Prognosis of Failure Events Based on Labeled Temporal Petri Nets

Article history: Received: 21 February, 2020 Accepted: 30 April, 2020 Online: 18 June, 2020 To reduce the risk of accidental system shutdowns, we propose to control system developers (supervisor, SCADA) a prediction tool to determine the occurrence date of an imminent failure event. The existing approaches report the rate of occurrence of a future failure event (stochastic method), but do not provide an estimation date of its occurrence. The date estimation allows to define the system repair date before a failure occurs. Thus, provide visibility into the future evolution of the system. The approach consists in modelling the operating modes of the system (nominal, degraded, failed); the goal is to follow the evolution of the system to detect its degradation (switching from nominal to degraded mode). When degradation is reported, a prognoser is generated to identify all possible sequences and more precisely those ending with a failure event. then it checks among the sequences (with failure event) which ones are prognosable. The last step of the approach is carried out in two parts: the first part consists in calculating the execution time of the socalled prognosable sequences (by optimizing the number of possible states and resolving an inequalities system). The second part makes it possible to find the minimum execution (the earliest occurrence of a failure event).


Introduction
The supervision applications provided to control system developers (in manufacturing production, robotics, logistics, vehicle traffic, communication networks or IT) make it possible to report the detection of a dysfunction or accidental shutdown of the system and locate its origin. The discrete event systems (DES) community has developed diagnostic methods that focus on the logical, dynamic or temporal sequence of failure events that cause this dysfunction. However, the criticality of some systems and their complexity require a method of the failure events prognosis, to report their occurrence in advance in order to avoid any damage caused by a failure.
The challenge is therefore to prevent the future occurrence of a failure event. However, which suitable modeling tool is required for this system? And knowing that more the complexity of the system increases, more its state of space increase. So, how to overcome this problem of combinatorial explosion? And what are the prognosis limits?
Several fault prognosis methods have been developed; some have adopted a stochastic approach [1] [2] [3] while others have chosen non-stochastic [4]- [6], one for state automaton or Petri Net. These approaches are interested in prediction of failure m-steps in advance, based on a stochastic process. However, their assessment is difficult and probabilistic information is not always realistic. Others propose a prognosis approach [7] that consists of giving occurrence rates of possible traces that end with a failure event.
These approaches indicate the occurrence of a future failure event, but do not specify its occurrence date. The possible occurrence date of a failure event makes it possible to plan the intervention date to repair the system before a failure occurs and thus provides visibility into the future evolution status of the system.
The challenge of each group working on this topic is to predict perfectly the future reality. [8] introduces the notion of signature of a trace, which consists to use several formal systems devoted to the description of event signature and the recognition of behaviors, called chronic. This concept has been used in diagnostic work [9], [10] and is based on error detection, localization, evaluation, recognition and response. [11] proposed a method for calculating the execution time of a trace, but it is still diagnosis-oriented. The development of a new approach of the temporal prognosis requires a modeling tool that allows the time constraints of the system (temporal prognosis) while using labels (it involves predicting an event over time). An extension of the Petri nets offers this possibility. These Petri nets are called, the Temporal Labelled Petri net (TLPN for short).
The aim is to propose a correct control of a system subject to unforeseen failures. The existing studies use the logical order of failure events occurrences to make the prognosis. In this paper, we are not only interested in the logical order of events, but also in the date of their occurrence. We assume that the system accepts three possible operating modes (nominal, degraded, and failed one). The events occurrence allows the system to switch between these modes. The event occurrence dates allow the synchronization of state switching in the model. A delay occurrence of an event, for example, can be explained by a degradation of the system. Approach's based only of a logic events occurrence cannot detect this delay. Hence the interest of a time-based prognosis approach.
Two contributions are proposed in this paper. The first one is concerned with the formal representation and the second one with the methodology of prognosis calculation. Indeed, the model is based on a TLPN. The association of events to temporal transitions will be presented. The evolution from one mode to another one will be represented by transitions firing. The firing of each transition depends on the occurrence of an event and corresponding occurrence date. The second contribution relates to the methodology of the prognosis. A prognoser is built from the TLPN model. It is an oriented state graph, which identifies all possible sequences namely those that end in a failure event. But before predicting a failure event, it is important to make sure that it is possible to do it. That's why we introduced the prognosability property whose objective is to determine the sequences ending with a failure event. Such event is called prognosable, the goal is to predict the earliest date of failure event occurrence. To calculate the execution time of these sequences and optimize the number of possible states, the resolution of an inequalities system based on works of [11]- [13] is used. The idea is to find the set of minimum values solution of the inequalities system. These values will constitute the minimum time after which the occurrence of the failure event is sure.
The paper is organized as follows: the second section is devoted to the basic concepts of Petri Nets (PN). The third section introduces temporal PNs (according to Berthomieu [14]- [19] and Popova [11]- [13], [20]- [22]. The fourth section focuses on labelled PN. In the fifth section, we discuss time-labelled PN to verify the prognosis approach in the sixth section. Thus, in this last section, the formal approach of our proposal will be presented, with an algorithm for predicting a temporal failure event and a case study, with explanations.
: × → ℕ, ( , ) =  is the value of the arc weight arc from the place to the transition .
• is the forward incidence function that assigns to each couple ( , ) of transitions and places a non-negative integer.
: × → ℕ, ( , ) =  is the value of the arc weight arc from the transition to place . The initial marking 0 is an application: 0 ∶ → ℕ, it is labeled as an initial global system state. A marked net system =< , 0 > is a net with an initial marking 0 . When the transition t is enabled, it then would be fired. From the marking m, the firing of the t leads to the new marking ′ denoted by [ > ′ .
• The symbol • denotes the set of all places such that Pre( , )  0 and • the set of all places such that post( , )  0. Analogously, • denotes the set of all transitions such that post( , ) 0 and • the set of all transitions such that Pre( , ) 0.

