1550 IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 42, NO. 11, NOVEMBER 1997

Proof: We show using basic probability manipulationsthat the right-hand side of (8) depends only onFqKj� and qK : (q+1)K�1j� . For notational convenience, we define afunction � by

�(xqK+1 : (q+1)K ; uqK : (q+1)K�1)

=

K�1

r=0

hqK+r(xqK+r+1; uqK+r): (35)

In addition, for the control sublaws qK : qK+r 2 qK : qK+r, wewill use the notation

qK : qK+r(yqK : qK+r) = ( 1qK(y

1qK); � � � ;

MqK(y

MqK);

� � � ; 1qK+r(y

1qK : qK+r)

� � � ; MqK+r(y

MqK : qK+r)): (36)

Using �, we write the expectedK-step immediate cost explicitly as

E

K�1

r=0

hqK+r(xqK+r+1; uqK+r)j�qK ; qK : (q+1)K�1

= �(xqK+1 : (q+1)K ; qK : (q+1)K�1j� (yqK : (q+1)K�1))

� p(xqK+1 : (q+1)K ; yqK : (q+1)K�1j�qK ; qK : (q+1)K�1)

� dxqK+1 : (q+1)K � dyqK : (q+1)K�1 (37)

= �(xqK+1 : (q+1)K ; qK : (q+1)K�1j� (yqK : (q+1)K�1))

� ~�(xqK+1 : (q+1)K ; yqK : (q+1)K�1;

FqKj� ; qK : (q+1)K�1j� )

� dxqK+1 : (q+1)K � dyqK : (q+1)K�1 (38)

where the existence of an appropriate~� in (38) follows fromLemma 1. Therefore, the right-hand side of (8) depends only onFqKj� and qK : (q+1)K�1j� , and ~Cq exists.

We are now ready to prove the main lemma.Proof of Main Lemma:We must show thatQq depends only on

FqKj� and qK : (q+1)K�1j� . Since the first term of the right-hand side of (9) can be replaced by the right-hand side of (34), theproof reduces to showing that there exists a function~� such that

E[Aq+1(F(q+1)Kj� )j�qK ; qK : (q+1)K�1]

= ~�(FqKj� ; qK : (q+1)K�1j� );

8 �qK 2 �qK ; 8 qK : (q+1)K�1 2 �qK : (q+1)K�1: (39)

To show that (39) is true, we write

E[Aq+1(F(q+1)Kj� )j�qK ; qK : (q+1)K�1]

= Aq+1(�q(FqKj� ; yqK : (q+1)K�1;

qK : (q+1)K�1j� (yqK : (q+1)K�1)))

� p(yqK : (q+1)K�1)j�qK ; qK : (q+1)K�1)

� dyqK : (q+1)K�1: (40)

Equation (40) follows from Lemma 2, and (40) with Lemma 1 impliesthat ~� satisfying (39) exists.

ACKNOWLEDGMENT

The authors wish to thank Dr. S. Isabelle for reading and com-menting on a draft of this paper.

REFERENCES

[1] M. Aicardi, F. Davoli, and R. Minciardi, “Decentralized optimal controlof Markov chains with a common past information set,”IEEE Trans.Automat. Contr.,vol. 32, pp. 1028–1031, Nov. 1987.

[2] Y.-C. Ho, “Team decision theory and information structures,”Proc.IEEE, vol. 68, pp. 644–654, June 1980.

[3] K. Hsu and S. I. Marcus, “Decentralized control of finite state Markovprocesses,”IEEE Trans. Automat. Contr.,vol. AC-27, pp. 426–431, Apr.1982.

[4] B. Kurtaran, “Decentralized stochastic control with delayed sharinginformation pattern,”IEEE Trans. Automat. Contr.,vol. AC-21, pp.576–581, Aug. 1976.

[5] P. Varaiya and J. Walrand, “On delayed sharing patterns,”IEEE Trans.Automat. Contr.,vol. AC-23, pp. 443–445, June 1978.

[6] H. S. Witsenhausen, “Separation of estimation and control for discretetime systems,”Proc. IEEE,vol. 59, pp. 1557–1566, Nov. 1971.

