What Topology tells us about Diagnosability in Partial Order Semantics

HAL Id: inria-00583666

https://hal.inria.fr/inria-00583666

Submitted on 7 Apr 2011

HAL is a multi-disciplinary open access

archive for the deposit and dissemination of

sci-entific research documents, whether they are

pub-lished or not. The documents may come from

teaching and research institutions in France or

abroad, or from public or private research centers.

L’archive ouverte pluridisciplinaire HAL, est

destinée au dépôt et à la diffusion de documents

scientifiques de niveau recherche, publiés ou non,

émanant des établissements d’enseignement et de

recherche français ou étrangers, des laboratoires

publics ou privés.

What Topology tells us about Diagnosability in Partial

Order Semantics

Stefan Haar

To cite this version:

Stefan Haar. What Topology tells us about Diagnosability in Partial Order Semantics. [Research

Report] RR-7593, INRIA. 2011. �inria-00583666�

a p p o r t

d e r e c h e r c h e

N

0

2

4

9

-6

3

9

9

IS

R

N

IN

R

IA

/R

R

--7

5

9

3

--F

R

+

E

N

G

Programs, Verification and Proofs

What Topology tells us about Diagnosability in

Partial Order Semantics

Stefan Haar

N° 7593

Centre de recherche INRIA Saclay – Île-de-France

Parc Orsay Université

Stefan Haar

∗

Theme: Programs,Veri ationandProofs Algorithmi s,Programming,SoftwareandAr hite ture

Équipes-ProjetsMExIC0

Rapportdere her he n°7593April201119pages

Abstra t: Fromapartial observation ofthebehaviourofalabeledDis rete Event System,fault diagnosis strivesto determinewhether ornotagiven in-visible fault event has o urred. The diagnosability problem an be stated as follows: does the labeling allow for an outside observer to determine the o urren e of the fault, no later than abounded number of events after that unobservableo urren e? Whenthisproblemisinvestigatedin the ontextof on urrentsystems, partial ordersemanti s adds tothe di ulty of the prob-lem, but also provides ari her and more omplex pi ture of observation and diagnosis. Inparti ular,itis ru ialto larifytheintuitivenotionoftimeafter faulto urren e".Tothisend,wewilluseaunifyingmetri frameworkforevent stru tures,providingageneraltopologi aldes riptionofdiagnosabilityinboth sequentialandnonsequentialsemanti s forPetri nets.

Key-words: Dis reteeventsystems,diagnosis,Petrinets,events, observabil-ity, partialordersemanti s,Eventstru tures.

Extendedversion(submittedtoajournal)ofapaperpresentedatWODES2010,Berlin

Thiswork was partly supported by the European Community's 7th Framework Pro-grammeunderproje tDISC(DIstributedSupervisorControloflargeplants),Grant Agree-mentINFSO-ICT-224498.

∗

INRIA and LSV (CNRS and ENS Ca han), 61, avenue du Président Wilson, 94235 CACHANCedex,Fran e(e-mail:haarlsv.ens- a han.fr,stefan.haarinria.fr).

Partial Order Semanti s

Résumé : Dés ription topologiquedediagnosti abilitédans des sémantiques séquentiellesetnon-séquentiellesdesRéseauxdePetri.

Mots- lés : Systèmesàévénementsdis rets,diagnostiques,RéseaudePetri, observabilitém,sémantiqued'ordrepartiel,stru turesd'événements.

1 Introdu tion

Diagnosis under partial observation is a lassi al problem in automati on-trol in general,andhasre eived onsiderableattentionindis ret eventsystem (DES) theory, among other elds. In the DES setting, the approa h that we will all  lassi al here supposes that the observed system is an automaton with transitionset

T

,(behavioural)language

L ⊆ T

∗

,and asetof observable transition labels

O

. The asso iated labeling map, letus all it

η

: T → O

in line with theformalism used below, may notberequired inje tive, and leaves sometransitionsfrom

T

unobservable,in parti ularfault

φ

. Theobservations havetheformofwords

w

∈ O

∗

obtainedbyextending

η

into ahomomorphism

T

∗

→ O

∗

. A lassi aldenition ofdiagnosabilityis givenin [CL99℄, following [SSL

+

95℄;writing

s

∼

η

s

′

i

s, s

′

_{∈ T}

∗

aremappedtothesameobservableword in

O

∗

,we anstateitasfollows:

L

isnon-diagnosable ithereexistsequen es

s

N

, s

Y

∈ L

su hthat: 1.

s

Y

isfaulty,

s

N

ishealthy,and

s

N

∼

η

s

Y

;

2. moreover,

s

Y

withtheaboveisarbitrarilylongaftertherstfault,i. e. for every

k

∈ N

there existsa hoi e of

s

N

, s

Y

∈ L

withtheaboveproperties andsu hthat thesux

s

Y

/φ

of

s

Y

after thersto urren eoffault

φ

in

s

Y

satises

|s

Y

| ≥ k

.

Con urrent systems are di ult to supervise using the lassi alapproa h be- ause of the state explosion problem. Moreover, onsider intrinsi ally asyn- hronous distributed systems, su h as en ountered in tele ommuni ations or moregenerallyin networkedsystems. Here,the useof models that ree tthe lo alanddistributednatureoftheobservedsystem,su hasPetrinetsorgraph grammars,ishelpfulnotonlyintermsof omputationale ien y,butalso on- eptually. Puttingthese ideastogether,wewereled in[BFHJ03℄to arryover diagnosistoasyn hronousmodelsandtheir non-interleavedsemanti s;seealso thedis ussion ofthene essityforusingpartial ordermethods in[FB07℄. This generalizedmethodologyforfaultdiagnosisisbasedonthenon-sequential exe- utionsoflabeledPetrinets,that is, thepartialorder semanti sino urren e netsandeventstru tures. Theapproa hwasextendedtographtransformation systemsformodellingdynami allyevolvingsystemtopologiesin[BCHK10℄. We haveprovidedaseriesofresults[HBFJ03,Haa07,Haa09,Haa10℄onpartialorder diagnosability forPetrinets,in thespiritoftheabovedenition. Whilethe se-quential aseisembeddedandgeneralizedintheseresults,newfeaturesemerge in partial ordered runs that haveno ounterpartin sequentialbehaviour; this ledtothedistin tionbetweenstrong andweak observabilityanddiagnosability propertiesin[HBFJ03,Haa10℄.

BauerandPin hinat[BP08℄havegivenatopologi alviewondiagnosability in termsofsequentiallanguages. Thepresentwork developsaframeworkthat in ludes bothsequentialandpartial order semanti s, retrievingand generaliz-ing as a spe ial ase the results of [BP08℄ and showing onne tions between weakandstrongproperties. Thekey onstru tionisthatofsuitablemetri son eventstru tures. Forthis,wegeneralizeastandard onstru tiontobefoundin [BMP90,Kwi90℄andothers,insu hawaythatprogressandobservation prop-erties anbe apturedintheresultingtopology. Eventstru turesprovidea uni-fying semanti almodel bothfor thesequentialand non-sequentialviewpoints.

