Systems & Control Letters 57 (2008) 1023–1029

Contents lists available at ScienceDirect

Systems & Control Letters

journal homepage: www.elsevier.com/locate/sysconle

Diagnosis of behaviors of interest in partially-observed discrete-event systemsTae-Sic Yoo a,1, Humberto E. Garcia b,∗a Idaho National Laboratory, MS 6180, P.O. Box 1625, Idaho Falls, ID 83403-6180, United Statesb Sensor and Decision Systems, Idaho National Laboratory, MS 3605, P.O. Box 1625, Idaho Falls, ID 83415-3605, United States

a r t i c l e i n f o

Article history:Received 27 March 2007Received in revised form25 June 2008Accepted 25 June 2008Available online 15 August 2008

Keywords:Discrete-event systemsBehaviors of interest detectionDetection delay computation

a b s t r a c t

In this paper, we address the problem of diagnosing the behaviors of interest in discrete-event systems.To this end, we introduce the notion of language-diagnosability, based on language specifications thatgeneralizes diagnosability based on event specifications. A polynomial-time algorithm for verifyinglanguage-diagnosability is developed. Building upon the verification algorithm,wedevelop a polynomial-time algorithm for computing the worst case detection delay of a given system. The computation of theworst case detection delay involves the shortest path computation of a weighted, directed graph. Weexploit a specialweighting structure of the graph resulting from the verification algorithm,which enablesan algorithm with a lower complexity than the commonly used Bellman–Ford shortest path algorithm.

© 2008 Elsevier B.V. All rights reserved.

1. Introduction

The objective of system monitoring is to observe the systembehavior and detect and identify the system behaviors of interestunder partial observations. In [1], the definition of diagnosabilitybased on event specifications was first introduced. The property ofdiagnosability in [1]2 is related to the ability to infer, fromobservedevent sequences, about the occurrence of certain events (the failureevents). We note that the behaviors of interest may be describedwith the set of sequences of events (e.g., a plant operationalmistake that skips a certain step in a procedure to follow, say,executing αγ instead of αβγ ) rather than the execution of asingle event. For example, the treatment of [3] provides a well-known control theoretic approach on handling illegal behaviorsspecified with languages, that is, preventing the illegal behaviorsby controlling the execution of a certain set of controllableevents. In [4], the authors present diagnosismethodology based ontemplate languages in the context of timed discrete-event systems.For the diagnosis of the behaviors of interest, we introduce thenotion of language-diagnosability based on language specificationsthat generalizes diagnosability based on event specifications.

∗ Corresponding author. Tel.: +1 208 526 7769.E-mail addresses: Tae-Sic.Yoo@inl.gov (T.-S. Yoo), Humberto.Garcia@inl.gov

(H.E. Garcia).1 Tel.: +1 208 533 7830.2 Note that two conditions on system behaviors, liveness and unobservable-

cycle freeness, were assumed in [1]. In [2], liveness assumption was relaxed anddiagnosability accounting for terminating traces was defined. We will use thisrelaxed version of diagnosability when we refer the definition of diagnosabilitybased on event specifications.

0167-6911/$ – see front matter© 2008 Elsevier B.V. All rights reserved.doi:10.1016/j.sysconle.2008.06.009

To the best of the authors’ knowledge, the current literature(e.g., [5–7,1,2,8–14]) considers the existence of a finite detectiondelay, but no explicit algorithm has been provided to determine itsexact value. Only a conservative upper bound is given, equal to thesquare of the number of states describing the system behavior [8].Many applications, however, require the exact determination ofthe detection delay in order to assure that any behavior of interestcan be detected and diagnosed within a specified limit. Failureto meet delay response requirements may lead to the redesignof the associated observation mask. Motivated by this practicalimportance, this paper gives an algorithm that computes theworstcase detection delay explicitly.The main contributions of this paper are:

• In Section 2.2, we introduce the notion of language-diagnosabi-lity that specifies the behaviors of interest as languages. In thismanner, language-diagnosability generalizes the diagnosabilityof [1,2].• In Section 3.1, a polynomial-time algorithm for verifyinglanguage-diagnosability is developed. This algorithm accountsfor the existence of terminating traces and unobservablecycles.3

• Building upon the results in Section 3.1, a polynomial-timealgorithm computing the exact worst case detection delay isdeveloped in Section 3.2.

3 Note that algorithms appeared in [6] also account for the existence ofunobservable cycles but not the existence of terminating traces.