[7] B. Kurtaran, “Corrections and extensions to ‘Decentralized control withdelayed sharing information pattern,’ ”IEEE Trans. Automat. Contr.,vol. AC-24, pp. 656–657, Aug. 1979.

[8] J. Nils, R. Sandell, and M. Athans, “Solution of some nonclassical LQGstochastic decision problems,”IEEE Trans. Automat. Contr.,vol. AC-19,pp. 108–116, Apr. 1974.

[9] J. W. Grizzle, S. I. Marcus, and K. Hsu, “Decentralized control ofa multiaccess broadcast network,” inProc. 20th IEEE Conf. DecisionContr., 1981, pp. 390–391.

On -Inversion in InterruptiveTimed Discrete-Event Systems

Yongseok Park and Edwin K. P. Chong

Abstract—The authors consider the problem of extracting event life-times from partial observations of an interruptive timed discrete-eventsystem. The extraction of the lifetime of an occurring event is basedon observations of all previous transitions andd subsequent transitions.We refer to this notion as d-inversion. We give necessary and sufficientstructural conditions for an event to be d-invertible in a given system.

Index Terms—Automata, discrete-event simulation, discrete-event sys-tems, fault diagnosis, inverse problems, Markov processes, monitoring.

I. INTRODUCTION

Considerable effort has been invested in the study of discrete eventsystems (DES’s), due to their potential impact on the modeling,analysis, design, and control of a wide variety of complex systems,including discrete manufacturing systems, communication networks,traffic systems, and computer systems [6].

A key issue in DES’s is the problem of gathering and analyzingobserved data from a given system as it is evolving, often referred toason-line monitoring(see [19] for an overview of the subject in thesetting of distributed software systems). Observation data is used in awide variety of contexts, including supervisory control [17], [9], [4],fault testing and diagnosis [18], [8], [1], performance analysis and

Manuscript received August 4, 1995. This work was supported in part bya grant from the Purdue NSF Engineering Research Center for CollaborativeManufacturing and by the National Science Foundation through grants ECS-9410313 and ECS-9501652.

The authors are with the School of Electrical and Computer Engineering,Purdue University, West Lafayette, IN 47907-1285 USA.

Publisher Item Identifier S 0018-9286(97)08164-6.

0018–9286/97$10.00 1997 IEEE

IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 42, NO. 11, NOVEMBER 1997 1551

enhancement [3], and correctness checking [20]. In some situations,only logical information is needed (e.g., supervisory control), whileother situations require both logical and timing information (e.g.,performance analysis).

In this paper, we adopt a timed DES model [2] with partialobservations and study the problem of extracting primitive timinginformation (event lifetimes) from observations of the output trajec-tory. We refer to this problem as inversion.Ozveren and Willsky [10]considered a related notion of inversion in anuntimedsetting. Theirnotion of inversion corresponds to reconstructing event traces fromevent observations. In [18], Sampathet al. considered the problem ofdetecting the occurrence of an event with a finite delay, referred to asdiagnosability. Although our notion of inversion applies in a timedsetting, it is intimately related to logical properties akin to those of[10] and [18] (see [12] for further discussion).

The problem of inversion in timed DES’s was introduced in [14].The main motivation in [14] is to use observations of a givennominal DES to construct the sample path of an alternative DES. Theconstruction is accomplished by using the event lifetimes extractedfrom the observations of the given DES to drive a “simulation”of the alternative DES, thereby allowing a comparison of theirperformances. Such a comparison scheme is motivated by the benefitsof the “common random numbers” approach used in simulation, muchlike the method of perturbation analysis [7].

