Diagnosability of composite automata based on semi-tensor product

Fault diagnosis is an important issue of partially observed discrete event systems (DESs). In this problem, fault detection and isolation are two associated tasks, where a fault is diagnosable if it can be detected certainly with a finite delay occurrence and a system is diagnosable if any type of faults can be distinguished with the observed information. Existing researches for fault diagnosis tend to regard faults as unobservable faulty events or states. In this paper, there exists a key conversion, denoting faults by accessible changes of state transition, and then obtains a normative and a faulty construction of given systems. Specially, we establish algebraic structures of composite automata with the help of semi-tensor product and propose a definition of diagnosability based on algebraic state space. Notice that the definition is so different from existing results that provide a new opportunity to fault diagnosis when existing criteria fail. Besides, we construct matrix observers to summarize the requisite information in the evolutionary process and present corresponding theorems to the verification of diagnosability. We apply the exhaust gas recirculation system and the heating system to illustrate the matrix approach in this paper is feasible.


Introduction
Property verification of discrete event systems (DESs) is a crucial subject and there has been considerable excellent results (Cassandras & Lafortune, 2009;Yin, 2019), containing detectability (Han, Chen, Zhao, 2017;Shu & Lin, 2013;Shu et al., 2007), opacity (Saboori & Hadjicostis, 2012;Yin & Lafortune, 2017) and diagnosability (HashtrudiZad et al., 2003;Lin, 1994;Reshmila & Rajagopalan, 2019;Sampath et al., 1995;Yin & Li, 2016b;Zaytoon & Lafortune, 2013;Zhu et al., 2017). Today, with increasing systems' security requirements, diagnostic problem research has always made sense. In the history of diagnosability analysis for DESs, scholars tend to regard faults as unobservable faulty events or states. Typically, the work in Lin (1994) used states to model faults and studied both on-line and off-line diagnostics. The languagebased definition of diagnosability was first proposed in Sampath et al. (1995), where a language can be diagnosed if faults are detectable and isolable with a finite delay occurrence. Besides, the authors proposed a valid approach for detection and isolation of faulty events by diagnosers. From then on, many expanded problems of fault diagnosis have been studied. For example, Contant et al. (2004) considered the problem of 'intermittent' faults diagnosis for some fault events followed by CONTACT Zengqiang Chen chenzq@.nankai.edu.cn corresponding 'reset' events, whereas Genc and Lafortune (2007) studied online fault diagnosis of modular dynamic systems modelled as place-bordered Petri nets and Yin andLi (2016a, 2018) investigated decentralized fault prognosis of partial-observed DESs with guaranteed performance bound and state-estimate protocols, respectively. Specially, Moreira et al. (2011),  and  proposed a new algorithm to verification of centralized or decentralized diagnosability, which could have lower computation complexity. Notice that many results referred above usually regard faults as unobservable events and depend on observed input strings to diagnose them based on the formal method. It motivates us to think over that whether we can transform unobservable fault events into observable changes of state transition and find a novel mathematical approach to analyse the problem of diagnosability.
