Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Distributed Fault Detection for untimed and for timed Petri nets René Boel, SYSTeMS Group, Ghent University with thanks to: G. Jiroveanu, G. Stremersch,

Published byLeonard Charles Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Distributed Fault Detection for untimed and for timed Petri nets René Boel, SYSTeMS Group, Ghent University with thanks to: G. Jiroveanu, G. Stremersch,"— Presentation transcript:

1 1 Distributed Fault Detection for untimed and for timed Petri nets René Boel, SYSTeMS Group, Ghent University with thanks to: G. Jiroveanu, G. Stremersch, B. Bordbar

2 2 Outline problem formulation and models centralised diagnosers via backward search distributed diagnosis for interacting Petri nets fault detection for timed Petri nets probabilistic fault diagnosis

3 3 adaptive supervisory control? improve behaviour of large plants consisting of many interacting components controlled by disabling events in order to guarantee that certain specifications are always satisfied requires on-line estimation of current mode of operation of plant

4 4 feedback control paradigm plant observed output state estimator and fault detector feedback law controlled input

5 5 distributed feedback control paradigm plant fault detector feedback law plant fault detector feedback law plant fault detector feedback law plant fault detector feedback law

6 6 distributed fault detection for large discrete event systems locally observable events at fault detection agent i (possibly small) subset of all events happening in plant i assume: all observable events are always seen immediately by local fault detection (FD) agent, with their exact occurrence time (global clock)

7 7 distributed fault detection for large discrete event systems Can cooperation between local fault detection agents guarantee same quality of fault detection as would be achievable by a centralized fault detection agent that –observes all observable events (plant i, i = 1,...,I) –knows model of complete plant what is minimal information to be exchanged between FD agents for achieving same performance as centralized FD?

8 8 distributed state estimation for discrete event models model includes unobservable events that cause deterioration of plant behavior, i.e. faults  each local fault detection agent implements local FD algorithm, in order to adapt supervisor's reaction to current mode of operation of plant  local agent uses sequence of observable events generated locally

9 9 distributed state estimation for discrete event models one fault detection (FD) agent per component limited communication between local FD agents allows performance as good as centralized FD agent that: would see all observable events, would know global model

10 10 distributed observers distributed implementation reduces on-line computational complexity of FD agents distributed implementation makes fault detection more robust against communication errors that centralized FD...provided local FD agents provide overestimate of set of possible faults

11 11 distributed observers distributed implementation of FD agents makes fault detection less sensitive to errors in knowledge about model especially knowledge of distant components often outdated when components change often

12 12 distributed observers but design more complicated because –local FD agents must understand effects of interaction between components –communication strategy between local FD agents must be designed

13 13 Petri net model common places may be unobservable parts of physical network interactions via common places - no common transitions assume at least one observable event in cycle covering more than one component only very few transitions generate (locally) observable signal

14 14 interaction of Petri net components described by token passing via common places token entering boundary place enables events to happen only once in neighboring components

15 15 interaction of Petri net components described by token passing via common places token entering boundary place enables events to happen only once in neighboring components

16 16 interaction of Petri net components tight interaction between components local FD agent i may not know initial marking of places in plant i forward explanations not possible for generation of allowed trajectories explaining observations

17 17 backward explanation generate all trajectories that –are compatible with observations up to present time –are compatible with plant model starting from most recently observed execution of transition t and recursively moving upward to its input places ° t, its input transitions ° ( ° t), and so on until possible previous marking is obtained

18 18 Petri net: example for explaining backward recursion t 13 P places  P Τ transitions  Τ Pre arc Post arc token place with 2 tokens

19 19Algiers, 5/5/07VECOS'07 decompose Petri net in 2 components that interact via places p5, p9 t 13 each component contains one fault transition, resp. t 1, t 8 each component contains one observable transition, resp. t 6, t 10

20 20 observer design for one single component behaviour: Petri net model generates sequence of events observation: only some of the events are observed by control agent model: set T of transitions partitioned in observable transitions t  T o and unobservable transitions t  T u