Our present work builds on [14] in two new directions: 1) in-terruption and 2) delay. First, the model used in [14] assumes thatany feasible event remains feasible until it occurs, regardless of theoccurrence of other events. This assumption clearly precludes systemswith interruption (or preemption), which arise in many practicalsituations. The model we adopt in this paper includes a mechanismfor handling interruption. Second, the notion of inversion in [14]requires that the event lifetime associated with an occurring eventbe immediately extractable from the output trajectory before theoccurrence of any other event. This requirement is restrictive andleads to strong necessary and sufficient conditions for invertibility(see [14]). In this paper, we introduce a framework for inversionwith a given delayd; calledd-inversion, where the event lifetime ofan occurring event is extracted based on output observations up tod

subsequent transitions. We provide necessary and sufficient conditionsfor d-invertibility which are correspondingly weaker than those of[14] (see Theorem 1).

II. I NTERRUPTIVE TIMED MODEL

In this section, we describe a model for an interruptive timedDES. The model is similar to that of [14], with the added featureof interruption. Specifically, the model consists of an interruptivegenerator (finite state machine) and a timing mechanism. The modelcan be thought of as ageneralized semi-Markov process(GSMP) witharbitrary event lifetimes (see, e.g., [5] for a description of GSMP’s).We describe our model in detail for the sake of completeness(following the description and notation of [14]).

The generator specifies the structure of the system and the statetransition rule. We represent the generator by the 4-tupleG =

(S;E; �; s(0)); whereS is a finite set of states,E is a finite setof events,�: E � S ! S is a state transition function, ands(0) isan initial state.

Without loss of generality, we assume that all states inS arereachable froms(0): The state transition function� is a partialfunction; i.e., for each states 2 S; the domain of�(�; s) is a subsetEF

(s) � E; called thefeasible event set. We assume throughoutthat EF

(s) 6= ; for all s 2 S:

The timed behavior is characterized by a set of positive realnumbers calledevent lifetimes. We denote by� the set of event

lifetimes, given by

� = f�(e; k): e 2 E; k 2 g

where�(e; k) 2 + is the kth lifetime of evente; + is the setof positive real numbers, and denotes the set of positive integers.Let E�

+ denote the family of all sets of nonnegative real numbersindexed byE and :

Given any� 2 E�

+ ; the evolution of the system is uniquelyspecified by the following dynamics equations.

Dynamics of Interruptive Timed DES

Initial Condition:

• set t(0) = 0;EI(0) = ;;

• for eache 2 E; setN(e; 0) = 0;

• for eache 2 EF(s(0)); set c(e; 0) = �(e; 1):

Recursion: Fork � 0

d(k+ 1)

= mine2E (s(k))

fc(e; k)g

t(k + 1)

= t(k) + d(k+ 1)

e(k + 1)

= argmin

e2E (s(k))

fc(e; k)g

s(k + 1)

= �(e(k+ 1); s(k))

N(e; k + 1)

=N(e; k) + 1; if e = e(k + 1)

N(e; k); otherwise

ENF

(s(k); e(k + 1))

= EF(s(k+ 1)) n (E

F(s(k)) n fe(k+ 1)g)

c(e; k + 1)

=

�(e;N(e; k) + 1); if e 2 ENF(s(k);

e(k + 1)) nEI(k)

c(e; k)� d(k+ 1); if e 2 EF(s(k))n

ENF(s(k); e(k+ 1))

c(e; k); if e 2 EI(k)

ENI

(s(k); e(k + 1))

= (EF(s(k)) n fe(k+ 1)g) nE

F(s(k+ 1))

EI(k + 1)

= (EI(k) nE

NF(s(k); e(k + 1)))

[ENI

(s(k); e(k + 1)):

We consider� to be the input to the system. The output of thesystem is the resulting sequence of eventsfe(k)g; statesfs(k)g; andtransition epochsft(k)g: The evente(k) denotes thekth event tooccur in the system, the states(k) the kth state visited, andt(k)the time when thekth event occurs. The evente(k) occurs at states(k�1) at timet(k) to cause the system to transit to states(k): ThevariableN(e; k) denotes the number of occurrences of evente up totime t(k) (the scoreof e), andd(k + 1) the time duration betweenoccurrences of the eventse(k) ande(k+1): We refer to the sequenceof event–state–time triples as the output trajectory.

