Automatica 49 (2013) 223–231 Contents lists available at SciVerse ScienceDirect Automatica journal homepage: www.elsevier.com/locate/automatica Brief paper Robust diagnosis of discrete-event systems against permanent loss of observations ✩ Lilian K. Carvalho a , Marcos V. Moreira a , João C. Basilio a,1 , Stéphane Lafortune b a Universidade Federal do Rio de Janeiro, COPPE - Programa de Engenharia Elétrica, 21949-900, Rio de Janeiro, RJ, Brazil b Department of Electrical Engineering and Computer Science, University of Michigan, Ann Arbor, MI 48109, USA article info Article history: Received 20 July 2011 Received in revised form 20 April 2012 Accepted 30 July 2012 Available online 9 October 2012 Keywords: Discrete-event systems Fault diagnosis Sensor failures Robust diagnosability abstract We consider the problem of diagnosing the occurrence of a certain unobservable event of interest, the fault event, in the operation of a partially-observed discrete-event system subject to permanent loss of observations modeled by a finite-state automaton. Specifically, it is assumed that certain sensors for events that would a priori be observable may fail at the outset, thereby resulting in a loss of observable events; the diagnostic engine is not directly aware of such sensor failures. We explore a previous definition of robust diagnosability of a given fault event despite the possibility of permanent (and unknown a priori) loss of observations and present a polynomial time verification algorithm to verify robust diagnosability and a methodology to perform online diagnosis in this scenario using a set of partial diagnosers. © 2012 Elsevier Ltd. All rights reserved. 1. Introduction The basic event diagnosis problem for discrete-event systems is to perform model-based inferencing at run-time, using sequences of observable events, and determine, with certainty, if a given unobservable ‘‘fault’’ event has occurred or not in the past. The property of diagnosability formally captures the ability to always detect at run-time any occurrence of the given fault event, within a finite number of event transitions. There is a very large body of literature on (offline) diagnosability analysis and (online) event diagnosis of discrete-event systems modeled by automata, the modeling formalism considered in this paper; see, e.g., Boel and van Schuppen (2002), Debouk, Lafortune, and Teneketzis (2000), Genc (2008), Jéron, Marchand, Pinchinat, and Cordier (2006), Kumar and Takai (2009), Lin (1994), Lunze and Schröder (2004), Pencolé and Cordier (2005), Qiu and Kumar (2006), Sampath, Sengupta, Lafortune, Sinnamohideen, and Teneketzis (1995), Thorsley and Teneketzis (2005), Tripakis (2002), Wang, Yoo, and ✩ This work was partially supported by the Brazilian Research Council (CNPq) grant 200820/2006-0 and by the US National Science Foundation grant EECS- 0624821. The material in this paper was not presented at any conference. This paper was recommended for publication in revised form by Associate Editor Jan Komenda, under the direction of Editor Ian R. Petersen. E-mail addresses: lilian@coep.ufrj.br (L.K. Carvalho), moreira@dee.ufrj.br (M.V. Moreira), basilio@poli.ufrj.br (J.C. Basilio), stephane@umich.edu (S. Lafortune). 1 Tel.: +55 21 2562 8021; fax: +55 21 2562 8627. Lafortune (2007), Ye, Dague, and Yan (2009), Yoo and Lafortune (2002), Zad, Kwong, and Wonham (2003) and the references contained therein. Two classes of automata derived from the automaton model of the system have been defined in the above works: diagnosers and verifiers. Both diagnosers and verifiers can be used for offline analysis of diagnosability properties; online diagnosis is usually implemented using diagnosers. Let us assume that the given set of sensors attached to the system is recording all potentially observable events at run- time. We are interested in the situation where sensors for some combinations of (potentially observable) events fail prior to the first occurrence of an event they are monitoring; such failures are assumed to be permanent and unknown a priori. In this case, if online diagnosis is performed using a standard diagnoser built on the basis of all potentially observable events, then this diagnoser could get stuck in some states (e.g., no further observed event, or occurrence of an event not in the current active event set) or could even issue incorrect diagnostic decisions; an example is presented in Section 3. We would like to still perform correct diagnosis of the original unobservable fault event despite the (unknown a priori) loss of observations resulting from sensor failures. Recently, there have been some works on sensor failures in supervisory control of discrete-event systems (see, e.g., Rohloff (2005); Sanchez and Montoya (2006)), on various notions of ‘‘robust’’ diagnosis of discrete-event systems in the presence of potentially faulty sensors, in particular, Basilio and Lafortune (2009), Carvalho, Basilio, and Moreira (2010, 2012), Contant, Lafortune, and Teneketzis (2006), and Takai (2010, 2012) and on 0005-1098/$ – see front matter © 2012 Elsevier Ltd. All rights reserved. doi:10.1016/j.automatica.2012.09.017