Because of the social need for complex dynamic system security research, it is noteworthy to consider more complex DESs and model them as composite automata. On one hand, it is a meaningful task to analyse hybrid systems, which have wide applications in the real world. For example, the heating system in Sampath et al. (1995) and the exhaust gas recirculation system in Lin (1994) are classical composite DESs. Particularly, in Roszkowska et al. (2018), the authors presented a composite automaton as the supervisor to ensure multiple mobile robots' correct concurrent motion. On the other hand, the analysis of composite automata is more challenging for large scales. To our best of knowledge, it is common to model composite automata by enumeration or graph structure. Enumeration gives more detailed information about composite automata and graph structure clearly shows the composite relation. It would be a good job to combine two advantages in one model.
There is no doubt that a legible and simple mathematical structure is more conducive to the in-depth study of problems. Fortunately, among different existing methods, we find a new method, algebraic state space approach (ASSA), to analyse the problem of diagnosability for composite DESs. ASSA, established by semi-tensor product, is an effective tool to obtain an equivalent algebraic expression of a finite-value system. So far, there has been a number of works based on ASSA Lu et al., 2017), such as feedback control of Boolean control network (Lu et al., 2019;Zhu et al., 2020), stability analysis for some logical systems (Cheng et al., 2015;Han & Chen, 2018;Li et al., 2014;Zhang et al., 2019;Zhao et al., 2019), minimal siphons in Petri nets (Han, Chen, Liu, et al., 2017), reachability analysis about finite automata (Xu & Hong, 2012;Yan et al., 2016;Zhang, Xia, Chen, Yang, et al., 2020) and so on (He et al., 2020;Xu & Hong, 2013). Specially, Fornasini and Valcher (2015) addressed the problem of fault detection of Boolean control networks via semi-tensor product and in Chen et al. (2020), a matrix approach to fault detection of finite automata was proposed, which motivated us to consider whether fault diagnosis of DESs under the algebraic structure could be resolved effectively.
Based on the above discussion, it is significant to pinpoint faulty components and infer diagnosis information from accessible data in the literature of diagnosability. Many mature results have been achieved by the formal method, while ASSA also shows great potential in property analysis of DESs. In this paper, we address the problem of diagnosability for composite automata based on semi-tensor product. On one hand, modelling and analysis of composite automata via ASSA is feasible. On the other hand, the definition and verification of diagnosability based on ASSA is novel. Our main contributions are summarized in the following: • Consider a novel form of faults-transforming unobservable faulty events into observable changes of state transition. And then, obtain two available constructions for a given system: a normative and a faulty construction. • Establish an algebraic expression of Moore composite automata by semi-tensor product, which contains both the composite relation and as much detailed evolutionary information as possible. Specially, the overall algebraic structure of a Moore composite automaton is consistent with a general Moore automaton. • Present a novel definition of diagnosability based on algebraic state space and construct matrix observers to verify whether a fault (respectively, a given system) is diagnosable. • Propose an algorithm to the verification of diagnosability for the lth fault with a finite delay t l − 1, the time complexity of which is O(|X| × | | t l × |Y| 2 ). Furthermore, the verification of diagnosability for a given system is Here, X is the set of states, is the set of events, f is the set of fault events and Y is the set of outputs.
The arrangement of this paper is shown as follows: Section 2 introduces some preliminaries about notations, semi-tensor product and algebraic structure of Moore automata. Section 3 establishes a novel system model and obtains the overall algebraic structure for composite automata. Section 4 contains three main works: definitions of diagnosability, construction of an observer matrix and verification of diagnosable faults. Section 5 shows the application of our results to the heating system and Section 6 summarizes works in this paper and provides our expectation.