1024 T.-S. Yoo, H.E. Garcia / Systems & Control Letters 57 (2008) 1023–1029

2. Notions of diagnosability

Wemodel the untimeddiscrete-event systemas a deterministicfinite-state automaton: A = (Q A,ΣA, δA, qA0)whereQ

A is the finitestate space,ΣA is the set of events, and qA0 is the initial state of thesystem. δA is the partial transition function and δA(q1, σ ) = q2implies the existence of a transition from state q1 to state q2 withevent label σ . The superscript Amay be dropped, if this is not likelyto cause confusion. The language generated byA is denotedbyL(A)and is defined in the usual manner [15].To reflect limitations on observation, we define the observation

mask functionM : ΣA → ∆A∪{ε}where∆A is the set of observedsymbols and it may be disjoint with ΣA. The definition of M canbe extended to sequences of events (traces) inductively as follows:∀s ∈ (ΣA)∗, ∀σ ∈ ΣA,M(sσ) = M(s)M(σ ).

2.1. Event-diagnosability

Consider a language L and a mask function M4 over the eventsdefined in L, denoted byΣL. In the context of abnormality/fault de-tection, abnormal events to be detected/diagnossed are the eventsof interest. In this paper, terminologies, the events/languages ofinterest and abnormal events/langauges, will be used interchange-ably as the relevant existing literature mostly concern abnormal-ity/fault detection and diagnosis. Let Σf ⊆ ΣL denote the set ofabnormal events.5The formal definition of diagnosability was first presented

in [1,2]. In order to highlight the objective of this version ofdiagnosability, identifying the occurrence of the abnormal events,we will call this notion of diagnosability as event-diagnosabilityhereafter. Note that we do not assume that abnormal events areunobservable. The abnormal events may be observable, but maynot have an unique observation symbol under the mask functionM .In order to define event-diagnosability, we need the following

notation. We will write s ∈ Ψ (Σf ) to denote that the last event ofa trace s ∈ L is an abnormal event. That is,

Ψ (Σf ) := {s = tσf ∈ L : σf ∈ Σf }.

We denote by L/s the post-language of L after s, i.e. L/s := {t ∈(ΣL)

∗: st ∈ L}.With slight abuse of notation, we write Σf ∈ s to

denote that s∩Ψ (Σf ) 6= ∅.We are now ready to state the definitionof event-diagnosability introduced in [1,2].

Definition 2.1. A prefix-closed language L is said to be event-diagnosable with respect to a mask function M and Σf if thefollowing holds:

(∃nd ∈ N)(∀s ∈ Ψ (Σf ))(∀t ∈ L/s)[(|t| < nd)(L/st = ∅)⇒ D1] ∧ [|t| ≥ nd ⇒ D2]

where N is the set of non-negative integers and the event-diagnosability conditions D1 and D2 are

D1 : (∀w ∈ M−1M(st) ∩ L)[if L/w = ∅ ⇒ Σf ∈ w] and

D2 : (∀w ∈ M−1M(st) ∩ L)[Σf ∈ w].

4 In [1,2], the plain projection function P is used instead of the (non-projection)mask functionM .5 The set of abnormal events is partitioned into disjoint sets corresponding to

different abnormality types following the approach in [1,2]. For the brevity ofexposition, we only consider one type of abnormality in this paper. Extendingthe presented results in this paper to the multiple types of abnormality arestraightforward.

Fig. 1. Diagnosable or not?

Fig. 2. Violation of diagnosability: Case of terminating abnormal trace.

The condition D1 implies that even if the language L has aterminating trace st that ends in an abnormal event, L maystill be diagnosable as long as there does not exist in L a traces′t ′ such that s′t ′ is also terminating, and generates the samemasked observation as the trace st but does not contain anabnormal event. Though it is not mentioned in [2], note that theabove condition should rely on the implicit assumption that thetermination of abnormal traces is detectable. This may not be aproper assumption, since the termination of traces is not alwayspossible to detect under partial observations. In Fig. 1, we presenta simple example in order to clarify our arguments.We set that f ∈Σf and M(f ) = ε. Then, let us examine if L is event-diagnosablewith the proposed setting. If we follow the above definition ofevent-diagnosability, L is diagnosable since f is the terminatingabnormal trace, the terminating trace looking identical to f is fitself, and Σf ∈ f . However, since M(f ) = ε, there is no wayof knowing if the system has executed f . The definition of event-diagnosabilitymakes sense if we assume that the termination afterexecuting event f is somehow detectable (e.g. time-out). However,it may imply that the proposed model does not sufficiently reflectthe behaviors to be modeled and a more complete model may belive itself (by adding self-loops of termination detection events toterminating states). With this, we believe that it is more proper toclassify the model in Fig. 1 as undiagnosable.In order to account for this observation, and reach a proper

diagnostic decisionwith terminating abnormal traces, the traces tobe examined should include not only terminating look-alike tracesbut also nonterminating look-alike traces. Particulary, in the aboveexample, ε ∈ L is a nonterminating normal trace and M(ε) =M(f ).The graphical description of general situation is depicted in