That is, both sequentiallanguagesasin [CL99, BP08℄AND the partial order semanti sgiven in [Eng91, NPW81℄ and used in [FBHJ05, Haa10℄, asso iate eventstru turesto asystem;andthemetri topologygivenhere oin ides, on thesequentialsemanti s,withtheCantortopologyusedin[BP08℄. Withthese tools,the properties ofweakand strongdiagnosabilityfrom [HBFJ03, Haa10℄ be ome dierent instan es of a general property, eventual diagnosability, for general labeledevent stru tures. Thedieren e betweenthe weak and strong propertiesliesthusinthe hoi eofsemanti sthatprodu estheeventstru ture modelofbehaviourforthesystemthat isinvestigated.

Stru tureofthepaper: WebegininSe tion2. withthebasi denitionsfor (labeled) eventstru tures. The followingSe tion 3. investigatespartial obser-vation anddiagnosability,and developsthemain generalresultsofthis paper. Se tion 4 spe ializes to safe Petri nets, and studies properties hara terizing weaklydiagnosablenets. Wethen on ludeinSe tion 5.

2 Event Stru tures

Let

A

beaset.

A

∗

_{, {a}

1

. . . a

n

| a

i

∈ A}

is theset ofall nitewordsover

A

; thesetofinnite wordsover

A

isdenoted

A

ω

. Let

1

A

betheindi atorfun tion of

A

, i.e.

1

_A

_{(x) = 1}

i

x

∈ A

and

1

_A

_{(x) = 0}

for

x

6∈ A

. Let

f

: A → B

bea partial fun tion. Write

f

(a) ↓

if

f

is dened on

a

∈ A

, and

f

(a) ↑

otherwise. Thedomain of

f

is

dom

(f ) , {a ∈ A | f (a) ↓}

, andtheimage of

f

is

f

(A) ,

{b ∈ B | ∃ a ∈ dom(f ) : f (a) ↓ ∧ f (a) = b}.

Weshallbeusingthroughoutthispaperprimeeventstru tures(PES)following Winskel et al [NPW81, Win ℄, with parti ular attentionto labeling. Fixsome alphabet

A

6= ∅

.

Denition1 A (labeled) prime eventstru ture (over alphabet

A

) is a tuple

E = (E , 6, #, λ)

,where

1.

E

= supp(E)

isthe support,or setofeventsof

E

,

2.

6⊆ E × E

isa partialordersatisfying the property of nite auses,i.e. setting

[e] , {e

′

_{∈ E | e}

′

_{6 e}}

,onehas

∀ e ∈ E : |[e]| < ∞,

(1)

3.

# ⊆ E ×E

anirreexivesymmetri oni trelationsatisfyingtheproperty of oni t heredity, i.e.

∀ e, e

′

, e

′′

∈ E : e # e

′

∧ e

′

6 e

′′

_{⇒ e # e}

′′

_,

(2)

4.

λ

: E → A

is a total mapping alled the labelling. Events

e, e

′

_{∈ E}

are on urrent, written

e co e

′

, i neither

e

= e

′

nor

e 6 e

′

_e

′

_{6= e}

nor

e

# e

′

hold. If

co

= ⊥

, i.e. if

co

is the empty relation, we all

E

sequential. An

A

-labeledeventstru tureis alled simple

1

ino label an o ur on urrently ontwodierentevents;that is,i

e co e

′

⇒ λ(e) 6= λ(e

′

_).

(3) 1

Figure 1: The simple event stru ture of Example 1. Arrowsrepresent ausal pre eden e

6

,anddashedlinesstandfor oni t

#

;onlyminimalrelationsare represented,allothersaregeneratedbytransitivityandinheritan e.

Asimple labeledeventstru turewillbe alledan SES.

Let

E

1

= (E

1

, 6

1

,

#

1

, λ

1

)

and

E

2

= (E

2

, 6

2

,

#

2

, λ

2

)

betwo

A

-labeledevent stru -tures. If (i)

E

1

⊆ E

2

and (ii)for all

e, e

′

_{∈ E}

1

,

e

#

1

e

′

⇔ e#

2

e

′

and

e 6

1

e

′

⇔ e 6

2

e

′

,

then

E

1

isa sub-eventstru ture of

E

2

.

Example1. Let

E

,

{a

i

, b

i

, c

i

, d

i

| i ∈ N}

A

,

{a, a

∗

, b, b

∗

, c, c

∗

, d, d

∗

}

andforall

i

∈ N

,

λ

p

(a, 2i) = a

∧ λ

p

(a, 2i + 1) = a

∗

λ

p

(b, 2i) = a

∧ λ

p

(b, 2i + 1) = b

∗

λ

p

(c, 2i) = a

∧ λ

p

(c, 2i + 1) = c

∗

λ

p

(d, 2i) = a

∧ λ

p

(d, 2i + 1) = d

∗

.

Dene sets

A , λ

−1

p

({a})

,

A

∗

_{, λ}

−1

p

({a

∗

})

,

A , A

∪ A

∗

and analogously

B, B

∗

, B, C, C

∗

, C, D, D

∗

, D

. Let

1. for

i < j

,

a

i

< a

j

,

b

i

< b

j

and

d

i

< d

j

,but

c

i

#c

j

, 2.

a

2i

#c

i

,

a

i

#d

j

and

b

i

#d

j

forany

i, j

∈ N

;

an illustration is given by Figure 1. Oneeasily he ks that

E = (E , 6, #, λ)

thusdened isanSES.

Prexes and Congurations. Theset of auses orprime onguration of

e

∈ E

is

[e] , {e

′

_{| e}

′

_{6 e}}

,as dened above. A prex of

E

isanydownward losed subset

D

⊆ E

, i.e. su h that for every

e

∈ D

,

[e] ⊆ D

. Prexes of

E

indu e, in the obvious way, sub-event stru tures of

E

in the sense of the abovedenition. Denote theset of

E

's prexesas

D(E)

. Prex

c

∈ D(E)

isa onguration ifandonlyifitis oni t-free,i.e. if

e

∈ c

and

e#e

′

imply

e

′

_{6∈ c}

. Denote as

C(E)

the set of

E

's ongurations. Call any

⊆

-maximalelement of

C(E)

arun of

E

; denotethesetof

E

'srunsas

Ω(E)

,orsimply

Ω

ifno onfusion anarise.

Inthe ontext ofExample 1,one he ksthat,e.g.,

[c

i

] ∪ [b

j

]

and

[a

i

] ∪ [b

j

]

are some of the ongurations for all

i, j

∈ N

; the runs are

ω

AB

, A ∪ B

,

ω

c

i

B

, [c

i

] ∪ B

for

i

∈ N

,and

ω

D

, D

.

2.1 Labeled event stru ture morphisms

Themodelingofobservationproje tionleadsustointrodu eadedi ated lassof morphismsforlabeledeventstru tures,whi hspe ializesWinskel'smorphisms foreventstru tures (see[Win , BCM01℄):

Denition2 Let

E

1

= (E

1

, 6

1

,

#

1

, λ

1

)

and

E

2

= (E

2

, 6

2

,

#

2

, λ

2

)

betwoprime event stru tures. A partial mapping

f

: E

1

→ E

2

is a morphism i for all

e

1

∈ dom(f )

,

1.

[f (e

1

)] ⊆ f ([e

1

])

, 2. andforall

e

′

1

∈ dom(f )

, (a)

f

(e

1

)#

2

f

(e

′

1

)

implies

e

1

#

1

e

′

1

,and (b)

f

(e

1

) = f (e

′

1

)

and

e

1

6= e

′

1

togetherimply that

e

1

#

1

e

′

1

.