Preliminaries
In this section, we introduce some preliminaries about necessary notations, semi-tensor product and algebraic structure of composite automata.

Notations
(1) R m×n denotes the set of m × n real matrices.

Semi-tensor product
Semi-tensor product of matrices is a necessary tool to obtain the algebraic expression of a given system. We can find more information in Cheng and Qi (2010) and Cheng et al. (2012).
Definition 2.1: Assume that matrices M ∈ R p×q and N ∈ R s×t . The semi-tensor product is defined as where α = lcm(q, s) denotes the least common multiple of q and s, and ⊗ represents the Kronecker product.
Remark 2.1: When q = s, M N = MN, i.e. ordinary matrix multiplication is a special case of semi-tensor product. And for M ∈ R p×q , N ∈ R s×t and Q ∈ R r×l , we have ( 2 )

Remark 2.3:
Pseudo-commutation is a novel property of semi-tensor product. For a column vector Z ∈ R t , we have

Algebraic structure of automata
G is a deterministic automaton, denoted by a six-tuple G = (X, , Y, x 0 , δ, λ), where X is the set of states, = o ∪ uo is the set of input events with observable events o and unobservable events uo , Y is the set of outputs and x 0 ∈ X is the initial state. δ : X × → X is the partial state transition function, where δ(x, σ ) = x denotes that state x can be reached from x by event σ . For any s ∈ * , σ ∈ , δ(x, sσ ) = δ(δ(x, s), σ ), where * is the set of input strings upon , including . Note that there exists a projection P : * → * o defined as There are two kinds of automata according to output function: Moore automaton and Mealy automaton. Moore automata are automata with (state) outputs, where λ : X → Y, denoted by Figure 1(a) and Mealy automata are input/output automata, where λ : X × → Y, denoted by Figure 1(b). There are many physical systems modelled as Moore automata, where the output depends only on a current state (Cassandras & Lafortune, 2009). Notice that if any state from X can be an initial state and it has nothing to do with outputs, G can be abbreviated as G = (X, , δ). All in all, the number of variants for a deterministic automaton can vary with needed.
Given a deterministic Moore automaton G = (X, , Y, x 0 , δ, λ), we want to establish its algebraic expression with semi-tensor product. Suppose that X = {x 1 , x 2 , . . . , x n }, With all input events, obtain the transition structure (nm) . Similarly, Moore output structure matrix H ∈ L p×n can be defined as Finally, an algebraic expression of the automaton is obtained as follows: For the example in Figure 1

System model
In this section, we want to introduce algebraic expressions of two kinds of composite automata and discuss their normative and faulty structures.
There is no denying that the failure of a single widget can paralyse an entire complex system. For example, as a parallel composite automaton by the valve and throttle, the exhaust gas recirculation system, depicted by Figure 2, may break down when the valve is trapped in open or closed. In this case, we can first focus on analysing the evolutionary process of component automata and then take advantage of the output information of composite automata to diagnosis.
It is reasonable to make the following assumptions about given systems: • Any fault is irreparable. Therefore, the faulty states cannot recover to normal states. • Any fault is constant. Therefore, the faulty states cannot transit to other category of faulty states. Consider two deterministic automata where G 1 works normally all the time and G 2 has several possible faults.
Obtain that X 2 There are two available constructions for G 2 : a norma- In this case, we can get the transition structure matrices of G 2 N and G 2 F with (9), depicted by F (2) ∈L n 2 ×n 2 m 2 and F (2) f ∈ L n 2 ×n 2 m 2 , respectively.
we could add suppositional states into X 2 to resolve it.

Remark 3.2:
There exists a key conversion, denoting the faults by accessible changes of state transition using definitions of the faulty reach.

Remark 3.3:
It is significant to relabel elements in sets X 2 F and X 2 N , which will be presented as a norm later.
There are two common operations on automata: product, denoted by × in Figure 3(a) and parallel, denoted by || in Figure 3  Consider the parallel composition of G 1 and G 2 N .
First, extend transition structure matrices F (1) , F (2) aŝ F (1) ∈L n 1 ×n 1 m ,F (2) ∈L n 2 ×n 2 m , respectively, wherê Then, we can get where σ (t) ∈ . Following, that is, the state transition structure matrix of the parallel composite automaton by G 1 and G 2 N is whereM =F (1) (I n 1 m ⊗F (2)  Similarly, we can obtain its by G 1 and G 2 F as whereM It is helpful to take output information of the composite automaton into consideration. First, we present a definition of compatible states between X 2 N and X 2 F . It is worth noticing that ∀ In fact, the above definition presents a norm about how to relabel elements in sets X 2 F and X 2 N . For x and x constructed by compatible states x 2 and x 2 , we have δ i 1,2 n = δ i 1,2 n . Without confusion, we assume that states x and x have the same number afterwards. Therefore, we obtain an overall algebraic structure of the parallel composite automata by G 1 and G 2 as whereM = [MM f ] ∈L n×2nm and n = n 1 n 2 , f (t) ∈ 2 is the fault signal with f (t) = δ 1 2 denotes the normative system and f (t) = δ 2 2 denotes the faulty one.
Remark 3.5: Notice that algebraic expressions of composite automata obtained by product or parallel composition are identical in structure thanks to the convenience of semi-tensor product for model description. This work has a great advantage in obtaining a simpler mathematical structure of composite automata. Afterwards, we will analyse the parallel composite Moore automaton. Results obtained would also be applied to the product composite automata without doubt.

