Critical Observability of Stochastic Discrete Event Systems Under Intermittent Loss of Observations

Abstract

A system is said to be critically observable if the operator can always determine whether the current state belongs to a set of critical states. Due to the communication failures, systems may suffer from intermittent loss of observations, which makes the system not critically observable. In this sense, to characterize critical observability in a quantitative way, this paper extends the notion of critical observability to stochastic discrete event systems modeled as partially observable probabilistic finite automata. Two new notions, called step-based almost critical observability and almost critical observability are proposed, which describe a measure of critical observability for a given system against intermittent loss of observations. We introduce a new language operation to obtain a probabilistic finite automaton describing the behavior of the plant system under intermittent loss of observations. Based on this structure, we also present verification methodologies to check the aforementioned two notions and analyze the complexity. Finally, the results are applied to a raw coal processing system, which shows the effectiveness of the proposed methods.

1. Introduction

In the last decade, numerous reports have addressed state estimation and information security problems in cyber–physical systems (CPSs) under partial observation conditions. Within the realm of discrete event systems (DESs), many studies have concentrated on issues such as opacity verification [1], detectability verification [2,3], attack detection [4,5], predictability [6], and observability [7].

Critical observability [8,9] is a safety property related to state estimation [10,11,12] that concentrates on deciding whether an operator can always identify a given set of critical states in a system through its observation of the system information flow. Several previous works investigated the critical observability of DESs, which are a kind of abstraction of CPSs [13].

By exploiting decentralization and bi-simulation, Pola et al. [14] verify critical observability for networks of finite-state automata. This study proposes a decentralized architecture in which local critical observers perform online detection of critical states, thus significantly reduces the computational effort. Masopust [15] further reveals the computational complexity of verifying critical observability for (networks of) finite-state automata and labeled Petri nets (LPNs). Yan et al. [16] consider the critical observability problem related to a given time step and its inverse problem by using an algebraic model of finite-state automata. Tong and Ma [17] consider communication losses for the problem of k-step and definite critical observability in DESs modeled by finite-state automata. The research in [18,19] extend the formulation of critical observability to timed DESs modeled as max-plus automata and bounded labeled time Petri nets, respectively. Moreover, the research in [20] verifies the critical observability of bounded and live LPNs by using linear integer programming without enumerating the reachability graph. The work of [20] proves a necessary and sufficient condition to check the critical observability when an arbitrary subset of reachable markings describes the critical-state set. Furthermore, the authors extend the results to the case when a critical-state set is modeled by all the reachable markings that satisfy disjunctions of generalized mutual exclusion constraints [21]. The work in [22] also enforces the critical observability of bounded LPNs after verification by using the supervisory control theory [23].

Most approaches to the critical observability of DESs assume that all sensors work properly and all the information recorded by sensors is always transmitted to the operator. However, poor sensor operations or communication malfunctions between the sensors and the operator may lead to event observation losses, which has been considered in diagnosability (codiagnosability) and supervisory control in DESs [24,25,26]. In such a scenario, given a set of predefined critical states, a system under intermittent loss of observations is likely to lose its critical observability to some degree.

In fact, critical observability defined in all the aforementioned works does not take into account the likelihood of violating a critical observability requirement, where only a binary report is outputted: a system is either critically observable or not. However, the binary report cannot provide enough information for the scenarios where different actions of a system have an unequal occurrence likelihood. Thus, the work in [27] formulates the notion of critical observability in a Markov hybrid system called $\overline{P}$-observability, which characterizes the probability of determining a critical state. Then, it designs an observer to check this property. More precisely, a system is said to be $\overline{P}$-observable if either we are sure that the system is not in a critical state or the probability of being in a critical state is higher than a given bound $\overline{P}$. Unlike $\overline{P}$-observability, we consider other scenarios in which the critical observability with a binary report is not enough for a proper description. In particular, if a non-critically observable system has a small violation probability, it is crucial to consider quantitatively evaluating critical observability via probabilistic models, namely stochastic discrete event systems (SDESs). It is obvious that the work in [27] and our work deal with different kinds of critical observability measures in different kinds of systems. Thus, these two works are incomparable.

This paper makes an investigation analyzing step-based almost critical observability (SA-CO) and almost critical observability (A-CO) of an SDES under intermitting loss of observations modeled by a probabilistic finite automaton (PFA). Compared with a finite-state automaton, a PFA can capture the uncertainty (such as random behaviors) through the state transition probabilities, while the finite-state automaton or the non-probabilistic model cannot. That is to say, a PFA is more powerful to characterize the system accurately than the finite-state automaton. Compared with a hidden Markov model (HMM), the structure of a PFA is relatively simple and the state transitions are directly based on probabilities, while the HMM has a complex structure because it contains hidden states and observed states. Now, the PFA is commonly used in many related problems of state estimation, i.e., diagnosability [28,29], robust and safe fault diagnosis [30,31], prognosability [32], coprognosability [33], detectability [34], and state-based opacity [35,36,37].

The main contributions of this paper are as follows. First, we define the following two notions of critical observability in an SDES under intermittent loss of observations modeled as a PFA, namely SA-CO and A-CO. More precisely, SA-CO requires the a priori cumulated probability of violating critical observability for any sequence with length k and any sequence with infinite length below a given threshold, where k is an arbitrary non-negative integer. A-CO considers the a priori cumulated probability of violating critical observability for any sequence whose prefix does not violate critical observability, and requires such a probability below a given threshold. From the notions of SA-CO and A-CO, the main challenge is to compute the violation language for critical observability under an intermittent loss of observations. Thus, we built a modified system that can capture the behavior of the plant system under an intermittent loss of observations using a PFA. In addition, we propose an algorithm to construct a new finite information structure that can capture the violation language for critical observability of the plant system under the intermittent loss of observations using a PFA and its isomorphic Markov chain. Based on these results, necessary and sufficient conditions are presented to verify SA-CO and A-CO of SDESs under intermittent loss of observations, and the complexity is also given.

Note that the formulations of SA-CO and A-CO are motivated by the formulations of step-based almost current-state opacity and almost current-state opacity in [35], step-based almost initial-state opacity and almost initial-state opacity in [36], and almost k-step opacity and almost infinite-step opacity in [37]. In fact, critical observability is (inversely) related to current state opacity, which aims to protect secret states by ensuring that the current state estimate of a system always includes at least one non-secret state. In contrast, critical observability requires the current state behavior to be identified as critical or non-critical. Thus, SA-CO and A-CO are different with step-based almost current-state opacity and almost current-state opacity in [35]. Moreover, all the above methods in [35,36,37] do not consider communication malfunctions between the plant and the operator. Thus, the methods in [35,36,37] cannot be used to solve the problem raised in this paper, and it is necessary to introduce new methods to verify SA-CO and A-CO in SDESs. To the best of our knowledge, this is the first work to deal with SA-CO and A-CO in SDESs, which may benefit practitioners in the energy and resource industries, where stochastic events are extensively prevalent.