21 21 Petri net: compositional modelling Large plants can be represented by several Petri net components, interacting with each other by unobservably exchanging tokens via common places component 1component 2

22 22 Petri net: compositional modelling P set P of places of Petri net model consists of "local places" in each component i P IN,i,jfor component i: "input places P IN,i,j that have input transitions (Pre) in component j and output transitions (Post) in component i P OUT,i,jfor component i: "output places P OUT,i,j that have output transitions (Pre) in component j and input transitions (Post) in component i decomposition not constrained by limitations on sensors

23 23 Petri net: compositional modelling To avoid unnecessary complications in analysis: assume Petri net bounded, i.e. all reachable markings have bounded number of tokens in each place Problematic assumption: boundedness depends on the global structure of the Petri net, cannot be verified locally!

24 24 Petri net: compositional modelling fault detection agent i for component i only observes local observable events component 1component 2 agent 1 observes each occurrence of t 6, at clock times  (t 6 ) n agent 2 observes each occurrence of t 10 at clock times  (t 6 ) n

25 25 computational complexity combining two components of similar size leads to much more complicated behaviour number of possible traces of combination of two components is much larger than twice the size of the behaviour of each component separately! exponential explosion of computational complexity!

26 26 Outline problem formulation and models why distributed on-line state estimation? backward generation of explanations distributed diagnosis extensions to timed DES models open questions and conclusions

27 27 example p5p5 p8p8 p9p9 p 11 p7p7 p6p6 t9t9 t8t8 t 10 t 11 t 12 t 13 only observable event: t 10 fault event: t 8 if only p 8 is marked initially then only normal behaviour is trace {t 12 } and empty trace while possible faulty behaviour contains all prefixes of {t 8, t 10, t 11 } including empty trace

28 28 prefix set of all prefixes of {t 8, t 10, t 11 } = , {t 8 }, {t 8, t 10 }, {t 8, t 10, t 11 } since untimed model does not specify any upper bound on time delays for events the model can never guarantee that an enabled event will have happened

29 29 example p5p5 p8p8 p9p9 p 11 p7p7 p6p6 t9t9 t8t8 t 10 t 11 t 12 t 13 only observable event: t 10 fault event: t 8 if only p 5 is marked initially then normal behaviour includes all prefixes of the trace {t 9, t 13, t 10, t 11 } where moreover t 13 can also occur after t 10 and after t 11

30 30 unfolding of Petri net set of all prefixes and permissible reorderings of the trace {t 9, t 13, t 10, t 11 } = , {t 9 }, {t 9, t 13 }, {t 9, t 10 }, {t 9, t 13, t 10 }, {t 9, t 10, t 13 }, {t 9, t 10, t 11 }, {t 9, t 13, t 10, t 11 }, {t 9, t 10, t 13, t 11 }, {t 9, t 10, t 11, t 13 } described by unfolding of the net, obtained by –by "opening all cycles" and –by "copying all places with more than 1 input transition"

31 31 example does not contain cycles place p 6 and place p 9 must be replaced by 2, resp. 3 copies of the place unfolding of Petri net p5p5 p8p8 p 9,1 p 11 p 7,2 p 6,1 t9t9 t8t8 t 11,1 t 12 t 13 p 9,2 p 9,3 p 9,4 p 7,1 p 6,2 t 10,1 t 11,2 t 10,2

32 32 after unfolding a Petri net each token is generated by a uniquely defined sequence of events problem: how to make an unfolding finite? It is possible to obtain a finite unfolding of a Petri net so that "same behaviour" is generated (taking into account that repeating a cycle infinitely often does not generate new states) unfolding of Petri net

33 33 forward analysis via unfolding if initial marking is known then one can enumerate all possible traces that end with an observable event occurrence and select as possible explanations of the observed events only those traces that contain the observed events in correct order using unfoldings avoids need for enumerating all possible orderings of unobservable events