Fault diagnosis analysis
In this section, we propose the definition of diagnosability based on algebraic structures established in Section 3 and propose a matrix approach to verify whether a fault (respectively, a given system) is diagnosable.

Definition of diagnosability
In diagnosability analysis, a fault is diagnosable if it can be detected certainly with a finite delay occurrence and a system is diagnosable if any type of faults can be distinguished with observed information. In Section 3, we have transformed unobservable fault events into observable changes of state transition, which motivates us to compare evolutionary process of the normative system with the faulty one. Considering an initial state x(1), with an input string s = σ (1)σ (2) · · · σ (t), we have First, we define a set of all affected states asX := {x ∈ X : ∃ σ ∈ , s.t.M x σ =M f x σ }, and the corresponding inputs as˘ (x) := {σ ∈ :M x σ =M f x σ }. Notice that whenX = ∅ and˘ = ∅, there are actually some faults needing to be detected and isolated in the system, that is,X and˘ denote the condition estimation for faults. Besides, we define a set of detectable states for the lth fault as . Now, we give definitions of diagnosability for a fault and a given system. Definition 4.1: Given a composite Moore automaton (17), the lth fault is said to be diagnosable if ∀x ∈X ∩ X (σ f l ), ∃s = σ (1) σ (2) · · · σ (t), where σ (1) ∈˘ (x). x s) ∈ C l denotes the lth fault would be detected with a finite delay t−1 after its occurrence. Any type of fault could be distinguished and then the given system is diagnosable. The definition is presented in the following.
Example 4.1: Consider the above example in Section 3 continually. We can obtain thatX = {x 1 , For the first fault: the valve is trapped in open, we have For the second fault: the valve is trapped in close, we have According to the definition of diagnosability, we have: Then, the second fault is diagnosable.
Therefore, the first fault is diagnosable. In conclusion, the system could be diagnosed with the mostly 1 step delay.

Remark 4.2:
Notice that in the work of Lin (1994), the exhaust gas recirculation system is not diagnosable since no control can diagnose whether the valve is trapped in close. In another profound definition of diagnosability proposed by Sampath et al. (1995), the result is also different from Example 4.1. Therefore, the proposed diagnosability in this paper is a novel notion and provides a new opportunity to fault diagnosis when existing criteria fail.

Matrix observer
In this section, we would construct matrix observers of given systems, which contain requisite evolutionary information.
Notice that there are many zero elements inM t ,M t f and H occupying the storage space. In fact, we care more about the position of non-zero elements in these structure matrices. To exhibit effective information more clearly and avoid occupying the storage space, we take the following method to reconstruct structure matriceŝ M t ,M t f and H. Firstly, forM = δ n [α 11 · · · α 1m · · · α n1 · · · α nm ], we should know that α ij = i when x i = δ(x i , σ j ), where i, i ∈ {1, 2, . . . , n}, j ∈ {1, 2, . . . , m}, that is, α ij denotes the position information what we care about.
Then, we reconstructM as where P ∈ R n×m . Here, we use the row, column and element values in P(i, j) to represent three types of information of α ij , i.e. the starting state, the operated event and the reached state in a state transition. Then, we recon-structM f as P f ∈ R n×m similarly. α 1m , 1) . . . . . .
In fact, Q (t+1) is reconstructed from H M t , which would be proved in Lemma 4.1.