The rest of this paper is organized as follows. Section 2 provides some foundations of a finite-state automaton and a PFA. Section 3 presents how to build a PFA for an SDES that suffers from the intermittent loss of observations. In Section 4, we show the problem formulation of this paper, i.e., SA-CO and A-CO under intermittent loss of observations. Section 5 and Section 6 illustrate the methods to verify SA-CO and A-CO under intermittent loss of observations, respectively. The application of the proposed methods to engineering problems is introduced in Section 7. Finally, Section 8 concludes the paper, and suggests directions for future work.

2. Preliminaries

This section briefly introduces some basic knowledge used throughout the paper, including finite-state automaton (deterministic finite automaton and nondeterministic finite automaton) and probabilistic finite automaton.

2.1. Finite-State Automaton

Let $\mathbb{N}$ be a set of non-negative integers, E be an alphabet, and $E^{*}$ be the Kleene-closure  [38] of E. A language $L\subseteq E^{*}$ is defined as a set of strings. We denote the prefix-closure of L by $\overline{L}$, i.e.,

$$\overline{L}=\{u\in E^{*}|\exists v\in E^{*}:uv\in L\}.$$

For a string $u\in E^{*}$, we denote by $v\le u$ if $v\in \overline{\left\{u\right\}}$ and denote by $v<u$ if $v\in \overline{\left\{u\right\}}\setminus \left\{u\right\}$. For any string u, let $\left|u\right|$ denote the length of u. For any set A, let $\left|A\right|$ denote its cardinality and $2^A$ denote its power set.

A deterministic finite automaton (DFA) is denoted by $G^{\prime }=(X,E,{\delta }^{\prime },X_0)$, where X is the state set, ${\delta }^{\prime }:X\times E\to X$ is the deterministic (partial) transition function, and $X_0\subseteq X$ is the initial-state set.

A nondeterministic finite automaton (NFA) is denoted by $G=(X,E,\delta ,X_0)$, where X is the state set, $\delta :X\times E\to 2^X$ is the nondeterministic transition function, and $X_0\subseteq X$ is the initial-state set. The set of all transitions in G is also denoted by $\delta =\left\{(x,e,x^{\prime })\right|\delta (x,e)=x^{\prime }\}$. The active event set at a state $x\in X$ is defined as

$$\mathrm{\Gamma }\left(x\right)=\{e\in E|\delta (x,e)\ne \varnothing \}.$$

The function $\delta$ can be extended to the domain $2^X\times E^{*}$ by induction as shown in [38]. For the sake of simplicity, let $\delta \left(u\right)$ denote $\delta (X_0,u)$. The language generated by G is defined as

$$L\left(G\right)=\{u\in E^{*}|\delta \left(u\right)\ne \varnothing \}.$$

The event set E is partitioned into two disjoint sets: $E=E_o\cup E_{uo}$, where $E_o$ is the set of observable events and $E_{uo}$ is the set of unobservable events. The natural projection $P:E^{*}\to E_o^{*}$ is defined as (i) $P\left(ϵ\right)=ϵ$; $P\left(e\right)=e$ if $e\in E_o$ and $P\left(e\right)=ϵ$ otherwise; (iii) $P\left(ue\right)=P\left(u\right)P\left(e\right)$. Moreover, the inverse projection $P^{-1}:E_o^{*}\to 2^E$ is defined as $P^{-1}\left(w\right)=\{u\in E^{*}|P\left(u\right)=w\}$.

Given an NFA G and a set of states $x_o\in 2^X$, let $U\left(x_o\right)$ denote the set of states that are unobservable reached from some state in $x_o$, i.e., $U\left(x_o\right)=\{x\in X|\exists x^{\prime }\in x_o,\exists v\in E_{uo}^{*}\mathrm{s}.\mathrm{t}.x\in \delta (x^{\prime },v)\}$. We use $N(x_o,e)$ to denote the set of states that are directly reachable upon the occurrence of an observable event $e\in E_o$, i.e., $N(x_o,e)=\{x\in X|\exists x^{\prime }\in x_o\mathrm{s}.\mathrm{t}.x\in \delta (x^{\prime },e)\}$.

An observer of an NFA G is defined by a DFA $G_o=(X_o,E_o,{\delta }_o,X_{0,o})$, where $X_o\subseteq 2^X$, $X_{0,o}=U\left(X_0\right)$ and for any $x_o\in 2^X$, $e\in E_o$, ${\delta }_o(x_o,e)=U\left(N(x_o,e)\right)$. Actually, it is necessary to only construct the accessible part of the observer from the set of initial states $X_{0,o}$ (the set of states reachable from the set of initial states through some event sequences $w\in E_o^{*}$).

2.2. Probabilistic Finite Automaton

An SDES is modeled as a PFA $(G,p,{\pi }_0)$ [39], where $G=(X,E,\delta ,X_0)$ is an NFA, $p:X\times E\times X\to [0,1]$ is the transition probability function, and ${\pi }_0$ is the initial-state probability distribution vector such that $\forall x\notin X_0$: ${\pi }_0\left(x\right)=0$ and $\forall x\in X$:

$$\sum _{x\in X}{\pi }_0\left(x\right)=1.$$

Particularly, for any $x,x^{\prime }\in X$, $e\in E$, let $p(x^{\prime },e|x)$ denote the probability that event e occurs and the PFA reaches state $x^{\prime }$ from state x. If $p(x^{\prime },e|x)=0$, then state x cannot reach state $x^{\prime }$ through event e. We assume that $\forall x\in X:$

$$\sum _{x^{\prime }\in X}\sum _{e\in E}p(x^{\prime },e|x)=1.$$

For any string $u\in E^{*}$ and state $x\in X$, we denote the occurrence probability of u by $Pr\left(u\right)$, and the probability that u has occurred and the state of the system becomes x by $Pr(x,u)$. Then, for any $e\in E$ and $u\in E^{*}$, we have

$$\left\{\begin{array}{c}Pr\left(ue\right)={\displaystyle \sum _{x\in X}}Pr(x,ue),\hfill \\ Pr(x,ue)={\displaystyle \sum _{x^{\prime }\in X}}\left(p(x,e|x^{\prime })Pr(x^{\prime },u)\right),\hfill \\ Pr(x,ϵ)={\pi }_0\left(x\right).\hfill \end{array}\right.$$

(1)

A Markov chain is denoted by $M=(X,p_M,{\pi }_0)$, where $p_M\left(x^{\prime }\right|x)$ is the transition probability from state x to state $x^{\prime }$ for $x,x^{\prime }\in X$, and ${\pi }_0$ is the initial-state probability distribution vector. Let $\mathbb{P}$ denote the transition probability matrix of M, whose $(x^{\prime },x)$th element is $p_M\left(x^{\prime }\right|x)$. Given ${\pi }_0$, the current-state probability distribution vector after k steps is defined as ${\pi }_k={\mathbb{P}}^k{\pi }_0$. For any PFA $(G,p,{\pi }_0)$, its associated Markov chain or is denoted as $M=(X,p_M,{\pi }_0)$, whose transition probability is defined as

$$p_M\left(x^{\prime }\right|x)=\sum _{e\in E}p(x^{\prime },e|x).$$

3. Modeling the Behavior of PFA Under Intermittent Loss of Observations

This section presents how to build a PFA model that can capture the behavior of an SDES under intermittent loss of observations.