A morphism

f

: E

1

→ E

2

is alledan

(A−)

morphismi,in addition, 1.

dom

(λ

1

) ⊆ dom (f )

and

dom

(f ) ⊆ dom (λ

2

)

,

2.

∀ e ∈ E

1

: λ

1

(e) = λ

2

(f (e)) .

E

1

and

E

2

are (

A

-)isomorphi , written

E

1

∼

A

E

2

, i there exist morphisms

f

: E

1

→ E

2

and

f

−1

_{: E}

2

→ E

1

su h that for all

e

1

∈ dom(f )

and all

e

2

∈

dom

(f

−1

)

,

f

−

(f (e

1

)) = e

1

and

f f

−1

(e

2

)
= e

2

.

Note that Abbes[Abb06℄ denes adierent lass of morphisms: full mapping

f

: E

1

→ E

2

is a morphism i it is order-preservingbetweenthe underlying posets and if moreover f ree ts oni t. This lass is less appropriate than theaboveforourpurposessin eitdoesnotallowforfusionof observationally equivalent oni ting ongurations,norforunobservableevents.

Write

D

1

⊑

A

D

2

i

D

1

is

A

-isomorphi to aprexof

D

2

. For

c

1

, c

2

∈ C(E)

, let

[[c

1

]]

A

⊓ [[c

2

]]

A

,

[[c

3

]]

A

,

where

c

₃

istheunique

⊆

-maximal prexof

c

₁

su hthat

c

₃

_⊑

_A

c

₂

. This sym-metri operation an be seen asthe interse tion of two ongurations up to

A

-isomorphism.

Foragiven onguration

c

∈ C(E)

,wedenote theset of ongurationsin

E

that are

A

-isomorphi imagesof

c

as

[[c]] ,

{c

′

_{∈ C | c}

′

_∼

A

c

} .

2.2 Metri s.

The sets

C(E)

and

Ω(E)

an be equipped withLawsonorS ott topologies,or withnaturalmetri s;wewillfollowandgeneralize thelatterapproa h,similar to metrizations of tra es as studied in [KK03℄. Our pseudometri s allow to apture in parti ularpartial observation andfault equivalen e. Ourprin ipal toolare

µ

-Heights: Let

µ

: A → R

+

0

beanytotalmapping;weshallreferto

µ

asaweightfun tion. Asaparti ular ase, onsider

µ(e) ≡ 1

E

: wewillreferthis as the ounting weight. The following onstru tion yields pseudometri sthat areequivalent(intopologi alterms)totheprexmetri [Kwi90℄andtheFoata normalformmetri [BMP90℄,see[KK03℄,whenthe ountingweightis hosen; other hoi esofweightsallowtogeneralizetoobservationandfaultequivalen e.

The

µ

-indu ed

∗

-height

H

∗

µ

(D )

ofaprex is denedre ursivelybysetting, for

∅

representingtheemptypreset,

H

∗

µ

(∅) , 0

(4)

H

∗

_µ

([e])

, H

∗

µ

([e] \ {e}) + µ(e)

(5)

H

∗

µ

(D ) ,

sup

e

∈D

(H

∗

µ

([e])).

(6)

Now,for

τ

∈ [0, ∞)

let

U

µ

τ

bethe

τ

-prex under

µ

,i.e.

U

µ

τ

,

[ D ∈ D(E) | H

∗

µ

(D ) 6 τ ,

(7)

and let

E

µ

τ

be the prime event stru ture that

E

indu es on

U

µ

τ

. Then dene

H

µ

(c)

forall

c

∈ C(E)

as

H

µ

(c)

, sup{τ | c ∈ Ω(E

τ

µ

)}.

(8)

Notethat ingeneral,forany onguration

c

,

H

µ

(c)

6

H

∗

µ

(D );

(9)

wewill allany ongurationsu hthat equalityholdsin(9)progressive. Notethat

H

µ

(•)

isinvariantunder

A

-isomorphism. Thus,let

Ψ

µ

(•) : C(E) →

[0, 1]

andthe

µ

-pseudometri

d

µ

(•, •)

begivenby

Ψ

µ

(c)

, 2

−H

µ

(c)

(10)

d

_µ

_(c

₁

_{, c}

₂

_{) , Ψ}

_µ

_(c

₁

_{⊓ c}

₂

_).

(11)

Again, onsider

µ(e) ≡ 1

E

; denote as

H(•)

,

Ψ(•)

and

d

(•, •)

the asso iated height, on isenessandpre-distan e. Weobserveforthisspe ial ase:

Lemma1 Forall

c

∈ C

,

H(c) = ∞ ⇒ c ∈ Ω.

(12)

Proof: Assume

c

6∈ Ω

, and let

e

∈ E \c

su hthat thereis no

e

′

_{∈ c}

su hthat

e

′

#e

,andlet

n ,

H([e

′

_])

. Then

H(c) 6 n < ∞

bydenitionof

H(•)

.

2

Asnotedabove,

H

µ

(•)

-and thusallthe abovefun tions derivedfromit -areinvariantunderisomorphisms.

Example 1 ontinued. Inthe ontextof example1,see Figure 1, observe rst that

A

and

B

are ongurations but not maximal. Consider now the ountingheight. Here - as in any event stru ture - all sets of the form

S

c

,

{ω ∈ Ω | c}

for

c

∈ C(E)

nite, are open sets; the set

{ω

AB

}

oin ides e.g. with

S

c

31

,where

c

31

, [(a, 3)] ∪ [(b, 1)]

. Oneobtainsthat

{ω

AB

}

,

{ω

D

}

andall

{ω

c

i

B

}

areopen; soare of oursetheirunions andinterse tions. Inparti ular,

S

B

= {ω

AB

, ω

c

1

B

, ω

c

2

B

, . . .}

isalsoanopenset. However,forthe onguration

A

2

= A ∪ {b

1

, b

2

}

,

S

A

2

= {ω

AB

}

not anopenset,sin eanyopenneighbourhood of

ω

AB

must ontainsome

ω

c

i

B

. Hen eitisnotthe aseingeneralforinnite ongurations

c

that

S

c

is open, in ontrast with the ase where

c

is nite. Further,one he ksthat ongurations

[a

2

] ∪ [b

2

]

and

[c

2

] ∪ [b

4

]

areprogressive, but e.g.

[a

6

] ∪ [b

4

]

isnot.

Letusnow hooseaweight

µ

on

E

su h thatforall

i

,

µ(a, 2i) = µ(c, i) = 1

but

µ(a, 2i + 1) = µ(b, i) = µ(d, i) = 0

. Then

{ω

D

}

isnotopenin

T

µ

sin eany neighborhoodof

ω

D

ontains

ω

c

₁

B

.

3 Observability and Diagnosability

Let

E = (E , 6, #, λ)

with

λ

: E → A

,and

η

: A → O

apartialobservation map-ping intoanobservationalphabet

O

. Foragivenlabeledprimeeventstru ture, let

E

η

, {e | η (λ (e)) ↓}

bethesetofvisible events,and

E

ε

, {e | η (λ (e)) ↑}

theset of invisible events. Usingthe above onstru tion, weobtainthevisible height

H

η

(•)

, observable on iseness

Ψ

η

(•)

and pre-distan e

d

_η

_{(•, •)}

, respe -tively,bysetting

µ

≡ 1

E

η

. Write

E

1

∼

η

E

2

ithetwostru tureswith

λ

repla ed by

η

◦ λ

are

O

-isomorphi .