Temporal Petri Nets (TPN)
Temporal Petri Nets TPN are introduced in [5], then studied by [16], [20]- [26]. Thus, we can divide the set T of transitions into two subsets and [27] where is the set of timed transitions and is the set of immediate transitions with: ∩ = ∅ and ∪ = The aim of this distinction is to determine the firing priorities of the transitions. Firing transitions has a higher priority than firing transitions.

Behavior, states and reachability relation
Definition 2: According to [1], a state of a temporal net is a pair E = (m, I) in which is a marking and the application I associates a firing temporal interval to each transition.
The initial state consists of the initial marking 0 and the application 0 which associates to each enabled transition its static firing temporal interval, 0 = ( 0 , 0 ), such that: Transition t may fire iff it remains logically enabled for a time interval  included in [Tmin; Tmax].  is the amount of time that has elapsed since the transition t is enabled. According to [11], a state of an TPN is a pair E = ( , h) in which is a place marking (noted p_marking) and h is a clock vector (of dimension equal to the number of network transitions) that corresponds to the transition markings (noted t_marking). Thus, the p_marking describes the situation of the places and t_marking that of the transitions. Such a pair (p_marking, t_marking) describes a TPN status.
$ means that the transition is not enabled.
is a p_marking and h is a t_marking. The pair E = (m, h) is called a state in _ if and only if: 1-is a marking accessible in R.
Definition 4 shows that each transition t has a clock. If t is not enabled by the marking , the associated clock is not activated (sign $), If t is enabled by , the clock of t indicates the time elapsed since the last activation of t.
The initial state is given by 0 = ( 0 , ℎ 0 ) avec In general, each TPN has an infinite number of states, depending formulation of time.
The construction of the reachability graph of a such PN is then generally impossible. To reduce this state space and provide a finite representation of the reachability graph, two different methods are defined. [14] Introduces the notion of state classes and [11] provides a parametric description to reduce this state space without affecting network properties. This reduced report space is used to define the reachability graph of a TPN. Such a graph will provide a basis to predict failure events of the system.

Parametric state and parametric sequence
Let _ be an arbitrary TPN. Either = 1 … a firing sequence in _ and either = 0 1 … a time sequence with ∈ ℝ * + . Then there is at least one dated sequence ( ) = 0 1 1 2 … −1 of  in _ called the timed sequence of  which leads the net from the initial state 0 to a state E (noted 0 [()>E) with E = ( , h). Let us consider for example the following sequence leading the network from the initial state 0 to a state : 5> ′ The switch from 0 to 1 is made in 2 time units after the firing of 1 .
In addition to this feasible sequence, it is obvious that there is an infinity of feasible sequences leading _ from 0 to E, which makes the reachability graph infinite. Instead of considering fixed numbers , a variable is used to denote the time elapsed between firing the transition and the transition +1 in . Thus instead of having an infinity of execution sequences between the states 0 and , we will study a single sequence that we will call parametric sequence ( ) = 0 1 … −1 leading the network from the state 0 to the state * Now, it is assumed that and are already defined for the sequence = 1 … .
" was enabled or and remains enabled for " +1 Otherwise "because t is newly enabled " 3.
ℎ ( ) is a sum of variables (6) (ℎ ( ) is a parametric t_marking), it is a vector of linear functions: ℎ ( )= f(x) with x:= ( 0 , … x|σ|) is a set of conditions (7) (a system of inequalities) Example: Consider the temporal Petri Net and The POPOVA approach not only reduces the system's state space (considering only the essential states) [12], but also determines the time required to reach each state. By using parametric states, it is not necessary to check all possible values of the clock, and the inequation system allows to determine the minimum values of their firing times. We will take advantage of this last remark to make the prognosis as soon as possible of a failure event.