Let $E=E_{il}\cup E_{nil}$ be a partition of E, where $E_{il}$ denotes the set of observable events associated with intermittent loss of observations and $E_{nil}$ denotes the set of observable events that do not suffer from intermittent loss of observations. Moreover, let $E_{il}^{\prime }=\left\{e_u\right|e\in E_{il}\}$ and $E_d=E\cup E_{il}^{\prime }$.

The dilation function is defined as $D:E^{*}\to 2^{E_d^{*}}$, where $D\left(ϵ\right)=ϵ$, $D\left(e\right)=\left\{e\right\}$, if $e\in E_{nil}$, $D\left(e\right)=\{e,e_u\}$, if $e\in E_{il}$, and $D\left(se\right)=D\left(s\right)D\left(e\right)$ where $s\in E^{*}$ and $e\in E$. The dilation function operation can be extended to languages as follows:

$$D\left(L\left(G\right)\right)=\bigcup _{s\in L\left(G\right)}D\left(s\right).$$

Based on the dilation function D, given an NFA $G=(X,E,\delta ,X_0)$, if it suffers from the intermittent loss of observations, it is defined as $G_d=(X,E_d,{\delta }_d,X_0)$, where ${\delta }_d(x,e_u)=\delta (x,e)$ if $e_u\in E_{il}^{\prime }$ and ${\delta }_d(x,e)=\delta (x,e)$ if $e\in E$.

In a PFA, for all $e\in E_{il}$, we use $Pr\left((x^{\prime },e_u|x)\right|(x^{\prime },e|x))\in (0,1)$ to denote the probability that event $e_u$ occurs at state x, leading to state $x^{\prime }$, given that event e occurs at state x, leading to state $x^{\prime }$. In addition, the transition probability dilation function is defined as $p_d:X\times E_d\times X\to [0,1]$, where $p_d(x^{\prime },e|x)=p(x^{\prime },e|x)$ if $e\in E_{nil}$; and $p_d(x^{\prime },e|x)=p(x^{\prime },e|x)(1-Pr\left((x^{\prime },e_u|x)\right|(x^{\prime },e|x)))$, $p_d(x^{\prime },e_u|x)=p(x^{\prime },e|x)Pr\left((x^{\prime },e_u|x)\right|(x^{\prime },e|x))$ if $e\in E_{il}$. Then, the PFA characterizing the behavior of $(G,p,{\pi }_0)$ that suffers from the intermittent loss of observations is denoted as $(G_d,p_d,{\pi }_0)$. Actually, the intermittent loss of observations in this paper can be seen as the transition missing. However, since the PFA has contained all the potential states of the real system, there is no state missing in this paper.

Note that in this paper, the transition probabilities and the event loss probabilities are known and accurate, which is commonly adopted in the literature. Actually, in most of the cases, the number of events that can occur at a given state of a system is fixed, and the probabilities of the occurrence of these events can be usually obtained based on the physical properties of events. In addition, compared with the intermittent loss of observations on sensors, sensor misclassification, false positives/negatives, or correlated sensor failures can generally be seen as faults occurring in the system, which is related to fault diagnosis or prognosis in SDESs.

4. Critical Observability in SDESs Under Intermittent Loss of Observations

This section establishes the formulation of SA-CO and A-CO in SDESs under intermittent loss of observations. To achieve this aim, we first recall the notion of critical observability in DES without considering the probability and the intermittent loss of observations.

Definition 1 

([15]). Given an NFA $G=(X,E,\delta ,X_0)$ with $E=E_o\cup E_{uo}$, a natural projection P, and a set of critical states $X_c\subseteq X$. The system G is critically observable with respect to $E_o$ and $X_c$ if $\delta \left(P^{-1}P\left(w\right)\right)\subseteq X_c$ or $\delta \left(P^{-1}P\left(w\right)\right)\subseteq X\setminus X_c$ for any $w\in L\left(G\right)$, where $\delta \left(P^{-1}P\left(w\right)\right)={\cup }_{u\in P^{-1}P\left(w\right)}\delta \left(u\right)$.

In this paper, we assume that $X_0\ne X_c$. Particularly, if $X_0=X_c$, then G is undoubtedly critically observable. However, for a critically observable NFA G, if it suffers from an intermittent loss of observations, its critical observability may not hold according to Definition 1. In addition, note that a system does not satisfy critical observability even if the probability of a sequence that violates critical observability is very small. In order to quantify critical observability, we introduce the following definition that can characterize the probability of violating critical observability under an intermittent loss of observations.

Definition 2. 

Given a PFA $(G,p,{\pi }_0)$, a projection $P_d:E_d^{*}\to E_o^{*}$, the probability $Pr((x^{\prime },e_u|x)\left|\right(x^{\prime },$ $e\left|x\right))$ for all $e\in E_{il}$, and a set of critical states $X_c\subseteq X$, let $(G_d,p_d,{\pi }_0)$ with $G_d=(X,E_d,{\delta }_d,X_0)$ be a PFA characterizing the behavior of $(G,p,{\pi }_0)$ under an intermittent loss of observations, defined as follows:

$$\begin{array}{c}\hfill L_{\mathcal{N}}=\{w\in L\left(G_d\right)|[{\delta }_d\left(P_d^{-1}{P}_d\left(w\right)\right)\cap X_c\ne \varnothing ]\wedge \\ \hfill [{\delta }_d\left(P_d^{-1}{P}_d\left(w\right)\right)\cap (X\setminus X_c)\ne \varnothing ]\}.\end{array}$$

(2)

Then, PFA $(G,p,{\pi }_0)$ is step-based almost critically observable (SA-CO) with respect to $X_c$, $P_d$, $Pr\left((x^{\prime },e_u|x)\right|(x^{\prime },e|x))$, and a threshold β if the following two conditions hold:

$$\forall k=0,1,2,\cdots ,\sum _{w\in L_{\mathcal{N}},\left|w\right|=k}Pr\left(w\right)<\beta ,$$

(3)

$$\sum _{w\in L_{\mathcal{N}},\left|w\right|\to \infty }Pr\left(w\right)<\beta .$$

(4)

Note that any sequence w in $L_{\mathcal{N}}$ will violate critical observability, i.e., the operator cannot determine whether the current state of the system is critical or not through the observation $P\left(w\right)$. It is obvious that if G satisfies critical observability under an intermittent loss of observations, then $(G,p,{\pi }_0)$ also satisfies SA-CO for any $\beta >0$ under the intermittent loss of observations.