Observability. Toavoidtedious asedistin tions,weassumehen eforththat all runs of

E

are of innite height; ifne essary, onsider any nite-heightrun extendedbyaninnite hainofdummyevents.

Denition3 A labeledES

E

is observablew.r.t.

η

i

H(c) = ∞ ⇒ H

η

(c) = ∞.

(13)

Foranillustration,let

O

= {a}

anddene -in the ontextof Example1-the partialmapping

η

: A → O

su hthat

η

maps

a

to

a

andisundenedotherwise. Then

E

isnotobservablew.r.t.

η

sin eonehas,forevery

i

∈ N

,

Topologies. Clearly,any hoi eof

µ

: A → R

+

0

and hen eof

d

µ

(•, •)

denes atopology

T

µ

, alled the

µ

-topology,on

Ω

. Notethat for

µ

≡ 1

E

,weobtain therestri tion-to

Ω

-oftheS otttopologyon

C

; allthistopology

T

. Further, denoteas

C

/

µ

(E)

, {[[c]]

η

| c ∈ C(E)}

Ω

/

µ

(E)

, {[[c]]

η

| c ∈ C(E)}

thequotientspa esof ongurationsandruns,respe tively,under

µ◦λ

-preserving isomorphism,with asso iated quotienttopology

T

µ

on

Ω

/

µ

= Ω

/

µ

(E)

. In par-ti ular,set

O

, T

η

.

Dening diagnosability. Let

Φ ⊆ E

be a set of invisible fault events; in parti ular,noeventin

Φ

isobservable,i.e.

λ(Φ) ∪ dom(η) = ∅

. A onguration

c

_{∈ C(E)}

is alled faulty i

c

∩ Φ 6= ∅

, and healthy otherwise. Denote as

Ω

F

(

C

F

) theset of faulty runs ( ongurations), and

Ω

NF

theset ofhealthyruns. We observethat if

c

is faulty, so is everyextension of

c

, i.e. every

c

′

_{∈ C(E)}

su hthat

c

_{⊆ c}

′

isfaulty. Asa onsequen e,wehave:

Lemma2

Ω

F

isopen in

T

.

Note, however,that

Ω

F

isin generalneitheropennor losed in

O

. We an distinguishthree diagnosis states,givenbysetsofruns:

Fault

− definite : FD

,

{ω ∈ Ω | [[ω]]

η

⊆ Ω

F

}

NF

− definite : ND

,

{ω ∈ Ω | [[ω]]

η

⊆ Ω

NF

}

Indefinite

: ID

,

Ω\ (FD ∪ ND) .

Ifthesystemisinstate

FD

(or

ND

or

ID

),this meansthat its urrent ong-uration

c

issu hthat

Ω

c

, {ω ∈ Ω | c ⊆ ω} ⊆ FD(ND, ID)

It is of ourse not feasible to verify dire tly the innite runs. In [CL99℄, a diagnoser system is built over diagnoser states that orrespond to nite ob-servation sequen es : a diagnoser staterepresents the knowledge that anbe derivedabouttheeventualdiagnosis,from agivenniteobservation. Weshall notpro eedhereby onstru tingadiagnoser,sin eitisnotfeasibleingeneral eventstru tures; itsstatespa e would beinnite ingeneral

2

. Rather, wegive dire tly adenitionof eventualdiagnosability notions:

Denition4

Φ

is eventually F-diagnosable for

(E, η)

i

Ω

F

is open in

O

. Dually,

Φ

is eventuallyN-diagnosablefor

(E, η)

i

Ω

NF

isopen in

O

.

Thisisanotionthatdoesnotatalltakethetimeafterfaulto urren einto a ount, ontrarytoe.g. [SSL

+

95,GL℄. Itgeneralizesthetraditionaldenition from[CL99℄givenintheintrodu tion,andtheoneswepresentedforPetrinets in [HBFJ03,Haa07,Haa09℄.

2

Notethat,forthe aseofPetrinetswithsequentialsemanti s(seebelow),thediagnoser onstru tionis arriedoutin[MND10℄

Metri hara terization. Exploring the topology

O

to hara terizeF-and NF-diagnosabilityshowsusthat bothareequivalent, onrming orresponding results(see[WLY05℄)in thesequential ase:

Theorem1 If

(E, η)

isobservable,then

Φ

iseventuallyF-diagnosablefor

(E, η)

iforeveryfaulty

ω

Φ

∈ Ω

F

,thereexistsanite-heightprex

c

Φ

of

ω

Φ

su hthat

Ω

c

Φ

⊆ Ω

F

. Dually, if

(E, η)

isobservable, then

Φ

iseventuallyNF-diagnosable for

(E, η)

i for every healthy

ω

0

∈ Ω

NF

, there exists a nite prex

c

0

of

ω

0

su hthat

Ω

c

₀

⊆ Ω

NF

.

Proof: Fix

ω

Φ

and assume

Φ

is eventually F-diagnosable; then there exists

δ

= δ(ω

Φ

)

su hthat

∀ω ∈ Ω

NF

: d

η

(ω

Φ

, ω) > δ.

(14)

Let

k

be any integersu h that

k >

log

2

(δ)

; then let

c

φ

bethe smallestprex of

ω

Φ

su h that

H

η

(c

Φ

) = k

. Byobservability,

H(c) < +∞

, and (14) implies that

Ω

c

Φ

⊆ Ω

F

. Thereverse impli ationis obvious. Finally, theproof forthe hara terizationofNF-diagnosabilityisexa tlyanalogous.

2

Weobtainthefollowingadditionalresult:

Theorem2 If

(E, η)

is observable, then:

Φ

is eventually NF-diagnosable for

(E, η)

iitiseventually F-diagnosablefor

(E, η)

.

Proof: Followsfrom thesymmetryof

d

η

(•, •)

in theproofofTheorem 1.

2

Theastutereaderwillnoti ethatasystemmaybediagnosableevenwithout beingobservableasdenedin Def. 3. Inthe aseofnon-observability,allruns

ω, ω

′

for whi h

H

λ

(c)

is nite, satisfy

d

_η

_{(ω, ω}

′

_{) = 0}

. For

Φ

to beF- or NF-diagnosablein

(E, η)

,therunsofniteobservableheightmusteitherallbefaulty orallbehealthy. Inourview,thisfa t illustratesthatallinteresting diagnosis problems on ernobservable systems.

Note that equivalen e of F-diagnosability and NF-diagnosabilityhad been shownin [WLY05℄ for the lassi alapproa h, using anenumerationargument that requiressequential semanti s;theabovegeneralizationshowsthatitisan intrinsi ,semanti s-independentfeatureofdiagnosis.

InthelightofTheorem2,wewillhen eforthdropthereferen etoFandNF as well as the qualier"eventually", and speak simply of diagnosable labeled eventstru tures.

Example. In the ontext of the event stru ture in Example 1, let us now hoose

O

= {b, d}

with

dom

(η) = {b, b

∗

_{, d, d∗}}

, where

η(b) = η(b

∗

_{) = b}

and

η(d) = η(d

∗

) = d

. If

Φ ⊆ {c

2

, c

3

, c

4

, . . .}

, thenthenet isnotdiagnosablesin e

Ω

F

=

S

_i∈N

{ω

c

i

B

, ω

c

i

D

}

is notanopensetin

O

;anyneighborhoodof

Ω

F

in

O

ontains

ω

AB

∈ Ω

NF

.