Fig. 2. If the trace executed by the system is s2, we may beable to decide if the behavior is abnormal or normal after thesystem executes more events. However, if the trace executedby the system is s0 or s1, we cannot decide if the behavior isabnormal or normal indefinitely, since we cannot know if thesystem is terminated or not in the first place. This situation is moreappropriate to be classified as the violation of event-diagnosability.Per the above observation, we modify the definition of event-

diagnosability as follows.

Definition 2.2 (Modified Event-Diagnosability). A prefix-closed lan-guage L is said to be event-diagnosablewith respect to amask func-tionM andΣf if the following holds:

(∃nd ∈ N)(∀s ∈ Ψ (Σf ))(∀t ∈ L/s)[(L/st = ∅) ∨ (|t| ≥ nd)⇒ De]

T.-S. Yoo, H.E. Garcia / Systems & Control Letters 57 (2008) 1023–1029 1025

where N is the set of non-negative integers and the event-diagnosability conditions De is

De : (∀w ∈ M−1M(st) ∩ L)[Σf ∈ w].

The modified definition of event-diagnosability also considers twocases.

(i) If an abnormal behavior st is terminating (L/st = ∅), then allpossible behaviors generate the same masked observation asst should be abnormal (the condition De).

(ii) If suffixes of abnormal behavior are long enough (|t| ≥ nd),then they should contain enough information to indicate thatall possible behaviors generate the same masked observationas st should be abnormal.

Note that the condition D1 of Definition 2.1 examines if thereis a trace s′ such that s′ is also terminating and generates thesame masked observation as the trace s but does not contain anabnormal event. In order to accommodate the observation that thetermination of traces may not be detectable, in the new definition,all possible (terminating and nonterminating) look-alike behaviorsare examined.In the definition of event-diagnosability, the abnormal behav-

iors are specified with some special abnormal ‘‘events’’. We willintroduce the notion of language-diagnosability where the abnor-mal behaviors are specified with ‘‘languages’’ rather than ‘‘events’’in the following section. In this manner, we generalize the notionof event-diagnosability naturally.

2.2. Language-diagnosability

We present the notion of language-diagnosability where theabnormal behaviors are specified with languages as providedbelow.

Definition 2.3. A prefix-closed language L is said to be language-diagnosable with respect to a prefix-closed language Ln ⊆ L, and amask functionM over the events defined in L if the following holds:

(∃nd ∈ N)(∀s ∈ L \ Ln)(∀t ∈ L/s)[(L/st = ∅) ∨ (|t| ≥ nd)⇒ Dl]

where N is the set of non-negative integers and the condition Dl is

Dl : M−1M(st) ∩ Ln = ∅.

The worst case detection delay of L with respect to Ln and M isdefined as follows:

ddia = min(nd).

Provided with ddia, we call that L is ddia-step language-diagnosablew.r.t. Ln andM .

In the above definition, Ln and L represent the normal behaviorand the possible behavior, respectively. Naturally, the abnormalbehavior is represented by L \ Ln := L ∩ Lcn.

Remark 2.1. It is possible to transform the problem of languagediagnosability to a problem of event diagnosability by introducingan abnormal event, say f , and tagging the abnormal behaviorwith f whenever it deviates from the normal behavior. That is,for all s = s1s2 ∈ L \ Ln where s1 is the longest prefix ofs in Ln, replace s with s1fs2. Then, language-diagnosability withrespect to L \ Ln becomes equivalent to event-diagnosability withrespect to the abnormal event f . This may raise the question onthe necessity of defining language-diagnosability as prescribed.Drawbacks of transforming language-based formulation intoevent-based formulation may include the followings: first of all,event-diagnosability may introduce a fictitious abnormal event inorder to define the abnormal behavior. Besides having to introduce

an artificial abnormal event, the above equivalency argument hasa computational drawback. Let us assume that L and Ln can begenerated with finite-state automata P and N , respectively. Arealization of the above described operationmay use the ‘‘product’’state space of P and N with a bridging state in order to bridge thebehaviors Ln and L \ Ln with event f .