Example 1. 

Consider a PFA $(G,p,{\pi }_0)$ in Figure 1a with $G=(X,E,\delta ,X_0)$, $E_o=\{b,c,d\}$, $X_c=\left\{4\right\}$, and ${\pi }_0={[1,0,0,0,0,0]}^T$. First, assume that $E_{il}=\varnothing$, the observer of G is shown in Figure 2, and G is critically observable based on Definition 1. Then, let $E_{il}=\left\{c\right\}$, G become not critically observable, and we have $L_{\mathcal{N}}=\{a{b}^{*}{c}_u{a}^{*}d{b}^{*},a{b}^{*}d{b}^{*}\}$ (For brevity, for any $w\in E^{*}$, we use $w^{*}$ instead of ${\left\{w\right\}}^{*}$ to represent the Kleene-closure of $\left\{w\right\}$. Moreover, for any $w,u\in E^{*}$, we use $uv$ instead of $\left\{w\right\}\left\{u\right\}$ to represent the concatenation of $\left\{w\right\}$ and $\left\{u\right\}$). Let $Pr\left((3,c_u|1)\right|(3,c|1))=0.3$; then, we have $p_d(3,c_u|1)=p(3,c|1)Pr\left((3,c_u|1)\right|(3,c|1))=0.9\times 0.3=0.27$, $p_d(3,c|1)=p(3,c|1)(1-Pr\left((3,c_u|1)\right|(3,c|1)))=0.9\times (1-0.3)=0.63$, and $p_d(x^{\prime },e|x)=p(x^{\prime },e|x)$ for all transitions in δ except for transition $(1,c,3)$, and we can obtain $(G_d,p_d,{\pi }_0)$ in Figure 1b. Let us check whether the PFA is SA-CO with respect to $X_c$, $P_d$, $Pr\left((x^{\prime },e_u|x)\right|(x^{\prime },e|x))$, and $\beta =0.3$. Since all sequences violating critical observability have lengths greater than or equal to three, we begin with $\left|w\right|=3$. In particular,

$$\sum _{w\in L_{\mathcal{N}},\left|w\right|=3}Pr\left(w\right)=Pr\left(a{c}_{u}d\right)+Pr\left(abd\right)+Pr\left(adb\right)=0.2475.$$

Then, take into account $\left|w\right|=4$,

$$\begin{array}{cc}\hfill \sum _{w\in L_{\mathcal{N}},\left|w\right|=4}Pr\left(w\right)& =Pr\left(ab{c}_{u}d\right)+Pr\left(a{c}_{u}ad\right)+Pr\left(a{c}_{u}db\right)+Pr\left(abbd\right)+Pr\left(abdb\right)+Pr\left(adbb\right)\hfill \\ & =0.1665.\hfill \end{array}$$

It is obvious that

$$\sum _{w\in L_{\mathcal{N}},\left|w\right|=k}Pr\left(w\right)$$

decreases with k increasing. Thus, the PFA is SA-CO with respect to $X_c$, $P_d$, $Pr\left((x^{\prime },e_u|x)\right|(x^{\prime },e|x))$, and a threshold $\beta =0.3$.

Definition 3. 

Given a PFA $(G,p,{\pi }_0)$, a projection $P_d:E_d^{*}\to E_o^{*}$, the probability $Pr\left((x^{\prime },e_u|x)\right|$$(x^{\prime },e|x\left)\right)$ for all $e\in E_{il}$, and a set of critical states $X_c\subseteq X$, let $(G_d,p_d,{\pi }_0)$ with $G_d=(X,E_d,{\delta }_d,X_0)$ be a PFA characterizing the behavior of $(G,p,{\pi }_0)$ under the intermittent loss of observations, defined as

$$L_{\mathcal{N}}^{\mathcal{P}}=\{w\in L_{\mathcal{N}}|\forall w^{\prime }<w\mathrm{s}.\mathrm{t}.w^{\prime }\notin L_{\mathcal{N}}\}.$$

(5)

Then, PFA $(G,p,{\pi }_0)$ is almost critically observable (A-CO) with respect to $X_c$, $P_d$, $Pr((x^{\prime },e_u|x)\left|\right(x^{\prime },$$e\left|x\right))$ and a threshold β if

$$\sum _{w\in L_{\mathcal{N}}^{\mathcal{P}}}Pr\left(w\right)<\beta .$$

(6)

Note that if there exist two sequences w and u in $G_d$ with $w<u$, $P_d\left(D\left(w\right)\right)=e_0{e}_1\cdots e_n$, and $P_d\left(D\left(u\right)\right)=e_0{e}_1\cdots e_n{e}_{n+1}\cdots e_m$ violating critical observability, then we can confirm that the system is not critically observable through the observation $P_d\left(D\left(w\right)\right)$, and it is not necessary to consider the rest of the observation, i.e., $e_{n+1}\cdots e_m$. Meanwhile, if the two sequences w and u with $w<u$ and $P_d\left(D\left(w\right)\right)=P_d\left(D\left(u\right)\right)$ violate the critical observability, we only need to consider the probability of the occurrence of w since the sequence w should occur first before the occurrence of u.

Example 2. 

Consider a PFA $(G,p,{\pi }_0)$ in Figure 1a with $E_o=\{b,c,d\}$, $X_c=\left\{4\right\}$, and ${\pi }_0={[1,0,0,0,0,0]}^T$. First, assume that $E_{il}=\varnothing$, G is critically observable based on Definition 1. Then, let $E_{il}=\left\{c\right\}$, G becomes not critically observable, and we have $L_{\mathcal{N}}=\{a{b}^{*}{c}_u{a}^{*}d{b}^{*},a{b}^{*}d{b}^{*}\}$ and $L_{\mathcal{N}}^{\mathcal{P}}=\{a{b}^{*}{c}_u{a}^{*}d,a{b}^{*}d\}$. Let $Pr\left((3,c_u|1)\right|(3,c|1))=0.3$; then we can obtain $(G_d,p_d,{\pi }_0)$ in Figure 1b, and the following holds:

$$\begin{array}{cc}\hfill \sum _{w\in L_{\mathcal{N}}^{\mathcal{P}}}Pr\left(w\right)& =\sum _{n=0}^{\infty }0.5\times 0.1^n\times 0.27\times 0.5^n\times 0.5+0.5\times 0.1^n\times 0.9\hfill \\ \hfill & =0.65.\hfill \end{array}$$

(7)

Thus, for any $\beta >0.65$, the PFA is A-CO with respect to $X_c$, $P_d$, $Pr\left((x^{\prime },e_u|x)\right|(x^{\prime },e|x))$, and a threshold β.

