http://www.ifac-papersonline.net/ en Copyright 05:55 PM Tuesday 07, 2012 IFAC-PapersOnline http://www.ifacpapersonline.com 05:55 PM Tuesday 07, 2012 05:55 PM Tuesday 07, 2012 ET webmaster@ifac-papersonline.net webmaster@ifac-papersonline.net http://www.ifac-papersonline.net/Detailed/42318.html 04:00 PM Wednesday 31, 1969 Clinical Pathway (CP) is very complicated and has many exceptional variations. Generally, its treatment course and control steps can not be totally predefined. Meanwhile, the CP embodies the "Reflow" therapy features, which is very hard to model, control and manage. Therefore, combined modular modelling method and structure changing mechanisms, a Modular Colored Petri Net with changeable structure (MCPN-CS) workflow modelling method is proposed. A special type of transition called main bus gate (MBG) is introduced to solve the "Re-flow" problem. Moreover, aimed at the variations of the CP, the workflow model for the CP can be reconfigured dynamically by using the mechanism of change-by-modification (CBM) and change-by-composition (CBC). A case study on the osteosarcoma CP evolution workflow modelling is constructed and the modelling is analyzed by presented deadlock detection algorithms (DDA). The result validates that the proposed method can noticeably enhance the flexibility, adaptation, reusability and maintainability workflow model for the CP. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42311.html 04:00 PM Wednesday 31, 1969 The underlying methodology includes three main components: A digital factory/simulation model, a knowledge base/expert system and a multi-criteria evaluation model to compute the scores of different control designs and configurations on economic terms. For the economic evaluation, an existing methodology, Non-Traditional Capital Investment Criteria (NCIC) is used which allows us to incorporate into the analysis both traditional criteria, readily measurable in financial benefits, and nontraditional criteria that are not easily measurable based on their financial benefits. These non-financial benefits could be quantitative (measurable, but not necessarily in dollars) or qualitative (not measurable at all). An example is used to demonstrate this method by comparing the economic value of two control design alternatives for a singulator-- a centralized control where one motion controller controls all the axes, and a distributed configuration where the control of the axes are taken by two controllers, working autonomously, and interacting whenever necessary. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42339.html 04:00 PM Wednesday 31, 1969 In this paper an approach for fault localization in Discrete Event Systems (DES) is proposed. The presented diagnosis method allows fault localization using a fault-free nominal system model. Via a systematic comparison of the observed and the expected system behavior, it is possible to determine a set of fault candidates. Inspired by residuals known from diagnosis in continuous systems, different set operations are presented that carry out this comparison. After a fault has been detected and a first estimate concerning its localization has been performed, a special algorithm analyzes the further system behavior in order to determine a more precise fault localization. The algorithm also works on the basis of the nominal system model. The method is explained using a manufacturing system example. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42337.html 04:00 PM Wednesday 31, 1969 This paper addresses the use of active probing as a tool for implementing life-cycle dependability growth concepts in networked control systems. In the controls field, the potential benefits of active probing in stochastic control were first recognized by Tse and Bar-Shalom [1974]. Significant practical development of active probing techniques, however, occurred in the networking field and was only rarely advanced by control theorists. We propose that active probing be incorporated into future dependable system designs as a method that is suitable both for new large-scale network phenomena such as emergent behavior, and also to support life-cycle dependability growth in conventional systems. Many open research and application opportunities will be noted. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42317.html 04:00 PM Wednesday 31, 1969 Though multi-agent systems have been explored in a wide variety of medical settings, their role at the emergency department care level has been relatively little investigated. In this paper, we propose a tool to assist decision-making process for the care of patients at the emergency department. This tool aims to improve the quality of care within the emergency departments with rapid access to pertinent data, integration of care's protocols and assures knowledge of the quantity and the quality of medical activity. This multi-agent model was adopted to define the behavior of entities by distributing data and tasks in an attempt to explain and predict events in the emergency department. We have chosen to build intelligent agents that perform coordination tasks for the users, i.e. the medical staff. To solve some problems, the agents have to cooperate. To ensure this cooperation, the system uses an agent interaction protocol making it possible to accelerate the process of task allocation. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42307.html 04:00 PM Wednesday 31, 1969 This paper focuses on a subclass of Dynamic Fault Trees (DFTs), called Priority Dynamic Fault Trees (PDFTs), containing only static gates and Priority Dynamic Gates (PAND and FDEP) for which a priority relation among the input nodes completely determines the output behavior. We define events as temporal variables and we show that, by adding to the usual Boolean operators new temporal operators denoted BEFORE and SIMULTANEOUS, it is possible to derive the structure function of the Top Event with any cascade of Priority Dynamic Gates and repetition of basic events. A set of theorems are provided to express the structure function in a sum-of-product canonical form. We finally show through an example that the canonical form can be exploited in order to determine directly and algebraically the failure probability of the Top Event of the PDFT without resorting to the corresponding Markov model. The advantage of this approach is that it provides a complete qualitative description of the system and that any failure distribution can be accommodated. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42336.html 04:00 PM Wednesday 31, 1969 On-line diagnosis must accommodate the existing sensoring capabilities of a system, which often results in limited diagnosability. However, although faults may not be always discriminable, there are generally operating modes of the system in which they are. Active diagnosis relies on applying specific inputs to the system so as to exhibit additional symptoms that help refining the diagnosis. The idea of this paper is to use the diagnosability properties to drive the system towards modes with increased diagnosability with respect of safety considerations. A new finite state machine called the active diagnoser is defined by abstracting continuous dynamics and taking into account controllability and safety constraints. The active diagnosis problem is then formulated as a conditional planning problem. Hence, the active diagnoser is transformed in an AND-OR graph and active diagnosis plans are computed by an appropriate graph exploration algorithm. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42314.html 04:00 PM Wednesday 31, 1969 To optimize the proof intervall of a reactor limitation system the unavailability analysis has been carried out. First of all the relevant operation and failure behaviour of the 2-out-of-4 I&C system with high redundancy has been described by an analytical model. The maximal, minimal and average values of the unavailability are calculated. After that a Petri net model for describing the system behaviour has been developed. The results gathered by Petri net simulation are quite comparable with the analytical calculation. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42315.html 04:00 PM Wednesday 31, 1969 Modern production systems are characterized by numerous conjoint and interacting production machines each with sophisticated maintenance and logistic processes. To remain competitive, it is necessary to reduce the system downtimes by applying the optimal maintenance strategy and therefore reducing life cycle costs. Condition monitoring often is a very effective way to minimize downtimes of crucial system components such as ball screws, ball bearings and drives. But sometimes condition monitoring is not cost-effective or even reduces the system's operational availability. The decision whether it's reasonable to implement condition based maintenance or not requires a detailed analysis of the system's behavior. Since many analytical models of technical systems have significant limitations and simplifications, simulation techniques are applied very often. In our paper we will present an improved comprehensive methodology for the modeling and analysis of production systems which has been basically introduced at the RAMS-Symposium in 2008. The model incorporates an extended colored stochastic Petri net (ECSPN) and a reliability block diagram (RBD) in a conjoint modeling procedure which allows a close-to-reality representation of a complex production system's behavior. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42324.html 04:00 PM Wednesday 31, 1969 In this paper, a bibliographical review is presented about the use of Bayesian networks over the last decade on dependability, risk analysis and maintenance. It is shown an increasing trend of the literature and of the application of Bayesian networks in fields related to reliability, safety and maintenance. This trend is due to the benefits that Bayesian networks provide in contrast with other classical methods of dependability analysis such as Markov Chains and Fault Trees. Some of these benefits are: to model and to analyze complex systems, to make predictions as well as diagnostics, to compute exactly the occurrence probability of an event, to update the calculations according to evidences and to represent multimodal variables. This review is based on an extraction of 200 references; the most representative are presented. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42312.html 04:00 PM Wednesday 31, 1969 In recent years, new diagnosis systems for railway infrastructure have been developed and launched to commercial market. Their major objective is to increase the availability of railway infrastructure and its external systems by means of preventive maintenance, anticipating malfunctions and failures. The acquisition and installation of such systems comprises the investment of large amounts of money. In order to predict the potential benefit, it would be meaningful to model the current infrastructure maintenance process and simulate the effects of the introduction of a diagnosis system. In this work a Petri net based modelling method for Monte Carlo simulation is presented, and validated by a case study of a French high speed line. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42326.html 04:00 PM Wednesday 31, 1969 Colored Petri Nets (CPN) are a powerful, recognized and intuitive modelling tool. They allow a precise representation of distributed, embedded and/or real time systems. These models can be then used among others for the dependability assessment. This paper develops a new method of CPN analysis called the Backward reachability. It provides information about different ways of reaching a particular CPN marking that represents, for example, a failure state or a transilient fault. This analysis is performed on an inverse CPN which is obtained by transforming original CPN structure while preserving the model proprieties. The work develops mathematical tools to prove the pertinence of transformations allowing the definition of inverse CPN. The main advantage of this method is that it allows to determine the sequence leading from the initial to the final marking for any possible final marking vector. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42321.html 04:00 PM Wednesday 31, 1969 In a variety of different standards the subject matter of dependability is defined by various concepts. Their unambiguous definition can lead to a clear interpretation which facilitates communication of all persons involved in the development of safety-critical technical systems. By means of concise communication during specification, subsequent implementation as well as the preparation of operating and maintenance manuals negative legal and financial impacts can be avoided. For this reason this paper introduces a method for terminological disambiguation. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42302.html 04:00 PM Wednesday 31, 1969 Controllability of (max,+) automata and formal power series is studied within a behavioral framework. An extension of classical tensor product of their linear representations as a parallel composition of controller with the plant (max,+) automaton is used. Controllability is studied using residuation theory of (multivariable) formal power series and (max,+)-counterpats of supremal controllable behaviors are derived. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42301.html 04:00 PM Wednesday 31, 1969 In our previous work, a communication protocol for the reliable communication of discrete event supervisors that are implemented on physically distinct controller devices on a shared-medium network was developed. Here, the required data exchange is captured by communication models that are algorithmically computed from an underlying hierarchical and decentralized supervisor synthesis. These communication models are particularly efficient if all synthesized supervisors are implemented on distinct controller devices. In this paper, the general case is considered, where multiple supervisors can be aggregated on each controller device. To this end, the algorithmic communication model computation is adapted in order to remove communication among supervisors on the same controller device. The benefit of the controller aggregation is illustrated by a manufacturing system case study. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42327.html 04:00 PM Wednesday 31, 1969 this paper addresses the problem of forbidden states for safe Petri Nets modeling discrete event systems. We present an efficient method to construct a controller. A set of linear constraints allow forbidding the reachability of specific states. The number of these so-called forbidden states and consequently the number of constraints are large and lead to a large number of control places. A systematic method for constructing very simplified controller is offered. By using a method based on Petri nets partial invariants, maximal permissive controllers are determined. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42322.html 04:00 PM Wednesday 31, 1969 Since its birth, about fifty years ago, the reliability field develops methods and tools to satisfy its different needs and this is more and more difficult as industrial systems becomes more and more complex and required parameters more and more sophisticated. Then the simplistic reliability and availability calculations of the origins are no longer sufficient to fulfill the present time needs encountered when dealing with RAM (Reliability, Availability, and Maintainability) or SIL (Safety Integrity Level) analysis. The dynamical behavioral aspects and the combinatory explosion of the number of states of industrial size system imply to proceed to a qualitative jump to be able to manage them properly. This may be done simply by moving from the traditional analytical approach to the Monte Carlo simulation. Nevertheless to be implemented efficiently this approach needs a powerful model behaving a close as possible as the physical system which is modeled. Finite states automata are generally chosen for this purpose and, among them the stochastic Petri nets (SPN) have proven to be very effective. This is the aim of this paper to show how SPN may be used for RAM (i.e. dependability) and SIL (i.e. functional safety) objectives. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42325.html 04:00 PM Wednesday 31, 1969 We present a Hybrid Bayesian Network (HBN) framework to model the availability of renewable systems. We use an approximate inference algorithm for HBNs that involves dynamically discretizing the domain of all continuous variables and use this to obtain accurate approximations for the renewal or repair time distributions for a system. We show how we can use HBNs to model corrective repair time, logistics delay times and scheduled maintenance time distributions and combine these with time to failure distributions to derive system availability. Example models are presented and are accompanied by detailed descriptions of how repair (renewal) distributions might be modelled using HBNs. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42319.html 04:00 PM Wednesday 31, 1969 In this paper we propose a dependable model for single substrate enzyme kinetics based on the differential Petri network formalism. Metabolic signaling pathways contain biochemical reactions in which substrates are catalyzed enzymatic and turn them into active biochemical products. The enzyme reactions are described quantitatively through ordinary differential equations (ODEs) in the proposed Petri network model. The specificity of the biochemical reactions are captured in the proposed Petri network model. The simulation study shows qualitative validation of the dependability of the proposed Petri network model with experimental results for enzyme kinetics. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42291.html 04:00 PM Wednesday 31, 1969 When dealing with workflow security requirements, the compliance of information flow with the adopted security policies needs to be analyzed. For this purpose, we adopt in this paper a two-step verification approach. While the first step is concerned by the verification of the soundness of the workflow, the second one is concerned by the control of access rights on information under both time constraints and security requirements (through multilevel security policies such as Bell-LaPadula). We propose a model for such workflow specification based on the Time ECATNet formalism. This latter offers means to incorporate the security and time constraints on information flow into an initial WF-net modeling the control flow of a workflow specification. We then show how to analyze the impact of the introduced security rules on the workflow execution, using the Maude LTL model checker, and show how to relax them to derive a correct workflow specification. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42305.html 04:00 PM Wednesday 31, 1969 The paper deals with the determination of input sequences for which the faults occurring in discrete-event systems described by deterministic I/O automata can be detected and identified. The basis for this method is provided by diagnosability criteria that show that faults can be found whenever the automata describing the faultless and the faulty system do not have equivalent initial states. The absence of equivalent states implies that there exist finite input sequences for which the output sequences distinguish for all faults. The paper describes a method to find these input sequences. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42296.html 04:00 PM Wednesday 31, 1969 In this paper we provide an approach to on-line diagnosis of discrete event systems based on labeled Petri nets. The proposed procedure is based on our previous results on unlabeled Petri nets and allows us to also consider events that are undistinguishable, namely events that produce an output signal that is observable, but that is common to other events. Our approach is based on the notion of basis markings and j-vectors and it is shown that, in the case of bounded Petri nets, the most burdensome part of the procedure may be moved off-line, computing a particular graph that we call Basis Reachability Graph. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42292.html 04:00 PM Wednesday 31, 1969 While there are several approaches applying model checking to PLC programs, it is still not used in industry. This is due to the limited applicability of the existing approaches, which all translate PLC programs into the input languages of existing model checkers and thus suffer from certain problems. This paper presents a new approach that applies model checking directly to PLC programs written in IL without using translations. This has some advantages: domain-specific information is available during verification, users can make propositions about all features of the PLC, and counterexamples are given in the same language as the program, thus, simplifying the process of locating errors. In the described approach, a tailored simulator builds the state space for verification. Within this simulator, different abstraction techniques are used to tackle the state-explosion problem. A case study shows the applicability of this approach. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42299.html 04:00 PM Wednesday 31, 1969 This paper presents a discrete event model-based approach for Fault Detection and Isolation of manufacturing systems. This approach considers a system as a set of independent plant elements. Each plant element is composed of a set of interrelated Parts of Plant (PoPs) modeled by a Moore automaton. Each PoP model is only aware of its local behavior. The degraded and faulty behaviors are added to each PoP model in order to obtain extended PoP ones. An extrapolation of Gaussian learning is realized to obtain acceptable temporal intervals between the time occurrences of correlated events. Finally based on the PoP extended models and the links between them, a fault candidates' tree is established for each plant element. This candidates' tree corresponds to a local on-line fault event occurrence observer, called diagnoser. Thus, the diagnosis decision is distributed on each plant element. An application example is used to illustrate the approach. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif http://www.ifac-papersonline.net/Detailed/42331.html 04:00 PM Wednesday 31, 1969 This paper presents a procedure for failure prognostic by using Dynamic Bayesian Networks (DBNs). The graphical representation of this tool is particularly well suitable for modeling complex systems, with non homogeneous sources of data and knowledge. Moreover, DBNs allow to deal with uncertainty which is an inherent property to any failure prognostic work, especially regarding the estimation of the Remaining Useful Life (RUL) before a failure. The DBN model can be also used to observe the propagation of the effect of any state of the model on the other remaining states. The proposed procedure is applied on a small industrial system to show its feasibility. http://www.ifac-papersonline.net/static/luna/images/ifac/icon-download.gif