The notion of language-diagnosability provides an unspecifiedfinite-step detection delay. In practice, it is desirable to know theexact detection delay for assuring timely responses to the identi-fied abnormalities. The notion of ddia-step language-diagnosabilityis defined in order to reflect the practical importance of responsedelay assurance.

3. Computation of the worst case detection delay

In this section, we are interested in computing the worst casedetection delay ddia. We assume that the normal behavior and thepossible behavior are generated by trim finite-state deterministicautomata N = (Q N ,ΣN , δN , qN0 ) and P = (Q P ,ΣP , δP , qP0),respectively, where L(N) ⊆ L(P). First we investigate theissue of the existence of a finite detection delay in the followingsection. Then, building upon the results of the following section,an algorithm computing the worst case detection delay will bedeveloped in Section 3.2.

3.1. Existence of finite detection delay

Let N and P be two finite-state automata such that L(N) ⊆L(P), and let M be a mask function for events defined over ΣP .Remind that P and N may not be live.We build a weighted, directed graph G(N, P,M) = (V (N, P),

E(N, P,M)), in order to verify the existence of finite detectiondelay. For notational convenience, we may drop the dependencynotation of G(N, P,M), when it is considered to be clear from thecontext. The set of vertices V is

V ⊆ Q N × Q N × Q P × {normal, confused} ∪ {Block},(qN0 , q

N0 , q

P0, normal) ∈ V ,

and a weight function w is defined as w : E → {−1, 0}. Theimplication of the weighted, directed graph G will be explainedafter we complete the description of G.Before we proceed to define the edges of G, for the sake of

readability, let us define the following transition notation:

δN(q1, σ ′) = q′1, δN(q2, σ ) = q′2, and δP(q3, σ ) = q′3.

Note that we use event σ to define q′2 and q′

3. On the other hand,event σ ′ is used to define q′1. Also, observe that σ and σ

′ can beidentical.The notation p

i→ q below implies that there is an edge

(p, q) ∈ E with weight candidate i ∈ {−1, 0}. The weight of edge(p, q) ∈ E will be determined by choosing the minimum of weightcandidates defined over edge (p, q). Now we define edges withweight candidates as follows.For σ ′, σ ∈ ΣP such thatM(σ ′) = M(σ ) = ε,

(q1, q2, q3, normal)0→ (q′1, q2, q3, normal) (1)

if q′1 is defined

(q1, q2, q3, normal)0→ (q1, q′2, q

′

3, normal) (2)if q′2 and q

′

3 are defined

(q1, q2, q3, normal)−1→ (q1, q2, q′3, confused) (3)

if q′2 is not defined but q′

3 is defined

(q1, q2, q3, confused)0→ (q′1, q2, q3, confused) (4)

1026 T.-S. Yoo, H.E. Garcia / Systems & Control Letters 57 (2008) 1023–1029

if q′1 is defined

(q1, q2, q3, confused)−1→ (q1, q2, q′3, confused) (5)

if q′3 is definedFor σ ′, σ ∈ ΣP such thatM(σ ′) = M(σ ) 6= ε,

(q1, q2, q3, normal)0→ (q′1, q

′

2, q′

3, normal) (6)

if q′1, q′

2, and q′

3 are defined

(q1, q2, q3, normal)−1→ (q′1, q2, q

′

3, confused) (7)

if q′1 and q′

3 are defined but q′

2 is not defined

(q1, q2, q3, confused)−1→ (q′1, q2, q

′

3, confused) (8)

if q′1 and q′

3 are definedThe edges to Block vertex are defined as follows.

(q1, q2, q3, confused)0→ Block (9)

if, ∀σ ∈ ΣP , q′3 is not definedWith the above definition, it is possible to have an edge that

has two different weight candidates, ‘‘−1’’ and ‘‘0’’. In this case,we choose ‘‘−1’’ as the weight of the edge. Hereafter, we onlyconsider the accessible part of theweighted, directed graph G fromthe vertex (qN0 , q

N0 , q

P0, normal)when G is referred. With the above

construction, we have the weighted, directed graph G.Now, we explain the implication of G. The weighted, directed

graph G is designed to track traces s′ ∈ L(N) and s ∈ L(P)such that M(s′) = M(s) from the vertex (qN0 , q

N0 , q

P0, normal).

Specifically, the vertex space and the edge relation are defined totrack the traces in the following manner:

Q N︸︷︷︸s′

×Q N × Q P︸ ︷︷ ︸s

×{normal, confused}.