Labeled Petri net
In discrete event systems, partial observation often results in the addition of events or labels as sensor responses of the system. Thus, a Labelled Petri Net (which we will note _ ) is a classic Petri net in which labels are associated to transitions.

Definition 6:
A Labelled Petri Net (LPN) is a net _ =< , , , , 0 , Σ, ℒ > in which =< , , , , 0 >, is a marked Petri net,  is the set of labels associated with transitions, ℒ : T →  ∪ {} is the transition labeling function associating a label (event) e ∈  ∪ {} to each transition ∈ , with  the empty event (or silent). Thus: ℒ (t) = e means that the label of the transition is e.
Remark: Σ can be partitioned to Σ and Σ with Σ is the set of observable events and Σ is the set of unobservable events In this paper we assume that the same label e ∈  can be associated with several transitions, i.e., two transitions and with ≠ can be labelled with the same event e in a LPN.
Let * the set of all event trace  containing the label , the function of labeling transitions ℒ can be extended to sequences: Moreover, if ℒ (λ) =  then λ is the empty sequence.

Temporal labelled Petri net
In this paper, the aim is to provide a prognosis of the occurrence date a failed event based on discrete event systems. To represent the behavior of a such system, we adopt the temporal labelled Petri net as modeling tool that represents both the events and their occurrence dates. Let's therefore provide for each event sequence on the network a temporal signature.
The temporal labelled Petri net (TLPN) is an extension of the temporal PN [17] [18] for which each transition is associated with an observable (or not) event [5] [26] [29].

Definition 7:
A TLPN is a net _ =< , , , , 0 , Σ, ℒ, > in which < , , , , 0 >is a Petri net,  is the set of labels associated with transitions, ℒ is the transition labelling function and I is the function associating a static time interval with each transition. A change in TLPN state can occur either on a transition firing or over an elapsed time period.
Here, the definition of state and its transition function are the same as for a TPN according to the POPOVA approach presented in section 2.2 [11] [21].