In fact, the threshold $\beta$ in SA-CO and A-CO is usually determined by the safety requirements of the users for the real system. Particularly, for this work, we mainly focus on the verification of SA-CO and A-CO of SDESs under an intermittent loss of observations with respect to the threshold, and the method of threshold acquisition is not the main purpose of this work.

5. Verification of SA-CO Under Intermittent Loss of Observations

In this section, we present a method to verify SA-CO of SDESs under intermittent loss of observations.

To this aim, it is necessary to compute the cumulative probability of violating critical observability for all sequences of length $k\in \mathbb{N}$, including an infinite length. The main difficulty to solve this problem is that there are infinite numbers of k, and infinite memory may be needed to calculate the sequences and their probabilities for each k. Thus, in the following, we show how to resolve this issue.

Now, we briefly introduce how Algorithm 1 works, as follows. In particular, Step 1 uses $(G_d,p_d,{\pi }_0)$ to describe the behavior of $(G,p,{\pi }_0)$ suffering from the intermittent loss of observations. Step 2 builds an observer that can capture all the observations that violate critical observability, which transforms all the nondeterminism of transitions in a PFA to deterministic transitions. In order to capture all the event sequences that can generate the observations violating critical observability, Step 3 adds an unobservable self-loop to each state of the observer, and Step 4 uses a product operator applied to a PFA $(G_d,p_d,{\pi }_0)$ and a DFA derived from Step 3. Finally, Step 5 constructs the Markov chain M associated with the PFA obtained in Step 4, while discarding the labels on the transitions of the PFA.

Definition 4. 

Given a PFA $(G,p,{\pi }_0)$, a projection $P_d:E_d^{*}\to E_o^{*}$, the probability $Pr((x^{\prime },e_u|x)$$\left|\right(x^{\prime },e\left|x\right))$ for all $e\in E_{il}$, and a set of critical states $X_c\subseteq X$, let $M=(X_p,p_M,{\pi }_{0,p})$ be a Markov chain defined as in Algorithm 1. A state $x_p=(x,y)\in X_p$ is said to violate critical observability if $y\cap X_c\ne \varnothing \wedge y\cap (X\setminus X_c)\ne \varnothing$. The set of states in M that violate the critical observability is denoted as $X_{p,v}$.

Algorithm 1 Construction of a Markov chain for verifying SA-CO under intermittent loss of observations

Input: A PFA $(G,p,{\pi }_0)$ with $G=(X,E,\delta ,X_0)$, a set of events suffering from intermittent loss of observations $E_{il}$, the probability $Pr\left((x^{\prime },e_u|x)\right|(x^{\prime },e|x))$ for all $e\in E_{il}$, and a set of critical states $X_c\subseteq X$ Output: The Markov chain M for verifying SA-CO 1: Build the PFA $(G_d,p_d,{\pi }_0)$ with $G_d=(X,E_d,{\delta }_d,X_0)$ that models the behavior of $(G,p,{\pi }_0)$ suffering from the intermittent loss of observations. 2: Build the observer $G_o=(X_o,E_o,{\delta }_o,X_{0,o})$ associated with $G_d$ by regarding all events in $E_{il}$ unobservable and using the method in [38]. 3: Build the DFA ${\hat{G}}_o=(X_o,E_d,{\hat{\delta }}_o,X_{0,o})$ from $G_o$ by adding a self-loop to each state of $G_o$ for each event $e\in E_d\setminus E_o$. 4: Build the PFA $(G_p,p_p,{\pi }_{0,p})$ with $G_p=(X_p,E_d,{\delta }_p,X_{0,p})$, where $X_p=X\times X_o$ is the set of states; ${\delta }_p((x,y),e)$ is the transition function such that ${\delta }_p((x,y),e)=({\delta }_d(x,e),{\hat{\delta }}_o(y,e))$, if $e\in \mathrm{\Gamma }\left(x\right)\cap \mathrm{\Gamma }\left(y\right)$; $X_{0,p}=X_0\times X_{0,o}$; $p_p(x_p^{\prime },e|x_p)$ is the state transition probability such that $x_p=(x,y)\in X_p$, $x_p^{\prime }=(x^{\prime },y^{\prime })\in X_p$, and $e\in E_d$, as $p_p(x_p^{\prime },e|x_p)=p_d(x^{\prime },e|x)$ if $y^{\prime }\in {\hat{\delta }}_o(y,e)$, and $p_p(x_p^{\prime },e|x_p)=0$ otherwise; ${\pi }_{0,p}$ is the initial-state probability distribution vector indexed by the states $x_p$ of PFA $(G_p,p_p,{\pi }_{0,p})$ such that ${\pi }_{0,p}\left(x_p\right)={\pi }_0\left(x\right)$, if $x_p=(x,y)\in X_0$, otherwise ${\pi }_{0,p}\left(x_p\right)=0$. 5: Construct the Markov chain $M=(X_p,p_M,{\pi }_{0,p})$ associated with the PFA $(G_p,p_p,{\pi }_{0,p})$, i.e., the state transition of Markov chain is defined as $p_M\left(x_p^{\prime }\right|x_p)={\sum }_{e\in E_d}{p}_p(x_p^{\prime },e|x_p)$ for $x_p,x_p^{\prime }\in X_p$.

Theorem 1. 

Given a PFA $(G,p,{\pi }_0)$, a projection $P_d:E_d^{*}\to E_o^{*}$, the probability $Pr((x^{\prime },e_u|x)$$\left|\right(x^{\prime },e\left|x\right))$ for all $e\in E_{il}$, and a set of critical states $X_c\subseteq X$, let $M=(X_p,p_M,{\pi }_{0,p})$ be a Markov chain constructed in Algorithm 1 with the transition probability matrix $\mathbb{P}$, and ${\pi }_{\infty ,p}$ be the stationary distribution of M. Then, PFA $(G,p,{\pi }_0)$ is SA-CO with respect to $X_c$, $E_o$, and a threshold β if and only if $1_{X_{p,v}}{\pi }_{\infty ,p}<\beta$ and for all non-negative integer k:

$$1_{X_{p,v}}{\pi }_{k,p}<\beta ,$$

(8)

where ${\pi }_{k,p}={\mathbb{P}}^k{\pi }_{0,p}$, and $1_{X_{p,v}}$ is a $|X_p|$-dimensional binary row vector such that the element whose index in $X_{p,v}$ equals to 1 (otherwise, it equals to 0).

Proof. 