The structure of edge definition is similar to the transition relationof F-verifier in [8]. Observe that the indicator set {normal, confused}is designed to show whether trace s is in normal behavior L(N)or abnormal behavior L(P) \ L(N). Note that the same event isused to define q′2 and q

′

3. Therefore, the second (QN ) and the third

(Q P ) state spaces of V track s simultaneously as long as s ∈ L(N)and the indicator remains at ‘‘normal’’. The change from ‘‘normal’’ to‘‘confused’’ occurs when q′2 is not defined but q

′

3 is defined. In otherword, sbecomes abnormal, that is, s ∈ L(P)\L(N) at thatmoment.After s becomes abnormal, we only need to update q3 ∈ Q P . That isthe reason why q2 ∈ Q N with ‘‘confused’’ indicator is not updatedany more.Also note that the weight candidate ‘‘−1’’ is assigned only if

q′3 is defined and the vertex reached by the edge has ‘‘confused’’indicator. Along with the edge weight selection rule choosing theminimumvalue of edge candidates, if we encounter edgeswith theweight ‘‘−1’’, then it is clear to see that the edges are for updatingabnormal trace s. On the other hand, it is also clear to see that edgeswith the weight ‘‘0’’ are for updating normal traces s′ or s.We define the following terminology for further arguments.We

say that a set of vertices {v1, v2, . . . , vn} ⊆ V form a path, denotedby < v1, v2, . . . , vn>G, if there are edges such that v1

w1→ v2

w2→

· · ·wn−1→ vn. We say that a path,< v1, v2, . . . , vn>G, forms a cycle

if v1 = vn and at least one edge is contained along the path.Now, we claim the following result.

Theorem 3.1. Given the two automata N, P, and the mask functionM,L(P) is not language-diagnosable w.r.t.L(N) and M iff there is acycle of G(N, P,M) that has an edge with the negative weight or theBlock vertex is reachable from (qN0 , q

N0 , q

P0, normal).

Proof. (⇒) Assume that L(P) is not language-diagnosable w.r.t.L(N) and M . For the sake of contradiction, let us suppose thatG does not have a cycle with the negative edge weight and theBlock vertex is not reachable from (qN0 , q

N0 , q

P0, normal). Since we

assumed thatL(P) is not language-diagnosable w.r.t.L(N) andM ,we have that

(∀nd ∈ N)(∃s ∈ L(P) \L(N))(∃t ∈ L(P)/s)×[(L(P)/st = ∅ ∨ |t| ≥ nd) ∧ ¬De]

where ¬De implies M−1M(st) ∩ L(N) 6= ∅. First let us considerthe case where (|t| ≥ nd) ∧ (¬De). Let us pick nd such that nd >|Q N |×|Q N |×|Q P |. SinceM−1M(st)∩L(N) 6= ∅, we can pick a tracew′ such thatw′ ∈ M−1M(st)∩L(N). Sincew′ ∈ M−1M(st)∩L(N),we can pick a trace s′ ∈ w′, such that s′ ∈ M−1M(s) ∩ L(N). Alsowe can find s0 ∈ s and s′0 ∈ s

′ such that

(∃σ ∈ ΣP)[s0 ∈ L(N), s0σ ∈ s, s0σ ∈ (L(P) \L(N))]∧[M(s′0) = M(s0)].

Now let us denote the states of N and P reached by s′0 and s0 as qNs′0,

qNs0 , and qPs0 , respectively. That is,

qNs′0:= δN(qN0 , s

′

0), qNs0 := δN(qN0 , s0), and qPs0 := δ

P(qP0, s0).

Then, by the construction of G, we know that (qNs′0, qNs0 , q

Ps0 , normal)

∈ V is reachable from (qN0 , qN0 , q

P0, normal). Let us denote the states

of N and P reached by s′ and s as qNs′ and qPs , respectively. That is,

qNs′ := δN(qN0 , s

′) and qPs := δP(qP0, s).

Then, by the construction ofG, we know that (qNs′ , qNs0 , q

Ps , confused)

∈ V is reachable from (qN0 , qN0 , q

P0, normal). Similarly, we define

qNw′ := δN(qN0 , w

′) and qPst := δP(qP0, st).