Failure prognosis based on TLPN
The failure prognosis is intended to predict the properties of a system that are not in compliance with the specifications. The aim is to predict the occurrence of failure events in the system before their future occurrence.
The prognosis in discrete event systems has been discussed in various research papers. Most of them have developed a prognosis approach predicting a failure event m-steps in advance, based on finite state automata [3][4] [6] or Petri nets [1]- [2], [30]- [34], using stochastic and or non-stochastic ways [6] [35].
Our proposed approach consists to predict a failure event nunits time in advance. The first contribution relates to a formal representation framework. The adopted modelling considers the three possible operating modes of the system, as shown in the figure 2.
• The nominal mode that contains only the set of states that represent a nominal execution of the system. • The degraded mode groups all states in which the system operates with a tolerable degradation without influencing the behavior of the system. • The failed mode that contains all states that represent the failed behavior of the system.  Figure 2 also shows the interest of the prognosis because it aims to explain the causality. Indeed, the diagnosis cannot prevent a failure situation, whereas the prognosis offers more visibility on the future evolution of the system and makes it possible to act before a fault occurs. Our purpose consists to determine a prognosis within an operating mode managing context.
To model such behavior, we propose an extension of the Temporal Labelled Petri nets within a context of operating modes. This extension provides an ability to represent temporal constraints and labels in the modeling process. Figure 3 shows an example of operating modes of a system based on a TLPN model. Switching state is conditioned by the firing of transitions. A transition is fired if it is enabled.
The prognosis will need an observer module constrained by a place ( ) and transition ( ). This module has no influence on the behavior of the system, it only observes the occurrence time of a failure event (figure 3).
To do this, we suppose that: • Only one transition is fired at the same time; • Only one mode is active at the same time; • The PN is safe; • we assume that the firing of transitions is immediate and there is no firing delay; • All TLPN events are observable.
After firing the transition, the TLPN changes from E=( ,h) to the state E' = ( ', h') (see definition 4). is a failure event and is a repair event. • The transition 6 is a failed transition such as: 6 ∈ then, ℒ ( 6 ) = .
By firing the 1 ′ transition the system switches to a degraded mode marking thus , that is ( ) = 1. The place remains marked until the system switch to a failed mode.
The introduction of and doesn't influence the behavior of the system. Their interest will be explained in the following section.
To represent sequences ending with a failure event, we use the both notions of parametric state and sequences allow to construct the reachability graph which contains only the essential states, i.e. the time associated with each timed transition enabled of a state E = (m, h) is a natural integer. However, knowing the behavior of the network in the "essential" states is sufficient to determine at any time the overall behavior of the network. (cf. [12] [22]).
The advantage of this approach is the application of linear optimization (generated by the system of inequalities in each state), which makes it possible to calculate the execution time of a sequence at the earliest and at the latest.
Clock times must be accumulated to progress from a state E of the net to a failed state E'. To do this, an observer model is introduced to the model in order to record the cumulative time between E and E'. This observer model has no impact on the behavior of the system, it just makes it possible to record the time required to progress from a non-defaulting, but not necessarily normal, to a state E' that is considered failed.
To calculate this execution time, we propose an extension (definition 11) of definition 5. But before discussing the proposed approach, we formulate the following assumptions: 1-The system model is known 2-all events are observable. The case of prognosis under partial observation is not considered here. 3-The prognosis begins when the model switches from nominal mode to degraded one.
Remark: the remains the same, if the prognosis is started from any nominal state of the system.
The following framework (figure 4) describes the steps of the proposed prognosis approach. The first step, called the behavioral model, is required to describe the possible operating modes of the system (figure 3). The prognoser is an oriented state graph (figure 8), built from the system model, its role is to detect all possible traces ending with a failure event; Once the system switches from nominal to degraded mode, the prognoser must identify all the sequences of the model namely those that lead to a failure event. Such an event cannot be predicted overall in the sequences. The prognosability property is introduced to determine the sequences of failure event that can be predicted. From an inequality system, the execution time of each sequence is calculated; It called "Time signatures of execution traces". The minimal time signature will then represent the earliest date before a failure event occurs.    The resolution of the inequation system will be the last step, which calculates the time signature of execution for all the prognosable sequences. The minimum execution generated from this step represents the earliest occurrence time of a failure event.
In the example shown in figure 7, the prognosis starts from the firing transition 6 because degraded mode will start at this place.
Indeed, if the event g occurs at earliest after 3 units time, the model switch to the degraded mode. From this state the observer place ( ) will be activated, and its corresponding transition becomes enabled until the event f (failure event) will occurred. Thus, the interval times associated with the transitions enabled from place 6 , will be combined in the form of associated system of inequalities to while the occurrence of the failure event of the transition 13 does not occur. When the event r is generated (meaning that the system is repaired), the observer place will be initialized to allow a next operating cycle.
The 6 place is called the candidate place for the prognosis. Once this place is marked, the occurrence of the failure event can be predicted.  are the marked places and D means that the system is in degraded mode and is marked. When the prognoser switches to a state with place marked, the prognosis process is then activated. The prognosis process is achieved by the identification of all sequences ending with an F state. According to the prognoser's model and from {D 6 ,O } the event sequences ending in a failure event are: ( 1 ) = ℎ and ( 2 ) = ℎ .To simplify, we don't take into consideration ℎ and ℎ cycles.
Then, the execution time of each sequence is calculated (time signature) by applying algorithm 2. The aim is to find all the minimum solution values of the system of inequalities. These values will constitute the minimum time after which the occurrence of the failure event is certain. Definition 11, which is an extension of definition 5, allows, from a TLPN, to recursively determine the parametric state and parametric sequence leading to a failure state, and thus generating the system of inequalities composed of the constraints obtained from the intervals associated with each enabled transition from a candidate place. But before presenting definition 11, let's first reconsider a set of enabled transitions from a marking.
We considered the smallest possible values for each .
Thus, from the candidate place P6, we will reach the failure state (place P12) after at least 12-time units. We assume that only one cycle is executed in degraded mode. We can, of course predict the failure state from any nominal or degraded state.

Conclusion
In this paper, we have presented two contributions to determine the prognosis of a failure event in discrete event systems. The first one is about the exploitation of the technique of state and events sequence parametrization on a model of temporal labelled Petri nets. The interest is to reduce the state space of the model for an analysis of both the order and the date of occurrence of events. The second contribution is the proposal of an algorithm based on a system of inequations, to determine the occurrence date of a future failure event. The proposed algorithm makes it possible to determine, from a place belonging to all the candidate places, the minimum date necessary to reach a critical place from which the occurrence of the failure event is certain.
Work in progress considers the system under partial observation, which makes it possible to address the problem of the system's prognosability.
Works presented in this paper supposed that the used PN is safe, but in practice, the system is composed of several components, it would then be more interesting to consider a multitoken model and assign a type of clock according to the nature of the token and then to predict the failure status for each component in the same model. It would also be very important to predict the failure event of a system while considering the aging state of the system.