Ifonehas,ontheotherhand,

Φ ⊆ B, O = {a, d}

and

dom

(η) = {a, a

∗

_{, d, d∗}}

, where

η(a) = η(a

∗

_{) = a}

and

η(d) = η(d

∗

_{) = d}

,then

E

isdiagnosablewithrespe t to

η

and

Φ

,sin e

Ω

F

= {ω

c

i

B

| i ∈ N} ∪ {ω

AB

}

isopenin

O

.

Suxes. Note that allprexesof

E

, and in parti ularall its ongurations, onstitute sub-event-stru tures of

E

; we will denote these stru tures with the

samesymbolsasthe orrespondingsets. Wehavethefollowingsux obje ts: For

c

∈ C

and

S

⊆ C

,let

C

c

, {˜c ∈ C | c ⊆ ˜c} , Ω

c

, {ω ∈ Ω | c ⊆ ω}

and

Ω

S

,

[

c∈S

Ω

c

.

Further,forany

c

∈ C(E)

,denoteas

E

c

=

(E

c

, 6

|E

c

,

#

|E

c

, λ

|E

c

),

where E

c

,

{e ∈ E \c | ∀ e

′

∈ c : ¬ (e # e

′

)} ,

theshift of

E

by

c

. If

c

′

_{∈ C(E}

c

)

,then

c

◦ c

′

istheunique ongurationof

E

su h that (i)

c

isaprexof

c

◦ c

′

, and(ii)

c

◦ c

′

_{∩ E}

c

= c

′

. Forevery

c

′

_{∈ C(E}

c

)

, weobservethat

c

′′

_{, c ∪ c}

′

_{∈ c(E)}

;write inthis ase

c

′′

_{= c ◦ c}

′

,andsaythat

c

′′

isobtainedbyappending

c

′

to

c

.

Stru turalChara terization. Thefollowing hara terizationresultliftsthe anologous one unfoldings of safe Petri nets presented in [HBFJ03, Haa10℄ to regular event stru tures. For any two nite ongurations

c

₁

_{, c}

₂

_{∈ C(E)}

, say that

c

2

orresponds to

c

1

, written

c

1

∼

E

c

2

, i

E

c

1

∼

A

E

c

2

.

Clearly,

∼

E

is an eqivalen e;eventstru ture

E

isregular iithasanitenumberofdistin t

∼

E

- lasses. In parti ular, all unfoldings of 1-safe Petri nets are regular. In fa t, all innite runs of these unfoldings must pass through an innite number of nite ongurations orrespondingtothebehaviourafterthesamenetmarking, sin e the number of rea hable markings is nite. Any pair

(c

1

, c

2

)

of su h ongurationswith

c

1

⊆ c

2

satises

c

1

∼

E

c

2

by onstru tionoftheunfolding. The onverse- an allregulareventstru turesbe onstru tedasunfoldings of 1-safenets? -is knownasThiagarajan's onje ture[Thi02℄.

To ompleteour preparationsfor Theorem 3, let

c

∼

η

c

′

ithere is an

η

-isomorphismbetween

c

and

c

′

,and

c

∼

Φ

c

′

i

c

and

c

′

areeither bothhealthy orbothfaulty.

Theorem3 If

(E, η)

is observable and regular,

Φ

is eventually F-diagnosable for

(E, η)

ifor all ongurations

c

1

, c

2

, c

′

1

, c

′

2

∈ C(E)

of niteheight su hthat

c

₁

_{⊆ c}

′

1

∧ c

1

∼

E

c

′

1

c

₂

_{⊆ c}

′

2

∧ c

2

∼

E

c

′

2

,

the followingholds:

c

₁

_∼

_η

c

₂

∧

c

′

1

∼

η

c

′

2

∧ H(c

1

) < H(c

′

1

)







⇒ c

′

1

∼

Φ

c

′

2

.

(15)

Proof: Toshowthe if" part, assume

c

1

, c

2

, c

′

1

, c

′

2

violate(15), i.e. without lossofgenerality

1.

c

′

2

isfaulty, butneither

c

′

1

nor

c

₁

are, 2. for

i

∈ {1, 2}

,

c

′

i

= c

i

◦ d

i

, where

d

i

∈ C(E

c

i

)

and

d

1

1

6= ∅

(

d

2

may be empty),and

3. for

i

∈ {1, 2}

,

c

′

i

∼

η

c

i

and

c

′

i

∼

E

c

i

. It follows that thereis a onguration

d

2

i

∈ C(E

c

′

i

)

that isan isomorphi opy of

d

i

. Iteratingthis argument,let

c

1

i

, c

′

i

= c

1

◦ d

1

i

and

c

n+1

i

, c

n

i

◦ d

n+1

i

for

n

∈ N

. Thenbyassumption,

H(c

n

1

) →

n→∞

∞

(the sameneednotbetruefor the sequen e of

c

n

2

). We have

c

n

i

∼

η

c

i

for all

n

; by onstru tion, all

c

n

2

are

healthy,so

Φ

annotbeF-diagnosablefor

(E, η)

.

For only if", suppose

Φ

is notF-diagnosablefor

(E, η)

. Thenthere exists

ω

∈ Ω

F

su h that for any nite-height prex

c

of

ω

, there is

c

′

_{∈ C(E)}

that satises

c

′

_∼

η

c

and

Ω

c

′

∩ Ω

NF

6= ∅

. But thenone obtainsaviolation of(15)

fromtheassumptionthat

E

isregular.

2

4 Appli ation to Petri Nets

Petri Nets. Wewill turn nowto animportantinstan e of event stru tures, thoselinkedto Petrinetmodels.

Denition5 A net isatuple

N

= (P , T , F )

where ˆ

P

6= ∅

isasetof pla es,

ˆ

T

6= ∅

isasetof transitions su hthat

P

∩ T = ∅

, ˆ

F

⊆ (P × T ) ∪ (T × P )

isasetofow ar s.

A marking is amultiset

m

of pla es, i.e. amap from

P

to

N

. APetri net isatuple

N = (P , T , F , m)

,where

ˆ

(P , T , F )

isanite net,and ˆ

m

: P → N

isaninitial marking.

Elementsof

P

∪ T

are alled thenodes of

N

. Foratransition

t

∈ T

, we all

•

_t

_{= {p | (p, t ) ∈ F }}

thepreset of

t

,

t

•

_{= {p | (t, p) ∈ F }}

thepostset of

t

. In Figure2,werepresentasusualpla esbyempty ir les,transitionsbysquares,

F

byarrows,andthemarkingofapla e

p

byputtingthe orrespondingnumberof bla ktokensinto

p

. Atransition

t

isenabled inmarking

m

if

∀p ∈

•

_t

_{, m(p) > 0}

. Thisenabledtransition anre,resultinginanewmarking

m

′

_{= m−}

•

_t+t

•

;this ringrelationisdenotedby

m[tim

′

. Amarking

m

isrea hable ifthereexistsa ringsequen e,i.e. transitions

t

0

. . . t

n

su hthat

m

0

[t

0

im

1

[t

1

i . . . [t

n

im

. Anet issafe ifforallrea hablemarkings

m

,

m(p) ⊆ {0, 1}

forall

p

∈ P

.