Given a PFA $(G,p,{\pi }_0)$, a projection $P_d:E_d^{*}\to E_o^{*}$, and the probability $Pr((x^{\prime },e_u|x)$$\left|\right(x^{\prime },e\left|x\right))$ for all $e\in E_{il}$ based on the construction of $(G_d,p_d,{\pi }_0)$ in Algorithm 1, we can characterize the behavior of $(G,p,{\pi }_0)$ under the intermittent loss of observations. In addition, by the construction of $(G_p,p_p,{\pi }_{0,p})$, we know that the event sequences in PFA $(G_d,p_d,{\pi }_0)$ violating critical observability are those reaching states $x_p=(x,y)$ in $(G_p,p_p,{\pi }_{0,p})$ such that $y\cap X_c\ne \varnothing \wedge y\cap (X\setminus X_c)\ne \varnothing$.

Note that in Step 5 of Algorithm 1, we do not change the state structure of $(G_p,p_p,{\pi }_{0,p})$ but only remove its labels. Thus, the language $L_{\mathcal{N}}$ violating critical observability of G under the intermittent loss of observations is captured by the Markov chain M associated with the PFA $(G_p,p_p,{\pi }_{0,p})$, i.e., especially the sequences that reach the states in $X_{p,v}$ of M.

In Equation (8), ${\pi }_{k,p}$ represents the current-state probability distribution vector of the Markov chain M after k steps. Based on Definition 4, the cumulative probability of being in any of the state $x_p\in X_{p,v}$ after k steps is $1_{X_{p,v}}{\pi }_{k,p}$. Thus, we have

$$1_{X_{p,v}}{\pi }_{k,p}=\sum _{w\in L_{\mathcal{N}},\left|w\right|=k}Pr\left(w\right).$$

Note that the results also hold for $k\to \infty$, which completes the proof. □

Note that for an irreducible and aperiodic Markov chain, its stationary distribution is the unique strictly positive vector ${\pi }_{\infty }$ that can be computed by solving the equations $\mathbb{P}{\pi }_{\infty }={\pi }_{\infty }$ and

$$\sum _{i=1}^m{\pi }_{\infty }\left(i\right)=1.$$

Theorem 1 indicates that a PFA $(G,p,{\pi }_0)$ with intermittent loss of observations is SA-CO if and only if Equation (8) holds for all non-negative integers k and an infinite number. In the following, we provide a practical way to verify this condition using finite memory.

Theorem 2. 

Given an irreducible and aperiodic Markov chain $M=(X,p_M,{\pi }_0)$ with the transition probability matrix $\mathbb{P}$, assume that $\mathbb{P}$ and ${\pi }_0$ have rational entries and let ${\pi }_{\infty }$ denote the stationary distribution of M. Let $1_{X_v}$ be a row vector of 0’s and 1’s, which is indexed by states in X. Then, for $\beta >1_{X_v}{\pi }_{\infty }$, there exists an integer $K^{*}$ depending only on $p_M$, ${\pi }_0$, and β, such that for all $k\in K^{*}$, $1_{X_v}{\pi }_k<\beta$.

Proof. 

It follows directly from the proof of Theorem 2 in [35]. □

In Theorem 2, the Markov chain is assumed to be irreducible and aperiodic. Note that this result can be extended to the Markov chain that is irreducible but periodic, which has been proven in the appendix of [35].

Example 3. 

Given a PFA under an intermittent loss of observations, assume that an irreducible and aperiodic Markov chain $M=(X,p_M,{\pi }_0)$ with the transition probability matrix $\mathbb{P}$ in Theorem 2 are given by $X=\{0,1,2\}$, ${\pi }_0=\left[100\right]$, and

$$\mathbb{P}=\left[\begin{array}{ccc}0.2& 0.3& 0.5\\ 0.3& 0.3& 0.4\\ 0.5& 0.4& 0.1\end{array}\right].$$

The eigenvalues associated with $\mathbb{P}$ are ${\lambda }_1=1$, ${\lambda }_2=-0.3732$, and ${\lambda }_3=-0.0268$. Since all eigenvalues are distinct, it holds that ${\mathbb{P}}^k=A_1+{\lambda }_2^k{A}_2+{\lambda }_3^k{A}_3$, where

$$A_1=\left[\begin{array}{ccc}0.3333& 0.3333& 0.3333\\ 0.3333& 0.3333& 0.3333\\ 0.3333& 0.3333& 0.3333\end{array}\right],$$

$$A_2=\left[\begin{array}{ccc}0.3333& 0.1220& -0.4553\\ 0.1220& 0.0447& -0.1667\\ -0.4553& -0.1667& 0.6220\end{array}\right],$$

and

$$A_3=\left[\begin{array}{ccc}0.3333& -0.4553& 0.1220\\ -0.4553& 0.6220& -0.1667\\ 0.1220& -0.1667& 0.0447\end{array}\right].$$

In addition, we have

$$\begin{array}{cc}\hfill 1_{X_v}{\pi }_k& =1_{X_v}{\mathbb{P}}^k{\pi }_0\hfill \\ \hfill & =1_{X_v}{A}_1{\pi }_0+{\lambda }_2^k{1}_{X_v}{A}_2{\pi }_0+{\lambda }_3^k{1}_{X_v}{A}_3{\pi }_0\hfill \\ \hfill & =c_1+{\lambda }_2^k{c}_2+{\lambda }_3^k{c}_3.\hfill \end{array}$$

(9)

Assume that $\beta =0.4$ and $1_{X_v}=\left[010\right]$, we can verify whether the condition in Theorem 2 holds. First, we compute the stationary distribution of M as ${\pi }_{\infty }={\left[0.33330.33330.3333\right]}^T$ such that $1_{X_v}{\pi }_{\infty }<\beta$. Then, the constants $c_1$, $c_2$, and $c_3$ in Equation (9) can be computed as $c_1=0.3333$, $c_2=0.1220$, and $c_3=-0.4553$, and the constant $K^{*}$ in Theorem 2 can be obtained using the equation

$$K^{*}=\lceil {\displaystyle \frac{ln(\beta -c_1)-ln({\sum }_{i=2}^m|c_i|)}{ln|{\lambda }_2|}}\rceil =2.$$

Due to $\beta >c_1$, we only need to check whether $1_{X_v}{\pi }_k<\beta$ for $k=0,1,2$. In fact, since $1_{X_v}{\pi }_0=0<0.4$, $1_{X_v}{\pi }_1=0.3<0.4$, and $1_{X_v}{\pi }_2=0.35<0.4$, we can conclude that the PFA under intermittent loss of observations is SA-CO based on Theorems 1 and 2.

This section concludes by discussing the complexity of the proposed method. To verify SA-CO under an intermittent loss of observations, we use Algorithm 1 to construct the Markov chain M that includes at most $m=\left|X\right|\times 2^{\left|X\right|}$ states. Then, for finding eigenvalues and computing the state stationary distribution of M, the complexity is $O\left(m^3\right)$. Thus, the total complexity of verifying SA-CO is exponential in the size of the PFA.

