1. Fault Diagnosis for Timed Automata
Stavros Tripakis
VERIMAG (www-verimag.imag.fr)
Presentation by Marius Mikucionis
AAU SSE
12/11/2002

2. Marius Mikucionis, AAU SSE
12/11/2002
Overview
Framework of fault diagnosis
Definitions: TA and operations on them
Diagnosers and diagnosability problems
Checking diagnosability
Building diagnosers
Evaluation and critics
10/04/2019
Marius Mikucionis, AAU SSE

3. Framework of fault diagnosis
Plant behavior corresponds to a run of given TA by sequence of events (actions)
An event is either observable or unobservable
One or more unobservable events are faults
A diagnoser is a function which takes observable event sequence and decides whether a fault has occurred during sequence run
Fault must be announced in n steps after it has occurred
No false reporting and no online repairs allowed
10/04/2019
Marius Mikucionis, AAU SSE

4. Marius Mikucionis, AAU SSE
12/11/2002
Overview
Framework of fault diagnosis
Definitions: TA and timed sequences
Diagnosers and diagnosability problems
Checking diagnosability
Building diagnosers
Evaluation and critics
10/04/2019
Marius Mikucionis, AAU SSE

5. Definitions: clock, polyhedron
12/11/2002
Definitions: clock, polyhedron
X is a finite set of clocks taking values of non-negative rational numbers Q+
Valuation on X is a function v:XQ+:
Given delay Q+ v+ denotes v’: v’(x)=v(x)+ for all xX
Given YX reset v[Y:=0] denotes v’: v’(x)=0 for xY and v’(x)=v(x) for xX\Y
Polyhedron on X is a set of valuations represented by a boolean expression with atomic constraints of the form xk or x-yk
Polyhedra are closed by , , 
10/04/2019
Marius Mikucionis, AAU SSE

6. Definition: Timed Automaton
Timed automaton is A=(Q,X,,E,I):
Q is finite set of discrete states, q0 initial
X is finite set of clocks
 is a finite set of events: =ou, fu
E is finite set of transitions: e=(q,q’,a,,Y) q,q’Q, a,  is a polyhedron on X, YX
I is the invariant polyhedron function on Q
A state of A is a pair s=(q,v), qQ and v is a clock valuation on X such that vI(q)
Initial state s0=(q0,0)
10/04/2019
Marius Mikucionis, AAU SSE

7. Definitions: timed sequences
A timed sequence over  is =12…, where i is either an action  or a delay Q+
time() is the limit of sum of delays in 
 is non-zeno if time()=
A projection of  is a sequence =P(,’) where all actions a’ are taken out from 
A run of A is a timed sequence =12…, such that s1s2…: siQ, si+1=i(si)
-faulty run for Q+ is =12… :
i=f for some i=1,2,…
j=min(i | i=f) time(j j+1…)
10/04/2019
Marius Mikucionis, AAU SSE

8. Marius Mikucionis, AAU SSE
12/11/2002
Overview
Framework of fault diagnosis
Definitions: TA and timed sequences
Diagnosers and diagnosability problems
Checking diagnosability
Building diagnosers
Evaluation and critics
10/04/2019
Marius Mikucionis, AAU SSE

9. Diagnoser: definition and existence
FTS is a set of all finite timed sequences over 
-diagnoser for N and ATA over =ou is a function D: FTSo{0, 1}:
 non-faulty: D(P(,u))=0
 -faulty: D(P(,u))=1
ATA is -diagnosable   -diagnoser for A
Lemma: for N ATA is -diagnosable  1,2 finite runs of A, if 1 is -faulty and 2 is non-faulty then P(1,u)P(2,u)
10/04/2019
Marius Mikucionis, AAU SSE

10. Example: diagnosable and not
a, b – observable
f, u – unobservable
f - fault a
x:=0 f
x>3 u
x3 b
x6
 1-diagnosable a
x:=0 f
x>2 u
x3 b
x6
non-diagnosable:
(a,2.5,f,0.1,b) and (a,2.5,u,0.1,b) have the same projection: (a,2.6,b), but only the first one is faulty
10/04/2019
Marius Mikucionis, AAU SSE

11. Marius Mikucionis, AAU SSE
12/11/2002
Overview
Framework of fault diagnosis
Definitions: TA and timed sequences
Diagnosers and diagnosability problems
Checking diagnosability
Building diagnosers
Evaluation and critics
10/04/2019
Marius Mikucionis, AAU SSE