The setENF(s; e) denotes the set of events that become newly

feasible as a result of the occurrence of evente at states: The setENI

(s; e) denotes the set of events that become newly interrupted

1552 IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 42, NO. 11, NOVEMBER 1997

(i.e., not feasible) as a result of the occurrence of evente at states:The setEI(k + 1) denotes the set of events inEI(k) that are stillinterrupted at states(k+1); and the events that are newly interruptedas a result of the occurrence of evente(k + 1) at states(k):

The timed output of the system begins with an initial time of zeroand evolves as follows. Associated with each event is a clock, whosereading after thekth transition is given byc(e; k) and is called theresidual lifetime. At eachk 2 ; an event lifetime�(e;N(e; k)+1)

is assigned to the clock of each evente that is newly feasible [i.e.,in ENF (s(k � 1); e(k))] but is not a previously interrupted event[i.e., not inEI(k� 1)]. Once assigned an event lifetime, each eventclock runs down with time at unit rate. An event occurs when itsclock reading reaches zero (reflected in the dynamics equations bythe argmin operator). We assume that theargmin operator in thedynamics equations has a tie-breaking rule for events whose clocksreach zero at the same instant. If an event is interrupted, then the clockreading for the event stops running down and maintains its value untilthe event becomes feasible again. Given an evente; we refer to alltimes t(k) when e becomes newly feasible asenabling timesof e;all times t(k) when e becomes newly interrupted asinterruptiontimesof e; and all timest(k) whene occurs asoccurrence timesofe: An example to illustrate the dynamics of an interruptive DES ispresented in [12].

Such a timing mechanism for interruptive systems is commonand can be found in many simulation packages, such as SLAMII (see [15]). The interruption model is sometimes referred to aspreempt/resume. We point out that other kinds interruption modelsare possible, including models where the lifetime is discarded whenan event is interrupted. In this case, extraction ofall lifetimes isclearly impossible.

A. Observation Scheme

Several types of observation schemes for DES can be found inthe literature. In [16], Ramadge assumes a state observation map forstates, while all events are directly observable. On the other hand, in[11], [10], [9], and [4], the authors use an event observation map forevents, while all states are unobservable.

Here, we adopt the observation scheme of [14], which we de-scribe in detail below for the sake of completeness. Basically, theobservation scheme consists of a state observation map and an eventobservation map. Both maps are as general as those of [16] and[4] in that two or more states (or events) may have the sameobservation. Our observation scheme gives a nonnull output onlywhen an observable event occurs or when there is a change in thestate observation. Our scheme is a type oftracing observation scheme(see [19]).

To define the observation map, let� and � denote the setsof possible event observations and state observations, respectively.Events are observed via the event observation map�E : E ! �[f�g;

where� represents a null observation. States are observed via the stateobservation map�S : S ! �: Next, let ~�E;S denote theuntimedobservation map, given by

~�E;S(e; s) =

(�E(e);�S(�(e; s)))

if �E(e) 6= � or �S(s) 6= �S(�(e; s))

�; otherwise

where, as usual,� represents the null observation. The overall outputobservation map~� is then given by

~�(e; s; t) =(~�E;S(e; s); t); if ~�E;S(e; s) 6= �

�; otherwise.

Note that the null symbol� has the usual language interpreta-tion—its concatenation with any symbol� (event or observation)yields �; i.e., �� = �:

In subsequent discussions, we will often encounter traces of event-state pairs (note that bytrace we mean a finite concatenation ofelements). For convenience, we also define an (untimed) observationmap�E;S for such traces by applying the map~�E;S elementwise

�E;S((e(1); s(1)) � � � (e(n); s(n)))

= ~�E;S(e(1); s(0)) � � � ~�E;S(e(n); s(n� 1)):

For convenience, we define�E;S(�) = �:

Similarly, we define an output observation map� for traces ofevent–state–time triples (i.e., output trajectories)

�((e(1); s(1); t(1)) � � � (e(n); s(n); t(n)))

= ~�(e(1); s(0); t(1)) � � � ~�(e(n); s(n� 1); t(n)):

III. I NVERSION WITH DELAY: d-INVERSION

A. Basic Definition

We are now ready to address the problem ofd-invertibility, which,roughly, allows a fixed delayd in the extraction of event lifetimes.We begin with a definition ford-invertibility. Let X�(n) denote the(timed) output trajectory of the system up tonth transition resultingfrom a given input�

X�(n) = f(e(k); s(k); t(k)): k 2 [1; n]g

where [m;n] = fk: m � k � n; k 2 g denotes the interval ofintegers. Let + denote the set of nonnegative integers.