Sequentialsemanti s. Thelanguage

L

of

N

isthesetofwords

e

0

. . . e

n

over aset

E

withamapping

λ

: E → T

su hthat

λ(e

0

) . . . λ(e

n

)

isaringsequen e. Assume now that

L

is trim: any two words

w, w

′

in

L

share their ommon prex,i.e. ifthereare

u

∈ E

∗

_{, x, x}

′

_{∈ E}

∞

and

e, e

′

_{∈ E}

su hthat

w

= uex

and

w

′

= ue

′

_x

′

,then

λ(e) = λ(e

′

₎

implies

e

= e

′

. Thesequentialsemanti s of

N

is givenbyeventstru ture

E

seq

= (E , 6

seq

,

#

seq

, λ)

,obtainedfrom

L

bysetting

1.

e 6

seq

e

′

ithereexist

u, v

∈ E

∗

and

w

∈ E

∞

su hthat

ueve

′

_w

_{∈ L}

,and 2.

e#

seq

e

′

ithere exist

¯

e,

¯

e

′

_{∈ E}

and

u, v

∈ E

∗

su hthat

u¯

e, u ¯

e

′

_{∈ L}

with

λ(¯

e) 6= λ( ¯

e

′

₎

Partial order unfolding semanti s. Ina net

N

= (P , T , F )

, let

<

N

the transitive losureof

F

,and

6

N

thereexive losureof

<

N

. Further,set

t

1

#

im

t

2

for transitions

t

1

and

t

2

if and only if

t

1

6= t

2

and

•

_t

1

∩

•

t

2

6= ∅

, and dene

# = #

N

by

a

# b

⇔ ∃t

a

, t

b

∈ T :







t

a

#

im

t

b

∧ t

a

6

N

a

∧

t

b

6

N

b.

Finally,dene

co

= co

N

bysetting,foranynodes

a, b

∈ P ∪ T

,

a co b

⇐⇒

¬ (a 6 b) ∧ ¬ (a # b) ∧ ¬ (b < a) .

Denition6 A net

ON

= (B , E , G)

is an o urren e net if andonly if it satises

1.

6

ON

isapartialorder; 2. forall

b

∈ B

,

|

•

_{b| ∈ {0, 1}}

;

3. forall

x

∈ B ∪ E

,the set

[x] = {y ∈ B ∪ E | y 6

ON

x}

isnite; 4. noself- oni t,i.e. thereisno

x

∈ B ∪ E

su hthat

x#

ON

x

; 5. theset

cut

0

of

6

ON

-minimalnodesis ontainedin

B

andnite.

Thenodesof

E

aretheevents,thoseof

B

onditions. Onenoti esqui klythat ompleteo urren enetsformparti ular asesofeventstru tures. The anoni- alasso iationofaneventstru turetoano urren enet

ON

isbyrestri ting

6

and

#

totheeventset

E

,"forgetting" onditions. Inparti ular, ongurations of o urren e netsare dened assets of events,i.e. ongurations dened as aboveforthe"stripped"eventstru ture.

O urren enetsarethemathemati alformofthepartialorderunfolding se-manti sforPetrinets[JEV02℄;althoughmoregeneralappli ationsarepossible, wewillfo ushereonunfoldingsofsafe Petrinetsonly.

If

N

1

= (P

1

, T

1

, F

1

)

and

N

2

= (P

2

, T

2

, F

2

)

arenets, ahomomorphism isa mapping

h

: P

1

∪ T

1

→ P

2

∪ T

2

su hthat

ˆ

h(P

1

) ⊆ P

2

and

ˆ forevery

t

1

∈ T

1

, therestri tionto

•

_t

1

isabije tionbetweentheset

•

_t

1

in

N

1

andthe

•

_h(t

1

)

in

N

2

,andsimilarlyfor

t

1

•

and

(h(t

1

))

•

.

Abran hingpro ess ofsafePetrinet

N = (N , m

0

)

isapair

β

= (ON , π)

,where

ON

= (B , E , G)

isano urren enet, and

π

is ahomomorphismfrom

ON

to

N

su hthat:

1. Therestri tionof

π

to

cut

0

isabije tionfrom

cut

0

to

m

0

,and 2. forevery

e

1

, e

2

∈ E

,if

•

_e

Bran hingpro esses

β

1

= (ON

1

, π

1

)

and

β

2

= (ON

2

, π

2

)

for

N

areisomorphi ithereexistsabije tivehomomorphism

h

: ON

1

→ ON

2

su hthat

π

1

= π

2

◦h

. Theunique(uptoisomorphism)maximalbran hingpro ess

β

U

= (ON

U

, π

U

)

of

N

is alledtheunfoldingof

N

;see[JEV02℄fora anoni alalgorithmto ompute theunfoldingof

N

. Wewillassumethatalltransitions

t

∈ T

haveatleastone output pla e, i.e.

t

•

isnotempty. Inthis ase,everynite onguration

c

of

ON

U

spansa oni t freesubnet

c

U

= (E

c

, B

c

, G

|(E

c

×B

c

)∪(B

c

×E

c

)

)

of

ON

U

by setting

B

c

,

[

e

∈E

(

•

t

∪ t

•

) .

The followingresults (seee.g. [JEV02℄)justify the useof unfoldings: Theset

cut(c)

of

6

-maximal nodesof

c

_U

is ontainedin

B

c

. Moreover,

cut(c)

is a o-set, that is, for alldistin t onditions

b, b

′

_{∈ cut(c)}

,

b co b

′

holds; and

cut(c)

is

⊆ −

maximalwith this property,and su hsets in o urren enetsare alled uts. Bysetting, forany ut

s

,

m(s) ,

π

(s) ,

weobtain amarking of

N

. Now, for

cut(c)

asabove,

m(c) , m(cut(c))

is a rea hablemarkingof

N

,morepre iselythemarkingthat

N

isinafterexe uting rabletransitionsinasequen e ompatiblewith

c

. Conversely,everyrea hable marking

m

of

N

isree tedinthiswaybyatleastone onguration

c

in

ON

U

su hthat

m

(c) = m

.

Figure2: Left: aPetriNet;right: aprexofitsunfolding,witheventsbearing thenameoftheir

π

-image

Thepartial ordersemanti sfor

N

isgivenbytheeventstru ture

where

E

U

isthesetofeventsin

N

'sunfolding

β

U

,and

6

U

,

#

U

,and

π

E

U

arethe restri tions to

E

U

of the orresponding elements of

β

U

. By onstru tion, the labeling

π

E

U

for

E

U

is simple in the abovesense: this property simply ree ts thefa tthatnotransition anhavemorethanone on urrento urren eifthe netissafe.

Conne ting the diagnosability notions. The notion of F-diagnosability given in Sampath, Lafortune et al [SSL

+

95℄ involves existen e of a uniform bound on the time after o urren eof the fault before diagnosis. It anbe adaptedto ourframework-usingasequentialeventstru ture

E

obtainedfrom aniteautomaton-asfollows: let

C

φ

∗

,

{c ∈ C

F

| ∀c. ∈ C : c

′

⊆ c ⇒ c

′

6∈ C

F

}

bethesetofminimal faulty ongurations.