6. Verification of A-CO Under Intermittent Loss of Observations

In this section, we show how to formally verify A-CO in SDESs under an intermittent loss of observations. For the sake of solving this problem, we need to make the states of M defined in Definition 4 (the set of critical observability violative states) absorbing. Thus, the probability of violating critical observability is transformed to computing the absorption probability at these absorbing states. The following theorem provides a necessary and sufficient condition to verify A-CO of SDESs under intermittent loss of observations.

Theorem 3. 

Given a PFA $(G,p,{\pi }_0)$, a projection $P_d:E_d^{*}\to E_o^{*}$, the probability $Pr((x^{\prime },e_u|x)$$\left|\right(x^{\prime },e\left|x\right))$ for all $e\in E_{il}$, and a set of critical states $X_c\subseteq X$, let $M=(X_p,p_M,{\pi }_{0,p})$ be a Markov chain constructed in Algorithm 1. Build a Markov chain $\tilde{M}=(X_p,{\tilde{p}}_M,{\pi }_{0,p})$ by making states in $X_{p,v}$ absorbing. Then, PFA $(G,p,{\pi }_0)$ is A-CO with respect to $X_c$, $P_d$, $Pr\left((x^{\prime },e_u|x)\right|(x^{\prime },e|x))$, and a threshold β if and only if $p_a\left(X_{p,v}\right)<\beta$, where $p_a\left(X_{p,v}\right)$ is the absorbing probability at $X_{p,v}$ of $\tilde{M}$.

Proof. 

For the sake of characterizing the language $L_{\mathcal{N}}^{\mathcal{P}}$, it is only necessary to take into account part of the sequences in $L_{\mathcal{N}}$ such that none of their prefixes belong to $L_{\mathcal{N}}$. That is to say, for any $u\in L_{\mathcal{N}}$, its continuation in $L_{\mathcal{N}}$ does not belong to $L_{\mathcal{N}}^{\mathcal{P}}$. Thus, we make the set of states $X_{p,v}$ in the Markov chain M absorbing. By using this procedure, the absorbing probability in the states set $X_{p,v}$ equals to the cumulative probability of sequences in $L_{\mathcal{N}}^{\mathcal{P}}$. □

In practice, we can compute the absorbing probability $p_a\left(X_{p,v}\right)$ in Theorem 3 using a backward recursive technique [40], as follows:

$$p_a\left(X_{p,v}\right)=\sum _{x_p\in X_p}{\pi }_{0,p}\left(x_p\right){\mathbb{P}}_a\left(x_p\right)$$

(10)

where ${\mathbb{P}}_a$ is the vector of a minimal non-negative solution to Equation (11):

$${\mathbb{P}}_a\left(x_p\right)=\left\{\begin{array}{cc}{\displaystyle \sum _{x_p^{\prime }\in X_p}}{\tilde{p}}_M\left(x_p^{\prime }\right|x_p){\mathbb{P}}_a\left(x_p^{\prime }\right),\hfill & \mathrm{if}{x}_p\notin X_{p,v}\hfill \\ 1,\hfill & \mathrm{if}{x}_p\in X_{p,v}.\hfill \end{array}\right.$$

(11)

Example 4. 

Consider a PFA $(G,p,{\pi }_0)$ in Figure 1a with $E_o=\{b,c,d\}$, $E_{il}=c$, $X_c=\left\{4\right\}$, and ${\pi }_0={\left[100000\right]}^T$. We first build the observer $G_o$ of $G_d$ in Figure 3, and the PFA $(G_p,p_p,{\pi }_{0,p})$ in Figure 4. Then, we construct the Markov chain M associated with the PFA $(G_p,p_p,{\pi }_{0,p})$, and transform M to another Markov chain $\tilde{M}$ in Figure 5 by changing all the states in $X_{p,v}=\{(4,\{4,5\}),(5,\{4,5\})\}$ to be absorbing. For brevity, we assign labels $x_{p,0}$ to $x_{p,10}$ to all the states in $\tilde{M}$. Then, we can calculate the absorbing probability in $X_{p,v}$ by solving Equation (12) as follows:

$$\left\{\begin{array}{c}{\mathbb{P}}_a\left(x_{p,0}\right)=0.5{\mathbb{P}}_a\left(x_{p,1}\right)+0.5{\mathbb{P}}_a\left(x_{p,2}\right),\hfill \\ {\mathbb{P}}_a\left(x_{p,1}\right)=0.1{\mathbb{P}}_a\left(x_{p,3}\right)+0.63{\mathbb{P}}_a\left(x_{p,4}\right)+0.27{\mathbb{P}}_a\left(x_{p,5}\right),\hfill \\ {\mathbb{P}}_a\left(x_{p,2}\right)=0.1{\mathbb{P}}_a\left(x_{p,6}\right)+0.9{\mathbb{P}}_a\left(x_{p,9}\right),\hfill \\ {\mathbb{P}}_a\left(x_{p,3}\right)=0.1{\mathbb{P}}_a\left(x_{p,3}\right)+0.63{\mathbb{P}}_a\left(x_{p,4}\right)+0.27{\mathbb{P}}_a\left(x_{p,7}\right),\hfill \\ {\mathbb{P}}_a\left(x_{p,4}\right)=0.5{\mathbb{P}}_a\left(x_{p,4}\right)+0.5{\mathbb{P}}_a\left(x_{p,8}\right),\hfill \\ {\mathbb{P}}_a\left(x_{p,5}\right)=0.5{\mathbb{P}}_a\left(x_{p,5}\right)+0.5{\mathbb{P}}_a\left(x_{p,10}\right),\hfill \\ {\mathbb{P}}_a\left(x_{p,6}\right)=0.1{\mathbb{P}}_a\left(x_{p,6}\right)+0.9{\mathbb{P}}_a\left(x_{p,9}\right),\hfill \\ {\mathbb{P}}_a\left(x_{p,7}\right)=0.5{\mathbb{P}}_a\left(x_{p,7}\right)+0.5{\mathbb{P}}_a\left(x_{p,10}\right),\hfill \\ {\mathbb{P}}_a\left(x_{p,8}\right)={\mathbb{P}}_a\left(x_{p,8}\right),\hfill \\ {\mathbb{P}}_a\left(x_{p,9}\right)={\mathbb{P}}_a\left(x_{p,10}\right)=1.\hfill \end{array}\right.$$

(12)

Since the solution of Equation (12) is not a singleton, we assign the free term ${\mathbb{P}}_a\left(x_{p,8}\right)=0$ and obtain the minimal non-negative solution $P_a={\left[0.650.310.30111101\right]}^T$ accordingly. Thus, it holds that

$$\sum _{w\in L_{\mathcal{N}}^{\mathcal{P}}}Pr\left(w\right)=p_a\left(X_{p,v}\right)={\pi }_{0,p}\left(x_{p,0}\right)\times {\mathbb{P}}_a\left(x_{p,0}\right)=0.65.$$

According to Theorem 3, for any $\beta >0.65$, $(G,p,{\pi }_0)$ is A-CO with respect to $X_c,P_d$, $Pr\left((x^{\prime },e_u|x)\right|$$(x^{\prime },e|x\left)\right)$, and a threshold β, which is consistent with Example 2.