Lemma 4.1:
Assume that x(1) = x i , i ∈ {1, 2, . . . , n}, there exists an input string s = σ (1)σ (2) · · · σ (t), s.t. x i = δ(x i , s) and y k = λ(x i ). We have Proof: For initial state x(1) = x i , i ∈ {1, 2, . . . , n}, there exists an input string s = σ (1)σ (2) · · · σ (t), s.t. x i = δ(x i , s) and y k = λ(x i ). According to the definition of the transition structure matrix, we have its equivalent algebraic expression as where δ Note that j = τ m (τ m (τ m (j 1 , j 2 ), . . .), j j t ) is obvious. Therefore, we just need to prove that Q (t+1) (i, j) = k is equivalent to (21). Proof by induction. When The conclusion is established. Suppose that the conclusion maintains until t−1. Then We construct the matrix Q (t+1) by label, which plays the role of an observer. On the other hand, we can obtain the labelled matrix Q (t+1) f in the same way to reduce the occupation by redundant zero elements in H M t f .

Remark 4.3:
From Lemma 4.1, we know that matrix Q (t+1) describes the evolutionary process for a given system. The labelled number of the row depicts information for initial states and the columns denote all possible inputs with length of t. The element value of Q (t+1) (i, j) shows the obtained output from initial state x i with input s. The observer could also be applied to other properties' analysis, such as observability, controllability, detectablity and so on.

Verification of diagnosability
In this section, we will apply the matrix observer to the verification of diagnosability and present an algorithm to illustrate the main result in this paper. First, for the set of effected statesX and the corresponding inputs˘ (x), we give the equivalent notion from labelled matrices P and P f . We define an ordered set as R := {(i, j) | P(i, j) = P f (i, j), i ∈ {1, 2, . . . , n}, j ∈ {1, 2, . . . , m}}. It is easy to obtain that (i, j) ∈ R ⇔ x i ∈ X ∧˘ (x i ) = σ j , i.e. R is the ordered set ofX and˘ , only containing the labelled numbers. Besides, define other two labelled sets for the lth fault as Note that X l represents the labelled set of faulty reach from σ f l and Y l depicts the labellings of corresponding outputs from detectable states in C l . Now, we give the necessary and sufficient condition of a diagnosable fault.

Example
Heating system, modelled as a DES, is a typical example for fault diagnosis. It is a parallel composite automaton, constituted by the pump, valve and controller, which are shown in Figure 6. The component valve contains two fault states SC (for 'Stuck-closed') and SO (for 'Stuckopen'), which are taken by faulty events STUCK-CLOSED and STUCK-OPEN. Besides, there are two sensors, a valve flow sensor and a pump pressure sensor. The valve flow sensor has two possible values: Flow (F) or No Flow (NF) and the pump pressure sensor also has two possible values: Positive Pressure (PP) or No Pressure (NP). The parallel composition of three automata decides together outputs of two sensors. It is of particular interest that the flow sensor will return F only when the valve is open and the pump is on.
The pump, valve and controller are modelled as three deterministic automata, respectively. The pump is Besides, assume that the output of the parallel composite automaton is Y = {y 1 = (PP, F), y 2 = (PP, NF), y 3 = (NP, NF)}. Now, we apply the algorithm in Section IV to diagnose the faults STUCK-CLOSED and STUCK-OPEN within a 2-step delay.
In conclusion, the system cannot be diagnosed with a 2-step delay.

Conclusion
In this paper, we have studied the problem of diagnosability for composite Moore automata based on semitensor product of matrices. Different from existing methods, we have transformed the faults into changes of state transition and established an overall algebraic structure of the given system, based on which the matrix-based definitions of diagnosability for a fault and the system have been proposed. Following that we have constructed matrix observers and presented corresponding theorems and an algorithm to determine whether a fault (respectively, the system) is diagnosable. In conclusion, we have proved that the matrix approach to analysis of diagnosability for DESs is feasible and novel.
It is meaningful to find out another novel approach to the property analysis of DESs and the matrix observer established in this paper can be used to other properties verification. Besides, there is a ponderable task to solve in the future, that is, the computational complexity of proposed methods in this paper is not lower than several existing results.

Disclosure statement
No potential conflict of interest was reported by the author(s).

Funding
This work is supported by National Natural Science Foundation of China under Grants 61973175, 61573199 and U1804150.