Φ

isF-diagnosable for

(E, η)

ifor every

c

_Φ

_{∈ C}

∗

Φ

, there exists

K

= K (c) > 0

su h that the followingholds: If

c

_{∈ C(E)}

issu h that

c

Φ

is

η

-isomorphi to aprex of

c

, andthe

1

-heightof

c

isboundedby

K

plusthe

1

-heightof

c

Φ

,then

c

isalsofaulty:

H

1

(c

Φ

) + K 6 H

1

(c)

⇒ c ∈ C

F

.

(16) then

c

isalsofaulty. Notethatthisdenition usesthe

1

-height,notobservable height;wewillseebelowthat,underobservability,bothareequivalent.

Chara terizing diagnosable Petri nets. This denition had inspiredthe analogousonewehavegivenin [HBFJ03,Haa10℄forsafePetri nets.

Denition7 Let

N = (P , T , F , m

0

)

asafePetrinet,

η

: T → O

apartial map-ping,

U

N

= (B , E , G, cut

0

)

itsunfoldingnet,withlabelingmorphism

λ

: E → T

given by the unfoldingmorphism. Let

φ

∈ T \dom(η)

be afaulttransition,and let

E

φ

, λ

−1

_(φ)

. Denoteby

C

prog

(N )

thesetof

N

's progressive ongurations ( ompare(9 )):

C

prog

(N )

,

c ∈ C (N ) | H(c) 6 H

∗

µ

(D )

Wesaythat

N

isweaklyobservablew.r.t.

η

iitsunfoldingeventstru ture

E

U

isobservablew.r.t.

η

. Aweaklyobservable(w.r.t.

η

)

N

isweakly diagnos-ablew.r.t.

η

and

φ

ithere exists

n

= n

N

∈ N

su hthatfor all ongurations

c

_φ

, [e

_φ

_]

with

e

φ

∈ E

φ

,every

c

∈ C

prog

(N )

su hthat

(a)

c

φ

⊑ c

,

(b)

c

isnotdead,and

( )

H(c) > H(c

φ

) + n

, satises:

∀c

′

∈ L : c ⊑

O

c

′

⇒ E

φ

∩ c

′

6= ∅.

(17) Noti ethattheroleoftheset

Φ ⊆ E

,whi hwasarbitraryintheabovestudy ofdiagnosabilityineventstru tures,isplayedherebytheset

E

φ

ofo urren es of thesametransition

φ

. Thedenition implies that

N

isweaklydiagnosable w.r.t.

φ

and

η

i

E

U

(N )

isdiagnosablew.r.t.

E

φ

and

η

.

Lemma3 If

N

isobservable, thenthere exists

n

O

∈ N

su h that for any two ongurations

c

1

, c

2

∈ C(N )

su hthat

c

1

⊑ c

2

and

c

1

∼

O

c

2

,

H(c

2

) 6 H(c

1

)

. Proof: Suppose for every

n

∈ N

there exist

c

1

, c

2

su h that

H(c

2

) > H(c

1

)

while

c

1

⊑ c

2

and

c

1

∼

O

c

2

. Then thepigeonhole prin ipleimplies, sin ethe number of rea hable markings of

N

is bounded above by

2

|P|

, that for any

n >

2

|P|

,thereexist

c

, c

′

_{∈ C(N )}

su hthat 1.

m(c) = m(c

′

₎

2.

c

1

⊑ c ⊑ c

′

_{⊑ c}

2

, 3.

H(c

′

_{) > H(c) + 1}

. It follows that

c

∼

O

c

′

. Moreover, sin e

m

(c) = m(c

′

₎

, any ring sequen e leading from

c

to

c

′

is again enabledin

m

(c

′

₎

, hen e

N

allows ongurations

c

_(n)

,

n

∈ N

, su h that

c

⊑ c(1) ⊑ c(2) ⊑ . . .

and

H(c(n)) > H(c) + n

. This leadstoa ontradi tionwithweakobservabilityas

n

→ ∞

.

2

Wethenhave:

Theorem4 Use the notations of Denition 7 and assume

N

is weakly ob-servable. Then

N

is weakly diagnosable i there exists

n

∈ N

su h that forall

c

_φ

_{∈ C}

_Φ

_{(N )}

and

c

∈ C(N )

,

c

_φ

_{⊑ c}

c

_{not dead}

H

O

(c) > H

O

(c

φ

) + n







⇒



∀ω ∈ Ω(N ) :

(c ⊑

O

ω) ⇒ ω ∈ Ω

F

(18)

Proof: Supposerstthat

N

isweaklydiagnosable,i.e.

n

N

asinDenition7 exists;then

n ,

max(n

N

, n

O

)

with

n

O

fromLemma3hastheaboveproperties. Similarly, the existen e of

n

as in the statement of the theorem implies that

n

N

, max(n, n

O

)

satisesthepropertiesrequiredin(18).

2

Example 2: What Interleavings do and don't see. Figure 2illustrates that hoosing apartial ordervs an interleaving semanti shas important on-sequen es. Tosee this,note thatifthenetbehaviourisre ordedin sequential form,westillhaveaneventstru ture semanti s;yetthe resultingevent stru -tureisdegenerateinthesensethat

co

isempty. Deningmetri topologyet . asabove, let

Φ = π

−1

_({v})

,andassumetheobservationlabellingsfor

E

seq

and

E

U

bothsatisfy

dom

(η) = π

−1

_({a})

. Then:

a)Insequentialsemanti s,thenetis notobservable: therun

ω

s

∈ Ω(E

seq

)

whi h onsistsonlyofo urren esof

u

and

v

satises

H

η

(ω

s

) = 0

and

H

λ

(ω

s

) =

∞

. Further,

(E

seq

, η)

is neither F-diagnosable nor NF-diagnosable, sin e all runswithoutano urren e

y

areobservationallyindis ernablefromtherun

ω

′

formed only by o urren esof

a

and

b

; this

∼

η

lass therefore ontainsboth faultyandhealthyruns.

b) However,withthesameassumptions,

(E

U

, η)

is bothobservableand di-agnosable;infa t,allruns

ω

∈ Ω(E

U

)

areF-denite.

Thisexampleshowsthatthe hoi eofsemanti smayde idewhetherornot agivenPetrinetisdiagnosable. Thedistin tionsin theterminology-weakvs strongdiagnosability-arein fa tpropertiesofexe utionsemanti s.

5 Con lusion

We have ast the dynami s of dis rete event systems in ageneral framework that allowsto omparepropertiesofthe non-sequentialandthesequential be-haviour. Onthe levelofabstra tion grantedby eventstru tures, observability and diagnosabilitybe omegeneraltopologi al propertiesthat spe ializeto ex-isting on rete notions on e the semanti s (sequential or non-sequential) has been hosen. Theveri ationof diagnosabilityhasbeenshown to PSP ACE- omplete forthesequential asein[BP08℄. Thistheoreti alboundis afortiori truefor thenon-sequential ase. It is important nowto develope ient algo-rithmsforveri ationofweak diagnosability;strongdiagnosabilityhasre eived treatedin theexisting literature, see e.g. [MC09b, MC09a℄). Currentwork is addressingtheseissues, basedinparti ular ontheresultsandaninvestigation of uto riteriafor onstru tingsuitableniteprexesofunfoldings.

Outlook: Thetopologi alframeworkpresentedherehastheadvantageof al-lowingforuniedproofs,basedonthepropertiesofeventstru turesregardless of the semanti s that generates them. It is appli able to any kind of system modelthat hasaneventstru turesemanti s,andpotentiallyusefulfor aptur-ing extensions su h as in ompletemodels, or lossof alarm. Future work will addresssu hextensions.

