correia Lima Medal.
vol. 77, pp. 93–102, 2017.

Codiagnosability of Networked Discrete Event Systems With Timing Structure

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Codiagnosability of Networked Discrete Event Systems With Timing Structure

Uploaded by

Copyright:

Available Formats

IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 67, NO.

8, AUGUST 2022 3933

Codiagnosability of Networked Discrete Event

Definition 1: (Codiagnosability) A live and prefix-closed lan-

Assumption A1 ensures that the only cases of interest are

Dilation operation proposed in [8]. Thus, the system behavior in (6)

Σai := Σ ∪ Σsi ∪ Σli (5) and

concatenates q with a sequence and adds elements in q that

Algorithm 2: NDESWTS codiagnosability using diagnoser.

STEP 4. Verify if there exists at least one strongly

Fig. 7. Automaton Ga2 of Example 5.

s22 = σf aas2 ccs2 b. They have been chosen so as to allow us to

wi and wj not necessarily distinct for i, j ∈ {1, . . . , Ns }. Thus,

yVj i = (xjai , N, yaj i , Y ) ∧ (σj ∈ Σai ) (13) s −1

Fig. 13. Automata Ga1 ,ρ and Ga1 ,F of Example 6.

Remark 4 (Computational Complexity of Algorithm 3): The

Fig. 16. Path of V with cycle path cl Example 6. REFERENCES

You might also like