Definition 1: Let d 2 +: An evente is said to bed-invertible inthe system(G;�) if there exists a mapAe such that for all inputs� 2 E�

+ and n>d; we haveAe(�(X�(n))) = f�(e; i): i 2

[1; N(e; n � d)]g:

The system(G;�) is said to bed-invertible if every evente 2 E

is d-invertible.Note that if an event (or system) isd-invertible, then it is(d+ i)-

invertible for all i 2 : The definition of invertibility in [14] isequivalent to 0-invertibility.

The following lemma, which is an analogue to [14, Lemma 1],states thatd-invertibility of e is equivalent to the ability to extract allenabling, interruption, and occurrence times ofe up to d transitionsback from output observations.

Lemma 1: An event e is d-invertible if and only if there existmapsTNF

e ; TNIe ; andTe such that for all� 2 E�

+ andn>d

TNFe (�(X�(n)))

= ft(k): k 2 [1; n� d� 1]; e 2 ENF

(s(k� 1); e(k))g

TNIe (�(X�(n)))

= ft(k): k 2 [1; n� d� 2]; e 2 ENI

(s(k� 1); e(k))g

Te(�(X�(n)))

= ft(k): k 2 [1; n� d]; e = e(k)g:

Proof (Sufficiency):Each lifetime�(e; k) is the sum of timedurations whene is feasible between the(k�1)th andkth occurrencesof e: Let NNF (e; k) andNNI(e; k) denote the number of enablingand interruption times, respectively, during the period between(k�

1)th and kth occurrences of evente: It can be easily shown thatNNF (e; k) = NNI(e; k) + 1: Let tNF

i (e; k) and tNIi (e; k) denote

theith enabling and interruption times, respectively, during the periodbetween(k�1)th andkth occurrences of evente: Let t(e; k) denote

IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 42, NO. 11, NOVEMBER 1997 1553

the kth occurrence time of evente: Then, clearly thekth lifetime ofevent e satisfies

�(e; k) = t(e; k)� tNFN (e;k)+1

+

N (e;k)

i=1

(tNIi (e; k)� t

NFi (e; k)):

Therefore, knowledge of all enabling times ofe up to the(d+ 1)st-to-last transition, interruption times ofe up to the(d+ 2)nd-to-lasttransition, and occurrence times ofe up to thedth-to-last transitionimplies d-invertibility.

Necessity: We use contraposition. Suppose there is no suchmap TNF

e satisfying the above requirement. Then, for someoutput trajectory X�(n); some k 2 [1; n � d]; and somei 2 [1; NNF (e;N(e; k))]; we cannot determine the timetNFi (e;N(e; k)): There are two possible scenarios: 1) the

observation at timetNFi (e;N(e; k)) is null, or 2) there exists

another output trajectoryX� (n) that generates the same transitionobservation asX�(n) up to time tNF

i (e;N(e; k)); and leads to astate [just after timetNF

i (e;N(e; k))] where e is not feasible. Inboth cases, there exists more than one input resulting in the sameoutput observation. Hence,e is not invertible. A similar argumentapplies toTNI

e and Te; as in [14].

B. State Distinguishability

To develop conditions for checking invertibility, we need the notionof distinguishabilitybetween states. As pointed out in [14], severalnotions of distinguishability have been explored in the literature. In[16], Ramadge introduced the notion ofindistinguishabilitybetweenstates. Two states are said to be indistinguishable if: 1) the set of allinfinite-length event sequences starting from one state is the same asthat from the other state and 2) for each common event sequence inthe set, the observation of the associated state sequence starting fromone state is the same as that from the other state. In other words, twostates are indistinguishable if they cannot be differentiated from theobservations of the (infinite) trajectories starting from the states. Asa weaker notion, two states are said to bepossibly indistinguishableif there exists a common infinite-length event sequence startingfrom both states such that the observation of the associated statesequence starting from one state is the same as that from the otherstate. In [11] and [10],Ozveren and Willsky used the notion ofpossible indistinguishability in their analysis of state observabilityand invertibility.