12. How to check diagnosability
Build a special parallel product of A with itself, which:
Can generate all pairs of runs of A:
both yield the same observations
one is faulty and another is not
Check that all faulty runs are zeno (are finite), i.e. prove that:
We will eventually distinguish faulty run
Or fault can never be diagnosed
10/04/2019
Marius Mikucionis, AAU SSE

13. Special parallel product:
Make two “copies” of A: A1 and A2:
Rename discrete states: qQ  qiQi
Rename clocks: xX  xiXi
Rename unobservable events: uu  uiiu
Rename transitions: e=(q,q’,u,x3,{y})  ei=(qi,q’i,ui,xi3,{yi}) where uiiu
Apply parallel product on A1 and A2 where ao are forced to synchronize:
ei=(qi,q’i,a,i,Yi)  e=((q1,q2),(q’1,q’2),a,12,Y1Y2)
Remove transitions with fault action f2
10/04/2019
Marius Mikucionis, AAU SSE

14. Marius Mikucionis, AAU SSE
Example of 1 2 3 5 4 6 a
x:=0 f
x>3 u
x3 b
x6
1,1
2,2
3,2
5,2
3,5
5,5 a
x1:=0
X2:=0 f1
x1>3 u2
x23 b
x16  x23
x16 
x26
4,6
6,6
2,5
x13  x26 u1
x13
x16  x26
10/04/2019
Marius Mikucionis, AAU SSE

15. Diagnosability criterion
 is a run of  1 and 2 are runs of A, 2 is not faulty and P(1,u)=P(2,u). Also:
 is faulty  1 is faulty
time()=time(1)=time(2)
A is diagnosable   faulty run of is zeno:
) A is not diagnosable  N 1,2 that 1 is -faulty and 1 is non-faulty and P(1,u)=P(2,u)   -faulty of  A has a non-zeno faulty run.
)  is non-zeno faulty run of , pick some N.  -faulty run and prefix in , which is a run of 1, 1 are both runs of A and P(1,u)=P(2,u)  A is not diagnosable
10/04/2019
Marius Mikucionis, AAU SSE

16. -diagnosability criterion
x1:=0
x2:=0 f1
x1>3 u2
x23 b
x16  x23
x16 
x26
x13  x26 u1
x13
x16  x26 a f1
z:=0 u
z
For ATA and N, A is -diagnosable  the accepting state of is unreachable
10/04/2019
Marius Mikucionis, AAU SSE

17. Marius Mikucionis, AAU SSE
12/11/2002
Overview
Framework of fault diagnosis
Definitions: TA and timed sequences
Diagnosers and diagnosability problems
Checking diagnosability
Building diagnosers
Evaluation and critics
10/04/2019
Marius Mikucionis, AAU SSE

18. How to build a diagnoser
Alter -diagnosable A and make a bisimilar one:
Partition discrete states: Q=Qf(Q-Qf):
States in Qf are reachable only by faulty run
Once automaton is in qQf it must stay in Qf
Use state estimation primitives on set of states S:
Ro(S,a)={e(s) | sS, eE(a)}
Ru(S,)={(s) | sS, Runs(S,u), time()=}
HD(S)=
1, if sS, discrete(s)Qf
0, otherwise
10/04/2019
Marius Mikucionis, AAU SSE

19. Algorithm of diagnoser
Initialize S=Ru({s0}, 0)
Loop
Set timer T=0 and alarm for T=TO
If (HD(S)=1) announce FAULT
Await event or alarm interrupt
If (event a interrupt)
Read  from T
Set S= Ro(Ru(S, ), a)
Else S= Ru(S, TO)
End loop
TO – some time-out value a f b c d a f b c d Qf
10/04/2019
Marius Mikucionis, AAU SSE

20. Marius Mikucionis, AAU SSE
Conclusions
Not all timed automata are diagnosable
Diagnosability is PSPACE-complete
Diagnoser construction relies on subset construction and is exponential
10/04/2019
Marius Mikucionis, AAU SSE

21. Evaluation and Critics
Elegant solution to a quite restricted problem:
TA model must be reliable
“Faulty transitions” must be known
“No more - no less”: a little to read - enough to understand
Pattern: definition, proposition, proof or example
Strange projection notation is confusing
Few miss-prints decrease reader’s confidence very much
10/04/2019
Marius Mikucionis, AAU SSE

22. Marius Mikucionis, AAU SSE
12/11/2002
That’s it!
Questions?
Thank you for your time and attention.
10/04/2019
Marius Mikucionis, AAU SSE