Failure detection and isolation in industrial systems is a subject that has received a lot of attention in the past few decades. A failure is defined to be any deviation of a system from its normal or intended behavior. Diagnosis is the process of detecting an abnormality in the system behavior and isolating the cause or the source of this abnormality.

The first contributions in the discrete event systems framework have been proposed in the context of automata by Sampath et al. [ 1 ], [ 2 ] who proposed an approach to failure diagnosis where the system is modeled as a nondeterministic automaton in which failures are treated as unobservable events.

More recently, Petri net (PN) models have been used in the context of diagnosis [ 3 ], [ 4 ], [ 5 ], [ 6 ]. Indeed, the use of PNs offers significant advantages because of their twofold representation: graphical and mathematical. Moreover, the intrinsically distributed nature of PNs where the notion of state (i.e., marking) and action (i.e., transition) is local reduces the computational complexity involved in solving a diagnosis problem.

In this talk we recall an approach we proposed in [ 7 ], that is a generalization of [ 8 ]. The main difference between the diagnosis approach presented here and the approaches cited above is the concept of basis marking. This concept allows us to represent the reachability space in a compact manner, i.e., it requires to enumerate only a subset of the reachability space. In particular, we deal with arbitrary labeled PNs where there is an association between sensors and observable events, while no sensor is available for certain activities — such as faults or other unobservable but regular transitions — due to budget constraints or technology limitations. It is assumed that several different transitions might share the same sensor in order to reduce cost or power consumption. If two transitions are simultaneously enabled and one of them fires, it is impossible to distinguish which one has fired, thus they are called undistinguishable. The diagnosis approach here presented is based on the definition of four diagnosis states modeling different degrees of alarm and it applies to all systems whose unobservable subnet is acyclic.

Note that the approach here presented, as most of the approaches dealing with diagnosis of discrete event systems, assumes that the faulty behavior is completely known, thus a fault model is available.

The last part of the talk is devoted to briefly recall some results on diagnosability analysis that may also be applied to unbounded nets.

A Place/Transition net (P/T net) is a structure N = (P, T, P re, P ost), where P is a set of m places; T is a set of n transitions; P re : P × T → N and P ost : P × T → N are the pre– and post– incidence functions that specify the arcs; C = P ost − P re is the incidence matrix.

A marking is a vector M : P → N that assigns to each place of a P/T net a nonnegative integer number of tokens, represented by black dots. The marking of place p is denoted as M (p). A P/T system or net system ⟨N, M0⟩ is a net N with an initial marking M0. A transition t is enabled at M iff M ≥ P re(· , t) and may fire yielding the marking M ′ = M + C(· , t). One writes M [σ⟩ to denote that the sequence of transitions σ = tj1 · · · tjk is enabled at M , and M [σ⟩ M ′ to denote that the firing of σ yields M ′. One writes t ∈ σ to denote that a transition t is contained in σ.

The set of all sequences that are enabled at the initial marking M0 is denoted L(N, M0), i.e., L(N, M0) = {σ ∈ T ∗ | M0[σ⟩}.

Given a sequence σ ∈ T ∗, let π : T ∗ → Nn be the function that associates to σ a vector y ∈ Nn, called the firing vector of σ. In particular, y = π(σ) is such that y(t) = k if the transition t is contained k times in σ.

A marking M is reachable in ⟨N, M0⟩ iff there exists a firing sequence σ such that M0 [σ⟩ M . The set of all markings reachable from M0 defines the reachability set of ⟨N, M0⟩ and is denoted R(N, M0).

A PN having no directed circuits is called acyclic. A net system ⟨N, M0⟩ is bounded if there exists a positive constant k such that, for M ∈ R(N, M0), M (p) ≤ k.

The association between sensors and transitions can be captured by a labeling function L : T → L ∪ {ε} assigns to each transition t ∈ T either a symbol from a given alphabet L or the empty string ε.

The set of transitions whose label is ε is denoted as Tu, i.e., Tu = {t ∈ T | L(t) = ε}. Transitions in Tu are called unobservable or silent. To denotes the set of transitions labeled with a symbol in L. Transitions in To are called observable because when they fire their label can be observed. Note that we assume that the same label l ∈ L can be associated to more than one transition. In particular, two transitions t1, t2 ∈ To are called undistinguishable if they share the same label, i.e., L(t1) = L(t2). The set of transitions sharing the same label l are denoted as Tl.

In the following let Cu (Co) be the restriction of the incidence matrix to Tu (To) and nu and no, respectively, be the cardinality of the above sets. Moreover, given a sequence σ ∈ T ∗, Pu(σ), resp., Po(σ), denotes the projection of σ over Tu, resp., To.

The word w of events associated to sequence σ is w = Po(σ).