34 34 forward analysis via unfolding but requirement that all initial markings are known (or an upper bound on these markings) is not acceptable for distributed fault detection P IN,i,jsince component i does not know how many tokens component j puts in input places P IN,i,j and when it puts these tokens there

35 35 Outline problem formulation and models why distributed on-line state estimation? centralised diagnosers distributed diagnosis extensions to timed DES models open questions and conclusions

36 36 backward search can avoid this difficulty finding minimal explanations via backward search determines where tokens should be available and by what time they must be in that place

37 37 example: backward search p5p5 p8p8 p9p9 p 11 p7p7 p6p6 t9t9 t8t8 t 10 t 11 t 12 t 13 observe: t 10 at time  (t 10 ) token must have arrived in p 6 before  (t 10 ) either fault t 8 or unobservable event t 9 must have fired before  (t 10 )

38 38 example: backward search p5p5 p8p8 p9p9 p 11 p7p7 p6p6 t9t9 t8t8 t 10 t 11 t 12 t 13 observe: t 10 at time  (t 10 ) token must be present in p 6 before  (t 10 ) or have been sent to p 5 by neighboring component before  (t 10 )

39 39 example: backward search p5p5 p8p8 p9p9 p 11 p7p7 p6p6 t9t9 t8t8 t 10 t 11 t 12 t 13 FD agent 2 knows token was present in p 8 prior to  (t 10 ) and hence it can determine that fault t 8 may have occurred but determining whether fault t 8 occurred for sure requires information from neighboring component that it can put token in p 5 before  (t 10 )

40 40 example: backward search p5p5 p8p8 p9p9 p 11 p7p7 p6p6 t9t9 t8t8 t 10 t 11 t 12 t 13 in order to determine whether explanations (t 9 t 10 ) is also possible FD agent 2 must ask niehgboring FD agent 1 if it is possible that a token arrived in p 5 before  (t 10 ) note that FD agent 2 does not have to know model of plant 1 except for fact that p 5 is common place

41 41 possibility of token in p 5 depends on whether agent 1 knows that 2 tokens in p 0 present before  (t 10 ) if so then irrespective of how many times t 6 has been observed by FD agent 1 a token could may reach p 5 prior to  (t 10 ) VECOS'07Algiers, 5/5/07 t 13 example: backward search

42 42 agent 1 responds that it is possible that p 5 became marked before time  (t 10 ) from this response FD agent 2 concludes that the fault t 8 may or may not have occurred VECOS'07Algiers, 5/5/07 t 13 example: backward search

43 43 Note that a central observer knowing both models and seeing all observations also would not be able to draw an unambiguous conclusion VECOS'07Algiers, 5/5/07 t 13 example: backward search

44 44 FD agent 1 will return the same response if only 1 token is in p 0 but t 6 has not been observed yet, and the conclusion of FD agent 2 will be the same however FD agent 1 will know then that the token in p 0 can no longer be used for future explanations VECOS'07Algiers, 5/5/07 t 13 example: backward search

45 45Algiers, 5/5/07VECOS'07 t 13 example: backward search if only 1 token were present in p 0 prior to  (t 10 ) and FD agent 1 has observed the occurrence of t 6 prior to  (t 10 ) then the token in p 5 can only occur via (t 0, t 3, t 6 ) which requires a token in p 9 prior to  (t 10 )

46 46Algiers, 5/5/07VECOS'07 t 13 example: backward search but then... agent 1 must return the question to agent 2 and ask it is possible that p 9 has received a token prior to  (t 10 ) FD agent 2 will answer that this is indeed possible, and will receive a positive answer from FD agent 1

47 47Algiers, 5/5/07VECOS'07 t 13 example: backward search moreover FD agent 2 knows that in that case the only explanation of t 10 occurring at  (t 10 ) is the sequence of events (t 9,t 10 ) then FD agent 2 can deduce that the fault t 8 has not occurred