Below, we define a notion of distinguishability (following [14])which is roughly the opposite of indistinguishability. Specifically, weuse observations of the past history to distinguish between states.For this reason we refer to this notion asbackward distinguishability.To formally state the definition, letLE;S(s; s

0) denote the set of allpossible traces of event-state pairs (including the null trace) that startfrom s and terminate ats0; given by

LE;S(s; s0

) = f(e(1); s(1)) � � � (e(k); s(k)):

e(j) 2 EF(s(j � 1))

s(j) = �(e(j); s(j � 1)); j 2 [1; k]

s(0) = s; s(k) = s0

; k 2 g [ f�g:

Definition 2: A pair of states(s1; s2) 2 S � S is said to bebackward distinguishableif for all � 2 LE;S(s(0); s1) and � 2

LE;S(s(0); s2) that are not both�; we have�E;S(�) 6= �E;S(�):

In other words, a pair of states is backward distinguishable ifany two observations of the event-state traces terminating at thosetwo states are different. Denote byDB the set of all backward-

distinguishable pairs. An algorithm to compute the setDB waspresented in [14].

We now introduce the notion ofd-distinguishability. In backwarddistinguishability, the history of the system observation is used todistinguish between two states. The definition ofd-distinguishability(given below) may be thought of as a type of “forward distinguishabil-ity.” Here, future observations of output traces with a given maximumlength are used to distinguish between two states.

Basically, a pair of states(s1; s2) is d-distinguishable if one of thefollowing two conditions hold.

1) s1 and s2 have distinct state observations.2) Any two event-state traces� and � starting ats1 and s2, re-

spectively, withj�j � d or j�j � d have different observations.

The above conditions imply that given sufficient observations startingat s1 or s2; we can differentiates1 from s2: A similar notionis used in [1] for fault detection of communication networks. LetLE;S(s; �) = [s 2SLE;S(s; s

0) be the set of all event-state tracesstarting froms:

Definition 3: Let d 2 +: A pair of states(s1; s2) 2 S � S issaid to bed-distinguishableif �S(s1) = �S(s2) implies that for all� 2 LE;S(s1; �) and� 2 LE;S(s2; �) with j�j � d or j�j � d; wehave�E;S(�) 6= �E;S(�):

It is clear thatd-distinguishability implies(d+i)-distinguishabilityfor all i 2 : Also note that any pair of states(s1; s2) with�S(s1) 6= �S(s2) is 0-distinguishable (and henced-distinguishablefor all d 2 +). Let D(d) be the set of alld-distinguishable statepairs. An algorithm to compute the setD(d) is presented in [12].

C. Necessary and Sufficient Conditions

We are now ready to give necessary and sufficient conditions ford-invertibility of a single event. LetSe = fs 2 S: e 2 EF (s)g

denote the set of states where evente is feasible andSce = S n Seits complement.

Theorem 1: An evente 2 E is d-invertible if and only if all ofthe following conditions hold.

1) For each s 2 Se such that �(e; s) 2 Se; we have~�E;S((e; s)) 6= �:

2) For eachs 2 Se ands0 2 Sce ; we have(s; s0) 2 DB [D(d):

3) For each(s; s0) 2 Se � Se such that there existse0 2

EF (s0); e0 6= e;�E(e0) = �E(e); and �(e; s); �(e0; s0) 2 Se;

we have(s; s0) 2 DB or (�(e; s); �(e0; s0)) 2 D(d):

4) For each(s; s0) 2 Se � Se such that there existse0 2

EF (s0); e0 6= e;�E(e0) = �E(e); and �(e; s); �(e0; s0) 2 Sce ;

we have(s; s0) 2 DB or (�(e; s); �(e0; s0)) 2 D(d):

Proof (Sufficiency):By Lemma 1, it is sufficient to show thatthe above conditions together imply that we can extract all enabling,interruption, and occurrence times ofe from the output observations.