Definition 2.1: [ 7 ] Let ⟨N, M0⟩ be a labeled net system with labeling function L : T → L ∪ {ε}, where N = (P, T, P re, P ost) and T = To ∪ Tu. Let w ∈ L∗ be an observed word. Let S(w) = {σ ∈ L(N, M0) | Po(σ) = w} be the set of firing sequences consistent with w ∈ L∗, and C(w) = {M ∈ Nm | ∃σ ∈ T ∗ : Po(σ) = w ∧ M0[σ⟩M } be the set of reachable markings consistent with w ∈ L∗.

In plain words, given an observation w, S(w) is the set of sequences that may have fired, while C(w) is the set of markings in which the system may actually be.

Example 2.2: Consider the PN in Fig. 1. Assume To = {t1, t2, t3, t4, t5, t6, t7} and Tu = {ε8, ε9, ε10, ε11, ε12, ε13}, where for a better understanding unobservable transitions have been denoted εi rather than ti. The labeling function is defined as follows: L(t1) = a, L(t2) = L(t3) = b, L(t4) = L(t5) = c, L(t6) = L(t7) = d.

First consider w = ab. The set of firing sequences that is consistent with w is S(w) = {t1t2, t1t2ε8, t1t2ε8ε9, t1t2ε8ε9ε10, t1t2ε8ε11}, and the set of markings consistent with w is C(w) = {[0 0 1 0 0 0 0 1 0 0 0]T , [0 0 0 1 0 0 0 1 0 0 0]T , [0 0 0 0 1 0 0 1 0 0 0]T , [0 1 0 0 0 0 0 1 0 0 0]T , [0 0 0 0 0 1 0 1 0 0 0]T }.

If w = acd is considered the set of firing sequences that are consistent with w is S(w) = {t1t5t6, t1t5ε12ε13t7}, and the set of markings consistent with w is C(w) = {[0 1 0 0 0 0 0 1 0 0 0]T }. Thus two different firing sequences may have fired (the second one also involving silent transitions), but they both lead to the same marking.

Definition 2.3: Given a net N = (P, T, P re, P ost), and a subset T ′ ⊆ T of its transitions, let us define the T ′−induced subnet of N as the new net N ′ = (P, T ′, P re′, P ost′) where P re′, P ost′ are the restrictions of P re, P ost to T ′. The net N ′ can be thought as obtained from N removing all transitions in T \ T ′. Let us also write N ′ ≺T ′ N .

III. CHARACTERIZATION OF THE SET OF CONSISTENT

MARKINGS

Assume that the set of unobservable transitions is partitioned into two subsets, namely Tu = Tf ∪ Treg where Tf includes all fault transitions (modeling anomalous or fault behavior), while Treg includes all transitions relative to unobservable but regular events. The set Tf is further partitioned into r different subsets T i , where i = 1, . . . , r, that model the f different fault classes. Usually, fault transitions that belong to the same fault class are transitions that represent similar physical faulty behavior.

Definition 4.1: [ 7 ] A diagnoser is a function ∆ : L∗ × {Tf1, Tf2, . . . , Tfr} → {0, 1, 2, 3} that associates to each observation w ∈ L∗ and to each fault class Tfi , i = 1, . . . , r, a diagnosis state.

• ∆(w, Tfi ) = 0 if for all σ ∈ S(w) and for all tf ∈ Tfi it holds tf ̸∈ σ.

In such a case the ith fault cannot have occurred, because none of the firing sequences consistent with the observation contains fault transitions of class i.

• ∆(w, Tfi ) = 1 if: (i) there exist σ ∈ S(w) and tf ∈ Tfi such that tf ∈ σ but (ii) for all (σo, σu) ∈ Jˆ(w) and for all tf ∈ Tfi it holds that tf ̸∈ σu.

In such a case a fault transition of class i may have occurred but is not contained in any justification of w.

• ∆(w, Tfi ) = 2 if there exist (σo, σu), (σo′, σu′) ∈ Jˆ(w) such that (i) there exists tf ∈ Tfi such that tf ∈ σu; (ii) for all tf ∈ T i , tf ̸∈ σ′ .

f u

In such a case a fault transition of class i is contained in one (but not in all) justification of w.

• ∆(w, Tfi ) = 3 if for all σ ∈ S(w) there exists tf ∈ Tfi such that tf ∈ σ.

In such a case the ith fault must have occurred, because all firable sequences consistent with the observation contain at least one fault in T i .

f

Example 4.2: Consider the PN in Fig. 1 previously introduced in Example 2.2. Let Tf = {ε11, ε12}. Assume that the two fault transitions belong to different fault classes, i.e., Tf1 = {ε11} and Tf2 = {ε12}.

Let us observe w = a. Then ∆(w, Tf1) = ∆(w, Tf2) = 0, being Jˆ(w) = {(t1, ε)} and S(w) = {t1}. In simple words no fault of both fault classes may have occurred.