48 48 distributed fault diagnosis via backward search method described in simple example can be applied for all compositions of Petri nets interacting via common places using general algorithm for generating minimal explanations (backward unfolding) at random times any FD agent can initiate communication round that is assumed to reach a conclusion instantaneously (before any other fault or observable event can occur)

49 49 local explanation = ordered sequence of local unobservable and observable events, so that –ordering of observable events corresponds to observations –uppermost transition of local explanation is either a place that is known locally to be marked initially, or a place where a token can enter the local component from a neighbouring component

50 50 fault diagnosis Relaxed diagnosis goal! OBS iEnumerate only the minimal traces containing sequences of events that must have happened for OBS i to be allowable do not expand minimal traces, i.e. do not include transitions that do not lead to satisfaction of constraints necessary for occurrence of observable event

51 51 Minimal explanations Set ℇ i,Min ( OBS i ) of minimal local explanations using model of component i and local observations in model i would allows us –to decide if a fault happened for sure in component i if we could detect the tokens entering via boundary places

52 52 Construction of minimal explanations OBS =assume OBS = {t 1 o }, 1st observation at time  (t 1 o ) necessary constraint for execution of event t 1 o is marking by at least 1 token of each place p in k in Pre(t 1 o ) this in turn requires that for each place p in k at least one of the input transitions (determined by Post(., p in k ) of p in k ) has fired prior to  (t 1 o )

53 53 Construction of minimal explanations assumption no unobservable cycles with choice places sufficient to guarantee search stops in finite time (ensures no problems occur due to tokens moving unobservably through cycles containing several initially marked places) all unobservable cycles must be trap circuits

54 54 faults should not be predictable theorem about equivalence of distributed and centralized diagnosis only true if reasonable assumption is made that faults are not predictable, i.e. there does not exist a marking that does inevitably lead to a fault transition

55 55 Some particularities of model Unlike many other distributed anayses (Fabre, Jard, Su,...) we assume global clock available but each agent only knows local model and interactions with neighbouring models justification: –GPS timer sufficiently accurate for applications, –but many reconfigurations make it difficult for each agent to know global model –applications "slow" networks

56 56 distributed fault detection From time to time local agents should exchange enough information so that local diagnosis result in component i detects all the local faults that global diagnoser would detect at same time i.e. after communication between agents local diagnosis = projection of global diagnosis

57 57 Outline problem formulation and models why on-line state estimation? centralised diagnosers distributed diagnosis fault diagnosis for time Petri net models probabilistic DES, open questions and conclusions

58 58 timed discrete event models if minimal and maximal time delays for executing transitions are specified by model then not every untimed prefix of a possible trace is possible for timed model alternatively stated: adding a token may reduce reachable space analysis much more difficult, since set of reachable states not monotonely growing simplify notation: only 1-safe nets

59 59 time Petri net model assume t becomes enabled at  p then t must be executed at some time  [  en (t) +L(t),  en (t) +U(t)] where  en (t) = max p  ● t {  p } if t has not been executed yet, and no other enbabled transition has removed a token form one place in ● t, then t is forced to execute at  en (t) +U(t)

60 60 time Petri net model consider choice place p with t 1, t 2  p ● if L(t 2 ) > U(t 1 ) then t 2 always pre-empted by t 1 drop t 2 from model  backward explanation of observations for timed model should remove such a path, even if it appears in explanation for timed model t1t1 t2t2

61 61 diagnosis can be refined by adding timing information to model start diagnosis for time Petri net model by developing, via backward search, set of minimal explanations of observations, compatible with untimed PN model check whether there exists for each event occurrence in untimed minimal explanation a non-empty interval of execution times that satisfies all the constraints  [  en (t) +L(t),  en (t) +U(t)]

62 62 diagnosis for timed model starts with diagnosis for untimed model and then checks if there exists a legal valuation of all the event times in the untimed minimal explanation diagnosis can be refined by adding timing information to model