A knowledgments: ThisworkwaspartlysupportedbytheEuropean Com-munity's7thFrameworkProgrammeunderproje tDISC(DIstributedSupervisor Control oflargeplants),GrantAgreementINFSO-ICT-224498.

Referen es

[Abb06℄ S.Abbes. A artesian losed ategoryofeventstru tureswith quo-tients. Dis rete Mathemati s and Theoreti al Computer S ien e, 8(1):249272,2006.

[BCHK10℄ PaoloBaldan, ThomasChatain, StefanHaar, and Barbara König. Unfolding-baseddiagnosisofsystemswithanevolvingtopology. In-formationandComputation, 208(10):11691192,O tober2010.

[BCM01℄ P.Baldan,A. Corradini,andU.Montanari. Contextual petri nets, asymmetri eventstru tures andpro esses. Information and Com-putation,171(1):149,2001.

[BFHJ03℄ Albert Benveniste,Éri Fabre, Stefan Haar, andClaude Jard. Di-agnosisofasyn hronousdis reteeventsystems: Anetunfolding ap-proa h. IEEE Transa tions on Automati Control, 48(5):714727, May2003.

[BMP90℄ P. Bonizzoni, G. Mauri, and G. Pighizzini. About innite tra es. Report TUM-I9002,TUMün hen, 1990.

[BP08℄ AxelBauerand SophiePin hinat. A topologi alperspe tiveon di-agnosis. In9thInternational Workshopon Dis reteEvent Systems, Gothenburg,Sweden,Mar h2008.

[CL99℄ C.G.CassandrasandS. Lafortune. Introdu tion toDis reteEvent Systems. KluwerA ademi Publishers,Bostonet ,1999.

[Eng91℄ J.Engelfriet. Bran hingPro essesofPetriNets. A taInformati a, 28:575591,1991.

[FB07℄ E.FabreandA.Benveniste.Partialorderte hniquesfordistributed dis rete event systems: whyyou an't avoidusing them. Dis rete Event Dynami Systems: Theory andAppli ations, 2007.

[FBHJ05℄ Éri Fabre,Albert Benveniste,Stefan Haar,and ClaudeJard. Dis-tributed monitoringof on urrentand asyn hronoussystems. Dis- rete Event Dynami Systems: Theory andAppli ations, 15(1):33 84,Mar h2005.

[GL℄ S. Gen and S. Lafortune. Predi tability of event o urren es in partially-observeddis rete-eventsystems.

[Haa07℄ StefanHaar. Unfoldand over: QualitativediagnosabilityforPetri nets. InPro eedings of the 46th IEEEConferen e on De ision and Control (CDC'07), pages 18861891,New Orleans, LA, USA, De- ember2007.IEEEControlSystemSo iety.

[Haa09℄ Stefan Haar. Qualitative diagnosability of labeled Petri nets re-visited. In Pro eedings of the Joint 48th IEEE Conferen e on De- ision and Control (CDC'09) and 28th Chinese Control Confer-en e(CCC'09),pages12481253,Shanghai,China,De ember2009. IEEEControlSystemSo iety.

[Haa10℄ StefanHaar. Typesofasyn hronousdiagnosabilityandthereveals -relationino urren enets. IEEE Transa tionson Automati Con-trol,55(10):23102320,O tober2010.

[HBFJ03℄ StefanHaar, Albert Benveniste,Éri Fabre,and ClaudeJard. Par-tial order diagnosability of dis rete event systems using Petri net unfoldings. In Pro eedings of the 42nd IEEE Conferen e on De- ision and Control (CDC'03), volume 4,pages 37483753,Hawaii, USA,De ember2003.IEEEControlSystemSo iety.

[JEV02℄ S.RömerJ.EsparzaandW.Vogler.Animprovementofm millan's unfoldingalgorithm. Formal MethodsinSystem Design,20(3):285 310,2002.

[KK03℄ R.Kummetzand D.Kuske. ThetopologyofMazurkiewi zTra es. Theoreti al Computer S ien e,305:237258,2003.

[Kwi90℄ M.Z. Kwiatkowska. A Metri for Tra es. Information Pro essing Letters,35:129135,1990.

[MC09a℄ C.SeatzuM.P.Cabasino,A.Giua. Diagnosabilityofboundedpetri nets. In Pro . of 48th IEEE Conferen e on De ision and Control (CDC),2009.

[MC09b℄ S. Lafortune C. Seatzu M.P. Cabasino, A. Giua. Diagnosability analysisofunboundedpetrinets.InPro .of48thIEEEConferen e onDe isionandControl(CDC),2009.

[MND10℄ AgnesMadalinski,FaridNouioua,andPhilippeDague. Diagnosabil-ityveri ationwithpetrinetunfoldings.KESJournal,14(2):4955, 2010.

[NPW81℄ M.Nielsen,G.Plotkin,andG.Winskel.Petrinets,eventstru tures, anddomains(I). Theoreti al Computer S ien e,13:85108,1981.

[SSL

+

95℄ M. Sampath, R. Sengupta, S. Lafortune, K. Sinnamohideen, and D. Teneketzis. Diagnosability of dis rete-event systems. IEEE Transa tions onAutomati Control, 40(9):15551575,1995.

[Thi02℄ P.S. Thiagarajan. Regulareventstru turesandnite petri nets: a onje ture. InFormal andNaturalComputing,number2300,pages 244253.Springer, 2002.

[Win℄ G. Winskel. Event stru tures. In Advan es in Petri nets,number 255in LNCS,pages325392.SpringerVerlag.

[WLY05℄ Y.Wang,S.Lafortune,andTae-Si Yoo.De entralizeddiagnosisof dis reteeventsystemsusingun onditionaland onditionalde isions. InPro . 44thCDC,2005.

Centre de recherche INRIA Saclay – Île-de-France

Parc Orsay Université - ZAC des Vignes

4, rue Jacques Monod - 91893 Orsay Cedex (France)

Centre de recherche INRIA Bordeaux – Sud Ouest : Domaine Universitaire - 351, cours de la Libération - 33405 Talence Cedex

Centre de recherche INRIA Grenoble – Rhône-Alpes : 655, avenue de l’Europe - 38334 Montbonnot Saint-Ismier

Centre de recherche INRIA Lille – Nord Europe : Parc Scientifique de la Haute Borne - 40, avenue Halley - 59650 Villeneuve d’Ascq

Centre de recherche INRIA Nancy – Grand Est : LORIA, Technopôle de Nancy-Brabois - Campus scientifique

615, rue du Jardin Botanique - BP 101 - 54602 Villers-lès-Nancy Cedex

Centre de recherche INRIA Paris – Rocquencourt : Domaine de Voluceau - Rocquencourt - BP 105 - 78153 Le Chesnay Cedex

Centre de recherche INRIA Rennes – Bretagne Atlantique : IRISA, Campus universitaire de Beaulieu - 35042 Rennes Cedex

Centre de recherche INRIA Sophia Antipolis – Méditerranée : 2004, route des Lucioles - BP 93 - 06902 Sophia Antipolis Cedex

Éditeur

INRIA - Domaine de Voluceau - Rocquencourt, BP 105 - 78153 Le Chesnay Cedex (France)

http://www.inria.fr