Then, (qNw′, qNs0 , q

Pst , confused) ∈ V is accessible from (qN0 , q

N0 , q

P0,

normal). Moreover, there exist edges such that n′ ≥ nd and

(qNk′0, qNk0 , q

Pk0 , confused)

w1→ (qNk′1

, qNk0 , qPk1 , confused)

w2→ · · ·

wn′→ (qNk′

n′, qNk0 , q

Pkn′, confused)

where (qNk′0, qNk0 , q

Pk0, confused) = (qNs′ , q

Ns0 , q

Ps , confused), (q

Nk′n′, qNk0 ,

qPkn′ , confused) = (qNw′, qNs0 , q

Pst , confused), and there are nd edges

with weight ‘‘−1’’. Since n′ ≥ nd > |Q N | × |Q N | × |Q P | and thereare nd edges with weight ‘‘−1’’, there exist 1 ≤ i < j ≤ n′ suchthat

(qNk′i, qNk0 , q

Pki , confused) = (q

Nk′j, qNk0 , q

Pkj , confused)

and

(qNk′j−1, qNk0 , q

Pkj−1 , confused)

−1→ (qNk′j

, qNk0 , qPkj , confused).

Then the set of states

{(qNkl , qNk0 , q

Pk′l, confused) : i ≤ l ≤ j}

forms a cycle with an edge of negative weight. This contradicts theassumption.Nowwe consider the case (L(P)/st = ∅)∧(¬De). Applying the

same argument above, we can show that (qNw′, qNs0 , q

Pst , confused) ∈

V is accessible from (qN0 , qN0 , q

P0, normal). Since L(P)/st = ∅, we

have that qPst is a deadlocked state. This implies that we have thefollowing edge in G:

(qNw′ , qNs0 , q

Pst , confused)

0→ Block.

This is a contradiction.

T.-S. Yoo, H.E. Garcia / Systems & Control Letters 57 (2008) 1023–1029 1027

(a) N . (b) P .

Fig. 3. Normal and possible behaviors.

(⇐) Assume that there is a cycle of G that has an edgewith the negative weight or the Block vertex is reachable from(qN0 , q

N0 , q

P0, normal). For the sake of contradiction, let us suppose

that L(P) is language-diagnosable w.r.t. L(N) and M . First let usconsider the case that there is a cycle of G that has an edgewith thenegative weight. Now let us denote the cycle with negative weightas< v1, v2, . . . , vn>G. Then it is clear to see that vi has ‘‘confused’’indicator for all i ∈ {1, . . . , n}. Without loss of generality, letv1 := (qv11 , q

v12 , q

v13 , confused). Then, we have by the construction

of G that there exist s′ ∈ L(N) and s ∈ L(P) \L(N) such that

[M(s′) = M(s)] ∧ [δN(qN0 , s′) = qv11 ] ∧ [δ

P(qP0, s) = qv13 ].

Let us denote the weighted edges over the cycle < v1, v2, . . . ,

vn>VF as follows:

v1w1→ v2

w2→ · · ·

wn−1→ vn.

Now let us collect the edges with weight ‘‘−1’’ as follows:

{vik−1wik→ vik : wik = −1, k = 1, . . . ,m}.

From the construction of G, we can find the corresponding transi-tions in P s.t. δ(q

vik−13 , σik) = q

vik3 for each ik. Again, from the con-

struction of G, we have a tracew ∈ L(P)\L(N) andw′ ∈ L(N) s.t.

w = s(σi1 . . . σim)∗ and M(w′) = M(w).

These two traces, w′ and w violates the definition of language-diagnosability, and it is a contradiction.Suppose that the Block vertex is reachable from (qN0 , q

N0 , q

P0,

normal). Then, from the construction of G, we can find two tracesst ∈ L(P) \ L(N) and w ∈ L(N) such that L(P)/st = ∅and M(st) = M(w′). This implies that L(P) is not language-diagnosable w.r.t.L(N) andM . This is a contradiction. �

Let |Q N | = n1, |Q P | = n2, and |ΣP | = n3. The following resultshows that the verification of language-diagnosability can be donein polynomial time.

Theorem 3.2. The language-diagnosability of L(P) with respect toL(N) and a mask function M over the events defined in L(P) can bedecided in O(n21 · n2 · n

23).

Proof. Constructing E of G = (V , E) from N , P , and M takesO(n21 · n2 · n

23). Deciding if G has a cycle with a negative edge takes

O(|V | + |E|) = O(n21 · n2 · n23). With these and Theorem 3.1, the

claim follows immediately. �

The following example illustrates the construction procedure of Gand the corresponding verification of language-diagnosability.

Fig. 4. G1(N, P,M1).

Fig. 5. G2(N, P,M2).