We can extract all enabling times by being able to identify twotypes of times:

1) all times when the state transits fromSce to Se;

2) all times when the state transits fromSe to Se due to theoccurrence ofe:

Condition 2) ensures that we can identify the first set of times above,while Conditions 1) and 3) ensure identification of the second set oftimes above.

Similarly, we can extract all occurrence times by being able toidentify two types of times:

1) all times when the state transits fromSe to Sce due to theoccurrence ofe;

2) all times when the state transits fromSe to Se due to theoccurrence ofe:

1554 IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 42, NO. 11, NOVEMBER 1997

The second set of times above is identical to that of enabling times.Identification of the first set above is ensured by Conditions 2) and 4).

Finally, Conditions 2) and 4) ensure that we can extract allinterrupted times, which are the time epochs when the state transitsfrom Se to Sce due to the occurrence of an event other thane:

Necessity: We use contraposition.If Condition 1) is not satisfied, then we have an occurrence ofe

with an associated null transition observation. By Lemma 1,e is notinvertible.

Suppose Condition 2) does not hold. Then, there exist two tra-jectories froms(0) to s and s0; respectively, that have the sameobservation. Sinces 2 Se and s0 2 Sce ; there is a transition eitherfrom Se to Sce or from Sce to Se that has a null observation. Theformer constitutes an occurrence or interruption time ofe; while thelatter an enabling time. Hence, by Lemma 1,e is not invertible.

If Condition 3) does not hold, then there exists an evente0 6= e whose occurrence we cannot distinguish from that ofe: IfCondition 4) does not hold, a similar situation occurs, the differencebeing that in this case we cannot distinguish between the occurrenceand interruption ofe: In either case, by Lemma 1,e is not invertible.

Examples illustrating the conditions ford-invertibility and analgorithm to extract lifetimes ofd-invertible event from observationscan be found in [12].

IV. CONCLUSIONS

The framework that we have introduced opens up many possibili-ties for further work. A problem that arises naturally in our frameworkis that of designing an observation map� for a given systemG toachieve invertibility while minimizing some cost function. Such aproblem is practically relevant in the context of sensor configurationdesign. We envision that its solution paves a path toward a generalsystematic framework for the design of on-line monitoring systems.Some work along these lines is reported in [13].

REFERENCES

[1] A. Bouloutas, G. W. Hart, and M. Schwartz, “On the design ofobservers for fault detection in communication networks,” inNetworkManagement and Control, A. Kershenbaum, M. Malek, and M. Wall,Eds. New York: Plenum, 1990, pp. 319–338.

[2] C. G. Cassandras,Discrete Event Systems: Modeling and PerformanceAnalysis. Homewood, IL: Irwin and Aksen, 1993.

[3] C. G. Cassandras and J. Pan, “Parallel sample path generation fordiscrete event systems and the traffic smoothing problem,”DiscreteEvent Dynamic Systems: Theory Appl., vol. 5, no. 2/3, pp. 187–217,Apr./July 1995.

[4] R. Cieslak, C. Desclaux, A. Fawaz, and P. Varaiya, “Supervisory controlof discrete-event processes with partial observations,”IEEE Trans.Automat. Contr., vol. 33, pp. 249–260, Mar. 1988.

[5] P. Glasserman,Gradient Estimation via Perturbation Analysis. Nor-well, MA: Kluwer, 1991.

[6] Y. C. Ho, “Dynamics of discrete event systems,”Proc. IEEE, vol. 77,pp. 3–6, Jan. 1989.

[7] Y.-C. Ho and X.-R. Cao,Perturbation Analysis of Discrete EventDynamic Systems. Norwell, MA: Kluwer, 1991.

[8] F. Lin, “Diagnosability of discrete event systems and its applications,”Discrete Event Dynamic Systems: Theory Appl., vol. 4, no. 2, pp.197–212, May 1994.