Let us observe w = ab. Then ∆(w, Tf1) = 1 and ∆(w, Tf2) = 0, being Jˆ(w) = {(t1t2, ε)} and S(w) = {t1t2, t1t2ε8, t1t2ε8ε9, t1t2ε8ε9ε10, t1t2ε8ε11}. This means that a fault of the first fault class may have occurred (firing the sequence t1t2ε8ε11) but it is not contained in any justification of ab, while no fault of the second fault class can have occurred.

Now, consider w = abb. In this case ∆(w, Tf1) = 2 and ∆(w, Tf2) = 0, being Jˆ(w) and = {(t1t2t2, ε8ε9ε10), (t1t2t3, ε8ε11)} S(w)={t1t2ε8ε9ε10t2, t1t2ε8ε9ε10t2ε8, t1t2ε8ε9ε10t2ε8ε9, t1t2ε8ε9ε10t2ε8ε9ε10, t1t2ε8ε9ε10t2ε8ε11, t1t2ε8ε11t3}. This means that no fault of the second fault class can have occurred, while a fault of the first fault class may have occurred since one justification does not contain ε11 and one justification contains it.

Finally, consider w = abbccc. In this case ∆(w, Tf1) = 3 and ∆(w, Tf2) = 1. In fact since Jˆ(w) = {(t1t2t3t5t4t4, ε8ε11), (t1t2t3t4t5t4, ε8ε11), (t1t2t3t4t4t5, ε8ε11), (t1t2t3t4t4t4, ε8ε11)} a fault of the first fault class must have occurred, while a fault of the second fault class may have occurred (e.g. t1t2ε8ε11t3t4t4t5ε12) but it is not contained in any justification of w.

Proposition 4.3: [ 7 ] Consider an observed word w ∈ L∗. • ∆(w, Tfi ) ∈ {0, 1} iff for all (M, y) ∈ M(w) and for all tf ∈ Tfi it holds y(tf ) = 0.

• ∆(w, Tfi ) = 2 iff there exist (M, y) ∈ M(w) and (M ′, y′) ∈ M(w) such that: (i) there exists tf ∈ Tfi such that y(tf ) > 0, (ii) for all tf ∈ T i , y′(tf ) = 0.

f • ∆(w, Tfi ) = 3 iff for all (M, y) ∈ M(w) there exists tf ∈ Tfi such that y(tf ) > 0.

In [ 7 ] it has been shown that it is possible to distinguish between diagnosis states 0 and 1 by simply checking if a given constraint set is feasible or not.

Remark 4.4: As proved in [ 7 ], if the considered net system is bounded, the most burdensome part of the procedure can be moved off-line defining a graph called Basis Reachability Graph (BRG). The BRG is a deterministic graph that has as many nodes as the number of possible basis markings, thus it is always finite being the set of basis markings a subset of the set of reachable markings.

In the diagnosis framework two different problems can be solved: the problem of diagnosis and the problem of diagnosability. As explained in detail in the above sections, solving a problem of diagnosis means that to each observed string of events is associated a diagnosis state, such as “normal” or “faulty” or “uncertain”. Solving a problem of diagnosability is equivalent to determine if the system is diagnosable, i.e., to determine if, once a fault has occurred, the system can detect its occurrence in a finite number of steps. We addressed this problem in two different settings, depending on the boundedness of the net system. In particular, in [ 9 ] we proposed a solution that only applies to bounded nets, where the major feature is to allow to perform, using the same framework, both diagnosis and diagnosibility analysis.

Moreover, in [ 10 ] we proposed an approach that also applies to unbounded PNs. In particular in [ 10 ] we dealt with two different notions of diagnosability: diagnosability and diagnosability in K steps. Diagnosability in K steps is stronger than diagnosability and implies not only that the system is diagnosable, i.e., when the fault occurs we are able to detect it in a finite number of transition firings, but also that if the fault occurs we are able to detect it in at most K steps. We gave necessary and sufficient conditions for both notions of diagnosability and we presented a test to study both diagnosability and K-diagnosability based on the analysis of the coverability graph of a special PN, called Verifier Net, that is built starting from the initial system. Moreover, we gave a procedure to compute the bound K in the case of K-diagnosable systems. Then, we showed how sufficient conditions on diagnosability can be computed using linear programming techniques.

To the best of our knowledge, this is the first time that necessary and sufficient conditions for diagnosability and Kdiagnosability of labeled unbounded Petri nets are presented.

In this talk an on-line approach for fault diagnosis of discrete event systems based on labeled Petri nets has been discussed. Some results on diagnosability analysis have also been recalled, that also apply to unbounded nets.

Several are the future lines of research in this framework. One of the most important is the relaxation of the assumption that the fault model is perfectly known, as well as the initial state of the system. Moreover, it is interesting to investigate how the problems of on-line fault diagnosis and diagnosability analysis can take advantage from information coming timing associated with transitions. Finally, due to the complexity of current systems, it is important to develop efficient distributed and/or decentralized approaches.