Example 3.1. The normal behavior L(N) is generated by theautomaton N depicted in Fig. 3(a). In Fig. 3(b), the automatonP generating the possible behavior L(P) is depicted. Note thatL(N) ⊆ L(P). The mask functionM1 is defined as follows:

M1(a) = M1(b) = ε and M1(c) = M1(d) = e.

Let us look at the following traces:

sn = bdn and s′n = acn.

Since sn ∈ L(P) \ L(N), s′n ∈ L(N), and M1(sn) = M1(s′n)for all n ∈ N, we know that L(P) is not language-diagnosablew.r.t. L(N) and M1. In Fig. 4, G1 is constructed from N , P , and M1.From the initial state (1, 1, 1, normal), the types (1) and (2) of zeroweight edge candidates are defined with σ ′ = a and σ = a.The destination vertices are (2, 1, 1, normal) and (1, 2, 2, normal),respectively. Also the type (3) edge of negative weight edgecandidate is defined from (1, 1, 1, normal) to (1, 1, 3, confused)with σ = b. The corresponding traces tracked by G1 with thesethree edge candidates are:

(1)→ s′ = a, s = ε,(2)→ s′ = ε, s = a,(3)→ s′ = ε, s = b.

From vertex (1, 1, 3, confused) to vertex (2, 1, 3, confused), thetype (1) of zero weight edge candidate is defined with σ ′ = a.The corresponding traces tracked by G1 with this edge candidateare:

(1)→ s′ = a, s = b.

The type (7) of negative weight edge candidate is definedwith σ ′ = c and σ = d as a self-loop at (2, 1, 3, confused). Thecorresponding traces tracked by G1 with this self-loop edgecandidate are:

(1)→ s′ = ac∗, s = bd∗.

We can see that the cycle that has an negative edge is reached bythe traces violating language-diagnosability.Let us consider another mask functionM2 such that

M2(a) = M2(b) = M2(c) = e and M2(d) = d.

Since d has the distinct observation alphabet d itself with M2, it isclear to see thatL(P) is language-diagnosable w.r.t.L(N) andM2.We construct G2 depicted in Fig. 5 from N , P , and M2. We can seethat the cycle inG2 does not have negativeweight edges. Therefore,it confirms thatL(P) is language-diagnosable w.r.t.L(N) andM2.

1028 T.-S. Yoo, H.E. Garcia / Systems & Control Letters 57 (2008) 1023–1029

Fig. 6. Obtaining GScc .

Now we compute the worst case detection delay in thefollowing section.

3.2. Computation of worst case detection delay

Although we have the result of finite detection delay, it isimportant to know the exactworst case detection delay in practice.Knowing that language-diagnosability holds, an upper bound forfinite detection delay, |Q N × Q N × Q P |, can be computed applyinga similar technique used for Proposition 1 of [8]. However, it isdesirable to have the exact determination of the detection delay,in order to assure that any abnormal behavior can be diagnosedwithin a specified limit.Prior work regarding abnormal behavior detection of discrete-

event systems addresses the problem of deciding the existenceof a finite detection delay [8,10]. However, to the best of theauthors’ knowledge, the computation of detection delays in thiscontext has not been addressed before. Moreover, straightforwardmodifications of the results in [8,10] are not likely to providea way to compute the exact detection delay. One may considerconstructing a new weighted, directed graph with some countingmechanismand count detection delayswith brute force. This directapproach may need the compounded state space for the counterwhose size could be up to |Q N×Q N×Q P |. Amore computationallyefficient approach would be to apply Bellman–Ford shortest-pathalgorithm to the weighted, directed graph Gwith the single source(qN0 , q

N0 , q

P0, normal). The negative weight edges are designed to

count the extension of abnormal traces. Therefore, the absolutevalue of theminimumof the shortest-pathweight is theworst casedetection delay. Though this methodology is clear and simple, thecomputational complexity of running the Bellman–Ford algorithmis O(VE). The weighting structure of G can be exploited to enablean algorithm with a lower complexity, which is O(V + E). If L(P)is language-diagnosable with respect to L(N) and M , all cyclesformed in G have zero weight by Theorem 3.1. First, we applyan algorithm for finding the strongly connected components, andobtain the acyclic component graph GSCC by consolidating eachstrongly connected component of G to a single vertex. When thevertices are consolidated, it may be possible to have multipleedgeswith differentweights to another component.We choose theminimum weight for the weight of edges between components.See Fig. 6 for a graphical explanation of this procedure. Now thecomponent graphGSCC is acyclic.We apply an algorithm finding theshortest path in directed, ‘‘acyclic’’ graph to GSCC with the sourcevertex as the component that contains (qN0 , q

N0 , q

P0, 0). This returns

the shortest path from the source component to other componentsof GSCC . The absolute value of the minimum shortest path valuegives the worst case detection delay ofL(N), with respect toL(P)andM . See [16] for text book treatments of relevant algorithms.With this procedure, we can state the computational complex-

ity of obtaining the worst case detection delay as follows.