[9] F. Lin and W. Wonham, “Decentralized control and coordination ofdiscrete event systems with partial observation,”IEEE Trans. Automat.Contr., vol. 35, pp. 1330–1337, Dec. 1990.

[10] C. M. Ozveren and A. S. Willsky, “Invertibility of discrete-eventdynamic systems,”Math. Contr., Signals, Syst., vol. 5, pp. 365–390,1992.

[11] , “Observability of discrete event systems,”IEEE Trans. Automat.Contr., vol. 35, pp. 797–806, July 1990.

[12] Y. Park, “Model-Based monitoring of discrete event systems,” Ph.D.dissertation, School of Electrical and Computer Engineering, PurdueUniv., West Lafayette, IN, 1996.

[13] Y. Park and E. K. P. Chong, “Sensor assignment for invertibility ininterruptive timed discrete event systems,” inProc. 9th IEEE Int. Symp.Intelligent Contr., Columbus, OH, July 1994, pp. 207–212.

[14] , “Distributed inversion in timed discrete event systems,”DiscreteEvent Dynamic Systems: Theory Appl., vol. 5, no. 2/3, pp. 219–241,Apr./July 1995.

[15] A. A. Pritsker,Introduction to SLAM II. New York: Halsted, 1986.[16] P. Ramadge, “Observability of discrete event systems,” inProc. 25th

Conf. Decision Contr., Athens, Greece, Dec. 1986, pp. 1108–1112.[17] P. Ramadge and W. Wonham, “The control of discrete event systems,”

Proc. IEEE, vol. 77, pp. 81–98, Jan. 1989.[18] M. Sampath, R. Sengupta, S. Lafortune, K. Sinnamohideen, and D.

Teneketzis, “Diagnosability of discrete-event systems,”IEEE Trans.Automat. Contr., vol. 40, pp. 1555–1575, Sept. 1995.

[19] B. A. Schroeder, “On-line monitoring: A tutorial,”IEEE Computer, pp.72–78, June 1995.

[20] K. Williams, M. Andersland, J. Gannon, J. Lumpp, and T. Casavant,“Perturbation tracking,” inProc. 32nd Conf. Decision Contr., SanAntonio, TX, 1993, pp. 674–679.

On Constructing a Shortest Linear Recurrence Relation

Margreet Kuijper and Jan C. Willems

Abstract—It has been shown in the literature that a formulation ofthe minimal partial realization problem in terms of exact modeling of abehavior lends itself to an iterative polynomial solution. For the scalarcase, we explicitly present such a solution in full detail. Unlike classicalsolution methods based on Hankel matrices, the algorithm is constructive.It iteratively constructs a partial realization of minimal McMillan degree.The algorithm is known in information theory as the Berlekamp–Masseyalgorithm and is used for constructing a shortest linear recurrencerelation for a finite sequence of numbers.

Index Terms—Behaviors, Berlekamp–Massey algorithm, linear systems,minimal partial realizations, shortest linear recurrence relations.

I. INTRODUCTION

In this paper we consider the minimal partial realization problem.In [14], a connection with a problem in coding theory, namelythe decoding of certain types of error-correcting block codes (BCHcodes), has first been mentioned. The essential step in the decodingof a BCH code is the construction of a shortest linear recurrencerelation for a finite sequence of numbersa1a2; � � � ; aN ; see, e.g.,[8] and [5]. The length of the recurrence relation corresponds tothe number of errors that have occurred in transmitting a message.It has to be minimized in maximum likelihood decoding whenerrors are assumed to be independent. In 1968, Berlekamp andMassey presented an algorithm to compute a shortest linear recurrence

Manuscript received March 3, 1995; revised May 21, 1996. M. Kuijper wassupported in part by the Australian Research Council.

M. Kuijper is with the Department of Electrical and Electronic Engineer-ing, University of Melbourne, Parkville, Victoria 3052, Australia (e-mail:m.kuijper@ee.mu.oz.au).

J. C. Willems is with the Department of Mathematics, University ofGroningen, 9700 AV Groningen, The Netherlands.

Publisher Item Identifier S 0018-9286(97)07626-5.

0018–9286/97$10.00 1997 IEEE