63 63 valuation of variables in set of linear inequalities = possible execution times of events in set of possible untimed explanations of observed events at time when observation occurs fix this execution time, and check if each element in set of explanations is still compatible with timed model diagnosis can be refined by adding timing information to model

64 64 for timed model also need to expand set of explanations forward since timed model may force events to happen by a certain and not observing such a forced event implies elimination of such an explanation from set of possible explanations diagnosis can be refined by adding timing information to model

65 65 need to recalculate set of solutions to conjunctive/disjunctive set of linear inequalities at each time when –an observed event is executed –an enabled unobservable transition is forced to occur reduce problem on real valued sets to finite state problem by using state classes of time Petri nets diagnosis can be refined by adding timing information to model

66 66 problem becomes further complicated if one takes into account that concurrently executed traces may be forced to remove a token from a place and thus may also eliminate a traces from set of possible explanations of an observed event diagnosis can be refined by adding timing information to model

67 67 diagnosis for timed Petri nets variables in linear (in)equalities: execution times  t of all events t  minimal explanation ℇ Min ( OBS ) of observed set OBS must satisfy equations:

68 68 Outline problem formulation and models why on-line state estimation? centralised diagnosers distributed diagnosis extensions to timed DES models probabilistic fault diagnosis, open questions and conclusions

69 69 probabilistic diagnosis for free choice PNs it is possible to "easily" derive probability distribution over set of possible explanations of observed event sequence if  t  T u : #( ● t)=1 then it suffices to define for each place p a probability distribution over set of transitions in set p ●

70 70 probabilistic diagnosis if trace (t 1 t 2...t n O )  {possible explanations} of observation t n O at time  (t n O ) and if p n = probability that token in unique place {p k } = ● t k moves to t k (i.e. p k = probability that t k is executed if p k becomes marked) then the weight of trace (t 1 t 2...t n O ) in the of possible explanations is  k=1,...,n p k

71 71 probabilistic diagnosis the probability of trace (t 1 t 2...t n O ) in the of possible explanations is obtained by normalizing these weights  k=1,...,n p k over all elements in the set of explanations summing the probabilities of all traces that contain a fault defines the Bayesian (conditional) probability that the fault occurred, given the probabilistic model and given the observed sequence of events

72 72 probabilistic diagnosis for free choice PNs need to assign probability per set of places in ● t j for set of concurrent transitions with common ● t j calculation remains largely identical then as before for non-free choice nets the compatible definition of the probabilities of choices made by tokens in places becomes very difficult

73 73 probabilitistic diagnosis of timed Petri nets timed petri nets where each firing time distribution is exponentially leads to Markov process (= stochastic PN) probababilistic diagnosis in principle easy (Bayesian recursive algorithm) in that case but set of explanations of sequence of observed events for stochastic PN = set of explanations of untimed PN

74 74 probabilitistic diagnosis of timed Petri nets combining forced transitions (= probability distribution over interval with finite upper bound) leads to very complicated analysis computational complexity probably same as using finite state abstraction of such a probabilistic PN

75 75 other case studies traffic modelling via hybrid systems  incident detection via failure diagnosis differences: –stochasticity much more important –really hybrid system: use fluid Petri nets or hybrid automata –initial state belongs to large set of possible initial states concept of minimal explanation may be relevant in this case study too!

76 76 main ideas - open problems backward search more efficient/more easily distributed than forward search –for minimal explanations (faults that must have occurred - diagnosis versus prognosis) –computational complexity –stopping criteria/saturated languages concurrency expressed via Petri nets interaction between Petri net components via common places

77 77 conclusions applying fault diagnosis to realistic plant model requires computationally efficient algorithms combine analysis of this talk with computer science approaches for describing large sets, and for reachability analysis abstraction leads to pessimistic fault detection results but may be inevitable

Download ppt "1 Distributed Fault Detection for untimed and for timed Petri nets René Boel, SYSTeMS Group, Ghent University with thanks to: G. Jiroveanu, G. Stremersch,"

Similar presentations

Distributed Snapshots: Determining Global States of Distributed Systems Joshua Eberhardt Research Paper: Kanianthra Mani Chandy and Leslie Lamport.