Theorem 3.3. The worst case detection delay of Ln w.r.t. L(P) andM can be computed in O(n21 · n2 · n

23).

4. Conclusion

A language-based approach for the detection/diagnosis ofdiscrete-event system behaviors of interest was presented. Theproposed approach enjoys the associated novel algorithmic devel-opments on property verification, and computation of the worstcase detection delay. Benefits of the proposed language-based ap-proach compared to the equivalent event-based approach includecomputational savings on realizing the associated language spec-ifications. Notably, the proposed approach shares the frameworkwith the language-based supervisory control approach of [3]. Thus,what is proposed in this paper may provide an unified frameworkfor discrete-event system problems that handle monitoring andcontrol issues simultaneously.

Acknowledgment

The research reported in this paper was supported in part bythe U.S. Department of Energy under contract W-31-109-Eng-38and DE-AC07-05ID14517.

References

[1] M. Sampath, R. Sengupta, S. Lafortune, K. Sinnamohideen, D. Teneketzis,Diagnosability of discrete event systems, IEEE Trans. Automat. Control 40 (9)(1995) 1555–1575.

[2] M. Sampath, S. Lafortune, D. Teneketzis, Active diagnosis of discrete eventsystems, IEEE Trans. on Automat. Contr. 43 (7) (1998) 908–929.

[3] P.J. Ramadge, W.M. Wonham, Supervisory control of a class of discrete eventprocesses, SIAM J. Control Optim. 25 (1) (1987) 206–230.

[4] D. Pandalai, L.E. Holloway, Template languages for fault monitoring of timeddiscrete event processes, IEEE Trans. on Automat. Contr. 45 (5) (2000)868–882.

[5] O. Contant, S. Lafortune, D. Teneketzis, Diagnosis of intermittent faults,Discrete Event Dyn. Syst. 14 (2) (2004) 171–202.

[6] S. Jiang, R. Kumar, H.E. Garcia, Diagnosis of repeated/intermittent failures indiscrete-event systems, IEEE Trans. Robot. Appl. 19 (2) (2003) 310–323.

[7] S.H. Zad, Fault diagnosis in discrete-event and hybrid systems, Ph.D. Thesis,University of Toronto, Toronto, Canada, 1999.

[8] T. Yoo, S. Lafortune, Polynomial time verification of diagnosability of partially-observed discrete-event systems, IEEE Trans. Automat. Control 47 (9) (2002)1491–1495.

[9] T. Yoo, S. Lafortune, NP-completeness of sensor selection problems arising inpartially-observed discrete-event systems, IEEE Trans. Automat. Control (9)(2002) 1495–1499.

[10] S. Jiang, Z. Huang, V. Chandra, R. Kumar, A polynomial time algorithm fordiagnosability of discrete event systems, IEEE Trans. Automat. Contr. 46 (8)(2001) 1318–1321.

[11] E. Fabre, A. Benveniste, S. Haar, C. Jard, Distributed monitoring of concurrentand asynchronous systems, Discrete Event Dynamic Systems: Theory andApplications 15 (1) (2005) 33–84.

T.-S. Yoo, H.E. Garcia / Systems & Control Letters 57 (2008) 1023–1029 1029

[12] P. Baroni, G. Lamperti, P. Pogliano,M. Zanella, Diagnosis of large active systems,Artif. Intell. 110 (1) (1999) 135–183.

[13] Y. Pencolé, M. Cordier, A formal framework for the decentralised diagnosis oflarge scale discrete event systems and its application to telecommunicationnetworks, Artif. Intell. 164 (1-2) (2005) 121–170.

[14] J. Lunze, Diagnosis of quantized systems based on timed discrete-eventmodel,IEEE Trans. Syst. Man Cybern. 30 (3) (2000) 322–335.

[15] C.G. Cassandras, S. Lafortune, Introduction to Discrete Event Systems,Springer-Verlag, New York, Inc, 2006.

[16] T.H. Cormen, C.E. Leiserson, R.L. Rivest, Introduction to Algorithms, The MITPress, 1990.