This section concludes by discussing the complexity of the proposed method. To verify A-CO under an intermittent loss of observations, we use Algorithm 1 to construct the Markov chain M that includes at most $m=\left|X\right|\times 2^{\left|X\right|}$ states. Then, we transform M to another Markov chain $\overline{M}$ by making all the critical observability violative states absorbing, whose complexity is $O\left(m\right)$. Finally, for solving Equation (10) of $\overline{M}$, the complexity is $O\left(m^3\right)$. Thus, the total complexity of verifying A-CO is exponential in the size of the PFA.

Remark 1. 

Note that in logic DESs, a modified parallel composition of two copies of NFA G is usually used to check the critical observability of G with polynomial complexity, which can capture all pairs of event sequences having the same observations. However, due to the nondeterminism in the transition function of the corresponding NFA associated with a given PFA, the parallel composition or its modified version cannot maintain the transition probabilities required for computing the probability of event sequences violating critical observability. In particular, as for the SDES modeled as a PFA, when we use the algorithm with polynomial complexity to construct a verifier (or its modified version) for SA-CO or A-CO verification, the sum of probabilities of all defined events at a given state in the verifier may be larger than one. In this sense, the verifier can neither be seen as a PFA nor be transformed to a Markov chain; thus, we cannot use such a structure with polynomial complexity to verify SA-CO and A-CO. Thus, this paper exploits observer-based methods to verify SA-CO and A-CO with exponential complexity.

7. An Industrial Application Example

In this section, the developed results are applied to a raw coal processing system. In the real world, many events are stochastic. Especially in coal mining and processing, spontaneous combustion and fire, raw coal mining quality, and other events are stochastic and difficult to predict. Therefore, the processing flow of coal mines can often be modeled as an SDES. Note that the SDES is still a discrete system but not a continuous system, since the state of the system does not change continuously over time. Based on the theoretical results in this paper, a Matlab tool [41] was developed to verify SA-CO and A-CO of SDESs under intermittent loss of observations. In the following, the experimental results are obtained using this tool.

Figure 6 shows a beneficiation plant located in China. This plant uses a dense medium beneficiation system to sort the raw coal. For example, qualified media will be initially stored in a qualified medium tank, waiting for the system to operate. When the system runs, the medium will be transported to the beneficiation system and mixed with raw coal for sorting. After the mixing and sorting process is completed, most of the medium can be directly separated from the coal and returned to the tank through the splitter. A small portion of the medium mixed with coal needs to be repeatedly processed through a De-medium screen and a magnetic separator before returning to the qualified medium tank. In this process, the quality of the medium and whether the medium can directly flow into the splitter are often stochastic.

This process is modeled as a PFA shown in Figure 7a, where $X_0=\left\{0\right\}$. Moreover, the meanings of each state and event are listed in

Table 1. List of event meanings.

E	Meaning
a	Waiting for the process to complete
b	Roughly detect as qualified
c	Precisely detect as qualified
d	Roughly detect as unqualified
e	Precisely detect as unqualified
f	Sending to the magnetic separator
g	Separating the medium by De-medium screen
h	Distributing the medium

and

Table 2. List of state meanings.

X	Meaning
0	Dense medium suspension tank
1	Suspension in the De-medium screen
2	Suspension waits to be processed by magnetic separator
3	Suspension in the magnetic separator
4	Suspension in the arc screen
5	Suspension in the splitter

, respectively. In this PFA, the event a represents the waiting process. Thus, the event a is unobservable. Furthermore, we set the critical state to $X_c=\left\{3\right\}$ and $E_{il}=\varnothing$, which indicates that the medium is processed in the magnetic separator. In a magnetic separator, the medium needs to be separated from various substances such as coal, medium, slurry, etc. This process is important and affects the quality of the medium. Based on the definition of critical observability, the system is critically observable. However, if the event g suffers some faults, i.e., $E_{il}=\left\{g\right\}$, the event g becomes unobservable, which is modeled as a PFA shown in Figure 7b. Correspondingly, the observer is constructed as Figure 8 and the system becomes not critically observable.

Assume that $\beta =0.3$. First, by using Algorithm 1, we can obtain the Markov chain M in Figure 9a and compute its stationary distribution as ${\pi }_{\infty }=[0.14310.05720.14310.19070.2044$ ${0.20440.0572]}^T$. Due to $X_c=\left\{3\right\}$, we have $1_{X_v}=\left[0000011\right]$ and $1_{X_v}{\pi }_{\infty }=0.2616<\beta$. Then, we can also verify that $1_{X_v}{\pi }_i<\beta$ for all $i=1,2,\dots ,K^{*}$. Based on Theorems 1 and 2, we can conclude that the PFA is SA-CO under the intermittent loss of observations for any $\beta >0.3$.

To verify A-CO, we modify the Markov chain M in Figure 9a by changing all the states in $X_{p,v}=\{(3,\{1,3\}),(1,\{1,3\})\}$ to be absorbing. Then, we compute the absorbing probability $p_a\left(X_{p,v}\right)$ in Theorem 3 by using Equations (10) and (11). For this example, we have $p_a\left(X_{p,v}\right)={\pi }_{0,p}\left(x_{p,0}\right)\times {\mathbb{P}}_a\left(x_{p,0}\right)=1$. That is to say, the a priori cumulated probability of all the sequences in ${\mathcal{L}}_{\mathcal{N}}^{\mathcal{P}}$ equals to 1.

Note that we obtain the probabilities of events in a PFA through abstract modeling of the raw coal processing system in this section, which does not rely on real-time data collection and analysis from field operations. In addition, regarding the impact on control decisions or risk mitigation, we plan to integrate our current analytical findings with supervisory control theory to deal with critical observability enforcement.

8. Conclusions

This paper investigates the critical observability in the context of SDESs under intermittent loss of observations. Two new notions, called SA-CO and A-CO, are proposed to quantitatively evaluate the probability that critical observability is violated under the intermittent loss of observations. In particular, we present a new language operation to construct a PFA capturing the behavior of the plant system under the intermittent loss of observations. Then, two effective methods are presented to verify the two properties, respectively, which have the exponential complexity with respect to the number of states of the plant system. Finally, a raw coal processing system is used to demonstrate the feasibility and effectiveness of the practical implications of the proposed methods.

One important future direction for further research is to extend the notion of critical observability to a continuous system (i.e., a continuous time Markov model [12]), and propose the methods to verify this property for such a kind of system by constructing a Markovian observer and analyze the generator matrix of the observer. Then, due to the exponential complexity in this paper, we are also interested in reducing the computational complexity of the proposed methods such that they can be applied to some large complex systems more efficiently.