Distributed Snapshots: Determining Global States of Distributed Systems Joshua Eberhardt Research Paper: Kanianthra Mani Chandy and Leslie Lamport.
Naïve Bayes. Bayesian Reasoning Bayesian reasoning provides a probabilistic approach to inference. It is based on the assumption that the quantities of.

Naïve Bayes. Bayesian Reasoning Bayesian reasoning provides a probabilistic approach to inference. It is based on the assumption that the quantities of.
1 Fault Diagnosis for Timed Automata Stavros Tripakis VERIMAG.

1 Fault Diagnosis for Timed Automata Stavros Tripakis VERIMAG.
Concurrent Operational Semantics of Safe Time Petri Nets Claude Jard European University of Brittany, ENS Cachan Bretagne, IRISA Campus de Ker-Lann, 35170.

Concurrent Operational Semantics of Safe Time Petri Nets Claude Jard European University of Brittany, ENS Cachan Bretagne, IRISA Campus de Ker-Lann,
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Based on: Petri Nets and Industrial Applications: A Tutorial

Based on: Petri Nets and Industrial Applications: A Tutorial
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
Approximation Algorithms Chapter 14: Rounding Applied to Set Cover.

Approximation Algorithms Chapter 14: Rounding Applied to Set Cover.
Timed Automata.

Timed Automata.
Supervisory Control of Hybrid Systems Written by X. D. Koutsoukos et al. Presented by Wu, Jian 04/16/2002.

Supervisory Control of Hybrid Systems Written by X. D. Koutsoukos et al. Presented by Wu, Jian 04/16/2002.
26 September 2003U. Buy -- SEES 2003 Sidestepping verification complexity with supervisory control Ugo Buy Department of Computer Science Houshang Darabi.

26 September 2003U. Buy -- SEES 2003 Sidestepping verification complexity with supervisory control Ugo Buy Department of Computer Science Houshang Darabi.
Week 11 Review: Statistical Model A statistical model for some data is a set of distributions, one of which corresponds to the true unknown distribution.

Week 11 Review: Statistical Model A statistical model for some data is a set of distributions, one of which corresponds to the true unknown distribution.
Copyright © Cengage Learning. All rights reserved.

Copyright © Cengage Learning. All rights reserved.
Merged Processes of Petri nets Victor Khomenko Joint work with Alex Kondratyev, Maciej Koutny and Walter Vogler.

Merged Processes of Petri nets Victor Khomenko Joint work with Alex Kondratyev, Maciej Koutny and Walter Vogler.
1 A class of Generalized Stochastic Petri Nets for the performance Evaluation of Mulitprocessor Systems By M. Almone, G. Conte Presented by Yinglei Song.

1 A class of Generalized Stochastic Petri Nets for the performance Evaluation of Mulitprocessor Systems By M. Almone, G. Conte Presented by Yinglei Song.
IE 469 Manufacturing Systems

IE 469 Manufacturing Systems
Dynamic Bayesian Networks (DBNs)

Dynamic Bayesian Networks (DBNs)
Bounds on Code Length Theorem: Let l ∗ 1, l ∗ 2,..., l ∗ m be optimal codeword lengths for a source distribution p and a D-ary alphabet, and let L ∗ be.

Bounds on Code Length Theorem: Let l ∗ 1, l ∗ 2,..., l ∗ m be optimal codeword lengths for a source distribution p and a D-ary alphabet, and let L ∗ be.
Best-First Search: Agendas

Best-First Search: Agendas
Diagnosis of Discrete Event Systems Meir Kalech Partly based on slides of Gautam Biswass.

Diagnosis of Discrete Event Systems Meir Kalech Partly based on slides of Gautam Biswass.

Similar presentations

Ads by Google